foreks.com Open in urlscan Pro
18.173.154.20 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://foreks.com/
Effective URL:
https://foreks.com/
Submission: On November 28 via manual (November 28th 2023, 6:33:52 pm UTC) from GR — Scanned from DE

Summary HTTP 690 Redirects Links 30 Behaviour Indicators

Summary

This website contacted 87 IPs in 11 countries across 70 domains to perform 690 HTTP transactions. The main IP is 18.173.154.20, located in United States and belongs to AMAZON-02, US. The main domain is foreks.com. The Cisco Umbrella rank of the primary domain is 69004.
TLS certificate: Issued by Sectigo RSA Organization Validation S... on June 6th 2023. Valid for: a year.

This is the only time foreks.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 1	18.173.154.9 18.173.154.9	16509 (AMAZON-02) (AMAZON-02)
91	18.173.154.20 18.173.154.20	16509 (AMAZON-02) (AMAZON-02)
1	2606:4700::68... 2606:4700::6812:d133	13335 (CLOUDFLAR...) (CLOUDFLARENET)
31	2a00:1450:400... 2a00:1450:4001:82f::2002	15169 (GOOGLE) (GOOGLE)
7	2a00:1450:400... 2a00:1450:4001:810::2008	15169 (GOOGLE) (GOOGLE)
1 1	54.170.121.144 54.170.121.144	16509 (AMAZON-02) (AMAZON-02)
2	31.3.2.72 31.3.2.72	21245 (MEDIANOVA...) (MEDIANOVA-CDN)
4	2a00:1450:400... 2a00:1450:4001:82a::200e	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:80e::200e	15169 (GOOGLE) (GOOGLE)
8	2001:4860:480... 2001:4860:4802:34::36	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:400c:c0c::9a	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:827::2003	15169 (GOOGLE) (GOOGLE)
2	2620:1ec:bdf::45 2620:1ec:bdf::45	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
8	185.57.65.123 185.57.65.123	9215 (VMIND) (VMIND)
13	2a00:1450:400... 2a00:1450:4001:828::2004	15169 (GOOGLE) (GOOGLE)
40	185.7.176.222 185.7.176.222	42910 (PREMIERDC...) (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH)
27	18.66.97.13 18.66.97.13	16509 (AMAZON-02) (AMAZON-02)
2	2606:4700::68... 2606:4700::6813:9b53	13335 (CLOUDFLAR...) (CLOUDFLARENET)
67	2a00:1450:400... 2a00:1450:4001:831::2002	15169 (GOOGLE) (GOOGLE)
3	108.138.37.209 108.138.37.209	16509 (AMAZON-02) (AMAZON-02)
2	2606:4700::68... 2606:4700::6812:c07d	13335 (CLOUDFLAR...) (CLOUDFLARENET)
4	2a00:1450:400... 2a00:1450:4001:829::2016	15169 (GOOGLE) (GOOGLE)
8	4.227.249.197 4.227.249.197	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1 30	2a00:1450:400... 2a00:1450:4001:828::2002	15169 (GOOGLE) (GOOGLE)
1	108.138.36.78 108.138.36.78	16509 (AMAZON-02) (AMAZON-02)
1	35.241.45.217 35.241.45.217	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
29	2a02:2638:3::3 2a02:2638:3::3	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
1	172.64.152.89 172.64.152.89	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	34.102.146.192 34.102.146.192	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1	108.138.36.46 108.138.36.46	16509 (AMAZON-02) (AMAZON-02)
1	34.96.70.87 34.96.70.87	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1	2606:4700::68... 2606:4700::6810:5814	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2606:4700:10:... 2606:4700:10::ac43:266a	13335 (CLOUDFLAR...) (CLOUDFLARENET)
12	2a00:1450:400... 2a00:1450:4001:830::2001	15169 (GOOGLE) (GOOGLE)
1	34.102.243.38 34.102.243.38	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1	35.190.39.111 35.190.39.111	15169 (GOOGLE) (GOOGLE)
1 2	34.120.107.143 34.120.107.143	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1	54.170.64.73 54.170.64.73	16509 (AMAZON-02) (AMAZON-02)
1	162.19.138.118 162.19.138.118	16276 (OVH) (OVH)
1 3	2a02:2638:3::c 2a02:2638:3::c	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
56	2a00:1450:400... 2a00:1450:4001:802::2001	15169 (GOOGLE) (GOOGLE)
16	2a00:1450:400... 2a00:1450:4001:82a::2002	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:830::200a	15169 (GOOGLE) (GOOGLE)
5 28	142.250.185.194 142.250.185.194	15169 (GOOGLE) (GOOGLE)
2 4	172.64.151.101 172.64.151.101	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3 4	37.252.173.215 37.252.173.215	29990 (ASN-APPNEX) (ASN-APPNEX)
3	2a02:2638:3::12 2a02:2638:3::12	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
1	35.244.159.8 35.244.159.8	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
8 9	142.250.185.198 142.250.185.198	15169 (GOOGLE) (GOOGLE)
4	138.201.63.157 138.201.63.157	24940 (HETZNER-AS) (HETZNER-AS)
3	178.250.1.6 178.250.1.6	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
1	2600:9000:225... 2600:9000:225b:ac00:1e:a43d:b640:93a1	16509 (AMAZON-02) (AMAZON-02)
3	2606:4700::68... 2606:4700::6811:180e	13335 (CLOUDFLAR...) (CLOUDFLARENET)
14	2a02:2638:3::10 2a02:2638:3::10	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
7	2a02:2638:3::1a 2a02:2638:3::1a	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
1 4	78.46.23.46 78.46.23.46	24940 (HETZNER-AS) (HETZNER-AS)
2	2a02:2638:d::c 2a02:2638:d::c	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
1	2a00:1450:400... 2a00:1450:4001:830::2006	15169 (GOOGLE) (GOOGLE)
1	2a02:2638:3::9 2a02:2638:3::9	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
1	185.7.176.208 185.7.176.208	42910 (PREMIERDC...) (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH)
2 3	145.239.193.130 145.239.193.130	16276 (OVH) (OVH)
2	88.198.250.30 88.198.250.30	24940 (HETZNER-AS) (HETZNER-AS)
1	2a0b:4d07:102::1 2a0b:4d07:102::1	44239 (PROINITY ...) (PROINITY PROINITY)
2	3.11.123.127 3.11.123.127	16509 (AMAZON-02) (AMAZON-02)
1 2	142.250.74.198 142.250.74.198	15169 (GOOGLE) (GOOGLE)
1 1	94.23.99.218 94.23.99.218	16276 (OVH) (OVH)
3 9	23.212.218.19 23.212.218.19	16625 (AKAMAI-AS) (AKAMAI-AS)
1	2a00:1450:400... 2a00:1450:4001:811::200a	15169 (GOOGLE) (GOOGLE)
66	2606:4700:20:... 2606:4700:20::ac43:4a81	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 1	151.101.2.49 151.101.2.49	54113 (FASTLY) (FASTLY)
1	35.71.131.137 35.71.131.137	16509 (AMAZON-02) (AMAZON-02)
6 6	37.157.4.28 37.157.4.28	198622 (ADFORM) (ADFORM)
1 1	178.250.1.9 178.250.1.9	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
2 2	51.38.120.206 51.38.120.206	16276 (OVH) (OVH)
3 3	35.186.193.173 35.186.193.173	15169 (GOOGLE) (GOOGLE)
2	108.138.36.8 108.138.36.8	16509 (AMAZON-02) (AMAZON-02)
2	108.138.36.69 108.138.36.69	16509 (AMAZON-02) (AMAZON-02)
5	2600:1901:0:7... 2600:1901:0:76b9::	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:80b::2002	15169 (GOOGLE) (GOOGLE)
2 4	2001:678:cb4:... 2001:678:cb4:bbbb::11	56396 (AMOBEE) (AMOBEE)
2 3	2620:116:800d... 2620:116:800d:21:ef75:8280:f209:5ba1	16509 (AMAZON-02) (AMAZON-02)
2	2a02:fa8:8806... 2a02:fa8:8806:13::1370	41041 (VCLK-EU-SE) (VCLK-EU-SE)
1 1	35.204.158.49 35.204.158.49	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
2	35.156.210.91 35.156.210.91	16509 (AMAZON-02) (AMAZON-02)
5	2606:4700:20:... 2606:4700:20::ac43:444e	13335 (CLOUDFLAR...) (CLOUDFLARENET)
4 4	52.29.13.21 52.29.13.21	16509 (AMAZON-02) (AMAZON-02)
1 1	2a05:d018:d29... 2a05:d018:d29:3605:110e:d660:4b1d:6eeb	16509 (AMAZON-02) (AMAZON-02)
5	2a00:1450:400... 2a00:1450:4001:806::2002	15169 (GOOGLE) (GOOGLE)
2	2606:4700::68... 2606:4700::6810:c0cb	13335 (CLOUDFLAR...) (CLOUDFLARENET)
6 6	84.200.5.215 84.200.5.215	44066 (DE-FIRSTC...) (DE-FIRSTCOLO www.first-colo.net)
3	167.233.13.224 167.233.13.224	24940 (HETZNER-AS) (HETZNER-AS)
4	18.134.20.61 18.134.20.61	16509 (AMAZON-02) (AMAZON-02)
6	2607:f8b0:400... 2607:f8b0:4001:c20::5e	15169 (GOOGLE) (GOOGLE)
1	87.118.116.9 87.118.116.9	31103 (KEYWEB-AS) (KEYWEB-AS)
1 2	68.219.88.97 68.219.88.97	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1 1	2620:1ec:c11:... 2620:1ec:c11::200	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	2a00:1450:400... 2a00:1450:4001:806::2001	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:17::9	15169 (GOOGLE) (GOOGLE)
1	172.217.18.2 172.217.18.2	15169 (GOOGLE) (GOOGLE)
690	87

1 18.173.154.9 (United States) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: server-18-173-154-9.muc50.r.cloudfront.net

foreks.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

91 18.173.154.20 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-173-154-20.muc50.r.cloudfront.net

foreks.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6812:d133 (United States)

ASN13335 (CLOUDFLARENET, US)

js.hscta.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

31 2a00:1450:4001:82f::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2a00:1450:4001:810::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.170.121.144 (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-54-170-121-144.eu-west-1.compute.amazonaws.com

cdn.netmera-web.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 31.3.2.72 (Frankfurt am Main, Germany)

ASN21245 (MEDIANOVA-CDN, TR)

ntm.netmera-web.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:82a::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.youtube.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:80e::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2001:4860:4802:34::36 (United States)

ASN15169 (GOOGLE, US)

region1.analytics.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:400c:c0c::9a (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:827::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2620:1ec:bdf::45 (United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

www.clarity.ms	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 185.57.65.123 (Istanbul, Turkey)

ASN9215 (VMIND, TR)

wsdkapi.netmera.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

13 2a00:1450:4001:828::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

40 185.7.176.222 (Turkey)

ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR)

static.virgul.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
ng.virgul.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
c1.imgiz.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
ng2.virgul.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
logger.virgul.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

27 18.66.97.13 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-66-97-13.fra56.r.cloudfront.net

news-files.foreks.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6813:9b53 (United States)

ASN13335 (CLOUDFLARENET, US)

cta-service-cms2.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

67 2a00:1450:4001:831::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 108.138.37.209 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-108-138-37-209.muc50.r.cloudfront.net

c.amazon-adsystem.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6812:c07d (United States)

ASN13335 (CLOUDFLARENET, US)

perf.hsforms.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:829::2016 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

i.ytimg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 4.227.249.197 (Tappahannock, United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

u.clarity.ms	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

30 2a00:1450:4001:828::2002 (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 108.138.36.78 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-108-138-36-78.muc50.r.cloudfront.net

config.aps.amazon-adsystem.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.241.45.217 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 217.45.241.35.bc.googleusercontent.com

pghub.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

29 2a02:2638:3::3 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

static.criteo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.64.152.89 (United States)

ASN13335 (CLOUDFLARENET, US)

cdn-ima.33across.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.102.146.192 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 192.146.102.34.bc.googleusercontent.com

oa.openxcdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 108.138.36.46 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-108-138-36-46.muc50.r.cloudfront.net

tags.crwdcntrl.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.96.70.87 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 87.70.96.34.bc.googleusercontent.com

invstatic101.creativecdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:5814 (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.jsdelivr.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700:10::ac43:266a (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.id5-sync.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 2a00:1450:4001:830::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

47edc2055ebf6f705c8dda5bf6329e59.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.102.243.38 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 38.243.102.34.bc.googleusercontent.com

feed.pghub.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.190.39.111 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 111.39.190.35.bc.googleusercontent.com

esp.rtbhouse.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.120.107.143 (Kansas City, United States) 1 redirects

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 143.107.120.34.bc.googleusercontent.com

oajs.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.170.64.73 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-170-64-73.eu-west-1.compute.amazonaws.com

bcp.crwdcntrl.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 162.19.138.118 (Frankfurt am Main, Germany)

ASN16276 (OVH, FR)
PTR: ns31533569.ip-162-19-138.eu

id5-sync.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a02:2638:3::c (France) 1 redirects

ASN44788 (ASN-CRITEO-EUROPE, FR)

gum.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
mug.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

56 2a00:1450:4001:802::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

16 2a00:1450:4001:82a::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:830::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

imasdk.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

28 142.250.185.194 (United States) 5 redirects

ASN15169 (GOOGLE, US)
PTR: fra16s52-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 172.64.151.101 (United States) 2 redirects

ASN13335 (CLOUDFLARENET, US)

dsum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 37.252.173.215 (Frankfurt am Main, Germany) 3 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 867.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a02:2638:3::12 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

ads.eu.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.244.159.8 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 8.159.244.35.bc.googleusercontent.com

google-bidout-d.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 142.250.185.198 (United States) 8 redirects

ASN15169 (GOOGLE, US)
PTR: fra16s52-in-f6.1e100.net

ad.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 138.201.63.157 (Germany)

ASN24940 (HETZNER-AS, DE)
PTR: static.157.63.201.138.clients.your-server.de

hal9000.redintelligence.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 178.250.1.6 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

cat.nl3.eu.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:225b:ac00:1e:a43d:b640:93a1 (United States)

ASN16509 (AMAZON-02, US)

secure-gl.imrworldwide.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2606:4700::6811:180e (United States)

ASN13335 (CLOUDFLARENET, US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

14 2a02:2638:3::10 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

imageproxy.eu.criteo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2a02:2638:3::1a (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

csm.eu.criteo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 78.46.23.46 (Germany) 1 redirects

ASN24940 (HETZNER-AS, DE)
PTR: static.46.23.46.78.clients.your-server.de

hal900023.redintelligence.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a02:2638:d::c (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

rtb.fr3.eu.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:830::2006 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

s0.2mdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:2638:3::9 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

rtb.nl3.eu.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.7.176.208 (Turkey)

ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR)

istr-n8.nktcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 145.239.193.130 (France) 2 redirects

ASN16276 (OVH, FR)

pv.medialead.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 88.198.250.30 (Germany)

ASN24940 (HETZNER-AS, DE)
PTR: static.88-198-250-30.clients.your-server.de

pb.media01.eu	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a0b:4d07:102::1 (Switzerland)

ASN44239 (PROINITY PROINITY, CH)

adv.office-partner.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 3.11.123.127 (London, United Kingdom)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-11-123-127.eu-west-2.compute.amazonaws.com

track.webgains.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.74.198 (Plainview, United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: fra24s02-in-f6.1e100.net

5994599.fls.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 94.23.99.218 (France) 1 redirects

ASN16276 (OVH, FR)
PTR: ip218.ip-94-23-99.eu

medialead.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 23.212.218.19 (Frankfurt am Main, Germany) 3 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a23-212-218-19.deploy.static.akamaitechnologies.com

www.awin1.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:811::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

66 2606:4700:20::ac43:4a81 (United States)

ASN13335 (CLOUDFLARENET, US)

as.ad4m.at	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
ad4m.at	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
assets.ad4m.at	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.2.49 (United States) 1 redirects

ASN54113 (FASTLY, US)

sync-tm.everesttech.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.71.131.137 (United States)

ASN16509 (AMAZON-02, US)
PTR: a6370ebea231e0c9a.awsglobalaccelerator.com

match.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 37.157.4.28 (Denmark) 6 redirects

ASN198622 (ADFORM, DK)

c1.adform.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 178.250.1.9 (France) 1 redirects

ASN44788 (ASN-CRITEO-EUROPE, FR)

dis.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 51.38.120.206 (Hessen, Germany) 2 redirects

ASN16276 (OVH, FR)
PTR: ip206.ip-51-38-120.eu

onetag-sys.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 35.186.193.173 (Kansas City, United States) 3 redirects

ASN15169 (GOOGLE, US)
PTR: 173.193.186.35.bc.googleusercontent.com

ius.ctnsnet.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 108.138.36.8 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-108-138-36-8.muc50.r.cloudfront.net

analytics.webgains.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 108.138.36.69 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-108-138-36-69.muc50.r.cloudfront.net

cdn.track.production.webgains.team	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2600:1901:0:76b9:: (Kansas City, United States)

ASN15169 (GOOGLE, US)

prod-rtb.ad4mat.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:80b::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2001:678:cb4:bbbb::11 (United Kingdom) 2 redirects

ASN56396 (AMOBEE, GB)

ad.turn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
r.turn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2620:116:800d:21:ef75:8280:f209:5ba1 (United States) 2 redirects

ASN16509 (AMAZON-02, US)

cms.quantserve.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a02:fa8:8806:13::1370 (Singapore)

ASN41041 (VCLK-EU-SE, US)

dclk-match.dotomi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.204.158.49 (Groningen, Netherlands) 1 redirects

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 49.158.204.35.bc.googleusercontent.com

um.simpli.fi	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.156.210.91 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-35-156-210-91.eu-central-1.compute.amazonaws.com

x.bidswitch.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2606:4700:20::ac43:444e (United States)

ASN13335 (CLOUDFLARENET, US)

static-de.ad4mat.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 52.29.13.21 (Frankfurt am Main, Germany) 4 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-52-29-13-21.eu-central-1.compute.amazonaws.com

pm.w55c.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a05:d018:d29:3605:110e:d660:4b1d:6eeb (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02, US)

pr-bh.ybp.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:806::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6810:c0cb (United States)

ASN13335 (CLOUDFLARENET, US)

www.conrad.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 84.200.5.215 (Germany) 6 redirects

ASN44066 (DE-FIRSTCOLO www.first-colo.net, DE)

www.telefonica-partner.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.lead-alliance.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 167.233.13.224 (Hallbergmoos, Germany)

ASN24940 (HETZNER-AS, DE)
PTR: static.224.13.233.167.clients.your-server.de

partner.o2online.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 18.134.20.61 (London, United Kingdom)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-134-20-61.eu-west-2.compute.amazonaws.com

api.webgains.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2607:f8b0:4001:c20::5e (Council Bluffs, United States)

ASN15169 (GOOGLE, US)

csi.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 87.118.116.9 (Germany)

ASN31103 (KEYWEB-AS, DE)
PTR: km36617.keymachine.de

banner.congstar.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 68.219.88.97 (Dublin, Ireland) 1 redirects

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

c.clarity.ms	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2620:1ec:c11::200 (United States) 1 redirects

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

c.bing.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:806::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

yt3.ggpht.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:17::9 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

rr4---sn-4g5ednde.googlevideo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.217.18.2 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s22-in-f2.1e100.net

www.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
135	googlesyndication.com pagead2.googlesyndication.com — Cisco Umbrella Rank: 97 47edc2055ebf6f705c8dda5bf6329e59.safeframe.googlesyndication.com tpc.googlesyndication.com — Cisco Umbrella Rank: 149	2 MB
119	foreks.com 1 redirects foreks.com — Cisco Umbrella Rank: 69004 news-files.foreks.com	4 MB
108	doubleclick.net 15 redirects securepubads.g.doubleclick.net — Cisco Umbrella Rank: 196 stats.g.doubleclick.net — Cisco Umbrella Rank: 78 googleads.g.doubleclick.net — Cisco Umbrella Rank: 33 cm.g.doubleclick.net — Cisco Umbrella Rank: 245 ad.doubleclick.net — Cisco Umbrella Rank: 154 5994599.fls.doubleclick.net — Cisco Umbrella Rank: 154836 pubads.g.doubleclick.net — Cisco Umbrella Rank: 401	462 KB
66	ad4m.at as.ad4m.at — Cisco Umbrella Rank: 33424 ad4m.at — Cisco Umbrella Rank: 12394 assets.ad4m.at — Cisco Umbrella Rank: 45800	601 KB
50	criteo.net static.criteo.net — Cisco Umbrella Rank: 668 imageproxy.eu.criteo.net — Cisco Umbrella Rank: 10986 csm.eu.criteo.net — Cisco Umbrella Rank: 10557	467 KB
38	virgul.com static.virgul.com — Cisco Umbrella Rank: 75759 ng.virgul.com — Cisco Umbrella Rank: 70861 ng2.virgul.com — Cisco Umbrella Rank: 76749 logger.virgul.com — Cisco Umbrella Rank: 96461	255 KB
22	google.com region1.analytics.google.com — Cisco Umbrella Rank: 3040 www.google.com — Cisco Umbrella Rank: 2 adservice.google.com — Cisco Umbrella Rank: 105	6 KB
16	googletagservices.com www.googletagservices.com — Cisco Umbrella Rank: 212	1019 KB
13	criteo.com 2 redirects gum.criteo.com — Cisco Umbrella Rank: 454 mug.criteo.com — Cisco Umbrella Rank: 2926 ads.eu.criteo.com — Cisco Umbrella Rank: 10450 cat.nl3.eu.criteo.com — Cisco Umbrella Rank: 11552 rtb.fr3.eu.criteo.com — Cisco Umbrella Rank: 17732 rtb.nl3.eu.criteo.com — Cisco Umbrella Rank: 16925 dis.criteo.com — Cisco Umbrella Rank: 597	160 KB
12	clarity.ms 1 redirects www.clarity.ms — Cisco Umbrella Rank: 827 u.clarity.ms — Cisco Umbrella Rank: 7536 c.clarity.ms — Cisco Umbrella Rank: 1405	30 KB
10	ad4mat.net prod-rtb.ad4mat.net — Cisco Umbrella Rank: 150954 static-de.ad4mat.net — Cisco Umbrella Rank: 188473	4 KB
9	awin1.com 3 redirects www.awin1.com — Cisco Umbrella Rank: 18131	6 KB
8	redintelligence.net 1 redirects hal9000.redintelligence.net — Cisco Umbrella Rank: 38186 hal900023.redintelligence.net — Cisco Umbrella Rank: 246668	56 KB
8	netmera.com wsdkapi.netmera.com — Cisco Umbrella Rank: 86029	8 KB
7	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 35	554 KB
6	gstatic.com csi.gstatic.com	458 B
6	webgains.io analytics.webgains.io — Cisco Umbrella Rank: 30616 api.webgains.io — Cisco Umbrella Rank: 91573	38 KB
6	adform.net 6 redirects c1.adform.net — Cisco Umbrella Rank: 599	4 KB
4	w55c.net 4 redirects pm.w55c.net — Cisco Umbrella Rank: 912	4 KB
4	turn.com 2 redirects ad.turn.com — Cisco Umbrella Rank: 851 r.turn.com — Cisco Umbrella Rank: 4121	2 KB
4	medialead.de 3 redirects pv.medialead.de — Cisco Umbrella Rank: 44040 medialead.de — Cisco Umbrella Rank: 43761	2 KB
4	adnxs.com 3 redirects ib.adnxs.com — Cisco Umbrella Rank: 246	3 KB
4	casalemedia.com 2 redirects dsum-sec.casalemedia.com — Cisco Umbrella Rank: 625	2 KB
4	googleapis.com imasdk.googleapis.com — Cisco Umbrella Rank: 447 fonts.googleapis.com — Cisco Umbrella Rank: 31	368 KB
4	ytimg.com i.ytimg.com — Cisco Umbrella Rank: 87	112 KB
4	amazon-adsystem.com c.amazon-adsystem.com — Cisco Umbrella Rank: 306 config.aps.amazon-adsystem.com — Cisco Umbrella Rank: 598	70 KB
4	youtube.com www.youtube.com — Cisco Umbrella Rank: 68	69 KB
3	o2online.de partner.o2online.de — Cisco Umbrella Rank: 90716	4 KB
3	lead-alliance.net 3 redirects www.lead-alliance.net — Cisco Umbrella Rank: 83719	1 KB
3	telefonica-partner.de 3 redirects www.telefonica-partner.de — Cisco Umbrella Rank: 82742	773 B
3	quantserve.com 2 redirects cms.quantserve.com — Cisco Umbrella Rank: 764	1 KB
3	ctnsnet.com 3 redirects ius.ctnsnet.com — Cisco Umbrella Rank: 6637	1 KB
3	cloudflare.com cdnjs.cloudflare.com — Cisco Umbrella Rank: 223	15 KB
3	openx.net 1 redirects oajs.openx.net — Cisco Umbrella Rank: 1656 google-bidout-d.openx.net — Cisco Umbrella Rank: 1665	659 B
3	id5-sync.com cdn.id5-sync.com — Cisco Umbrella Rank: 863 id5-sync.com — Cisco Umbrella Rank: 440	67 KB
3	google.de www.google.de — Cisco Umbrella Rank: 6862	622 B
3	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 27	21 KB
3	netmera-web.com 1 redirects cdn.netmera-web.com — Cisco Umbrella Rank: 75549 ntm.netmera-web.com — Cisco Umbrella Rank: 76478	19 KB
2	conrad.de www.conrad.de — Cisco Umbrella Rank: 100456	805 B
2	bidswitch.net x.bidswitch.net — Cisco Umbrella Rank: 351	291 B
2	dotomi.com dclk-match.dotomi.com — Cisco Umbrella Rank: 3451	207 B
2	webgains.team cdn.track.production.webgains.team — Cisco Umbrella Rank: 107304	15 KB
2	onetag-sys.com 2 redirects onetag-sys.com — Cisco Umbrella Rank: 746	883 B
2	webgains.com track.webgains.com — Cisco Umbrella Rank: 62639	4 KB
2	media01.eu pb.media01.eu — Cisco Umbrella Rank: 74479	811 B
2	imgiz.com c1.imgiz.com — Cisco Umbrella Rank: 135259	131 KB
2	crwdcntrl.net tags.crwdcntrl.net — Cisco Umbrella Rank: 976 bcp.crwdcntrl.net — Cisco Umbrella Rank: 887	12 KB
2	pghub.io pghub.io — Cisco Umbrella Rank: 1822 feed.pghub.io — Cisco Umbrella Rank: 2092	6 KB
2	hsforms.com perf.hsforms.com — Cisco Umbrella Rank: 12777	2 KB
2	hubspot.com cta-service-cms2.hubspot.com — Cisco Umbrella Rank: 5222	3 KB
1	googleadservices.com www.googleadservices.com — Cisco Umbrella Rank: 145
1	googlevideo.com rr4---sn-4g5ednde.googlevideo.com — Cisco Umbrella Rank: 65222
1	ggpht.com yt3.ggpht.com — Cisco Umbrella Rank: 219	2 KB
1	bing.com 1 redirects c.bing.com — Cisco Umbrella Rank: 236	761 B
1	congstar.de banner.congstar.de — Cisco Umbrella Rank: 122254	549 B
1	yahoo.com 1 redirects pr-bh.ybp.yahoo.com — Cisco Umbrella Rank: 492	763 B
1	simpli.fi 1 redirects um.simpli.fi — Cisco Umbrella Rank: 795	759 B
1	adsrvr.org match.adsrvr.org — Cisco Umbrella Rank: 353	149 B
1	everesttech.net 1 redirects sync-tm.everesttech.net — Cisco Umbrella Rank: 709	584 B
1	office-partner.de adv.office-partner.de — Cisco Umbrella Rank: 217997	923 B
1	nktcdn.com istr-n8.nktcdn.com — Cisco Umbrella Rank: 679682
1	2mdn.net s0.2mdn.net — Cisco Umbrella Rank: 300	17 KB
1	imrworldwide.com secure-gl.imrworldwide.com — Cisco Umbrella Rank: 1758	579 B
1	rtbhouse.com esp.rtbhouse.com — Cisco Umbrella Rank: 4524	431 B
1	jsdelivr.net cdn.jsdelivr.net — Cisco Umbrella Rank: 335	1 KB
1	creativecdn.com invstatic101.creativecdn.com — Cisco Umbrella Rank: 2139	1 KB
1	openxcdn.net oa.openxcdn.net — Cisco Umbrella Rank: 1762	8 KB
1	33across.com cdn-ima.33across.com — Cisco Umbrella Rank: 1383	5 KB
1	hscta.net js.hscta.net — Cisco Umbrella Rank: 21710	7 KB
0	eu-1-id5-sync.com Failed lb.eu-1-id5-sync.com Failed
690	70

	Domain	Requested by
92	foreks.com	1 redirects foreks.com cdn.netmera-web.com
67	pagead2.googlesyndication.com	static.virgul.com pagead2.googlesyndication.com foreks.com 47edc2055ebf6f705c8dda5bf6329e59.safeframe.googlesyndication.com tpc.googlesyndication.com imasdk.googleapis.com googleads.g.doubleclick.net www.googletagservices.com securepubads.g.doubleclick.net
56	tpc.googlesyndication.com	47edc2055ebf6f705c8dda5bf6329e59.safeframe.googlesyndication.com googleads.g.doubleclick.net tpc.googlesyndication.com pagead2.googlesyndication.com foreks.com securepubads.g.doubleclick.net imasdk.googleapis.com
31	securepubads.g.doubleclick.net	foreks.com securepubads.g.doubleclick.net 47edc2055ebf6f705c8dda5bf6329e59.safeframe.googlesyndication.com www.googletagservices.com
30	googleads.g.doubleclick.net	1 redirects pagead2.googlesyndication.com 47edc2055ebf6f705c8dda5bf6329e59.safeframe.googlesyndication.com googleads.g.doubleclick.net
29	static.criteo.net	securepubads.g.doubleclick.net ads.eu.criteo.com cdnjs.cloudflare.com static.criteo.net
28	cm.g.doubleclick.net	5 redirects googleads.g.doubleclick.net
27	news-files.foreks.com	foreks.com
26	assets.ad4m.at	as.ad4m.at
20	ad4m.at	as.ad4m.at ad4m.at
20	as.ad4m.at	googleads.g.doubleclick.net as.ad4m.at ad4m.at
16	www.googletagservices.com	47edc2055ebf6f705c8dda5bf6329e59.safeframe.googlesyndication.com googleads.g.doubleclick.net
14	imageproxy.eu.criteo.net	ads.eu.criteo.com
13	logger.virgul.com	c1.imgiz.com
13	www.google.com	foreks.com googleads.g.doubleclick.net tpc.googlesyndication.com
12	47edc2055ebf6f705c8dda5bf6329e59.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
11	ng2.virgul.com	foreks.com
9	www.awin1.com	3 redirects 47edc2055ebf6f705c8dda5bf6329e59.safeframe.googlesyndication.com as.ad4m.at
9	ad.doubleclick.net	8 redirects 47edc2055ebf6f705c8dda5bf6329e59.safeframe.googlesyndication.com
8	u.clarity.ms	www.clarity.ms
8	wsdkapi.netmera.com	cdn.netmera-web.com
8	region1.analytics.google.com	www.googletagmanager.com
7	csm.eu.criteo.net	ads.eu.criteo.com
7	ng.virgul.com	static.virgul.com foreks.com
7	static.virgul.com	foreks.com static.virgul.com
7	www.googletagmanager.com	foreks.com www.googletagmanager.com adv.office-partner.de
6	csi.gstatic.com	imasdk.googleapis.com
6	c1.adform.net	6 redirects
5	pubads.g.doubleclick.net	imasdk.googleapis.com
5	static-de.ad4mat.net	as.ad4m.at
5	prod-rtb.ad4mat.net	googleads.g.doubleclick.net 47edc2055ebf6f705c8dda5bf6329e59.safeframe.googlesyndication.com
4	api.webgains.io	analytics.webgains.io
4	pm.w55c.net	4 redirects
4	hal900023.redintelligence.net	1 redirects 47edc2055ebf6f705c8dda5bf6329e59.safeframe.googlesyndication.com hal900023.redintelligence.net
4	hal9000.redintelligence.net	47edc2055ebf6f705c8dda5bf6329e59.safeframe.googlesyndication.com hal900023.redintelligence.net
4	ib.adnxs.com	3 redirects googleads.g.doubleclick.net
4	dsum-sec.casalemedia.com	2 redirects googleads.g.doubleclick.net
4	i.ytimg.com	foreks.com
4	www.youtube.com	foreks.com www.youtube.com
3	partner.o2online.de	as.ad4m.at
3	www.lead-alliance.net	3 redirects
3	www.telefonica-partner.de	3 redirects
3	cms.quantserve.com	2 redirects googleads.g.doubleclick.net
3	ius.ctnsnet.com	3 redirects
3	pv.medialead.de	2 redirects 47edc2055ebf6f705c8dda5bf6329e59.safeframe.googlesyndication.com
3	cdnjs.cloudflare.com	ads.eu.criteo.com
3	cat.nl3.eu.criteo.com	ads.eu.criteo.com
3	ads.eu.criteo.com	47edc2055ebf6f705c8dda5bf6329e59.safeframe.googlesyndication.com
3	imasdk.googleapis.com	c1.imgiz.com imasdk.googleapis.com
3	c.amazon-adsystem.com	static.virgul.com c.amazon-adsystem.com
3	www.google.de	foreks.com
3	stats.g.doubleclick.net	www.googletagmanager.com www.google-analytics.com
3	www.google-analytics.com	www.googletagmanager.com www.google-analytics.com foreks.com
2	c.clarity.ms	1 redirects
2	www.conrad.de	as.ad4m.at
2	x.bidswitch.net	googleads.g.doubleclick.net
2	dclk-match.dotomi.com	googleads.g.doubleclick.net
2	r.turn.com	googleads.g.doubleclick.net
2	ad.turn.com	2 redirects
2	cdn.track.production.webgains.team	47edc2055ebf6f705c8dda5bf6329e59.safeframe.googlesyndication.com as.ad4m.at
2	analytics.webgains.io	track.webgains.com
2	onetag-sys.com	2 redirects
2	5994599.fls.doubleclick.net	1 redirects foreks.com
2	track.webgains.com	foreks.com as.ad4m.at
2	pb.media01.eu	hal900023.redintelligence.net as.ad4m.at
2	rtb.fr3.eu.criteo.com	47edc2055ebf6f705c8dda5bf6329e59.safeframe.googlesyndication.com
2	gum.criteo.com	1 redirects static.criteo.net
2	c1.imgiz.com	static.virgul.com c1.imgiz.com
2	oajs.openx.net	1 redirects foreks.com
2	cdn.id5-sync.com	securepubads.g.doubleclick.net foreks.com
2	perf.hsforms.com	foreks.com
2	cta-service-cms2.hubspot.com	js.hscta.net
2	www.clarity.ms	foreks.com www.clarity.ms
2	ntm.netmera-web.com	foreks.com
1	www.googleadservices.com
1	rr4---sn-4g5ednde.googlevideo.com
1	yt3.ggpht.com
1	c.bing.com	1 redirects
1	banner.congstar.de	as.ad4m.at
1	pr-bh.ybp.yahoo.com	1 redirects
1	um.simpli.fi	1 redirects
1	adservice.google.com	5994599.fls.doubleclick.net
1	dis.criteo.com	1 redirects
1	match.adsrvr.org	googleads.g.doubleclick.net
1	sync-tm.everesttech.net	1 redirects
1	fonts.googleapis.com	hal900023.redintelligence.net
1	medialead.de	1 redirects
1	adv.office-partner.de	hal900023.redintelligence.net
1	istr-n8.nktcdn.com	foreks.com
1	rtb.nl3.eu.criteo.com	47edc2055ebf6f705c8dda5bf6329e59.safeframe.googlesyndication.com
1	s0.2mdn.net	imasdk.googleapis.com
1	secure-gl.imrworldwide.com	ads.eu.criteo.com
1	google-bidout-d.openx.net	oa.openxcdn.net
1	mug.criteo.com	foreks.com
1	id5-sync.com	cdn.id5-sync.com
1	bcp.crwdcntrl.net	tags.crwdcntrl.net
1	esp.rtbhouse.com	invstatic101.creativecdn.com
1	feed.pghub.io	pghub.io
1	cdn.jsdelivr.net	securepubads.g.doubleclick.net
1	invstatic101.creativecdn.com	securepubads.g.doubleclick.net
1	tags.crwdcntrl.net	securepubads.g.doubleclick.net
1	oa.openxcdn.net	securepubads.g.doubleclick.net
1	cdn-ima.33across.com	securepubads.g.doubleclick.net
1	pghub.io	static.virgul.com
1	config.aps.amazon-adsystem.com	c.amazon-adsystem.com
1	cdn.netmera-web.com	1 redirects
1	js.hscta.net	foreks.com
0	lb.eu-1-id5-sync.com Failed	cdn.id5-sync.com
690	108

This site contains links to these domains. Also see Links.

Domain
www.forinvest.com
twitter.com
www.instagram.com
www.youtube.com
cta-service-cms2.hubspot.com
www.facebook.com
apps.apple.com
play.google.com
appgallery.huawei.com
dl.foreks.com
www.belgemodul.com
etbis.eticaret.gov.tr

Subject Issuer	Validity	Valid
*.foreks.com Sectigo RSA Organization Validation Secure Server CA	`2023-06-06` - `2024-07-06`	a year	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2023-05-03` - `2024-05-02`	a year	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2023-10-23` - `2024-01-15`	3 months	crt.sh
*.google-analytics.com GTS CA 1C3	`2023-10-23` - `2024-01-15`	3 months	crt.sh
*.google.com GTS CA 1C3	`2023-10-23` - `2024-01-15`	3 months	crt.sh
www.google.de GTS CA 1C3	`2023-10-23` - `2024-01-15`	3 months	crt.sh
www.clarity.ms DigiCert TLS RSA SHA256 2020 CA1	`2023-08-29` - `2024-08-29`	a year	crt.sh
*.netmera.com Go Daddy Secure Certificate Authority - G2	`2023-05-25` - `2024-06-25`	a year	crt.sh
www.google.com GTS CA 1C3	`2023-10-23` - `2024-01-15`	3 months	crt.sh
*.virgul.com Sectigo RSA Domain Validation Secure Server CA	`2023-09-20` - `2024-10-20`	a year	crt.sh
hubspot.com Cloudflare Inc ECC CA-3	`2023-02-05` - `2024-02-05`	a year	crt.sh
c.amazon-adsystem.com Amazon RSA 2048 M01	`2023-02-28` - `2024-02-17`	a year	crt.sh
edgestatic.com GTS CA 1C3	`2023-10-23` - `2024-01-15`	3 months	crt.sh
a.clarity.ms Microsoft Azure TLS Issuing CA 06	`2023-02-13` - `2024-02-08`	a year	crt.sh
config.aps.amazon-adsystem.com Amazon RSA 2048 M02	`2023-02-20` - `2024-03-20`	a year	crt.sh
*.pghub.io DigiCert TLS RSA SHA256 2020 CA1	`2023-02-09` - `2024-02-08`	a year	crt.sh
*.criteo.net DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-10-09` - `2024-01-06`	3 months	crt.sh
*.33across.com Sectigo RSA Domain Validation Secure Server CA	`2023-09-06` - `2024-09-30`	a year	crt.sh
oa.openxcdn.net GTS CA 1D4	`2023-11-24` - `2024-02-22`	3 months	crt.sh
*.crwdcntrl.net Amazon RSA 2048 M01	`2023-10-08` - `2024-11-05`	a year	crt.sh
invstatic101.creativecdn.com GTS CA 1D4	`2023-10-24` - `2024-01-22`	3 months	crt.sh
esp.rtbhouse.com GTS CA 1D4	`2023-11-08` - `2024-02-06`	3 months	crt.sh
*.imgiz.com Sectigo RSA Domain Validation Secure Server CA	`2023-08-24` - `2024-09-23`	a year	crt.sh
*.id5-sync.com R3	`2023-11-01` - `2024-01-30`	3 months	crt.sh
*.criteo.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-09-26` - `2023-12-23`	3 months	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2023-10-23` - `2024-01-15`	3 months	crt.sh
upload.video.google.com GTS CA 1C3	`2023-10-23` - `2024-01-15`	3 months	crt.sh
*.eu.criteo.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-09-29` - `2023-12-23`	3 months	crt.sh
*.openx.net RapidSSL TLS RSA CA G1	`2023-08-18` - `2024-08-18`	a year	crt.sh
*.doubleclick.net GTS CA 1C3	`2023-10-23` - `2024-01-15`	3 months	crt.sh
redintelligence.net R3	`2023-10-10` - `2024-01-08`	3 months	crt.sh
*.nl3.eu.criteo.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-09-30` - `2023-12-25`	3 months	crt.sh
*.imrworldwide.com DigiCert TLS RSA SHA256 2020 CA1	`2023-01-03` - `2024-02-03`	a year	crt.sh
*.eu.criteo.net DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-10-17` - `2024-01-18`	3 months	crt.sh
*.fr3.eu.criteo.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-10-07` - `2023-12-30`	3 months	crt.sh
*.nktcdn.com Sectigo RSA Domain Validation Secure Server CA	`2023-10-30` - `2024-11-29`	a year	crt.sh
*.media01.eu RapidSSL TLS RSA CA G1	`2023-05-16` - `2024-05-15`	a year	crt.sh
adv.office-partner.de R3	`2023-10-28` - `2024-01-26`	3 months	crt.sh
*.webgains.com Amazon RSA 2048 M01	`2023-05-15` - `2024-06-13`	a year	crt.sh
www.awin1.com DigiCert TLS RSA SHA256 2020 CA1	`2023-03-10` - `2024-03-09`	a year	crt.sh
*.adsrvr.org GlobalSign GCC R3 DV TLS CA 2020	`2023-04-12` - `2024-05-13`	a year	crt.sh
*.webgains.io Amazon RSA 2048 M01	`2023-07-24` - `2024-08-22`	a year	crt.sh
cdn.track.production.webgains.team Amazon RSA 2048 M03	`2023-08-30` - `2024-09-27`	a year	crt.sh
prod-rtb.ad4mat.net GTS CA 1D4	`2023-11-21` - `2024-02-19`	3 months	crt.sh
quantserve.com R3	`2023-10-28` - `2024-01-26`	3 months	crt.sh
*.dotomi.com GlobalSign RSA OV SSL CA 2018	`2023-08-15` - `2024-09-15`	a year	crt.sh
*.bidswitch.net Sectigo RSA Domain Validation Secure Server CA	`2023-03-23` - `2024-03-23`	a year	crt.sh
ad4mat.net GTS CA 1P5	`2023-11-18` - `2024-02-16`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2023-10-23` - `2024-01-15`	3 months	crt.sh
*.netmera-web.com Go Daddy Secure Certificate Authority - G2	`2023-10-04` - `2024-11-04`	a year	crt.sh
*.googleusercontent.com GTS CA 1C3	`2023-10-23` - `2024-01-15`	3 months	crt.sh
*.c.docs.google.com GTS CA 1C3	`2023-11-14` - `2024-01-23`	2 months	crt.sh

This page contains 82 frames:

Primary Page: https://foreks.com/
Frame ID: 76B8E2D9A31AE8491D4FFBBC3922055B
Requests: 261 HTTP requests in this frame

Frame: https://static.virgul.com/theme/mockups/outside/str.html?v=2
Frame ID: CDA7700812AB77D7E5DC49F93ED9DD16
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20231109/r20190131/zrt_lookup_fy2021.html
Frame ID: 67745F3A319C86CA63D0AC4F7EF0D2E9
Requests: 1 HTTP requests in this frame

Frame: https://47edc2055ebf6f705c8dda5bf6329e59.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: E0A95E54B1690414CCBD1AD3C9790EF0
Requests: 1 HTTP requests in this frame

Frame: https://feed.pghub.io/tag?referrer_url=&page_url=https%3A%2F%2Fforeks.com%2F&owner=P%26G&bp_id=noktacommedya&ch=%7B%22architecture%22%3A%22%22%2C%22bitness%22%3A%22%22%2C%22brands%22%3A%5B%5D%2C%22fullVersionList%22%3A%5B%5D%2C%22mobile%22%3Afalse%2C%22model%22%3A%22%22%2C%22platform%22%3A%22%22%2C%22platformVersion%22%3A%22%22%7D&initiator=js&data=%7B%22category%22%3A%22site_geneli%22%7D
Frame ID: D29DB13CB4BA82E9450AC6AC3B7FE3D8
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6593523210010154&output=html&adk=1812271804&adf=3025194257&lmt=1701196403&plat=2%3A16777216%2C3%3A16%2C4%3A16%2C9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C41%3A32%2C42%3A32&format=0x0&url=https%3A%2F%2Fforeks.com%2F&ea=0&pra=5&wgl=1&easpi=0&asro=0&asiscm=1&aslmt=0.4&asamt=-1&asedf=0&asefa=1&aseiel=1~2&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1701196403129&bpp=2&bdt=2319&idt=282&shv=r20231109&mjsv=m202311150101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=1919415049429&frm=20&pv=2&ga_vid=1202893231.1701196401&ga_sid=1701196403&ga_hid=424479691&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C44809314%2C31078297%2C31079757%2C44807763%2C44808149%2C44808284%2C44809072&oid=2&pvsid=4061356811091417&tmod=258917674&uas=0&nvt=1&fsapi=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1285%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=1&uci=a!1&fsb=1&dtd=311
Frame ID: 7207B3F0CE8C6446FC5CF35DA9EC32CE
Requests: 1 HTTP requests in this frame

Frame: https://gum.criteo.com/syncframe?origin=publishertagids&topUrl=foreks.com
Frame ID: 37BD0DCF0703EDF73D6FEEAE8F07FA95
Requests: 2 HTTP requests in this frame

Frame: https://47edc2055ebf6f705c8dda5bf6329e59.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: 845179AD51E27CF4555B5C68B6961E74
Requests: 11 HTTP requests in this frame

Frame: https://47edc2055ebf6f705c8dda5bf6329e59.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: D02675FB049AE46A438CDCC3C926ED85
Requests: 22 HTTP requests in this frame

Frame: https://47edc2055ebf6f705c8dda5bf6329e59.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: 6A262F7CC1DE14307B7CE1758EE55564
Requests: 11 HTTP requests in this frame

Frame: https://47edc2055ebf6f705c8dda5bf6329e59.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: E75F169D5420A0AA8F4E8E7D52B0818E
Requests: 11 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxj-rbvGATAB&v=APEucNXM5D37nW5oHXq-u_HKrrOE-0-brubWBKzAppGfyj0fHioEOwIh74YChK9l2dExI4RdIRa36JaB_rko7JiBW3ykaAnH3merJsS4zuzyI9U3uCWuz9VM2qlssdEHyxM1tlhbY_DmOxq82R-2DKjtsme_-Hy9emsehMndn2Pn_Q-HbEFXR9hTQdNr52rWp_xhVgXrQMr_
Frame ID: 72F8BCC3CD63AC29F0A54EF433A4DA10
Requests: 5 HTTP requests in this frame

Frame: https://47edc2055ebf6f705c8dda5bf6329e59.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: E49072CB38F49E723906225EB20BBD8F
Requests: 11 HTTP requests in this frame

Frame: https://47edc2055ebf6f705c8dda5bf6329e59.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: 2BD2BA8122DEE1D68FC58F376BA7C646
Requests: 11 HTTP requests in this frame

Frame: https://47edc2055ebf6f705c8dda5bf6329e59.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: 53C5204182A7E086DB9BF214804D7895
Requests: 11 HTTP requests in this frame

Frame: https://47edc2055ebf6f705c8dda5bf6329e59.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: 2811FFDBA9695552DE6C358AC2B82E80
Requests: 8 HTTP requests in this frame

Frame: https://47edc2055ebf6f705c8dda5bf6329e59.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: 79C38AD09111C387472F519BEAD49285
Requests: 9 HTTP requests in this frame

Frame: https://47edc2055ebf6f705c8dda5bf6329e59.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: F5AF7204A94E2576DBF459A1FD37792C
Requests: 9 HTTP requests in this frame

Frame: https://47edc2055ebf6f705c8dda5bf6329e59.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: 58EDA8BC91B660CB48661221FC677989
Requests: 11 HTTP requests in this frame

Frame: https://ads.eu.criteo.com/delivery/r/afr.php?z=ZWYycwAEeiQIVQPfAAL2UfSYyiBjb8u5Y3cquQ&u=%7CCHUt1JxnwakH4JHS9qwCAZHjfc7GEfoky1xjI5Sb1tA%3D%7C&c1=d4_i42wbpE2NRhSHxThdXdeadzG9gosNB-Ap14Pg0HmFAf1GHAR2jvULOd3YfT8Kie5-AMuoqyTirKgE-lWZetR_dn4DKQs-t3mH25TTTceXWo_t_NolwI5wSe02y7qsWW5E8HOmROjnDBtbHzUll1BiNRyDhybXxe-hVMgddY0mtwmXXIMYXGhuCOpv1qbZY3K-RYlar1u_c0JV5fd8Lm4cijTG7OcGEZlvLw_hfUk_Q26wq07Q0n8IPiamCqxrsCDRs_uv6hpKDmBSHHDDOv_6pyyPQxnnZc8m0kvw1oM7wg_VsOzYKo3xzgob-TqkMBG8JeKA3SjT9IkSmvdkF47V8RDmXgrF04RJh1FOXfkW5KwxzWuXzguIYPyjh94k5-Dl-PHfYZ0oillVvKZ_mztghdRvyun1Q8w8qSefpOaV60QL4_5xJjB14V8xbM9mDQJv6P7R759skW2hz-CXZUn6p8hbBvOIgzxtf4ZiSkeyE1qnTizL6lJUaBcvN4GNYZ2uDSpjS86jIpTw_O1iwCGVjk7pT-rGBtZwFLNI-meKNt89QuaRloDESOXyN7MElimZX2HJJ6-erv1wpGmxJDsgaoO0uHDf7eDKFsuUcLnor54nWuBWHhBWYZ_nI6Ww&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCfL7vczJmZaT0Ed-H1PIP0eyLqA7JntKxXNWdkfdwwI23ARABIABglYKAgJgHggEXY2EtcHViLTc5ODM2NTEyNTc4MzgyODLIAQmpApxeTIt2X7I-4AIAqAMByAMCqgSUAk_QvJBO9D29fZNRXgPD3zvpTB-qG1y_XiH_nterzwOc6R102me8-ld51yF_mAW1EKHmbFLtXSV9magbmAMMvQXZGQfjA69LIz0fa51mXH3DEvsFxXEtP-kZ_rDDtBCue7CQb9ONnQd0OQRccsdACh-82OKQrTyqIaDYYDo27L3Q25-FkLgkCRiyZOJqbA2KR-j3ukHILvd-7dBXrrNlIWeOVBc-IZNoo07Ubf_FzZeCAs3FywXPMkaF9la6Vo3LeJbGB6EhVTz3baHPMyvif8hXt57kfctwE1bizgJ9_HwWjscN1S13Wm0P-cPkGBG3rAD_RqtYoYsoLM4crPgct74sknsglUaG492i-3sZQAhdrujFwOAEAYAGt82s066CkqvvAaAGIagHpr4bqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCB0IgOGAEBABMgKqAjoCgEBIvf3BOljIhby6queCA_oLAggBgAwB4g0TCIm5vLqq54IDFd8DVQgdUfYC5dAVAYAXAQ%26num%3D1%26sig%3DAOD64_0H8FUQikVkJNAL7nWtYW9-ij9SEw%26client%3Dca-pub-7983651257838282%26adurl%3D
Frame ID: F86917AF4DED744DEACC2FE1A71BC437
Requests: 18 HTTP requests in this frame

Frame: https://ads.eu.criteo.com/delivery/r/afr.php?z=ZWYycwAEhBEIVQ5FAAXbZri0uAbCZgrzwIk1tg&u=%7CCHUt1JxnwalLSk3feGSleflDt%2FNJtXiizA3gcmZ1Tpk%3D%7C&c1=d4_i42wbpE2NRhSHxThdXdeadzG9gosNB-Ap14Pg0HmFAf1GHAR2jvULOd3YfT8Kie5-AMuoqyTirKgE-lWZerJzy_6TFTHFYdkwz5j5RRYpPeZjyNWnDBsGwLq5SVWy7FJjTd5_knL3sfbgSQFwtKyNL-ZCgR_rky4sUWSXKRwTr8xHvLaB557PRu-jrwl2yDMX4FnW2Ld7r6PT3oeN8JUCLTFWpceGhj38WbC7FzNZDQXRHFXDYEgcCNe0grGCZVuauRGPfzSZHPT989lwhJqOIoLZoopKUAGB6sn0QTph-5Txrg4-Yk1jyuvRR0vN-Y2HsagfoR-uv8KrqRwAzNqVW134qxeF72A9cBUsxFXT6epFu_1RHHaO1V8KJjt6Hz6lTP0PNfttkbqlVIXHBG-CMhmErWAA77blWnOf2isG9kbNnPA2X5CSbynvC44RKPnaR4o8wMLwmwe14vDfs0Cv8w3idE238tUn0jogJ3xXCCpmt17aV7p0jUEyptjmnkT18XdlNxKyJwUgsVIoAnKRP0p-4UYTgJUGF4b9XOxRt1B5XcnxhSMcBav6PPR3jt5ubIBmRO7RN27YE3TtVrim4suG89kYfW4lhWm-5l-IES-2ONfu8kV6oH0a3BqypTPThnlcKYY&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC6lmkczJmZZGIEsWc1PIP5raXiA_JntKxXNWdkfdwwI23ARABIABglYKAgJgHggEXY2EtcHViLTc5ODM2NTEyNTc4MzgyODLIAQmpAgcCFcmwXrI-4AIAqAMByAMCqgSYAk_Q_uroDNbMSsEAG7zIUoDJ-p2dAf3x4jfh3OHACsCkq2Pc3h0LqutpAIMbDs1oldpZV3cdYuGJnfOXH2RJuM9Cfkn2IEr0QflaZS9DWxrOHQJOL4DSyA1agFb65lyMQ1ll7llYNn9khStzpqoTx2KYrhYDg52HsnewhkxAUZ7CFKJGuEUHOyXPKvORUEUAlSxVCTnSm9D3jzo663LfGbSdet3Fr9oCnJTgiQJUxUeiMvl50YMElsgvGz5SN79jPHUn40ViPqFMJrLPi9ri756Z2Ay8i5mHUmjlzaeEDluyhZWboHyibgB9xX9H1ZQ1bRJLoO6yUxfomlHltzli2juxvZN6UGge8KxAAYfGWTHldB_4EffPpTDgBAGABuzopabn8ve5jQGgBiGoB6a-G6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggUCIDhgBAQATICqgI6AoBASL39wTr6CwIIAYAMAeINEwiV1by6queCAxVFDlUIHWbbBfHQFQGAFwE%26num%3D1%26sig%3DAOD64_0F_WdCYQIM8Y_CPY24dqhSebKGgA%26client%3Dca-pub-7983651257838282%26adurl%3D
Frame ID: 06B365B43462434370890B3896693368
Requests: 22 HTTP requests in this frame

Frame: https://google-bidout-d.openx.net/w/1.0/pd?plm=5
Frame ID: E3997221C2B8C647F20D6DE5AE1362E8
Requests: 1 HTTP requests in this frame

Frame: https://ads.eu.criteo.com/delivery/r/afr.php?z=ZWYycwAEcYgK4DoDAAhYC6FDvACBUxSfs6n-4A&u=%7CCHUt1JxnwanfIpJaWe%2FYu5JDCtNJ3pPAYhzCv0%2FY%2BNY%3D%7C&c1=d4_i42wbpE2NRhSHxThdXdeadzG9gosNB-Ap14Pg0HmFAf1GHAR2jvULOd3YfT8Kie5-AMuoqyTirKgE-lWZegnr1D5uy3PZ18YzHvnUASX1kSDMk8cfIgg63Cjj-HH5vJjE_du_WMXYmFff3XLQF_VB0AenOc0S0lawJKgeD45RiCGtQWlZf0YnDpwD4YPdQyWhtUzU-pq3tPLFARCLTIkcg_P_hoys9LbwNNlNtwE3jK4dLDBU8c9WE137ynDwhGPQ3ZBKOxrfLK0yqLdjWlOgjnXh4JpyD4Th0zgBZ7sQFepPYQbniHPfVkCsE8BiMYg5SlFenllskutSriSXROYzKiH1XQ9TLphn0ZMiLt-t2PoP0-xzeuB5gyjgNOEehwvTIrW59XtZFnJF0Mgoo6RiZnvXYD2GzGi251ZAE-AloxdwHvYrwm6xMh5isLIn8ExnuN1BVsz9QchSYm0yqVZAkRyyGXYxdxi9PfhtAxQK2_7x5YxlFtjmH0Bod-ru2-GLvuRa2K5uKm5aF1JZvyLSODZsbpxDr2HcC2j9rGqGwihy1G_TsUxium81aWjZGjOqc3e4gt_VUKvLiE81uakW90xI-AgmpBqi_LhFSnbQ3LCkQ6sqVkzsJ-4FD1Vj&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCXtMHczJmZYjjEYP0gAeLsKFAyZ7SsVzVnZH3cMCNtwEQASAAYJWCgICYB4IBF2NhLXB1Yi03OTgzNjUxMjU3ODM4MjgyyAEJqQKcXkyLdl-yPuACAKgDAcgDAqoEoQJP0GRjlBQYmI7tD5ctThWX6P6XXvWlKGdX3x_CHKAqpWqKJMIz2s0K3naEYegH77pHknyz8P8mF-gwIkt90r8JIpGR0E9m2qcetxRNFzE6aXfQWRXDN_IOIITBt74j47qmUoPSvFUDLYzHo2xOrGxwzovdf0eHLVUqHRvASEbs_jKI80QJRxEe1aIYMWSNOkeRpnOcaNi0KHHG73ZoHHsYVHnD5cDuUQ7yKcFfbrdxOMa6PHnxtU3qhScTZ5w2WSvTlXgCVlh7yHBbQqcZzOI8JlTnyGx2jbuIcKUpbe1FVE9d0-l2s-n8Dn4az1-RNxLCJ4qL9wrLLnsLD1fktVUletQi-XH4dgJ3gir62_wkfiPo29-BhSgG_dJtlw4WxKjV4AQBgAaO1LKct7KlrWKgBiGoB6a-G6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggUCIDhgBAQATICqgI6AoBASL39wTr6CwIIAYAMAeINEwjy2ry6queCAxUDOuAKHQtYCAjQFQGAFwE%26num%3D1%26sig%3DAOD64_3JOZkM_FiEpq2Lo9km-E0pZhYfuA%26client%3Dca-pub-7983651257838282%26adurl%3D
Frame ID: C8AED0B2268733C50C225F2737010584
Requests: 19 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/62bHydCX.html
Frame ID: 2CED3889ABD948327B7605B0EFE01A70
Requests: 3 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6593523210010154&output=html&adk=1812271804&adf=3279755403&plat=1%3A520%2C2%3A520%2C3%3A2163200%2C4%3A2163200%2C8%3A512%2C9%3A33288%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C26%3A512%2C27%3A512%2C30%3A1049088%2C32%3A32%2C41%3A32%2C42%3A32&format=0x0&url=https%3A%2F%2Fforeks.com%2F&ea=0&pra=5&wgl=1&easpi=0&asro=0&asiscm=1&aslmt=0.4&asamt=-1&asedf=0&asefa=1&aseiel=1~2&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1701196403826&bpp=1&bdt=284&idt=234&shv=r20231109&mjsv=m202311130101&ptt=9&saldr=aa&nras=1&correlator=1103237402201&frm=24&ife=3&pv=2&ga_vid=352957372.1701196404&ga_sid=1701196404&ga_hid=1507780256&ga_fc=0&nhd=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=728&ish=90&ifk=2017660139&scr_x=-12245933&scr_y=-12245933&eid=44759875%2C44759926%2C31079438%2C31078301%2C31079654%2C44807764%2C44808149%2C44808285%2C44809072&oid=2&pvsid=3473004041416471&tmod=1654307501&uas=0&nvt=1&fsapi=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C728%2C90&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=0&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=1&uci=1.52fbc6jwllxy&fsb=1&dtd=241
Frame ID: 1D7773B8F5BA993C9BA2593B0939F641
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6593523210010154&output=html&h=90&slotname=9586219513&adk=1165138949&adf=3173046726&pi=t.ma~as.9586219513&w=728&format=728x90&url=https%3A%2F%2Fforeks.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1701196403827&bpp=1&bdt=285&idt=338&shv=r20231109&mjsv=m202311130101&ptt=9&saldr=aa&prev_fmts=0x0&nras=1&correlator=1103237402201&frm=24&ife=3&pv=1&ga_vid=352957372.1701196404&ga_sid=1701196404&ga_hid=1507780256&ga_fc=0&nhd=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=728&ish=90&ifk=2017660139&scr_x=-12245933&scr_y=-12245933&eid=44759875%2C44759926%2C31079438%2C31078301%2C31079654%2C44807764%2C44808149%2C44808285%2C44809072&oid=2&pvsid=3473004041416471&tmod=1654307501&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C728%2C90&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=2.m0hjxogem1hu&fsb=1&dtd=340
Frame ID: 75DBFD3537C4F21F054D8563B0F85BA3
Requests: 7 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6593523210010154&output=html&adk=1812271804&adf=3279755404&plat=1%3A66056%2C2%3A66056%2C3%3A2163200%2C4%3A2163200%2C8%3A66048%2C9%3A66056%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C26%3A66048%2C27%3A512%2C30%3A1049088%2C32%3A32%2C41%3A32%2C42%3A32&format=0x0&url=https%3A%2F%2Fforeks.com%2F&ea=0&pra=5&wgl=1&easpi=1&asro=0&asiscm=1&aslmt=0.4&asamt=-1&asedf=0&asefa=1&aseiel=1~2&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1701196403865&bpp=2&bdt=237&idt=344&shv=r20231109&mjsv=m202311090101&ptt=9&saldr=aa&nras=1&correlator=2247873908555&frm=24&ife=3&pv=2&ga_vid=2031816685.1701196404&ga_sid=1701196404&ga_hid=502819473&ga_fc=0&nhd=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=300&ish=250&ifk=1474327628&scr_x=-12245933&scr_y=-12245933&eid=44759875%2C44759926%2C31079437%2C31078301%2C44806141%2C44807763%2C44808149%2C44808285%2C44809071&oid=2&pvsid=3790986635859306&tmod=1963675758&uas=0&nvt=1&fsapi=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C300%2C250&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=0&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=1&uci=1.5tuvbzneerfi&fsb=1&dtd=356
Frame ID: C64A1C01415DF2031AF7595764686A80
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6593523210010154&output=html&adk=1812271804&adf=3279755405&plat=1%3A520%2C2%3A520%2C3%3A2163200%2C4%3A2163200%2C8%3A512%2C9%3A520%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C26%3A512%2C27%3A512%2C30%3A1049088%2C32%3A32%2C41%3A32%2C42%3A32&format=0x0&url=https%3A%2F%2Fforeks.com%2F&ea=0&pra=5&wgl=1&easpi=0&asro=0&asiscm=1&aslmt=0.4&asamt=-1&asedf=0&asefa=1&aseiel=1~2&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1701196403850&bpp=2&bdt=226&idt=418&shv=r20231109&mjsv=m202311090101&ptt=9&saldr=aa&nras=1&correlator=1704480342988&frm=24&ife=3&pv=2&ga_vid=358089562.1701196404&ga_sid=1701196404&ga_hid=1034328185&ga_fc=0&nhd=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=320&ish=50&ifk=2021984501&scr_x=-12245933&scr_y=-12245933&eid=44759876%2C44759927%2C42532523%2C31078301%2C31079653%2C44807405%2C44807763%2C44808148%2C44808284%2C44809072%2C21065724&oid=2&pvsid=2346992362013379&tmod=227966937&uas=0&nvt=1&fsapi=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C320%2C50&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=0&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=1&uci=1.80figvn19la1&fsb=1&dtd=428
Frame ID: 798B2831858EDDB3B379005E98AB51FF
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6593523210010154&output=html&h=250&slotname=1234190425&adk=1935728605&adf=3173046723&pi=t.ma~as.1234190425&w=300&fwrn=16&format=300x250&url=https%3A%2F%2Fforeks.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1701196403867&bpp=1&bdt=239&idt=426&shv=r20231109&mjsv=m202311090101&ptt=9&saldr=aa&prev_fmts=0x0&nras=1&correlator=2247873908555&frm=24&ife=3&pv=1&ga_vid=2031816685.1701196404&ga_sid=1701196404&ga_hid=502819473&ga_fc=0&nhd=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=300&ish=250&ifk=1474327628&scr_x=-12245933&scr_y=-12245933&eid=44759875%2C44759926%2C31079437%2C31078301%2C44806141%2C44807763%2C44808149%2C44808285%2C44809071&oid=2&pvsid=3790986635859306&tmod=1963675758&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C300%2C250&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=2.q36hoqjfob0&fsb=1&dtd=428
Frame ID: E7F9AF69A714AEE9B27A3005894EB809
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6593523210010154&output=html&h=50&slotname=7479749161&adk=62601535&adf=3173046724&pi=t.ma~as.7479749161&w=320&fwrn=16&format=320x50&url=https%3A%2F%2Fforeks.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1701196403852&bpp=1&bdt=229&idt=461&shv=r20231109&mjsv=m202311090101&ptt=9&saldr=aa&prev_fmts=0x0&nras=1&correlator=1704480342988&frm=24&ife=3&pv=1&ga_vid=358089562.1701196404&ga_sid=1701196404&ga_hid=1034328185&ga_fc=0&nhd=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=320&ish=50&ifk=2021984501&scr_x=-12245933&scr_y=-12245933&eid=44759876%2C44759927%2C42532523%2C31078301%2C31079653%2C44807405%2C44807763%2C44808148%2C44808284%2C44809072%2C21065724&oid=2&pvsid=2346992362013379&tmod=227966937&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C320%2C50&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=2.ado8mqjrdbk1&fsb=1&dtd=463
Frame ID: B6984C755CBFDB9D905ECA4826DC3BAD
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6593523210010154&output=html&adk=1812271804&adf=2751417941&plat=1%3A520%2C2%3A520%2C3%3A2163200%2C4%3A2163200%2C8%3A512%2C9%3A33288%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C26%3A512%2C27%3A512%2C30%3A1049088%2C32%3A32%2C41%3A32%2C42%3A32&format=0x0&url=https%3A%2F%2Fforeks.com%2F&ea=0&pra=5&wgl=1&easpi=0&asro=0&asiscm=1&aslmt=0.4&asamt=-1&asedf=0&asefa=1&aseiel=1~2&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1701196403990&bpp=2&bdt=261&idt=328&shv=r20231109&mjsv=m202311090101&ptt=9&saldr=aa&nras=1&correlator=3625658249918&frm=24&ife=3&pv=2&ga_vid=68299655.1701196404&ga_sid=1701196404&ga_hid=1777254059&ga_fc=0&nhd=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=728&ish=90&ifk=2017660139&scr_x=-12245933&scr_y=-12245933&eid=44759876%2C44759927%2C31079758%2C31078301%2C44807764%2C44808149%2C44808285%2C44809072&oid=2&pvsid=654864279827728&tmod=1367654180&uas=0&nvt=1&fsapi=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C728%2C90&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=0&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=1&uci=1.v9zwaj9iy95w&fsb=1&dtd=336
Frame ID: 7546B95F365B45E0695A47E9E0609D7A
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6593523210010154&output=html&h=90&slotname=9586219513&adk=1165138949&adf=776186313&pi=t.ma~as.9586219513&w=728&format=728x90&url=https%3A%2F%2Fforeks.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1701196403992&bpp=1&bdt=263&idt=351&shv=r20231109&mjsv=m202311090101&ptt=9&saldr=aa&prev_fmts=0x0&nras=1&correlator=3625658249918&frm=24&ife=3&pv=1&ga_vid=68299655.1701196404&ga_sid=1701196404&ga_hid=1777254059&ga_fc=0&nhd=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=728&ish=90&ifk=2017660139&scr_x=-12245933&scr_y=-12245933&eid=44759876%2C44759927%2C31079758%2C31078301%2C44807764%2C44808149%2C44808285%2C44809072&oid=2&pvsid=654864279827728&tmod=1367654180&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C728%2C90&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=2.xpuo2n6avl1q&fsb=1&dtd=353
Frame ID: FCAF831B6C6225BEDA22AB1158170A13
Requests: 8 HTTP requests in this frame

Frame: https://imasdk.googleapis.com/js/core/bridge3.605.0_en.html
Frame ID: 872E6BECD71E58A2187B1E68438B65E8
Requests: 22 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/omsdk/releases/control/omweb-v1.js
Frame ID: 86ECDB4362646329E653890E8571990D
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6593523210010154&output=html&adk=1812271804&adf=2751417943&plat=1%3A520%2C2%3A520%2C3%3A2163200%2C4%3A2163200%2C8%3A512%2C9%3A520%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C26%3A512%2C27%3A512%2C30%3A1049088%2C32%3A32%2C41%3A32%2C42%3A32&format=0x0&url=https%3A%2F%2Fforeks.com%2F&ea=0&pra=5&wgl=1&easpi=0&asro=0&asiscm=1&aslmt=0.4&asamt=-1&asedf=0&asefa=1&aseiel=1~2&aslcwct=1&asacwct=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1701196404075&bpp=1&bdt=301&idt=306&shv=r20231109&mjsv=m202311090101&ptt=9&saldr=aa&nras=1&correlator=8490635587843&frm=24&ife=3&pv=2&ga_vid=1929377328.1701196404&ga_sid=1701196404&ga_hid=2029982201&ga_fc=0&nhd=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=320&ish=50&ifk=2021984501&scr_x=-12245933&scr_y=-12245933&eid=44759876%2C44759927%2C42532605%2C44798934%2C44809317%2C31078301%2C31079653%2C44807763%2C44808148%2C44808285%2C44809072&oid=2&pvsid=381731750731463&tmod=1776130808&uas=0&nvt=1&fsapi=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C320%2C50&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=0&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=1&uci=1.53cn989z49zb&fsb=1&dtd=312
Frame ID: 072F119769B7647ED1C601F5F84BEC5D
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6593523210010154&output=html&h=50&slotname=7479749161&adk=62601535&adf=776186319&pi=t.ma~as.7479749161&w=320&fwrn=16&format=320x50&url=https%3A%2F%2Fforeks.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1701196404076&bpp=1&bdt=301&idt=332&shv=r20231109&mjsv=m202311090101&ptt=9&saldr=aa&prev_fmts=0x0&nras=1&correlator=8490635587843&frm=24&ife=3&pv=1&ga_vid=1929377328.1701196404&ga_sid=1701196404&ga_hid=2029982201&ga_fc=0&nhd=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=320&ish=50&ifk=2021984501&scr_x=-12245933&scr_y=-12245933&eid=44759876%2C44759927%2C42532605%2C44798934%2C44809317%2C31078301%2C31079653%2C44807763%2C44808148%2C44808285%2C44809072&oid=2&pvsid=381731750731463&tmod=1776130808&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C320%2C50&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=2.fzfr6taekjip&fsb=1&dtd=333
Frame ID: C8AFEE191DC4D1EBCD87A6DEC6DE41A8
Requests: 8 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6593523210010154&output=html&adk=1812271804&adf=2751417942&plat=1%3A520%2C2%3A520%2C3%3A2163200%2C4%3A2163200%2C8%3A512%2C9%3A33288%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C26%3A512%2C27%3A512%2C30%3A1049088%2C32%3A32%2C41%3A32%2C42%3A32&format=0x0&url=https%3A%2F%2Fforeks.com%2F&ea=0&pra=5&wgl=1&easpi=0&asro=0&asiscm=1&aslmt=0.4&asamt=-1&asedf=0&asefa=1&aseiel=1~2&aslcwct=150&asacwct=25&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1701196404114&bpp=1&bdt=343&idt=319&shv=r20231109&mjsv=m202311140101&ptt=9&saldr=aa&nras=1&correlator=457562125127&frm=24&ife=3&pv=2&ga_vid=1339841790.1701196404&ga_sid=1701196404&ga_hid=627177921&ga_fc=0&nhd=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=728&ish=90&ifk=2017660139&scr_x=-12245933&scr_y=-12245933&eid=44759876%2C44759927%2C31079437%2C31079759%2C44809316%2C31078297%2C31079756%2C44807406%2C44807763%2C44808149%2C44808284%2C44809071&oid=2&pvsid=1540846799569571&tmod=294462696&uas=0&nvt=1&fsapi=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C728%2C90&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=0&bc=31&ifi=1&uci=1.a4ulxjhyjo3e&fsb=1&dtd=326
Frame ID: A6B49753C58B6CEC4E6DB0259D276B70
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6593523210010154&output=html&h=90&slotname=9586219513&adk=1165138949&adf=776186312&pi=t.ma~as.9586219513&w=728&format=728x90&url=https%3A%2F%2Fforeks.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1701196404115&bpp=1&bdt=345&idt=358&shv=r20231109&mjsv=m202311140101&ptt=9&saldr=aa&prev_fmts=0x0&nras=1&correlator=457562125127&frm=24&ife=3&pv=1&ga_vid=1339841790.1701196404&ga_sid=1701196404&ga_hid=627177921&ga_fc=0&nhd=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=728&ish=90&ifk=2017660139&scr_x=-12245933&scr_y=-12245933&eid=44759876%2C44759927%2C31079437%2C31079759%2C44809316%2C31078297%2C31079756%2C44807406%2C44807763%2C44808149%2C44808284%2C44809071&oid=2&pvsid=1540846799569571&tmod=294462696&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C728%2C90&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=2&uci=2.4w89kf7hrlt0&fsb=1&dtd=361
Frame ID: 89E60BBA5E66DC83191AE3BFF584EF35
Requests: 8 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6593523210010154&output=html&adk=1812271804&adf=2751417939&plat=1%3A66056%2C2%3A66056%2C3%3A2163200%2C4%3A2163200%2C8%3A66048%2C9%3A66056%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C26%3A66048%2C27%3A512%2C30%3A1049088%2C32%3A32%2C41%3A32%2C42%3A32&format=0x0&url=https%3A%2F%2Fforeks.com%2F&ea=0&pra=5&wgl=1&easpi=0&asro=0&asiscm=1&aslmt=0.4&asamt=-1&asedf=0&asefa=1&aseiel=1~2&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1701196404234&bpp=2&bdt=447&idt=251&shv=r20231109&mjsv=m202311090101&ptt=9&saldr=aa&nras=1&correlator=7135450027081&frm=24&ife=3&pv=2&ga_vid=327865232.1701196404&ga_sid=1701196404&ga_hid=973236869&ga_fc=0&nhd=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=300&ish=250&ifk=1474327628&scr_x=-12245933&scr_y=-12245933&eid=44759875%2C44759926%2C31079606%2C42532523%2C31078301%2C44807763%2C44808148%2C44808284%2C44809072%2C318512602&oid=2&pvsid=2911161722174218&tmod=453746666&uas=0&nvt=1&fsapi=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C300%2C250&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=0&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=1&uci=1.9w6ta6mebia4&fsb=1&dtd=255
Frame ID: D1F5A4DD5E6D310D6AD450FE5B7CA898
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6593523210010154&output=html&h=250&slotname=1234190425&adk=1935728605&adf=776186307&pi=t.ma~as.1234190425&w=300&fwrn=16&format=300x250&url=https%3A%2F%2Fforeks.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1701196404236&bpp=1&bdt=449&idt=309&shv=r20231109&mjsv=m202311090101&ptt=9&saldr=aa&prev_fmts=0x0&nras=1&correlator=7135450027081&frm=24&ife=3&pv=1&ga_vid=327865232.1701196404&ga_sid=1701196404&ga_hid=973236869&ga_fc=0&nhd=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=300&ish=250&ifk=1474327628&scr_x=-12245933&scr_y=-12245933&eid=44759875%2C44759926%2C31079606%2C42532523%2C31078301%2C44807763%2C44808148%2C44808284%2C44809072%2C318512602&oid=2&pvsid=2911161722174218&tmod=453746666&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C300%2C250&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=2.6eyxff3dyi4h&fsb=1&dtd=311
Frame ID: 6C7F7069614B95E8EF8C90B487B1A5B4
Requests: 8 HTTP requests in this frame

Frame: https://pb.media01.eu/view.aspx?trackid=529D4F146E3238B0FD87AE72E1190AD4&dt_subid1=52180&dt_subid2=19872200158888404444550012522023&actionid=879111&produktid=ratenkredit&dt_url=
Frame ID: 7F29D523F24CC2B2136AAD00B9C33184
Requests: 1 HTTP requests in this frame

Frame: https://adv.office-partner.de/?utm_source=webgains&utm_campaign=webgains
Frame ID: 56E40CB4A1C9DD73E65B57E4D288AE4F
Requests: 3 HTTP requests in this frame

Frame: https://5994599.fls.doubleclick.net/activityi;dc_pre=CMmQkruq54IDFf5YkQUdb5EEQQ;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=7747077862176.445
Frame ID: C572DB2B76A2EC577C82008B33085405
Requests: 2 HTTP requests in this frame

Frame: https://hal900023.redintelligence.net/request_content.php?s=19872200158888404444550012522023&a=8f3e0961
Frame ID: ECFEDA52CCBCA563840B3E3C39D3BBDE
Requests: 6 HTTP requests in this frame

Frame: https://as.ad4m.at/ad/dr?ed=1hcbxchkxxtv3yyds07nwjbx3ga74p6vsmwjjfffzw6hdzt0zk1ztqywtdnbz2c54qjamntqmhpvpw9k1hc1vrt8md4hbgwvcw7ph530ks8nn6pgjsv8hz2rq65sb7dmr1k5s0269vcjn7030tx3qegksa4qh9dptmr8wzngj1ext3fyq5ah61wgdg945wtvsdjhevdz2e1mk9ed0x46azc6wm9g7mcykefr26zar03b0bfhsydag5e6486vhx6drcg7xqfj62q5tg86dcbjw41qtyq4ednhjq4xj8kh3zrykszbq58gjch7wdz5kw39yddarqn1tmb8sgx1rap0kgpdwqazape4yf0510eez6240kgkcrq4yhbzsvjd3nd5s52hck4n664fh9gbj7panpxwjtrth9hrhyfj9k1602vfpspqar00&x=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCKDGHdDJmZbuTEdqS4_UP_vO9iAiQ4YGEXLaoworwAsCNtwEQASAAYJWCgICYB4IBF2NhLXB1Yi02NTkzNTIzMjEwMDEwMTU0yAEJqQKcXkyLdl-yPqgDAcgDAqoE6QFP0PDdAk83JawtnOUZWG5AxIEGH19BxcviB1AHNMDgTDKIKKatzIt05nWnia6-BWpJWePvCOovvhAfzDtL-ucbNnMHJluzKKwfqvIHUF7BNdQsF359HLMbk1RMB36fKiuUfAcU4Ss1z-uF8FDOJCUvi4drn6iNgK4B5hzdC3Cr6iMSiKW8rrNO2nd_9QFO77Ie-9xytUB_2GmhilEwgCL8vhLdGGVFZoad9-7U1Au7BIIuP0a0n0sVXDSk92B6SqWx9YSLF_jGMF0UFIveBFCbM0VMOsj300a1Tc8RWighTD_oz8ZGh39jHoAGgoaOsvyw2Zb6AaAGIagHpr4bqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCBQIgOGAEBABMgKqAjoCgEBIvf3BOvoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_3FwOQMqPyg8CUCKkxXgK-9lhIGdA%26client%3Dca-pub-6593523210010154%26adurl%3D
Frame ID: B41D71F5D2284D909EACB22C5714D5D5
Requests: 5 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 693C467889B3E7A25B4B826FA763EF08
Requests: 9 HTTP requests in this frame

Frame: https://as.ad4m.at/ad/dr?ed=1he03nfvwrszwwca1v7cz4x9xrr8erzv26z5r3zqw4p3knw8zrgptdp8pxh5r9cdqks2kd3df7raea4mhdzpe5v83jfqeaxehtg3h2d5k40a50ne11gcc9dce1hxbdh5gbfvhdgx24q084725z9tevy9st0q8eqk7t9maxrp9qapmwwph1wa5pr8aa1vcxchtshs4br68ypm7mx103063vs44z9kc2734k3f85j6h18ebsy5grd45cjjhymqn0r7y7bk0z8p0sseckf7a3hr0qs5srkw5sc8s9gcbqsqhppmczphem119dy8tqxsrnctat6w5c4h8tzy4cefw3ep4wkdhw6ssc75z6hjtcf2f1p804ps8wk4h01xxh62zppwxv00qtzrjehjs8gth5hyqmkfzv1hr1zd7kypec5btchcqa8h&x=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCYHZhdDJmZaPGG_a5n88P8sS48A6Q4YGEXLaoworwAsCNtwEQASAAYJWCgICYB4IBF2NhLXB1Yi02NTkzNTIzMjEwMDEwMTU0yAEJqQKcXkyLdl-yPqgDAcgDAqoE6QFP0CC1bbj-T_ZdipGf0nvJ-D7eR_NQuSbuf-kmw62IzHRWN6r7EeDmzwmynHGe2lYtcDhcVxMdogOiCKouUh4daIM6fvnEXWIlrGmANz9zIwWA-pb3v5O7tatdbBDkAll1_OIwp1DxHvdIuZ9NyNIwMHgZgJ-fG-fzLKIstS7stAXpKBpCCNiYEQGgpb5nFK0x1H2gBRlyWB5W8YL9IEOXREWQ7gy-xeftLgMqkSFPea1iH5t4EiwU9F_IpseZ7TA-J8GWeUQI8AH0zVb9Vwp2wbl64TKLIicsgua6vsFE8wdY9jAJGqZdeIAGhpG7mv_1zaN4oAYhqAemvhuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIFAiA4YAQEAEyAqoCOgKAQEi9_cE6-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_3_HPA47LbvoBecTz13CSMG-gFA0Q%26client%3Dca-pub-6593523210010154%26adurl%3D
Frame ID: E69A8448E6CB8AFBB7D85F0B8B1323F1
Requests: 5 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: E1ABB9BB44A2336F6DE9A346F20D09EB
Requests: 9 HTTP requests in this frame

Frame: https://ad4m.at/frame.html
Frame ID: 05E6BF692D96082D767C1C50B669579C
Requests: 1 HTTP requests in this frame

Frame: https://ad4m.at/frame.html
Frame ID: 00400ACD1922610A7DBC82AA409F3053
Requests: 1 HTTP requests in this frame

Frame: https://as.ad4m.at/ad/dr?ed=1gdzset4rbp2vtq3nb361xdgvneta1pa37sc1tv8jn5pwjyvtg8f9rtmez49yqqhbhrecdnqe6rws6h52w7vy9kdzayzd4cx877ewnqgth21sw7nwr6bde97cm6rx1vfsjcrpn642ex28gwzqvsnszvghgmvx1p77nfg4tm3vnsc7pahbsr4zy76dbtnn55k1t5g4prkd8fm66qr6jaxtw59zxq552bt5f65gcetk97kwvhyyqxx3y1bp63dyreexj1mar3hmmv2nt177sj4rxynfc271c131kbs45p8wnaq6tranevgzzt02sjk232wz17pd2xt8erkwq38851jk7ptc947qp7yvbemgpbgre8x2van8kvhspgrs4a6mhdf5z4610rqj6hegbda79a7b9617h3wmj7892hp3gzee4wrnz7smtwgdzdvb7hnywdp1425j76y&x=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCEr18dDJmZZm2I-ON4_UP496YqA6Q4YGEXLaoworwAsCNtwEQASAAYJWCgICYB4IBF2NhLXB1Yi02NTkzNTIzMjEwMDEwMTU0yAEJqQI9a6tbPGiyPqgDAcgDAqoE6QFP0FIkyqpbuVfpH1xFpj3yZVAK_bOgfOfbFbcgz5Ky1ll-76X7M-a5sW515FmY5PwmuyZA19N82g4ZK3bvXmYYCC6zmYGoN_NQyFUsk5WCOme_VxTU_SR_Lgo7EsYkk97Om0Fr3jWEgXSixsOp45XyqYUU6i-NLjfQRLHNXkUV2K2Z0ZxX9ZpRx4uiTpFv-ITXFEQlE7-glXRPzA2HdCmGyDdTTMHbWU-EArm1hopQ5XMbUFUkR5zWAJOSvTt4eaI9fb7yqLBwgDOWNCnNN_0_0Y_3QsIWff0kx61w711boiFE8LOTp1ck4IAGx5G4oZi-xt9soAYhqAemvhuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIFAiA4YAQEAEyAqoCOgKAQEi9_cE6-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_3-7Eah-7OeorWzVhdhnI7NuokisQ%26client%3Dca-pub-6593523210010154%26adurl%3D
Frame ID: 6D0C042D2CB17E8269615170D0389111
Requests: 5 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 0A4AA403C5CFCCCB446CC30696FA6288
Requests: 4 HTTP requests in this frame

Frame: https://as.ad4m.at/ad/dr?ed=1kcjq0qrdjt2h9973v6b9n7mm8ycm9j18k6nk1rfg6s435ek7a6jc373jtzfgnpxcdqq8aq26xwjj43hnqe24tpakt6efnd2veh7rvf28rgc59p2gyq1jzsmzfbh085g7qrbq3nf2n68bpb72gf58by56k5rrt5wjfs3ttnfb25e57ekn6h4qwf0hp5gvyqnvzsbxcq4nt8rbpt1ep9dx5g4y1bzzrgjd1s2dcn09ecxx4t407p6t379yzf46ftf2ncpc2f32cxrymrj4a3amh63n8x25rgtxj8dbbw7cnfbp761qnjkskkpbqjca3vpjjjtbt2rntse98x3rc916tv25jxyzagxz0r6r9e2f69vqt9089236f88tazn4p77g30y56g4f989mtha63tyq0xf3czfs9qs17qgvbhmcw3mpt1e9s71j&x=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCdDRDdDJmZdTlJ6rK998PkaeigAqQ4YGEXLaoworwAsCNtwEQASAAYJWCgICYB4IBF2NhLXB1Yi02NTkzNTIzMjEwMDEwMTU0yAEJqQKcXkyLdl-yPqgDAcgDAqoE6gFP0GSSNGuPZP6btp8oIK5frUXy3J-wWwSauAsN0Fh42wI8HcIvPBtSUWvRFaVHJfy9qlydzMUD3KOvrr7F2zicyP8dSuMo2egcCJR6GfmQxW8GHa_V-vv1wVQY_kmXZSXXK0k5zwIDazLsBvqJqqjKJeERD-dI48li3Oqc6OvzxVaUJMPVsqdMjNDRIt8bIVrbySwPxJVrIgZf8NGIfgbIdzHNuJl_enzB31CvoCt6Hs4WB0zbGp7WhQk_GkhkXUfWQHlLsiwaKxY5dWCixRqwJUjAznUwb-C2wXG9aPNnW0zbjiSFz7Oj0T2ABq20_5ik46TPIqAGIagHpr4bqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCBQIgOGAEBABMgKqAjoCgEBIvf3BOvoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_0KHn4mXPdoe_fe3yBWHXHoYfrjZg%26client%3Dca-pub-6593523210010154%26adurl%3D
Frame ID: E05E19468FF031CD999DA45F1E32BE6B
Requests: 5 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: E9218CA394A4BADCDA32565E0A061573
Requests: 4 HTTP requests in this frame

Frame: https://as.ad4m.at/ad/dr?ed=1jzjaensskpm816x8e7m86y07zg1d7mhaxmcbn5yfpeqj28dtf2e26asgp71v8t43zyzw6pxwy05p86m15tkye94r3e0s5xwq1n9zbxxx1nvpydawdzwc5e52ryx5qnkwj67at1t7qxr4gzspzwaymv6mqg8nscf4ky6kqfsexmttfscfmxg84w0ne5hjgcdnarmt2tcestwp70v7dgmphf5cg692x2qk3g82ngky1qe5t8z5rxqdkrqq5mdmrseq5qywj2jjt282mb5krqtpzjrnk3srx0zhpsveq33kw3h3h7f2btxe6hc3r33j3x2zxnzret9tf263660sgbe1846dp61hpyhz07f5d88x1e3cchn9r3qevzkvwm9ytcjec0gzmgdft28xg75f9pmwe8qbw7fkgcamwnamrx2qnygh0bvnjrr5wdj29wt789dxq3vvsga&x=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCvdv8dDJmZYyoH6_OkPIPy9iN4AeQ4YGEXLaoworwAsCNtwEQASAAYJWCgICYB4IBF2NhLXB1Yi02NTkzNTIzMjEwMDEwMTU0yAEJqQLQvqB80mqyPqgDAcgDAqoE6QFP0HVSySJARTVk_Ue2gMFxYof1GbLy69hYaz94OBq_IXCQ1apdyNkozvzzdPxrIcIcUV2x_BgE7fRvzqEvnbiP13oDZS07hT8p6O_JCFn7Gsl9U7BrleW7TSNKIg2hsBU-jJmrIQ6JtOoJC-DFLzmvGc_JfOJaVIQvb5G9zMXklRaLAtqlO9QYBZGOxoTdGljU9WPftZmtNqErXlobr_45r_hslIdRFO3oIifQeso88JfDoWQcNbbGd8dMw5D-Afa61J3MkAeieqnHcsm3f_4ooqIk3PjkfxuBaUoYGNYGS90_GHWmT987sYAGxe-ql6zq8qYcoAYhqAemvhuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIFAiA4YAQEAEyAqoCOgKAQEi9_cE6-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_1pg0Z1J5xeFijqk4mbWJDG4sM7aQ%26client%3Dca-pub-6593523210010154%26adurl%3D
Frame ID: 63B5A06A07CBD1B818981150459B4D5C
Requests: 5 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 6A7EC5948B67FD2D7708A7CEA1B3B7CB
Requests: 9 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 734BD17118804969E8C6603699002D0F
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 6C36BB7FDB3121C183786B40576E9947
Requests: 2 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 5017718FB7791A6F0814945025259E43
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: A62A4950A9A28EC40AE540D8705E35A6
Requests: 2 HTTP requests in this frame

Frame: https://ad4m.at/frame.html
Frame ID: 4A23FD4368C64263727E71A5934DD20A
Requests: 1 HTTP requests in this frame

Frame: https://ad4m.at/frame.html
Frame ID: 97D4DD224FA0C266A3A6400DEC52F024
Requests: 1 HTTP requests in this frame

Frame: https://ad4m.at/frame.html
Frame ID: 978FFF52F3FF7255B88E93EB3FF09A96
Requests: 1 HTTP requests in this frame

Frame: https://as.ad4m.at/ad/rar?a=537178%2C13957%2C59372&b=8RZUDf8fZQ3phgHJHEtxtkbjfGSwT8J9TzD%2CYxGfrf3f9RxFVH9HetQtRR8ckS1T4pJcJQ%2C13ZsbfKfD47Xt9HdH9tAtb9rC2SKT7Mjf9b&f=ZxJfwfBf8rjdtmHDHDtDCJW8T6SXTx3qa27%2Cq4VSmfWfbPBuZHgHDtRCXXxaeSgTA2japQ%2CwA3SdfjfDQ58tEHRH2tEC867tzSATDzRTXj&c=728&d=90&e=&g=9e04326b27acc2263ef14a5b41e0219a%2F12202485594778751933&i=21596%2C20774%2C26474&j=16%2C14%2C41&k=0&l=0&m=0&n=&p=&q=&o=suite_Netmix_Reach02_SSP_CONTROL_ADX&r=1701196405358&h=https%3A%2F%2Fas.ad4m.at%2Fdct%3Fed%3D1k0z19rg6y6bzm8twfamjqw1tkk5a4se2thq97kn2vtzcnr20r2zdygwjfahbyj7jz14gd71daa4qjkawedvzmsxrnp9asskhm7kejtywxa927w0b9nbwjbz339bss4ncxzb8vp273jz3egxj8cnd230w548jc4wvd85004cs3aewkxpa8ngf628nkw01ymfxp0ztgej6caepyhc1da1qtqx6mz5z8btn4zcxy5nmhw4pg9pq4m575z3g77x7g0r19wp01wnv72ya0wbjymg%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DCYHZhdDJmZaPGG_a5n88P8sS48A6Q4YGEXLaoworwAsCNtwEQASAAYJWCgICYB4IBF2NhLXB1Yi02NTkzNTIzMjEwMDEwMTU0yAEJqQKcXkyLdl-yPqgDAcgDAqoE6QFP0CC1bbj-T_ZdipGf0nvJ-D7eR_NQuSbuf-kmw62IzHRWN6r7EeDmzwmynHGe2lYtcDhcVxMdogOiCKouUh4daIM6fvnEXWIlrGmANz9zIwWA-pb3v5O7tatdbBDkAll1_OIwp1DxHvdIuZ9NyNIwMHgZgJ-fG-fzLKIstS7stAXpKBpCCNiYEQGgpb5nFK0x1H2gBRlyWB5W8YL9IEOXREWQ7gy-xeftLgMqkSFPea1iH5t4EiwU9F_IpseZ7TA-J8GWeUQI8AH0zVb9Vwp2wbl64TKLIicsgua6vsFE8wdY9jAJGqZdeIAGhpG7mv_1zaN4oAYhqAemvhuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIFAiA4YAQEAEyAqoCOgKAQEi9_cE6-gsCCAGADAHQFQGAFwE%2526num%253D1%2526sig%253DAOD64_3_HPA47LbvoBecTz13CSMG-gFA0Q%2526client%253Dca-pub-6593523210010154%2526adurl%253D&y=1&s=&z=0
Frame ID: 9C7AD1F847FFFC0764D9162A0955BD6E
Requests: 11 HTTP requests in this frame

Frame: https://as.ad4m.at/ad/rar?a=23576%2C19769%2C117569&b=YX1Hrf15spBpHVH9HetQtRR8cAT1T6mHr%2C2xqt6fRQfDrbSVHWHkt8txZPcWT7TEYcg%2CApEhYf9mueRQdhAHRH4tkt3D6c7T4T1Ec9&f=qDRUmfD7H757CZHgHDtRCXXxaPTgTVZF3%2C4BxHEf1Ks2P6fGH9HdtzCmwPFZTpTjRHK%2CMYrCzfjQsGkwrSWHEHGtQCDkPF9T4T2gu3&c=728&d=90&e=&g=c6a840d15744955f3c417d5ab59f8dff%2F2801191726136609819&i=20774%2C21630%2C29981&j=14%2C16%2C16&k=0&l=0&m=0&n=&p=&q=&o=suite_Netmix_Reach13_BlackFridayPush&r=1701196405366&h=https%3A%2F%2Fas.ad4m.at%2Fdct%3Fed%3D1krqjczj8csskprz0ftme550yr1zt2m4zzjw8by0hb92qsgyqbnt4dj339htgg3z5z4ndrcjhw8p0revm2tfy0wgntb73ps2v00gag0z9x6fz8he0a94tc3gwqe5d6xdtr7p58j6mq00tm3770qxhx9awq6c5k2ybp5h8tvxk3v687wt6zwhdcy6458egp8rxkxvgsfmg93e945yte1grc457cerv37wnpvqazqz14sr76rbmwdn15kdzrcdn7pkygzevkhdtjmt0khrx3kg%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DCKDGHdDJmZbuTEdqS4_UP_vO9iAiQ4YGEXLaoworwAsCNtwEQASAAYJWCgICYB4IBF2NhLXB1Yi02NTkzNTIzMjEwMDEwMTU0yAEJqQKcXkyLdl-yPqgDAcgDAqoE6QFP0PDdAk83JawtnOUZWG5AxIEGH19BxcviB1AHNMDgTDKIKKatzIt05nWnia6-BWpJWePvCOovvhAfzDtL-ucbNnMHJluzKKwfqvIHUF7BNdQsF359HLMbk1RMB36fKiuUfAcU4Ss1z-uF8FDOJCUvi4drn6iNgK4B5hzdC3Cr6iMSiKW8rrNO2nd_9QFO77Ie-9xytUB_2GmhilEwgCL8vhLdGGVFZoad9-7U1Au7BIIuP0a0n0sVXDSk92B6SqWx9YSLF_jGMF0UFIveBFCbM0VMOsj300a1Tc8RWighTD_oz8ZGh39jHoAGgoaOsvyw2Zb6AaAGIagHpr4bqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCBQIgOGAEBABMgKqAjoCgEBIvf3BOvoLAggBgAwB0BUBgBcB%2526num%253D1%2526sig%253DAOD64_3FwOQMqPyg8CUCKkxXgK-9lhIGdA%2526client%253Dca-pub-6593523210010154%2526adurl%253D&y=1&s=&z=0
Frame ID: A4DEC8A137AC9F7A1CD75817F1A0E4F9
Requests: 11 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: C14C43E14B89C36B5E0E8D3801EFEBAC
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: DBB15750CDDC3D9CE3E562AF0CA0244B
Requests: 2 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: C8F90FF1246920FAAF4FAD55BB836476
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 6C22E7C3AFA6C9C1E9909A6555500742
Requests: 2 HTTP requests in this frame

Frame: https://as.ad4m.at/ad/rar?a=197862%2C537178%2C19769&b=Rx3HgfQfGPqeUkHwH3tQtw2A7u9SzTYMAhB3zZ%2CEjgSDfEfARG7szHAHjt4t4AQTKSVTYr3hBgQ5%2C8R3cDf8f2qZfgHJHEtxtkZEhGSwTpQZtbw6A&f=QxWH4fjfP93YUxH5HYt9CbqrpT6S4TGD4HEzJ5%2CADYaYfqfbZr3UAHRH4tMCM7duRS4TRrAH3JMm%2CZxqHwfBf6A8UmHDHDtDCJQ2a6SXTQRBuY51p&c=728&d=90&e=&g=f986f2a28a231ec2f8a2ecd1a16e4e0e%2F5561404505445612745&i=71725%2C21596%2C21630&j=21%2C16%2C16&k=0&l=0&m=0&n=&p=&q=&o=suite_Netmix_Reach118_EXTRAPUSH&r=1701196405476&h=https%3A%2F%2Fas.ad4m.at%2Fdct%3Fed%3D1kccfd466hbbd9fq7137zqep6eq1vc1c6et7rj0z9jws3gjf9jprsxpnqr34rkk3s1kes6dv16tdgdypqbf06n28534heh8a9hr53hx5rdgyd5tccxm3vfj15qb0yn1tm4safddjj7bny1ve9w71yg951m53wpja4x9fv043wm6mr43q9n4k907k9gdypczaf3ys4gjeamgybd8zgegy7vrr222m14m5qq7g8h1hw31mj2pe959zk4nmqp54rqw1fyfxnazq0r9a5wn450pvyg9p%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DCEr18dDJmZZm2I-ON4_UP496YqA6Q4YGEXLaoworwAsCNtwEQASAAYJWCgICYB4IBF2NhLXB1Yi02NTkzNTIzMjEwMDEwMTU0yAEJqQI9a6tbPGiyPqgDAcgDAqoE6QFP0FIkyqpbuVfpH1xFpj3yZVAK_bOgfOfbFbcgz5Ky1ll-76X7M-a5sW515FmY5PwmuyZA19N82g4ZK3bvXmYYCC6zmYGoN_NQyFUsk5WCOme_VxTU_SR_Lgo7EsYkk97Om0Fr3jWEgXSixsOp45XyqYUU6i-NLjfQRLHNXkUV2K2Z0ZxX9ZpRx4uiTpFv-ITXFEQlE7-glXRPzA2HdCmGyDdTTMHbWU-EArm1hopQ5XMbUFUkR5zWAJOSvTt4eaI9fb7yqLBwgDOWNCnNN_0_0Y_3QsIWff0kx61w711boiFE8LOTp1ck4IAGx5G4oZi-xt9soAYhqAemvhuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIFAiA4YAQEAEyAqoCOgKAQEi9_cE6-gsCCAGADAHQFQGAFwE%2526num%253D1%2526sig%253DAOD64_3-7Eah-7OeorWzVhdhnI7NuokisQ%2526client%253Dca-pub-6593523210010154%2526adurl%253D&y=1&s=&z=0
Frame ID: 1EDAC0E64F56A2ABFE4D3639923166C1
Requests: 14 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: E874713C4FD0ED6167E65A9D888B9912
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 54FD63B5EDFEDF764E5B98ECB5620A49
Requests: 2 HTTP requests in this frame

Frame: https://as.ad4m.at/ad/rar?a=23576%2C19769%2C117569&b=YX1Hrf15spBpHVH9HetQtRR8cAT1T6mHr%2C2xqt6fRQfDrbSVHWHkt8txZPcWT7TEYcg%2CApEhYf9mueRQdhAHRH4tkt3D6c7T4T1Ec9&f=qDRUmfD7H757CZHgHDtRCXXxaPTgTVZF3%2C4BxHEf1Ks2P6fGH9HdtzCmwPFZTpTjRHK%2CMYrCzfjQsGkwrSWHEHGtQCDkPF9T4T2gu3&c=300&d=250&e=&g=4f80aa19514401d9b49d42dc5b2ebe20%2F2104205774622579060&i=20774%2C21630%2C29981&j=14%2C16%2C16&k=0&l=0&m=0&n=&p=&q=&o=suite_Netmix_Reach13_BlackFridayPush&r=1701196405672&h=https%3A%2F%2Fas.ad4m.at%2Fdct%3Fed%3D1g4a3p4g46dt5gz0cznkc2kt1ch8xvjfg27k43edb6w8qjkbtvsnfsac9taf3dv1mpq3hbp3fvdwkq8tsg4p96hvyp4567s834cqn0ej2y2mg86ngbmzqytgc3sv3exm8v74phsv5gvsd80zjzp2raah5xbnm4nrbmnr1jj7p5vtwhgkjc315zv8x7nqsxwhxhjw5wsk70f5qkbjq4nna49e7s3ab1vnf2fm3c1xzayn0xskkx92dk59bzrwsg4nxq95zffrhfcvce3bg47g%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DCdDRDdDJmZdTlJ6rK998PkaeigAqQ4YGEXLaoworwAsCNtwEQASAAYJWCgICYB4IBF2NhLXB1Yi02NTkzNTIzMjEwMDEwMTU0yAEJqQKcXkyLdl-yPqgDAcgDAqoE6gFP0GSSNGuPZP6btp8oIK5frUXy3J-wWwSauAsN0Fh42wI8HcIvPBtSUWvRFaVHJfy9qlydzMUD3KOvrr7F2zicyP8dSuMo2egcCJR6GfmQxW8GHa_V-vv1wVQY_kmXZSXXK0k5zwIDazLsBvqJqqjKJeERD-dI48li3Oqc6OvzxVaUJMPVsqdMjNDRIt8bIVrbySwPxJVrIgZf8NGIfgbIdzHNuJl_enzB31CvoCt6Hs4WB0zbGp7WhQk_GkhkXUfWQHlLsiwaKxY5dWCixRqwJUjAznUwb-C2wXG9aPNnW0zbjiSFz7Oj0T2ABq20_5ik46TPIqAGIagHpr4bqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCBQIgOGAEBABMgKqAjoCgEBIvf3BOvoLAggBgAwB0BUBgBcB%2526num%253D1%2526sig%253DAOD64_0KHn4mXPdoe_fe3yBWHXHoYfrjZg%2526client%253Dca-pub-6593523210010154%2526adurl%253D&y=1&s=&z=0
Frame ID: 3FD6FEBDB8443FF90AF796363D344184
Requests: 11 HTTP requests in this frame

Frame: https://as.ad4m.at/ad/rar?a=196438&b=GjMSBfpfXwx9UKHeHGtPt31dHZSYTJ78sQVeB&f=Vx4HwfmfDjJEfVHbHAtXC8j4cBSzTgbrUDJdX&c=320&d=50&e=&g=1b683d6e216a1c1a76b16929036d83eb%2F12050752044450707625&i=25174&j=16&k=0&l=0&m=0&n=&p=&q=&o=suite_Netmix_Reach118_EXTRAPUSH&r=1701196405672&h=https%3A%2F%2Fas.ad4m.at%2Fdct%3Fed%3D1kjzrfksrn9jmrvxcgz32hbqge0v0ghmpknb2fkn41bh7djtbf3r6f9j9sjr392bvpj2yh1ksb6a8yvrbzmyp6nw691t3a1kmnswwekpeg5bjapen6dff5snyptmp1158hg2qkm62dt8p3bryv4f4m0kxjne0evg782z6jk6sthea4rd0x5defgyr7nd95ss2a00jtdq3ezv41dvq2ty461kbkayzc6hprcjyc2sxvnfqjfygttq5kbvhfvws5cdzqv7ax7pvz5d5k3jyevbebyp%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DCvdv8dDJmZYyoH6_OkPIPy9iN4AeQ4YGEXLaoworwAsCNtwEQASAAYJWCgICYB4IBF2NhLXB1Yi02NTkzNTIzMjEwMDEwMTU0yAEJqQLQvqB80mqyPqgDAcgDAqoE6QFP0HVSySJARTVk_Ue2gMFxYof1GbLy69hYaz94OBq_IXCQ1apdyNkozvzzdPxrIcIcUV2x_BgE7fRvzqEvnbiP13oDZS07hT8p6O_JCFn7Gsl9U7BrleW7TSNKIg2hsBU-jJmrIQ6JtOoJC-DFLzmvGc_JfOJaVIQvb5G9zMXklRaLAtqlO9QYBZGOxoTdGljU9WPftZmtNqErXlobr_45r_hslIdRFO3oIifQeso88JfDoWQcNbbGd8dMw5D-Afa61J3MkAeieqnHcsm3f_4ooqIk3PjkfxuBaUoYGNYGS90_GHWmT987sYAGxe-ql6zq8qYcoAYhqAemvhuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIFAiA4YAQEAEyAqoCOgKAQEi9_cE6-gsCCAGADAHQFQGAFwE%2526num%253D1%2526sig%253DAOD64_1pg0Z1J5xeFijqk4mbWJDG4sM7aQ%2526client%253Dca-pub-6593523210010154%2526adurl%253D&y=1&s=&z=0
Frame ID: B04473C3508E3E4067E490CC91CC8F58
Requests: 5 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 74210346BDBF1958BEA1EE3094FF86DD
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 6C3ED6586F870C790BD41B872C05F3AF
Requests: 2 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: B3CC64243DDD01C479C51BA184FF335D
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: E838E22916B0CA0963A6319783E7E6C8
Requests: 2 HTTP requests in this frame

Frame: https://foreks.com/netmera_worker.html
Frame ID: 95AABE7253E686D74B8C6086C475BC4B
Requests: 3 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: A998322AFBB20D1E37A3A264EFCC2A13
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 733CB0BBB45700216FAF13B8353AF3A7
Requests: 2 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/hhrtBw21.html
Frame ID: D6BF32EB8FC80D665E21F70388C2882F
Requests: 3 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Piyasalar, Canlı Borsa, Döviz, Altın Fiyatları - Foreks

Page URL History Show full URLs

http://foreks.com/ HTTP 301
https://foreks.com/ Page URL

Detected technologies

Nuxt.js (JavaScript Frameworks) Expand

Overall confidence: 100%
Detected patterns

/_nuxt/

AppNexus (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.(?:net|com)

DoubleClick Ad Exchange (AdX) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

tpc\.googlesyndication\.com/safeframe

DoubleClick Campaign Manager (DCM) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

2mdn\.net

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/
2mdn\.net

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js
googletagmanager\.com/gtag/js

OpenX (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.openx\.net

Webgains (Affiliate programs) Expand

Overall confidence: 100%
Detected patterns

analytics\.webgains\.io

jsDelivr (CDN) Expand

Overall confidence: 100%
Detected patterns

//cdn\.jsdelivr\.net/

Page Statistics

690
Requests

94 %
HTTPS

47 %
IPv6

70
Domains

108
Subdomains

87
IPs

11
Countries

10365 kB
Transfer

47107 kB
Size

71
Cookies

30 Outgoing links

These are links going to different origins than the main page.

URL: https://www.forinvest.com/
Title: ForInvest

Search URL Search Domain Scan URL

URL: https://www.forinvest.com/destek
Title: Destek

Search URL Search Domain Scan URL

URL: https://www.forinvest.com/business
Title: Çözümlerimiz

Search URL Search Domain Scan URL

URL: https://www.forinvest.com/aboutUs
Title: Hakkımızda

Search URL Search Domain Scan URL

URL: https://www.forinvest.com/careers
Title: Kariyer

Search URL Search Domain Scan URL

URL: https://www.forinvest.com/contactUs
Title: Bize Ulaşın

Search URL Search Domain Scan URL

URL: https://twitter.com/ForeksDigital

Search URL Search Domain Scan URL

URL: https://www.instagram.com/foreks_digital/

Search URL Search Domain Scan URL

URL: https://www.forinvest.com/fx-plus
Title: FXPlus

Search URL Search Domain Scan URL

URL: https://twitter.com/ForeksTurkey?ref_src=twsrc%5Egoogle%7Ctwcamp%5Eserp%7Ctwgr%5Eauthor
Title: Twitter

Search URL Search Domain Scan URL

URL: https://www.youtube.com/c/ForeksHaber
Title: Youtube

Search URL Search Domain Scan URL

URL: https://www.instagram.com/foreksturkey/?hl=tr
Title: Instagram

Search URL Search Domain Scan URL

URL: https://www.forinvest.com/?utm_source=maindomain&utm_campaign=basic&utm_content=canli-borsa-buton
Title: Canlı Borsa

Search URL Search Domain Scan URL

URL: https://cta-service-cms2.hubspot.com/ctas/v2/public/cs/c/?cta_guid=513ed2a5-12aa-48ff-b2fa-34610662b79e&signature=AAH58kH9U60a1w8VxuBCgf2amFIlZ3_Lww&placement_guid=ecc136ef-40f2-4547-bee9-f39c75a1114d&click=193e7a3e-5548-40b7-aece-0e73e7cfdc1d&hsutk=&canon=https%3A%2F%2Fwww.foreks.com%2Fhaberler%2Fekonomik-takvim&portal_id=6100458&redirect_url=APefjpHA6VU9V7DAqMnAran2n4U5ORo15YbmduyR7nmOSICjdaz4c8snIR9yhzWg87S31cnTMNHgnAc-nqJBGTN3UY6UKBz1qfn_5-9-T4sj6eUbUCe5SN8
Title: Ücretsiz FXPlus Demo

Search URL Search Domain Scan URL

URL: https://www.forinvest.com/?utm_source=maindomain&utm_campaign=basic&utm_content=mbl-canli-borsa-buton
Title: Canlı Borsa

Search URL Search Domain Scan URL

URL: https://www.forinvest.com/?utm_source=maindomain&utm_campaign=basic&utm_content=hemen-basla-buton
Title: Hemen Başla

Search URL Search Domain Scan URL

URL: https://www.youtube.com/channel/UCBbRYu2nqeGGsRrKu5jh-Pw
Title: Tümü

Search URL Search Domain Scan URL

URL: https://www.youtube.com/watch?v=sDwWi4H67nI_channel=Foreks%20Haber

Search URL Search Domain Scan URL

URL: https://www.youtube.com/watch?v=ze5GrW3hvgE_channel=Foreks%20Haber

Search URL Search Domain Scan URL

URL: https://www.youtube.com/watch?v=M3fnfLqEDTs_channel=Foreks%20Haber

Search URL Search Domain Scan URL

URL: https://www.forinvest.com/paketler?utm_source=maindomain&utm_campaign=basic&utm_content=lp-popup
Title: Kolay, Akıllı, Ayrıcalıklı Yatırım! Canlı Borsa verileriyle her an, her yerde kazan! ŞİMDİ KEŞFET

Search URL Search Domain Scan URL

URL: https://twitter.com/ForeksTurkey

Search URL Search Domain Scan URL

URL: https://www.instagram.com/foreksturkey

Search URL Search Domain Scan URL

URL: https://www.facebook.com/forekshabermerkezi

Search URL Search Domain Scan URL

URL: https://apps.apple.com/tr/app/foreks-mobile/id348143599

Search URL Search Domain Scan URL

URL: https://play.google.com/store/apps/details?id=foreks.android&hl=tr

Search URL Search Domain Scan URL

URL: https://appgallery.huawei.com/#/app/C102166151

Search URL Search Domain Scan URL

URL: http://dl.foreks.com/destek/TeamViewerQS_tr-idcag5kvr9.exe
Title: Karşıdan Yükle

Search URL Search Domain Scan URL

URL: https://www.belgemodul.com/sirket/2681
Title: Bilgi Toplumu Hizmetleri

Search URL Search Domain Scan URL

URL: https://etbis.eticaret.gov.tr/sitedogrulama/4922722816AD483FBC669663C3D31260

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://foreks.com/ HTTP 301
https://foreks.com/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 6

https://cdn.netmera-web.com/wsdkjs/OcYc2nxy4-IE1PVMgxSo2cIXLNyzI3PXAb6uUisJim44jRp89r7eWQ HTTP 302
https://ntm.netmera-web.com/wsdk2/nmweb/netmera_sdk.js

Request Chain 207

https://oajs.openx.net/esp?url=https%3A%2F%2Fforeks.com%2F&rid=esp HTTP 302
https://oajs.openx.net/esp?url=https%3A%2F%2Fforeks.com%2F&rid=esp&cc=1

Request Chain 233

https://gum.criteo.com/sid/json?origin=publishertagids&domain=foreks.com&sn=ChromeSyncframe&so=0&topUrl=foreks.com&cw=1&lsw=1&topicsavail=0&fledgeavail=0 HTTP 302
https://mug.criteo.com/sid?cpp=HL8HQ3xnZzF1YVdmcE12Um9PdVEyU003Q3FCbGVoSFY3MGxEbk1YdHRSK1dkMTNxOGs0QWZsejZtTjlBT0EwUkRyaU9Ud2dJK1BPOVJ2SDVzaUdIRjZLdmFTWjl6cDJFcHlzVEdPb3ZHYU5iTmsxandUY05kL3IyUDNMT0ZlaWtON2R3aENnL0dGNDNGbVhsMWY2bFRLaWk4ZDhhc3J6Nm5YVXIyUnpmekVaTmlBcDRGa0haWjZaRUpKTzFRcWo5MHhFOHVxQ0lKOVBjbWhwUXFrQndTZjVxWUtLcXFnRlZjTEhOTU9TWDk1SDdKcGczcTArMEdxcW5GYTlDWUliUjd1cFhaeDNOUHQrdjIzK0dCWmlnb2g2b01hQT09fA&cppv=2

Request Chain 246

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEErCEbyRpwDsDQ58xZjgx3o&google_cver=1

Request Chain 247

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZWYyc0pImS5wPhHx7xk.iAAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEErCEbyRpwDsDQ58xZjgx3o&google_cver=1&google_hm=2

Request Chain 248

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESEGKrn4bk1h1mqnwHuVDhTqc&google_cver=1 HTTP 307
https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESEGKrn4bk1h1mqnwHuVDhTqc%26google_cver%3D1

Request Chain 249

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 307
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NDM0NTA2NTkxNDIzNTgxNDEyMg%3D%3D

Request Chain 328

https://hal900023.redintelligence.net/request.php?zone=g72h7lz2c4az&nw=20&renderingType=javascript&namespace=5338681b41&subid=&uid=52acbdb6958043a8&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=728x90&scrollPos=0x0&extData[]=&extVar[]=DV360_SSP%3A1&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCzepsczJmZYKMEuP0x_APqNCTMKblvaBphZWcp8kP8C4QASDAsoJrYJWCgICYB8gBCakCA7dZa_pfsj6oAwHIA5sEqgSPAk_QL-h2_fPGg2soJQ_MpIhdiQsGZjHRWuA8wX4CTJCqeZHERTomeZeqtJTAUTwkdXNC-UkHTh9aZiXG99RJI-KjZIUgaQCGwO979hxA8TCn-AT54QHYFLqRb9PR6NH4CDkDaJQiiOnzlMbWYFPfCZ9LuUPGEfVF6s3L0hOauRmHgKuKe835xFtGAEu4wY4vwtLJkZRIjCTjDnej2FVGsvvAn-_rKqY7JNr5KNJ0T_SVUo-7qY9ut3GKppHQXj7xYc_NXJipdYS_A0MPjTNI_IjmNf7yNOozp4hEEFsL1iyc0lE6kbwdjzN-7Fo2Y3BABiv98SWSVqUHKLWoES3lt87InsTgbrquG_wQU4c3u8vABOuP_I73A-AEA4gF76-WiD6QBgGgBk2AB6yt9Z8DqAfZtrECqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgH1ckbqAemvhuoB5oGqAfz0RuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIFgiA4YAQEAEYHTICqgI6AoBASL39wTqACgOYCwHICwGADAGiDBwqGgoY5LSxAu61sQK1uLEC5LSxAu61sQK7u7ECqg0CREXiDRMI2e68uqrnggMVY_oRCB0o6AQGsBOH77EV0BMA2BMDiBQB2BQB0BUB-BYBgBcB%26ae%3D1%26num%3D1%26cid%3DCAQSjAEAyAmmjdXSL2Y0H9VJCZPaQjCBCDib3R6BYIGbBFr_jtskmyabhZh9e9Xuhtm1M67gmsjsupyfTecZBADpuDdIL3MY5aR2eNE1xI2KIwdzE9qgeqThuD-Ka1MvLIU6is1B45i5EGJBFTy1NuZlZvrrq17sr4tR1-agymrF2_PW4EEG1Bij3B5MTHuEYxgB%26sig%3DAOD64_1Y_2-ZRR35yflblqF6XPIDJpVhfw%26client%3Dca-pub-7983651257838282%26dbm_c%3DAKAmf-CAyTXXbadhFSA-lCW5sl03Y8kf2jV4ee_yJ3UM3GG_jDfc_oenlYoLcVhmlZxi7tPn7uPXH5I8WXoDCAwNSymuqfTs3ffrEbZJK66bCp45vthPmsCsasZlvqx5xowCbTalV3xBNBcBLtzFZG0M0MziiNL5gpCMVvtH_EFl7l7-QsIWqAI%26cry%3D1%26dbm_d%3DAKAmf-Beg1XS4JDZUjbGc9rqDWed9CIwiN9gxtOFABEzs3iY0h6XoswKyfiXYoeBcUiBB3IMExVPrZ8jo1NQ-VsIgBicKRWuRV9FVeNTIiyZyGwt4nGMZmmNIPorKpp0iy5jUW-HITvP5CiudY2-bmTdZKByjMtcKDKDApUqkmSjhyYIlIserZhIO1R14ORKxLLkaMc8BN8AiMEVFzsDkoWzctwKY-4c23HWtV29I0L188aVrAcvGzjiQ9m9EBlUxmdCB1o92ZY70Hg3tQDKD-pARrVyVlybL859zSOdzO-EqXS3DwGaMYKa_H6vDi5wkcV8yumlHAwef6zt4pHI8U3DhwES6eXtmNhZlh4p5O3r5ahHzPtGErvnFjVGOyc4Ey5nAeThM7DYMecoU_GQejV91oQHv_hW9BhNxtYoL6Y07z-esAkXnp00jcz3ahM_GircBbj7I_zEQASg2F1OdE6AZ_z9aV16az_4fZsEQmZpd8BeD0khoonXo81e0oD5yKFf1M6EakLOCR5VT_Z2eiu9LAo7q_H3SNOURqaTcoCWUoHlcz3mhP4%26adurl%3D&documentReferer=https%3A%2F%2Fforeks.com%2F&ancestorOrigins=https%3A%2F%2Fforeks.com&random=4213995101089&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0 HTTP 302
https://hal900023.redintelligence.net/request.php?zone=g72h7lz2c4az&nw=20&renderingType=javascript&namespace=5338681b41&subid=&uid=52acbdb6958043a8&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=728x90&scrollPos=0x0&extData[]=&extVar[]=DV360_SSP%3A1&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCzepsczJmZYKMEuP0x_APqNCTMKblvaBphZWcp8kP8C4QASDAsoJrYJWCgICYB8gBCakCA7dZa_pfsj6oAwHIA5sEqgSPAk_QL-h2_fPGg2soJQ_MpIhdiQsGZjHRWuA8wX4CTJCqeZHERTomeZeqtJTAUTwkdXNC-UkHTh9aZiXG99RJI-KjZIUgaQCGwO979hxA8TCn-AT54QHYFLqRb9PR6NH4CDkDaJQiiOnzlMbWYFPfCZ9LuUPGEfVF6s3L0hOauRmHgKuKe835xFtGAEu4wY4vwtLJkZRIjCTjDnej2FVGsvvAn-_rKqY7JNr5KNJ0T_SVUo-7qY9ut3GKppHQXj7xYc_NXJipdYS_A0MPjTNI_IjmNf7yNOozp4hEEFsL1iyc0lE6kbwdjzN-7Fo2Y3BABiv98SWSVqUHKLWoES3lt87InsTgbrquG_wQU4c3u8vABOuP_I73A-AEA4gF76-WiD6QBgGgBk2AB6yt9Z8DqAfZtrECqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgH1ckbqAemvhuoB5oGqAfz0RuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIFgiA4YAQEAEYHTICqgI6AoBASL39wTqACgOYCwHICwGADAGiDBwqGgoY5LSxAu61sQK1uLEC5LSxAu61sQK7u7ECqg0CREXiDRMI2e68uqrnggMVY_oRCB0o6AQGsBOH77EV0BMA2BMDiBQB2BQB0BUB-BYBgBcB%26ae%3D1%26num%3D1%26cid%3DCAQSjAEAyAmmjdXSL2Y0H9VJCZPaQjCBCDib3R6BYIGbBFr_jtskmyabhZh9e9Xuhtm1M67gmsjsupyfTecZBADpuDdIL3MY5aR2eNE1xI2KIwdzE9qgeqThuD-Ka1MvLIU6is1B45i5EGJBFTy1NuZlZvrrq17sr4tR1-agymrF2_PW4EEG1Bij3B5MTHuEYxgB%26sig%3DAOD64_1Y_2-ZRR35yflblqF6XPIDJpVhfw%26client%3Dca-pub-7983651257838282%26dbm_c%3DAKAmf-CAyTXXbadhFSA-lCW5sl03Y8kf2jV4ee_yJ3UM3GG_jDfc_oenlYoLcVhmlZxi7tPn7uPXH5I8WXoDCAwNSymuqfTs3ffrEbZJK66bCp45vthPmsCsasZlvqx5xowCbTalV3xBNBcBLtzFZG0M0MziiNL5gpCMVvtH_EFl7l7-QsIWqAI%26cry%3D1%26dbm_d%3DAKAmf-Beg1XS4JDZUjbGc9rqDWed9CIwiN9gxtOFABEzs3iY0h6XoswKyfiXYoeBcUiBB3IMExVPrZ8jo1NQ-VsIgBicKRWuRV9FVeNTIiyZyGwt4nGMZmmNIPorKpp0iy5jUW-HITvP5CiudY2-bmTdZKByjMtcKDKDApUqkmSjhyYIlIserZhIO1R14ORKxLLkaMc8BN8AiMEVFzsDkoWzctwKY-4c23HWtV29I0L188aVrAcvGzjiQ9m9EBlUxmdCB1o92ZY70Hg3tQDKD-pARrVyVlybL859zSOdzO-EqXS3DwGaMYKa_H6vDi5wkcV8yumlHAwef6zt4pHI8U3DhwES6eXtmNhZlh4p5O3r5ahHzPtGErvnFjVGOyc4Ey5nAeThM7DYMecoU_GQejV91oQHv_hW9BhNxtYoL6Y07z-esAkXnp00jcz3ahM_GircBbj7I_zEQASg2F1OdE6AZ_z9aV16az_4fZsEQmZpd8BeD0khoonXo81e0oD5yKFf1M6EakLOCR5VT_Z2eiu9LAo7q_H3SNOURqaTcoCWUoHlcz3mhP4%26adurl%3D&documentReferer=https%3A%2F%2Fforeks.com%2F&ancestorOrigins=https%3A%2F%2Fforeks.com&random=4213995101089&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0&uidRedirect=1

Request Chain 398

https://pv.medialead.de/trck/epv/e99aace94e6e5873881d3400993e1e7e?subid=19872200158888404444550012522023&t=htlp&gdpr=1&consent=1&gdpr_consent= HTTP 302
https://pb.media01.eu/view.aspx?trackid=529D4F146E3238B0FD87AE72E1190AD4&dt_subid1=52180&dt_subid2=19872200158888404444550012522023&actionid=879111&produktid=ratenkredit&dt_url=

Request Chain 401

https://5994599.fls.doubleclick.net/activityi;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=7747077862176.445 HTTP 302
https://5994599.fls.doubleclick.net/activityi;dc_pre=CMmQkruq54IDFf5YkQUdb5EEQQ;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=7747077862176.445

Request Chain 403

https://medialead.de/trck/eview/e99aace94e6e5873881d3400993e1e7e?subid=19872200158888404444550012522023&t=htlp&gdpr=1&consent=1&gdpr_consent= HTTP 302
https://pv.medialead.de/trck/eview/e99aace94e6e5873881d3400993e1e7e?subid=19872200158888404444550012522023&t=htlp&gdpr=1&consent=1&gdpr_consent=

Request Chain 418

https://sync-tm.everesttech.net/upi/pid/5w3jqr4k?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dg8f47s39e399f3fe%26google_hm%3D%24%7BTM_USER_ID_BASE64ENC_URLENC%7D&google_gid=CAESEFy9vADTDsQDnYbM_qrCJ3Y&google_cver=1&google_push=AXcoOmSzd1uuUuufQ_LynAsQN_enO0v2s7dvnwnEytucON1xAR_D8X7bCn1ceJBp3truK21bE73zNjHr8EU7aJZMpCpiZ4UW2KAbhFswKu08wa5bzkHnvez9mMxEck_yGd-XkgSplmLg0gejPRbFluC5ybYaeQ HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_hm=&google_cver=1&google_gid=CAESEFy9vADTDsQDnYbM_qrCJ3Y&google_push=AXcoOmSzd1uuUuufQ_LynAsQN_enO0v2s7dvnwnEytucON1xAR_D8X7bCn1ceJBp3truK21bE73zNjHr8EU7aJZMpCpiZ4UW2KAbhFswKu08wa5bzkHnvez9mMxEck_yGd-XkgSplmLg0gejPRbFluC5ybYaeQ

Request Chain 420

https://c1.adform.net/serving/cookie/match/?party=1&google_gid=CAESEHmfju9UpwzzUyGAy1V_E58&google_cver=1&google_push=AXcoOmTGfCmlQsP1o1IPqeBh7wRlIO3suk3lHhsEz8am8cTefujRJ5X97Cgwsz_tCHbmzpOFLUNAehGlSI0C02taaJnNtQXWyLDIkKcThE9aliGZzYkImnwoY2J3pBjnXI8LVrLqrqmBtEGVDe5CQoTnOfxPqA HTTP 302
https://c1.adform.net/serving/cookie/match/?CC=1&party=1&google_gid=CAESEHmfju9UpwzzUyGAy1V_E58&google_cver=1&google_push=AXcoOmTGfCmlQsP1o1IPqeBh7wRlIO3suk3lHhsEz8am8cTefujRJ5X97Cgwsz_tCHbmzpOFLUNAehGlSI0C02taaJnNtQXWyLDIkKcThE9aliGZzYkImnwoY2J3pBjnXI8LVrLqrqmBtEGVDe5CQoTnOfxPqA HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=OTExNjU1NjI3NDg0NDY5NDU0OA&google_push=AXcoOmTGfCmlQsP1o1IPqeBh7wRlIO3suk3lHhsEz8am8cTefujRJ5X97Cgwsz_tCHbmzpOFLUNAehGlSI0C02taaJnNtQXWyLDIkKcThE9aliGZzYkImnwoY2J3pBjnXI8LVrLqrqmBtEGVDe5CQoTnOfxPqA

Request Chain 421

https://dis.criteo.com/dis/usersync.aspx?r=4&p=14&cp=google&cu=1&url=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcjp%26google_hm%3D%40%40CRITEO_USERID%40%40%26google_push%3DAXcoOmQAje8ZcIAkNaqKdl10f8TwNb2JMcy_huwkkF0ceq9JE25Bazb2-Ib_nGzwl_51Bp2QTShcpty7eySVDsnPho8kBPIM9sXxF27egTZPdUdSthWSH6kuPJ0n358xncmO_NLQAstiv02ny7VeTgHpAswR6w&google_gid=CAESEFUpB1EP0dlBDFIRKN3tHfA&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=cjp&google_hm=k-djRQwTi9Xl7g5WttCNzXbw15eNSQxr9Lw-RLpA&google_push=AXcoOmQAje8ZcIAkNaqKdl10f8TwNb2JMcy_huwkkF0ceq9JE25Bazb2-Ib_nGzwl_51Bp2QTShcpty7eySVDsnPho8kBPIM9sXxF27egTZPdUdSthWSH6kuPJ0n358xncmO_NLQAstiv02ny7VeTgHpAswR6w

Request Chain 422

https://c1.adform.net/serving/cookie/match/?party=1&google_gid=CAESEHmfju9UpwzzUyGAy1V_E58&google_cver=1&google_push=AXcoOmRF6THsk-yp8pMi87xuJZiFO-1QJz1Gh6a099aCV9G4RA4Y9DOL8Vrm-mT7ot3iKfkAOgng_pdzSQE-SAOF2i4VIckFDtXdFgQHngO4EyWw3lzj8nDEllDKzKEMl2pIwkyAzHOCAhXneNWLrEyGFSrxXA HTTP 302
https://c1.adform.net/serving/cookie/match/?CC=1&party=1&google_gid=CAESEHmfju9UpwzzUyGAy1V_E58&google_cver=1&google_push=AXcoOmRF6THsk-yp8pMi87xuJZiFO-1QJz1Gh6a099aCV9G4RA4Y9DOL8Vrm-mT7ot3iKfkAOgng_pdzSQE-SAOF2i4VIckFDtXdFgQHngO4EyWw3lzj8nDEllDKzKEMl2pIwkyAzHOCAhXneNWLrEyGFSrxXA HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=NzM3OTMxNDQxNDk1MjQ4ODQ1NQ&google_push=AXcoOmRF6THsk-yp8pMi87xuJZiFO-1QJz1Gh6a099aCV9G4RA4Y9DOL8Vrm-mT7ot3iKfkAOgng_pdzSQE-SAOF2i4VIckFDtXdFgQHngO4EyWw3lzj8nDEllDKzKEMl2pIwkyAzHOCAhXneNWLrEyGFSrxXA

Request Chain 423

https://onetag-sys.com/match/?int_id=19&redir=1&google_gid=CAESEFJEGHAyzCNShrNoNFnXIwI&google_cver=1&google_push=AXcoOmSek6Vlx6O64UixL4zKai4TcTCwOoxN2zE0rpEu4VQ15WGUbTzLPnA15LbEU89jaJ4o85RobBnQ9PYOYehgXBpaOXMec7yvBQkrva4eR1tlYOolNWTNE1U5CCPC1lcdBS9M6wDOmOadQU5pBfBu8VCVxQ HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=AXcoOmSek6Vlx6O64UixL4zKai4TcTCwOoxN2zE0rpEu4VQ15WGUbTzLPnA15LbEU89jaJ4o85RobBnQ9PYOYehgXBpaOXMec7yvBQkrva4eR1tlYOolNWTNE1U5CCPC1lcdBS9M6wDOmOadQU5pBfBu8VCVxQ

Request Chain 424

https://ius.ctnsnet.com/int/cm?exc=1&acc=crimtan_holdings_limited&google_gid=CAESEL1oEDOw2usnmqZ2vY9mNL8&google_cver=1&google_push=AXcoOmRcmazAWU9mjGBAYkuERS_2PNjXB-D8Xo4l9kORs7sF6vLXzAM6UErTlEWW3lr17WEijnkr7BrISpmRThbpF0R6l1O5R4MdWIaAn3Sx_rqy0ydleXOJVV4mP6ELbbyhhob_4ZbQm9qRLj-24e7wFHzXOYE HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=crimtan_holdings_limited&google_push=AXcoOmRcmazAWU9mjGBAYkuERS_2PNjXB-D8Xo4l9kORs7sF6vLXzAM6UErTlEWW3lr17WEijnkr7BrISpmRThbpF0R6l1O5R4MdWIaAn3Sx_rqy0ydleXOJVV4mP6ELbbyhhob_4ZbQm9qRLj-24e7wFHzXOYE&google_hm=QPH2J68-Sie8twLl7waw8oU

Request Chain 446

https://ad.turn.com/r/cs?pid=3&google_gid=CAESEAJ7urwz990_-xR0ICw10V0&google_cver=1&google_push=AXcoOmRLAAMJDdNYQ4fzUt4MwPttx4emxHmoMFcOPLIdv1a_Gq1FcLb-eXYM32OBEXhPk_w6VH3s2Bsh7fJWaN56V9dtrQFX5joFsQLp7d0VdsHAfybcWvM4TOy_tsury8kv14WNdlQNsbVezbNxEKBeekEE1A HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=turn1&google_cm&google_sc&google_hm=NzAwOTM0ODI5MTEyNjY2ODU0NQ==&gdpr=&gdpr_consent= HTTP 302
https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?gdpr=&gdpr_consent=&google_gid=CAESEAJ7urwz990_-xR0ICw10V0&google_cver=1

Request Chain 449

https://um.simpli.fi/gp_match?google_gid=CAESEMEMkYmmPa8mXUR_F80-qsY&google_cver=1&google_push=AXcoOmRV71J6zrAYqnmL_iITK1pupyihlQMYpfHaTuAfuhWXqCz3ZYFsQWu5EQn7-UXMgdYKa_9g6kVJ5W636nBLrV6Yx_HpqvmuEySyt8ifOSQL_ylp5qlfRwjwvBeLEcHwyTaSrFHdlpoG-3KhwaWq7OVam_w HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=3534AE636D094441BDD62128203564A6&google_push=AXcoOmRV71J6zrAYqnmL_iITK1pupyihlQMYpfHaTuAfuhWXqCz3ZYFsQWu5EQn7-UXMgdYKa_9g6kVJ5W636nBLrV6Yx_HpqvmuEySyt8ifOSQL_ylp5qlfRwjwvBeLEcHwyTaSrFHdlpoG-3KhwaWq7OVam_w

Request Chain 451

https://c1.adform.net/serving/cookie/match/?party=1&google_gid=CAESEHmfju9UpwzzUyGAy1V_E58&google_cver=1&google_push=AXcoOmR8BaAEMUrIX44OFTTfiDMyIo2LbH23Ntuo0cN0TQ9TIj_bNrTDmNZeQXGh6946i9kWFaMm9Xo7hG-3qH6phAKPiyTHMPxEwSs2Fb-iwxMpy7g9qOy8TWuKGMeZ7h1EfY_B0fTWd40FK9OEOwDESpjq4GY HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=MTU0ODMyNDk5NzM5NTM3NDgyMQ&google_push=AXcoOmR8BaAEMUrIX44OFTTfiDMyIo2LbH23Ntuo0cN0TQ9TIj_bNrTDmNZeQXGh6946i9kWFaMm9Xo7hG-3qH6phAKPiyTHMPxEwSs2Fb-iwxMpy7g9qOy8TWuKGMeZ7h1EfY_B0fTWd40FK9OEOwDESpjq4GY

Request Chain 452

https://ius.ctnsnet.com/int/cm?exc=1&acc=crimtan_holdings_limited&google_gid=CAESEL1oEDOw2usnmqZ2vY9mNL8&google_cver=1&google_push=AXcoOmSUen-cFnL6BvUyGF_jAGmwdxNt3wPJl4jfjpQnqlyuRvY_m1-Ny47usYrQSspvaJnCxvPQU2z5biryhPDI2B2xIM8yzXS6ZmZUquNJHl-64UmLnAyIxmftCLfqfH-In476t9veEFEQ3XSj6W-3NPGUafa- HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=crimtan_holdings_limited&google_push=AXcoOmSUen-cFnL6BvUyGF_jAGmwdxNt3wPJl4jfjpQnqlyuRvY_m1-Ny47usYrQSspvaJnCxvPQU2z5biryhPDI2B2xIM8yzXS6ZmZUquNJHl-64UmLnAyIxmftCLfqfH-In476t9veEFEQ3XSj6W-3NPGUafa-&google_hm=QPH2J68-Sie8twLl7waw8oU

Request Chain 487

https://cms.quantserve.com/dpixel?a=p-n5vvLvRdjg0ek&eid=0&qc_google_push=&google_gid=CAESEHmKZFqnhuOUkk0Gc8Hwm7o&google_cver=1&google_push=AXcoOmTqulHKJyBxFc_aAVfDwK4BPuiShHwbjlNyIqXlpU8No4X1TlZgIKX09Y-v1Wk3T3GK3-iEUq0QlMVP73h54HyhRkjzCkthf96IJ3XVh1BzoP0fFlCH1rcWMrVh6ad96_xACSJukLhJeMf72m-6-t6KFg HTTP 302
https://cm.g.doubleclick.net/pixel?&google_nid=B765081F39B1F7&google_push=AXcoOmTqulHKJyBxFc_aAVfDwK4BPuiShHwbjlNyIqXlpU8No4X1TlZgIKX09Y-v1Wk3T3GK3-iEUq0QlMVP73h54HyhRkjzCkthf96IJ3XVh1BzoP0fFlCH1rcWMrVh6ad96_xACSJukLhJeMf72m-6-t6KFg&google_hm=XfghiUm9H88VAw_jCG-ivg

Request Chain 488

https://pm.w55c.net/ping_match.gif?ei=GOOGLE&rurl=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3D9675309%26google_hm%3D_wfivefivec64esc_&google_gid=CAESEHYqp6gRl8MPnLGx0emdfck&google_cver=1&google_push=AXcoOmSyzDsLi40idT2C0smL-Hah4jZCPTCn0wiIcv2taQc88f3uJRHrGOBR2DXcOV3zIlIRfqro01W7k_hnMF7VR8zYW9R0D6yDOcbtQ1FtsopNhGidcbkVbKlMzezdibytI0ybI9o4nlMRvEaFILgoIcSHCg HTTP 302
https://pm.w55c.net/ping_match.gif?scc=1&ei=GOOGLE&rurl=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3D9675309%26google_hm%3D_wfivefivec64esc_&google_gid=CAESEHYqp6gRl8MPnLGx0emdfck&google_cver=1&google_push=AXcoOmSyzDsLi40idT2C0smL-Hah4jZCPTCn0wiIcv2taQc88f3uJRHrGOBR2DXcOV3zIlIRfqro01W7k_hnMF7VR8zYW9R0D6yDOcbtQ1FtsopNhGidcbkVbKlMzezdibytI0ybI9o4nlMRvEaFILgoIcSHCg HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=9675309&google_hm=WW9Zc3FJM1QxUjgyVEg1&google_gid=CAESEHYqp6gRl8MPnLGx0emdfck&google_cver=1&google_push=AXcoOmSyzDsLi40idT2C0smL-Hah4jZCPTCn0wiIcv2taQc88f3uJRHrGOBR2DXcOV3zIlIRfqro01W7k_hnMF7VR8zYW9R0D6yDOcbtQ1FtsopNhGidcbkVbKlMzezdibytI0ybI9o4nlMRvEaFILgoIcSHCg

Request Chain 504

https://cms.quantserve.com/dpixel?a=p-n5vvLvRdjg0ek&eid=0&qc_google_push=&google_gid=CAESEHmKZFqnhuOUkk0Gc8Hwm7o&google_cver=1&google_push=AXcoOmTYZ1G6uCFySZujSfdzd7P9t8WEGPinht5hSpt5bBTR71tODQm3EO9mIKEC-ytUgCGlzgBjT72ScEPYxgugkeC8aJgz6STFZy25ITH6l9g9s4526JcpsiQeSZ_tr_LEpMZ7TbSxbx33tfDGLqyZkdNtmw HTTP 302
https://cm.g.doubleclick.net/pixel?&google_nid=B765081F39B1F7&google_push=AXcoOmTYZ1G6uCFySZujSfdzd7P9t8WEGPinht5hSpt5bBTR71tODQm3EO9mIKEC-ytUgCGlzgBjT72ScEPYxgugkeC8aJgz6STFZy25ITH6l9g9s4526JcpsiQeSZ_tr_LEpMZ7TbSxbx33tfDGLqyZkdNtmw&google_hm=XfghiUm9H88VAw_jCG-ivg

Request Chain 505

https://pm.w55c.net/ping_match.gif?ei=GOOGLE&rurl=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3D9675309%26google_hm%3D_wfivefivec64esc_&google_gid=CAESEHYqp6gRl8MPnLGx0emdfck&google_cver=1&google_push=AXcoOmQb-vLIIvQ1ywBdOU_zd4njgYOeQBuZTlLauBl-oB5BrzP8kEmPgNt92_fXL8LZzOWhPz87Ex6i3cBd7g2ebGE78s5y885msb5BtXtLHJKvAlOrLqW4HlYR1NEtaEpA1XOG3Q5Q5jvtbQMq3A5ldVTelQ HTTP 302
https://pm.w55c.net/ping_match.gif?scc=1&ei=GOOGLE&rurl=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3D9675309%26google_hm%3D_wfivefivec64esc_&google_gid=CAESEHYqp6gRl8MPnLGx0emdfck&google_cver=1&google_push=AXcoOmQb-vLIIvQ1ywBdOU_zd4njgYOeQBuZTlLauBl-oB5BrzP8kEmPgNt92_fXL8LZzOWhPz87Ex6i3cBd7g2ebGE78s5y885msb5BtXtLHJKvAlOrLqW4HlYR1NEtaEpA1XOG3Q5Q5jvtbQMq3A5ldVTelQ HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=9675309&google_hm=d1plWEJMYksxUjgyVEg1&google_gid=CAESEHYqp6gRl8MPnLGx0emdfck&google_cver=1&google_push=AXcoOmQb-vLIIvQ1ywBdOU_zd4njgYOeQBuZTlLauBl-oB5BrzP8kEmPgNt92_fXL8LZzOWhPz87Ex6i3cBd7g2ebGE78s5y885msb5BtXtLHJKvAlOrLqW4HlYR1NEtaEpA1XOG3Q5Q5jvtbQMq3A5ldVTelQ

Request Chain 507

https://ad.turn.com/r/cs?pid=3&google_gid=CAESEAJ7urwz990_-xR0ICw10V0&google_cver=1&google_push=AXcoOmSzF3LBftJqZi4i1PG8ZW8Cy8fCIctsgGIBQfTUwvJO3fSU21XHWo9aQbnbsPMgyON7G6HjiyKHbI_dbNHyLZ5ownEqBKaPZuaTvPL1J_7Ucy3oHhtVEWPASlKR9uX8v3bHt4EVogdrNf6IObIcdOOB HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=turn1&google_cm&google_sc&google_hm=NzAwOTM0ODI5MTEyNjY2ODU0NQ==&gdpr=&gdpr_consent= HTTP 302
https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?gdpr=&gdpr_consent=&google_gid=CAESEAJ7urwz990_-xR0ICw10V0&google_cver=1

Request Chain 510

https://pr-bh.ybp.yahoo.com/sync/adx?google_gid=CAESEHbts3K134r8PWu3aEoPeWg&google_cver=1&google_push=AXcoOmTjjPwEY0cRfWaQtrswkLStRmryEdPmMPW4NQXMLGuJVDfxK0HZQzvgVrJVuPwUnv71i-UisO8UtHb4fVEc8PCyI6TBOJqOSZgFX6pjf2JW-Q5Eb7VHoh0GI-TO3gljBK0DfiLxFxRz8V1XDB2nvjFLsQ HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=AXcoOmTjjPwEY0cRfWaQtrswkLStRmryEdPmMPW4NQXMLGuJVDfxK0HZQzvgVrJVuPwUnv71i-UisO8UtHb4fVEc8PCyI6TBOJqOSZgFX6pjf2JW-Q5Eb7VHoh0GI-TO3gljBK0DfiLxFxRz8V1XDB2nvjFLsQ&google_hm=eS02OURNUFdwRTJwSHJDQndqS3BEVFZmX0g5TURRTGFjZH5B

Request Chain 511

https://c1.adform.net/serving/cookie/match/?party=1&google_gid=CAESEHmfju9UpwzzUyGAy1V_E58&google_cver=1&google_push=AXcoOmTdiSO0DG6JGlW_xnn9J7s-xkTJu7STy5FEbS1LOfEDKhm-fGeoC2Ii6qNQEXgE8K7QyTVqeml-MLOx3kv1y3bcAYx-MdPJCCY5-cZCA8nf3duUVsq2ipCmxPfwcIY4XMxRROtRkqyvg51cgb_wgVKw HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=MTU0ODMyNDk5NzM5NTM3NDgyMQ&google_push=AXcoOmTdiSO0DG6JGlW_xnn9J7s-xkTJu7STy5FEbS1LOfEDKhm-fGeoC2Ii6qNQEXgE8K7QyTVqeml-MLOx3kv1y3bcAYx-MdPJCCY5-cZCA8nf3duUVsq2ipCmxPfwcIY4XMxRROtRkqyvg51cgb_wgVKw

Request Chain 512

https://onetag-sys.com/match/?int_id=19&redir=1&google_gid=CAESEFJEGHAyzCNShrNoNFnXIwI&google_cver=1&google_push=AXcoOmS7l4xqYm67Ra3LUi2chZzp8-PO_uBTLnt2h_RMDw2sD6vZC0gwCMkme7QhByFWEO01GdBHphxQF3ubos6jxE6TvzQSpQTWC0UahsGpySBWzCMedGaYaaSyNvPzi6efovC03hVsLRJ_xseZR9atNLbW HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=AXcoOmS7l4xqYm67Ra3LUi2chZzp8-PO_uBTLnt2h_RMDw2sD6vZC0gwCMkme7QhByFWEO01GdBHphxQF3ubos6jxE6TvzQSpQTWC0UahsGpySBWzCMedGaYaaSyNvPzi6efovC03hVsLRJ_xseZR9atNLbW

Request Chain 513

https://ius.ctnsnet.com/int/cm?exc=1&acc=crimtan_holdings_limited&google_gid=CAESEL1oEDOw2usnmqZ2vY9mNL8&google_cver=1&google_push=AXcoOmSO10RDVDtpyMqo3iG8YoKM2NRLtc9tdSGAWaIscyL_VW94YVBnPqDpKNfSo5NA7-4z69JDbT2T_VKTTsvEa6MwGzzjb8ADycGHrIrGbglST9mL5y7So0KQE5rGbqwNELh0GqOJwfFN6JnVKOLoZqjb03w HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=crimtan_holdings_limited&google_push=AXcoOmSO10RDVDtpyMqo3iG8YoKM2NRLtc9tdSGAWaIscyL_VW94YVBnPqDpKNfSo5NA7-4z69JDbT2T_VKTTsvEa6MwGzzjb8ADycGHrIrGbglST9mL5y7So0KQE5rGbqwNELh0GqOJwfFN6JnVKOLoZqjb03w&google_hm=QPH2J68-Sie8twLl7waw8oU

Request Chain 559

https://www.awin1.com/cshow.php?s=2470185&v=11354&q=377129&r=412871&pv=1&pref3=oneid8RZUDf8fZQ3phgHJHEtxtkbjfGSwT8J9TzDoneid__suite_Netmix_Reach02_SSP_CONTROL_ADX&gdpr_consent=&gdpr=0&gdpr_pd=0 HTTP 302
https://www.conrad.de/ztpv.php?awc=11354_412871_1701196405_9e012e10-8e1c-11ee-8822-2230790559d7&insert=AW&&gdpr=0&gdpr_consent=

Request Chain 562

https://ad.doubleclick.net/ddm/trackimp/N773418.3417549O2_AFFILIATE/B25220131.345081615;dc_trk_aid=536683351;dc_trk_cid=176936761;ord=%7B%7Btimestamp%7D%7D;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;gdpr=0;gdpr_consent=;ltd=?https%3A%2F%2Fwww.telefonica-partner.de%2Ftpv.php%3Ft%3D117683V1226132702M%26subid%3DviewoneidYxGfrf3f9RxFVH9HetQtRR8ckS1T4pJcJQoneid__suite_Netmix_Reach02_SSP_CONTROL_ADX%26gdpr_consent=%26gdpr=0%26gdpr_pd=0 HTTP 302
https://ad.doubleclick.net/ddm/trackimp/N773418.3417549O2_AFFILIATE/B25220131.345081615;dc_pre=COS1yruq54IDFSn0EQgdawcN6g;dc_trk_aid=536683351;dc_trk_cid=176936761;ord=%7B%7Btimestamp%7D%7D;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;gdpr=0;gdpr_consent=;ltd=?https%3A%2F%2Fwww.telefonica-partner.de%2Ftpv.php%3Ft%3D117683V1226132702M%26subid%3DviewoneidYxGfrf3f9RxFVH9HetQtRR8ckS1T4pJcJQoneid__suite_Netmix_Reach02_SSP_CONTROL_ADX%26gdpr_consent=%26gdpr=0%26gdpr_pd=0 HTTP 302
https://www.telefonica-partner.de/tpv.php?t=117683V1226132702M&subid=viewoneidYxGfrf3f9RxFVH9HetQtRR8ckS1T4pJcJQoneid__suite_Netmix_Reach02_SSP_CONTROL_ADX&gdpr_consent=&gdpr=0&gdpr_pd=0 HTTP 302
https://www.lead-alliance.net/tpv.php?t=117683V1226132702M&subid=viewoneidYxGfrf3f9RxFVH9HetQtRR8ckS1T4pJcJQoneid__suite_Netmix_Reach02_SSP_CONTROL_ADX&gdpr_consent=&gdpr=0&gdpr_pd=0 HTTP 302
https://partner.o2online.de/a/?i=pview&client=o2&camp=pview&l=de&nw=lea1&affiliate=117683&s_id=2023112819332590877062955X117683V1226132702MSviewoneidYxGfrf3f9RxFVH9HetQtRR8ckS1T4pJcJQoneid__suite_Netmix_Reach02_SSP_CONTROL_ADX&gdpr_consent=&gdpr=0&cons=0&spid=2023112819332590877062955X117683V1226132702MSviewoneidYxGfrf3f9RxFVH9HetQtRR8ckS1T4pJcJQoneid__suite_Netmix_Reach02_SSP_CONTROL_ADX&wfid=117683&partnerid=12218

Request Chain 565

https://pv.medialead.de/trck/epv/2aed39855b5f46b777481d90b61d111f?t=htlp&subid=oneid13ZsbfKfD47Xt9HdH9tAtb9rC2SKT7Mjf9boneid__suite_Netmix_Reach02_SSP_CONTROL_ADX&gdpr_consent=&gdpr=0&gdpr_pd=0 HTTP 302
https://pb.media01.eu/view.aspx?trackid=529D4F146E3238B0FD87AE72E1190AD4&dt_subid1=57372&dt_subid2=oneid13ZsbfKfD47Xt9HdH9tAtb9rC2SKT7Mjf9boneid__suite_Netmix_Reach02_SSP_CONTROL_ADX&actionid=456654&produktid=Freshmoney&dt_url=

Request Chain 569

https://ad.doubleclick.net/ddm/trackimp/N773418.3417549O2_AFFILIATE/B25220131.345081615;dc_trk_aid=536683351;dc_trk_cid=176936761;ord=%7B%7Btimestamp%7D%7D;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;gdpr=0;gdpr_consent=;ltd=?https%3A%2F%2Fwww.telefonica-partner.de%2Ftpv.php%3Ft%3D120211V1226132702M%26subid%3DviewoneidYX1Hrf15spBpHVH9HetQtRR8cAT1T6mHroneid__suite_Netmix_Reach13_BlackFridayPush%26gdpr_consent=%26gdpr=0%26gdpr_pd=0 HTTP 302
https://ad.doubleclick.net/ddm/trackimp/N773418.3417549O2_AFFILIATE/B25220131.345081615;dc_pre=COu6yruq54IDFVkx4AodmxILnA;dc_trk_aid=536683351;dc_trk_cid=176936761;ord=%7B%7Btimestamp%7D%7D;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;gdpr=0;gdpr_consent=;ltd=?https%3A%2F%2Fwww.telefonica-partner.de%2Ftpv.php%3Ft%3D120211V1226132702M%26subid%3DviewoneidYX1Hrf15spBpHVH9HetQtRR8cAT1T6mHroneid__suite_Netmix_Reach13_BlackFridayPush%26gdpr_consent=%26gdpr=0%26gdpr_pd=0 HTTP 302
https://www.telefonica-partner.de/tpv.php?t=120211V1226132702M&subid=viewoneidYX1Hrf15spBpHVH9HetQtRR8cAT1T6mHroneid__suite_Netmix_Reach13_BlackFridayPush&gdpr_consent=&gdpr=0&gdpr_pd=0 HTTP 302
https://www.lead-alliance.net/tpv.php?t=120211V1226132702M&subid=viewoneidYX1Hrf15spBpHVH9HetQtRR8cAT1T6mHroneid__suite_Netmix_Reach13_BlackFridayPush&gdpr_consent=&gdpr=0&gdpr_pd=0 HTTP 302
https://partner.o2online.de/a/?i=pview&client=o2&camp=pview&l=de&nw=lea1&affiliate=120211&s_id=2023112819332590877062949X120211V1226132702MSviewoneidYX1Hrf15spBpHVH9HetQtRR8cAT1T6mHroneid__suite_Netmix_Reach13_BlackFridayPush&gdpr_consent=&gdpr=0&cons=0&spid=2023112819332590877062949X120211V1226132702MSviewoneidYX1Hrf15spBpHVH9HetQtRR8cAT1T6mHroneid__suite_Netmix_Reach13_BlackFridayPush&wfid=120211&partnerid=12218

Request Chain 591

https://www.awin1.com/cshow.php?s=2470185&v=11354&q=377129&r=412871&pv=1&pref3=oneidEjgSDfEfARG7szHAHjt4t4AQTKSVTYr3hBgQ5oneid__suite_Netmix_Reach118_EXTRAPUSH&gdpr_consent=&gdpr=0&gdpr_pd=0 HTTP 302
https://www.conrad.de/ztpv.php?awc=11354_412871_1701196405_9e0b6740-8e1c-11ee-a3ae-223050cf75aa&insert=AW&&gdpr=0&gdpr_consent=

Request Chain 622

https://ad.doubleclick.net/ddm/trackimp/N773418.3417549O2_AFFILIATE/B25220131.345081615;dc_trk_aid=536683351;dc_trk_cid=176936761;ord=%7B%7Btimestamp%7D%7D;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;gdpr=0;gdpr_consent=;ltd=?https%3A%2F%2Fwww.telefonica-partner.de%2Ftpv.php%3Ft%3D120211V1226132702M%26subid%3DviewoneidYX1Hrf15spBpHVH9HetQtRR8cAT1T6mHroneid__suite_Netmix_Reach13_BlackFridayPush%26gdpr_consent=%26gdpr=0%26gdpr_pd=0 HTTP 302
https://ad.doubleclick.net/ddm/trackimp/N773418.3417549O2_AFFILIATE/B25220131.345081615;dc_pre=CIrJ2Luq54IDFc5L4AodoscD4g;dc_trk_aid=536683351;dc_trk_cid=176936761;ord=%7B%7Btimestamp%7D%7D;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;gdpr=0;gdpr_consent=;ltd=?https%3A%2F%2Fwww.telefonica-partner.de%2Ftpv.php%3Ft%3D120211V1226132702M%26subid%3DviewoneidYX1Hrf15spBpHVH9HetQtRR8cAT1T6mHroneid__suite_Netmix_Reach13_BlackFridayPush%26gdpr_consent=%26gdpr=0%26gdpr_pd=0 HTTP 302
https://www.telefonica-partner.de/tpv.php?t=120211V1226132702M&subid=viewoneidYX1Hrf15spBpHVH9HetQtRR8cAT1T6mHroneid__suite_Netmix_Reach13_BlackFridayPush&gdpr_consent=&gdpr=0&gdpr_pd=0 HTTP 302
https://www.lead-alliance.net/tpv.php?t=120211V1226132702M&subid=viewoneidYX1Hrf15spBpHVH9HetQtRR8cAT1T6mHroneid__suite_Netmix_Reach13_BlackFridayPush&gdpr_consent=&gdpr=0&gdpr_pd=0 HTTP 302
https://partner.o2online.de/a/?i=pview&client=o2&camp=pview&l=de&nw=lea1&affiliate=120211&s_id=2023112819332590877063011X120211V1226132702MSviewoneidYX1Hrf15spBpHVH9HetQtRR8cAT1T6mHroneid__suite_Netmix_Reach13_BlackFridayPush&gdpr_consent=&gdpr=0&cons=0&spid=2023112819332590877063011X120211V1226132702MSviewoneidYX1Hrf15spBpHVH9HetQtRR8cAT1T6mHroneid__suite_Netmix_Reach13_BlackFridayPush&wfid=120211&partnerid=12218

Request Chain 633

https://ad.doubleclick.net/ddm/trackimp/N38306.140903ZANOX.COMDE/B22845801.273544483;dc_trk_aid=467891017;dc_trk_cid=64219029;ord=;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=?https%3A%2F%2Fwww.awin1.com%2Fcawshow.php%3Fv=11938&s=2542680&q=367022&r=412871&pv=1&pref3=oneidGjMSBfpfXwx9UKHeHGtPt31dHZSYTJ78sQVeBoneid__suite_Netmix_Reach118_EXTRAPUSH&gdpr_consent=&gdpr=0&gdpr_pd=0 HTTP 302
https://ad.doubleclick.net/ddm/trackimp/N38306.140903ZANOX.COMDE/B22845801.273544483;dc_pre=CL6F2buq54IDFQrsuwgdgw0IGw;dc_trk_aid=467891017;dc_trk_cid=64219029;ord=;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=?https%3A%2F%2Fwww.awin1.com%2Fcawshow.php%3Fv=11938&s=2542680&q=367022&r=412871&pv=1&pref3=oneidGjMSBfpfXwx9UKHeHGtPt31dHZSYTJ78sQVeBoneid__suite_Netmix_Reach118_EXTRAPUSH&gdpr_consent=&gdpr=0&gdpr_pd=0 HTTP 302
https://www.awin1.com/cawshow.php?v=11938&s=2542680&q=367022&r=412871&pv=1&pref3=oneidGjMSBfpfXwx9UKHeHGtPt31dHZSYTJ78sQVeBoneid__suite_Netmix_Reach118_EXTRAPUSH&gdpr_consent=&gdpr=0&gdpr_pd=0 HTTP 302
https://banner.congstar.de/cookie/?sp=awin&spfr=412871&awc=11938_412871_1701196405_9e32ec71-8e1c-11ee-ba35-226154e726d7

Request Chain 649

https://c.clarity.ms/c.gif HTTP 302
https://c.bing.com/c.gif?ctsa=mr&CtsSyncId=6CDF9A424F4342DFB24681D6BB17312F&RedC=c.clarity.ms&MXFR=12B0E5F02545683E0D90F627214566DC HTTP 302
https://c.clarity.ms/c.gif?ctsa=mr&CtsSyncId=6CDF9A424F4342DFB24681D6BB17312F&MUID=06038832C51F612D3E4D9BE5C474603F

Request Chain 713

https://googleads.g.doubleclick.net/aclk?sa=l&ai=CAo5rdjJmZcSHBYPggQepo7_wAqqx3790vInkzswSwPzB2q8JEAEg5rSCa2CVgoCAmAegAe2EwMspyAEFqQKzb43lTo4KPuACAKgDAZgEAKoExQJP0Owt8IRf5rzzripgJWzDJzpjCQFblI3FgsY4QJCCfFJ05yXyR1YUfCysJn-rhu1lcRtlh8isUTmCgnJMdUG_3J1eHEEFV2b0dOPtD4jb7JjTZ-dmCnoHAg377tGzG8HR0-kH-PKg_JTCPch3SifPrWNieotcooAdvB5mrkv1T7ScSf0de9Yej7RssRNI3lnxwimwPN2txl-HhB77jRaWxyNbkHNgehGMu7PuBiISPP0GRcitSpThJWD31q7OEXAuj6dqsdiur2FDhPFMLaLJPzsu8qAIcVc3lhJ7mxhsU-D_2uA9SZKDqVGhBN4bIzamHZKX45t3kvgZTmFPBaSOJbQ7wwL3yB2PncGOP_vwR7F3YU-HTc100iDGPGLK2WzRhxtj8tZ-GafejH-sH0s_O7gGP_ciL9IQGgpLm3a_tVq7ipDmwAT5_LWhwwTgBAGIBdmP1cZNoAZUgAftvJCrBKgH2baxAqgHjs4bqAeT2BuoB5zcG6gH7paxAqgH_p6xAqgH1ckbqAemvhuoB5oGqAfz0RuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAqgHyqmxAqgH66WxAtgHAagIAdIIFgiA4YAQEAEYHTICqgI6AoBASL39wTqxCXYROr4o_11QgAoDmAsByAsB0AsPogwUKhIKEOS0sQLutbECtbixAru7sQLaDBEKCxCwkeuYr_KawZcBEgIBA5oNAQ-qDQJERcgNAeINEwi1-ue7queCAxUDcOAKHanRDy7YEwLQFQGYFgH4FgGAFwE&ase=2&gclid=EAIaIQobChMIxJrpu6rnggMVA3DgCh2p0Q8uEAEYASAAEgKQfvD_BwE&num=1&cid=CAQSTQDICaaNRJl7gdoWLojhsRXdQwapmq684URD5OBS7-3CC-skxBIUYr2bwTWw7nHOEuGOYGBjhgUc2MyWrgjflHc9K7bNo7iYhc-TotvXGAE&sig=AOD64_2vsdpn4axqs02qaIlYz6hToB7wyQ&client=ca-video-pub-7983651257838282&uach_m=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&ctype=110&label=video_10s_engaged_view&ad_mt=10054&nis=5&adurl=https://youtu.be/gbQ-MQ7rHrM%3Ffeature%3Dshared HTTP 302
https://www.googleadservices.com/pagead/aclk?sa=L&ai=C2LZ1djJmZcSHBYPggQepo7_wAqqx3790vInkzswSwPzB2q8JEAEg5rSCa2CVgoCAmAegAe2EwMspyAEFqQKzb43lTo4KPuACAKgDAZgEAKoExQJP0Owt8IRf5rzzripgJWzDJzpjCQFblI3FgsY4QJCCfFJ05yXyR1YUfCysJn-rhu1lcRtlh8isUTmCgnJMdUG_3J1eHEEFV2b0dOPtD4jb7JjTZ-dmCnoHAg377tGzG8HR0-kH-PKg_JTCPch3SifPrWNieotcooAdvB5mrkv1T7ScSf0de9Yej7RssRNI3lnxwimwPN2txl-HhB77jRaWxyNbkHNgehGMu7PuBiISPP0GRcitSpThJWD31q7OEXAuj6dqsdiur2FDhPFMLaLJPzsu8qAIcVc3lhJ7mxhsU-D_2uA9SZKDqVGhBN4bIzamHZKX45t3kvgZTmFPBaSOJbQ7wwL3yB2PncGOP_vwR7F3YU-HTc100iDGPGLK2WzRhxtj8tZ-GafejH-sH0s_O7gGP_ciL9IQGgpLm3a_tVq7ipDmwAT5_LWhwwTgBAGIBdmP1cZNwAVuoAZUgAftvJCrBKgH2baxAqgHjs4bqAeT2BuoB5zcG6gH7paxAqgH_p6xAqgH1ckbqAemvhuoB5oGqAfz0RuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAqgHyqmxAqgH66WxAtgHAagIAdIIFgiA4YAQEAEYHTICqgI6AoBASL39wTqaCRxodHRwczovL3lvdXR1LmJlL2diUS1NUTdySHJNsQl2ETq-KP9dUIAKA5gLAcgLAdALD6IMFCoSChDktLEC7rWxArW4sQK7u7EC2gwRCgsQsJHrmK_ymsGXARICAQOaDQEPqg0CREXIDQHiDRMItfrnu6rnggMVA3DgCh2p0Q8u2BMC0BUBmBYB-BYBgBcB&ase=2&gclid=EAIaIQobChMIxJrpu6rnggMVA3DgCh2p0Q8uEAEYASAAEgKQfvD_BwE&num=1&cid=CAQSTQDICaaNRJl7gdoWLojhsRXdQwapmq684URD5OBS7-3CC-skxBIUYr2bwTWw7nHOEuGOYGBjhgUc2MyWrgjflHc9K7bNo7iYhc-TotvXGAE&client=ca-video-pub-7983651257838282&ctype=110&label=video_10s_engaged_view&ad_mt=10054&nis=5&dblrd=1&sig=AOD64_0-CEM342E8RpNcM8r7x7MzrI_CQQ&adurl=https://youtu.be/gbQ-MQ7rHrM%3Ffeature%3Dshared

690 HTTP transactions
28 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request / Show response
foreks.com/
Redirect Chain

http://foreks.com/
https://foreks.com/

3 KB
2 KB

128ms
72ms

Document
text/html

18.173.154.20
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://foreks.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.173.154.20 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-173-154-20.muc50.r.cloudfront.net

Software

Resource Hash

2ac9a15a222d71dad9aced6ab7b351383210cf03dbe27aed07ec71da79354a18

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: none
content-encoding: gzip
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: unsafe-none
cross-origin-opener-policy: same-origin
cross-origin-resource-policy: same-site
date: Tue, 28 Nov 2023 18:33:20 GMT
etag: "d15-bmVS9/AQjxbCsba2KjWptQW+AMk"
feature-policy: geolocation 'self'; microphone 'none'; camera 'none'; payment 'none';
permissions-policy: fullscreen=()
referrer-policy: no-referrer-when-downgrade
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: Accept-Encoding
via: 1.1 595547cdc2fce94aba8498c84797701a.cloudfront.net (CloudFront)
x-amz-cf-id: 0F1xGJkAZCln0zPKBBBkoI50QFC8j73AC9xdSIHuxU5DylJY6FJYMw==
x-amz-cf-pop: MUC50-P3
x-cache: Miss from cloudfront
x-content-type-options: nosniff
x-frame-options: DENY
x-ua-compatible: IE=edge,chrome=1
x-xss-protection: 1; mode=block

Redirect headers

Connection: keep-alive
Content-Length: 167
Content-Type: text/html
Date: Tue, 28 Nov 2023 18:33:20 GMT
Location: https://foreks.com/
Server: CloudFront
Via: 1.1 d11d7fba872e54649066e59f703ad3e6.cloudfront.net (CloudFront)
X-Amz-Cf-Id: IppTc30gWWv2QbKifJWQ6K8l6HQ-yptnbsRCDVD5AzfJ4NPqSlG-4Q==
X-Amz-Cf-Pop: MUC50-P3
X-Cache: Redirect from cloudfront

GET
H2 200 current.js Show response
js.hscta.net/cta/ 18 KB
7 KB 102ms
34ms Script
application/javascript 2606:4700::6812:d133
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://js.hscta.net/cta/current.js

Requested by

Host: foreks.com
URL: https://foreks.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:d133 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8abf600128e431bb9631811f74561e1bab28dabc060b06ac5cf66b3a6c80f086

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://foreks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

content-encoding: br
age: 217
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
content-security-policy-report-only: frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=cta-embed-js/static-1.233/bundles/current.js&cfRay=82d4ad948fcdbb4a-FRA
x-amz-replication-status: COMPLETED
x-evy-trace-listener: listener_https
etag: W/"d113346227aa04edafd99372bf067e3c"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
x-evy-trace-virtual-host: all
cache-control: max-age=600
x-hs-target-asset: cta-embed-js/static-1.233/bundles/current.js
date: Tue, 28 Nov 2023 18:33:20 GMT
x-amz-version-id: ALEtPa4hlugPCiR6t967Oz5k.P8m3vSN
via: 1.1 68a3b1d5c75429221abc685a453afb60.cloudfront.net (CloudFront)
x-content-type-options: nosniff
cf-cache-status: HIT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-amz-cf-pop: IAD12-P3
x-hubspot-correlation-id: 949aa7a9-a467-4744-b384-3c58a4b80662
x-cache: Hit from cloudfront
cache-tag: staticjsapp-CtaEmbed-cloudflare-web-prod,staticjsapp-prod
x-envoy-upstream-service-time: 1
x-evy-trace-route-configuration: listener_https/all
x-request-id: 949aa7a9-a467-4744-b384-3c58a4b80662
last-modified: Wed, 22 Nov 2023 15:38:54 UTC
server: cloudflare
x-hs-cache-status: HIT
x-evy-trace-served-by-pod: iad02/app-td/envoy-proxy-7b7f9459cc-xdbnc
cf-ray: 82d4b2e1887830db-FRA
x-amz-cf-id: rejLcWZEqmRY708eikYKPgm4pQXwEhCyaJ_r_uUiN8tmNDKBvlAiyQ==

GET
H2 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ 92 KB
30 KB 146ms
92ms Script
text/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: foreks.com
URL: https://foreks.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

1f2bde94d6e56103c547cc33b29ab3c814a150688c1835b785186682073c5290

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://foreks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 18:33:20 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 30344
x-xss-protection: 0
server: cafe
etag: 3 / 19689 / m202311130101 / config-hash: 1658256348278883366
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
expires: Tue, 28 Nov 2023 18:33:20 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 132 KB
51 KB 87ms
37ms Script
application/javascript 2a00:1450:4001:810::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=UA-82686003-1

Requested by

Host: foreks.com
URL: https://foreks.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

424a6bfe62d0faa083c180ed119f14d62c3033a3fe57783e1229b0fd16230a08

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://foreks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 18:33:21 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 51436
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Tue, 28 Nov 2023 18:33:21 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 284 KB
93 KB 92ms
42ms Script
application/javascript 2a00:1450:4001:810::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-3HPQ6LZVLP

Requested by

Host: foreks.com
URL: https://foreks.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

c8d350cf1477e8a48ca70a7392867aeb7735116b19a9cf1bee19198f61e4d9d7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://foreks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 18:33:21 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 94880
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Tue, 28 Nov 2023 18:33:21 GMT

GET
H2 200 gtag.js Show response
foreks.com/ 734 B
803 B 96ms
94ms Script
application/javascript 18.173.154.20
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://foreks.com/gtag.js
Requested by: Host: foreks.com
URL: https://foreks.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.173.154.20 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-173-154-20.muc50.r.cloudfront.net
Software: /
Resource Hash: 94a78761682fa48e72a3f4547a7d7f3bd6b9adf948c5885ef0988f294a5f68aa

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://foreks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 18:33:21 GMT
content-encoding: gzip
via: 1.1 595547cdc2fce94aba8498c84797701a.cloudfront.net (CloudFront)
last-modified: Thu, 23 Nov 2023 10:57:43 GMT
x-amz-cf-pop: MUC50-P3
etag: W/"2de-18bfbd41858"
vary: Accept-Encoding
x-cache: Miss from cloudfront
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=0
accept-ranges: bytes
x-amz-cf-id: zyxFRyW4D49ODbLIIzi8PTeOHlWdV9O8or6RoLs36wU5yjOS_z-PFA==

GET
H2 200 netmera.js Show response
foreks.com/ 28 B
420 B 165ms
164ms Script
application/javascript 18.173.154.20
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://foreks.com/netmera.js
Requested by: Host: foreks.com
URL: https://foreks.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.173.154.20 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-173-154-20.muc50.r.cloudfront.net
Software: /
Resource Hash: c14345412751f84fd061a93eeacdcae18c1d53a21501609217b1cf3f6f9dea41

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://foreks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 18:33:20 GMT
content-encoding: gzip
via: 1.1 595547cdc2fce94aba8498c84797701a.cloudfront.net (CloudFront)
last-modified: Thu, 23 Nov 2023 10:57:43 GMT
x-amz-cf-pop: MUC50-P3
etag: W/"1c-18bfbd41858"
vary: Accept-Encoding
x-cache: Miss from cloudfront
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=0
accept-ranges: bytes
x-amz-cf-id: qPzMETlArqVRoGFzxyVvGHq1jivgM8KlTvUWkKrZbGv5_CrkX1SLug==

GET
H2

200

netmera_sdk.js Show response
ntm.netmera-web.com/wsdk2/nmweb/
Redirect Chain

https://cdn.netmera-web.com/wsdkjs/OcYc2nxy4-IE1PVMgxSo2cIXLNyzI3PXAb6uUisJim44jRp89r7eWQ
https://ntm.netmera-web.com/wsdk2/nmweb/netmera_sdk.js

59 KB
17 KB

115ms
26ms

Script
application/javascript

31.3.2.72
MEDIANOVA-CDN

General

Check archive.org

Show headers Download Go to

Full URL: https://ntm.netmera-web.com/wsdk2/nmweb/netmera_sdk.js
Requested by: Host: foreks.com
URL: https://foreks.com/
Protocol: H2
Server: 31.3.2.72 Frankfurt am Main, Germany, ASN21245 (MEDIANOVA-CDN, TR),
Reverse DNS
Software: MNCDN-236 /
Resource Hash: 9c31edb555f9d7750905c3d52e87092fdca1f5443c1eb729758217972c5ce03d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://foreks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 18:33:22 GMT
content-encoding: br
last-modified: Thu, 23 Nov 2023 22:11:47 GMT
server: MNCDN-236
x-mnrequest-id: d38bc328a94c3163df3a256e7a0bc6f8
x-amz-request-id: NAKP1SR370H7Y2VN
x-edge-location: DE-372
x-amz-server-side-encryption: AES256
x-cache-status: Edge : HIT,
content-type: application/javascript
cache-control: private, max-age=900, s-maxage=604800
x-amz-id-2: TMyKJvhQVxCV2N8yIlxZjaHP510ZgJ9gP4xnplwCYpgHJeBWF4qFoxVlpdTtTHFYiSH8oLFXam4=
x-mserver: DE-372

Redirect headers

location: https://ntm.netmera-web.com/wsdk2/nmweb/netmera_sdk.js
date: Tue, 28 Nov 2023 18:33:21 GMT
server: nginx
content-length: 154
content-type: text/html

GET
H2 200 0d507e1.js Show response
foreks.com/_nuxt/ 242 KB
84 KB 35ms
34ms Script
application/javascript 18.173.154.20
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://foreks.com/_nuxt/0d507e1.js
Requested by: Host: foreks.com
URL: https://foreks.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.173.154.20 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-173-154-20.muc50.r.cloudfront.net
Software: /
Resource Hash: f01fed9f6b8b421848fa06f07ccc4574ac54ba7ed184d0c4ca3230a061006262

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://foreks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Wed, 01 Nov 2023 12:26:26 GMT
content-encoding: gzip
via: 1.1 595547cdc2fce94aba8498c84797701a.cloudfront.net (CloudFront)
last-modified: Tue, 31 Oct 2023 13:38:38 GMT
x-amz-cf-pop: MUC50-P3
age: 2354814
etag: W/"3c9b6-18b85f52730"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000
accept-ranges: bytes
x-amz-cf-id: wusovjWmKnLysos1SGWvqtci-IBK-7h4cPlILvzEfDifNaNeUAAvyg==

GET
H2 200 fb8ace3.css
foreks.com/_nuxt/css/ 456 KB
71 KB 34ms
33ms Stylesheet
text/css 18.173.154.20
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://foreks.com/_nuxt/css/fb8ace3.css
Requested by: Host: foreks.com
URL: https://foreks.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.173.154.20 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-173-154-20.muc50.r.cloudfront.net
Software: /
Resource Hash: 1078a9471c288413efb56e6171522052654e75f88c9c7b522317f481a8ab54d1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://foreks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Wed, 08 Nov 2023 15:32:50 GMT
content-encoding: gzip
via: 1.1 595547cdc2fce94aba8498c84797701a.cloudfront.net (CloudFront)
last-modified: Wed, 08 Nov 2023 13:59:09 GMT
x-amz-cf-pop: MUC50-P3
age: 1738830
etag: W/"7213d-18baf3acfc8"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/css; charset=UTF-8
cache-control: public, max-age=31536000
accept-ranges: bytes
x-amz-cf-id: 5kQcWpBLiL5mh3p7gBw5rm9lhre_o2C7AHmmdpOel1bG0379Pn0-Bg==

GET
H2 200 e2626c4.js Show response
foreks.com/_nuxt/ 642 KB
80 KB 123ms
122ms Script
application/javascript 18.173.154.20
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://foreks.com/_nuxt/e2626c4.js
Requested by: Host: foreks.com
URL: https://foreks.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.173.154.20 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-173-154-20.muc50.r.cloudfront.net
Software: /
Resource Hash: c38b547a6d5485fa245db5e9e4396710e338171ee706b6acd0e2fdedd2ad9145

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://foreks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Thu, 23 Nov 2023 15:06:54 GMT
content-encoding: gzip
via: 1.1 595547cdc2fce94aba8498c84797701a.cloudfront.net (CloudFront)
last-modified: Thu, 23 Nov 2023 11:00:19 GMT
x-amz-cf-pop: MUC50-P3
age: 444386
etag: W/"a07ad-18bfbd679b8"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000
accept-ranges: bytes
x-amz-cf-id: vIdsNhvpGg9lh3dvPzZZvqtMJI1cupzt3MvzLXcKMzUo1lFSiM0Jng==

GET
H2 200 7a1a132.css
foreks.com/_nuxt/css/ 972 KB
148 KB 122ms
122ms Stylesheet
text/css 18.173.154.20
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://foreks.com/_nuxt/css/7a1a132.css
Requested by: Host: foreks.com
URL: https://foreks.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.173.154.20 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-173-154-20.muc50.r.cloudfront.net
Software: /
Resource Hash: 926d0470826aa90ed4f834f73cc2e6d0fea211a2efea75537c324f24f6668744

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://foreks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Fri, 03 Nov 2023 12:53:23 GMT
content-encoding: gzip
via: 1.1 595547cdc2fce94aba8498c84797701a.cloudfront.net (CloudFront)
last-modified: Fri, 03 Nov 2023 08:36:39 GMT
x-amz-cf-pop: MUC50-P3
age: 2180397
etag: W/"f308e-18b9453c1d8"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/css; charset=UTF-8
cache-control: public, max-age=31536000
accept-ranges: bytes
x-amz-cf-id: sohlUus5ASOkGeum5J6Z3Yy3qjp7h8iJNSs9-KKWrDczhk3smZ9J6w==

GET
H2 200 489f27f.js Show response
foreks.com/_nuxt/ 7 MB
808 KB 71ms
70ms Script
application/javascript 18.173.154.20
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://foreks.com/_nuxt/489f27f.js
Requested by: Host: foreks.com
URL: https://foreks.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.173.154.20 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-173-154-20.muc50.r.cloudfront.net
Software: /
Resource Hash: 77246737e6000f65f7b6a7fa576976553e1dbc84f125d2fc3ae6b157cf9bf4e0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://foreks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Thu, 23 Nov 2023 15:06:54 GMT
content-encoding: gzip
via: 1.1 595547cdc2fce94aba8498c84797701a.cloudfront.net (CloudFront)
last-modified: Thu, 23 Nov 2023 11:00:19 GMT
x-amz-cf-pop: MUC50-P3
age: 444386
etag: W/"6eddcb-18bfbd679b8"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000
accept-ranges: bytes
x-amz-cf-id: wZROP3hqyURK78UIXqqpvO2RvSsoFCwBTC-zCvHYvIn3oBd6JJtAiw==

GET
H2 200 20f57ac.modern.js Show response
foreks.com/_nuxt/ 242 KB
84 KB 120ms
119ms Script
application/javascript 18.173.154.20
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://foreks.com/_nuxt/20f57ac.modern.js
Requested by: Host: foreks.com
URL: https://foreks.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.173.154.20 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-173-154-20.muc50.r.cloudfront.net
Software: /
Resource Hash: 45e18b1689e2f8036562775b899e2b5e1a6af1f30cc1b22f5b5d257d3d21b955

Request headers

Referer: https://foreks.com/
Origin: https://foreks.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Wed, 01 Nov 2023 12:26:02 GMT
content-encoding: gzip
via: 1.1 595547cdc2fce94aba8498c84797701a.cloudfront.net (CloudFront)
last-modified: Tue, 31 Oct 2023 13:39:48 GMT
x-amz-cf-pop: MUC50-P3
age: 2354838
etag: W/"3c7b6-18b85f638a0"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000
accept-ranges: bytes
x-amz-cf-id: C4gjeVhKziLV6CeJeU8NRJRxCrs8GZDn2PhZz3YCv8hwXl6G9dBIGQ==

GET
H2 200 1945bcc.modern.js Show response
foreks.com/_nuxt/ 643 KB
80 KB 120ms
120ms Script
application/javascript 18.173.154.20
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://foreks.com/_nuxt/1945bcc.modern.js
Requested by: Host: foreks.com
URL: https://foreks.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.173.154.20 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-173-154-20.muc50.r.cloudfront.net
Software: /
Resource Hash: 9587db045d9ba3eaec6420e5db67290e2ad0a037c16c5aa6055db938cd9dc911

Request headers

Referer: https://foreks.com/
Origin: https://foreks.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Thu, 23 Nov 2023 15:06:17 GMT
content-encoding: gzip
via: 1.1 595547cdc2fce94aba8498c84797701a.cloudfront.net (CloudFront)
last-modified: Thu, 23 Nov 2023 11:01:28 GMT
x-amz-cf-pop: MUC50-P3
age: 444423
etag: W/"a0c1f-18bfbd78740"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000
accept-ranges: bytes
x-amz-cf-id: knlnOer75nKh_DS3RnL5TErudLeOEkzFg3pOoAVp0qdazZPjfT4ycA==

GET
H2 200 c265f34.modern.js Show response
foreks.com/_nuxt/ 7 MB
808 KB 131ms
131ms Script
application/javascript 18.173.154.20
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://foreks.com/_nuxt/c265f34.modern.js
Requested by: Host: foreks.com
URL: https://foreks.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.173.154.20 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-173-154-20.muc50.r.cloudfront.net
Software: /
Resource Hash: 739608eb3f50f513d7bd20bb3f96296b6323d0bb8fc791ed2db3264a03123673

Request headers

Referer: https://foreks.com/
Origin: https://foreks.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Thu, 23 Nov 2023 15:06:03 GMT
content-encoding: gzip
via: 1.1 595547cdc2fce94aba8498c84797701a.cloudfront.net (CloudFront)
last-modified: Thu, 23 Nov 2023 11:01:28 GMT
x-amz-cf-pop: MUC50-P3
age: 444437
etag: W/"6edf1b-18bfbd78740"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000
accept-ranges: bytes
x-amz-cf-id: _tnlItdtGBqrrKg9swyaMh7_yTvgvdCiSqZtSnRM-nrXz1tjHqRXPg==

GET
H2 200 pubads_impl.js Show response
securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202311130101/ 430 KB
135 KB 23ms
22ms Script
text/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202311130101/pubads_impl.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

87960e7994f9fc5f6d2fc8c0b93be02f4b9b7cdca0dd9c726f5806d8e9092068

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://foreks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Mon, 27 Nov 2023 21:17:29 GMT
content-encoding: br
x-content-type-options: nosniff
age: 76552
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 138013
x-xss-protection: 0
server: cafe
etag: 17202369310903786887
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, immutable, max-age=31536000
timing-allow-origin: *
expires: Tue, 26 Nov 2024 21:17:29 GMT

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 244 KB
77 KB 135ms
85ms Script
application/javascript 2a00:1450:4001:810::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-NPH7P4

Requested by

Host: foreks.com
URL: https://foreks.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

3f7ae59f6444b922ea4840c69f9feea86a26fae6f3642b31bf48c6f9b3e94341

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://foreks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 18:33:21 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 78772
x-xss-protection: 0
last-modified: Tue, 28 Nov 2023 18:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Tue, 28 Nov 2023 18:33:21 GMT

GET
H2 200 player_api Show response
www.youtube.com/ 993 B
2 KB 99ms
41ms Script
text/javascript 2a00:1450:4001:82a::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/player_api

Requested by

Host: foreks.com
URL: https://foreks.com/_nuxt/c265f34.modern.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

0de2a176ad08f62d4eb01561e51936094f156760b03746e2f17e69345824f7b2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://foreks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 18:33:21 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-encoding: br
content-security-policy-report-only: require-trusted-types-for 'script';report-uri /cspreport
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657?hl=de for more info."
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
server: ESF
x-frame-options: SAMEORIGIN
vary: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
content-type: text/javascript; charset=utf-8
report-to: {"group":"youtube_main","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube_main"}]}
cache-control: private, max-age=0
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
origin-trial: AvC9UlR6RDk2crliDsFl66RWLnTbHrDbp+DiY6AYz/PNQ4G4tdUTjrHYr2sghbkhGQAVxb7jaPTHpEVBz0uzQwkAAAB4eyJvcmlnaW4iOiJodHRwczovL3lvdXR1YmUuY29tOjQ0MyIsImZlYXR1cmUiOiJXZWJWaWV3WFJlcXVlc3RlZFdpdGhEZXByZWNhdGlvbiIsImV4cGlyeSI6MTcxOTUzMjc5OSwiaXNTdWJkb21haW4iOnRydWV9
cross-origin-opener-policy-report-only: same-origin; report-to="youtube_main"
expires: Tue, 28 Nov 2023 18:33:21 GMT

GET
H2 200 a140688.modern.js Show response
foreks.com/_nuxt/ 399 KB
130 KB 30ms
29ms Script
application/javascript 18.173.154.20
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://foreks.com/_nuxt/a140688.modern.js
Requested by: Host: foreks.com
URL: https://foreks.com/_nuxt/c265f34.modern.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.173.154.20 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-173-154-20.muc50.r.cloudfront.net
Software: /
Resource Hash: 7d8e89f8a9f0f83d17f5fcd12ace577219a0ddcf73eece11c8a89e6bfb0a2d6e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://foreks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Wed, 01 Nov 2023 12:26:25 GMT
content-encoding: gzip
via: 1.1 595547cdc2fce94aba8498c84797701a.cloudfront.net (CloudFront)
last-modified: Tue, 31 Oct 2023 13:39:48 GMT
x-amz-cf-pop: MUC50-P3
age: 2354816
etag: W/"63c94-18b85f638a0"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000
accept-ranges: bytes
x-amz-cf-id: QvJBPbxGpKw41l5yZtUEaUs0AeRpD1xsJMRKnLyddQHtPygggTGpZA==

GET
H2 200 ea11899.modern.js Show response
foreks.com/_nuxt/ 86 KB
30 KB 30ms
29ms Script
application/javascript 18.173.154.20
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://foreks.com/_nuxt/ea11899.modern.js
Requested by: Host: foreks.com
URL: https://foreks.com/_nuxt/c265f34.modern.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.173.154.20 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-173-154-20.muc50.r.cloudfront.net
Software: /
Resource Hash: f70e8b2108edfbcc2ff74ac7fd6e7cf46f0e9c381ab9b8781beb016f77061ac4

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://foreks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Wed, 01 Nov 2023 12:26:25 GMT
content-encoding: gzip
via: 1.1 595547cdc2fce94aba8498c84797701a.cloudfront.net (CloudFront)
last-modified: Tue, 31 Oct 2023 13:39:48 GMT
x-amz-cf-pop: MUC50-P3
age: 2354816
etag: W/"15856-18b85f638a0"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000
accept-ranges: bytes
x-amz-cf-id: DWGAQmpWbe3ShdX4CYOlFvWYEs9qm3sUrnt2vrE28NDaoehbk2VoXg==

GET
H2 200 e0a6c36.modern.js Show response
foreks.com/_nuxt/ 8 KB
3 KB 33ms
32ms Script
application/javascript 18.173.154.20
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://foreks.com/_nuxt/e0a6c36.modern.js
Requested by: Host: foreks.com
URL: https://foreks.com/_nuxt/c265f34.modern.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.173.154.20 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-173-154-20.muc50.r.cloudfront.net
Software: /
Resource Hash: 40fbdf939ee958bdf305369fb51495e63cc44d2a6357e138a865c1faca904c56

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://foreks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Wed, 01 Nov 2023 12:26:40 GMT
content-encoding: gzip
via: 1.1 595547cdc2fce94aba8498c84797701a.cloudfront.net (CloudFront)
last-modified: Tue, 31 Oct 2023 13:39:48 GMT
x-amz-cf-pop: MUC50-P3
age: 2354801
etag: W/"1ef4-18b85f638a0"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000
accept-ranges: bytes
x-amz-cf-id: IaO03BuqIHqwKVOQo6j2fC_f7Dk5eF0ytlQA8OoHsFWjLSp3zsWZHA==

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 264 KB
88 KB 39ms
39ms Script
application/javascript 2a00:1450:4001:810::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-4Y6C81V13E&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-82686003-1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

252a35e9ed3ac9f0334d139fe4c4af52ddb3591173565b8044b3c7a661d45179

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://foreks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 18:33:21 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 90310
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Tue, 28 Nov 2023 18:33:21 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 52 KB
21 KB 75ms
22ms Script
text/javascript 2a00:1450:4001:80e::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-82686003-1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://foreks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
date: Tue, 28 Nov 2023 17:19:54 GMT
last-modified: Mon, 12 Jun 2023 18:23:07 GMT
server: Golfe2
age: 4407
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20994
expires: Tue, 28 Nov 2023 19:19:54 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 281 KB
92 KB 41ms
41ms Script
application/javascript 2a00:1450:4001:810::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-3HPQ6LZVLP&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-82686003-1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

0b20952a816c5a65c9f78ddfd6eead55a7e656a65d38fd6c75946af447b816b2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://foreks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 18:33:21 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 93916
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Tue, 28 Nov 2023 18:33:21 GMT

POST
H2 204 collect
region1.analytics.google.com/g/ 0
250 B 92ms
29ms Ping
text/plain 2001:4860:4802:34::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.analytics.google.com/g/collect?v=2&tid=G-3HPQ6LZVLP&gtm=45je3b81v9118958463&_p=1701196400996&_gaz=1&gcd=11l1l1l1l1&dma_cps=sypham&dma=1&cid=1202893231.1701196401&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_s=1&sid=1701196401&sct=1&seg=0&dl=https%3A%2F%2Fforeks.com%2F&dt=Foreks%20Bilgi%20%C4%B0leti%C5%9Fim%20Hizmetleri%20A.%C5%9E&en=page_view&_fv=2&_nsi=1&_ss=2&_c=1&_ee=1&tfd=804
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-3HPQ6LZVLP
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://foreks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 28 Nov 2023 18:33:21 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://foreks.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 collect
stats.g.doubleclick.net/g/ 0
250 B 92ms
30ms Ping
text/plain 2a00:1450:400c:c0c::9a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://stats.g.doubleclick.net/g/collect?v=2&tid=G-3HPQ6LZVLP&cid=1202893231.1701196401&gtm=45je3b81v9118958463&aip=1&dma=1&dma_cps=sypham&gcd=11l1l1l1l1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-3HPQ6LZVLP
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:400c:c0c::9a Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://foreks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 28 Nov 2023 18:33:21 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://foreks.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.de/ads/ 42 B
408 B 124ms
62ms Image
image/gif 2a00:1450:4001:827::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-3HPQ6LZVLP&cid=1202893231.1701196401&gtm=45je3b81v9118958463&aip=1&dma=1&dma_cps=sypham&gcd=11l1l1l1l1&z=1770614259

Requested by

Host: foreks.com
URL: https://foreks.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://foreks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 28 Nov 2023 18:33:21 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 www-widgetapi.js Show response
www.youtube.com/s/player/63e90c30/www-widgetapi.vflset/ 215 KB
67 KB 22ms
21ms Script
text/javascript 2a00:1450:4001:82a::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/s/player/63e90c30/www-widgetapi.vflset/www-widgetapi.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/player_api

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

af82cd92cb1df231870f60b847a411fcc4adfffef67f01fff41885828edee2e3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://foreks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 17:20:05 GMT
content-encoding: br
x-content-type-options: nosniff
age: 4396
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 68238
x-xss-protection: 0
last-modified: Mon, 20 Nov 2023 02:45:49 GMT
server: sffe
vary: Accept-Encoding, Origin
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
expires: Wed, 27 Nov 2024 17:20:05 GMT

GET
H2 200 end5q83kh4 Show response
www.clarity.ms/tag/ 1017 B
1 KB 288ms
195ms Script
application/x-javascript 2620:1ec:bdf::45
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.clarity.ms/tag/end5q83kh4?ref=gtm2
Requested by: Host: foreks.com
URL: https://foreks.com/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:bdf::45 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: d0f9ffbf017a391762a1aa768aab2b749feeec6b3fa6759b151ef7bbd836c3d8

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://foreks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

expires: -1
date: Tue, 28 Nov 2023 18:33:21 GMT
x-azure-ref: 20231128T183321Z-mqpve2pvet2n32yem81qx08b6g0000000v5g000000004ng7
x-cache: CONFIG_NOCACHE
content-type: application/x-javascript
cache-control: no-cache, no-store
accept-ranges: bytes
content-length: 1017
request-context: appId=cid-v1:e55edbbe-e22b-46b4-8313-9ee2a4e71d12

POST
H2 200 collect Show response
www.google-analytics.com/j/ 2 B
203 B 29ms
29ms XHR
text/plain 2a00:1450:4001:80e::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j101&a=424479691&t=pageview&_s=1&dl=https%3A%2F%2Fforeks.com%2F&ul=en-us&de=UTF-8&dt=Foreks%20Bilgi%20%C4%B0leti%C5%9Fim%20Hizmetleri%20A.%C5%9E&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YADAAUABAAAAACAAI~&jid=2031298537&gjid=625053322&cid=1202893231.1701196401&tid=UA-82686003-1&_gid=388237801.1701196401&_r=1&gtm=457e3b81&gcd=11l1l1l1l1&dma_cps=sypham&dma=1&jsscut=1&z=703771768

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://foreks.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Tue, 28 Nov 2023 18:33:21 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://foreks.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 collect
region1.analytics.google.com/g/ 0
45 B 81ms
32ms Ping
text/plain 2001:4860:4802:34::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.analytics.google.com/g/collect?v=2&tid=G-3HPQ6LZVLP&gtm=45je3b81v9118958463&_p=1701196400996&gcd=11l1l1l1l1&dma_cps=sypham&dma=1&cid=1202893231.1701196401&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_eu=AEA&_s=2&sid=1701196401&sct=1&seg=0&dl=https%3A%2F%2Fforeks.com%2F&dt=Foreks%20Bilgi%20%C4%B0leti%C5%9Fim%20Hizmetleri%20A.%C5%9E&en=scroll&_c=1&epn.percent_scrolled=90&_et=14&tfd=818
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-3HPQ6LZVLP
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://foreks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 28 Nov 2023 18:33:21 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://foreks.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 collect
region1.analytics.google.com/g/ 0
45 B 62ms
31ms Ping
text/plain 2001:4860:4802:34::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.analytics.google.com/g/collect?v=2&tid=G-4Y6C81V13E&gtm=45je3b81v888287377&_p=1701196400996&_gaz=1&gcd=11l1l1l1l1&dma_cps=sypham&dma=1&cid=1202893231.1701196401&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_eu=AAAI&_s=1&sid=1701196401&sct=1&seg=0&dl=https%3A%2F%2Fforeks.com%2F&dt=Foreks%20Bilgi%20%C4%B0leti%C5%9Fim%20Hizmetleri%20A.%C5%9E&en=page_view&_fv=2&_ss=2&_c=1&tfd=836
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-4Y6C81V13E&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://foreks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 28 Nov 2023 18:33:21 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://foreks.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 collect
stats.g.doubleclick.net/g/ 0
45 B 61ms
30ms Ping
text/plain 2a00:1450:400c:c0c::9a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://stats.g.doubleclick.net/g/collect?v=2&tid=G-4Y6C81V13E&cid=1202893231.1701196401&gtm=45je3b81v888287377&aip=1&dma=1&dma_cps=sypham&gcd=11l1l1l1l1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-4Y6C81V13E&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:400c:c0c::9a Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://foreks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 28 Nov 2023 18:33:21 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://foreks.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 collect
region1.analytics.google.com/g/ 0
45 B 62ms
33ms Ping
text/plain 2001:4860:4802:34::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.analytics.google.com/g/collect?v=2&tid=G-4Y6C81V13E&gtm=45je3b81v888287377z872732486&_p=1701196400996&gcd=11l1l1l1l1&dma_cps=sypham&dma=1&cid=1202893231.1701196401&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_eu=AAAK&_s=2&sid=1701196401&sct=1&seg=1&dl=https%3A%2F%2Fforeks.com%2F&dt=Foreks%20Bilgi%20%C4%B0leti%C5%9Fim%20Hizmetleri%20A.%C5%9E&en=page_view&_c=1&_et=1&tfd=838
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-4Y6C81V13E&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://foreks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 28 Nov 2023 18:33:21 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://foreks.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 collect
region1.analytics.google.com/g/ 0
45 B 58ms
31ms Ping
text/plain 2001:4860:4802:34::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.analytics.google.com/g/collect?v=2&tid=G-4Y6C81V13E&gtm=45je3b81v888287377z872732486&_p=1701196400996&gcd=11l1l1l1l1&dma_cps=sypham&dma=1&cid=1202893231.1701196401&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_eu=AAAI&_s=3&sid=1701196401&sct=1&seg=1&dl=https%3A%2F%2Fforeks.com%2F&dt=Foreks%20Bilgi%20%C4%B0leti%C5%9Fim%20Hizmetleri%20A.%C5%9E&en=Video%20view&_c=1&tfd=840
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-4Y6C81V13E&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://foreks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 28 Nov 2023 18:33:21 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://foreks.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.de/ads/ 42 B
107 B 120ms
118ms Image
image/gif 2a00:1450:4001:827::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-4Y6C81V13E&cid=1202893231.1701196401&gtm=45je3b81v888287377&aip=1&dma=1&dma_cps=sypham&gcd=11l1l1l1l1&z=2035016878

Requested by

Host: foreks.com
URL: https://foreks.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://foreks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 28 Nov 2023 18:33:21 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 login Show response
foreks.com/api/auth/ 11 B
1 KB 64ms
64ms XHR
application/json 18.173.154.20
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://foreks.com/api/auth/login

Requested by

Host: foreks.com
URL: https://foreks.com/_nuxt/20f57ac.modern.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.173.154.20 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-173-154-20.muc50.r.cloudfront.net

Software

Resource Hash

4062edaf750fb8074e7e83e0c9028c94e32468a8b6f1614774328ef045150f93

Security Headers

Name	Value
Content-Security-Policy	default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept: application/json, text/plain, */*
Referer: https://foreks.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
Content-Type: application/json;charset=UTF-8

Response headers

date: Tue, 28 Nov 2023 18:33:21 GMT
content-security-policy: default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
x-content-type-options: nosniff
strict-transport-security: max-age=15552000; includeSubDomains
content-encoding: gzip
x-permitted-cross-domain-policies: none
via: 1.1 595547cdc2fce94aba8498c84797701a.cloudfront.net (CloudFront)
x-amz-cf-pop: MUC50-P3
x-dns-prefetch-control: off
x-cache: Miss from cloudfront
cross-origin-resource-policy: same-origin
x-xss-protection: 0
referrer-policy: no-referrer
cross-origin-opener-policy: same-origin
etag: W/"b-Ai2R8hgEarLmHKwesT1qcY913ys"
x-download-options: noopen
x-frame-options: SAMEORIGIN
x-ratelimit-remaining: 499
content-type: application/json; charset=utf-8
access-control-allow-origin: https://foreks.com
origin-agent-cluster: ?1
vary: Origin, Accept-Encoding
access-control-allow-credentials: true
x-ratelimit-reset: 1701196475
x-ratelimit-limit: 500
x-amz-cf-id: GokMSYn2deRKbs4tFnaaaD2Yr1Z_83cj_MRLrmuNH9vhd2GeN8iRGw==

POST
H2 204 collect
region1.analytics.google.com/g/ 0
54 B 30ms
29ms Ping
text/plain 2001:4860:4802:34::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.analytics.google.com/g/collect?v=2&tid=G-4Y6C81V13E&gtm=45je3b81v888287377&_p=1701196400996&gcd=11l1l1l1l1&dma_cps=sypham&dma=1&cid=1202893231.1701196401&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_eu=AEAI&_s=4&sid=1701196401&sct=1&seg=1&dl=https%3A%2F%2Fforeks.com%2F&dt=Foreks%20Bilgi%20%C4%B0leti%C5%9Fim%20Hizmetleri%20A.%C5%9E&en=scroll&_c=1&epn.percent_scrolled=90&_et=79&tfd=921
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-4Y6C81V13E&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://foreks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 28 Nov 2023 18:33:21 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://foreks.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 4 B
151 B 32ms
30ms XHR
text/plain 2a00:1450:400c:c0c::9a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j101&tid=UA-82686003-1&cid=1202893231.1701196401&jid=2031298537&gjid=625053322&_gid=388237801.1701196401&_u=YADAAUAAAAAAACAAI~&z=1883541079

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c0c::9a Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://foreks.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Tue, 28 Nov 2023 18:33:21 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://foreks.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 get Show response
wsdkapi.netmera.com/sdk/3.0/config/ 7 KB
7 KB 58ms
58ms Fetch
application/json 185.57.65.123
VMIND

General

Check archive.org

Show headers Download Go to

Full URL

https://wsdkapi.netmera.com/sdk/3.0/config/get

Requested by

Host: cdn.netmera-web.com
URL: https://cdn.netmera-web.com/wsdkjs/OcYc2nxy4-IE1PVMgxSo2cIXLNyzI3PXAb6uUisJim44jRp89r7eWQ

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

185.57.65.123 Istanbul, Turkey, ASN9215 (VMIND, TR),

Reverse DNS

Software

nginx /

Resource Hash

7aa6352acc051116fdf2b9d65f0b20712a358940fd0f3b0e1140c475c1d8bfc6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

x-netmera-os: CHROME
accept-language: de-DE,de;q=0.9
x-netmera-device-type: DESKTOP
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type: application/json
accept: application/json
x-netmera-sdkv: 4.2.22
Referer: https://foreks.com/
x-netmera-api-key: OcYc2nxy4-IE1PVMgxSo2cIXLNyzI3PXAb6uUisJim44jRp89r7eWQ

Response headers

date: Tue, 28 Nov 2023 18:33:21 GMT
x-content-type-options: nosniff
server: nginx
access-control-allow-methods: GET, POST, PUT, OPTIONS
content-type: application/json;charset=UTF-8
access-control-allow-origin: *
x-robots-tag: noindex
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
x-xss-protection: 1; mode=block

OPTIONS
H2 204 get
wsdkapi.netmera.com/sdk/3.0/config/ Frame 0
0 173ms
55ms Preflight 185.57.65.123
VMIND

General

Check archive.org

Show headers Download Go to

Full URL: https://wsdkapi.netmera.com/sdk/3.0/config/get
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 185.57.65.123 Istanbul, Turkey, ASN9215 (VMIND, TR),
Reverse DNS
Software: nginx /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type,x-netmera-api-key,x-netmera-device-type,x-netmera-os,x-netmera-sdkv
Access-Control-Request-Method: GET
Origin: https://foreks.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
access-control-max-age: 1728000
content-length: 0
content-type: *
date: Tue, 28 Nov 2023 18:33:21 GMT
server: nginx

GET
H2 200 ga-audiences
www.google.com/ads/ 42 B
408 B 122ms
63ms Image
image/gif 2a00:1450:4001:828::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j101&tid=UA-82686003-1&cid=1202893231.1701196401&jid=2031298537&_u=YADAAUAAAAAAACAAI~&z=1160762144

Requested by

Host: foreks.com
URL: https://foreks.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://foreks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 28 Nov 2023 18:33:21 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.de/ads/ 42 B
107 B 62ms
62ms Image
image/gif 2a00:1450:4001:827::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j101&tid=UA-82686003-1&cid=1202893231.1701196401&jid=2031298537&_u=YADAAUAAAAAAACAAI~&z=1160762144

Requested by

Host: foreks.com
URL: https://foreks.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://foreks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 28 Nov 2023 18:33:21 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 outside.js Show response
static.virgul.com/theme/mockups/adcode/ 80 KB
28 KB 204ms
65ms Script
application/javascript 185.7.176.222
SH

General

Check archive.org

Show headers Download Go to

Full URL

https://static.virgul.com/theme/mockups/adcode/outside.js?dts=19689

Requested by

Host: foreks.com
URL: https://foreks.com/gtag.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

185.7.176.222 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),

Reverse DNS

Software

openresty/1.15.8.3 /

Resource Hash

aa51d6bede73a68a7d5922d73fae8402e12f0eda136e2fa13e9f4eea947c4523

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://foreks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 18:33:21 GMT
content-encoding: gzip
strict-transport-security: max-age=63072000
last-modified: Thu, 23 Nov 2023 09:12:34 GMT
server: openresty/1.15.8.3
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=43200

GET
H2 200 019ce8f.modern.js Show response
foreks.com/_nuxt/ 66 KB
21 KB 28ms
28ms Script
application/javascript 18.173.154.20
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://foreks.com/_nuxt/019ce8f.modern.js
Requested by: Host: foreks.com
URL: https://foreks.com/_nuxt/c265f34.modern.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.173.154.20 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-173-154-20.muc50.r.cloudfront.net
Software: /
Resource Hash: 4338b900dcb0f658dc52b480e9a98fad20b051f31d48277fe8a7b0cc0ba8f684

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://foreks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Fri, 03 Nov 2023 12:53:35 GMT
content-encoding: gzip
via: 1.1 595547cdc2fce94aba8498c84797701a.cloudfront.net (CloudFront)
last-modified: Fri, 03 Nov 2023 08:36:39 GMT
x-amz-cf-pop: MUC50-P3
age: 2180386
etag: W/"10844-18b9453c1d8"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000
accept-ranges: bytes
x-amz-cf-id: dxA3DVhS4ttesOTEvpkEpmvK2ahT7OoOvzmasaaRqnosmUyrhQe-JQ==

GET
H2 200 78d920c.modern.js Show response
foreks.com/_nuxt/ 5 KB
2 KB 28ms
28ms Script
application/javascript 18.173.154.20
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://foreks.com/_nuxt/78d920c.modern.js
Requested by: Host: foreks.com
URL: https://foreks.com/_nuxt/c265f34.modern.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.173.154.20 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-173-154-20.muc50.r.cloudfront.net
Software: /
Resource Hash: 18a4c05c50ff534451dd71190a11ffd4296cdcf519ad13afa11a365fcb2618a5

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://foreks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Wed, 01 Nov 2023 12:27:16 GMT
content-encoding: gzip
via: 1.1 595547cdc2fce94aba8498c84797701a.cloudfront.net (CloudFront)
last-modified: Tue, 31 Oct 2023 13:39:48 GMT
x-amz-cf-pop: MUC50-P3
age: 2354765
etag: W/"1444-18b85f638a0"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000
accept-ranges: bytes
x-amz-cf-id: 6IB4YxxZZyf56V1YWS0q2nXQarER01DlLoUVfmo4zLtesQaPswLq2Q==

GET
H2 200 last Show response
foreks.com/api/news/ 23 KB
7 KB 62ms
61ms XHR
application/json 18.173.154.20
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://foreks.com/api/news/last?last=27&locale=tr&source=PICNEWS

Requested by

Host: foreks.com
URL: https://foreks.com/_nuxt/20f57ac.modern.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.173.154.20 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-173-154-20.muc50.r.cloudfront.net

Software

Resource Hash

ad3264366bc0d6c4da713c77b542d378664d3432220f55c72545af60add6e051

Security Headers

Name	Value
Content-Security-Policy	default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept: application/json, text/plain, */*
Referer: https://foreks.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 18:33:21 GMT
content-security-policy: default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
x-content-type-options: nosniff
strict-transport-security: max-age=15552000; includeSubDomains
content-encoding: gzip
x-permitted-cross-domain-policies: none
via: 1.1 595547cdc2fce94aba8498c84797701a.cloudfront.net (CloudFront)
x-amz-cf-pop: MUC50-P3
x-dns-prefetch-control: off
x-cache: Miss from cloudfront
cross-origin-resource-policy: same-origin
x-xss-protection: 0
referrer-policy: no-referrer
cross-origin-opener-policy: same-origin
x-download-options: noopen
x-frame-options: SAMEORIGIN
x-ratelimit-remaining: 499
content-type: application/json; charset=utf-8
vary: Origin, Accept-Encoding
origin-agent-cluster: ?1
cache-control: max-age=4
access-control-allow-credentials: true
x-ratelimit-reset: 1701196355
x-ratelimit-limit: 500
x-amz-cf-id: lQgxlpgA0Vw5JGmfXM4QoSKGpE4rZjrt6anF0J8dsXqjXBATZMktPw==

GET
H2 200 sourcesanspro-semibold-webfont.39e363b.woff2
foreks.com/_nuxt/fonts/ 34 KB
34 KB 29ms
28ms Font
font/woff2 18.173.154.20
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://foreks.com/_nuxt/fonts/sourcesanspro-semibold-webfont.39e363b.woff2
Requested by: Host: foreks.com
URL: https://foreks.com/_nuxt/css/fb8ace3.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.173.154.20 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-173-154-20.muc50.r.cloudfront.net
Software: /
Resource Hash: 0bb23de06711894ad6d763f25ab3b5576bdb41046983f9e3776937b05418f6e5

Request headers

Referer: https://foreks.com/_nuxt/css/fb8ace3.css
Origin: https://foreks.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Mon, 30 Oct 2023 05:55:30 GMT
via: 1.1 595547cdc2fce94aba8498c84797701a.cloudfront.net (CloudFront)
last-modified: Wed, 18 Oct 2023 14:23:24 GMT
x-amz-cf-pop: MUC50-P3
age: 2551071
etag: W/"8714-18b432b7760"
x-cache: Hit from cloudfront
content-type: font/woff2
cache-control: public, max-age=31536000
accept-ranges: bytes
content-length: 34580
x-amz-cf-id: v0qCLM9ROK16oyAgKCZIpdNAjT2_CBBgPoI55OR2iKH5QEdLroa4NA==

GET
H2 200 sourcesanspro-regular-webfont.86b0cdc.woff2
foreks.com/_nuxt/fonts/ 33 KB
34 KB 29ms
29ms Font
font/woff2 18.173.154.20
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://foreks.com/_nuxt/fonts/sourcesanspro-regular-webfont.86b0cdc.woff2
Requested by: Host: foreks.com
URL: https://foreks.com/_nuxt/css/fb8ace3.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.173.154.20 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-173-154-20.muc50.r.cloudfront.net
Software: /
Resource Hash: 7912e72b602b2d0f47219cf7b075968b46b017f2f775ed62df64f28160d618ac

Request headers

Referer: https://foreks.com/_nuxt/css/fb8ace3.css
Origin: https://foreks.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Mon, 30 Oct 2023 05:55:30 GMT
via: 1.1 595547cdc2fce94aba8498c84797701a.cloudfront.net (CloudFront)
last-modified: Wed, 18 Oct 2023 14:23:24 GMT
x-amz-cf-pop: MUC50-P3
age: 2551071
etag: W/"850c-18b432b7760"
x-cache: Hit from cloudfront
content-type: font/woff2
cache-control: public, max-age=31536000
accept-ranges: bytes
content-length: 34060
x-amz-cf-id: O3haAr9evivIwhlcoFiIcxasKkpBvLwhk51KBUMJzIE6xLaNyLbR2A==

GET
H2 200 logo-forinvest-light.svg
foreks.com/img/ 8 KB
4 KB 65ms
64ms Image
image/svg+xml 18.173.154.20
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://foreks.com/img/logo-forinvest-light.svg
Requested by: Host: foreks.com
URL: https://foreks.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.173.154.20 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-173-154-20.muc50.r.cloudfront.net
Software: /
Resource Hash: bd639d613b54759e08ba0e73fcac45edef560aadcbb73d5103721134fd2103a8

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://foreks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 18:33:21 GMT
content-encoding: gzip
via: 1.1 595547cdc2fce94aba8498c84797701a.cloudfront.net (CloudFront)
last-modified: Thu, 23 Nov 2023 10:57:43 GMT
x-amz-cf-pop: MUC50-P3
etag: W/"1e2a-18bfbd41858"
vary: Accept-Encoding
x-cache: Miss from cloudfront
content-type: image/svg+xml
cache-control: public, max-age=0
accept-ranges: bytes
x-amz-cf-id: WDPMwdX3RtrnE0t3sb2rd29Z4069uMpmVUPwrK85vuY74t16PFGRDw==

GET
H2 200 logo.svg
foreks.com/img/brand/ 3 KB
2 KB 51ms
51ms Image
image/svg+xml 18.173.154.20
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://foreks.com/img/brand/logo.svg
Requested by: Host: foreks.com
URL: https://foreks.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.173.154.20 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-173-154-20.muc50.r.cloudfront.net
Software: /
Resource Hash: 67f63277f6b82526068df07bf12fad11eb52a2d7a9818991705a68a69376e44b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://foreks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 18:33:21 GMT
content-encoding: gzip
via: 1.1 595547cdc2fce94aba8498c84797701a.cloudfront.net (CloudFront)
last-modified: Thu, 23 Nov 2023 10:57:43 GMT
x-amz-cf-pop: MUC50-P3
etag: W/"c85-18bfbd41858"
vary: Accept-Encoding
x-cache: Miss from cloudfront
content-type: image/svg+xml
cache-control: public, max-age=0
accept-ranges: bytes
x-amz-cf-id: nyaWc7wJ5OqUlDJ63BiOsVNdDSyq0yMNLpdszTcRfryNbXO7W733Lw==

GET
H2 200 logo-dark.svg
foreks.com/img/brand/ 3 KB
2 KB 49ms
49ms Image
image/svg+xml 18.173.154.20
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://foreks.com/img/brand/logo-dark.svg
Requested by: Host: foreks.com
URL: https://foreks.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.173.154.20 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-173-154-20.muc50.r.cloudfront.net
Software: /
Resource Hash: 55568d78493cb7e0ee57d25db4418b7d0514549f94dc27314e7626f886b68f8a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://foreks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 18:33:21 GMT
content-encoding: gzip
via: 1.1 595547cdc2fce94aba8498c84797701a.cloudfront.net (CloudFront)
last-modified: Thu, 23 Nov 2023 10:57:43 GMT
x-amz-cf-pop: MUC50-P3
etag: W/"c82-18bfbd41858"
vary: Accept-Encoding
x-cache: Miss from cloudfront
content-type: image/svg+xml
cache-control: public, max-age=0
accept-ranges: bytes
x-amz-cf-id: jQ13xjxV_pQLU3lPLClREOGucSsqLlnaSuI-MerYf70DGj4D21bTow==

GET
H2 200 4a8c97c.modern.js Show response
foreks.com/_nuxt/ 94 KB
31 KB 37ms
30ms Script
application/javascript 18.173.154.20
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://foreks.com/_nuxt/4a8c97c.modern.js
Requested by: Host: foreks.com
URL: https://foreks.com/_nuxt/c265f34.modern.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.173.154.20 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-173-154-20.muc50.r.cloudfront.net
Software: /
Resource Hash: ccae2b61a3aad8c4e607d727eb78e09f10c040b45f9188dcd461281a188ec3e8

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://foreks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Wed, 01 Nov 2023 12:27:17 GMT
content-encoding: gzip
via: 1.1 595547cdc2fce94aba8498c84797701a.cloudfront.net (CloudFront)
last-modified: Tue, 31 Oct 2023 13:39:48 GMT
x-amz-cf-pop: MUC50-P3
age: 2354764
etag: W/"17954-18b85f638a0"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000
accept-ranges: bytes
x-amz-cf-id: _zKYJXFwyLvDTdpgXl-br0bmU7U1JFSuB-xRkGLMNL_lCsOHVURyCA==

GET
H2 200 forinvest-1.png
foreks.com/img/ 70 KB
70 KB 72ms
66ms Image
image/png 18.173.154.20
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://foreks.com/img/forinvest-1.png
Requested by: Host: foreks.com
URL: https://foreks.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.173.154.20 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-173-154-20.muc50.r.cloudfront.net
Software: /
Resource Hash: cb8f1d149e89e2fc12e167bca2ffd7d934fac475417136b6ad6369a514523a4e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://foreks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 18:33:21 GMT
via: 1.1 595547cdc2fce94aba8498c84797701a.cloudfront.net (CloudFront)
last-modified: Thu, 23 Nov 2023 10:57:43 GMT
x-amz-cf-pop: MUC50-P3
etag: W/"117a2-18bfbd41858"
x-cache: Miss from cloudfront
content-type: image/png
cache-control: public, max-age=0
accept-ranges: bytes
content-length: 71586
x-amz-cf-id: u0PMspFjuNZ4LAWoTzgqUV35j8bkgxmcmgqntoUAX-_oKjkF94IUlQ==

GET
H2 200 app-store@2x.png
foreks.com/img/ 11 KB
12 KB 73ms
66ms Image
image/png 18.173.154.20
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://foreks.com/img/app-store@2x.png
Requested by: Host: foreks.com
URL: https://foreks.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.173.154.20 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-173-154-20.muc50.r.cloudfront.net
Software: /
Resource Hash: 4512e492257199f988691a0f342b97d0a0d0956bb867996666dc966e24862b71

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://foreks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 18:33:21 GMT
via: 1.1 595547cdc2fce94aba8498c84797701a.cloudfront.net (CloudFront)
last-modified: Thu, 23 Nov 2023 10:57:43 GMT
x-amz-cf-pop: MUC50-P3
etag: W/"2d6b-18bfbd41858"
x-cache: Miss from cloudfront
content-type: image/png
cache-control: public, max-age=0
accept-ranges: bytes
content-length: 11627
x-amz-cf-id: Pb6tpKCb66H87pBigiBFkJwadlLoe-9QxqfcLP54YdJNA3GWtQoATQ==

GET
H2 200 google-play@2x.png
foreks.com/img/ 18 KB
18 KB 80ms
74ms Image
image/png 18.173.154.20
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://foreks.com/img/google-play@2x.png
Requested by: Host: foreks.com
URL: https://foreks.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.173.154.20 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-173-154-20.muc50.r.cloudfront.net
Software: /
Resource Hash: 932ffc85d925259f1a133aec23869b5d519252b9e4acc58faaf076d9c077e06e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://foreks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 18:33:21 GMT
via: 1.1 595547cdc2fce94aba8498c84797701a.cloudfront.net (CloudFront)
last-modified: Thu, 23 Nov 2023 10:57:43 GMT
x-amz-cf-pop: MUC50-P3
etag: W/"469d-18bfbd41858"
x-cache: Miss from cloudfront
content-type: image/png
cache-control: public, max-age=0
accept-ranges: bytes
content-length: 18077
x-amz-cf-id: WHbfNnjB6awzJYZfLoXWInITvLnfCSXXrACfixTRmw8afOirhtnfYw==

GET
H2 200 app-gallery@2x.png
foreks.com/img/ 14 KB
14 KB 73ms
67ms Image
image/png 18.173.154.20
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://foreks.com/img/app-gallery@2x.png
Requested by: Host: foreks.com
URL: https://foreks.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.173.154.20 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-173-154-20.muc50.r.cloudfront.net
Software: /
Resource Hash: fbb6a8fd8eb8b0e9642821c3000b8346b1b64eb8e75f8d55bd5e3be5b3887a96

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://foreks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 18:33:21 GMT
via: 1.1 595547cdc2fce94aba8498c84797701a.cloudfront.net (CloudFront)
last-modified: Thu, 23 Nov 2023 10:57:43 GMT
x-amz-cf-pop: MUC50-P3
etag: W/"3688-18bfbd41858"
x-cache: Miss from cloudfront
content-type: image/png
cache-control: public, max-age=0
accept-ranges: bytes
content-length: 13960
x-amz-cf-id: UMrO8w5znACnvUTM3Tw67e5Ru_KuJgcts6Wa3HG_XIv2cCfsAHxyqQ==

GET
H2 200 trader-fxplus@2x.jpg
foreks.com/img/ 67 KB
67 KB 82ms
76ms Image
image/jpeg 18.173.154.20
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://foreks.com/img/trader-fxplus@2x.jpg
Requested by: Host: foreks.com
URL: https://foreks.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.173.154.20 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-173-154-20.muc50.r.cloudfront.net
Software: /
Resource Hash: d222cce9b803f746e839aa0febec4740b5d087d00deb8de050bb20db32164cce

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://foreks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 18:33:21 GMT
via: 1.1 595547cdc2fce94aba8498c84797701a.cloudfront.net (CloudFront)
last-modified: Thu, 23 Nov 2023 10:57:43 GMT
x-amz-cf-pop: MUC50-P3
etag: W/"10b92-18bfbd41858"
x-cache: Miss from cloudfront
content-type: image/jpeg
cache-control: public, max-age=0
accept-ranges: bytes
content-length: 68498
x-amz-cf-id: n2cLVtiNYg-cp6rLFgFDYw9fi6yrGjiXX2xrryvKzN4uPGXYaFlktA==

GET
H2 200 x-app.svg
foreks.com/img/ 415 B
657 B 75ms
69ms Image
image/svg+xml 18.173.154.20
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://foreks.com/img/x-app.svg
Requested by: Host: foreks.com
URL: https://foreks.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.173.154.20 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-173-154-20.muc50.r.cloudfront.net
Software: /
Resource Hash: c1d5a94de96e16ff5cade47262ae251a766b737cdb70440e0aa96f2f3848f575

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://foreks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 18:33:21 GMT
content-encoding: gzip
via: 1.1 595547cdc2fce94aba8498c84797701a.cloudfront.net (CloudFront)
last-modified: Thu, 23 Nov 2023 10:57:43 GMT
x-amz-cf-pop: MUC50-P3
etag: W/"19f-18bfbd41858"
vary: Accept-Encoding
x-cache: Miss from cloudfront
content-type: image/svg+xml
cache-control: public, max-age=0
accept-ranges: bytes
x-amz-cf-id: oJ0bLVELE13O7IwuPxQYqPgOqnfYLijxALBxfdvE2uzTva7oDJOF5A==

GET
H2 200 etbis.jpeg
foreks.com/img/ 35 KB
35 KB 85ms
79ms Image
image/jpeg 18.173.154.20
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://foreks.com/img/etbis.jpeg
Requested by: Host: foreks.com
URL: https://foreks.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.173.154.20 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-173-154-20.muc50.r.cloudfront.net
Software: /
Resource Hash: b6af033ab5b5d74fc4c4a81e72593e34f1c2b76bd74f5a568f69ee7a66026e83

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://foreks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 18:33:21 GMT
via: 1.1 595547cdc2fce94aba8498c84797701a.cloudfront.net (CloudFront)
last-modified: Thu, 23 Nov 2023 10:57:43 GMT
x-amz-cf-pop: MUC50-P3
etag: W/"8b4b-18bfbd41858"
x-cache: Miss from cloudfront
content-type: image/jpeg
cache-control: public, max-age=0
accept-ranges: bytes
content-length: 35659
x-amz-cf-id: 7zOezEXui8uMNjN5Y4OIdTo8HCacQnRI_XdLv6MzgHb1cGNaGKtkzA==

GET
H2 200 1701184874284_thumb.jpeg
news-files.foreks.com/images/ 15 KB
15 KB 163ms
96ms Image
image/jpeg 18.66.97.13
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://news-files.foreks.com/images/1701184874284_thumb.jpeg
Requested by: Host: foreks.com
URL: https://foreks.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.97.13 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-97-13.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 5306fe709fd7d0683852ea492aef6c85dccbaa53ad430051ff2199a7a5f17919

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://foreks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

x-amz-version-id: ENnVALwFqTxF6_UF7uo99lKddaszxD.u
date: Tue, 28 Nov 2023 18:33:22 GMT
via: 1.1 84294257ed643a88ee54d2e3f7d7ccea.cloudfront.net (CloudFront)
last-modified: Tue, 28 Nov 2023 15:21:15 GMT
server: AmazonS3
x-amz-cf-pop: FRA56-P2
x-amz-server-side-encryption: AES256
etag: "f99aed2e0cf328614b16ce125b6223f4"
vary: Accept-Encoding
x-cache: RefreshHit from cloudfront
content-type: image/jpeg
accept-ranges: bytes
content-length: 15053
x-amz-cf-id: 8dIJ4V_Gt7vUzZUMdZnscCCEQt6L-Il5UpF03ZNfioC93AQUvhQ9WA==

GET
H2 200 1701181495348_thumb.jpeg
news-files.foreks.com/images/ 14 KB
14 KB 128ms
60ms Image
image/jpeg 18.66.97.13
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://news-files.foreks.com/images/1701181495348_thumb.jpeg
Requested by: Host: foreks.com
URL: https://foreks.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.97.13 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-97-13.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: a120491ca294d6de83b6a11c10883b4bba4d2e931544678177d178999f0aec38

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://foreks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

x-amz-version-id: NMg38QIEUYHRbWMsWRLNXyREhEDZ3MGs
date: Tue, 28 Nov 2023 18:33:22 GMT
via: 1.1 84294257ed643a88ee54d2e3f7d7ccea.cloudfront.net (CloudFront)
last-modified: Tue, 28 Nov 2023 14:24:56 GMT
server: AmazonS3
x-amz-cf-pop: FRA56-P2
x-amz-server-side-encryption: AES256
etag: "0fea0975b71c2f9a8c770efe9a726174"
vary: Accept-Encoding
x-cache: RefreshHit from cloudfront
content-type: image/jpeg
accept-ranges: bytes
content-length: 13899
x-amz-cf-id: R6YyAluYGgPRPMAHvXVBn8LiZeXIn9ab3Fs6FXbcNTXdp31QrrRBwQ==

GET
H2 200 1701177535700_thumb.jpeg
news-files.foreks.com/images/ 11 KB
12 KB 96ms
29ms Image
image/jpeg 18.66.97.13
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://news-files.foreks.com/images/1701177535700_thumb.jpeg
Requested by: Host: foreks.com
URL: https://foreks.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.97.13 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-97-13.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 77cea5181400dcea09d396e614b6d0ecf9ac52f4bb388178a3086c6b4a4d85cd

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://foreks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

x-amz-version-id: u4E4.nfxXkN9.lymrs1a.tCmpq6TyLFA
date: Tue, 28 Nov 2023 18:29:34 GMT
via: 1.1 84294257ed643a88ee54d2e3f7d7ccea.cloudfront.net (CloudFront)
last-modified: Tue, 28 Nov 2023 13:18:56 GMT
server: AmazonS3
x-amz-cf-pop: FRA56-P2
age: 228
x-amz-server-side-encryption: AES256
etag: "f1778b882db24e28e5c58c8e2c9d230d"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: image/jpeg
accept-ranges: bytes
content-length: 11679
x-amz-cf-id: lsqtbxGX0eqfo9Xa4dfsW8tDj-444ll4u156tNaL7eZD9ae10vlpow==

GET
H2 200 icon-bist.png
foreks.com/img/ 6 KB
6 KB 73ms
68ms Image
image/png 18.173.154.20
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://foreks.com/img/icon-bist.png
Requested by: Host: foreks.com
URL: https://foreks.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.173.154.20 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-173-154-20.muc50.r.cloudfront.net
Software: /
Resource Hash: 666a81a98b9d8ce2098b91b1ae26d1b7262f82c43c3ecf8232622d4f614f9a0a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://foreks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 18:33:21 GMT
via: 1.1 595547cdc2fce94aba8498c84797701a.cloudfront.net (CloudFront)
last-modified: Thu, 23 Nov 2023 10:57:43 GMT
x-amz-cf-pop: MUC50-P3
etag: W/"1636-18bfbd41858"
x-cache: Miss from cloudfront
content-type: image/png
cache-control: public, max-age=0
accept-ranges: bytes
content-length: 5686
x-amz-cf-id: -G-cLNQKrymtAK33OOlz2e0ST4wyngOwVgCyu5tBy5pKjQIDQKXIKA==

GET
H2 200 1701175723950_thumb.jpeg
news-files.foreks.com/images/ 16 KB
16 KB 126ms
59ms Image
image/jpeg 18.66.97.13
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://news-files.foreks.com/images/1701175723950_thumb.jpeg
Requested by: Host: foreks.com
URL: https://foreks.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.97.13 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-97-13.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 5d9d6578c454b092af85edcf169a58a394b418c948bcbb510188bdc5c1083297

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://foreks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

x-amz-version-id: BC1ap0L0t8FvKrQwjv3Lh6UrU7c5EkOJ
date: Tue, 28 Nov 2023 18:33:22 GMT
via: 1.1 84294257ed643a88ee54d2e3f7d7ccea.cloudfront.net (CloudFront)
last-modified: Tue, 28 Nov 2023 12:48:45 GMT
server: AmazonS3
x-amz-cf-pop: FRA56-P2
x-amz-server-side-encryption: AES256
etag: "e8dc7801b57740284d007bb8a538baa3"
vary: Accept-Encoding
x-cache: RefreshHit from cloudfront
content-type: image/jpeg
accept-ranges: bytes
content-length: 16396
x-amz-cf-id: qH24kRbqqdte1Jw_clUkColIHEwtjDMBqOL-A8f1cw6Kq66EwPUL9Q==

GET
H2 200 1701174845053_thumb.jpeg
news-files.foreks.com/images/ 15 KB
15 KB 113ms
47ms Image
image/jpeg 18.66.97.13
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://news-files.foreks.com/images/1701174845053_thumb.jpeg
Requested by: Host: foreks.com
URL: https://foreks.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.97.13 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-97-13.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 224720e350fded9c7fc48c26baa3b7ba40dae30313775642add0784388de8b81

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://foreks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

x-amz-version-id: vwzHnc1RQ1PlYQIbSDdfU4cX2IduItNF
date: Tue, 28 Nov 2023 18:28:21 GMT
via: 1.1 84294257ed643a88ee54d2e3f7d7ccea.cloudfront.net (CloudFront)
last-modified: Tue, 28 Nov 2023 12:34:06 GMT
server: AmazonS3
x-amz-cf-pop: FRA56-P2
age: 301
x-amz-server-side-encryption: AES256
etag: "333d53c5a13b9693e4f3f5761db0df60"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: image/jpeg
accept-ranges: bytes
content-length: 15013
x-amz-cf-id: quaYxN5pV-jXEnyYymzpl7ytKdWykE_uQWGq0PZaE1w2Q8rdi7JjTg==

GET
H2 200 1701174672985_thumb.jpeg
news-files.foreks.com/images/ 13 KB
14 KB 95ms
28ms Image
image/jpeg 18.66.97.13
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://news-files.foreks.com/images/1701174672985_thumb.jpeg
Requested by: Host: foreks.com
URL: https://foreks.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.97.13 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-97-13.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 398192df861e2dbbe8d4c7b127d1b276c413501f45b01ddfcee428cfa9bc70d8

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://foreks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

x-amz-version-id: Aa.mrKs3GpBTXyGk9Zk4cM64NuldfhHI
date: Tue, 28 Nov 2023 18:26:38 GMT
via: 1.1 84294257ed643a88ee54d2e3f7d7ccea.cloudfront.net (CloudFront)
last-modified: Tue, 28 Nov 2023 12:31:14 GMT
server: AmazonS3
x-amz-cf-pop: FRA56-P2
age: 404
x-amz-server-side-encryption: AES256
etag: "5bf25d53ea95b2ccbbd50b0d9cf0790d"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: image/jpeg
accept-ranges: bytes
content-length: 13528
x-amz-cf-id: CCOzAPad45OfWwJfHFJcW7hrwaMaaX0G9hjI_yW4vP9N-AquKuGmiA==

GET
H2 200 1701173858463_thumb.jpeg
news-files.foreks.com/images/ 13 KB
13 KB 52ms
38ms Image
image/jpeg 18.66.97.13
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://news-files.foreks.com/images/1701173858463_thumb.jpeg
Requested by: Host: foreks.com
URL: https://foreks.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.97.13 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-97-13.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 25ed9577fc68cbd07e1f845fe2a130b544ae521b97a04f40e54a64a46875fbea

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://foreks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

x-amz-version-id: qBUmj_F6BWty8hL3giHPuOKbXCnoYJgS
date: Tue, 28 Nov 2023 18:29:33 GMT
via: 1.1 84294257ed643a88ee54d2e3f7d7ccea.cloudfront.net (CloudFront)
last-modified: Tue, 28 Nov 2023 12:17:39 GMT
server: AmazonS3
x-amz-cf-pop: FRA56-P2
age: 229
x-amz-server-side-encryption: AES256
etag: "0d451ab00e776344b528d9b6bb89d16f"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: image/jpeg
accept-ranges: bytes
content-length: 13121
x-amz-cf-id: uw3tvDB-HXCJo1kDrZijkQqk0Wa762fpdivb7ZMnLVsXPmJ5b_Darg==

GET
H2 200 1701173325717_thumb.jpeg
news-files.foreks.com/images/ 7 KB
7 KB 54ms
40ms Image
image/jpeg 18.66.97.13
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://news-files.foreks.com/images/1701173325717_thumb.jpeg
Requested by: Host: foreks.com
URL: https://foreks.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.97.13 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-97-13.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 7377039b14c85308d94f29e779acfc69fd32b2c00b09bdc2f26a2542409973e5

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://foreks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

x-amz-version-id: jfp7V0RlYI4TTc.KM4_Uybe0Cm5AUQq_
date: Tue, 28 Nov 2023 18:21:27 GMT
via: 1.1 84294257ed643a88ee54d2e3f7d7ccea.cloudfront.net (CloudFront)
last-modified: Tue, 28 Nov 2023 12:08:46 GMT
server: AmazonS3
x-amz-cf-pop: FRA56-P2
age: 715
x-amz-server-side-encryption: AES256
etag: "3bb5a80fb9f100845856b233adaeb939"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: image/jpeg
accept-ranges: bytes
content-length: 7059
x-amz-cf-id: eSNdZpAFAP_Ri5JNpJpcDI2rWjVAJheOdVkpnkcFqZ7-zRx3KxUkfA==

GET
H2 200 1701173529154_thumb.jpeg
news-files.foreks.com/images/ 17 KB
17 KB 60ms
47ms Image
image/jpeg 18.66.97.13
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://news-files.foreks.com/images/1701173529154_thumb.jpeg
Requested by: Host: foreks.com
URL: https://foreks.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.97.13 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-97-13.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 701986f7bcc7d1c2c44605fbf0796b72f7c421ae2180621a9acc5f25ce293a7c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://foreks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

x-amz-version-id: L9JXYVHkelLUgL_kIe_2qScZ9a6Wq7yx
date: Tue, 28 Nov 2023 18:21:27 GMT
via: 1.1 84294257ed643a88ee54d2e3f7d7ccea.cloudfront.net (CloudFront)
last-modified: Tue, 28 Nov 2023 12:12:10 GMT
server: AmazonS3
x-amz-cf-pop: FRA56-P2
age: 715
x-amz-server-side-encryption: AES256
etag: "06cd8d7d173bb1adc4ad815d08668167"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: image/jpeg
accept-ranges: bytes
content-length: 17025
x-amz-cf-id: w2sTLcXplsEy1uk8WWd_cw5ztvD0WcFVJN8oOG6UcxCggW-s6Y0_sw==

GET
H2 200 1701173493286_thumb.jpeg
news-files.foreks.com/images/ 22 KB
22 KB 65ms
51ms Image
image/jpeg 18.66.97.13
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://news-files.foreks.com/images/1701173493286_thumb.jpeg
Requested by: Host: foreks.com
URL: https://foreks.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.97.13 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-97-13.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 0201329263acddaf31c80ab50b42f64817eb72d365487549cdd404e795c532f5

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://foreks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

x-amz-version-id: EoBaGiG.r3ZhypTNgqOQROGpW587Uzft
date: Tue, 28 Nov 2023 18:21:27 GMT
via: 1.1 84294257ed643a88ee54d2e3f7d7ccea.cloudfront.net (CloudFront)
last-modified: Tue, 28 Nov 2023 12:11:34 GMT
server: AmazonS3
x-amz-cf-pop: FRA56-P2
age: 715
x-amz-server-side-encryption: AES256
etag: "4541b9f17e0338efedbd243ade3f2b45"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: image/jpeg
accept-ranges: bytes
content-length: 22256
x-amz-cf-id: R56mhdpMBVIF33ys_8hiCk7DGUoJQGQt7rhETYIzgar39_1RA2RPPg==

GET
H2 200 1701171909747_thumb.jpeg
news-files.foreks.com/images/ 17 KB
17 KB 68ms
55ms Image
image/jpeg 18.66.97.13
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://news-files.foreks.com/images/1701171909747_thumb.jpeg
Requested by: Host: foreks.com
URL: https://foreks.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.97.13 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-97-13.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 8af3879e79e84eb580e9e23f86880c32d97f52d56896d789bbf4896a9d002c17

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://foreks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

x-amz-version-id: .ZaZkDpwim6nieSF2fxPBbiqWfIDmOAc
date: Tue, 28 Nov 2023 18:23:14 GMT
via: 1.1 84294257ed643a88ee54d2e3f7d7ccea.cloudfront.net (CloudFront)
last-modified: Tue, 28 Nov 2023 11:45:10 GMT
server: AmazonS3
x-amz-cf-pop: FRA56-P2
age: 608
x-amz-server-side-encryption: AES256
etag: "b41ac2eab52e61fd8f9b19febaf3429e"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: image/jpeg
accept-ranges: bytes
content-length: 17237
x-amz-cf-id: lKBV-he8FuuZcIYpgXD4wGwbxDFxtdQLrar8GROTSyNiJqC8SQiYTA==

GET
H2 200 1701168263492_thumb.jpeg
news-files.foreks.com/images/ 13 KB
14 KB 84ms
71ms Image
image/jpeg 18.66.97.13
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://news-files.foreks.com/images/1701168263492_thumb.jpeg
Requested by: Host: foreks.com
URL: https://foreks.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.97.13 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-97-13.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 19d3bf1a3bf9275c245e9135ef6efe01287a8bacf41914ebfbd26f29a5efbecf

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://foreks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

x-amz-version-id: ttoOHxiQmyNzqUvFYpRm_sAXjoaqS4Ct
date: Tue, 28 Nov 2023 18:29:34 GMT
via: 1.1 84294257ed643a88ee54d2e3f7d7ccea.cloudfront.net (CloudFront)
last-modified: Tue, 28 Nov 2023 10:44:24 GMT
server: AmazonS3
x-amz-cf-pop: FRA56-P2
age: 228
x-amz-server-side-encryption: AES256
etag: "e55ebbfcc9a6c8b327a0ab37d80dc689"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: image/jpeg
accept-ranges: bytes
content-length: 13793
x-amz-cf-id: 3cFaMxfhPuRyM-oHLmw033G6RYhjZ2cLOQnpPxWJvuIttLHqOhUAHA==

GET
H2 200 US@3x.png
foreks.com/img/flags/ 7 KB
7 KB 57ms
53ms Image
image/png 18.173.154.20
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://foreks.com/img/flags/US@3x.png
Requested by: Host: foreks.com
URL: https://foreks.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.173.154.20 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-173-154-20.muc50.r.cloudfront.net
Software: /
Resource Hash: 178c85dd1cd4028c38f2a5812f63414c9d0bc67308a56227ffc9f18e5e2fa863

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://foreks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 18:33:21 GMT
via: 1.1 595547cdc2fce94aba8498c84797701a.cloudfront.net (CloudFront)
last-modified: Thu, 23 Nov 2023 10:57:43 GMT
x-amz-cf-pop: MUC50-P3
etag: W/"1c56-18bfbd41858"
x-cache: Miss from cloudfront
content-type: image/png
cache-control: public, max-age=0
accept-ranges: bytes
content-length: 7254
x-amz-cf-id: Znpak3JfLFFW019yPLJ6w9l4Afvq7laEQZ2zz3yJe5-Cf9nr9oyE8Q==

GET
H2 200 EU@3x.png
foreks.com/img/flags/ 4 KB
4 KB 90ms
86ms Image
image/png 18.173.154.20
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://foreks.com/img/flags/EU@3x.png
Requested by: Host: foreks.com
URL: https://foreks.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.173.154.20 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-173-154-20.muc50.r.cloudfront.net
Software: /
Resource Hash: 0f9eae9df4a466cc9addece97de7d812741e1cac54ce97f94e08a467f13b0d3e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://foreks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 18:33:21 GMT
via: 1.1 595547cdc2fce94aba8498c84797701a.cloudfront.net (CloudFront)
last-modified: Thu, 23 Nov 2023 10:57:43 GMT
x-amz-cf-pop: MUC50-P3
etag: W/"1058-18bfbd41858"
x-cache: Miss from cloudfront
content-type: image/png
cache-control: public, max-age=0
accept-ranges: bytes
content-length: 4184
x-amz-cf-id: YO05KYueFVEV9CRk0e7XZr9g7U2BBH2wE2iIihfP8Xyu2MW4zylTWw==

GET
H2 200 GB@3x.png
foreks.com/img/flags/ 3 KB
3 KB 73ms
69ms Image
image/png 18.173.154.20
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://foreks.com/img/flags/GB@3x.png
Requested by: Host: foreks.com
URL: https://foreks.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.173.154.20 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-173-154-20.muc50.r.cloudfront.net
Software: /
Resource Hash: 96d2738ac93887026499a36bbead36fbb3307af0389119ce89bff112618577ab

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://foreks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 18:33:21 GMT
via: 1.1 595547cdc2fce94aba8498c84797701a.cloudfront.net (CloudFront)
last-modified: Thu, 23 Nov 2023 10:57:43 GMT
x-amz-cf-pop: MUC50-P3
etag: W/"ab7-18bfbd41858"
x-cache: Miss from cloudfront
content-type: image/png
cache-control: public, max-age=0
accept-ranges: bytes
content-length: 2743
x-amz-cf-id: rSgVpu6zVZEV9PnoYwgA3eR8snsjDWk8ItGTnXfdHQCLJnVsGO5ALQ==

GET
H2 200 CH@3x.png
foreks.com/img/flags/ 569 B
889 B 92ms
88ms Image
image/png 18.173.154.20
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://foreks.com/img/flags/CH@3x.png
Requested by: Host: foreks.com
URL: https://foreks.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.173.154.20 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-173-154-20.muc50.r.cloudfront.net
Software: /
Resource Hash: 42e6e358bc7f764358842d65d23e2fa64dca92a503e253654538a43236ee3562

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://foreks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 18:33:21 GMT
via: 1.1 595547cdc2fce94aba8498c84797701a.cloudfront.net (CloudFront)
last-modified: Thu, 23 Nov 2023 10:57:43 GMT
x-amz-cf-pop: MUC50-P3
etag: W/"239-18bfbd41858"
x-cache: Miss from cloudfront
content-type: image/png
cache-control: public, max-age=0
accept-ranges: bytes
content-length: 569
x-amz-cf-id: lFmXhF9JRe6ZEZuVnEBOJF1n02IL3He1SThdZIHBn8vmO3UkgMKDXg==

GET
H2 200 CA@3x.png
foreks.com/img/flags/ 3 KB
3 KB 110ms
106ms Image
image/png 18.173.154.20
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://foreks.com/img/flags/CA@3x.png
Requested by: Host: foreks.com
URL: https://foreks.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.173.154.20 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-173-154-20.muc50.r.cloudfront.net
Software: /
Resource Hash: b2fcfbc79f4d51f9afaa3f8c42ce6b8ade64c1c36f599876bbd018a69eb6301d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://foreks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 18:33:21 GMT
via: 1.1 595547cdc2fce94aba8498c84797701a.cloudfront.net (CloudFront)
last-modified: Thu, 23 Nov 2023 10:57:43 GMT
x-amz-cf-pop: MUC50-P3
etag: W/"a47-18bfbd41858"
x-cache: Miss from cloudfront
content-type: image/png
cache-control: public, max-age=0
accept-ranges: bytes
content-length: 2631
x-amz-cf-id: fNmtA09qlJX8aQoIIsq193RiB4IJYBbiw-pyhRIFRiadIJPtwFg9lw==

GET
H2 200 1701168098761_thumb.jpeg
news-files.foreks.com/images/ 17 KB
17 KB 72ms
59ms Image
image/jpeg 18.66.97.13
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://news-files.foreks.com/images/1701168098761_thumb.jpeg
Requested by: Host: foreks.com
URL: https://foreks.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.97.13 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-97-13.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: fae2a3711c236a7fab2f5639cf38d448a2f97ace2e113098838994958f2ebb5b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://foreks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

x-amz-version-id: N6GwPEqPpT9bT.GA3NOx3OleR2pTt02w
date: Tue, 28 Nov 2023 18:24:29 GMT
via: 1.1 84294257ed643a88ee54d2e3f7d7ccea.cloudfront.net (CloudFront)
last-modified: Tue, 28 Nov 2023 10:41:39 GMT
server: AmazonS3
x-amz-cf-pop: FRA56-P2
age: 533
x-amz-server-side-encryption: AES256
etag: "3ceadcd26ed5b93f2d7a16fc7dd0c548"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: image/jpeg
accept-ranges: bytes
content-length: 17416
x-amz-cf-id: j7dv2VNBG_NSDWIPEgztQk9IZvz5IE6gnRfQogI9VkxBCE1wUMtT4g==

GET
H2 200 1701166422841_thumb.jpeg
news-files.foreks.com/images/ 16 KB
17 KB 88ms
76ms Image
image/jpeg 18.66.97.13
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://news-files.foreks.com/images/1701166422841_thumb.jpeg
Requested by: Host: foreks.com
URL: https://foreks.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.97.13 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-97-13.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 1ed413663ea4e8bd13f628842383aaeba0f88fecbf83b3edee26a2a256e47ab1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://foreks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

x-amz-version-id: PaRhTwmFfcd2DHDPAApZpQFj.t4cSeSL
date: Tue, 28 Nov 2023 18:33:22 GMT
via: 1.1 84294257ed643a88ee54d2e3f7d7ccea.cloudfront.net (CloudFront)
last-modified: Tue, 28 Nov 2023 10:13:43 GMT
server: AmazonS3
x-amz-cf-pop: FRA56-P2
x-amz-server-side-encryption: AES256
etag: "372d5d9ab925513f2cd8f37f59af5735"
vary: Accept-Encoding
x-cache: RefreshHit from cloudfront
content-type: image/jpeg
accept-ranges: bytes
content-length: 16601
x-amz-cf-id: tmc1APFiyJnl5PgkO8Z16vbONndiFyuxhyc5cSRtBQNUWnT7qci5lw==

GET
H2 200 1701165131027_thumb.jpeg
news-files.foreks.com/images/ 21 KB
22 KB 74ms
61ms Image
image/jpeg 18.66.97.13
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://news-files.foreks.com/images/1701165131027_thumb.jpeg
Requested by: Host: foreks.com
URL: https://foreks.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.97.13 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-97-13.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 1ad97cb0d89f96b8ddd36a533819f8d4468090c0e807db064e47f382c5d7e93a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://foreks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

x-amz-version-id: REYGdSY5NvKiyEno99aDx9iOCsnIEuiH
date: Tue, 28 Nov 2023 18:21:27 GMT
via: 1.1 84294257ed643a88ee54d2e3f7d7ccea.cloudfront.net (CloudFront)
last-modified: Tue, 28 Nov 2023 09:52:12 GMT
server: AmazonS3
x-amz-cf-pop: FRA56-P2
age: 715
x-amz-server-side-encryption: AES256
etag: "c37a1594d9a404501ce562608d653f13"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: image/jpeg
accept-ranges: bytes
content-length: 21844
x-amz-cf-id: 4xxfoIqQbIlbYNs-MAmqGz7Ahm228fUxJqv9V3yyKJG0j4Yj7GsLZQ==

GET
H2 200 XAUUSD.svg
foreks.com/img/flags/ 1 KB
1 KB 78ms
75ms Image
image/svg+xml 18.173.154.20
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://foreks.com/img/flags/XAUUSD.svg
Requested by: Host: foreks.com
URL: https://foreks.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.173.154.20 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-173-154-20.muc50.r.cloudfront.net
Software: /
Resource Hash: 806bd0ebadf98dbdfee863e715a395ab7a2a82eddefd365648deb48ef592302c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://foreks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 18:33:21 GMT
content-encoding: gzip
via: 1.1 595547cdc2fce94aba8498c84797701a.cloudfront.net (CloudFront)
last-modified: Thu, 23 Nov 2023 10:57:43 GMT
x-amz-cf-pop: MUC50-P3
etag: W/"595-18bfbd41858"
vary: Accept-Encoding
x-cache: Miss from cloudfront
content-type: image/svg+xml
cache-control: public, max-age=0
accept-ranges: bytes
x-amz-cf-id: 5TYofCyG7WKF17q9eiURLvglKlO4zOfc27by95SyR3UwfK5ocQ9ZSw==

GET
H2 200 GAUTRY.svg
foreks.com/img/flags/ 1 KB
861 B 76ms
73ms Image
image/svg+xml 18.173.154.20
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://foreks.com/img/flags/GAUTRY.svg
Requested by: Host: foreks.com
URL: https://foreks.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.173.154.20 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-173-154-20.muc50.r.cloudfront.net
Software: /
Resource Hash: 33fb46b1d3bd789033cbb8cfa7b72c00c9c0be7eecedde183c253668d3fa4a1b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://foreks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 18:33:21 GMT
content-encoding: gzip
via: 1.1 595547cdc2fce94aba8498c84797701a.cloudfront.net (CloudFront)
last-modified: Thu, 23 Nov 2023 10:57:43 GMT
x-amz-cf-pop: MUC50-P3
etag: W/"50a-18bfbd41858"
vary: Accept-Encoding
x-cache: Miss from cloudfront
content-type: image/svg+xml
cache-control: public, max-age=0
accept-ranges: bytes
x-amz-cf-id: hMVLFra7WilMcOMVME2j3R1FPjtkn4-rfr5YzLwDrRqKau_XjS2L2g==

GET
H2 200 SGCEYREK.svg
foreks.com/img/flags/ 694 B
684 B 82ms
79ms Image
image/svg+xml 18.173.154.20
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://foreks.com/img/flags/SGCEYREK.svg
Requested by: Host: foreks.com
URL: https://foreks.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.173.154.20 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-173-154-20.muc50.r.cloudfront.net
Software: /
Resource Hash: a7871476057d36f6562b06be9d18fdea94c2265820128c364c815d8b24831030

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://foreks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 18:33:21 GMT
content-encoding: gzip
via: 1.1 595547cdc2fce94aba8498c84797701a.cloudfront.net (CloudFront)
last-modified: Thu, 23 Nov 2023 10:57:43 GMT
x-amz-cf-pop: MUC50-P3
etag: W/"2b6-18bfbd41858"
vary: Accept-Encoding
x-cache: Miss from cloudfront
content-type: image/svg+xml
cache-control: public, max-age=0
accept-ranges: bytes
x-amz-cf-id: s1khegoGuivWmC23MFYfS5hzpJY_zp2cUPGBsI-roNIsdhz0S2Gayg==

GET
H2 200 SGYARIM.svg
foreks.com/img/flags/ 727 B
692 B 84ms
81ms Image
image/svg+xml 18.173.154.20
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://foreks.com/img/flags/SGYARIM.svg
Requested by: Host: foreks.com
URL: https://foreks.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.173.154.20 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-173-154-20.muc50.r.cloudfront.net
Software: /
Resource Hash: 44017113e515baeb9edbc21bd74660937194feead9156878006411232f1e4302

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://foreks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 18:33:21 GMT
content-encoding: gzip
via: 1.1 595547cdc2fce94aba8498c84797701a.cloudfront.net (CloudFront)
last-modified: Thu, 23 Nov 2023 10:57:43 GMT
x-amz-cf-pop: MUC50-P3
etag: W/"2d7-18bfbd41858"
vary: Accept-Encoding
x-cache: Miss from cloudfront
content-type: image/svg+xml
cache-control: public, max-age=0
accept-ranges: bytes
x-amz-cf-id: mRGVBxGUuKp-mfUj1HR93unH2zm0ythGvCn6aRwVpt_yg3jEUIH6Dg==

GET
H2 200 SCUM.svg
foreks.com/img/flags/ 1 KB
861 B 76ms
73ms Image
image/svg+xml 18.173.154.20
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://foreks.com/img/flags/SCUM.svg
Requested by: Host: foreks.com
URL: https://foreks.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.173.154.20 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-173-154-20.muc50.r.cloudfront.net
Software: /
Resource Hash: 33fb46b1d3bd789033cbb8cfa7b72c00c9c0be7eecedde183c253668d3fa4a1b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://foreks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 18:33:21 GMT
content-encoding: gzip
via: 1.1 595547cdc2fce94aba8498c84797701a.cloudfront.net (CloudFront)
last-modified: Thu, 23 Nov 2023 10:57:43 GMT
x-amz-cf-pop: MUC50-P3
etag: W/"50a-18bfbd41858"
vary: Accept-Encoding
x-cache: Miss from cloudfront
content-type: image/svg+xml
cache-control: public, max-age=0
accept-ranges: bytes
x-amz-cf-id: 0i4PHz0HKX_ooIz_KZlJOY4vwcpcXyKwncpTocv1kvmLUMjilPm69A==

GET
H2 200 1701164265927_thumb.jpeg
news-files.foreks.com/images/ 15 KB
15 KB 89ms
77ms Image
image/jpeg 18.66.97.13
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://news-files.foreks.com/images/1701164265927_thumb.jpeg
Requested by: Host: foreks.com
URL: https://foreks.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.97.13 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-97-13.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 74398a201227d8ecfec89fee85fdd54b35675b0e3905914f81d336071b769872

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://foreks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

x-amz-version-id: 1adHfwm1jxScpkA9bqaFYekGcof4Z2vW
date: Tue, 28 Nov 2023 18:33:22 GMT
via: 1.1 84294257ed643a88ee54d2e3f7d7ccea.cloudfront.net (CloudFront)
last-modified: Tue, 28 Nov 2023 09:37:47 GMT
server: AmazonS3
x-amz-cf-pop: FRA56-P2
x-amz-server-side-encryption: AES256
etag: "6ee2b9c1c009513f0ccaf29916ab4953"
vary: Accept-Encoding
x-cache: RefreshHit from cloudfront
content-type: image/jpeg
accept-ranges: bytes
content-length: 14992
x-amz-cf-id: 3O02B8RAFNyMBlMPT1gO5dQk-16rWGv5iBcnYp5j02IMet28CAKeJw==

GET
H2 200 1701162029929_thumb.jpeg
news-files.foreks.com/images/ 6 KB
6 KB 87ms
74ms Image
image/jpeg 18.66.97.13
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://news-files.foreks.com/images/1701162029929_thumb.jpeg
Requested by: Host: foreks.com
URL: https://foreks.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.97.13 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-97-13.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: b96d12ea9b5782f13375aa77457fbcb1250f5620c799035d861f4ea3c709550e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://foreks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

x-amz-version-id: x0hi7tXvHUvK46I6O46vjMXz0M7gcXat
date: Tue, 28 Nov 2023 18:33:22 GMT
via: 1.1 84294257ed643a88ee54d2e3f7d7ccea.cloudfront.net (CloudFront)
last-modified: Tue, 28 Nov 2023 09:00:31 GMT
server: AmazonS3
x-amz-cf-pop: FRA56-P2
x-amz-server-side-encryption: AES256
etag: "1c5fc8dd5977598a454e39740e43c72e"
vary: Accept-Encoding
x-cache: RefreshHit from cloudfront
content-type: image/jpeg
accept-ranges: bytes
content-length: 5896
x-amz-cf-id: U29DpVxokJ6HwSrHCdfbOcZ0VsGkNcK9c9LoH_AlMKyJFbGmI61f5A==

GET
H2 200 1701161922620_thumb.jpeg
news-files.foreks.com/images/ 19 KB
19 KB 78ms
65ms Image
image/jpeg 18.66.97.13
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://news-files.foreks.com/images/1701161922620_thumb.jpeg
Requested by: Host: foreks.com
URL: https://foreks.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.97.13 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-97-13.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 0f140f44defc2e33fda3dfa698b98562fdff1b7af2bdf76166beb1bc6ff2f2c6

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://foreks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

x-amz-version-id: SwXogLuu0CtBczWbyU2CXEXVNVFKF30.
date: Tue, 28 Nov 2023 18:21:27 GMT
via: 1.1 84294257ed643a88ee54d2e3f7d7ccea.cloudfront.net (CloudFront)
last-modified: Tue, 28 Nov 2023 08:58:43 GMT
server: AmazonS3
x-amz-cf-pop: FRA56-P2
age: 715
x-amz-server-side-encryption: AES256
etag: "ad79670bc7c3a41878112ccb36449873"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: image/jpeg
accept-ranges: bytes
content-length: 19480
x-amz-cf-id: EMFw7ggjbtdAZYoa9vt2RA9WJSR_ZjMtF0F7rsYrGcw4uYIkD6yodQ==

GET
H2 200 btc.png
foreks.com/img/flags/crypto-icons/ 1 KB
2 KB 76ms
74ms Image
image/png 18.173.154.20
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://foreks.com/img/flags/crypto-icons/btc.png
Requested by: Host: foreks.com
URL: https://foreks.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.173.154.20 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-173-154-20.muc50.r.cloudfront.net
Software: /
Resource Hash: 6a00ef2670157738264638d4f31a657e3990ec342fd82599617f8934f4f9de72

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://foreks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 18:33:21 GMT
via: 1.1 595547cdc2fce94aba8498c84797701a.cloudfront.net (CloudFront)
last-modified: Thu, 23 Nov 2023 10:57:43 GMT
x-amz-cf-pop: MUC50-P3
etag: W/"5e2-18bfbd41858"
x-cache: Miss from cloudfront
content-type: image/png
cache-control: public, max-age=0
accept-ranges: bytes
content-length: 1506
x-amz-cf-id: ZtP-4OFVfsOT2IVtuNg01JLLX1d15C5fZhs_K3sRKfm2YWuvfU3yxw==

GET
H2 200 usdt.png
foreks.com/img/flags/crypto-icons/ 2 KB
3 KB 79ms
77ms Image
image/png 18.173.154.20
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://foreks.com/img/flags/crypto-icons/usdt.png
Requested by: Host: foreks.com
URL: https://foreks.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.173.154.20 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-173-154-20.muc50.r.cloudfront.net
Software: /
Resource Hash: eb658766bc0865b719c76913b6b82ba32d0e14660216bf8d6d3953e30ad3e06d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://foreks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 18:33:21 GMT
via: 1.1 595547cdc2fce94aba8498c84797701a.cloudfront.net (CloudFront)
last-modified: Thu, 23 Nov 2023 10:57:43 GMT
x-amz-cf-pop: MUC50-P3
etag: W/"9a9-18bfbd41858"
x-cache: Miss from cloudfront
content-type: image/png
cache-control: public, max-age=0
accept-ranges: bytes
content-length: 2473
x-amz-cf-id: tV6WqheB5r4NK6ie0H64wGOcLgBnNK3E33K-TF87WI35zXjs3hrE7A==

GET
H2 200 eth.png
foreks.com/img/flags/crypto-icons/ 3 KB
3 KB 80ms
78ms Image
image/png 18.173.154.20
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://foreks.com/img/flags/crypto-icons/eth.png
Requested by: Host: foreks.com
URL: https://foreks.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.173.154.20 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-173-154-20.muc50.r.cloudfront.net
Software: /
Resource Hash: eebe29898b8b7de5c9e47daab474152be8095e3ab42d768b84b085c5a12b95c6

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://foreks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 18:33:21 GMT
via: 1.1 595547cdc2fce94aba8498c84797701a.cloudfront.net (CloudFront)
last-modified: Thu, 23 Nov 2023 10:57:43 GMT
x-amz-cf-pop: MUC50-P3
etag: W/"adc-18bfbd41858"
x-cache: Miss from cloudfront
content-type: image/png
cache-control: public, max-age=0
accept-ranges: bytes
content-length: 2780
x-amz-cf-id: __HBkLAtWQervh98I5YYyvsrxiHJye_J9p3viyrc3z0skNNSlI7uhg==

GET
H2 200 doge.png
foreks.com/img/flags/crypto-icons/ 4 KB
4 KB 84ms
82ms Image
image/png 18.173.154.20
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://foreks.com/img/flags/crypto-icons/doge.png
Requested by: Host: foreks.com
URL: https://foreks.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.173.154.20 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-173-154-20.muc50.r.cloudfront.net
Software: /
Resource Hash: 47fb417f6b72c4edc08dfb90a376b2c88b3b51992bf3c83dd14e011edba2f339

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://foreks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 18:33:21 GMT
via: 1.1 595547cdc2fce94aba8498c84797701a.cloudfront.net (CloudFront)
last-modified: Thu, 23 Nov 2023 10:57:43 GMT
x-amz-cf-pop: MUC50-P3
etag: W/"109b-18bfbd41858"
x-cache: Miss from cloudfront
content-type: image/png
cache-control: public, max-age=0
accept-ranges: bytes
content-length: 4251
x-amz-cf-id: HtVWL-VsmQsjGAKL9YjxodjTA_pzRB1OQNHj7Rm9K7hkqZlwuAxaxw==

GET
H2 200 xmr.png
foreks.com/img/flags/crypto-icons/ 2 KB
3 KB 106ms
104ms Image
image/png 18.173.154.20
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://foreks.com/img/flags/crypto-icons/xmr.png
Requested by: Host: foreks.com
URL: https://foreks.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.173.154.20 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-173-154-20.muc50.r.cloudfront.net
Software: /
Resource Hash: aeb35390525c9a2ff55b35bceabd869925940837d658ac837fd1603db2c1455f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://foreks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 18:33:21 GMT
via: 1.1 595547cdc2fce94aba8498c84797701a.cloudfront.net (CloudFront)
last-modified: Thu, 23 Nov 2023 10:57:43 GMT
x-amz-cf-pop: MUC50-P3
etag: W/"95c-18bfbd41858"
x-cache: Miss from cloudfront
content-type: image/png
cache-control: public, max-age=0
accept-ranges: bytes
content-length: 2396
x-amz-cf-id: bSwNNUBXUru6dBT-qwbDpllufwhYsUi4K5xLt9i9ddwSk8UMwPiw-A==

GET
H2 200 1701161312747_thumb.jpeg
news-files.foreks.com/images/ 9 KB
9 KB 90ms
78ms Image
image/jpeg 18.66.97.13
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://news-files.foreks.com/images/1701161312747_thumb.jpeg
Requested by: Host: foreks.com
URL: https://foreks.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.97.13 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-97-13.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 4b356968ce27532d3582bd20e3792337f1d0f0e324f4b9499ebb0e533cc1c11f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://foreks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

x-amz-version-id: yxh8o8grmzZPmV2N95yfyoN9LDt3C3Zl
date: Tue, 28 Nov 2023 18:33:22 GMT
via: 1.1 84294257ed643a88ee54d2e3f7d7ccea.cloudfront.net (CloudFront)
last-modified: Tue, 28 Nov 2023 08:48:33 GMT
server: AmazonS3
x-amz-cf-pop: FRA56-P2
x-amz-server-side-encryption: AES256
etag: "4d8cb4c575dbf965c866267113f609ad"
vary: Accept-Encoding
x-cache: RefreshHit from cloudfront
content-type: image/jpeg
accept-ranges: bytes
content-length: 8816
x-amz-cf-id: b9wpezoyK14M9VC14KcXEoet1Mh7kwcTnz4Tw2oaTm2GdOfMOo_Raw==

GET
H2 200 1701158894645_thumb.jpeg
news-files.foreks.com/images/ 9 KB
10 KB 79ms
67ms Image
image/jpeg 18.66.97.13
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://news-files.foreks.com/images/1701158894645_thumb.jpeg
Requested by: Host: foreks.com
URL: https://foreks.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.97.13 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-97-13.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 5023f73a1cb261153ffc1365da89d8312aecb973ccc5d5626f6a539a75509d2f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://foreks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

x-amz-version-id: 17qmF.GrCRkYIHB2_IF3qRLj8SF8zS9g
date: Tue, 28 Nov 2023 18:28:22 GMT
via: 1.1 84294257ed643a88ee54d2e3f7d7ccea.cloudfront.net (CloudFront)
last-modified: Tue, 28 Nov 2023 08:08:15 GMT
server: AmazonS3
x-amz-cf-pop: FRA56-P2
age: 300
x-amz-server-side-encryption: AES256
etag: "41617a9b3a2bafae0ee924cf351558cc"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: image/jpeg
accept-ranges: bytes
content-length: 9440
x-amz-cf-id: 1tJP4cNFc5WxNEE2jAv5N8AaKI6SHWhJbxQj7O3Fj10jgSY3G41pcw==

GET
H2 200 1701158575076_thumb.jpeg
news-files.foreks.com/images/ 23 KB
23 KB 81ms
69ms Image
image/jpeg 18.66.97.13
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://news-files.foreks.com/images/1701158575076_thumb.jpeg
Requested by: Host: foreks.com
URL: https://foreks.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.97.13 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-97-13.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 77dfd1999fedfc054298bf9888d846f95ee8d27702d06113a5be3202bc9bd87e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://foreks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

x-amz-version-id: ThhF8YLusdf2tyKWqVxEIb0BDtOzHV8C
date: Tue, 28 Nov 2023 18:21:27 GMT
via: 1.1 84294257ed643a88ee54d2e3f7d7ccea.cloudfront.net (CloudFront)
last-modified: Tue, 28 Nov 2023 08:02:56 GMT
server: AmazonS3
x-amz-cf-pop: FRA56-P2
age: 715
x-amz-server-side-encryption: AES256
etag: "8d7f93b47839adc3c5392b25c6d08c2c"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: image/jpeg
accept-ranges: bytes
content-length: 23501
x-amz-cf-id: XnDOQT-sCQNxMtdUvsa_tCL0z62a64PclYhPItTXXSttOlBVj6inZQ==

GET
H2 200 logo-forinvest.svg
foreks.com/img/ 7 KB
4 KB 77ms
77ms Image
image/svg+xml 18.173.154.20
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://foreks.com/img/logo-forinvest.svg
Requested by: Host: foreks.com
URL: https://foreks.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.173.154.20 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-173-154-20.muc50.r.cloudfront.net
Software: /
Resource Hash: 084dfc6236ad61686eccbb10710be44b70afddf750aad7694f1ae81c92c79b20

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://foreks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 18:33:21 GMT
content-encoding: gzip
via: 1.1 595547cdc2fce94aba8498c84797701a.cloudfront.net (CloudFront)
last-modified: Thu, 23 Nov 2023 10:57:43 GMT
x-amz-cf-pop: MUC50-P3
etag: W/"1d83-18bfbd41858"
vary: Accept-Encoding
x-cache: Miss from cloudfront
content-type: image/svg+xml
cache-control: public, max-age=0
accept-ranges: bytes
x-amz-cf-id: M_k5WdmNQamHvkNfiEiPQHFzgCGfvK0vJU0VdpxFVkgri9lySz9F5Q==

GET
H2 200 foreks-haber.svg
foreks.com/img/ 10 KB
4 KB 77ms
77ms Image
image/svg+xml 18.173.154.20
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://foreks.com/img/foreks-haber.svg
Requested by: Host: foreks.com
URL: https://foreks.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.173.154.20 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-173-154-20.muc50.r.cloudfront.net
Software: /
Resource Hash: c41da4ed8360857d1789b6356a4562ac9a0c57d7dbf0d5e9571372abd73bc162

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://foreks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 18:33:21 GMT
content-encoding: gzip
via: 1.1 595547cdc2fce94aba8498c84797701a.cloudfront.net (CloudFront)
last-modified: Thu, 23 Nov 2023 10:57:43 GMT
x-amz-cf-pop: MUC50-P3
etag: W/"26f8-18bfbd41858"
vary: Accept-Encoding
x-cache: Miss from cloudfront
content-type: image/svg+xml
cache-control: public, max-age=0
accept-ranges: bytes
x-amz-cf-id: RYIgWw9r8d-EASZwjBwBNlxP66TStFDGX7lt2BF7M6U8UPCtKI9O8w==

GET
H2 200 icoPhone.png
foreks.com/img/ 7 KB
7 KB 57ms
56ms Image
image/png 18.173.154.20
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://foreks.com/img/icoPhone.png
Requested by: Host: foreks.com
URL: https://foreks.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.173.154.20 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-173-154-20.muc50.r.cloudfront.net
Software: /
Resource Hash: 47444c3556b254a17d7b6fee8d662cefd56d998a48ee6c36974ef6c7a668b9b2

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://foreks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 18:33:21 GMT
via: 1.1 595547cdc2fce94aba8498c84797701a.cloudfront.net (CloudFront)
last-modified: Thu, 23 Nov 2023 10:57:43 GMT
x-amz-cf-pop: MUC50-P3
etag: W/"1c7e-18bfbd41858"
x-cache: Miss from cloudfront
content-type: image/png
cache-control: public, max-age=0
accept-ranges: bytes
content-length: 7294
x-amz-cf-id: A4nGDDONGPkWs7s3NjYA87CO2JRFNzssisk-F_5I547YVu47n4q8Jg==

GET
H2 200 send.svg
foreks.com/img/ 1 KB
981 B 69ms
69ms Image
image/svg+xml 18.173.154.20
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://foreks.com/img/send.svg
Requested by: Host: foreks.com
URL: https://foreks.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.173.154.20 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-173-154-20.muc50.r.cloudfront.net
Software: /
Resource Hash: cc79a1c2e75cb8a81a7df1aab90877149ae77867bb537fbf22c62a0977658344

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://foreks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 18:33:21 GMT
content-encoding: gzip
via: 1.1 595547cdc2fce94aba8498c84797701a.cloudfront.net (CloudFront)
last-modified: Thu, 23 Nov 2023 10:57:43 GMT
x-amz-cf-pop: MUC50-P3
etag: W/"558-18bfbd41858"
vary: Accept-Encoding
x-cache: Miss from cloudfront
content-type: image/svg+xml
cache-control: public, max-age=0
accept-ranges: bytes
x-amz-cf-id: 1V8i5hzRoFf60_t2-AfcIt5hvnz7IFzGW69qJbi2kT2K4kEFjS9XyQ==

GET
H2 200 logoTeamViewer.webp
foreks.com/img/ 15 KB
15 KB 59ms
59ms Image
image/webp 18.173.154.20
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://foreks.com/img/logoTeamViewer.webp
Requested by: Host: foreks.com
URL: https://foreks.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.173.154.20 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-173-154-20.muc50.r.cloudfront.net
Software: /
Resource Hash: 1f7401be53d97db43455bdbcedc182e33833c813e66543e44cdeb1de45615e0d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://foreks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 18:33:21 GMT
via: 1.1 595547cdc2fce94aba8498c84797701a.cloudfront.net (CloudFront)
last-modified: Thu, 23 Nov 2023 10:57:43 GMT
x-amz-cf-pop: MUC50-P3
etag: W/"3a4c-18bfbd41858"
x-cache: Miss from cloudfront
content-type: image/webp
cache-control: public, max-age=0
accept-ranges: bytes
content-length: 14924
x-amz-cf-id: 5We901kmsNyjugHVVRdnh2xcmRyreJ4C3XuiH-GBc-JolDMK06E9Ew==

GET
H2 200 last Show response
foreks.com/api/news/ 5 KB
3 KB 63ms
62ms XHR
application/json 18.173.154.20
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://foreks.com/api/news/last?last=6&locale=tr&source=PICNEWS&tag=HEADLINE

Requested by

Host: foreks.com
URL: https://foreks.com/_nuxt/20f57ac.modern.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.173.154.20 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-173-154-20.muc50.r.cloudfront.net

Software

Resource Hash

26e3a285b10a3454896111829ad6044ca3d12ed2dfaa0954ecb82467e99f4941

Security Headers

Name	Value
Content-Security-Policy	default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept: application/json, text/plain, */*
Referer: https://foreks.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 18:33:21 GMT
content-security-policy: default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
x-content-type-options: nosniff
strict-transport-security: max-age=15552000; includeSubDomains
content-encoding: gzip
x-permitted-cross-domain-policies: none
via: 1.1 595547cdc2fce94aba8498c84797701a.cloudfront.net (CloudFront)
x-amz-cf-pop: MUC50-P3
x-dns-prefetch-control: off
x-cache: Miss from cloudfront
cross-origin-resource-policy: same-origin
x-xss-protection: 0
referrer-policy: no-referrer
cross-origin-opener-policy: same-origin
x-download-options: noopen
x-frame-options: SAMEORIGIN
x-ratelimit-remaining: 499
content-type: application/json; charset=utf-8
vary: Origin, Accept-Encoding
origin-agent-cluster: ?1
cache-control: max-age=51
access-control-allow-credentials: true
x-ratelimit-reset: 1701196475
x-ratelimit-limit: 500
x-amz-cf-id: N4VBWKfDB94-fm1sChmlsA5Bnepb8VRmnUI0A-SO6SYAWmUSGKLLjA==

GET
H2 200 financial-calendar Show response
foreks.com/api/ 54 KB
7 KB 62ms
61ms XHR
application/json 18.173.154.20
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://foreks.com/api/financial-calendar?from=20231128000000&to=20231128235959&lang=tr

Requested by

Host: foreks.com
URL: https://foreks.com/_nuxt/20f57ac.modern.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.173.154.20 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-173-154-20.muc50.r.cloudfront.net

Software

Resource Hash

6fb38a6d586ca0ce8cfa72b2a79079e62ba35f35cd8bd92e0414576f7e093a93

Security Headers

Name	Value
Content-Security-Policy	default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept: application/json, text/plain, */*
Referer: https://foreks.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 18:33:21 GMT
content-security-policy: default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
x-content-type-options: nosniff
strict-transport-security: max-age=15552000; includeSubDomains
content-encoding: gzip
x-permitted-cross-domain-policies: none
via: 1.1 595547cdc2fce94aba8498c84797701a.cloudfront.net (CloudFront)
x-amz-cf-pop: MUC50-P3
x-dns-prefetch-control: off
x-cache: Miss from cloudfront
cross-origin-resource-policy: same-origin
x-xss-protection: 0
referrer-policy: no-referrer
cross-origin-opener-policy: same-origin
x-download-options: noopen
x-frame-options: SAMEORIGIN
x-ratelimit-remaining: 499
content-type: application/json
vary: Origin, Accept-Encoding
origin-agent-cluster: ?1
cache-control: max-age=155
access-control-allow-credentials: true
x-ratelimit-reset: 1701196355
x-ratelimit-limit: 500
x-amz-cf-id: lsWwWMbdhPRBMJo-wPEVRlQ-HvcP32xizt_RV4aIBUJtJkWZETa0Fw==

GET
H2 200 youtube-rss Show response
foreks.com/api/ 33 KB
7 KB 57ms
56ms XHR
text/xml 18.173.154.20
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://foreks.com/api/youtube-rss?channelId=UCBbRYu2nqeGGsRrKu5jh-Pw

Requested by

Host: foreks.com
URL: https://foreks.com/_nuxt/20f57ac.modern.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.173.154.20 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-173-154-20.muc50.r.cloudfront.net

Software

YouTube RSS Feeds server /

Resource Hash

810b0e748dd879fdceae5278bb2277b80f7cc620a2e05b0a8a62e3010df2bad5

Security Headers

Name	Value
Content-Security-Policy	default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept: application/json, text/plain, */*
Referer: https://foreks.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 18:33:21 GMT
content-security-policy: default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
x-content-type-options: nosniff
strict-transport-security: max-age=15552000; includeSubDomains
content-encoding: gzip
x-permitted-cross-domain-policies: none
via: 1.1 595547cdc2fce94aba8498c84797701a.cloudfront.net (CloudFront)
x-amz-cf-pop: MUC50-P3
x-dns-prefetch-control: off
x-cache: Miss from cloudfront
cross-origin-resource-policy: same-origin
content-length: 6303
x-xss-protection: 0
referrer-policy: no-referrer
server: YouTube RSS Feeds server
cross-origin-opener-policy: same-origin
x-download-options: noopen
x-frame-options: SAMEORIGIN
x-ratelimit-remaining: 499
content-type: text/xml; charset=UTF-8
vary: Origin, Accept-Encoding
origin-agent-cluster: ?1
cache-control: max-age=371
access-control-allow-credentials: true
x-ratelimit-reset: 1701196235
x-ratelimit-limit: 500
x-amz-cf-id: jM3qHS7QEBTMv4wBmFTI9OIdLTO85Mzly2-tSX1hLdrXSI0aA5e1KA==
expires: Tue, 28 Nov 2023 18:44:32 GMT

GET
H2 200 youtube-rss Show response
foreks.com/api/ 33 KB
7 KB 40ms
40ms XHR
text/xml 18.173.154.20
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://foreks.com/api/youtube-rss?channelId=UCBbRYu2nqeGGsRrKu5jh-Pw

Requested by

Host: foreks.com
URL: https://foreks.com/_nuxt/20f57ac.modern.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.173.154.20 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-173-154-20.muc50.r.cloudfront.net

Software

YouTube RSS Feeds server /

Resource Hash

810b0e748dd879fdceae5278bb2277b80f7cc620a2e05b0a8a62e3010df2bad5

Security Headers

Name	Value
Content-Security-Policy	default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept: application/json, text/plain, */*
Referer: https://foreks.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 18:33:21 GMT
content-security-policy: default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
x-content-type-options: nosniff
strict-transport-security: max-age=15552000; includeSubDomains
content-encoding: gzip
x-permitted-cross-domain-policies: none
via: 1.1 595547cdc2fce94aba8498c84797701a.cloudfront.net (CloudFront)
x-amz-cf-pop: MUC50-P3
x-dns-prefetch-control: off
x-cache: Miss from cloudfront
cross-origin-resource-policy: same-origin
content-length: 6303
x-xss-protection: 0
referrer-policy: no-referrer
server: YouTube RSS Feeds server
cross-origin-opener-policy: same-origin
x-download-options: noopen
x-frame-options: SAMEORIGIN
x-ratelimit-remaining: 499
content-type: text/xml; charset=UTF-8
vary: Origin, Accept-Encoding
origin-agent-cluster: ?1
cache-control: max-age=371
access-control-allow-credentials: true
x-ratelimit-reset: 1701196235
x-ratelimit-limit: 500
x-amz-cf-id: BIoD5NniTn4GahSheM88Fsm8fICeDbKByTGdUtQdcDiK0l2Q-lS9bw==
expires: Tue, 28 Nov 2023 18:44:32 GMT

GET
H2 200 last Show response
foreks.com/api/news/ 4 KB
3 KB 41ms
41ms XHR
application/json 18.173.154.20
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://foreks.com/api/news/last?last=4&locale=tr&source=PICNEWS&tag=HEADLINE

Requested by

Host: foreks.com
URL: https://foreks.com/_nuxt/20f57ac.modern.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.173.154.20 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-173-154-20.muc50.r.cloudfront.net

Software

Resource Hash

11dc97e7b64c29a3ea8fc907dfa8962fa734ab07efb284ad1af1ec858f158c41

Security Headers

Name	Value
Content-Security-Policy	default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept: application/json, text/plain, */*
Referer: https://foreks.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 18:33:21 GMT
content-security-policy: default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
x-content-type-options: nosniff
strict-transport-security: max-age=15552000; includeSubDomains
content-encoding: gzip
x-permitted-cross-domain-policies: none
via: 1.1 595547cdc2fce94aba8498c84797701a.cloudfront.net (CloudFront)
x-amz-cf-pop: MUC50-P3
x-dns-prefetch-control: off
x-cache: Miss from cloudfront
cross-origin-resource-policy: same-origin
x-xss-protection: 0
referrer-policy: no-referrer
cross-origin-opener-policy: same-origin
x-download-options: noopen
x-frame-options: SAMEORIGIN
x-ratelimit-remaining: 499
content-type: application/json; charset=utf-8
vary: Origin, Accept-Encoding
origin-agent-cluster: ?1
cache-control: max-age=47
access-control-allow-credentials: true
x-ratelimit-reset: 1701196475
x-ratelimit-limit: 500
x-amz-cf-id: qjKjFW9KfIOkuRJdaTlo_cEH-gLuMCVY4pMAFYEQDJ58xFyJVBargw==

GET
H2 200 last Show response
foreks.com/api/news/ 9 KB
4 KB 43ms
42ms XHR
application/json 18.173.154.20
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://foreks.com/api/news/last?last=10&locale=tr&source=FRKS&tag=FRKS-W

Requested by

Host: foreks.com
URL: https://foreks.com/_nuxt/20f57ac.modern.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.173.154.20 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-173-154-20.muc50.r.cloudfront.net

Software

Resource Hash

3deb8da1fe71f561d2f7d06e97143102426b926954ddb829aa27ea2599ef490b

Security Headers

Name	Value
Content-Security-Policy	default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept: application/json, text/plain, */*
Referer: https://foreks.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 18:33:21 GMT
content-security-policy: default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
x-content-type-options: nosniff
strict-transport-security: max-age=15552000; includeSubDomains
content-encoding: gzip
x-permitted-cross-domain-policies: none
via: 1.1 595547cdc2fce94aba8498c84797701a.cloudfront.net (CloudFront)
x-amz-cf-pop: MUC50-P3
x-dns-prefetch-control: off
x-cache: Miss from cloudfront
cross-origin-resource-policy: same-origin
x-xss-protection: 0
referrer-policy: no-referrer
cross-origin-opener-policy: same-origin
x-download-options: noopen
x-frame-options: SAMEORIGIN
x-ratelimit-remaining: 499
content-type: application/json; charset=utf-8
vary: Origin, Accept-Encoding
origin-agent-cluster: ?1
cache-control: max-age=36
access-control-allow-credentials: true
x-ratelimit-reset: 1701196475
x-ratelimit-limit: 500
x-amz-cf-id: jeEFFm24ZPCHIWRCjAQ3Nw0TInSHzHmI7ZK1ZUQwKtBatazFDki8uA==

GET
H2 200 intraday Show response
foreks.com/api/historical/ 2 KB
1 KB 54ms
54ms XHR
application/json 18.173.154.20
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://foreks.com/api/historical/intraday?code=USD/TRL&period=60&last=24

Requested by

Host: foreks.com
URL: https://foreks.com/_nuxt/20f57ac.modern.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.173.154.20 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-173-154-20.muc50.r.cloudfront.net

Software

Resource Hash

3d2fe410ab45a24e9692ca96ebc31f580a39666b12c0aa1beb2c3c52de20e5c1

Security Headers

Name	Value
Content-Security-Policy	default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept: application/json, text/plain, */*
Referer: https://foreks.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 18:33:21 GMT
content-security-policy: default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
x-content-type-options: nosniff
strict-transport-security: max-age=15552000; includeSubDomains
content-encoding: gzip
x-permitted-cross-domain-policies: none
via: 1.1 595547cdc2fce94aba8498c84797701a.cloudfront.net (CloudFront)
x-amz-cf-pop: MUC50-P3
x-dns-prefetch-control: off
x-cache: Miss from cloudfront
cross-origin-resource-policy: same-origin
x-xss-protection: 0
referrer-policy: no-referrer
cross-origin-opener-policy: same-origin
x-download-options: noopen
x-frame-options: SAMEORIGIN
x-ratelimit-remaining: 499
content-type: application/json
vary: Accept-Encoding
origin-agent-cluster: ?1
cache-control: max-age=10
access-control-allow-credentials: true
x-ratelimit-reset: 1701196475
x-ratelimit-limit: 500
x-amz-cf-id: tc4NDEbWcG1N05vpQ98lSREdSNa4iviGMvz83x7z5ieBTJsZBOpu5g==

GET
H2 200 intraday Show response
foreks.com/api/historical/ 2 KB
2 KB 52ms
51ms XHR
application/json 18.173.154.20
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://foreks.com/api/historical/intraday?code=XU100.I.BIST&period=1&last=24

Requested by

Host: foreks.com
URL: https://foreks.com/_nuxt/20f57ac.modern.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.173.154.20 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-173-154-20.muc50.r.cloudfront.net

Software

Resource Hash

ad1f50f1e4313474a3cb121265effa186bd223e4d2a7e58dd6c6772868e8edc6

Security Headers

Name	Value
Content-Security-Policy	default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept: application/json, text/plain, */*
Referer: https://foreks.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 18:33:21 GMT
content-security-policy: default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
x-content-type-options: nosniff
strict-transport-security: max-age=15552000; includeSubDomains
content-encoding: gzip
x-permitted-cross-domain-policies: none
via: 1.1 595547cdc2fce94aba8498c84797701a.cloudfront.net (CloudFront)
x-amz-cf-pop: MUC50-P3
x-dns-prefetch-control: off
x-cache: Miss from cloudfront
cross-origin-resource-policy: same-origin
x-xss-protection: 0
referrer-policy: no-referrer
cross-origin-opener-policy: same-origin
x-download-options: noopen
x-frame-options: SAMEORIGIN
x-ratelimit-remaining: 499
content-type: application/json
vary: Accept-Encoding
origin-agent-cluster: ?1
cache-control: max-age=1
access-control-allow-credentials: true
x-ratelimit-reset: 1701196475
x-ratelimit-limit: 500
x-amz-cf-id: NBU5e9sm-DRE35G9ajLl_qd3fHYIDfOVv0VSF0Ipqq34hF4D3qwNKA==

GET
H2 200 history Show response
foreks.com/api/historical/ 3 KB
2 KB 39ms
38ms XHR
application/json 18.173.154.20
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://foreks.com/api/historical/history?symbol=XU100.I.BIST&resolution=60&from=1700762400000&to=1701194400000

Requested by

Host: foreks.com
URL: https://foreks.com/_nuxt/20f57ac.modern.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.173.154.20 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-173-154-20.muc50.r.cloudfront.net

Software

Resource Hash

d3ed093ef75f693748e92c966ae8e42e7fcb5307e328b574194cb3c47271ddfa

Security Headers

Name	Value
Content-Security-Policy	default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept: application/json, text/plain, */*
Referer: https://foreks.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 18:33:21 GMT
content-security-policy: default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
x-content-type-options: nosniff
strict-transport-security: max-age=15552000; includeSubDomains
content-encoding: gzip
x-permitted-cross-domain-policies: none
via: 1.1 595547cdc2fce94aba8498c84797701a.cloudfront.net (CloudFront)
x-amz-cf-pop: MUC50-P3
x-dns-prefetch-control: off
x-cache: Miss from cloudfront
cross-origin-resource-policy: same-origin
x-xss-protection: 0
referrer-policy: no-referrer
cross-origin-opener-policy: same-origin
x-download-options: noopen
x-frame-options: SAMEORIGIN
x-ratelimit-remaining: 499
content-type: application/json
vary: Accept-Encoding
origin-agent-cluster: ?1
cache-control: max-age=1
access-control-allow-credentials: true
x-ratelimit-reset: 1701196475
x-ratelimit-limit: 500
x-amz-cf-id: 0VjMQBHZ7DGr7AMHfKElxXYA8U3lntlKulYUZG1aW2eaQaVW81bc0A==

GET
H2 200 history Show response
foreks.com/api/historical/ 26 KB
10 KB 88ms
88ms XHR
application/json 18.173.154.20
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://foreks.com/api/historical/history?symbol=XU100.I.BIST&resolution=D&from=1670022000000&to=1701196401000

Requested by

Host: foreks.com
URL: https://foreks.com/_nuxt/20f57ac.modern.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.173.154.20 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-173-154-20.muc50.r.cloudfront.net

Software

Resource Hash

d83c85fef6e02623df4b37dbf7735c828dbed85e56443e765ec996f38cbb4db1

Security Headers

Name	Value
Content-Security-Policy	default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept: application/json, text/plain, */*
Referer: https://foreks.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 18:33:21 GMT
content-security-policy: default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
x-content-type-options: nosniff
strict-transport-security: max-age=15552000; includeSubDomains
content-encoding: gzip
x-permitted-cross-domain-policies: none
via: 1.1 595547cdc2fce94aba8498c84797701a.cloudfront.net (CloudFront)
x-amz-cf-pop: MUC50-P3
x-dns-prefetch-control: off
x-cache: Miss from cloudfront
cross-origin-resource-policy: same-origin
x-xss-protection: 0
referrer-policy: no-referrer
cross-origin-opener-policy: same-origin
x-download-options: noopen
x-frame-options: SAMEORIGIN
x-ratelimit-remaining: 499
content-type: application/json
vary: Accept-Encoding
origin-agent-cluster: ?1
cache-control: max-age=10
access-control-allow-credentials: true
x-ratelimit-reset: 1701196475
x-ratelimit-limit: 500
x-amz-cf-id: bQ5tfDOgrEW1a-6_ZioBfDzI7UM3_HybX2QRtIToF4WE9EaeLtCP8w==

GET
H2 200 intraday Show response
foreks.com/api/historical/ 2 KB
1 KB 42ms
41ms XHR
application/json 18.173.154.20
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://foreks.com/api/historical/intraday?code=USD/TRL&period=1&last=24

Requested by

Host: foreks.com
URL: https://foreks.com/_nuxt/20f57ac.modern.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.173.154.20 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-173-154-20.muc50.r.cloudfront.net

Software

Resource Hash

648eb61cc2aef711390dbcc92b5f73a833671a5e048b9bf0692405a1271354dc

Security Headers

Name	Value
Content-Security-Policy	default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept: application/json, text/plain, */*
Referer: https://foreks.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 18:33:21 GMT
content-security-policy: default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
x-content-type-options: nosniff
strict-transport-security: max-age=15552000; includeSubDomains
content-encoding: gzip
x-permitted-cross-domain-policies: none
via: 1.1 595547cdc2fce94aba8498c84797701a.cloudfront.net (CloudFront)
x-amz-cf-pop: MUC50-P3
x-dns-prefetch-control: off
x-cache: Miss from cloudfront
cross-origin-resource-policy: same-origin
x-xss-protection: 0
referrer-policy: no-referrer
cross-origin-opener-policy: same-origin
x-download-options: noopen
x-frame-options: SAMEORIGIN
x-ratelimit-remaining: 499
content-type: application/json
vary: Accept-Encoding
origin-agent-cluster: ?1
cache-control: max-age=1
access-control-allow-credentials: true
x-ratelimit-reset: 1701196475
x-ratelimit-limit: 500
x-amz-cf-id: eT9puu_Zua8O0GbRK5XjEGKMsGsCSiGLOwGb5Oma3YdNC8iieOLp3Q==

GET
H2 200 history Show response
foreks.com/api/historical/ 5 KB
2 KB 40ms
34ms XHR
application/json 18.173.154.20
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://foreks.com/api/historical/history?symbol=USD/TRL&resolution=60&from=1700762400000&to=1701194400000

Requested by

Host: foreks.com
URL: https://foreks.com/_nuxt/20f57ac.modern.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.173.154.20 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-173-154-20.muc50.r.cloudfront.net

Software

Resource Hash

baae3a9e8285066a823d816f606ccebbc57e20e690195b02f56c5273c9b3d50f

Security Headers

Name	Value
Content-Security-Policy	default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept: application/json, text/plain, */*
Referer: https://foreks.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 18:33:21 GMT
content-security-policy: default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
x-content-type-options: nosniff
strict-transport-security: max-age=15552000; includeSubDomains
content-encoding: gzip
x-permitted-cross-domain-policies: none
via: 1.1 595547cdc2fce94aba8498c84797701a.cloudfront.net (CloudFront)
x-amz-cf-pop: MUC50-P3
x-dns-prefetch-control: off
x-cache: Miss from cloudfront
cross-origin-resource-policy: same-origin
x-xss-protection: 0
referrer-policy: no-referrer
cross-origin-opener-policy: same-origin
x-download-options: noopen
x-frame-options: SAMEORIGIN
x-ratelimit-remaining: 499
content-type: application/json
vary: Accept-Encoding
origin-agent-cluster: ?1
cache-control: max-age=1
access-control-allow-credentials: true
x-ratelimit-reset: 1701196475
x-ratelimit-limit: 500
x-amz-cf-id: XqJB9L6bXqhmLHDlQ9KrpL9kWEr5iPlNiiRYNLrQAlJYGoZspXYL0g==

GET
H2 200 history Show response
foreks.com/api/historical/ 17 KB
5 KB 67ms
52ms XHR
application/json 18.173.154.20
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://foreks.com/api/historical/history?symbol=USD/TRL&resolution=D&from=1670022000000&to=1701196401000

Requested by

Host: foreks.com
URL: https://foreks.com/_nuxt/20f57ac.modern.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.173.154.20 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-173-154-20.muc50.r.cloudfront.net

Software

Resource Hash

0094de2bafc315adb10a0c8e302a2d5069f17ed1b746f04bdb572949eba66987

Security Headers

Name	Value
Content-Security-Policy	default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept: application/json, text/plain, */*
Referer: https://foreks.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 18:33:21 GMT
content-security-policy: default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
x-content-type-options: nosniff
strict-transport-security: max-age=15552000; includeSubDomains
content-encoding: gzip
x-permitted-cross-domain-policies: none
via: 1.1 595547cdc2fce94aba8498c84797701a.cloudfront.net (CloudFront)
x-amz-cf-pop: MUC50-P3
x-dns-prefetch-control: off
x-cache: Miss from cloudfront
cross-origin-resource-policy: same-origin
x-xss-protection: 0
referrer-policy: no-referrer
cross-origin-opener-policy: same-origin
x-download-options: noopen
x-frame-options: SAMEORIGIN
x-ratelimit-remaining: 498
content-type: application/json
vary: Accept-Encoding
origin-agent-cluster: ?1
cache-control: max-age=10
access-control-allow-credentials: true
x-ratelimit-reset: 1701196475
x-ratelimit-limit: 500
x-amz-cf-id: QuUbNfnhj2aL_6yYIttgl_XmKI5L2ijZdQdjoF4YGIn4M0-YjGuRqQ==

GET
H2 200 intraday Show response
foreks.com/api/historical/ 2 KB
1 KB 61ms
47ms XHR
application/json 18.173.154.20
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://foreks.com/api/historical/intraday?code=XAU/USD&period=1&last=24

Requested by

Host: foreks.com
URL: https://foreks.com/_nuxt/20f57ac.modern.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.173.154.20 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-173-154-20.muc50.r.cloudfront.net

Software

Resource Hash

b7bc51683d3e3a95e0744903fdaff5c820cfc7815bcc28478b7194eb4975030b

Security Headers

Name	Value
Content-Security-Policy	default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept: application/json, text/plain, */*
Referer: https://foreks.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 18:33:21 GMT
content-security-policy: default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
x-content-type-options: nosniff
strict-transport-security: max-age=15552000; includeSubDomains
content-encoding: gzip
x-permitted-cross-domain-policies: none
via: 1.1 595547cdc2fce94aba8498c84797701a.cloudfront.net (CloudFront)
x-amz-cf-pop: MUC50-P3
x-dns-prefetch-control: off
x-cache: Miss from cloudfront
cross-origin-resource-policy: same-origin
x-xss-protection: 0
referrer-policy: no-referrer
cross-origin-opener-policy: same-origin
x-download-options: noopen
x-frame-options: SAMEORIGIN
x-ratelimit-remaining: 499
content-type: application/json
vary: Accept-Encoding
origin-agent-cluster: ?1
cache-control: max-age=1
access-control-allow-credentials: true
x-ratelimit-reset: 1701196475
x-ratelimit-limit: 500
x-amz-cf-id: MSkaOngXErAS63m7YDT3iEfzgk5NuRzFA6y6rrTi3-d2ZPgIy5nGEA==

GET
H2 200 history Show response
foreks.com/api/historical/ 4 KB
2 KB 43ms
34ms XHR
application/json 18.173.154.20
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://foreks.com/api/historical/history?symbol=XAU/USD&resolution=60&from=1700762400000&to=1701194400000

Requested by

Host: foreks.com
URL: https://foreks.com/_nuxt/20f57ac.modern.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.173.154.20 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-173-154-20.muc50.r.cloudfront.net

Software

Resource Hash

c615b6a6d65218717a118f2c54fb6dedd4902cdf1f88475bec7d5dae8b9cc28b

Security Headers

Name	Value
Content-Security-Policy	default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept: application/json, text/plain, */*
Referer: https://foreks.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 18:33:21 GMT
content-security-policy: default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
x-content-type-options: nosniff
strict-transport-security: max-age=15552000; includeSubDomains
content-encoding: gzip
x-permitted-cross-domain-policies: none
via: 1.1 595547cdc2fce94aba8498c84797701a.cloudfront.net (CloudFront)
x-amz-cf-pop: MUC50-P3
x-dns-prefetch-control: off
x-cache: Miss from cloudfront
cross-origin-resource-policy: same-origin
x-xss-protection: 0
referrer-policy: no-referrer
cross-origin-opener-policy: same-origin
x-download-options: noopen
x-frame-options: SAMEORIGIN
x-ratelimit-remaining: 499
content-type: application/json
vary: Accept-Encoding
origin-agent-cluster: ?1
cache-control: max-age=1
access-control-allow-credentials: true
x-ratelimit-reset: 1701196475
x-ratelimit-limit: 500
x-amz-cf-id: tgrz2IJ5VThG_SyvJjD70kLGRUyoiS2dQ92eT1Lc6xbgNsw90Ve-Xw==

GET
H2 200 history Show response
foreks.com/api/historical/ 17 KB
6 KB 71ms
57ms XHR
application/json 18.173.154.20
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://foreks.com/api/historical/history?symbol=XAU/USD&resolution=D&from=1670022000000&to=1701196401000

Requested by

Host: foreks.com
URL: https://foreks.com/_nuxt/20f57ac.modern.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.173.154.20 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-173-154-20.muc50.r.cloudfront.net

Software

Resource Hash

718922936ee6947830e53e237f190f64e4c3143a49abbbe9c30a08bcf6cd9e44

Security Headers

Name	Value
Content-Security-Policy	default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept: application/json, text/plain, */*
Referer: https://foreks.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 18:33:21 GMT
content-security-policy: default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
x-content-type-options: nosniff
strict-transport-security: max-age=15552000; includeSubDomains
content-encoding: gzip
x-permitted-cross-domain-policies: none
via: 1.1 595547cdc2fce94aba8498c84797701a.cloudfront.net (CloudFront)
x-amz-cf-pop: MUC50-P3
x-dns-prefetch-control: off
x-cache: Miss from cloudfront
cross-origin-resource-policy: same-origin
x-xss-protection: 0
referrer-policy: no-referrer
cross-origin-opener-policy: same-origin
x-download-options: noopen
x-frame-options: SAMEORIGIN
x-ratelimit-remaining: 499
content-type: application/json
vary: Accept-Encoding
origin-agent-cluster: ?1
cache-control: max-age=10
access-control-allow-credentials: true
x-ratelimit-reset: 1701196475
x-ratelimit-limit: 500
x-amz-cf-id: Fq1INQMFWQsBrwl4-cIx9Hfq5p5vWDFsABlwJ92taCJBenQ_h9xdOA==

GET
H2 200 intraday Show response
foreks.com/api/historical/ 2 KB
1 KB 48ms
34ms XHR
application/json 18.173.154.20
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://foreks.com/api/historical/intraday?code=BTCUSD:BNN&period=1&last=24

Requested by

Host: foreks.com
URL: https://foreks.com/_nuxt/20f57ac.modern.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.173.154.20 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-173-154-20.muc50.r.cloudfront.net

Software

Resource Hash

12674ff2c46e5d135f5489a5147cc4996d75efe7a24f2f0b1eb712e9e3327fde

Security Headers

Name	Value
Content-Security-Policy	default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept: application/json, text/plain, */*
Referer: https://foreks.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 18:33:21 GMT
content-security-policy: default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
x-content-type-options: nosniff
strict-transport-security: max-age=15552000; includeSubDomains
content-encoding: gzip
x-permitted-cross-domain-policies: none
via: 1.1 595547cdc2fce94aba8498c84797701a.cloudfront.net (CloudFront)
x-amz-cf-pop: MUC50-P3
x-dns-prefetch-control: off
x-cache: Miss from cloudfront
cross-origin-resource-policy: same-origin
x-xss-protection: 0
referrer-policy: no-referrer
cross-origin-opener-policy: same-origin
x-download-options: noopen
x-frame-options: SAMEORIGIN
x-ratelimit-remaining: 499
content-type: application/json
vary: Accept-Encoding
origin-agent-cluster: ?1
cache-control: max-age=1
access-control-allow-credentials: true
x-ratelimit-reset: 1701196475
x-ratelimit-limit: 500
x-amz-cf-id: te-7n-yy8ibKUXgRDDTYJT6cGqcT9_zoEVID8h8Nbw_Gwe1hS9doTQ==

GET
H2 200 history Show response
foreks.com/api/historical/ 8 KB
3 KB 48ms
35ms XHR
application/json 18.173.154.20
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://foreks.com/api/historical/history?symbol=BTCUSD:BNN&resolution=60&from=1700762400000&to=1701194400000

Requested by

Host: foreks.com
URL: https://foreks.com/_nuxt/20f57ac.modern.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.173.154.20 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-173-154-20.muc50.r.cloudfront.net

Software

Resource Hash

f823642585e5efb071f9d6d4d78abb7fdd15e447049275b662307f2e7e7595ec

Security Headers

Name	Value
Content-Security-Policy	default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept: application/json, text/plain, */*
Referer: https://foreks.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 18:33:21 GMT
content-security-policy: default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
x-content-type-options: nosniff
strict-transport-security: max-age=15552000; includeSubDomains
content-encoding: gzip
x-permitted-cross-domain-policies: none
via: 1.1 595547cdc2fce94aba8498c84797701a.cloudfront.net (CloudFront)
x-amz-cf-pop: MUC50-P3
x-dns-prefetch-control: off
x-cache: Miss from cloudfront
cross-origin-resource-policy: same-origin
x-xss-protection: 0
referrer-policy: no-referrer
cross-origin-opener-policy: same-origin
x-download-options: noopen
x-frame-options: SAMEORIGIN
x-ratelimit-remaining: 499
content-type: application/json
vary: Accept-Encoding
origin-agent-cluster: ?1
cache-control: max-age=1
access-control-allow-credentials: true
x-ratelimit-reset: 1701196475
x-ratelimit-limit: 500
x-amz-cf-id: cnpZJOt9Ct31pjx7pNyS75FH9ZgAfzSW8FOhwf7KM62AJbrfLX4xxw==

GET
H2 200 history Show response
foreks.com/api/historical/ 24 KB
8 KB 65ms
52ms XHR
application/json 18.173.154.20
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://foreks.com/api/historical/history?symbol=BTCUSD:BNN&resolution=D&from=1670022000000&to=1701196401000

Requested by

Host: foreks.com
URL: https://foreks.com/_nuxt/20f57ac.modern.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.173.154.20 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-173-154-20.muc50.r.cloudfront.net

Software

Resource Hash

49652d66df6277d900c3c071868a22a9ae1c45072da5ff7efde056bb43a6de0b

Security Headers

Name	Value
Content-Security-Policy	default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept: application/json, text/plain, */*
Referer: https://foreks.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 18:33:21 GMT
content-security-policy: default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
x-content-type-options: nosniff
strict-transport-security: max-age=15552000; includeSubDomains
content-encoding: gzip
x-permitted-cross-domain-policies: none
via: 1.1 595547cdc2fce94aba8498c84797701a.cloudfront.net (CloudFront)
x-amz-cf-pop: MUC50-P3
x-dns-prefetch-control: off
x-cache: Miss from cloudfront
cross-origin-resource-policy: same-origin
x-xss-protection: 0
referrer-policy: no-referrer
cross-origin-opener-policy: same-origin
x-download-options: noopen
x-frame-options: SAMEORIGIN
x-ratelimit-remaining: 498
content-type: application/json
vary: Accept-Encoding
origin-agent-cluster: ?1
cache-control: max-age=10
access-control-allow-credentials: true
x-ratelimit-reset: 1701196475
x-ratelimit-limit: 500
x-amz-cf-id: 4FpOYDbmGd3qngnQeg_DsJ4gAC4sxCC3MenHeTNUel-jDOW2S9HeSg==

GET
H2 200 ic-youtube.5414add.svg
foreks.com/_nuxt/img/ 1 KB
952 B 31ms
22ms Image
image/svg+xml 18.173.154.20
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://foreks.com/_nuxt/img/ic-youtube.5414add.svg
Requested by: Host: foreks.com
URL: https://foreks.com/_nuxt/css/7a1a132.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.173.154.20 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-173-154-20.muc50.r.cloudfront.net
Software: /
Resource Hash: 8201b02c2df0c6496a05372d58423399054d4553832a91fcc83150854c39ad7f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://foreks.com/_nuxt/css/7a1a132.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 19 Sep 2023 19:44:48 GMT
content-encoding: gzip
via: 1.1 595547cdc2fce94aba8498c84797701a.cloudfront.net (CloudFront)
last-modified: Mon, 18 Sep 2023 14:00:53 GMT
x-amz-cf-pop: MUC50-P3
age: 6043713
etag: W/"536-18aa8981208"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: image/svg+xml
cache-control: public, max-age=31536000
accept-ranges: bytes
x-amz-cf-id: sdBg0RDID_WCGe-gUeaTp7B4wAopmd0ePgBJyTZr2NyYnDTvOLkNmg==

GET
H2 200 video-play.8cd1c53.svg
foreks.com/_nuxt/img/ 2 KB
1 KB 32ms
24ms Image
image/svg+xml 18.173.154.20
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://foreks.com/_nuxt/img/video-play.8cd1c53.svg
Requested by: Host: foreks.com
URL: https://foreks.com/_nuxt/css/7a1a132.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.173.154.20 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-173-154-20.muc50.r.cloudfront.net
Software: /
Resource Hash: c22f9d5f6507963d8f78d019c222001b4e6f0819bb2fac28c8b02353f667b80b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://foreks.com/_nuxt/css/7a1a132.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Wed, 13 Sep 2023 09:38:58 GMT
content-encoding: gzip
via: 1.1 595547cdc2fce94aba8498c84797701a.cloudfront.net (CloudFront)
last-modified: Wed, 13 Sep 2023 09:30:32 GMT
x-amz-cf-pop: MUC50-P3
age: 6598463
etag: W/"878-18a8de0c2c0"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: image/svg+xml
cache-control: public, max-age=31536000
accept-ranges: bytes
x-amz-cf-id: GCwxs-xfPGpIJ4XIvEx67Cs9clY4DMTm3LB3iwpCJA5WHKQyaDtu0w==

GET
DATA 200
OK truncated
/ 204 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 1e88e7d1d0170fdb08fc22f8e0a4549f01477fc6654f4efb900c65eb9b4b88fe

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 178 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: f51deb4b17f3929fc38473d43ed9b2a88d480864757574ff0e8f1ce327a5babe

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H2 200 ic-youtube-white.2f2376b.svg
foreks.com/_nuxt/img/ 1 KB
951 B 38ms
31ms Image
image/svg+xml 18.173.154.20
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://foreks.com/_nuxt/img/ic-youtube-white.2f2376b.svg
Requested by: Host: foreks.com
URL: https://foreks.com/_nuxt/css/7a1a132.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.173.154.20 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-173-154-20.muc50.r.cloudfront.net
Software: /
Resource Hash: 2a4b16a34759fec47ef434fb04b4c177a682990e3fe33a4935b6202146662a71

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://foreks.com/_nuxt/css/7a1a132.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Wed, 13 Sep 2023 09:38:58 GMT
content-encoding: gzip
via: 1.1 595547cdc2fce94aba8498c84797701a.cloudfront.net (CloudFront)
last-modified: Wed, 13 Sep 2023 09:30:32 GMT
x-amz-cf-pop: MUC50-P3
age: 6598463
etag: W/"536-18a8de0c2c0"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: image/svg+xml
cache-control: public, max-age=31536000
accept-ranges: bytes
x-amz-cf-id: c3T8_8cHBuwsmAslY5ZRTsB_8CIvN09KNjaD1lxX_shNEeBamNQ0tA==

GET
H2 200 logo-brand.ffb3e00.svg
foreks.com/_nuxt/img/ 7 KB
4 KB 37ms
30ms Image
image/svg+xml 18.173.154.20
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://foreks.com/_nuxt/img/logo-brand.ffb3e00.svg
Requested by: Host: foreks.com
URL: https://foreks.com/_nuxt/css/7a1a132.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.173.154.20 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-173-154-20.muc50.r.cloudfront.net
Software: /
Resource Hash: e3c185d7172e2bbe4b5febef13973e745e0fa130113b993b150602b3bcdf9b32

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://foreks.com/_nuxt/css/7a1a132.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Fri, 03 Nov 2023 12:53:45 GMT
content-encoding: gzip
via: 1.1 595547cdc2fce94aba8498c84797701a.cloudfront.net (CloudFront)
last-modified: Fri, 03 Nov 2023 08:36:39 GMT
x-amz-cf-pop: MUC50-P3
age: 2180376
etag: W/"1d91-18b9453c1d8"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: image/svg+xml
cache-control: public, max-age=31536000
accept-ranges: bytes
x-amz-cf-id: DB5MNioz4FL5Ar3W8gt3Y5kB0ElIGm98aTbJR6LbpAAMIEktb1_L0w==

GET
H2 200 icon-font.7265c8f.woff2
foreks.com/_nuxt/fonts/ 12 KB
12 KB 38ms
31ms Font
font/woff2 18.173.154.20
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://foreks.com/_nuxt/fonts/icon-font.7265c8f.woff2
Requested by: Host: foreks.com
URL: https://foreks.com/_nuxt/css/fb8ace3.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.173.154.20 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-173-154-20.muc50.r.cloudfront.net
Software: /
Resource Hash: 5d57d88f79fd5b685f1ba3bd66081456f0b90c1da546002d4e5a6d4517e11156

Request headers

Referer: https://foreks.com/_nuxt/css/fb8ace3.css
Origin: https://foreks.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Mon, 30 Oct 2023 05:55:31 GMT
via: 1.1 595547cdc2fce94aba8498c84797701a.cloudfront.net (CloudFront)
last-modified: Wed, 18 Oct 2023 14:23:24 GMT
x-amz-cf-pop: MUC50-P3
age: 2551070
etag: W/"3064-18b432b7760"
x-cache: Hit from cloudfront
content-type: font/woff2
cache-control: public, max-age=31536000
accept-ranges: bytes
content-length: 12388
x-amz-cf-id: -dfTlChuCwmK387yCA2qEnbRWnnxeNJ4Aeb4vWh9D3fvAIp54AtSHg==

GET
H2 200 la-brands-400.3a8109c.woff2
foreks.com/_nuxt/fonts/ 83 KB
83 KB 39ms
32ms Font
font/woff2 18.173.154.20
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://foreks.com/_nuxt/fonts/la-brands-400.3a8109c.woff2
Requested by: Host: foreks.com
URL: https://foreks.com/_nuxt/css/fb8ace3.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.173.154.20 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-173-154-20.muc50.r.cloudfront.net
Software: /
Resource Hash: ff70c9bc4650cf5e6b12d1feaa7af29ebf0681993fc0c5ffe3658cea0dbd5403

Request headers

Referer: https://foreks.com/_nuxt/css/fb8ace3.css
Origin: https://foreks.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Wed, 13 Sep 2023 10:02:35 GMT
via: 1.1 595547cdc2fce94aba8498c84797701a.cloudfront.net (CloudFront)
last-modified: Wed, 13 Sep 2023 09:30:32 GMT
x-amz-cf-pop: MUC50-P3
age: 6597046
etag: W/"14b24-18a8de0c2c0"
x-cache: Hit from cloudfront
content-type: font/woff2
cache-control: public, max-age=31536000
accept-ranges: bytes
content-length: 84772
x-amz-cf-id: m0Z2Uxl6iSiu787IGtz0_DZfwF6ddz__0uRdxEKjh4YZOIZnifGEwQ==

GET
H2 200 sourcesanspro-italic-webfont.1da1088.woff2
foreks.com/_nuxt/fonts/ 35 KB
35 KB 36ms
30ms Font
font/woff2 18.173.154.20
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://foreks.com/_nuxt/fonts/sourcesanspro-italic-webfont.1da1088.woff2
Requested by: Host: foreks.com
URL: https://foreks.com/_nuxt/css/fb8ace3.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.173.154.20 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-173-154-20.muc50.r.cloudfront.net
Software: /
Resource Hash: 68efbddaf18604b239c9507b60f9837b892697a3d698bcf2c131a2be8dd5fe6c

Request headers

Referer: https://foreks.com/_nuxt/css/fb8ace3.css
Origin: https://foreks.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Wed, 13 Sep 2023 10:02:35 GMT
via: 1.1 595547cdc2fce94aba8498c84797701a.cloudfront.net (CloudFront)
last-modified: Wed, 13 Sep 2023 09:30:32 GMT
x-amz-cf-pop: MUC50-P3
age: 6597046
etag: W/"8c44-18a8de0c2c0"
x-cache: Hit from cloudfront
content-type: font/woff2
cache-control: public, max-age=31536000
accept-ranges: bytes
content-length: 35908
x-amz-cf-id: _62Hz-Gxk35TC7gNPsx06zLW4Tj5wVhn2VY-eYsZKfRR60yWT1E7Pg==

GET
H2 200 sourcesanspro-semibolditalic-webfont.28d6182.woff2
foreks.com/_nuxt/fonts/ 35 KB
35 KB 28ms
27ms Font
font/woff2 18.173.154.20
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://foreks.com/_nuxt/fonts/sourcesanspro-semibolditalic-webfont.28d6182.woff2
Requested by: Host: foreks.com
URL: https://foreks.com/_nuxt/css/fb8ace3.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.173.154.20 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-173-154-20.muc50.r.cloudfront.net
Software: /
Resource Hash: 0a98542c5c77556365676280c173fee3e7cf786f90303ec7e74aeac0855c591b

Request headers

Referer: https://foreks.com/_nuxt/css/fb8ace3.css
Origin: https://foreks.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Wed, 13 Sep 2023 09:42:22 GMT
via: 1.1 595547cdc2fce94aba8498c84797701a.cloudfront.net (CloudFront)
last-modified: Wed, 13 Sep 2023 09:30:32 GMT
x-amz-cf-pop: MUC50-P3
age: 6598259
etag: W/"8be4-18a8de0c2c0"
x-cache: Hit from cloudfront
content-type: font/woff2
cache-control: public, max-age=31536000
accept-ranges: bytes
content-length: 35812
x-amz-cf-id: VZjS-CC7GW3YdN-aMsltcg1RUMCNcttPimonx_HeuJOaKQb4V9G3ew==

GET
H2 200 cta-json Show response
cta-service-cms2.hubspot.com/ctas/v2/public/cs/ 3 KB
3 KB 209ms
160ms XHR
application/json 2606:4700::6813:9b53
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cta-service-cms2.hubspot.com/ctas/v2/public/cs/cta-json?canon=https%3A%2F%2Fwww.foreks.com%2Fhaberler%2Fekonomik-takvim&pid=6100458&sv=cta-embed-js-static-1.233&rdy=1&df=t&pg=ecc136ef-40f2-4547-bee9-f39c75a1114d

Requested by

Host: js.hscta.net
URL: https://js.hscta.net/cta/current.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:9b53 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6abdd3135520376845aea7f867e21036763fca3c80deb3cfd9a834027ca11a89

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://foreks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

x-origin-hublet: na1
date: Tue, 28 Nov 2023 18:33:22 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 1aa8f89b-c3f7-4bc9-bc2b-9e2531313256
content-encoding: br
x-envoy-upstream-service-time: 20
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 1aa8f89b-c3f7-4bc9-bc2b-9e2531313256
server: cloudflare
x-trace: 2B86E1339C7A5FADA9C324BA384EAC91B96762D0C1000000000000000000
vary: origin
access-control-allow-methods: OPTIONS, GET
content-type: application/json;charset=utf-8
access-control-allow-origin: https://foreks.com
x-evy-trace-virtual-host: all
access-control-expose-headers: X-Origin-Hublet
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: true
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-56dcc87b5c-fqrln
access-control-max-age: 180
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2Fc2C86HHHD9c%2FIc8hyM9LSwQZblrU6dvZ2ko1O%2FLvINRM8rsfH%2FuS4aOpOYtZgdRijqKBsbs7h96IyIk6znN5sW8tjnLvynJrZcjG1otvm9yAbp2DZ32VkwGMdN5IeydoqgD0FMTqrqapKzaJ2JQfoZnAWbWBEeNm7g%3D"}],"group":"cf-nel","max_age":604800}
x-robots-tag: noindex, follow
access-control-allow-headers: Accept, Accept-Charset, Accept-Encoding, Accept-Language, Content-Type, Host, Origin, Referer, User-Agent
cf-ray: 82d4b2e8ea37bb9e-FRA

GET
H2 200 clarity.js Show response
www.clarity.ms/s/0.7.18/ 59 KB
25 KB 42ms
42ms Script
application/javascript 2620:1ec:bdf::45
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.clarity.ms/s/0.7.18/clarity.js
Requested by: Host: www.clarity.ms
URL: https://www.clarity.ms/tag/end5q83kh4?ref=gtm2
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:bdf::45 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: f4e16c137bfcf443839c20e1038b9ee2dec570f047ae3b1c8f9378e9176750dd

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://foreks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 18:33:22 GMT
content-encoding: br
last-modified: Fri, 17 Nov 2023 13:41:44 GMT
etag: W/"0x8DBE772F014B026"
vary: Accept-Encoding
x-azure-ref: 20231128T183322Z-mqpve2pvet2n32yem81qx08b6g0000000v5g000000004nga
content-type: application/javascript;charset=utf-8
access-control-allow-origin: *
x-ms-request-id: 7767f6a6-101e-004a-47fe-198d54000000
cache-control: public, max-age=86400
x-cache: TCP_HIT
x-ms-version: 2018-03-28

GET
H2 200 1701175723950.webp
news-files.foreks.com/images/ 44 KB
45 KB 69ms
67ms Image
image/jpeg 18.66.97.13
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://news-files.foreks.com/images/1701175723950.webp
Requested by: Host: foreks.com
URL: https://foreks.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.97.13 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-97-13.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 325ea95921d5de02943b01477a94bd966108340481a0b8571c446faff119d5bf

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://foreks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

x-amz-version-id: ZP7mHp_bWoZYrs1HMwJxLP8hi_SAh6Au
date: Tue, 28 Nov 2023 18:33:23 GMT
via: 1.1 84294257ed643a88ee54d2e3f7d7ccea.cloudfront.net (CloudFront)
last-modified: Tue, 28 Nov 2023 12:48:45 GMT
server: AmazonS3
x-amz-cf-pop: FRA56-P2
x-amz-server-side-encryption: AES256
etag: "f7c7087ba1f25476a26f2ab61526a0b6"
vary: Accept-Encoding
x-cache: RefreshHit from cloudfront
content-type: image/jpeg
accept-ranges: bytes
content-length: 45336
x-amz-cf-id: Vh2VBoB4phgYqJNgbKrK2EoUteDHa-wCOlSKQCsrsDNN231owHdLbw==

GET
H2 200 1701173529154.webp
news-files.foreks.com/images/ 41 KB
42 KB 62ms
61ms Image
image/jpeg 18.66.97.13
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://news-files.foreks.com/images/1701173529154.webp
Requested by: Host: foreks.com
URL: https://foreks.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.97.13 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-97-13.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 222489894fb44e82cb7ec52b552b854827065d5c34cf435f1664b11d29d05b5c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://foreks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

x-amz-version-id: Qe_IPZaHAtQbMQUwVk6yfynviqA9O.2M
date: Tue, 28 Nov 2023 18:33:23 GMT
via: 1.1 84294257ed643a88ee54d2e3f7d7ccea.cloudfront.net (CloudFront)
last-modified: Tue, 28 Nov 2023 12:12:10 GMT
server: AmazonS3
x-amz-cf-pop: FRA56-P2
x-amz-server-side-encryption: AES256
etag: "c49597e6364be3bceb579d5fc03b66e4"
vary: Accept-Encoding
x-cache: RefreshHit from cloudfront
content-type: image/jpeg
accept-ranges: bytes
content-length: 42458
x-amz-cf-id: PXWho5NEOOoZFlydtEEPk-Z2WrP26Fq61zTTn9TcW__aPbGdV9JtbQ==

GET
H2 200 1701173493286.webp
news-files.foreks.com/images/ 80 KB
81 KB 40ms
39ms Image
image/jpeg 18.66.97.13
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://news-files.foreks.com/images/1701173493286.webp
Requested by: Host: foreks.com
URL: https://foreks.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.97.13 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-97-13.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 631ea14bc6b92620f3cc699986718e52be31a0373605a8ff8aa4af9cf7bc1a08

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://foreks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

x-amz-version-id: Pg1HDeJ6Hm99i_Wt.yCroK1FXKljAnha
date: Tue, 28 Nov 2023 18:33:23 GMT
via: 1.1 84294257ed643a88ee54d2e3f7d7ccea.cloudfront.net (CloudFront)
last-modified: Tue, 28 Nov 2023 12:11:34 GMT
server: AmazonS3
x-amz-cf-pop: FRA56-P2
x-amz-server-side-encryption: AES256
etag: "54e6ad847b487da722b48108a4790b92"
vary: Accept-Encoding
x-cache: RefreshHit from cloudfront
content-type: image/jpeg
accept-ranges: bytes
content-length: 82074
x-amz-cf-id: 1Hg0jwZFmVbEGDGEWFxYAi-XRwUD-9ppvA2XhOVtHSWvyL-rNtzZnQ==

GET
H2 200 1701164265927.webp
news-files.foreks.com/images/ 35 KB
36 KB 45ms
44ms Image
image/jpeg 18.66.97.13
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://news-files.foreks.com/images/1701164265927.webp
Requested by: Host: foreks.com
URL: https://foreks.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.97.13 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-97-13.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 8c9bf9333f6e1ec3b4a1344f7030099f19d9f5040a397c70481b744190e8d6a9

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://foreks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

x-amz-version-id: C2DdnyT_v.AVMgX4_Fg89zgowWJLkgsf
date: Tue, 28 Nov 2023 18:33:23 GMT
via: 1.1 84294257ed643a88ee54d2e3f7d7ccea.cloudfront.net (CloudFront)
last-modified: Tue, 28 Nov 2023 09:37:47 GMT
server: AmazonS3
x-amz-cf-pop: FRA56-P2
x-amz-server-side-encryption: AES256
etag: "bab6af74d9ebc96ae8b853105c2ce1a1"
vary: Accept-Encoding
x-cache: RefreshHit from cloudfront
content-type: image/jpeg
accept-ranges: bytes
content-length: 36258
x-amz-cf-id: 410CwDfeynogN6ush3fM9dUSm0iIUH4rJMZDvWybXXooj6pMlzmJXA==

GET
H2 200 1701158894645.webp
news-files.foreks.com/images/ 25 KB
26 KB 79ms
78ms Image
image/jpeg 18.66.97.13
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://news-files.foreks.com/images/1701158894645.webp
Requested by: Host: foreks.com
URL: https://foreks.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.97.13 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-97-13.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: d3d52f12ba1350354373d48fa007a3c4603a36df4b4436ebd1430fdd2fc6ce75

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://foreks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

x-amz-version-id: fhyymDH77ZppCT8RD.cudJJEWUusWNjH
date: Tue, 28 Nov 2023 18:33:23 GMT
via: 1.1 84294257ed643a88ee54d2e3f7d7ccea.cloudfront.net (CloudFront)
last-modified: Tue, 28 Nov 2023 08:08:15 GMT
server: AmazonS3
x-amz-cf-pop: FRA56-P2
x-amz-server-side-encryption: AES256
etag: "31ffc5a5431ecb2e562071d3e4c9c24d"
vary: Accept-Encoding
x-cache: RefreshHit from cloudfront
content-type: image/jpeg
accept-ranges: bytes
content-length: 25666
x-amz-cf-id: 9Y94iT9ALiWE9hrkKJQjYVUwu37yg60hW7imRV4JFrD28mfSeXF0lA==

GET
H2 200 1693279796970.webp
news-files.foreks.com/images/ 22 KB
22 KB 63ms
62ms Image
image/jpeg 18.66.97.13
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://news-files.foreks.com/images/1693279796970.webp
Requested by: Host: foreks.com
URL: https://foreks.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.97.13 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-97-13.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 579948647ed5eae6d4e15aedbea9e083223aed76ecfc1c5920ad32e3cc0ae270

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://foreks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

x-amz-version-id: dP5l5UDXN82zr5CbNuTiS5ymVUgLVYUw
date: Tue, 28 Nov 2023 18:33:23 GMT
via: 1.1 84294257ed643a88ee54d2e3f7d7ccea.cloudfront.net (CloudFront)
last-modified: Tue, 29 Aug 2023 03:29:58 GMT
server: AmazonS3
x-amz-cf-pop: FRA56-P2
x-amz-server-side-encryption: AES256
etag: "362873935b2d6a7f3c185220cd8ed653"
vary: Accept-Encoding
x-cache: RefreshHit from cloudfront
content-type: image/jpeg
accept-ranges: bytes
content-length: 22032
x-amz-cf-id: ZgReOEjRXPNo985WiWOD3b7yObboliwuRMZ1fp9nBp11Sd8zVS8J7Q==

GET
H2 200 youtube Show response
foreks.com/api/ 121 KB
19 KB 38ms
38ms XHR
application/json 18.173.154.20
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://foreks.com/api/youtube?channelId=UCBbRYu2nqeGGsRrKu5jh-Pw

Requested by

Host: foreks.com
URL: https://foreks.com/_nuxt/20f57ac.modern.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.173.154.20 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-173-154-20.muc50.r.cloudfront.net

Software

Resource Hash

23c3fea99053954c39183a25166a315ed3a34db8300d5db6cbc992b3dc8295ae

Security Headers

Name	Value
Content-Security-Policy	default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept: application/json, text/plain, */*
Referer: https://foreks.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 18:33:22 GMT
content-security-policy: default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
x-content-type-options: nosniff
strict-transport-security: max-age=15552000; includeSubDomains
content-encoding: gzip
x-permitted-cross-domain-policies: none
via: 1.1 595547cdc2fce94aba8498c84797701a.cloudfront.net (CloudFront)
x-amz-cf-pop: MUC50-P3
x-dns-prefetch-control: off
x-cache: Miss from cloudfront
cross-origin-resource-policy: same-origin
x-xss-protection: 0
referrer-policy: no-referrer
cross-origin-opener-policy: same-origin
etag: W/"1e50d-lWSlTsAPYSzEYLtNmTD0+TFnSWg"
x-download-options: noopen
x-frame-options: SAMEORIGIN
x-ratelimit-remaining: 498
content-type: application/json; charset=utf-8
vary: Origin, Accept-Encoding
origin-agent-cluster: ?1
cache-control: max-age=372
access-control-allow-credentials: true
x-ratelimit-reset: 1701196235
x-ratelimit-limit: 500
x-amz-cf-id: 0nXBqVR33BZuVcKrjwSx5TQYF8txDWhVPlxSd9QrOLwONbqyuy689w==

GET
H2 200 youtube Show response
foreks.com/api/ 121 KB
19 KB 42ms
41ms XHR
application/json 18.173.154.20
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://foreks.com/api/youtube?channelId=UCBbRYu2nqeGGsRrKu5jh-Pw

Requested by

Host: foreks.com
URL: https://foreks.com/_nuxt/20f57ac.modern.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.173.154.20 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-173-154-20.muc50.r.cloudfront.net

Software

Resource Hash

23c3fea99053954c39183a25166a315ed3a34db8300d5db6cbc992b3dc8295ae

Security Headers

Name	Value
Content-Security-Policy	default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept: application/json, text/plain, */*
Referer: https://foreks.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 18:33:22 GMT
content-security-policy: default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
x-content-type-options: nosniff
strict-transport-security: max-age=15552000; includeSubDomains
content-encoding: gzip
x-permitted-cross-domain-policies: none
via: 1.1 595547cdc2fce94aba8498c84797701a.cloudfront.net (CloudFront)
x-amz-cf-pop: MUC50-P3
x-dns-prefetch-control: off
x-cache: Miss from cloudfront
cross-origin-resource-policy: same-origin
x-xss-protection: 0
referrer-policy: no-referrer
cross-origin-opener-policy: same-origin
etag: W/"1e50d-lWSlTsAPYSzEYLtNmTD0+TFnSWg"
x-download-options: noopen
x-frame-options: SAMEORIGIN
x-ratelimit-remaining: 498
content-type: application/json; charset=utf-8
vary: Origin, Accept-Encoding
origin-agent-cluster: ?1
cache-control: max-age=372
access-control-allow-credentials: true
x-ratelimit-reset: 1701196235
x-ratelimit-limit: 500
x-amz-cf-id: 52lZnykq5AlQIjxWBze8UzsrQ9JWKjepzRwmKZx82s5dIzstlP5rEA==

GET
H2 200 ads.js Show response
static.virgul.com/theme/mockups/mockups/tracker/imp/collect/adview/ad/ 120 B
338 B 60ms
59ms Script
application/javascript 185.7.176.222
SH

General

Check archive.org

Show headers Download Go to

Full URL

https://static.virgul.com/theme/mockups/mockups/tracker/imp/collect/adview/ad/ads.js

Requested by

Host: static.virgul.com
URL: https://static.virgul.com/theme/mockups/adcode/outside.js?dts=19689

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

185.7.176.222 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),

Reverse DNS

Software

openresty/1.15.8.3 /

Resource Hash

d9fd0aeda423bd39a36871759ef7b17dab3d51e5981cd5839103f990b8b9ef60

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://foreks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 18:33:22 GMT
strict-transport-security: max-age=63072000
last-modified: Wed, 21 Dec 2022 18:47:42 GMT
server: openresty/1.15.8.3
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=5184000
accept-ranges: bytes
content-length: 120

GET
H2 200 str.html Show response
static.virgul.com/theme/mockups/outside/ Frame CDA7 891 B
1 KB 68ms
68ms Document
text/html 185.7.176.222
SH

General

Check archive.org

Show headers Download Go to

Full URL

https://static.virgul.com/theme/mockups/outside/str.html?v=2

Requested by

Host: static.virgul.com
URL: https://static.virgul.com/theme/mockups/adcode/outside.js?dts=19689

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

185.7.176.222 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),

Reverse DNS

Software

openresty/1.15.8.3 /

Resource Hash

2af1b8e91e1ea0f27fab2f6bac1dd1d81867b7a2a8d7cef1084fa39309e0ac6f

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000

Request headers

Referer: https://foreks.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
cache-control: max-age=5184000
content-length: 891
content-type: text/html
date: Tue, 28 Nov 2023 18:33:22 GMT
last-modified: Wed, 28 Sep 2022 10:07:57 GMT
server: openresty/1.15.8.3
strict-transport-security: max-age=63072000

GET
H2 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ 150 KB
52 KB 147ms
74ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-6593523210010154

Requested by

Host: static.virgul.com
URL: https://static.virgul.com/theme/mockups/adcode/outside.js?dts=19689

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

bc7ce0f61451a214b44271aa6889d36324b4f3ca65102ccfcac15c59208f7e8a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://foreks.com/
Origin: https://foreks.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 18:33:22 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 52726
x-xss-protection: 0
server: cafe
etag: 11242036756872766711
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Tue, 28 Nov 2023 18:33:22 GMT

GET
H2 200 prebid8.23.0.js Show response
static.virgul.com/theme/mockups/outside/ 543 KB
204 KB 80ms
80ms Script
application/javascript 185.7.176.222
SH

General

Check archive.org

Show headers Download Go to

Full URL

https://static.virgul.com/theme/mockups/outside/prebid8.23.0.js

Requested by

Host: static.virgul.com
URL: https://static.virgul.com/theme/mockups/adcode/outside.js?dts=19689

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

185.7.176.222 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),

Reverse DNS

Software

openresty/1.15.8.3 /

Resource Hash

643dd75cf9812c16397f2d14bd471c6265b4b2edf68b1a4297ca7daaf0f97dc3

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://foreks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 18:33:22 GMT
content-encoding: gzip
strict-transport-security: max-age=63072000
last-modified: Thu, 16 Nov 2023 07:43:07 GMT
server: openresty/1.15.8.3
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=5184000

GET
H2 200 apstag.js Show response
c.amazon-adsystem.com/aax2/ 267 KB
65 KB 114ms
30ms Script
application/javascript 108.138.37.209
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/aax2/apstag.js
Requested by: Host: static.virgul.com
URL: https://static.virgul.com/theme/mockups/adcode/outside.js?dts=19689
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 108.138.37.209 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-108-138-37-209.muc50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 4c8fe936e012d2d229577704c34c41a451d7a98aa5c2566ea5c3930aa7e3f40f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://foreks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 17:43:56 GMT
content-encoding: gzip
via: 1.1 06a27d66e25d02ebcfb014b9d194016a.cloudfront.net (CloudFront), 1.1 a1d3f4e4f5c5940d2f1eea05f736c3ee.cloudfront.net (CloudFront)
last-modified: Mon, 13 Nov 2023 20:18:45 GMT
server: AmazonS3
x-amz-cf-pop: FRA60-P1, MUC50-P2
age: 2967
x-amz-server-side-encryption: AES256
etag: W/"2d08dd94de483579c1dc3f3783c06f6e"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
cache-control: max-age=3600
x-amz-cf-id: H7-NU69aF5IgdNgN_feYed0frx8qXvHKOGxs6acXZmFqqesnOEXcNg==

GET
H2 200 pageview Show response
ng.virgul.com/ 14 KB
4 KB 196ms
133ms Script
application/javascript 185.7.176.222
SH

General

Check archive.org

Show headers Download Go to

Full URL: https://ng.virgul.com/pageview?c=site_geneli&mt=1701196402186&v=https%3A%2F%2Fforeks.com%2F&r=foreks:site_geneli&userId=&tp=&os=&call=noktaad.ads.vvad&vd=0&ses=0&dim=1600x1200&l=&y=&w=0&ext=,as,rc0,hf1,vv1&info=&ref=&rdmt=0.39542836795961844
Requested by: Host: static.virgul.com
URL: https://static.virgul.com/theme/mockups/adcode/outside.js?dts=19689
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 185.7.176.222 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: 15ffdf30230da879b6ccc878dbe00664ead25fa8c1d9c5980211ac9ad559975b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://foreks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 18:33:22 GMT
content-encoding: gzip
server: openresty/1.15.8.3
vary: Accept-Encoding
p3p: CP='IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT'
access-control-allow-origin: https://foreks.com
content-type: application/javascript
access-control-allow-credentials: true
expires: Tue, 04 Jan 2022 10:49:40 GMT

GET
H2 200 foreks.js Show response
static.virgul.com/theme/mockups/fallback/ 15 KB
6 KB 60ms
60ms Script
application/javascript 185.7.176.222
SH

General

Check archive.org

Show headers Download Go to

Full URL

https://static.virgul.com/theme/mockups/fallback/foreks.js?dts=19689

Requested by

Host: static.virgul.com
URL: https://static.virgul.com/theme/mockups/adcode/outside.js?dts=19689

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

185.7.176.222 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),

Reverse DNS

Software

openresty/1.15.8.3 /

Resource Hash

6a898f6ff520ba34bd5d8ece4f39b5b6f782065bcedfb4cbf5a87b16e54c4d4a

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://foreks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 18:33:22 GMT
content-encoding: gzip
strict-transport-security: max-age=63072000
last-modified: Tue, 28 Nov 2023 18:04:26 GMT
server: openresty/1.15.8.3
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=5184000

GET
DATA 200
OK truncated
/ 681 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 5feb736923115c10a6ce2636540d6950f32509e1f3554226ac004b73a8382675

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H2 200 TR@3x.png
foreks.com/img/flags/ 3 KB
4 KB 42ms
42ms Image
image/png 18.173.154.20
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://foreks.com/img/flags/TR@3x.png
Requested by: Host: foreks.com
URL: https://foreks.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.173.154.20 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-173-154-20.muc50.r.cloudfront.net
Software: /
Resource Hash: 5812d2557010d144492cc7ac39b6a8196983793dc1dc16ca6e9df8d0f4e57a39

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://foreks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 18:33:22 GMT
via: 1.1 595547cdc2fce94aba8498c84797701a.cloudfront.net (CloudFront)
last-modified: Thu, 23 Nov 2023 10:57:43 GMT
x-amz-cf-pop: MUC50-P3
etag: W/"d7b-18bfbd41858"
x-cache: Miss from cloudfront
content-type: image/png
cache-control: public, max-age=0
accept-ranges: bytes
content-length: 3451
x-amz-cf-id: YbuxpEnq3VmEtlq_J7m779LkYGHg1US4J0n256tzHhPeGtIdry6cDw==

GET
DATA 200
OK truncated
/ 656 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: d46df17d4e3239b6eaf05d2e349fc1bcc81d004d35f3e1fb8c12308aa2d439b5

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H2 200 intraday Show response
foreks.com/api/historical/ 10 KB
4 KB 56ms
55ms XHR
application/json 18.173.154.20
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://foreks.com/api/historical/intraday?code=XU100.I.BIST&period=15&last=100

Requested by

Host: foreks.com
URL: https://foreks.com/_nuxt/20f57ac.modern.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.173.154.20 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-173-154-20.muc50.r.cloudfront.net

Software

Resource Hash

29d65a57d9d45a39e1f3d1e608e3c6228bd4dbb189e15bea20bb508aacfa1b37

Security Headers

Name	Value
Content-Security-Policy	default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept: application/json, text/plain, */*
Referer: https://foreks.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 18:33:22 GMT
content-security-policy: default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
x-content-type-options: nosniff
strict-transport-security: max-age=15552000; includeSubDomains
content-encoding: gzip
x-permitted-cross-domain-policies: none
via: 1.1 595547cdc2fce94aba8498c84797701a.cloudfront.net (CloudFront)
x-amz-cf-pop: MUC50-P3
x-dns-prefetch-control: off
x-cache: Miss from cloudfront
cross-origin-resource-policy: same-origin
x-xss-protection: 0
referrer-policy: no-referrer
cross-origin-opener-policy: same-origin
x-download-options: noopen
x-frame-options: SAMEORIGIN
x-ratelimit-remaining: 498
content-type: application/json
vary: Accept-Encoding
origin-agent-cluster: ?1
cache-control: max-age=10
access-control-allow-credentials: true
x-ratelimit-reset: 1701196475
x-ratelimit-limit: 500
x-amz-cf-id: q2DjdyqQ5sncfY1Ac4zNCqS9vqND2QV5WaJgJhYnF02uNSa1Oe82SA==

GET
H2 200 intraday Show response
foreks.com/api/historical/ 7 KB
2 KB 119ms
119ms XHR
application/json 18.173.154.20
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://foreks.com/api/historical/intraday?code=USD/TRL&period=15&last=100

Requested by

Host: foreks.com
URL: https://foreks.com/_nuxt/20f57ac.modern.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.173.154.20 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-173-154-20.muc50.r.cloudfront.net

Software

Resource Hash

78fca88f95be91c7135968634b0a9bda02fbda308f0f5fad5600040a8691ee23

Security Headers

Name	Value
Content-Security-Policy	default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept: application/json, text/plain, */*
Referer: https://foreks.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 18:33:22 GMT
content-security-policy: default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
x-content-type-options: nosniff
strict-transport-security: max-age=15552000; includeSubDomains
content-encoding: gzip
x-permitted-cross-domain-policies: none
via: 1.1 595547cdc2fce94aba8498c84797701a.cloudfront.net (CloudFront)
x-amz-cf-pop: MUC50-P3
x-dns-prefetch-control: off
x-cache: Miss from cloudfront
cross-origin-resource-policy: same-origin
x-xss-protection: 0
referrer-policy: no-referrer
cross-origin-opener-policy: same-origin
x-download-options: noopen
x-frame-options: SAMEORIGIN
x-ratelimit-remaining: 499
content-type: application/json
vary: Accept-Encoding
origin-agent-cluster: ?1
cache-control: max-age=10
access-control-allow-credentials: true
x-ratelimit-reset: 1701196475
x-ratelimit-limit: 500
x-amz-cf-id: SWJQMvV_twfETAseSo99uIraGsGluTDC4tPDiG_ymUQC6iBoi177PA==

GET
H2 200 intraday Show response
foreks.com/api/historical/ 7 KB
2 KB 127ms
127ms XHR
application/json 18.173.154.20
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://foreks.com/api/historical/intraday?code=EUR/TRL&period=15&last=100

Requested by

Host: foreks.com
URL: https://foreks.com/_nuxt/20f57ac.modern.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.173.154.20 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-173-154-20.muc50.r.cloudfront.net

Software

Resource Hash

a42170b060c772626a291adefc56be90d372bd294689d19e246fc4b48f37dea7

Security Headers

Name	Value
Content-Security-Policy	default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept: application/json, text/plain, */*
Referer: https://foreks.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 18:33:22 GMT
content-security-policy: default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
x-content-type-options: nosniff
strict-transport-security: max-age=15552000; includeSubDomains
content-encoding: gzip
x-permitted-cross-domain-policies: none
via: 1.1 595547cdc2fce94aba8498c84797701a.cloudfront.net (CloudFront)
x-amz-cf-pop: MUC50-P3
x-dns-prefetch-control: off
x-cache: Miss from cloudfront
cross-origin-resource-policy: same-origin
x-xss-protection: 0
referrer-policy: no-referrer
cross-origin-opener-policy: same-origin
x-download-options: noopen
x-frame-options: SAMEORIGIN
x-ratelimit-remaining: 498
content-type: application/json
vary: Accept-Encoding
origin-agent-cluster: ?1
cache-control: max-age=10
access-control-allow-credentials: true
x-ratelimit-reset: 1701196475
x-ratelimit-limit: 500
x-amz-cf-id: r8a6f7GU046PiK4eAqk_-B9zQ4S_LGaD1ZJaSboyCBxmHAGQhZTi4A==

GET
H2 200 intraday Show response
foreks.com/api/historical/ 7 KB
2 KB 70ms
70ms XHR
application/json 18.173.154.20
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://foreks.com/api/historical/intraday?code=SGLD&period=15&last=100

Requested by

Host: foreks.com
URL: https://foreks.com/_nuxt/20f57ac.modern.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.173.154.20 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-173-154-20.muc50.r.cloudfront.net

Software

Resource Hash

53e1ec1e1b29a093e5b53bd64414c8191f2de7107d7231a942b6159eb475f195

Security Headers

Name	Value
Content-Security-Policy	default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept: application/json, text/plain, */*
Referer: https://foreks.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 18:33:22 GMT
content-security-policy: default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
x-content-type-options: nosniff
strict-transport-security: max-age=15552000; includeSubDomains
content-encoding: gzip
x-permitted-cross-domain-policies: none
via: 1.1 595547cdc2fce94aba8498c84797701a.cloudfront.net (CloudFront)
x-amz-cf-pop: MUC50-P3
x-dns-prefetch-control: off
x-cache: Miss from cloudfront
cross-origin-resource-policy: same-origin
x-xss-protection: 0
referrer-policy: no-referrer
cross-origin-opener-policy: same-origin
x-download-options: noopen
x-frame-options: SAMEORIGIN
x-ratelimit-remaining: 497
content-type: application/json
vary: Accept-Encoding
origin-agent-cluster: ?1
cache-control: max-age=10
access-control-allow-credentials: true
x-ratelimit-reset: 1701196475
x-ratelimit-limit: 500
x-amz-cf-id: Z6RG69EG__sXC-vaejFKx42x9N02tf0S9QnnhbnySi32owFyt8VvyQ==

GET
H2 200 intraday Show response
foreks.com/api/historical/ 7 KB
3 KB 146ms
146ms XHR
application/json 18.173.154.20
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://foreks.com/api/historical/intraday?code=BTCUSD:BNN&period=15&last=100

Requested by

Host: foreks.com
URL: https://foreks.com/_nuxt/20f57ac.modern.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.173.154.20 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-173-154-20.muc50.r.cloudfront.net

Software

Resource Hash

e741fb44e74cfbc464a6c5c8f9123efc8ddf9c4b6384af557c0881c7fd3e3934

Security Headers

Name	Value
Content-Security-Policy	default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept: application/json, text/plain, */*
Referer: https://foreks.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 18:33:22 GMT
content-security-policy: default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
x-content-type-options: nosniff
strict-transport-security: max-age=15552000; includeSubDomains
content-encoding: gzip
x-permitted-cross-domain-policies: none
via: 1.1 595547cdc2fce94aba8498c84797701a.cloudfront.net (CloudFront)
x-amz-cf-pop: MUC50-P3
x-dns-prefetch-control: off
x-cache: Miss from cloudfront
cross-origin-resource-policy: same-origin
x-xss-protection: 0
referrer-policy: no-referrer
cross-origin-opener-policy: same-origin
x-download-options: noopen
x-frame-options: SAMEORIGIN
x-ratelimit-remaining: 498
content-type: application/json
vary: Accept-Encoding
origin-agent-cluster: ?1
cache-control: max-age=10
access-control-allow-credentials: true
x-ratelimit-reset: 1701196475
x-ratelimit-limit: 500
x-amz-cf-id: mzonqRbR3Tbey1HU4aqE8mUw_4hqNWeljw8fZZy7IhdETOuo0IOk_A==

GET
H2 200 intraday Show response
foreks.com/api/historical/ 4 KB
2 KB 68ms
68ms XHR
application/json 18.173.154.20
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://foreks.com/api/historical/intraday?code=TAHVIL&period=15&last=100

Requested by

Host: foreks.com
URL: https://foreks.com/_nuxt/20f57ac.modern.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.173.154.20 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-173-154-20.muc50.r.cloudfront.net

Software

Resource Hash

c2583c951d2e578bbac20cc1186b6ac4346b4d1e65a6e43279f2a08f6633846e

Security Headers

Name	Value
Content-Security-Policy	default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept: application/json, text/plain, */*
Referer: https://foreks.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 18:33:22 GMT
content-security-policy: default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
x-content-type-options: nosniff
strict-transport-security: max-age=15552000; includeSubDomains
content-encoding: gzip
x-permitted-cross-domain-policies: none
via: 1.1 595547cdc2fce94aba8498c84797701a.cloudfront.net (CloudFront)
x-amz-cf-pop: MUC50-P3
x-dns-prefetch-control: off
x-cache: Miss from cloudfront
cross-origin-resource-policy: same-origin
x-xss-protection: 0
referrer-policy: no-referrer
cross-origin-opener-policy: same-origin
x-download-options: noopen
x-frame-options: SAMEORIGIN
x-ratelimit-remaining: 498
content-type: application/json
vary: Accept-Encoding
origin-agent-cluster: ?1
cache-control: max-age=10
access-control-allow-credentials: true
x-ratelimit-reset: 1701196475
x-ratelimit-limit: 500
x-amz-cf-id: YVv1oXkipRbvEl8-ibnJoPgR5ZIXZBNcbPn7jGCmi_OGkLxiTqQSbg==

GET
H2 200 hb Show response
ng.virgul.com/ 25 KB
3 KB 90ms
89ms Script
application/javascript 185.7.176.222
SH

General

Check archive.org

Show headers Download Go to

Full URL: https://ng.virgul.com/hb?call=noktaad.setHbParameters&site=foreks&dts=472554
Requested by: Host: static.virgul.com
URL: https://static.virgul.com/theme/mockups/adcode/outside.js?dts=19689
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 185.7.176.222 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: 58a7c01f5b8ec5a2d6e25b2a22b74c84a4a4004d1c430f0c0d3d24c19aacbb3a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://foreks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 18:33:22 GMT
content-encoding: gzip
server: openresty/1.15.8.3
vary: Accept-Encoding
p3p: CP='IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT'
access-control-allow-origin: https://foreks.com
content-type: application/javascript
cache-control: max-age=3600
access-control-allow-credentials: true

GET
H2 200 cta-loaded.js Show response
cta-service-cms2.hubspot.com/ctas/v2/public/cs/ 0
516 B 142ms
142ms Script
application/javascript 2606:4700::6813:9b53
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cta-service-cms2.hubspot.com/ctas/v2/public/cs/cta-loaded.js?pid=6100458&pg=ecc136ef-40f2-4547-bee9-f39c75a1114d&lt=1701196401714&dt=1701196401714&at=1701196402295

Requested by

Host: js.hscta.net
URL: https://js.hscta.net/cta/current.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:9b53 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://foreks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

x-origin-hublet: na1
date: Tue, 28 Nov 2023 18:33:22 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: MISS
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: ab770d36-6d0a-4f91-9c92-86921d817b88
x-envoy-upstream-service-time: 2
content-length: 0
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: ab770d36-6d0a-4f91-9c92-86921d817b88
last-modified: Tue, 28 Nov 2023 18:33:22 GMT
server: cloudflare
x-trace: 2B53C0D2BCC673B0196F5EC680BC2A4AE6F82E9B5C000000000000000000
vary: origin, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BbqNg95DA5JW4ZNWtE7KZ0fRovQMtKcZ4rZdRv5qJXWTE4ROot%2BWqIgOuNc6DAQWTgLHVfdyy5CelLKN18YpE2MDRvKoqAsDctwP%2F9vDf70XKeVt7laehG17%2BHE8iHsKUXpK%2Fc9WIg2nL9opiLYSgG9WLRku2hs7DTQ%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript;charset=utf-8
x-evy-trace-virtual-host: all
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-56dcc87b5c-bm6nn
access-control-expose-headers: X-Origin-Hublet
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
x-robots-tag: noindex, follow
cf-ray: 82d4b2ea6c6cbb9e-FRA

GET
H/1.1 200
OK counters.gif
perf.hsforms.com/embed/v3/ 35 B
1 KB 205ms
158ms Image
image/gif 2606:4700::6812:c07d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://perf.hsforms.com/embed/v3/counters.gif?key=cta-json-success&value=1

Requested by

Host: foreks.com
URL: https://foreks.com/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:c07d , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://foreks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date: Tue, 28 Nov 2023 18:33:22 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
X-Content-Type-Options: nosniff
CF-Cache-Status: MISS
x-evy-trace-route-service-name: envoyset-translator
X-HubSpot-Correlation-Id: caa9972d-21d0-451d-9d9e-1dc0cfee7f8a
x-envoy-upstream-service-time: 10
Connection: keep-alive
alt-svc: h3=":443"; ma=86400
Content-Length: 35
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: caa9972d-21d0-451d-9d9e-1dc0cfee7f8a
Last-Modified: Tue, 28 Nov 2023 18:33:22 GMT
Server: cloudflare
X-Trace: 2BE9D79497530508060728DF660F8D55DFC1B2EE7F000000000000000000
Vary: origin, Accept-Encoding
Content-Type: image/gif
x-evy-trace-virtual-host: all
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-56dcc87b5c-2mvph
Access-Control-Expose-Headers: X-Origin-Hublet
Cache-Control: max-age=0, no-cache, no-store
Access-Control-Allow-Credentials: false
Accept-Ranges: bytes
X-Robots-Tag: none
CF-RAY: 82d4b2eaae1e4d84-FRA

GET
H/1.1 200
OK counters.gif
perf.hsforms.com/embed/v3/ 35 B
1 KB 186ms
138ms Image
image/gif 2606:4700::6812:c07d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://perf.hsforms.com/embed/v3/counters.gif?key=cta-render-success&value=1

Requested by

Host: foreks.com
URL: https://foreks.com/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:c07d , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://foreks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date: Tue, 28 Nov 2023 18:33:22 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
X-Content-Type-Options: nosniff
CF-Cache-Status: MISS
x-evy-trace-route-service-name: envoyset-translator
X-HubSpot-Correlation-Id: 191785fa-eb32-47ec-baaf-94bb5e65d338
x-envoy-upstream-service-time: 1
Connection: keep-alive
alt-svc: h3=":443"; ma=86400
Content-Length: 35
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 191785fa-eb32-47ec-baaf-94bb5e65d338
Last-Modified: Tue, 28 Nov 2023 18:33:22 GMT
Server: cloudflare
X-Trace: 2B57BA8E2F22F33FFF0AA01DF5528ADF8B17CDEE65000000000000000000
Vary: origin, Accept-Encoding
Content-Type: image/gif
x-evy-trace-virtual-host: all
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-56dcc87b5c-22dgm
Access-Control-Expose-Headers: X-Origin-Hublet
Cache-Control: max-age=0, no-cache, no-store
Access-Control-Allow-Credentials: false
Accept-Ranges: bytes
X-Robots-Tag: none
CF-RAY: 82d4b2eaab8f5d9e-FRA

GET
DATA 200
OK truncated
/ 180 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 825f99a399ad27c48025d7dc29e1f7e79f0da08282dccece11495a299a19eb78

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H2 200 hqdefault.jpg
i.ytimg.com/vi/sDwWi4H67nI/ 28 KB
28 KB 123ms
58ms Image
image/jpeg 2a00:1450:4001:829::2016
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i.ytimg.com/vi/sDwWi4H67nI/hqdefault.jpg

Requested by

Host: foreks.com
URL: https://foreks.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2016 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3df6389a8ff7dde8ee50f8c6b0d119e3f773979d9f16e974e4af1f15e3821956

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://foreks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 17:45:40 GMT
x-content-type-options: nosniff
age: 2862
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 28526
x-xss-protection: 0
server: sffe
etag: "1700554184"
vary: Origin
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type: image/jpeg
cache-control: public, max-age=7200
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
expires: Tue, 28 Nov 2023 19:45:40 GMT

GET
H2 200 hqdefault.jpg
i.ytimg.com/vi/ze5GrW3hvgE/ 26 KB
26 KB 154ms
89ms Image
image/jpeg 2a00:1450:4001:829::2016
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i.ytimg.com/vi/ze5GrW3hvgE/hqdefault.jpg

Requested by

Host: foreks.com
URL: https://foreks.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2016 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

be0aca6d438e35555fb33379f42ad1e025bac66905f97b1044331e434c9901f4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://foreks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 18:33:23 GMT
x-content-type-options: nosniff
age: 0
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 26754
x-xss-protection: 0
server: sffe
etag: "1700552282"
vary: Origin
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type: image/jpeg
cache-control: public, max-age=7200
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
expires: Tue, 28 Nov 2023 20:33:23 GMT

GET
H2 200 hqdefault.jpg
i.ytimg.com/vi/M3fnfLqEDTs/ 29 KB
29 KB 111ms
47ms Image
image/jpeg 2a00:1450:4001:829::2016
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i.ytimg.com/vi/M3fnfLqEDTs/hqdefault.jpg

Requested by

Host: foreks.com
URL: https://foreks.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2016 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b8047588ad2d604669ffc521341dd306637c33983a7cee27131df6f91914b479

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://foreks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 17:45:40 GMT
x-content-type-options: nosniff
age: 2862
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 29710
x-xss-protection: 0
server: sffe
etag: "1699519187"
vary: Origin
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type: image/jpeg
cache-control: public, max-age=7200
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
expires: Tue, 28 Nov 2023 19:45:40 GMT

GET
H2 200 hqdefault.jpg
i.ytimg.com/vi/SIMeBRUNzr4/ 28 KB
29 KB 85ms
22ms Image
image/jpeg 2a00:1450:4001:829::2016
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i.ytimg.com/vi/SIMeBRUNzr4/hqdefault.jpg

Requested by

Host: foreks.com
URL: https://foreks.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2016 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

24d762fbab387aacaffe0c312772e4294a76685a326d898dfd69b87208bbb942

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://foreks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 18:32:40 GMT
x-content-type-options: nosniff
age: 42
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 29165
x-xss-protection: 0
server: sffe
etag: "1701088979"
vary: Origin
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type: image/jpeg
cache-control: public, max-age=300
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
expires: Tue, 28 Nov 2023 18:37:40 GMT

GET
DATA 200
OK truncated
/ 180 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: a32a2f8e63f3c2d90d9653f6f762f980b13b90e3a32777b2228930045a951213

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H3 200 collect
www.google-analytics.com/ 35 B
55 B 23ms
23ms Image
image/gif 2a00:1450:4001:80e::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j101&a=424479691&t=event&ni=1&_s=2&dl=https%3A%2F%2Fforeks.com%2F&ul=en-us&de=UTF-8&dt=Piyasalar%2C%20Canl%C4%B1%20Borsa%2C%20D%C3%B6viz%2C%20Alt%C4%B1n%20Fiyatlar%C4%B1%20-%20Foreks&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=Clarity&ea=192pu1n&_u=aDDAAUABAAAAACAAI~&jid=&gjid=&cid=1202893231.1701196401&tid=UA-82686003-1&_gid=388237801.1701196401&gtm=457e3b81&gcd=11l1l1l1l1&dma_cps=sypham&dma=1&cd1=https%3A%2F%2Fclarity.microsoft.com%2Fga%2Fend5q83kh4%2F1u97uy2%2F192pu1n&z=1375793640

Requested by

Host: foreks.com
URL: https://foreks.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://foreks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 28 Nov 2023 05:19:42 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 47620
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 aps_csm.js Show response
c.amazon-adsystem.com/bao-csm/aps-comm/ 6 KB
3 KB 96ms
38ms XHR
application/javascript 108.138.37.209
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/bao-csm/aps-comm/aps_csm.js
Requested by: Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 108.138.37.209 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-108-138-37-209.muc50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 06b99248a163333e36980a6cfb756f1a7de60fa49517162b87b1a44d5d48f844

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://foreks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

x-amz-version-id: 9yABOonr2HqHtwbarUcdbIqN0f4A8Qog
content-encoding: gzip
via: 1.1 da7d0e99d4b5322bc1c874b2af707374.cloudfront.net (CloudFront)
date: Tue, 28 Nov 2023 07:08:10 GMT
x-amz-cf-pop: MUC50-P2
age: 41114
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
last-modified: Tue, 29 Aug 2023 08:30:37 GMT
server: AmazonS3
etag: W/"a4d296427fc806b21335359e398c025c"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
vary: Accept-Encoding,Origin
x-amz-cf-id: ImX_ibxrRexT30EijyCce--CFYW4nwng1ffC45rPXdkvwIb3UrdXwQ==

POST
H/1.1 204
No Content collect Show response
u.clarity.ms/ 0
290 B 383ms
123ms XHR
text/plain 4.227.249.197
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://u.clarity.ms/collect
Requested by: Host: www.clarity.ms
URL: https://www.clarity.ms/s/0.7.18/clarity.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 4.227.249.197 Tappahannock, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: application/x-clarity-gzip
Referer: https://foreks.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Access-Control-Allow-Origin: https://foreks.com
Date: Tue, 28 Nov 2023 18:33:23 GMT
Access-Control-Allow-Credentials: true
Server: nginx/1.18.0 (Ubuntu)
Connection: keep-alive
Vary: Origin
Request-Context: appId=cid-v1:9c7c879b-c51a-427e-9701-218438da5f81

GET
H3 200 show_ads_impl_with_ama_fy2021.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202311150101/ 397 KB
134 KB 133ms
89ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202311150101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-6593523210010154&plah=foreks.com&bust=31079757

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-6593523210010154

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7567d21efad4a22bbbad2b19bbb5b1b4eff9ec6ce410a2137e9ea3dcd83ee92b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://foreks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 18:33:23 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 137279
x-xss-protection: 0
server: cafe
etag: 139924222931791961
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Tue, 28 Nov 2023 18:33:23 GMT

GET
H2 200 zrt_lookup_fy2021.html Show response
googleads.g.doubleclick.net/pagead/html/r20231109/r20190131/ Frame 6774 9 KB
4 KB 192ms
24ms Document
text/html 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20231109/r20190131/zrt_lookup_fy2021.html

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-6593523210010154

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

623c81b092a6116d4d60ff89b14803818efb0b9aebf6e4e2c50241e802f6e016

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://foreks.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 8119
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4118
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 28 Nov 2023 16:18:04 GMT
etag: 16674218716276178799
expires: Tue, 12 Dec 2023 16:18:04 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 e0a76a78-9ad1-46f2-a337-886c2e24ac91 Show response
config.aps.amazon-adsystem.com/configs/ 537 B
805 B 175ms
26ms Script
application/javascript 108.138.36.78
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://config.aps.amazon-adsystem.com/configs/e0a76a78-9ad1-46f2-a337-886c2e24ac91
Requested by: Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 108.138.36.78 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-108-138-36-78.muc50.r.cloudfront.net
Software: CloudFront /
Resource Hash: 3e5262f8dd2e248bae2b81dc6d3910298e930ce8f34d36751392e5e1cfe0be60

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://foreks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 18:30:42 GMT
via: 1.1 068dc56746723ff514ed3604e029e74e.cloudfront.net (CloudFront)
server: CloudFront
x-amz-cf-pop: MUC50-P2
age: 161
x-cache: Hit from cloudfront
content-type: application/javascript
cache-control: max-age=3600
content-length: 537
x-amz-cf-id: H8X7GakE6YZRJzd_KEnCtLjOUE2VmuWl9kTzDGRA-LJ4zEWaVDYJmw==

GET
H2 200 config Show response
c.amazon-adsystem.com/cdn/prod/ 488 B
842 B 39ms
38ms XHR
application/json 108.138.37.209
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/cdn/prod/config?src=600&u=https%3A%2F%2Fforeks.com&pubid=e0a76a78-9ad1-46f2-a337-886c2e24ac91
Requested by: Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 108.138.37.209 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-108-138-37-209.muc50.r.cloudfront.net
Software: Server /
Resource Hash: 844b87b27dc65dd4bfd6b4a840673478ecdb0512337f6b30f7af691c339908af

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://foreks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 17:45:41 GMT
via: 1.1 a1d3f4e4f5c5940d2f1eea05f736c3ee.cloudfront.net (CloudFront)
server: Server
x-amz-cf-pop: MUC50-P2
age: 2862
x-cache: Hit from cloudfront
content-type: application/json;charset=UTF-8
access-control-allow-origin: https://foreks.com
cache-control: max-age=21550, s-maxage=21600
access-control-allow-credentials: true
content-length: 488
x-amz-cf-id: V4tZdCOQgRX_VPEz7q4HyWIIpzx9opfoc-q1wZXC1kSLOtmT0MzXGQ==

GET
H3 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ 92 KB
30 KB 94ms
94ms Script
text/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: foreks.com
URL: https://foreks.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e54e4ec49d2a8ee4acdfcd89ab85619fc73f25874d7761dab806ec336927dd97

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://foreks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 18:33:23 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 30345
x-xss-protection: 0
server: cafe
etag: 38 / 19689 / m202311130101 / config-hash: 1658256348278883366
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
expires: Tue, 28 Nov 2023 18:33:23 GMT

GET
H2 200 foreks.js Show response
static.virgul.com/theme/mockups/sites/ 1 KB
1 KB 59ms
59ms Script
application/javascript 185.7.176.222
SH

General

Check archive.org

Show headers Download Go to

Full URL

https://static.virgul.com/theme/mockups/sites/foreks.js?dts=472554

Requested by

Host: static.virgul.com
URL: https://static.virgul.com/theme/mockups/adcode/outside.js?dts=19689

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

185.7.176.222 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),

Reverse DNS

Software

openresty/1.15.8.3 /

Resource Hash

241be130e68ed432d9be6d5357a0809683ca2b0d141cca5175d175aabb14a306

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://foreks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 18:33:23 GMT
strict-transport-security: max-age=63072000
last-modified: Fri, 15 Sep 2023 09:10:05 GMT
server: openresty/1.15.8.3
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=5184000
accept-ranges: bytes
content-length: 1211

GET
H2 200 pandg-sdk.js Show response
pghub.io/js/ 17 KB
5 KB 152ms
22ms Script
application/javascript 35.241.45.217
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://pghub.io/js/pandg-sdk.js
Requested by: Host: static.virgul.com
URL: https://static.virgul.com/theme/mockups/adcode/outside.js?dts=19689
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.241.45.217 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 217.45.241.35.bc.googleusercontent.com
Software: UploadServer /
Resource Hash: 27961ab8c37cddad89230364167c048c6377a80e38542a5ffbca600faf4098ea

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://foreks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 18:14:44 GMT
content-encoding: gzip
age: 1119
x-guploader-uploadid: ABPtcPqZ4gX3m1CV0WoBMBAZrsNsLOBAYpoerYGrSohBSEGo47UM0XABufhJaAAnw_PE2iDsVK4
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: gzip
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 5009
last-modified: Mon, 05 Jun 2023 16:36:50 GMT
server: UploadServer
etag: "47a886353056caf33a998c6041e20896"
vary: Accept-Encoding
x-goog-generation: 1685983010517890
x-goog-hash: crc32c=aHj4lg==, md5=R6iGNTBWyvM6mYxgQeIIlg==
access-control-allow-origin: *
access-control-expose-headers: Access-Control-Allow-Origin
cache-control: public,max-age=3600
x-goog-stored-content-length: 5009
accept-ranges: bytes
content-type: application/javascript

GET
H2 200 zoneview
ng.virgul.com/ 0
209 B 60ms
60ms Image
text/plain 185.7.176.222
SH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ng.virgul.com/zoneview?c=&mt=1701196403169&v=https%3A%2F%2Fforeks.com%2F&r=158529@158735@158735@158735@158735@158735@158735@158735@158528@158733@158820:foreks&userId=vnet7b02ca45-a86b-447b-abe0-0c93ef55687a&tp=&os=&call=&vd=0&ses=0&dim=1600x1200&l=&y=&w=0&ext=,as,rc1,hf1,vv1&info=&ref=&rdmt=0.02831896193381578
Requested by: Host: foreks.com
URL: https://foreks.com/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 185.7.176.222 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://foreks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

access-control-allow-origin: https://foreks.com
date: Tue, 28 Nov 2023 18:33:23 GMT
access-control-allow-credentials: true
expires: Tue, 04 Jan 2022 10:49:40 GMT
server: openresty/1.15.8.3
content-length: 0
p3p: CP='IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT'

GET
H2 200 publishertag.ids.js Show response
static.criteo.net/js/ld/ 42 KB
13 KB 191ms
73ms Script
text/javascript 2a02:2638:3::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.criteo.net/js/ld/publishertag.ids.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202311130101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

a1a256244f073b9ed474c52d16f8b7d0ed5d92ca4129042d6ee150817671bcd9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://foreks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 18:33:23 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Fri, 27 Oct 2023 06:43:26 GMT
server: nginx
etag: W/"653b5c0e-a9a7"
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=86400, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Wed, 29 Nov 2023 18:33:23 GMT

GET
H2 200 ob.js Show response
cdn-ima.33across.com/ 11 KB
5 KB 151ms
34ms Script
application/javascript 172.64.152.89
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn-ima.33across.com/ob.js
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202311130101/pubads_impl.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.64.152.89 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f6cfe89b284e6a2100a86b8d6b0e52b76b85cc62622a40d63e929f328d883a6a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://foreks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 18:33:23 GMT
content-encoding: gzip
cf-cache-status: HIT
last-modified: Mon, 30 Oct 2023 20:31:13 GMT
server: cloudflare
age: 142198
etag: W/"65401291-2b7d"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=259200
cf-ray: 82d4b2f0b847bb3b-FRA
expires: Fri, 01 Dec 2023 18:33:23 GMT

GET
H2 200 esp.js Show response
oa.openxcdn.net/ 24 KB
8 KB 142ms
24ms Script
application/javascript 34.102.146.192
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://oa.openxcdn.net/esp.js
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202311130101/pubads_impl.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.102.146.192 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 192.146.102.34.bc.googleusercontent.com
Software: UploadServer /
Resource Hash: 544c55ca9f05d425f3beb90f287308d7a408b1f60d17728eff5c605a494bc1b9

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://foreks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Mon, 13 Nov 2023 17:40:12 GMT
content-encoding: gzip
age: 1299191
x-guploader-uploadid: ABPtcPrYakBZZUaYUT2Aa4NoJoJQZRP6-ODG4Mlhh8MKCLApMvJzlaEJN2z8T9SAscKxSRsWb_zHAvxtH2n8WvZ8c-eAXA
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: gzip
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 7927
last-modified: Thu, 27 May 2021 18:30:51 GMT
server: UploadServer
etag: "df5542b88bc0e368c6999754a5b9e2ba"
x-goog-generation: 1622140251693895
x-goog-hash: crc32c=f21hYg==, md5=31VCuIvA42jGmZdUpbniug==
content-type: application/javascript
cache-control: no-transform
x-goog-stored-content-length: 7927
accept-ranges: bytes
expires: Tue, 12 Nov 2024 17:40:12 GMT

GET
H2 200 sync.min.js Show response
tags.crwdcntrl.net/lt/c/16589/ 39 KB
12 KB 148ms
31ms Script
text/javascript 108.138.36.46
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.crwdcntrl.net/lt/c/16589/sync.min.js
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202311130101/pubads_impl.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 108.138.36.46 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-108-138-36-46.muc50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: e885badff253144e188588b5657e13cfa1135d4cd682053c9cca02b83baf1ef2

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://foreks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 07:38:20 GMT
content-encoding: gzip
via: 1.1 7f6fdb9a0ec439bac9ac6cc0db13237e.cloudfront.net (CloudFront)
last-modified: Wed, 06 Sep 2023 15:56:57 GMT
server: AmazonS3
x-amz-cf-pop: MUC50-P2
age: 39304
x-amz-server-side-encryption: AES256
etag: W/"e073e71ed7a44e6f9cdd72904fda5940"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/javascript
cache-control: public, max-age=86400
x-amz-cf-id: FUCchs08WMwYuXEHF8wTGvrTO-fJNSPjXf44gV5dq4T5wfNWrfqNYg==

GET
H2 200 encrypted-tag-g.js Show response
invstatic101.creativecdn.com/encrypted-signals/ 1 KB
1 KB 155ms
38ms Script
text/javascript 34.96.70.87
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://invstatic101.creativecdn.com/encrypted-signals/encrypted-tag-g.js
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202311130101/pubads_impl.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.96.70.87 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 87.70.96.34.bc.googleusercontent.com
Software: Google Frontend /
Resource Hash: b04a268fbd6ac543dcd653b1c529871767a5b78cb2a2f40e54bcb0bfe2daa154

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://foreks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 18:33:23 GMT
via: 1.1 google, 1.1 google
last-modified: Thu, 03 Aug 2023 03:28:51 GMT
server: Google Frontend
etag: fc4e6bfe266081c4873c6f08c8298e5c
content-type: text/javascript; charset=utf-8
x-cloud-trace-context: fc3e2763bdebf66749df02e626f75ec5
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1207

GET
H2 200 pubcid.min.js Show response
cdn.jsdelivr.net/gh/prebid/shared-id/pubcid.js/docs/ 732 B
1 KB 154ms
37ms Script
application/javascript 2606:4700::6810:5814
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/gh/prebid/shared-id/pubcid.js/docs/pubcid.min.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202311130101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:5814 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a5230196df9a4e9f6382c504668862efc8e25c1ec093c7dc997fbedb4b3ec54e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://foreks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 18:33:23 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 39082
x-jsd-version: master
content-encoding: br
x-cache: HIT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
x-served-by: cache-fra-eddf8230088-FRA
x-jsd-version-type: branch
server: cloudflare
etag: W/"2dc-IrZxm/sP4aqtIfs1EfEw6Dg5q1Y"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0sYB14Ax2FcJR5qzXcNp%2FRbJTc9i1XLP2YV0Qb9Zf3TeCScCKrg0b6NlTDLhYst4M7Prd8f1NQFZ8JsgwHQvFUS4%2Buuz9RAdCWHhE%2BWDFg9FjI1MI5VFirpkieZ3H3g8NTOStHwLrw%2BOY5h7Apo%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=604800, s-maxage=43200
timing-allow-origin: *
cf-ray: 82d4b2f0b9931951-FRA

GET
H2 200 esp.js Show response
cdn.id5-sync.com/api/1.0/ 152 KB
33 KB 166ms
49ms Script
text/javascript 2606:4700:10::ac43:266a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.id5-sync.com/api/1.0/esp.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202311130101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:266a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d050c56b76cb2dae10e3eadd8e8f5e83594db0916d25946bec2f662f69dd776d

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://foreks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 18:33:23 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-encoding: gzip
cf-cache-status: HIT
last-modified: Tue, 28 Nov 2023 11:19:25 GMT
server: cloudflare
x-amz-request-id: 53GGBM5A6XBRJD2W
age: 2937
etag: W/"d12fc51ceb66081fc72dabad6e4e0ded"
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
content-type: text/javascript;charset=utf-8
cache-control: public, max-age=3600
cf-ray: 82d4b2f0bc43bb9b-FRA
x-amz-id-2: +r3IAnmtspceOaG1P4pbsdXEsJtBBACfmiF8uWKvw4Pf0lwmAmf71J80yWQcWt5hYVJvZ/iixAE=

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 36 KB
14 KB 361ms
361ms Fetch
text/plain 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=4061356811091417&correlator=563799482119339&eid=31078015%2C31079525%2C31079575&output=ldjh&gdfp_req=1&vrg=202311130101&ptt=17&impl=fif&iu_parts=21728129623%3A158935454%2Cweb_foreks_728x90&enc_prev_ius=%2F0%2F1&prev_iu_szs=320x50%7C728x90%7C468x60%7C680x90%7C728x50%7C320x50%7C300x50&fluid=height&ifi=2&didk=3047743917&sfv=1-0-40&eri=1&sc=1&cookie_enabled=1&abxe=1&dt=1701196403195&lmt=1701196403&adxs=276&adys=980&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=0&ucis=1&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&u_tz=60&dmc=8&bc=31&nvt=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&url=https%3A%2F%2Fforeks.com%2F&vis=1&psz=964x0&msz=964x0&fws=128&ohw=0&ga_vid=1202893231.1701196401&ga_sid=1701196403&ga_hid=424479691&ga_fc=true&a3p=EhwKDWNyd2RjbnRybC5uZXQY96PUucExSABSAghkEhsKDDMzYWNyb3NzLmNvbRj3o9S5wTFIAFICCGQSGQoKcHViY2lkLm9yZxj3o9S5wTFIAFICCGQSHQoOZXNwLmNyaXRlby5jb20Y96PUucExSABSAghkEhQKBW9wZW54GPej1LnBMUgAUgIIZBIXCghydGJob3VzZRj3o9S5wTFIAFICCGQSGwoMaWQ1LXN5bmMuY29tGPej1LnBMUgAUgIIZA..&dlt=1701196400810&idt=334&ppid=vnet7b02ca45a86b447babe00c93ef55687a&cust_params=amznbid%3D0%26amznp%3D0%26category%3Dsite_geneli%26plm%3Dnull%26viewable%3D2%26site%3Dforeks%26mt%3D1701196402186%26pager%3D1%2540site_geneli%2540foreks%253Asite_geneli%26policy%3D0%26host%3Dforeks.com%26url%3Dhttps%253A%2520%2520foreks.com%2520%26targetCtr%3D0%26pid%3Dvnet7b02ca45-a86b-447b-abe0-0c93ef55687a%26targetCr%3D0%26Mobile%3Dfalse%26env%3Dweb%26webmAd%3D1%26overlay%3D1%26rc%3D0%26datasave%3D0&adks=3820039281&frm=20

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202311130101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

5e21b054e57b342ba854e5e953d8bfea2d05b93a4a0c297834cc98a58c83bad9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://foreks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 18:33:23 GMT
content-encoding: br
x-content-type-options: nosniff
observe-browsing-topics: ?1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14693
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://foreks.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 37 KB
14 KB 402ms
399ms Fetch
text/plain 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=4061356811091417&correlator=3023173014350444&eid=31078015%2C31079525%2C31079575&output=ldjh&gdfp_req=1&vrg=202311130101&ptt=17&impl=fif&iu_parts=21728129623%3A158935454%2Cweb_foreks_sidebar_300x250&enc_prev_ius=%2F0%2F1&prev_iu_szs=320x50%7C300x250%7C250x250%7C200x200%7C160x160%7C300x100%7C300x50&fluid=height&ifi=3&didk=1043972858&sfv=1-0-40&eri=1&sc=1&cookie_enabled=1&abxe=1&dt=1701196403203&lmt=1701196403&adxs=1142&adys=697&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=0&ucis=2&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&u_tz=60&dmc=8&bc=31&nvt=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&url=https%3A%2F%2Fforeks.com%2F&vis=1&psz=300x0&msz=300x0&fws=128&ohw=0&ga_vid=1202893231.1701196401&ga_sid=1701196403&ga_hid=424479691&ga_fc=true&a3p=EhwKDWNyd2RjbnRybC5uZXQY96PUucExSABSAghkEhsKDDMzYWNyb3NzLmNvbRj3o9S5wTFIAFICCGQSGQoKcHViY2lkLm9yZxj3o9S5wTFIAFICCGQSHQoOZXNwLmNyaXRlby5jb20Y96PUucExSABSAghkEhQKBW9wZW54GPej1LnBMUgAUgIIZBIXCghydGJob3VzZRj3o9S5wTFIAFICCGQSGwoMaWQ1LXN5bmMuY29tGPej1LnBMUgAUgIIZA..&dlt=1701196400810&idt=334&ppid=vnet7b02ca45a86b447babe00c93ef55687a&cust_params=amznbid%3D0%26amznp%3D0%26category%3Dsite_geneli%26plm%3Dnull%26viewable%3D2%26site%3Dforeks%26mt%3D1701196402186%26pager%3D1%2540site_geneli%2540foreks%253Asite_geneli%26policy%3D0%26host%3Dforeks.com%26url%3Dhttps%253A%2520%2520foreks.com%2520%26targetCtr%3D0%26pid%3Dvnet7b02ca45-a86b-447b-abe0-0c93ef55687a%26targetCr%3D0%26Mobile%3Dfalse%26env%3Dweb%26webmAd%3D1%26overlay%3D1%26rc%3D0%26datasave%3D0&adks=2254628106&frm=20

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202311130101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

994f7280fd7e284cf6dce90a5432ec8521bd4153deb56a1ba72e9c9a35b45fb1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://foreks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 18:33:23 GMT
content-encoding: br
x-content-type-options: nosniff
observe-browsing-topics: ?1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14772
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://foreks.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 36 KB
14 KB 376ms
373ms Fetch
text/plain 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=4061356811091417&correlator=1833477993238068&eid=31078015%2C31079525%2C31079575&output=ldjh&gdfp_req=1&vrg=202311130101&ptt=17&impl=fif&iu_parts=21728129623%3A158935454%2Cweb_foreks_masthead&enc_prev_ius=%2F0%2F1&prev_iu_szs=320x50%7C970x250%7C970x90%7C728x90%7C300x250%7C468x60%7C250x250%7C200x200%7C160x160&fluid=height&ifi=4&didk=4231602529&sfv=1-0-40&eri=1&sc=1&cookie_enabled=1&abxe=1&dt=1701196403206&lmt=1701196403&adxs=315&adys=273&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=0&ucis=3&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&u_tz=60&dmc=8&bc=31&nvt=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&url=https%3A%2F%2Fforeks.com%2F&vis=1&psz=970x0&msz=1600x0&fws=128&ohw=0&ga_vid=1202893231.1701196401&ga_sid=1701196403&ga_hid=424479691&ga_fc=true&a3p=EhwKDWNyd2RjbnRybC5uZXQY96PUucExSABSAghkEhsKDDMzYWNyb3NzLmNvbRj3o9S5wTFIAFICCGQSGQoKcHViY2lkLm9yZxj3o9S5wTFIAFICCGQSHQoOZXNwLmNyaXRlby5jb20Y96PUucExSABSAghkEhQKBW9wZW54GPej1LnBMUgAUgIIZBIXCghydGJob3VzZRj3o9S5wTFIAFICCGQSGwoMaWQ1LXN5bmMuY29tGPej1LnBMUgAUgIIZA..&dlt=1701196400810&idt=334&ppid=vnet7b02ca45a86b447babe00c93ef55687a&cust_params=amznbid%3D0%26amznp%3D0%26category%3Dsite_geneli%26plm%3Dnull%26viewable%3D2%26site%3Dforeks%26mt%3D1701196402186%26pager%3D1%2540site_geneli%2540foreks%253Asite_geneli%26policy%3D0%26host%3Dforeks.com%26url%3Dhttps%253A%2520%2520foreks.com%2520%26targetCtr%3D0%26pid%3Dvnet7b02ca45-a86b-447b-abe0-0c93ef55687a%26targetCr%3D0%26Mobile%3Dfalse%26env%3Dweb%26webmAd%3D1%26overlay%3D1%26rc%3D0%26datasave%3D0&adks=1593130247&frm=20

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202311130101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

19567dc1cab0ae72cb4d6a90200d6b1e6bfda3a4cc05421bc6d595d64602f444

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://foreks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 18:33:23 GMT
content-encoding: br
x-content-type-options: nosniff
observe-browsing-topics: ?1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14721
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://foreks.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 29 KB
12 KB 483ms
480ms Fetch
text/plain 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=4061356811091417&correlator=1792956994510735&eid=31078015%2C31079525%2C31079575&output=ldjh&gdfp_req=1&vrg=202311130101&ptt=17&impl=fif&iu_parts=21728129623%3A158935454%2Cweb_foreks_sidebar_300x250_2&enc_prev_ius=%2F0%2F1&prev_iu_szs=320x50%7C300x250%7C250x250%7C200x200%7C160x160%7C300x100%7C300x50&fluid=height&ifi=5&didk=1252517706&sfv=1-0-40&eri=1&sc=1&cookie_enabled=1&abxe=1&dt=1701196403208&lmt=1701196403&adxs=1142&adys=2133&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=1&ucis=4&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&u_tz=60&dmc=8&bc=31&nvt=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&url=https%3A%2F%2Fforeks.com%2F&vis=1&psz=300x0&msz=300x0&fws=128&ohw=0&ga_vid=1202893231.1701196401&ga_sid=1701196403&ga_hid=424479691&ga_fc=true&a3p=EhwKDWNyd2RjbnRybC5uZXQY96PUucExSABSAghkEhsKDDMzYWNyb3NzLmNvbRj3o9S5wTFIAFICCGQSGQoKcHViY2lkLm9yZxj3o9S5wTFIAFICCGQSHQoOZXNwLmNyaXRlby5jb20Y96PUucExSABSAghkEhQKBW9wZW54GPej1LnBMUgAUgIIZBIXCghydGJob3VzZRj3o9S5wTFIAFICCGQSGwoMaWQ1LXN5bmMuY29tGPej1LnBMUgAUgIIZA..&dlt=1701196400810&idt=334&ppid=vnet7b02ca45a86b447babe00c93ef55687a&cust_params=amznbid%3D0%26amznp%3D0%26category%3Dsite_geneli%26plm%3Dnull%26viewable%3D2%26site%3Dforeks%26mt%3D1701196402186%26pager%3D1%2540site_geneli%2540foreks%253Asite_geneli%26policy%3D0%26host%3Dforeks.com%26url%3Dhttps%253A%2520%2520foreks.com%2520%26targetCtr%3D0%26pid%3Dvnet7b02ca45-a86b-447b-abe0-0c93ef55687a%26targetCr%3D0%26Mobile%3Dfalse%26env%3Dweb%26webmAd%3D1%26overlay%3D1%26rc%3D0%26datasave%3D0&adks=246007431&frm=20

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202311130101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4f90120be35c42f1e51350c3e2ff9b4426c0bccb7bcc85260620e66a666c6ae

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://foreks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 18:33:23 GMT
content-encoding: br
x-content-type-options: nosniff
observe-browsing-topics: ?1
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 12398
x-xss-protection: 0
google-lineitem-id: 6241543851
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: 138426216898
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://foreks.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 29 KB
12 KB 304ms
301ms Fetch
text/plain 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=4061356811091417&correlator=4386373839653298&eid=31078015%2C31079525%2C31079575&output=ldjh&gdfp_req=1&vrg=202311130101&ptt=17&impl=fif&iu_parts=21728129623%3A158935454%2Cweb_foreks_alt_300x250&enc_prev_ius=%2F0%2F1&prev_iu_szs=320x50%7C300x250%7C250x250%7C200x200%7C160x160%7C300x100%7C300x50&fluid=height&ifi=6&didk=1985298808&sfv=1-0-40&eri=1&sc=1&cookie_enabled=1&abxe=1&dt=1701196403210&lmt=1701196403&adxs=1142&adys=3322&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=2&ucis=5&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&u_tz=60&dmc=8&bc=31&nvt=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&url=https%3A%2F%2Fforeks.com%2F&vis=1&psz=300x0&msz=300x0&fws=128&ohw=0&ga_vid=1202893231.1701196401&ga_sid=1701196403&ga_hid=424479691&ga_fc=true&a3p=EhwKDWNyd2RjbnRybC5uZXQY96PUucExSABSAghkEhsKDDMzYWNyb3NzLmNvbRj3o9S5wTFIAFICCGQSGQoKcHViY2lkLm9yZxj3o9S5wTFIAFICCGQSHQoOZXNwLmNyaXRlby5jb20Y96PUucExSABSAghkEhQKBW9wZW54GPej1LnBMUgAUgIIZBIXCghydGJob3VzZRj3o9S5wTFIAFICCGQSGwoMaWQ1LXN5bmMuY29tGPej1LnBMUgAUgIIZA..&dlt=1701196400810&idt=334&ppid=vnet7b02ca45a86b447babe00c93ef55687a&cust_params=amznbid%3D0%26amznp%3D0%26category%3Dsite_geneli%26plm%3Dnull%26viewable%3D2%26site%3Dforeks%26mt%3D1701196402186%26pager%3D1%2540site_geneli%2540foreks%253Asite_geneli%26policy%3D0%26host%3Dforeks.com%26url%3Dhttps%253A%2520%2520foreks.com%2520%26targetCtr%3D0%26pid%3Dvnet7b02ca45-a86b-447b-abe0-0c93ef55687a%26targetCr%3D0%26Mobile%3Dfalse%26env%3Dweb%26webmAd%3D1%26overlay%3D1%26rc%3D0%26datasave%3D0&adks=2654342334&frm=20

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202311130101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

00cf365b081cc5eae31f6ece71de10ea0b42857b86a511835e5b33e5ab7a585e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://foreks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 18:33:23 GMT
content-encoding: br
x-content-type-options: nosniff
observe-browsing-topics: ?1
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 12489
x-xss-protection: 0
google-lineitem-id: 6241543851
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: 138425927494
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://foreks.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 26 KB
11 KB 268ms
266ms Fetch
text/plain 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=4061356811091417&correlator=2629197536815258&eid=31078015%2C31079525%2C31079575&output=ldjh&gdfp_req=1&vrg=202311130101&ptt=17&impl=fif&iu_parts=21728129623%3A158935454%2Cweb_foreks_728x90&enc_prev_ius=%2F0%2F1&prev_iu_szs=320x50%7C728x90%7C468x60%7C680x90%7C728x50%7C320x50%7C300x50&fluid=height&ifi=7&didk=388927376&sfv=1-0-40&eri=1&sc=1&cookie_enabled=1&abxe=1&dt=1701196403212&lmt=1701196403&adxs=276&adys=2268&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=3&ucis=6&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&u_tz=60&dmc=8&bc=31&nvt=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&url=https%3A%2F%2Fforeks.com%2F&vis=1&psz=924x0&msz=964x0&fws=128&ohw=0&ga_vid=1202893231.1701196401&ga_sid=1701196403&ga_hid=424479691&ga_fc=true&a3p=EhwKDWNyd2RjbnRybC5uZXQY96PUucExSABSAghkEhsKDDMzYWNyb3NzLmNvbRj3o9S5wTFIAFICCGQSGQoKcHViY2lkLm9yZxj3o9S5wTFIAFICCGQSHQoOZXNwLmNyaXRlby5jb20Y96PUucExSABSAghkEhQKBW9wZW54GPej1LnBMUgAUgIIZBIXCghydGJob3VzZRj3o9S5wTFIAFICCGQSGwoMaWQ1LXN5bmMuY29tGPej1LnBMUgAUgIIZA..&dlt=1701196400810&idt=334&ppid=vnet7b02ca45a86b447babe00c93ef55687a&cust_params=amznbid%3D0%26amznp%3D0%26category%3Dsite_geneli%26plm%3Dnull%26viewable%3D2%26site%3Dforeks%26mt%3D1701196402186%26pager%3D1%2540site_geneli%2540foreks%253Asite_geneli%26policy%3D0%26host%3Dforeks.com%26url%3Dhttps%253A%2520%2520foreks.com%2520%26targetCtr%3D0%26pid%3Dvnet7b02ca45-a86b-447b-abe0-0c93ef55687a%26targetCr%3D0%26Mobile%3Dfalse%26env%3Dweb%26webmAd%3D1%26overlay%3D1%26rc%3D0%26datasave%3D0&adks=4217441780&frm=20

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202311130101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

80f16409981f33de594f7f75ba13f3414afbd7b8663afa0e495a9c601496b198

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://foreks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 18:33:23 GMT
content-encoding: br
x-content-type-options: nosniff
observe-browsing-topics: ?1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11737
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://foreks.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 29 KB
12 KB 330ms
327ms Fetch
text/plain 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=4061356811091417&correlator=1341561020149809&eid=31078015%2C31079525%2C31079575&output=ldjh&gdfp_req=1&vrg=202311130101&ptt=17&impl=fif&iu_parts=21728129623%3A158935454%2Cweb_foreks_728x90&enc_prev_ius=%2F0%2F1&prev_iu_szs=320x50%7C728x90%7C468x60%7C680x90%7C728x50%7C320x50%7C300x50&fluid=height&ifi=8&didk=388927379&sfv=1-0-40&eri=1&sc=1&cookie_enabled=1&abxe=1&dt=1701196403215&lmt=1701196403&adxs=276&adys=3346&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=4&ucis=7&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&u_tz=60&dmc=8&bc=31&nvt=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&url=https%3A%2F%2Fforeks.com%2F&vis=1&psz=924x0&msz=964x0&fws=128&ohw=0&ga_vid=1202893231.1701196401&ga_sid=1701196403&ga_hid=424479691&ga_fc=true&a3p=EhwKDWNyd2RjbnRybC5uZXQY96PUucExSABSAghkEhsKDDMzYWNyb3NzLmNvbRj3o9S5wTFIAFICCGQSGQoKcHViY2lkLm9yZxj3o9S5wTFIAFICCGQSHQoOZXNwLmNyaXRlby5jb20Y96PUucExSABSAghkEhQKBW9wZW54GPej1LnBMUgAUgIIZBIXCghydGJob3VzZRj3o9S5wTFIAFICCGQSGwoMaWQ1LXN5bmMuY29tGPej1LnBMUgAUgIIZA..&dlt=1701196400810&idt=334&ppid=vnet7b02ca45a86b447babe00c93ef55687a&cust_params=amznbid%3D0%26amznp%3D0%26category%3Dsite_geneli%26plm%3Dnull%26viewable%3D2%26site%3Dforeks%26mt%3D1701196402186%26pager%3D1%2540site_geneli%2540foreks%253Asite_geneli%26policy%3D0%26host%3Dforeks.com%26url%3Dhttps%253A%2520%2520foreks.com%2520%26targetCtr%3D0%26pid%3Dvnet7b02ca45-a86b-447b-abe0-0c93ef55687a%26targetCr%3D0%26Mobile%3Dfalse%26env%3Dweb%26webmAd%3D1%26overlay%3D1%26rc%3D0%26datasave%3D0&adks=1598237200&frm=20

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202311130101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

1f4b2fd2bb6b0c6955b91b7f006468abc0b88b534a77a573fcc1100db24aa5ea

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://foreks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 18:33:23 GMT
content-encoding: br
x-content-type-options: nosniff
observe-browsing-topics: ?1
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 12470
x-xss-protection: 0
google-lineitem-id: 6241543851
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: 138425583957
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://foreks.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 29 KB
12 KB 337ms
335ms Fetch
text/plain 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=4061356811091417&correlator=2453045510680399&eid=31078015%2C31079525%2C31079575&output=ldjh&gdfp_req=1&vrg=202311130101&ptt=17&impl=fif&iu_parts=21728129623%3A158935454%2Cweb_foreks_728x90&enc_prev_ius=%2F0%2F1&prev_iu_szs=320x50%7C728x90%7C468x60%7C680x90%7C728x50%7C320x50%7C300x50&fluid=height&ifi=9&didk=388927378&sfv=1-0-40&eri=1&sc=1&cookie_enabled=1&abxe=1&dt=1701196403217&lmt=1701196403&adxs=276&adys=3837&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=5&ucis=8&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&u_tz=60&dmc=8&bc=31&nvt=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&url=https%3A%2F%2Fforeks.com%2F&vis=1&psz=924x0&msz=964x0&fws=128&ohw=0&ga_vid=1202893231.1701196401&ga_sid=1701196403&ga_hid=424479691&ga_fc=true&a3p=EhwKDWNyd2RjbnRybC5uZXQY96PUucExSABSAghkEhsKDDMzYWNyb3NzLmNvbRj3o9S5wTFIAFICCGQSGQoKcHViY2lkLm9yZxj3o9S5wTFIAFICCGQSHQoOZXNwLmNyaXRlby5jb20Y96PUucExSABSAghkEhQKBW9wZW54GPej1LnBMUgAUgIIZBIXCghydGJob3VzZRj3o9S5wTFIAFICCGQSGwoMaWQ1LXN5bmMuY29tGPej1LnBMUgAUgIIZA..&dlt=1701196400810&idt=334&ppid=vnet7b02ca45a86b447babe00c93ef55687a&cust_params=amznbid%3D0%26amznp%3D0%26category%3Dsite_geneli%26plm%3Dnull%26viewable%3D2%26site%3Dforeks%26mt%3D1701196402186%26pager%3D1%2540site_geneli%2540foreks%253Asite_geneli%26policy%3D0%26host%3Dforeks.com%26url%3Dhttps%253A%2520%2520foreks.com%2520%26targetCtr%3D0%26pid%3Dvnet7b02ca45-a86b-447b-abe0-0c93ef55687a%26targetCr%3D0%26Mobile%3Dfalse%26env%3Dweb%26webmAd%3D1%26overlay%3D1%26rc%3D0%26datasave%3D0&adks=3246492315&frm=20

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202311130101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

348e29cc1eb9e32d323a9138519e1091c257e0cf8392b0197145401444a6d77b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://foreks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 18:33:23 GMT
content-encoding: br
x-content-type-options: nosniff
observe-browsing-topics: ?1
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 12468
x-xss-protection: 0
google-lineitem-id: 6241543851
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: 138425583939
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://foreks.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 29 KB
12 KB 324ms
321ms Fetch
text/plain 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=4061356811091417&correlator=1175950515330954&eid=31078015%2C31079525%2C31079575&output=ldjh&gdfp_req=1&vrg=202311130101&ptt=17&impl=fif&iu_parts=21728129623%3A158935454%2Cweb_foreks_728x90&enc_prev_ius=%2F0%2F1&prev_iu_szs=320x50%7C728x90%7C468x60%7C680x90%7C728x50%7C320x50%7C300x50&fluid=height&ifi=10&didk=388927469&sfv=1-0-40&eri=1&sc=1&cookie_enabled=1&abxe=1&dt=1701196403220&lmt=1701196403&adxs=276&adys=4327&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=6&ucis=9&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&u_tz=60&dmc=8&bc=31&nvt=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&url=https%3A%2F%2Fforeks.com%2F&vis=1&psz=964x0&msz=964x0&fws=128&ohw=0&ga_vid=1202893231.1701196401&ga_sid=1701196403&ga_hid=424479691&ga_fc=true&a3p=EhwKDWNyd2RjbnRybC5uZXQY96PUucExSABSAghkEhsKDDMzYWNyb3NzLmNvbRj3o9S5wTFIAFICCGQSGQoKcHViY2lkLm9yZxj3o9S5wTFIAFICCGQSHQoOZXNwLmNyaXRlby5jb20Y96PUucExSABSAghkEhQKBW9wZW54GPej1LnBMUgAUgIIZBIXCghydGJob3VzZRj3o9S5wTFIAFICCGQSGwoMaWQ1LXN5bmMuY29tGPej1LnBMUgAUgIIZA..&dlt=1701196400810&idt=334&ppid=vnet7b02ca45a86b447babe00c93ef55687a&cust_params=amznbid%3D0%26amznp%3D0%26category%3Dsite_geneli%26plm%3Dnull%26viewable%3D2%26site%3Dforeks%26mt%3D1701196402186%26pager%3D1%2540site_geneli%2540foreks%253Asite_geneli%26policy%3D0%26host%3Dforeks.com%26url%3Dhttps%253A%2520%2520foreks.com%2520%26targetCtr%3D0%26pid%3Dvnet7b02ca45-a86b-447b-abe0-0c93ef55687a%26targetCr%3D0%26Mobile%3Dfalse%26env%3Dweb%26webmAd%3D1%26overlay%3D1%26rc%3D0%26datasave%3D0&adks=1526775893&frm=20

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202311130101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

6d52aeb6e2813d5de1488fc255332bd2efeca1e1b739d2d77b0b656efe9b7e85

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://foreks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 18:33:23 GMT
content-encoding: br
x-content-type-options: nosniff
observe-browsing-topics: ?1
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 12732
x-xss-protection: 0
google-lineitem-id: 6241543851
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: 138425583933
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://foreks.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 29 KB
12 KB 291ms
289ms Fetch
text/plain 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=4061356811091417&correlator=1403777056531148&eid=31078015%2C31079525%2C31079575&output=ldjh&gdfp_req=1&vrg=202311130101&ptt=17&impl=fif&iu_parts=21728129623%3A158935454%2Cweb_foreks_728x90&enc_prev_ius=%2F0%2F1&prev_iu_szs=320x50%7C728x90%7C468x60%7C680x90%7C728x50%7C320x50%7C300x50&fluid=height&ifi=11&didk=388927468&sfv=1-0-40&eri=1&sc=1&cookie_enabled=1&abxe=1&dt=1701196403222&lmt=1701196403&adxs=276&adys=5579&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=7&ucis=a&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&u_tz=60&dmc=8&bc=31&nvt=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&url=https%3A%2F%2Fforeks.com%2F&vis=1&psz=924x0&msz=964x0&fws=128&ohw=0&ga_vid=1202893231.1701196401&ga_sid=1701196403&ga_hid=424479691&ga_fc=true&a3p=EhwKDWNyd2RjbnRybC5uZXQY96PUucExSABSAghkEhsKDDMzYWNyb3NzLmNvbRj3o9S5wTFIAFICCGQSGQoKcHViY2lkLm9yZxj3o9S5wTFIAFICCGQSHQoOZXNwLmNyaXRlby5jb20Y96PUucExSABSAghkEhQKBW9wZW54GPej1LnBMUgAUgIIZBIXCghydGJob3VzZRj3o9S5wTFIAFICCGQSGwoMaWQ1LXN5bmMuY29tGPej1LnBMUgAUgIIZA..&dlt=1701196400810&idt=334&ppid=vnet7b02ca45a86b447babe00c93ef55687a&cust_params=amznbid%3D0%26amznp%3D0%26category%3Dsite_geneli%26plm%3Dnull%26viewable%3D2%26site%3Dforeks%26mt%3D1701196402186%26pager%3D1%2540site_geneli%2540foreks%253Asite_geneli%26policy%3D0%26host%3Dforeks.com%26url%3Dhttps%253A%2520%2520foreks.com%2520%26targetCtr%3D0%26pid%3Dvnet7b02ca45-a86b-447b-abe0-0c93ef55687a%26targetCr%3D0%26Mobile%3Dfalse%26env%3Dweb%26webmAd%3D1%26overlay%3D1%26rc%3D0%26datasave%3D0&adks=2323977110&frm=20

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202311130101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b2a9b88d0ebb9c7c56c71ef4760225be1c6c871d12cc64114cb37145b8661b43

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://foreks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 18:33:23 GMT
content-encoding: br
x-content-type-options: nosniff
observe-browsing-topics: ?1
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 12467
x-xss-protection: 0
google-lineitem-id: 6241543851
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: 138425583963
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://foreks.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 29 KB
12 KB 263ms
261ms Fetch
text/plain 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=4061356811091417&correlator=2984886115174202&eid=31078015%2C31079525%2C31079575&output=ldjh&gdfp_req=1&vrg=202311130101&ptt=17&impl=fif&iu_parts=21728129623%3A158935454%2Cweb_foreks_728x90&enc_prev_ius=%2F0%2F1&prev_iu_szs=320x50%7C728x90%7C468x60%7C680x90%7C728x50%7C320x50%7C300x50&fluid=height&ifi=12&didk=388927471&sfv=1-0-40&eri=1&sc=1&cookie_enabled=1&abxe=1&dt=1701196403225&lmt=1701196403&adxs=276&adys=6430&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=8&ucis=b&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&u_tz=60&dmc=8&bc=31&nvt=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&url=https%3A%2F%2Fforeks.com%2F&vis=1&psz=924x0&msz=964x0&fws=128&ohw=0&ga_vid=1202893231.1701196401&ga_sid=1701196403&ga_hid=424479691&ga_fc=true&a3p=EhwKDWNyd2RjbnRybC5uZXQY96PUucExSABSAghkEhsKDDMzYWNyb3NzLmNvbRj3o9S5wTFIAFICCGQSGQoKcHViY2lkLm9yZxj3o9S5wTFIAFICCGQSHQoOZXNwLmNyaXRlby5jb20Y96PUucExSABSAghkEhQKBW9wZW54GPej1LnBMUgAUgIIZBIXCghydGJob3VzZRj3o9S5wTFIAFICCGQSGwoMaWQ1LXN5bmMuY29tGPej1LnBMUgAUgIIZA..&dlt=1701196400810&idt=334&ppid=vnet7b02ca45a86b447babe00c93ef55687a&cust_params=amznbid%3D0%26amznp%3D0%26category%3Dsite_geneli%26plm%3Dnull%26viewable%3D2%26site%3Dforeks%26mt%3D1701196402186%26pager%3D1%2540site_geneli%2540foreks%253Asite_geneli%26policy%3D0%26host%3Dforeks.com%26url%3Dhttps%253A%2520%2520foreks.com%2520%26targetCtr%3D0%26pid%3Dvnet7b02ca45-a86b-447b-abe0-0c93ef55687a%26targetCr%3D0%26Mobile%3Dfalse%26env%3Dweb%26webmAd%3D1%26overlay%3D1%26rc%3D0%26datasave%3D0&adks=2926202557&frm=20

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202311130101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e495b74c18a68ec1925b1c0164d481afeae65e2b893034b51d2efc680eee1dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://foreks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 18:33:23 GMT
content-encoding: br
x-content-type-options: nosniff
observe-browsing-topics: ?1
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 12465
x-xss-protection: 0
google-lineitem-id: 6241543851
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: 138425219174
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://foreks.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html Show response
47edc2055ebf6f705c8dda5bf6329e59.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame E0A9 6 KB
3 KB 150ms
55ms Document
text/html 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://47edc2055ebf6f705c8dda5bf6329e59.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202311130101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://foreks.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Tue, 28 Nov 2023 18:33:23 GMT
expires: Wed, 27 Nov 2024 18:33:23 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 empowerwebplayer3.js Show response
static.virgul.com/theme/mockups/outside/ 10 KB
3 KB 61ms
61ms Script
application/javascript 185.7.176.222
SH

General

Check archive.org

Show headers Download Go to

Full URL

https://static.virgul.com/theme/mockups/outside/empowerwebplayer3.js?v=19

Requested by

Host: foreks.com
URL: https://foreks.com/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

185.7.176.222 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),

Reverse DNS

Software

openresty/1.15.8.3 /

Resource Hash

525d4bcb494f29edfbcf472fec04988765bb0cd93dafc4bf88bf7e66af4e6b40

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://foreks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 18:33:23 GMT
content-encoding: gzip
strict-transport-security: max-age=63072000
last-modified: Tue, 22 Aug 2023 14:18:41 GMT
server: openresty/1.15.8.3
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=5184000

POST
H2 200 init Show response
wsdkapi.netmera.com/sdk/3.0/session/ 2 B
266 B 60ms
59ms Fetch
application/json 185.57.65.123
VMIND

General

Check archive.org

Show headers Download Go to

Full URL

https://wsdkapi.netmera.com/sdk/3.0/session/init

Requested by

Host: cdn.netmera-web.com
URL: https://cdn.netmera-web.com/wsdkjs/OcYc2nxy4-IE1PVMgxSo2cIXLNyzI3PXAb6uUisJim44jRp89r7eWQ

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

185.57.65.123 Istanbul, Turkey, ASN9215 (VMIND, TR),

Reverse DNS

Software

nginx /

Resource Hash

44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

x-netmera-os: CHROME
accept-language: de-DE,de;q=0.9
x-netmera-device-type: DESKTOP
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type: application/json
accept: application/json
x-netmera-sdkv: 4.2.22
Referer: https://foreks.com/
x-netmera-api-key: OcYc2nxy4-IE1PVMgxSo2cIXLNyzI3PXAb6uUisJim44jRp89r7eWQ

Response headers

date: Tue, 28 Nov 2023 18:33:23 GMT
x-content-type-options: nosniff
server: nginx
access-control-allow-methods: GET, POST, PUT, OPTIONS
content-type: application/json;charset=UTF-8
access-control-allow-origin: *
x-robots-tag: noindex
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
x-xss-protection: 1; mode=block

OPTIONS
H2 204 init
wsdkapi.netmera.com/sdk/3.0/session/ Frame 0
0 56ms
56ms Preflight 185.57.65.123
VMIND

General

Check archive.org

Show headers Download Go to

Full URL: https://wsdkapi.netmera.com/sdk/3.0/session/init
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 185.57.65.123 Istanbul, Turkey, ASN9215 (VMIND, TR),
Reverse DNS
Software: nginx /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type,x-netmera-api-key,x-netmera-device-type,x-netmera-os,x-netmera-sdkv
Access-Control-Request-Method: POST
Origin: https://foreks.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
access-control-max-age: 1728000
content-length: 0
content-type: *
date: Tue, 28 Nov 2023 18:33:23 GMT
server: nginx

GET
DATA 200
OK truncated
/ 128 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 0adb33ca1a9776a37cb4501f171ea405ab5ec85ccd1b6b07ca2f534932f86cd0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 180 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: da048d750f80c54a010a455dea80502cdbb958225d4e4bf059c087adc42a96a9

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 177 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: dd750c079ff8953fb54c97e67fde64e5ca38e999a76d4ece21dd3b87629d2929

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 206 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 1e57378e77a92940db56c07311efdbe76662b76eebd32f3098c016426df8f9dc

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H2 200 id5-api.js Show response
cdn.id5-sync.com/api/1.0/ 151 KB
33 KB 35ms
33ms Script
text/javascript 2606:4700:10::ac43:266a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.id5-sync.com/api/1.0/id5-api.js

Requested by

Host: foreks.com
URL: https://foreks.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:266a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7571db16348512fc55b35102ce3699733cf0882f4b4fb3e652fa8db700c07fb5

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://foreks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 18:33:23 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-encoding: gzip
cf-cache-status: HIT
last-modified: Tue, 28 Nov 2023 11:19:25 GMT
server: cloudflare
x-amz-request-id: MZ1SMZNNQ03R32VH
age: 3274
etag: W/"53159e4ae3ffbda2ff6c0204350035be"
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
content-type: text/javascript;charset=utf-8
cache-control: public, max-age=3600
cf-ray: 82d4b2f0fc9fbb9b-FRA
x-amz-id-2: PTtuGVlW86/lw6DBxeOyPXzoTsgfLjDUnYK3grbWOmKV5vopn3rRgL9PbvYp5z6ECilDUFmMBNY=

GET
H2 200 tag Show response
feed.pghub.io/ Frame D29D 13 B
270 B 94ms
36ms Document
text/html 34.102.243.38
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://feed.pghub.io/tag?referrer_url=&page_url=https%3A%2F%2Fforeks.com%2F&owner=P%26G&bp_id=noktacommedya&ch=%7B%22architecture%22%3A%22%22%2C%22bitness%22%3A%22%22%2C%22brands%22%3A%5B%5D%2C%22fullVersionList%22%3A%5B%5D%2C%22mobile%22%3Afalse%2C%22model%22%3A%22%22%2C%22platform%22%3A%22%22%2C%22platformVersion%22%3A%22%22%7D&initiator=js&data=%7B%22category%22%3A%22site_geneli%22%7D

Requested by

Host: pghub.io
URL: https://pghub.io/js/pandg-sdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

34.102.243.38 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

38.243.102.34.bc.googleusercontent.com

Software

Jetty(11.0.13) /

Resource Hash

b633a587c652d02386c4f16f8c6f6aab7352d97f16367c3c40576214372dd628

Security Headers

Name	Value
Content-Security-Policy	default-src 'none';img-src https://*.pghub.io https://match.adsrvr.org
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://foreks.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-origin: *
access-control-max-age: 300
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-store
content-security-policy: default-src 'none';img-src https://*.pghub.io https://match.adsrvr.org
content-type: text/html;charset=utf-8
date: Tue, 28 Nov 2023 18:33:23 GMT
server: Jetty(11.0.13)
strict-transport-security: max-age=31536000
via: 1.1 google

POST
H2 200 encrypt Show response
esp.rtbhouse.com/ 157 B
431 B 87ms
37ms Fetch
application/json 35.190.39.111
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://esp.rtbhouse.com/encrypt
Requested by: Host: invstatic101.creativecdn.com
URL: https://invstatic101.creativecdn.com/encrypted-signals/encrypted-tag-g.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.190.39.111 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 111.39.190.35.bc.googleusercontent.com
Software: Google Frontend /
Resource Hash: caa43ed473ddfb5eb632d383a083e448deb8307c98602cc2e51fdef4e1612483

Request headers

Referer: https://foreks.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
Content-Type: text/plain

Response headers

date: Tue, 28 Nov 2023 18:33:23 GMT
via: 1.1 google, 1.1 google
server: Google Frontend
access-control-allow-methods: POST
content-type: application/json
access-control-allow-origin: *
x-cloud-trace-context: 03d394bfa3de615c1601f4993e58f736
access-control-allow-credentials: true
access-control-allow-headers: X-Requested-With
content-length: 157
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

GET
H2

200

esp Show response
oajs.openx.net/
Redirect Chain

https://oajs.openx.net/esp?url=https%3A%2F%2Fforeks.com%2F&rid=esp
https://oajs.openx.net/esp?url=https%3A%2F%2Fforeks.com%2F&rid=esp&cc=1

85 B
203 B

135ms
134ms

Fetch
application/json

34.120.107.143
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://oajs.openx.net/esp?url=https%3A%2F%2Fforeks.com%2F&rid=esp&cc=1
Requested by: Host: foreks.com
URL: https://foreks.com/
Protocol: H2
Server: 34.120.107.143 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 143.107.120.34.bc.googleusercontent.com
Software: / Express
Resource Hash: c3aa6b68b2e8512c49dcbbc74c0975cf10c0afdb9fa17a37d5d1e7fa3a609604

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://foreks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 18:33:23 GMT
via: 1.1 google
x-powered-by: Express
etag: W/"55-OyCK0RF4vsmgrIE09FIXEu8BXfM"
vary: Origin
content-type: application/json; charset=utf-8
access-control-allow-origin: https://foreks.com
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 85

Redirect headers

date: Tue, 28 Nov 2023 18:33:23 GMT
via: 1.1 google
x-powered-by: Express
vary: Origin
access-control-allow-origin: https://foreks.com
location: /esp?url=https%3A%2F%2Fforeks.com%2F&rid=esp&cc=1
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H2 200 NoktaNpmPlayerApi.js Show response
c1.imgiz.com/player_others/html5/ 7 KB
3 KB 309ms
66ms Script
application/javascript 185.7.176.222
SH

General

Check archive.org

Show headers Download Go to

Full URL: https://c1.imgiz.com/player_others/html5/NoktaNpmPlayerApi.js?dts=19689
Requested by: Host: static.virgul.com
URL: https://static.virgul.com/theme/mockups/outside/empowerwebplayer3.js?v=19
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.222 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: 0b29697868cd68cfd1b5650054cc96ea755016b3242bd26469cdbd4e4f6fc18a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://foreks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 18:33:23 GMT
content-encoding: gzip
last-modified: Wed, 13 Oct 2021 11:58:21 GMT
server: openresty/1.15.8.3
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=604800
expires: Tue, 05 Dec 2023 18:33:23 GMT

POST
H2 200 map Show response
bcp.crwdcntrl.net/6/ 60 B
330 B 157ms
48ms XHR
application/json 54.170.64.73
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://bcp.crwdcntrl.net/6/map
Requested by: Host: tags.crwdcntrl.net
URL: https://tags.crwdcntrl.net/lt/c/16589/sync.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.170.64.73 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-170-64-73.eu-west-1.compute.amazonaws.com
Software: Jetty(9.4.38.v20210224) /
Resource Hash: 926538d55b53165dde3d6a5390b690d1d78efc097dbe307be0998ecf6bff6887

Request headers

Referer: https://foreks.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Tue, 28 Nov 2023 18:33:23 GMT
server: Jetty(9.4.38.v20210224)
content-type: application/json;charset=utf-8
p3p: CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
access-control-allow-origin: https://foreks.com
cache-control: no-cache
x-server: 10.45.7.100
access-control-allow-credentials: true
content-length: 60
expires: 0

GET
H2 204 increment Show response
id5-sync.com/api/esp/ 0
226 B 77ms
23ms XHR
text/plain 162.19.138.118
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://id5-sync.com/api/esp/increment?counter=no-config

Requested by

Host: cdn.id5-sync.com
URL: https://cdn.id5-sync.com/api/1.0/esp.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

162.19.138.118 Frankfurt am Main, Germany, ASN16276 (OVH, FR),

Reverse DNS

ns31533569.ip-162-19-138.eu

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

Referer: https://foreks.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://foreks.com
date: Tue, 28 Nov 2023 18:33:22 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
access-control-allow-credentials: true
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Origin

GET
H2 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 7207 0
188 B 249ms
249ms Document
text/html 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6593523210010154&output=html&adk=1812271804&adf=3025194257&lmt=1701196403&plat=2%3A16777216%2C3%3A16%2C4%3A16%2C9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C41%3A32%2C42%3A32&format=0x0&url=https%3A%2F%2Fforeks.com%2F&ea=0&pra=5&wgl=1&easpi=0&asro=0&asiscm=1&aslmt=0.4&asamt=-1&asedf=0&asefa=1&aseiel=1~2&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1701196403129&bpp=2&bdt=2319&idt=282&shv=r20231109&mjsv=m202311150101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=1919415049429&frm=20&pv=2&ga_vid=1202893231.1701196401&ga_sid=1701196403&ga_hid=424479691&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C44809314%2C31078297%2C31079757%2C44807763%2C44808149%2C44808284%2C44809072&oid=2&pvsid=4061356811091417&tmod=258917674&uas=0&nvt=1&fsapi=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1285%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=1&uci=a!1&fsb=1&dtd=311

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202311150101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-6593523210010154&plah=foreks.com&bust=31079757

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://foreks.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 28 Nov 2023 18:33:23 GMT
expires: Tue, 28 Nov 2023 18:33:23 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ 0
20 B 55ms
55ms Image
image/gif 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=ach_evt&tn=DIV&cls=header-top%20d-none%20d-lg-block&ign=false&pw=1600&ph=1200&x=0&y=0

Requested by

Host: foreks.com
URL: https://foreks.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://foreks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 28 Nov 2023 18:33:23 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 fire Show response
wsdkapi.netmera.com/sdk/3.0/event/ 0
234 B 56ms
56ms Fetch 185.57.65.123
VMIND

General

Check archive.org

Show headers Download Go to

Full URL

https://wsdkapi.netmera.com/sdk/3.0/event/fire

Requested by

Host: cdn.netmera-web.com
URL: https://cdn.netmera-web.com/wsdkjs/OcYc2nxy4-IE1PVMgxSo2cIXLNyzI3PXAb6uUisJim44jRp89r7eWQ

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

185.57.65.123 Istanbul, Turkey, ASN9215 (VMIND, TR),

Reverse DNS

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

x-netmera-os: CHROME
accept-language: de-DE,de;q=0.9
x-netmera-device-type: DESKTOP
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type: application/json
accept: application/json
x-netmera-sdkv: 4.2.22
Referer: https://foreks.com/
x-netmera-api-key: OcYc2nxy4-IE1PVMgxSo2cIXLNyzI3PXAb6uUisJim44jRp89r7eWQ

Response headers

date: Tue, 28 Nov 2023 18:33:23 GMT
x-content-type-options: nosniff
server: nginx
access-control-allow-methods: GET, POST, PUT, OPTIONS
access-control-allow-origin: *
x-robots-tag: noindex
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
content-length: 0
x-xss-protection: 1; mode=block

OPTIONS
H2 204 fire
wsdkapi.netmera.com/sdk/3.0/event/ Frame 0
0 55ms
55ms Preflight 185.57.65.123
VMIND

General

Check archive.org

Show headers Download Go to

Full URL: https://wsdkapi.netmera.com/sdk/3.0/event/fire
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 185.57.65.123 Istanbul, Turkey, ASN9215 (VMIND, TR),
Reverse DNS
Software: nginx /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type,x-netmera-api-key,x-netmera-device-type,x-netmera-os,x-netmera-sdkv
Access-Control-Request-Method: POST
Origin: https://foreks.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
access-control-max-age: 1728000
content-length: 0
content-type: *
date: Tue, 28 Nov 2023 18:33:23 GMT
server: nginx

GET
H2 200 syncframe Show response
gum.criteo.com/ Frame 37BD 15 KB
6 KB 121ms
41ms Document
text/html 2a02:2638:3::c
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://gum.criteo.com/syncframe?origin=publishertagids&topUrl=foreks.com

Requested by

Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.ids.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::c , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

08106c7bf341e3850ac42fe1844e6a66013f726e6927a91c2b965a6861c97121

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://foreks.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: private, max-age=3600
content-encoding: gzip
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Tue, 28 Nov 2023 18:33:23 GMT
server: Kestrel
server-processing-duration-in-ticks: 321744
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding

GET
H2 200 container.html Show response
47edc2055ebf6f705c8dda5bf6329e59.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 8451 6 KB
3 KB 23ms
23ms Document
text/html 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://47edc2055ebf6f705c8dda5bf6329e59.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202311130101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://foreks.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Tue, 28 Nov 2023 18:33:23 GMT
expires: Wed, 27 Nov 2024 18:33:23 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 container.html Show response
47edc2055ebf6f705c8dda5bf6329e59.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame D026 6 KB
3 KB 21ms
21ms Document
text/html 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://47edc2055ebf6f705c8dda5bf6329e59.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202311130101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://foreks.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Tue, 28 Nov 2023 18:33:23 GMT
expires: Wed, 27 Nov 2024 18:33:23 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 container.html Show response
47edc2055ebf6f705c8dda5bf6329e59.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 6A26 6 KB
3 KB 31ms
22ms Document
text/html 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://47edc2055ebf6f705c8dda5bf6329e59.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202311130101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://foreks.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Tue, 28 Nov 2023 18:33:23 GMT
expires: Wed, 27 Nov 2024 18:33:23 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 ext.js Show response
tpc.googlesyndication.com/safeframe/1-0-40/js/ Frame 8451 24 KB
7 KB 190ms
21ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/safeframe/1-0-40/js/ext.js

Requested by

Host: 47edc2055ebf6f705c8dda5bf6329e59.safeframe.googlesyndication.com
URL: https://47edc2055ebf6f705c8dda5bf6329e59.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

08204982c484faf6890c60557a4e642971f17625ddddc0559dc0e3ca728ac9e0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://47edc2055ebf6f705c8dda5bf6329e59.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 17:29:53 GMT
content-encoding: br
x-content-type-options: nosniff
age: 3810
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6402
x-xss-protection: 0
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Wed, 27 Nov 2024 17:29:53 GMT

GET
H2 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame 8451 150 KB
52 KB 79ms
77ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-6593523210010154

Requested by

Host: 47edc2055ebf6f705c8dda5bf6329e59.safeframe.googlesyndication.com
URL: https://47edc2055ebf6f705c8dda5bf6329e59.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7608dfff6715fd99be71577da2a08ca91c4b003313f41e0ffdda76b09f5b749d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://47edc2055ebf6f705c8dda5bf6329e59.safeframe.googlesyndication.com/
Origin: https://47edc2055ebf6f705c8dda5bf6329e59.safeframe.googlesyndication.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 18:33:23 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 52696
x-xss-protection: 0
server: cafe
etag: 491474434944807254
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Tue, 28 Nov 2023 18:33:23 GMT

GET
H2 200 ufs_web_display.js Show response
www.googletagservices.com/activeview/js/current/ Frame 8451 202 KB
64 KB 235ms
66ms Script
text/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Requested by

Host: 47edc2055ebf6f705c8dda5bf6329e59.safeframe.googlesyndication.com
URL: https://47edc2055ebf6f705c8dda5bf6329e59.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d00881661ce5e766ce98430f69d6d217ab80bdfa98811e039afc92a327d57a68

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://47edc2055ebf6f705c8dda5bf6329e59.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 18:33:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 65070
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1700193896630564"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 28 Nov 2023 18:33:23 GMT

GET
H3 200 container.html Show response
47edc2055ebf6f705c8dda5bf6329e59.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame E75F 6 KB
3 KB 21ms
21ms Document
text/html 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://47edc2055ebf6f705c8dda5bf6329e59.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202311130101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://foreks.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Tue, 28 Nov 2023 18:33:23 GMT
expires: Wed, 27 Nov 2024 18:33:23 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 72F8 624 B
246 B 71ms
69ms Document
text/html 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxj-rbvGATAB&v=APEucNXM5D37nW5oHXq-u_HKrrOE-0-brubWBKzAppGfyj0fHioEOwIh74YChK9l2dExI4RdIRa36JaB_rko7JiBW3ykaAnH3merJsS4zuzyI9U3uCWuz9VM2qlssdEHyxM1tlhbY_DmOxq82R-2DKjtsme_-Hy9emsehMndn2Pn_Q-HbEFXR9hTQdNr52rWp_xhVgXrQMr_

Requested by

Host: 47edc2055ebf6f705c8dda5bf6329e59.safeframe.googlesyndication.com
URL: https://47edc2055ebf6f705c8dda5bf6329e59.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://47edc2055ebf6f705c8dda5bf6329e59.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 222
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 28 Nov 2023 18:33:23 GMT
expires: Tue, 28 Nov 2023 18:33:23 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 dv3.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame D026 89 KB
31 KB 93ms
92ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/dv3.js

Requested by

Host: 47edc2055ebf6f705c8dda5bf6329e59.safeframe.googlesyndication.com
URL: https://47edc2055ebf6f705c8dda5bf6329e59.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

38eb0379c855f10a0e69073af6b54582216fa37b7e2b1563a1246bbf1ef49642

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://47edc2055ebf6f705c8dda5bf6329e59.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 18:33:23 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 31485
x-xss-protection: 0
server: cafe
etag: 7119415641918660631
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=600
timing-allow-origin: *
expires: Tue, 28 Nov 2023 18:33:23 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame D026 42 B
63 B 57ms
55ms Image
image/gif 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-Azs4-45tnpdBPKHD-qVB5n2KGCtRoqc2SCC8dCENa6jEAKC0y17i329338RXyCYswoYKXOKYWRxU2SU44_Y81vCMMwOEgyuuuUHnkClscQ1cNNZzg

Requested by

Host: 47edc2055ebf6f705c8dda5bf6329e59.safeframe.googlesyndication.com
URL: https://47edc2055ebf6f705c8dda5bf6329e59.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://47edc2055ebf6f705c8dda5bf6329e59.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 28 Nov 2023 18:33:23 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame D026 0
20 B 56ms
54ms Image
image/gif 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=fetch&cor=17055029869389726735&x=1&ct=77

Requested by

Host: 47edc2055ebf6f705c8dda5bf6329e59.safeframe.googlesyndication.com
URL: https://47edc2055ebf6f705c8dda5bf6329e59.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://47edc2055ebf6f705c8dda5bf6329e59.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 28 Nov 2023 18:33:23 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/ Frame D026 3 KB
1 KB 175ms
45ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/window_focus_fy2021.js

Requested by

Host: 47edc2055ebf6f705c8dda5bf6329e59.safeframe.googlesyndication.com
URL: https://47edc2055ebf6f705c8dda5bf6329e59.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://47edc2055ebf6f705c8dda5bf6329e59.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 14:08:37 GMT
content-encoding: br
x-content-type-options: nosniff
age: 15886
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 12 Dec 2023 14:08:37 GMT

GET
H2 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/ Frame D026 20 KB
9 KB 153ms
23ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: 47edc2055ebf6f705c8dda5bf6329e59.safeframe.googlesyndication.com
URL: https://47edc2055ebf6f705c8dda5bf6329e59.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3c30eaaa059a466037880c18c01c2fe94183d8e67eaab42061d4d2a180114658

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://47edc2055ebf6f705c8dda5bf6329e59.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 16:17:19 GMT
content-encoding: br
x-content-type-options: nosniff
age: 8164
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8541
x-xss-protection: 0
server: cafe
etag: 737174102934380276
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 12 Dec 2023 16:17:19 GMT

GET
H2 200 ufs_web_display.js Show response
www.googletagservices.com/activeview/js/current/ Frame D026 202 KB
64 KB 239ms
110ms Script
text/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Requested by

Host: 47edc2055ebf6f705c8dda5bf6329e59.safeframe.googlesyndication.com
URL: https://47edc2055ebf6f705c8dda5bf6329e59.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d00881661ce5e766ce98430f69d6d217ab80bdfa98811e039afc92a327d57a68

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://47edc2055ebf6f705c8dda5bf6329e59.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 18:33:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 65070
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1700193896630564"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 28 Nov 2023 18:33:23 GMT

GET
H3 200 container.html Show response
47edc2055ebf6f705c8dda5bf6329e59.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame E490 6 KB
3 KB 21ms
21ms Document
text/html 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://47edc2055ebf6f705c8dda5bf6329e59.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202311130101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://foreks.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Tue, 28 Nov 2023 18:33:23 GMT
expires: Wed, 27 Nov 2024 18:33:23 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 container.html Show response
47edc2055ebf6f705c8dda5bf6329e59.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 2BD2 6 KB
3 KB 28ms
21ms Document
text/html 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://47edc2055ebf6f705c8dda5bf6329e59.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202311130101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://foreks.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Tue, 28 Nov 2023 18:33:23 GMT
expires: Wed, 27 Nov 2024 18:33:23 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 container.html Show response
47edc2055ebf6f705c8dda5bf6329e59.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 53C5 6 KB
3 KB 29ms
22ms Document
text/html 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://47edc2055ebf6f705c8dda5bf6329e59.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202311130101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://foreks.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Tue, 28 Nov 2023 18:33:23 GMT
expires: Wed, 27 Nov 2024 18:33:23 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2

200

sid Show response
mug.criteo.com/ Frame 37BD
Redirect Chain

https://gum.criteo.com/sid/json?origin=publishertagids&domain=foreks.com&sn=ChromeSyncframe&so=0&topUrl=foreks.com&cw=1&lsw=1&topicsavail=0&fledgeavail=0
https://mug.criteo.com/sid?cpp=HL8HQ3xnZzF1YVdmcE12Um9PdVEyU003Q3FCbGVoSFY3MGxEbk1YdHRSK1dkMTNxOGs0QWZsejZtTjlBT0EwUkRyaU9Ud2dJK1BPOVJ2SDVzaUdIRjZLdmFTWjl6cDJFcHlzVEdPb3ZHYU5iTmsxandUY05kL3IyUDNMT0...

425 B
650 B

40ms
40ms

Fetch
application/json

2a02:2638:3::c
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://mug.criteo.com/sid?cpp=HL8HQ3xnZzF1YVdmcE12Um9PdVEyU003Q3FCbGVoSFY3MGxEbk1YdHRSK1dkMTNxOGs0QWZsejZtTjlBT0EwUkRyaU9Ud2dJK1BPOVJ2SDVzaUdIRjZLdmFTWjl6cDJFcHlzVEdPb3ZHYU5iTmsxandUY05kL3IyUDNMT0ZlaWtON2R3aENnL0dGNDNGbVhsMWY2bFRLaWk4ZDhhc3J6Nm5YVXIyUnpmekVaTmlBcDRGa0haWjZaRUpKTzFRcWo5MHhFOHVxQ0lKOVBjbWhwUXFrQndTZjVxWUtLcXFnRlZjTEhOTU9TWDk1SDdKcGczcTArMEdxcW5GYTlDWUliUjd1cFhaeDNOUHQrdjIzK0dCWmlnb2g2b01hQT09fA&cppv=2

Requested by

Host: foreks.com
URL: https://foreks.com/

Protocol

Server

2a02:2638:3::c , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

8784ce0b0c3714b41e920f2ae49c677a2b475a65ae70df49e417a2096134d47b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://gum.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 28 Nov 2023 18:33:23 GMT
strict-transport-security: max-age=31536000; preload;
content-encoding: gzip
server: Kestrel
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/json; charset=utf-8
access-control-allow-origin: https://gum.criteo.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
server-processing-duration-in-ticks: 1365423
expires: 0

Redirect headers

pragma: no-cache
date: Tue, 28 Nov 2023 18:33:23 GMT
strict-transport-security: max-age=31536000; preload;
server: Kestrel
location: https://mug.criteo.com/sid?cpp=HL8HQ3xnZzF1YVdmcE12Um9PdVEyU003Q3FCbGVoSFY3MGxEbk1YdHRSK1dkMTNxOGs0QWZsejZtTjlBT0EwUkRyaU9Ud2dJK1BPOVJ2SDVzaUdIRjZLdmFTWjl6cDJFcHlzVEdPb3ZHYU5iTmsxandUY05kL3IyUDNMT0ZlaWtON2R3aENnL0dGNDNGbVhsMWY2bFRLaWk4ZDhhc3J6Nm5YVXIyUnpmekVaTmlBcDRGa0haWjZaRUpKTzFRcWo5MHhFOHVxQ0lKOVBjbWhwUXFrQndTZjVxWUtLcXFnRlZjTEhOTU9TWDk1SDdKcGczcTArMEdxcW5GYTlDWUliUjd1cFhaeDNOUHQrdjIzK0dCWmlnb2g2b01hQT09fA&cppv=2
cache-control: no-cache, no-store, must-revalidate
server-processing-duration-in-ticks: 242356
content-length: 0
expires: 0

GET
H3 200 container.html Show response
47edc2055ebf6f705c8dda5bf6329e59.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 2811 6 KB
3 KB 30ms
24ms Document
text/html 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://47edc2055ebf6f705c8dda5bf6329e59.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202311130101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://foreks.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Tue, 28 Nov 2023 18:33:23 GMT
expires: Wed, 27 Nov 2024 18:33:23 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 ext.js Show response
tpc.googlesyndication.com/safeframe/1-0-40/js/ Frame 6A26 24 KB
6 KB 84ms
28ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/safeframe/1-0-40/js/ext.js

Requested by

Host: 47edc2055ebf6f705c8dda5bf6329e59.safeframe.googlesyndication.com
URL: https://47edc2055ebf6f705c8dda5bf6329e59.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

08204982c484faf6890c60557a4e642971f17625ddddc0559dc0e3ca728ac9e0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://47edc2055ebf6f705c8dda5bf6329e59.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 17:29:53 GMT
content-encoding: br
x-content-type-options: nosniff
age: 3810
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6402
x-xss-protection: 0
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Wed, 27 Nov 2024 17:29:53 GMT

GET
H3 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame 6A26 150 KB
52 KB 73ms
72ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-6593523210010154

Requested by

Host: 47edc2055ebf6f705c8dda5bf6329e59.safeframe.googlesyndication.com
URL: https://47edc2055ebf6f705c8dda5bf6329e59.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7a643ae090dcbeeaccbe36489da4999b023396bc49ae725f3e7f10927dd6bd69

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://47edc2055ebf6f705c8dda5bf6329e59.safeframe.googlesyndication.com/
Origin: https://47edc2055ebf6f705c8dda5bf6329e59.safeframe.googlesyndication.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 18:33:23 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 52737
x-xss-protection: 0
server: cafe
etag: 15609234060971355944
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Tue, 28 Nov 2023 18:33:23 GMT

GET
H2 200 ufs_web_display.js Show response
www.googletagservices.com/activeview/js/current/ Frame 6A26 202 KB
64 KB 196ms
140ms Script
text/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Requested by

Host: 47edc2055ebf6f705c8dda5bf6329e59.safeframe.googlesyndication.com
URL: https://47edc2055ebf6f705c8dda5bf6329e59.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d00881661ce5e766ce98430f69d6d217ab80bdfa98811e039afc92a327d57a68

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://47edc2055ebf6f705c8dda5bf6329e59.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 18:33:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 65070
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1700193896630564"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 28 Nov 2023 18:33:23 GMT

GET
H2 200 ext.js Show response
tpc.googlesyndication.com/safeframe/1-0-40/js/ Frame E75F 24 KB
6 KB 97ms
42ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/safeframe/1-0-40/js/ext.js

Requested by

Host: 47edc2055ebf6f705c8dda5bf6329e59.safeframe.googlesyndication.com
URL: https://47edc2055ebf6f705c8dda5bf6329e59.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

08204982c484faf6890c60557a4e642971f17625ddddc0559dc0e3ca728ac9e0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://47edc2055ebf6f705c8dda5bf6329e59.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 17:29:53 GMT
content-encoding: br
x-content-type-options: nosniff
age: 3810
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6402
x-xss-protection: 0
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Wed, 27 Nov 2024 17:29:53 GMT

GET
H3 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame E75F 150 KB
52 KB 121ms
121ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-6593523210010154

Requested by

Host: 47edc2055ebf6f705c8dda5bf6329e59.safeframe.googlesyndication.com
URL: https://47edc2055ebf6f705c8dda5bf6329e59.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ae76deb1204078b68925cfa67f9d54d2daae3cce0211a2942fe90b5e32ee5842

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://47edc2055ebf6f705c8dda5bf6329e59.safeframe.googlesyndication.com/
Origin: https://47edc2055ebf6f705c8dda5bf6329e59.safeframe.googlesyndication.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 18:33:23 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 52732
x-xss-protection: 0
server: cafe
etag: 3602491855753813047
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Tue, 28 Nov 2023 18:33:23 GMT

GET
H2 200 ufs_web_display.js Show response
www.googletagservices.com/activeview/js/current/ Frame E75F 202 KB
64 KB 200ms
144ms Script
text/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Requested by

Host: 47edc2055ebf6f705c8dda5bf6329e59.safeframe.googlesyndication.com
URL: https://47edc2055ebf6f705c8dda5bf6329e59.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d00881661ce5e766ce98430f69d6d217ab80bdfa98811e039afc92a327d57a68

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://47edc2055ebf6f705c8dda5bf6329e59.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 18:33:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 65070
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1700193896630564"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 28 Nov 2023 18:33:23 GMT

GET
H3 200 container.html Show response
47edc2055ebf6f705c8dda5bf6329e59.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 79C3 6 KB
3 KB 30ms
25ms Document
text/html 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://47edc2055ebf6f705c8dda5bf6329e59.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202311130101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://foreks.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Tue, 28 Nov 2023 18:33:23 GMT
expires: Wed, 27 Nov 2024 18:33:23 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 container.html Show response
47edc2055ebf6f705c8dda5bf6329e59.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame F5AF 6 KB
3 KB 30ms
27ms Document
text/html 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://47edc2055ebf6f705c8dda5bf6329e59.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202311130101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://foreks.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Tue, 28 Nov 2023 18:33:23 GMT
expires: Wed, 27 Nov 2024 18:33:23 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 ima3.js Show response
imasdk.googleapis.com/js/sdkloader/ 365 KB
126 KB 139ms
81ms Script
text/javascript 2a00:1450:4001:830::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://imasdk.googleapis.com/js/sdkloader/ima3.js

Requested by

Host: c1.imgiz.com
URL: https://c1.imgiz.com/player_others/html5/NoktaNpmPlayerApi.js?dts=19689

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4a32283aaba0418ac1b0953af32fbe71948d43e7cdc08abeca552a9373809087

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://foreks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 18:33:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-doubleclick-instream-static"
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 128094
x-xss-protection: 0
expires: Tue, 28 Nov 2023 18:33:23 GMT

GET
H2 200 NoktaPlayer.js Show response
c1.imgiz.com/player_others/html5/ 398 KB
128 KB 71ms
71ms Script
application/javascript 185.7.176.222
SH

General

Check archive.org

Show headers Download Go to

Full URL: https://c1.imgiz.com/player_others/html5/NoktaPlayer.js?d=11/28/2023
Requested by: Host: c1.imgiz.com
URL: https://c1.imgiz.com/player_others/html5/NoktaNpmPlayerApi.js?dts=19689
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.222 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: da6a1ca340234163aa46a071d282d0810bb058be8163fb5b7042fd88a07a91d9

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://foreks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 18:33:23 GMT
content-encoding: gzip
last-modified: Thu, 16 Nov 2023 11:54:22 GMT
server: openresty/1.15.8.3
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=604800
expires: Tue, 05 Dec 2023 18:33:23 GMT

GET
H3 200 container.html Show response
47edc2055ebf6f705c8dda5bf6329e59.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 58ED 6 KB
3 KB 24ms
24ms Document
text/html 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://47edc2055ebf6f705c8dda5bf6329e59.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202311130101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://foreks.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Tue, 28 Nov 2023 18:33:23 GMT
expires: Wed, 27 Nov 2024 18:33:23 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2

200

rum
dsum-sec.casalemedia.com/ Frame 72F8
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEErCEbyRpwDsDQ58xZjgx3o&google_cver=1

43 B
336 B

43ms
43ms

Image
image/gif

172.64.151.101
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEErCEbyRpwDsDQ58xZjgx3o&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxj-rbvGATAB&v=APEucNXM5D37nW5oHXq-u_HKrrOE-0-brubWBKzAppGfyj0fHioEOwIh74YChK9l2dExI4RdIRa36JaB_rko7JiBW3ykaAnH3merJsS4zuzyI9U3uCWuz9VM2qlssdEHyxM1tlhbY_DmOxq82R-2DKjtsme_-Hy9emsehMndn2Pn_Q-HbEFXR9hTQdNr52rWp_xhVgXrQMr_
Protocol: H2
Server: 172.64.151.101 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 28 Nov 2023 18:33:23 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Fuh5Kz55t6jvRUjAR5w0Qd0mDoUDM%2Bre8m6lYwrsxjc3ypfszSJZvgHAwGJ%2B44mGq2vknbOmAB4pbfaL3o8kmX01UasBZnNwWTwWvIgnfK3hCihUZ91kzQHFmOMaaFFW6PrGYmWnHi3L%2Bg%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type: image/gif
cache-control: no-cache
cf-ray: 82d4b2f40e699195-FRA
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

pragma: no-cache
date: Tue, 28 Nov 2023 18:33:23 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEErCEbyRpwDsDQ58xZjgx3o&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

rum
dsum-sec.casalemedia.com/ Frame 72F8
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZWYyc0pImS5wPhHx7xk.iAAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEErCEbyRpwDsDQ58xZjgx3o&google_cver=1&google_hm=2

43 B
771 B

49ms
49ms

Image
image/gif

172.64.151.101
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEErCEbyRpwDsDQ58xZjgx3o&google_cver=1&google_hm=2
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxj-rbvGATAB&v=APEucNXM5D37nW5oHXq-u_HKrrOE-0-brubWBKzAppGfyj0fHioEOwIh74YChK9l2dExI4RdIRa36JaB_rko7JiBW3ykaAnH3merJsS4zuzyI9U3uCWuz9VM2qlssdEHyxM1tlhbY_DmOxq82R-2DKjtsme_-Hy9emsehMndn2Pn_Q-HbEFXR9hTQdNr52rWp_xhVgXrQMr_
Protocol: H3
Server: 172.64.151.101 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 28 Nov 2023 18:33:23 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=F3%2F0tyvnUjeAeJv9kSqaRBpfTPDuBPWoTgXdxXMrurhtGKXh%2FREXmgPUpPPyqRw3f2KAGmBtWXSgxfnTZbO52u3bJOlmE8uX2qw4J12%2FjSt0KVuo%2Fk8kSS9IvgVqdk0dzYQqxwvm63jaIQ%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type: image/gif
cache-control: no-cache
cf-ray: 82d4b2f4c9bd913c-FRA
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

pragma: no-cache
date: Tue, 28 Nov 2023 18:33:23 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEErCEbyRpwDsDQ58xZjgx3o&google_cver=1&google_hm=2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 329
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

bounce
ib.adnxs.com/ Frame 72F8
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESEGKrn4bk1h1mqnwHuVDhTqc&google_cver=1
https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESEGKrn4bk1h1mqnwHuVDhTqc%26google_cver%3D1

43 B
892 B

28ms
28ms

Image
image/gif

37.252.173.215
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESEGKrn4bk1h1mqnwHuVDhTqc%26google_cver%3D1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxj-rbvGATAB&v=APEucNXM5D37nW5oHXq-u_HKrrOE-0-brubWBKzAppGfyj0fHioEOwIh74YChK9l2dExI4RdIRa36JaB_rko7JiBW3ykaAnH3merJsS4zuzyI9U3uCWuz9VM2qlssdEHyxM1tlhbY_DmOxq82R-2DKjtsme_-Hy9emsehMndn2Pn_Q-HbEFXR9hTQdNr52rWp_xhVgXrQMr_

Protocol

Server

37.252.173.215 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

867.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.23.4 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 28 Nov 2023 18:33:23 GMT
an-x-request-uuid: 8e251b6e-ab7e-419a-ae9e-a02ac03b5a26
server: nginx/1.23.4
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: image/gif
access-control-allow-origin: *
cache-control: no-store, no-cache, private
access-control-allow-credentials: true
x-proxy-origin: 217.114.215.133; 217.114.215.133; 867.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
content-length: 43
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Tue, 28 Nov 2023 18:33:23 GMT
an-x-request-uuid: c402b590-3b37-4a8d-a261-74ee7ce49c32
server: nginx/1.23.4
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: text/html; charset=utf-8
location: https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESEGKrn4bk1h1mqnwHuVDhTqc%26google_cver%3D1
cache-control: no-store, no-cache, private
x-proxy-origin: 217.114.215.133; 217.114.215.133; 867.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
content-length: 0
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 72F8
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NDM0NTA2NTkxNDIzNTgxNDEyMg%3D%3D

170 B
188 B

33ms
33ms

Image
image/png

142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NDM0NTA2NTkxNDIzNTgxNDEyMg%3D%3D

Requested by

Protocol

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 28 Nov 2023 18:33:23 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Tue, 28 Nov 2023 18:33:23 GMT
an-x-request-uuid: 59aa2e7e-43ed-47a0-ab74-f6852127645e
server: nginx/1.23.4
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: text/html; charset=utf-8
access-control-allow-origin: *
cache-control: no-store, no-cache, private
access-control-allow-credentials: true
location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NDM0NTA2NTkxNDIzNTgxNDEyMg%3D%3D
x-proxy-origin: 217.114.215.133; 217.114.215.133; 867.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
content-length: 0
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame D026 0
20 B 56ms
56ms Ping
image/gif 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=running&ord=2864523947560&version=m202309260101

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://47edc2055ebf6f705c8dda5bf6329e59.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 28 Nov 2023 18:33:23 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame D026 0
20 B 57ms
57ms Ping
image/gif 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tlbr&ord=2864523947560&version=m202309260101&ct=77&x=1&cor=17055029869389728000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://47edc2055ebf6f705c8dda5bf6329e59.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 28 Nov 2023 18:33:23 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame D026 20 KB
14 KB 63ms
59ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-A85en6QrU2KTs9A1GVOi06t9VmYvStXCK84OYgHpV3P2ZxCMlnPamyhr6gybA4vGiCM5bZg3u_Pl_lJ4hOjZ2WvYw49LCiK0VIt5mw7xe6gXmrRT5ahc3enyWosf0XSZszSPvZEkE8H_Nus4Qih46C4XeMJFeapOd79-MTG9xKAIGdBAI&cry=1&dbm_d=AKAmf-AWDaGbgDsg9Sj1qvQJOlKRAA-VINxQQEVQSiVATaw1B514I3uedWmc_jKhJ_ZtfWSadt0aYgB9uzAkqJAXUerDi6h0j2EOm3m9-u79dwa3dd0II5sRYQ5oFXwGLjiFz9uwqddcehQXjyYngSDBY7nydjUW9sHdjlzpnJEWWsgCjH3VHqjgmgsehDGkRcDFMnQxwmshWCcxSuOIh06F9Ira9BXtGxl3BRiebPraYTn06Lhyt-asSgVPiv7V_VrZ7mlA3h9CT4PdaEXhvNKbTnWMsrsUESEjxwsDomHdDemZyatPVmlQODkUoDBCggtu0WPegnvOahUP4SXSolMp0vxYqA-dT3LwixrQC_JxMJ2TEomzf8GLsYNfkgO1PqQtjaM21Lt41iMknKa5cnsKiyWPVm99gmGDOQhOdENDEqK7_I-cUmdRNGcyNBNPGd58tBjqQ14lM293TYPG8C7iQghqDHr9mR6NaIATDVgWSSIoJX2iUuYvj0qW8Jj8KWGbXAgbyVLnTxw_VkvUdphBEZYPzs440nApfeo_l7GMmPSNbgvlT8yzc_qO9fO2cxzPkLcpn7uiyV7OwGlhxiB9eObfrsL2jtcxWJHuobb2Rqn2Qb868-X0R6q1J9Alhq7_WRyY7a54pI_FjSd2W9PLSv9eUCDGDdf6lYA2roQRbMNrPv2dSureg97kUhrodKGAU7IyDye6WAhT8DvAeUiXnXmAQID6xvqyJ4y0UfmpxRe32a9T4KNTcrI76IQE19FjGUvo5S2mAa3UmRd67cDq8fCWbo_r6-QoURJcjnRwHs6rVVI22spFisr3oZs0-rVQd-maXdD0IVsAZHifUPFyxCGsCzZ0vDe6PJrKgufXwPs49z-WMG1Ljpq_NRyk5AC7dd-bmxjIGd9ycFGNV5GI_M6K4IVZVDxVAlu1zMDRggT9EMq20fixV7881ABm9F6QlXhDHrn9JrSYTg4UGLZS99guVsXvqt1uXLc33EcIJFe3uzDLqupWtUKYgawIVuKzawqFZ2ots3aj5NB7taCKggzZGqnpowx0TcNp4DQ-jyR2BZdijL8GOGWlkVlctmueCgD64snke67_XElk4ukjzPLtI-yj7LddwMNoP-wviS-hXrK3eR_Jtg7cyMLG-tOnnXhZI9-aNa7MnkP69x8muyCaqb1PdHJK1Ndr9oGXH9-0zCGATKyNDPqgs0uranDP4v_MYDKt779f752lcVsNQCxkQMZuvRcCCzS6FAH7N3dX0AlwLLJu3zcND_Ke5Nvgot0NppT15sAvwjNHMRxVcw6Sv2Xq-CP7L4KrZYOj42JAeX1sEML1Y9WgYIg--agFaMyMgCdsY4KdfMcTuafdUS9ryjlN3OZkmx-9gD-ri5H7QEnQBq4y6UPm0ZTOdclisWhHpbBB2zn2vUt5REB_YHmT5eCfPwSqXCfdLLqClabw_1_csaJyktPzX7h9rEr-B0nbIofVwYESaBlSb72Lx0b5BX-7Ny6glUlOBd8bmtBQNe-k47FZCynlEULGkpFjCfq3fYoyMNIBAD9KrceGP1PJ55eOXsmMeWoWclBUHpT3NQsUyfCUXnLHqpwTezKF6NpgwFqmvEoohAPhRkX37XnPDkSrWwrPGCEFooE87Y0xfeCXWJNykaweyNALQvAbHCISNrgrKqV_tCoR3Rh9W3zBgVf_6GuTJu-w9xXUurtf50hJKsKDlDebq6dlEchozRjuLaVHHuLz1oJ4_a_dVawuM3d5CRQJrj-s2Ac7jYORT9r1ek4M7Cb0RpGsrVjDTnDjn4twxQ0xabnhd_Q4puCFWcMQKNtfywSZcvK3xx4fHGfmvUuuldTwTvyqybbExaXIPx4ufAkai89-4urnf-VzOISgYd59C_Ef3zeNadphaRwstTO8xmd3RQSXf0DckXpqJ5afd2in_AZIJ-bvis9jrZ0nr64s00vspMBhaE-yjlhFx_hm2LxBrx3rCPPXKckogF1t2bar2JwRMCYI-x8mq6BGtPZRIxKGS_mzEjPqE08Jt5FCq5scLzxScTkp2aagtwz-zNA97U29OOtZnsIa_boS3mg1WKrn0yOZtnZ4iDh9a_RFd0bX2dF43q-petLyctdOVYV2-JwNvXLUE5qwW5swpCjPMs1yjyQRNug7u4vHNTx7y4UT96T8EXMH2g6Q0IHkwEB8nSI-Q0FjoTXIWyl9vY9DCQLgF7sCHhnKFffOeGJ0MhX16s8gpeoEXb69GqRDwcYGrQPWnTnpXxrWcNYo7KEG2ESx7VOdw15-ZNJNMwrIpn0jQMk6d5qxYjlsgnHduFU3M63GBgXuZNqukDIJNlsqDLKJTYbfWyMsj0KRwxbjIZyzmzcQJeBmUTj_V8AnEsgLvXZu5-ayF12UtkdAmMnz8qSryov7c8T4-wbhb0NAi4LEGRRJy-2XJITHMKO_IEXR2leC8eYVTAKjpXa2-t6Bb2boTSKlgJluZKLh1d7gp2-AG0kcxstARLt3XZoB5d7RfZS2do8hWLvkiaN2gddUzsF6h6ztsMHvKo5daUWLlkYmwK_c83n278L6bqXOJ63lXQBK7aaKHDfD34Nz99arLrYE980b_ac4-d-EhHHqok0iOC3kyc100n1xYm3PhlWpzC3Tb6OCWzturZFYZnY8JZcq-M5erlcDc3zifODu_iYVV5w43Zi2xC9_PU24h_sJN_OEu7UBOQQv5z75qGMAdvuz3hT4JCmuXt9BvbHYyHDduVB23ZcIhX_Qjnk2Ft6KM6i1ENlA5VCuqsGSt6llLHQthFgEAkzs-Bw28BVvsDkGVCQdYFjDbmf5Jz5NiH9GFxX87T5A_AjfgUVbAqaiBRMzreUh0xnUmamUqdiS3FXHLGXwSInWR5fsbscz6AtY61adCKXE4wtQkIdiTrC0fByCISYrU-Ce4lh1PgBg3AZnzRMUBfxBTxcND2Ezft_6UMCS1rFBtiS7RKq-U6sO9BKwuJTRQjkPSFVLroG8yW9feAGgfQbPlkx2ay9ZLoi8c-cnfBRbsjrcw3C4pDnKU2eroEWmaoJ6cpofn0Klcnn8AdOH4oW6Jn8fGD_LQSasR1VNqm3QOav6ALrEcSs-JcvTkjHKIPwDp2oXWt4Nc8iICD3xuoXpwSJceRTRW7_6wjN-KF6ermp8tH5k1xpODBX0lWMkhLYImsN04jK0khfxU_2H2dalO2fnlLK0cLMs1To_yZmqeRdBmVUuI2wbzm5COvIv3Q-0cUO--TBfmpIfxDLJRSfdvtXtwOC-g_1xZlGyRCSy37E_Pv2rbacz7ZOoxdqnkjZwoEMCaKMB0PXICz52cejCNKnWEqPjFpvl99nwGVDqULGlMwhcmB4WOjYSrckrKO4wpZUmkZ6ARj_1Nb3EkK5EMXHmMwFdelN3ZNHH4bSkuF8fQR4axcZqAOpYU4CA8I33H73u9G8lFNm4eVFytEHx9ISSCHyTG11WoP7Mfba-6KclfOSE8d-7YxYpf1tsYH5W0Sdtj9yaMbPQzBpt3q3OmxFPcEPSIaA4bhYekvj7P4fSV4OdCsV6238Vq7CcKxExLtxuXZtdGm3539V2xDgfvjC7_iJMHTf8lUO2_DPCSL8vUkE4DBugT37OsGaIpSfO27gRIP7yilqWE0TDOvTQtui4M0CTXscqVqf3PkVEtXfMUnAFsmrvNkEovTngYKTd8u_5F-OosnXerUZpKuy6QmM4PbGl_tWEx-onTgb-GcTDwRG_qkIO3EpEX9fh_i9gUBY-O3dXNMd9e383FYz170yL4Y0ALlWLnEhUmhwQJkniQoTVcRDZMPwhWaSwWZb9ywvAkDd6HVf_SZQhbpRMBmoJ6r4JsxpSAKsgZVsDkLmMdTdIZ61SJ8SIcuJbCdl1wt0H9GGdEuPKYAS281VoREryq715H7UFdTGVnwbg57JpoHA3bugacgSpE_TPGgBTQboF4aaopN3TyqvRxk7ZV_hypE8BkZOQkyzXSD6iLHJlxLRlUhySdkjd1lkJN1xwz4zE0iSRKaUDWdTESN7jxKG8yN3Iz0PSTYtF_cuOyRjqvuVjtKCIbZBivvYv-WXWv2uKE33GRxN0VEX6Z95xfSVWblONuwwoRAcnky9IrWcVYyB8BzpMJiEvf0SuLLUB--pi3c0DGSafzganzh9IB_zxNVkz1ku5Sv55yESwq8VlZ0vv-m7xC7rYtO0ZFIwB82sAcco&cid=CAQSjAEAyAmmjdXSL2Y0H9VJCZPaQjCBCDib3R6BYIGbBFr_jtskmyabhZh9e9Xuhtm1M67gmsjsupyfTecZBADpuDdIL3MY5aR2eNE1xI2KIwdzE9qgeqThuD-Ka1MvLIU6is1B45i5EGJBFTy1NuZlZvrrq17sr4tR1-agymrF2_PW4EEG1Bij3B5MTHuEYxgB&dv3_ver=m202309260101&rfl=https%3A%2F%2Fforeks.com%2F&ds=l&xdt=1&iif=1&cor=17055029869389728000&adk=2857193498&idt=125&cac=0&dtd=7

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c60a414860972a7deb0e0ceb8ec906b237f9a869c754090dbdd2ecdab5cac26c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://47edc2055ebf6f705c8dda5bf6329e59.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 28 Nov 2023 18:33:23 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14036
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ext.js Show response
tpc.googlesyndication.com/safeframe/1-0-40/js/ Frame E490 24 KB
6 KB 26ms
21ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/safeframe/1-0-40/js/ext.js

Requested by

Host: 47edc2055ebf6f705c8dda5bf6329e59.safeframe.googlesyndication.com
URL: https://47edc2055ebf6f705c8dda5bf6329e59.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

08204982c484faf6890c60557a4e642971f17625ddddc0559dc0e3ca728ac9e0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://47edc2055ebf6f705c8dda5bf6329e59.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 17:29:53 GMT
content-encoding: br
x-content-type-options: nosniff
age: 3810
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6402
x-xss-protection: 0
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Wed, 27 Nov 2024 17:29:53 GMT

GET
H3 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame E490 150 KB
52 KB 91ms
88ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-6593523210010154

Requested by

Host: 47edc2055ebf6f705c8dda5bf6329e59.safeframe.googlesyndication.com
URL: https://47edc2055ebf6f705c8dda5bf6329e59.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

371fc4d7abeecf248aeac4d83200a34cd4ec12f9b7635c9df766540c81159c91

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://47edc2055ebf6f705c8dda5bf6329e59.safeframe.googlesyndication.com/
Origin: https://47edc2055ebf6f705c8dda5bf6329e59.safeframe.googlesyndication.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 18:33:23 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 52730
x-xss-protection: 0
server: cafe
etag: 14535511006910982148
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Tue, 28 Nov 2023 18:33:23 GMT

GET
H2 200 ufs_web_display.js Show response
www.googletagservices.com/activeview/js/current/ Frame E490 202 KB
64 KB 116ms
111ms Script
text/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Requested by

Host: 47edc2055ebf6f705c8dda5bf6329e59.safeframe.googlesyndication.com
URL: https://47edc2055ebf6f705c8dda5bf6329e59.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d00881661ce5e766ce98430f69d6d217ab80bdfa98811e039afc92a327d57a68

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://47edc2055ebf6f705c8dda5bf6329e59.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 18:33:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 65070
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1700193896630564"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 28 Nov 2023 18:33:23 GMT

GET
H2 200 ext.js Show response
tpc.googlesyndication.com/safeframe/1-0-40/js/ Frame 2BD2 24 KB
6 KB 21ms
21ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/safeframe/1-0-40/js/ext.js

Requested by

Host: 47edc2055ebf6f705c8dda5bf6329e59.safeframe.googlesyndication.com
URL: https://47edc2055ebf6f705c8dda5bf6329e59.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

08204982c484faf6890c60557a4e642971f17625ddddc0559dc0e3ca728ac9e0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://47edc2055ebf6f705c8dda5bf6329e59.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 17:29:53 GMT
content-encoding: br
x-content-type-options: nosniff
age: 3810
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6402
x-xss-protection: 0
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Wed, 27 Nov 2024 17:29:53 GMT

GET
H3 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame 2BD2 151 KB
52 KB 158ms
158ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-6593523210010154

Requested by

Host: 47edc2055ebf6f705c8dda5bf6329e59.safeframe.googlesyndication.com
URL: https://47edc2055ebf6f705c8dda5bf6329e59.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

af88c5b082e4cdbb9016a00827bb33933af866357815b28d63be65ea330e8b23

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://47edc2055ebf6f705c8dda5bf6329e59.safeframe.googlesyndication.com/
Origin: https://47edc2055ebf6f705c8dda5bf6329e59.safeframe.googlesyndication.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 18:33:23 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 52757
x-xss-protection: 0
server: cafe
etag: 5103449610177346651
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Tue, 28 Nov 2023 18:33:23 GMT

GET
H2 200 ufs_web_display.js Show response
www.googletagservices.com/activeview/js/current/ Frame 2BD2 202 KB
64 KB 120ms
120ms Script
text/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Requested by

Host: 47edc2055ebf6f705c8dda5bf6329e59.safeframe.googlesyndication.com
URL: https://47edc2055ebf6f705c8dda5bf6329e59.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d00881661ce5e766ce98430f69d6d217ab80bdfa98811e039afc92a327d57a68

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://47edc2055ebf6f705c8dda5bf6329e59.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 18:33:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 65070
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1700193896630564"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 28 Nov 2023 18:33:23 GMT

GET
H2 200 ext.js Show response
tpc.googlesyndication.com/safeframe/1-0-40/js/ Frame 53C5 24 KB
6 KB 22ms
22ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/safeframe/1-0-40/js/ext.js

Requested by

Host: 47edc2055ebf6f705c8dda5bf6329e59.safeframe.googlesyndication.com
URL: https://47edc2055ebf6f705c8dda5bf6329e59.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

08204982c484faf6890c60557a4e642971f17625ddddc0559dc0e3ca728ac9e0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://47edc2055ebf6f705c8dda5bf6329e59.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 17:29:53 GMT
content-encoding: br
x-content-type-options: nosniff
age: 3810
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6402
x-xss-protection: 0
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Wed, 27 Nov 2024 17:29:53 GMT

GET
H3 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame 53C5 150 KB
52 KB 154ms
154ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-6593523210010154

Requested by

Host: 47edc2055ebf6f705c8dda5bf6329e59.safeframe.googlesyndication.com
URL: https://47edc2055ebf6f705c8dda5bf6329e59.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9c0bd36219bb937456f173bbee8ea6a99cf568e1e8c01aad699f44e31a725510

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://47edc2055ebf6f705c8dda5bf6329e59.safeframe.googlesyndication.com/
Origin: https://47edc2055ebf6f705c8dda5bf6329e59.safeframe.googlesyndication.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 18:33:23 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 52741
x-xss-protection: 0
server: cafe
etag: 8963051178144298140
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=3600
timing-allow-origin: *
link: <https://googleads.g.doubleclick.net>; rel="preconnect"; crossorigin
expires: Tue, 28 Nov 2023 18:33:23 GMT

GET
H2 200 ufs_web_display.js Show response
www.googletagservices.com/activeview/js/current/ Frame 53C5 202 KB
64 KB 173ms
173ms Script
text/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Requested by

Host: 47edc2055ebf6f705c8dda5bf6329e59.safeframe.googlesyndication.com
URL: https://47edc2055ebf6f705c8dda5bf6329e59.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d00881661ce5e766ce98430f69d6d217ab80bdfa98811e039afc92a327d57a68

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://47edc2055ebf6f705c8dda5bf6329e59.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 18:33:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 65070
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1700193896630564"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 28 Nov 2023 18:33:23 GMT

GET
H2 200 afr.php Show response
ads.eu.criteo.com/delivery/r/ Frame F869 145 KB
49 KB 169ms
91ms Document
text/html 2a02:2638:3::12
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://ads.eu.criteo.com/delivery/r/afr.php?z=ZWYycwAEeiQIVQPfAAL2UfSYyiBjb8u5Y3cquQ&u=%7CCHUt1JxnwakH4JHS9qwCAZHjfc7GEfoky1xjI5Sb1tA%3D%7C&c1=d4_i42wbpE2NRhSHxThdXdeadzG9gosNB-Ap14Pg0HmFAf1GHAR2jvULOd3YfT8Kie5-AMuoqyTirKgE-lWZetR_dn4DKQs-t3mH25TTTceXWo_t_NolwI5wSe02y7qsWW5E8HOmROjnDBtbHzUll1BiNRyDhybXxe-hVMgddY0mtwmXXIMYXGhuCOpv1qbZY3K-RYlar1u_c0JV5fd8Lm4cijTG7OcGEZlvLw_hfUk_Q26wq07Q0n8IPiamCqxrsCDRs_uv6hpKDmBSHHDDOv_6pyyPQxnnZc8m0kvw1oM7wg_VsOzYKo3xzgob-TqkMBG8JeKA3SjT9IkSmvdkF47V8RDmXgrF04RJh1FOXfkW5KwxzWuXzguIYPyjh94k5-Dl-PHfYZ0oillVvKZ_mztghdRvyun1Q8w8qSefpOaV60QL4_5xJjB14V8xbM9mDQJv6P7R759skW2hz-CXZUn6p8hbBvOIgzxtf4ZiSkeyE1qnTizL6lJUaBcvN4GNYZ2uDSpjS86jIpTw_O1iwCGVjk7pT-rGBtZwFLNI-meKNt89QuaRloDESOXyN7MElimZX2HJJ6-erv1wpGmxJDsgaoO0uHDf7eDKFsuUcLnor54nWuBWHhBWYZ_nI6Ww&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCfL7vczJmZaT0Ed-H1PIP0eyLqA7JntKxXNWdkfdwwI23ARABIABglYKAgJgHggEXY2EtcHViLTc5ODM2NTEyNTc4MzgyODLIAQmpApxeTIt2X7I-4AIAqAMByAMCqgSUAk_QvJBO9D29fZNRXgPD3zvpTB-qG1y_XiH_nterzwOc6R102me8-ld51yF_mAW1EKHmbFLtXSV9magbmAMMvQXZGQfjA69LIz0fa51mXH3DEvsFxXEtP-kZ_rDDtBCue7CQb9ONnQd0OQRccsdACh-82OKQrTyqIaDYYDo27L3Q25-FkLgkCRiyZOJqbA2KR-j3ukHILvd-7dBXrrNlIWeOVBc-IZNoo07Ubf_FzZeCAs3FywXPMkaF9la6Vo3LeJbGB6EhVTz3baHPMyvif8hXt57kfctwE1bizgJ9_HwWjscN1S13Wm0P-cPkGBG3rAD_RqtYoYsoLM4crPgct74sknsglUaG492i-3sZQAhdrujFwOAEAYAGt82s066CkqvvAaAGIagHpr4bqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCB0IgOGAEBABMgKqAjoCgEBIvf3BOljIhby6queCA_oLAggBgAwB4g0TCIm5vLqq54IDFd8DVQgdUfYC5dAVAYAXAQ%26num%3D1%26sig%3DAOD64_0H8FUQikVkJNAL7nWtYW9-ij9SEw%26client%3Dca-pub-7983651257838282%26adurl%3D

Requested by

Host: 47edc2055ebf6f705c8dda5bf6329e59.safeframe.googlesyndication.com
URL: https://47edc2055ebf6f705c8dda5bf6329e59.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::12 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

a4b471bfbc1a37faddcca86c5a70140f0f79636b5c497a2f17f58624a0e0dc43

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://47edc2055ebf6f705c8dda5bf6329e59.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
access-control-max-age: 1000
cache-control: private, max-age=0, no-cache
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
date: Tue, 28 Nov 2023 18:33:23 GMT
expires: Mon, 26 Jul 1997 05:00:00 GMT
link: <pix.eu.criteo.net>; rel=preconnect; crossorigin, <static.criteo.net>; rel=preconnect; crossorigin
p3p: CP='CUR ADM OUR NOR STA NID'
pragma: no-cache
report-to: {"endpoints":[{"url":"https://csm.eu.criteo.net/heavyad?cppv=3&cpp=J12uW24CMuzesSdXbZAmtrBSVxtf3RF0KlqXKsFHWJF-TX1O8hKjQtFK70BRWBV627835QJ3qtVjSNA9zWGvH4H2svnis0DzkxbocB_udy4xXNZCTiwLiOrHLnZMwSAFhZ1dOZb4ORRF8HwBTbtyKUpY2yB1tSIXwKA-A3qV5gNAmr30Wctn17Zc9ugEErZmEJ3JOVHzqPLjnIhQpNXWP00GErDGr7S9d9RC6hO15hyFZKscYokYe2YL7ytr6wUofPQ8zQ"}], "max_age": 86400}
server: Kestrel
server-processing-duration-in-ticks: 45510470
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/ Frame 2811 3 KB
1 KB 26ms
25ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/window_focus_fy2021.js

Requested by

Host: 47edc2055ebf6f705c8dda5bf6329e59.safeframe.googlesyndication.com
URL: https://47edc2055ebf6f705c8dda5bf6329e59.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://47edc2055ebf6f705c8dda5bf6329e59.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 14:08:37 GMT
content-encoding: br
x-content-type-options: nosniff
age: 15886
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 12 Dec 2023 14:08:37 GMT

GET
H2 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/ Frame 2811 20 KB
8 KB 22ms
21ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: 47edc2055ebf6f705c8dda5bf6329e59.safeframe.googlesyndication.com
URL: https://47edc2055ebf6f705c8dda5bf6329e59.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3c30eaaa059a466037880c18c01c2fe94183d8e67eaab42061d4d2a180114658

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://47edc2055ebf6f705c8dda5bf6329e59.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 16:17:19 GMT
content-encoding: br
x-content-type-options: nosniff
age: 8164
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8541
x-xss-protection: 0
server: cafe
etag: 737174102934380276
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 12 Dec 2023 16:17:19 GMT

GET
H2 200 ext.js Show response
tpc.googlesyndication.com/safeframe/1-0-40/js/ Frame 2811 24 KB
6 KB 24ms
23ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/safeframe/1-0-40/js/ext.js

Requested by

Host: 47edc2055ebf6f705c8dda5bf6329e59.safeframe.googlesyndication.com
URL: https://47edc2055ebf6f705c8dda5bf6329e59.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

08204982c484faf6890c60557a4e642971f17625ddddc0559dc0e3ca728ac9e0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://47edc2055ebf6f705c8dda5bf6329e59.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 17:29:53 GMT
content-encoding: br
x-content-type-options: nosniff
age: 3810
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6402
x-xss-protection: 0
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Wed, 27 Nov 2024 17:29:53 GMT

GET
H2 200 ufs_web_display.js Show response
www.googletagservices.com/activeview/js/current/ Frame 2811 202 KB
64 KB 160ms
159ms Script
text/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Requested by

Host: 47edc2055ebf6f705c8dda5bf6329e59.safeframe.googlesyndication.com
URL: https://47edc2055ebf6f705c8dda5bf6329e59.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d00881661ce5e766ce98430f69d6d217ab80bdfa98811e039afc92a327d57a68

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://47edc2055ebf6f705c8dda5bf6329e59.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 18:33:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 65070
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1700193896630564"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 28 Nov 2023 18:33:23 GMT

GET
H2 200 afr.php Show response
ads.eu.criteo.com/delivery/r/ Frame 06B3 176 KB
53 KB 236ms
162ms Document
text/html 2a02:2638:3::12
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://ads.eu.criteo.com/delivery/r/afr.php?z=ZWYycwAEhBEIVQ5FAAXbZri0uAbCZgrzwIk1tg&u=%7CCHUt1JxnwalLSk3feGSleflDt%2FNJtXiizA3gcmZ1Tpk%3D%7C&c1=d4_i42wbpE2NRhSHxThdXdeadzG9gosNB-Ap14Pg0HmFAf1GHAR2jvULOd3YfT8Kie5-AMuoqyTirKgE-lWZerJzy_6TFTHFYdkwz5j5RRYpPeZjyNWnDBsGwLq5SVWy7FJjTd5_knL3sfbgSQFwtKyNL-ZCgR_rky4sUWSXKRwTr8xHvLaB557PRu-jrwl2yDMX4FnW2Ld7r6PT3oeN8JUCLTFWpceGhj38WbC7FzNZDQXRHFXDYEgcCNe0grGCZVuauRGPfzSZHPT989lwhJqOIoLZoopKUAGB6sn0QTph-5Txrg4-Yk1jyuvRR0vN-Y2HsagfoR-uv8KrqRwAzNqVW134qxeF72A9cBUsxFXT6epFu_1RHHaO1V8KJjt6Hz6lTP0PNfttkbqlVIXHBG-CMhmErWAA77blWnOf2isG9kbNnPA2X5CSbynvC44RKPnaR4o8wMLwmwe14vDfs0Cv8w3idE238tUn0jogJ3xXCCpmt17aV7p0jUEyptjmnkT18XdlNxKyJwUgsVIoAnKRP0p-4UYTgJUGF4b9XOxRt1B5XcnxhSMcBav6PPR3jt5ubIBmRO7RN27YE3TtVrim4suG89kYfW4lhWm-5l-IES-2ONfu8kV6oH0a3BqypTPThnlcKYY&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC6lmkczJmZZGIEsWc1PIP5raXiA_JntKxXNWdkfdwwI23ARABIABglYKAgJgHggEXY2EtcHViLTc5ODM2NTEyNTc4MzgyODLIAQmpAgcCFcmwXrI-4AIAqAMByAMCqgSYAk_Q_uroDNbMSsEAG7zIUoDJ-p2dAf3x4jfh3OHACsCkq2Pc3h0LqutpAIMbDs1oldpZV3cdYuGJnfOXH2RJuM9Cfkn2IEr0QflaZS9DWxrOHQJOL4DSyA1agFb65lyMQ1ll7llYNn9khStzpqoTx2KYrhYDg52HsnewhkxAUZ7CFKJGuEUHOyXPKvORUEUAlSxVCTnSm9D3jzo663LfGbSdet3Fr9oCnJTgiQJUxUeiMvl50YMElsgvGz5SN79jPHUn40ViPqFMJrLPi9ri756Z2Ay8i5mHUmjlzaeEDluyhZWboHyibgB9xX9H1ZQ1bRJLoO6yUxfomlHltzli2juxvZN6UGge8KxAAYfGWTHldB_4EffPpTDgBAGABuzopabn8ve5jQGgBiGoB6a-G6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggUCIDhgBAQATICqgI6AoBASL39wTr6CwIIAYAMAeINEwiV1by6queCAxVFDlUIHWbbBfHQFQGAFwE%26num%3D1%26sig%3DAOD64_0F_WdCYQIM8Y_CPY24dqhSebKGgA%26client%3Dca-pub-7983651257838282%26adurl%3D

Requested by

Host: 47edc2055ebf6f705c8dda5bf6329e59.safeframe.googlesyndication.com
URL: https://47edc2055ebf6f705c8dda5bf6329e59.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::12 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

56af915ccd90afbb8e6f22a753592c0d82dce00fb636628e53ad05ad3f217c1b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://47edc2055ebf6f705c8dda5bf6329e59.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
access-control-max-age: 1000
cache-control: private, max-age=0, no-cache
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
date: Tue, 28 Nov 2023 18:33:23 GMT
expires: Mon, 26 Jul 1997 05:00:00 GMT
link: <pix.eu.criteo.net>; rel=preconnect; crossorigin, <static.criteo.net>; rel=preconnect; crossorigin
p3p: CP='CUR ADM OUR NOR STA NID'
pragma: no-cache
report-to: {"endpoints":[{"url":"https://csm.eu.criteo.net/heavyad?cppv=3&cpp=8EIsm24CMuzesSdX4jmpdJuk20X9TVf-XulC6DtfwgfAQ3PWuFbXO-u6usfrwZSrjqnMaHG5HOl78HUNNbOve4uy47K3VrqKTdl1-kgKc3j6lDqZtKlyFEUCCdNS6OYtOzT31uqEiRoOjRrag3VKwUyG41jl86VY_7C1gAbCwIHwhSj6ODAOj_Fff6H8ktgeBfkQKuY9Kh8ND1Q6Bf73aSSjwnKXuxD6qIjSqkLq9G66EGEvI41jZpERB8uTRYarmQNJIQ"}], "max_age": 86400}
server: Kestrel
server-processing-duration-in-ticks: 54713329
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/ Frame 79C3 3 KB
1 KB 29ms
27ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/window_focus_fy2021.js

Requested by

Host: 47edc2055ebf6f705c8dda5bf6329e59.safeframe.googlesyndication.com
URL: https://47edc2055ebf6f705c8dda5bf6329e59.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://47edc2055ebf6f705c8dda5bf6329e59.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 14:08:37 GMT
content-encoding: br
x-content-type-options: nosniff
age: 15886
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 12 Dec 2023 14:08:37 GMT

GET
H2 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/ Frame 79C3 20 KB
8 KB 24ms
23ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: 47edc2055ebf6f705c8dda5bf6329e59.safeframe.googlesyndication.com
URL: https://47edc2055ebf6f705c8dda5bf6329e59.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3c30eaaa059a466037880c18c01c2fe94183d8e67eaab42061d4d2a180114658

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://47edc2055ebf6f705c8dda5bf6329e59.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 16:17:19 GMT
content-encoding: br
x-content-type-options: nosniff
age: 8164
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8541
x-xss-protection: 0
server: cafe
etag: 737174102934380276
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 12 Dec 2023 16:17:19 GMT

GET
H2 200 ext.js Show response
tpc.googlesyndication.com/safeframe/1-0-40/js/ Frame 79C3 24 KB
6 KB 26ms
25ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/safeframe/1-0-40/js/ext.js

Requested by

Host: 47edc2055ebf6f705c8dda5bf6329e59.safeframe.googlesyndication.com
URL: https://47edc2055ebf6f705c8dda5bf6329e59.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

08204982c484faf6890c60557a4e642971f17625ddddc0559dc0e3ca728ac9e0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://47edc2055ebf6f705c8dda5bf6329e59.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 17:29:53 GMT
content-encoding: br
x-content-type-options: nosniff
age: 3810
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6402
x-xss-protection: 0
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Wed, 27 Nov 2024 17:29:53 GMT

GET
H2 200 ufs_web_display.js Show response
www.googletagservices.com/activeview/js/current/ Frame 79C3 202 KB
64 KB 195ms
194ms Script
text/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Requested by

Host: 47edc2055ebf6f705c8dda5bf6329e59.safeframe.googlesyndication.com
URL: https://47edc2055ebf6f705c8dda5bf6329e59.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d00881661ce5e766ce98430f69d6d217ab80bdfa98811e039afc92a327d57a68

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://47edc2055ebf6f705c8dda5bf6329e59.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 18:33:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 65070
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1700193896630564"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 28 Nov 2023 18:33:23 GMT

GET
H2 200 pd Show response
google-bidout-d.openx.net/w/1.0/ Frame E399 0
167 B 88ms
32ms Document
text/html 35.244.159.8
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://google-bidout-d.openx.net/w/1.0/pd?plm=5
Requested by: Host: oa.openxcdn.net
URL: https://oa.openxcdn.net/esp.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.159.8 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/0.0.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://foreks.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: gzip
content-length: 20
content-type: text/html
date: Tue, 28 Nov 2023 18:33:23 GMT
server: OXGW/0.0.0
vary: Accept, Accept-Encoding
via: 1.1 google

GET
H2 200 afr.php Show response
ads.eu.criteo.com/delivery/r/ Frame C8AE 148 KB
49 KB 258ms
186ms Document
text/html 2a02:2638:3::12
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://ads.eu.criteo.com/delivery/r/afr.php?z=ZWYycwAEcYgK4DoDAAhYC6FDvACBUxSfs6n-4A&u=%7CCHUt1JxnwanfIpJaWe%2FYu5JDCtNJ3pPAYhzCv0%2FY%2BNY%3D%7C&c1=d4_i42wbpE2NRhSHxThdXdeadzG9gosNB-Ap14Pg0HmFAf1GHAR2jvULOd3YfT8Kie5-AMuoqyTirKgE-lWZegnr1D5uy3PZ18YzHvnUASX1kSDMk8cfIgg63Cjj-HH5vJjE_du_WMXYmFff3XLQF_VB0AenOc0S0lawJKgeD45RiCGtQWlZf0YnDpwD4YPdQyWhtUzU-pq3tPLFARCLTIkcg_P_hoys9LbwNNlNtwE3jK4dLDBU8c9WE137ynDwhGPQ3ZBKOxrfLK0yqLdjWlOgjnXh4JpyD4Th0zgBZ7sQFepPYQbniHPfVkCsE8BiMYg5SlFenllskutSriSXROYzKiH1XQ9TLphn0ZMiLt-t2PoP0-xzeuB5gyjgNOEehwvTIrW59XtZFnJF0Mgoo6RiZnvXYD2GzGi251ZAE-AloxdwHvYrwm6xMh5isLIn8ExnuN1BVsz9QchSYm0yqVZAkRyyGXYxdxi9PfhtAxQK2_7x5YxlFtjmH0Bod-ru2-GLvuRa2K5uKm5aF1JZvyLSODZsbpxDr2HcC2j9rGqGwihy1G_TsUxium81aWjZGjOqc3e4gt_VUKvLiE81uakW90xI-AgmpBqi_LhFSnbQ3LCkQ6sqVkzsJ-4FD1Vj&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCXtMHczJmZYjjEYP0gAeLsKFAyZ7SsVzVnZH3cMCNtwEQASAAYJWCgICYB4IBF2NhLXB1Yi03OTgzNjUxMjU3ODM4MjgyyAEJqQKcXkyLdl-yPuACAKgDAcgDAqoEoQJP0GRjlBQYmI7tD5ctThWX6P6XXvWlKGdX3x_CHKAqpWqKJMIz2s0K3naEYegH77pHknyz8P8mF-gwIkt90r8JIpGR0E9m2qcetxRNFzE6aXfQWRXDN_IOIITBt74j47qmUoPSvFUDLYzHo2xOrGxwzovdf0eHLVUqHRvASEbs_jKI80QJRxEe1aIYMWSNOkeRpnOcaNi0KHHG73ZoHHsYVHnD5cDuUQ7yKcFfbrdxOMa6PHnxtU3qhScTZ5w2WSvTlXgCVlh7yHBbQqcZzOI8JlTnyGx2jbuIcKUpbe1FVE9d0-l2s-n8Dn4az1-RNxLCJ4qL9wrLLnsLD1fktVUletQi-XH4dgJ3gir62_wkfiPo29-BhSgG_dJtlw4WxKjV4AQBgAaO1LKct7KlrWKgBiGoB6a-G6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggUCIDhgBAQATICqgI6AoBASL39wTr6CwIIAYAMAeINEwjy2ry6queCAxUDOuAKHQtYCAjQFQGAFwE%26num%3D1%26sig%3DAOD64_3JOZkM_FiEpq2Lo9km-E0pZhYfuA%26client%3Dca-pub-7983651257838282%26adurl%3D

Requested by

Host: 47edc2055ebf6f705c8dda5bf6329e59.safeframe.googlesyndication.com
URL: https://47edc2055ebf6f705c8dda5bf6329e59.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::12 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

21c8d4ab514fb2e48242431a3dfaae0a589b145806d10faa701811467e7ce9fc

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://47edc2055ebf6f705c8dda5bf6329e59.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
access-control-max-age: 1000
cache-control: private, max-age=0, no-cache
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
date: Tue, 28 Nov 2023 18:33:23 GMT
expires: Mon, 26 Jul 1997 05:00:00 GMT
link: <pix.eu.criteo.net>; rel=preconnect; crossorigin, <static.criteo.net>; rel=preconnect; crossorigin
p3p: CP='CUR ADM OUR NOR STA NID'
pragma: no-cache
report-to: {"endpoints":[{"url":"https://csm.eu.criteo.net/heavyad?cppv=3&cpp=JMQE9W4CMuzesSdXV-7mls9cfq7WDBGzzmoDc_LItP8aaw9zXoQdIlQz4clFc8xyJ9aOmguizNSTWu-492xVzRqI19zn8GpdTaZdGehB03Pzoiufob8YUAxl9zIe1NLHdcmgjlxfpxR-b1pVHJ1NfMiqOb9SUxeWEr-zMeYtbqotmtQRwyCQ4etXhWgULk6sjgt5VgJ9ERIepdGa0RGGcF8f408vExRgYlIFAJwYT2rXEF5pzneTaTof6sYXKfm95FX4Iw"}], "max_age": 86400}
server: Kestrel
server-processing-duration-in-ticks: 56049245
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/ Frame F5AF 3 KB
1 KB 22ms
22ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/window_focus_fy2021.js

Requested by

Host: 47edc2055ebf6f705c8dda5bf6329e59.safeframe.googlesyndication.com
URL: https://47edc2055ebf6f705c8dda5bf6329e59.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://47edc2055ebf6f705c8dda5bf6329e59.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 14:08:37 GMT
content-encoding: br
x-content-type-options: nosniff
age: 15886
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 12 Dec 2023 14:08:37 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/ Frame F5AF 20 KB
8 KB 23ms
22ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: 47edc2055ebf6f705c8dda5bf6329e59.safeframe.googlesyndication.com
URL: https://47edc2055ebf6f705c8dda5bf6329e59.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3c30eaaa059a466037880c18c01c2fe94183d8e67eaab42061d4d2a180114658

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://47edc2055ebf6f705c8dda5bf6329e59.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 16:17:19 GMT
content-encoding: br
x-content-type-options: nosniff
age: 8164
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8541
x-xss-protection: 0
server: cafe
etag: 737174102934380276
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 12 Dec 2023 16:17:19 GMT

GET
H3 200 ext.js Show response
tpc.googlesyndication.com/safeframe/1-0-40/js/ Frame F5AF 24 KB
6 KB 27ms
26ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/safeframe/1-0-40/js/ext.js

Requested by

Host: 47edc2055ebf6f705c8dda5bf6329e59.safeframe.googlesyndication.com
URL: https://47edc2055ebf6f705c8dda5bf6329e59.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

08204982c484faf6890c60557a4e642971f17625ddddc0559dc0e3ca728ac9e0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://47edc2055ebf6f705c8dda5bf6329e59.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 17:29:53 GMT
content-encoding: br
x-content-type-options: nosniff
age: 3810
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6402
x-xss-protection: 0
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Wed, 27 Nov 2024 17:29:53 GMT

GET
H2 200 ufs_web_display.js Show response
www.googletagservices.com/activeview/js/current/ Frame F5AF 202 KB
64 KB 193ms
191ms Script
text/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Requested by

Host: 47edc2055ebf6f705c8dda5bf6329e59.safeframe.googlesyndication.com
URL: https://47edc2055ebf6f705c8dda5bf6329e59.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d00881661ce5e766ce98430f69d6d217ab80bdfa98811e039afc92a327d57a68

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://47edc2055ebf6f705c8dda5bf6329e59.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 18:33:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 65070
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1700193896630564"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 28 Nov 2023 18:33:23 GMT

GET
H3 200 ext.js Show response
tpc.googlesyndication.com/safeframe/1-0-40/js/ Frame 58ED 24 KB
6 KB 27ms
25ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/safeframe/1-0-40/js/ext.js

Requested by

Host: 47edc2055ebf6f705c8dda5bf6329e59.safeframe.googlesyndication.com
URL: https://47edc2055ebf6f705c8dda5bf6329e59.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

08204982c484faf6890c60557a4e642971f17625ddddc0559dc0e3ca728ac9e0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://47edc2055ebf6f705c8dda5bf6329e59.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 17:29:53 GMT
content-encoding: br
x-content-type-options: nosniff
age: 3810
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6402
x-xss-protection: 0
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Wed, 27 Nov 2024 17:29:53 GMT

GET
H3 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame 58ED 150 KB
52 KB 171ms
170ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-6593523210010154

Requested by

Host: 47edc2055ebf6f705c8dda5bf6329e59.safeframe.googlesyndication.com
URL: https://47edc2055ebf6f705c8dda5bf6329e59.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

82eb0724b3cfebe17ce8aff8c8b33ea9f258453e37c395b31d429d70f314b307

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://47edc2055ebf6f705c8dda5bf6329e59.safeframe.googlesyndication.com/
Origin: https://47edc2055ebf6f705c8dda5bf6329e59.safeframe.googlesyndication.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 18:33:23 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 52732
x-xss-protection: 0
server: cafe
etag: 3430827549696442034
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Tue, 28 Nov 2023 18:33:23 GMT

GET
H2 200 ufs_web_display.js Show response
www.googletagservices.com/activeview/js/current/ Frame 58ED 202 KB
64 KB 193ms
192ms Script
text/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Requested by

Host: 47edc2055ebf6f705c8dda5bf6329e59.safeframe.googlesyndication.com
URL: https://47edc2055ebf6f705c8dda5bf6329e59.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d00881661ce5e766ce98430f69d6d217ab80bdfa98811e039afc92a327d57a68

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://47edc2055ebf6f705c8dda5bf6329e59.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 18:33:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 65070
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1700193896630564"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 28 Nov 2023 18:33:23 GMT

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 8451 0
0 60ms
60ms Fetch
image/gif 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsu4Mmq_zU9LjkO3pSj8-5LfuH9_PAoNqghHXEqwDIb1DYDzpFAb2aDRqrAMZTICXGRbsWrcTN7G-9hYf-ijm0M6WK_onyO1Oq-Q4Zi0YSRiu3SP3R5-kKIVijprPqxFSogaNBq2izwbMpGDlpLdgHTEZzwCFRX3-eSZ-i6RkCQW9_IhSzup-D5rsHo2sfP0rynx9OhF_pBN8gGJj51pYvXfCDPEyzYsuhxzuxskXVcNQX2zw06DaDvWVInxRHgzW68A4eMeGSf63i1H-LIHgczMfzZ4qq_tP_SiA4ApjtwwUnRVhWpmzgSLflY8D_DV33cLu73prTFHgjOa2KUoEfVmIUtSilHklDIeCM2wRonB1w&sai=AMfl-YQwcIaBAoJIRaZa7ErYe9cbaegQd0_GQOYLrVXkkRF1hfDw8v4wBqWSNnvXf_owONYtuGxQm2JNJfXsttJygBitRPDTHFcRXl9YveCkOEJ-mHqPa42ULMRLqZmoDPFdgV8hLy0XfK3RFJWFOsRBUoyJjdI-whSn7Yghqwlcb5-xGwncqqTJ6wvHRMX-hjkGuzoZmKl32sgUZPG6UFeEWc8Fv1_CUXdRckxMbOJ91iApsNI&sig=Cg0ArKJSzLvEaiEbnrBVEAE&uach_m=%5BUACH%5D&urlfix=1&adurl=

Requested by

Host: 47edc2055ebf6f705c8dda5bf6329e59.safeframe.googlesyndication.com
URL: https://47edc2055ebf6f705c8dda5bf6329e59.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://47edc2055ebf6f705c8dda5bf6329e59.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 18:33:23 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 6A26 0
0 60ms
60ms Fetch
image/gif 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjssO61OreZJhzRGZ_xahPY0gvsD0aM8GJTC9NeWRJOuRg9WCG1YDjeJioVV5u7j5OECXum3fVGd3t6BatA77jEPsur0_bSSs0sg0SWlDHyp0cvUAWy_4PJtgH_s2diS5_9iqLY4jmr1H8GqeGgdJjOT9jjAu-71ycUh1ZW0q7VmT3uUu9XAJJMq6c2hqMmNokPRrdDel5JnwGk7JvbfeDofy_yU8gFDD2tf4hvklRbf7WWA5Wm5SDDmoqprwvCCTgSUg8L3LerxoENm14lZnNsqj_AFIY8SRYhERAqE9pRD0BkSSpikxCWwUY1yQEFwzXQ3l9vP1R20A6R3ptHTl8Scswrfg1gNguWVJJshmUEONwQ&sai=AMfl-YRZqdW8CuzoUjmEfK_Q8LejwWbCXglu-8CGjbzDpXC8voeD7jcGZac8BgZmlNn16z_yw7vIeW6Qq7Er4YH01jf53SvmToofqkUy-EAxEdNJ8jbKx4FFtMRuSVZTpWGI_XBKVsykHkzeX83FAJkCnrpOfdnNvOyttt5gls01saWBn-JTK_ZLmdvQ0HzeVL4qmusOf5mwm6fa6JWrVOXW3zrhg_438ZOwYYKNRrHb-l6-iVE&sig=Cg0ArKJSzEFxNrUcJOZJEAE&uach_m=%5BUACH%5D&urlfix=1&adurl=

Requested by

Host: 47edc2055ebf6f705c8dda5bf6329e59.safeframe.googlesyndication.com
URL: https://47edc2055ebf6f705c8dda5bf6329e59.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://47edc2055ebf6f705c8dda5bf6329e59.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 18:33:23 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H3 200 show_ads_impl_with_ama_fy2021.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202311130101/ Frame 8451 397 KB
134 KB 87ms
87ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202311130101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-6593523210010154&plah=47edc2055ebf6f705c8dda5bf6329e59.safeframe.googlesyndication.com&bust=31079654

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-6593523210010154

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

17552888328b6085e086c040dd1a688bb82d68c71522e70b8b2444f5442265d1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://47edc2055ebf6f705c8dda5bf6329e59.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 18:33:23 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 137186
x-xss-protection: 0
server: cafe
etag: 9635451692971393176
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Tue, 28 Nov 2023 18:33:23 GMT

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame E75F 0
0 60ms
60ms Fetch
image/gif 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjssClQvdcOxC6tjH1CYAWmiVxX25w3Wo3Ts0sX3mxt6XyAmdxta7D2uiC2cXEjCeHIGNDjOHF-DhB9MSkof2rGsGvpBw-Bxlkt84o8vyUUePvIDUXPbdoa947p1fwuxv0lWSjk6vjl59FtUYzVlkDjScS4ISB6_JJO3A1n3xaGNu9i_UGtkwmfW9slyh5UzoVHcnujX-SGve9_wMcuKjxqbSTg613q0XrVPf6hxBuPmU0qsxRSYAeeCrLJIZOq8vcYEKvYDiUMReh8f6nnl2CF1mp4pDUTBNZ3bGmceik17KF-JgrvNTUMxVUCC4CTfyVCTxF7UrW8GuvlAseJ48X0HsI4HgPASoM5uQLs0mRz3kOjVnpwQV&sai=AMfl-YTA4Cl4RDRzFNFTHlPuK0Zb7QkCPv0UacszVkp8M_KYGGQYvfwcgmEdGovqg4PwJXITPwx1r7GQ5kYL7tMqHRfvK_4PIgxDLe3PSyLLvZmQeny4VUtKWyfjmXnQGZmXnY3LYo35Pd0s5GO2rVcwAHKo415mGQvfdOdhcgf5iZg7f4crZWkRcJTUDnF9pTNw7fs3EDIdKyVj4kr6oFwAJZe5HtEBT5e1ePfB-0n2NscNDA&sig=Cg0ArKJSzKCUrJhWB-JHEAE&uach_m=%5BUACH%5D&urlfix=1&adurl=

Requested by

Host: 47edc2055ebf6f705c8dda5bf6329e59.safeframe.googlesyndication.com
URL: https://47edc2055ebf6f705c8dda5bf6329e59.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://47edc2055ebf6f705c8dda5bf6329e59.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 18:33:23 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame E490 0
0 60ms
60ms Fetch
image/gif 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjssz0v9OBnZGMKmpI4yihLJ-np2LTbHSRXCjJXWIDYTKiq4d8prA7PJiBOtcAZrbAvuZN_nwy7UnHemVCRMaUejr7mq1JxRY2XpPKMTv_x9m1rDgij94QsOyEZdeG0olYBsvQ-ZyAgzBBhxIhWK8UQvshH-7u-GATLnWwpd-0hlCvRqEVX-ZR0VRhL3ZQV6kRhOGdy31MPXqbHNfULfYfW4enuBpJBaDpyQMMK-KMfTvrQBzoIpo9Al6NvOV31gx4R4G29voIuC2BEmVc_5O1vX4R6M_WeUj3lJ2-jpHIWTJnULslb3vOw0lYBUBOa0gLs3vwLUqms4zTWC6JnuzB0w08-u0X4cerrsm19qE6XiqUw&sai=AMfl-YS_bQtZX-YuCaHDNFmpTaqzBCfzwJLCV1jdifU_-OsJk4d2j5Em9kxn3Q84xLspw9EwM-ydwle1p5QpCj3rV7pJWsV6ru9eKgZIFAIKvN4HdEESH72oqlCN32h3Ay_rDZrsOJkjsBNR7Uj6u367_wlzhXEwPBeOVTarVdeT_pLuogxPDOLELwWPbw7BPP8upqF9QlvXoPyioHxY4Zxk-ZjIk94-F-K5xOKzN6m1mxjOaQ&sig=Cg0ArKJSzFUDOSIkrWKzEAE&uach_m=%5BUACH%5D&urlfix=1&adurl=

Requested by

Host: 47edc2055ebf6f705c8dda5bf6329e59.safeframe.googlesyndication.com
URL: https://47edc2055ebf6f705c8dda5bf6329e59.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://47edc2055ebf6f705c8dda5bf6329e59.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 18:33:23 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H3 200 show_ads_impl_with_ama_fy2021.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202311090101/ Frame 6A26 400 KB
135 KB 88ms
88ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202311090101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-6593523210010154&plah=47edc2055ebf6f705c8dda5bf6329e59.safeframe.googlesyndication.com&bust=31079653

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-6593523210010154

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

1b985f9aa1ec76a17cf3c68a46b021562d55fd2e7733b28e6f74c4188696a3f0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://47edc2055ebf6f705c8dda5bf6329e59.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 18:33:23 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 138523
x-xss-protection: 0
server: cafe
etag: 6121466461828629010
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Tue, 28 Nov 2023 18:33:23 GMT

GET
H3 200 show_ads_impl_with_ama_fy2021.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202311090101/ Frame E75F 400 KB
135 KB 93ms
93ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-6593523210010154

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

1b985f9aa1ec76a17cf3c68a46b021562d55fd2e7733b28e6f74c4188696a3f0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://47edc2055ebf6f705c8dda5bf6329e59.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 18:33:23 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 138523
x-xss-protection: 0
server: cafe
etag: 6121466461828629010
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Tue, 28 Nov 2023 18:33:23 GMT

GET
H3 200 Q12zgMmT.js Show response
tpc.googlesyndication.com/sodar/ Frame D026 41 KB
14 KB 22ms
22ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Q12zgMmT.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-A85en6QrU2KTs9A1GVOi06t9VmYvStXCK84OYgHpV3P2ZxCMlnPamyhr6gybA4vGiCM5bZg3u_Pl_lJ4hOjZ2WvYw49LCiK0VIt5mw7xe6gXmrRT5ahc3enyWosf0XSZszSPvZEkE8H_Nus4Qih46C4XeMJFeapOd79-MTG9xKAIGdBAI&cry=1&dbm_d=AKAmf-AWDaGbgDsg9Sj1qvQJOlKRAA-VINxQQEVQSiVATaw1B514I3uedWmc_jKhJ_ZtfWSadt0aYgB9uzAkqJAXUerDi6h0j2EOm3m9-u79dwa3dd0II5sRYQ5oFXwGLjiFz9uwqddcehQXjyYngSDBY7nydjUW9sHdjlzpnJEWWsgCjH3VHqjgmgsehDGkRcDFMnQxwmshWCcxSuOIh06F9Ira9BXtGxl3BRiebPraYTn06Lhyt-asSgVPiv7V_VrZ7mlA3h9CT4PdaEXhvNKbTnWMsrsUESEjxwsDomHdDemZyatPVmlQODkUoDBCggtu0WPegnvOahUP4SXSolMp0vxYqA-dT3LwixrQC_JxMJ2TEomzf8GLsYNfkgO1PqQtjaM21Lt41iMknKa5cnsKiyWPVm99gmGDOQhOdENDEqK7_I-cUmdRNGcyNBNPGd58tBjqQ14lM293TYPG8C7iQghqDHr9mR6NaIATDVgWSSIoJX2iUuYvj0qW8Jj8KWGbXAgbyVLnTxw_VkvUdphBEZYPzs440nApfeo_l7GMmPSNbgvlT8yzc_qO9fO2cxzPkLcpn7uiyV7OwGlhxiB9eObfrsL2jtcxWJHuobb2Rqn2Qb868-X0R6q1J9Alhq7_WRyY7a54pI_FjSd2W9PLSv9eUCDGDdf6lYA2roQRbMNrPv2dSureg97kUhrodKGAU7IyDye6WAhT8DvAeUiXnXmAQID6xvqyJ4y0UfmpxRe32a9T4KNTcrI76IQE19FjGUvo5S2mAa3UmRd67cDq8fCWbo_r6-QoURJcjnRwHs6rVVI22spFisr3oZs0-rVQd-maXdD0IVsAZHifUPFyxCGsCzZ0vDe6PJrKgufXwPs49z-WMG1Ljpq_NRyk5AC7dd-bmxjIGd9ycFGNV5GI_M6K4IVZVDxVAlu1zMDRggT9EMq20fixV7881ABm9F6QlXhDHrn9JrSYTg4UGLZS99guVsXvqt1uXLc33EcIJFe3uzDLqupWtUKYgawIVuKzawqFZ2ots3aj5NB7taCKggzZGqnpowx0TcNp4DQ-jyR2BZdijL8GOGWlkVlctmueCgD64snke67_XElk4ukjzPLtI-yj7LddwMNoP-wviS-hXrK3eR_Jtg7cyMLG-tOnnXhZI9-aNa7MnkP69x8muyCaqb1PdHJK1Ndr9oGXH9-0zCGATKyNDPqgs0uranDP4v_MYDKt779f752lcVsNQCxkQMZuvRcCCzS6FAH7N3dX0AlwLLJu3zcND_Ke5Nvgot0NppT15sAvwjNHMRxVcw6Sv2Xq-CP7L4KrZYOj42JAeX1sEML1Y9WgYIg--agFaMyMgCdsY4KdfMcTuafdUS9ryjlN3OZkmx-9gD-ri5H7QEnQBq4y6UPm0ZTOdclisWhHpbBB2zn2vUt5REB_YHmT5eCfPwSqXCfdLLqClabw_1_csaJyktPzX7h9rEr-B0nbIofVwYESaBlSb72Lx0b5BX-7Ny6glUlOBd8bmtBQNe-k47FZCynlEULGkpFjCfq3fYoyMNIBAD9KrceGP1PJ55eOXsmMeWoWclBUHpT3NQsUyfCUXnLHqpwTezKF6NpgwFqmvEoohAPhRkX37XnPDkSrWwrPGCEFooE87Y0xfeCXWJNykaweyNALQvAbHCISNrgrKqV_tCoR3Rh9W3zBgVf_6GuTJu-w9xXUurtf50hJKsKDlDebq6dlEchozRjuLaVHHuLz1oJ4_a_dVawuM3d5CRQJrj-s2Ac7jYORT9r1ek4M7Cb0RpGsrVjDTnDjn4twxQ0xabnhd_Q4puCFWcMQKNtfywSZcvK3xx4fHGfmvUuuldTwTvyqybbExaXIPx4ufAkai89-4urnf-VzOISgYd59C_Ef3zeNadphaRwstTO8xmd3RQSXf0DckXpqJ5afd2in_AZIJ-bvis9jrZ0nr64s00vspMBhaE-yjlhFx_hm2LxBrx3rCPPXKckogF1t2bar2JwRMCYI-x8mq6BGtPZRIxKGS_mzEjPqE08Jt5FCq5scLzxScTkp2aagtwz-zNA97U29OOtZnsIa_boS3mg1WKrn0yOZtnZ4iDh9a_RFd0bX2dF43q-petLyctdOVYV2-JwNvXLUE5qwW5swpCjPMs1yjyQRNug7u4vHNTx7y4UT96T8EXMH2g6Q0IHkwEB8nSI-Q0FjoTXIWyl9vY9DCQLgF7sCHhnKFffOeGJ0MhX16s8gpeoEXb69GqRDwcYGrQPWnTnpXxrWcNYo7KEG2ESx7VOdw15-ZNJNMwrIpn0jQMk6d5qxYjlsgnHduFU3M63GBgXuZNqukDIJNlsqDLKJTYbfWyMsj0KRwxbjIZyzmzcQJeBmUTj_V8AnEsgLvXZu5-ayF12UtkdAmMnz8qSryov7c8T4-wbhb0NAi4LEGRRJy-2XJITHMKO_IEXR2leC8eYVTAKjpXa2-t6Bb2boTSKlgJluZKLh1d7gp2-AG0kcxstARLt3XZoB5d7RfZS2do8hWLvkiaN2gddUzsF6h6ztsMHvKo5daUWLlkYmwK_c83n278L6bqXOJ63lXQBK7aaKHDfD34Nz99arLrYE980b_ac4-d-EhHHqok0iOC3kyc100n1xYm3PhlWpzC3Tb6OCWzturZFYZnY8JZcq-M5erlcDc3zifODu_iYVV5w43Zi2xC9_PU24h_sJN_OEu7UBOQQv5z75qGMAdvuz3hT4JCmuXt9BvbHYyHDduVB23ZcIhX_Qjnk2Ft6KM6i1ENlA5VCuqsGSt6llLHQthFgEAkzs-Bw28BVvsDkGVCQdYFjDbmf5Jz5NiH9GFxX87T5A_AjfgUVbAqaiBRMzreUh0xnUmamUqdiS3FXHLGXwSInWR5fsbscz6AtY61adCKXE4wtQkIdiTrC0fByCISYrU-Ce4lh1PgBg3AZnzRMUBfxBTxcND2Ezft_6UMCS1rFBtiS7RKq-U6sO9BKwuJTRQjkPSFVLroG8yW9feAGgfQbPlkx2ay9ZLoi8c-cnfBRbsjrcw3C4pDnKU2eroEWmaoJ6cpofn0Klcnn8AdOH4oW6Jn8fGD_LQSasR1VNqm3QOav6ALrEcSs-JcvTkjHKIPwDp2oXWt4Nc8iICD3xuoXpwSJceRTRW7_6wjN-KF6ermp8tH5k1xpODBX0lWMkhLYImsN04jK0khfxU_2H2dalO2fnlLK0cLMs1To_yZmqeRdBmVUuI2wbzm5COvIv3Q-0cUO--TBfmpIfxDLJRSfdvtXtwOC-g_1xZlGyRCSy37E_Pv2rbacz7ZOoxdqnkjZwoEMCaKMB0PXICz52cejCNKnWEqPjFpvl99nwGVDqULGlMwhcmB4WOjYSrckrKO4wpZUmkZ6ARj_1Nb3EkK5EMXHmMwFdelN3ZNHH4bSkuF8fQR4axcZqAOpYU4CA8I33H73u9G8lFNm4eVFytEHx9ISSCHyTG11WoP7Mfba-6KclfOSE8d-7YxYpf1tsYH5W0Sdtj9yaMbPQzBpt3q3OmxFPcEPSIaA4bhYekvj7P4fSV4OdCsV6238Vq7CcKxExLtxuXZtdGm3539V2xDgfvjC7_iJMHTf8lUO2_DPCSL8vUkE4DBugT37OsGaIpSfO27gRIP7yilqWE0TDOvTQtui4M0CTXscqVqf3PkVEtXfMUnAFsmrvNkEovTngYKTd8u_5F-OosnXerUZpKuy6QmM4PbGl_tWEx-onTgb-GcTDwRG_qkIO3EpEX9fh_i9gUBY-O3dXNMd9e383FYz170yL4Y0ALlWLnEhUmhwQJkniQoTVcRDZMPwhWaSwWZb9ywvAkDd6HVf_SZQhbpRMBmoJ6r4JsxpSAKsgZVsDkLmMdTdIZ61SJ8SIcuJbCdl1wt0H9GGdEuPKYAS281VoREryq715H7UFdTGVnwbg57JpoHA3bugacgSpE_TPGgBTQboF4aaopN3TyqvRxk7ZV_hypE8BkZOQkyzXSD6iLHJlxLRlUhySdkjd1lkJN1xwz4zE0iSRKaUDWdTESN7jxKG8yN3Iz0PSTYtF_cuOyRjqvuVjtKCIbZBivvYv-WXWv2uKE33GRxN0VEX6Z95xfSVWblONuwwoRAcnky9IrWcVYyB8BzpMJiEvf0SuLLUB--pi3c0DGSafzganzh9IB_zxNVkz1ku5Sv55yESwq8VlZ0vv-m7xC7rYtO0ZFIwB82sAcco&cid=CAQSjAEAyAmmjdXSL2Y0H9VJCZPaQjCBCDib3R6BYIGbBFr_jtskmyabhZh9e9Xuhtm1M67gmsjsupyfTecZBADpuDdIL3MY5aR2eNE1xI2KIwdzE9qgeqThuD-Ka1MvLIU6is1B45i5EGJBFTy1NuZlZvrrq17sr4tR1-agymrF2_PW4EEG1Bij3B5MTHuEYxgB&dv3_ver=m202309260101&rfl=https%3A%2F%2Fforeks.com%2F&ds=l&xdt=1&iif=1&cor=17055029869389728000&adk=2857193498&idt=125&cac=0&dtd=7

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

435db380c9936c0970dcd3d9941eab6aec2fcf2a38c3e2b4e02d957e8e76bd1f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://47edc2055ebf6f705c8dda5bf6329e59.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Sat, 25 Nov 2023 16:17:22 GMT
content-encoding: br
x-content-type-options: nosniff
age: 267361
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13937
x-xss-protection: 0
last-modified: Fri, 25 Aug 2023 23:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 24 Nov 2024 16:17:22 GMT

GET
H2 200 attribution_src_register;crd=cXVlcnlfZXZlbnRfaWQgewogIHRpbWVfdXNlYzogMTcwMTE5NjQwMzc4MjU5NgogIHNlcnZlcl9pcDogMTI2MDY0NTgzCiAgcHJvY2Vzc19pZDogMzE4ODExMzAxMgp9CmZsb29kbGlnaHRfY29uZmlnX2lkOiAxMTg2ODk0...
ad.doubleclick.net/ddm/activity/ Frame D026 0
941 B 138ms
61ms Image
image/png 142.250.185.198
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ad.doubleclick.net/ddm/activity/attribution_src_register;crd=cXVlcnlfZXZlbnRfaWQgewogIHRpbWVfdXNlYzogMTcwMTE5NjQwMzc4MjU5NgogIHNlcnZlcl9pcDogMTI2MDY0NTgzCiAgcHJvY2Vzc19pZDogMzE4ODExMzAxMgp9CmZsb29kbGlnaHRfY29uZmlnX2lkOiAxMTg2ODk0MwphZHZlcnRpc2VyX2RvbWFpbjogImh0dHBzOi8vcmVkaW50ZWxsaWdlbmNlLm5ldCIKeGZhX2F0dHJpYnV0aW9uX2ludGVyYWN0aW9uX3R5cGU6IFZJRVcKaW1wcmVzc2lvbl9wcmlvcml0eTogMAppbXByZXNzaW9uX2V4cGlyeV9pbl9kYXlzOiAzMApldmVudF9pbXByZXNzaW9uX2lkOiAxMjg3NDk3ODY5MzI2NTk1NjU2MwpkZWJ1Z19rZXk6IDE0MTg3MDgyNTMzNjg5MzM2NzAxCmltcHJlc3Npb25fbWVhc3VyZW1lbnRfZGltZW5zaW9uc19kYXRhIHsKICBtZWFzdXJlbWVudF9kaW1lbnNpb246IElNUFJFU1NJT05fRElNRU5TSU9OX1BST0RVQ1RfVFlQRQogIG1lYXN1cmVtZW50X2RpbWVuc2lvbl92YWx1ZSB7CiAgICBpbnQ2NF92YWx1ZTogMgogIH0KfQppbXByZXNzaW9uX21lYXN1cmVtZW50X2RpbWVuc2lvbnNfZGF0YSB7CiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uOiBJTVBSRVNTSU9OX0RJTUVOU0lPTl9JTlRFUkFDVElPTl9UWVBFCiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uX3ZhbHVlIHsKICAgIGludDY0X3ZhbHVlOiAzCiAgfQp9CmltcHJlc3Npb25fbWVhc3VyZW1lbnRfZGltZW5zaW9uc19kYXRhIHsKICBtZWFzdXJlbWVudF9kaW1lbnNpb246IElNUFJFU1NJT05fRElNRU5TSU9OX0lOVEVSQUNUSU9OX0RBVEUKICBtZWFzdXJlbWVudF9kaW1lbnNpb25fdmFsdWUgewogICAgc3RyaW5nX3ZhbHVlOiAiMjAyMy0xMS0yOCIKICB9Cn0KaW1wcmVzc2lvbl9tZWFzdXJlbWVudF9kaW1lbnNpb25zX2RhdGEgewogIG1lYXN1cmVtZW50X2RpbWVuc2lvbjogSU1QUkVTU0lPTl9ESU1FTlNJT05fRkxPT0RMSUdIVF9DT05GSUdfSUQKICBtZWFzdXJlbWVudF9kaW1lbnNpb25fdmFsdWUgewogICAgaW50NjRfdmFsdWU6IDExODY4OTQzCiAgfQp9CmltcHJlc3Npb25fbWVhc3VyZW1lbnRfZGltZW5zaW9uc19kYXRhIHsKICBtZWFzdXJlbWVudF9kaW1lbnNpb246IElNUFJFU1NJT05fRElNRU5TSU9OX0NPUkVfUExBVEZPUk1fU0VSVklDRQogIG1lYXN1cmVtZW50X2RpbWVuc2lvbl92YWx1ZSB7CiAgICBpbnQ2NF92YWx1ZTogMAogIH0KfQppbXByZXNzaW9uX21lYXN1cmVtZW50X2RpbWVuc2lvbnNfZGF0YSB7CiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uOiBJTVBSRVNTSU9OX0RJTUVOU0lPTl9QTEFURk9STV9UWVBFCiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uX3ZhbHVlIHsKICAgIGludDY0X3ZhbHVlOiAwCiAgfQp9CmltcHJlc3Npb25fbWVhc3VyZW1lbnRfZGltZW5zaW9uc19kYXRhIHsKICBtZWFzdXJlbWVudF9kaW1lbnNpb246IElNUFJFU1NJT05fRElNRU5TSU9OX1FVRVJZX0NPVU5UUlkKICBtZWFzdXJlbWVudF9kaW1lbnNpb25fdmFsdWUgewogICAgc3RyaW5nX3ZhbHVlOiAiVVMiCiAgfQp9CmltcHJlc3Npb25fbWVhc3VyZW1lbnRfZGltZW5zaW9uc19kYXRhIHsKICBtZWFzdXJlbWVudF9kaW1lbnNpb246IElNUFJFU1NJT05fRElNRU5TSU9OX1BMQUNFTUVOVF9JRAogIG1lYXN1cmVtZW50X2RpbWVuc2lvbl92YWx1ZSB7CiAgICBpbnQ2NF92YWx1ZTogMzMyMTc0ODQwCiAgfQp9CmltcHJlc3Npb25fbWVhc3VyZW1lbnRfZGltZW5zaW9uc19kYXRhIHsKICBtZWFzdXJlbWVudF9kaW1lbnNpb246IElNUFJFU1NJT05fRElNRU5TSU9OX0RWM19BRFZFUlRJU0VSX0lECiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uX3ZhbHVlIHsKICAgIGludDY0X3ZhbHVlOiA4NzgyNDM2OTYKICB9Cn0KaW1wcmVzc2lvbl9tZWFzdXJlbWVudF9kaW1lbnNpb25zX2RhdGEgewogIG1lYXN1cmVtZW50X2RpbWVuc2lvbjogSU1QUkVTU0lPTl9ESU1FTlNJT05fRFYzX0xJTkVfSVRFTV9JRAogIG1lYXN1cmVtZW50X2RpbWVuc2lvbl92YWx1ZSB7CiAgICBpbnQ2NF92YWx1ZTogMTY2NjAxNDIwNjMKICB9Cn0KaW1wcmVzc2lvbl9tZWFzdXJlbWVudF9kaW1lbnNpb25zX2RhdGEgewogIG1lYXN1cmVtZW50X2RpbWVuc2lvbjogSU1QUkVTU0lPTl9ESU1FTlNJT05fRFYzX0NSRUFUSVZFX0lECiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uX3ZhbHVlIHsKICAgIGludDY0X3ZhbHVlOiA0MTYyMDg2MzgKICB9Cn0KYXJjaGV0eXBlX2lkOiAxMgphcmNoZXR5cGVfaWQ6IDEzCmFyY2hldHlwZV9pZDogMTQKYXJjaGV0eXBlX2lkOiAxNQphZHZlcnRpc2VyX2NvbnZlcnNpb25fZG9tYWluczogImh0dHBzOi8vcmVkaW50ZWxsaWdlbmNlLm5ldCIKYWR2ZXJ0aXNlcl9jb252ZXJzaW9uX2RvbWFpbnM6ICJodHRwczovL2FkLXNydi5uZXQiCmFkdmVydGlzZXJfY29udmVyc2lvbl9kb21haW5zOiAiaHR0cHM6Ly9rbGljay13ZWx0LmRlIgppbXByZXNzaW9uX2V2ZW50X3JlcG9ydGluZ193aW5kb3dfZGF5czogNApicm93c2VyX2F0dHJpYnV0aW9uX2FwaV9yZXF1ZXN0X3Byb2Nlc3NpbmdfYml0czogNzM4MTk3NTA0Cg

Requested by

Host: 47edc2055ebf6f705c8dda5bf6329e59.safeframe.googlesyndication.com
URL: https://47edc2055ebf6f705c8dda5bf6329e59.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.198 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f6.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://47edc2055ebf6f705c8dda5bf6329e59.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 28 Nov 2023 18:33:23 GMT
x-content-type-options: nosniff
attribution-reporting-register-source: {"aggregation_keys":{"12":"0xc609a60aeef815520000000000000000","13":"0xdc96607a738f84370000000000000000","14":"0xcef74da04684df550000000000000000","15":"0xcc97493d25356c560000000000000000"},"debug_key":"14187082533689336701","debug_reporting":true,"destination":"https://redintelligence.net","event_report_window":"345600","expiry":"2592000","filter_data":{"14":[],"8":["11868943"]},"priority":"0","source_event_id":"12874978693265956563"}
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-type: image/png
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 2BD2 0
0 61ms
61ms Fetch
image/gif 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsvFGsvs4XLS87LTVUnd7FW9EYdLKjMUpL9nVvQN8fpYBa9dw4i6049oABoSk13IdVpRe2gqCBcjKFnlLBAVMIbEtzb4QGh8EqYWdGu9gKa-EDgkRDTJtX-oGi8eWi809OO7LWlUEfF6MBiyM20suRBllJLP69ljkj7duf1qvnLpnYxb0VeBqKZ62wuqzE-tia2odpq9b6mernQ7G2dCRV0YHu76rq1mZIrKselRcK7VRZNrRP114rrIR1TO5PSZ-HVVt8CwsUJjxBCf-eVC0NTk_1w0ufNvzCwPw3g-yk1fSRp72s84e8wImRIu0DuP8g4NNRBzGhDTNC-Y_A_vlBsIHiTwD8b4h6a-Thd4_NRGRg&sai=AMfl-YSkyw2WL1kctuUxM-J8PyyiKNSWVRZf6kLXUKttM0CgW2w5X5qUzQaaOMS7kcBNIEqlv9tp9g9a0fg4Rx9C90TLbNm0C0W81buvZaX3N1Iex_PgzX4wOIkSVVbvstiYCWXNQMuFD1gY3byqHZWmTlf-OeVfHIe1PyJ2B6IhAkMppADQ78NrJKh_nXpOLuLZZaCdPlx49atoIOKJwXscwoI1L_n_2TDIkM0SL3NYaocGQPY&sig=Cg0ArKJSzHRyxYsLbmrdEAE&uach_m=%5BUACH%5D&urlfix=1&adurl=

Requested by

Host: 47edc2055ebf6f705c8dda5bf6329e59.safeframe.googlesyndication.com
URL: https://47edc2055ebf6f705c8dda5bf6329e59.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://47edc2055ebf6f705c8dda5bf6329e59.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 18:33:23 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 53C5 0
0 60ms
59ms Fetch
image/gif 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsuVDFtd4IKBYhOfVnzvlDFpVMjmp5aPmQHjD--SeAYDrqPMMkLTJlQ-j6Sm4sllPSdsLGfI7W1aeaMxw7qXgIHXcp4iR49qyyf1IDT_mhnwvVXIdwpJYhMGJENhaCpjv6ztmSfm7_ihFI0kp9_vLIPMhD8Wkf6VIdjPfW84fUYf2xgQym2Mp7Z6hxzgv_EualeBy0NmOyf4tkBWdmZoh5qom86deYsAeLyWrijZAP1-UmkBrD7Tbd1XgcR-kKpIAPgHpESazNydmv2FETu2pmmtmP0IcOpIFJXf1_Igu8UJpapMIuA2CfxDlQ_z8mEsGINaYm8H97LsIlZvjY7qV6Yf71hgTXFazQ7EjCPOepYVaA&sai=AMfl-YRUQDkw5rmJ_NQX9imYr6Bd6guTa9m9xjDRE0U41IJGbPqyRnWKYmbz8qecpGjA2FOkfp2P-rtVvngvHres9kR1GqXJqmGXjT0MYNXwEHCEPnh8NtgrYyB2CDchitUOba4RCgKUEWwfq774mGxmU5p52UdRdzKY58GeJgRm52ulWOLuuW-8D83ectEtZFZtkmyGIGMV46zaH10Dn5V2nGR1nH-AjRK7M8eOl8_BdmDTraw&sig=Cg0ArKJSzK-3JY-3dK-AEAE&uach_m=%5BUACH%5D&urlfix=1&adurl=

Requested by

Host: 47edc2055ebf6f705c8dda5bf6329e59.safeframe.googlesyndication.com
URL: https://47edc2055ebf6f705c8dda5bf6329e59.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://47edc2055ebf6f705c8dda5bf6329e59.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 18:33:23 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H/1.1 200
OK g72h7lz2c4az Show response
hal9000.redintelligence.net/zone/ Frame D026 12 KB
4 KB 89ms
26ms Script
text/html 138.201.63.157
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal9000.redintelligence.net/zone/g72h7lz2c4az?subid=&gdpr=&gdpr_consent=&rnd=1701196403296450&extVar[]=DV360_SSP:1&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCzepsczJmZYKMEuP0x_APqNCTMKblvaBphZWcp8kP8C4QASDAsoJrYJWCgICYB8gBCakCA7dZa_pfsj6oAwHIA5sEqgSPAk_QL-h2_fPGg2soJQ_MpIhdiQsGZjHRWuA8wX4CTJCqeZHERTomeZeqtJTAUTwkdXNC-UkHTh9aZiXG99RJI-KjZIUgaQCGwO979hxA8TCn-AT54QHYFLqRb9PR6NH4CDkDaJQiiOnzlMbWYFPfCZ9LuUPGEfVF6s3L0hOauRmHgKuKe835xFtGAEu4wY4vwtLJkZRIjCTjDnej2FVGsvvAn-_rKqY7JNr5KNJ0T_SVUo-7qY9ut3GKppHQXj7xYc_NXJipdYS_A0MPjTNI_IjmNf7yNOozp4hEEFsL1iyc0lE6kbwdjzN-7Fo2Y3BABiv98SWSVqUHKLWoES3lt87InsTgbrquG_wQU4c3u8vABOuP_I73A-AEA4gF76-WiD6QBgGgBk2AB6yt9Z8DqAfZtrECqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgH1ckbqAemvhuoB5oGqAfz0RuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIFgiA4YAQEAEYHTICqgI6AoBASL39wTqACgOYCwHICwGADAGiDBwqGgoY5LSxAu61sQK1uLEC5LSxAu61sQK7u7ECqg0CREXiDRMI2e68uqrnggMVY_oRCB0o6AQGsBOH77EV0BMA2BMDiBQB2BQB0BUB-BYBgBcB%26ae%3D1%26num%3D1%26cid%3DCAQSjAEAyAmmjdXSL2Y0H9VJCZPaQjCBCDib3R6BYIGbBFr_jtskmyabhZh9e9Xuhtm1M67gmsjsupyfTecZBADpuDdIL3MY5aR2eNE1xI2KIwdzE9qgeqThuD-Ka1MvLIU6is1B45i5EGJBFTy1NuZlZvrrq17sr4tR1-agymrF2_PW4EEG1Bij3B5MTHuEYxgB%26sig%3DAOD64_1Y_2-ZRR35yflblqF6XPIDJpVhfw%26client%3Dca-pub-7983651257838282%26dbm_c%3DAKAmf-CAyTXXbadhFSA-lCW5sl03Y8kf2jV4ee_yJ3UM3GG_jDfc_oenlYoLcVhmlZxi7tPn7uPXH5I8WXoDCAwNSymuqfTs3ffrEbZJK66bCp45vthPmsCsasZlvqx5xowCbTalV3xBNBcBLtzFZG0M0MziiNL5gpCMVvtH_EFl7l7-QsIWqAI%26cry%3D1%26dbm_d%3DAKAmf-Beg1XS4JDZUjbGc9rqDWed9CIwiN9gxtOFABEzs3iY0h6XoswKyfiXYoeBcUiBB3IMExVPrZ8jo1NQ-VsIgBicKRWuRV9FVeNTIiyZyGwt4nGMZmmNIPorKpp0iy5jUW-HITvP5CiudY2-bmTdZKByjMtcKDKDApUqkmSjhyYIlIserZhIO1R14ORKxLLkaMc8BN8AiMEVFzsDkoWzctwKY-4c23HWtV29I0L188aVrAcvGzjiQ9m9EBlUxmdCB1o92ZY70Hg3tQDKD-pARrVyVlybL859zSOdzO-EqXS3DwGaMYKa_H6vDi5wkcV8yumlHAwef6zt4pHI8U3DhwES6eXtmNhZlh4p5O3r5ahHzPtGErvnFjVGOyc4Ey5nAeThM7DYMecoU_GQejV91oQHv_hW9BhNxtYoL6Y07z-esAkXnp00jcz3ahM_GircBbj7I_zEQASg2F1OdE6AZ_z9aV16az_4fZsEQmZpd8BeD0khoonXo81e0oD5yKFf1M6EakLOCR5VT_Z2eiu9LAo7q_H3SNOURqaTcoCWUoHlcz3mhP4%26adurl%3D
Requested by: Host: 47edc2055ebf6f705c8dda5bf6329e59.safeframe.googlesyndication.com
URL: https://47edc2055ebf6f705c8dda5bf6329e59.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.63.157 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.157.63.201.138.clients.your-server.de
Software: Apache /
Resource Hash: fc4e402a4567150f1ed2fc6d4724d0a2c3af03b4830d04c924ecd3310b40664c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://47edc2055ebf6f705c8dda5bf6329e59.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date: Tue, 28 Nov 2023 18:33:24 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 4299
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 58ED 0
0 62ms
61ms Fetch
image/gif 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjssMzA8ZRsYDx9dUlwEolQ9CQsEhndTKL2stuB5GElezsG5TGyPf-r44opnYkH7vS9XiC6bLWuYSZBBjwiSBcZLVJfUaotQitR7aejA31RDiyweeaVZoRZ4z6Hxwz-QVTA3wNesjFt9L2VKxqs7_Fkm9r5k7vlOL9fmCUSPZX5sLGLdF2eu-sOqqrQgLKuZ1xdUlWQ-96zpwZluU0xhOsb7ggh3W16NzRG_TelUdCafdY6euLC4-obpFOETFyjpxcjn3xj71g3D5xerkem-X-Yw6LW6u2afU_tP298d8OzSVKEyTDyYHh5Q7Q5k-JHvxz6PBNwkS8lGC9vAmEYnxiL6IHYgyHyTaKZND0UwgrPhBx196R2R8erhJ3Yw5&sai=AMfl-YRtDvJ9gNrY21HGr8mr2XlJzz9nt9gzmtdO9claObZ5iOLoeu0ouDvshsznXiAAMuBAVvtJOWkKB4N0JzEyuS8zg3WksWk-5ZFXKsv7rPvfICdzK424RULusG_U-D9kEQoW7NGaYHPuNmP8ycslZY3Zi9BGQ9N0KIZSRiTSI0_qad0&sig=Cg0ArKJSzO2jJlwpW_0IEAE&uach_m=%5BUACH%5D&urlfix=1&adurl=

Requested by

Host: 47edc2055ebf6f705c8dda5bf6329e59.safeframe.googlesyndication.com
URL: https://47edc2055ebf6f705c8dda5bf6329e59.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://47edc2055ebf6f705c8dda5bf6329e59.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 18:33:23 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame 8451 213 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 74e57933319387bbdf961b65b978eedc4cbad7f61f8b2b6f47a7d0886ad95ea0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame 2811 209 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 1658b269a9afc892f8a1f498fc54b1a1d945f270c7ea4c227d56fb9cb69b5d56

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame 79C3 215 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 59511404e7b124b5c463ecc182f1a103bf66c45a54be37854d8e0589099ee8ba

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame F5AF 213 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: edb25d4948f45365d19947d467871cea6d24b32b95fc2f336f9e7ca1e5ed22db

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 show_ads_impl_with_ama_fy2021.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202311090101/ Frame E490 400 KB
135 KB 83ms
83ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-6593523210010154

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

48504d4f0bae1e1d8a3bc5a59a9fba63ac0af15b3ac1a7e8f5c97b4ac82abc03

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://47edc2055ebf6f705c8dda5bf6329e59.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 18:33:24 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 138527
x-xss-protection: 0
server: cafe
etag: 6710797847833913263
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Tue, 28 Nov 2023 18:33:24 GMT

GET
H2 200 privacy_small.svg
static.criteo.net/flash/icon/ Frame F869 2 KB
1 KB 38ms
37ms Image
image/svg+xml 2a02:2638:3::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/privacy_small.svg

Requested by

Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=ZWYycwAEeiQIVQPfAAL2UfSYyiBjb8u5Y3cquQ&u=%7CCHUt1JxnwakH4JHS9qwCAZHjfc7GEfoky1xjI5Sb1tA%3D%7C&c1=d4_i42wbpE2NRhSHxThdXdeadzG9gosNB-Ap14Pg0HmFAf1GHAR2jvULOd3YfT8Kie5-AMuoqyTirKgE-lWZetR_dn4DKQs-t3mH25TTTceXWo_t_NolwI5wSe02y7qsWW5E8HOmROjnDBtbHzUll1BiNRyDhybXxe-hVMgddY0mtwmXXIMYXGhuCOpv1qbZY3K-RYlar1u_c0JV5fd8Lm4cijTG7OcGEZlvLw_hfUk_Q26wq07Q0n8IPiamCqxrsCDRs_uv6hpKDmBSHHDDOv_6pyyPQxnnZc8m0kvw1oM7wg_VsOzYKo3xzgob-TqkMBG8JeKA3SjT9IkSmvdkF47V8RDmXgrF04RJh1FOXfkW5KwxzWuXzguIYPyjh94k5-Dl-PHfYZ0oillVvKZ_mztghdRvyun1Q8w8qSefpOaV60QL4_5xJjB14V8xbM9mDQJv6P7R759skW2hz-CXZUn6p8hbBvOIgzxtf4ZiSkeyE1qnTizL6lJUaBcvN4GNYZ2uDSpjS86jIpTw_O1iwCGVjk7pT-rGBtZwFLNI-meKNt89QuaRloDESOXyN7MElimZX2HJJ6-erv1wpGmxJDsgaoO0uHDf7eDKFsuUcLnor54nWuBWHhBWYZ_nI6Ww&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCfL7vczJmZaT0Ed-H1PIP0eyLqA7JntKxXNWdkfdwwI23ARABIABglYKAgJgHggEXY2EtcHViLTc5ODM2NTEyNTc4MzgyODLIAQmpApxeTIt2X7I-4AIAqAMByAMCqgSUAk_QvJBO9D29fZNRXgPD3zvpTB-qG1y_XiH_nterzwOc6R102me8-ld51yF_mAW1EKHmbFLtXSV9magbmAMMvQXZGQfjA69LIz0fa51mXH3DEvsFxXEtP-kZ_rDDtBCue7CQb9ONnQd0OQRccsdACh-82OKQrTyqIaDYYDo27L3Q25-FkLgkCRiyZOJqbA2KR-j3ukHILvd-7dBXrrNlIWeOVBc-IZNoo07Ubf_FzZeCAs3FywXPMkaF9la6Vo3LeJbGB6EhVTz3baHPMyvif8hXt57kfctwE1bizgJ9_HwWjscN1S13Wm0P-cPkGBG3rAD_RqtYoYsoLM4crPgct74sknsglUaG492i-3sZQAhdrujFwOAEAYAGt82s066CkqvvAaAGIagHpr4bqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCB0IgOGAEBABMgKqAjoCgEBIvf3BOljIhby6queCA_oLAggBgAwB4g0TCIm5vLqq54IDFd8DVQgdUfYC5dAVAYAXAQ%26num%3D1%26sig%3DAOD64_0H8FUQikVkJNAL7nWtYW9-ij9SEw%26client%3Dca-pub-7983651257838282%26adurl%3D

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

a71fdb2af0679f36edbf63eb7944dc2403c85572d9de916cfcb12bf6277c5c37

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 18:33:24 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Tue, 11 Feb 2020 14:30:28 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5e42ba84-6aa"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Fri, 22 Nov 2024 18:33:24 GMT

GET
H2 200 adchoices_de.svg
static.criteo.net/flash/icon/ Frame F869 2 KB
1 KB 41ms
41ms Image
image/svg+xml 2a02:2638:3::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/adchoices_de.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

f5ac04f16be2eb0fbb4477e9e100a88674bda296ce7acf2419ec2898858b37f1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 18:33:24 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Tue, 11 Feb 2020 14:27:58 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5e42b9ee-763"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Fri, 22 Nov 2024 18:33:24 GMT

GET
H2 200 close_button.svg
static.criteo.net/flash/icon/ Frame F869 308 B
636 B 38ms
37ms Image
image/svg+xml 2a02:2638:3::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/close_button.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

8ec89605fe3d580e9539c7b858e8f69ba4e26fe06377ebe04585397de23a7395

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 18:33:24 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Fri, 14 Feb 2020 13:51:32 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: "5e46a5e4-134"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
content-length: 308
expires: Fri, 22 Nov 2024 18:33:24 GMT

GET
H2 200 back_button2.svg
static.criteo.net/flash/icon/ Frame F869 293 B
621 B 42ms
42ms Image
image/svg+xml 2a02:2638:3::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/back_button2.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

725e869434fef8013208ed4c233d29744f9b363f867dcfb8f23e862880fa699a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 18:33:24 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Thu, 28 Apr 2022 09:09:48 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: "626a59dc-125"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
content-length: 293
expires: Fri, 22 Nov 2024 18:33:24 GMT

GET
H2 200 lg.php
cat.nl3.eu.criteo.com/delivery/ Frame F869 43 B
348 B 93ms
31ms Image
image/gif 178.250.1.6
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cat.nl3.eu.criteo.com/delivery/lg.php?cppv=3&cpp=zU2Q6jKNlFjoXtjz57-b76VN2zbWq_a8VZD0_dMxtED_IJ7aj64OHuCnNyxUv8564-VM6UCsvw3AI6llih3E8ypYAtbnsJmczgf76kvzDCh2ecl3RNglBZCrsBGlMB8kZ3wQGFU_dg-P54W5NI2FLf0ymA16a5TUfd9I1o70U5BBMlt4QiQzdrNQdbivNJErL6SwJiB6-mqJTmAG60CnorKnpXYEjtNbSipNZqUKlOQ9F-foPnbgXXhxgmsMgZJ_ohtx1vso5FtdsGB3Mil-Jj-qRo5EfaETGd69ZwyXVY8HYrFLLx-vHWRzNn24Mk4c-ROF05AYcGujKltBBIIZ7rYY8jGQeyl6_zwtEHezvjop2N0E5fV5YoO9_c_XX1qfQ0l9Kxs5roKN8hWb7Y4B88H3ziEEO0lupsoqdYX7Vr8DuTym

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.1.6 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 28 Nov 2023 18:33:23 GMT
strict-transport-security: max-age=31536000; preload;
server: Kestrel
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
content-type: image/gif
cache-control: no-cache
cross-origin-resource-policy: cross-origin
server-processing-duration-in-ticks: 3026471
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H2 200 m
secure-gl.imrworldwide.com/cgi-bin/ Frame F869 44 B
579 B 144ms
63ms Image
image/gif 2600:9000:225b:ac00:1e:a43d:b640:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://secure-gl.imrworldwide.com/cgi-bin/m?ca=nlsn184820&cr=crtve&ce=criteo&pc=criteo_plc0001&ci=nlsnci162&am=3&at=view&rt=banner&st=image&r=1701196403
Requested by: Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=ZWYycwAEeiQIVQPfAAL2UfSYyiBjb8u5Y3cquQ&u=%7CCHUt1JxnwakH4JHS9qwCAZHjfc7GEfoky1xjI5Sb1tA%3D%7C&c1=d4_i42wbpE2NRhSHxThdXdeadzG9gosNB-Ap14Pg0HmFAf1GHAR2jvULOd3YfT8Kie5-AMuoqyTirKgE-lWZetR_dn4DKQs-t3mH25TTTceXWo_t_NolwI5wSe02y7qsWW5E8HOmROjnDBtbHzUll1BiNRyDhybXxe-hVMgddY0mtwmXXIMYXGhuCOpv1qbZY3K-RYlar1u_c0JV5fd8Lm4cijTG7OcGEZlvLw_hfUk_Q26wq07Q0n8IPiamCqxrsCDRs_uv6hpKDmBSHHDDOv_6pyyPQxnnZc8m0kvw1oM7wg_VsOzYKo3xzgob-TqkMBG8JeKA3SjT9IkSmvdkF47V8RDmXgrF04RJh1FOXfkW5KwxzWuXzguIYPyjh94k5-Dl-PHfYZ0oillVvKZ_mztghdRvyun1Q8w8qSefpOaV60QL4_5xJjB14V8xbM9mDQJv6P7R759skW2hz-CXZUn6p8hbBvOIgzxtf4ZiSkeyE1qnTizL6lJUaBcvN4GNYZ2uDSpjS86jIpTw_O1iwCGVjk7pT-rGBtZwFLNI-meKNt89QuaRloDESOXyN7MElimZX2HJJ6-erv1wpGmxJDsgaoO0uHDf7eDKFsuUcLnor54nWuBWHhBWYZ_nI6Ww&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCfL7vczJmZaT0Ed-H1PIP0eyLqA7JntKxXNWdkfdwwI23ARABIABglYKAgJgHggEXY2EtcHViLTc5ODM2NTEyNTc4MzgyODLIAQmpApxeTIt2X7I-4AIAqAMByAMCqgSUAk_QvJBO9D29fZNRXgPD3zvpTB-qG1y_XiH_nterzwOc6R102me8-ld51yF_mAW1EKHmbFLtXSV9magbmAMMvQXZGQfjA69LIz0fa51mXH3DEvsFxXEtP-kZ_rDDtBCue7CQb9ONnQd0OQRccsdACh-82OKQrTyqIaDYYDo27L3Q25-FkLgkCRiyZOJqbA2KR-j3ukHILvd-7dBXrrNlIWeOVBc-IZNoo07Ubf_FzZeCAs3FywXPMkaF9la6Vo3LeJbGB6EhVTz3baHPMyvif8hXt57kfctwE1bizgJ9_HwWjscN1S13Wm0P-cPkGBG3rAD_RqtYoYsoLM4crPgct74sknsglUaG492i-3sZQAhdrujFwOAEAYAGt82s066CkqvvAaAGIagHpr4bqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCB0IgOGAEBABMgKqAjoCgEBIvf3BOljIhby6queCA_oLAggBgAwB4g0TCIm5vLqq54IDFd8DVQgdUfYC5dAVAYAXAQ%26num%3D1%26sig%3DAOD64_0H8FUQikVkJNAL7nWtYW9-ij9SEw%26client%3Dca-pub-7983651257838282%26adurl%3D
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:225b:ac00:1e:a43d:b640:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: 5ecb58845a9ac30e4eb4b18eb0e7431ba1fb195ce035309735efaee67421c7a3

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 18:33:24 GMT
via: 1.1 32162aed20605276097da109dc97c5b0.cloudfront.net (CloudFront)
x-amz-cf-pop: MUC50-P1
x-cache: Miss from cloudfront
p3p: P3P policyref="http://secure-gl.imrworldwide.com/w3c/p3p.xml", CP="NOI DSP COR NID PSA ADM OUR IND UNI NAV COM"
cross-origin-resource-policy: cross-origin
content-length: 44
pragma: no-cache
server: nginx
accept-ch: Sec-Ch-Ua-Model, Sec-Ch-Ua-Platform, Sec-Ch-Ua-Platform-Version
access-control-allow-methods: POST, OPTIONS
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache
x-amz-cf-id: A2cTVcLkEdbSvR1rdFBqo5qAQzpIrwnMxQaj7Vm7s_aieci_B5Khrg==
expires: Thu, 01 Dec 1994 16:00:00 GMT

GET
H3 200 62bHydCX.html Show response
tpc.googlesyndication.com/sodar/ Frame 2CED 38 KB
13 KB 21ms
21ms Document
text/html 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/62bHydCX.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Q12zgMmT.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

eb66c7c9d097d5ba414230f422484c17fa6f37157d30e1ded2cc5f65a9667987

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://47edc2055ebf6f705c8dda5bf6329e59.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 267313
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: br
content-length: 13045
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Sat, 25 Nov 2023 16:18:11 GMT
expires: Sun, 24 Nov 2024 16:18:11 GMT
last-modified: Fri, 25 Aug 2023 23:48:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame 6A26 212 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 595037caf8c890b62b819df7b1a156792c2e455b6ab92ac93cae6d87ab3b7da3

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame E75F 217 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e894790f94e3a05204133a40f03afc95448a6baa36b93ed42ea63b1139f779ac

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 webfontloader.js Show response
cdnjs.cloudflare.com/ajax/libs/webfont/1.6.28/ Frame F869 12 KB
5 KB 75ms
31ms Script
application/javascript 2606:4700::6811:180e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/webfont/1.6.28/webfontloader.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:180e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e0ee294b5487df566aad23b603fd902535634cfa957be8e7620396515afb1047

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 18:33:24 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
age: 612236
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 4420
last-modified: Mon, 04 May 2020 16:17:52 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb04030-30d9"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rLUkt1rxCUyzIgUNeXTfyBy%2BIDViytA4NqchZiVPAXBgIhT%2BENih9mqChvUpdpFD%2BR4iG47WGwwbEI%2FCNDwB94iVgJQz%2B9kOHlydnsNrJLE48Aa8A%2F5%2B5q9%2BL596FUWskvuny%2B5keK0i1K5IkP0KOnTY"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 82d4b2f58f3f8fe9-FRA
expires: Sun, 17 Nov 2024 18:33:24 GMT

GET
DATA 200
OK truncated
/ Frame E490 214 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: efe09652f2190403a1b77dd117d5cb7053301cc8d5677859ae31846c3a1d56d0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame 2BD2 207 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: f4fc90162e85811939db0e7f4e28a2bd21a6bbd016abf382698b5c1c2b0aba7e

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 f9d5f193fe704d30bc6e97384f41c8fe_relative-bold-pro.woff
static.criteo.net/design/dt/ Frame F869 57 KB
57 KB 152ms
77ms Font
application/octet-stream 2a02:2638:3::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.criteo.net/design/dt/f9d5f193fe704d30bc6e97384f41c8fe_relative-bold-pro.woff

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

0c94f7120af1dd1e52881cfb218fb4fda3f26d6971c0ebd317ba23b459dcaa1e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://ads.eu.criteo.com/
Origin: https://ads.eu.criteo.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 18:33:24 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Thu, 20 Apr 2023 14:26:14 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"64414b86-e41c"
content-type: text/plain; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Fri, 22 Nov 2024 18:33:24 GMT

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 1D77 0
16 B 305ms
304ms Document
text/html 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6593523210010154&output=html&adk=1812271804&adf=3279755403&plat=1%3A520%2C2%3A520%2C3%3A2163200%2C4%3A2163200%2C8%3A512%2C9%3A33288%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C26%3A512%2C27%3A512%2C30%3A1049088%2C32%3A32%2C41%3A32%2C42%3A32&format=0x0&url=https%3A%2F%2Fforeks.com%2F&ea=0&pra=5&wgl=1&easpi=0&asro=0&asiscm=1&aslmt=0.4&asamt=-1&asedf=0&asefa=1&aseiel=1~2&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1701196403826&bpp=1&bdt=284&idt=234&shv=r20231109&mjsv=m202311130101&ptt=9&saldr=aa&nras=1&correlator=1103237402201&frm=24&ife=3&pv=2&ga_vid=352957372.1701196404&ga_sid=1701196404&ga_hid=1507780256&ga_fc=0&nhd=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=728&ish=90&ifk=2017660139&scr_x=-12245933&scr_y=-12245933&eid=44759875%2C44759926%2C31079438%2C31078301%2C31079654%2C44807764%2C44808149%2C44808285%2C44809072&oid=2&pvsid=3473004041416471&tmod=1654307501&uas=0&nvt=1&fsapi=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C728%2C90&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=0&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=1&uci=1.52fbc6jwllxy&fsb=1&dtd=241

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202311130101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-6593523210010154&plah=47edc2055ebf6f705c8dda5bf6329e59.safeframe.googlesyndication.com&bust=31079654

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://47edc2055ebf6f705c8dda5bf6329e59.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 28 Nov 2023 18:33:24 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 show_ads_impl_with_ama_fy2021.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202311090101/ Frame 53C5 400 KB
135 KB 89ms
89ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-6593523210010154

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

1b985f9aa1ec76a17cf3c68a46b021562d55fd2e7733b28e6f74c4188696a3f0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://47edc2055ebf6f705c8dda5bf6329e59.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 18:33:24 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 138523
x-xss-protection: 0
server: cafe
etag: 6121466461828629010
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Tue, 28 Nov 2023 18:33:24 GMT

GET
H2 200 animejs.js Show response
static.criteo.net/animejs/ Frame F869 12 KB
6 KB 41ms
41ms Script
text/javascript 2a02:2638:3::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.criteo.net/animejs/animejs.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

a2e14a498cfcc1b6920f069a9d657ad3c6fbbe217dd26dbfe54815db5107fed6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 18:33:24 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Tue, 26 Mar 2019 17:44:11 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5c9a64eb-3181"
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Fri, 22 Nov 2024 18:33:24 GMT

GET
H2 200 img
imageproxy.eu.criteo.net/img/ Frame F869 5 KB
5 KB 140ms
45ms Image
image/png 2a02:2638:3::10
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://imageproxy.eu.criteo.net/img/img?h=176&m=0&partner=2861&q=80&r=0&u=https%3A%2F%2Fstatic.nl3.eu.criteo.net%2Fdesign%2Fdt%2F2861%2F230502%2F6c678b4c3aaa4eb8985bff7ee55cf9b8_stepstone_job_portal_negative_rgb.png&v=3&w=196&rid=4&s=MGdIybDpXXl9QBrq49pxKI_L

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::10 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

3209947ef5d4b55b88a7e0d39ab85696dc6703ac784b476abc58c7b28463d79e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 18:33:23 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Kestrel
content-type: image/png
cache-control: public, max-age=31104000
timing-allow-origin: *
content-length: 4848
expires: Mon, 04 Nov 2024 04:58:57 GMT

GET
H2 200 img
imageproxy.eu.criteo.net/img/ Frame F869 3 KB
3 KB 191ms
96ms Image
image/png 2a02:2638:3::10
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://imageproxy.eu.criteo.net/img/img?cq=256&h=400&m=0&partner=2861&q=80&r=0&u=http%3A%2F%2Fwww.stepstone.de%2Fupload_DE%2Flogo%2F2%2FlogoIU-Internationale-Hochschule-97654DE-2103221157.gif%3Feb%3D1&v=3&w=400&rid=4&s=gP3pMksfe2wR9CVe_osOFCFA&b=400

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::10 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

c82162a5a7f4a06b7a8766275c1cbf2f28fa93ca2bd34336d25a7f7b13616892

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 18:33:23 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Kestrel
content-type: image/png
cache-control: public, max-age=43184
timing-allow-origin: *
content-length: 3241
expires: Wed, 29 Nov 2023 00:39:03 GMT

GET
H2 200 img
imageproxy.eu.criteo.net/img/ Frame F869 10 KB
10 KB 182ms
88ms Image
image/png 2a02:2638:3::10
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://imageproxy.eu.criteo.net/img/img?cq=256&h=400&m=0&partner=2861&q=80&r=0&u=http%3A%2F%2Fwww.stepstone.de%2Fupload_DE%2Flogo%2F2%2FlogoDEKRA-Automobil-GmbH-20723DE-2203012145.gif%3Feb%3D1&v=3&w=400&rid=4&s=pK97DVJTjaNqJ1-rAMnXEYu7&b=400

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::10 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

35e85f594c04ef934a854211495ca955eb7e122feca413160f2d7e6a093319f4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 18:33:23 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Kestrel
content-type: image/png
cache-control: public, max-age=85500
timing-allow-origin: *
content-length: 9777
expires: Wed, 29 Nov 2023 16:41:28 GMT

GET
H2 200 img
imageproxy.eu.criteo.net/img/ Frame F869 3 KB
3 KB 190ms
95ms Image
image/png 2a02:2638:3::10
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://imageproxy.eu.criteo.net/img/img?cq=256&h=400&m=0&partner=2861&q=80&r=0&u=http%3A%2F%2Fwww.stepstone.de%2Fupload_DE%2Flogo%2FB%2FlogoBITMARCK_HOLDING_GMBH_65494DE.gif%3Feb%3D1&v=3&w=400&rid=4&s=hyZQ2taKRtRIsy6k6q7LUYVb&b=400

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::10 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

da0664b7efdcc5c22d0f37d64ca3b2db52c4257ed285b9c5f4b9f2e23b5477ae

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 18:33:24 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Kestrel
content-type: image/png
cache-control: public, max-age=86338
timing-allow-origin: *
content-length: 2563
expires: Wed, 29 Nov 2023 15:10:16 GMT

POST
H2 200 all
csm.eu.criteo.net/ Frame F869 0
128 B 134ms
44ms Ping
text/plain 2a02:2638:3::1a
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://csm.eu.criteo.net/all?cppv=3&cpp=J12uW24CMuzesSdXbZAmtrBSVxtf3RF0KlqXKsFHWJF-TX1O8hKjQtFK70BRWBV627835QJ3qtVjSNA9zWGvH4H2svnis0DzkxbocB_udy4xXNZCTiwLiOrHLnZMwSAFhZ1dOZb4ORRF8HwBTbtyKUpY2yB1tSIXwKA-A3qV5gNAmr30Wctn17Zc9ugEErZmEJ3JOVHzqPLjnIhQpNXWP00GErDGr7S9d9RC6hO15hyFZKscYokYe2YL7ytr6wUofPQ8zQ&sds=2&rev=89278&sendBeacon=true

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::1a , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Finatra /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://ads.eu.criteo.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: *
date: Tue, 28 Nov 2023 18:33:23 GMT
strict-transport-security: max-age=31536000; preload;
cross-origin-resource-policy: cross-origin
server: Finatra
content-length: 0

GET
H2 200 criteo_logo_2021.svg
static.criteo.net/flash/icon/ Frame F869 2 KB
1 KB 38ms
37ms Image
image/svg+xml 2a02:2638:3::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/criteo_logo_2021.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

a0e62ca4a82bef79bbe9dc2aba6c0782a7d8eca046bb1baa30ee91ec37931553

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 18:33:24 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Thu, 27 May 2021 13:21:59 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"60af9cf7-891"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Fri, 22 Nov 2024 18:33:24 GMT

GET
H2 200 privacy.svg
static.criteo.net/flash/icon/ Frame F869 2 KB
1 KB 39ms
39ms Image
image/svg+xml 2a02:2638:3::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/privacy.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

095c997695f6a290fdba58b778eb0a0fdcdd9c108669e41265527a262223f1e6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 18:33:24 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 19 Feb 2020 10:57:21 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5e4d1491-646"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Fri, 22 Nov 2024 18:33:24 GMT

GET
H3 200 show_ads_impl_with_ama_fy2021.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202311140101/ Frame 2BD2 397 KB
134 KB 91ms
91ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202311140101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-6593523210010154&plah=47edc2055ebf6f705c8dda5bf6329e59.safeframe.googlesyndication.com&bust=31079756

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-6593523210010154

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

cd95cecd716db33446afbe8d93bae288bec7a6c98793dfd57b05838e78c31544

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://47edc2055ebf6f705c8dda5bf6329e59.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 18:33:24 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 137293
x-xss-protection: 0
server: cafe
etag: 10228303457929370680
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Tue, 28 Nov 2023 18:33:24 GMT

GET
H2 200 privacy_small.svg
static.criteo.net/flash/icon/ Frame 06B3 2 KB
1 KB 40ms
39ms Image
image/svg+xml 2a02:2638:3::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/privacy_small.svg

Requested by

Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=ZWYycwAEhBEIVQ5FAAXbZri0uAbCZgrzwIk1tg&u=%7CCHUt1JxnwalLSk3feGSleflDt%2FNJtXiizA3gcmZ1Tpk%3D%7C&c1=d4_i42wbpE2NRhSHxThdXdeadzG9gosNB-Ap14Pg0HmFAf1GHAR2jvULOd3YfT8Kie5-AMuoqyTirKgE-lWZerJzy_6TFTHFYdkwz5j5RRYpPeZjyNWnDBsGwLq5SVWy7FJjTd5_knL3sfbgSQFwtKyNL-ZCgR_rky4sUWSXKRwTr8xHvLaB557PRu-jrwl2yDMX4FnW2Ld7r6PT3oeN8JUCLTFWpceGhj38WbC7FzNZDQXRHFXDYEgcCNe0grGCZVuauRGPfzSZHPT989lwhJqOIoLZoopKUAGB6sn0QTph-5Txrg4-Yk1jyuvRR0vN-Y2HsagfoR-uv8KrqRwAzNqVW134qxeF72A9cBUsxFXT6epFu_1RHHaO1V8KJjt6Hz6lTP0PNfttkbqlVIXHBG-CMhmErWAA77blWnOf2isG9kbNnPA2X5CSbynvC44RKPnaR4o8wMLwmwe14vDfs0Cv8w3idE238tUn0jogJ3xXCCpmt17aV7p0jUEyptjmnkT18XdlNxKyJwUgsVIoAnKRP0p-4UYTgJUGF4b9XOxRt1B5XcnxhSMcBav6PPR3jt5ubIBmRO7RN27YE3TtVrim4suG89kYfW4lhWm-5l-IES-2ONfu8kV6oH0a3BqypTPThnlcKYY&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC6lmkczJmZZGIEsWc1PIP5raXiA_JntKxXNWdkfdwwI23ARABIABglYKAgJgHggEXY2EtcHViLTc5ODM2NTEyNTc4MzgyODLIAQmpAgcCFcmwXrI-4AIAqAMByAMCqgSYAk_Q_uroDNbMSsEAG7zIUoDJ-p2dAf3x4jfh3OHACsCkq2Pc3h0LqutpAIMbDs1oldpZV3cdYuGJnfOXH2RJuM9Cfkn2IEr0QflaZS9DWxrOHQJOL4DSyA1agFb65lyMQ1ll7llYNn9khStzpqoTx2KYrhYDg52HsnewhkxAUZ7CFKJGuEUHOyXPKvORUEUAlSxVCTnSm9D3jzo663LfGbSdet3Fr9oCnJTgiQJUxUeiMvl50YMElsgvGz5SN79jPHUn40ViPqFMJrLPi9ri756Z2Ay8i5mHUmjlzaeEDluyhZWboHyibgB9xX9H1ZQ1bRJLoO6yUxfomlHltzli2juxvZN6UGge8KxAAYfGWTHldB_4EffPpTDgBAGABuzopabn8ve5jQGgBiGoB6a-G6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggUCIDhgBAQATICqgI6AoBASL39wTr6CwIIAYAMAeINEwiV1by6queCAxVFDlUIHWbbBfHQFQGAFwE%26num%3D1%26sig%3DAOD64_0F_WdCYQIM8Y_CPY24dqhSebKGgA%26client%3Dca-pub-7983651257838282%26adurl%3D

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

a71fdb2af0679f36edbf63eb7944dc2403c85572d9de916cfcb12bf6277c5c37

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 18:33:24 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Tue, 11 Feb 2020 14:30:28 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5e42ba84-6aa"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Fri, 22 Nov 2024 18:33:24 GMT

GET
H2 200 adchoices_de.svg
static.criteo.net/flash/icon/ Frame 06B3 2 KB
1 KB 41ms
40ms Image
image/svg+xml 2a02:2638:3::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/adchoices_de.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

f5ac04f16be2eb0fbb4477e9e100a88674bda296ce7acf2419ec2898858b37f1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 18:33:24 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Tue, 11 Feb 2020 14:27:58 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5e42b9ee-763"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Fri, 22 Nov 2024 18:33:24 GMT

GET
H2 200 close_button.svg
static.criteo.net/flash/icon/ Frame 06B3 308 B
636 B 38ms
38ms Image
image/svg+xml 2a02:2638:3::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/close_button.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

8ec89605fe3d580e9539c7b858e8f69ba4e26fe06377ebe04585397de23a7395

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 18:33:24 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Fri, 14 Feb 2020 13:51:32 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: "5e46a5e4-134"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
content-length: 308
expires: Fri, 22 Nov 2024 18:33:24 GMT

GET
H2 200 back_button2.svg
static.criteo.net/flash/icon/ Frame 06B3 293 B
621 B 38ms
38ms Image
image/svg+xml 2a02:2638:3::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/back_button2.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

725e869434fef8013208ed4c233d29744f9b363f867dcfb8f23e862880fa699a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 18:33:24 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Thu, 28 Apr 2022 09:09:48 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: "626a59dc-125"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
content-length: 293
expires: Fri, 22 Nov 2024 18:33:24 GMT

GET
H2 200 lg.php
cat.nl3.eu.criteo.com/delivery/ Frame 06B3 43 B
347 B 31ms
30ms Image
image/gif 178.250.1.6
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cat.nl3.eu.criteo.com/delivery/lg.php?cppv=3&cpp=vez7lweQhRs8a2rz4aLfmK3O3cr_8pn8zAUCnLuokmqbFXMdF_QkanxrZb9F0Zc0m-0tyIaWhi_2kPWlfgkb0bXrCyrDwZTfOCXVc0yvzibxZiIHKehowrXdTIIlVnHhXeMVcSJ6bGXYexfp5_HFp3sS1TXTeiOZD_VyUiBcZgu-Kcyq7WZPGfST5fN9OJ_za4A1ckx0dZmthuaZaJK0k6B-fS2nYzZ5eIpVKJdW3M4-VRMKMAbubgtIReIR51zsR2iLIveXDH639qRQoJBnVwO1uYMP5ZknYB7-lciZUT7d0WxZ2vsN9xb0Z1MMuhaEheuvM5ArMLpeQpMtBrMS8PKNaQ9nu5DhPt0iNGcTpifbY05sPxaG_ZppJSYqPtfnB5QUGJeszHgirqKJt21HJMU9fMzoQ-7FOx1tIQGGeOGowO9aJqPxFPU3-qfHOG1Ekh6J3Q

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.1.6 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 28 Nov 2023 18:33:23 GMT
strict-transport-security: max-age=31536000; preload;
server: Kestrel
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
content-type: image/gif
cache-control: no-cache
cross-origin-resource-policy: cross-origin
server-processing-duration-in-ticks: 2153786
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H/1.1

200
OK

request.php Show response
hal900023.redintelligence.net/ Frame D026
Redirect Chain

https://hal900023.redintelligence.net/request.php?zone=g72h7lz2c4az&nw=20&renderingType=javascript&namespace=5338681b41&subid=&uid=52acbdb6958043a8&screenSize=1600x1200&screenSizeAvail=1600x1200&cl...
https://hal900023.redintelligence.net/request.php?zone=g72h7lz2c4az&nw=20&renderingType=javascript&namespace=5338681b41&subid=&uid=52acbdb6958043a8&screenSize=1600x1200&screenSizeAvail=1600x1200&cl...

4 KB
2 KB

160ms
108ms

Script
application/x-javascript

78.46.23.46
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal900023.redintelligence.net/request.php?zone=g72h7lz2c4az&nw=20&renderingType=javascript&namespace=5338681b41&subid=&uid=52acbdb6958043a8&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=728x90&scrollPos=0x0&extData[]=&extVar[]=DV360_SSP%3A1&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCzepsczJmZYKMEuP0x_APqNCTMKblvaBphZWcp8kP8C4QASDAsoJrYJWCgICYB8gBCakCA7dZa_pfsj6oAwHIA5sEqgSPAk_QL-h2_fPGg2soJQ_MpIhdiQsGZjHRWuA8wX4CTJCqeZHERTomeZeqtJTAUTwkdXNC-UkHTh9aZiXG99RJI-KjZIUgaQCGwO979hxA8TCn-AT54QHYFLqRb9PR6NH4CDkDaJQiiOnzlMbWYFPfCZ9LuUPGEfVF6s3L0hOauRmHgKuKe835xFtGAEu4wY4vwtLJkZRIjCTjDnej2FVGsvvAn-_rKqY7JNr5KNJ0T_SVUo-7qY9ut3GKppHQXj7xYc_NXJipdYS_A0MPjTNI_IjmNf7yNOozp4hEEFsL1iyc0lE6kbwdjzN-7Fo2Y3BABiv98SWSVqUHKLWoES3lt87InsTgbrquG_wQU4c3u8vABOuP_I73A-AEA4gF76-WiD6QBgGgBk2AB6yt9Z8DqAfZtrECqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgH1ckbqAemvhuoB5oGqAfz0RuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIFgiA4YAQEAEYHTICqgI6AoBASL39wTqACgOYCwHICwGADAGiDBwqGgoY5LSxAu61sQK1uLEC5LSxAu61sQK7u7ECqg0CREXiDRMI2e68uqrnggMVY_oRCB0o6AQGsBOH77EV0BMA2BMDiBQB2BQB0BUB-BYBgBcB%26ae%3D1%26num%3D1%26cid%3DCAQSjAEAyAmmjdXSL2Y0H9VJCZPaQjCBCDib3R6BYIGbBFr_jtskmyabhZh9e9Xuhtm1M67gmsjsupyfTecZBADpuDdIL3MY5aR2eNE1xI2KIwdzE9qgeqThuD-Ka1MvLIU6is1B45i5EGJBFTy1NuZlZvrrq17sr4tR1-agymrF2_PW4EEG1Bij3B5MTHuEYxgB%26sig%3DAOD64_1Y_2-ZRR35yflblqF6XPIDJpVhfw%26client%3Dca-pub-7983651257838282%26dbm_c%3DAKAmf-CAyTXXbadhFSA-lCW5sl03Y8kf2jV4ee_yJ3UM3GG_jDfc_oenlYoLcVhmlZxi7tPn7uPXH5I8WXoDCAwNSymuqfTs3ffrEbZJK66bCp45vthPmsCsasZlvqx5xowCbTalV3xBNBcBLtzFZG0M0MziiNL5gpCMVvtH_EFl7l7-QsIWqAI%26cry%3D1%26dbm_d%3DAKAmf-Beg1XS4JDZUjbGc9rqDWed9CIwiN9gxtOFABEzs3iY0h6XoswKyfiXYoeBcUiBB3IMExVPrZ8jo1NQ-VsIgBicKRWuRV9FVeNTIiyZyGwt4nGMZmmNIPorKpp0iy5jUW-HITvP5CiudY2-bmTdZKByjMtcKDKDApUqkmSjhyYIlIserZhIO1R14ORKxLLkaMc8BN8AiMEVFzsDkoWzctwKY-4c23HWtV29I0L188aVrAcvGzjiQ9m9EBlUxmdCB1o92ZY70Hg3tQDKD-pARrVyVlybL859zSOdzO-EqXS3DwGaMYKa_H6vDi5wkcV8yumlHAwef6zt4pHI8U3DhwES6eXtmNhZlh4p5O3r5ahHzPtGErvnFjVGOyc4Ey5nAeThM7DYMecoU_GQejV91oQHv_hW9BhNxtYoL6Y07z-esAkXnp00jcz3ahM_GircBbj7I_zEQASg2F1OdE6AZ_z9aV16az_4fZsEQmZpd8BeD0khoonXo81e0oD5yKFf1M6EakLOCR5VT_Z2eiu9LAo7q_H3SNOURqaTcoCWUoHlcz3mhP4%26adurl%3D&documentReferer=https%3A%2F%2Fforeks.com%2F&ancestorOrigins=https%3A%2F%2Fforeks.com&random=4213995101089&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0&uidRedirect=1
Requested by: Host: 47edc2055ebf6f705c8dda5bf6329e59.safeframe.googlesyndication.com
URL: https://47edc2055ebf6f705c8dda5bf6329e59.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: HTTP/1.1
Server: 78.46.23.46 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.46.23.46.78.clients.your-server.de
Software: Apache /
Resource Hash: f3d846f975b75dd38fe6fd59c7cc54dfc8a75d1961fde4658c622004e772fe4f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://47edc2055ebf6f705c8dda5bf6329e59.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 28 Nov 2023 18:33:24 GMT
Content-Encoding: gzip
Server: Apache
Vary: Accept-Encoding
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: application/x-javascript; charset=utf-8
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
X-NEORY-SubId: 19872200158888404444550012522023
Connection: close
Content-Length: 1325
Expires: Tue, 28 Nov 2023 18:33:24 +0100

Redirect headers

Pragma: no-cache
Date: Tue, 28 Nov 2023 18:33:24 GMT
Server: Apache
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Location: request.php?zone=g72h7lz2c4az&nw=20&renderingType=javascript&namespace=5338681b41&subid=&uid=52acbdb6958043a8&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=728x90&scrollPos=0x0&extData[]=&extVar[]=DV360_SSP%3A1&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCzepsczJmZYKMEuP0x_APqNCTMKblvaBphZWcp8kP8C4QASDAsoJrYJWCgICYB8gBCakCA7dZa_pfsj6oAwHIA5sEqgSPAk_QL-h2_fPGg2soJQ_MpIhdiQsGZjHRWuA8wX4CTJCqeZHERTomeZeqtJTAUTwkdXNC-UkHTh9aZiXG99RJI-KjZIUgaQCGwO979hxA8TCn-AT54QHYFLqRb9PR6NH4CDkDaJQiiOnzlMbWYFPfCZ9LuUPGEfVF6s3L0hOauRmHgKuKe835xFtGAEu4wY4vwtLJkZRIjCTjDnej2FVGsvvAn-_rKqY7JNr5KNJ0T_SVUo-7qY9ut3GKppHQXj7xYc_NXJipdYS_A0MPjTNI_IjmNf7yNOozp4hEEFsL1iyc0lE6kbwdjzN-7Fo2Y3BABiv98SWSVqUHKLWoES3lt87InsTgbrquG_wQU4c3u8vABOuP_I73A-AEA4gF76-WiD6QBgGgBk2AB6yt9Z8DqAfZtrECqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgH1ckbqAemvhuoB5oGqAfz0RuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIFgiA4YAQEAEYHTICqgI6AoBASL39wTqACgOYCwHICwGADAGiDBwqGgoY5LSxAu61sQK1uLEC5LSxAu61sQK7u7ECqg0CREXiDRMI2e68uqrnggMVY_oRCB0o6AQGsBOH77EV0BMA2BMDiBQB2BQB0BUB-BYBgBcB%26ae%3D1%26num%3D1%26cid%3DCAQSjAEAyAmmjdXSL2Y0H9VJCZPaQjCBCDib3R6BYIGbBFr_jtskmyabhZh9e9Xuhtm1M67gmsjsupyfTecZBADpuDdIL3MY5aR2eNE1xI2KIwdzE9qgeqThuD-Ka1MvLIU6is1B45i5EGJBFTy1NuZlZvrrq17sr4tR1-agymrF2_PW4EEG1Bij3B5MTHuEYxgB%26sig%3DAOD64_1Y_2-ZRR35yflblqF6XPIDJpVhfw%26client%3Dca-pub-7983651257838282%26dbm_c%3DAKAmf-CAyTXXbadhFSA-lCW5sl03Y8kf2jV4ee_yJ3UM3GG_jDfc_oenlYoLcVhmlZxi7tPn7uPXH5I8WXoDCAwNSymuqfTs3ffrEbZJK66bCp45vthPmsCsasZlvqx5xowCbTalV3xBNBcBLtzFZG0M0MziiNL5gpCMVvtH_EFl7l7-QsIWqAI%26cry%3D1%26dbm_d%3DAKAmf-Beg1XS4JDZUjbGc9rqDWed9CIwiN9gxtOFABEzs3iY0h6XoswKyfiXYoeBcUiBB3IMExVPrZ8jo1NQ-VsIgBicKRWuRV9FVeNTIiyZyGwt4nGMZmmNIPorKpp0iy5jUW-HITvP5CiudY2-bmTdZKByjMtcKDKDApUqkmSjhyYIlIserZhIO1R14ORKxLLkaMc8BN8AiMEVFzsDkoWzctwKY-4c23HWtV29I0L188aVrAcvGzjiQ9m9EBlUxmdCB1o92ZY70Hg3tQDKD-pARrVyVlybL859zSOdzO-EqXS3DwGaMYKa_H6vDi5wkcV8yumlHAwef6zt4pHI8U3DhwES6eXtmNhZlh4p5O3r5ahHzPtGErvnFjVGOyc4Ey5nAeThM7DYMecoU_GQejV91oQHv_hW9BhNxtYoL6Y07z-esAkXnp00jcz3ahM_GircBbj7I_zEQASg2F1OdE6AZ_z9aV16az_4fZsEQmZpd8BeD0khoonXo81e0oD5yKFf1M6EakLOCR5VT_Z2eiu9LAo7q_H3SNOURqaTcoCWUoHlcz3mhP4%26adurl%3D&documentReferer=https%3A%2F%2Fforeks.com%2F&ancestorOrigins=https%3A%2F%2Fforeks.com&random=4213995101089&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0&uidRedirect=1
Content-Type: text/html; charset=UTF-8
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Connection: close
Content-Length: 0
Expires: Tue, 28 Nov 2023 18:33:24 +0100

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 75DB 39 KB
16 KB 498ms
498ms Document
text/html 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6593523210010154&output=html&h=90&slotname=9586219513&adk=1165138949&adf=3173046726&pi=t.ma~as.9586219513&w=728&format=728x90&url=https%3A%2F%2Fforeks.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1701196403827&bpp=1&bdt=285&idt=338&shv=r20231109&mjsv=m202311130101&ptt=9&saldr=aa&prev_fmts=0x0&nras=1&correlator=1103237402201&frm=24&ife=3&pv=1&ga_vid=352957372.1701196404&ga_sid=1701196404&ga_hid=1507780256&ga_fc=0&nhd=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=728&ish=90&ifk=2017660139&scr_x=-12245933&scr_y=-12245933&eid=44759875%2C44759926%2C31079438%2C31078301%2C31079654%2C44807764%2C44808149%2C44808285%2C44809072&oid=2&pvsid=3473004041416471&tmod=1654307501&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C728%2C90&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=2.m0hjxogem1hu&fsb=1&dtd=340

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

de9bb3e58f837a29cf3a31068bdf4c216576f066d162a6c626843deb5253ca1c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://47edc2055ebf6f705c8dda5bf6329e59.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: br
content-length: 16681
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 28 Nov 2023 18:33:24 GMT
observe-browsing-topics: ?1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 privacy_small.svg
static.criteo.net/flash/icon/ Frame C8AE 2 KB
1 KB 39ms
38ms Image
image/svg+xml 2a02:2638:3::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/privacy_small.svg

Requested by

Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=ZWYycwAEcYgK4DoDAAhYC6FDvACBUxSfs6n-4A&u=%7CCHUt1JxnwanfIpJaWe%2FYu5JDCtNJ3pPAYhzCv0%2FY%2BNY%3D%7C&c1=d4_i42wbpE2NRhSHxThdXdeadzG9gosNB-Ap14Pg0HmFAf1GHAR2jvULOd3YfT8Kie5-AMuoqyTirKgE-lWZegnr1D5uy3PZ18YzHvnUASX1kSDMk8cfIgg63Cjj-HH5vJjE_du_WMXYmFff3XLQF_VB0AenOc0S0lawJKgeD45RiCGtQWlZf0YnDpwD4YPdQyWhtUzU-pq3tPLFARCLTIkcg_P_hoys9LbwNNlNtwE3jK4dLDBU8c9WE137ynDwhGPQ3ZBKOxrfLK0yqLdjWlOgjnXh4JpyD4Th0zgBZ7sQFepPYQbniHPfVkCsE8BiMYg5SlFenllskutSriSXROYzKiH1XQ9TLphn0ZMiLt-t2PoP0-xzeuB5gyjgNOEehwvTIrW59XtZFnJF0Mgoo6RiZnvXYD2GzGi251ZAE-AloxdwHvYrwm6xMh5isLIn8ExnuN1BVsz9QchSYm0yqVZAkRyyGXYxdxi9PfhtAxQK2_7x5YxlFtjmH0Bod-ru2-GLvuRa2K5uKm5aF1JZvyLSODZsbpxDr2HcC2j9rGqGwihy1G_TsUxium81aWjZGjOqc3e4gt_VUKvLiE81uakW90xI-AgmpBqi_LhFSnbQ3LCkQ6sqVkzsJ-4FD1Vj&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCXtMHczJmZYjjEYP0gAeLsKFAyZ7SsVzVnZH3cMCNtwEQASAAYJWCgICYB4IBF2NhLXB1Yi03OTgzNjUxMjU3ODM4MjgyyAEJqQKcXkyLdl-yPuACAKgDAcgDAqoEoQJP0GRjlBQYmI7tD5ctThWX6P6XXvWlKGdX3x_CHKAqpWqKJMIz2s0K3naEYegH77pHknyz8P8mF-gwIkt90r8JIpGR0E9m2qcetxRNFzE6aXfQWRXDN_IOIITBt74j47qmUoPSvFUDLYzHo2xOrGxwzovdf0eHLVUqHRvASEbs_jKI80QJRxEe1aIYMWSNOkeRpnOcaNi0KHHG73ZoHHsYVHnD5cDuUQ7yKcFfbrdxOMa6PHnxtU3qhScTZ5w2WSvTlXgCVlh7yHBbQqcZzOI8JlTnyGx2jbuIcKUpbe1FVE9d0-l2s-n8Dn4az1-RNxLCJ4qL9wrLLnsLD1fktVUletQi-XH4dgJ3gir62_wkfiPo29-BhSgG_dJtlw4WxKjV4AQBgAaO1LKct7KlrWKgBiGoB6a-G6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggUCIDhgBAQATICqgI6AoBASL39wTr6CwIIAYAMAeINEwjy2ry6queCAxUDOuAKHQtYCAjQFQGAFwE%26num%3D1%26sig%3DAOD64_3JOZkM_FiEpq2Lo9km-E0pZhYfuA%26client%3Dca-pub-7983651257838282%26adurl%3D

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

a71fdb2af0679f36edbf63eb7944dc2403c85572d9de916cfcb12bf6277c5c37

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 18:33:24 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Tue, 11 Feb 2020 14:30:28 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5e42ba84-6aa"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Fri, 22 Nov 2024 18:33:24 GMT

GET
H2 200 adchoices_de.svg
static.criteo.net/flash/icon/ Frame C8AE 2 KB
1 KB 37ms
37ms Image
image/svg+xml 2a02:2638:3::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/adchoices_de.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

f5ac04f16be2eb0fbb4477e9e100a88674bda296ce7acf2419ec2898858b37f1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 18:33:24 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Tue, 11 Feb 2020 14:27:58 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5e42b9ee-763"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Fri, 22 Nov 2024 18:33:24 GMT

GET
H2 200 close_button.svg
static.criteo.net/flash/icon/ Frame C8AE 308 B
636 B 41ms
41ms Image
image/svg+xml 2a02:2638:3::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/close_button.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

8ec89605fe3d580e9539c7b858e8f69ba4e26fe06377ebe04585397de23a7395

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 18:33:24 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Fri, 14 Feb 2020 13:51:32 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: "5e46a5e4-134"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
content-length: 308
expires: Fri, 22 Nov 2024 18:33:24 GMT

GET
H2 200 back_button2.svg
static.criteo.net/flash/icon/ Frame C8AE 293 B
621 B 40ms
39ms Image
image/svg+xml 2a02:2638:3::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/back_button2.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

725e869434fef8013208ed4c233d29744f9b363f867dcfb8f23e862880fa699a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 18:33:24 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Thu, 28 Apr 2022 09:09:48 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: "626a59dc-125"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
content-length: 293
expires: Fri, 22 Nov 2024 18:33:24 GMT

GET
H2 200 lg.php
cat.nl3.eu.criteo.com/delivery/ Frame C8AE 43 B
347 B 32ms
32ms Image
image/gif 178.250.1.6
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cat.nl3.eu.criteo.com/delivery/lg.php?cppv=3&cpp=jgHZZp_ghD6c-7TLfgwwD-yud9NiSdzcD7eYb7IyCAL4YWr98PxKSeEF9LoplkgPK_r6sIiIp-rs1YQ0i1m9__yCmpqWEzIiR-8mHGh9t9X2DmDWoozexWTRaoW6WSwQh1HlPgmr_ijGi_xGDJ1CZh6oT7-cYzuisSIgyEZjuURpXeiHKR-_5zTCuNAGQJYjf7GwGuG9o-8ZxsoB_vOMJKbJrPEr-iU-Hkmotc-Rjxd7UE_fKQ2IgkH7KY2rtjvK8Y6SgQ9flP69fWn-UkZlknhZbDM1MGZsWXdya1uVxkPE5_QFGe3YZXslgdqfFDq63xUOk2DI4PNx6m1t_4uks7fSWg6FXppIHA9WaXFN5CCAVqzJ0f-iudZ1-9nDWPtdtAGJ5sqF3_CkxpvTVeO37VWEAyiqvP0Jpea8fDitdFiVDq4O

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.1.6 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 28 Nov 2023 18:33:24 GMT
strict-transport-security: max-age=31536000; preload;
server: Kestrel
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
content-type: image/gif
cache-control: no-cache
cross-origin-resource-policy: cross-origin
server-processing-duration-in-ticks: 2281348
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H2 200 64f06d40e4b0a5353b1171f6
ng2.virgul.com/tck/imp/ 0
209 B 66ms
59ms Image
text/plain 185.7.176.222
SH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ng2.virgul.com/tck/imp/64f06d40e4b0a5353b1171f6?g=1&t=gb&r=158529@site_geneli@foreks:site_geneli&l=&c=%2Cas%2Crc0%2Chf1%2Cvv1&info=&mt=1701196402186&userId=vnet7b02ca45-a86b-447b-abe0-0c93ef55687a
Requested by: Host: foreks.com
URL: https://foreks.com/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 185.7.176.222 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://foreks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

access-control-allow-origin: https://foreks.com
date: Tue, 28 Nov 2023 18:33:24 GMT
access-control-allow-credentials: true
expires: Tue, 04 Jan 2022 10:49:40 GMT
server: openresty/1.15.8.3
content-length: 0
p3p: CP='IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT'

GET
H2 200 webfontloader.js Show response
cdnjs.cloudflare.com/ajax/libs/webfont/1.6.28/ Frame 06B3 12 KB
5 KB 30ms
29ms Script
application/javascript 2606:4700::6811:180e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/webfont/1.6.28/webfontloader.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:180e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e0ee294b5487df566aad23b603fd902535634cfa957be8e7620396515afb1047

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 18:33:24 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
age: 612236
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 4420
last-modified: Mon, 04 May 2020 16:17:52 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb04030-30d9"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=v3zkCjg0cPxPGK58IgSCy30bsoKh027CXqWfpN0GJHvzYHMVcTKS8JTxwa%2FgWftsEfhFMNgyRTbqGOd2rVXOPamNQ1T79jEJDoAFR419BOyAXEWqnsKQue%2FnBO80aPMvWA3oaVHlieB9n70hf3n5kzh3"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 82d4b2f64ffb8fe9-FRA
expires: Sun, 17 Nov 2024 18:33:24 GMT

GET
H2 200 animejs.js Show response
static.criteo.net/animejs/ Frame 06B3 12 KB
6 KB 42ms
41ms Script
text/javascript 2a02:2638:3::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.criteo.net/animejs/animejs.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

a2e14a498cfcc1b6920f069a9d657ad3c6fbbe217dd26dbfe54815db5107fed6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 18:33:24 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Tue, 26 Mar 2019 17:44:11 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5c9a64eb-3181"
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Fri, 22 Nov 2024 18:33:24 GMT

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame C64A 0
16 B 348ms
348ms Document
text/html 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6593523210010154&output=html&adk=1812271804&adf=3279755404&plat=1%3A66056%2C2%3A66056%2C3%3A2163200%2C4%3A2163200%2C8%3A66048%2C9%3A66056%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C26%3A66048%2C27%3A512%2C30%3A1049088%2C32%3A32%2C41%3A32%2C42%3A32&format=0x0&url=https%3A%2F%2Fforeks.com%2F&ea=0&pra=5&wgl=1&easpi=1&asro=0&asiscm=1&aslmt=0.4&asamt=-1&asedf=0&asefa=1&aseiel=1~2&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1701196403865&bpp=2&bdt=237&idt=344&shv=r20231109&mjsv=m202311090101&ptt=9&saldr=aa&nras=1&correlator=2247873908555&frm=24&ife=3&pv=2&ga_vid=2031816685.1701196404&ga_sid=1701196404&ga_hid=502819473&ga_fc=0&nhd=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=300&ish=250&ifk=1474327628&scr_x=-12245933&scr_y=-12245933&eid=44759875%2C44759926%2C31079437%2C31078301%2C44806141%2C44807763%2C44808149%2C44808285%2C44809071&oid=2&pvsid=3790986635859306&tmod=1963675758&uas=0&nvt=1&fsapi=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C300%2C250&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=0&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=1&uci=1.5tuvbzneerfi&fsb=1&dtd=356

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202311090101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-6593523210010154&plah=47edc2055ebf6f705c8dda5bf6329e59.safeframe.googlesyndication.com

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://47edc2055ebf6f705c8dda5bf6329e59.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 28 Nov 2023 18:33:24 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 show_ads_impl_with_ama_fy2021.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202311090101/ Frame 58ED 400 KB
135 KB 87ms
87ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-6593523210010154

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

48504d4f0bae1e1d8a3bc5a59a9fba63ac0af15b3ac1a7e8f5c97b4ac82abc03

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://47edc2055ebf6f705c8dda5bf6329e59.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 18:33:24 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 138527
x-xss-protection: 0
server: cafe
etag: 6710797847833913263
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Tue, 28 Nov 2023 18:33:24 GMT

GET
DATA 200
OK truncated
/ Frame 58ED 211 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 3e306ba371e47b7473091bcc3574b1f9be8962c28ffb6bd5ef07d52c59846726

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 webfontloader.js Show response
cdnjs.cloudflare.com/ajax/libs/webfont/1.6.28/ Frame C8AE 12 KB
5 KB 31ms
31ms Script
application/javascript 2606:4700::6811:180e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/webfont/1.6.28/webfontloader.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6811:180e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e0ee294b5487df566aad23b603fd902535634cfa957be8e7620396515afb1047

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 18:33:24 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
age: 46265
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 4420
last-modified: Mon, 04 May 2020 16:17:52 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb04030-30d9"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=l%2BNWuJuJXOICAd%2B4wZotdWTeAKldvqiQneTIt%2F3k5nf5s7BVZ4V1nLyCd%2Bp5NpeIEYMzt%2BIo95UQHBC%2BohefkPvDGkTdp2vQbn71AOcvvN14gwjlxwOROfCTfgFi5xn4TXlGzQ23hZWAsBlDz5eSdnJK"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 82d4b2f6ada92c45-FRA
expires: Sun, 17 Nov 2024 18:33:24 GMT

GET
H2 200 animejs.js Show response
static.criteo.net/animejs/ Frame C8AE 12 KB
6 KB 42ms
42ms Script
text/javascript 2a02:2638:3::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.criteo.net/animejs/animejs.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

a2e14a498cfcc1b6920f069a9d657ad3c6fbbe217dd26dbfe54815db5107fed6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 18:33:24 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Tue, 26 Mar 2019 17:44:11 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5c9a64eb-3181"
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Fri, 22 Nov 2024 18:33:24 GMT

GET
DATA 200
OK truncated
/ Frame 53C5 214 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 79a108af13c1880a50a1334cf87b41db4fdf6a1f641fc8eca0cfc86f9fc05ab5

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 d65a37834aea45f3b2f89ed6973b410b_taz_800_a.woff
static.criteo.net/design/dt/ Frame C8AE 58 KB
59 KB 44ms
43ms Font
application/octet-stream 2a02:2638:3::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.criteo.net/design/dt/d65a37834aea45f3b2f89ed6973b410b_taz_800_a.woff

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

91c32cf62c2a7ec7bc63bd4354823f66812d56d2323a5298eac81e5b969811c2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://ads.eu.criteo.com/
Origin: https://ads.eu.criteo.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 18:33:24 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 30 May 2018 09:59:25 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5b0e75fd-e98d"
content-type: text/plain; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Fri, 22 Nov 2024 18:33:24 GMT

GET
H2 200 403d3864d4f545aeb1484932bb4ec84c_taz_500_a.woff
static.criteo.net/design/dt/ Frame C8AE 65 KB
65 KB 49ms
49ms Font
application/octet-stream 2a02:2638:3::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.criteo.net/design/dt/403d3864d4f545aeb1484932bb4ec84c_taz_500_a.woff

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

3f0133a51dbe2306a5d32fbc64643af6fc2503036a2ebec0e61b377d6e60ae75

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://ads.eu.criteo.com/
Origin: https://ads.eu.criteo.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 18:33:24 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 30 May 2018 09:59:25 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5b0e75fd-10316"
content-type: text/plain; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Fri, 22 Nov 2024 18:33:24 GMT

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 798B 0
16 B 349ms
348ms Document
text/html 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6593523210010154&output=html&adk=1812271804&adf=3279755405&plat=1%3A520%2C2%3A520%2C3%3A2163200%2C4%3A2163200%2C8%3A512%2C9%3A520%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C26%3A512%2C27%3A512%2C30%3A1049088%2C32%3A32%2C41%3A32%2C42%3A32&format=0x0&url=https%3A%2F%2Fforeks.com%2F&ea=0&pra=5&wgl=1&easpi=0&asro=0&asiscm=1&aslmt=0.4&asamt=-1&asedf=0&asefa=1&aseiel=1~2&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1701196403850&bpp=2&bdt=226&idt=418&shv=r20231109&mjsv=m202311090101&ptt=9&saldr=aa&nras=1&correlator=1704480342988&frm=24&ife=3&pv=2&ga_vid=358089562.1701196404&ga_sid=1701196404&ga_hid=1034328185&ga_fc=0&nhd=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=320&ish=50&ifk=2021984501&scr_x=-12245933&scr_y=-12245933&eid=44759876%2C44759927%2C42532523%2C31078301%2C31079653%2C44807405%2C44807763%2C44808148%2C44808284%2C44809072%2C21065724&oid=2&pvsid=2346992362013379&tmod=227966937&uas=0&nvt=1&fsapi=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C320%2C50&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=0&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=1&uci=1.80figvn19la1&fsb=1&dtd=428

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://47edc2055ebf6f705c8dda5bf6329e59.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 28 Nov 2023 18:33:24 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 img
imageproxy.eu.criteo.net/img/ Frame 06B3 11 KB
11 KB 60ms
56ms Image
image/png 2a02:2638:3::10
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://imageproxy.eu.criteo.net/img/img?h=496&m=0&partner=98009&q=80&r=0&u=https%3A%2F%2Fstatic.nl3.eu.criteo.net%2Fdesign%2Fdt%2F98009%2F4848686%2F21e4ef88e686486fa50b1e920aa5cfbf_600x1200.png&v=3&w=356&rid=4&s=fAGjTsCwS8D0ZVZePrZr84FY

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::10 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

f18b85971e56c57e43b66269687d31d7e9e68be4bb695a3d17c9fc2de86d842d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 18:33:23 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Kestrel
content-type: image/png
cache-control: public, max-age=31104000
timing-allow-origin: *
content-length: 11451
expires: Mon, 11 Nov 2024 05:43:59 GMT

GET
H2 200 img
imageproxy.eu.criteo.net/img/ Frame 06B3 96 KB
97 KB 93ms
90ms Image
image/webp 2a02:2638:3::10
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://imageproxy.eu.criteo.net/img/img?h=1200&m=0&partner=98009&q=80&r=0&u=https%3A%2F%2Fstatic.nl3.eu.criteo.net%2Fdesign%2Fdt%2F98009%2F5095700%2F6a0b2b0864a846238c3140b4c01393fb_1200x1200_prospecting.jpg&v=3&w=1200&rid=4&s=dBHd3rQPJc-4H_gt38mqp3kY

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::10 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

74e4cdeeb9d39cb5cde81b406f2d3dadb2ec92e4643a6afb1a436e921fef8a39

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 18:33:23 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Kestrel
content-type: image/webp
cache-control: public, max-age=31104000
timing-allow-origin: *
content-length: 98550
expires: Mon, 04 Nov 2024 13:33:47 GMT

GET
H2 200 img
imageproxy.eu.criteo.net/img/ Frame 06B3 5 KB
5 KB 71ms
67ms Image
image/webp 2a02:2638:3::10
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://imageproxy.eu.criteo.net/img/img?c=3&cq=256&h=800&m=0&partner=98009&q=80&r=0&u=https%3A%2F%2Fcdn.shopify.com%2Fs%2Ffiles%2F1%2F0584%2F3645%2F2512%2Fproducts%2Fallies-of-skin-retinal-and-peptides-repair-night-cream-01.jpg%3Fv%3D1671461171&v=3&w=800&rid=4&s=VXP_Ch-ca11lMh5GhsyKyO2O&b=400

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::10 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

b9b9778ace17303aa6e66559d1a8fad8fe4aceef1556947c304a0d4200201a07

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 18:33:23 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Kestrel
content-type: image/webp
cache-control: public, max-age=31104000
timing-allow-origin: *
content-length: 5362
expires: Mon, 28 Oct 2024 15:51:58 GMT

GET
H2 200 img
imageproxy.eu.criteo.net/img/ Frame 06B3 6 KB
6 KB 70ms
67ms Image
image/webp 2a02:2638:3::10
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://imageproxy.eu.criteo.net/img/img?c=3&cq=256&h=800&m=0&partner=98009&q=80&r=0&u=https%3A%2F%2Fcdn.shopify.com%2Fs%2Ffiles%2F1%2F0584%2F3645%2F2512%2Fproducts%2Fallies-of-skin-peptides-and-omegas-firming-eye-cream-01.jpg%3Fv%3D1674052408&v=3&w=800&rid=4&s=q7bSjPg-UuWTwjfumMcCUFve&b=400

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::10 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

086ad890fd0f983a64e291907934666cdcfebb94f40c247d4641bdc666089baf

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 18:33:23 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Kestrel
content-type: image/webp
cache-control: public, max-age=31104000
timing-allow-origin: *
content-length: 6168
expires: Sun, 27 Oct 2024 15:52:00 GMT

GET
H2 200 img
imageproxy.eu.criteo.net/img/ Frame 06B3 6 KB
7 KB 60ms
57ms Image
image/webp 2a02:2638:3::10
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://imageproxy.eu.criteo.net/img/img?c=3&cq=256&h=800&m=0&partner=98009&q=80&r=0&u=https%3A%2F%2Fcdn.shopify.com%2Fs%2Ffiles%2F1%2F0584%2F3645%2F2512%2Ffiles%2F04cprimarypackshotwshadowds_1_4c97d0f9-ddbb-48e9-a133-466b4334bed1.jpg%3Fv%3D1699549724&v=3&w=800&rid=4&s=akOktX2wPpT2Ata_aMI1bAde&b=400

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::10 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

9d3ec63457fdafe8c9c5934698f5aac38ac8e8958ca23311e10be773a8767b47

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 18:33:23 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Kestrel
content-type: image/webp
cache-control: public, max-age=31104000
timing-allow-origin: *
content-length: 6600
expires: Mon, 04 Nov 2024 19:39:48 GMT

GET
H2 200 img
imageproxy.eu.criteo.net/img/ Frame 06B3 14 KB
15 KB 108ms
104ms Image
image/webp 2a02:2638:3::10
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://imageproxy.eu.criteo.net/img/img?c=3&cq=256&h=800&m=0&partner=98009&q=80&r=0&u=https%3A%2F%2Fcdn.shopify.com%2Fs%2Ffiles%2F1%2F0584%2F3645%2F2512%2Fproducts%2Fcollectionspage01_056dfcbf-b628-46b3-b48a-86a3b6dc525d.jpg%3Fv%3D1679549812&v=3&w=800&rid=4&s=riaQU15mgilSYDJPJLaJMkpk&b=400

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::10 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

c93052185dec9b10410892facf4df051c873fd4f84c0bb720f9c0fe5a6b88c0c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 18:33:23 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Kestrel
content-type: image/webp
cache-control: public, max-age=31104000
timing-allow-origin: *
content-length: 14832
expires: Mon, 28 Oct 2024 15:52:37 GMT

POST
H2 200 all
csm.eu.criteo.net/ Frame 06B3 0
127 B 47ms
44ms Ping
text/plain 2a02:2638:3::1a
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://csm.eu.criteo.net/all?cppv=3&cpp=8EIsm24CMuzesSdX4jmpdJuk20X9TVf-XulC6DtfwgfAQ3PWuFbXO-u6usfrwZSrjqnMaHG5HOl78HUNNbOve4uy47K3VrqKTdl1-kgKc3j6lDqZtKlyFEUCCdNS6OYtOzT31uqEiRoOjRrag3VKwUyG41jl86VY_7C1gAbCwIHwhSj6ODAOj_Fff6H8ktgeBfkQKuY9Kh8ND1Q6Bf73aSSjwnKXuxD6qIjSqkLq9G66EGEvI41jZpERB8uTRYarmQNJIQ&sds=2&rev=89278&sendBeacon=true

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::1a , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Finatra /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://ads.eu.criteo.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: *
date: Tue, 28 Nov 2023 18:33:24 GMT
strict-transport-security: max-age=31536000; preload;
cross-origin-resource-policy: cross-origin
server: Finatra
content-length: 0

GET
H2 200 criteo_logo_2021.svg
static.criteo.net/flash/icon/ Frame 06B3 2 KB
1 KB 49ms
46ms Image
image/svg+xml 2a02:2638:3::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/criteo_logo_2021.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

a0e62ca4a82bef79bbe9dc2aba6c0782a7d8eca046bb1baa30ee91ec37931553

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 18:33:24 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Thu, 27 May 2021 13:21:59 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"60af9cf7-891"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Fri, 22 Nov 2024 18:33:24 GMT

GET
H2 200 privacy.svg
static.criteo.net/flash/icon/ Frame 06B3 2 KB
1 KB 40ms
38ms Image
image/svg+xml 2a02:2638:3::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/privacy.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

095c997695f6a290fdba58b778eb0a0fdcdd9c108669e41265527a262223f1e6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 18:33:24 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 19 Feb 2020 10:57:21 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5e4d1491-646"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Fri, 22 Nov 2024 18:33:24 GMT

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame E7F9 716 B
379 B 517ms
517ms Document
text/html 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6593523210010154&output=html&h=250&slotname=1234190425&adk=1935728605&adf=3173046723&pi=t.ma~as.1234190425&w=300&fwrn=16&format=300x250&url=https%3A%2F%2Fforeks.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1701196403867&bpp=1&bdt=239&idt=426&shv=r20231109&mjsv=m202311090101&ptt=9&saldr=aa&prev_fmts=0x0&nras=1&correlator=2247873908555&frm=24&ife=3&pv=1&ga_vid=2031816685.1701196404&ga_sid=1701196404&ga_hid=502819473&ga_fc=0&nhd=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=300&ish=250&ifk=1474327628&scr_x=-12245933&scr_y=-12245933&eid=44759875%2C44759926%2C31079437%2C31078301%2C44806141%2C44807763%2C44808149%2C44808285%2C44809071&oid=2&pvsid=3790986635859306&tmod=1963675758&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C300%2C250&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=2.q36hoqjfob0&fsb=1&dtd=428

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

2e2d77d972f1681a879d7bfcb40b851f77cb9fb8be1d53c4af4f1d9cceb02bd0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://47edc2055ebf6f705c8dda5bf6329e59.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: br
content-length: 358
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 28 Nov 2023 18:33:24 GMT
observe-browsing-topics: ?1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

POST
H/1.1 204
No Content collect Show response
u.clarity.ms/ 0
290 B 128ms
128ms XHR
text/plain 4.227.249.197
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://u.clarity.ms/collect
Requested by: Host: www.clarity.ms
URL: https://www.clarity.ms/s/0.7.18/clarity.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 4.227.249.197 Tappahannock, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: application/x-clarity-gzip
Referer: https://foreks.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Access-Control-Allow-Origin: https://foreks.com
Date: Tue, 28 Nov 2023 18:33:24 GMT
Access-Control-Allow-Credentials: true
Server: nginx/1.18.0 (Ubuntu)
Connection: keep-alive
Vary: Origin
Request-Context: appId=cid-v1:9c7c879b-c51a-427e-9701-218438da5f81

GET
H2 200 img
imageproxy.eu.criteo.net/img/ Frame C8AE 4 KB
5 KB 133ms
132ms Image
image/webp 2a02:2638:3::10
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://imageproxy.eu.criteo.net/img/img?h=132&m=0&partner=49788&q=80&r=0&u=http%3A%2F%2Fstatic.nl3.eu.criteo.net%2Fdesign%2Fdt%2F49788%2F180606%2F47a635f456d04241bb83daebcb1d35d0_logo_n_horizontal_ligh_rollover_bauh.jpg&v=3&w=596&rid=4&s=NefFok_fIf6a-UoyqlDdBXgm

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::10 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

0e937dbbcc6ac86d5eea66d1c88c0a4d73d48a0b1ebdabd7c76bf0aab271a0c3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 18:33:23 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Kestrel
content-type: image/webp
cache-control: public, max-age=31104000
timing-allow-origin: *
content-length: 4506
expires: Sat, 02 Nov 2024 03:03:55 GMT

GET
H2 200 img
imageproxy.eu.criteo.net/img/ Frame C8AE 8 KB
9 KB 131ms
130ms Image
image/webp 2a02:2638:3::10
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://imageproxy.eu.criteo.net/img/img?c=3&cq=256&h=400&m=0&partner=49788&q=80&r=0&u=https%3A%2F%2Fmedia.cdn.bauhaus%2Fm%2F1102490%2F12.jpg&v=3&w=400&rid=4&s=ovmnpENGWsU0jrOxFOfp9Ghc&b=400

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::10 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

55dece1e39dc7c1b24fbd04da5d5cec393712b34646ae6b17b0bb8ea39b887b5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 18:33:23 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Kestrel
content-type: image/webp
cache-control: public, max-age=600000
timing-allow-origin: *
content-length: 8614
expires: Fri, 01 Dec 2023 17:24:46 GMT

GET
H2 200 img
imageproxy.eu.criteo.net/img/ Frame C8AE 9 KB
9 KB 136ms
136ms Image
image/webp 2a02:2638:3::10
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://imageproxy.eu.criteo.net/img/img?c=3&cq=256&h=400&m=0&partner=49788&q=80&r=0&u=https%3A%2F%2Fmedia.cdn.bauhaus%2Fm%2F570080%2F12.jpg&v=3&w=400&rid=4&s=89jcFga9GbKJQ4Zl3DAiF1IA&b=400

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::10 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

827a38de1edccf1536e6ae86cb89b4fafe9a3fc616e9486f8172f57ebf88f972

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 18:33:24 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Kestrel
content-type: image/webp
cache-control: public, max-age=600000
timing-allow-origin: *
content-length: 9152
expires: Thu, 30 Nov 2023 18:44:24 GMT

GET
H2 200 img
imageproxy.eu.criteo.net/img/ Frame C8AE 17 KB
17 KB 141ms
141ms Image
image/webp 2a02:2638:3::10
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://imageproxy.eu.criteo.net/img/img?c=3&cq=256&h=400&m=0&partner=49788&q=80&r=0&u=https%3A%2F%2Fmedia.cdn.bauhaus%2Fm%2F1712303%2F12.jpg&v=3&w=400&rid=4&s=wCTI90HfQLWLVRfeMbsJIpRL&b=400

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::10 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

98f30b947680b7dbada879a4db41df995c221400d6f2c31bf4fa87b75e17a7d1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 18:33:24 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Kestrel
content-type: image/webp
cache-control: public, max-age=600000
timing-allow-origin: *
content-length: 17174
expires: Fri, 01 Dec 2023 08:32:42 GMT

POST
H2 200 all
csm.eu.criteo.net/ Frame C8AE 0
127 B 45ms
44ms Ping
text/plain 2a02:2638:3::1a
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://csm.eu.criteo.net/all?cppv=3&cpp=JMQE9W4CMuzesSdXV-7mls9cfq7WDBGzzmoDc_LItP8aaw9zXoQdIlQz4clFc8xyJ9aOmguizNSTWu-492xVzRqI19zn8GpdTaZdGehB03Pzoiufob8YUAxl9zIe1NLHdcmgjlxfpxR-b1pVHJ1NfMiqOb9SUxeWEr-zMeYtbqotmtQRwyCQ4etXhWgULk6sjgt5VgJ9ERIepdGa0RGGcF8f408vExRgYlIFAJwYT2rXEF5pzneTaTof6sYXKfm95FX4Iw&sds=2&rev=89278&sendBeacon=true

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::1a , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Finatra /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://ads.eu.criteo.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: *
date: Tue, 28 Nov 2023 18:33:23 GMT
strict-transport-security: max-age=31536000; preload;
cross-origin-resource-policy: cross-origin
server: Finatra
content-length: 0

GET
H2 200 criteo_logo_2021.svg
static.criteo.net/flash/icon/ Frame C8AE 2 KB
1 KB 38ms
38ms Image
image/svg+xml 2a02:2638:3::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/criteo_logo_2021.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

a0e62ca4a82bef79bbe9dc2aba6c0782a7d8eca046bb1baa30ee91ec37931553

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 18:33:24 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Thu, 27 May 2021 13:21:59 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"60af9cf7-891"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Fri, 22 Nov 2024 18:33:24 GMT

GET
H2 200 privacy.svg
static.criteo.net/flash/icon/ Frame C8AE 2 KB
1 KB 39ms
39ms Image
image/svg+xml 2a02:2638:3::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/privacy.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

095c997695f6a290fdba58b778eb0a0fdcdd9c108669e41265527a262223f1e6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 18:33:24 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 19 Feb 2020 10:57:21 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5e4d1491-646"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Fri, 22 Nov 2024 18:33:24 GMT

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame B698 716 B
377 B 516ms
516ms Document
text/html 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6593523210010154&output=html&h=50&slotname=7479749161&adk=62601535&adf=3173046724&pi=t.ma~as.7479749161&w=320&fwrn=16&format=320x50&url=https%3A%2F%2Fforeks.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1701196403852&bpp=1&bdt=229&idt=461&shv=r20231109&mjsv=m202311090101&ptt=9&saldr=aa&prev_fmts=0x0&nras=1&correlator=1704480342988&frm=24&ife=3&pv=1&ga_vid=358089562.1701196404&ga_sid=1701196404&ga_hid=1034328185&ga_fc=0&nhd=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=320&ish=50&ifk=2021984501&scr_x=-12245933&scr_y=-12245933&eid=44759876%2C44759927%2C42532523%2C31078301%2C31079653%2C44807405%2C44807763%2C44808148%2C44808284%2C44809072%2C21065724&oid=2&pvsid=2346992362013379&tmod=227966937&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C320%2C50&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=2.ado8mqjrdbk1&fsb=1&dtd=463

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

39a6b618a1111a172e995cb024510053a8fcefdf57b9367a7ee997b863dff91b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://47edc2055ebf6f705c8dda5bf6329e59.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: br
content-length: 356
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 28 Nov 2023 18:33:24 GMT
observe-browsing-topics: ?1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 7546 0
16 B 335ms
334ms Document
text/html 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6593523210010154&output=html&adk=1812271804&adf=2751417941&plat=1%3A520%2C2%3A520%2C3%3A2163200%2C4%3A2163200%2C8%3A512%2C9%3A33288%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C26%3A512%2C27%3A512%2C30%3A1049088%2C32%3A32%2C41%3A32%2C42%3A32&format=0x0&url=https%3A%2F%2Fforeks.com%2F&ea=0&pra=5&wgl=1&easpi=0&asro=0&asiscm=1&aslmt=0.4&asamt=-1&asedf=0&asefa=1&aseiel=1~2&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1701196403990&bpp=2&bdt=261&idt=328&shv=r20231109&mjsv=m202311090101&ptt=9&saldr=aa&nras=1&correlator=3625658249918&frm=24&ife=3&pv=2&ga_vid=68299655.1701196404&ga_sid=1701196404&ga_hid=1777254059&ga_fc=0&nhd=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=728&ish=90&ifk=2017660139&scr_x=-12245933&scr_y=-12245933&eid=44759876%2C44759927%2C31079758%2C31078301%2C44807764%2C44808149%2C44808285%2C44809072&oid=2&pvsid=654864279827728&tmod=1367654180&uas=0&nvt=1&fsapi=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C728%2C90&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=0&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=1&uci=1.v9zwaj9iy95w&fsb=1&dtd=336

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://47edc2055ebf6f705c8dda5bf6329e59.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 28 Nov 2023 18:33:24 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 GOa2ZK97xVqw-WOSDw2lqG4V8l_qTiI5JNj0tnI6N88.js Show response
pagead2.googlesyndication.com/bg/ Frame 2CED 39 KB
15 KB 21ms
21ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/GOa2ZK97xVqw-WOSDw2lqG4V8l_qTiI5JNj0tnI6N88.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/62bHydCX.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

18e6b664af7bc55ab0f963920f0da5a86e15f25fea4e223924d8f4b6723a37cf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 17:29:53 GMT
content-encoding: br
x-content-type-options: nosniff
age: 3811
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15296
x-xss-protection: 0
last-modified: Mon, 06 Nov 2023 16:38:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 27 Nov 2024 17:29:53 GMT

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame FCAF 39 KB
16 KB 464ms
464ms Document
text/html 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6593523210010154&output=html&h=90&slotname=9586219513&adk=1165138949&adf=776186313&pi=t.ma~as.9586219513&w=728&format=728x90&url=https%3A%2F%2Fforeks.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1701196403992&bpp=1&bdt=263&idt=351&shv=r20231109&mjsv=m202311090101&ptt=9&saldr=aa&prev_fmts=0x0&nras=1&correlator=3625658249918&frm=24&ife=3&pv=1&ga_vid=68299655.1701196404&ga_sid=1701196404&ga_hid=1777254059&ga_fc=0&nhd=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=728&ish=90&ifk=2017660139&scr_x=-12245933&scr_y=-12245933&eid=44759876%2C44759927%2C31079758%2C31078301%2C44807764%2C44808149%2C44808285%2C44809072&oid=2&pvsid=654864279827728&tmod=1367654180&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C728%2C90&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=2.xpuo2n6avl1q&fsb=1&dtd=353

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

05be26faf168f0d41811b685416d1e5c495f7718dd74d1b26692d5f0dcaa9624

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://47edc2055ebf6f705c8dda5bf6329e59.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: br
content-length: 16718
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 28 Nov 2023 18:33:24 GMT
observe-browsing-topics: ?1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 roboto-400.css
static.criteo.net/design/googlefont/roboto/ Frame 06B3 2 KB
842 B 38ms
38ms Stylesheet
text/css 2a02:2638:3::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.criteo.net/design/googlefont/roboto/roboto-400.css

Requested by

Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/webfont/1.6.28/webfontloader.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

f3bd93baf2d7ea7fe404497a78897e9300a56e1ef8e452cdd29c0156b2ff3aa5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 18:33:24 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Thu, 08 Dec 2022 14:14:19 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"6391f13b-807"
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Fri, 22 Nov 2024 18:33:24 GMT

GET
H2 200 roboto-700.css
static.criteo.net/design/googlefont/roboto/ Frame 06B3 2 KB
841 B 39ms
39ms Stylesheet
text/css 2a02:2638:3::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.criteo.net/design/googlefont/roboto/roboto-700.css

Requested by

Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/webfont/1.6.28/webfontloader.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

49330dbdf50dc3440d871a2408c7ec4fec185d62e419fd9960000cd8eed78950

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 18:33:24 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Thu, 08 Dec 2022 14:14:21 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"6391f13d-807"
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Fri, 22 Nov 2024 18:33:24 GMT

GET
H3 200 adview
securepubads.g.doubleclick.net/pagead/ Frame 2811 0
0 70ms
69ms Image
text/html 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=C6eRyczJmZaT0Ed-H1PIP0eyLqA7JntKxXNWdkfdwwI23ARABIABglYKAgJgHggEXY2EtcHViLTc5ODM2NTEyNTc4MzgyODLIAQmpApxeTIt2X7I-4AIAqAMByAMCqgSRAk_QvJBO9D29fZNRXgPD3zvpTB-qG1y_XiH_nterzwOc6R102me8-ld51yF_mAW1EKHmbFLtXSV9magbmAMMvQXZGQfjA69LIz0fa51mXH3DEvsFxXEtP-kZ_rDDtBCue7CQb9ONnQd0OQRccsdACh-82OKQrTyqIaDYYDo27L3Q25-FkLgkCRiyZOJqbA2KR-j3ukHILvd-7dBXrrNlIWeOVBc-IZNoo07Ubf_FzZeCAs3FywXPMkaF9la6Vo3LeJbGB6EhVTz3baHPMyvif8hXt57kfctwE1bizgJ9_HwWjscN1S13Wm0P-cOmGjAlLJMvew2IhlGkDCe4ot8WAbQCivmUXXsgEWK812OBipx9R-AEAYAGt82s066CkqvvAaAGIagHpr4bqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCB0IgOGAEBABMgKqAjoCgEBIvf3BOljIhby6queCA4AKA_oLAggBgAwB4g0TCIm5vLqq54IDFd8DVQgdUfYC5dAVAYAXAbIXHAoaEhRwdWItNzk4MzY1MTI1NzgzODI4MhjqwW0&sigh=WgSIBWRl8j4&uach_m=%5BUACH%5D&cid=CAQSYQDICaaNkVIZ4oRWS-r0z1ZsrCPIGmBKj0FNaZU4eYtVBI-UAW9q-2RKtwSXr9weM6wfmxLxxnvWX7USn7wrtaIlH02rexrJvcMmx7WFcWgKsSPGpdCXxgkACx43KWcV4WcYAQ&cbvp=2&vis=1
Requested by: Host: 47edc2055ebf6f705c8dda5bf6329e59.safeframe.googlesyndication.com
URL: https://47edc2055ebf6f705c8dda5bf6329e59.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://47edc2055ebf6f705c8dda5bf6329e59.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

GET
H2 200 notify
rtb.fr3.eu.criteo.com/google/auction/ Frame 2811 0
126 B 112ms
35ms Image
text/plain 2a02:2638:d::c
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://rtb.fr3.eu.criteo.com/google/auction/notify?profile=14&payload=k5XPF5-1E8AHWp2DYgICAAAAjwBPpc7B_Vz5CfFkX92XRxBzMmZlGQ7E8n5t26j6CAAAEgAACgpBUVVCRHdFQkR3&wp=ZWYycwAEeiQIVQPfAAL2UfSYyiBjb8u5Y3cquQ&cbvp=2

Requested by

Host: 47edc2055ebf6f705c8dda5bf6329e59.safeframe.googlesyndication.com
URL: https://47edc2055ebf6f705c8dda5bf6329e59.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:d::c , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://47edc2055ebf6f705c8dda5bf6329e59.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 18:33:23 GMT
strict-transport-security: max-age=31536000; preload;
server-processing-duration-in-ticks: 178432
server: Kestrel
content-length: 0

GET
H2 200 bridge3.605.0_en.html Show response
imasdk.googleapis.com/js/core/ Frame 872E 752 KB
241 KB 23ms
23ms Document
text/html 2a00:1450:4001:830::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://imasdk.googleapis.com/js/core/bridge3.605.0_en.html

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a2eacbd0a55e794d92e79a03b68c07f613a0ab710ffaffe5f1d12d67aac843a1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://foreks.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 274807
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 246766
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="ads-doubleclick-instream-static"
cross-origin-resource-policy: cross-origin
date: Sat, 25 Nov 2023 14:13:17 GMT
expires: Sun, 24 Nov 2024 14:13:17 GMT
last-modified: Wed, 15 Nov 2023 19:11:18 GMT
report-to: {"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 client.js Show response
s0.2mdn.net/instream/video/ 44 KB
17 KB 138ms
57ms Script
text/javascript 2a00:1450:4001:830::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/instream/video/client.js

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d0bffc7261df1454c5e05475cda7d9e6647318dc6c3936767e1252bfe8849c54

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://foreks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 18:33:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
cache-control: private, max-age=900
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 16746
x-xss-protection: 0
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 28 Nov 2023 18:33:24 GMT

POST
H2 200 count
logger.virgul.com/ 0
116 B 119ms
60ms Ping
image/jpeg 185.7.176.222
SH

General

Check archive.org

Show headers Download Go to

Full URL: https://logger.virgul.com/count?m=infoLoad&g=m&r=npm_foreks:::&o=0-100&iv=&wVID=&info=&os=windows&dt=desktop
Requested by: Host: c1.imgiz.com
URL: https://c1.imgiz.com/player_others/html5/NoktaPlayer.js?d=11/28/2023
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 185.7.176.222 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://foreks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

access-control-allow-origin: *
date: Tue, 28 Nov 2023 18:33:24 GMT
server: openresty/1.15.8.3
content-length: 0
access-control-allow-methods: GET, POST
content-type: image/jpeg

GET
H3 200 omweb-v1.js Show response
pagead2.googlesyndication.com/omsdk/releases/control/ Frame 86EC 40 KB
14 KB 23ms
23ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/omsdk/releases/control/omweb-v1.js

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6300f448d738e70ac11f0140df0b3ce91a2de9e0da7fdf09d32d28031600ba51

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 17:35:14 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 3490
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/omsdk-team-release-policy
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13893
x-xss-protection: 0
last-modified: Wed, 09 Aug 2023 15:57:10 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="omsdk-team-release-policy"
vary: Accept-Encoding
report-to: {"group":"omsdk-team-release-policy","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/omsdk-team-release-policy"}]}
content-type: text/javascript
cache-control: public, max-age=3600
accept-ranges: bytes
expires: Tue, 28 Nov 2023 18:35:14 GMT

GET
H2 200 logo-dark.svg
foreks.com/img/brand/ 3 KB
2 KB 41ms
40ms Image
image/svg+xml 18.173.154.20
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://foreks.com/img/brand/logo-dark.svg
Requested by: Host: foreks.com
URL: https://foreks.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.173.154.20 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-173-154-20.muc50.r.cloudfront.net
Software: /
Resource Hash: 55568d78493cb7e0ee57d25db4418b7d0514549f94dc27314e7626f886b68f8a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://foreks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 18:33:24 GMT
content-encoding: gzip
via: 1.1 595547cdc2fce94aba8498c84797701a.cloudfront.net (CloudFront)
last-modified: Thu, 23 Nov 2023 10:57:43 GMT
x-amz-cf-pop: MUC50-P3
etag: W/"c82-18bfbd41858"
vary: Accept-Encoding
x-cache: Miss from cloudfront
content-type: image/svg+xml
cache-control: public, max-age=0
accept-ranges: bytes
x-amz-cf-id: qPZscwpoTukSR6vTF8oDGTxaku5H2QqL7SvoztKU3EAOVs_bw66_BQ==

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 072F 0
16 B 292ms
291ms Document
text/html 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6593523210010154&output=html&adk=1812271804&adf=2751417943&plat=1%3A520%2C2%3A520%2C3%3A2163200%2C4%3A2163200%2C8%3A512%2C9%3A520%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C26%3A512%2C27%3A512%2C30%3A1049088%2C32%3A32%2C41%3A32%2C42%3A32&format=0x0&url=https%3A%2F%2Fforeks.com%2F&ea=0&pra=5&wgl=1&easpi=0&asro=0&asiscm=1&aslmt=0.4&asamt=-1&asedf=0&asefa=1&aseiel=1~2&aslcwct=1&asacwct=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1701196404075&bpp=1&bdt=301&idt=306&shv=r20231109&mjsv=m202311090101&ptt=9&saldr=aa&nras=1&correlator=8490635587843&frm=24&ife=3&pv=2&ga_vid=1929377328.1701196404&ga_sid=1701196404&ga_hid=2029982201&ga_fc=0&nhd=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=320&ish=50&ifk=2021984501&scr_x=-12245933&scr_y=-12245933&eid=44759876%2C44759927%2C42532605%2C44798934%2C44809317%2C31078301%2C31079653%2C44807763%2C44808148%2C44808285%2C44809072&oid=2&pvsid=381731750731463&tmod=1776130808&uas=0&nvt=1&fsapi=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C320%2C50&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=0&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=1&uci=1.53cn989z49zb&fsb=1&dtd=312

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://47edc2055ebf6f705c8dda5bf6329e59.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 28 Nov 2023 18:33:24 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame C8AF 39 KB
16 KB 670ms
670ms Document
text/html 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6593523210010154&output=html&h=50&slotname=7479749161&adk=62601535&adf=776186319&pi=t.ma~as.7479749161&w=320&fwrn=16&format=320x50&url=https%3A%2F%2Fforeks.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1701196404076&bpp=1&bdt=301&idt=332&shv=r20231109&mjsv=m202311090101&ptt=9&saldr=aa&prev_fmts=0x0&nras=1&correlator=8490635587843&frm=24&ife=3&pv=1&ga_vid=1929377328.1701196404&ga_sid=1701196404&ga_hid=2029982201&ga_fc=0&nhd=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=320&ish=50&ifk=2021984501&scr_x=-12245933&scr_y=-12245933&eid=44759876%2C44759927%2C42532605%2C44798934%2C44809317%2C31078301%2C31079653%2C44807763%2C44808148%2C44808285%2C44809072&oid=2&pvsid=381731750731463&tmod=1776130808&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C320%2C50&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=2.fzfr6taekjip&fsb=1&dtd=333

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a2ede4aa857862dca8b7b0c07012f84ed86a40571ac6066873ab107c5e7b3713

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://47edc2055ebf6f705c8dda5bf6329e59.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: br
content-length: 16703
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 28 Nov 2023 18:33:25 GMT
observe-browsing-topics: ?1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 roboto-400-latin.woff2
static.criteo.net/design/googlefont/roboto/ Frame 06B3 15 KB
16 KB 41ms
41ms Font
application/octet-stream 2a02:2638:3::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.criteo.net/design/googlefont/roboto/roboto-400-latin.woff2

Requested by

Host: static.criteo.net
URL: https://static.criteo.net/design/googlefont/roboto/roboto-400.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

c6bdd002d23dcb0adbd87e3518bdd994de73818a0f0f502707986301b9fbc404

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://static.criteo.net/design/googlefont/roboto/roboto-400.css
Origin: https://ads.eu.criteo.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 18:33:24 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Thu, 08 Dec 2022 14:14:19 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"6391f13b-3d80"
content-type: text/plain; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Fri, 22 Nov 2024 18:33:24 GMT

GET
H2 200 roboto-700-latin.woff2
static.criteo.net/design/googlefont/roboto/ Frame 06B3 15 KB
16 KB 44ms
43ms Font
application/octet-stream 2a02:2638:3::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.criteo.net/design/googlefont/roboto/roboto-700-latin.woff2

Requested by

Host: static.criteo.net
URL: https://static.criteo.net/design/googlefont/roboto/roboto-700.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

ba9f43fbd9c0782c72ff6eddd221abdcfd9642cd4625227ad693347e4d6989db

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://static.criteo.net/design/googlefont/roboto/roboto-700.css
Origin: https://ads.eu.criteo.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 18:33:24 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Thu, 08 Dec 2022 14:14:21 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"6391f13d-3df4"
content-type: text/plain; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Fri, 22 Nov 2024 18:33:24 GMT

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame A6B4 0
16 B 255ms
255ms Document
text/html 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6593523210010154&output=html&adk=1812271804&adf=2751417942&plat=1%3A520%2C2%3A520%2C3%3A2163200%2C4%3A2163200%2C8%3A512%2C9%3A33288%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C26%3A512%2C27%3A512%2C30%3A1049088%2C32%3A32%2C41%3A32%2C42%3A32&format=0x0&url=https%3A%2F%2Fforeks.com%2F&ea=0&pra=5&wgl=1&easpi=0&asro=0&asiscm=1&aslmt=0.4&asamt=-1&asedf=0&asefa=1&aseiel=1~2&aslcwct=150&asacwct=25&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1701196404114&bpp=1&bdt=343&idt=319&shv=r20231109&mjsv=m202311140101&ptt=9&saldr=aa&nras=1&correlator=457562125127&frm=24&ife=3&pv=2&ga_vid=1339841790.1701196404&ga_sid=1701196404&ga_hid=627177921&ga_fc=0&nhd=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=728&ish=90&ifk=2017660139&scr_x=-12245933&scr_y=-12245933&eid=44759876%2C44759927%2C31079437%2C31079759%2C44809316%2C31078297%2C31079756%2C44807406%2C44807763%2C44808149%2C44808284%2C44809071&oid=2&pvsid=1540846799569571&tmod=294462696&uas=0&nvt=1&fsapi=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C728%2C90&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=0&bc=31&ifi=1&uci=1.a4ulxjhyjo3e&fsb=1&dtd=326

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202311140101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-6593523210010154&plah=47edc2055ebf6f705c8dda5bf6329e59.safeframe.googlesyndication.com&bust=31079756

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://47edc2055ebf6f705c8dda5bf6329e59.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 28 Nov 2023 18:33:24 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 89E6 37 KB
15 KB 571ms
571ms Document
text/html 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6593523210010154&output=html&h=90&slotname=9586219513&adk=1165138949&adf=776186312&pi=t.ma~as.9586219513&w=728&format=728x90&url=https%3A%2F%2Fforeks.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1701196404115&bpp=1&bdt=345&idt=358&shv=r20231109&mjsv=m202311140101&ptt=9&saldr=aa&prev_fmts=0x0&nras=1&correlator=457562125127&frm=24&ife=3&pv=1&ga_vid=1339841790.1701196404&ga_sid=1701196404&ga_hid=627177921&ga_fc=0&nhd=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=728&ish=90&ifk=2017660139&scr_x=-12245933&scr_y=-12245933&eid=44759876%2C44759927%2C31079437%2C31079759%2C44809316%2C31078297%2C31079756%2C44807406%2C44807763%2C44808149%2C44808284%2C44809071&oid=2&pvsid=1540846799569571&tmod=294462696&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C728%2C90&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=2&uci=2.4w89kf7hrlt0&fsb=1&dtd=361

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

74cfeedc4343ae6b4171c4c1484e5b7c4c8a2d7b2a399023c97e3740725de227

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://47edc2055ebf6f705c8dda5bf6329e59.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: br
content-length: 15647
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 28 Nov 2023 18:33:24 GMT
observe-browsing-topics: ?1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame D1F5 0
16 B 301ms
300ms Document
text/html 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6593523210010154&output=html&adk=1812271804&adf=2751417939&plat=1%3A66056%2C2%3A66056%2C3%3A2163200%2C4%3A2163200%2C8%3A66048%2C9%3A66056%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C26%3A66048%2C27%3A512%2C30%3A1049088%2C32%3A32%2C41%3A32%2C42%3A32&format=0x0&url=https%3A%2F%2Fforeks.com%2F&ea=0&pra=5&wgl=1&easpi=0&asro=0&asiscm=1&aslmt=0.4&asamt=-1&asedf=0&asefa=1&aseiel=1~2&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1701196404234&bpp=2&bdt=447&idt=251&shv=r20231109&mjsv=m202311090101&ptt=9&saldr=aa&nras=1&correlator=7135450027081&frm=24&ife=3&pv=2&ga_vid=327865232.1701196404&ga_sid=1701196404&ga_hid=973236869&ga_fc=0&nhd=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=300&ish=250&ifk=1474327628&scr_x=-12245933&scr_y=-12245933&eid=44759875%2C44759926%2C31079606%2C42532523%2C31078301%2C44807763%2C44808148%2C44808284%2C44809072%2C318512602&oid=2&pvsid=2911161722174218&tmod=453746666&uas=0&nvt=1&fsapi=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C300%2C250&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=0&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=1&uci=1.9w6ta6mebia4&fsb=1&dtd=255

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://47edc2055ebf6f705c8dda5bf6329e59.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 28 Nov 2023 18:33:24 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 adview
securepubads.g.doubleclick.net/pagead/ Frame F5AF 0
0 67ms
67ms Image
text/html 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=C-EiYczJmZYjjEYP0gAeLsKFAyZ7SsVzVnZH3cMCNtwEQASAAYJWCgICYB4IBF2NhLXB1Yi03OTgzNjUxMjU3ODM4MjgyyAEJqQKcXkyLdl-yPuACAKgDAcgDAqoEngJP0GRjlBQYmI7tD5ctThWX6P6XXvWlKGdX3x_CHKAqpWqKJMIz2s0K3naEYegH77pHknyz8P8mF-gwIkt90r8JIpGR0E9m2qcetxRNFzE6aXfQWRXDN_IOIITBt74j47qmUoPSvFUDLYzHo2xOrGxwzovdf0eHLVUqHRvASEbs_jKI80QJRxEe1aIYMWSNOkeRpnOcaNi0KHHG73ZoHHsYVHnD5cDuUQ7yKcFfbrdxOMa6PHnxtU3qhScTZ5w2WSvTlXgCVlh7yHBbQqcZzOI8JlTnyGx2jbuIcKUpbe1FVE9d0-l2s-n8Dn4az1-RNxLCJ4qL9wrLLjkJLsVkJoUY3AQFI_3Yn6Z5pSBM0dI8_Jcg5nlzOjYq5UqnAy7_4AQBgAaO1LKct7KlrWKgBiGoB6a-G6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggUCIDhgBAQATICqgI6AoBASL39wTqACgP6CwIIAYAMAeINEwjy2ry6queCAxUDOuAKHQtYCAjQFQGAFwGyFxwKGhIUcHViLTc5ODM2NTEyNTc4MzgyODIY6sFt&sigh=xXYVYNc_iFc&uach_m=%5BUACH%5D&cid=CAQSjAEAyAmmjTPhhmueKWqknut7TKN7gklVIaJErxLLYvU1bW52qG_IV9NrLBLfhNY9RoS0SDp-sPfjBFWoFRjfogA4qbvpnM_1Fb3A4-rmaNKVwgrkSQkjiQUOC17Sf7Hqqcupeu14evqLMjDE33tMLMvs5PEsV2v88ME7gSD_8msL_MztCI8OpJBCyheLFxgB&cbvp=2&vis=1
Requested by: Host: 47edc2055ebf6f705c8dda5bf6329e59.safeframe.googlesyndication.com
URL: https://47edc2055ebf6f705c8dda5bf6329e59.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://47edc2055ebf6f705c8dda5bf6329e59.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

GET
H2 200 notify
rtb.fr3.eu.criteo.com/google/auction/ Frame F5AF 0
125 B 35ms
35ms Image
text/plain 2a02:2638:d::c
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://rtb.fr3.eu.criteo.com/google/auction/notify?profile=14&payload=k4LKFsc1rAL6AZ2DYgICAAAAjwBPpc7B_Vz5CfFkX92XRxBzMmZl8p2uXIqlLS1eWQAAEgAACgpBUVVCRHdFQkR3&wp=ZWYycwAEcYgK4DoDAAhYC6FDvACBUxSfs6n-4A&cbvp=2

Requested by

Host: 47edc2055ebf6f705c8dda5bf6329e59.safeframe.googlesyndication.com
URL: https://47edc2055ebf6f705c8dda5bf6329e59.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:d::c , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://47edc2055ebf6f705c8dda5bf6329e59.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 18:33:24 GMT
strict-transport-security: max-age=31536000; preload;
server-processing-duration-in-ticks: 166750
server: Kestrel
content-length: 0

GET
H3 200 adview
securepubads.g.doubleclick.net/pagead/ Frame 79C3 0
0 66ms
66ms Image
text/html 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=CcXLsczJmZZGIEsWc1PIP5raXiA_JntKxXNWdkfdwwI23ARABIABglYKAgJgHggEXY2EtcHViLTc5ODM2NTEyNTc4MzgyODLIAQmpAgcCFcmwXrI-4AIAqAMByAMCqgSVAk_Q_uroDNbMSsEAG7zIUoDJ-p2dAf3x4jfh3OHACsCkq2Pc3h0LqutpAIMbDs1oldpZV3cdYuGJnfOXH2RJuM9Cfkn2IEr0QflaZS9DWxrOHQJOL4DSyA1agFb65lyMQ1ll7llYNn9khStzpqoTx2KYrhYDg52HsnewhkxAUZ7CFKJGuEUHOyXPKvORUEUAlSxVCTnSm9D3jzo663LfGbSdet3Fr9oCnJTgiQJUxUeiMvl50YMElsgvGz5SN79jPHUn40ViPqFMJrLPi9ri756Z2Ay8i5mHUmjlzaeEDluyhZWboHyibgB9xX9H1ZQ1LxBqMm4hgypOSnY_OxmLfjWWtyVwfnCcRGR9p3V5Rx397NVsMR7gBAGABuzopabn8ve5jQGgBiGoB6a-G6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggUCIDhgBAQATICqgI6AoBASL39wTqACgP6CwIIAYAMAeINEwiV1by6queCAxVFDlUIHWbbBfHQFQGAFwGyFxwKGhIUcHViLTc5ODM2NTEyNTc4MzgyODIY6sFt&sigh=6KOiOlI5Htw&uach_m=%5BUACH%5D&cid=CAQSYADICaaN2uGS-_zRp9MkBc1QP4IkyCCcmVaWiCbfTSEMABeqV_iohwY8O9ejasTzIfQF-CcrQRYcaLb-fKnZiJA6Knj3-26rJ39RCExrZ7vaL4YxgoHT7SoS6PakDOFC6xgB&cbvp=2&vis=1
Requested by: Host: 47edc2055ebf6f705c8dda5bf6329e59.safeframe.googlesyndication.com
URL: https://47edc2055ebf6f705c8dda5bf6329e59.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://47edc2055ebf6f705c8dda5bf6329e59.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

GET
H2 200 notify
rtb.nl3.eu.criteo.com/google/auction/ Frame 79C3 0
126 B 134ms
44ms Image
text/plain 2a02:2638:3::9
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://rtb.nl3.eu.criteo.com/google/auction/notify?profile=14&payload=k4qLFev_CsoH-gGdg2ICAgAAAI8AT6XOwf1c-QnxZF_dl0cQcjJmZSw7nQ7Yl9KUObwAABIAAAoKQVFVQkFRRUJBUQ&wp=ZWYycwAEhBEIVQ5FAAXbZri0uAbCZgrzwIk1tg&cbvp=2

Requested by

Host: 47edc2055ebf6f705c8dda5bf6329e59.safeframe.googlesyndication.com
URL: https://47edc2055ebf6f705c8dda5bf6329e59.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::9 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://47edc2055ebf6f705c8dda5bf6329e59.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 18:33:24 GMT
strict-transport-security: max-age=31536000; preload;
server-processing-duration-in-ticks: 162525
server: Kestrel
content-length: 0

GET v1
lb.eu-1-id5-sync.com/lb/ 0
0

POST
H2 200 count
logger.virgul.com/ 0
116 B 60ms
60ms Ping
image/jpeg 185.7.176.222
SH

General

Check archive.org

Show headers Download Go to

Full URL: https://logger.virgul.com/count?m=adDataLoad&g=m&r=npm_foreks:preroll:100&o=&iv=&wVID=&info=&os=windows&dt=desktop
Requested by: Host: c1.imgiz.com
URL: https://c1.imgiz.com/player_others/html5/NoktaPlayer.js?d=11/28/2023
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 185.7.176.222 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://foreks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

access-control-allow-origin: *
date: Tue, 28 Nov 2023 18:33:24 GMT
server: openresty/1.15.8.3
content-length: 0
access-control-allow-methods: GET, POST
content-type: image/jpeg

GET
DATA 200
OK truncated
/ 1016 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 6823cdc5c5bc297bd4ac06187687fecb2a5c110658ebd5efba820132571fe6a2

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 zoneview
ng.virgul.com/ 0
209 B 61ms
61ms Image
text/plain 185.7.176.222
SH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ng.virgul.com/zoneview?c=&mt=1701196404530&v=https%3A%2F%2Fforeks.com%2F%26vi%3D10809886%40&r=158737:foreks&userId=vnet7b02ca45-a86b-447b-abe0-0c93ef55687a&tp=&os=&call=&vd=0&ses=0&dim=1600x1200&l=&y=&w=0&ext=,as,rc1,hf1,vv1&info=&ref=&rdmt=0.0021168812560268258
Requested by: Host: foreks.com
URL: https://foreks.com/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 185.7.176.222 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://foreks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

access-control-allow-origin: https://foreks.com
date: Tue, 28 Nov 2023 18:33:24 GMT
access-control-allow-credentials: true
expires: Tue, 04 Jan 2022 10:49:40 GMT
server: openresty/1.15.8.3
content-length: 0
p3p: CP='IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT'

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 6C7F 37 KB
15 KB 531ms
531ms Document
text/html 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6593523210010154&output=html&h=250&slotname=1234190425&adk=1935728605&adf=776186307&pi=t.ma~as.1234190425&w=300&fwrn=16&format=300x250&url=https%3A%2F%2Fforeks.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1701196404236&bpp=1&bdt=449&idt=309&shv=r20231109&mjsv=m202311090101&ptt=9&saldr=aa&prev_fmts=0x0&nras=1&correlator=7135450027081&frm=24&ife=3&pv=1&ga_vid=327865232.1701196404&ga_sid=1701196404&ga_hid=973236869&ga_fc=0&nhd=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=300&ish=250&ifk=1474327628&scr_x=-12245933&scr_y=-12245933&eid=44759875%2C44759926%2C31079606%2C42532523%2C31078301%2C44807763%2C44808148%2C44808284%2C44809072%2C318512602&oid=2&pvsid=2911161722174218&tmod=453746666&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C300%2C250&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=2.6eyxff3dyi4h&fsb=1&dtd=311

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

33c60b04ab627662ee9fb07a7d60112c91ebb9989dc2fa7e4b6650323a20b6e4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://47edc2055ebf6f705c8dda5bf6329e59.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: br
content-length: 15601
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 28 Nov 2023 18:33:25 GMT
observe-browsing-topics: ?1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

POST
H2 200 count
logger.virgul.com/ 0
116 B 60ms
59ms Ping
image/jpeg 185.7.176.222
SH

General

Check archive.org

Show headers Download Go to

Full URL: https://logger.virgul.com/count?m=alive&g=h&r=&o=npm_foreks::25:::vnet7b02ca45-a86b-447b-abe0-0c93ef55687a&iv=&wVID=&info=&os=windows&dt=desktop
Requested by: Host: c1.imgiz.com
URL: https://c1.imgiz.com/player_others/html5/NoktaPlayer.js?d=11/28/2023
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 185.7.176.222 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://foreks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

access-control-allow-origin: *
date: Tue, 28 Nov 2023 18:33:24 GMT
server: openresty/1.15.8.3
content-length: 0
access-control-allow-methods: GET, POST
content-type: image/jpeg

POST
H2 200 count
logger.virgul.com/ 0
116 B 60ms
60ms Ping
image/jpeg 185.7.176.222
SH

General

Check archive.org

Show headers Download Go to

Full URL: https://logger.virgul.com/count?m=alive&g=h&r=&o=npm_foreks::50:::vnet7b02ca45-a86b-447b-abe0-0c93ef55687a&iv=&wVID=&info=&os=windows&dt=desktop
Requested by: Host: c1.imgiz.com
URL: https://c1.imgiz.com/player_others/html5/NoktaPlayer.js?d=11/28/2023
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 185.7.176.222 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://foreks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

access-control-allow-origin: *
date: Tue, 28 Nov 2023 18:33:24 GMT
server: openresty/1.15.8.3
content-length: 0
access-control-allow-methods: GET, POST
content-type: image/jpeg

POST
H2 200 count
logger.virgul.com/ 0
116 B 60ms
60ms Ping
image/jpeg 185.7.176.222
SH

General

Check archive.org

Show headers Download Go to

Full URL: https://logger.virgul.com/count?m=alive&g=h&r=&o=npm_foreks::75:::vnet7b02ca45-a86b-447b-abe0-0c93ef55687a&iv=&wVID=&info=&os=windows&dt=desktop
Requested by: Host: c1.imgiz.com
URL: https://c1.imgiz.com/player_others/html5/NoktaPlayer.js?d=11/28/2023
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 185.7.176.222 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://foreks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

access-control-allow-origin: *
date: Tue, 28 Nov 2023 18:33:24 GMT
server: openresty/1.15.8.3
content-length: 0
access-control-allow-methods: GET, POST
content-type: image/jpeg

GET
H2 206 10809886-270_3-72k.mp4
istr-n8.nktcdn.com/data/videos/10809/ 3 MB
0 215ms
66ms Media
video/mp4 185.7.176.208
SH

General

Check archive.org

Show headers Download Go to

Full URL: https://istr-n8.nktcdn.com/data/videos/10809/10809886-270_3-72k.mp4?token=VKuviEvE35mzjnrhq8hYHg&ts=2061456518
Requested by: Host: foreks.com
URL: https://foreks.com/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.208 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash

Request headers

Referer: https://foreks.com/
Accept-Encoding: identity;q=1, *;q=0
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
Range: bytes=0-

Response headers

access-control-allow-origin: *
Content-Range: bytes 0-56818941/56818942
date: Tue, 28 Nov 2023 18:33:24 GMT
last-modified: Mon, 27 Nov 2023 13:37:13 GMT
server: openresty/1.15.8.3
Content-Length: 56818942
content-type: video/mp4

GET
H2

200

view.aspx Show response
pb.media01.eu/ Frame 7F29
Redirect Chain

https://pv.medialead.de/trck/epv/e99aace94e6e5873881d3400993e1e7e?subid=19872200158888404444550012522023&t=htlp&gdpr=1&consent=1&gdpr_consent=
https://pb.media01.eu/view.aspx?trackid=529D4F146E3238B0FD87AE72E1190AD4&dt_subid1=52180&dt_subid2=19872200158888404444550012522023&actionid=879111&produktid=ratenkredit&dt_url=

0
629 B

195ms
45ms

Document
text/html

88.198.250.30
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://pb.media01.eu/view.aspx?trackid=529D4F146E3238B0FD87AE72E1190AD4&dt_subid1=52180&dt_subid2=19872200158888404444550012522023&actionid=879111&produktid=ratenkredit&dt_url=

Requested by

Host: hal900023.redintelligence.net
URL: https://hal900023.redintelligence.net/request.php?zone=g72h7lz2c4az&nw=20&renderingType=javascript&namespace=5338681b41&subid=&uid=52acbdb6958043a8&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=728x90&scrollPos=0x0&extData[]=&extVar[]=DV360_SSP%3A1&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCzepsczJmZYKMEuP0x_APqNCTMKblvaBphZWcp8kP8C4QASDAsoJrYJWCgICYB8gBCakCA7dZa_pfsj6oAwHIA5sEqgSPAk_QL-h2_fPGg2soJQ_MpIhdiQsGZjHRWuA8wX4CTJCqeZHERTomeZeqtJTAUTwkdXNC-UkHTh9aZiXG99RJI-KjZIUgaQCGwO979hxA8TCn-AT54QHYFLqRb9PR6NH4CDkDaJQiiOnzlMbWYFPfCZ9LuUPGEfVF6s3L0hOauRmHgKuKe835xFtGAEu4wY4vwtLJkZRIjCTjDnej2FVGsvvAn-_rKqY7JNr5KNJ0T_SVUo-7qY9ut3GKppHQXj7xYc_NXJipdYS_A0MPjTNI_IjmNf7yNOozp4hEEFsL1iyc0lE6kbwdjzN-7Fo2Y3BABiv98SWSVqUHKLWoES3lt87InsTgbrquG_wQU4c3u8vABOuP_I73A-AEA4gF76-WiD6QBgGgBk2AB6yt9Z8DqAfZtrECqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgH1ckbqAemvhuoB5oGqAfz0RuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIFgiA4YAQEAEYHTICqgI6AoBASL39wTqACgOYCwHICwGADAGiDBwqGgoY5LSxAu61sQK1uLEC5LSxAu61sQK7u7ECqg0CREXiDRMI2e68uqrnggMVY_oRCB0o6AQGsBOH77EV0BMA2BMDiBQB2BQB0BUB-BYBgBcB%26ae%3D1%26num%3D1%26cid%3DCAQSjAEAyAmmjdXSL2Y0H9VJCZPaQjCBCDib3R6BYIGbBFr_jtskmyabhZh9e9Xuhtm1M67gmsjsupyfTecZBADpuDdIL3MY5aR2eNE1xI2KIwdzE9qgeqThuD-Ka1MvLIU6is1B45i5EGJBFTy1NuZlZvrrq17sr4tR1-agymrF2_PW4EEG1Bij3B5MTHuEYxgB%26sig%3DAOD64_1Y_2-ZRR35yflblqF6XPIDJpVhfw%26client%3Dca-pub-7983651257838282%26dbm_c%3DAKAmf-CAyTXXbadhFSA-lCW5sl03Y8kf2jV4ee_yJ3UM3GG_jDfc_oenlYoLcVhmlZxi7tPn7uPXH5I8WXoDCAwNSymuqfTs3ffrEbZJK66bCp45vthPmsCsasZlvqx5xowCbTalV3xBNBcBLtzFZG0M0MziiNL5gpCMVvtH_EFl7l7-QsIWqAI%26cry%3D1%26dbm_d%3DAKAmf-Beg1XS4JDZUjbGc9rqDWed9CIwiN9gxtOFABEzs3iY0h6XoswKyfiXYoeBcUiBB3IMExVPrZ8jo1NQ-VsIgBicKRWuRV9FVeNTIiyZyGwt4nGMZmmNIPorKpp0iy5jUW-HITvP5CiudY2-bmTdZKByjMtcKDKDApUqkmSjhyYIlIserZhIO1R14ORKxLLkaMc8BN8AiMEVFzsDkoWzctwKY-4c23HWtV29I0L188aVrAcvGzjiQ9m9EBlUxmdCB1o92ZY70Hg3tQDKD-pARrVyVlybL859zSOdzO-EqXS3DwGaMYKa_H6vDi5wkcV8yumlHAwef6zt4pHI8U3DhwES6eXtmNhZlh4p5O3r5ahHzPtGErvnFjVGOyc4Ey5nAeThM7DYMecoU_GQejV91oQHv_hW9BhNxtYoL6Y07z-esAkXnp00jcz3ahM_GircBbj7I_zEQASg2F1OdE6AZ_z9aV16az_4fZsEQmZpd8BeD0khoonXo81e0oD5yKFf1M6EakLOCR5VT_Z2eiu9LAo7q_H3SNOURqaTcoCWUoHlcz3mhP4%26adurl%3D&documentReferer=https%3A%2F%2Fforeks.com%2F&ancestorOrigins=https%3A%2F%2Fforeks.com&random=4213995101089&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

88.198.250.30 , Germany, ASN24940 (HETZNER-AS, DE),

Reverse DNS

static.88-198-250-30.clients.your-server.de

Software

Microsoft-IIS/10.0 / ASP.NET

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	1; mode=block

Request headers

Referer: https://47edc2055ebf6f705c8dda5bf6329e59.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Content-Type, Content-Range, Content-Disposition, Content-Description, X-XSRF-TOKEN, X-Location
access-control-allow-methods: GET,POST
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
content-length: 0
content-type: text/html; charset=UTF-8
date: Tue, 28 Nov 2023 18:33:24 GMT
expires: Mon, 26 Jul 1997 05:00:00 GMT
last-modified: Tue, 28 Nov 2023 07:33:24 GMT
p3p: policyref="https://pb.media01.eu/pb.media01.eu/p3p.xml", CP="NOI NID PSA OUR BUS NAV STA"
pragma: no-cache
server: Microsoft-IIS/10.0
x-aspnet-version: 4.0.30319
x-powered-by: ASP.NET
x-xss-protection: 1; mode=block

Redirect headers

access-control-allow-credentials: true
access-control-allow-origin: *
access-control-expose-headers: X-Request-ID
attribution-reporting-register-source: {"source_event_id":"17200521800104416","destination":"https://trck.easy-m.de","expiry":5184000,"filter_data":{}}
content-length: 0
content-type: application/javascript
date: Tue, 28 Nov 2023 18:33:24 GMT
host: pv.medialead.de
keep-alive: timeout=20
location: https://pb.media01.eu/view.aspx?trackid=529D4F146E3238B0FD87AE72E1190AD4&dt_subid1=52180&dt_subid2=19872200158888404444550012522023&actionid=879111&produktid=ratenkredit&dt_url=
proxy-host: pv.medialead.de
server: nginx/1.17.5
strict-transport-security: max-age=15768000
vary: Origin
x-iplb-instance: 40027
x-iplb-request-id: D972D785:A59A_91EFC182:01BB_65663274_8A6370C:1E87A

GET
H2 200 / Show response
adv.office-partner.de/ Frame 56E4 930 B
923 B 101ms
29ms Document
text/html 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to

Full URL: https://adv.office-partner.de/?utm_source=webgains&utm_campaign=webgains
Requested by: Host: hal900023.redintelligence.net
URL: https://hal900023.redintelligence.net/request.php?zone=g72h7lz2c4az&nw=20&renderingType=javascript&namespace=5338681b41&subid=&uid=52acbdb6958043a8&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=728x90&scrollPos=0x0&extData[]=&extVar[]=DV360_SSP%3A1&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCzepsczJmZYKMEuP0x_APqNCTMKblvaBphZWcp8kP8C4QASDAsoJrYJWCgICYB8gBCakCA7dZa_pfsj6oAwHIA5sEqgSPAk_QL-h2_fPGg2soJQ_MpIhdiQsGZjHRWuA8wX4CTJCqeZHERTomeZeqtJTAUTwkdXNC-UkHTh9aZiXG99RJI-KjZIUgaQCGwO979hxA8TCn-AT54QHYFLqRb9PR6NH4CDkDaJQiiOnzlMbWYFPfCZ9LuUPGEfVF6s3L0hOauRmHgKuKe835xFtGAEu4wY4vwtLJkZRIjCTjDnej2FVGsvvAn-_rKqY7JNr5KNJ0T_SVUo-7qY9ut3GKppHQXj7xYc_NXJipdYS_A0MPjTNI_IjmNf7yNOozp4hEEFsL1iyc0lE6kbwdjzN-7Fo2Y3BABiv98SWSVqUHKLWoES3lt87InsTgbrquG_wQU4c3u8vABOuP_I73A-AEA4gF76-WiD6QBgGgBk2AB6yt9Z8DqAfZtrECqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgH1ckbqAemvhuoB5oGqAfz0RuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIFgiA4YAQEAEYHTICqgI6AoBASL39wTqACgOYCwHICwGADAGiDBwqGgoY5LSxAu61sQK1uLEC5LSxAu61sQK7u7ECqg0CREXiDRMI2e68uqrnggMVY_oRCB0o6AQGsBOH77EV0BMA2BMDiBQB2BQB0BUB-BYBgBcB%26ae%3D1%26num%3D1%26cid%3DCAQSjAEAyAmmjdXSL2Y0H9VJCZPaQjCBCDib3R6BYIGbBFr_jtskmyabhZh9e9Xuhtm1M67gmsjsupyfTecZBADpuDdIL3MY5aR2eNE1xI2KIwdzE9qgeqThuD-Ka1MvLIU6is1B45i5EGJBFTy1NuZlZvrrq17sr4tR1-agymrF2_PW4EEG1Bij3B5MTHuEYxgB%26sig%3DAOD64_1Y_2-ZRR35yflblqF6XPIDJpVhfw%26client%3Dca-pub-7983651257838282%26dbm_c%3DAKAmf-CAyTXXbadhFSA-lCW5sl03Y8kf2jV4ee_yJ3UM3GG_jDfc_oenlYoLcVhmlZxi7tPn7uPXH5I8WXoDCAwNSymuqfTs3ffrEbZJK66bCp45vthPmsCsasZlvqx5xowCbTalV3xBNBcBLtzFZG0M0MziiNL5gpCMVvtH_EFl7l7-QsIWqAI%26cry%3D1%26dbm_d%3DAKAmf-Beg1XS4JDZUjbGc9rqDWed9CIwiN9gxtOFABEzs3iY0h6XoswKyfiXYoeBcUiBB3IMExVPrZ8jo1NQ-VsIgBicKRWuRV9FVeNTIiyZyGwt4nGMZmmNIPorKpp0iy5jUW-HITvP5CiudY2-bmTdZKByjMtcKDKDApUqkmSjhyYIlIserZhIO1R14ORKxLLkaMc8BN8AiMEVFzsDkoWzctwKY-4c23HWtV29I0L188aVrAcvGzjiQ9m9EBlUxmdCB1o92ZY70Hg3tQDKD-pARrVyVlybL859zSOdzO-EqXS3DwGaMYKa_H6vDi5wkcV8yumlHAwef6zt4pHI8U3DhwES6eXtmNhZlh4p5O3r5ahHzPtGErvnFjVGOyc4Ey5nAeThM7DYMecoU_GQejV91oQHv_hW9BhNxtYoL6Y07z-esAkXnp00jcz3ahM_GircBbj7I_zEQASg2F1OdE6AZ_z9aV16az_4fZsEQmZpd8BeD0khoonXo81e0oD5yKFf1M6EakLOCR5VT_Z2eiu9LAo7q_H3SNOURqaTcoCWUoHlcz3mhP4%26adurl%3D&documentReferer=https%3A%2F%2Fforeks.com%2F&ancestorOrigins=https%3A%2F%2Fforeks.com&random=4213995101089&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),
Reverse DNS
Software: keycdn /
Resource Hash: 384179ee8fb1fd393558e28ea811532ea776e8cd69f9e94f379ddefb78948bd7

Request headers

Referer: https://47edc2055ebf6f705c8dda5bf6329e59.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
cache-control: max-age=604800
content-encoding: gzip
content-length: 552
content-type: text/html
date: Tue, 28 Nov 2023 18:33:24 GMT
etag: "3a2-5c1ab16b3be00-gzip"
expires: Tue, 05 Dec 2023 18:33:24 GMT
last-modified: Thu, 06 May 2021 15:37:28 GMT
link: <https://adv-srv.office-partner.de/?utm_source=webgains&utm_campaign=webgains>; rel="canonical"
server: keycdn
vary: Accept-Encoding
x-accel-version: 0.01
x-cache: HIT
x-edge-location: defr

GET
H2 200 link.html Show response
track.webgains.com/ Frame D026 2 KB
2 KB 175ms
88ms Script
text/html 3.11.123.127
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://track.webgains.com/link.html?wglinkid=498343&wgcampaignid=99582&js=1&viewref=19872200158888404444550012522023&nw=1
Requested by: Host: foreks.com
URL: https://foreks.com/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.11.123.127 London, United Kingdom, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-11-123-127.eu-west-2.compute.amazonaws.com
Software: nginx / PHP/7.4.26
Resource Hash: 7da612499b4e2c12c48f55480b703a7fed3227d97b6877753c53e090a9ae229c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://47edc2055ebf6f705c8dda5bf6329e59.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 18:33:24 GMT
last-modified: Tue, 28 Nov 2023 18:33:24 GMT
server: nginx
x-powered-by: PHP/7.4.26
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=60
access-control-allow-headers: Authorization
expires: Tue, 28 Nov 2023 18:34:24 GMT

GET
H2

200

activityi;dc_pre=CMmQkruq54IDFf5YkQUdb5EEQQ;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=7747077862176.445 Show response
5994599.fls.doubleclick.net/ Frame C572
Redirect Chain

https://5994599.fls.doubleclick.net/activityi;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=7747077862176.445?
https://5994599.fls.doubleclick.net/activityi;dc_pre=CMmQkruq54IDFf5YkQUdb5EEQQ;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=7747077862176.445?

391 B
326 B

66ms
66ms

Document
text/html

142.250.74.198
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://5994599.fls.doubleclick.net/activityi;dc_pre=CMmQkruq54IDFf5YkQUdb5EEQQ;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=7747077862176.445?

Requested by

Host: foreks.com
URL: https://foreks.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.74.198 Plainview, United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s02-in-f6.1e100.net

Software

cafe /

Resource Hash

92e4e60b11970c28f248f17e7d79e2338c956418393f15ee25da0d9ff8718d57

Security Headers

Name	Value
Strict-Transport-Security	max-age=21600
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://47edc2055ebf6f705c8dda5bf6329e59.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=0
content-encoding: br
content-length: 217
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 28 Nov 2023 18:33:24 GMT
expires: Tue, 28 Nov 2023 18:33:24 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
strict-transport-security: max-age=21600
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, must-revalidate
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 28 Nov 2023 18:33:24 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
follow-only-when-prerender-shown: 1
location: https://5994599.fls.doubleclick.net/activityi;dc_pre=CMmQkruq54IDFf5YkQUdb5EEQQ;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=7747077862176.445?
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma: no-cache
server: cafe
strict-transport-security: max-age=21600
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H/1.1 200
OK request_content.php Show response
hal900023.redintelligence.net/ Frame ECFE 7 KB
2 KB 82ms
27ms Document
text/html 78.46.23.46
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal900023.redintelligence.net/request_content.php?s=19872200158888404444550012522023&a=8f3e0961
Requested by: Host: hal900023.redintelligence.net
URL: https://hal900023.redintelligence.net/request.php?zone=g72h7lz2c4az&nw=20&renderingType=javascript&namespace=5338681b41&subid=&uid=52acbdb6958043a8&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=728x90&scrollPos=0x0&extData[]=&extVar[]=DV360_SSP%3A1&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCzepsczJmZYKMEuP0x_APqNCTMKblvaBphZWcp8kP8C4QASDAsoJrYJWCgICYB8gBCakCA7dZa_pfsj6oAwHIA5sEqgSPAk_QL-h2_fPGg2soJQ_MpIhdiQsGZjHRWuA8wX4CTJCqeZHERTomeZeqtJTAUTwkdXNC-UkHTh9aZiXG99RJI-KjZIUgaQCGwO979hxA8TCn-AT54QHYFLqRb9PR6NH4CDkDaJQiiOnzlMbWYFPfCZ9LuUPGEfVF6s3L0hOauRmHgKuKe835xFtGAEu4wY4vwtLJkZRIjCTjDnej2FVGsvvAn-_rKqY7JNr5KNJ0T_SVUo-7qY9ut3GKppHQXj7xYc_NXJipdYS_A0MPjTNI_IjmNf7yNOozp4hEEFsL1iyc0lE6kbwdjzN-7Fo2Y3BABiv98SWSVqUHKLWoES3lt87InsTgbrquG_wQU4c3u8vABOuP_I73A-AEA4gF76-WiD6QBgGgBk2AB6yt9Z8DqAfZtrECqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgH1ckbqAemvhuoB5oGqAfz0RuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIFgiA4YAQEAEYHTICqgI6AoBASL39wTqACgOYCwHICwGADAGiDBwqGgoY5LSxAu61sQK1uLEC5LSxAu61sQK7u7ECqg0CREXiDRMI2e68uqrnggMVY_oRCB0o6AQGsBOH77EV0BMA2BMDiBQB2BQB0BUB-BYBgBcB%26ae%3D1%26num%3D1%26cid%3DCAQSjAEAyAmmjdXSL2Y0H9VJCZPaQjCBCDib3R6BYIGbBFr_jtskmyabhZh9e9Xuhtm1M67gmsjsupyfTecZBADpuDdIL3MY5aR2eNE1xI2KIwdzE9qgeqThuD-Ka1MvLIU6is1B45i5EGJBFTy1NuZlZvrrq17sr4tR1-agymrF2_PW4EEG1Bij3B5MTHuEYxgB%26sig%3DAOD64_1Y_2-ZRR35yflblqF6XPIDJpVhfw%26client%3Dca-pub-7983651257838282%26dbm_c%3DAKAmf-CAyTXXbadhFSA-lCW5sl03Y8kf2jV4ee_yJ3UM3GG_jDfc_oenlYoLcVhmlZxi7tPn7uPXH5I8WXoDCAwNSymuqfTs3ffrEbZJK66bCp45vthPmsCsasZlvqx5xowCbTalV3xBNBcBLtzFZG0M0MziiNL5gpCMVvtH_EFl7l7-QsIWqAI%26cry%3D1%26dbm_d%3DAKAmf-Beg1XS4JDZUjbGc9rqDWed9CIwiN9gxtOFABEzs3iY0h6XoswKyfiXYoeBcUiBB3IMExVPrZ8jo1NQ-VsIgBicKRWuRV9FVeNTIiyZyGwt4nGMZmmNIPorKpp0iy5jUW-HITvP5CiudY2-bmTdZKByjMtcKDKDApUqkmSjhyYIlIserZhIO1R14ORKxLLkaMc8BN8AiMEVFzsDkoWzctwKY-4c23HWtV29I0L188aVrAcvGzjiQ9m9EBlUxmdCB1o92ZY70Hg3tQDKD-pARrVyVlybL859zSOdzO-EqXS3DwGaMYKa_H6vDi5wkcV8yumlHAwef6zt4pHI8U3DhwES6eXtmNhZlh4p5O3r5ahHzPtGErvnFjVGOyc4Ey5nAeThM7DYMecoU_GQejV91oQHv_hW9BhNxtYoL6Y07z-esAkXnp00jcz3ahM_GircBbj7I_zEQASg2F1OdE6AZ_z9aV16az_4fZsEQmZpd8BeD0khoonXo81e0oD5yKFf1M6EakLOCR5VT_Z2eiu9LAo7q_H3SNOURqaTcoCWUoHlcz3mhP4%26adurl%3D&documentReferer=https%3A%2F%2Fforeks.com%2F&ancestorOrigins=https%3A%2F%2Fforeks.com&random=4213995101089&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 78.46.23.46 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.46.23.46.78.clients.your-server.de
Software: Apache /
Resource Hash: 5b46f150b18a795d554d57bfed352f4fe732c5abb15a532537db0710ec1f59b6

Request headers

Referer: https://47edc2055ebf6f705c8dda5bf6329e59.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Connection: close
Content-Encoding: gzip
Content-Length: 2080
Content-Type: text/html; charset=utf-8
Date: Tue, 28 Nov 2023 18:33:24 GMT
Expires: Tue, 28 Nov 2023 18:33:24 +0100
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Pragma: no-cache
Server: Apache
Vary: Accept-Encoding

GET
H/1.1

200
OK

e99aace94e6e5873881d3400993e1e7e
pv.medialead.de/trck/eview/ Frame D026
Redirect Chain

https://medialead.de/trck/eview/e99aace94e6e5873881d3400993e1e7e?subid=19872200158888404444550012522023&t=htlp&gdpr=1&consent=1&gdpr_consent=
https://pv.medialead.de/trck/eview/e99aace94e6e5873881d3400993e1e7e?subid=19872200158888404444550012522023&t=htlp&gdpr=1&consent=1&gdpr_consent=

43 B
666 B

180ms
131ms

Image
image/gif

145.239.193.130
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pv.medialead.de/trck/eview/e99aace94e6e5873881d3400993e1e7e?subid=19872200158888404444550012522023&t=htlp&gdpr=1&consent=1&gdpr_consent=

Requested by

Host: 47edc2055ebf6f705c8dda5bf6329e59.safeframe.googlesyndication.com
URL: https://47edc2055ebf6f705c8dda5bf6329e59.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

HTTP/1.1

Server

145.239.193.130 , France, ASN16276 (OVH, FR),

Reverse DNS

Software

nginx/1.17.5 /

Resource Hash

548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://47edc2055ebf6f705c8dda5bf6329e59.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 18:33:24 GMT
strict-transport-security: max-age=15768000
attribution-reporting-register-source: {"source_event_id":"17200521800104416","destination":"https://trck.easy-m.de","expiry":5184000,"filter_data":{}}
server: nginx/1.17.5
host: pv.medialead.de
x-iplb-request-id: D972D785:A5A2_91EFC182:01BB_65663274_8A689D1:1E879
x-iplb-instance: 40027
vary: Origin
content-type: image/gif
access-control-allow-origin: *
access-control-expose-headers: X-Request-ID
access-control-allow-credentials: true
keep-alive: timeout=20
content-length: 43
proxy-host: pv.medialead.de

Redirect headers

location: https://pv.medialead.de/trck/eview/e99aace94e6e5873881d3400993e1e7e?subid=19872200158888404444550012522023&t=htlp&gdpr=1&consent=1&gdpr_consent=
date: Tue, 28 Nov 2023 18:33:24 GMT
server: nginx
content-length: 138
content-type: text/html

GET
H/1.1 200
OK cshow.php
www.awin1.com/ Frame D026 43 B
703 B 127ms
76ms Image
image/gif 23.212.218.19
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.awin1.com/cshow.php?s=3266505&v=11601&q=357526&r=113440&pref1=19872200158888404444550012522023&pv=1

Requested by

Host: 47edc2055ebf6f705c8dda5bf6329e59.safeframe.googlesyndication.com
URL: https://47edc2055ebf6f705c8dda5bf6329e59.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

23.212.218.19 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-212-218-19.deploy.static.akamaitechnologies.com

Software

Resource Hash

2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://47edc2055ebf6f705c8dda5bf6329e59.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 28 Nov 2023 18:33:24 GMT
Strict-Transport-Security: max-age=86400
Node: Helix
Content-Type: image/gif
P3P: policyref="http://www.awin1.com/w3c/p3p.xml", CP="NOI NID CURa ADMa PSAa HISa OUR IND UNI PUR COM NAV"
Cache-Control: no-store, no-cache, max-age=0, must-revalidate
Awin-Akamai-Rule-Set: default
Connection: keep-alive
Content-Length: 43
Expires: 0

GET
DATA 200
OK truncated
/ Frame D026 211 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 66336dcbe328647fef40d08c176254965b5e2df5172842bca2ad326653903986

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 css
fonts.googleapis.com/ Frame ECFE 2 KB
843 B 80ms
30ms Stylesheet
text/css 2a00:1450:4001:811::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Titillium+Web:400,700

Requested by

Host: hal900023.redintelligence.net
URL: https://hal900023.redintelligence.net/request_content.php?s=19872200158888404444550012522023&a=8f3e0961

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

bf5b911ce6645add415b3dbf40d50dc8cda426f38f5300525bf4793c4131b2c2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal900023.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Tue, 28 Nov 2023 18:33:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Tue, 28 Nov 2023 18:24:42 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Tue, 28 Nov 2023 18:33:24 GMT

GET
H/1.1 200
OK /
hal9000.redintelligence.net/scale/ Frame ECFE 17 KB
17 KB 77ms
27ms Image
image/png 138.201.63.157
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://hal9000.redintelligence.net/scale/?nw=20&mode=bb&width=120&height=60&url=https://cdn.contentspread.net/24i/advertiser/6383/creativesup/produkte-kredite-privatkredit-mann-auf-pferd-teaser-logout-1200x627.jpg
Requested by: Host: hal900023.redintelligence.net
URL: https://hal900023.redintelligence.net/request_content.php?s=19872200158888404444550012522023&a=8f3e0961
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.63.157 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.157.63.201.138.clients.your-server.de
Software: Apache /
Resource Hash: f5a48b3eeb24a28a9a489068208f8b1bc9723b8aa20d0972ef48d5383adc665b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal900023.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date: Tue, 28 Nov 2023 18:33:24 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 16983
Vary: Accept-Encoding
Content-Type: image/png

GET
H/1.1 200
OK /
hal9000.redintelligence.net/scale/ Frame ECFE 16 KB
16 KB 77ms
28ms Image
image/png 138.201.63.157
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://hal9000.redintelligence.net/scale/?nw=20&mode=bb&width=120&height=60&url=https://cdn.contentspread.net/24i/advertiser/30229/creativesup/1200x627_Office-Partner.jpg
Requested by: Host: hal900023.redintelligence.net
URL: https://hal900023.redintelligence.net/request_content.php?s=19872200158888404444550012522023&a=8f3e0961
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.63.157 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.157.63.201.138.clients.your-server.de
Software: Apache /
Resource Hash: 445b5b95e4474b6e13b379f0cc68237eb927d7da669d8fd4f83d2f7fce3732e7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal900023.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date: Tue, 28 Nov 2023 18:33:24 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 16515
Vary: Accept-Encoding
Content-Type: image/png

GET
H/1.1 200
OK /
hal9000.redintelligence.net/scale/ Frame ECFE 11 KB
11 KB 81ms
28ms Image
image/png 138.201.63.157
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://hal9000.redintelligence.net/scale/?nw=20&mode=bb&width=120&height=60&url=https://cdn.contentspread.net/24i/advertiser/36340/creativesup/native2.png
Requested by: Host: hal900023.redintelligence.net
URL: https://hal900023.redintelligence.net/request_content.php?s=19872200158888404444550012522023&a=8f3e0961
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.63.157 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.157.63.201.138.clients.your-server.de
Software: Apache /
Resource Hash: e6114f5ed1915856e4ea247624aeb630ecb726047813218f5955cdc071562c20

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal900023.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date: Tue, 28 Nov 2023 18:33:24 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 10942
Vary: Accept-Encoding
Content-Type: image/png

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/ Frame 75DB 3 KB
1 KB 21ms
21ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/window_focus_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6593523210010154&output=html&h=90&slotname=9586219513&adk=1165138949&adf=3173046726&pi=t.ma~as.9586219513&w=728&format=728x90&url=https%3A%2F%2Fforeks.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1701196403827&bpp=1&bdt=285&idt=338&shv=r20231109&mjsv=m202311130101&ptt=9&saldr=aa&prev_fmts=0x0&nras=1&correlator=1103237402201&frm=24&ife=3&pv=1&ga_vid=352957372.1701196404&ga_sid=1701196404&ga_hid=1507780256&ga_fc=0&nhd=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=728&ish=90&ifk=2017660139&scr_x=-12245933&scr_y=-12245933&eid=44759875%2C44759926%2C31079438%2C31078301%2C31079654%2C44807764%2C44808149%2C44808285%2C44809072&oid=2&pvsid=3473004041416471&tmod=1654307501&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C728%2C90&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=2.m0hjxogem1hu&fsb=1&dtd=340

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 14:08:37 GMT
content-encoding: br
x-content-type-options: nosniff
age: 15887
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 12 Dec 2023 14:08:37 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/ Frame 75DB 20 KB
8 KB 22ms
22ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/qs_click_protection_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3c30eaaa059a466037880c18c01c2fe94183d8e67eaab42061d4d2a180114658

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 16:17:19 GMT
content-encoding: br
x-content-type-options: nosniff
age: 8165
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8541
x-xss-protection: 0
server: cafe
etag: 737174102934380276
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 12 Dec 2023 16:17:19 GMT

GET
H3 200 ufs_web_display.js Show response
www.googletagservices.com/activeview/js/current/ Frame 75DB 202 KB
64 KB 65ms
65ms Script
text/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d00881661ce5e766ce98430f69d6d217ab80bdfa98811e039afc92a327d57a68

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 18:33:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 65070
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1700193896630564"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 28 Nov 2023 18:33:24 GMT

GET
H3 200 gtm.js Show response
www.googletagmanager.com/ Frame 56E4 174 KB
62 KB 30ms
29ms Script
application/javascript 2a00:1450:4001:810::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-TBMT2SF

Requested by

Host: adv.office-partner.de
URL: https://adv.office-partner.de/?utm_source=webgains&utm_campaign=webgains

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

b95912fff3048adf5d4a37abd7491429e01ceaad7e97437be6399fb17bb222cc

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://adv.office-partner.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 18:33:24 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 63925
x-xss-protection: 0
last-modified: Tue, 28 Nov 2023 18:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Tue, 28 Nov 2023 18:33:24 GMT

GET
H2 200 dr Show response
as.ad4m.at/ad/ Frame B41D 2 KB
3 KB 242ms
56ms Document
text/html 2606:4700:20::ac43:4a81
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://as.ad4m.at/ad/dr?ed=1hcbxchkxxtv3yyds07nwjbx3ga74p6vsmwjjfffzw6hdzt0zk1ztqywtdnbz2c54qjamntqmhpvpw9k1hc1vrt8md4hbgwvcw7ph530ks8nn6pgjsv8hz2rq65sb7dmr1k5s0269vcjn7030tx3qegksa4qh9dptmr8wzngj1ext3fyq5ah61wgdg945wtvsdjhevdz2e1mk9ed0x46azc6wm9g7mcykefr26zar03b0bfhsydag5e6486vhx6drcg7xqfj62q5tg86dcbjw41qtyq4ednhjq4xj8kh3zrykszbq58gjch7wdz5kw39yddarqn1tmb8sgx1rap0kgpdwqazape4yf0510eez6240kgkcrq4yhbzsvjd3nd5s52hck4n664fh9gbj7panpxwjtrth9hrhyfj9k1602vfpspqar00&x=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCKDGHdDJmZbuTEdqS4_UP_vO9iAiQ4YGEXLaoworwAsCNtwEQASAAYJWCgICYB4IBF2NhLXB1Yi02NTkzNTIzMjEwMDEwMTU0yAEJqQKcXkyLdl-yPqgDAcgDAqoE6QFP0PDdAk83JawtnOUZWG5AxIEGH19BxcviB1AHNMDgTDKIKKatzIt05nWnia6-BWpJWePvCOovvhAfzDtL-ucbNnMHJluzKKwfqvIHUF7BNdQsF359HLMbk1RMB36fKiuUfAcU4Ss1z-uF8FDOJCUvi4drn6iNgK4B5hzdC3Cr6iMSiKW8rrNO2nd_9QFO77Ie-9xytUB_2GmhilEwgCL8vhLdGGVFZoad9-7U1Au7BIIuP0a0n0sVXDSk92B6SqWx9YSLF_jGMF0UFIveBFCbM0VMOsj300a1Tc8RWighTD_oz8ZGh39jHoAGgoaOsvyw2Zb6AaAGIagHpr4bqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCBQIgOGAEBABMgKqAjoCgEBIvf3BOvoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_3FwOQMqPyg8CUCKkxXgK-9lhIGdA%26client%3Dca-pub-6593523210010154%26adurl%3D

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::ac43:4a81 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8a3930ca668cd6b46c0e55cd440671f570ef70d309e64359e89c2c9ec96c43ea

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content; report-to report-endpoint;report-uri /ad/rcv; upgrade-insecure-requests;sandbox allow-scripts allow-same-origin allow-popups allow-popups-to-escape-sandbox;base-uri https:;child-src ;connect-src https:;default-src 'self';font-src ;form-action 'none';frame-src ;img-src https: data:;manifest-src 'none';media-src 'none';object-src 'none';worker-src 'none';script-src https: 'unsafe-inline' 'unsafe-eval';style-src 'unsafe-inline'
Strict-Transport-Security	max-age=86400; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cache-control: no-store, no-cache, must-revalidate, proxy-revalidate
cf-cache-status: DYNAMIC
cf-ray: 82d4b2fa7b599152-FRA
content-encoding: br
content-security-policy: block-all-mixed-content; report-to report-endpoint;report-uri /ad/rcv; upgrade-insecure-requests;sandbox allow-scripts allow-same-origin allow-popups allow-popups-to-escape-sandbox;base-uri https:;child-src *;connect-src https:;default-src 'self';font-src *;form-action 'none';frame-src *;img-src https: data:;manifest-src 'none';media-src 'none';object-src 'none';worker-src 'none';script-src https: 'unsafe-inline' 'unsafe-eval';style-src * 'unsafe-inline'
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: unsafe-none
cross-origin-opener-policy: unsafe-none
cross-origin-resource-policy: cross-origin
date: Tue, 28 Nov 2023 18:33:24 GMT
expires: 0
nel: {"failure_fraction":"1.0","max_age":86400,"report_to":"report-endpoint","success_fraction":"0.0","include_subdomains":true}
permissions-policy: accelerometer=(),autoplay=(self),camera=(),display-capture=(),encrypted-media=(self),fullscreen=(),gamepad=(),geolocation=(),gyroscope=(),hid=(),identity-credentials-get=(),idle-detection=*,local-fonts=*,magnetometer=(),microphone=(),midi=(),otp-credentials=(),payment=(),picture-in-picture=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=(),web-share=*,xr-spatial-tracking=()
pragma: no-cache
referrer-policy: same-origin
report-to: {"endpoints":[{"url":"/ad/vre"}],"group":"report-endpoint","max_age":86400}
server: cloudflare
strict-transport-security: max-age=86400; includeSubDomains; preload
surrogate-control: no-store
vary: accept-encoding
via: 1.1 google
x-content-type-options: nosniff
x-download-options: noopen
x-xss-protection: 1; mode=block

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 693C 1 KB
643 B 21ms
21ms Document
text/html 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 8114
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=86400
content-encoding: br
content-length: 618
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 28 Nov 2023 16:18:10 GMT
etag: 48472445140208031
expires: Wed, 29 Nov 2023 16:18:10 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 2CED 0
20 B 59ms
58ms Image
image/gif 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=44&t=2&bgai=BDvj5czJmZYTiL8evjuwP9Pya8AsAAAAAOAHgBAI&bg=!W1ilWBfNAAZxrfrxUa07ADQBe5WfOGOWsx1_mHbch10B0xXB2wsV9jsZPhhHTxWWw4jPKWrgqKTwKfgYEae9kCAxpcBiAgAAALlSAAAAAWgBBwoAaIK_Ge1MYxkW1brpP53fh84xnSXeYH50sX_sPW4PSX1S77nUpzc1l7i1wvRkiTEpRm9ESMYcurgAR85DVyxSMMej_do2ZEYurvEE2ePvgV1iJdk0Q61_wsqXEutayGzb1xyRY0YFzU7BmQL9k1BDDxrSB0jZbPzxY5vccUAGiG64ocw9lUMsBA4Frvo4EPS_1moVzvcELI3JDfTQfy6zKThXGW1wy7q4ztVzoJRFPZeO-YJbiuaDxJ3Ae6z_gL5gnh-sFyvk7RbFyhC6AJqhuLBIcRFqnqKcZwiJzzgs2fSJDfK8ErtZAqa03dxEn-3tW_oZojZX9ejMqESAE7nqrLkevLUFnwjJwCL2bKPPkoNRymPDraUvDy22DzadCkjkF_7Ew9bDXxQDeGtObl-ZQENuiK8MxbRaRVD-qwDuHbo4aaMXV0UFZAeKKWqGMJphSvruN645P0Hsa07TqsyS8iYoEiTDxKUVlB0vvLy7f4KIVXvncnq18NIqqjAaqQIrAKd254Xxbo0yzWUxvtVVHdM65ZmIiGz4OUimRmjujpB9llB_u_bH32EKla_9QQWgWtxIyi8MXxV3amobJYB5JHFp3UTlIRKl65mykNSg6B1exMCklkGI80CjBwgTa6cWjDkWs9mcSDPuFy07_CWS0IZRkGRjv5AfUcWKpMMPrEmSDGoP_jliCDbP-UJODkk3bcflKx3pMKqU1jehML07fNXNXMW5D957x1GGT1WdLQGCEPdC6kx8-k28XbkotxzDZ9o0-iVnJUhcizqyu8if2drckNAq4I6JKQWReXS1emMIolyl_EudKXvMEBfU4JsHm4oRQK6A7Dp-d0IEpADziHpQVC2L6f3DLqnDLhuP4fY_7Jwfb54iw87a7vhlrOy3dGuo7IZaWQemio13_Q5jMXzNouHteTDVf5Eo85yBs9inr-_iRnGK05-L2ejq9UOKSQKLemKmI_rjj9dgkwXVYgV3O1OhJQXgJcjkaJ8TyqzDNJJ8rz4StX8zx1Wtz0fIm3Yav8Q9DfrOLdcDpGjrar7i-J3WLrqdTBnzbnyDbj6vvknwl3kt9p0mlTOTuMBbIEgfbU8hmRDWspbRVjrq5PjkN2lWB9ClMnUQytUjITeZL4r-NrnDMagMytJpOkawqV_5kOfOn3zW

Requested by

Host: 47edc2055ebf6f705c8dda5bf6329e59.safeframe.googlesyndication.com
URL: https://47edc2055ebf6f705c8dda5bf6329e59.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 28 Nov 2023 18:33:24 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK viewability Show response
hal900023.redintelligence.net/ Frame ECFE 0
150 B 83ms
28ms Script
text/html 78.46.23.46
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal900023.redintelligence.net/viewability?s=19872200158888404444550012522023&a=327fdf00&vb=m
Requested by: Host: hal900023.redintelligence.net
URL: https://hal900023.redintelligence.net/request_content.php?s=19872200158888404444550012522023&a=8f3e0961
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 78.46.23.46 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.46.23.46.78.clients.your-server.de
Software: Apache /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal900023.redintelligence.net/request_content.php?s=19872200158888404444550012522023&a=8f3e0961
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date: Tue, 28 Nov 2023 18:33:24 GMT
Server: Apache
Connection: close
Content-Length: 0
Content-Type: text/html; charset=UTF-8

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 693C
Redirect Chain

https://sync-tm.everesttech.net/upi/pid/5w3jqr4k?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dg8f47s39e399f3fe%26google_hm%3D%24%7BTM_USER_ID_BASE64ENC_URLENC%7D&google_gid=CAESE...
https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_hm=&google_cver=1&google_gid=CAESEFy9vADTDsQDnYbM_qrCJ3Y&google_push=AXcoOmSzd1uuUuufQ_LynAsQN_enO0v2s7dvnwnEytucON1xAR_D8X7bCn...

170 B
188 B

33ms
33ms

Image
image/png

142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_hm=&google_cver=1&google_gid=CAESEFy9vADTDsQDnYbM_qrCJ3Y&google_push=AXcoOmSzd1uuUuufQ_LynAsQN_enO0v2s7dvnwnEytucON1xAR_D8X7bCn1ceJBp3truK21bE73zNjHr8EU7aJZMpCpiZ4UW2KAbhFswKu08wa5bzkHnvez9mMxEck_yGd-XkgSplmLg0gejPRbFluC5ybYaeQ

Requested by

Protocol

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 28 Nov 2023 18:33:25 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

x-served-by: cache-cph2320051-CPH
pragma: no-cache
date: Tue, 28 Nov 2023 18:33:24 GMT
via: 1.1 varnish
server: Jetty(9.4.35.v20201120)
x-timer: S1701196405.899205,VS0,VE96
x-cache: MISS
p3p: CP="NOI DSP COR LAW PSAo PSDo IVAo IVDo OUR BUS UNI DEM"
access-control-allow-origin: *
location: https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_hm=&google_cver=1&google_gid=CAESEFy9vADTDsQDnYbM_qrCJ3Y&google_push=AXcoOmSzd1uuUuufQ_LynAsQN_enO0v2s7dvnwnEytucON1xAR_D8X7bCn1ceJBp3truK21bE73zNjHr8EU7aJZMpCpiZ4UW2KAbhFswKu08wa5bzkHnvez9mMxEck_yGd-XkgSplmLg0gejPRbFluC5ybYaeQ
cache-control: no-cache
accept-ranges: bytes
content-length: 0
x-cache-hits: 0

GET
H2 200 google
match.adsrvr.org/track/cmf/ Frame 693C 70 B
149 B 179ms
47ms Image
image/gif 35.71.131.137
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.adsrvr.org/track/cmf/google?google_gid=CAESEP_xWRL147fPugLFRdGVOp8&google_cver=1&google_push=AXcoOmRCXK4eGxjiYKJYJOFuenJMOCCh4k0KQM_R12LcM13pBxfNZoMGiXw5MQ3kQuxC3RC0I_LwnAQHkMCfBqKnnIRxJAICFWiYrTSsRZZE22-3My2qby_xDM8W9lqaqrILEZGKLK7wG1dOE7UWH56YFQQdMA
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6593523210010154&output=html&h=90&slotname=9586219513&adk=1165138949&adf=3173046726&pi=t.ma~as.9586219513&w=728&format=728x90&url=https%3A%2F%2Fforeks.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1701196403827&bpp=1&bdt=285&idt=338&shv=r20231109&mjsv=m202311130101&ptt=9&saldr=aa&prev_fmts=0x0&nras=1&correlator=1103237402201&frm=24&ife=3&pv=1&ga_vid=352957372.1701196404&ga_sid=1701196404&ga_hid=1507780256&ga_fc=0&nhd=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=728&ish=90&ifk=2017660139&scr_x=-12245933&scr_y=-12245933&eid=44759875%2C44759926%2C31079438%2C31078301%2C31079654%2C44807764%2C44808149%2C44808285%2C44809072&oid=2&pvsid=3473004041416471&tmod=1654307501&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C728%2C90&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=2.m0hjxogem1hu&fsb=1&dtd=340
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.71.131.137 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a6370ebea231e0c9a.awsglobalaccelerator.com
Software: Kestrel /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 18:33:24 GMT
server: Kestrel
content-length: 70
content-type: image/gif

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 693C
Redirect Chain

https://c1.adform.net/serving/cookie/match/?party=1&google_gid=CAESEHmfju9UpwzzUyGAy1V_E58&google_cver=1&google_push=AXcoOmTGfCmlQsP1o1IPqeBh7wRlIO3suk3lHhsEz8am8cTefujRJ5X97Cgwsz_tCHbmzpOFLUNAehGl...
https://c1.adform.net/serving/cookie/match/?CC=1&party=1&google_gid=CAESEHmfju9UpwzzUyGAy1V_E58&google_cver=1&google_push=AXcoOmTGfCmlQsP1o1IPqeBh7wRlIO3suk3lHhsEz8am8cTefujRJ5X97Cgwsz_tCHbmzpOFLUN...
https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=OTExNjU1NjI3NDg0NDY5NDU0OA&google_push=AXcoOmTGfCmlQsP1o1IPqeBh7wRlIO3suk3lHhsEz8am8cTefujRJ5X97Cgwsz_tCHbmzpOFLUNAeh...

170 B
188 B

33ms
33ms

Image
image/png

142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=OTExNjU1NjI3NDg0NDY5NDU0OA&google_push=AXcoOmTGfCmlQsP1o1IPqeBh7wRlIO3suk3lHhsEz8am8cTefujRJ5X97Cgwsz_tCHbmzpOFLUNAehGlSI0C02taaJnNtQXWyLDIkKcThE9aliGZzYkImnwoY2J3pBjnXI8LVrLqrqmBtEGVDe5CQoTnOfxPqA

Requested by

Protocol

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 28 Nov 2023 18:33:24 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Tue, 28 Nov 2023 18:33:24 GMT
strict-transport-security: max-age=31536000; includeSubDomains
server: nginx
accept-ch: Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version
access-control-max-age: 86400
access-control-allow-methods: GET
location: https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=OTExNjU1NjI3NDg0NDY5NDU0OA&google_push=AXcoOmTGfCmlQsP1o1IPqeBh7wRlIO3suk3lHhsEz8am8cTefujRJ5X97Cgwsz_tCHbmzpOFLUNAehGlSI0C02taaJnNtQXWyLDIkKcThE9aliGZzYkImnwoY2J3pBjnXI8LVrLqrqmBtEGVDe5CQoTnOfxPqA
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
content-length: 0
expires: -1

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 693C
Redirect Chain

https://dis.criteo.com/dis/usersync.aspx?r=4&p=14&cp=google&cu=1&url=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcjp%26google_hm%3D%40%40CRITEO_USERID%40%40%26google_push%3DAXcoOmQAje...
https://cm.g.doubleclick.net/pixel?google_nid=cjp&google_hm=k-djRQwTi9Xl7g5WttCNzXbw15eNSQxr9Lw-RLpA&google_push=AXcoOmQAje8ZcIAkNaqKdl10f8TwNb2JMcy_huwkkF0ceq9JE25Bazb2-Ib_nGzwl_51Bp2QTShcpty7eySV...

170 B
188 B

35ms
34ms

Image
image/png

142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=cjp&google_hm=k-djRQwTi9Xl7g5WttCNzXbw15eNSQxr9Lw-RLpA&google_push=AXcoOmQAje8ZcIAkNaqKdl10f8TwNb2JMcy_huwkkF0ceq9JE25Bazb2-Ib_nGzwl_51Bp2QTShcpty7eySVDsnPho8kBPIM9sXxF27egTZPdUdSthWSH6kuPJ0n358xncmO_NLQAstiv02ny7VeTgHpAswR6w

Requested by

Protocol

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 28 Nov 2023 18:33:24 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Tue, 28 Nov 2023 18:33:23 GMT
x-errorlevel: 0
strict-transport-security: max-age=31536000; preload;
server: Kestrel
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
location: https://cm.g.doubleclick.net/pixel?google_nid=cjp&google_hm=k-djRQwTi9Xl7g5WttCNzXbw15eNSQxr9Lw-RLpA&google_push=AXcoOmQAje8ZcIAkNaqKdl10f8TwNb2JMcy_huwkkF0ceq9JE25Bazb2-Ib_nGzwl_51Bp2QTShcpty7eySVDsnPho8kBPIM9sXxF27egTZPdUdSthWSH6kuPJ0n358xncmO_NLQAstiv02ny7VeTgHpAswR6w
cache-control: no-cache
cross-origin-resource-policy: cross-origin
server-processing-duration-in-ticks: 532097
content-length: 0
expires: Tue, 28 Nov 2023 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 693C
Redirect Chain

https://c1.adform.net/serving/cookie/match/?party=1&google_gid=CAESEHmfju9UpwzzUyGAy1V_E58&google_cver=1&google_push=AXcoOmRF6THsk-yp8pMi87xuJZiFO-1QJz1Gh6a099aCV9G4RA4Y9DOL8Vrm-mT7ot3iKfkAOgng_pdz...
https://c1.adform.net/serving/cookie/match/?CC=1&party=1&google_gid=CAESEHmfju9UpwzzUyGAy1V_E58&google_cver=1&google_push=AXcoOmRF6THsk-yp8pMi87xuJZiFO-1QJz1Gh6a099aCV9G4RA4Y9DOL8Vrm-mT7ot3iKfkAOgn...
https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=NzM3OTMxNDQxNDk1MjQ4ODQ1NQ&google_push=AXcoOmRF6THsk-yp8pMi87xuJZiFO-1QJz1Gh6a099aCV9G4RA4Y9DOL8Vrm-mT7ot3iKfkAOgng_p...

170 B
188 B

35ms
35ms

Image
image/png

142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=NzM3OTMxNDQxNDk1MjQ4ODQ1NQ&google_push=AXcoOmRF6THsk-yp8pMi87xuJZiFO-1QJz1Gh6a099aCV9G4RA4Y9DOL8Vrm-mT7ot3iKfkAOgng_pdzSQE-SAOF2i4VIckFDtXdFgQHngO4EyWw3lzj8nDEllDKzKEMl2pIwkyAzHOCAhXneNWLrEyGFSrxXA

Requested by

Protocol

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 28 Nov 2023 18:33:24 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Tue, 28 Nov 2023 18:33:24 GMT
strict-transport-security: max-age=31536000; includeSubDomains
server: nginx
accept-ch: Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version
access-control-max-age: 86400
access-control-allow-methods: GET
location: https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=NzM3OTMxNDQxNDk1MjQ4ODQ1NQ&google_push=AXcoOmRF6THsk-yp8pMi87xuJZiFO-1QJz1Gh6a099aCV9G4RA4Y9DOL8Vrm-mT7ot3iKfkAOgng_pdzSQE-SAOF2i4VIckFDtXdFgQHngO4EyWw3lzj8nDEllDKzKEMl2pIwkyAzHOCAhXneNWLrEyGFSrxXA
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
content-length: 0
expires: -1

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 693C
Redirect Chain

https://onetag-sys.com/match/?int_id=19&redir=1&google_gid=CAESEFJEGHAyzCNShrNoNFnXIwI&google_cver=1&google_push=AXcoOmSek6Vlx6O64UixL4zKai4TcTCwOoxN2zE0rpEu4VQ15WGUbTzLPnA15LbEU89jaJ4o85RobBnQ9PYO...
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=AXcoOmSek6Vlx6O64UixL4zKai4TcTCwOoxN2zE0rpEu4VQ15WGUbTzLPnA15LbEU89jaJ4o85RobBnQ9PYOYehgXBpaOXMec7yvBQkrva4eR1tlYOolNWTN...

170 B
188 B

43ms
42ms

Image
image/png

142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=AXcoOmSek6Vlx6O64UixL4zKai4TcTCwOoxN2zE0rpEu4VQ15WGUbTzLPnA15LbEU89jaJ4o85RobBnQ9PYOYehgXBpaOXMec7yvBQkrva4eR1tlYOolNWTNE1U5CCPC1lcdBS9M6wDOmOadQU5pBfBu8VCVxQ

Requested by

Protocol

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 28 Nov 2023 18:33:24 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=AXcoOmSek6Vlx6O64UixL4zKai4TcTCwOoxN2zE0rpEu4VQ15WGUbTzLPnA15LbEU89jaJ4o85RobBnQ9PYOYehgXBpaOXMec7yvBQkrva4eR1tlYOolNWTNE1U5CCPC1lcdBS9M6wDOmOadQU5pBfBu8VCVxQ
strict-transport-security: max-age=15552000
cache-control: no-transform, no-cache
alt-svc: h3=":443"; ma=900, h3-29=":443"; ma=900
content-length: 0
p3p: CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 693C
Redirect Chain

https://ius.ctnsnet.com/int/cm?exc=1&acc=crimtan_holdings_limited&google_gid=CAESEL1oEDOw2usnmqZ2vY9mNL8&google_cver=1&google_push=AXcoOmRcmazAWU9mjGBAYkuERS_2PNjXB-D8Xo4l9kORs7sF6vLXzAM6UErTlEWW3l...
https://cm.g.doubleclick.net/pixel?google_nid=crimtan_holdings_limited&google_push=AXcoOmRcmazAWU9mjGBAYkuERS_2PNjXB-D8Xo4l9kORs7sF6vLXzAM6UErTlEWW3lr17WEijnkr7BrISpmRThbpF0R6l1O5R4MdWIaAn3Sx_rqy0y...

170 B
188 B

33ms
32ms

Image
image/png

142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=crimtan_holdings_limited&google_push=AXcoOmRcmazAWU9mjGBAYkuERS_2PNjXB-D8Xo4l9kORs7sF6vLXzAM6UErTlEWW3lr17WEijnkr7BrISpmRThbpF0R6l1O5R4MdWIaAn3Sx_rqy0ydleXOJVV4mP6ELbbyhhob_4ZbQm9qRLj-24e7wFHzXOYE&google_hm=QPH2J68-Sie8twLl7waw8oU

Requested by

Protocol

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 28 Nov 2023 18:33:24 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Tue, 28 Nov 2023 18:33:24 GMT
via: 1.1 google
server: Apache-Coyote/1.1
p3p: CP="NOI DSP COR NID CUR OUR NOR"
status: 302
location: https://cm.g.doubleclick.net/pixel?google_nid=crimtan_holdings_limited&google_push=AXcoOmRcmazAWU9mjGBAYkuERS_2PNjXB-D8Xo4l9kORs7sF6vLXzAM6UErTlEWW3lr17WEijnkr7BrISpmRThbpF0R6l1O5R4MdWIaAn3Sx_rqy0ydleXOJVV4mP6ELbbyhhob_4ZbQm9qRLj-24e7wFHzXOYE&google_hm=QPH2J68-Sie8twLl7waw8oU
content-type: text/html;charset=UTF-8
cache-control: no-cache, must-revalidate
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 1; mode=block
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame 693C 0
12 B 31ms
31ms Image
text/html 142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13J8wqnsklxceuydcvmT9PAUhebnTOEGr7V2FrgRuJod4HF7fEVVhryXcPlBBSI1jLI-jHWEAg

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 18:33:24 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H2 200 pvClk.min.js Show response
analytics.webgains.io/ Frame D026 53 KB
19 KB 161ms
30ms Script
application/javascript 108.138.36.8
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.webgains.io/pvClk.min.js
Requested by: Host: track.webgains.com
URL: https://track.webgains.com/link.html?wglinkid=498343&wgcampaignid=99582&js=1&viewref=19872200158888404444550012522023&nw=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 108.138.36.8 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-108-138-36-8.muc50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: fbc6bed540723f219a878e5735ae8cb1c05aa9f7012bf21870cd79e41af25bcd

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://47edc2055ebf6f705c8dda5bf6329e59.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 16:26:48 GMT
content-encoding: gzip
via: 1.1 82fdc4c167a56caabe3a8a99b02abee4.cloudfront.net (CloudFront)
last-modified: Thu, 23 Nov 2023 16:26:10 GMT
server: AmazonS3
x-amz-cf-pop: MUC50-P2
age: 7596
x-amz-server-side-encryption: AES256
etag: W/"1180a1bfee0aad979766ecd6180b923e"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
x-amz-cf-id: iCT-BRbA_atqY2W8YtXCXTGXj1Grf3SC9KXI4W7vINdsa6YYV8ajFA==

GET
H2 200 1x1.gif
cdn.track.production.webgains.team/7121/ Frame D026 85 B
439 B 157ms
27ms Image
image/gif 108.138.36.69
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.track.production.webgains.team/7121/1x1.gif?Expires=1701196704&Signature=HD8GKxiVAbpUUQ0fVgeUdJN2UDoZldCCYTKGPlmlFwQgxV4TDsbNXEYIZEk2g5sjxAygashiUlF06gHzS7tJrXvhVDH5SX3Qjrr2KFwDam~qaiJR7y~Pzw~~VDEgCCtufsAC6TSb0HcvnpI0RjnhlwL8fCaptdQjnL4S9TLwf1OIro3N4kDyp5JSCrZZP8Lj6NvQZLxaXtPdqP~PH7R2Bw1LgxvH9tmF~Ol2-95KUvccDGDayLnqAz5UJmok-OlCxaDf~z4eLsa6GrT1Nw9oMqqfoC0M~LWgRBOSBx~NaDF8Q2pQIVqnKMBNasGXitsmxRhhNDc2zcqWCtL0yb1FPg__&Key-Pair-Id=K28VXAGA7VWE0O
Requested by: Host: 47edc2055ebf6f705c8dda5bf6329e59.safeframe.googlesyndication.com
URL: https://47edc2055ebf6f705c8dda5bf6329e59.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 108.138.36.69 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-108-138-36-69.muc50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 08409d08d8d118c6c6d1c375e079bfce656ac367ff4d1dd9551fff110033c185

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://47edc2055ebf6f705c8dda5bf6329e59.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

x-amz-version-id: null
date: Tue, 28 Nov 2023 14:20:40 GMT
via: 1.1 9f8416bf8a85d328bf3649469ef2a474.cloudfront.net (CloudFront)
last-modified: Fri, 06 May 2022 11:40:06 GMT
server: AmazonS3
x-amz-cf-pop: MUC50-P2
age: 15164
etag: "70af33d70b6810475aae19743c8c435b"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: image/gif
accept-ranges: bytes
content-length: 85
x-amz-cf-id: Md7MLYM8HhhB5e430uzQWXwoAmlBun1Bn1SYEJJ6gsPOoHSWrnVFdA==

GET
DATA 200
OK truncated
/ Frame 75DB 214 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 0391154f033f1181959e7820f2b33e8c9e5bf9cdb1e03ad0a56e6e3625babfa5

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ Frame 56E4 273 KB
91 KB 30ms
30ms Script
application/javascript 2a00:1450:4001:810::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-Q7C756EV6G&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-TBMT2SF

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

9a26a2ec72589679ce3749fab1f86389709be7df0dd8b2f1ab17d275f5b91d23

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://adv.office-partner.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 18:33:24 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 92920
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Tue, 28 Nov 2023 18:33:24 GMT

GET
H3 200 adview
googleads.g.doubleclick.net/pagead/ Frame 75DB 0
19 B 67ms
67ms Image
text/html 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=CGUIMdDJmZbuTEdqS4_UP_vO9iAiQ4YGEXLaoworwAsCNtwEQASAAYJWCgICYB4IBF2NhLXB1Yi02NTkzNTIzMjEwMDEwMTU0yAEJqQKcXkyLdl-yPqgDAcgDAqoE5gFP0PDdAk83JawtnOUZWG5AxIEGH19BxcviB1AHNMDgTDKIKKatzIt05nWnia6-BWpJWePvCOovvhAfzDtL-ucbNnMHJluzKKwfqvIHUF7BNdQsF359HLMbk1RMB36fKiuUfAcU4Ss1z-uF8FDOJCUvi4drn6iNgK4B5hzdC3Cr6iMSiKW8rrNO2nd_9QFO77Ie-9xytUB_2GmhilEwgCL8vhLdGGVFZoad9-7U1Au7BIIuP0a0n0sVXDSk92B6SqXz96UZwAFBcJWTXB0ETcJpClFGl8LZy5s1j4aDorw_YCc9E1kGT4AGgoaOsvyw2Zb6AaAGIagHpr4bqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCBQIgOGAEBABMgKqAjoCgEBIvf3BOoAKAfoLAggBgAwB0BUBgBcBshcaChgSFHB1Yi02NTkzNTIzMjEwMDEwMTU0GAA&sigh=LfF-N1hgE3c&uach_m=%5BUACH%5D&cid=CAQSOwDICaaNd4rrHSte_19Bq_9OoV5Uwlj-hURq36F8HgXjHGEGXJXWPuk9PCGfMepSw7_iMlfnQmJx6ANQGAE&cbvp=2&vis=1

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6593523210010154&output=html&h=90&slotname=9586219513&adk=1165138949&adf=3173046726&pi=t.ma~as.9586219513&w=728&format=728x90&url=https%3A%2F%2Fforeks.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1701196403827&bpp=1&bdt=285&idt=338&shv=r20231109&mjsv=m202311130101&ptt=9&saldr=aa&prev_fmts=0x0&nras=1&correlator=1103237402201&frm=24&ife=3&pv=1&ga_vid=352957372.1701196404&ga_sid=1701196404&ga_hid=1507780256&ga_fc=0&nhd=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=728&ish=90&ifk=2017660139&scr_x=-12245933&scr_y=-12245933&eid=44759875%2C44759926%2C31079438%2C31078301%2C31079654%2C44807764%2C44808149%2C44808285%2C44809072&oid=2&pvsid=3473004041416471&tmod=1654307501&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C728%2C90&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=2.m0hjxogem1hu&fsb=1&dtd=340
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Tue, 28 Nov 2023 18:33:24 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H2 204 winResponse
prod-rtb.ad4mat.net/ Frame 75DB 0
103 B 112ms
33ms Image
image/gif 2600:1901:0:76b9::
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://prod-rtb.ad4mat.net/winResponse?a=1kmzr0y9ewa0rqw32ssrd71wgh5ya8dvmpr2e2kejm2aq6pdxyhrkbrerpwwjjwtz3daqg97kqyz637gfs0dxhencsnz107jn1h2569qbw8y99ee37zgd7nat527qf7yat7dpf6zqn6xn6x89qkkxpgc3c9fx2wpzycsetkss99rb465e6m4mmfwmfz40jx7pedjns9hk4eagvsz632wjgm85bxaf897xbb8bj2k5a3w6tsd5cb9vbjcy0w2cqp8bcgp0703sv7x2z2aesz85sps84njtsvrfbay6hrq35092ktv15cyddesk0yh0gqt6aktfj7z96mba4g5z7ph06hmmvfj4zpfaddrabrcxqqc1d4wb71ek4qp09aajfcm4c5zhen36r&b=ZWYydAAESbsIuMlaAA95_midT1qdn1_6rvCtCw&cbvp=2
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6593523210010154&output=html&h=90&slotname=9586219513&adk=1165138949&adf=3173046726&pi=t.ma~as.9586219513&w=728&format=728x90&url=https%3A%2F%2Fforeks.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1701196403827&bpp=1&bdt=285&idt=338&shv=r20231109&mjsv=m202311130101&ptt=9&saldr=aa&prev_fmts=0x0&nras=1&correlator=1103237402201&frm=24&ife=3&pv=1&ga_vid=352957372.1701196404&ga_sid=1701196404&ga_hid=1507780256&ga_fc=0&nhd=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=728&ish=90&ifk=2017660139&scr_x=-12245933&scr_y=-12245933&eid=44759875%2C44759926%2C31079438%2C31078301%2C31079654%2C44807764%2C44808149%2C44808285%2C44809072&oid=2&pvsid=3473004041416471&tmod=1654307501&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C728%2C90&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=2.m0hjxogem1hu&fsb=1&dtd=340
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:1901:0:76b9:: Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

access-control-allow-origin: *
date: Tue, 28 Nov 2023 18:33:24 GMT
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-type: image/gif

POST
H/1.1 204
No Content collect Show response
u.clarity.ms/ 0
290 B 514ms
274ms XHR
text/plain 4.227.249.197
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://u.clarity.ms/collect
Requested by: Host: www.clarity.ms
URL: https://www.clarity.ms/s/0.7.18/clarity.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 4.227.249.197 Tappahannock, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: application/x-clarity-gzip
Referer: https://foreks.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Access-Control-Allow-Origin: https://foreks.com
Date: Tue, 28 Nov 2023 18:33:25 GMT
Access-Control-Allow-Credentials: true
Server: nginx/1.18.0 (Ubuntu)
Connection: keep-alive
Vary: Origin
Request-Context: appId=cid-v1:9c7c879b-c51a-427e-9701-218438da5f81

GET
H2 200 dc_pre=CMmQkruq54IDFf5YkQUdb5EEQQ;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=7747077862176.445
adservice.google.com/ddm/fls/z/ Frame C572 42 B
401 B 222ms
153ms Image
image/gif 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://adservice.google.com/ddm/fls/z/dc_pre=CMmQkruq54IDFf5YkQUdb5EEQQ;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=7747077862176.445

Requested by

Host: 5994599.fls.doubleclick.net
URL: https://5994599.fls.doubleclick.net/activityi;dc_pre=CMmQkruq54IDFf5YkQUdb5EEQQ;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=7747077862176.445?

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://5994599.fls.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 28 Nov 2023 18:33:25 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/ Frame FCAF 3 KB
1 KB 22ms
21ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/window_focus_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6593523210010154&output=html&h=90&slotname=9586219513&adk=1165138949&adf=776186313&pi=t.ma~as.9586219513&w=728&format=728x90&url=https%3A%2F%2Fforeks.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1701196403992&bpp=1&bdt=263&idt=351&shv=r20231109&mjsv=m202311090101&ptt=9&saldr=aa&prev_fmts=0x0&nras=1&correlator=3625658249918&frm=24&ife=3&pv=1&ga_vid=68299655.1701196404&ga_sid=1701196404&ga_hid=1777254059&ga_fc=0&nhd=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=728&ish=90&ifk=2017660139&scr_x=-12245933&scr_y=-12245933&eid=44759876%2C44759927%2C31079758%2C31078301%2C44807764%2C44808149%2C44808285%2C44809072&oid=2&pvsid=654864279827728&tmod=1367654180&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C728%2C90&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=2.xpuo2n6avl1q&fsb=1&dtd=353

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 14:08:37 GMT
content-encoding: br
x-content-type-options: nosniff
age: 15887
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 12 Dec 2023 14:08:37 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/ Frame FCAF 20 KB
8 KB 24ms
22ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6593523210010154&output=html&h=90&slotname=9586219513&adk=1165138949&adf=776186313&pi=t.ma~as.9586219513&w=728&format=728x90&url=https%3A%2F%2Fforeks.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1701196403992&bpp=1&bdt=263&idt=351&shv=r20231109&mjsv=m202311090101&ptt=9&saldr=aa&prev_fmts=0x0&nras=1&correlator=3625658249918&frm=24&ife=3&pv=1&ga_vid=68299655.1701196404&ga_sid=1701196404&ga_hid=1777254059&ga_fc=0&nhd=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=728&ish=90&ifk=2017660139&scr_x=-12245933&scr_y=-12245933&eid=44759876%2C44759927%2C31079758%2C31078301%2C44807764%2C44808149%2C44808285%2C44809072&oid=2&pvsid=654864279827728&tmod=1367654180&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C728%2C90&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=2.xpuo2n6avl1q&fsb=1&dtd=353

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3c30eaaa059a466037880c18c01c2fe94183d8e67eaab42061d4d2a180114658

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 16:17:19 GMT
content-encoding: br
x-content-type-options: nosniff
age: 8165
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8541
x-xss-protection: 0
server: cafe
etag: 737174102934380276
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 12 Dec 2023 16:17:19 GMT

GET
H2 204 l
www.google.com/ads/measurement/ Frame FCAF 0
0 32ms
30ms Image
text/html 2a00:1450:4001:828::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaRjT51OdZ_qHrQmA-cnZL3qYE5C5NpeHDLUTUZVu9ePifeVllKLfrTN37aP2Nax9R7GcoJFmw5ROOgyMeZ4ZyrF3pRiXg
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6593523210010154&output=html&h=90&slotname=9586219513&adk=1165138949&adf=776186313&pi=t.ma~as.9586219513&w=728&format=728x90&url=https%3A%2F%2Fforeks.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1701196403992&bpp=1&bdt=263&idt=351&shv=r20231109&mjsv=m202311090101&ptt=9&saldr=aa&prev_fmts=0x0&nras=1&correlator=3625658249918&frm=24&ife=3&pv=1&ga_vid=68299655.1701196404&ga_sid=1701196404&ga_hid=1777254059&ga_fc=0&nhd=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=728&ish=90&ifk=2017660139&scr_x=-12245933&scr_y=-12245933&eid=44759876%2C44759927%2C31079758%2C31078301%2C44807764%2C44808149%2C44808285%2C44809072&oid=2&pvsid=654864279827728&tmod=1367654180&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C728%2C90&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=2.xpuo2n6avl1q&fsb=1&dtd=353
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:828::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

GET
H3 200 ufs_web_display.js Show response
www.googletagservices.com/activeview/js/current/ Frame FCAF 202 KB
64 KB 59ms
58ms Script
text/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6593523210010154&output=html&h=90&slotname=9586219513&adk=1165138949&adf=776186313&pi=t.ma~as.9586219513&w=728&format=728x90&url=https%3A%2F%2Fforeks.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1701196403992&bpp=1&bdt=263&idt=351&shv=r20231109&mjsv=m202311090101&ptt=9&saldr=aa&prev_fmts=0x0&nras=1&correlator=3625658249918&frm=24&ife=3&pv=1&ga_vid=68299655.1701196404&ga_sid=1701196404&ga_hid=1777254059&ga_fc=0&nhd=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=728&ish=90&ifk=2017660139&scr_x=-12245933&scr_y=-12245933&eid=44759876%2C44759927%2C31079758%2C31078301%2C44807764%2C44808149%2C44808285%2C44809072&oid=2&pvsid=654864279827728&tmod=1367654180&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C728%2C90&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=2.xpuo2n6avl1q&fsb=1&dtd=353

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d00881661ce5e766ce98430f69d6d217ab80bdfa98811e039afc92a327d57a68

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 18:33:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 65070
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1700193896630564"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 28 Nov 2023 18:33:24 GMT

GET
H2 200 dr Show response
as.ad4m.at/ad/ Frame E69A 2 KB
1 KB 63ms
59ms Document
text/html 2606:4700:20::ac43:4a81
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://as.ad4m.at/ad/dr?ed=1he03nfvwrszwwca1v7cz4x9xrr8erzv26z5r3zqw4p3knw8zrgptdp8pxh5r9cdqks2kd3df7raea4mhdzpe5v83jfqeaxehtg3h2d5k40a50ne11gcc9dce1hxbdh5gbfvhdgx24q084725z9tevy9st0q8eqk7t9maxrp9qapmwwph1wa5pr8aa1vcxchtshs4br68ypm7mx103063vs44z9kc2734k3f85j6h18ebsy5grd45cjjhymqn0r7y7bk0z8p0sseckf7a3hr0qs5srkw5sc8s9gcbqsqhppmczphem119dy8tqxsrnctat6w5c4h8tzy4cefw3ep4wkdhw6ssc75z6hjtcf2f1p804ps8wk4h01xxh62zppwxv00qtzrjehjs8gth5hyqmkfzv1hr1zd7kypec5btchcqa8h&x=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCYHZhdDJmZaPGG_a5n88P8sS48A6Q4YGEXLaoworwAsCNtwEQASAAYJWCgICYB4IBF2NhLXB1Yi02NTkzNTIzMjEwMDEwMTU0yAEJqQKcXkyLdl-yPqgDAcgDAqoE6QFP0CC1bbj-T_ZdipGf0nvJ-D7eR_NQuSbuf-kmw62IzHRWN6r7EeDmzwmynHGe2lYtcDhcVxMdogOiCKouUh4daIM6fvnEXWIlrGmANz9zIwWA-pb3v5O7tatdbBDkAll1_OIwp1DxHvdIuZ9NyNIwMHgZgJ-fG-fzLKIstS7stAXpKBpCCNiYEQGgpb5nFK0x1H2gBRlyWB5W8YL9IEOXREWQ7gy-xeftLgMqkSFPea1iH5t4EiwU9F_IpseZ7TA-J8GWeUQI8AH0zVb9Vwp2wbl64TKLIicsgua6vsFE8wdY9jAJGqZdeIAGhpG7mv_1zaN4oAYhqAemvhuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIFAiA4YAQEAEyAqoCOgKAQEi9_cE6-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_3_HPA47LbvoBecTz13CSMG-gFA0Q%26client%3Dca-pub-6593523210010154%26adurl%3D

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6593523210010154&output=html&h=90&slotname=9586219513&adk=1165138949&adf=776186313&pi=t.ma~as.9586219513&w=728&format=728x90&url=https%3A%2F%2Fforeks.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1701196403992&bpp=1&bdt=263&idt=351&shv=r20231109&mjsv=m202311090101&ptt=9&saldr=aa&prev_fmts=0x0&nras=1&correlator=3625658249918&frm=24&ife=3&pv=1&ga_vid=68299655.1701196404&ga_sid=1701196404&ga_hid=1777254059&ga_fc=0&nhd=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=728&ish=90&ifk=2017660139&scr_x=-12245933&scr_y=-12245933&eid=44759876%2C44759927%2C31079758%2C31078301%2C44807764%2C44808149%2C44808285%2C44809072&oid=2&pvsid=654864279827728&tmod=1367654180&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C728%2C90&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=2.xpuo2n6avl1q&fsb=1&dtd=353

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::ac43:4a81 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0b907b3bb8a500584ac1447891fa5b93c8b3fb5d20604eae9771ce7259b72805

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content; report-to report-endpoint;report-uri /ad/rcv; upgrade-insecure-requests;sandbox allow-scripts allow-same-origin allow-popups allow-popups-to-escape-sandbox;base-uri https:;child-src ;connect-src https:;default-src 'self';font-src ;form-action 'none';frame-src ;img-src https: data:;manifest-src 'none';media-src 'none';object-src 'none';worker-src 'none';script-src https: 'unsafe-inline' 'unsafe-eval';style-src 'unsafe-inline'
Strict-Transport-Security	max-age=86400; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cache-control: no-store, no-cache, must-revalidate, proxy-revalidate
cf-cache-status: DYNAMIC
cf-ray: 82d4b2fa9b7b9152-FRA
content-encoding: br
content-security-policy: block-all-mixed-content; report-to report-endpoint;report-uri /ad/rcv; upgrade-insecure-requests;sandbox allow-scripts allow-same-origin allow-popups allow-popups-to-escape-sandbox;base-uri https:;child-src *;connect-src https:;default-src 'self';font-src *;form-action 'none';frame-src *;img-src https: data:;manifest-src 'none';media-src 'none';object-src 'none';worker-src 'none';script-src https: 'unsafe-inline' 'unsafe-eval';style-src * 'unsafe-inline'
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: unsafe-none
cross-origin-opener-policy: unsafe-none
cross-origin-resource-policy: cross-origin
date: Tue, 28 Nov 2023 18:33:24 GMT
expires: 0
nel: {"failure_fraction":"1.0","max_age":86400,"report_to":"report-endpoint","success_fraction":"0.0","include_subdomains":true}
permissions-policy: accelerometer=(),autoplay=(self),camera=(),display-capture=(),encrypted-media=(self),fullscreen=(),gamepad=(),geolocation=(),gyroscope=(),hid=(),identity-credentials-get=(),idle-detection=*,local-fonts=*,magnetometer=(),microphone=(),midi=(),otp-credentials=(),payment=(),picture-in-picture=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=(),web-share=*,xr-spatial-tracking=()
pragma: no-cache
referrer-policy: same-origin
report-to: {"endpoints":[{"url":"/ad/vre"}],"group":"report-endpoint","max_age":86400}
server: cloudflare
strict-transport-security: max-age=86400; includeSubDomains; preload
surrogate-control: no-store
vary: accept-encoding
via: 1.1 google
x-content-type-options: nosniff
x-download-options: noopen
x-xss-protection: 1; mode=block

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame E1AB 1 KB
643 B 23ms
21ms Document
text/html 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6593523210010154&output=html&h=90&slotname=9586219513&adk=1165138949&adf=776186313&pi=t.ma~as.9586219513&w=728&format=728x90&url=https%3A%2F%2Fforeks.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1701196403992&bpp=1&bdt=263&idt=351&shv=r20231109&mjsv=m202311090101&ptt=9&saldr=aa&prev_fmts=0x0&nras=1&correlator=3625658249918&frm=24&ife=3&pv=1&ga_vid=68299655.1701196404&ga_sid=1701196404&ga_hid=1777254059&ga_fc=0&nhd=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=728&ish=90&ifk=2017660139&scr_x=-12245933&scr_y=-12245933&eid=44759876%2C44759927%2C31079758%2C31078301%2C44807764%2C44808149%2C44808285%2C44809072&oid=2&pvsid=654864279827728&tmod=1367654180&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C728%2C90&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=2.xpuo2n6avl1q&fsb=1&dtd=353

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 8114
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=86400
content-encoding: br
content-length: 618
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 28 Nov 2023 16:18:10 GMT
etag: 48472445140208031
expires: Wed, 29 Nov 2023 16:18:10 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame E75F 0
0 195ms
61ms Fetch
image/gif 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsvGzq9XKp99EoCcHwa4fYsVuCjfBYM2eGn5Sl0FjTId4jOS1s6RsW4Z2aAEyJRSmYBhK8joSKAFtN4_YkWC4ChntE4Zr67IbR4XjJQ1_2Kf2sT032lZRPI_HiNZSw522RzRFCRJiJm70AKlwyL3ovj66QzmRPY5UWG2uLcZ76Hn89-5EhpynNF-ylXaB4fp9xzsIZM5tgKK_WkaRgPNEwsH50uyp328jENUrgD4q69av_8bB2FXCEf-iFzFOhVmvVf-T8xBWDGk0oPz83uSw3cYcCTMQ6snGpn02CVwE4H6B2bXK_K_frESzyiHx1JJ7_LaqPxVEBl9xTLRJcl-XYSJAGcd1wW28zzX-6HgzKtfaXJUfauID2Q&sai=AMfl-YQGH7pwPG_iwQQfiYQPmS-7_KI1gaovBl2YSjw-PO-cPmnIfgfTarTk1KgV4eOZNskIjgNeGn-F-dsKekMLC7l0dzBMRLRTZkcvj5cCTzSAVhHVM4sqvciQHp6yY_IDn4m8b3555qGrwFzve8h9YF-pNxeEMCYI0dKviVrP-JRbl0OXwAuPa_nQRFfhLYlO87vBzrYaB7LcPjOQmUMFn2gwuUq6N4bt9YjdJrAr3KIBxQ&sig=Cg0ArKJSzG2zHqs8a8Y5EAE&uach_m=%5BUACH%5D&urlfix=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0%3D&adurl=

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://47edc2055ebf6f705c8dda5bf6329e59.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 18:33:25 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Tue, 28 Nov 2023 18:33:25 GMT

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame E75F 16 KB
12 KB 129ms
127ms XHR
application/json 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20231109&st=env

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

bdb15d2cef0af4bf502f8635323a0ed0eb9915e8c4966f9466783b296666f721

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://47edc2055ebf6f705c8dda5bf6329e59.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 18:33:24 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 12240
x-xss-protection: 0

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 6A26 0
0 186ms
60ms Fetch
image/gif 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsuRhwWwEzxRy8XzJOr0cTlxNB6tno33-Q947uB8BLS3mbZdg7NVY9pIBd7qvoqZprVGuh0RFYZ9DOZ39v4IChjkOrDpzGYMSw4qmIRhUHD66tWlpKVi-gHrGyR6HCtppv8SSL-fnIqYOKyBCFFrC4dw1JzA6RKaXj3EbreQN3mCsz3v_pTHVQataKy-XRF6OwIvWzqPCOTO_NE4WgXUobkIlmOhvuj_upUGZEKUTXHYgDdW1qrgKM9s3EhKCPLXFVP71sZHM0MC4mChSmi61hWkMBrhhe7FjnUIMObUAudx3WZKoKGjf47Zlox-i9vj6N6NTVzYXHEIUeR2bbd6DQbV0iCkGGxrUJNa-NHQdPd2v79p&sai=AMfl-YTxRYHNSro6HKnRQ-E6XE5ql1Vk6phlt1ZQUfD8XYwUlzh7-mhKnoQfkxkvXx68FkYCLyWaBJs1xq4Nyqz56PZeFUDP0fqJzysCgamYViaZhTdIaFp74J-FOTbnbX5uWYuoyp39_Th1zDLEN6XZ4lgpHK__J5QSctmwTlY6FpkLJPF-6S4OOr9yCWxGPUv00c-XEeGH1aIWDWQovjW4SfulbGta2JfDxbGpIdgTiSssIiI&sig=Cg0ArKJSzKEK5wHo_JEcEAE&uach_m=%5BUACH%5D&urlfix=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0%3D&adurl=

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://47edc2055ebf6f705c8dda5bf6329e59.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 18:33:25 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Tue, 28 Nov 2023 18:33:25 GMT

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame 6A26 16 KB
12 KB 148ms
148ms XHR
application/json 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20231109&st=env

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d1ed3276e903679b77d2ffcd87d28628d2ffd0ec052ea933c45dbb38befe1dcf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://47edc2055ebf6f705c8dda5bf6329e59.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 18:33:24 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 12320
x-xss-protection: 0

GET
H2 200 default.css
as.ad4m.at/ad/style/0.1.50/one-ad/ Frame B41D 115 KB
13 KB 133ms
132ms Stylesheet
text/css 2606:4700:20::ac43:4a81
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://as.ad4m.at/ad/style/0.1.50/one-ad/default.css
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/dr?ed=1hcbxchkxxtv3yyds07nwjbx3ga74p6vsmwjjfffzw6hdzt0zk1ztqywtdnbz2c54qjamntqmhpvpw9k1hc1vrt8md4hbgwvcw7ph530ks8nn6pgjsv8hz2rq65sb7dmr1k5s0269vcjn7030tx3qegksa4qh9dptmr8wzngj1ext3fyq5ah61wgdg945wtvsdjhevdz2e1mk9ed0x46azc6wm9g7mcykefr26zar03b0bfhsydag5e6486vhx6drcg7xqfj62q5tg86dcbjw41qtyq4ednhjq4xj8kh3zrykszbq58gjch7wdz5kw39yddarqn1tmb8sgx1rap0kgpdwqazape4yf0510eez6240kgkcrq4yhbzsvjd3nd5s52hck4n664fh9gbj7panpxwjtrth9hrhyfj9k1602vfpspqar00&x=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCKDGHdDJmZbuTEdqS4_UP_vO9iAiQ4YGEXLaoworwAsCNtwEQASAAYJWCgICYB4IBF2NhLXB1Yi02NTkzNTIzMjEwMDEwMTU0yAEJqQKcXkyLdl-yPqgDAcgDAqoE6QFP0PDdAk83JawtnOUZWG5AxIEGH19BxcviB1AHNMDgTDKIKKatzIt05nWnia6-BWpJWePvCOovvhAfzDtL-ucbNnMHJluzKKwfqvIHUF7BNdQsF359HLMbk1RMB36fKiuUfAcU4Ss1z-uF8FDOJCUvi4drn6iNgK4B5hzdC3Cr6iMSiKW8rrNO2nd_9QFO77Ie-9xytUB_2GmhilEwgCL8vhLdGGVFZoad9-7U1Au7BIIuP0a0n0sVXDSk92B6SqWx9YSLF_jGMF0UFIveBFCbM0VMOsj300a1Tc8RWighTD_oz8ZGh39jHoAGgoaOsvyw2Zb6AaAGIagHpr4bqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCBQIgOGAEBABMgKqAjoCgEBIvf3BOvoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_3FwOQMqPyg8CUCKkxXgK-9lhIGdA%26client%3Dca-pub-6593523210010154%26adurl%3D
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::ac43:4a81 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5f5a0db09b2c7d59fce00d749f6b857d80edafcca6897c038c5b77fb942f1393

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://as.ad4m.at/ad/dr?ed=1hcbxchkxxtv3yyds07nwjbx3ga74p6vsmwjjfffzw6hdzt0zk1ztqywtdnbz2c54qjamntqmhpvpw9k1hc1vrt8md4hbgwvcw7ph530ks8nn6pgjsv8hz2rq65sb7dmr1k5s0269vcjn7030tx3qegksa4qh9dptmr8wzngj1ext3fyq5ah61wgdg945wtvsdjhevdz2e1mk9ed0x46azc6wm9g7mcykefr26zar03b0bfhsydag5e6486vhx6drcg7xqfj62q5tg86dcbjw41qtyq4ednhjq4xj8kh3zrykszbq58gjch7wdz5kw39yddarqn1tmb8sgx1rap0kgpdwqazape4yf0510eez6240kgkcrq4yhbzsvjd3nd5s52hck4n664fh9gbj7panpxwjtrth9hrhyfj9k1602vfpspqar00&x=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCKDGHdDJmZbuTEdqS4_UP_vO9iAiQ4YGEXLaoworwAsCNtwEQASAAYJWCgICYB4IBF2NhLXB1Yi02NTkzNTIzMjEwMDEwMTU0yAEJqQKcXkyLdl-yPqgDAcgDAqoE6QFP0PDdAk83JawtnOUZWG5AxIEGH19BxcviB1AHNMDgTDKIKKatzIt05nWnia6-BWpJWePvCOovvhAfzDtL-ucbNnMHJluzKKwfqvIHUF7BNdQsF359HLMbk1RMB36fKiuUfAcU4Ss1z-uF8FDOJCUvi4drn6iNgK4B5hzdC3Cr6iMSiKW8rrNO2nd_9QFO77Ie-9xytUB_2GmhilEwgCL8vhLdGGVFZoad9-7U1Au7BIIuP0a0n0sVXDSk92B6SqWx9YSLF_jGMF0UFIveBFCbM0VMOsj300a1Tc8RWighTD_oz8ZGh39jHoAGgoaOsvyw2Zb6AaAGIagHpr4bqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCBQIgOGAEBABMgKqAjoCgEBIvf3BOvoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_3FwOQMqPyg8CUCKkxXgK-9lhIGdA%26client%3Dca-pub-6593523210010154%26adurl%3D
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 18:33:25 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 1172967
cf-polished: origSize=118430
alt-svc: h3=":443"; ma=86400
cf-bgj: minify
last-modified: Thu, 02 Nov 2023 10:26:17 GMT
server: cloudflare
etag: W/"486507ccce9ac587d11c0ef3f32a109a"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2Bt9cMZz5tJAMjj1u9zpqu3CvyiTvDqli53RohbpALvYZ2TblE6kFKFxVHuBpE2%2FIZbxRJoTriF3E6v5OHLR4Gny7C8MDUsTNESUBYx3YVeZF%2BRZh308DmmY6nqwLEbdHZ0G7%2FwL%2FquQ%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: public, max-age=86400
cf-ray: 82d4b2fb7ca39152-FRA
expires: Wed, 29 Nov 2023 18:33:25 GMT

GET
H2 200 r62eglto.js Show response
ad4m.at/ Frame B41D 25 KB
10 KB 130ms
112ms Script
application/javascript 2606:4700:20::ac43:4a81
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ad4m.at/r62eglto.js
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/dr?ed=1hcbxchkxxtv3yyds07nwjbx3ga74p6vsmwjjfffzw6hdzt0zk1ztqywtdnbz2c54qjamntqmhpvpw9k1hc1vrt8md4hbgwvcw7ph530ks8nn6pgjsv8hz2rq65sb7dmr1k5s0269vcjn7030tx3qegksa4qh9dptmr8wzngj1ext3fyq5ah61wgdg945wtvsdjhevdz2e1mk9ed0x46azc6wm9g7mcykefr26zar03b0bfhsydag5e6486vhx6drcg7xqfj62q5tg86dcbjw41qtyq4ednhjq4xj8kh3zrykszbq58gjch7wdz5kw39yddarqn1tmb8sgx1rap0kgpdwqazape4yf0510eez6240kgkcrq4yhbzsvjd3nd5s52hck4n664fh9gbj7panpxwjtrth9hrhyfj9k1602vfpspqar00&x=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCKDGHdDJmZbuTEdqS4_UP_vO9iAiQ4YGEXLaoworwAsCNtwEQASAAYJWCgICYB4IBF2NhLXB1Yi02NTkzNTIzMjEwMDEwMTU0yAEJqQKcXkyLdl-yPqgDAcgDAqoE6QFP0PDdAk83JawtnOUZWG5AxIEGH19BxcviB1AHNMDgTDKIKKatzIt05nWnia6-BWpJWePvCOovvhAfzDtL-ucbNnMHJluzKKwfqvIHUF7BNdQsF359HLMbk1RMB36fKiuUfAcU4Ss1z-uF8FDOJCUvi4drn6iNgK4B5hzdC3Cr6iMSiKW8rrNO2nd_9QFO77Ie-9xytUB_2GmhilEwgCL8vhLdGGVFZoad9-7U1Au7BIIuP0a0n0sVXDSk92B6SqWx9YSLF_jGMF0UFIveBFCbM0VMOsj300a1Tc8RWighTD_oz8ZGh39jHoAGgoaOsvyw2Zb6AaAGIagHpr4bqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCBQIgOGAEBABMgKqAjoCgEBIvf3BOvoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_3FwOQMqPyg8CUCKkxXgK-9lhIGdA%26client%3Dca-pub-6593523210010154%26adurl%3D
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::ac43:4a81 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ba4a0c91bdda0c6f615970c6c39dbe9e47f84613f5460c2b21bf5d1eec6277a3

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 18:33:25 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Tue, 11 Jul 2023 16:29:57 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 129126
etag: W/"8f7b47e4fef4e58c4cfeb4f6c445dcb6"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=AgiPupBzyDIFX3l%2F8WYQLe10%2FqaV9diu%2BYDI6RmWtIqx1PXpEQBwpbSpT12Gl1D9AoDx%2FMlsHex1a7%2BzBAAeC2LiLBgO2Syp2AT%2BxlJITkzKtvc3h3%2FyNCOaWKHAbM6%2FAKHidJw%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
cache-control: public, max-age=3600, must-revalidate, stale-while-revalidate=300
cf-ray: 82d4b2fb8ca79152-FRA
alt-svc: h3=":443"; ma=86400
expires: Mon, 27 Nov 2023 06:41:19 GMT

GET
H2

200

/
r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/ Frame E1AB
Redirect Chain

https://ad.turn.com/r/cs?pid=3&google_gid=CAESEAJ7urwz990_-xR0ICw10V0&google_cver=1&google_push=AXcoOmRLAAMJDdNYQ4fzUt4MwPttx4emxHmoMFcOPLIdv1a_Gq1FcLb-eXYM32OBEXhPk_w6VH3s2Bsh7fJWaN56V9dtrQFX5joFs...
https://cm.g.doubleclick.net/pixel?google_nid=turn1&google_cm&google_sc&google_hm=NzAwOTM0ODI5MTEyNjY2ODU0NQ==&gdpr=&gdpr_consent=
https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?gdpr=&gdpr_consent=&google_gid=CAESEAJ7urwz990_-xR0ICw10V0&google_cver=1

43 B
398 B

72ms
44ms

Image
image/gif

2001:678:cb4:bbbb::11
AMOBEE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?gdpr=&gdpr_consent=&google_gid=CAESEAJ7urwz990_-xR0ICw10V0&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6593523210010154&output=html&h=90&slotname=9586219513&adk=1165138949&adf=776186313&pi=t.ma~as.9586219513&w=728&format=728x90&url=https%3A%2F%2Fforeks.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1701196403992&bpp=1&bdt=263&idt=351&shv=r20231109&mjsv=m202311090101&ptt=9&saldr=aa&prev_fmts=0x0&nras=1&correlator=3625658249918&frm=24&ife=3&pv=1&ga_vid=68299655.1701196404&ga_sid=1701196404&ga_hid=1777254059&ga_fc=0&nhd=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=728&ish=90&ifk=2017660139&scr_x=-12245933&scr_y=-12245933&eid=44759876%2C44759927%2C31079758%2C31078301%2C44807764%2C44808149%2C44808285%2C44809072&oid=2&pvsid=654864279827728&tmod=1367654180&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C728%2C90&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=2.xpuo2n6avl1q&fsb=1&dtd=353
Protocol: H2
Server: 2001:678:cb4:bbbb::11 , United Kingdom, ASN56396 (AMOBEE, GB),
Reverse DNS
Software: /
Resource Hash: 48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

content-type: image/gif
pragma: no-cache
date: Tue, 28 Nov 2023 18:33:24 GMT
cache-control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
content-length: 43
p3p: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"

Redirect headers

pragma: no-cache
date: Tue, 28 Nov 2023 18:33:25 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?gdpr=&gdpr_consent=&google_gid=CAESEAJ7urwz990_-xR0ICw10V0&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 329
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 dpixel
cms.quantserve.com/ Frame E1AB 35 B
464 B 204ms
27ms Image
image/gif 2620:116:800d:21:ef75:8280:f209:5ba1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cms.quantserve.com/dpixel?a=p-n5vvLvRdjg0ek&eid=0&qc_google_push=&google_gid=CAESEHmKZFqnhuOUkk0Gc8Hwm7o&google_cver=1&google_push=AXcoOmRlSSU2gYPbCji2ImASw_YeqQVi3iqQ0yI31Nmc9bRrbnOu615n9yK9H3ddAaZbXDea-KN7j5iUM4vOE5AeZVwVC9K-3ngbYnSvAbr7530Vk9XQPfRwM6cUIAvmwhfJ_MBOvtuS0d8nqLck4rlJjdMgSw

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6593523210010154&output=html&h=90&slotname=9586219513&adk=1165138949&adf=776186313&pi=t.ma~as.9586219513&w=728&format=728x90&url=https%3A%2F%2Fforeks.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1701196403992&bpp=1&bdt=263&idt=351&shv=r20231109&mjsv=m202311090101&ptt=9&saldr=aa&prev_fmts=0x0&nras=1&correlator=3625658249918&frm=24&ife=3&pv=1&ga_vid=68299655.1701196404&ga_sid=1701196404&ga_hid=1777254059&ga_fc=0&nhd=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=728&ish=90&ifk=2017660139&scr_x=-12245933&scr_y=-12245933&eid=44759876%2C44759927%2C31079758%2C31078301%2C44807764%2C44808149%2C44808285%2C44809072&oid=2&pvsid=654864279827728&tmod=1367654180&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C728%2C90&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=2.xpuo2n6avl1q&fsb=1&dtd=353

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:116:800d:21:ef75:8280:f209:5ba1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 28 Nov 2023 18:33:25 GMT
strict-transport-security: max-age=86400
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
content-type: image/gif
cache-control: private, no-cache, no-store, proxy-revalidate
content-length: 35
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H2 204 current
dclk-match.dotomi.com/match/bounce/ Frame E1AB 0
104 B 294ms
117ms Image
text/plain 2a02:fa8:8806:13::1370
VCLK-EU-SE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dclk-match.dotomi.com/match/bounce/current?networkId=14000&version=1&google_gid=CAESEAtY7nETFNlhGds30GDsJSc&google_cver=1&google_push=AXcoOmS50ID1tG9f1sOnQr8_g9jgYQqt3kjv0DMq-78jHmoKzfdSaYQTd5n5Cm0WXpQ01tKrA5GN88BAjKnKdqwauKXHyzmbOcssG6FyS2Vyk_nc-dozyUnOTY64yB7Trv3vvIKKwXiX3wsBsEAdCq4xlICNzA
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6593523210010154&output=html&h=90&slotname=9586219513&adk=1165138949&adf=776186313&pi=t.ma~as.9586219513&w=728&format=728x90&url=https%3A%2F%2Fforeks.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1701196403992&bpp=1&bdt=263&idt=351&shv=r20231109&mjsv=m202311090101&ptt=9&saldr=aa&prev_fmts=0x0&nras=1&correlator=3625658249918&frm=24&ife=3&pv=1&ga_vid=68299655.1701196404&ga_sid=1701196404&ga_hid=1777254059&ga_fc=0&nhd=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=728&ish=90&ifk=2017660139&scr_x=-12245933&scr_y=-12245933&eid=44759876%2C44759927%2C31079758%2C31078301%2C44807764%2C44808149%2C44808285%2C44809072&oid=2&pvsid=654864279827728&tmod=1367654180&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C728%2C90&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=2.xpuo2n6avl1q&fsb=1&dtd=353
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2a02:fa8:8806:13::1370 , Singapore, ASN41041 (VCLK-EU-SE, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 28 Nov 2023 18:33:25 GMT
cache-control: no-cache, private, max-age=0, no-store
server: nginx
expires: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame E1AB
Redirect Chain

https://um.simpli.fi/gp_match?google_gid=CAESEMEMkYmmPa8mXUR_F80-qsY&google_cver=1&google_push=AXcoOmRV71J6zrAYqnmL_iITK1pupyihlQMYpfHaTuAfuhWXqCz3ZYFsQWu5EQn7-UXMgdYKa_9g6kVJ5W636nBLrV6Yx_HpqvmuEy...
https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=3534AE636D094441BDD62128203564A6&google_push=AXcoOmRV71J6zrAYqnmL_iITK1pupyihlQMYpfHaTuAfuhWXqCz3ZYFsQWu5EQn7-UXMgdYKa_9g6kVJ5W636nB...

170 B
188 B

64ms
64ms

Image
image/png

142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=3534AE636D094441BDD62128203564A6&google_push=AXcoOmRV71J6zrAYqnmL_iITK1pupyihlQMYpfHaTuAfuhWXqCz3ZYFsQWu5EQn7-UXMgdYKa_9g6kVJ5W636nBLrV6Yx_HpqvmuEySyt8ifOSQL_ylp5qlfRwjwvBeLEcHwyTaSrFHdlpoG-3KhwaWq7OVam_w

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6593523210010154&output=html&h=90&slotname=9586219513&adk=1165138949&adf=776186313&pi=t.ma~as.9586219513&w=728&format=728x90&url=https%3A%2F%2Fforeks.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1701196403992&bpp=1&bdt=263&idt=351&shv=r20231109&mjsv=m202311090101&ptt=9&saldr=aa&prev_fmts=0x0&nras=1&correlator=3625658249918&frm=24&ife=3&pv=1&ga_vid=68299655.1701196404&ga_sid=1701196404&ga_hid=1777254059&ga_fc=0&nhd=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=728&ish=90&ifk=2017660139&scr_x=-12245933&scr_y=-12245933&eid=44759876%2C44759927%2C31079758%2C31078301%2C44807764%2C44808149%2C44808285%2C44809072&oid=2&pvsid=654864279827728&tmod=1367654180&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C728%2C90&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=2.xpuo2n6avl1q&fsb=1&dtd=353

Protocol

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 28 Nov 2023 18:33:25 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Tue, 28 Nov 2023 18:33:25 GMT
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-content-type-options: nosniff
server: openresty
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/html
location: https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=3534AE636D094441BDD62128203564A6&google_push=AXcoOmRV71J6zrAYqnmL_iITK1pupyihlQMYpfHaTuAfuhWXqCz3ZYFsQWu5EQn7-UXMgdYKa_9g6kVJ5W636nBLrV6Yx_HpqvmuEySyt8ifOSQL_ylp5qlfRwjwvBeLEcHwyTaSrFHdlpoG-3KhwaWq7OVam_w
access-control-allow-origin: *
cache-control: no-cache
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length: 142
expires: Mon, 27 Nov 2023 18:33:25 GMT

GET
H2 200 sync
x.bidswitch.net/ Frame E1AB 43 B
146 B 200ms
23ms Image
image/gif 35.156.210.91
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://x.bidswitch.net/sync?ssp=google&google_gid=CAESELVJFE5XNox38m0K7hS1YlM&google_cver=1&google_push=AXcoOmQzetHvVGfdLV9rZPxpTfplo-zmyDpKU4Y_ItK8SkdJPJQ2OjX4i20ZPVM80dSRZDQZgyHPzd3IGYprR9iOxTR3bemA-Ajj9UNCpj5odoQp1Pp7hqcjWaNnW7cuCAR6VQEJAvG6D1VxG7gzXOK3p6lA2w4
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6593523210010154&output=html&h=90&slotname=9586219513&adk=1165138949&adf=776186313&pi=t.ma~as.9586219513&w=728&format=728x90&url=https%3A%2F%2Fforeks.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1701196403992&bpp=1&bdt=263&idt=351&shv=r20231109&mjsv=m202311090101&ptt=9&saldr=aa&prev_fmts=0x0&nras=1&correlator=3625658249918&frm=24&ife=3&pv=1&ga_vid=68299655.1701196404&ga_sid=1701196404&ga_hid=1777254059&ga_fc=0&nhd=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=728&ish=90&ifk=2017660139&scr_x=-12245933&scr_y=-12245933&eid=44759876%2C44759927%2C31079758%2C31078301%2C44807764%2C44808149%2C44808285%2C44809072&oid=2&pvsid=654864279827728&tmod=1367654180&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C728%2C90&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=2.xpuo2n6avl1q&fsb=1&dtd=353
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.156.210.91 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-35-156-210-91.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 18:33:25 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 43
content-type: image/gif

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame E1AB
Redirect Chain

https://c1.adform.net/serving/cookie/match/?party=1&google_gid=CAESEHmfju9UpwzzUyGAy1V_E58&google_cver=1&google_push=AXcoOmR8BaAEMUrIX44OFTTfiDMyIo2LbH23Ntuo0cN0TQ9TIj_bNrTDmNZeQXGh6946i9kWFaMm9Xo7...
https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=MTU0ODMyNDk5NzM5NTM3NDgyMQ&google_push=AXcoOmR8BaAEMUrIX44OFTTfiDMyIo2LbH23Ntuo0cN0TQ9TIj_bNrTDmNZeQXGh6946i9kWFaMm9X...

170 B
188 B

35ms
35ms

Image
image/png

142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=MTU0ODMyNDk5NzM5NTM3NDgyMQ&google_push=AXcoOmR8BaAEMUrIX44OFTTfiDMyIo2LbH23Ntuo0cN0TQ9TIj_bNrTDmNZeQXGh6946i9kWFaMm9Xo7hG-3qH6phAKPiyTHMPxEwSs2Fb-iwxMpy7g9qOy8TWuKGMeZ7h1EfY_B0fTWd40FK9OEOwDESpjq4GY

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6593523210010154&output=html&h=90&slotname=9586219513&adk=1165138949&adf=776186313&pi=t.ma~as.9586219513&w=728&format=728x90&url=https%3A%2F%2Fforeks.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1701196403992&bpp=1&bdt=263&idt=351&shv=r20231109&mjsv=m202311090101&ptt=9&saldr=aa&prev_fmts=0x0&nras=1&correlator=3625658249918&frm=24&ife=3&pv=1&ga_vid=68299655.1701196404&ga_sid=1701196404&ga_hid=1777254059&ga_fc=0&nhd=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=728&ish=90&ifk=2017660139&scr_x=-12245933&scr_y=-12245933&eid=44759876%2C44759927%2C31079758%2C31078301%2C44807764%2C44808149%2C44808285%2C44809072&oid=2&pvsid=654864279827728&tmod=1367654180&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C728%2C90&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=2.xpuo2n6avl1q&fsb=1&dtd=353

Protocol

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 28 Nov 2023 18:33:25 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Tue, 28 Nov 2023 18:33:24 GMT
strict-transport-security: max-age=31536000; includeSubDomains
server: nginx
accept-ch: Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version
access-control-max-age: 86400
access-control-allow-methods: GET
location: https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=MTU0ODMyNDk5NzM5NTM3NDgyMQ&google_push=AXcoOmR8BaAEMUrIX44OFTTfiDMyIo2LbH23Ntuo0cN0TQ9TIj_bNrTDmNZeQXGh6946i9kWFaMm9Xo7hG-3qH6phAKPiyTHMPxEwSs2Fb-iwxMpy7g9qOy8TWuKGMeZ7h1EfY_B0fTWd40FK9OEOwDESpjq4GY
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
content-length: 0
expires: -1

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame E1AB
Redirect Chain

https://ius.ctnsnet.com/int/cm?exc=1&acc=crimtan_holdings_limited&google_gid=CAESEL1oEDOw2usnmqZ2vY9mNL8&google_cver=1&google_push=AXcoOmSUen-cFnL6BvUyGF_jAGmwdxNt3wPJl4jfjpQnqlyuRvY_m1-Ny47usYrQSs...
https://cm.g.doubleclick.net/pixel?google_nid=crimtan_holdings_limited&google_push=AXcoOmSUen-cFnL6BvUyGF_jAGmwdxNt3wPJl4jfjpQnqlyuRvY_m1-Ny47usYrQSspvaJnCxvPQU2z5biryhPDI2B2xIM8yzXS6ZmZUquNJHl-64U...

170 B
188 B

34ms
33ms

Image
image/png

142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=crimtan_holdings_limited&google_push=AXcoOmSUen-cFnL6BvUyGF_jAGmwdxNt3wPJl4jfjpQnqlyuRvY_m1-Ny47usYrQSspvaJnCxvPQU2z5biryhPDI2B2xIM8yzXS6ZmZUquNJHl-64UmLnAyIxmftCLfqfH-In476t9veEFEQ3XSj6W-3NPGUafa-&google_hm=QPH2J68-Sie8twLl7waw8oU

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6593523210010154&output=html&h=90&slotname=9586219513&adk=1165138949&adf=776186313&pi=t.ma~as.9586219513&w=728&format=728x90&url=https%3A%2F%2Fforeks.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1701196403992&bpp=1&bdt=263&idt=351&shv=r20231109&mjsv=m202311090101&ptt=9&saldr=aa&prev_fmts=0x0&nras=1&correlator=3625658249918&frm=24&ife=3&pv=1&ga_vid=68299655.1701196404&ga_sid=1701196404&ga_hid=1777254059&ga_fc=0&nhd=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=728&ish=90&ifk=2017660139&scr_x=-12245933&scr_y=-12245933&eid=44759876%2C44759927%2C31079758%2C31078301%2C44807764%2C44808149%2C44808285%2C44809072&oid=2&pvsid=654864279827728&tmod=1367654180&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C728%2C90&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=2.xpuo2n6avl1q&fsb=1&dtd=353

Protocol

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 28 Nov 2023 18:33:25 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Tue, 28 Nov 2023 18:33:24 GMT
via: 1.1 google
server: Apache-Coyote/1.1
p3p: CP="NOI DSP COR NID CUR OUR NOR"
status: 302
location: https://cm.g.doubleclick.net/pixel?google_nid=crimtan_holdings_limited&google_push=AXcoOmSUen-cFnL6BvUyGF_jAGmwdxNt3wPJl4jfjpQnqlyuRvY_m1-Ny47usYrQSspvaJnCxvPQU2z5biryhPDI2B2xIM8yzXS6ZmZUquNJHl-64UmLnAyIxmftCLfqfH-In476t9veEFEQ3XSj6W-3NPGUafa-&google_hm=QPH2J68-Sie8twLl7waw8oU
content-type: text/html;charset=UTF-8
cache-control: no-cache, must-revalidate
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 1; mode=block
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame E1AB 0
12 B 31ms
30ms Image
text/html 142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13IGJ8IP3O8Myhvs--w-Ur6ulgd-_crbVzwtsG3U5VoLAPMYhSC4OxZC32u_Z3MDid3xFjiPSQ

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6593523210010154&output=html&h=90&slotname=9586219513&adk=1165138949&adf=776186313&pi=t.ma~as.9586219513&w=728&format=728x90&url=https%3A%2F%2Fforeks.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1701196403992&bpp=1&bdt=263&idt=351&shv=r20231109&mjsv=m202311090101&ptt=9&saldr=aa&prev_fmts=0x0&nras=1&correlator=3625658249918&frm=24&ife=3&pv=1&ga_vid=68299655.1701196404&ga_sid=1701196404&ga_hid=1777254059&ga_fc=0&nhd=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=728&ish=90&ifk=2017660139&scr_x=-12245933&scr_y=-12245933&eid=44759876%2C44759927%2C31079758%2C31078301%2C44807764%2C44808149%2C44808285%2C44809072&oid=2&pvsid=654864279827728&tmod=1367654180&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C728%2C90&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=2.xpuo2n6avl1q&fsb=1&dtd=353

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 18:33:24 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H2 200 default.css
as.ad4m.at/ad/style/0.1.50/one-ad/ Frame E69A 115 KB
13 KB 115ms
114ms Stylesheet
text/css 2606:4700:20::ac43:4a81
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://as.ad4m.at/ad/style/0.1.50/one-ad/default.css
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/dr?ed=1he03nfvwrszwwca1v7cz4x9xrr8erzv26z5r3zqw4p3knw8zrgptdp8pxh5r9cdqks2kd3df7raea4mhdzpe5v83jfqeaxehtg3h2d5k40a50ne11gcc9dce1hxbdh5gbfvhdgx24q084725z9tevy9st0q8eqk7t9maxrp9qapmwwph1wa5pr8aa1vcxchtshs4br68ypm7mx103063vs44z9kc2734k3f85j6h18ebsy5grd45cjjhymqn0r7y7bk0z8p0sseckf7a3hr0qs5srkw5sc8s9gcbqsqhppmczphem119dy8tqxsrnctat6w5c4h8tzy4cefw3ep4wkdhw6ssc75z6hjtcf2f1p804ps8wk4h01xxh62zppwxv00qtzrjehjs8gth5hyqmkfzv1hr1zd7kypec5btchcqa8h&x=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCYHZhdDJmZaPGG_a5n88P8sS48A6Q4YGEXLaoworwAsCNtwEQASAAYJWCgICYB4IBF2NhLXB1Yi02NTkzNTIzMjEwMDEwMTU0yAEJqQKcXkyLdl-yPqgDAcgDAqoE6QFP0CC1bbj-T_ZdipGf0nvJ-D7eR_NQuSbuf-kmw62IzHRWN6r7EeDmzwmynHGe2lYtcDhcVxMdogOiCKouUh4daIM6fvnEXWIlrGmANz9zIwWA-pb3v5O7tatdbBDkAll1_OIwp1DxHvdIuZ9NyNIwMHgZgJ-fG-fzLKIstS7stAXpKBpCCNiYEQGgpb5nFK0x1H2gBRlyWB5W8YL9IEOXREWQ7gy-xeftLgMqkSFPea1iH5t4EiwU9F_IpseZ7TA-J8GWeUQI8AH0zVb9Vwp2wbl64TKLIicsgua6vsFE8wdY9jAJGqZdeIAGhpG7mv_1zaN4oAYhqAemvhuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIFAiA4YAQEAEyAqoCOgKAQEi9_cE6-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_3_HPA47LbvoBecTz13CSMG-gFA0Q%26client%3Dca-pub-6593523210010154%26adurl%3D
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::ac43:4a81 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5f5a0db09b2c7d59fce00d749f6b857d80edafcca6897c038c5b77fb942f1393

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://as.ad4m.at/ad/dr?ed=1he03nfvwrszwwca1v7cz4x9xrr8erzv26z5r3zqw4p3knw8zrgptdp8pxh5r9cdqks2kd3df7raea4mhdzpe5v83jfqeaxehtg3h2d5k40a50ne11gcc9dce1hxbdh5gbfvhdgx24q084725z9tevy9st0q8eqk7t9maxrp9qapmwwph1wa5pr8aa1vcxchtshs4br68ypm7mx103063vs44z9kc2734k3f85j6h18ebsy5grd45cjjhymqn0r7y7bk0z8p0sseckf7a3hr0qs5srkw5sc8s9gcbqsqhppmczphem119dy8tqxsrnctat6w5c4h8tzy4cefw3ep4wkdhw6ssc75z6hjtcf2f1p804ps8wk4h01xxh62zppwxv00qtzrjehjs8gth5hyqmkfzv1hr1zd7kypec5btchcqa8h&x=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCYHZhdDJmZaPGG_a5n88P8sS48A6Q4YGEXLaoworwAsCNtwEQASAAYJWCgICYB4IBF2NhLXB1Yi02NTkzNTIzMjEwMDEwMTU0yAEJqQKcXkyLdl-yPqgDAcgDAqoE6QFP0CC1bbj-T_ZdipGf0nvJ-D7eR_NQuSbuf-kmw62IzHRWN6r7EeDmzwmynHGe2lYtcDhcVxMdogOiCKouUh4daIM6fvnEXWIlrGmANz9zIwWA-pb3v5O7tatdbBDkAll1_OIwp1DxHvdIuZ9NyNIwMHgZgJ-fG-fzLKIstS7stAXpKBpCCNiYEQGgpb5nFK0x1H2gBRlyWB5W8YL9IEOXREWQ7gy-xeftLgMqkSFPea1iH5t4EiwU9F_IpseZ7TA-J8GWeUQI8AH0zVb9Vwp2wbl64TKLIicsgua6vsFE8wdY9jAJGqZdeIAGhpG7mv_1zaN4oAYhqAemvhuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIFAiA4YAQEAEyAqoCOgKAQEi9_cE6-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_3_HPA47LbvoBecTz13CSMG-gFA0Q%26client%3Dca-pub-6593523210010154%26adurl%3D
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 18:33:25 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 1172967
cf-polished: origSize=118430
alt-svc: h3=":443"; ma=86400
cf-bgj: minify
last-modified: Thu, 02 Nov 2023 10:26:17 GMT
server: cloudflare
etag: W/"486507ccce9ac587d11c0ef3f32a109a"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=UuNs46craw526HcsK0u%2Fv368nAMMjixU5KLAzGONqEziZin1qTPsfhcAr9tcd22qbwdX2vHVo6EWrPccDdO47Y76QFE1jTt3FEu6mQMUPsBYtCqGhFi6s0VyLitaxTfLZRD4yaCwhKo%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: public, max-age=86400
cf-ray: 82d4b2fb8cab9152-FRA
expires: Wed, 29 Nov 2023 18:33:25 GMT

GET
H2 200 r62eglto.js Show response
ad4m.at/ Frame E69A 25 KB
10 KB 103ms
103ms Script
application/javascript 2606:4700:20::ac43:4a81
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ad4m.at/r62eglto.js
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/dr?ed=1he03nfvwrszwwca1v7cz4x9xrr8erzv26z5r3zqw4p3knw8zrgptdp8pxh5r9cdqks2kd3df7raea4mhdzpe5v83jfqeaxehtg3h2d5k40a50ne11gcc9dce1hxbdh5gbfvhdgx24q084725z9tevy9st0q8eqk7t9maxrp9qapmwwph1wa5pr8aa1vcxchtshs4br68ypm7mx103063vs44z9kc2734k3f85j6h18ebsy5grd45cjjhymqn0r7y7bk0z8p0sseckf7a3hr0qs5srkw5sc8s9gcbqsqhppmczphem119dy8tqxsrnctat6w5c4h8tzy4cefw3ep4wkdhw6ssc75z6hjtcf2f1p804ps8wk4h01xxh62zppwxv00qtzrjehjs8gth5hyqmkfzv1hr1zd7kypec5btchcqa8h&x=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCYHZhdDJmZaPGG_a5n88P8sS48A6Q4YGEXLaoworwAsCNtwEQASAAYJWCgICYB4IBF2NhLXB1Yi02NTkzNTIzMjEwMDEwMTU0yAEJqQKcXkyLdl-yPqgDAcgDAqoE6QFP0CC1bbj-T_ZdipGf0nvJ-D7eR_NQuSbuf-kmw62IzHRWN6r7EeDmzwmynHGe2lYtcDhcVxMdogOiCKouUh4daIM6fvnEXWIlrGmANz9zIwWA-pb3v5O7tatdbBDkAll1_OIwp1DxHvdIuZ9NyNIwMHgZgJ-fG-fzLKIstS7stAXpKBpCCNiYEQGgpb5nFK0x1H2gBRlyWB5W8YL9IEOXREWQ7gy-xeftLgMqkSFPea1iH5t4EiwU9F_IpseZ7TA-J8GWeUQI8AH0zVb9Vwp2wbl64TKLIicsgua6vsFE8wdY9jAJGqZdeIAGhpG7mv_1zaN4oAYhqAemvhuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIFAiA4YAQEAEyAqoCOgKAQEi9_cE6-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_3_HPA47LbvoBecTz13CSMG-gFA0Q%26client%3Dca-pub-6593523210010154%26adurl%3D
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::ac43:4a81 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ba4a0c91bdda0c6f615970c6c39dbe9e47f84613f5460c2b21bf5d1eec6277a3

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 18:33:25 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Tue, 11 Jul 2023 16:29:57 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 129126
etag: W/"8f7b47e4fef4e58c4cfeb4f6c445dcb6"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=TvxE1cCPevTjKAhY1vACAj8N9D8%2BlPMpm0%2F0H%2FiPyd00S92GNtr2usGayf%2BGpGufIne9TonnMLzyM4dP5lR71ML8F2rqT99TpiwMm%2BShk1E2mpMJWV5n%2FgqMwcbyi8WD4HkUslA%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
cache-control: public, max-age=3600, must-revalidate, stale-while-revalidate=300
cf-ray: 82d4b2fb8caf9152-FRA
alt-svc: h3=":443"; ma=86400
expires: Mon, 27 Nov 2023 06:41:19 GMT

GET
DATA 200
OK truncated
/ Frame FCAF 218 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 6803be2f52ead1d309115282023659e463e493570ab7f63b7ef7e794d6455e40

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 64f0a04de4b0a5353b11e8c6
ng2.virgul.com/tck/imp/ 0
209 B 61ms
60ms Image
text/plain 185.7.176.222
SH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ng2.virgul.com/tck/imp/64f0a04de4b0a5353b11e8c6?g=1&t=gb&r=158735@site_geneli@foreks:site_geneli&l=&c=%2Cas%2Crc0%2Chf1%2Cvv1&info=&mt=1701196402186&userId=vnet7b02ca45-a86b-447b-abe0-0c93ef55687a
Requested by: Host: foreks.com
URL: https://foreks.com/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 185.7.176.222 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://foreks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

access-control-allow-origin: https://foreks.com
date: Tue, 28 Nov 2023 18:33:25 GMT
access-control-allow-credentials: true
expires: Tue, 04 Jan 2022 10:49:40 GMT
server: openresty/1.15.8.3
content-length: 0
p3p: CP='IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT'

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame E75F 17 KB
6 KB 41ms
41ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://47edc2055ebf6f705c8dda5bf6329e59.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 18:33:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Tue, 28 Nov 2023 18:33:25 GMT

GET
H2 200 adchoices_default.png
static-de.ad4mat.net/ads/img/ad_markers_folder/ Frame B41D 350 B
638 B 117ms
29ms Image
image/png 2606:4700:20::ac43:444e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static-de.ad4mat.net/ads/img/ad_markers_folder/adchoices_default.png
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/style/0.1.50/one-ad/default.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::ac43:444e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d41dc07aed30cb54de661289691254b1288a52bcf4d121cec3acb89d4aa872a8

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://as.ad4m.at/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 18:33:25 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 713653
alt-svc: h3=":443"; ma=86400
content-length: 350
last-modified: Mon, 20 Nov 2023 11:04:04 GMT
server: cloudflare
etag: "e7fc49b61cae983db8c3a1dccf923b93"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BsXbjCGRCYeSJ2Zvnu1OIJVkUFmq%2Bs3zoxurBGIZd21GERkh5DYv%2FP9iteHSBzebYyOUHccfdSPLrfdEx%2FA2hpd%2BIy6Ex6EAkvhYJVzOL6q1Uknjsatp3e3avKmRSEdHbY0MppS1AA1XhDQBrQKcaQe2"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: public, max-age=315360000, immutable
accept-ranges: bytes
cf-ray: 82d4b2fc49405c98-FRA
expires: Tue, 19 Nov 2024 11:23:05 GMT

GET
H2 200 frame.html Show response
ad4m.at/ Frame 05E6 2 KB
1 KB 41ms
34ms Document
text/html 2606:4700:20::ac43:4a81
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ad4m.at/frame.html
Requested by: Host: ad4m.at
URL: https://ad4m.at/r62eglto.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::ac43:4a81 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 61bb554f7f2636654d8753efec0e55ae8e1ff4853af1942d7efd1f28f54e783a

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 1172968
alt-svc: h3=":443"; ma=86400
cache-control: public, max-age=3600
cf-cache-status: HIT
cf-ray: 82d4b2fc1dbe9152-FRA
content-encoding: br
content-language: en
content-type: text/html; charset=utf-8
date: Tue, 28 Nov 2023 18:33:25 GMT
expires: Wed, 15 Nov 2023 05:14:36 GMT
last-modified: Tue, 17 Oct 2023 09:43:49 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KSBvIi%2BAdECaNP4YpKnjMpFQjsEWGGw4rISmx6Ks6UGw6Jz%2FgHfFobpXu%2BGdM39yG4YXYhVmb44k3V4aXLLByja1yHI34Am0LiXaTW0RoBwHO4%2FUwDm7HHLNHHAhMXC7hll8q4Y%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame 6A26 17 KB
6 KB 40ms
39ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://47edc2055ebf6f705c8dda5bf6329e59.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 18:33:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Tue, 28 Nov 2023 18:33:25 GMT

GET
H2 200 adchoices_default.png
static-de.ad4mat.net/ads/img/ad_markers_folder/ Frame E69A 350 B
910 B 106ms
29ms Image
image/png 2606:4700:20::ac43:444e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static-de.ad4mat.net/ads/img/ad_markers_folder/adchoices_default.png
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/style/0.1.50/one-ad/default.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::ac43:444e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d41dc07aed30cb54de661289691254b1288a52bcf4d121cec3acb89d4aa872a8

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://as.ad4m.at/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 18:33:25 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 713653
alt-svc: h3=":443"; ma=86400
content-length: 350
last-modified: Mon, 20 Nov 2023 11:04:04 GMT
server: cloudflare
etag: "e7fc49b61cae983db8c3a1dccf923b93"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6pc3G7vJ5SKTkYhIMTkwH6Mb2KZAYFQ9eG5O1mT1dDNA9iY8mY9f8d4V%2FGA3a57TKYYuzQD0NKrEv8Bg2f676p9yniSIi%2BHNcxIm2yXw%2FJHXmjDbqiW18MPXazaj6Vj7k8QxEJfbB%2FL7npWFB5cyrCzA"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: public, max-age=315360000, immutable
accept-ranges: bytes
cf-ray: 82d4b2fc49425c98-FRA
expires: Tue, 19 Nov 2024 11:23:05 GMT

GET
H2 200 frame.html Show response
ad4m.at/ Frame 0040 2 KB
1 KB 42ms
36ms Document
text/html 2606:4700:20::ac43:4a81
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ad4m.at/frame.html
Requested by: Host: ad4m.at
URL: https://ad4m.at/r62eglto.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::ac43:4a81 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 61bb554f7f2636654d8753efec0e55ae8e1ff4853af1942d7efd1f28f54e783a

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 1172968
alt-svc: h3=":443"; ma=86400
cache-control: public, max-age=3600
cf-cache-status: HIT
cf-ray: 82d4b2fc1dc09152-FRA
content-encoding: br
content-language: en
content-type: text/html; charset=utf-8
date: Tue, 28 Nov 2023 18:33:25 GMT
expires: Wed, 15 Nov 2023 05:14:36 GMT
last-modified: Tue, 17 Oct 2023 09:43:49 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=v%2B8%2FRLifQj0a5PBOymn1LK1f5XHAeGfjDRYu02AK0%2F8y%2F%2Br3G6ZdEbny8GA3B%2BGrC2yZsWBYZNhrNFl%2Fl38EyE2I%2FSEBvYbAE65p4OLabDPfnn%2FHkG0DoDKOZ2jrYE2TRPhx0TU%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/ Frame 89E6 3 KB
1 KB 24ms
21ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/window_focus_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6593523210010154&output=html&h=90&slotname=9586219513&adk=1165138949&adf=776186312&pi=t.ma~as.9586219513&w=728&format=728x90&url=https%3A%2F%2Fforeks.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1701196404115&bpp=1&bdt=345&idt=358&shv=r20231109&mjsv=m202311140101&ptt=9&saldr=aa&prev_fmts=0x0&nras=1&correlator=457562125127&frm=24&ife=3&pv=1&ga_vid=1339841790.1701196404&ga_sid=1701196404&ga_hid=627177921&ga_fc=0&nhd=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=728&ish=90&ifk=2017660139&scr_x=-12245933&scr_y=-12245933&eid=44759876%2C44759927%2C31079437%2C31079759%2C44809316%2C31078297%2C31079756%2C44807406%2C44807763%2C44808149%2C44808284%2C44809071&oid=2&pvsid=1540846799569571&tmod=294462696&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C728%2C90&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=2&uci=2.4w89kf7hrlt0&fsb=1&dtd=361

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 14:08:37 GMT
content-encoding: br
x-content-type-options: nosniff
age: 15888
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 12 Dec 2023 14:08:37 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/ Frame 89E6 20 KB
8 KB 27ms
24ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6593523210010154&output=html&h=90&slotname=9586219513&adk=1165138949&adf=776186312&pi=t.ma~as.9586219513&w=728&format=728x90&url=https%3A%2F%2Fforeks.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1701196404115&bpp=1&bdt=345&idt=358&shv=r20231109&mjsv=m202311140101&ptt=9&saldr=aa&prev_fmts=0x0&nras=1&correlator=457562125127&frm=24&ife=3&pv=1&ga_vid=1339841790.1701196404&ga_sid=1701196404&ga_hid=627177921&ga_fc=0&nhd=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=728&ish=90&ifk=2017660139&scr_x=-12245933&scr_y=-12245933&eid=44759876%2C44759927%2C31079437%2C31079759%2C44809316%2C31078297%2C31079756%2C44807406%2C44807763%2C44808149%2C44808284%2C44809071&oid=2&pvsid=1540846799569571&tmod=294462696&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C728%2C90&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=2&uci=2.4w89kf7hrlt0&fsb=1&dtd=361

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3c30eaaa059a466037880c18c01c2fe94183d8e67eaab42061d4d2a180114658

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 16:17:19 GMT
content-encoding: br
x-content-type-options: nosniff
age: 8166
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8541
x-xss-protection: 0
server: cafe
etag: 737174102934380276
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 12 Dec 2023 16:17:19 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame 89E6 0
0 35ms
31ms Image
text/html 2a00:1450:4001:828::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaRNLVLn9CEzhz0vT0QTwzz-aHQDJJiNKC7nDlS0X2NPAr-Rb0BVqjiY61KhC38vuoov7-EMWosnGhgdxbSiuy4eNUAtjQ
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6593523210010154&output=html&h=90&slotname=9586219513&adk=1165138949&adf=776186312&pi=t.ma~as.9586219513&w=728&format=728x90&url=https%3A%2F%2Fforeks.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1701196404115&bpp=1&bdt=345&idt=358&shv=r20231109&mjsv=m202311140101&ptt=9&saldr=aa&prev_fmts=0x0&nras=1&correlator=457562125127&frm=24&ife=3&pv=1&ga_vid=1339841790.1701196404&ga_sid=1701196404&ga_hid=627177921&ga_fc=0&nhd=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=728&ish=90&ifk=2017660139&scr_x=-12245933&scr_y=-12245933&eid=44759876%2C44759927%2C31079437%2C31079759%2C44809316%2C31078297%2C31079756%2C44807406%2C44807763%2C44808149%2C44808284%2C44809071&oid=2&pvsid=1540846799569571&tmod=294462696&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C728%2C90&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=2&uci=2.4w89kf7hrlt0&fsb=1&dtd=361
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:828::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

GET
H3 200 ufs_web_display.js Show response
www.googletagservices.com/activeview/js/current/ Frame 89E6 202 KB
64 KB 66ms
63ms Script
text/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6593523210010154&output=html&h=90&slotname=9586219513&adk=1165138949&adf=776186312&pi=t.ma~as.9586219513&w=728&format=728x90&url=https%3A%2F%2Fforeks.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1701196404115&bpp=1&bdt=345&idt=358&shv=r20231109&mjsv=m202311140101&ptt=9&saldr=aa&prev_fmts=0x0&nras=1&correlator=457562125127&frm=24&ife=3&pv=1&ga_vid=1339841790.1701196404&ga_sid=1701196404&ga_hid=627177921&ga_fc=0&nhd=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=728&ish=90&ifk=2017660139&scr_x=-12245933&scr_y=-12245933&eid=44759876%2C44759927%2C31079437%2C31079759%2C44809316%2C31078297%2C31079756%2C44807406%2C44807763%2C44808149%2C44808284%2C44809071&oid=2&pvsid=1540846799569571&tmod=294462696&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C728%2C90&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=2&uci=2.4w89kf7hrlt0&fsb=1&dtd=361

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d00881661ce5e766ce98430f69d6d217ab80bdfa98811e039afc92a327d57a68

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 18:33:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 65070
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1700193896630564"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 28 Nov 2023 18:33:25 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/ Frame 6C7F 3 KB
1 KB 38ms
36ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/window_focus_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6593523210010154&output=html&h=250&slotname=1234190425&adk=1935728605&adf=776186307&pi=t.ma~as.1234190425&w=300&fwrn=16&format=300x250&url=https%3A%2F%2Fforeks.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1701196404236&bpp=1&bdt=449&idt=309&shv=r20231109&mjsv=m202311090101&ptt=9&saldr=aa&prev_fmts=0x0&nras=1&correlator=7135450027081&frm=24&ife=3&pv=1&ga_vid=327865232.1701196404&ga_sid=1701196404&ga_hid=973236869&ga_fc=0&nhd=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=300&ish=250&ifk=1474327628&scr_x=-12245933&scr_y=-12245933&eid=44759875%2C44759926%2C31079606%2C42532523%2C31078301%2C44807763%2C44808148%2C44808284%2C44809072%2C318512602&oid=2&pvsid=2911161722174218&tmod=453746666&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C300%2C250&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=2.6eyxff3dyi4h&fsb=1&dtd=311

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 14:08:37 GMT
content-encoding: br
x-content-type-options: nosniff
age: 15888
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 12 Dec 2023 14:08:37 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/ Frame 6C7F 20 KB
8 KB 29ms
27ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/qs_click_protection_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3c30eaaa059a466037880c18c01c2fe94183d8e67eaab42061d4d2a180114658

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 16:17:19 GMT
content-encoding: br
x-content-type-options: nosniff
age: 8166
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8541
x-xss-protection: 0
server: cafe
etag: 737174102934380276
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 12 Dec 2023 16:17:19 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame 6C7F 0
0 35ms
34ms Image
text/html 2a00:1450:4001:828::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaSTjwSSCJjYol7cnaOh0eVW8r5kHM4W73tg3Lq4-zYmZLS9ZWxNn-jZ7YSEG4l2CdtHIOXHXM0dEVLb0UprgeR7bfhFQw
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6593523210010154&output=html&h=250&slotname=1234190425&adk=1935728605&adf=776186307&pi=t.ma~as.1234190425&w=300&fwrn=16&format=300x250&url=https%3A%2F%2Fforeks.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1701196404236&bpp=1&bdt=449&idt=309&shv=r20231109&mjsv=m202311090101&ptt=9&saldr=aa&prev_fmts=0x0&nras=1&correlator=7135450027081&frm=24&ife=3&pv=1&ga_vid=327865232.1701196404&ga_sid=1701196404&ga_hid=973236869&ga_fc=0&nhd=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=300&ish=250&ifk=1474327628&scr_x=-12245933&scr_y=-12245933&eid=44759875%2C44759926%2C31079606%2C42532523%2C31078301%2C44807763%2C44808148%2C44808284%2C44809072%2C318512602&oid=2&pvsid=2911161722174218&tmod=453746666&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C300%2C250&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=2.6eyxff3dyi4h&fsb=1&dtd=311
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:828::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

GET
H3 200 ufs_web_display.js Show response
www.googletagservices.com/activeview/js/current/ Frame 6C7F 202 KB
64 KB 154ms
152ms Script
text/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d00881661ce5e766ce98430f69d6d217ab80bdfa98811e039afc92a327d57a68

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 18:33:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 65070
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1700193896630564"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 28 Nov 2023 18:33:25 GMT

GET
H3 200 dr Show response
as.ad4m.at/ad/ Frame 6D0C 2 KB
3 KB 51ms
50ms Document
text/html 2606:4700:20::ac43:4a81
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://as.ad4m.at/ad/dr?ed=1gdzset4rbp2vtq3nb361xdgvneta1pa37sc1tv8jn5pwjyvtg8f9rtmez49yqqhbhrecdnqe6rws6h52w7vy9kdzayzd4cx877ewnqgth21sw7nwr6bde97cm6rx1vfsjcrpn642ex28gwzqvsnszvghgmvx1p77nfg4tm3vnsc7pahbsr4zy76dbtnn55k1t5g4prkd8fm66qr6jaxtw59zxq552bt5f65gcetk97kwvhyyqxx3y1bp63dyreexj1mar3hmmv2nt177sj4rxynfc271c131kbs45p8wnaq6tranevgzzt02sjk232wz17pd2xt8erkwq38851jk7ptc947qp7yvbemgpbgre8x2van8kvhspgrs4a6mhdf5z4610rqj6hegbda79a7b9617h3wmj7892hp3gzee4wrnz7smtwgdzdvb7hnywdp1425j76y&x=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCEr18dDJmZZm2I-ON4_UP496YqA6Q4YGEXLaoworwAsCNtwEQASAAYJWCgICYB4IBF2NhLXB1Yi02NTkzNTIzMjEwMDEwMTU0yAEJqQI9a6tbPGiyPqgDAcgDAqoE6QFP0FIkyqpbuVfpH1xFpj3yZVAK_bOgfOfbFbcgz5Ky1ll-76X7M-a5sW515FmY5PwmuyZA19N82g4ZK3bvXmYYCC6zmYGoN_NQyFUsk5WCOme_VxTU_SR_Lgo7EsYkk97Om0Fr3jWEgXSixsOp45XyqYUU6i-NLjfQRLHNXkUV2K2Z0ZxX9ZpRx4uiTpFv-ITXFEQlE7-glXRPzA2HdCmGyDdTTMHbWU-EArm1hopQ5XMbUFUkR5zWAJOSvTt4eaI9fb7yqLBwgDOWNCnNN_0_0Y_3QsIWff0kx61w711boiFE8LOTp1ck4IAGx5G4oZi-xt9soAYhqAemvhuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIFAiA4YAQEAEyAqoCOgKAQEi9_cE6-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_3-7Eah-7OeorWzVhdhnI7NuokisQ%26client%3Dca-pub-6593523210010154%26adurl%3D

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6593523210010154&output=html&h=90&slotname=9586219513&adk=1165138949&adf=776186312&pi=t.ma~as.9586219513&w=728&format=728x90&url=https%3A%2F%2Fforeks.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1701196404115&bpp=1&bdt=345&idt=358&shv=r20231109&mjsv=m202311140101&ptt=9&saldr=aa&prev_fmts=0x0&nras=1&correlator=457562125127&frm=24&ife=3&pv=1&ga_vid=1339841790.1701196404&ga_sid=1701196404&ga_hid=627177921&ga_fc=0&nhd=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=728&ish=90&ifk=2017660139&scr_x=-12245933&scr_y=-12245933&eid=44759876%2C44759927%2C31079437%2C31079759%2C44809316%2C31078297%2C31079756%2C44807406%2C44807763%2C44808149%2C44808284%2C44809071&oid=2&pvsid=1540846799569571&tmod=294462696&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C728%2C90&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=2&uci=2.4w89kf7hrlt0&fsb=1&dtd=361

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::ac43:4a81 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3dc66b3397d684337d6b13f9ccf369b42acfd23d1ed020d93e84c40899cb023

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content; report-to report-endpoint;report-uri /ad/rcv; upgrade-insecure-requests;sandbox allow-scripts allow-same-origin allow-popups allow-popups-to-escape-sandbox;base-uri https:;child-src ;connect-src https:;default-src 'self';font-src ;form-action 'none';frame-src ;img-src https: data:;manifest-src 'none';media-src 'none';object-src 'none';worker-src 'none';script-src https: 'unsafe-inline' 'unsafe-eval';style-src 'unsafe-inline'
Strict-Transport-Security	max-age=86400; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cache-control: no-store, no-cache, must-revalidate, proxy-revalidate
cf-cache-status: DYNAMIC
cf-ray: 82d4b2fc1ba59954-FRA
content-encoding: br
content-security-policy: block-all-mixed-content; report-to report-endpoint;report-uri /ad/rcv; upgrade-insecure-requests;sandbox allow-scripts allow-same-origin allow-popups allow-popups-to-escape-sandbox;base-uri https:;child-src *;connect-src https:;default-src 'self';font-src *;form-action 'none';frame-src *;img-src https: data:;manifest-src 'none';media-src 'none';object-src 'none';worker-src 'none';script-src https: 'unsafe-inline' 'unsafe-eval';style-src * 'unsafe-inline'
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: unsafe-none
cross-origin-opener-policy: unsafe-none
cross-origin-resource-policy: cross-origin
date: Tue, 28 Nov 2023 18:33:25 GMT
expires: 0
nel: {"failure_fraction":"1.0","max_age":86400,"report_to":"report-endpoint","success_fraction":"0.0","include_subdomains":true}
permissions-policy: accelerometer=(),autoplay=(self),camera=(),display-capture=(),encrypted-media=(self),fullscreen=(),gamepad=(),geolocation=(),gyroscope=(),hid=(),identity-credentials-get=(),idle-detection=*,local-fonts=*,magnetometer=(),microphone=(),midi=(),otp-credentials=(),payment=(),picture-in-picture=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=(),web-share=*,xr-spatial-tracking=()
pragma: no-cache
referrer-policy: same-origin
report-to: {"endpoints":[{"url":"/ad/vre"}],"group":"report-endpoint","max_age":86400}
server: cloudflare
strict-transport-security: max-age=86400; includeSubDomains; preload
surrogate-control: no-store
vary: accept-encoding
via: 1.1 google
x-content-type-options: nosniff
x-download-options: noopen
x-xss-protection: 1; mode=block

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 0A4A 1 KB
643 B 25ms
25ms Document
text/html 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6593523210010154&output=html&h=90&slotname=9586219513&adk=1165138949&adf=776186312&pi=t.ma~as.9586219513&w=728&format=728x90&url=https%3A%2F%2Fforeks.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1701196404115&bpp=1&bdt=345&idt=358&shv=r20231109&mjsv=m202311140101&ptt=9&saldr=aa&prev_fmts=0x0&nras=1&correlator=457562125127&frm=24&ife=3&pv=1&ga_vid=1339841790.1701196404&ga_sid=1701196404&ga_hid=627177921&ga_fc=0&nhd=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=728&ish=90&ifk=2017660139&scr_x=-12245933&scr_y=-12245933&eid=44759876%2C44759927%2C31079437%2C31079759%2C44809316%2C31078297%2C31079756%2C44807406%2C44807763%2C44808149%2C44808284%2C44809071&oid=2&pvsid=1540846799569571&tmod=294462696&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C728%2C90&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=2&uci=2.4w89kf7hrlt0&fsb=1&dtd=361

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 8115
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=86400
content-encoding: br
content-length: 618
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 28 Nov 2023 16:18:10 GMT
etag: 48472445140208031
expires: Wed, 29 Nov 2023 16:18:10 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/ Frame C8AF 3 KB
1 KB 31ms
31ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/window_focus_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6593523210010154&output=html&h=50&slotname=7479749161&adk=62601535&adf=776186319&pi=t.ma~as.7479749161&w=320&fwrn=16&format=320x50&url=https%3A%2F%2Fforeks.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1701196404076&bpp=1&bdt=301&idt=332&shv=r20231109&mjsv=m202311090101&ptt=9&saldr=aa&prev_fmts=0x0&nras=1&correlator=8490635587843&frm=24&ife=3&pv=1&ga_vid=1929377328.1701196404&ga_sid=1701196404&ga_hid=2029982201&ga_fc=0&nhd=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=320&ish=50&ifk=2021984501&scr_x=-12245933&scr_y=-12245933&eid=44759876%2C44759927%2C42532605%2C44798934%2C44809317%2C31078301%2C31079653%2C44807763%2C44808148%2C44808285%2C44809072&oid=2&pvsid=381731750731463&tmod=1776130808&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C320%2C50&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=2.fzfr6taekjip&fsb=1&dtd=333

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 14:08:37 GMT
content-encoding: br
x-content-type-options: nosniff
age: 15888
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 12 Dec 2023 14:08:37 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/ Frame C8AF 20 KB
8 KB 28ms
28ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/qs_click_protection_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3c30eaaa059a466037880c18c01c2fe94183d8e67eaab42061d4d2a180114658

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 16:17:19 GMT
content-encoding: br
x-content-type-options: nosniff
age: 8166
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8541
x-xss-protection: 0
server: cafe
etag: 737174102934380276
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 12 Dec 2023 16:17:19 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame C8AF 0
0 37ms
36ms Image
text/html 2a00:1450:4001:828::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaQ5Egmy4mh-J6yT0558uON0aA9cLMIBe-Sw58k4rbY3sZHNZ3KtS5z4on7HHfG1eV5DuV1ahLsIcMU9JgltpfxXsdqKbg
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6593523210010154&output=html&h=50&slotname=7479749161&adk=62601535&adf=776186319&pi=t.ma~as.7479749161&w=320&fwrn=16&format=320x50&url=https%3A%2F%2Fforeks.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1701196404076&bpp=1&bdt=301&idt=332&shv=r20231109&mjsv=m202311090101&ptt=9&saldr=aa&prev_fmts=0x0&nras=1&correlator=8490635587843&frm=24&ife=3&pv=1&ga_vid=1929377328.1701196404&ga_sid=1701196404&ga_hid=2029982201&ga_fc=0&nhd=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=320&ish=50&ifk=2021984501&scr_x=-12245933&scr_y=-12245933&eid=44759876%2C44759927%2C42532605%2C44798934%2C44809317%2C31078301%2C31079653%2C44807763%2C44808148%2C44808285%2C44809072&oid=2&pvsid=381731750731463&tmod=1776130808&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C320%2C50&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=2.fzfr6taekjip&fsb=1&dtd=333
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:828::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

GET
H3 200 ufs_web_display.js Show response
www.googletagservices.com/activeview/js/current/ Frame C8AF 202 KB
64 KB 156ms
156ms Script
text/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d00881661ce5e766ce98430f69d6d217ab80bdfa98811e039afc92a327d57a68

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 18:33:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 65070
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1700193896630564"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 28 Nov 2023 18:33:25 GMT

GET
H3 200 dr Show response
as.ad4m.at/ad/ Frame E05E 2 KB
2 KB 53ms
53ms Document
text/html 2606:4700:20::ac43:4a81
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://as.ad4m.at/ad/dr?ed=1kcjq0qrdjt2h9973v6b9n7mm8ycm9j18k6nk1rfg6s435ek7a6jc373jtzfgnpxcdqq8aq26xwjj43hnqe24tpakt6efnd2veh7rvf28rgc59p2gyq1jzsmzfbh085g7qrbq3nf2n68bpb72gf58by56k5rrt5wjfs3ttnfb25e57ekn6h4qwf0hp5gvyqnvzsbxcq4nt8rbpt1ep9dx5g4y1bzzrgjd1s2dcn09ecxx4t407p6t379yzf46ftf2ncpc2f32cxrymrj4a3amh63n8x25rgtxj8dbbw7cnfbp761qnjkskkpbqjca3vpjjjtbt2rntse98x3rc916tv25jxyzagxz0r6r9e2f69vqt9089236f88tazn4p77g30y56g4f989mtha63tyq0xf3czfs9qs17qgvbhmcw3mpt1e9s71j&x=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCdDRDdDJmZdTlJ6rK998PkaeigAqQ4YGEXLaoworwAsCNtwEQASAAYJWCgICYB4IBF2NhLXB1Yi02NTkzNTIzMjEwMDEwMTU0yAEJqQKcXkyLdl-yPqgDAcgDAqoE6gFP0GSSNGuPZP6btp8oIK5frUXy3J-wWwSauAsN0Fh42wI8HcIvPBtSUWvRFaVHJfy9qlydzMUD3KOvrr7F2zicyP8dSuMo2egcCJR6GfmQxW8GHa_V-vv1wVQY_kmXZSXXK0k5zwIDazLsBvqJqqjKJeERD-dI48li3Oqc6OvzxVaUJMPVsqdMjNDRIt8bIVrbySwPxJVrIgZf8NGIfgbIdzHNuJl_enzB31CvoCt6Hs4WB0zbGp7WhQk_GkhkXUfWQHlLsiwaKxY5dWCixRqwJUjAznUwb-C2wXG9aPNnW0zbjiSFz7Oj0T2ABq20_5ik46TPIqAGIagHpr4bqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCBQIgOGAEBABMgKqAjoCgEBIvf3BOvoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_0KHn4mXPdoe_fe3yBWHXHoYfrjZg%26client%3Dca-pub-6593523210010154%26adurl%3D

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::ac43:4a81 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e03e2c7a11bbba28e59c5bbbeaa5713859f90db11e37867140ffd2cb48dc0b50

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content; report-to report-endpoint;report-uri /ad/rcv; upgrade-insecure-requests;sandbox allow-scripts allow-same-origin allow-popups allow-popups-to-escape-sandbox;base-uri https:;child-src ;connect-src https:;default-src 'self';font-src ;form-action 'none';frame-src ;img-src https: data:;manifest-src 'none';media-src 'none';object-src 'none';worker-src 'none';script-src https: 'unsafe-inline' 'unsafe-eval';style-src 'unsafe-inline'
Strict-Transport-Security	max-age=86400; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cache-control: no-store, no-cache, must-revalidate, proxy-revalidate
cf-cache-status: DYNAMIC
cf-ray: 82d4b2fc2bb49954-FRA
content-encoding: br
content-security-policy: block-all-mixed-content; report-to report-endpoint;report-uri /ad/rcv; upgrade-insecure-requests;sandbox allow-scripts allow-same-origin allow-popups allow-popups-to-escape-sandbox;base-uri https:;child-src *;connect-src https:;default-src 'self';font-src *;form-action 'none';frame-src *;img-src https: data:;manifest-src 'none';media-src 'none';object-src 'none';worker-src 'none';script-src https: 'unsafe-inline' 'unsafe-eval';style-src * 'unsafe-inline'
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: unsafe-none
cross-origin-opener-policy: unsafe-none
cross-origin-resource-policy: cross-origin
date: Tue, 28 Nov 2023 18:33:25 GMT
expires: 0
nel: {"failure_fraction":"1.0","max_age":86400,"report_to":"report-endpoint","success_fraction":"0.0","include_subdomains":true}
permissions-policy: accelerometer=(),autoplay=(self),camera=(),display-capture=(),encrypted-media=(self),fullscreen=(),gamepad=(),geolocation=(),gyroscope=(),hid=(),identity-credentials-get=(),idle-detection=*,local-fonts=*,magnetometer=(),microphone=(),midi=(),otp-credentials=(),payment=(),picture-in-picture=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=(),web-share=*,xr-spatial-tracking=()
pragma: no-cache
referrer-policy: same-origin
report-to: {"endpoints":[{"url":"/ad/vre"}],"group":"report-endpoint","max_age":86400}
server: cloudflare
strict-transport-security: max-age=86400; includeSubDomains; preload
surrogate-control: no-store
vary: accept-encoding
via: 1.1 google
x-content-type-options: nosniff
x-download-options: noopen
x-xss-protection: 1; mode=block

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame E921 1 KB
643 B 28ms
28ms Document
text/html 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 8115
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=86400
content-encoding: br
content-length: 618
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 28 Nov 2023 16:18:10 GMT
etag: 48472445140208031
expires: Wed, 29 Nov 2023 16:18:10 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 dr Show response
as.ad4m.at/ad/ Frame 63B5 2 KB
2 KB 54ms
53ms Document
text/html 2606:4700:20::ac43:4a81
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://as.ad4m.at/ad/dr?ed=1jzjaensskpm816x8e7m86y07zg1d7mhaxmcbn5yfpeqj28dtf2e26asgp71v8t43zyzw6pxwy05p86m15tkye94r3e0s5xwq1n9zbxxx1nvpydawdzwc5e52ryx5qnkwj67at1t7qxr4gzspzwaymv6mqg8nscf4ky6kqfsexmttfscfmxg84w0ne5hjgcdnarmt2tcestwp70v7dgmphf5cg692x2qk3g82ngky1qe5t8z5rxqdkrqq5mdmrseq5qywj2jjt282mb5krqtpzjrnk3srx0zhpsveq33kw3h3h7f2btxe6hc3r33j3x2zxnzret9tf263660sgbe1846dp61hpyhz07f5d88x1e3cchn9r3qevzkvwm9ytcjec0gzmgdft28xg75f9pmwe8qbw7fkgcamwnamrx2qnygh0bvnjrr5wdj29wt789dxq3vvsga&x=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCvdv8dDJmZYyoH6_OkPIPy9iN4AeQ4YGEXLaoworwAsCNtwEQASAAYJWCgICYB4IBF2NhLXB1Yi02NTkzNTIzMjEwMDEwMTU0yAEJqQLQvqB80mqyPqgDAcgDAqoE6QFP0HVSySJARTVk_Ue2gMFxYof1GbLy69hYaz94OBq_IXCQ1apdyNkozvzzdPxrIcIcUV2x_BgE7fRvzqEvnbiP13oDZS07hT8p6O_JCFn7Gsl9U7BrleW7TSNKIg2hsBU-jJmrIQ6JtOoJC-DFLzmvGc_JfOJaVIQvb5G9zMXklRaLAtqlO9QYBZGOxoTdGljU9WPftZmtNqErXlobr_45r_hslIdRFO3oIifQeso88JfDoWQcNbbGd8dMw5D-Afa61J3MkAeieqnHcsm3f_4ooqIk3PjkfxuBaUoYGNYGS90_GHWmT987sYAGxe-ql6zq8qYcoAYhqAemvhuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIFAiA4YAQEAEyAqoCOgKAQEi9_cE6-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_1pg0Z1J5xeFijqk4mbWJDG4sM7aQ%26client%3Dca-pub-6593523210010154%26adurl%3D

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::ac43:4a81 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

bd44131b24d9a9ebb36660539de4140617f42deadf12c14910fa25b10b9012bd

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content; report-to report-endpoint;report-uri /ad/rcv; upgrade-insecure-requests;sandbox allow-scripts allow-same-origin allow-popups allow-popups-to-escape-sandbox;base-uri https:;child-src ;connect-src https:;default-src 'self';font-src ;form-action 'none';frame-src ;img-src https: data:;manifest-src 'none';media-src 'none';object-src 'none';worker-src 'none';script-src https: 'unsafe-inline' 'unsafe-eval';style-src 'unsafe-inline'
Strict-Transport-Security	max-age=86400; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cache-control: no-store, no-cache, must-revalidate, proxy-revalidate
cf-cache-status: DYNAMIC
cf-ray: 82d4b2fc3bc39954-FRA
content-encoding: br
content-security-policy: block-all-mixed-content; report-to report-endpoint;report-uri /ad/rcv; upgrade-insecure-requests;sandbox allow-scripts allow-same-origin allow-popups allow-popups-to-escape-sandbox;base-uri https:;child-src *;connect-src https:;default-src 'self';font-src *;form-action 'none';frame-src *;img-src https: data:;manifest-src 'none';media-src 'none';object-src 'none';worker-src 'none';script-src https: 'unsafe-inline' 'unsafe-eval';style-src * 'unsafe-inline'
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: unsafe-none
cross-origin-opener-policy: unsafe-none
cross-origin-resource-policy: cross-origin
date: Tue, 28 Nov 2023 18:33:25 GMT
expires: 0
nel: {"failure_fraction":"1.0","max_age":86400,"report_to":"report-endpoint","success_fraction":"0.0","include_subdomains":true}
permissions-policy: accelerometer=(),autoplay=(self),camera=(),display-capture=(),encrypted-media=(self),fullscreen=(),gamepad=(),geolocation=(),gyroscope=(),hid=(),identity-credentials-get=(),idle-detection=*,local-fonts=*,magnetometer=(),microphone=(),midi=(),otp-credentials=(),payment=(),picture-in-picture=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=(),web-share=*,xr-spatial-tracking=()
pragma: no-cache
referrer-policy: same-origin
report-to: {"endpoints":[{"url":"/ad/vre"}],"group":"report-endpoint","max_age":86400}
server: cloudflare
strict-transport-security: max-age=86400; includeSubDomains; preload
surrogate-control: no-store
vary: accept-encoding
via: 1.1 google
x-content-type-options: nosniff
x-download-options: noopen
x-xss-protection: 1; mode=block

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 6A7E 1 KB
643 B 24ms
21ms Document
text/html 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 8115
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=86400
content-encoding: br
content-length: 618
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 28 Nov 2023 16:18:10 GMT
etag: 48472445140208031
expires: Wed, 29 Nov 2023 16:18:10 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 734B 13 KB
5 KB 24ms
23ms Document
text/html 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://47edc2055ebf6f705c8dda5bf6329e59.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 3813
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Tue, 28 Nov 2023 17:29:52 GMT
expires: Wed, 27 Nov 2024 17:29:52 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 6C36 829 B
559 B 56ms
55ms Document
text/html 2a00:1450:4001:828::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

e8ee6af1358b1bb58da21b134881a294a1832e932edc73bc0020217e6acf82ba

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-pN7kEfz27LIpq-_oN016ig' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://47edc2055ebf6f705c8dda5bf6329e59.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=300
content-encoding: gzip
content-security-policy: script-src 'report-sample' 'nonce-pN7kEfz27LIpq-_oN016ig' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Tue, 28 Nov 2023 18:33:25 GMT
expires: Tue, 28 Nov 2023 18:33:25 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 5017 13 KB
5 KB 28ms
24ms Document
text/html 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://47edc2055ebf6f705c8dda5bf6329e59.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 3813
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Tue, 28 Nov 2023 17:29:52 GMT
expires: Wed, 27 Nov 2024 17:29:52 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 aframe Show response
www.google.com/recaptcha/api2/ Frame A62A 829 B
561 B 48ms
45ms Document
text/html 2a00:1450:4001:828::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

e35dce4f870650ac2bca9673112895e5d3b79414c55c226c249f8c34d6f797a0

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-17c-XJkr_BxUT0VODm5Gkg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://47edc2055ebf6f705c8dda5bf6329e59.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=300
content-encoding: gzip
content-security-policy: script-src 'report-sample' 'nonce-17c-XJkr_BxUT0VODm5Gkg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Tue, 28 Nov 2023 18:33:25 GMT
expires: Tue, 28 Nov 2023 18:33:25 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
DATA 200
OK truncated
/ Frame 89E6 213 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: c03170446d5d481a6fab2a752f1dc6f971558dff1d43c516fa461a4d2bb53bd0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Content-Type: image/png

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 0A4A
Redirect Chain

https://cms.quantserve.com/dpixel?a=p-n5vvLvRdjg0ek&eid=0&qc_google_push=&google_gid=CAESEHmKZFqnhuOUkk0Gc8Hwm7o&google_cver=1&google_push=AXcoOmTqulHKJyBxFc_aAVfDwK4BPuiShHwbjlNyIqXlpU8No4X1TlZgIK...
https://cm.g.doubleclick.net/pixel?&google_nid=B765081F39B1F7&google_push=AXcoOmTqulHKJyBxFc_aAVfDwK4BPuiShHwbjlNyIqXlpU8No4X1TlZgIKX09Y-v1Wk3T3GK3-iEUq0QlMVP73h54HyhRkjzCkthf96IJ3XVh1BzoP0fFlCH1rc...

170 B
188 B

33ms
33ms

Image
image/png

142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?&google_nid=B765081F39B1F7&google_push=AXcoOmTqulHKJyBxFc_aAVfDwK4BPuiShHwbjlNyIqXlpU8No4X1TlZgIKX09Y-v1Wk3T3GK3-iEUq0QlMVP73h54HyhRkjzCkthf96IJ3XVh1BzoP0fFlCH1rcWMrVh6ad96_xACSJukLhJeMf72m-6-t6KFg&google_hm=XfghiUm9H88VAw_jCG-ivg

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6593523210010154&output=html&h=90&slotname=9586219513&adk=1165138949&adf=776186312&pi=t.ma~as.9586219513&w=728&format=728x90&url=https%3A%2F%2Fforeks.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1701196404115&bpp=1&bdt=345&idt=358&shv=r20231109&mjsv=m202311140101&ptt=9&saldr=aa&prev_fmts=0x0&nras=1&correlator=457562125127&frm=24&ife=3&pv=1&ga_vid=1339841790.1701196404&ga_sid=1701196404&ga_hid=627177921&ga_fc=0&nhd=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=728&ish=90&ifk=2017660139&scr_x=-12245933&scr_y=-12245933&eid=44759876%2C44759927%2C31079437%2C31079759%2C44809316%2C31078297%2C31079756%2C44807406%2C44807763%2C44808149%2C44808284%2C44809071&oid=2&pvsid=1540846799569571&tmod=294462696&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C728%2C90&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=2&uci=2.4w89kf7hrlt0&fsb=1&dtd=361

Protocol

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 28 Nov 2023 18:33:25 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?&google_nid=B765081F39B1F7&google_push=AXcoOmTqulHKJyBxFc_aAVfDwK4BPuiShHwbjlNyIqXlpU8No4X1TlZgIKX09Y-v1Wk3T3GK3-iEUq0QlMVP73h54HyhRkjzCkthf96IJ3XVh1BzoP0fFlCH1rcWMrVh6ad96_xACSJukLhJeMf72m-6-t6KFg&google_hm=XfghiUm9H88VAw_jCG-ivg
pragma: no-cache
date: Tue, 28 Nov 2023 18:33:25 GMT
cache-control: private, no-cache, no-store, proxy-revalidate
strict-transport-security: max-age=86400
content-length: 0
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 0A4A
Redirect Chain

https://pm.w55c.net/ping_match.gif?ei=GOOGLE&rurl=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3D9675309%26google_hm%3D_wfivefivec64esc_&google_gid=CAESEHYqp6gRl8MPnLGx0emdfck&google_cve...
https://pm.w55c.net/ping_match.gif?scc=1&ei=GOOGLE&rurl=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3D9675309%26google_hm%3D_wfivefivec64esc_&google_gid=CAESEHYqp6gRl8MPnLGx0emdfck&goog...
https://cm.g.doubleclick.net/pixel?google_nid=9675309&google_hm=WW9Zc3FJM1QxUjgyVEg1&google_gid=CAESEHYqp6gRl8MPnLGx0emdfck&google_cver=1&google_push=AXcoOmSyzDsLi40idT2C0smL-Hah4jZCPTCn0wiIcv2taQc...

170 B
188 B

32ms
32ms

Image
image/png

142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=9675309&google_hm=WW9Zc3FJM1QxUjgyVEg1&google_gid=CAESEHYqp6gRl8MPnLGx0emdfck&google_cver=1&google_push=AXcoOmSyzDsLi40idT2C0smL-Hah4jZCPTCn0wiIcv2taQc88f3uJRHrGOBR2DXcOV3zIlIRfqro01W7k_hnMF7VR8zYW9R0D6yDOcbtQ1FtsopNhGidcbkVbKlMzezdibytI0ybI9o4nlMRvEaFILgoIcSHCg

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6593523210010154&output=html&h=90&slotname=9586219513&adk=1165138949&adf=776186312&pi=t.ma~as.9586219513&w=728&format=728x90&url=https%3A%2F%2Fforeks.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1701196404115&bpp=1&bdt=345&idt=358&shv=r20231109&mjsv=m202311140101&ptt=9&saldr=aa&prev_fmts=0x0&nras=1&correlator=457562125127&frm=24&ife=3&pv=1&ga_vid=1339841790.1701196404&ga_sid=1701196404&ga_hid=627177921&ga_fc=0&nhd=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=728&ish=90&ifk=2017660139&scr_x=-12245933&scr_y=-12245933&eid=44759876%2C44759927%2C31079437%2C31079759%2C44809316%2C31078297%2C31079756%2C44807406%2C44807763%2C44808149%2C44808284%2C44809071&oid=2&pvsid=1540846799569571&tmod=294462696&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C728%2C90&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=2&uci=2.4w89kf7hrlt0&fsb=1&dtd=361

Protocol

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 28 Nov 2023 18:33:25 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Tue, 28 Nov 2023 18:33:25 GMT
Strict-Transport-Security: max-age=2592000; includeSubDomains
Server: PingMatch/v2.0.30-795-gb641a57#rel-ec2-master i-0f7f5cc7c951f6e61@eu-central-1b@dxedge-app-eu-central-1-prod-asg
Location: https://cm.g.doubleclick.net/pixel?google_nid=9675309&google_hm=WW9Zc3FJM1QxUjgyVEg1&google_gid=CAESEHYqp6gRl8MPnLGx0emdfck&google_cver=1&google_push=AXcoOmSyzDsLi40idT2C0smL-Hah4jZCPTCn0wiIcv2taQc88f3uJRHrGOBR2DXcOV3zIlIRfqro01W7k_hnMF7VR8zYW9R0D6yDOcbtQ1FtsopNhGidcbkVbKlMzezdibytI0ybI9o4nlMRvEaFILgoIcSHCg
Cache-Control: no-cache, must-revalidate
Connection: keep-alive
Content-Length: 0
Expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame 0A4A 0
12 B 63ms
61ms Image
text/html 142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13Iet7j8bTehgt7Y8c0VeeBQ6GdjjSzT2vGPNIE

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6593523210010154&output=html&h=90&slotname=9586219513&adk=1165138949&adf=776186312&pi=t.ma~as.9586219513&w=728&format=728x90&url=https%3A%2F%2Fforeks.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1701196404115&bpp=1&bdt=345&idt=358&shv=r20231109&mjsv=m202311140101&ptt=9&saldr=aa&prev_fmts=0x0&nras=1&correlator=457562125127&frm=24&ife=3&pv=1&ga_vid=1339841790.1701196404&ga_sid=1701196404&ga_hid=627177921&ga_fc=0&nhd=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=728&ish=90&ifk=2017660139&scr_x=-12245933&scr_y=-12245933&eid=44759876%2C44759927%2C31079437%2C31079759%2C44809316%2C31078297%2C31079756%2C44807406%2C44807763%2C44808149%2C44808284%2C44809071&oid=2&pvsid=1540846799569571&tmod=294462696&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C728%2C90&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=2&uci=2.4w89kf7hrlt0&fsb=1&dtd=361

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 18:33:25 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame F5AF 42 B
64 B 61ms
61ms Fetch
image/gif 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsszc8ld4VEsEWjl6LPLB8CPhsHJzZabrZ26zrgzdWT8wBI10fV7kgpQ0LsoCP6YYt7ejs_y-oThJdoSfeeb2-lJeuNynPO_6i7GtRSS0p6mSgSH8UUK&sig=Cg0ArKJSzLgnGmQtmOXjEAE&id=lidar2&mcvt=1010&p=947,1142,1197,1442&mtos=1010,1010,1010,1010,1010&tos=1010,0,0,0,0&v=20231116&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=20&adk=2254628106&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0%3D&vs=4&r=v&rst=1701196403705&rpt=452&isd=0&lsd=0&met=ie&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0&io2=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://47edc2055ebf6f705c8dda5bf6329e59.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 28 Nov 2023 18:33:25 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 79C3 42 B
64 B 61ms
61ms Fetch
image/gif 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsuiEkOgRyEnYpfK_wieKM36-GLKH-gxr4fBZCPlCvdhxBfQMvUufKF9NlM7jVeU5vLwX_G3WHK1GFB6ZF5u-oZLHqJX2C4ep6F_qMI07O_YEPltxgqL&sig=Cg0ArKJSzMOA0_PcP30UEAE&id=lidar2&mcvt=1012&p=273,315,523,1285&mtos=1012,1012,1012,1012,1012&tos=1012,0,0,0,0&v=20231116&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=20&adk=1593130247&rs=4&la=1&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0%3D&vs=4&r=v&rst=1701196403693&rpt=438&isd=0&lsd=0&met=ie&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0&io2=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://47edc2055ebf6f705c8dda5bf6329e59.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 28 Nov 2023 18:33:25 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
DATA 200
OK truncated
/ Frame C8AF 209 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 388bd8a442f1f00dc936139630985d910c0b93903b0babf90522f4d7e0456d18

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame 6C7F 219 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 0188821dd12386173e0f54df67c6256c18fda68f62df507b001dbdbdf75cdbb4

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 default.css
as.ad4m.at/ad/style/0.1.50/one-ad/ Frame 6D0C 115 KB
14 KB 40ms
40ms Stylesheet
text/css 2606:4700:20::ac43:4a81
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://as.ad4m.at/ad/style/0.1.50/one-ad/default.css
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/dr?ed=1gdzset4rbp2vtq3nb361xdgvneta1pa37sc1tv8jn5pwjyvtg8f9rtmez49yqqhbhrecdnqe6rws6h52w7vy9kdzayzd4cx877ewnqgth21sw7nwr6bde97cm6rx1vfsjcrpn642ex28gwzqvsnszvghgmvx1p77nfg4tm3vnsc7pahbsr4zy76dbtnn55k1t5g4prkd8fm66qr6jaxtw59zxq552bt5f65gcetk97kwvhyyqxx3y1bp63dyreexj1mar3hmmv2nt177sj4rxynfc271c131kbs45p8wnaq6tranevgzzt02sjk232wz17pd2xt8erkwq38851jk7ptc947qp7yvbemgpbgre8x2van8kvhspgrs4a6mhdf5z4610rqj6hegbda79a7b9617h3wmj7892hp3gzee4wrnz7smtwgdzdvb7hnywdp1425j76y&x=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCEr18dDJmZZm2I-ON4_UP496YqA6Q4YGEXLaoworwAsCNtwEQASAAYJWCgICYB4IBF2NhLXB1Yi02NTkzNTIzMjEwMDEwMTU0yAEJqQI9a6tbPGiyPqgDAcgDAqoE6QFP0FIkyqpbuVfpH1xFpj3yZVAK_bOgfOfbFbcgz5Ky1ll-76X7M-a5sW515FmY5PwmuyZA19N82g4ZK3bvXmYYCC6zmYGoN_NQyFUsk5WCOme_VxTU_SR_Lgo7EsYkk97Om0Fr3jWEgXSixsOp45XyqYUU6i-NLjfQRLHNXkUV2K2Z0ZxX9ZpRx4uiTpFv-ITXFEQlE7-glXRPzA2HdCmGyDdTTMHbWU-EArm1hopQ5XMbUFUkR5zWAJOSvTt4eaI9fb7yqLBwgDOWNCnNN_0_0Y_3QsIWff0kx61w711boiFE8LOTp1ck4IAGx5G4oZi-xt9soAYhqAemvhuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIFAiA4YAQEAEyAqoCOgKAQEi9_cE6-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_3-7Eah-7OeorWzVhdhnI7NuokisQ%26client%3Dca-pub-6593523210010154%26adurl%3D
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::ac43:4a81 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5f5a0db09b2c7d59fce00d749f6b857d80edafcca6897c038c5b77fb942f1393

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://as.ad4m.at/ad/dr?ed=1gdzset4rbp2vtq3nb361xdgvneta1pa37sc1tv8jn5pwjyvtg8f9rtmez49yqqhbhrecdnqe6rws6h52w7vy9kdzayzd4cx877ewnqgth21sw7nwr6bde97cm6rx1vfsjcrpn642ex28gwzqvsnszvghgmvx1p77nfg4tm3vnsc7pahbsr4zy76dbtnn55k1t5g4prkd8fm66qr6jaxtw59zxq552bt5f65gcetk97kwvhyyqxx3y1bp63dyreexj1mar3hmmv2nt177sj4rxynfc271c131kbs45p8wnaq6tranevgzzt02sjk232wz17pd2xt8erkwq38851jk7ptc947qp7yvbemgpbgre8x2van8kvhspgrs4a6mhdf5z4610rqj6hegbda79a7b9617h3wmj7892hp3gzee4wrnz7smtwgdzdvb7hnywdp1425j76y&x=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCEr18dDJmZZm2I-ON4_UP496YqA6Q4YGEXLaoworwAsCNtwEQASAAYJWCgICYB4IBF2NhLXB1Yi02NTkzNTIzMjEwMDEwMTU0yAEJqQI9a6tbPGiyPqgDAcgDAqoE6QFP0FIkyqpbuVfpH1xFpj3yZVAK_bOgfOfbFbcgz5Ky1ll-76X7M-a5sW515FmY5PwmuyZA19N82g4ZK3bvXmYYCC6zmYGoN_NQyFUsk5WCOme_VxTU_SR_Lgo7EsYkk97Om0Fr3jWEgXSixsOp45XyqYUU6i-NLjfQRLHNXkUV2K2Z0ZxX9ZpRx4uiTpFv-ITXFEQlE7-glXRPzA2HdCmGyDdTTMHbWU-EArm1hopQ5XMbUFUkR5zWAJOSvTt4eaI9fb7yqLBwgDOWNCnNN_0_0Y_3QsIWff0kx61w711boiFE8LOTp1ck4IAGx5G4oZi-xt9soAYhqAemvhuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIFAiA4YAQEAEyAqoCOgKAQEi9_cE6-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_3-7Eah-7OeorWzVhdhnI7NuokisQ%26client%3Dca-pub-6593523210010154%26adurl%3D
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 18:33:25 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 1442625
cf-polished: origSize=118430
alt-svc: h3=":443"; ma=86400
cf-bgj: minify
last-modified: Thu, 02 Nov 2023 10:26:17 GMT
server: cloudflare
etag: W/"486507ccce9ac587d11c0ef3f32a109a"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pClWJ%2FccNF%2FXcMC8pv5XX%2FCo3ZxRWqi%2F%2FH%2FLzDS2OPJLyhj1oBoItfDMoVfJ0zqDla4BNFlpAlBQmUgriTdkG2rWuTcCniD0vN%2B6k3kxTJcyLSb3hcBrwBJ0XM4IXEbJj9JRmwDHyn4%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: public, max-age=86400
cf-ray: 82d4b2fc9c419954-FRA
expires: Wed, 29 Nov 2023 18:33:25 GMT

GET
H3 200 r62eglto.js Show response
ad4m.at/ Frame 6D0C 25 KB
10 KB 37ms
36ms Script
application/javascript 2606:4700:20::ac43:4a81
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ad4m.at/r62eglto.js
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/dr?ed=1gdzset4rbp2vtq3nb361xdgvneta1pa37sc1tv8jn5pwjyvtg8f9rtmez49yqqhbhrecdnqe6rws6h52w7vy9kdzayzd4cx877ewnqgth21sw7nwr6bde97cm6rx1vfsjcrpn642ex28gwzqvsnszvghgmvx1p77nfg4tm3vnsc7pahbsr4zy76dbtnn55k1t5g4prkd8fm66qr6jaxtw59zxq552bt5f65gcetk97kwvhyyqxx3y1bp63dyreexj1mar3hmmv2nt177sj4rxynfc271c131kbs45p8wnaq6tranevgzzt02sjk232wz17pd2xt8erkwq38851jk7ptc947qp7yvbemgpbgre8x2van8kvhspgrs4a6mhdf5z4610rqj6hegbda79a7b9617h3wmj7892hp3gzee4wrnz7smtwgdzdvb7hnywdp1425j76y&x=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCEr18dDJmZZm2I-ON4_UP496YqA6Q4YGEXLaoworwAsCNtwEQASAAYJWCgICYB4IBF2NhLXB1Yi02NTkzNTIzMjEwMDEwMTU0yAEJqQI9a6tbPGiyPqgDAcgDAqoE6QFP0FIkyqpbuVfpH1xFpj3yZVAK_bOgfOfbFbcgz5Ky1ll-76X7M-a5sW515FmY5PwmuyZA19N82g4ZK3bvXmYYCC6zmYGoN_NQyFUsk5WCOme_VxTU_SR_Lgo7EsYkk97Om0Fr3jWEgXSixsOp45XyqYUU6i-NLjfQRLHNXkUV2K2Z0ZxX9ZpRx4uiTpFv-ITXFEQlE7-glXRPzA2HdCmGyDdTTMHbWU-EArm1hopQ5XMbUFUkR5zWAJOSvTt4eaI9fb7yqLBwgDOWNCnNN_0_0Y_3QsIWff0kx61w711boiFE8LOTp1ck4IAGx5G4oZi-xt9soAYhqAemvhuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIFAiA4YAQEAEyAqoCOgKAQEi9_cE6-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_3-7Eah-7OeorWzVhdhnI7NuokisQ%26client%3Dca-pub-6593523210010154%26adurl%3D
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::ac43:4a81 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ba4a0c91bdda0c6f615970c6c39dbe9e47f84613f5460c2b21bf5d1eec6277a3

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 18:33:25 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Tue, 11 Jul 2023 16:29:57 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 398632
etag: W/"8f7b47e4fef4e58c4cfeb4f6c445dcb6"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VMTw1%2FY9QRCouOdy9YqGrk63iIKumGX45gumyVm5FtYP5qGHl1hNFTtv%2FoUs6W3Wsjsg9RjpSyTZVeBFMT01nifz5%2F36pVnn5AeXnP0L5oeAecN%2FIsT%2BjuMP7oct08AGqO2CMzg%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
cache-control: public, max-age=3600, must-revalidate, stale-while-revalidate=300
cf-ray: 82d4b2fc9c439954-FRA
alt-svc: h3=":443"; ma=86400
expires: Fri, 24 Nov 2023 03:49:33 GMT

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 8451 0
0 60ms
60ms Fetch
image/gif 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjstRMNBolIGniPR_7mP9Cv4Xgeh8x1BUnt5JFJocG0TGadW41NB3SuvNWCknKwUxLJMxp5oPMTKe3tobR2jHe5lIR7nnZwKxu2YaBGDKu2AK0hgr7f6u4II2dSW_CelbYslWsgHnY_PfkEkLoRTdqRcK75yO9eG6tUH2QeLwWhYArAkzzwSVIZqz7FJ5Re4ZbuSBHhLt6E8NRqZOOiAlSjFKGx5CQk5h2NkAps8ITUC-5jLPnawc4vcYHreBJT7azZZjFrpTl_8Slk0tVQDfhQKyM3lIRkT9VcVZ24_D-c9BYltrpmSiEf6pPk6oIFlmyI7yHe2Ie-IktZIW3NXYi9DY6TM-d91PSZPoUiN7uEXlPcP3&sai=AMfl-YT14RUawG-iC8sVlX_sw4FwUFHEj1AWNHQtr1v1r7892FwDf2GxJNQuViwrppbMjYw_nWAN1HkjEt6CsMFlxmdXckmDgOqmHvG-CnwsbKn6PGOB7s6OUJ2Y9phYmzhtrcFqsE66ExruFx3-g-_cFaQFLnKKAcJKG5nFDO9h0TlTRZQNwuYXgL5_jv8O2tXzsHZ3hErUK9uYKStVSPtP-zgnvGEDjMyHA0Nh_XY-FVmoKKE&sig=Cg0ArKJSzPFpV7Bsc3DvEAE&uach_m=%5BUACH%5D&urlfix=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0%3D&adurl=

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://47edc2055ebf6f705c8dda5bf6329e59.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 18:33:25 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Tue, 28 Nov 2023 18:33:25 GMT

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame 8451 16 KB
12 KB 75ms
75ms XHR
application/json 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20231109&st=env

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a5c8319a5fdb00c0748e8eb7a989aa943e95eebc2d3b4c0331f95a43ccf11751

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://47edc2055ebf6f705c8dda5bf6329e59.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 18:33:25 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 12476
x-xss-protection: 0

GET
H3 200 default.css
as.ad4m.at/ad/style/0.1.50/one-ad/ Frame E05E 115 KB
14 KB 51ms
51ms Stylesheet
text/css 2606:4700:20::ac43:4a81
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://as.ad4m.at/ad/style/0.1.50/one-ad/default.css
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/dr?ed=1kcjq0qrdjt2h9973v6b9n7mm8ycm9j18k6nk1rfg6s435ek7a6jc373jtzfgnpxcdqq8aq26xwjj43hnqe24tpakt6efnd2veh7rvf28rgc59p2gyq1jzsmzfbh085g7qrbq3nf2n68bpb72gf58by56k5rrt5wjfs3ttnfb25e57ekn6h4qwf0hp5gvyqnvzsbxcq4nt8rbpt1ep9dx5g4y1bzzrgjd1s2dcn09ecxx4t407p6t379yzf46ftf2ncpc2f32cxrymrj4a3amh63n8x25rgtxj8dbbw7cnfbp761qnjkskkpbqjca3vpjjjtbt2rntse98x3rc916tv25jxyzagxz0r6r9e2f69vqt9089236f88tazn4p77g30y56g4f989mtha63tyq0xf3czfs9qs17qgvbhmcw3mpt1e9s71j&x=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCdDRDdDJmZdTlJ6rK998PkaeigAqQ4YGEXLaoworwAsCNtwEQASAAYJWCgICYB4IBF2NhLXB1Yi02NTkzNTIzMjEwMDEwMTU0yAEJqQKcXkyLdl-yPqgDAcgDAqoE6gFP0GSSNGuPZP6btp8oIK5frUXy3J-wWwSauAsN0Fh42wI8HcIvPBtSUWvRFaVHJfy9qlydzMUD3KOvrr7F2zicyP8dSuMo2egcCJR6GfmQxW8GHa_V-vv1wVQY_kmXZSXXK0k5zwIDazLsBvqJqqjKJeERD-dI48li3Oqc6OvzxVaUJMPVsqdMjNDRIt8bIVrbySwPxJVrIgZf8NGIfgbIdzHNuJl_enzB31CvoCt6Hs4WB0zbGp7WhQk_GkhkXUfWQHlLsiwaKxY5dWCixRqwJUjAznUwb-C2wXG9aPNnW0zbjiSFz7Oj0T2ABq20_5ik46TPIqAGIagHpr4bqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCBQIgOGAEBABMgKqAjoCgEBIvf3BOvoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_0KHn4mXPdoe_fe3yBWHXHoYfrjZg%26client%3Dca-pub-6593523210010154%26adurl%3D
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::ac43:4a81 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5f5a0db09b2c7d59fce00d749f6b857d80edafcca6897c038c5b77fb942f1393

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://as.ad4m.at/ad/dr?ed=1kcjq0qrdjt2h9973v6b9n7mm8ycm9j18k6nk1rfg6s435ek7a6jc373jtzfgnpxcdqq8aq26xwjj43hnqe24tpakt6efnd2veh7rvf28rgc59p2gyq1jzsmzfbh085g7qrbq3nf2n68bpb72gf58by56k5rrt5wjfs3ttnfb25e57ekn6h4qwf0hp5gvyqnvzsbxcq4nt8rbpt1ep9dx5g4y1bzzrgjd1s2dcn09ecxx4t407p6t379yzf46ftf2ncpc2f32cxrymrj4a3amh63n8x25rgtxj8dbbw7cnfbp761qnjkskkpbqjca3vpjjjtbt2rntse98x3rc916tv25jxyzagxz0r6r9e2f69vqt9089236f88tazn4p77g30y56g4f989mtha63tyq0xf3czfs9qs17qgvbhmcw3mpt1e9s71j&x=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCdDRDdDJmZdTlJ6rK998PkaeigAqQ4YGEXLaoworwAsCNtwEQASAAYJWCgICYB4IBF2NhLXB1Yi02NTkzNTIzMjEwMDEwMTU0yAEJqQKcXkyLdl-yPqgDAcgDAqoE6gFP0GSSNGuPZP6btp8oIK5frUXy3J-wWwSauAsN0Fh42wI8HcIvPBtSUWvRFaVHJfy9qlydzMUD3KOvrr7F2zicyP8dSuMo2egcCJR6GfmQxW8GHa_V-vv1wVQY_kmXZSXXK0k5zwIDazLsBvqJqqjKJeERD-dI48li3Oqc6OvzxVaUJMPVsqdMjNDRIt8bIVrbySwPxJVrIgZf8NGIfgbIdzHNuJl_enzB31CvoCt6Hs4WB0zbGp7WhQk_GkhkXUfWQHlLsiwaKxY5dWCixRqwJUjAznUwb-C2wXG9aPNnW0zbjiSFz7Oj0T2ABq20_5ik46TPIqAGIagHpr4bqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCBQIgOGAEBABMgKqAjoCgEBIvf3BOvoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_0KHn4mXPdoe_fe3yBWHXHoYfrjZg%26client%3Dca-pub-6593523210010154%26adurl%3D
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 18:33:25 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 1442625
cf-polished: origSize=118430
alt-svc: h3=":443"; ma=86400
cf-bgj: minify
last-modified: Thu, 02 Nov 2023 10:26:17 GMT
server: cloudflare
etag: W/"486507ccce9ac587d11c0ef3f32a109a"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PjtskQ%2BCNDT2h6q2FY8scb8OVWkKdRCT4wH5gxWXCUQU374RlBKGqZEI0DLXvxFpUN8i2Eh8VQHOOJ5lVIJIMR2z3j0YMQiv85B5no8TkjzsZO5KjDNMcNpANqN4iCbWC0K3UJBgwvA%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: public, max-age=86400
cf-ray: 82d4b2fcac569954-FRA
expires: Wed, 29 Nov 2023 18:33:25 GMT

GET
H3 200 r62eglto.js Show response
ad4m.at/ Frame E05E 25 KB
10 KB 73ms
73ms Script
application/javascript 2606:4700:20::ac43:4a81
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ad4m.at/r62eglto.js
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/dr?ed=1kcjq0qrdjt2h9973v6b9n7mm8ycm9j18k6nk1rfg6s435ek7a6jc373jtzfgnpxcdqq8aq26xwjj43hnqe24tpakt6efnd2veh7rvf28rgc59p2gyq1jzsmzfbh085g7qrbq3nf2n68bpb72gf58by56k5rrt5wjfs3ttnfb25e57ekn6h4qwf0hp5gvyqnvzsbxcq4nt8rbpt1ep9dx5g4y1bzzrgjd1s2dcn09ecxx4t407p6t379yzf46ftf2ncpc2f32cxrymrj4a3amh63n8x25rgtxj8dbbw7cnfbp761qnjkskkpbqjca3vpjjjtbt2rntse98x3rc916tv25jxyzagxz0r6r9e2f69vqt9089236f88tazn4p77g30y56g4f989mtha63tyq0xf3czfs9qs17qgvbhmcw3mpt1e9s71j&x=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCdDRDdDJmZdTlJ6rK998PkaeigAqQ4YGEXLaoworwAsCNtwEQASAAYJWCgICYB4IBF2NhLXB1Yi02NTkzNTIzMjEwMDEwMTU0yAEJqQKcXkyLdl-yPqgDAcgDAqoE6gFP0GSSNGuPZP6btp8oIK5frUXy3J-wWwSauAsN0Fh42wI8HcIvPBtSUWvRFaVHJfy9qlydzMUD3KOvrr7F2zicyP8dSuMo2egcCJR6GfmQxW8GHa_V-vv1wVQY_kmXZSXXK0k5zwIDazLsBvqJqqjKJeERD-dI48li3Oqc6OvzxVaUJMPVsqdMjNDRIt8bIVrbySwPxJVrIgZf8NGIfgbIdzHNuJl_enzB31CvoCt6Hs4WB0zbGp7WhQk_GkhkXUfWQHlLsiwaKxY5dWCixRqwJUjAznUwb-C2wXG9aPNnW0zbjiSFz7Oj0T2ABq20_5ik46TPIqAGIagHpr4bqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCBQIgOGAEBABMgKqAjoCgEBIvf3BOvoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_0KHn4mXPdoe_fe3yBWHXHoYfrjZg%26client%3Dca-pub-6593523210010154%26adurl%3D
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::ac43:4a81 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ba4a0c91bdda0c6f615970c6c39dbe9e47f84613f5460c2b21bf5d1eec6277a3

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 18:33:25 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Tue, 11 Jul 2023 16:29:57 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 398632
etag: W/"8f7b47e4fef4e58c4cfeb4f6c445dcb6"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=I8EguGMsDjgFV4n%2FJkK8pqeVr8RpKeweANUINVBLiGZFuzdJTUf%2Bwvalfd83bWLi0NGzpUa77yuKMeUmRVXc6lWD8Ehg7mcYUS72v0qREkZg21J%2Bh28mMcgH6TA9CZ3HrSzx9Io%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
cache-control: public, max-age=3600, must-revalidate, stale-while-revalidate=300
cf-ray: 82d4b2fcac589954-FRA
alt-svc: h3=":443"; ma=86400
expires: Fri, 24 Nov 2023 03:49:33 GMT

GET
H3 200 adview
googleads.g.doubleclick.net/pagead/ Frame FCAF 0
19 B 65ms
64ms Image
text/html 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=C4rOtdDJmZaPGG_a5n88P8sS48A6Q4YGEXLaoworwAsCNtwEQASAAYJWCgICYB4IBF2NhLXB1Yi02NTkzNTIzMjEwMDEwMTU0yAEJqQKcXkyLdl-yPqgDAcgDAqoE5gFP0CC1bbj-T_ZdipGf0nvJ-D7eR_NQuSbuf-kmw62IzHRWN6r7EeDmzwmynHGe2lYtcDhcVxMdogOiCKouUh4daIM6fvnEXWIlrGmANz9zIwWA-pb3v5O7tatdbBDkAll1_OIwp1DxHvdIuZ9NyNIwMHgZgJ-fG-fzLKIstS7stAXpKBpCCNiYEQGgpb5nFK0x1H2gBRlyWB5W8YL9IEOXREWQ7gy-xeftLgMqkSFPea1iH5t4EiwU9F_IpseZ7TB8JeAErr2PsMlzhcAnHpiE-K1wTDilOvqsQK8oRlVa3x-NKq9J0oAGhpG7mv_1zaN4oAYhqAemvhuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIFAiA4YAQEAEyAqoCOgKAQEi9_cE6gAoB-gsCCAGADAHQFQGAFwGyFxoKGBIUcHViLTY1OTM1MjMyMTAwMTAxNTQYAA&sigh=9D0WDA9K39E&uach_m=%5BUACH%5D&cid=CAQSOwDICaaN80NTzlF7bLZIME-8wzjHMvdJ0bLLNFD6bmOwJSYDzRSZHOIYqkevXd5gVkH47fs5Fc88DEZUGAE&cbvp=2&vis=1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6593523210010154&output=html&h=90&slotname=9586219513&adk=1165138949&adf=776186313&pi=t.ma~as.9586219513&w=728&format=728x90&url=https%3A%2F%2Fforeks.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1701196403992&bpp=1&bdt=263&idt=351&shv=r20231109&mjsv=m202311090101&ptt=9&saldr=aa&prev_fmts=0x0&nras=1&correlator=3625658249918&frm=24&ife=3&pv=1&ga_vid=68299655.1701196404&ga_sid=1701196404&ga_hid=1777254059&ga_fc=0&nhd=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=728&ish=90&ifk=2017660139&scr_x=-12245933&scr_y=-12245933&eid=44759876%2C44759927%2C31079758%2C31078301%2C44807764%2C44808149%2C44808285%2C44809072&oid=2&pvsid=654864279827728&tmod=1367654180&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C728%2C90&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=2.xpuo2n6avl1q&fsb=1&dtd=353

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6593523210010154&output=html&h=90&slotname=9586219513&adk=1165138949&adf=776186313&pi=t.ma~as.9586219513&w=728&format=728x90&url=https%3A%2F%2Fforeks.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1701196403992&bpp=1&bdt=263&idt=351&shv=r20231109&mjsv=m202311090101&ptt=9&saldr=aa&prev_fmts=0x0&nras=1&correlator=3625658249918&frm=24&ife=3&pv=1&ga_vid=68299655.1701196404&ga_sid=1701196404&ga_hid=1777254059&ga_fc=0&nhd=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=728&ish=90&ifk=2017660139&scr_x=-12245933&scr_y=-12245933&eid=44759876%2C44759927%2C31079758%2C31078301%2C44807764%2C44808149%2C44808285%2C44809072&oid=2&pvsid=654864279827728&tmod=1367654180&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C728%2C90&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=2.xpuo2n6avl1q&fsb=1&dtd=353
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Tue, 28 Nov 2023 18:33:25 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H2 204 winResponse
prod-rtb.ad4mat.net/ Frame FCAF 0
39 B 33ms
33ms Image
image/gif 2600:1901:0:76b9::
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://prod-rtb.ad4mat.net/winResponse?a=1jmjzz73cxhxgvwa83248mvnmwdq6wevaz7hky0wq9cshvxmhx83ff0pvqnqkb8ka1tshwm1qnadqfr5v4hhvh1xhjcdfebt1eh388ncmmqtnn5es94x1mt98m9qgnmc5jp79py77htvz03hkwwc6t8xp09ybn67qwsajgbccp3240dnsmcybsp7yfc5vbys9b55mtzyvesdxn4ph71czdv935z8n1nr87n1v1b19vse4yk5yrxnw0bc6a2ds1qqdnwmh1v0ar6h83tf36ds5byg05gf4j43wqrn56wfgvvy3veqp3sk3vk1s6edqb6c3j1906jvze03w7f42745tp8z25ywv5ysdvghxqx4kjezjqf2g5tzkve091zyc3j6ap1yfw9y7r&b=ZWYydAAG4yMD59z2AA4icgrKEwB8CurmJ5dZUg&cbvp=2
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6593523210010154&output=html&h=90&slotname=9586219513&adk=1165138949&adf=776186313&pi=t.ma~as.9586219513&w=728&format=728x90&url=https%3A%2F%2Fforeks.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1701196403992&bpp=1&bdt=263&idt=351&shv=r20231109&mjsv=m202311090101&ptt=9&saldr=aa&prev_fmts=0x0&nras=1&correlator=3625658249918&frm=24&ife=3&pv=1&ga_vid=68299655.1701196404&ga_sid=1701196404&ga_hid=1777254059&ga_fc=0&nhd=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=728&ish=90&ifk=2017660139&scr_x=-12245933&scr_y=-12245933&eid=44759876%2C44759927%2C31079758%2C31078301%2C44807764%2C44808149%2C44808285%2C44809072&oid=2&pvsid=654864279827728&tmod=1367654180&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C728%2C90&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=2.xpuo2n6avl1q&fsb=1&dtd=353
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:1901:0:76b9:: Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

access-control-allow-origin: *
date: Tue, 28 Nov 2023 18:33:25 GMT
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-type: image/gif

GET
H3 200 default.css
as.ad4m.at/ad/style/0.1.50/one-ad/ Frame 63B5 115 KB
14 KB 68ms
68ms Stylesheet
text/css 2606:4700:20::ac43:4a81
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://as.ad4m.at/ad/style/0.1.50/one-ad/default.css
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/dr?ed=1jzjaensskpm816x8e7m86y07zg1d7mhaxmcbn5yfpeqj28dtf2e26asgp71v8t43zyzw6pxwy05p86m15tkye94r3e0s5xwq1n9zbxxx1nvpydawdzwc5e52ryx5qnkwj67at1t7qxr4gzspzwaymv6mqg8nscf4ky6kqfsexmttfscfmxg84w0ne5hjgcdnarmt2tcestwp70v7dgmphf5cg692x2qk3g82ngky1qe5t8z5rxqdkrqq5mdmrseq5qywj2jjt282mb5krqtpzjrnk3srx0zhpsveq33kw3h3h7f2btxe6hc3r33j3x2zxnzret9tf263660sgbe1846dp61hpyhz07f5d88x1e3cchn9r3qevzkvwm9ytcjec0gzmgdft28xg75f9pmwe8qbw7fkgcamwnamrx2qnygh0bvnjrr5wdj29wt789dxq3vvsga&x=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCvdv8dDJmZYyoH6_OkPIPy9iN4AeQ4YGEXLaoworwAsCNtwEQASAAYJWCgICYB4IBF2NhLXB1Yi02NTkzNTIzMjEwMDEwMTU0yAEJqQLQvqB80mqyPqgDAcgDAqoE6QFP0HVSySJARTVk_Ue2gMFxYof1GbLy69hYaz94OBq_IXCQ1apdyNkozvzzdPxrIcIcUV2x_BgE7fRvzqEvnbiP13oDZS07hT8p6O_JCFn7Gsl9U7BrleW7TSNKIg2hsBU-jJmrIQ6JtOoJC-DFLzmvGc_JfOJaVIQvb5G9zMXklRaLAtqlO9QYBZGOxoTdGljU9WPftZmtNqErXlobr_45r_hslIdRFO3oIifQeso88JfDoWQcNbbGd8dMw5D-Afa61J3MkAeieqnHcsm3f_4ooqIk3PjkfxuBaUoYGNYGS90_GHWmT987sYAGxe-ql6zq8qYcoAYhqAemvhuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIFAiA4YAQEAEyAqoCOgKAQEi9_cE6-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_1pg0Z1J5xeFijqk4mbWJDG4sM7aQ%26client%3Dca-pub-6593523210010154%26adurl%3D
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::ac43:4a81 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5f5a0db09b2c7d59fce00d749f6b857d80edafcca6897c038c5b77fb942f1393

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://as.ad4m.at/ad/dr?ed=1jzjaensskpm816x8e7m86y07zg1d7mhaxmcbn5yfpeqj28dtf2e26asgp71v8t43zyzw6pxwy05p86m15tkye94r3e0s5xwq1n9zbxxx1nvpydawdzwc5e52ryx5qnkwj67at1t7qxr4gzspzwaymv6mqg8nscf4ky6kqfsexmttfscfmxg84w0ne5hjgcdnarmt2tcestwp70v7dgmphf5cg692x2qk3g82ngky1qe5t8z5rxqdkrqq5mdmrseq5qywj2jjt282mb5krqtpzjrnk3srx0zhpsveq33kw3h3h7f2btxe6hc3r33j3x2zxnzret9tf263660sgbe1846dp61hpyhz07f5d88x1e3cchn9r3qevzkvwm9ytcjec0gzmgdft28xg75f9pmwe8qbw7fkgcamwnamrx2qnygh0bvnjrr5wdj29wt789dxq3vvsga&x=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCvdv8dDJmZYyoH6_OkPIPy9iN4AeQ4YGEXLaoworwAsCNtwEQASAAYJWCgICYB4IBF2NhLXB1Yi02NTkzNTIzMjEwMDEwMTU0yAEJqQLQvqB80mqyPqgDAcgDAqoE6QFP0HVSySJARTVk_Ue2gMFxYof1GbLy69hYaz94OBq_IXCQ1apdyNkozvzzdPxrIcIcUV2x_BgE7fRvzqEvnbiP13oDZS07hT8p6O_JCFn7Gsl9U7BrleW7TSNKIg2hsBU-jJmrIQ6JtOoJC-DFLzmvGc_JfOJaVIQvb5G9zMXklRaLAtqlO9QYBZGOxoTdGljU9WPftZmtNqErXlobr_45r_hslIdRFO3oIifQeso88JfDoWQcNbbGd8dMw5D-Afa61J3MkAeieqnHcsm3f_4ooqIk3PjkfxuBaUoYGNYGS90_GHWmT987sYAGxe-ql6zq8qYcoAYhqAemvhuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIFAiA4YAQEAEyAqoCOgKAQEi9_cE6-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_1pg0Z1J5xeFijqk4mbWJDG4sM7aQ%26client%3Dca-pub-6593523210010154%26adurl%3D
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 18:33:25 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 1442625
cf-polished: origSize=118430
alt-svc: h3=":443"; ma=86400
cf-bgj: minify
last-modified: Thu, 02 Nov 2023 10:26:17 GMT
server: cloudflare
etag: W/"486507ccce9ac587d11c0ef3f32a109a"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qbYrkqIGWuoOBylU%2FckykgXgKLQ8rXZh6Hwh%2BJXpzKrFVvgoZUDGnn7UbVjWGNpeyNClkyHZmOn8h0UG6PbQry7d3aaqk9iLCkv1uvseFdUvb%2BO2LFTn2IWI6ZbVfFYVn6h0i2jKmeE%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: public, max-age=86400
cf-ray: 82d4b2fcac5c9954-FRA
expires: Wed, 29 Nov 2023 18:33:25 GMT

GET
H3 200 r62eglto.js Show response
ad4m.at/ Frame 63B5 25 KB
10 KB 69ms
69ms Script
application/javascript 2606:4700:20::ac43:4a81
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ad4m.at/r62eglto.js
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/dr?ed=1jzjaensskpm816x8e7m86y07zg1d7mhaxmcbn5yfpeqj28dtf2e26asgp71v8t43zyzw6pxwy05p86m15tkye94r3e0s5xwq1n9zbxxx1nvpydawdzwc5e52ryx5qnkwj67at1t7qxr4gzspzwaymv6mqg8nscf4ky6kqfsexmttfscfmxg84w0ne5hjgcdnarmt2tcestwp70v7dgmphf5cg692x2qk3g82ngky1qe5t8z5rxqdkrqq5mdmrseq5qywj2jjt282mb5krqtpzjrnk3srx0zhpsveq33kw3h3h7f2btxe6hc3r33j3x2zxnzret9tf263660sgbe1846dp61hpyhz07f5d88x1e3cchn9r3qevzkvwm9ytcjec0gzmgdft28xg75f9pmwe8qbw7fkgcamwnamrx2qnygh0bvnjrr5wdj29wt789dxq3vvsga&x=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCvdv8dDJmZYyoH6_OkPIPy9iN4AeQ4YGEXLaoworwAsCNtwEQASAAYJWCgICYB4IBF2NhLXB1Yi02NTkzNTIzMjEwMDEwMTU0yAEJqQLQvqB80mqyPqgDAcgDAqoE6QFP0HVSySJARTVk_Ue2gMFxYof1GbLy69hYaz94OBq_IXCQ1apdyNkozvzzdPxrIcIcUV2x_BgE7fRvzqEvnbiP13oDZS07hT8p6O_JCFn7Gsl9U7BrleW7TSNKIg2hsBU-jJmrIQ6JtOoJC-DFLzmvGc_JfOJaVIQvb5G9zMXklRaLAtqlO9QYBZGOxoTdGljU9WPftZmtNqErXlobr_45r_hslIdRFO3oIifQeso88JfDoWQcNbbGd8dMw5D-Afa61J3MkAeieqnHcsm3f_4ooqIk3PjkfxuBaUoYGNYGS90_GHWmT987sYAGxe-ql6zq8qYcoAYhqAemvhuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIFAiA4YAQEAEyAqoCOgKAQEi9_cE6-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_1pg0Z1J5xeFijqk4mbWJDG4sM7aQ%26client%3Dca-pub-6593523210010154%26adurl%3D
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::ac43:4a81 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ba4a0c91bdda0c6f615970c6c39dbe9e47f84613f5460c2b21bf5d1eec6277a3

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 18:33:25 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Tue, 11 Jul 2023 16:29:57 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 398632
etag: W/"8f7b47e4fef4e58c4cfeb4f6c445dcb6"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LJpE9CJ0bs%2Bc1MxU80eiUZLuyCaHMq4Fixs4ILkAaElhfQ0vJH7bwEt%2FrO6g%2BKaIkSJ%2BZsBHMJkdTtHuyroT5pNIX%2BJfXNNeAShZ07K3cTDRwYgA5LWKT1omIKO6fd5yUbrLeMo%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
cache-control: public, max-age=3600, must-revalidate, stale-while-revalidate=300
cf-ray: 82d4b2fcac5d9954-FRA
alt-svc: h3=":443"; ma=86400
expires: Fri, 24 Nov 2023 03:49:33 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame E921
Redirect Chain

https://cms.quantserve.com/dpixel?a=p-n5vvLvRdjg0ek&eid=0&qc_google_push=&google_gid=CAESEHmKZFqnhuOUkk0Gc8Hwm7o&google_cver=1&google_push=AXcoOmTYZ1G6uCFySZujSfdzd7P9t8WEGPinht5hSpt5bBTR71tODQm3EO...
https://cm.g.doubleclick.net/pixel?&google_nid=B765081F39B1F7&google_push=AXcoOmTYZ1G6uCFySZujSfdzd7P9t8WEGPinht5hSpt5bBTR71tODQm3EO9mIKEC-ytUgCGlzgBjT72ScEPYxgugkeC8aJgz6STFZy25ITH6l9g9s4526JcpsiQ...

170 B
188 B

33ms
32ms

Image
image/png

142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?&google_nid=B765081F39B1F7&google_push=AXcoOmTYZ1G6uCFySZujSfdzd7P9t8WEGPinht5hSpt5bBTR71tODQm3EO9mIKEC-ytUgCGlzgBjT72ScEPYxgugkeC8aJgz6STFZy25ITH6l9g9s4526JcpsiQeSZ_tr_LEpMZ7TbSxbx33tfDGLqyZkdNtmw&google_hm=XfghiUm9H88VAw_jCG-ivg

Requested by

Protocol

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 28 Nov 2023 18:33:25 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?&google_nid=B765081F39B1F7&google_push=AXcoOmTYZ1G6uCFySZujSfdzd7P9t8WEGPinht5hSpt5bBTR71tODQm3EO9mIKEC-ytUgCGlzgBjT72ScEPYxgugkeC8aJgz6STFZy25ITH6l9g9s4526JcpsiQeSZ_tr_LEpMZ7TbSxbx33tfDGLqyZkdNtmw&google_hm=XfghiUm9H88VAw_jCG-ivg
pragma: no-cache
date: Tue, 28 Nov 2023 18:33:25 GMT
cache-control: private, no-cache, no-store, proxy-revalidate
strict-transport-security: max-age=86400
content-length: 0
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame E921
Redirect Chain

https://pm.w55c.net/ping_match.gif?ei=GOOGLE&rurl=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3D9675309%26google_hm%3D_wfivefivec64esc_&google_gid=CAESEHYqp6gRl8MPnLGx0emdfck&google_cve...
https://pm.w55c.net/ping_match.gif?scc=1&ei=GOOGLE&rurl=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3D9675309%26google_hm%3D_wfivefivec64esc_&google_gid=CAESEHYqp6gRl8MPnLGx0emdfck&goog...
https://cm.g.doubleclick.net/pixel?google_nid=9675309&google_hm=d1plWEJMYksxUjgyVEg1&google_gid=CAESEHYqp6gRl8MPnLGx0emdfck&google_cver=1&google_push=AXcoOmQb-vLIIvQ1ywBdOU_zd4njgYOeQBuZTlLauBl-oB5...

170 B
188 B

38ms
38ms

Image
image/png

142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=9675309&google_hm=d1plWEJMYksxUjgyVEg1&google_gid=CAESEHYqp6gRl8MPnLGx0emdfck&google_cver=1&google_push=AXcoOmQb-vLIIvQ1ywBdOU_zd4njgYOeQBuZTlLauBl-oB5BrzP8kEmPgNt92_fXL8LZzOWhPz87Ex6i3cBd7g2ebGE78s5y885msb5BtXtLHJKvAlOrLqW4HlYR1NEtaEpA1XOG3Q5Q5jvtbQMq3A5ldVTelQ

Requested by

Protocol

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 28 Nov 2023 18:33:25 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Tue, 28 Nov 2023 18:33:25 GMT
Strict-Transport-Security: max-age=2592000; includeSubDomains
Server: PingMatch/v2.0.30-795-gb641a57#rel-ec2-master i-0f7f5cc7c951f6e61@eu-central-1b@dxedge-app-eu-central-1-prod-asg
Location: https://cm.g.doubleclick.net/pixel?google_nid=9675309&google_hm=d1plWEJMYksxUjgyVEg1&google_gid=CAESEHYqp6gRl8MPnLGx0emdfck&google_cver=1&google_push=AXcoOmQb-vLIIvQ1ywBdOU_zd4njgYOeQBuZTlLauBl-oB5BrzP8kEmPgNt92_fXL8LZzOWhPz87Ex6i3cBd7g2ebGE78s5y885msb5BtXtLHJKvAlOrLqW4HlYR1NEtaEpA1XOG3Q5Q5jvtbQMq3A5ldVTelQ
Cache-Control: no-cache, must-revalidate
Connection: keep-alive
Content-Length: 0
Expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame E921 0
12 B 31ms
30ms Image
text/html 142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13LE2EhaQHeNlmvoCdYdLGlmeRKpHaDaquze7jQ

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 18:33:25 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H2

200

/
r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/ Frame 6A7E
Redirect Chain

https://ad.turn.com/r/cs?pid=3&google_gid=CAESEAJ7urwz990_-xR0ICw10V0&google_cver=1&google_push=AXcoOmSzF3LBftJqZi4i1PG8ZW8Cy8fCIctsgGIBQfTUwvJO3fSU21XHWo9aQbnbsPMgyON7G6HjiyKHbI_dbNHyLZ5ownEqBKaPZ...
https://cm.g.doubleclick.net/pixel?google_nid=turn1&google_cm&google_sc&google_hm=NzAwOTM0ODI5MTEyNjY2ODU0NQ==&gdpr=&gdpr_consent=
https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?gdpr=&gdpr_consent=&google_gid=CAESEAJ7urwz990_-xR0ICw10V0&google_cver=1

43 B
398 B

39ms
38ms

Image
image/gif

2001:678:cb4:bbbb::11
AMOBEE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?gdpr=&gdpr_consent=&google_gid=CAESEAJ7urwz990_-xR0ICw10V0&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6593523210010154&output=html&h=50&slotname=7479749161&adk=62601535&adf=776186319&pi=t.ma~as.7479749161&w=320&fwrn=16&format=320x50&url=https%3A%2F%2Fforeks.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1701196404076&bpp=1&bdt=301&idt=332&shv=r20231109&mjsv=m202311090101&ptt=9&saldr=aa&prev_fmts=0x0&nras=1&correlator=8490635587843&frm=24&ife=3&pv=1&ga_vid=1929377328.1701196404&ga_sid=1701196404&ga_hid=2029982201&ga_fc=0&nhd=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=320&ish=50&ifk=2021984501&scr_x=-12245933&scr_y=-12245933&eid=44759876%2C44759927%2C42532605%2C44798934%2C44809317%2C31078301%2C31079653%2C44807763%2C44808148%2C44808285%2C44809072&oid=2&pvsid=381731750731463&tmod=1776130808&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C320%2C50&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=2.fzfr6taekjip&fsb=1&dtd=333
Protocol: H2
Server: 2001:678:cb4:bbbb::11 , United Kingdom, ASN56396 (AMOBEE, GB),
Reverse DNS
Software: /
Resource Hash: 48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

content-type: image/gif
pragma: no-cache
date: Tue, 28 Nov 2023 18:33:24 GMT
cache-control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
content-length: 43
p3p: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"

Redirect headers

pragma: no-cache
date: Tue, 28 Nov 2023 18:33:25 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?gdpr=&gdpr_consent=&google_gid=CAESEAJ7urwz990_-xR0ICw10V0&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 329
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 204 current
dclk-match.dotomi.com/match/bounce/ Frame 6A7E 0
103 B 56ms
54ms Image
text/plain 2a02:fa8:8806:13::1370
VCLK-EU-SE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dclk-match.dotomi.com/match/bounce/current?networkId=14000&version=1&google_gid=CAESEAtY7nETFNlhGds30GDsJSc&google_cver=1&google_push=AXcoOmTVHxSumpnHL1q3jqWrm6a8Lc7dTQf32RoIltfSi5ZpdK24NcKi1gbmd5WjTbwWARJST2pnyUiEValKW8p1hurdIBIq7829I_N_ND8HkcuRhHCOs3iSGBthQZsMXVM2UKD5T1lUY282FhidVpUg2pefTw
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6593523210010154&output=html&h=50&slotname=7479749161&adk=62601535&adf=776186319&pi=t.ma~as.7479749161&w=320&fwrn=16&format=320x50&url=https%3A%2F%2Fforeks.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1701196404076&bpp=1&bdt=301&idt=332&shv=r20231109&mjsv=m202311090101&ptt=9&saldr=aa&prev_fmts=0x0&nras=1&correlator=8490635587843&frm=24&ife=3&pv=1&ga_vid=1929377328.1701196404&ga_sid=1701196404&ga_hid=2029982201&ga_fc=0&nhd=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=320&ish=50&ifk=2021984501&scr_x=-12245933&scr_y=-12245933&eid=44759876%2C44759927%2C42532605%2C44798934%2C44809317%2C31078301%2C31079653%2C44807763%2C44808148%2C44808285%2C44809072&oid=2&pvsid=381731750731463&tmod=1776130808&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C320%2C50&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=2.fzfr6taekjip&fsb=1&dtd=333
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2a02:fa8:8806:13::1370 , Singapore, ASN41041 (VCLK-EU-SE, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 28 Nov 2023 18:33:25 GMT
cache-control: no-cache, private, max-age=0, no-store
server: nginx
expires: 0

GET
H2 200 sync
x.bidswitch.net/ Frame 6A7E 43 B
145 B 24ms
23ms Image
image/gif 35.156.210.91
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://x.bidswitch.net/sync?ssp=google&google_gid=CAESELVJFE5XNox38m0K7hS1YlM&google_cver=1&google_push=AXcoOmRwlPlQOgUnyjccuByC4bQ7xVZfooWdp1Ian7b1nR3-gCmgXtWnlCOf0hHsvCT2HduFH9QCRNyqEh0jj0yeqCm4qV6RTcGKfzbYkjqQ47c2bE09CTElJU3qriWg9x2XGYA4d8VHOe7wsSB7k3kyPz4jnA
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6593523210010154&output=html&h=50&slotname=7479749161&adk=62601535&adf=776186319&pi=t.ma~as.7479749161&w=320&fwrn=16&format=320x50&url=https%3A%2F%2Fforeks.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1701196404076&bpp=1&bdt=301&idt=332&shv=r20231109&mjsv=m202311090101&ptt=9&saldr=aa&prev_fmts=0x0&nras=1&correlator=8490635587843&frm=24&ife=3&pv=1&ga_vid=1929377328.1701196404&ga_sid=1701196404&ga_hid=2029982201&ga_fc=0&nhd=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=320&ish=50&ifk=2021984501&scr_x=-12245933&scr_y=-12245933&eid=44759876%2C44759927%2C42532605%2C44798934%2C44809317%2C31078301%2C31079653%2C44807763%2C44808148%2C44808285%2C44809072&oid=2&pvsid=381731750731463&tmod=1776130808&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C320%2C50&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=2.fzfr6taekjip&fsb=1&dtd=333
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.156.210.91 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-35-156-210-91.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 18:33:25 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 43
content-type: image/gif

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 6A7E
Redirect Chain

https://pr-bh.ybp.yahoo.com/sync/adx?google_gid=CAESEHbts3K134r8PWu3aEoPeWg&google_cver=1&google_push=AXcoOmTjjPwEY0cRfWaQtrswkLStRmryEdPmMPW4NQXMLGuJVDfxK0HZQzvgVrJVuPwUnv71i-UisO8UtHb4fVEc8PCyI6T...
https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=AXcoOmTjjPwEY0cRfWaQtrswkLStRmryEdPmMPW4NQXMLGuJVDfxK0HZQzvgVrJVuPwUnv71i-UisO8UtHb4fVEc8PCyI6TBOJqOSZgFX6pjf2JW-Q5Eb7VHoh0GI-TO3gljB...

170 B
188 B

33ms
32ms

Image
image/png

142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=AXcoOmTjjPwEY0cRfWaQtrswkLStRmryEdPmMPW4NQXMLGuJVDfxK0HZQzvgVrJVuPwUnv71i-UisO8UtHb4fVEc8PCyI6TBOJqOSZgFX6pjf2JW-Q5Eb7VHoh0GI-TO3gljBK0DfiLxFxRz8V1XDB2nvjFLsQ&google_hm=eS02OURNUFdwRTJwSHJDQndqS3BEVFZmX0g5TURRTGFjZH5B

Requested by

Protocol

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 28 Nov 2023 18:33:25 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Tue, 28 Nov 2023 18:33:25 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
server: ATS
content-security-policy: sandbox; default-src 'self'; script-src 'none'; object-src 'none'; report-uri http://csp.yahoo.com/beacon/csp?src=generic
age: 0
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-frame-options: DENY
location: https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=AXcoOmTjjPwEY0cRfWaQtrswkLStRmryEdPmMPW4NQXMLGuJVDfxK0HZQzvgVrJVuPwUnv71i-UisO8UtHb4fVEc8PCyI6TBOJqOSZgFX6pjf2JW-Q5Eb7VHoh0GI-TO3gljBK0DfiLxFxRz8V1XDB2nvjFLsQ&google_hm=eS02OURNUFdwRTJwSHJDQndqS3BEVFZmX0g5TURRTGFjZH5B
content-length: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 6A7E
Redirect Chain

https://c1.adform.net/serving/cookie/match/?party=1&google_gid=CAESEHmfju9UpwzzUyGAy1V_E58&google_cver=1&google_push=AXcoOmTdiSO0DG6JGlW_xnn9J7s-xkTJu7STy5FEbS1LOfEDKhm-fGeoC2Ii6qNQEXgE8K7QyTVqeml-...
https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=MTU0ODMyNDk5NzM5NTM3NDgyMQ&google_push=AXcoOmTdiSO0DG6JGlW_xnn9J7s-xkTJu7STy5FEbS1LOfEDKhm-fGeoC2Ii6qNQEXgE8K7QyTVqem...

170 B
188 B

35ms
35ms

Image
image/png

142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=MTU0ODMyNDk5NzM5NTM3NDgyMQ&google_push=AXcoOmTdiSO0DG6JGlW_xnn9J7s-xkTJu7STy5FEbS1LOfEDKhm-fGeoC2Ii6qNQEXgE8K7QyTVqeml-MLOx3kv1y3bcAYx-MdPJCCY5-cZCA8nf3duUVsq2ipCmxPfwcIY4XMxRROtRkqyvg51cgb_wgVKw

Requested by

Protocol

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 28 Nov 2023 18:33:25 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Tue, 28 Nov 2023 18:33:25 GMT
strict-transport-security: max-age=31536000; includeSubDomains
server: nginx
accept-ch: Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version
access-control-max-age: 86400
access-control-allow-methods: GET
location: https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=MTU0ODMyNDk5NzM5NTM3NDgyMQ&google_push=AXcoOmTdiSO0DG6JGlW_xnn9J7s-xkTJu7STy5FEbS1LOfEDKhm-fGeoC2Ii6qNQEXgE8K7QyTVqeml-MLOx3kv1y3bcAYx-MdPJCCY5-cZCA8nf3duUVsq2ipCmxPfwcIY4XMxRROtRkqyvg51cgb_wgVKw
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
content-length: 0
expires: -1

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 6A7E
Redirect Chain

https://onetag-sys.com/match/?int_id=19&redir=1&google_gid=CAESEFJEGHAyzCNShrNoNFnXIwI&google_cver=1&google_push=AXcoOmS7l4xqYm67Ra3LUi2chZzp8-PO_uBTLnt2h_RMDw2sD6vZC0gwCMkme7QhByFWEO01GdBHphxQF3ub...
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=AXcoOmS7l4xqYm67Ra3LUi2chZzp8-PO_uBTLnt2h_RMDw2sD6vZC0gwCMkme7QhByFWEO01GdBHphxQF3ubos6jxE6TvzQSpQTWC0UahsGpySBWzCMedGaY...

170 B
188 B

33ms
33ms

Image
image/png

142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=AXcoOmS7l4xqYm67Ra3LUi2chZzp8-PO_uBTLnt2h_RMDw2sD6vZC0gwCMkme7QhByFWEO01GdBHphxQF3ubos6jxE6TvzQSpQTWC0UahsGpySBWzCMedGaYaaSyNvPzi6efovC03hVsLRJ_xseZR9atNLbW

Requested by

Protocol

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 28 Nov 2023 18:33:25 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=AXcoOmS7l4xqYm67Ra3LUi2chZzp8-PO_uBTLnt2h_RMDw2sD6vZC0gwCMkme7QhByFWEO01GdBHphxQF3ubos6jxE6TvzQSpQTWC0UahsGpySBWzCMedGaYaaSyNvPzi6efovC03hVsLRJ_xseZR9atNLbW
strict-transport-security: max-age=15552000
cache-control: no-transform, no-cache
alt-svc: h3=":443"; ma=900, h3-29=":443"; ma=900
content-length: 0
p3p: CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 6A7E
Redirect Chain

https://ius.ctnsnet.com/int/cm?exc=1&acc=crimtan_holdings_limited&google_gid=CAESEL1oEDOw2usnmqZ2vY9mNL8&google_cver=1&google_push=AXcoOmSO10RDVDtpyMqo3iG8YoKM2NRLtc9tdSGAWaIscyL_VW94YVBnPqDpKNfSo5...
https://cm.g.doubleclick.net/pixel?google_nid=crimtan_holdings_limited&google_push=AXcoOmSO10RDVDtpyMqo3iG8YoKM2NRLtc9tdSGAWaIscyL_VW94YVBnPqDpKNfSo5NA7-4z69JDbT2T_VKTTsvEa6MwGzzjb8ADycGHrIrGbglST9...

170 B
188 B

35ms
35ms

Image
image/png

142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=crimtan_holdings_limited&google_push=AXcoOmSO10RDVDtpyMqo3iG8YoKM2NRLtc9tdSGAWaIscyL_VW94YVBnPqDpKNfSo5NA7-4z69JDbT2T_VKTTsvEa6MwGzzjb8ADycGHrIrGbglST9mL5y7So0KQE5rGbqwNELh0GqOJwfFN6JnVKOLoZqjb03w&google_hm=QPH2J68-Sie8twLl7waw8oU

Requested by

Protocol

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 28 Nov 2023 18:33:25 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Tue, 28 Nov 2023 18:33:24 GMT
via: 1.1 google
server: Apache-Coyote/1.1
p3p: CP="NOI DSP COR NID CUR OUR NOR"
status: 302
location: https://cm.g.doubleclick.net/pixel?google_nid=crimtan_holdings_limited&google_push=AXcoOmSO10RDVDtpyMqo3iG8YoKM2NRLtc9tdSGAWaIscyL_VW94YVBnPqDpKNfSo5NA7-4z69JDbT2T_VKTTsvEa6MwGzzjb8ADycGHrIrGbglST9mL5y7So0KQE5rGbqwNELh0GqOJwfFN6JnVKOLoZqjb03w&google_hm=QPH2J68-Sie8twLl7waw8oU
content-type: text/html;charset=UTF-8
cache-control: no-cache, must-revalidate
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 1; mode=block
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame 6A7E 0
12 B 30ms
30ms Image
text/html 142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13IWPsnS6hQEa1wMXw9EycDbPorRCw4mlW-oQYnnZliRA4WgueCVPT7BdiVqmm1yHanOT70p7g

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 18:33:25 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame A62A 0
0 55ms
55ms Image
text/html 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gda_r20231109&jk=2346992362013379&rc=
Requested by: Host: foreks.com
URL: https://foreks.com/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 6C36 0
0 56ms
56ms Image
text/html 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gda_r20231109&jk=3790986635859306&rc=
Requested by: Host: foreks.com
URL: https://foreks.com/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

GET
H3 200 GOa2ZK97xVqw-WOSDw2lqG4V8l_qTiI5JNj0tnI6N88.js Show response
pagead2.googlesyndication.com/bg/ Frame 734B 39 KB
15 KB 21ms
21ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/GOa2ZK97xVqw-WOSDw2lqG4V8l_qTiI5JNj0tnI6N88.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

18e6b664af7bc55ab0f963920f0da5a86e15f25fea4e223924d8f4b6723a37cf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 17:29:53 GMT
content-encoding: br
x-content-type-options: nosniff
age: 3812
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15296
x-xss-protection: 0
last-modified: Mon, 06 Nov 2023 16:38:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 27 Nov 2024 17:29:53 GMT

GET
H3 200 GOa2ZK97xVqw-WOSDw2lqG4V8l_qTiI5JNj0tnI6N88.js Show response
pagead2.googlesyndication.com/bg/ Frame 5017 39 KB
15 KB 21ms
21ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/GOa2ZK97xVqw-WOSDw2lqG4V8l_qTiI5JNj0tnI6N88.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

18e6b664af7bc55ab0f963920f0da5a86e15f25fea4e223924d8f4b6723a37cf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 17:29:53 GMT
content-encoding: br
x-content-type-options: nosniff
age: 3812
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15296
x-xss-protection: 0
last-modified: Mon, 06 Nov 2023 16:38:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 27 Nov 2024 17:29:53 GMT

GET
H2 200 adchoices_default.png
static-de.ad4mat.net/ads/img/ad_markers_folder/ Frame 6D0C 350 B
645 B 40ms
40ms Image
image/png 2606:4700:20::ac43:444e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static-de.ad4mat.net/ads/img/ad_markers_folder/adchoices_default.png
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/style/0.1.50/one-ad/default.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::ac43:444e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d41dc07aed30cb54de661289691254b1288a52bcf4d121cec3acb89d4aa872a8

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://as.ad4m.at/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 18:33:25 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 713653
alt-svc: h3=":443"; ma=86400
content-length: 350
last-modified: Mon, 20 Nov 2023 11:04:04 GMT
server: cloudflare
etag: "e7fc49b61cae983db8c3a1dccf923b93"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=X72DKdLXJdl7RuAtJ%2BKKRaag3JiwQdx%2BO%2F2nsehFj286LUycwYSD91Mqh%2F4AW4rV%2B6ksilL9PajtBGB5m2NUo9gD2gShxiMSyART4mW2nxfZ%2Bkkb1MLKCXu%2F%2FdjVgE0H%2FWBE%2FOes6b51jclSvu1g3KP5"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: public, max-age=315360000, immutable
accept-ranges: bytes
cf-ray: 82d4b2fd1a2f5c98-FRA
expires: Tue, 19 Nov 2024 11:23:05 GMT

POST
H3 200 rs Show response
ad4m.at/ Frame B41D 2 KB
2 KB 50ms
49ms XHR
text/plain 2606:4700:20::ac43:4a81
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ad4m.at/rs
Requested by: Host: ad4m.at
URL: https://ad4m.at/r62eglto.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::ac43:4a81 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2b57f15eb2287dd8e3be27c13aa3f4c572e444cc15988a37cd3db58255e2b7fb

Request headers

Referer
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
Content-Type: application/json

Response headers

date: Tue, 28 Nov 2023 18:33:25 GMT
via: 1.1 google
content-encoding: br
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gpY51cY%2B7QM%2FevQiFLg8onRIwY6s484MZvr0jrEmdm5mXE5ybNAKreA8nUtkh3Hxyq3xGEeu2CkQk4iz0GFDe%2FISEuoyP75lgKSKqa52VIf9dmCd6jT7Tx4vwWGZtoEjSbjRQb8%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/plain
access-control-allow-origin: https://as.ad4m.at
access-control-allow-credentials: true
cf-ray: 82d4b2fd9a68906d-FRA
x-backend-server: aa-reachservice-group-europe-west1-2r8n
alt-svc: h3=":443"; ma=86400

OPTIONS
H3 200 rs
ad4m.at/ Frame 0
0 74ms
51ms Preflight
text/plain 2606:4700:20::ac43:4a81
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ad4m.at/rs
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::ac43:4a81 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://as.ad4m.at
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: content-type
access-control-allow-methods: GET,PATCH,POST,OPTIONS,DELETE
access-control-allow-origin: https://as.ad4m.at
access-control-max-age: 1800
allow: HEAD,POST,GET,OPTIONS
alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 82d4b2fd3a0f906d-FRA
content-length: 24
content-type: text/plain
date: Tue, 28 Nov 2023 18:33:25 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=g3TCR37vk5FKJvtPkYUqC%2FEi6JBBVtyIO58FNECL26%2FAZG8L%2BS24WNUvvLTBsbObABm384hkNLBwxVo7F91dFRef0O7BHOW8If3ONZxXaAmovDibR22tF1q%2FrrQmmbMRim6zELw%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
via: 1.1 google
x-backend-server: aa-reachservice-group-europe-west1-m75l

POST
H3 200 rs Show response
ad4m.at/ Frame E69A 2 KB
2 KB 50ms
49ms XHR
text/plain 2606:4700:20::ac43:4a81
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ad4m.at/rs
Requested by: Host: ad4m.at
URL: https://ad4m.at/r62eglto.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::ac43:4a81 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 1aec6f14ee52905d7f545897a9dfbc42ed61b5f8017f94d8c6a44b185c776722

Request headers

Referer
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
Content-Type: application/json

Response headers

date: Tue, 28 Nov 2023 18:33:25 GMT
via: 1.1 google
content-encoding: br
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=y2KjeLFQZC4ainffeEKhBVGUylcVUMzV%2F8KXNKmr56y92beFu5Vg1nlYYgC3cnOG%2Frn8O6l2dhNG6%2Ba5k8EQHJ7SQ6TWtp%2BS7RWXd49aIVhRLHFBn%2BBcxJMZDVL9AyRqSPuIAkE%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/plain
access-control-allow-origin: https://as.ad4m.at
access-control-allow-credentials: true
cf-ray: 82d4b2fd8a5f906d-FRA
x-backend-server: aa-reachservice-group-europe-west1-2r8n
alt-svc: h3=":443"; ma=86400

OPTIONS
H3 200 rs
ad4m.at/ Frame 0
0 67ms
45ms Preflight
text/plain 2606:4700:20::ac43:4a81
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ad4m.at/rs
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::ac43:4a81 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://as.ad4m.at
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: content-type
access-control-allow-methods: GET,PATCH,POST,OPTIONS,DELETE
access-control-allow-origin: https://as.ad4m.at
access-control-max-age: 1800
allow: HEAD,POST,GET,OPTIONS
alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 82d4b2fd3a0e906d-FRA
content-length: 24
content-type: text/plain
date: Tue, 28 Nov 2023 18:33:25 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fqN6MtyngTXCfXRAXQafxQG8fP78IU5%2BJxsXTXM6juatJ8BoAzBlprNvDRiysEGZ0t4Y0PE96KRpCey46n9EWTZzevFtaREKGMaS5WVlCf77s75kpD9PlYHieyktM0IZUW2jKk4%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
via: 1.1 google
x-backend-server: aa-reachservice-group-europe-west1-m75l

POST
H2 200 count
logger.virgul.com/ 0
116 B 61ms
58ms Ping
image/jpeg 185.7.176.222
SH

General

Check archive.org

Show headers Download Go to

Full URL: https://logger.virgul.com/count?m=initBufferFull&g=h&r=npm_foreks::&o=&iv=&wVID=&info=&os=windows&dt=desktop
Requested by: Host: c1.imgiz.com
URL: https://c1.imgiz.com/player_others/html5/NoktaPlayer.js?d=11/28/2023
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 185.7.176.222 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://foreks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

access-control-allow-origin: *
date: Tue, 28 Nov 2023 18:33:25 GMT
server: openresty/1.15.8.3
content-length: 0
access-control-allow-methods: GET, POST
content-type: image/jpeg

POST
H2 200 count
logger.virgul.com/ 0
116 B 62ms
59ms Ping
image/jpeg 185.7.176.222
SH

General

Check archive.org

Show headers Download Go to

Full URL: https://logger.virgul.com/count?m=start&g=m&r=npm_foreks::::&o=vnet7b02ca45-a86b-447b-abe0-0c93ef55687a:1167:700-800::&iv=&wVID=&info=&os=windows&dt=desktop
Requested by: Host: c1.imgiz.com
URL: https://c1.imgiz.com/player_others/html5/NoktaPlayer.js?d=11/28/2023
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 185.7.176.222 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://foreks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

access-control-allow-origin: *
date: Tue, 28 Nov 2023 18:33:25 GMT
server: openresty/1.15.8.3
content-length: 0
access-control-allow-methods: GET, POST
content-type: image/jpeg

POST
H2 200 count
logger.virgul.com/ 0
116 B 62ms
59ms Ping
image/jpeg 185.7.176.222
SH

General

Check archive.org

Show headers Download Go to

Full URL: https://logger.virgul.com/count?m=adRequest&g=m&r=npm_foreks:preroll&o=&iv=&wVID=&info=&os=windows&dt=desktop
Requested by: Host: c1.imgiz.com
URL: https://c1.imgiz.com/player_others/html5/NoktaPlayer.js?d=11/28/2023
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 185.7.176.222 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://foreks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

access-control-allow-origin: *
date: Tue, 28 Nov 2023 18:33:25 GMT
server: openresty/1.15.8.3
content-length: 0
access-control-allow-methods: GET, POST
content-type: image/jpeg

GET
H3 200 frame.html Show response
ad4m.at/ Frame 4A23 2 KB
2 KB 34ms
34ms Document
text/html 2606:4700:20::ac43:4a81
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ad4m.at/frame.html
Requested by: Host: ad4m.at
URL: https://ad4m.at/r62eglto.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::ac43:4a81 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 61bb554f7f2636654d8753efec0e55ae8e1ff4853af1942d7efd1f28f54e783a

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 41486
alt-svc: h3=":443"; ma=86400
cache-control: public, max-age=3600
cf-cache-status: HIT
cf-ray: 82d4b2fd2ccd9954-FRA
content-encoding: br
content-language: en
content-type: text/html; charset=utf-8
date: Tue, 28 Nov 2023 18:33:25 GMT
expires: Tue, 28 Nov 2023 08:01:52 GMT
last-modified: Tue, 17 Oct 2023 09:43:49 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xpyY0QNSqOEdV5f3Xx5L40SBMLeRkoxJajkJ3ORL6%2B5WYNDHBXW20d04s0%2FVaUgyVhJhsip0aVGItUCUvsqmIr2CShAqDN2XP0G01L2LvaOXGwJx0j4ut70%2FZERXfBD0JQmM3CM%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding

GET
DATA 200
OK truncated
/ 985 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 6efe7e4964448fbdd5349e5116703648d6692fc191736eb19b62515e21a7a3d2

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame E490 0
0 59ms
59ms Fetch
image/gif 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsuHV6C-B8VU_POGmJ09QrlSZi7OKmxabFDeCDN_xmF8Lz3gB5iI3cLeWaeOg-zONhFhn4mrwN9ItLf5ZCFLwPshMer8gUa48DskdA8BbkyQ-IaU_Z0HFvsYYdum48shLF8zQIexXOlCvTktbi1Yhn8HQskPMKyoYmSKc0vIPVjANaoY9JQi-NG886SoY8nii56T_Kme1Shf9gmpDXYMglpy9MPzlrUgKipJo_0hm1ZE1p3JIaV9tRW1mPCavBZGXIA6bF4RcSxOxloxO0D6CApfSZCwPPEUtfxiD266NyLNvjdXDiq1BZytt9uhBRH7W2jqxVC4e5_-mNcDSR5tG557nF1ns8FL6P_EVAgOyFa6jK_t&sai=AMfl-YTFbvL8dcngsW1P6pNfQt-sruha1deHxaMO2pVvhdbZhuJnhm-wLWSHdq1TbGU3gp2lERTcPIruX2kubIITDec0nwyh_eYrxpz2uKjTs5cxZOStQNrTjMznVfQZf0h4pynq-ZCzXI463hCAmPZW9NVfgbTFqDD1yDI1uHHmJQ4BXAGq9EzYy5TKEFaU5s_ZtdJVlimhwrbhgdG3G9bqJB4oHjew06yovG6b8CEr55IuCw&sig=Cg0ArKJSzKRW-4iLi2jZEAE&uach_m=%5BUACH%5D&urlfix=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0%3D&adurl=

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://47edc2055ebf6f705c8dda5bf6329e59.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 18:33:25 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Tue, 28 Nov 2023 18:33:25 GMT

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame E490 16 KB
12 KB 75ms
75ms XHR
application/json 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20231109&st=env

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

77c2fcac7e77f0bc0ffe790dc7845c51850c50d4b8444a157f7206837475d6d8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://47edc2055ebf6f705c8dda5bf6329e59.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 18:33:25 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 12418
x-xss-protection: 0

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame 8451 17 KB
6 KB 128ms
128ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://47edc2055ebf6f705c8dda5bf6329e59.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 18:33:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Tue, 28 Nov 2023 18:33:25 GMT

GET
H3 200 adchoices_default.png
static-de.ad4mat.net/ads/img/ad_markers_folder/ Frame 63B5 350 B
916 B 38ms
37ms Image
image/png 2606:4700:20::ac43:444e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static-de.ad4mat.net/ads/img/ad_markers_folder/adchoices_default.png
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/style/0.1.50/one-ad/default.css
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::ac43:444e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d41dc07aed30cb54de661289691254b1288a52bcf4d121cec3acb89d4aa872a8

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://as.ad4m.at/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 18:33:25 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 713652
alt-svc: h3=":443"; ma=86400
content-length: 350
last-modified: Mon, 20 Nov 2023 11:04:04 GMT
server: cloudflare
etag: "e7fc49b61cae983db8c3a1dccf923b93"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=m%2BfUynQRAjvBHGcXI3qHa%2BEWJKgaJ0v0EjMCtx5mn7H6t59qKExgQ2Uf7%2FkORzJ0fJDipLw%2Be2N9dY5InUMQhq4JgX2TSCVjC0NyRHW7NEfjgkVSC2Ng%2FvRayMD0YL39z2pXSjXEGP9omU5PezsNh4BI"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: public, max-age=315360000, immutable
accept-ranges: bytes
cf-ray: 82d4b2fd7a66360c-FRA
expires: Tue, 19 Nov 2024 11:23:05 GMT

GET
H3 200 adchoices_default.png
static-de.ad4mat.net/ads/img/ad_markers_folder/ Frame E05E 350 B
885 B 44ms
44ms Image
image/png 2606:4700:20::ac43:444e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static-de.ad4mat.net/ads/img/ad_markers_folder/adchoices_default.png
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/style/0.1.50/one-ad/default.css
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::ac43:444e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d41dc07aed30cb54de661289691254b1288a52bcf4d121cec3acb89d4aa872a8

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://as.ad4m.at/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 18:33:25 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 713652
alt-svc: h3=":443"; ma=86400
content-length: 350
last-modified: Mon, 20 Nov 2023 11:04:04 GMT
server: cloudflare
etag: "e7fc49b61cae983db8c3a1dccf923b93"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=O%2FgG57EfVAdc6A2mje2wg%2B2sM9511qtqZt6PfhcuM%2F8inrUhPkXpVGRYL%2F6SGvSugt9XW5TiXmzbzQLy4c%2BVhMH2md%2Fd%2B78%2FLdqY%2FHvvRW9OPwva4HxjdaB29lezlzZ21LBiZ18H%2FkCx5fIDRd9AdJRq"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: public, max-age=315360000, immutable
accept-ranges: bytes
cf-ray: 82d4b2fd7a69360c-FRA
expires: Tue, 19 Nov 2024 11:23:05 GMT

GET
H2 200 ads Show response
pubads.g.doubleclick.net/gampad/ Frame 872E 156 B
676 B 391ms
313ms XHR
text/xml 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pubads.g.doubleclick.net/gampad/ads?iu=%2F21728129623%2C158935454%2Fweb_foreks_preroll_FP3&description_url=http%3A%2F%2Fforeks.com&env=vp&correlator=3895725776204800&tfcd=0&npa=0&gdfp_req=1&output=xml_vast4&sz=640x360&unviewed_position_start=1&ppid=vnet7b02ca45a86b447babe00c93ef55687a&cust_params=site%3Dforeks%26env%3Dweb%26mt%3D1701196402186%26r%3D158737%40site_geneli%40foreks%3Asite_geneli%26info%3D%26policy%3D0%26targetCtr%3D0%26viewable%3D2%26site%3Dforeks%26plm%3Dnull%26pid%3Dvnet7b02ca45-a86b-447b-abe0-0c93ef55687a%26targetCr%3D0%26Mobile%3Dfalse%26env%3Dweb%26webmAd%3D1%26overlay%3D1%26rc%3D0%26datasave%3D0&sdkv=h.3.605.0&osd=2&frm=0&vis=1&sdr=1&hl=en&is_amp=0&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&u_so=l&ctv=0&sdki=445&ptt=20&adk=1366865759&sdk_apis=2%2C7%2C8&omid_p=Google1%2Fh.3.605.0&sid=245C6CEC-87AE-4AA7-B341-117F39CBD3ED&a3p=EhwKDWNyd2RjbnRybC5uZXQY96PUucExSABSAghkEhsKDDMzYWNyb3NzLmNvbRj3o9S5wTFIAFICCGQSGQoKcHViY2lkLm9yZxispdS5wTFIAFICCGoSHQoOZXNwLmNyaXRlby5jb20Y96PUucExSABSAghkEj4KBW9wZW54EixleUpwSWpvaVoycGFORzV6WTFSU1ZUWnFWVFZyU2toTFZHVTRkejA5SW4wPRjdqNS5wTFIABKBAQoIcnRiaG91c2USbHJ0aHJSQkpoU2dDSENwOHdTUU16b0ExYUw0WDlMWXF0N2NYYWdudXlhMWlXOE1PWVFVbmJ3U0ZWdXZqYWdzNUZYQ1hCaUptbTExeEc0U3JNeWlsQ3VEYUxjYjgvc2FQeXJyNFd5dDlNVjR3PRiSptS5wTFIABIbCgxpZDUtc3luYy5jb20YpabUucExSABSAghq&nel=0&eid=44768716%2C44772139%2C44777649%2C44781409%2C44802074%2C44802463%2C44803784%2C44804291&url=https%3A%2F%2Fforeks.com%2F&dlt=1701196400810&idt=3743&dt=1701196405353&cookie=ID%3D1e6f297c9b9b30af%3AT%3D1701196403%3ART%3D1701196403%3AS%3DALNI_MZlXdSTaDLNRTscaU5XCLG3I7W6kQ&gpic=UID%3D00000ce85ae6acf8%3AT%3D1701196403%3ART%3D1701196403%3AS%3DALNI_MYkWWSwSFlWjdOqcSWbfAltksoHtA&scor=662278382643970&ged=ve4_td4_tt0_pd4_la4000_er660.1142.813.1442_vi0.0.1200.1600_vp100_eb24171

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/core/bridge3.605.0_en.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8cd629187427fdb93787d7156be7a32c391bb2a8da471bbaa274e806e48b36e7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 18:33:25 GMT
content-encoding: br
x-content-type-options: nosniff
observe-browsing-topics: ?1
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 113
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/xml; charset=UTF-8
access-control-allow-origin: https://imasdk.googleapis.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 all
csm.eu.criteo.net/ Frame 06B3 0
127 B 44ms
44ms Ping
text/plain 2a02:2638:3::1a
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::1a , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Finatra /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://ads.eu.criteo.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: *
date: Tue, 28 Nov 2023 18:33:24 GMT
strict-transport-security: max-age=31536000; preload;
cross-origin-resource-policy: cross-origin
server: Finatra
content-length: 0

POST
H2 200 all
csm.eu.criteo.net/ Frame C8AE 0
127 B 45ms
45ms Ping
text/plain 2a02:2638:3::1a
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::1a , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Finatra /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://ads.eu.criteo.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: *
date: Tue, 28 Nov 2023 18:33:25 GMT
strict-transport-security: max-age=31536000; preload;
cross-origin-resource-policy: cross-origin
server: Finatra
content-length: 0

GET
H3 200 adview
googleads.g.doubleclick.net/pagead/ Frame 6C7F 0
19 B 66ms
66ms Image
text/html 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=CL7aTdDJmZdTlJ6rK998PkaeigAqQ4YGEXLaoworwAsCNtwEQASAAYJWCgICYB4IBF2NhLXB1Yi02NTkzNTIzMjEwMDEwMTU0yAEJqQKcXkyLdl-yPqgDAcgDAqoE5wFP0GSSNGuPZP6btp8oIK5frUXy3J-wWwSauAsN0Fh42wI8HcIvPBtSUWvRFaVHJfy9qlydzMUD3KOvrr7F2zicyP8dSuMo2egcCJR6GfmQxW8GHa_V-vv1wVQY_kmXZSXXK0k5zwIDazLsBvqJqqjKJeERD-dI48li3Oqc6OvzxVaUJMPVsqdMjNDRIt8bIVrbySwPxJVrIgZf8NGIfgbIdzHNuJl_enzB31CvoCt6Hs4WB0zbGp7WhQk_GkhkXUfWAntqIPvjrFbx8ig0H1Mi13HUxNg6QfhrQbP0-gvzRWDDW_gaj3uABq20_5ik46TPIqAGIagHpr4bqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCBQIgOGAEBABMgKqAjoCgEBIvf3BOoAKAfoLAggBgAwB0BUBgBcBshcaChgSFHB1Yi02NTkzNTIzMjEwMDEwMTU0GAA&sigh=QBxFKY6VNrY&uach_m=%5BUACH%5D&cid=CAQSOwDICaaNaNMZ_mZF9S1X8wAxzFyeDn92vYiHLZZySB1Tfm5YwQjJG_AOd8YotD88__-elQDgS6nIXNnYGAE&cbvp=2&vis=1

Requested by

Host: 47edc2055ebf6f705c8dda5bf6329e59.safeframe.googlesyndication.com
URL: https://47edc2055ebf6f705c8dda5bf6329e59.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6593523210010154&output=html&h=250&slotname=1234190425&adk=1935728605&adf=776186307&pi=t.ma~as.1234190425&w=300&fwrn=16&format=300x250&url=https%3A%2F%2Fforeks.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1701196404236&bpp=1&bdt=449&idt=309&shv=r20231109&mjsv=m202311090101&ptt=9&saldr=aa&prev_fmts=0x0&nras=1&correlator=7135450027081&frm=24&ife=3&pv=1&ga_vid=327865232.1701196404&ga_sid=1701196404&ga_hid=973236869&ga_fc=0&nhd=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=300&ish=250&ifk=1474327628&scr_x=-12245933&scr_y=-12245933&eid=44759875%2C44759926%2C31079606%2C42532523%2C31078301%2C44807763%2C44808148%2C44808284%2C44809072%2C318512602&oid=2&pvsid=2911161722174218&tmod=453746666&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C300%2C250&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=2.6eyxff3dyi4h&fsb=1&dtd=311
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Tue, 28 Nov 2023 18:33:25 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H3 204 winResponse
prod-rtb.ad4mat.net/ Frame 6C7F 0
11 B 317ms
317ms Image
image/gif 2600:1901:0:76b9::
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://prod-rtb.ad4mat.net/winResponse?a=1g6nzppxtqbq8y0jsb87ehhe7h0xvyq1b7pgawnmtp8edey1as693edh7c4qf4t63hze77g40rygeptj032enffezht501e6n21jm947kj9n4p4pwaptxpj92n9c75xrjj86fdcb1tm0gx2bcmgecme8przn637v6n0mvcat9hwd2t04pqk2z5jvwhbmthchn5n3fhsbwgpzefgcb45c5t62whah9pfygjpzpa1mb3zn6kap1x8gdpzp2h9yh4a40j79axqx36qat789q9j8edj3vs5z6e3c2mrsn29ccps08e60gqkx5e0btaqpyskztkgpqhsst1d3g3596n7g0ddd91pcv9y7paps88x9p7sb8jqhpfeq4tar0t28nbqvar1bn04n34&b=ZWYydAAJ8tQF_eUqAAiTkbszvAObYk6fos-tJQ&cbvp=2
Requested by: Host: 47edc2055ebf6f705c8dda5bf6329e59.safeframe.googlesyndication.com
URL: https://47edc2055ebf6f705c8dda5bf6329e59.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2600:1901:0:76b9:: Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

access-control-allow-origin: *
date: Tue, 28 Nov 2023 18:33:25 GMT
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-type: image/gif

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 58ED 0
0 58ms
58ms Fetch
image/gif 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsswWy0ZmH_AlXsVt80pXxh51hYzsmiLGaG5TkN9Hzt3en8hJFDXgzKH8OrGNravutRL0_r8AFaCEEoE7w5j8P5To-uPo4ThDFArUD3IfLWSi5hOC15NmgBnclVzMN83hSSwX1K6M8x2T0VtZsfRpo1oqZe8g2izB2cM_ypbw_PeuQbjEZs-492TRDSpuiA-qzWe3RDe2OM5TfC83HH40yd0f0_PihFH0-WhsU5HmcGgMu1CRoboHQsS8WO-ZF6LmHromd0thA0z2ju3OLREk0NRayoqkFNp-PRzknD9mC3ghSNaNVCXwtsnHscNlZKTc49EziwfOj2OsHb2-Q8ddTDu_s1lLmnr_uS89nWXSNl_n8F8T9yVKI2zN8GhroE&sai=AMfl-YQbhun6AnH3Ov22vkYvnX6Xkx-XsBGD1e37Qb75N6BG9gtjpYROUEEY--2E4J7QLVHzteZkax5sPN--k45fKAHUCp4i0nOWO_Gj-koNsBSRMOh9Tg8HGwNtYz0hit0NKzrBuNSmmfdtzW9JPpr3Ekk2bKiInUWdFjLfl1ABKHBC6Mg&sig=Cg0ArKJSzPaUguzv-OYDEAE&uach_m=%5BUACH%5D&urlfix=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0%3D&adurl=

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://47edc2055ebf6f705c8dda5bf6329e59.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 18:33:25 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Tue, 28 Nov 2023 18:33:25 GMT

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame 58ED 16 KB
12 KB 77ms
77ms XHR
application/json 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20231109&st=env

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e04392671705056b0815a17acc2fac35b55fbc59367e1f60f3fbf542e5e3cee0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://47edc2055ebf6f705c8dda5bf6329e59.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 18:33:25 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 12397
x-xss-protection: 0

GET
H3 200 frame.html Show response
ad4m.at/ Frame 97D4 2 KB
2 KB 43ms
42ms Document
text/html 2606:4700:20::ac43:4a81
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ad4m.at/frame.html
Requested by: Host: ad4m.at
URL: https://ad4m.at/r62eglto.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::ac43:4a81 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 61bb554f7f2636654d8753efec0e55ae8e1ff4853af1942d7efd1f28f54e783a

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 41486
alt-svc: h3=":443"; ma=86400
cache-control: public, max-age=3600
cf-cache-status: HIT
cf-ray: 82d4b2fdcd919954-FRA
content-encoding: br
content-language: en
content-type: text/html; charset=utf-8
date: Tue, 28 Nov 2023 18:33:25 GMT
expires: Tue, 28 Nov 2023 08:01:52 GMT
last-modified: Tue, 17 Oct 2023 09:43:49 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BrDKNSKZ5qx1lcU416YAlY3bN1Jp0dY3FUzwU4ArzeFDTXE8seGY%2F1ImbrdqZFXL51mQWcEV%2BJUy7D3pcZoLgzb%2BhlfOeXP%2BfxmOWqwnGdmpw2aUWWQjs10nTgzeD57mU8iatTU%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame E490 17 KB
6 KB 35ms
35ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://47edc2055ebf6f705c8dda5bf6329e59.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 18:33:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Tue, 28 Nov 2023 18:33:25 GMT

GET
H3 200 frame.html Show response
ad4m.at/ Frame 978F 2 KB
2 KB 75ms
75ms Document
text/html 2606:4700:20::ac43:4a81
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ad4m.at/frame.html
Requested by: Host: ad4m.at
URL: https://ad4m.at/r62eglto.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::ac43:4a81 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 61bb554f7f2636654d8753efec0e55ae8e1ff4853af1942d7efd1f28f54e783a

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 41486
alt-svc: h3=":443"; ma=86400
cache-control: public, max-age=3600
cf-cache-status: HIT
cf-ray: 82d4b2fddd969954-FRA
content-encoding: br
content-language: en
content-type: text/html; charset=utf-8
date: Tue, 28 Nov 2023 18:33:25 GMT
expires: Tue, 28 Nov 2023 08:01:52 GMT
last-modified: Tue, 17 Oct 2023 09:43:49 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mb5pgQnVNsA2Cck%2BLTkJCLKwcEW4u%2BR3MnGqYrBCK6a7EtBf5kJzMKjile1IzIrx4nrSSSAuYfvK8pWD%2FebFaA7m%2F%2FutwWq%2BSPoZnZj1Cp93b8K1dS1IVuQfbzJPBlu3NzLYSLo%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding

GET
H3 200 adview
googleads.g.doubleclick.net/pagead/ Frame 89E6 0
19 B 96ms
96ms Image
text/html 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=CUGMEdDJmZZm2I-ON4_UP496YqA6Q4YGEXLaoworwAsCNtwEQASAAYJWCgICYB4IBF2NhLXB1Yi02NTkzNTIzMjEwMDEwMTU0yAEJqQI9a6tbPGiyPqgDAcgDAqoE5gFP0FIkyqpbuVfpH1xFpj3yZVAK_bOgfOfbFbcgz5Ky1ll-76X7M-a5sW515FmY5PwmuyZA19N82g4ZK3bvXmYYCC6zmYGoN_NQyFUsk5WCOme_VxTU_SR_Lgo7EsYkk97Om0Fr3jWEgXSixsOp45XyqYUU6i-NLjfQRLHNXkUV2K2Z0ZxX9ZpRx4uiTpFv-ITXFEQlE7-glXRPzA2HdCmGyDdTTMHbWU-EArm1hopQ5XMbUFUkR5zWAJOSvTt4eaJ_f59gf0n3wPsRfL8Xfm_N6Jv978g4ZSCkBeTiF8lFjjmRLCzTb4AGx5G4oZi-xt9soAYhqAemvhuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIFAiA4YAQEAEyAqoCOgKAQEi9_cE6gAoB-gsCCAGADAHQFQGAFwGyFxoKGBIUcHViLTY1OTM1MjMyMTAwMTAxNTQYAA&sigh=R62UOA0HYG0&uach_m=%5BUACH%5D&cid=CAQSOwDICaaNC30EiC5LlrySqVnOyw-Ay7Wk1SRUnK7AgeGULc6o6alFrZ_gaH8j7s6Kh5qE4006Jy8h2uyzGAE&cbvp=2&vis=1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6593523210010154&output=html&h=90&slotname=9586219513&adk=1165138949&adf=776186312&pi=t.ma~as.9586219513&w=728&format=728x90&url=https%3A%2F%2Fforeks.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1701196404115&bpp=1&bdt=345&idt=358&shv=r20231109&mjsv=m202311140101&ptt=9&saldr=aa&prev_fmts=0x0&nras=1&correlator=457562125127&frm=24&ife=3&pv=1&ga_vid=1339841790.1701196404&ga_sid=1701196404&ga_hid=627177921&ga_fc=0&nhd=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=728&ish=90&ifk=2017660139&scr_x=-12245933&scr_y=-12245933&eid=44759876%2C44759927%2C31079437%2C31079759%2C44809316%2C31078297%2C31079756%2C44807406%2C44807763%2C44808149%2C44808284%2C44809071&oid=2&pvsid=1540846799569571&tmod=294462696&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C728%2C90&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=2&uci=2.4w89kf7hrlt0&fsb=1&dtd=361

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6593523210010154&output=html&h=90&slotname=9586219513&adk=1165138949&adf=776186312&pi=t.ma~as.9586219513&w=728&format=728x90&url=https%3A%2F%2Fforeks.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1701196404115&bpp=1&bdt=345&idt=358&shv=r20231109&mjsv=m202311140101&ptt=9&saldr=aa&prev_fmts=0x0&nras=1&correlator=457562125127&frm=24&ife=3&pv=1&ga_vid=1339841790.1701196404&ga_sid=1701196404&ga_hid=627177921&ga_fc=0&nhd=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=728&ish=90&ifk=2017660139&scr_x=-12245933&scr_y=-12245933&eid=44759876%2C44759927%2C31079437%2C31079759%2C44809316%2C31078297%2C31079756%2C44807406%2C44807763%2C44808149%2C44808284%2C44809071&oid=2&pvsid=1540846799569571&tmod=294462696&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C728%2C90&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=2&uci=2.4w89kf7hrlt0&fsb=1&dtd=361
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Tue, 28 Nov 2023 18:33:25 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H3 204 winResponse
prod-rtb.ad4mat.net/ Frame 89E6 0
11 B 37ms
37ms Image
image/gif 2600:1901:0:76b9::
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://prod-rtb.ad4mat.net/winResponse?a=1j4ty3aarqxr8ez7pjnfvf5vaey6aq4vffvcy8cyxkxwj1340qryfqd1ecmwkbnafp859jnj2c029tv0j8e177femcp1d5pv6x0mdgxc0cm76hh2rr6hjeyx4bmanedb5tp712wyk7x52v87h9vtbykkep7hmtvjxjyavfcgrv1qjzdne3w41qnztzjbnsfymcpdr3xw1v5f9ezmw3yxvj7c599em88bs87pt8hnk4j88ay5sqvhktasgkxj6xqnvpbb4wwwye186m9e8h3fx7nzmr3thpqrs4jyvvbr91s5857hzk953ksgwse389ndndp5py2vwhtzkftvaefep68jm8t1eejdqkcbj0jkh403b67qfc7bxtx99reefrqaje4daxdr78e2qgr&b=ZWYydAAI2xkIuMbjAAYvYwavXvNkQaQAH8GPKA&cbvp=2
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6593523210010154&output=html&h=90&slotname=9586219513&adk=1165138949&adf=776186312&pi=t.ma~as.9586219513&w=728&format=728x90&url=https%3A%2F%2Fforeks.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1701196404115&bpp=1&bdt=345&idt=358&shv=r20231109&mjsv=m202311140101&ptt=9&saldr=aa&prev_fmts=0x0&nras=1&correlator=457562125127&frm=24&ife=3&pv=1&ga_vid=1339841790.1701196404&ga_sid=1701196404&ga_hid=627177921&ga_fc=0&nhd=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=728&ish=90&ifk=2017660139&scr_x=-12245933&scr_y=-12245933&eid=44759876%2C44759927%2C31079437%2C31079759%2C44809316%2C31078297%2C31079756%2C44807406%2C44807763%2C44808149%2C44808284%2C44809071&oid=2&pvsid=1540846799569571&tmod=294462696&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C728%2C90&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=2&uci=2.4w89kf7hrlt0&fsb=1&dtd=361
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2600:1901:0:76b9:: Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

access-control-allow-origin: *
date: Tue, 28 Nov 2023 18:33:25 GMT
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-type: image/gif

GET
H3 200 rar Show response
as.ad4m.at/ad/ Frame 9C7A 9 KB
4 KB 46ms
46ms Document
text/html 2606:4700:20::ac43:4a81
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://as.ad4m.at/ad/rar?a=537178%2C13957%2C59372&b=8RZUDf8fZQ3phgHJHEtxtkbjfGSwT8J9TzD%2CYxGfrf3f9RxFVH9HetQtRR8ckS1T4pJcJQ%2C13ZsbfKfD47Xt9HdH9tAtb9rC2SKT7Mjf9b&f=ZxJfwfBf8rjdtmHDHDtDCJW8T6SXTx3qa27%2Cq4VSmfWfbPBuZHgHDtRCXXxaeSgTA2japQ%2CwA3SdfjfDQ58tEHRH2tEC867tzSATDzRTXj&c=728&d=90&e=&g=9e04326b27acc2263ef14a5b41e0219a%2F12202485594778751933&i=21596%2C20774%2C26474&j=16%2C14%2C41&k=0&l=0&m=0&n=&p=&q=&o=suite_Netmix_Reach02_SSP_CONTROL_ADX&r=1701196405358&h=https%3A%2F%2Fas.ad4m.at%2Fdct%3Fed%3D1k0z19rg6y6bzm8twfamjqw1tkk5a4se2thq97kn2vtzcnr20r2zdygwjfahbyj7jz14gd71daa4qjkawedvzmsxrnp9asskhm7kejtywxa927w0b9nbwjbz339bss4ncxzb8vp273jz3egxj8cnd230w548jc4wvd85004cs3aewkxpa8ngf628nkw01ymfxp0ztgej6caepyhc1da1qtqx6mz5z8btn4zcxy5nmhw4pg9pq4m575z3g77x7g0r19wp01wnv72ya0wbjymg%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DCYHZhdDJmZaPGG_a5n88P8sS48A6Q4YGEXLaoworwAsCNtwEQASAAYJWCgICYB4IBF2NhLXB1Yi02NTkzNTIzMjEwMDEwMTU0yAEJqQKcXkyLdl-yPqgDAcgDAqoE6QFP0CC1bbj-T_ZdipGf0nvJ-D7eR_NQuSbuf-kmw62IzHRWN6r7EeDmzwmynHGe2lYtcDhcVxMdogOiCKouUh4daIM6fvnEXWIlrGmANz9zIwWA-pb3v5O7tatdbBDkAll1_OIwp1DxHvdIuZ9NyNIwMHgZgJ-fG-fzLKIstS7stAXpKBpCCNiYEQGgpb5nFK0x1H2gBRlyWB5W8YL9IEOXREWQ7gy-xeftLgMqkSFPea1iH5t4EiwU9F_IpseZ7TA-J8GWeUQI8AH0zVb9Vwp2wbl64TKLIicsgua6vsFE8wdY9jAJGqZdeIAGhpG7mv_1zaN4oAYhqAemvhuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIFAiA4YAQEAEyAqoCOgKAQEi9_cE6-gsCCAGADAHQFQGAFwE%2526num%253D1%2526sig%253DAOD64_3_HPA47LbvoBecTz13CSMG-gFA0Q%2526client%253Dca-pub-6593523210010154%2526adurl%253D&y=1&s=&z=0

Requested by

Host: ad4m.at
URL: https://ad4m.at/r62eglto.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::ac43:4a81 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ffbffd1cbbe99c8bf0b6d90ad55f20f6138691e971565cd1a55e39ab4b61278a

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content; report-to report-endpoint;report-uri /ad/rcv; upgrade-insecure-requests;sandbox allow-scripts allow-same-origin allow-popups allow-popups-to-escape-sandbox;base-uri https:;child-src ;connect-src https:;default-src 'self';font-src ;form-action 'none';frame-src ;img-src https: data:;manifest-src 'none';media-src 'none';object-src 'none';worker-src 'none';script-src https: 'unsafe-inline' 'unsafe-eval';style-src 'unsafe-inline'
Strict-Transport-Security	max-age=86400; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://as.ad4m.at/ad/dr?ed=1he03nfvwrszwwca1v7cz4x9xrr8erzv26z5r3zqw4p3knw8zrgptdp8pxh5r9cdqks2kd3df7raea4mhdzpe5v83jfqeaxehtg3h2d5k40a50ne11gcc9dce1hxbdh5gbfvhdgx24q084725z9tevy9st0q8eqk7t9maxrp9qapmwwph1wa5pr8aa1vcxchtshs4br68ypm7mx103063vs44z9kc2734k3f85j6h18ebsy5grd45cjjhymqn0r7y7bk0z8p0sseckf7a3hr0qs5srkw5sc8s9gcbqsqhppmczphem119dy8tqxsrnctat6w5c4h8tzy4cefw3ep4wkdhw6ssc75z6hjtcf2f1p804ps8wk4h01xxh62zppwxv00qtzrjehjs8gth5hyqmkfzv1hr1zd7kypec5btchcqa8h&x=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCYHZhdDJmZaPGG_a5n88P8sS48A6Q4YGEXLaoworwAsCNtwEQASAAYJWCgICYB4IBF2NhLXB1Yi02NTkzNTIzMjEwMDEwMTU0yAEJqQKcXkyLdl-yPqgDAcgDAqoE6QFP0CC1bbj-T_ZdipGf0nvJ-D7eR_NQuSbuf-kmw62IzHRWN6r7EeDmzwmynHGe2lYtcDhcVxMdogOiCKouUh4daIM6fvnEXWIlrGmANz9zIwWA-pb3v5O7tatdbBDkAll1_OIwp1DxHvdIuZ9NyNIwMHgZgJ-fG-fzLKIstS7stAXpKBpCCNiYEQGgpb5nFK0x1H2gBRlyWB5W8YL9IEOXREWQ7gy-xeftLgMqkSFPea1iH5t4EiwU9F_IpseZ7TA-J8GWeUQI8AH0zVb9Vwp2wbl64TKLIicsgua6vsFE8wdY9jAJGqZdeIAGhpG7mv_1zaN4oAYhqAemvhuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIFAiA4YAQEAEyAqoCOgKAQEi9_cE6-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_3_HPA47LbvoBecTz13CSMG-gFA0Q%26client%3Dca-pub-6593523210010154%26adurl%3D
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cache-control: no-store, no-cache, must-revalidate, proxy-revalidate
cf-cache-status: DYNAMIC
cf-ray: 82d4b2fdeda79954-FRA
content-encoding: br
content-security-policy: block-all-mixed-content; report-to report-endpoint;report-uri /ad/rcv; upgrade-insecure-requests;sandbox allow-scripts allow-same-origin allow-popups allow-popups-to-escape-sandbox;base-uri https:;child-src *;connect-src https:;default-src 'self';font-src *;form-action 'none';frame-src *;img-src https: data:;manifest-src 'none';media-src 'none';object-src 'none';worker-src 'none';script-src https: 'unsafe-inline' 'unsafe-eval';style-src * 'unsafe-inline'
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: unsafe-none
cross-origin-opener-policy: unsafe-none
cross-origin-resource-policy: cross-origin
date: Tue, 28 Nov 2023 18:33:25 GMT
expires: 0
nel: {"failure_fraction":"1.0","max_age":86400,"report_to":"report-endpoint","success_fraction":"0.0","include_subdomains":true}
permissions-policy: accelerometer=(),autoplay=(self),camera=(),display-capture=(),encrypted-media=(self),fullscreen=(),gamepad=(),geolocation=(),gyroscope=(),hid=(),identity-credentials-get=(),idle-detection=*,local-fonts=*,magnetometer=(),microphone=(),midi=(),otp-credentials=(),payment=(),picture-in-picture=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=(),web-share=*,xr-spatial-tracking=()
pragma: no-cache
referrer-policy: same-origin
report-to: {"endpoints":[{"url":"/ad/vre"}],"group":"report-endpoint","max_age":86400}
server: cloudflare
strict-transport-security: max-age=86400; includeSubDomains; preload
surrogate-control: no-store
vary: accept-encoding
via: 1.1 google
x-content-type-options: nosniff
x-download-options: noopen
x-xss-protection: 1; mode=block

GET
H3 200 rar Show response
as.ad4m.at/ad/ Frame A4DE 9 KB
5 KB 51ms
51ms Document
text/html 2606:4700:20::ac43:4a81
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://as.ad4m.at/ad/rar?a=23576%2C19769%2C117569&b=YX1Hrf15spBpHVH9HetQtRR8cAT1T6mHr%2C2xqt6fRQfDrbSVHWHkt8txZPcWT7TEYcg%2CApEhYf9mueRQdhAHRH4tkt3D6c7T4T1Ec9&f=qDRUmfD7H757CZHgHDtRCXXxaPTgTVZF3%2C4BxHEf1Ks2P6fGH9HdtzCmwPFZTpTjRHK%2CMYrCzfjQsGkwrSWHEHGtQCDkPF9T4T2gu3&c=728&d=90&e=&g=c6a840d15744955f3c417d5ab59f8dff%2F2801191726136609819&i=20774%2C21630%2C29981&j=14%2C16%2C16&k=0&l=0&m=0&n=&p=&q=&o=suite_Netmix_Reach13_BlackFridayPush&r=1701196405366&h=https%3A%2F%2Fas.ad4m.at%2Fdct%3Fed%3D1krqjczj8csskprz0ftme550yr1zt2m4zzjw8by0hb92qsgyqbnt4dj339htgg3z5z4ndrcjhw8p0revm2tfy0wgntb73ps2v00gag0z9x6fz8he0a94tc3gwqe5d6xdtr7p58j6mq00tm3770qxhx9awq6c5k2ybp5h8tvxk3v687wt6zwhdcy6458egp8rxkxvgsfmg93e945yte1grc457cerv37wnpvqazqz14sr76rbmwdn15kdzrcdn7pkygzevkhdtjmt0khrx3kg%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DCKDGHdDJmZbuTEdqS4_UP_vO9iAiQ4YGEXLaoworwAsCNtwEQASAAYJWCgICYB4IBF2NhLXB1Yi02NTkzNTIzMjEwMDEwMTU0yAEJqQKcXkyLdl-yPqgDAcgDAqoE6QFP0PDdAk83JawtnOUZWG5AxIEGH19BxcviB1AHNMDgTDKIKKatzIt05nWnia6-BWpJWePvCOovvhAfzDtL-ucbNnMHJluzKKwfqvIHUF7BNdQsF359HLMbk1RMB36fKiuUfAcU4Ss1z-uF8FDOJCUvi4drn6iNgK4B5hzdC3Cr6iMSiKW8rrNO2nd_9QFO77Ie-9xytUB_2GmhilEwgCL8vhLdGGVFZoad9-7U1Au7BIIuP0a0n0sVXDSk92B6SqWx9YSLF_jGMF0UFIveBFCbM0VMOsj300a1Tc8RWighTD_oz8ZGh39jHoAGgoaOsvyw2Zb6AaAGIagHpr4bqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCBQIgOGAEBABMgKqAjoCgEBIvf3BOvoLAggBgAwB0BUBgBcB%2526num%253D1%2526sig%253DAOD64_3FwOQMqPyg8CUCKkxXgK-9lhIGdA%2526client%253Dca-pub-6593523210010154%2526adurl%253D&y=1&s=&z=0

Requested by

Host: ad4m.at
URL: https://ad4m.at/r62eglto.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::ac43:4a81 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9efbec8ee30e2771f5ad94e0f5882cde3f7d6c8a98e87effcbe66928c2b40a42

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content; report-to report-endpoint;report-uri /ad/rcv; upgrade-insecure-requests;sandbox allow-scripts allow-same-origin allow-popups allow-popups-to-escape-sandbox;base-uri https:;child-src ;connect-src https:;default-src 'self';font-src ;form-action 'none';frame-src ;img-src https: data:;manifest-src 'none';media-src 'none';object-src 'none';worker-src 'none';script-src https: 'unsafe-inline' 'unsafe-eval';style-src 'unsafe-inline'
Strict-Transport-Security	max-age=86400; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://as.ad4m.at/ad/dr?ed=1hcbxchkxxtv3yyds07nwjbx3ga74p6vsmwjjfffzw6hdzt0zk1ztqywtdnbz2c54qjamntqmhpvpw9k1hc1vrt8md4hbgwvcw7ph530ks8nn6pgjsv8hz2rq65sb7dmr1k5s0269vcjn7030tx3qegksa4qh9dptmr8wzngj1ext3fyq5ah61wgdg945wtvsdjhevdz2e1mk9ed0x46azc6wm9g7mcykefr26zar03b0bfhsydag5e6486vhx6drcg7xqfj62q5tg86dcbjw41qtyq4ednhjq4xj8kh3zrykszbq58gjch7wdz5kw39yddarqn1tmb8sgx1rap0kgpdwqazape4yf0510eez6240kgkcrq4yhbzsvjd3nd5s52hck4n664fh9gbj7panpxwjtrth9hrhyfj9k1602vfpspqar00&x=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCKDGHdDJmZbuTEdqS4_UP_vO9iAiQ4YGEXLaoworwAsCNtwEQASAAYJWCgICYB4IBF2NhLXB1Yi02NTkzNTIzMjEwMDEwMTU0yAEJqQKcXkyLdl-yPqgDAcgDAqoE6QFP0PDdAk83JawtnOUZWG5AxIEGH19BxcviB1AHNMDgTDKIKKatzIt05nWnia6-BWpJWePvCOovvhAfzDtL-ucbNnMHJluzKKwfqvIHUF7BNdQsF359HLMbk1RMB36fKiuUfAcU4Ss1z-uF8FDOJCUvi4drn6iNgK4B5hzdC3Cr6iMSiKW8rrNO2nd_9QFO77Ie-9xytUB_2GmhilEwgCL8vhLdGGVFZoad9-7U1Au7BIIuP0a0n0sVXDSk92B6SqWx9YSLF_jGMF0UFIveBFCbM0VMOsj300a1Tc8RWighTD_oz8ZGh39jHoAGgoaOsvyw2Zb6AaAGIagHpr4bqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCBQIgOGAEBABMgKqAjoCgEBIvf3BOvoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_3FwOQMqPyg8CUCKkxXgK-9lhIGdA%26client%3Dca-pub-6593523210010154%26adurl%3D
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cache-control: no-store, no-cache, must-revalidate, proxy-revalidate
cf-cache-status: DYNAMIC
cf-ray: 82d4b2fdedb39954-FRA
content-encoding: br
content-security-policy: block-all-mixed-content; report-to report-endpoint;report-uri /ad/rcv; upgrade-insecure-requests;sandbox allow-scripts allow-same-origin allow-popups allow-popups-to-escape-sandbox;base-uri https:;child-src *;connect-src https:;default-src 'self';font-src *;form-action 'none';frame-src *;img-src https: data:;manifest-src 'none';media-src 'none';object-src 'none';worker-src 'none';script-src https: 'unsafe-inline' 'unsafe-eval';style-src * 'unsafe-inline'
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: unsafe-none
cross-origin-opener-policy: unsafe-none
cross-origin-resource-policy: cross-origin
date: Tue, 28 Nov 2023 18:33:25 GMT
expires: 0
nel: {"failure_fraction":"1.0","max_age":86400,"report_to":"report-endpoint","success_fraction":"0.0","include_subdomains":true}
permissions-policy: accelerometer=(),autoplay=(self),camera=(),display-capture=(),encrypted-media=(self),fullscreen=(),gamepad=(),geolocation=(),gyroscope=(),hid=(),identity-credentials-get=(),idle-detection=*,local-fonts=*,magnetometer=(),microphone=(),midi=(),otp-credentials=(),payment=(),picture-in-picture=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=(),web-share=*,xr-spatial-tracking=()
pragma: no-cache
referrer-policy: same-origin
report-to: {"endpoints":[{"url":"/ad/vre"}],"group":"report-endpoint","max_age":86400}
server: cloudflare
strict-transport-security: max-age=86400; includeSubDomains; preload
surrogate-control: no-store
vary: accept-encoding
via: 1.1 google
x-content-type-options: nosniff
x-download-options: noopen
x-xss-protection: 1; mode=block

OPTIONS
H3 200 rs
ad4m.at/ Frame 0
0 43ms
43ms Preflight
text/plain 2606:4700:20::ac43:4a81
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ad4m.at/rs
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::ac43:4a81 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://as.ad4m.at
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: content-type
access-control-allow-methods: GET,PATCH,POST,OPTIONS,DELETE
access-control-allow-origin: https://as.ad4m.at
access-control-max-age: 1800
allow: HEAD,POST,GET,OPTIONS
alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 82d4b2fdfadc906d-FRA
content-length: 24
content-type: text/plain
date: Tue, 28 Nov 2023 18:33:25 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9uaHsQOPCzZ9Ljcrh8nJxtzlgXqdjoFKDRqi%2BFpiDpEGNLXwhgtozm%2FJRIYFL5lmuJeLHhWzA1T8VExf4j1Lv%2B42MR1vUH3xcAtPm8P3ZA%2FNKGJeutDJYX3D0XFvfYdFhoX9x60%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
via: 1.1 google
x-backend-server: aa-reachservice-group-europe-west1-2r8n

POST
H3 200 rs Show response
ad4m.at/ Frame 6D0C 2 KB
2 KB 49ms
49ms XHR
text/plain 2606:4700:20::ac43:4a81
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ad4m.at/rs
Requested by: Host: ad4m.at
URL: https://ad4m.at/r62eglto.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::ac43:4a81 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ddb55b0f3f26f1275a2191e499b60f530cceb7384faab53141743243bacfc090

Request headers

Referer
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
Content-Type: application/json

Response headers

date: Tue, 28 Nov 2023 18:33:25 GMT
via: 1.1 google
content-encoding: br
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=OKCXKpyS5lYZyMWLbZ4VDPYEiYKvjoBlimOgytHxMNejdgUbdtM%2FC4AYRixmiQNdFiX6lu0Oxvz4sWlZAt8YJxd2%2B1s3Hk2gMOFUxDG2j%2FcCRP9Mx4SAHdUb%2F2f4%2F2EdVRvSjus%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/plain
access-control-allow-origin: https://as.ad4m.at
access-control-allow-credentials: true
cf-ray: 82d4b2fe4b31906d-FRA
x-backend-server: aa-reachservice-group-europe-west1-m75l
alt-svc: h3=":443"; ma=86400

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame 734B 0
10 B 21ms
20ms Image
text/plain 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?Fr1SRg
Requested by: Host: foreks.com
URL: https://foreks.com/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 18:33:25 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame C14C 13 KB
5 KB 23ms
21ms Document
text/html 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://47edc2055ebf6f705c8dda5bf6329e59.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 3813
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Tue, 28 Nov 2023 17:29:52 GMT
expires: Wed, 27 Nov 2024 17:29:52 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 aframe Show response
www.google.com/recaptcha/api2/ Frame DBB1 829 B
560 B 38ms
37ms Document
text/html 2a00:1450:4001:828::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

25e6d12bbcd9584a5c073d331a9a9c8030752eec2b909609d4de870f7fb1eae2

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-0skjUSjAtL8NCs_SpQruAg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://47edc2055ebf6f705c8dda5bf6329e59.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=300
content-encoding: gzip
content-security-policy: script-src 'report-sample' 'nonce-0skjUSjAtL8NCs_SpQruAg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Tue, 28 Nov 2023 18:33:25 GMT
expires: Tue, 28 Nov 2023 18:33:25 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame 5017 0
10 B 21ms
21ms Image
text/plain 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?8nAImg
Requested by: Host: foreks.com
URL: https://foreks.com/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 18:33:25 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame C8F9 13 KB
5 KB 22ms
21ms Document
text/html 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://47edc2055ebf6f705c8dda5bf6329e59.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 3813
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Tue, 28 Nov 2023 17:29:52 GMT
expires: Wed, 27 Nov 2024 17:29:52 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 6C22 829 B
560 B 32ms
31ms Document
text/html 2a00:1450:4001:828::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

eb567300d575011433a1bd14890a51802add041d48c7944e0256f169c12c2d3a

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-GdaoWVYb5WHi_2Ofn0EyAA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://47edc2055ebf6f705c8dda5bf6329e59.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=300
content-encoding: gzip
content-security-policy: script-src 'report-sample' 'nonce-GdaoWVYb5WHi_2Ofn0EyAA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Tue, 28 Nov 2023 18:33:25 GMT
expires: Tue, 28 Nov 2023 18:33:25 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H3 200 default.css
as.ad4m.at/ad/style/0.1.50/one-ad/ Frame 9C7A 115 KB
14 KB 40ms
40ms Stylesheet
text/css 2606:4700:20::ac43:4a81
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://as.ad4m.at/ad/style/0.1.50/one-ad/default.css
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=537178%2C13957%2C59372&b=8RZUDf8fZQ3phgHJHEtxtkbjfGSwT8J9TzD%2CYxGfrf3f9RxFVH9HetQtRR8ckS1T4pJcJQ%2C13ZsbfKfD47Xt9HdH9tAtb9rC2SKT7Mjf9b&f=ZxJfwfBf8rjdtmHDHDtDCJW8T6SXTx3qa27%2Cq4VSmfWfbPBuZHgHDtRCXXxaeSgTA2japQ%2CwA3SdfjfDQ58tEHRH2tEC867tzSATDzRTXj&c=728&d=90&e=&g=9e04326b27acc2263ef14a5b41e0219a%2F12202485594778751933&i=21596%2C20774%2C26474&j=16%2C14%2C41&k=0&l=0&m=0&n=&p=&q=&o=suite_Netmix_Reach02_SSP_CONTROL_ADX&r=1701196405358&h=https%3A%2F%2Fas.ad4m.at%2Fdct%3Fed%3D1k0z19rg6y6bzm8twfamjqw1tkk5a4se2thq97kn2vtzcnr20r2zdygwjfahbyj7jz14gd71daa4qjkawedvzmsxrnp9asskhm7kejtywxa927w0b9nbwjbz339bss4ncxzb8vp273jz3egxj8cnd230w548jc4wvd85004cs3aewkxpa8ngf628nkw01ymfxp0ztgej6caepyhc1da1qtqx6mz5z8btn4zcxy5nmhw4pg9pq4m575z3g77x7g0r19wp01wnv72ya0wbjymg%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DCYHZhdDJmZaPGG_a5n88P8sS48A6Q4YGEXLaoworwAsCNtwEQASAAYJWCgICYB4IBF2NhLXB1Yi02NTkzNTIzMjEwMDEwMTU0yAEJqQKcXkyLdl-yPqgDAcgDAqoE6QFP0CC1bbj-T_ZdipGf0nvJ-D7eR_NQuSbuf-kmw62IzHRWN6r7EeDmzwmynHGe2lYtcDhcVxMdogOiCKouUh4daIM6fvnEXWIlrGmANz9zIwWA-pb3v5O7tatdbBDkAll1_OIwp1DxHvdIuZ9NyNIwMHgZgJ-fG-fzLKIstS7stAXpKBpCCNiYEQGgpb5nFK0x1H2gBRlyWB5W8YL9IEOXREWQ7gy-xeftLgMqkSFPea1iH5t4EiwU9F_IpseZ7TA-J8GWeUQI8AH0zVb9Vwp2wbl64TKLIicsgua6vsFE8wdY9jAJGqZdeIAGhpG7mv_1zaN4oAYhqAemvhuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIFAiA4YAQEAEyAqoCOgKAQEi9_cE6-gsCCAGADAHQFQGAFwE%2526num%253D1%2526sig%253DAOD64_3_HPA47LbvoBecTz13CSMG-gFA0Q%2526client%253Dca-pub-6593523210010154%2526adurl%253D&y=1&s=&z=0
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::ac43:4a81 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5f5a0db09b2c7d59fce00d749f6b857d80edafcca6897c038c5b77fb942f1393

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://as.ad4m.at/ad/rar?a=537178%2C13957%2C59372&b=8RZUDf8fZQ3phgHJHEtxtkbjfGSwT8J9TzD%2CYxGfrf3f9RxFVH9HetQtRR8ckS1T4pJcJQ%2C13ZsbfKfD47Xt9HdH9tAtb9rC2SKT7Mjf9b&f=ZxJfwfBf8rjdtmHDHDtDCJW8T6SXTx3qa27%2Cq4VSmfWfbPBuZHgHDtRCXXxaeSgTA2japQ%2CwA3SdfjfDQ58tEHRH2tEC867tzSATDzRTXj&c=728&d=90&e=&g=9e04326b27acc2263ef14a5b41e0219a%2F12202485594778751933&i=21596%2C20774%2C26474&j=16%2C14%2C41&k=0&l=0&m=0&n=&p=&q=&o=suite_Netmix_Reach02_SSP_CONTROL_ADX&r=1701196405358&h=https%3A%2F%2Fas.ad4m.at%2Fdct%3Fed%3D1k0z19rg6y6bzm8twfamjqw1tkk5a4se2thq97kn2vtzcnr20r2zdygwjfahbyj7jz14gd71daa4qjkawedvzmsxrnp9asskhm7kejtywxa927w0b9nbwjbz339bss4ncxzb8vp273jz3egxj8cnd230w548jc4wvd85004cs3aewkxpa8ngf628nkw01ymfxp0ztgej6caepyhc1da1qtqx6mz5z8btn4zcxy5nmhw4pg9pq4m575z3g77x7g0r19wp01wnv72ya0wbjymg%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DCYHZhdDJmZaPGG_a5n88P8sS48A6Q4YGEXLaoworwAsCNtwEQASAAYJWCgICYB4IBF2NhLXB1Yi02NTkzNTIzMjEwMDEwMTU0yAEJqQKcXkyLdl-yPqgDAcgDAqoE6QFP0CC1bbj-T_ZdipGf0nvJ-D7eR_NQuSbuf-kmw62IzHRWN6r7EeDmzwmynHGe2lYtcDhcVxMdogOiCKouUh4daIM6fvnEXWIlrGmANz9zIwWA-pb3v5O7tatdbBDkAll1_OIwp1DxHvdIuZ9NyNIwMHgZgJ-fG-fzLKIstS7stAXpKBpCCNiYEQGgpb5nFK0x1H2gBRlyWB5W8YL9IEOXREWQ7gy-xeftLgMqkSFPea1iH5t4EiwU9F_IpseZ7TA-J8GWeUQI8AH0zVb9Vwp2wbl64TKLIicsgua6vsFE8wdY9jAJGqZdeIAGhpG7mv_1zaN4oAYhqAemvhuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIFAiA4YAQEAEyAqoCOgKAQEi9_cE6-gsCCAGADAHQFQGAFwE%2526num%253D1%2526sig%253DAOD64_3_HPA47LbvoBecTz13CSMG-gFA0Q%2526client%253Dca-pub-6593523210010154%2526adurl%253D&y=1&s=&z=0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 18:33:25 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 1442625
cf-polished: origSize=118430
alt-svc: h3=":443"; ma=86400
cf-bgj: minify
last-modified: Thu, 02 Nov 2023 10:26:17 GMT
server: cloudflare
etag: W/"486507ccce9ac587d11c0ef3f32a109a"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=I5sitiRmCWqXM8QZ3RgNuTyr6gYsvxiQVT%2BGeneLrwU1vxpJA0ZJwEW5tiyYiBu2UJo4vJlxA1bTukQ31iMXUG7LCFVcjdPwcEJ9pL6bPsY6E5Qz1zIXM6yHq0TiW3yMRJYzYo6kPEE%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: public, max-age=86400
cf-ray: 82d4b2feae979954-FRA
expires: Wed, 29 Nov 2023 18:33:25 GMT

GET
H2 200 762E992A001272DDC355514B76DC4960DDF6238B0F54854C0B29BE64A7E78BA5693E54C1A602322E523834805FE15471ECC3FEB06D9A02796A930A4085F71F84
assets.ad4m.at/logo/ Frame 9C7A 7 KB
7 KB 59ms
40ms Image
image/webp 2606:4700:20::ac43:4a81
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.ad4m.at/logo/762E992A001272DDC355514B76DC4960DDF6238B0F54854C0B29BE64A7E78BA5693E54C1A602322E523834805FE15471ECC3FEB06D9A02796A930A4085F71F84
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=537178%2C13957%2C59372&b=8RZUDf8fZQ3phgHJHEtxtkbjfGSwT8J9TzD%2CYxGfrf3f9RxFVH9HetQtRR8ckS1T4pJcJQ%2C13ZsbfKfD47Xt9HdH9tAtb9rC2SKT7Mjf9b&f=ZxJfwfBf8rjdtmHDHDtDCJW8T6SXTx3qa27%2Cq4VSmfWfbPBuZHgHDtRCXXxaeSgTA2japQ%2CwA3SdfjfDQ58tEHRH2tEC867tzSATDzRTXj&c=728&d=90&e=&g=9e04326b27acc2263ef14a5b41e0219a%2F12202485594778751933&i=21596%2C20774%2C26474&j=16%2C14%2C41&k=0&l=0&m=0&n=&p=&q=&o=suite_Netmix_Reach02_SSP_CONTROL_ADX&r=1701196405358&h=https%3A%2F%2Fas.ad4m.at%2Fdct%3Fed%3D1k0z19rg6y6bzm8twfamjqw1tkk5a4se2thq97kn2vtzcnr20r2zdygwjfahbyj7jz14gd71daa4qjkawedvzmsxrnp9asskhm7kejtywxa927w0b9nbwjbz339bss4ncxzb8vp273jz3egxj8cnd230w548jc4wvd85004cs3aewkxpa8ngf628nkw01ymfxp0ztgej6caepyhc1da1qtqx6mz5z8btn4zcxy5nmhw4pg9pq4m575z3g77x7g0r19wp01wnv72ya0wbjymg%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DCYHZhdDJmZaPGG_a5n88P8sS48A6Q4YGEXLaoworwAsCNtwEQASAAYJWCgICYB4IBF2NhLXB1Yi02NTkzNTIzMjEwMDEwMTU0yAEJqQKcXkyLdl-yPqgDAcgDAqoE6QFP0CC1bbj-T_ZdipGf0nvJ-D7eR_NQuSbuf-kmw62IzHRWN6r7EeDmzwmynHGe2lYtcDhcVxMdogOiCKouUh4daIM6fvnEXWIlrGmANz9zIwWA-pb3v5O7tatdbBDkAll1_OIwp1DxHvdIuZ9NyNIwMHgZgJ-fG-fzLKIstS7stAXpKBpCCNiYEQGgpb5nFK0x1H2gBRlyWB5W8YL9IEOXREWQ7gy-xeftLgMqkSFPea1iH5t4EiwU9F_IpseZ7TA-J8GWeUQI8AH0zVb9Vwp2wbl64TKLIicsgua6vsFE8wdY9jAJGqZdeIAGhpG7mv_1zaN4oAYhqAemvhuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIFAiA4YAQEAEyAqoCOgKAQEi9_cE6-gsCCAGADAHQFQGAFwE%2526num%253D1%2526sig%253DAOD64_3_HPA47LbvoBecTz13CSMG-gFA0Q%2526client%253Dca-pub-6593523210010154%2526adurl%253D&y=1&s=&z=0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::ac43:4a81 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e81e6b638202bbdf9e2ebe46b4137db06f58c43baa9f35b3e79d98108001a212

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 18:33:25 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 589569
cf-polished: qual=85, origFmt=jpeg, origSize=8714
alt-svc: h3=":443"; ma=86400
content-length: 6672
cf-bgj: imgq:85,h2pri
last-modified: Wed, 01 Nov 2023 08:50:26 GMT
server: cloudflare
etag: "52953af169f970e1ac17ba40d8c26548"
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qUYkEamcjmR%2F3mzj02%2FlxELMjUoXfLOws504Yulsjd4b%2FWx8l%2FvO2RcvK1A8YIu0hzRNfCBSBY3OIvI30Qg%2FddXkTGcI8a%2BaFCDPhaTa%2Fmrexzu1DrtdD3I5%2FVBA8Zhg9sCUtMWEZebT11pb"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
cache-control: public, max-age=315360000, immutable
accept-ranges: bytes
cf-ray: 82d4b2fec9c09152-FRA

GET
H2 200 E1613AB51B8289501DC4E750FD05DAF49FBB0AEAEF6155FD81001404C0F388525557C80572BA5C3D895730DA3957A6D15AF6D079DFB5F55ED0C22B8402FC82AE
assets.ad4m.at/ Frame 9C7A 31 KB
32 KB 55ms
36ms Image
image/jpeg 2606:4700:20::ac43:4a81
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.ad4m.at/E1613AB51B8289501DC4E750FD05DAF49FBB0AEAEF6155FD81001404C0F388525557C80572BA5C3D895730DA3957A6D15AF6D079DFB5F55ED0C22B8402FC82AE
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=537178%2C13957%2C59372&b=8RZUDf8fZQ3phgHJHEtxtkbjfGSwT8J9TzD%2CYxGfrf3f9RxFVH9HetQtRR8ckS1T4pJcJQ%2C13ZsbfKfD47Xt9HdH9tAtb9rC2SKT7Mjf9b&f=ZxJfwfBf8rjdtmHDHDtDCJW8T6SXTx3qa27%2Cq4VSmfWfbPBuZHgHDtRCXXxaeSgTA2japQ%2CwA3SdfjfDQ58tEHRH2tEC867tzSATDzRTXj&c=728&d=90&e=&g=9e04326b27acc2263ef14a5b41e0219a%2F12202485594778751933&i=21596%2C20774%2C26474&j=16%2C14%2C41&k=0&l=0&m=0&n=&p=&q=&o=suite_Netmix_Reach02_SSP_CONTROL_ADX&r=1701196405358&h=https%3A%2F%2Fas.ad4m.at%2Fdct%3Fed%3D1k0z19rg6y6bzm8twfamjqw1tkk5a4se2thq97kn2vtzcnr20r2zdygwjfahbyj7jz14gd71daa4qjkawedvzmsxrnp9asskhm7kejtywxa927w0b9nbwjbz339bss4ncxzb8vp273jz3egxj8cnd230w548jc4wvd85004cs3aewkxpa8ngf628nkw01ymfxp0ztgej6caepyhc1da1qtqx6mz5z8btn4zcxy5nmhw4pg9pq4m575z3g77x7g0r19wp01wnv72ya0wbjymg%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DCYHZhdDJmZaPGG_a5n88P8sS48A6Q4YGEXLaoworwAsCNtwEQASAAYJWCgICYB4IBF2NhLXB1Yi02NTkzNTIzMjEwMDEwMTU0yAEJqQKcXkyLdl-yPqgDAcgDAqoE6QFP0CC1bbj-T_ZdipGf0nvJ-D7eR_NQuSbuf-kmw62IzHRWN6r7EeDmzwmynHGe2lYtcDhcVxMdogOiCKouUh4daIM6fvnEXWIlrGmANz9zIwWA-pb3v5O7tatdbBDkAll1_OIwp1DxHvdIuZ9NyNIwMHgZgJ-fG-fzLKIstS7stAXpKBpCCNiYEQGgpb5nFK0x1H2gBRlyWB5W8YL9IEOXREWQ7gy-xeftLgMqkSFPea1iH5t4EiwU9F_IpseZ7TA-J8GWeUQI8AH0zVb9Vwp2wbl64TKLIicsgua6vsFE8wdY9jAJGqZdeIAGhpG7mv_1zaN4oAYhqAemvhuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIFAiA4YAQEAEyAqoCOgKAQEi9_cE6-gsCCAGADAHQFQGAFwE%2526num%253D1%2526sig%253DAOD64_3_HPA47LbvoBecTz13CSMG-gFA0Q%2526client%253Dca-pub-6593523210010154%2526adurl%253D&y=1&s=&z=0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::ac43:4a81 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3d9b0e771bf0255ccf5583a85b215c674e866614409b9c5f10c0e8264d1687b1

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 18:33:25 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 470679
cf-polished: status=not_needed
alt-svc: h3=":443"; ma=86400
content-length: 31793
cf-bgj: imgq:85,h2pri
last-modified: Thu, 23 Nov 2023 07:48:34 GMT
server: cloudflare
etag: "ac24017e395215a412b39d1cdc9c2ad5"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=OFEm09HpSGqdQ4espkWU97Apk7mUTQJbj2NHXywa2cl0HkJUi29ZoX3DnpVHMxK%2Fq%2Bj4T455PZDimf3rxBt1wn%2FKtxhTWSNGQ6zzqRP0bztZRqjY754hzfnaUSCb3Nj36vZkHeGlmtqQhlNX"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: public, max-age=315360000, immutable
accept-ranges: bytes
cf-ray: 82d4b2fec9bc9152-FRA

GET
H2

200

ztpv.php
www.conrad.de/ Frame 9C7A
Redirect Chain

https://www.awin1.com/cshow.php?s=2470185&v=11354&q=377129&r=412871&pv=1&pref3=oneid8RZUDf8fZQ3phgHJHEtxtkbjfGSwT8J9TzDoneid__suite_Netmix_Reach02_SSP_CONTROL_ADX&gdpr_consent=&gdpr=0&gdpr_pd=0
https://www.conrad.de/ztpv.php?awc=11354_412871_1701196405_9e012e10-8e1c-11ee-8822-2230790559d7&insert=AW&&gdpr=0&gdpr_consent=

0
492 B

102ms
34ms

Image
text/html

2606:4700::6810:c0cb
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.conrad.de/ztpv.php?awc=11354_412871_1701196405_9e012e10-8e1c-11ee-8822-2230790559d7&insert=AW&&gdpr=0&gdpr_consent=

Requested by

Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=537178%2C13957%2C59372&b=8RZUDf8fZQ3phgHJHEtxtkbjfGSwT8J9TzD%2CYxGfrf3f9RxFVH9HetQtRR8ckS1T4pJcJQ%2C13ZsbfKfD47Xt9HdH9tAtb9rC2SKT7Mjf9b&f=ZxJfwfBf8rjdtmHDHDtDCJW8T6SXTx3qa27%2Cq4VSmfWfbPBuZHgHDtRCXXxaeSgTA2japQ%2CwA3SdfjfDQ58tEHRH2tEC867tzSATDzRTXj&c=728&d=90&e=&g=9e04326b27acc2263ef14a5b41e0219a%2F12202485594778751933&i=21596%2C20774%2C26474&j=16%2C14%2C41&k=0&l=0&m=0&n=&p=&q=&o=suite_Netmix_Reach02_SSP_CONTROL_ADX&r=1701196405358&h=https%3A%2F%2Fas.ad4m.at%2Fdct%3Fed%3D1k0z19rg6y6bzm8twfamjqw1tkk5a4se2thq97kn2vtzcnr20r2zdygwjfahbyj7jz14gd71daa4qjkawedvzmsxrnp9asskhm7kejtywxa927w0b9nbwjbz339bss4ncxzb8vp273jz3egxj8cnd230w548jc4wvd85004cs3aewkxpa8ngf628nkw01ymfxp0ztgej6caepyhc1da1qtqx6mz5z8btn4zcxy5nmhw4pg9pq4m575z3g77x7g0r19wp01wnv72ya0wbjymg%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DCYHZhdDJmZaPGG_a5n88P8sS48A6Q4YGEXLaoworwAsCNtwEQASAAYJWCgICYB4IBF2NhLXB1Yi02NTkzNTIzMjEwMDEwMTU0yAEJqQKcXkyLdl-yPqgDAcgDAqoE6QFP0CC1bbj-T_ZdipGf0nvJ-D7eR_NQuSbuf-kmw62IzHRWN6r7EeDmzwmynHGe2lYtcDhcVxMdogOiCKouUh4daIM6fvnEXWIlrGmANz9zIwWA-pb3v5O7tatdbBDkAll1_OIwp1DxHvdIuZ9NyNIwMHgZgJ-fG-fzLKIstS7stAXpKBpCCNiYEQGgpb5nFK0x1H2gBRlyWB5W8YL9IEOXREWQ7gy-xeftLgMqkSFPea1iH5t4EiwU9F_IpseZ7TA-J8GWeUQI8AH0zVb9Vwp2wbl64TKLIicsgua6vsFE8wdY9jAJGqZdeIAGhpG7mv_1zaN4oAYhqAemvhuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIFAiA4YAQEAEyAqoCOgKAQEi9_cE6-gsCCAGADAHQFQGAFwE%2526num%253D1%2526sig%253DAOD64_3_HPA47LbvoBecTz13CSMG-gFA0Q%2526client%253Dca-pub-6593523210010154%2526adurl%253D&y=1&s=&z=0

Protocol

Server

2606:4700::6810:c0cb , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 18:33:25 GMT
strict-transport-security: max-age=15552000
cf-ccp-worker: HTLPHandler-v1
server: cloudflare
vary: Accept-Encoding
content-type: text/html; charset=UTF-8
cache-control: no-cache
cf-ray: 82d4b2ffcfcf193c-FRA
content-length: 0
expires: -1

Redirect headers

Date: Tue, 28 Nov 2023 18:33:25 GMT
Strict-Transport-Security: max-age=86400
Node: Helix
P3P: policyref="http://www.awin1.com/w3c/p3p.xml", CP="NOI NID CURa ADMa PSAa HISa OUR IND UNI PUR COM NAV"
Location: https://www.conrad.de/ztpv.php?awc=11354_412871_1701196405_9e012e10-8e1c-11ee-8822-2230790559d7&insert=AW&&gdpr=0&gdpr_consent=
Awin-Akamai-Rule-Set: default
Connection: keep-alive
Content-Length: 0

GET
H2 200 D694B3AB12381C049B127B34DC11A792684BA8B6EE8B598D6E4045678591B7D0DC6B2CEF7528F06BB05FC11826A1D16CF24DA68FCFC2416343996FBFC05A3155
assets.ad4m.at/logo/ Frame 9C7A 8 KB
8 KB 53ms
51ms Image
image/webp 2606:4700:20::ac43:4a81
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.ad4m.at/logo/D694B3AB12381C049B127B34DC11A792684BA8B6EE8B598D6E4045678591B7D0DC6B2CEF7528F06BB05FC11826A1D16CF24DA68FCFC2416343996FBFC05A3155
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=537178%2C13957%2C59372&b=8RZUDf8fZQ3phgHJHEtxtkbjfGSwT8J9TzD%2CYxGfrf3f9RxFVH9HetQtRR8ckS1T4pJcJQ%2C13ZsbfKfD47Xt9HdH9tAtb9rC2SKT7Mjf9b&f=ZxJfwfBf8rjdtmHDHDtDCJW8T6SXTx3qa27%2Cq4VSmfWfbPBuZHgHDtRCXXxaeSgTA2japQ%2CwA3SdfjfDQ58tEHRH2tEC867tzSATDzRTXj&c=728&d=90&e=&g=9e04326b27acc2263ef14a5b41e0219a%2F12202485594778751933&i=21596%2C20774%2C26474&j=16%2C14%2C41&k=0&l=0&m=0&n=&p=&q=&o=suite_Netmix_Reach02_SSP_CONTROL_ADX&r=1701196405358&h=https%3A%2F%2Fas.ad4m.at%2Fdct%3Fed%3D1k0z19rg6y6bzm8twfamjqw1tkk5a4se2thq97kn2vtzcnr20r2zdygwjfahbyj7jz14gd71daa4qjkawedvzmsxrnp9asskhm7kejtywxa927w0b9nbwjbz339bss4ncxzb8vp273jz3egxj8cnd230w548jc4wvd85004cs3aewkxpa8ngf628nkw01ymfxp0ztgej6caepyhc1da1qtqx6mz5z8btn4zcxy5nmhw4pg9pq4m575z3g77x7g0r19wp01wnv72ya0wbjymg%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DCYHZhdDJmZaPGG_a5n88P8sS48A6Q4YGEXLaoworwAsCNtwEQASAAYJWCgICYB4IBF2NhLXB1Yi02NTkzNTIzMjEwMDEwMTU0yAEJqQKcXkyLdl-yPqgDAcgDAqoE6QFP0CC1bbj-T_ZdipGf0nvJ-D7eR_NQuSbuf-kmw62IzHRWN6r7EeDmzwmynHGe2lYtcDhcVxMdogOiCKouUh4daIM6fvnEXWIlrGmANz9zIwWA-pb3v5O7tatdbBDkAll1_OIwp1DxHvdIuZ9NyNIwMHgZgJ-fG-fzLKIstS7stAXpKBpCCNiYEQGgpb5nFK0x1H2gBRlyWB5W8YL9IEOXREWQ7gy-xeftLgMqkSFPea1iH5t4EiwU9F_IpseZ7TA-J8GWeUQI8AH0zVb9Vwp2wbl64TKLIicsgua6vsFE8wdY9jAJGqZdeIAGhpG7mv_1zaN4oAYhqAemvhuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIFAiA4YAQEAEyAqoCOgKAQEi9_cE6-gsCCAGADAHQFQGAFwE%2526num%253D1%2526sig%253DAOD64_3_HPA47LbvoBecTz13CSMG-gFA0Q%2526client%253Dca-pub-6593523210010154%2526adurl%253D&y=1&s=&z=0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::ac43:4a81 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4275ee4b58a39dcbd59ebeb2c806cb7afc45bde82e90daf14808b64702ad40b7

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 18:33:25 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 589601
cf-polished: qual=85, origFmt=jpeg, origSize=12951
alt-svc: h3=":443"; ma=86400
content-length: 7758
cf-bgj: imgq:85,h2pri
last-modified: Fri, 20 Oct 2023 22:22:01 GMT
server: cloudflare
etag: "12e3523b35b31c7ddfe7c77dcdb14a34"
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=cN%2B8%2BcF2QRIExQKJHrQqT%2Fd77jTxYa7ouuHMK5pv5ryg8zboHUC1XiXKFXOinm6gpjmRN6wIBfKsBkhSvUanaJwQXkrgaFZoykmiltjjdiR7wBMbauI%2FnWNK5DEJ00tN%2FXFblF7xdh1AhUSe"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
cache-control: public, max-age=315360000, immutable
accept-ranges: bytes
cf-ray: 82d4b2fed9ca9152-FRA

GET
H2 200 AC141A5CBB54977B2534F8C53AC3663BEDFA436FAE3ACD4988B6899C9BB97ACFAD4B76B4BA1B0B0E1691596C153E31B849811DF48CAC56F53701C63564F90B6A
assets.ad4m.at/product_image/ Frame 9C7A 23 KB
24 KB 55ms
53ms Image
image/jpeg 2606:4700:20::ac43:4a81
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.ad4m.at/product_image/AC141A5CBB54977B2534F8C53AC3663BEDFA436FAE3ACD4988B6899C9BB97ACFAD4B76B4BA1B0B0E1691596C153E31B849811DF48CAC56F53701C63564F90B6A
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=537178%2C13957%2C59372&b=8RZUDf8fZQ3phgHJHEtxtkbjfGSwT8J9TzD%2CYxGfrf3f9RxFVH9HetQtRR8ckS1T4pJcJQ%2C13ZsbfKfD47Xt9HdH9tAtb9rC2SKT7Mjf9b&f=ZxJfwfBf8rjdtmHDHDtDCJW8T6SXTx3qa27%2Cq4VSmfWfbPBuZHgHDtRCXXxaeSgTA2japQ%2CwA3SdfjfDQ58tEHRH2tEC867tzSATDzRTXj&c=728&d=90&e=&g=9e04326b27acc2263ef14a5b41e0219a%2F12202485594778751933&i=21596%2C20774%2C26474&j=16%2C14%2C41&k=0&l=0&m=0&n=&p=&q=&o=suite_Netmix_Reach02_SSP_CONTROL_ADX&r=1701196405358&h=https%3A%2F%2Fas.ad4m.at%2Fdct%3Fed%3D1k0z19rg6y6bzm8twfamjqw1tkk5a4se2thq97kn2vtzcnr20r2zdygwjfahbyj7jz14gd71daa4qjkawedvzmsxrnp9asskhm7kejtywxa927w0b9nbwjbz339bss4ncxzb8vp273jz3egxj8cnd230w548jc4wvd85004cs3aewkxpa8ngf628nkw01ymfxp0ztgej6caepyhc1da1qtqx6mz5z8btn4zcxy5nmhw4pg9pq4m575z3g77x7g0r19wp01wnv72ya0wbjymg%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DCYHZhdDJmZaPGG_a5n88P8sS48A6Q4YGEXLaoworwAsCNtwEQASAAYJWCgICYB4IBF2NhLXB1Yi02NTkzNTIzMjEwMDEwMTU0yAEJqQKcXkyLdl-yPqgDAcgDAqoE6QFP0CC1bbj-T_ZdipGf0nvJ-D7eR_NQuSbuf-kmw62IzHRWN6r7EeDmzwmynHGe2lYtcDhcVxMdogOiCKouUh4daIM6fvnEXWIlrGmANz9zIwWA-pb3v5O7tatdbBDkAll1_OIwp1DxHvdIuZ9NyNIwMHgZgJ-fG-fzLKIstS7stAXpKBpCCNiYEQGgpb5nFK0x1H2gBRlyWB5W8YL9IEOXREWQ7gy-xeftLgMqkSFPea1iH5t4EiwU9F_IpseZ7TA-J8GWeUQI8AH0zVb9Vwp2wbl64TKLIicsgua6vsFE8wdY9jAJGqZdeIAGhpG7mv_1zaN4oAYhqAemvhuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIFAiA4YAQEAEyAqoCOgKAQEi9_cE6-gsCCAGADAHQFQGAFwE%2526num%253D1%2526sig%253DAOD64_3_HPA47LbvoBecTz13CSMG-gFA0Q%2526client%253Dca-pub-6593523210010154%2526adurl%253D&y=1&s=&z=0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::ac43:4a81 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f9efcae330a872c802ed89b8c84a76283fd15ee41a69aede0a6e283a3cbd051c

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 18:33:25 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 1754126
cf-polished: status=not_needed
alt-svc: h3=":443"; ma=86400
content-length: 23632
cf-bgj: imgq:85,h2pri
last-modified: Wed, 08 Nov 2023 11:17:59 GMT
server: cloudflare
etag: "63a03b4741a32bd552f89ebc1011fcdb"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3imCpUSy8y6Y4gcjcfJ2Iqjiu8F5IaBhOmJNFPzoFIhzY1VsZIlIzIUYN7EFFNg5NikT9BrLusilRVtfdNjvsYh9aPJ%2FMTjC%2BASZM6%2Bx13aOIAZQeKpI47Pg07wtSdFOEnF3WtRvfwUlhUrD"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: public, max-age=315360000, immutable
accept-ranges: bytes
cf-ray: 82d4b2fed9cc9152-FRA

GET
H/1.1

200
OK

/
partner.o2online.de/a/ Frame 9C7A
Redirect Chain

https://ad.doubleclick.net/ddm/trackimp/N773418.3417549O2_AFFILIATE/B25220131.345081615;dc_trk_aid=536683351;dc_trk_cid=176936761;ord=%7B%7Btimestamp%7D%7D;dc_lat=;dc_rdid=;tag_for_child_directed_t...
https://ad.doubleclick.net/ddm/trackimp/N773418.3417549O2_AFFILIATE/B25220131.345081615;dc_pre=COS1yruq54IDFSn0EQgdawcN6g;dc_trk_aid=536683351;dc_trk_cid=176936761;ord=%7B%7Btimestamp%7D%7D;dc_lat=...
https://www.telefonica-partner.de/tpv.php?t=117683V1226132702M&subid=viewoneidYxGfrf3f9RxFVH9HetQtRR8ckS1T4pJcJQoneid__suite_Netmix_Reach02_SSP_CONTROL_ADX&gdpr_consent=&gdpr=0&gdpr_pd=0
https://www.lead-alliance.net/tpv.php?t=117683V1226132702M&subid=viewoneidYxGfrf3f9RxFVH9HetQtRR8ckS1T4pJcJQoneid__suite_Netmix_Reach02_SSP_CONTROL_ADX&gdpr_consent=&gdpr=0&gdpr_pd=0
https://partner.o2online.de/a/?i=pview&client=o2&camp=pview&l=de&nw=lea1&affiliate=117683&s_id=2023112819332590877062955X117683V1226132702MSviewoneidYxGfrf3f9RxFVH9HetQtRR8ckS1T4pJcJQoneid__suite_N...

49 B
1 KB

127ms
45ms

Image
image/gif

167.233.13.224
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://partner.o2online.de/a/?i=pview&client=o2&camp=pview&l=de&nw=lea1&affiliate=117683&s_id=2023112819332590877062955X117683V1226132702MSviewoneidYxGfrf3f9RxFVH9HetQtRR8ckS1T4pJcJQoneid__suite_Netmix_Reach02_SSP_CONTROL_ADX&gdpr_consent=&gdpr=0&cons=0&spid=2023112819332590877062955X117683V1226132702MSviewoneidYxGfrf3f9RxFVH9HetQtRR8ckS1T4pJcJQoneid__suite_Netmix_Reach02_SSP_CONTROL_ADX&wfid=117683&partnerid=12218
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=537178%2C13957%2C59372&b=8RZUDf8fZQ3phgHJHEtxtkbjfGSwT8J9TzD%2CYxGfrf3f9RxFVH9HetQtRR8ckS1T4pJcJQ%2C13ZsbfKfD47Xt9HdH9tAtb9rC2SKT7Mjf9b&f=ZxJfwfBf8rjdtmHDHDtDCJW8T6SXTx3qa27%2Cq4VSmfWfbPBuZHgHDtRCXXxaeSgTA2japQ%2CwA3SdfjfDQ58tEHRH2tEC867tzSATDzRTXj&c=728&d=90&e=&g=9e04326b27acc2263ef14a5b41e0219a%2F12202485594778751933&i=21596%2C20774%2C26474&j=16%2C14%2C41&k=0&l=0&m=0&n=&p=&q=&o=suite_Netmix_Reach02_SSP_CONTROL_ADX&r=1701196405358&h=https%3A%2F%2Fas.ad4m.at%2Fdct%3Fed%3D1k0z19rg6y6bzm8twfamjqw1tkk5a4se2thq97kn2vtzcnr20r2zdygwjfahbyj7jz14gd71daa4qjkawedvzmsxrnp9asskhm7kejtywxa927w0b9nbwjbz339bss4ncxzb8vp273jz3egxj8cnd230w548jc4wvd85004cs3aewkxpa8ngf628nkw01ymfxp0ztgej6caepyhc1da1qtqx6mz5z8btn4zcxy5nmhw4pg9pq4m575z3g77x7g0r19wp01wnv72ya0wbjymg%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DCYHZhdDJmZaPGG_a5n88P8sS48A6Q4YGEXLaoworwAsCNtwEQASAAYJWCgICYB4IBF2NhLXB1Yi02NTkzNTIzMjEwMDEwMTU0yAEJqQKcXkyLdl-yPqgDAcgDAqoE6QFP0CC1bbj-T_ZdipGf0nvJ-D7eR_NQuSbuf-kmw62IzHRWN6r7EeDmzwmynHGe2lYtcDhcVxMdogOiCKouUh4daIM6fvnEXWIlrGmANz9zIwWA-pb3v5O7tatdbBDkAll1_OIwp1DxHvdIuZ9NyNIwMHgZgJ-fG-fzLKIstS7stAXpKBpCCNiYEQGgpb5nFK0x1H2gBRlyWB5W8YL9IEOXREWQ7gy-xeftLgMqkSFPea1iH5t4EiwU9F_IpseZ7TA-J8GWeUQI8AH0zVb9Vwp2wbl64TKLIicsgua6vsFE8wdY9jAJGqZdeIAGhpG7mv_1zaN4oAYhqAemvhuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIFAiA4YAQEAEyAqoCOgKAQEi9_cE6-gsCCAGADAHQFQGAFwE%2526num%253D1%2526sig%253DAOD64_3_HPA47LbvoBecTz13CSMG-gFA0Q%2526client%253Dca-pub-6593523210010154%2526adurl%253D&y=1&s=&z=0
Protocol: HTTP/1.1
Server: 167.233.13.224 Hallbergmoos, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.224.13.233.167.clients.your-server.de
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: 1cd58a827318c4a29b32a0db15c8c39d5651b42d8cad227519ad81bce4adb944

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date: Tue, 28 Nov 2023 18:33:25 GMT
X-NODEIP: 88.99.63.132
Server: nginx/1.18.0 (Ubuntu)
RM-PrivacyPolicy: https://www.nonstoppartner.net/
Content-Type: image/gif
P3P: policyref="https://a.nonstoppartner.net/w3c/p3p.a.xml", CP="NOI CUR OUR STP"
Connection: keep-alive
Keep-Alive: timeout=10
Content-Length: 49

Redirect headers

location: https://partner.o2online.de/a/?i=pview&client=o2&camp=pview&l=de&nw=lea1&affiliate=117683&s_id=2023112819332590877062955X117683V1226132702MSviewoneidYxGfrf3f9RxFVH9HetQtRR8ckS1T4pJcJQoneid__suite_Netmix_Reach02_SSP_CONTROL_ADX&gdpr_consent=&gdpr=0&cons=0&spid=2023112819332590877062955X117683V1226132702MSviewoneidYxGfrf3f9RxFVH9HetQtRR8ckS1T4pJcJQoneid__suite_Netmix_Reach02_SSP_CONTROL_ADX&wfid=117683&partnerid=12218
date: Tue, 28 Nov 2023 18:33:25 GMT
x-content-type-options: nosniff
server: nginx
x-xss-protection: 1; mode=block
content-type: text/html; charset=UTF-8

GET
H2 200 E622BC9BD82AE6F51E341CE5BBC00C7BCEF1113266FC86A7954D357A123D68059FD32592A221C64F87EEABAF18D4698D5388E6B9CA984D807BB6BB7E4D07744E
assets.ad4m.at/logo/ Frame 9C7A 9 KB
9 KB 60ms
58ms Image
image/jpeg 2606:4700:20::ac43:4a81
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.ad4m.at/logo/E622BC9BD82AE6F51E341CE5BBC00C7BCEF1113266FC86A7954D357A123D68059FD32592A221C64F87EEABAF18D4698D5388E6B9CA984D807BB6BB7E4D07744E
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=537178%2C13957%2C59372&b=8RZUDf8fZQ3phgHJHEtxtkbjfGSwT8J9TzD%2CYxGfrf3f9RxFVH9HetQtRR8ckS1T4pJcJQ%2C13ZsbfKfD47Xt9HdH9tAtb9rC2SKT7Mjf9b&f=ZxJfwfBf8rjdtmHDHDtDCJW8T6SXTx3qa27%2Cq4VSmfWfbPBuZHgHDtRCXXxaeSgTA2japQ%2CwA3SdfjfDQ58tEHRH2tEC867tzSATDzRTXj&c=728&d=90&e=&g=9e04326b27acc2263ef14a5b41e0219a%2F12202485594778751933&i=21596%2C20774%2C26474&j=16%2C14%2C41&k=0&l=0&m=0&n=&p=&q=&o=suite_Netmix_Reach02_SSP_CONTROL_ADX&r=1701196405358&h=https%3A%2F%2Fas.ad4m.at%2Fdct%3Fed%3D1k0z19rg6y6bzm8twfamjqw1tkk5a4se2thq97kn2vtzcnr20r2zdygwjfahbyj7jz14gd71daa4qjkawedvzmsxrnp9asskhm7kejtywxa927w0b9nbwjbz339bss4ncxzb8vp273jz3egxj8cnd230w548jc4wvd85004cs3aewkxpa8ngf628nkw01ymfxp0ztgej6caepyhc1da1qtqx6mz5z8btn4zcxy5nmhw4pg9pq4m575z3g77x7g0r19wp01wnv72ya0wbjymg%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DCYHZhdDJmZaPGG_a5n88P8sS48A6Q4YGEXLaoworwAsCNtwEQASAAYJWCgICYB4IBF2NhLXB1Yi02NTkzNTIzMjEwMDEwMTU0yAEJqQKcXkyLdl-yPqgDAcgDAqoE6QFP0CC1bbj-T_ZdipGf0nvJ-D7eR_NQuSbuf-kmw62IzHRWN6r7EeDmzwmynHGe2lYtcDhcVxMdogOiCKouUh4daIM6fvnEXWIlrGmANz9zIwWA-pb3v5O7tatdbBDkAll1_OIwp1DxHvdIuZ9NyNIwMHgZgJ-fG-fzLKIstS7stAXpKBpCCNiYEQGgpb5nFK0x1H2gBRlyWB5W8YL9IEOXREWQ7gy-xeftLgMqkSFPea1iH5t4EiwU9F_IpseZ7TA-J8GWeUQI8AH0zVb9Vwp2wbl64TKLIicsgua6vsFE8wdY9jAJGqZdeIAGhpG7mv_1zaN4oAYhqAemvhuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIFAiA4YAQEAEyAqoCOgKAQEi9_cE6-gsCCAGADAHQFQGAFwE%2526num%253D1%2526sig%253DAOD64_3_HPA47LbvoBecTz13CSMG-gFA0Q%2526client%253Dca-pub-6593523210010154%2526adurl%253D&y=1&s=&z=0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::ac43:4a81 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3a58de8d9c7b24b39cfd318f36cf8ac8e2eb491829df30979155028a448fa254

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 18:33:25 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 1616561
cf-polished: status=not_needed
alt-svc: h3=":443"; ma=86400
content-length: 8772
cf-bgj: imgq:85,h2pri
last-modified: Thu, 09 Nov 2023 08:13:38 GMT
server: cloudflare
etag: "15b1f39d668aa86c2ba2ba17d94cc733"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=sXLgx8s0SHNIQ99ZpyE0KBWFP7AwHVa9BmWVd7OZ8fMUsAHTqDiyBf0dGSK4QA%2FjeU2UCbmldW%2FGuGpLQBbic%2B6d%2BLz%2FFo8SROkxPBucpp2dLyipEedEpUyP2eHmIfJ%2B4moFbUt65aLvM1y0"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: public, max-age=315360000, immutable
accept-ranges: bytes
cf-ray: 82d4b2fed9ce9152-FRA

GET
H2 200 279BCE6B9568D9AE2B8C70E08B2EFB9090E70FAF0A57016F1FF1164C3FD10E76FA99D7B60FDBA51FCD5C0021F8A6AF19B45972E81F9CF2D592514708334D146B
assets.ad4m.at/ Frame 9C7A 22 KB
22 KB 60ms
59ms Image
image/jpeg 2606:4700:20::ac43:4a81
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.ad4m.at/279BCE6B9568D9AE2B8C70E08B2EFB9090E70FAF0A57016F1FF1164C3FD10E76FA99D7B60FDBA51FCD5C0021F8A6AF19B45972E81F9CF2D592514708334D146B
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=537178%2C13957%2C59372&b=8RZUDf8fZQ3phgHJHEtxtkbjfGSwT8J9TzD%2CYxGfrf3f9RxFVH9HetQtRR8ckS1T4pJcJQ%2C13ZsbfKfD47Xt9HdH9tAtb9rC2SKT7Mjf9b&f=ZxJfwfBf8rjdtmHDHDtDCJW8T6SXTx3qa27%2Cq4VSmfWfbPBuZHgHDtRCXXxaeSgTA2japQ%2CwA3SdfjfDQ58tEHRH2tEC867tzSATDzRTXj&c=728&d=90&e=&g=9e04326b27acc2263ef14a5b41e0219a%2F12202485594778751933&i=21596%2C20774%2C26474&j=16%2C14%2C41&k=0&l=0&m=0&n=&p=&q=&o=suite_Netmix_Reach02_SSP_CONTROL_ADX&r=1701196405358&h=https%3A%2F%2Fas.ad4m.at%2Fdct%3Fed%3D1k0z19rg6y6bzm8twfamjqw1tkk5a4se2thq97kn2vtzcnr20r2zdygwjfahbyj7jz14gd71daa4qjkawedvzmsxrnp9asskhm7kejtywxa927w0b9nbwjbz339bss4ncxzb8vp273jz3egxj8cnd230w548jc4wvd85004cs3aewkxpa8ngf628nkw01ymfxp0ztgej6caepyhc1da1qtqx6mz5z8btn4zcxy5nmhw4pg9pq4m575z3g77x7g0r19wp01wnv72ya0wbjymg%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DCYHZhdDJmZaPGG_a5n88P8sS48A6Q4YGEXLaoworwAsCNtwEQASAAYJWCgICYB4IBF2NhLXB1Yi02NTkzNTIzMjEwMDEwMTU0yAEJqQKcXkyLdl-yPqgDAcgDAqoE6QFP0CC1bbj-T_ZdipGf0nvJ-D7eR_NQuSbuf-kmw62IzHRWN6r7EeDmzwmynHGe2lYtcDhcVxMdogOiCKouUh4daIM6fvnEXWIlrGmANz9zIwWA-pb3v5O7tatdbBDkAll1_OIwp1DxHvdIuZ9NyNIwMHgZgJ-fG-fzLKIstS7stAXpKBpCCNiYEQGgpb5nFK0x1H2gBRlyWB5W8YL9IEOXREWQ7gy-xeftLgMqkSFPea1iH5t4EiwU9F_IpseZ7TA-J8GWeUQI8AH0zVb9Vwp2wbl64TKLIicsgua6vsFE8wdY9jAJGqZdeIAGhpG7mv_1zaN4oAYhqAemvhuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIFAiA4YAQEAEyAqoCOgKAQEi9_cE6-gsCCAGADAHQFQGAFwE%2526num%253D1%2526sig%253DAOD64_3_HPA47LbvoBecTz13CSMG-gFA0Q%2526client%253Dca-pub-6593523210010154%2526adurl%253D&y=1&s=&z=0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::ac43:4a81 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 45941cddb32c44e5eff43b00a2f5ead40b9d0e6323ae161a40c426bc8c500f71

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 18:33:25 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 1335457
cf-polished: status=not_needed
alt-svc: h3=":443"; ma=86400
content-length: 22596
cf-bgj: imgq:85,h2pri
last-modified: Thu, 09 Nov 2023 08:08:47 GMT
server: cloudflare
etag: "80c578a48f16f48e135bcb3d2ea2c9e4"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Z5mRBt17oHbJ%2BSFif%2BsMNLc%2FE0eGrvtYyv%2FBNrigi5vI7Y%2FA2FI9uu5d98GASrkfhqIQ7OC44%2F%2FprYVtiglgOqWz9HJ4wnbrO%2FPG%2FlrniVv6d%2Bj5hBIFHZmjGfWEctHhj5oeVLA1bix7gwAd"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: public, max-age=315360000, immutable
accept-ranges: bytes
cf-ray: 82d4b2fee9ee9152-FRA

GET
H2

200

view.aspx
pb.media01.eu/ Frame 9C7A
Redirect Chain

https://pv.medialead.de/trck/epv/2aed39855b5f46b777481d90b61d111f?t=htlp&subid=oneid13ZsbfKfD47Xt9HdH9tAtb9rC2SKT7Mjf9boneid__suite_Netmix_Reach02_SSP_CONTROL_ADX&gdpr_consent=&gdpr=0&gdpr_pd=0
https://pb.media01.eu/view.aspx?trackid=529D4F146E3238B0FD87AE72E1190AD4&dt_subid1=57372&dt_subid2=oneid13ZsbfKfD47Xt9HdH9tAtb9rC2SKT7Mjf9boneid__suite_Netmix_Reach02_SSP_CONTROL_ADX&actionid=45665...

0
182 B

50ms
48ms

Image
text/html

88.198.250.30
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pb.media01.eu/view.aspx?trackid=529D4F146E3238B0FD87AE72E1190AD4&dt_subid1=57372&dt_subid2=oneid13ZsbfKfD47Xt9HdH9tAtb9rC2SKT7Mjf9boneid__suite_Netmix_Reach02_SSP_CONTROL_ADX&actionid=456654&produktid=Freshmoney&dt_url=

Requested by

Protocol

Server

88.198.250.30 , Germany, ASN24940 (HETZNER-AS, DE),

Reverse DNS

static.88-198-250-30.clients.your-server.de

Software

Microsoft-IIS/10.0 / ASP.NET

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 18:33:25 GMT
x-aspnet-version: 4.0.30319
x-powered-by: ASP.NET
p3p: policyref="https://pb.media01.eu/pb.media01.eu/p3p.xml", CP="NOI NID PSA OUR BUS NAV STA"
content-length: 0
x-xss-protection: 1; mode=block
pragma: no-cache
last-modified: Tue, 28 Nov 2023 07:33:25 GMT
server: Microsoft-IIS/10.0
access-control-allow-methods: GET,POST
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
access-control-allow-headers: Content-Type, Content-Range, Content-Disposition, Content-Description, X-XSRF-TOKEN, X-Location
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

date: Tue, 28 Nov 2023 18:33:25 GMT
strict-transport-security: max-age=15768000
x-iplb-instance: 40027
content-length: 0
proxy-host: pv.medialead.de
attribution-reporting-register-source: {"source_event_id":"17200573720105030","destination":"https://trck.easy-m.de","expiry":5184000,"filter_data":{}}
server: nginx/1.17.5
host: pv.medialead.de
x-iplb-request-id: D972D785:A5A2_91EFC182:01BB_65663275_8A68A40:1E879
vary: Origin
content-type: application/javascript
access-control-allow-origin: *
location: https://pb.media01.eu/view.aspx?trackid=529D4F146E3238B0FD87AE72E1190AD4&dt_subid1=57372&dt_subid2=oneid13ZsbfKfD47Xt9HdH9tAtb9rC2SKT7Mjf9boneid__suite_Netmix_Reach02_SSP_CONTROL_ADX&actionid=456654&produktid=Freshmoney&dt_url=
access-control-expose-headers: X-Request-ID
access-control-allow-credentials: true
keep-alive: timeout=20

GET
H3 200 default.css
as.ad4m.at/ad/style/0.1.50/one-ad/ Frame A4DE 115 KB
14 KB 37ms
36ms Stylesheet
text/css 2606:4700:20::ac43:4a81
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://as.ad4m.at/ad/style/0.1.50/one-ad/default.css
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=23576%2C19769%2C117569&b=YX1Hrf15spBpHVH9HetQtRR8cAT1T6mHr%2C2xqt6fRQfDrbSVHWHkt8txZPcWT7TEYcg%2CApEhYf9mueRQdhAHRH4tkt3D6c7T4T1Ec9&f=qDRUmfD7H757CZHgHDtRCXXxaPTgTVZF3%2C4BxHEf1Ks2P6fGH9HdtzCmwPFZTpTjRHK%2CMYrCzfjQsGkwrSWHEHGtQCDkPF9T4T2gu3&c=728&d=90&e=&g=c6a840d15744955f3c417d5ab59f8dff%2F2801191726136609819&i=20774%2C21630%2C29981&j=14%2C16%2C16&k=0&l=0&m=0&n=&p=&q=&o=suite_Netmix_Reach13_BlackFridayPush&r=1701196405366&h=https%3A%2F%2Fas.ad4m.at%2Fdct%3Fed%3D1krqjczj8csskprz0ftme550yr1zt2m4zzjw8by0hb92qsgyqbnt4dj339htgg3z5z4ndrcjhw8p0revm2tfy0wgntb73ps2v00gag0z9x6fz8he0a94tc3gwqe5d6xdtr7p58j6mq00tm3770qxhx9awq6c5k2ybp5h8tvxk3v687wt6zwhdcy6458egp8rxkxvgsfmg93e945yte1grc457cerv37wnpvqazqz14sr76rbmwdn15kdzrcdn7pkygzevkhdtjmt0khrx3kg%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DCKDGHdDJmZbuTEdqS4_UP_vO9iAiQ4YGEXLaoworwAsCNtwEQASAAYJWCgICYB4IBF2NhLXB1Yi02NTkzNTIzMjEwMDEwMTU0yAEJqQKcXkyLdl-yPqgDAcgDAqoE6QFP0PDdAk83JawtnOUZWG5AxIEGH19BxcviB1AHNMDgTDKIKKatzIt05nWnia6-BWpJWePvCOovvhAfzDtL-ucbNnMHJluzKKwfqvIHUF7BNdQsF359HLMbk1RMB36fKiuUfAcU4Ss1z-uF8FDOJCUvi4drn6iNgK4B5hzdC3Cr6iMSiKW8rrNO2nd_9QFO77Ie-9xytUB_2GmhilEwgCL8vhLdGGVFZoad9-7U1Au7BIIuP0a0n0sVXDSk92B6SqWx9YSLF_jGMF0UFIveBFCbM0VMOsj300a1Tc8RWighTD_oz8ZGh39jHoAGgoaOsvyw2Zb6AaAGIagHpr4bqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCBQIgOGAEBABMgKqAjoCgEBIvf3BOvoLAggBgAwB0BUBgBcB%2526num%253D1%2526sig%253DAOD64_3FwOQMqPyg8CUCKkxXgK-9lhIGdA%2526client%253Dca-pub-6593523210010154%2526adurl%253D&y=1&s=&z=0
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::ac43:4a81 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5f5a0db09b2c7d59fce00d749f6b857d80edafcca6897c038c5b77fb942f1393

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://as.ad4m.at/ad/rar?a=23576%2C19769%2C117569&b=YX1Hrf15spBpHVH9HetQtRR8cAT1T6mHr%2C2xqt6fRQfDrbSVHWHkt8txZPcWT7TEYcg%2CApEhYf9mueRQdhAHRH4tkt3D6c7T4T1Ec9&f=qDRUmfD7H757CZHgHDtRCXXxaPTgTVZF3%2C4BxHEf1Ks2P6fGH9HdtzCmwPFZTpTjRHK%2CMYrCzfjQsGkwrSWHEHGtQCDkPF9T4T2gu3&c=728&d=90&e=&g=c6a840d15744955f3c417d5ab59f8dff%2F2801191726136609819&i=20774%2C21630%2C29981&j=14%2C16%2C16&k=0&l=0&m=0&n=&p=&q=&o=suite_Netmix_Reach13_BlackFridayPush&r=1701196405366&h=https%3A%2F%2Fas.ad4m.at%2Fdct%3Fed%3D1krqjczj8csskprz0ftme550yr1zt2m4zzjw8by0hb92qsgyqbnt4dj339htgg3z5z4ndrcjhw8p0revm2tfy0wgntb73ps2v00gag0z9x6fz8he0a94tc3gwqe5d6xdtr7p58j6mq00tm3770qxhx9awq6c5k2ybp5h8tvxk3v687wt6zwhdcy6458egp8rxkxvgsfmg93e945yte1grc457cerv37wnpvqazqz14sr76rbmwdn15kdzrcdn7pkygzevkhdtjmt0khrx3kg%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DCKDGHdDJmZbuTEdqS4_UP_vO9iAiQ4YGEXLaoworwAsCNtwEQASAAYJWCgICYB4IBF2NhLXB1Yi02NTkzNTIzMjEwMDEwMTU0yAEJqQKcXkyLdl-yPqgDAcgDAqoE6QFP0PDdAk83JawtnOUZWG5AxIEGH19BxcviB1AHNMDgTDKIKKatzIt05nWnia6-BWpJWePvCOovvhAfzDtL-ucbNnMHJluzKKwfqvIHUF7BNdQsF359HLMbk1RMB36fKiuUfAcU4Ss1z-uF8FDOJCUvi4drn6iNgK4B5hzdC3Cr6iMSiKW8rrNO2nd_9QFO77Ie-9xytUB_2GmhilEwgCL8vhLdGGVFZoad9-7U1Au7BIIuP0a0n0sVXDSk92B6SqWx9YSLF_jGMF0UFIveBFCbM0VMOsj300a1Tc8RWighTD_oz8ZGh39jHoAGgoaOsvyw2Zb6AaAGIagHpr4bqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCBQIgOGAEBABMgKqAjoCgEBIvf3BOvoLAggBgAwB0BUBgBcB%2526num%253D1%2526sig%253DAOD64_3FwOQMqPyg8CUCKkxXgK-9lhIGdA%2526client%253Dca-pub-6593523210010154%2526adurl%253D&y=1&s=&z=0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 18:33:25 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 1442625
cf-polished: origSize=118430
alt-svc: h3=":443"; ma=86400
cf-bgj: minify
last-modified: Thu, 02 Nov 2023 10:26:17 GMT
server: cloudflare
etag: W/"486507ccce9ac587d11c0ef3f32a109a"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=w0LQAolhqgrXnommp8VeCF4fE6hEuoWw%2BHUWqLiOqQtMLgosuU8818x7ybvZ1WqEOPX%2FGX1KFGuQDxb7KAwfoWLe5B9Mnwxn6x%2FAiwzhfuorKUxgJRV0nWhXuxwLWx50esiZcnOCMg8%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: public, max-age=86400
cf-ray: 82d4b2feae9e9954-FRA
expires: Wed, 29 Nov 2023 18:33:25 GMT

GET
H2 200 D694B3AB12381C049B127B34DC11A792684BA8B6EE8B598D6E4045678591B7D0DC6B2CEF7528F06BB05FC11826A1D16CF24DA68FCFC2416343996FBFC05A3155
assets.ad4m.at/logo/ Frame A4DE 8 KB
8 KB 57ms
39ms Image
image/webp 2606:4700:20::ac43:4a81
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.ad4m.at/logo/D694B3AB12381C049B127B34DC11A792684BA8B6EE8B598D6E4045678591B7D0DC6B2CEF7528F06BB05FC11826A1D16CF24DA68FCFC2416343996FBFC05A3155
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=23576%2C19769%2C117569&b=YX1Hrf15spBpHVH9HetQtRR8cAT1T6mHr%2C2xqt6fRQfDrbSVHWHkt8txZPcWT7TEYcg%2CApEhYf9mueRQdhAHRH4tkt3D6c7T4T1Ec9&f=qDRUmfD7H757CZHgHDtRCXXxaPTgTVZF3%2C4BxHEf1Ks2P6fGH9HdtzCmwPFZTpTjRHK%2CMYrCzfjQsGkwrSWHEHGtQCDkPF9T4T2gu3&c=728&d=90&e=&g=c6a840d15744955f3c417d5ab59f8dff%2F2801191726136609819&i=20774%2C21630%2C29981&j=14%2C16%2C16&k=0&l=0&m=0&n=&p=&q=&o=suite_Netmix_Reach13_BlackFridayPush&r=1701196405366&h=https%3A%2F%2Fas.ad4m.at%2Fdct%3Fed%3D1krqjczj8csskprz0ftme550yr1zt2m4zzjw8by0hb92qsgyqbnt4dj339htgg3z5z4ndrcjhw8p0revm2tfy0wgntb73ps2v00gag0z9x6fz8he0a94tc3gwqe5d6xdtr7p58j6mq00tm3770qxhx9awq6c5k2ybp5h8tvxk3v687wt6zwhdcy6458egp8rxkxvgsfmg93e945yte1grc457cerv37wnpvqazqz14sr76rbmwdn15kdzrcdn7pkygzevkhdtjmt0khrx3kg%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DCKDGHdDJmZbuTEdqS4_UP_vO9iAiQ4YGEXLaoworwAsCNtwEQASAAYJWCgICYB4IBF2NhLXB1Yi02NTkzNTIzMjEwMDEwMTU0yAEJqQKcXkyLdl-yPqgDAcgDAqoE6QFP0PDdAk83JawtnOUZWG5AxIEGH19BxcviB1AHNMDgTDKIKKatzIt05nWnia6-BWpJWePvCOovvhAfzDtL-ucbNnMHJluzKKwfqvIHUF7BNdQsF359HLMbk1RMB36fKiuUfAcU4Ss1z-uF8FDOJCUvi4drn6iNgK4B5hzdC3Cr6iMSiKW8rrNO2nd_9QFO77Ie-9xytUB_2GmhilEwgCL8vhLdGGVFZoad9-7U1Au7BIIuP0a0n0sVXDSk92B6SqWx9YSLF_jGMF0UFIveBFCbM0VMOsj300a1Tc8RWighTD_oz8ZGh39jHoAGgoaOsvyw2Zb6AaAGIagHpr4bqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCBQIgOGAEBABMgKqAjoCgEBIvf3BOvoLAggBgAwB0BUBgBcB%2526num%253D1%2526sig%253DAOD64_3FwOQMqPyg8CUCKkxXgK-9lhIGdA%2526client%253Dca-pub-6593523210010154%2526adurl%253D&y=1&s=&z=0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::ac43:4a81 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4275ee4b58a39dcbd59ebeb2c806cb7afc45bde82e90daf14808b64702ad40b7

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 18:33:25 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 589601
cf-polished: qual=85, origFmt=jpeg, origSize=12951
alt-svc: h3=":443"; ma=86400
content-length: 7758
cf-bgj: imgq:85,h2pri
last-modified: Fri, 20 Oct 2023 22:22:01 GMT
server: cloudflare
etag: "12e3523b35b31c7ddfe7c77dcdb14a34"
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=p9Fln5vkc5z6SWxVKrx%2BXZsTpwdXppPJ8AVLDsvbsy0dMgk0igvus3tx7wN55iIVAgIW2vVNMU7v12N7pLLPo0hhFTSUGYZfT%2BSCUXbZYTeCHzUA2EIx0msHPBwzh2eiMaoBLareETaOhB9S"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
cache-control: public, max-age=315360000, immutable
accept-ranges: bytes
cf-ray: 82d4b2fec9b99152-FRA

GET
H2 200 F62A1DE9558535D0FF655677BD09A3CC277ACE3637CF682E0D52C0F5BBA2668E34C6194AEF65CBBC1F6ECA33D1332A3C8BE1215EA4AB0FD0FBE5F5B485AF1875
assets.ad4m.at/product_image/ Frame A4DE 20 KB
21 KB 58ms
41ms Image
image/webp 2606:4700:20::ac43:4a81
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.ad4m.at/product_image/F62A1DE9558535D0FF655677BD09A3CC277ACE3637CF682E0D52C0F5BBA2668E34C6194AEF65CBBC1F6ECA33D1332A3C8BE1215EA4AB0FD0FBE5F5B485AF1875
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=23576%2C19769%2C117569&b=YX1Hrf15spBpHVH9HetQtRR8cAT1T6mHr%2C2xqt6fRQfDrbSVHWHkt8txZPcWT7TEYcg%2CApEhYf9mueRQdhAHRH4tkt3D6c7T4T1Ec9&f=qDRUmfD7H757CZHgHDtRCXXxaPTgTVZF3%2C4BxHEf1Ks2P6fGH9HdtzCmwPFZTpTjRHK%2CMYrCzfjQsGkwrSWHEHGtQCDkPF9T4T2gu3&c=728&d=90&e=&g=c6a840d15744955f3c417d5ab59f8dff%2F2801191726136609819&i=20774%2C21630%2C29981&j=14%2C16%2C16&k=0&l=0&m=0&n=&p=&q=&o=suite_Netmix_Reach13_BlackFridayPush&r=1701196405366&h=https%3A%2F%2Fas.ad4m.at%2Fdct%3Fed%3D1krqjczj8csskprz0ftme550yr1zt2m4zzjw8by0hb92qsgyqbnt4dj339htgg3z5z4ndrcjhw8p0revm2tfy0wgntb73ps2v00gag0z9x6fz8he0a94tc3gwqe5d6xdtr7p58j6mq00tm3770qxhx9awq6c5k2ybp5h8tvxk3v687wt6zwhdcy6458egp8rxkxvgsfmg93e945yte1grc457cerv37wnpvqazqz14sr76rbmwdn15kdzrcdn7pkygzevkhdtjmt0khrx3kg%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DCKDGHdDJmZbuTEdqS4_UP_vO9iAiQ4YGEXLaoworwAsCNtwEQASAAYJWCgICYB4IBF2NhLXB1Yi02NTkzNTIzMjEwMDEwMTU0yAEJqQKcXkyLdl-yPqgDAcgDAqoE6QFP0PDdAk83JawtnOUZWG5AxIEGH19BxcviB1AHNMDgTDKIKKatzIt05nWnia6-BWpJWePvCOovvhAfzDtL-ucbNnMHJluzKKwfqvIHUF7BNdQsF359HLMbk1RMB36fKiuUfAcU4Ss1z-uF8FDOJCUvi4drn6iNgK4B5hzdC3Cr6iMSiKW8rrNO2nd_9QFO77Ie-9xytUB_2GmhilEwgCL8vhLdGGVFZoad9-7U1Au7BIIuP0a0n0sVXDSk92B6SqWx9YSLF_jGMF0UFIveBFCbM0VMOsj300a1Tc8RWighTD_oz8ZGh39jHoAGgoaOsvyw2Zb6AaAGIagHpr4bqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCBQIgOGAEBABMgKqAjoCgEBIvf3BOvoLAggBgAwB0BUBgBcB%2526num%253D1%2526sig%253DAOD64_3FwOQMqPyg8CUCKkxXgK-9lhIGdA%2526client%253Dca-pub-6593523210010154%2526adurl%253D&y=1&s=&z=0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::ac43:4a81 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8be82f349b2994d7f0ed7fcba5e50ffb8a960f135e513b34730af4578cab9883

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 18:33:25 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 596210
cf-polished: qual=85, origFmt=jpeg, origSize=23329
alt-svc: h3=":443"; ma=86400
content-length: 20802
cf-bgj: imgq:85,h2pri
last-modified: Tue, 31 Oct 2023 16:54:32 GMT
server: cloudflare
etag: "e320c43993ae8577c544483e96756c59"
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fnABuVhiU%2BbtFE9AogUmWURhN5sB38cePRneCHuYvhzpUUSKH7Nbyn%2F45vEt4%2B0Q%2Bo2rDPb%2BDnDd9aQMYzB58R%2BNNxoiJG7JqZLa%2BxtGgL0m7Mo6dIIhgz1HveK028jocZQL0aKGaTx5eFsm"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
cache-control: public, max-age=315360000, immutable
accept-ranges: bytes
cf-ray: 82d4b2fec9bb9152-FRA

GET
H/1.1

200
OK

/
partner.o2online.de/a/ Frame A4DE
Redirect Chain

https://ad.doubleclick.net/ddm/trackimp/N773418.3417549O2_AFFILIATE/B25220131.345081615;dc_trk_aid=536683351;dc_trk_cid=176936761;ord=%7B%7Btimestamp%7D%7D;dc_lat=;dc_rdid=;tag_for_child_directed_t...
https://ad.doubleclick.net/ddm/trackimp/N773418.3417549O2_AFFILIATE/B25220131.345081615;dc_pre=COu6yruq54IDFVkx4AodmxILnA;dc_trk_aid=536683351;dc_trk_cid=176936761;ord=%7B%7Btimestamp%7D%7D;dc_lat=...
https://www.telefonica-partner.de/tpv.php?t=120211V1226132702M&subid=viewoneidYX1Hrf15spBpHVH9HetQtRR8cAT1T6mHroneid__suite_Netmix_Reach13_BlackFridayPush&gdpr_consent=&gdpr=0&gdpr_pd=0
https://www.lead-alliance.net/tpv.php?t=120211V1226132702M&subid=viewoneidYX1Hrf15spBpHVH9HetQtRR8cAT1T6mHroneid__suite_Netmix_Reach13_BlackFridayPush&gdpr_consent=&gdpr=0&gdpr_pd=0
https://partner.o2online.de/a/?i=pview&client=o2&camp=pview&l=de&nw=lea1&affiliate=120211&s_id=2023112819332590877062949X120211V1226132702MSviewoneidYX1Hrf15spBpHVH9HetQtRR8cAT1T6mHroneid__suite_Ne...

49 B
1 KB

124ms
38ms

Image
image/gif

167.233.13.224
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://partner.o2online.de/a/?i=pview&client=o2&camp=pview&l=de&nw=lea1&affiliate=120211&s_id=2023112819332590877062949X120211V1226132702MSviewoneidYX1Hrf15spBpHVH9HetQtRR8cAT1T6mHroneid__suite_Netmix_Reach13_BlackFridayPush&gdpr_consent=&gdpr=0&cons=0&spid=2023112819332590877062949X120211V1226132702MSviewoneidYX1Hrf15spBpHVH9HetQtRR8cAT1T6mHroneid__suite_Netmix_Reach13_BlackFridayPush&wfid=120211&partnerid=12218
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=23576%2C19769%2C117569&b=YX1Hrf15spBpHVH9HetQtRR8cAT1T6mHr%2C2xqt6fRQfDrbSVHWHkt8txZPcWT7TEYcg%2CApEhYf9mueRQdhAHRH4tkt3D6c7T4T1Ec9&f=qDRUmfD7H757CZHgHDtRCXXxaPTgTVZF3%2C4BxHEf1Ks2P6fGH9HdtzCmwPFZTpTjRHK%2CMYrCzfjQsGkwrSWHEHGtQCDkPF9T4T2gu3&c=728&d=90&e=&g=c6a840d15744955f3c417d5ab59f8dff%2F2801191726136609819&i=20774%2C21630%2C29981&j=14%2C16%2C16&k=0&l=0&m=0&n=&p=&q=&o=suite_Netmix_Reach13_BlackFridayPush&r=1701196405366&h=https%3A%2F%2Fas.ad4m.at%2Fdct%3Fed%3D1krqjczj8csskprz0ftme550yr1zt2m4zzjw8by0hb92qsgyqbnt4dj339htgg3z5z4ndrcjhw8p0revm2tfy0wgntb73ps2v00gag0z9x6fz8he0a94tc3gwqe5d6xdtr7p58j6mq00tm3770qxhx9awq6c5k2ybp5h8tvxk3v687wt6zwhdcy6458egp8rxkxvgsfmg93e945yte1grc457cerv37wnpvqazqz14sr76rbmwdn15kdzrcdn7pkygzevkhdtjmt0khrx3kg%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DCKDGHdDJmZbuTEdqS4_UP_vO9iAiQ4YGEXLaoworwAsCNtwEQASAAYJWCgICYB4IBF2NhLXB1Yi02NTkzNTIzMjEwMDEwMTU0yAEJqQKcXkyLdl-yPqgDAcgDAqoE6QFP0PDdAk83JawtnOUZWG5AxIEGH19BxcviB1AHNMDgTDKIKKatzIt05nWnia6-BWpJWePvCOovvhAfzDtL-ucbNnMHJluzKKwfqvIHUF7BNdQsF359HLMbk1RMB36fKiuUfAcU4Ss1z-uF8FDOJCUvi4drn6iNgK4B5hzdC3Cr6iMSiKW8rrNO2nd_9QFO77Ie-9xytUB_2GmhilEwgCL8vhLdGGVFZoad9-7U1Au7BIIuP0a0n0sVXDSk92B6SqWx9YSLF_jGMF0UFIveBFCbM0VMOsj300a1Tc8RWighTD_oz8ZGh39jHoAGgoaOsvyw2Zb6AaAGIagHpr4bqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCBQIgOGAEBABMgKqAjoCgEBIvf3BOvoLAggBgAwB0BUBgBcB%2526num%253D1%2526sig%253DAOD64_3FwOQMqPyg8CUCKkxXgK-9lhIGdA%2526client%253Dca-pub-6593523210010154%2526adurl%253D&y=1&s=&z=0
Protocol: HTTP/1.1
Server: 167.233.13.224 Hallbergmoos, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.224.13.233.167.clients.your-server.de
Software: nginx/1.14.0 (Ubuntu) /
Resource Hash: 1cd58a827318c4a29b32a0db15c8c39d5651b42d8cad227519ad81bce4adb944

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date: Tue, 28 Nov 2023 18:33:25 GMT
X-NODEIP: 78.46.85.162
Server: nginx/1.14.0 (Ubuntu)
RM-PrivacyPolicy: https://www.nonstoppartner.net/
Content-Type: image/gif
P3P: policyref="https://a.nonstoppartner.net/w3c/p3p.a.xml", CP="NOI CUR OUR STP"
Connection: keep-alive
Keep-Alive: timeout=10
Content-Length: 49

Redirect headers

location: https://partner.o2online.de/a/?i=pview&client=o2&camp=pview&l=de&nw=lea1&affiliate=120211&s_id=2023112819332590877062949X120211V1226132702MSviewoneidYX1Hrf15spBpHVH9HetQtRR8cAT1T6mHroneid__suite_Netmix_Reach13_BlackFridayPush&gdpr_consent=&gdpr=0&cons=0&spid=2023112819332590877062949X120211V1226132702MSviewoneidYX1Hrf15spBpHVH9HetQtRR8cAT1T6mHroneid__suite_Netmix_Reach13_BlackFridayPush&wfid=120211&partnerid=12218
date: Tue, 28 Nov 2023 18:33:25 GMT
x-content-type-options: nosniff
server: nginx
x-xss-protection: 1; mode=block
content-type: text/html; charset=UTF-8

GET
H2 200 90E11D2E4CFB32857DB7C2E1317DD53401EA4F6F6F9CD68E6E871CA9D0C876402E8B3C561F20D09E5FFCF6D6F6634B28F60F47276020F60158747BE09B58F826
assets.ad4m.at/logo/ Frame A4DE 4 KB
5 KB 53ms
52ms Image
image/webp 2606:4700:20::ac43:4a81
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.ad4m.at/logo/90E11D2E4CFB32857DB7C2E1317DD53401EA4F6F6F9CD68E6E871CA9D0C876402E8B3C561F20D09E5FFCF6D6F6634B28F60F47276020F60158747BE09B58F826
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=23576%2C19769%2C117569&b=YX1Hrf15spBpHVH9HetQtRR8cAT1T6mHr%2C2xqt6fRQfDrbSVHWHkt8txZPcWT7TEYcg%2CApEhYf9mueRQdhAHRH4tkt3D6c7T4T1Ec9&f=qDRUmfD7H757CZHgHDtRCXXxaPTgTVZF3%2C4BxHEf1Ks2P6fGH9HdtzCmwPFZTpTjRHK%2CMYrCzfjQsGkwrSWHEHGtQCDkPF9T4T2gu3&c=728&d=90&e=&g=c6a840d15744955f3c417d5ab59f8dff%2F2801191726136609819&i=20774%2C21630%2C29981&j=14%2C16%2C16&k=0&l=0&m=0&n=&p=&q=&o=suite_Netmix_Reach13_BlackFridayPush&r=1701196405366&h=https%3A%2F%2Fas.ad4m.at%2Fdct%3Fed%3D1krqjczj8csskprz0ftme550yr1zt2m4zzjw8by0hb92qsgyqbnt4dj339htgg3z5z4ndrcjhw8p0revm2tfy0wgntb73ps2v00gag0z9x6fz8he0a94tc3gwqe5d6xdtr7p58j6mq00tm3770qxhx9awq6c5k2ybp5h8tvxk3v687wt6zwhdcy6458egp8rxkxvgsfmg93e945yte1grc457cerv37wnpvqazqz14sr76rbmwdn15kdzrcdn7pkygzevkhdtjmt0khrx3kg%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DCKDGHdDJmZbuTEdqS4_UP_vO9iAiQ4YGEXLaoworwAsCNtwEQASAAYJWCgICYB4IBF2NhLXB1Yi02NTkzNTIzMjEwMDEwMTU0yAEJqQKcXkyLdl-yPqgDAcgDAqoE6QFP0PDdAk83JawtnOUZWG5AxIEGH19BxcviB1AHNMDgTDKIKKatzIt05nWnia6-BWpJWePvCOovvhAfzDtL-ucbNnMHJluzKKwfqvIHUF7BNdQsF359HLMbk1RMB36fKiuUfAcU4Ss1z-uF8FDOJCUvi4drn6iNgK4B5hzdC3Cr6iMSiKW8rrNO2nd_9QFO77Ie-9xytUB_2GmhilEwgCL8vhLdGGVFZoad9-7U1Au7BIIuP0a0n0sVXDSk92B6SqWx9YSLF_jGMF0UFIveBFCbM0VMOsj300a1Tc8RWighTD_oz8ZGh39jHoAGgoaOsvyw2Zb6AaAGIagHpr4bqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCBQIgOGAEBABMgKqAjoCgEBIvf3BOvoLAggBgAwB0BUBgBcB%2526num%253D1%2526sig%253DAOD64_3FwOQMqPyg8CUCKkxXgK-9lhIGdA%2526client%253Dca-pub-6593523210010154%2526adurl%253D&y=1&s=&z=0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::ac43:4a81 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7df956c080a1bb3ed36decdc5b978505ddf07aa8d4b1b69e6ded3a9773464a2b

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 18:33:25 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 591177
cf-polished: qual=85, origFmt=jpeg, origSize=7258
alt-svc: h3=":443"; ma=86400
content-length: 4294
cf-bgj: imgq:85,h2pri
last-modified: Wed, 01 Nov 2023 09:56:16 GMT
server: cloudflare
etag: "679602b08629bcaaabfcfad4e68fe53a"
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HvRTY%2BT4L%2B0Nc0ofDlrwivxITvqDFA%2F2vlXwrpLCewrGaEbLE38J33kMykgM8TOmz5vQCxsylNaRgoLyEGT%2FtTg5nwTNqM5lCp%2FcWl1rCwajdl7tXK5ikw43wSxhghqsB%2Fic8uK%2BmN4R%2F2py"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
cache-control: public, max-age=315360000, immutable
accept-ranges: bytes
cf-ray: 82d4b2fed9cf9152-FRA

GET
H2 200 287435BEDBEF5210566F91ED2E6D57494D1CBA241E887A111712FB8ADF6747B3B44CBC7EE390AD74BB6985CDD69339A9B2EDEE7334ACD70F503D0812F8C7EBF1
assets.ad4m.at/ Frame A4DE 15 KB
16 KB 59ms
58ms Image
image/jpeg 2606:4700:20::ac43:4a81
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.ad4m.at/287435BEDBEF5210566F91ED2E6D57494D1CBA241E887A111712FB8ADF6747B3B44CBC7EE390AD74BB6985CDD69339A9B2EDEE7334ACD70F503D0812F8C7EBF1
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=23576%2C19769%2C117569&b=YX1Hrf15spBpHVH9HetQtRR8cAT1T6mHr%2C2xqt6fRQfDrbSVHWHkt8txZPcWT7TEYcg%2CApEhYf9mueRQdhAHRH4tkt3D6c7T4T1Ec9&f=qDRUmfD7H757CZHgHDtRCXXxaPTgTVZF3%2C4BxHEf1Ks2P6fGH9HdtzCmwPFZTpTjRHK%2CMYrCzfjQsGkwrSWHEHGtQCDkPF9T4T2gu3&c=728&d=90&e=&g=c6a840d15744955f3c417d5ab59f8dff%2F2801191726136609819&i=20774%2C21630%2C29981&j=14%2C16%2C16&k=0&l=0&m=0&n=&p=&q=&o=suite_Netmix_Reach13_BlackFridayPush&r=1701196405366&h=https%3A%2F%2Fas.ad4m.at%2Fdct%3Fed%3D1krqjczj8csskprz0ftme550yr1zt2m4zzjw8by0hb92qsgyqbnt4dj339htgg3z5z4ndrcjhw8p0revm2tfy0wgntb73ps2v00gag0z9x6fz8he0a94tc3gwqe5d6xdtr7p58j6mq00tm3770qxhx9awq6c5k2ybp5h8tvxk3v687wt6zwhdcy6458egp8rxkxvgsfmg93e945yte1grc457cerv37wnpvqazqz14sr76rbmwdn15kdzrcdn7pkygzevkhdtjmt0khrx3kg%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DCKDGHdDJmZbuTEdqS4_UP_vO9iAiQ4YGEXLaoworwAsCNtwEQASAAYJWCgICYB4IBF2NhLXB1Yi02NTkzNTIzMjEwMDEwMTU0yAEJqQKcXkyLdl-yPqgDAcgDAqoE6QFP0PDdAk83JawtnOUZWG5AxIEGH19BxcviB1AHNMDgTDKIKKatzIt05nWnia6-BWpJWePvCOovvhAfzDtL-ucbNnMHJluzKKwfqvIHUF7BNdQsF359HLMbk1RMB36fKiuUfAcU4Ss1z-uF8FDOJCUvi4drn6iNgK4B5hzdC3Cr6iMSiKW8rrNO2nd_9QFO77Ie-9xytUB_2GmhilEwgCL8vhLdGGVFZoad9-7U1Au7BIIuP0a0n0sVXDSk92B6SqWx9YSLF_jGMF0UFIveBFCbM0VMOsj300a1Tc8RWighTD_oz8ZGh39jHoAGgoaOsvyw2Zb6AaAGIagHpr4bqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCBQIgOGAEBABMgKqAjoCgEBIvf3BOvoLAggBgAwB0BUBgBcB%2526num%253D1%2526sig%253DAOD64_3FwOQMqPyg8CUCKkxXgK-9lhIGdA%2526client%253Dca-pub-6593523210010154%2526adurl%253D&y=1&s=&z=0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::ac43:4a81 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5c8aaf3a0a4a9840eef8109904bf9d8ca3cf0933567fc63c82f239b7bd344ce3

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 18:33:25 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 1354425
cf-polished: status=not_needed
alt-svc: h3=":443"; ma=86400
content-length: 15521
cf-bgj: imgq:85,h2pri
last-modified: Thu, 09 Nov 2023 08:09:52 GMT
server: cloudflare
etag: "269bd58060bc660c3aec98b388bae571"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xy5wUbmQ9PJScgI1jljHWTFb%2BWVZD1wpCrTYjPvQJOVNlUtgezVkdEDYOvELjfdYxEUx%2F%2BefAuNmiwEb2YK7CAcQ2O%2FrC0Nqujj%2BYNYSw8bP063R3oM0zumzAzwVVNm8thAx%2B4egDYwfPTwM"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: public, max-age=315360000, immutable
accept-ranges: bytes
cf-ray: 82d4b2fed9d19152-FRA

GET
H/1.1 200
OK cshow.php
www.awin1.com/ Frame A4DE 43 B
704 B 126ms
82ms Image
image/gif 23.212.218.19
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.awin1.com/cshow.php?s=2531885&v=14702&q=365825&r=412871&pv=1&pref3=oneid2xqt6fRQfDrbSVHWHkt8txZPcWT7TEYcgoneid__suite_Netmix_Reach13_BlackFridayPush&gdpr_consent=&gdpr=0&gdpr_pd=0

Requested by

Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=23576%2C19769%2C117569&b=YX1Hrf15spBpHVH9HetQtRR8cAT1T6mHr%2C2xqt6fRQfDrbSVHWHkt8txZPcWT7TEYcg%2CApEhYf9mueRQdhAHRH4tkt3D6c7T4T1Ec9&f=qDRUmfD7H757CZHgHDtRCXXxaPTgTVZF3%2C4BxHEf1Ks2P6fGH9HdtzCmwPFZTpTjRHK%2CMYrCzfjQsGkwrSWHEHGtQCDkPF9T4T2gu3&c=728&d=90&e=&g=c6a840d15744955f3c417d5ab59f8dff%2F2801191726136609819&i=20774%2C21630%2C29981&j=14%2C16%2C16&k=0&l=0&m=0&n=&p=&q=&o=suite_Netmix_Reach13_BlackFridayPush&r=1701196405366&h=https%3A%2F%2Fas.ad4m.at%2Fdct%3Fed%3D1krqjczj8csskprz0ftme550yr1zt2m4zzjw8by0hb92qsgyqbnt4dj339htgg3z5z4ndrcjhw8p0revm2tfy0wgntb73ps2v00gag0z9x6fz8he0a94tc3gwqe5d6xdtr7p58j6mq00tm3770qxhx9awq6c5k2ybp5h8tvxk3v687wt6zwhdcy6458egp8rxkxvgsfmg93e945yte1grc457cerv37wnpvqazqz14sr76rbmwdn15kdzrcdn7pkygzevkhdtjmt0khrx3kg%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DCKDGHdDJmZbuTEdqS4_UP_vO9iAiQ4YGEXLaoworwAsCNtwEQASAAYJWCgICYB4IBF2NhLXB1Yi02NTkzNTIzMjEwMDEwMTU0yAEJqQKcXkyLdl-yPqgDAcgDAqoE6QFP0PDdAk83JawtnOUZWG5AxIEGH19BxcviB1AHNMDgTDKIKKatzIt05nWnia6-BWpJWePvCOovvhAfzDtL-ucbNnMHJluzKKwfqvIHUF7BNdQsF359HLMbk1RMB36fKiuUfAcU4Ss1z-uF8FDOJCUvi4drn6iNgK4B5hzdC3Cr6iMSiKW8rrNO2nd_9QFO77Ie-9xytUB_2GmhilEwgCL8vhLdGGVFZoad9-7U1Au7BIIuP0a0n0sVXDSk92B6SqWx9YSLF_jGMF0UFIveBFCbM0VMOsj300a1Tc8RWighTD_oz8ZGh39jHoAGgoaOsvyw2Zb6AaAGIagHpr4bqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCBQIgOGAEBABMgKqAjoCgEBIvf3BOvoLAggBgAwB0BUBgBcB%2526num%253D1%2526sig%253DAOD64_3FwOQMqPyg8CUCKkxXgK-9lhIGdA%2526client%253Dca-pub-6593523210010154%2526adurl%253D&y=1&s=&z=0

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

23.212.218.19 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-212-218-19.deploy.static.akamaitechnologies.com

Software

Resource Hash

2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 28 Nov 2023 18:33:25 GMT
Strict-Transport-Security: max-age=86400
Node: Helix
Content-Type: image/gif
P3P: policyref="http://www.awin1.com/w3c/p3p.xml", CP="NOI NID CURa ADMa PSAa HISa OUR IND UNI PUR COM NAV"
Cache-Control: no-store, no-cache, max-age=0, must-revalidate
Awin-Akamai-Rule-Set: default
Connection: keep-alive
Content-Length: 43
Expires: 0

GET
H2 200 A0843E9156C9D7335C02FDBAB8781B4AFFEEE9E59ABD085E1EDF62037D970710A817E95DBBFD727CE4E28B26524C9A8F4A33EB1E826BD3A7B2541F094E39D266
assets.ad4m.at/logo/ Frame A4DE 2 KB
2 KB 53ms
52ms Image
image/webp 2606:4700:20::ac43:4a81
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.ad4m.at/logo/A0843E9156C9D7335C02FDBAB8781B4AFFEEE9E59ABD085E1EDF62037D970710A817E95DBBFD727CE4E28B26524C9A8F4A33EB1E826BD3A7B2541F094E39D266
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=23576%2C19769%2C117569&b=YX1Hrf15spBpHVH9HetQtRR8cAT1T6mHr%2C2xqt6fRQfDrbSVHWHkt8txZPcWT7TEYcg%2CApEhYf9mueRQdhAHRH4tkt3D6c7T4T1Ec9&f=qDRUmfD7H757CZHgHDtRCXXxaPTgTVZF3%2C4BxHEf1Ks2P6fGH9HdtzCmwPFZTpTjRHK%2CMYrCzfjQsGkwrSWHEHGtQCDkPF9T4T2gu3&c=728&d=90&e=&g=c6a840d15744955f3c417d5ab59f8dff%2F2801191726136609819&i=20774%2C21630%2C29981&j=14%2C16%2C16&k=0&l=0&m=0&n=&p=&q=&o=suite_Netmix_Reach13_BlackFridayPush&r=1701196405366&h=https%3A%2F%2Fas.ad4m.at%2Fdct%3Fed%3D1krqjczj8csskprz0ftme550yr1zt2m4zzjw8by0hb92qsgyqbnt4dj339htgg3z5z4ndrcjhw8p0revm2tfy0wgntb73ps2v00gag0z9x6fz8he0a94tc3gwqe5d6xdtr7p58j6mq00tm3770qxhx9awq6c5k2ybp5h8tvxk3v687wt6zwhdcy6458egp8rxkxvgsfmg93e945yte1grc457cerv37wnpvqazqz14sr76rbmwdn15kdzrcdn7pkygzevkhdtjmt0khrx3kg%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DCKDGHdDJmZbuTEdqS4_UP_vO9iAiQ4YGEXLaoworwAsCNtwEQASAAYJWCgICYB4IBF2NhLXB1Yi02NTkzNTIzMjEwMDEwMTU0yAEJqQKcXkyLdl-yPqgDAcgDAqoE6QFP0PDdAk83JawtnOUZWG5AxIEGH19BxcviB1AHNMDgTDKIKKatzIt05nWnia6-BWpJWePvCOovvhAfzDtL-ucbNnMHJluzKKwfqvIHUF7BNdQsF359HLMbk1RMB36fKiuUfAcU4Ss1z-uF8FDOJCUvi4drn6iNgK4B5hzdC3Cr6iMSiKW8rrNO2nd_9QFO77Ie-9xytUB_2GmhilEwgCL8vhLdGGVFZoad9-7U1Au7BIIuP0a0n0sVXDSk92B6SqWx9YSLF_jGMF0UFIveBFCbM0VMOsj300a1Tc8RWighTD_oz8ZGh39jHoAGgoaOsvyw2Zb6AaAGIagHpr4bqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCBQIgOGAEBABMgKqAjoCgEBIvf3BOvoLAggBgAwB0BUBgBcB%2526num%253D1%2526sig%253DAOD64_3FwOQMqPyg8CUCKkxXgK-9lhIGdA%2526client%253Dca-pub-6593523210010154%2526adurl%253D&y=1&s=&z=0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::ac43:4a81 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: bfe58c3e4f67928f320950cb05524dc012abf7ab1096958560101be80f83d447

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 18:33:25 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 45255
cf-polished: origFmt=png, origSize=2170
alt-svc: h3=":443"; ma=86400
content-length: 1662
cf-bgj: imgq:85,h2pri
last-modified: Mon, 13 Nov 2023 08:38:25 GMT
server: cloudflare
etag: "4721aa7c2d5fa652c8092463f9a485bd"
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9ny85kt9do8fia1zFkkbQ%2FlkYXFfzdZQGiQ01LV74NSRjzEYFvJ%2FM51wJUYQPa%2FFn%2F7YWMpW0r1UqnJwpwlwqLyAbdtP%2FNN4WEsmCsmS7Ua1Bs8GY0cPJSNrgRyYWMy3U4q6Rm8YAhh6L7BC"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
cache-control: public, max-age=315360000, immutable
accept-ranges: bytes
cf-ray: 82d4b2fed9d39152-FRA

GET
H2 200 B4A4D4AE24A1FC5067FA06DB00E21DA5A143F663CF3153C1D2812B519806D793E1E07140C733352966C6C7C037FF39882FAEB141999BF28A93837E2C21DB35B1
assets.ad4m.at/ Frame A4DE 23 KB
23 KB 59ms
59ms Image
image/jpeg 2606:4700:20::ac43:4a81
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.ad4m.at/B4A4D4AE24A1FC5067FA06DB00E21DA5A143F663CF3153C1D2812B519806D793E1E07140C733352966C6C7C037FF39882FAEB141999BF28A93837E2C21DB35B1
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=23576%2C19769%2C117569&b=YX1Hrf15spBpHVH9HetQtRR8cAT1T6mHr%2C2xqt6fRQfDrbSVHWHkt8txZPcWT7TEYcg%2CApEhYf9mueRQdhAHRH4tkt3D6c7T4T1Ec9&f=qDRUmfD7H757CZHgHDtRCXXxaPTgTVZF3%2C4BxHEf1Ks2P6fGH9HdtzCmwPFZTpTjRHK%2CMYrCzfjQsGkwrSWHEHGtQCDkPF9T4T2gu3&c=728&d=90&e=&g=c6a840d15744955f3c417d5ab59f8dff%2F2801191726136609819&i=20774%2C21630%2C29981&j=14%2C16%2C16&k=0&l=0&m=0&n=&p=&q=&o=suite_Netmix_Reach13_BlackFridayPush&r=1701196405366&h=https%3A%2F%2Fas.ad4m.at%2Fdct%3Fed%3D1krqjczj8csskprz0ftme550yr1zt2m4zzjw8by0hb92qsgyqbnt4dj339htgg3z5z4ndrcjhw8p0revm2tfy0wgntb73ps2v00gag0z9x6fz8he0a94tc3gwqe5d6xdtr7p58j6mq00tm3770qxhx9awq6c5k2ybp5h8tvxk3v687wt6zwhdcy6458egp8rxkxvgsfmg93e945yte1grc457cerv37wnpvqazqz14sr76rbmwdn15kdzrcdn7pkygzevkhdtjmt0khrx3kg%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DCKDGHdDJmZbuTEdqS4_UP_vO9iAiQ4YGEXLaoworwAsCNtwEQASAAYJWCgICYB4IBF2NhLXB1Yi02NTkzNTIzMjEwMDEwMTU0yAEJqQKcXkyLdl-yPqgDAcgDAqoE6QFP0PDdAk83JawtnOUZWG5AxIEGH19BxcviB1AHNMDgTDKIKKatzIt05nWnia6-BWpJWePvCOovvhAfzDtL-ucbNnMHJluzKKwfqvIHUF7BNdQsF359HLMbk1RMB36fKiuUfAcU4Ss1z-uF8FDOJCUvi4drn6iNgK4B5hzdC3Cr6iMSiKW8rrNO2nd_9QFO77Ie-9xytUB_2GmhilEwgCL8vhLdGGVFZoad9-7U1Au7BIIuP0a0n0sVXDSk92B6SqWx9YSLF_jGMF0UFIveBFCbM0VMOsj300a1Tc8RWighTD_oz8ZGh39jHoAGgoaOsvyw2Zb6AaAGIagHpr4bqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCBQIgOGAEBABMgKqAjoCgEBIvf3BOvoLAggBgAwB0BUBgBcB%2526num%253D1%2526sig%253DAOD64_3FwOQMqPyg8CUCKkxXgK-9lhIGdA%2526client%253Dca-pub-6593523210010154%2526adurl%253D&y=1&s=&z=0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::ac43:4a81 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 873e5c46cc8ce0b17fbe1f11dd95e9f15dbfa715e3e407d97f31611b5a460d8d

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 18:33:25 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 1340947
cf-polished: status=not_needed
alt-svc: h3=":443"; ma=86400
content-length: 23392
cf-bgj: imgq:85,h2pri
last-modified: Thu, 09 Nov 2023 08:08:23 GMT
server: cloudflare
etag: "faa9f958d13ef03f911b71f117846705"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mX8ij3i9hZryEyHh7WtO0W2BlY3jD5mOS6ctRtEa2eT7pYPMcoAcqJOfCXF3VP7ybUlXTr4QcfwIrzLKQu6WyVLjKURJVKaI%2B%2FMJeP9K5aNfhO9kMhlxQs7leECvf1gT6%2FJvTOuxO5ru%2FXA2"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: public, max-age=315360000, immutable
accept-ranges: bytes
cf-ray: 82d4b2fee9f09152-FRA

GET
H/1.1 200
OK cshow.php
www.awin1.com/ Frame A4DE 43 B
704 B 120ms
75ms Image
image/gif 23.212.218.19
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.awin1.com/cshow.php?s=2904924&v=20044&q=415363&r=412871&pv=1&pref3=oneidApEhYf9mueRQdhAHRH4tkt3D6c7T4T1Ec9oneid__suite_Netmix_Reach13_BlackFridayPush&gdpr_consent=&gdpr=0&gdpr_pd=0

Requested by

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

23.212.218.19 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-212-218-19.deploy.static.akamaitechnologies.com

Software

Resource Hash

2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 28 Nov 2023 18:33:25 GMT
Strict-Transport-Security: max-age=86400
Node: Helix
Content-Type: image/gif
P3P: policyref="http://www.awin1.com/w3c/p3p.xml", CP="NOI NID CURa ADMa PSAa HISa OUR IND UNI PUR COM NAV"
Cache-Control: no-store, no-cache, max-age=0, must-revalidate
Awin-Akamai-Rule-Set: default
Connection: keep-alive
Content-Length: 43
Expires: 0

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame 58ED 17 KB
6 KB 34ms
33ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://47edc2055ebf6f705c8dda5bf6329e59.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 18:33:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Tue, 28 Nov 2023 18:33:25 GMT

GET
H3 200 rar Show response
as.ad4m.at/ad/ Frame 1EDA 11 KB
5 KB 55ms
55ms Document
text/html 2606:4700:20::ac43:4a81
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://as.ad4m.at/ad/rar?a=197862%2C537178%2C19769&b=Rx3HgfQfGPqeUkHwH3tQtw2A7u9SzTYMAhB3zZ%2CEjgSDfEfARG7szHAHjt4t4AQTKSVTYr3hBgQ5%2C8R3cDf8f2qZfgHJHEtxtkZEhGSwTpQZtbw6A&f=QxWH4fjfP93YUxH5HYt9CbqrpT6S4TGD4HEzJ5%2CADYaYfqfbZr3UAHRH4tMCM7duRS4TRrAH3JMm%2CZxqHwfBf6A8UmHDHDtDCJQ2a6SXTQRBuY51p&c=728&d=90&e=&g=f986f2a28a231ec2f8a2ecd1a16e4e0e%2F5561404505445612745&i=71725%2C21596%2C21630&j=21%2C16%2C16&k=0&l=0&m=0&n=&p=&q=&o=suite_Netmix_Reach118_EXTRAPUSH&r=1701196405476&h=https%3A%2F%2Fas.ad4m.at%2Fdct%3Fed%3D1kccfd466hbbd9fq7137zqep6eq1vc1c6et7rj0z9jws3gjf9jprsxpnqr34rkk3s1kes6dv16tdgdypqbf06n28534heh8a9hr53hx5rdgyd5tccxm3vfj15qb0yn1tm4safddjj7bny1ve9w71yg951m53wpja4x9fv043wm6mr43q9n4k907k9gdypczaf3ys4gjeamgybd8zgegy7vrr222m14m5qq7g8h1hw31mj2pe959zk4nmqp54rqw1fyfxnazq0r9a5wn450pvyg9p%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DCEr18dDJmZZm2I-ON4_UP496YqA6Q4YGEXLaoworwAsCNtwEQASAAYJWCgICYB4IBF2NhLXB1Yi02NTkzNTIzMjEwMDEwMTU0yAEJqQI9a6tbPGiyPqgDAcgDAqoE6QFP0FIkyqpbuVfpH1xFpj3yZVAK_bOgfOfbFbcgz5Ky1ll-76X7M-a5sW515FmY5PwmuyZA19N82g4ZK3bvXmYYCC6zmYGoN_NQyFUsk5WCOme_VxTU_SR_Lgo7EsYkk97Om0Fr3jWEgXSixsOp45XyqYUU6i-NLjfQRLHNXkUV2K2Z0ZxX9ZpRx4uiTpFv-ITXFEQlE7-glXRPzA2HdCmGyDdTTMHbWU-EArm1hopQ5XMbUFUkR5zWAJOSvTt4eaI9fb7yqLBwgDOWNCnNN_0_0Y_3QsIWff0kx61w711boiFE8LOTp1ck4IAGx5G4oZi-xt9soAYhqAemvhuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIFAiA4YAQEAEyAqoCOgKAQEi9_cE6-gsCCAGADAHQFQGAFwE%2526num%253D1%2526sig%253DAOD64_3-7Eah-7OeorWzVhdhnI7NuokisQ%2526client%253Dca-pub-6593523210010154%2526adurl%253D&y=1&s=&z=0

Requested by

Host: ad4m.at
URL: https://ad4m.at/r62eglto.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::ac43:4a81 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

67fa96ffd1a223224aa9256a2e859303f3a1f61c4007490350cd620493d12736

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content; report-to report-endpoint;report-uri /ad/rcv; upgrade-insecure-requests;sandbox allow-scripts allow-same-origin allow-popups allow-popups-to-escape-sandbox;base-uri https:;child-src ;connect-src https:;default-src 'self';font-src ;form-action 'none';frame-src ;img-src https: data:;manifest-src 'none';media-src 'none';object-src 'none';worker-src 'none';script-src https: 'unsafe-inline' 'unsafe-eval';style-src 'unsafe-inline'
Strict-Transport-Security	max-age=86400; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://as.ad4m.at/ad/dr?ed=1gdzset4rbp2vtq3nb361xdgvneta1pa37sc1tv8jn5pwjyvtg8f9rtmez49yqqhbhrecdnqe6rws6h52w7vy9kdzayzd4cx877ewnqgth21sw7nwr6bde97cm6rx1vfsjcrpn642ex28gwzqvsnszvghgmvx1p77nfg4tm3vnsc7pahbsr4zy76dbtnn55k1t5g4prkd8fm66qr6jaxtw59zxq552bt5f65gcetk97kwvhyyqxx3y1bp63dyreexj1mar3hmmv2nt177sj4rxynfc271c131kbs45p8wnaq6tranevgzzt02sjk232wz17pd2xt8erkwq38851jk7ptc947qp7yvbemgpbgre8x2van8kvhspgrs4a6mhdf5z4610rqj6hegbda79a7b9617h3wmj7892hp3gzee4wrnz7smtwgdzdvb7hnywdp1425j76y&x=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCEr18dDJmZZm2I-ON4_UP496YqA6Q4YGEXLaoworwAsCNtwEQASAAYJWCgICYB4IBF2NhLXB1Yi02NTkzNTIzMjEwMDEwMTU0yAEJqQI9a6tbPGiyPqgDAcgDAqoE6QFP0FIkyqpbuVfpH1xFpj3yZVAK_bOgfOfbFbcgz5Ky1ll-76X7M-a5sW515FmY5PwmuyZA19N82g4ZK3bvXmYYCC6zmYGoN_NQyFUsk5WCOme_VxTU_SR_Lgo7EsYkk97Om0Fr3jWEgXSixsOp45XyqYUU6i-NLjfQRLHNXkUV2K2Z0ZxX9ZpRx4uiTpFv-ITXFEQlE7-glXRPzA2HdCmGyDdTTMHbWU-EArm1hopQ5XMbUFUkR5zWAJOSvTt4eaI9fb7yqLBwgDOWNCnNN_0_0Y_3QsIWff0kx61w711boiFE8LOTp1ck4IAGx5G4oZi-xt9soAYhqAemvhuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIFAiA4YAQEAEyAqoCOgKAQEi9_cE6-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_3-7Eah-7OeorWzVhdhnI7NuokisQ%26client%3Dca-pub-6593523210010154%26adurl%3D
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cache-control: no-store, no-cache, must-revalidate, proxy-revalidate
cf-cache-status: DYNAMIC
cf-ray: 82d4b2febea59954-FRA
content-encoding: br
content-security-policy: block-all-mixed-content; report-to report-endpoint;report-uri /ad/rcv; upgrade-insecure-requests;sandbox allow-scripts allow-same-origin allow-popups allow-popups-to-escape-sandbox;base-uri https:;child-src *;connect-src https:;default-src 'self';font-src *;form-action 'none';frame-src *;img-src https: data:;manifest-src 'none';media-src 'none';object-src 'none';worker-src 'none';script-src https: 'unsafe-inline' 'unsafe-eval';style-src * 'unsafe-inline'
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: unsafe-none
cross-origin-opener-policy: unsafe-none
cross-origin-resource-policy: cross-origin
date: Tue, 28 Nov 2023 18:33:25 GMT
expires: 0
nel: {"failure_fraction":"1.0","max_age":86400,"report_to":"report-endpoint","success_fraction":"0.0","include_subdomains":true}
permissions-policy: accelerometer=(),autoplay=(self),camera=(),display-capture=(),encrypted-media=(self),fullscreen=(),gamepad=(),geolocation=(),gyroscope=(),hid=(),identity-credentials-get=(),idle-detection=*,local-fonts=*,magnetometer=(),microphone=(),midi=(),otp-credentials=(),payment=(),picture-in-picture=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=(),web-share=*,xr-spatial-tracking=()
pragma: no-cache
referrer-policy: same-origin
report-to: {"endpoints":[{"url":"/ad/vre"}],"group":"report-endpoint","max_age":86400}
server: cloudflare
strict-transport-security: max-age=86400; includeSubDomains; preload
surrogate-control: no-store
vary: accept-encoding
via: 1.1 google
x-content-type-options: nosniff
x-download-options: noopen
x-xss-protection: 1; mode=block

OPTIONS
H2 204 tracking-event
api.webgains.io/ Frame 0
0 136ms
39ms Preflight 18.134.20.61
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://api.webgains.io/tracking-event
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.134.20.61 London, United Kingdom, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-134-20-61.eu-west-2.compute.amazonaws.com
Software: nginx /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://47edc2055ebf6f705c8dda5bf6329e59.safeframe.googlesyndication.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

access-control-allow-headers: Authorization, Content-Type
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS
access-control-allow-origin: *
date: Tue, 28 Nov 2023 18:33:25 GMT
server: nginx

POST
H2 200 tracking-event Show response
api.webgains.io/ Frame D026 16 B
209 B 83ms
82ms Fetch
application/json 18.134.20.61
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://api.webgains.io/tracking-event

Requested by

Host: analytics.webgains.io
URL: https://analytics.webgains.io/pvClk.min.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

18.134.20.61 London, United Kingdom, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-18-134-20-61.eu-west-2.compute.amazonaws.com

Software

nginx / PHP/8.1.14

Resource Hash

c955e57777ec0d73639dca6748560d00aa5eb8e12f13ebb2ed9656add3908f97

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://47edc2055ebf6f705c8dda5bf6329e59.safeframe.googlesyndication.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
Content-Type: application/json

Response headers

date: Tue, 28 Nov 2023 18:33:25 GMT
x-content-type-options: nosniff
server: nginx
x-powered-by: PHP/8.1.14
content-type: application/json
access-control-allow-origin: *
cache-control: no-cache, private
x-xss-protection: 1; mode=block

GET
H3 200 adview
googleads.g.doubleclick.net/pagead/ Frame C8AF 0
19 B 65ms
65ms Image
text/html 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=CMaPrdDJmZYyoH6_OkPIPy9iN4AeQ4YGEXLaoworwAsCNtwEQASAAYJWCgICYB4IBF2NhLXB1Yi02NTkzNTIzMjEwMDEwMTU0yAEJqQLQvqB80mqyPqgDAcgDAqoE5gFP0HVSySJARTVk_Ue2gMFxYof1GbLy69hYaz94OBq_IXCQ1apdyNkozvzzdPxrIcIcUV2x_BgE7fRvzqEvnbiP13oDZS07hT8p6O_JCFn7Gsl9U7BrleW7TSNKIg2hsBU-jJmrIQ6JtOoJC-DFLzmvGc_JfOJaVIQvb5G9zMXklRaLAtqlO9QYBZGOxoTdGljU9WPftZmtNqErXlobr_45r_hslIdRFO3oIifQeso88JfDoWQcNbbGd8dMw5D-Afb41rxeR_4lOmFAOl9tNmzam7YucfLKZ8YBqwOK4EIYZ8XqxOrmh4AGxe-ql6zq8qYcoAYhqAemvhuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIFAiA4YAQEAEyAqoCOgKAQEi9_cE6gAoB-gsCCAGADAHQFQGAFwGyFxoKGBIUcHViLTY1OTM1MjMyMTAwMTAxNTQYAA&sigh=pE5VuGTWxd0&uach_m=%5BUACH%5D&cid=CAQSPADICaaN0Z7aqm_VB1tGNTQiTd7_CKbBM0xh3HJ4FQyNSP0RCcRpAu_t0vI-n1hUN-W7a7kCjOE76XNsqxgB&cbvp=2&vis=1

Requested by

Host: 47edc2055ebf6f705c8dda5bf6329e59.safeframe.googlesyndication.com
URL: https://47edc2055ebf6f705c8dda5bf6329e59.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6593523210010154&output=html&h=50&slotname=7479749161&adk=62601535&adf=776186319&pi=t.ma~as.7479749161&w=320&fwrn=16&format=320x50&url=https%3A%2F%2Fforeks.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1701196404076&bpp=1&bdt=301&idt=332&shv=r20231109&mjsv=m202311090101&ptt=9&saldr=aa&prev_fmts=0x0&nras=1&correlator=8490635587843&frm=24&ife=3&pv=1&ga_vid=1929377328.1701196404&ga_sid=1701196404&ga_hid=2029982201&ga_fc=0&nhd=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=320&ish=50&ifk=2021984501&scr_x=-12245933&scr_y=-12245933&eid=44759876%2C44759927%2C42532605%2C44798934%2C44809317%2C31078301%2C31079653%2C44807763%2C44808148%2C44808285%2C44809072&oid=2&pvsid=381731750731463&tmod=1776130808&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C320%2C50&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=2.fzfr6taekjip&fsb=1&dtd=333
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Tue, 28 Nov 2023 18:33:25 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H3 204 winResponse
prod-rtb.ad4mat.net/ Frame C8AF 0
11 B 38ms
37ms Image
image/gif 2600:1901:0:76b9::
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://prod-rtb.ad4mat.net/winResponse?a=1jpymcbw4rphxtbb1v7td6zk9k0x7n4p4z4cpym80rss914pky3t9aj4p84xcpnpqnkctrftf9spp3cw4kmdpfps7dw8p8v1asfqcepad49hpzq2v3hq7ez917w1xqzeck7r7945d8jpym3yreqeh4t62gmfrfjk9yvv4sk57r8nhdfkzp5c21h0tx7mpv7waw2nnmg57pp3fa1sa35vb809e1rbzva41gbjdqtxn3snmkndy8zhx7nagv1v10qs20aegqrx73gkestkwbcezk9a5dsbngz8cd17vjtzdz882k9418ckjx1gv9jgh3gmbqtkq5qxb6x3cf12r3xket38j0tkvr4vabhwv7bqbd2wb0zvqasyf84qrw4bcg8bwpn5pbjy8zrdh3r&b=ZWYydAAH1AwIRCcvAANsS4fB9Y0hNAO-pUEsVQ&cbvp=2
Requested by: Host: 47edc2055ebf6f705c8dda5bf6329e59.safeframe.googlesyndication.com
URL: https://47edc2055ebf6f705c8dda5bf6329e59.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2600:1901:0:76b9:: Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

access-control-allow-origin: *
date: Tue, 28 Nov 2023 18:33:25 GMT
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-type: image/gif

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 53C5 0
0 59ms
58ms Fetch
image/gif 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsvOH3jFSuxwdBXb3NO8gxLUiZDkR56NyCnJkT4XRCUOaad-auxRCtap8yFeLedEMHmAGJexIKeqheZRyQ1S1MVDX06ueEeEW7QpwBmymCG70P-J0ipo5iHAEy-DoWXZghO0S1iUDRqMuwuDXubKQCbos34EQ3VCky-u4s6mrP1k4gqklKJoJJinDoinuHGSK2vVRXd_ZaeAYuexd5dh3LFs1dmGgAfU9n2NGS-LzC9tCnlV5KAWUfUUuQGL03KxMeHOuMUhUVDy0Nco6p6N9zsnt3J26jyo_6EqenKv9mvbxZ7ahrgj5PIiLurAy5Kl1TooUDOGn6Pq00XkWQh7W0gKVeZdGrIzeF0EwAMWWAPagPZa&sai=AMfl-YSouJFisPjJi9sbJs9jGTNo_ZGe5eoqiaV-tqSuKuzxCA9ACQresT5rgeusyEG3McmyavCB7QfPHBwr-C9SYW05cQaRUn7XnP6EzgAQZR67WQzoGvCJ4MgvC-dKF3-dCZuNPZiP2-XbsrO6bui__tmnAIWs7ibFmOwA-3Z-g9iNdkGPsmhsi79eeYFdVFWLWgKdJQaC7upA4hgbA5fzHwskfe0XmOXI9WFUFNet_IRK1eA&sig=Cg0ArKJSzK5FuaJLZCNrEAE&uach_m=%5BUACH%5D&urlfix=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0%3D&adurl=

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://47edc2055ebf6f705c8dda5bf6329e59.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 18:33:25 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Tue, 28 Nov 2023 18:33:25 GMT

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame 53C5 16 KB
12 KB 72ms
71ms XHR
application/json 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20231109&st=env

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

afd440caeab862648e849e7150b6c15c064c05483441139c1f20d420b2474793

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://47edc2055ebf6f705c8dda5bf6329e59.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 18:33:25 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 12272
x-xss-protection: 0

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame DBB1 0
0 55ms
54ms Image
text/html 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gda_r20231109&jk=3473004041416471&rc=
Requested by: Host: foreks.com
URL: https://foreks.com/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 6C22 0
0 55ms
55ms Image
text/html 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gda_r20231109&jk=654864279827728&rc=
Requested by: Host: foreks.com
URL: https://foreks.com/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

GET
H3 200 default.css
as.ad4m.at/ad/style/0.1.50/one-ad/ Frame 1EDA 115 KB
14 KB 41ms
40ms Stylesheet
text/css 2606:4700:20::ac43:4a81
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://as.ad4m.at/ad/style/0.1.50/one-ad/default.css
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=197862%2C537178%2C19769&b=Rx3HgfQfGPqeUkHwH3tQtw2A7u9SzTYMAhB3zZ%2CEjgSDfEfARG7szHAHjt4t4AQTKSVTYr3hBgQ5%2C8R3cDf8f2qZfgHJHEtxtkZEhGSwTpQZtbw6A&f=QxWH4fjfP93YUxH5HYt9CbqrpT6S4TGD4HEzJ5%2CADYaYfqfbZr3UAHRH4tMCM7duRS4TRrAH3JMm%2CZxqHwfBf6A8UmHDHDtDCJQ2a6SXTQRBuY51p&c=728&d=90&e=&g=f986f2a28a231ec2f8a2ecd1a16e4e0e%2F5561404505445612745&i=71725%2C21596%2C21630&j=21%2C16%2C16&k=0&l=0&m=0&n=&p=&q=&o=suite_Netmix_Reach118_EXTRAPUSH&r=1701196405476&h=https%3A%2F%2Fas.ad4m.at%2Fdct%3Fed%3D1kccfd466hbbd9fq7137zqep6eq1vc1c6et7rj0z9jws3gjf9jprsxpnqr34rkk3s1kes6dv16tdgdypqbf06n28534heh8a9hr53hx5rdgyd5tccxm3vfj15qb0yn1tm4safddjj7bny1ve9w71yg951m53wpja4x9fv043wm6mr43q9n4k907k9gdypczaf3ys4gjeamgybd8zgegy7vrr222m14m5qq7g8h1hw31mj2pe959zk4nmqp54rqw1fyfxnazq0r9a5wn450pvyg9p%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DCEr18dDJmZZm2I-ON4_UP496YqA6Q4YGEXLaoworwAsCNtwEQASAAYJWCgICYB4IBF2NhLXB1Yi02NTkzNTIzMjEwMDEwMTU0yAEJqQI9a6tbPGiyPqgDAcgDAqoE6QFP0FIkyqpbuVfpH1xFpj3yZVAK_bOgfOfbFbcgz5Ky1ll-76X7M-a5sW515FmY5PwmuyZA19N82g4ZK3bvXmYYCC6zmYGoN_NQyFUsk5WCOme_VxTU_SR_Lgo7EsYkk97Om0Fr3jWEgXSixsOp45XyqYUU6i-NLjfQRLHNXkUV2K2Z0ZxX9ZpRx4uiTpFv-ITXFEQlE7-glXRPzA2HdCmGyDdTTMHbWU-EArm1hopQ5XMbUFUkR5zWAJOSvTt4eaI9fb7yqLBwgDOWNCnNN_0_0Y_3QsIWff0kx61w711boiFE8LOTp1ck4IAGx5G4oZi-xt9soAYhqAemvhuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIFAiA4YAQEAEyAqoCOgKAQEi9_cE6-gsCCAGADAHQFQGAFwE%2526num%253D1%2526sig%253DAOD64_3-7Eah-7OeorWzVhdhnI7NuokisQ%2526client%253Dca-pub-6593523210010154%2526adurl%253D&y=1&s=&z=0
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::ac43:4a81 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5f5a0db09b2c7d59fce00d749f6b857d80edafcca6897c038c5b77fb942f1393

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://as.ad4m.at/ad/rar?a=197862%2C537178%2C19769&b=Rx3HgfQfGPqeUkHwH3tQtw2A7u9SzTYMAhB3zZ%2CEjgSDfEfARG7szHAHjt4t4AQTKSVTYr3hBgQ5%2C8R3cDf8f2qZfgHJHEtxtkZEhGSwTpQZtbw6A&f=QxWH4fjfP93YUxH5HYt9CbqrpT6S4TGD4HEzJ5%2CADYaYfqfbZr3UAHRH4tMCM7duRS4TRrAH3JMm%2CZxqHwfBf6A8UmHDHDtDCJQ2a6SXTQRBuY51p&c=728&d=90&e=&g=f986f2a28a231ec2f8a2ecd1a16e4e0e%2F5561404505445612745&i=71725%2C21596%2C21630&j=21%2C16%2C16&k=0&l=0&m=0&n=&p=&q=&o=suite_Netmix_Reach118_EXTRAPUSH&r=1701196405476&h=https%3A%2F%2Fas.ad4m.at%2Fdct%3Fed%3D1kccfd466hbbd9fq7137zqep6eq1vc1c6et7rj0z9jws3gjf9jprsxpnqr34rkk3s1kes6dv16tdgdypqbf06n28534heh8a9hr53hx5rdgyd5tccxm3vfj15qb0yn1tm4safddjj7bny1ve9w71yg951m53wpja4x9fv043wm6mr43q9n4k907k9gdypczaf3ys4gjeamgybd8zgegy7vrr222m14m5qq7g8h1hw31mj2pe959zk4nmqp54rqw1fyfxnazq0r9a5wn450pvyg9p%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DCEr18dDJmZZm2I-ON4_UP496YqA6Q4YGEXLaoworwAsCNtwEQASAAYJWCgICYB4IBF2NhLXB1Yi02NTkzNTIzMjEwMDEwMTU0yAEJqQI9a6tbPGiyPqgDAcgDAqoE6QFP0FIkyqpbuVfpH1xFpj3yZVAK_bOgfOfbFbcgz5Ky1ll-76X7M-a5sW515FmY5PwmuyZA19N82g4ZK3bvXmYYCC6zmYGoN_NQyFUsk5WCOme_VxTU_SR_Lgo7EsYkk97Om0Fr3jWEgXSixsOp45XyqYUU6i-NLjfQRLHNXkUV2K2Z0ZxX9ZpRx4uiTpFv-ITXFEQlE7-glXRPzA2HdCmGyDdTTMHbWU-EArm1hopQ5XMbUFUkR5zWAJOSvTt4eaI9fb7yqLBwgDOWNCnNN_0_0Y_3QsIWff0kx61w711boiFE8LOTp1ck4IAGx5G4oZi-xt9soAYhqAemvhuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIFAiA4YAQEAEyAqoCOgKAQEi9_cE6-gsCCAGADAHQFQGAFwE%2526num%253D1%2526sig%253DAOD64_3-7Eah-7OeorWzVhdhnI7NuokisQ%2526client%253Dca-pub-6593523210010154%2526adurl%253D&y=1&s=&z=0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 18:33:25 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 1442625
cf-polished: origSize=118430
alt-svc: h3=":443"; ma=86400
cf-bgj: minify
last-modified: Thu, 02 Nov 2023 10:26:17 GMT
server: cloudflare
etag: W/"486507ccce9ac587d11c0ef3f32a109a"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZsAbAphkmxaxXZglf7%2FjDDyOBMqcrIqNNIeuyxb7VWnGaw9Z564ECYs%2BRTk30Hyiys0qOsX0Es%2BQX6bNhAA%2FjVdReLzNGlq2RROuIcX4gG1uicR1L6medlct4n5vr2hUACmMjAehDPU%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: public, max-age=86400
cf-ray: 82d4b2ff1f0c9954-FRA
expires: Wed, 29 Nov 2023 18:33:25 GMT

GET
H3 200 AC50ED06D6B01579BBF8202CAC1E2BC99A8C4EFC03AE0DB29DFC1BDB2F82E09188D30122E09EB7D91DC8B3182DA9DB4A5BED06E4BC2B9D6F0CA2AC61EC267111
assets.ad4m.at/logo/ Frame 1EDA 8 KB
8 KB 64ms
63ms Image
image/webp 2606:4700:20::ac43:4a81
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.ad4m.at/logo/AC50ED06D6B01579BBF8202CAC1E2BC99A8C4EFC03AE0DB29DFC1BDB2F82E09188D30122E09EB7D91DC8B3182DA9DB4A5BED06E4BC2B9D6F0CA2AC61EC267111
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=197862%2C537178%2C19769&b=Rx3HgfQfGPqeUkHwH3tQtw2A7u9SzTYMAhB3zZ%2CEjgSDfEfARG7szHAHjt4t4AQTKSVTYr3hBgQ5%2C8R3cDf8f2qZfgHJHEtxtkZEhGSwTpQZtbw6A&f=QxWH4fjfP93YUxH5HYt9CbqrpT6S4TGD4HEzJ5%2CADYaYfqfbZr3UAHRH4tMCM7duRS4TRrAH3JMm%2CZxqHwfBf6A8UmHDHDtDCJQ2a6SXTQRBuY51p&c=728&d=90&e=&g=f986f2a28a231ec2f8a2ecd1a16e4e0e%2F5561404505445612745&i=71725%2C21596%2C21630&j=21%2C16%2C16&k=0&l=0&m=0&n=&p=&q=&o=suite_Netmix_Reach118_EXTRAPUSH&r=1701196405476&h=https%3A%2F%2Fas.ad4m.at%2Fdct%3Fed%3D1kccfd466hbbd9fq7137zqep6eq1vc1c6et7rj0z9jws3gjf9jprsxpnqr34rkk3s1kes6dv16tdgdypqbf06n28534heh8a9hr53hx5rdgyd5tccxm3vfj15qb0yn1tm4safddjj7bny1ve9w71yg951m53wpja4x9fv043wm6mr43q9n4k907k9gdypczaf3ys4gjeamgybd8zgegy7vrr222m14m5qq7g8h1hw31mj2pe959zk4nmqp54rqw1fyfxnazq0r9a5wn450pvyg9p%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DCEr18dDJmZZm2I-ON4_UP496YqA6Q4YGEXLaoworwAsCNtwEQASAAYJWCgICYB4IBF2NhLXB1Yi02NTkzNTIzMjEwMDEwMTU0yAEJqQI9a6tbPGiyPqgDAcgDAqoE6QFP0FIkyqpbuVfpH1xFpj3yZVAK_bOgfOfbFbcgz5Ky1ll-76X7M-a5sW515FmY5PwmuyZA19N82g4ZK3bvXmYYCC6zmYGoN_NQyFUsk5WCOme_VxTU_SR_Lgo7EsYkk97Om0Fr3jWEgXSixsOp45XyqYUU6i-NLjfQRLHNXkUV2K2Z0ZxX9ZpRx4uiTpFv-ITXFEQlE7-glXRPzA2HdCmGyDdTTMHbWU-EArm1hopQ5XMbUFUkR5zWAJOSvTt4eaI9fb7yqLBwgDOWNCnNN_0_0Y_3QsIWff0kx61w711boiFE8LOTp1ck4IAGx5G4oZi-xt9soAYhqAemvhuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIFAiA4YAQEAEyAqoCOgKAQEi9_cE6-gsCCAGADAHQFQGAFwE%2526num%253D1%2526sig%253DAOD64_3-7Eah-7OeorWzVhdhnI7NuokisQ%2526client%253Dca-pub-6593523210010154%2526adurl%253D&y=1&s=&z=0
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::ac43:4a81 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 1126261762db36bce53560ac36f5ede1954662d33a6d6eeb62d84b715070e7bc

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 18:33:25 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 593871
cf-polished: qual=85, origFmt=jpeg, origSize=10446
alt-svc: h3=":443"; ma=86400
content-length: 7728
cf-bgj: imgq:85,h2pri
last-modified: Sat, 04 Nov 2023 16:41:23 GMT
server: cloudflare
etag: "bddcb815cd8abad672404f9cdec6f97c"
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ac35bfp7LzonPcYkIMIrXrsH9s2SgxWJ19OogzhDZPs7wZjXqVRHuNJZ1yECUb2p39ug6s4CMIQJPMA9kEMvpGfI5TrPgwbE5LCUIbKToe4N0T%2F3cJg8TbSp%2Fp0ODvRT3tbKS5Fj8kq5UdUg"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
cache-control: public, max-age=315360000, immutable
accept-ranges: bytes
cf-ray: 82d4b2ff1f0e9954-FRA

GET
H3 200 A36DAD0D440985CF6ABFA23492945CE5BC6D94350A66B19418CB771AFE823AD9B48ADE8E2F007546F0A50A710172EEFC2CAC1468E38852CE2028C22592AAFB75
assets.ad4m.at/product_image/ Frame 1EDA 11 KB
12 KB 64ms
64ms Image
image/webp 2606:4700:20::ac43:4a81
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.ad4m.at/product_image/A36DAD0D440985CF6ABFA23492945CE5BC6D94350A66B19418CB771AFE823AD9B48ADE8E2F007546F0A50A710172EEFC2CAC1468E38852CE2028C22592AAFB75
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=197862%2C537178%2C19769&b=Rx3HgfQfGPqeUkHwH3tQtw2A7u9SzTYMAhB3zZ%2CEjgSDfEfARG7szHAHjt4t4AQTKSVTYr3hBgQ5%2C8R3cDf8f2qZfgHJHEtxtkZEhGSwTpQZtbw6A&f=QxWH4fjfP93YUxH5HYt9CbqrpT6S4TGD4HEzJ5%2CADYaYfqfbZr3UAHRH4tMCM7duRS4TRrAH3JMm%2CZxqHwfBf6A8UmHDHDtDCJQ2a6SXTQRBuY51p&c=728&d=90&e=&g=f986f2a28a231ec2f8a2ecd1a16e4e0e%2F5561404505445612745&i=71725%2C21596%2C21630&j=21%2C16%2C16&k=0&l=0&m=0&n=&p=&q=&o=suite_Netmix_Reach118_EXTRAPUSH&r=1701196405476&h=https%3A%2F%2Fas.ad4m.at%2Fdct%3Fed%3D1kccfd466hbbd9fq7137zqep6eq1vc1c6et7rj0z9jws3gjf9jprsxpnqr34rkk3s1kes6dv16tdgdypqbf06n28534heh8a9hr53hx5rdgyd5tccxm3vfj15qb0yn1tm4safddjj7bny1ve9w71yg951m53wpja4x9fv043wm6mr43q9n4k907k9gdypczaf3ys4gjeamgybd8zgegy7vrr222m14m5qq7g8h1hw31mj2pe959zk4nmqp54rqw1fyfxnazq0r9a5wn450pvyg9p%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DCEr18dDJmZZm2I-ON4_UP496YqA6Q4YGEXLaoworwAsCNtwEQASAAYJWCgICYB4IBF2NhLXB1Yi02NTkzNTIzMjEwMDEwMTU0yAEJqQI9a6tbPGiyPqgDAcgDAqoE6QFP0FIkyqpbuVfpH1xFpj3yZVAK_bOgfOfbFbcgz5Ky1ll-76X7M-a5sW515FmY5PwmuyZA19N82g4ZK3bvXmYYCC6zmYGoN_NQyFUsk5WCOme_VxTU_SR_Lgo7EsYkk97Om0Fr3jWEgXSixsOp45XyqYUU6i-NLjfQRLHNXkUV2K2Z0ZxX9ZpRx4uiTpFv-ITXFEQlE7-glXRPzA2HdCmGyDdTTMHbWU-EArm1hopQ5XMbUFUkR5zWAJOSvTt4eaI9fb7yqLBwgDOWNCnNN_0_0Y_3QsIWff0kx61w711boiFE8LOTp1ck4IAGx5G4oZi-xt9soAYhqAemvhuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIFAiA4YAQEAEyAqoCOgKAQEi9_cE6-gsCCAGADAHQFQGAFwE%2526num%253D1%2526sig%253DAOD64_3-7Eah-7OeorWzVhdhnI7NuokisQ%2526client%253Dca-pub-6593523210010154%2526adurl%253D&y=1&s=&z=0
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::ac43:4a81 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c7f7f5265aeb0202ce88e8a6dfcc0ca25a7b990bb9ffac2f9e430ae6af2b6154

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 18:33:25 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 609992
cf-polished: qual=85, origFmt=jpeg, origSize=13532
alt-svc: h3=":443"; ma=86400
content-length: 11268
cf-bgj: imgq:85,h2pri
last-modified: Fri, 03 Nov 2023 22:13:51 GMT
server: cloudflare
etag: "d9fd29c7a268fd485230a60f0d2e0192"
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qnOCxz%2BJTIZ0bfmrI7WW9dlKtBc15C1YhpI%2BGcjsz3GvB%2FDhbQe3FGhd2prYI2T%2BHyu6Slz5XsHTzqL7HeFey%2FrES5UhVt0zflOjTq8tR9qDNXsMy7xnigFBLAWrhzAn0m8mTotyIT4%2FK%2F3W"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
cache-control: public, max-age=315360000, immutable
accept-ranges: bytes
cf-ray: 82d4b2ff1f0f9954-FRA

GET
H3 200 762E992A001272DDC355514B76DC4960DDF6238B0F54854C0B29BE64A7E78BA5693E54C1A602322E523834805FE15471ECC3FEB06D9A02796A930A4085F71F84
assets.ad4m.at/logo/ Frame 1EDA 7 KB
7 KB 62ms
61ms Image
image/webp 2606:4700:20::ac43:4a81
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.ad4m.at/logo/762E992A001272DDC355514B76DC4960DDF6238B0F54854C0B29BE64A7E78BA5693E54C1A602322E523834805FE15471ECC3FEB06D9A02796A930A4085F71F84
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=197862%2C537178%2C19769&b=Rx3HgfQfGPqeUkHwH3tQtw2A7u9SzTYMAhB3zZ%2CEjgSDfEfARG7szHAHjt4t4AQTKSVTYr3hBgQ5%2C8R3cDf8f2qZfgHJHEtxtkZEhGSwTpQZtbw6A&f=QxWH4fjfP93YUxH5HYt9CbqrpT6S4TGD4HEzJ5%2CADYaYfqfbZr3UAHRH4tMCM7duRS4TRrAH3JMm%2CZxqHwfBf6A8UmHDHDtDCJQ2a6SXTQRBuY51p&c=728&d=90&e=&g=f986f2a28a231ec2f8a2ecd1a16e4e0e%2F5561404505445612745&i=71725%2C21596%2C21630&j=21%2C16%2C16&k=0&l=0&m=0&n=&p=&q=&o=suite_Netmix_Reach118_EXTRAPUSH&r=1701196405476&h=https%3A%2F%2Fas.ad4m.at%2Fdct%3Fed%3D1kccfd466hbbd9fq7137zqep6eq1vc1c6et7rj0z9jws3gjf9jprsxpnqr34rkk3s1kes6dv16tdgdypqbf06n28534heh8a9hr53hx5rdgyd5tccxm3vfj15qb0yn1tm4safddjj7bny1ve9w71yg951m53wpja4x9fv043wm6mr43q9n4k907k9gdypczaf3ys4gjeamgybd8zgegy7vrr222m14m5qq7g8h1hw31mj2pe959zk4nmqp54rqw1fyfxnazq0r9a5wn450pvyg9p%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DCEr18dDJmZZm2I-ON4_UP496YqA6Q4YGEXLaoworwAsCNtwEQASAAYJWCgICYB4IBF2NhLXB1Yi02NTkzNTIzMjEwMDEwMTU0yAEJqQI9a6tbPGiyPqgDAcgDAqoE6QFP0FIkyqpbuVfpH1xFpj3yZVAK_bOgfOfbFbcgz5Ky1ll-76X7M-a5sW515FmY5PwmuyZA19N82g4ZK3bvXmYYCC6zmYGoN_NQyFUsk5WCOme_VxTU_SR_Lgo7EsYkk97Om0Fr3jWEgXSixsOp45XyqYUU6i-NLjfQRLHNXkUV2K2Z0ZxX9ZpRx4uiTpFv-ITXFEQlE7-glXRPzA2HdCmGyDdTTMHbWU-EArm1hopQ5XMbUFUkR5zWAJOSvTt4eaI9fb7yqLBwgDOWNCnNN_0_0Y_3QsIWff0kx61w711boiFE8LOTp1ck4IAGx5G4oZi-xt9soAYhqAemvhuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIFAiA4YAQEAEyAqoCOgKAQEi9_cE6-gsCCAGADAHQFQGAFwE%2526num%253D1%2526sig%253DAOD64_3-7Eah-7OeorWzVhdhnI7NuokisQ%2526client%253Dca-pub-6593523210010154%2526adurl%253D&y=1&s=&z=0
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::ac43:4a81 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e81e6b638202bbdf9e2ebe46b4137db06f58c43baa9f35b3e79d98108001a212

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 18:33:25 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 60540
cf-polished: qual=85, origFmt=jpeg, origSize=8714
alt-svc: h3=":443"; ma=86400
content-length: 6672
cf-bgj: imgq:85,h2pri
last-modified: Wed, 01 Nov 2023 08:50:26 GMT
server: cloudflare
etag: "52953af169f970e1ac17ba40d8c26548"
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=a2OUGWa0D8zmfymLUNWt2Fpv7Pu2nFLMXkopZSKxwRahF5jnQSz4yVx1wStTWVqcE%2BQtYoCC3d8XdVCQ6ot4Ed4UIc0MEcdbVh3DALBChAQOTCFx4Ix5bOhEuu2Mxs2XuRlVWn9uAMvHFZjg"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
cache-control: public, max-age=315360000, immutable
accept-ranges: bytes
cf-ray: 82d4b2ff2f179954-FRA

GET
H3 200 E1613AB51B8289501DC4E750FD05DAF49FBB0AEAEF6155FD81001404C0F388525557C80572BA5C3D895730DA3957A6D15AF6D079DFB5F55ED0C22B8402FC82AE
assets.ad4m.at/ Frame 1EDA 31 KB
32 KB 39ms
38ms Image
image/jpeg 2606:4700:20::ac43:4a81
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.ad4m.at/E1613AB51B8289501DC4E750FD05DAF49FBB0AEAEF6155FD81001404C0F388525557C80572BA5C3D895730DA3957A6D15AF6D079DFB5F55ED0C22B8402FC82AE
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=197862%2C537178%2C19769&b=Rx3HgfQfGPqeUkHwH3tQtw2A7u9SzTYMAhB3zZ%2CEjgSDfEfARG7szHAHjt4t4AQTKSVTYr3hBgQ5%2C8R3cDf8f2qZfgHJHEtxtkZEhGSwTpQZtbw6A&f=QxWH4fjfP93YUxH5HYt9CbqrpT6S4TGD4HEzJ5%2CADYaYfqfbZr3UAHRH4tMCM7duRS4TRrAH3JMm%2CZxqHwfBf6A8UmHDHDtDCJQ2a6SXTQRBuY51p&c=728&d=90&e=&g=f986f2a28a231ec2f8a2ecd1a16e4e0e%2F5561404505445612745&i=71725%2C21596%2C21630&j=21%2C16%2C16&k=0&l=0&m=0&n=&p=&q=&o=suite_Netmix_Reach118_EXTRAPUSH&r=1701196405476&h=https%3A%2F%2Fas.ad4m.at%2Fdct%3Fed%3D1kccfd466hbbd9fq7137zqep6eq1vc1c6et7rj0z9jws3gjf9jprsxpnqr34rkk3s1kes6dv16tdgdypqbf06n28534heh8a9hr53hx5rdgyd5tccxm3vfj15qb0yn1tm4safddjj7bny1ve9w71yg951m53wpja4x9fv043wm6mr43q9n4k907k9gdypczaf3ys4gjeamgybd8zgegy7vrr222m14m5qq7g8h1hw31mj2pe959zk4nmqp54rqw1fyfxnazq0r9a5wn450pvyg9p%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DCEr18dDJmZZm2I-ON4_UP496YqA6Q4YGEXLaoworwAsCNtwEQASAAYJWCgICYB4IBF2NhLXB1Yi02NTkzNTIzMjEwMDEwMTU0yAEJqQI9a6tbPGiyPqgDAcgDAqoE6QFP0FIkyqpbuVfpH1xFpj3yZVAK_bOgfOfbFbcgz5Ky1ll-76X7M-a5sW515FmY5PwmuyZA19N82g4ZK3bvXmYYCC6zmYGoN_NQyFUsk5WCOme_VxTU_SR_Lgo7EsYkk97Om0Fr3jWEgXSixsOp45XyqYUU6i-NLjfQRLHNXkUV2K2Z0ZxX9ZpRx4uiTpFv-ITXFEQlE7-glXRPzA2HdCmGyDdTTMHbWU-EArm1hopQ5XMbUFUkR5zWAJOSvTt4eaI9fb7yqLBwgDOWNCnNN_0_0Y_3QsIWff0kx61w711boiFE8LOTp1ck4IAGx5G4oZi-xt9soAYhqAemvhuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIFAiA4YAQEAEyAqoCOgKAQEi9_cE6-gsCCAGADAHQFQGAFwE%2526num%253D1%2526sig%253DAOD64_3-7Eah-7OeorWzVhdhnI7NuokisQ%2526client%253Dca-pub-6593523210010154%2526adurl%253D&y=1&s=&z=0
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::ac43:4a81 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3d9b0e771bf0255ccf5583a85b215c674e866614409b9c5f10c0e8264d1687b1

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 18:33:25 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 470679
cf-polished: status=not_needed
alt-svc: h3=":443"; ma=86400
content-length: 31793
cf-bgj: imgq:85,h2pri
last-modified: Thu, 23 Nov 2023 07:48:34 GMT
server: cloudflare
etag: "ac24017e395215a412b39d1cdc9c2ad5"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=w6svhyDgmhspMWhw6CfNSigag5rlhodKc4918wbuzHr2e9GDrZNRiS1sEasiw%2BcXxhYWPwLGzuk1ZlcPXdSXnwVlWjQREkszPpPfVD9SknCk9iRDJKeo9KIFgL7HITXvLcD2HtEt%2FZ7D6DSi"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: public, max-age=315360000, immutable
accept-ranges: bytes
cf-ray: 82d4b2ff2f199954-FRA

GET
H2

200

ztpv.php
www.conrad.de/ Frame 1EDA
Redirect Chain

https://www.awin1.com/cshow.php?s=2470185&v=11354&q=377129&r=412871&pv=1&pref3=oneidEjgSDfEfARG7szHAHjt4t4AQTKSVTYr3hBgQ5oneid__suite_Netmix_Reach118_EXTRAPUSH&gdpr_consent=&gdpr=0&gdpr_pd=0
https://www.conrad.de/ztpv.php?awc=11354_412871_1701196405_9e0b6740-8e1c-11ee-a3ae-223050cf75aa&insert=AW&&gdpr=0&gdpr_consent=

0
313 B

49ms
38ms

Image
text/html

2606:4700::6810:c0cb
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.conrad.de/ztpv.php?awc=11354_412871_1701196405_9e0b6740-8e1c-11ee-a3ae-223050cf75aa&insert=AW&&gdpr=0&gdpr_consent=

Requested by

Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=197862%2C537178%2C19769&b=Rx3HgfQfGPqeUkHwH3tQtw2A7u9SzTYMAhB3zZ%2CEjgSDfEfARG7szHAHjt4t4AQTKSVTYr3hBgQ5%2C8R3cDf8f2qZfgHJHEtxtkZEhGSwTpQZtbw6A&f=QxWH4fjfP93YUxH5HYt9CbqrpT6S4TGD4HEzJ5%2CADYaYfqfbZr3UAHRH4tMCM7duRS4TRrAH3JMm%2CZxqHwfBf6A8UmHDHDtDCJQ2a6SXTQRBuY51p&c=728&d=90&e=&g=f986f2a28a231ec2f8a2ecd1a16e4e0e%2F5561404505445612745&i=71725%2C21596%2C21630&j=21%2C16%2C16&k=0&l=0&m=0&n=&p=&q=&o=suite_Netmix_Reach118_EXTRAPUSH&r=1701196405476&h=https%3A%2F%2Fas.ad4m.at%2Fdct%3Fed%3D1kccfd466hbbd9fq7137zqep6eq1vc1c6et7rj0z9jws3gjf9jprsxpnqr34rkk3s1kes6dv16tdgdypqbf06n28534heh8a9hr53hx5rdgyd5tccxm3vfj15qb0yn1tm4safddjj7bny1ve9w71yg951m53wpja4x9fv043wm6mr43q9n4k907k9gdypczaf3ys4gjeamgybd8zgegy7vrr222m14m5qq7g8h1hw31mj2pe959zk4nmqp54rqw1fyfxnazq0r9a5wn450pvyg9p%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DCEr18dDJmZZm2I-ON4_UP496YqA6Q4YGEXLaoworwAsCNtwEQASAAYJWCgICYB4IBF2NhLXB1Yi02NTkzNTIzMjEwMDEwMTU0yAEJqQI9a6tbPGiyPqgDAcgDAqoE6QFP0FIkyqpbuVfpH1xFpj3yZVAK_bOgfOfbFbcgz5Ky1ll-76X7M-a5sW515FmY5PwmuyZA19N82g4ZK3bvXmYYCC6zmYGoN_NQyFUsk5WCOme_VxTU_SR_Lgo7EsYkk97Om0Fr3jWEgXSixsOp45XyqYUU6i-NLjfQRLHNXkUV2K2Z0ZxX9ZpRx4uiTpFv-ITXFEQlE7-glXRPzA2HdCmGyDdTTMHbWU-EArm1hopQ5XMbUFUkR5zWAJOSvTt4eaI9fb7yqLBwgDOWNCnNN_0_0Y_3QsIWff0kx61w711boiFE8LOTp1ck4IAGx5G4oZi-xt9soAYhqAemvhuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIFAiA4YAQEAEyAqoCOgKAQEi9_cE6-gsCCAGADAHQFQGAFwE%2526num%253D1%2526sig%253DAOD64_3-7Eah-7OeorWzVhdhnI7NuokisQ%2526client%253Dca-pub-6593523210010154%2526adurl%253D&y=1&s=&z=0

Protocol

Server

2606:4700::6810:c0cb , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 18:33:25 GMT
strict-transport-security: max-age=15552000
cf-ccp-worker: HTLPHandler-v1
server: cloudflare
vary: Accept-Encoding
content-type: text/html; charset=UTF-8
cache-control: no-cache
cf-ray: 82d4b2ffcfd2193c-FRA
content-length: 0
expires: -1

Redirect headers

Date: Tue, 28 Nov 2023 18:33:25 GMT
Strict-Transport-Security: max-age=86400
Node: Helix
P3P: policyref="http://www.awin1.com/w3c/p3p.xml", CP="NOI NID CURa ADMa PSAa HISa OUR IND UNI PUR COM NAV"
Location: https://www.conrad.de/ztpv.php?awc=11354_412871_1701196405_9e0b6740-8e1c-11ee-a3ae-223050cf75aa&insert=AW&&gdpr=0&gdpr_consent=
Awin-Akamai-Rule-Set: default
Connection: keep-alive
Content-Length: 0

GET
H3 200 90E11D2E4CFB32857DB7C2E1317DD53401EA4F6F6F9CD68E6E871CA9D0C876402E8B3C561F20D09E5FFCF6D6F6634B28F60F47276020F60158747BE09B58F826
assets.ad4m.at/logo/ Frame 1EDA 4 KB
5 KB 63ms
62ms Image
image/webp 2606:4700:20::ac43:4a81
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.ad4m.at/logo/90E11D2E4CFB32857DB7C2E1317DD53401EA4F6F6F9CD68E6E871CA9D0C876402E8B3C561F20D09E5FFCF6D6F6634B28F60F47276020F60158747BE09B58F826
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=197862%2C537178%2C19769&b=Rx3HgfQfGPqeUkHwH3tQtw2A7u9SzTYMAhB3zZ%2CEjgSDfEfARG7szHAHjt4t4AQTKSVTYr3hBgQ5%2C8R3cDf8f2qZfgHJHEtxtkZEhGSwTpQZtbw6A&f=QxWH4fjfP93YUxH5HYt9CbqrpT6S4TGD4HEzJ5%2CADYaYfqfbZr3UAHRH4tMCM7duRS4TRrAH3JMm%2CZxqHwfBf6A8UmHDHDtDCJQ2a6SXTQRBuY51p&c=728&d=90&e=&g=f986f2a28a231ec2f8a2ecd1a16e4e0e%2F5561404505445612745&i=71725%2C21596%2C21630&j=21%2C16%2C16&k=0&l=0&m=0&n=&p=&q=&o=suite_Netmix_Reach118_EXTRAPUSH&r=1701196405476&h=https%3A%2F%2Fas.ad4m.at%2Fdct%3Fed%3D1kccfd466hbbd9fq7137zqep6eq1vc1c6et7rj0z9jws3gjf9jprsxpnqr34rkk3s1kes6dv16tdgdypqbf06n28534heh8a9hr53hx5rdgyd5tccxm3vfj15qb0yn1tm4safddjj7bny1ve9w71yg951m53wpja4x9fv043wm6mr43q9n4k907k9gdypczaf3ys4gjeamgybd8zgegy7vrr222m14m5qq7g8h1hw31mj2pe959zk4nmqp54rqw1fyfxnazq0r9a5wn450pvyg9p%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DCEr18dDJmZZm2I-ON4_UP496YqA6Q4YGEXLaoworwAsCNtwEQASAAYJWCgICYB4IBF2NhLXB1Yi02NTkzNTIzMjEwMDEwMTU0yAEJqQI9a6tbPGiyPqgDAcgDAqoE6QFP0FIkyqpbuVfpH1xFpj3yZVAK_bOgfOfbFbcgz5Ky1ll-76X7M-a5sW515FmY5PwmuyZA19N82g4ZK3bvXmYYCC6zmYGoN_NQyFUsk5WCOme_VxTU_SR_Lgo7EsYkk97Om0Fr3jWEgXSixsOp45XyqYUU6i-NLjfQRLHNXkUV2K2Z0ZxX9ZpRx4uiTpFv-ITXFEQlE7-glXRPzA2HdCmGyDdTTMHbWU-EArm1hopQ5XMbUFUkR5zWAJOSvTt4eaI9fb7yqLBwgDOWNCnNN_0_0Y_3QsIWff0kx61w711boiFE8LOTp1ck4IAGx5G4oZi-xt9soAYhqAemvhuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIFAiA4YAQEAEyAqoCOgKAQEi9_cE6-gsCCAGADAHQFQGAFwE%2526num%253D1%2526sig%253DAOD64_3-7Eah-7OeorWzVhdhnI7NuokisQ%2526client%253Dca-pub-6593523210010154%2526adurl%253D&y=1&s=&z=0
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::ac43:4a81 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7df956c080a1bb3ed36decdc5b978505ddf07aa8d4b1b69e6ded3a9773464a2b

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 18:33:25 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 593918
cf-polished: qual=85, origFmt=jpeg, origSize=7258
alt-svc: h3=":443"; ma=86400
content-length: 4294
cf-bgj: imgq:85,h2pri
last-modified: Wed, 01 Nov 2023 09:56:16 GMT
server: cloudflare
etag: "679602b08629bcaaabfcfad4e68fe53a"
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qiO33gHZlCEvZpemC%2Fc8epHMDzu4tajdIP1XGTiw9mxPcQalFxa8MpvWfADlS%2F1dGgVxqHe96RPr7F5OhQ2aP93eDX5KkZIgKKoBPl2ZB02ofQTwBQirKr%2BHsgADexAxlVmpYYqMO%2Bl0MG60"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
cache-control: public, max-age=315360000, immutable
accept-ranges: bytes
cf-ray: 82d4b2ff2f1b9954-FRA

GET
H3 200 287435BEDBEF5210566F91ED2E6D57494D1CBA241E887A111712FB8ADF6747B3B44CBC7EE390AD74BB6985CDD69339A9B2EDEE7334ACD70F503D0812F8C7EBF1
assets.ad4m.at/ Frame 1EDA 15 KB
16 KB 63ms
62ms Image
image/jpeg 2606:4700:20::ac43:4a81
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.ad4m.at/287435BEDBEF5210566F91ED2E6D57494D1CBA241E887A111712FB8ADF6747B3B44CBC7EE390AD74BB6985CDD69339A9B2EDEE7334ACD70F503D0812F8C7EBF1
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=197862%2C537178%2C19769&b=Rx3HgfQfGPqeUkHwH3tQtw2A7u9SzTYMAhB3zZ%2CEjgSDfEfARG7szHAHjt4t4AQTKSVTYr3hBgQ5%2C8R3cDf8f2qZfgHJHEtxtkZEhGSwTpQZtbw6A&f=QxWH4fjfP93YUxH5HYt9CbqrpT6S4TGD4HEzJ5%2CADYaYfqfbZr3UAHRH4tMCM7duRS4TRrAH3JMm%2CZxqHwfBf6A8UmHDHDtDCJQ2a6SXTQRBuY51p&c=728&d=90&e=&g=f986f2a28a231ec2f8a2ecd1a16e4e0e%2F5561404505445612745&i=71725%2C21596%2C21630&j=21%2C16%2C16&k=0&l=0&m=0&n=&p=&q=&o=suite_Netmix_Reach118_EXTRAPUSH&r=1701196405476&h=https%3A%2F%2Fas.ad4m.at%2Fdct%3Fed%3D1kccfd466hbbd9fq7137zqep6eq1vc1c6et7rj0z9jws3gjf9jprsxpnqr34rkk3s1kes6dv16tdgdypqbf06n28534heh8a9hr53hx5rdgyd5tccxm3vfj15qb0yn1tm4safddjj7bny1ve9w71yg951m53wpja4x9fv043wm6mr43q9n4k907k9gdypczaf3ys4gjeamgybd8zgegy7vrr222m14m5qq7g8h1hw31mj2pe959zk4nmqp54rqw1fyfxnazq0r9a5wn450pvyg9p%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DCEr18dDJmZZm2I-ON4_UP496YqA6Q4YGEXLaoworwAsCNtwEQASAAYJWCgICYB4IBF2NhLXB1Yi02NTkzNTIzMjEwMDEwMTU0yAEJqQI9a6tbPGiyPqgDAcgDAqoE6QFP0FIkyqpbuVfpH1xFpj3yZVAK_bOgfOfbFbcgz5Ky1ll-76X7M-a5sW515FmY5PwmuyZA19N82g4ZK3bvXmYYCC6zmYGoN_NQyFUsk5WCOme_VxTU_SR_Lgo7EsYkk97Om0Fr3jWEgXSixsOp45XyqYUU6i-NLjfQRLHNXkUV2K2Z0ZxX9ZpRx4uiTpFv-ITXFEQlE7-glXRPzA2HdCmGyDdTTMHbWU-EArm1hopQ5XMbUFUkR5zWAJOSvTt4eaI9fb7yqLBwgDOWNCnNN_0_0Y_3QsIWff0kx61w711boiFE8LOTp1ck4IAGx5G4oZi-xt9soAYhqAemvhuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIFAiA4YAQEAEyAqoCOgKAQEi9_cE6-gsCCAGADAHQFQGAFwE%2526num%253D1%2526sig%253DAOD64_3-7Eah-7OeorWzVhdhnI7NuokisQ%2526client%253Dca-pub-6593523210010154%2526adurl%253D&y=1&s=&z=0
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::ac43:4a81 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5c8aaf3a0a4a9840eef8109904bf9d8ca3cf0933567fc63c82f239b7bd344ce3

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 18:33:25 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 1679012
cf-polished: status=not_needed
alt-svc: h3=":443"; ma=86400
content-length: 15521
cf-bgj: imgq:85,h2pri
last-modified: Thu, 09 Nov 2023 08:09:52 GMT
server: cloudflare
etag: "269bd58060bc660c3aec98b388bae571"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=M8ph%2BuwPhuHkO3eQoFu2E4erqAn6OzLmmuFxLjBeBjaAqAtKPVTNaYCk4lC2k1jPEaImPyqJ7uVAYZ3uWQ%2B%2Fkcya%2F%2FIY7b4tnGfu5sQ6CZqtBGFnZyErD%2F4s8B0F3L2Fv19EaRVyD2YojOyS"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: public, max-age=315360000, immutable
accept-ranges: bytes
cf-ray: 82d4b2ff2f1c9954-FRA

GET
H/1.1 200
OK cshow.php
www.awin1.com/ Frame 1EDA 43 B
704 B 106ms
62ms Image
image/gif 23.212.218.19
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.awin1.com/cshow.php?s=2531885&v=14702&q=365825&r=412871&pv=1&pref3=oneid8R3cDf8f2qZfgHJHEtxtkZEhGSwTpQZtbw6Aoneid__suite_Netmix_Reach118_EXTRAPUSH&gdpr_consent=&gdpr=0&gdpr_pd=0

Requested by

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

23.212.218.19 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-212-218-19.deploy.static.akamaitechnologies.com

Software

Resource Hash

2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 28 Nov 2023 18:33:25 GMT
Strict-Transport-Security: max-age=86400
Node: Helix
Content-Type: image/gif
P3P: policyref="http://www.awin1.com/w3c/p3p.xml", CP="NOI NID CURa ADMa PSAa HISa OUR IND UNI PUR COM NAV"
Cache-Control: no-store, no-cache, max-age=0, must-revalidate
Awin-Akamai-Rule-Set: default
Connection: keep-alive
Content-Length: 43
Expires: 0

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame E874 13 KB
5 KB 25ms
23ms Document
text/html 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://47edc2055ebf6f705c8dda5bf6329e59.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 3813
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Tue, 28 Nov 2023 17:29:52 GMT
expires: Wed, 27 Nov 2024 17:29:52 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 54FD 829 B
560 B 34ms
34ms Document
text/html 2a00:1450:4001:828::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

07bc62ec05a4c43febb0d675bfa4fb404d07f0cc993b5d23d573d30ec89febb8

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-2sQsO9PFrvEt2ybAjcz97g' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://47edc2055ebf6f705c8dda5bf6329e59.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=300
content-encoding: gzip
content-security-policy: script-src 'report-sample' 'nonce-2sQsO9PFrvEt2ybAjcz97g' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Tue, 28 Nov 2023 18:33:25 GMT
expires: Tue, 28 Nov 2023 18:33:25 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H3 200 GOa2ZK97xVqw-WOSDw2lqG4V8l_qTiI5JNj0tnI6N88.js Show response
pagead2.googlesyndication.com/bg/ Frame C14C 39 KB
15 KB 51ms
51ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/GOa2ZK97xVqw-WOSDw2lqG4V8l_qTiI5JNj0tnI6N88.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

18e6b664af7bc55ab0f963920f0da5a86e15f25fea4e223924d8f4b6723a37cf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 17:29:53 GMT
content-encoding: br
x-content-type-options: nosniff
age: 3812
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15296
x-xss-protection: 0
last-modified: Mon, 06 Nov 2023 16:38:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 27 Nov 2024 17:29:53 GMT

GET
H3 200 GOa2ZK97xVqw-WOSDw2lqG4V8l_qTiI5JNj0tnI6N88.js Show response
pagead2.googlesyndication.com/bg/ Frame C8F9 39 KB
15 KB 23ms
23ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/GOa2ZK97xVqw-WOSDw2lqG4V8l_qTiI5JNj0tnI6N88.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

18e6b664af7bc55ab0f963920f0da5a86e15f25fea4e223924d8f4b6723a37cf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 17:29:53 GMT
content-encoding: br
x-content-type-options: nosniff
age: 3812
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15296
x-xss-protection: 0
last-modified: Mon, 06 Nov 2023 16:38:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 27 Nov 2024 17:29:53 GMT

POST
H3 200 rs Show response
ad4m.at/ Frame E05E 2 KB
2 KB 48ms
48ms XHR
text/plain 2606:4700:20::ac43:4a81
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ad4m.at/rs
Requested by: Host: ad4m.at
URL: https://ad4m.at/r62eglto.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::ac43:4a81 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8bec500b5753418a55c12012f17927edaa52dca7f56f1e7e57f0159125ae1149

Request headers

Referer
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
Content-Type: application/json

Response headers

date: Tue, 28 Nov 2023 18:33:25 GMT
via: 1.1 google
content-encoding: br
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=s6I6RfcYAZEsOvlFyw1QXHDD5%2Fa70JGsGnVr3aZsjg4CzChPOLvB0m1Tl1vKzdwBibU62hzPRJ3SUNnYkPU%2BRmtTwX05DFhBJLoXE%2BUWZtsEgcIwZBBjtR28JIK2p7vrm%2Fzyh6c%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/plain
access-control-allow-origin: https://as.ad4m.at
access-control-allow-credentials: true
cf-ray: 82d4b2ff7cb4906d-FRA
x-backend-server: aa-reachservice-group-europe-west1-m75l
alt-svc: h3=":443"; ma=86400

POST
H3 200 rs Show response
ad4m.at/ Frame 63B5 1 KB
1 KB 51ms
51ms XHR
text/plain 2606:4700:20::ac43:4a81
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ad4m.at/rs
Requested by: Host: ad4m.at
URL: https://ad4m.at/r62eglto.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::ac43:4a81 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e89edfaac75319e12d2ba18d9398bd6407b6ff6f2e00476a860d3d14a924f696

Request headers

Referer
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
Content-Type: application/json

Response headers

date: Tue, 28 Nov 2023 18:33:25 GMT
via: 1.1 google
content-encoding: br
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fXxs6dRi20aRmVRjoJsq0%2FkLYT3m5XjZ1PdJr3%2FXwBKM49SQFfgWoDAActpOeeyOXi8%2FDO%2F1mIyPLRiESyKrV69yjl%2F2Xu4C34G%2B8uP%2FcnZmLPwKnMecTuWQHRI%2FJd3FYUhQzG0%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/plain
access-control-allow-origin: https://as.ad4m.at
access-control-allow-credentials: true
cf-ray: 82d4b2ff7cae906d-FRA
x-backend-server: aa-reachservice-group-europe-west1-2r8n
alt-svc: h3=":443"; ma=86400

OPTIONS
H3 200 rs
ad4m.at/ Frame 0
0 47ms
44ms Preflight
text/plain 2606:4700:20::ac43:4a81
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ad4m.at/rs
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::ac43:4a81 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://as.ad4m.at
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: content-type
access-control-allow-methods: GET,PATCH,POST,OPTIONS,DELETE
access-control-allow-origin: https://as.ad4m.at
access-control-max-age: 1800
allow: HEAD,POST,GET,OPTIONS
alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 82d4b2ff3c55906d-FRA
content-length: 24
content-type: text/plain
date: Tue, 28 Nov 2023 18:33:25 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LfqRhzT2SPZ%2BwCQxmm%2FCbyNQli3yhQkFQKiPcJUNAaPwMz5Df4R4%2BlAZReACLQIXFyhgBAXrgW4RcUQHnIYpoeQHOcnmTUGKpat2AiL9qgG4NQd90WSyfyZygb23OeQrcwa2uXI%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
via: 1.1 google
x-backend-server: aa-reachservice-group-europe-west1-2r8n

OPTIONS
H3 200 rs
ad4m.at/ Frame 0
0 46ms
43ms Preflight
text/plain 2606:4700:20::ac43:4a81
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ad4m.at/rs
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::ac43:4a81 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://as.ad4m.at
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: content-type
access-control-allow-methods: GET,PATCH,POST,OPTIONS,DELETE
access-control-allow-origin: https://as.ad4m.at
access-control-max-age: 1800
allow: HEAD,POST,GET,OPTIONS
alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 82d4b2ff3c56906d-FRA
content-length: 24
content-type: text/plain
date: Tue, 28 Nov 2023 18:33:25 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZdqJ59N85n3%2FNAQxX8NyhD%2Fvl2GhnSiW71la8vG6te9YpHbzNvc1mogzzmebE5tXrHbltxyBQqddEKvl%2B25WV1hmuoqcUkze8vq31yV87i41mwZt4GoxA6qjrCy8YCWZ2peGgU0%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
via: 1.1 google
x-backend-server: aa-reachservice-group-europe-west1-2r8n

GET
H3 200 GOa2ZK97xVqw-WOSDw2lqG4V8l_qTiI5JNj0tnI6N88.js Show response
pagead2.googlesyndication.com/bg/ Frame E874 39 KB
15 KB 23ms
23ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/GOa2ZK97xVqw-WOSDw2lqG4V8l_qTiI5JNj0tnI6N88.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

18e6b664af7bc55ab0f963920f0da5a86e15f25fea4e223924d8f4b6723a37cf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 17:29:53 GMT
content-encoding: br
x-content-type-options: nosniff
age: 3812
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15296
x-xss-protection: 0
last-modified: Mon, 06 Nov 2023 16:38:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 27 Nov 2024 17:29:53 GMT

GET
H2 200 link.html Show response
track.webgains.com/ Frame 1EDA 2 KB
2 KB 90ms
90ms Script
text/html 3.11.123.127
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://track.webgains.com/link.html?wglinkid=3641431&wgcampaignid=1384975&wgprogramid=286305&js=1&nw=1&wgtarget=https%3A%2F%2Fas.ad4m.at%2Fad%2Frct%3Fed%3D1hfj95npara06ans8552gmrp2t3r2843ry21kw15crd7qp6v3mfgbjmq4facpra9tqtwtgtb4mxejs63sn9ppv0ba64ex4m5gye292bsxdtc2jyc43vfacs25sm7annf7ydbz40f4p3we5p0gv1ad64qafj5ymtrr79gda5hm1dpknkycfqxt111trhjyega1shjywr8k42y6bf8hsxt3xvmfrg31prpsqrv0e7zw38gb3r6gb4m0aqsv63rj100x3e0%26a%3Dhttps%253A%252F%252Fas.ad4m.at%252Fdct%253Fed%253D1kccfd466hbbd9fq7137zqep6eq1vc1c6et7rj0z9jws3gjf9jprsxpnqr34rkk3s1kes6dv16tdgdypqbf06n28534heh8a9hr53hx5rdgyd5tccxm3vfj15qb0yn1tm4safddjj7bny1ve9w71yg951m53wpja4x9fv043wm6mr43q9n4k907k9gdypczaf3ys4gjeamgybd8zgegy7vrr222m14m5qq7g8h1hw31mj2pe959zk4nmqp54rqw1fyfxnazq0r9a5wn450pvyg9p%2526h%253Dhttps%25253A%25252F%25252Fadclick.g.doubleclick.net%25252Faclk%25253Fsa%25253DL%252526ai%25253DCEr18dDJmZZm2I-ON4_UP496YqA6Q4YGEXLaoworwAsCNtwEQASAAYJWCgICYB4IBF2NhLXB1Yi02NTkzNTIzMjEwMDEwMTU0yAEJqQI9a6tbPGiyPqgDAcgDAqoE6QFP0FIkyqpbuVfpH1xFpj3yZVAK_bOgfOfbFbcgz5Ky1ll-76X7M-a5sW515FmY5PwmuyZA19N82g4ZK3bvXmYYCC6zmYGoN_NQyFUsk5WCOme_VxTU_SR_Lgo7EsYkk97Om0Fr3jWEgXSixsOp45XyqYUU6i-NLjfQRLHNXkUV2K2Z0ZxX9ZpRx4uiTpFv-ITXFEQlE7-glXRPzA2HdCmGyDdTTMHbWU-EArm1hopQ5XMbUFUkR5zWAJOSvTt4eaI9fb7yqLBwgDOWNCnNN_0_0Y_3QsIWff0kx61w711boiFE8LOTp1ck4IAGx5G4oZi-xt9soAYhqAemvhuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIFAiA4YAQEAEyAqoCOgKAQEi9_cE6-gsCCAGADAHQFQGAFwE%252526num%25253D1%252526sig%25253DAOD64_3-7Eah-7OeorWzVhdhnI7NuokisQ%252526client%25253Dca-pub-6593523210010154%252526adurl%25253D&clickref=oneidQxWH4fjfP93YUxH5HYt9CbqrpT6S4TGD4HEzJ5oneid__suite_Netmix_Reach118_EXTRAPUSH&viewref=oneidRx3HgfQfGPqeUkHwH3tQtw2A7u9SzTYMAhB3zZoneid__suite_Netmix_Reach118_EXTRAPUSH
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=197862%2C537178%2C19769&b=Rx3HgfQfGPqeUkHwH3tQtw2A7u9SzTYMAhB3zZ%2CEjgSDfEfARG7szHAHjt4t4AQTKSVTYr3hBgQ5%2C8R3cDf8f2qZfgHJHEtxtkZEhGSwTpQZtbw6A&f=QxWH4fjfP93YUxH5HYt9CbqrpT6S4TGD4HEzJ5%2CADYaYfqfbZr3UAHRH4tMCM7duRS4TRrAH3JMm%2CZxqHwfBf6A8UmHDHDtDCJQ2a6SXTQRBuY51p&c=728&d=90&e=&g=f986f2a28a231ec2f8a2ecd1a16e4e0e%2F5561404505445612745&i=71725%2C21596%2C21630&j=21%2C16%2C16&k=0&l=0&m=0&n=&p=&q=&o=suite_Netmix_Reach118_EXTRAPUSH&r=1701196405476&h=https%3A%2F%2Fas.ad4m.at%2Fdct%3Fed%3D1kccfd466hbbd9fq7137zqep6eq1vc1c6et7rj0z9jws3gjf9jprsxpnqr34rkk3s1kes6dv16tdgdypqbf06n28534heh8a9hr53hx5rdgyd5tccxm3vfj15qb0yn1tm4safddjj7bny1ve9w71yg951m53wpja4x9fv043wm6mr43q9n4k907k9gdypczaf3ys4gjeamgybd8zgegy7vrr222m14m5qq7g8h1hw31mj2pe959zk4nmqp54rqw1fyfxnazq0r9a5wn450pvyg9p%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DCEr18dDJmZZm2I-ON4_UP496YqA6Q4YGEXLaoworwAsCNtwEQASAAYJWCgICYB4IBF2NhLXB1Yi02NTkzNTIzMjEwMDEwMTU0yAEJqQI9a6tbPGiyPqgDAcgDAqoE6QFP0FIkyqpbuVfpH1xFpj3yZVAK_bOgfOfbFbcgz5Ky1ll-76X7M-a5sW515FmY5PwmuyZA19N82g4ZK3bvXmYYCC6zmYGoN_NQyFUsk5WCOme_VxTU_SR_Lgo7EsYkk97Om0Fr3jWEgXSixsOp45XyqYUU6i-NLjfQRLHNXkUV2K2Z0ZxX9ZpRx4uiTpFv-ITXFEQlE7-glXRPzA2HdCmGyDdTTMHbWU-EArm1hopQ5XMbUFUkR5zWAJOSvTt4eaI9fb7yqLBwgDOWNCnNN_0_0Y_3QsIWff0kx61w711boiFE8LOTp1ck4IAGx5G4oZi-xt9soAYhqAemvhuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIFAiA4YAQEAEyAqoCOgKAQEi9_cE6-gsCCAGADAHQFQGAFwE%2526num%253D1%2526sig%253DAOD64_3-7Eah-7OeorWzVhdhnI7NuokisQ%2526client%253Dca-pub-6593523210010154%2526adurl%253D&y=1&s=&z=0
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.11.123.127 London, United Kingdom, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-11-123-127.eu-west-2.compute.amazonaws.com
Software: nginx / PHP/7.4.26
Resource Hash: 256412fe6592632da6ec86565a509e73384d126d983612aec4cf77665f150031

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 18:33:25 GMT
last-modified: Tue, 28 Nov 2023 18:33:25 GMT
server: nginx
x-powered-by: PHP/7.4.26
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=60
access-control-allow-headers: Authorization
expires: Tue, 28 Nov 2023 18:34:25 GMT

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame 53C5 17 KB
6 KB 33ms
33ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://47edc2055ebf6f705c8dda5bf6329e59.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 18:33:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Tue, 28 Nov 2023 18:33:25 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 54FD 0
0 55ms
55ms Image
text/html 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gda_r20231109&jk=2911161722174218&rc=
Requested by: Host: foreks.com
URL: https://foreks.com/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

GET
H3 200 rar Show response
as.ad4m.at/ad/ Frame 3FD6 9 KB
5 KB 49ms
48ms Document
text/html 2606:4700:20::ac43:4a81
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://as.ad4m.at/ad/rar?a=23576%2C19769%2C117569&b=YX1Hrf15spBpHVH9HetQtRR8cAT1T6mHr%2C2xqt6fRQfDrbSVHWHkt8txZPcWT7TEYcg%2CApEhYf9mueRQdhAHRH4tkt3D6c7T4T1Ec9&f=qDRUmfD7H757CZHgHDtRCXXxaPTgTVZF3%2C4BxHEf1Ks2P6fGH9HdtzCmwPFZTpTjRHK%2CMYrCzfjQsGkwrSWHEHGtQCDkPF9T4T2gu3&c=300&d=250&e=&g=4f80aa19514401d9b49d42dc5b2ebe20%2F2104205774622579060&i=20774%2C21630%2C29981&j=14%2C16%2C16&k=0&l=0&m=0&n=&p=&q=&o=suite_Netmix_Reach13_BlackFridayPush&r=1701196405672&h=https%3A%2F%2Fas.ad4m.at%2Fdct%3Fed%3D1g4a3p4g46dt5gz0cznkc2kt1ch8xvjfg27k43edb6w8qjkbtvsnfsac9taf3dv1mpq3hbp3fvdwkq8tsg4p96hvyp4567s834cqn0ej2y2mg86ngbmzqytgc3sv3exm8v74phsv5gvsd80zjzp2raah5xbnm4nrbmnr1jj7p5vtwhgkjc315zv8x7nqsxwhxhjw5wsk70f5qkbjq4nna49e7s3ab1vnf2fm3c1xzayn0xskkx92dk59bzrwsg4nxq95zffrhfcvce3bg47g%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DCdDRDdDJmZdTlJ6rK998PkaeigAqQ4YGEXLaoworwAsCNtwEQASAAYJWCgICYB4IBF2NhLXB1Yi02NTkzNTIzMjEwMDEwMTU0yAEJqQKcXkyLdl-yPqgDAcgDAqoE6gFP0GSSNGuPZP6btp8oIK5frUXy3J-wWwSauAsN0Fh42wI8HcIvPBtSUWvRFaVHJfy9qlydzMUD3KOvrr7F2zicyP8dSuMo2egcCJR6GfmQxW8GHa_V-vv1wVQY_kmXZSXXK0k5zwIDazLsBvqJqqjKJeERD-dI48li3Oqc6OvzxVaUJMPVsqdMjNDRIt8bIVrbySwPxJVrIgZf8NGIfgbIdzHNuJl_enzB31CvoCt6Hs4WB0zbGp7WhQk_GkhkXUfWQHlLsiwaKxY5dWCixRqwJUjAznUwb-C2wXG9aPNnW0zbjiSFz7Oj0T2ABq20_5ik46TPIqAGIagHpr4bqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCBQIgOGAEBABMgKqAjoCgEBIvf3BOvoLAggBgAwB0BUBgBcB%2526num%253D1%2526sig%253DAOD64_0KHn4mXPdoe_fe3yBWHXHoYfrjZg%2526client%253Dca-pub-6593523210010154%2526adurl%253D&y=1&s=&z=0

Requested by

Host: ad4m.at
URL: https://ad4m.at/r62eglto.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::ac43:4a81 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2f1cf33c64319f125a4e50c6306e8dc1c6bfc9d75d61d2cae90a42a8f0e85424

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content; report-to report-endpoint;report-uri /ad/rcv; upgrade-insecure-requests;sandbox allow-scripts allow-same-origin allow-popups allow-popups-to-escape-sandbox;base-uri https:;child-src ;connect-src https:;default-src 'self';font-src ;form-action 'none';frame-src ;img-src https: data:;manifest-src 'none';media-src 'none';object-src 'none';worker-src 'none';script-src https: 'unsafe-inline' 'unsafe-eval';style-src 'unsafe-inline'
Strict-Transport-Security	max-age=86400; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://as.ad4m.at/ad/dr?ed=1kcjq0qrdjt2h9973v6b9n7mm8ycm9j18k6nk1rfg6s435ek7a6jc373jtzfgnpxcdqq8aq26xwjj43hnqe24tpakt6efnd2veh7rvf28rgc59p2gyq1jzsmzfbh085g7qrbq3nf2n68bpb72gf58by56k5rrt5wjfs3ttnfb25e57ekn6h4qwf0hp5gvyqnvzsbxcq4nt8rbpt1ep9dx5g4y1bzzrgjd1s2dcn09ecxx4t407p6t379yzf46ftf2ncpc2f32cxrymrj4a3amh63n8x25rgtxj8dbbw7cnfbp761qnjkskkpbqjca3vpjjjtbt2rntse98x3rc916tv25jxyzagxz0r6r9e2f69vqt9089236f88tazn4p77g30y56g4f989mtha63tyq0xf3czfs9qs17qgvbhmcw3mpt1e9s71j&x=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCdDRDdDJmZdTlJ6rK998PkaeigAqQ4YGEXLaoworwAsCNtwEQASAAYJWCgICYB4IBF2NhLXB1Yi02NTkzNTIzMjEwMDEwMTU0yAEJqQKcXkyLdl-yPqgDAcgDAqoE6gFP0GSSNGuPZP6btp8oIK5frUXy3J-wWwSauAsN0Fh42wI8HcIvPBtSUWvRFaVHJfy9qlydzMUD3KOvrr7F2zicyP8dSuMo2egcCJR6GfmQxW8GHa_V-vv1wVQY_kmXZSXXK0k5zwIDazLsBvqJqqjKJeERD-dI48li3Oqc6OvzxVaUJMPVsqdMjNDRIt8bIVrbySwPxJVrIgZf8NGIfgbIdzHNuJl_enzB31CvoCt6Hs4WB0zbGp7WhQk_GkhkXUfWQHlLsiwaKxY5dWCixRqwJUjAznUwb-C2wXG9aPNnW0zbjiSFz7Oj0T2ABq20_5ik46TPIqAGIagHpr4bqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCBQIgOGAEBABMgKqAjoCgEBIvf3BOvoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_0KHn4mXPdoe_fe3yBWHXHoYfrjZg%26client%3Dca-pub-6593523210010154%26adurl%3D
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cache-control: no-store, no-cache, must-revalidate, proxy-revalidate
cf-cache-status: DYNAMIC
cf-ray: 82d4b2ffdfdb9954-FRA
content-encoding: br
content-security-policy: block-all-mixed-content; report-to report-endpoint;report-uri /ad/rcv; upgrade-insecure-requests;sandbox allow-scripts allow-same-origin allow-popups allow-popups-to-escape-sandbox;base-uri https:;child-src *;connect-src https:;default-src 'self';font-src *;form-action 'none';frame-src *;img-src https: data:;manifest-src 'none';media-src 'none';object-src 'none';worker-src 'none';script-src https: 'unsafe-inline' 'unsafe-eval';style-src * 'unsafe-inline'
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: unsafe-none
cross-origin-opener-policy: unsafe-none
cross-origin-resource-policy: cross-origin
date: Tue, 28 Nov 2023 18:33:25 GMT
expires: 0
nel: {"failure_fraction":"1.0","max_age":86400,"report_to":"report-endpoint","success_fraction":"0.0","include_subdomains":true}
permissions-policy: accelerometer=(),autoplay=(self),camera=(),display-capture=(),encrypted-media=(self),fullscreen=(),gamepad=(),geolocation=(),gyroscope=(),hid=(),identity-credentials-get=(),idle-detection=*,local-fonts=*,magnetometer=(),microphone=(),midi=(),otp-credentials=(),payment=(),picture-in-picture=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=(),web-share=*,xr-spatial-tracking=()
pragma: no-cache
referrer-policy: same-origin
report-to: {"endpoints":[{"url":"/ad/vre"}],"group":"report-endpoint","max_age":86400}
server: cloudflare
strict-transport-security: max-age=86400; includeSubDomains; preload
surrogate-control: no-store
vary: accept-encoding
via: 1.1 google
x-content-type-options: nosniff
x-download-options: noopen
x-xss-protection: 1; mode=block

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame C8F9 0
10 B 22ms
22ms Image
text/plain 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?30QE5g
Requested by: Host: foreks.com
URL: https://foreks.com/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 18:33:25 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H3 200 rar Show response
as.ad4m.at/ad/ Frame B044 3 KB
3 KB 56ms
55ms Document
text/html 2606:4700:20::ac43:4a81
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://as.ad4m.at/ad/rar?a=196438&b=GjMSBfpfXwx9UKHeHGtPt31dHZSYTJ78sQVeB&f=Vx4HwfmfDjJEfVHbHAtXC8j4cBSzTgbrUDJdX&c=320&d=50&e=&g=1b683d6e216a1c1a76b16929036d83eb%2F12050752044450707625&i=25174&j=16&k=0&l=0&m=0&n=&p=&q=&o=suite_Netmix_Reach118_EXTRAPUSH&r=1701196405672&h=https%3A%2F%2Fas.ad4m.at%2Fdct%3Fed%3D1kjzrfksrn9jmrvxcgz32hbqge0v0ghmpknb2fkn41bh7djtbf3r6f9j9sjr392bvpj2yh1ksb6a8yvrbzmyp6nw691t3a1kmnswwekpeg5bjapen6dff5snyptmp1158hg2qkm62dt8p3bryv4f4m0kxjne0evg782z6jk6sthea4rd0x5defgyr7nd95ss2a00jtdq3ezv41dvq2ty461kbkayzc6hprcjyc2sxvnfqjfygttq5kbvhfvws5cdzqv7ax7pvz5d5k3jyevbebyp%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DCvdv8dDJmZYyoH6_OkPIPy9iN4AeQ4YGEXLaoworwAsCNtwEQASAAYJWCgICYB4IBF2NhLXB1Yi02NTkzNTIzMjEwMDEwMTU0yAEJqQLQvqB80mqyPqgDAcgDAqoE6QFP0HVSySJARTVk_Ue2gMFxYof1GbLy69hYaz94OBq_IXCQ1apdyNkozvzzdPxrIcIcUV2x_BgE7fRvzqEvnbiP13oDZS07hT8p6O_JCFn7Gsl9U7BrleW7TSNKIg2hsBU-jJmrIQ6JtOoJC-DFLzmvGc_JfOJaVIQvb5G9zMXklRaLAtqlO9QYBZGOxoTdGljU9WPftZmtNqErXlobr_45r_hslIdRFO3oIifQeso88JfDoWQcNbbGd8dMw5D-Afa61J3MkAeieqnHcsm3f_4ooqIk3PjkfxuBaUoYGNYGS90_GHWmT987sYAGxe-ql6zq8qYcoAYhqAemvhuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIFAiA4YAQEAEyAqoCOgKAQEi9_cE6-gsCCAGADAHQFQGAFwE%2526num%253D1%2526sig%253DAOD64_1pg0Z1J5xeFijqk4mbWJDG4sM7aQ%2526client%253Dca-pub-6593523210010154%2526adurl%253D&y=1&s=&z=0

Requested by

Host: ad4m.at
URL: https://ad4m.at/r62eglto.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::ac43:4a81 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5a3c81f4a28442033728698f12f70350c1683788a922661d9be585f139349950

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content; report-to report-endpoint;report-uri /ad/rcv; upgrade-insecure-requests;sandbox allow-scripts allow-same-origin allow-popups allow-popups-to-escape-sandbox;base-uri https:;child-src ;connect-src https:;default-src 'self';font-src ;form-action 'none';frame-src ;img-src https: data:;manifest-src 'none';media-src 'none';object-src 'none';worker-src 'none';script-src https: 'unsafe-inline' 'unsafe-eval';style-src 'unsafe-inline'
Strict-Transport-Security	max-age=86400; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://as.ad4m.at/ad/dr?ed=1jzjaensskpm816x8e7m86y07zg1d7mhaxmcbn5yfpeqj28dtf2e26asgp71v8t43zyzw6pxwy05p86m15tkye94r3e0s5xwq1n9zbxxx1nvpydawdzwc5e52ryx5qnkwj67at1t7qxr4gzspzwaymv6mqg8nscf4ky6kqfsexmttfscfmxg84w0ne5hjgcdnarmt2tcestwp70v7dgmphf5cg692x2qk3g82ngky1qe5t8z5rxqdkrqq5mdmrseq5qywj2jjt282mb5krqtpzjrnk3srx0zhpsveq33kw3h3h7f2btxe6hc3r33j3x2zxnzret9tf263660sgbe1846dp61hpyhz07f5d88x1e3cchn9r3qevzkvwm9ytcjec0gzmgdft28xg75f9pmwe8qbw7fkgcamwnamrx2qnygh0bvnjrr5wdj29wt789dxq3vvsga&x=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCvdv8dDJmZYyoH6_OkPIPy9iN4AeQ4YGEXLaoworwAsCNtwEQASAAYJWCgICYB4IBF2NhLXB1Yi02NTkzNTIzMjEwMDEwMTU0yAEJqQLQvqB80mqyPqgDAcgDAqoE6QFP0HVSySJARTVk_Ue2gMFxYof1GbLy69hYaz94OBq_IXCQ1apdyNkozvzzdPxrIcIcUV2x_BgE7fRvzqEvnbiP13oDZS07hT8p6O_JCFn7Gsl9U7BrleW7TSNKIg2hsBU-jJmrIQ6JtOoJC-DFLzmvGc_JfOJaVIQvb5G9zMXklRaLAtqlO9QYBZGOxoTdGljU9WPftZmtNqErXlobr_45r_hslIdRFO3oIifQeso88JfDoWQcNbbGd8dMw5D-Afa61J3MkAeieqnHcsm3f_4ooqIk3PjkfxuBaUoYGNYGS90_GHWmT987sYAGxe-ql6zq8qYcoAYhqAemvhuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIFAiA4YAQEAEyAqoCOgKAQEi9_cE6-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_1pg0Z1J5xeFijqk4mbWJDG4sM7aQ%26client%3Dca-pub-6593523210010154%26adurl%3D
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cache-control: no-store, no-cache, must-revalidate, proxy-revalidate
cf-cache-status: DYNAMIC
cf-ray: 82d4b2ffdfe29954-FRA
content-encoding: br
content-security-policy: block-all-mixed-content; report-to report-endpoint;report-uri /ad/rcv; upgrade-insecure-requests;sandbox allow-scripts allow-same-origin allow-popups allow-popups-to-escape-sandbox;base-uri https:;child-src *;connect-src https:;default-src 'self';font-src *;form-action 'none';frame-src *;img-src https: data:;manifest-src 'none';media-src 'none';object-src 'none';worker-src 'none';script-src https: 'unsafe-inline' 'unsafe-eval';style-src * 'unsafe-inline'
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: unsafe-none
cross-origin-opener-policy: unsafe-none
cross-origin-resource-policy: cross-origin
date: Tue, 28 Nov 2023 18:33:25 GMT
expires: 0
nel: {"failure_fraction":"1.0","max_age":86400,"report_to":"report-endpoint","success_fraction":"0.0","include_subdomains":true}
permissions-policy: accelerometer=(),autoplay=(self),camera=(),display-capture=(),encrypted-media=(self),fullscreen=(),gamepad=(),geolocation=(),gyroscope=(),hid=(),identity-credentials-get=(),idle-detection=*,local-fonts=*,magnetometer=(),microphone=(),midi=(),otp-credentials=(),payment=(),picture-in-picture=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=(),web-share=*,xr-spatial-tracking=()
pragma: no-cache
referrer-policy: same-origin
report-to: {"endpoints":[{"url":"/ad/vre"}],"group":"report-endpoint","max_age":86400}
server: cloudflare
strict-transport-security: max-age=86400; includeSubDomains; preload
surrogate-control: no-store
vary: accept-encoding
via: 1.1 google
x-content-type-options: nosniff
x-download-options: noopen
x-xss-protection: 1; mode=block

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 7421 13 KB
5 KB 22ms
22ms Document
text/html 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://47edc2055ebf6f705c8dda5bf6329e59.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 3813
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Tue, 28 Nov 2023 17:29:52 GMT
expires: Wed, 27 Nov 2024 17:29:52 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 6C3E 829 B
561 B 31ms
31ms Document
text/html 2a00:1450:4001:828::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

4d052b72d024c0b9de9b3f3246595b755ab7e654ac59578770101e2f14ea97f7

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-ZYR7eMVOSCUI09qdxFgpXw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://47edc2055ebf6f705c8dda5bf6329e59.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=300
content-encoding: gzip
content-security-policy: script-src 'report-sample' 'nonce-ZYR7eMVOSCUI09qdxFgpXw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Tue, 28 Nov 2023 18:33:25 GMT
expires: Tue, 28 Nov 2023 18:33:25 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

POST
H2 204 csi
csi.gstatic.com/ Frame 872E 0
234 B 429ms
133ms Ping
image/gif 2607:f8b0:4001:c20::5e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://csi.gstatic.com/csi?v=2&s=ima&dmc=8&puid=1~lpioeyp0&c=1919415049429&slotId=959707524714.5&eee=missing-element&bi=missing-id&vast_v=4.0&lima_p_ich=0&lima_p_icu=0
Requested by: Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/core/bridge3.605.0_en.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2607:f8b0:4001:c20::5e Council Bluffs, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 28 Nov 2023 18:33:26 GMT
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
server: Golfe2
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame C14C 0
10 B 28ms
28ms Image
text/plain 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?_SlmmQ
Requested by: Host: foreks.com
URL: https://foreks.com/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 18:33:25 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

POST
H2 200 count
logger.virgul.com/ 0
116 B 60ms
59ms Ping
image/jpeg 185.7.176.222
SH

General

Check archive.org

Show headers Download Go to

Full URL: https://logger.virgul.com/count?m=adError&g=m&r=npm_foreks:preroll:303:&o=&iv=&wVID=&info=&os=windows&dt=desktop
Requested by: Host: c1.imgiz.com
URL: https://c1.imgiz.com/player_others/html5/NoktaPlayer.js?d=11/28/2023
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 185.7.176.222 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://foreks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

access-control-allow-origin: *
date: Tue, 28 Nov 2023 18:33:25 GMT
server: openresty/1.15.8.3
content-length: 0
access-control-allow-methods: GET, POST
content-type: image/jpeg

POST
H2 200 count
logger.virgul.com/ 0
116 B 60ms
59ms Ping
image/jpeg 185.7.176.222
SH

General

Check archive.org

Show headers Download Go to

Full URL: https://logger.virgul.com/count?m=adRequest&g=m&r=npm_foreks:preroll&o=&iv=&wVID=&info=&os=windows&dt=desktop
Requested by: Host: c1.imgiz.com
URL: https://c1.imgiz.com/player_others/html5/NoktaPlayer.js?d=11/28/2023
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 185.7.176.222 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://foreks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

access-control-allow-origin: *
date: Tue, 28 Nov 2023 18:33:25 GMT
server: openresty/1.15.8.3
content-length: 0
access-control-allow-methods: GET, POST
content-type: image/jpeg

GET
H2 200 pvClk.min.js Show response
analytics.webgains.io/ Frame 1EDA 53 KB
19 KB 34ms
29ms Script
application/javascript 108.138.36.8
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.webgains.io/pvClk.min.js
Requested by: Host: track.webgains.com
URL: https://track.webgains.com/link.html?wglinkid=3641431&wgcampaignid=1384975&wgprogramid=286305&js=1&nw=1&wgtarget=https%3A%2F%2Fas.ad4m.at%2Fad%2Frct%3Fed%3D1hfj95npara06ans8552gmrp2t3r2843ry21kw15crd7qp6v3mfgbjmq4facpra9tqtwtgtb4mxejs63sn9ppv0ba64ex4m5gye292bsxdtc2jyc43vfacs25sm7annf7ydbz40f4p3we5p0gv1ad64qafj5ymtrr79gda5hm1dpknkycfqxt111trhjyega1shjywr8k42y6bf8hsxt3xvmfrg31prpsqrv0e7zw38gb3r6gb4m0aqsv63rj100x3e0%26a%3Dhttps%253A%252F%252Fas.ad4m.at%252Fdct%253Fed%253D1kccfd466hbbd9fq7137zqep6eq1vc1c6et7rj0z9jws3gjf9jprsxpnqr34rkk3s1kes6dv16tdgdypqbf06n28534heh8a9hr53hx5rdgyd5tccxm3vfj15qb0yn1tm4safddjj7bny1ve9w71yg951m53wpja4x9fv043wm6mr43q9n4k907k9gdypczaf3ys4gjeamgybd8zgegy7vrr222m14m5qq7g8h1hw31mj2pe959zk4nmqp54rqw1fyfxnazq0r9a5wn450pvyg9p%2526h%253Dhttps%25253A%25252F%25252Fadclick.g.doubleclick.net%25252Faclk%25253Fsa%25253DL%252526ai%25253DCEr18dDJmZZm2I-ON4_UP496YqA6Q4YGEXLaoworwAsCNtwEQASAAYJWCgICYB4IBF2NhLXB1Yi02NTkzNTIzMjEwMDEwMTU0yAEJqQI9a6tbPGiyPqgDAcgDAqoE6QFP0FIkyqpbuVfpH1xFpj3yZVAK_bOgfOfbFbcgz5Ky1ll-76X7M-a5sW515FmY5PwmuyZA19N82g4ZK3bvXmYYCC6zmYGoN_NQyFUsk5WCOme_VxTU_SR_Lgo7EsYkk97Om0Fr3jWEgXSixsOp45XyqYUU6i-NLjfQRLHNXkUV2K2Z0ZxX9ZpRx4uiTpFv-ITXFEQlE7-glXRPzA2HdCmGyDdTTMHbWU-EArm1hopQ5XMbUFUkR5zWAJOSvTt4eaI9fb7yqLBwgDOWNCnNN_0_0Y_3QsIWff0kx61w711boiFE8LOTp1ck4IAGx5G4oZi-xt9soAYhqAemvhuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIFAiA4YAQEAEyAqoCOgKAQEi9_cE6-gsCCAGADAHQFQGAFwE%252526num%25253D1%252526sig%25253DAOD64_3-7Eah-7OeorWzVhdhnI7NuokisQ%252526client%25253Dca-pub-6593523210010154%252526adurl%25253D&clickref=oneidQxWH4fjfP93YUxH5HYt9CbqrpT6S4TGD4HEzJ5oneid__suite_Netmix_Reach118_EXTRAPUSH&viewref=oneidRx3HgfQfGPqeUkHwH3tQtw2A7u9SzTYMAhB3zZoneid__suite_Netmix_Reach118_EXTRAPUSH
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 108.138.36.8 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-108-138-36-8.muc50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: fbc6bed540723f219a878e5735ae8cb1c05aa9f7012bf21870cd79e41af25bcd

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 16:26:48 GMT
content-encoding: gzip
via: 1.1 82fdc4c167a56caabe3a8a99b02abee4.cloudfront.net (CloudFront)
last-modified: Thu, 23 Nov 2023 16:26:10 GMT
server: AmazonS3
x-amz-cf-pop: MUC50-P2
age: 7597
x-amz-server-side-encryption: AES256
etag: W/"1180a1bfee0aad979766ecd6180b923e"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
x-amz-cf-id: x_HwRLS8vhmL_z-fQRDna3dp_iydGvAR7XdDqK-9VLoXVuG3dVJebA==

GET
H2 200 1619604937_fPkEZHu3MNy3GC7XuV3lA1s9E5XlSAcF.png
cdn.track.production.webgains.team/286305/ Frame 1EDA 15 KB
15 KB 35ms
31ms Image
image/png 108.138.36.69
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.track.production.webgains.team/286305/1619604937_fPkEZHu3MNy3GC7XuV3lA1s9E5XlSAcF.png?Expires=1701196705&Signature=FEMGDUE0TuH-p29G3yezLe-KRHO1W6m2RYqHGMbFn6YfA90mw52IyIFfCiJlxX1ONSNhIkHWZQaFcBW422oah1jiwwb-8XlBccmAVxd~-bcWQ~So3qhxsR-EXTeIuOgRZrGvQ8eF6YraYheeleQ5D-wBFRYP-i3A~Oo1Iy-JDwp4VZ8DH93Atj1f-KZJfy2ovJGcWwTBgbkOgWeav6ZvG~aQ--me7VNzPf0z5Xokq7rJN4Jp4DRzhWDhTmOHYL77C4sJGihVUFyzviRC9CFtUeoeRT0cj-8m8uafIbRpo7Lfj6n88sBahDgLU9baSFn5ejCxoZcMik1XquCHfXjINg__&Key-Pair-Id=K28VXAGA7VWE0O
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=197862%2C537178%2C19769&b=Rx3HgfQfGPqeUkHwH3tQtw2A7u9SzTYMAhB3zZ%2CEjgSDfEfARG7szHAHjt4t4AQTKSVTYr3hBgQ5%2C8R3cDf8f2qZfgHJHEtxtkZEhGSwTpQZtbw6A&f=QxWH4fjfP93YUxH5HYt9CbqrpT6S4TGD4HEzJ5%2CADYaYfqfbZr3UAHRH4tMCM7duRS4TRrAH3JMm%2CZxqHwfBf6A8UmHDHDtDCJQ2a6SXTQRBuY51p&c=728&d=90&e=&g=f986f2a28a231ec2f8a2ecd1a16e4e0e%2F5561404505445612745&i=71725%2C21596%2C21630&j=21%2C16%2C16&k=0&l=0&m=0&n=&p=&q=&o=suite_Netmix_Reach118_EXTRAPUSH&r=1701196405476&h=https%3A%2F%2Fas.ad4m.at%2Fdct%3Fed%3D1kccfd466hbbd9fq7137zqep6eq1vc1c6et7rj0z9jws3gjf9jprsxpnqr34rkk3s1kes6dv16tdgdypqbf06n28534heh8a9hr53hx5rdgyd5tccxm3vfj15qb0yn1tm4safddjj7bny1ve9w71yg951m53wpja4x9fv043wm6mr43q9n4k907k9gdypczaf3ys4gjeamgybd8zgegy7vrr222m14m5qq7g8h1hw31mj2pe959zk4nmqp54rqw1fyfxnazq0r9a5wn450pvyg9p%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DCEr18dDJmZZm2I-ON4_UP496YqA6Q4YGEXLaoworwAsCNtwEQASAAYJWCgICYB4IBF2NhLXB1Yi02NTkzNTIzMjEwMDEwMTU0yAEJqQI9a6tbPGiyPqgDAcgDAqoE6QFP0FIkyqpbuVfpH1xFpj3yZVAK_bOgfOfbFbcgz5Ky1ll-76X7M-a5sW515FmY5PwmuyZA19N82g4ZK3bvXmYYCC6zmYGoN_NQyFUsk5WCOme_VxTU_SR_Lgo7EsYkk97Om0Fr3jWEgXSixsOp45XyqYUU6i-NLjfQRLHNXkUV2K2Z0ZxX9ZpRx4uiTpFv-ITXFEQlE7-glXRPzA2HdCmGyDdTTMHbWU-EArm1hopQ5XMbUFUkR5zWAJOSvTt4eaI9fb7yqLBwgDOWNCnNN_0_0Y_3QsIWff0kx61w711boiFE8LOTp1ck4IAGx5G4oZi-xt9soAYhqAemvhuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIFAiA4YAQEAEyAqoCOgKAQEi9_cE6-gsCCAGADAHQFQGAFwE%2526num%253D1%2526sig%253DAOD64_3-7Eah-7OeorWzVhdhnI7NuokisQ%2526client%253Dca-pub-6593523210010154%2526adurl%253D&y=1&s=&z=0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 108.138.36.69 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-108-138-36-69.muc50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 60bf02832688d14251ec1c7b8acfda233a91f927f26c7202bdaba781a1f0fcdf

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

x-amz-version-id: null
date: Tue, 28 Nov 2023 15:03:06 GMT
via: 1.1 9f8416bf8a85d328bf3649469ef2a474.cloudfront.net (CloudFront)
last-modified: Fri, 06 May 2022 10:41:35 GMT
server: AmazonS3
x-amz-cf-pop: MUC50-P2
age: 12620
etag: "d4e8f970f24f6d19b53aa92b1907c1ef"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: image/png
accept-ranges: bytes
content-length: 15054
x-amz-cf-id: fNJTrCqKEFpnfNrw6V98DX10VYJdkT97MlIkS1DGzow5iUPjqZzhWg==

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame E874 0
10 B 23ms
21ms Image
text/plain 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?xepV1w
Requested by: Host: foreks.com
URL: https://foreks.com/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 18:33:25 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H3 200 default.css
as.ad4m.at/ad/style/0.1.50/one-ad/ Frame 3FD6 115 KB
14 KB 35ms
35ms Stylesheet
text/css 2606:4700:20::ac43:4a81
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://as.ad4m.at/ad/style/0.1.50/one-ad/default.css
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=23576%2C19769%2C117569&b=YX1Hrf15spBpHVH9HetQtRR8cAT1T6mHr%2C2xqt6fRQfDrbSVHWHkt8txZPcWT7TEYcg%2CApEhYf9mueRQdhAHRH4tkt3D6c7T4T1Ec9&f=qDRUmfD7H757CZHgHDtRCXXxaPTgTVZF3%2C4BxHEf1Ks2P6fGH9HdtzCmwPFZTpTjRHK%2CMYrCzfjQsGkwrSWHEHGtQCDkPF9T4T2gu3&c=300&d=250&e=&g=4f80aa19514401d9b49d42dc5b2ebe20%2F2104205774622579060&i=20774%2C21630%2C29981&j=14%2C16%2C16&k=0&l=0&m=0&n=&p=&q=&o=suite_Netmix_Reach13_BlackFridayPush&r=1701196405672&h=https%3A%2F%2Fas.ad4m.at%2Fdct%3Fed%3D1g4a3p4g46dt5gz0cznkc2kt1ch8xvjfg27k43edb6w8qjkbtvsnfsac9taf3dv1mpq3hbp3fvdwkq8tsg4p96hvyp4567s834cqn0ej2y2mg86ngbmzqytgc3sv3exm8v74phsv5gvsd80zjzp2raah5xbnm4nrbmnr1jj7p5vtwhgkjc315zv8x7nqsxwhxhjw5wsk70f5qkbjq4nna49e7s3ab1vnf2fm3c1xzayn0xskkx92dk59bzrwsg4nxq95zffrhfcvce3bg47g%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DCdDRDdDJmZdTlJ6rK998PkaeigAqQ4YGEXLaoworwAsCNtwEQASAAYJWCgICYB4IBF2NhLXB1Yi02NTkzNTIzMjEwMDEwMTU0yAEJqQKcXkyLdl-yPqgDAcgDAqoE6gFP0GSSNGuPZP6btp8oIK5frUXy3J-wWwSauAsN0Fh42wI8HcIvPBtSUWvRFaVHJfy9qlydzMUD3KOvrr7F2zicyP8dSuMo2egcCJR6GfmQxW8GHa_V-vv1wVQY_kmXZSXXK0k5zwIDazLsBvqJqqjKJeERD-dI48li3Oqc6OvzxVaUJMPVsqdMjNDRIt8bIVrbySwPxJVrIgZf8NGIfgbIdzHNuJl_enzB31CvoCt6Hs4WB0zbGp7WhQk_GkhkXUfWQHlLsiwaKxY5dWCixRqwJUjAznUwb-C2wXG9aPNnW0zbjiSFz7Oj0T2ABq20_5ik46TPIqAGIagHpr4bqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCBQIgOGAEBABMgKqAjoCgEBIvf3BOvoLAggBgAwB0BUBgBcB%2526num%253D1%2526sig%253DAOD64_0KHn4mXPdoe_fe3yBWHXHoYfrjZg%2526client%253Dca-pub-6593523210010154%2526adurl%253D&y=1&s=&z=0
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::ac43:4a81 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5f5a0db09b2c7d59fce00d749f6b857d80edafcca6897c038c5b77fb942f1393

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://as.ad4m.at/ad/rar?a=23576%2C19769%2C117569&b=YX1Hrf15spBpHVH9HetQtRR8cAT1T6mHr%2C2xqt6fRQfDrbSVHWHkt8txZPcWT7TEYcg%2CApEhYf9mueRQdhAHRH4tkt3D6c7T4T1Ec9&f=qDRUmfD7H757CZHgHDtRCXXxaPTgTVZF3%2C4BxHEf1Ks2P6fGH9HdtzCmwPFZTpTjRHK%2CMYrCzfjQsGkwrSWHEHGtQCDkPF9T4T2gu3&c=300&d=250&e=&g=4f80aa19514401d9b49d42dc5b2ebe20%2F2104205774622579060&i=20774%2C21630%2C29981&j=14%2C16%2C16&k=0&l=0&m=0&n=&p=&q=&o=suite_Netmix_Reach13_BlackFridayPush&r=1701196405672&h=https%3A%2F%2Fas.ad4m.at%2Fdct%3Fed%3D1g4a3p4g46dt5gz0cznkc2kt1ch8xvjfg27k43edb6w8qjkbtvsnfsac9taf3dv1mpq3hbp3fvdwkq8tsg4p96hvyp4567s834cqn0ej2y2mg86ngbmzqytgc3sv3exm8v74phsv5gvsd80zjzp2raah5xbnm4nrbmnr1jj7p5vtwhgkjc315zv8x7nqsxwhxhjw5wsk70f5qkbjq4nna49e7s3ab1vnf2fm3c1xzayn0xskkx92dk59bzrwsg4nxq95zffrhfcvce3bg47g%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DCdDRDdDJmZdTlJ6rK998PkaeigAqQ4YGEXLaoworwAsCNtwEQASAAYJWCgICYB4IBF2NhLXB1Yi02NTkzNTIzMjEwMDEwMTU0yAEJqQKcXkyLdl-yPqgDAcgDAqoE6gFP0GSSNGuPZP6btp8oIK5frUXy3J-wWwSauAsN0Fh42wI8HcIvPBtSUWvRFaVHJfy9qlydzMUD3KOvrr7F2zicyP8dSuMo2egcCJR6GfmQxW8GHa_V-vv1wVQY_kmXZSXXK0k5zwIDazLsBvqJqqjKJeERD-dI48li3Oqc6OvzxVaUJMPVsqdMjNDRIt8bIVrbySwPxJVrIgZf8NGIfgbIdzHNuJl_enzB31CvoCt6Hs4WB0zbGp7WhQk_GkhkXUfWQHlLsiwaKxY5dWCixRqwJUjAznUwb-C2wXG9aPNnW0zbjiSFz7Oj0T2ABq20_5ik46TPIqAGIagHpr4bqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCBQIgOGAEBABMgKqAjoCgEBIvf3BOvoLAggBgAwB0BUBgBcB%2526num%253D1%2526sig%253DAOD64_0KHn4mXPdoe_fe3yBWHXHoYfrjZg%2526client%253Dca-pub-6593523210010154%2526adurl%253D&y=1&s=&z=0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 18:33:25 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 1442625
cf-polished: origSize=118430
alt-svc: h3=":443"; ma=86400
cf-bgj: minify
last-modified: Thu, 02 Nov 2023 10:26:17 GMT
server: cloudflare
etag: W/"486507ccce9ac587d11c0ef3f32a109a"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=A56zd3JXMmuI7Fu%2B3d9DOVtSqHubFHX%2BQ6ZJEJKaSY%2BoSWVLlxAqMPARFc05YJUbIA%2BYOc%2BBQ0sFewYwCRGisJ%2BJkcez8GLBrD%2BRgShnHI0jltlJrA3FSxcjSvDrUzrJT2Y%2BRDSGYeQ%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: public, max-age=86400
cf-ray: 82d4b30038529954-FRA
expires: Wed, 29 Nov 2023 18:33:25 GMT

GET
H3 200 D694B3AB12381C049B127B34DC11A792684BA8B6EE8B598D6E4045678591B7D0DC6B2CEF7528F06BB05FC11826A1D16CF24DA68FCFC2416343996FBFC05A3155
assets.ad4m.at/logo/ Frame 3FD6 8 KB
8 KB 58ms
58ms Image
image/webp 2606:4700:20::ac43:4a81
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.ad4m.at/logo/D694B3AB12381C049B127B34DC11A792684BA8B6EE8B598D6E4045678591B7D0DC6B2CEF7528F06BB05FC11826A1D16CF24DA68FCFC2416343996FBFC05A3155
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=23576%2C19769%2C117569&b=YX1Hrf15spBpHVH9HetQtRR8cAT1T6mHr%2C2xqt6fRQfDrbSVHWHkt8txZPcWT7TEYcg%2CApEhYf9mueRQdhAHRH4tkt3D6c7T4T1Ec9&f=qDRUmfD7H757CZHgHDtRCXXxaPTgTVZF3%2C4BxHEf1Ks2P6fGH9HdtzCmwPFZTpTjRHK%2CMYrCzfjQsGkwrSWHEHGtQCDkPF9T4T2gu3&c=300&d=250&e=&g=4f80aa19514401d9b49d42dc5b2ebe20%2F2104205774622579060&i=20774%2C21630%2C29981&j=14%2C16%2C16&k=0&l=0&m=0&n=&p=&q=&o=suite_Netmix_Reach13_BlackFridayPush&r=1701196405672&h=https%3A%2F%2Fas.ad4m.at%2Fdct%3Fed%3D1g4a3p4g46dt5gz0cznkc2kt1ch8xvjfg27k43edb6w8qjkbtvsnfsac9taf3dv1mpq3hbp3fvdwkq8tsg4p96hvyp4567s834cqn0ej2y2mg86ngbmzqytgc3sv3exm8v74phsv5gvsd80zjzp2raah5xbnm4nrbmnr1jj7p5vtwhgkjc315zv8x7nqsxwhxhjw5wsk70f5qkbjq4nna49e7s3ab1vnf2fm3c1xzayn0xskkx92dk59bzrwsg4nxq95zffrhfcvce3bg47g%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DCdDRDdDJmZdTlJ6rK998PkaeigAqQ4YGEXLaoworwAsCNtwEQASAAYJWCgICYB4IBF2NhLXB1Yi02NTkzNTIzMjEwMDEwMTU0yAEJqQKcXkyLdl-yPqgDAcgDAqoE6gFP0GSSNGuPZP6btp8oIK5frUXy3J-wWwSauAsN0Fh42wI8HcIvPBtSUWvRFaVHJfy9qlydzMUD3KOvrr7F2zicyP8dSuMo2egcCJR6GfmQxW8GHa_V-vv1wVQY_kmXZSXXK0k5zwIDazLsBvqJqqjKJeERD-dI48li3Oqc6OvzxVaUJMPVsqdMjNDRIt8bIVrbySwPxJVrIgZf8NGIfgbIdzHNuJl_enzB31CvoCt6Hs4WB0zbGp7WhQk_GkhkXUfWQHlLsiwaKxY5dWCixRqwJUjAznUwb-C2wXG9aPNnW0zbjiSFz7Oj0T2ABq20_5ik46TPIqAGIagHpr4bqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCBQIgOGAEBABMgKqAjoCgEBIvf3BOvoLAggBgAwB0BUBgBcB%2526num%253D1%2526sig%253DAOD64_0KHn4mXPdoe_fe3yBWHXHoYfrjZg%2526client%253Dca-pub-6593523210010154%2526adurl%253D&y=1&s=&z=0
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::ac43:4a81 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4275ee4b58a39dcbd59ebeb2c806cb7afc45bde82e90daf14808b64702ad40b7

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 18:33:25 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 599925
cf-polished: qual=85, origFmt=jpeg, origSize=12951
alt-svc: h3=":443"; ma=86400
content-length: 7758
cf-bgj: imgq:85,h2pri
last-modified: Fri, 20 Oct 2023 22:22:01 GMT
server: cloudflare
etag: "12e3523b35b31c7ddfe7c77dcdb14a34"
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YJnC455eYOwIeRdKXZvJ8TJsV3HnOVLq7PGZDSMWF9RitD0akW95nnxiGk2C8lEcCrlgmLlPdQZLmMn7C%2F4mBxBhZv4h3azFTHAYFx2YTu5L6BJNEPgB1%2FhnaEdw975UcIaEOq8dpd2e3MHo"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
cache-control: public, max-age=315360000, immutable
accept-ranges: bytes
cf-ray: 82d4b30038559954-FRA

GET
H3 200 F62A1DE9558535D0FF655677BD09A3CC277ACE3637CF682E0D52C0F5BBA2668E34C6194AEF65CBBC1F6ECA33D1332A3C8BE1215EA4AB0FD0FBE5F5B485AF1875
assets.ad4m.at/product_image/ Frame 3FD6 20 KB
21 KB 38ms
38ms Image
image/webp 2606:4700:20::ac43:4a81
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.ad4m.at/product_image/F62A1DE9558535D0FF655677BD09A3CC277ACE3637CF682E0D52C0F5BBA2668E34C6194AEF65CBBC1F6ECA33D1332A3C8BE1215EA4AB0FD0FBE5F5B485AF1875
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=23576%2C19769%2C117569&b=YX1Hrf15spBpHVH9HetQtRR8cAT1T6mHr%2C2xqt6fRQfDrbSVHWHkt8txZPcWT7TEYcg%2CApEhYf9mueRQdhAHRH4tkt3D6c7T4T1Ec9&f=qDRUmfD7H757CZHgHDtRCXXxaPTgTVZF3%2C4BxHEf1Ks2P6fGH9HdtzCmwPFZTpTjRHK%2CMYrCzfjQsGkwrSWHEHGtQCDkPF9T4T2gu3&c=300&d=250&e=&g=4f80aa19514401d9b49d42dc5b2ebe20%2F2104205774622579060&i=20774%2C21630%2C29981&j=14%2C16%2C16&k=0&l=0&m=0&n=&p=&q=&o=suite_Netmix_Reach13_BlackFridayPush&r=1701196405672&h=https%3A%2F%2Fas.ad4m.at%2Fdct%3Fed%3D1g4a3p4g46dt5gz0cznkc2kt1ch8xvjfg27k43edb6w8qjkbtvsnfsac9taf3dv1mpq3hbp3fvdwkq8tsg4p96hvyp4567s834cqn0ej2y2mg86ngbmzqytgc3sv3exm8v74phsv5gvsd80zjzp2raah5xbnm4nrbmnr1jj7p5vtwhgkjc315zv8x7nqsxwhxhjw5wsk70f5qkbjq4nna49e7s3ab1vnf2fm3c1xzayn0xskkx92dk59bzrwsg4nxq95zffrhfcvce3bg47g%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DCdDRDdDJmZdTlJ6rK998PkaeigAqQ4YGEXLaoworwAsCNtwEQASAAYJWCgICYB4IBF2NhLXB1Yi02NTkzNTIzMjEwMDEwMTU0yAEJqQKcXkyLdl-yPqgDAcgDAqoE6gFP0GSSNGuPZP6btp8oIK5frUXy3J-wWwSauAsN0Fh42wI8HcIvPBtSUWvRFaVHJfy9qlydzMUD3KOvrr7F2zicyP8dSuMo2egcCJR6GfmQxW8GHa_V-vv1wVQY_kmXZSXXK0k5zwIDazLsBvqJqqjKJeERD-dI48li3Oqc6OvzxVaUJMPVsqdMjNDRIt8bIVrbySwPxJVrIgZf8NGIfgbIdzHNuJl_enzB31CvoCt6Hs4WB0zbGp7WhQk_GkhkXUfWQHlLsiwaKxY5dWCixRqwJUjAznUwb-C2wXG9aPNnW0zbjiSFz7Oj0T2ABq20_5ik46TPIqAGIagHpr4bqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCBQIgOGAEBABMgKqAjoCgEBIvf3BOvoLAggBgAwB0BUBgBcB%2526num%253D1%2526sig%253DAOD64_0KHn4mXPdoe_fe3yBWHXHoYfrjZg%2526client%253Dca-pub-6593523210010154%2526adurl%253D&y=1&s=&z=0
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::ac43:4a81 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8be82f349b2994d7f0ed7fcba5e50ffb8a960f135e513b34730af4578cab9883

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 18:33:25 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 597532
cf-polished: qual=85, origFmt=jpeg, origSize=23329
alt-svc: h3=":443"; ma=86400
content-length: 20802
cf-bgj: imgq:85,h2pri
last-modified: Tue, 31 Oct 2023 16:54:32 GMT
server: cloudflare
etag: "e320c43993ae8577c544483e96756c59"
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GczGbdXBvDdvSxlFF0gpk5FV01tcttWESVWsJZ0tw%2BiYGM2LPiifRmXAtEc8tQZD%2FM8vfHHQ2gK6zrqqmfklVZGE3Gw2gP8MP4WMnSBAxIgsVS%2FLh%2BhPyP6vjRE5s2GINjhmKfgEaAugWY9q"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
cache-control: public, max-age=315360000, immutable
accept-ranges: bytes
cf-ray: 82d4b30038589954-FRA

GET
H/1.1

200
OK

/
partner.o2online.de/a/ Frame 3FD6
Redirect Chain

https://ad.doubleclick.net/ddm/trackimp/N773418.3417549O2_AFFILIATE/B25220131.345081615;dc_trk_aid=536683351;dc_trk_cid=176936761;ord=%7B%7Btimestamp%7D%7D;dc_lat=;dc_rdid=;tag_for_child_directed_t...
https://ad.doubleclick.net/ddm/trackimp/N773418.3417549O2_AFFILIATE/B25220131.345081615;dc_pre=CIrJ2Luq54IDFc5L4AodoscD4g;dc_trk_aid=536683351;dc_trk_cid=176936761;ord=%7B%7Btimestamp%7D%7D;dc_lat=...
https://www.telefonica-partner.de/tpv.php?t=120211V1226132702M&subid=viewoneidYX1Hrf15spBpHVH9HetQtRR8cAT1T6mHroneid__suite_Netmix_Reach13_BlackFridayPush&gdpr_consent=&gdpr=0&gdpr_pd=0
https://www.lead-alliance.net/tpv.php?t=120211V1226132702M&subid=viewoneidYX1Hrf15spBpHVH9HetQtRR8cAT1T6mHroneid__suite_Netmix_Reach13_BlackFridayPush&gdpr_consent=&gdpr=0&gdpr_pd=0
https://partner.o2online.de/a/?i=pview&client=o2&camp=pview&l=de&nw=lea1&affiliate=120211&s_id=2023112819332590877063011X120211V1226132702MSviewoneidYX1Hrf15spBpHVH9HetQtRR8cAT1T6mHroneid__suite_Ne...

49 B
1 KB

52ms
51ms

Image
image/gif

167.233.13.224
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://partner.o2online.de/a/?i=pview&client=o2&camp=pview&l=de&nw=lea1&affiliate=120211&s_id=2023112819332590877063011X120211V1226132702MSviewoneidYX1Hrf15spBpHVH9HetQtRR8cAT1T6mHroneid__suite_Netmix_Reach13_BlackFridayPush&gdpr_consent=&gdpr=0&cons=0&spid=2023112819332590877063011X120211V1226132702MSviewoneidYX1Hrf15spBpHVH9HetQtRR8cAT1T6mHroneid__suite_Netmix_Reach13_BlackFridayPush&wfid=120211&partnerid=12218
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=23576%2C19769%2C117569&b=YX1Hrf15spBpHVH9HetQtRR8cAT1T6mHr%2C2xqt6fRQfDrbSVHWHkt8txZPcWT7TEYcg%2CApEhYf9mueRQdhAHRH4tkt3D6c7T4T1Ec9&f=qDRUmfD7H757CZHgHDtRCXXxaPTgTVZF3%2C4BxHEf1Ks2P6fGH9HdtzCmwPFZTpTjRHK%2CMYrCzfjQsGkwrSWHEHGtQCDkPF9T4T2gu3&c=300&d=250&e=&g=4f80aa19514401d9b49d42dc5b2ebe20%2F2104205774622579060&i=20774%2C21630%2C29981&j=14%2C16%2C16&k=0&l=0&m=0&n=&p=&q=&o=suite_Netmix_Reach13_BlackFridayPush&r=1701196405672&h=https%3A%2F%2Fas.ad4m.at%2Fdct%3Fed%3D1g4a3p4g46dt5gz0cznkc2kt1ch8xvjfg27k43edb6w8qjkbtvsnfsac9taf3dv1mpq3hbp3fvdwkq8tsg4p96hvyp4567s834cqn0ej2y2mg86ngbmzqytgc3sv3exm8v74phsv5gvsd80zjzp2raah5xbnm4nrbmnr1jj7p5vtwhgkjc315zv8x7nqsxwhxhjw5wsk70f5qkbjq4nna49e7s3ab1vnf2fm3c1xzayn0xskkx92dk59bzrwsg4nxq95zffrhfcvce3bg47g%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DCdDRDdDJmZdTlJ6rK998PkaeigAqQ4YGEXLaoworwAsCNtwEQASAAYJWCgICYB4IBF2NhLXB1Yi02NTkzNTIzMjEwMDEwMTU0yAEJqQKcXkyLdl-yPqgDAcgDAqoE6gFP0GSSNGuPZP6btp8oIK5frUXy3J-wWwSauAsN0Fh42wI8HcIvPBtSUWvRFaVHJfy9qlydzMUD3KOvrr7F2zicyP8dSuMo2egcCJR6GfmQxW8GHa_V-vv1wVQY_kmXZSXXK0k5zwIDazLsBvqJqqjKJeERD-dI48li3Oqc6OvzxVaUJMPVsqdMjNDRIt8bIVrbySwPxJVrIgZf8NGIfgbIdzHNuJl_enzB31CvoCt6Hs4WB0zbGp7WhQk_GkhkXUfWQHlLsiwaKxY5dWCixRqwJUjAznUwb-C2wXG9aPNnW0zbjiSFz7Oj0T2ABq20_5ik46TPIqAGIagHpr4bqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCBQIgOGAEBABMgKqAjoCgEBIvf3BOvoLAggBgAwB0BUBgBcB%2526num%253D1%2526sig%253DAOD64_0KHn4mXPdoe_fe3yBWHXHoYfrjZg%2526client%253Dca-pub-6593523210010154%2526adurl%253D&y=1&s=&z=0
Protocol: HTTP/1.1
Server: 167.233.13.224 Hallbergmoos, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.224.13.233.167.clients.your-server.de
Software: nginx/1.14.0 (Ubuntu) /
Resource Hash: 1cd58a827318c4a29b32a0db15c8c39d5651b42d8cad227519ad81bce4adb944

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date: Tue, 28 Nov 2023 18:33:25 GMT
X-NODEIP: 78.46.85.162
Server: nginx/1.14.0 (Ubuntu)
RM-PrivacyPolicy: https://www.nonstoppartner.net/
Content-Type: image/gif
P3P: policyref="https://a.nonstoppartner.net/w3c/p3p.a.xml", CP="NOI CUR OUR STP"
Connection: keep-alive
Keep-Alive: timeout=10
Content-Length: 49

Redirect headers

location: https://partner.o2online.de/a/?i=pview&client=o2&camp=pview&l=de&nw=lea1&affiliate=120211&s_id=2023112819332590877063011X120211V1226132702MSviewoneidYX1Hrf15spBpHVH9HetQtRR8cAT1T6mHroneid__suite_Netmix_Reach13_BlackFridayPush&gdpr_consent=&gdpr=0&cons=0&spid=2023112819332590877063011X120211V1226132702MSviewoneidYX1Hrf15spBpHVH9HetQtRR8cAT1T6mHroneid__suite_Netmix_Reach13_BlackFridayPush&wfid=120211&partnerid=12218
date: Tue, 28 Nov 2023 18:33:25 GMT
x-content-type-options: nosniff
server: nginx
x-xss-protection: 1; mode=block
content-type: text/html; charset=UTF-8

GET
H3 200 90E11D2E4CFB32857DB7C2E1317DD53401EA4F6F6F9CD68E6E871CA9D0C876402E8B3C561F20D09E5FFCF6D6F6634B28F60F47276020F60158747BE09B58F826
assets.ad4m.at/logo/ Frame 3FD6 4 KB
5 KB 54ms
54ms Image
image/webp 2606:4700:20::ac43:4a81
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.ad4m.at/logo/90E11D2E4CFB32857DB7C2E1317DD53401EA4F6F6F9CD68E6E871CA9D0C876402E8B3C561F20D09E5FFCF6D6F6634B28F60F47276020F60158747BE09B58F826
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=23576%2C19769%2C117569&b=YX1Hrf15spBpHVH9HetQtRR8cAT1T6mHr%2C2xqt6fRQfDrbSVHWHkt8txZPcWT7TEYcg%2CApEhYf9mueRQdhAHRH4tkt3D6c7T4T1Ec9&f=qDRUmfD7H757CZHgHDtRCXXxaPTgTVZF3%2C4BxHEf1Ks2P6fGH9HdtzCmwPFZTpTjRHK%2CMYrCzfjQsGkwrSWHEHGtQCDkPF9T4T2gu3&c=300&d=250&e=&g=4f80aa19514401d9b49d42dc5b2ebe20%2F2104205774622579060&i=20774%2C21630%2C29981&j=14%2C16%2C16&k=0&l=0&m=0&n=&p=&q=&o=suite_Netmix_Reach13_BlackFridayPush&r=1701196405672&h=https%3A%2F%2Fas.ad4m.at%2Fdct%3Fed%3D1g4a3p4g46dt5gz0cznkc2kt1ch8xvjfg27k43edb6w8qjkbtvsnfsac9taf3dv1mpq3hbp3fvdwkq8tsg4p96hvyp4567s834cqn0ej2y2mg86ngbmzqytgc3sv3exm8v74phsv5gvsd80zjzp2raah5xbnm4nrbmnr1jj7p5vtwhgkjc315zv8x7nqsxwhxhjw5wsk70f5qkbjq4nna49e7s3ab1vnf2fm3c1xzayn0xskkx92dk59bzrwsg4nxq95zffrhfcvce3bg47g%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DCdDRDdDJmZdTlJ6rK998PkaeigAqQ4YGEXLaoworwAsCNtwEQASAAYJWCgICYB4IBF2NhLXB1Yi02NTkzNTIzMjEwMDEwMTU0yAEJqQKcXkyLdl-yPqgDAcgDAqoE6gFP0GSSNGuPZP6btp8oIK5frUXy3J-wWwSauAsN0Fh42wI8HcIvPBtSUWvRFaVHJfy9qlydzMUD3KOvrr7F2zicyP8dSuMo2egcCJR6GfmQxW8GHa_V-vv1wVQY_kmXZSXXK0k5zwIDazLsBvqJqqjKJeERD-dI48li3Oqc6OvzxVaUJMPVsqdMjNDRIt8bIVrbySwPxJVrIgZf8NGIfgbIdzHNuJl_enzB31CvoCt6Hs4WB0zbGp7WhQk_GkhkXUfWQHlLsiwaKxY5dWCixRqwJUjAznUwb-C2wXG9aPNnW0zbjiSFz7Oj0T2ABq20_5ik46TPIqAGIagHpr4bqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCBQIgOGAEBABMgKqAjoCgEBIvf3BOvoLAggBgAwB0BUBgBcB%2526num%253D1%2526sig%253DAOD64_0KHn4mXPdoe_fe3yBWHXHoYfrjZg%2526client%253Dca-pub-6593523210010154%2526adurl%253D&y=1&s=&z=0
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::ac43:4a81 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7df956c080a1bb3ed36decdc5b978505ddf07aa8d4b1b69e6ded3a9773464a2b

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 18:33:25 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 593918
cf-polished: qual=85, origFmt=jpeg, origSize=7258
alt-svc: h3=":443"; ma=86400
content-length: 4294
cf-bgj: imgq:85,h2pri
last-modified: Wed, 01 Nov 2023 09:56:16 GMT
server: cloudflare
etag: "679602b08629bcaaabfcfad4e68fe53a"
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Y1XZ2DiBWDqJk9keSOM2fUGGrDSj7DO6%2FRpXSfM9FMkvq0czJxCc0lOJIN1wBc37r85h5FGREpcAf5n3VdBTR4uyoSoA4foUH5sAS8nv5R9W6OzioXjiHjlJ54oFYW0FpDtHD43coCGLvQnS"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
cache-control: public, max-age=315360000, immutable
accept-ranges: bytes
cf-ray: 82d4b30048669954-FRA

GET
H3 200 287435BEDBEF5210566F91ED2E6D57494D1CBA241E887A111712FB8ADF6747B3B44CBC7EE390AD74BB6985CDD69339A9B2EDEE7334ACD70F503D0812F8C7EBF1
assets.ad4m.at/ Frame 3FD6 15 KB
16 KB 55ms
54ms Image
image/jpeg 2606:4700:20::ac43:4a81
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.ad4m.at/287435BEDBEF5210566F91ED2E6D57494D1CBA241E887A111712FB8ADF6747B3B44CBC7EE390AD74BB6985CDD69339A9B2EDEE7334ACD70F503D0812F8C7EBF1
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=23576%2C19769%2C117569&b=YX1Hrf15spBpHVH9HetQtRR8cAT1T6mHr%2C2xqt6fRQfDrbSVHWHkt8txZPcWT7TEYcg%2CApEhYf9mueRQdhAHRH4tkt3D6c7T4T1Ec9&f=qDRUmfD7H757CZHgHDtRCXXxaPTgTVZF3%2C4BxHEf1Ks2P6fGH9HdtzCmwPFZTpTjRHK%2CMYrCzfjQsGkwrSWHEHGtQCDkPF9T4T2gu3&c=300&d=250&e=&g=4f80aa19514401d9b49d42dc5b2ebe20%2F2104205774622579060&i=20774%2C21630%2C29981&j=14%2C16%2C16&k=0&l=0&m=0&n=&p=&q=&o=suite_Netmix_Reach13_BlackFridayPush&r=1701196405672&h=https%3A%2F%2Fas.ad4m.at%2Fdct%3Fed%3D1g4a3p4g46dt5gz0cznkc2kt1ch8xvjfg27k43edb6w8qjkbtvsnfsac9taf3dv1mpq3hbp3fvdwkq8tsg4p96hvyp4567s834cqn0ej2y2mg86ngbmzqytgc3sv3exm8v74phsv5gvsd80zjzp2raah5xbnm4nrbmnr1jj7p5vtwhgkjc315zv8x7nqsxwhxhjw5wsk70f5qkbjq4nna49e7s3ab1vnf2fm3c1xzayn0xskkx92dk59bzrwsg4nxq95zffrhfcvce3bg47g%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DCdDRDdDJmZdTlJ6rK998PkaeigAqQ4YGEXLaoworwAsCNtwEQASAAYJWCgICYB4IBF2NhLXB1Yi02NTkzNTIzMjEwMDEwMTU0yAEJqQKcXkyLdl-yPqgDAcgDAqoE6gFP0GSSNGuPZP6btp8oIK5frUXy3J-wWwSauAsN0Fh42wI8HcIvPBtSUWvRFaVHJfy9qlydzMUD3KOvrr7F2zicyP8dSuMo2egcCJR6GfmQxW8GHa_V-vv1wVQY_kmXZSXXK0k5zwIDazLsBvqJqqjKJeERD-dI48li3Oqc6OvzxVaUJMPVsqdMjNDRIt8bIVrbySwPxJVrIgZf8NGIfgbIdzHNuJl_enzB31CvoCt6Hs4WB0zbGp7WhQk_GkhkXUfWQHlLsiwaKxY5dWCixRqwJUjAznUwb-C2wXG9aPNnW0zbjiSFz7Oj0T2ABq20_5ik46TPIqAGIagHpr4bqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCBQIgOGAEBABMgKqAjoCgEBIvf3BOvoLAggBgAwB0BUBgBcB%2526num%253D1%2526sig%253DAOD64_0KHn4mXPdoe_fe3yBWHXHoYfrjZg%2526client%253Dca-pub-6593523210010154%2526adurl%253D&y=1&s=&z=0
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::ac43:4a81 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5c8aaf3a0a4a9840eef8109904bf9d8ca3cf0933567fc63c82f239b7bd344ce3

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 18:33:25 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 1679012
cf-polished: status=not_needed
alt-svc: h3=":443"; ma=86400
content-length: 15521
cf-bgj: imgq:85,h2pri
last-modified: Thu, 09 Nov 2023 08:09:52 GMT
server: cloudflare
etag: "269bd58060bc660c3aec98b388bae571"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Wp6bnveSPBLJJ%2B2QsGslhBXBBO7AR9ICIkf3okCk7rtEcLzTv%2F2XpJkFSAzyKhBg5jsWV7Oi6nzV5huVRPA%2B2zHqcZVkb8v9cN2iwWssGCDF3dPat5rzfYNr6ZCl4B9lrXspYn0hQosbzT52"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: public, max-age=315360000, immutable
accept-ranges: bytes
cf-ray: 82d4b30048679954-FRA

GET
H/1.1 200
OK cshow.php
www.awin1.com/ Frame 3FD6 43 B
704 B 100ms
99ms Image
image/gif 23.212.218.19
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.awin1.com/cshow.php?s=2531885&v=14702&q=365825&r=412871&pv=1&pref3=oneid2xqt6fRQfDrbSVHWHkt8txZPcWT7TEYcgoneid__suite_Netmix_Reach13_BlackFridayPush&gdpr_consent=&gdpr=0&gdpr_pd=0

Requested by

Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=23576%2C19769%2C117569&b=YX1Hrf15spBpHVH9HetQtRR8cAT1T6mHr%2C2xqt6fRQfDrbSVHWHkt8txZPcWT7TEYcg%2CApEhYf9mueRQdhAHRH4tkt3D6c7T4T1Ec9&f=qDRUmfD7H757CZHgHDtRCXXxaPTgTVZF3%2C4BxHEf1Ks2P6fGH9HdtzCmwPFZTpTjRHK%2CMYrCzfjQsGkwrSWHEHGtQCDkPF9T4T2gu3&c=300&d=250&e=&g=4f80aa19514401d9b49d42dc5b2ebe20%2F2104205774622579060&i=20774%2C21630%2C29981&j=14%2C16%2C16&k=0&l=0&m=0&n=&p=&q=&o=suite_Netmix_Reach13_BlackFridayPush&r=1701196405672&h=https%3A%2F%2Fas.ad4m.at%2Fdct%3Fed%3D1g4a3p4g46dt5gz0cznkc2kt1ch8xvjfg27k43edb6w8qjkbtvsnfsac9taf3dv1mpq3hbp3fvdwkq8tsg4p96hvyp4567s834cqn0ej2y2mg86ngbmzqytgc3sv3exm8v74phsv5gvsd80zjzp2raah5xbnm4nrbmnr1jj7p5vtwhgkjc315zv8x7nqsxwhxhjw5wsk70f5qkbjq4nna49e7s3ab1vnf2fm3c1xzayn0xskkx92dk59bzrwsg4nxq95zffrhfcvce3bg47g%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DCdDRDdDJmZdTlJ6rK998PkaeigAqQ4YGEXLaoworwAsCNtwEQASAAYJWCgICYB4IBF2NhLXB1Yi02NTkzNTIzMjEwMDEwMTU0yAEJqQKcXkyLdl-yPqgDAcgDAqoE6gFP0GSSNGuPZP6btp8oIK5frUXy3J-wWwSauAsN0Fh42wI8HcIvPBtSUWvRFaVHJfy9qlydzMUD3KOvrr7F2zicyP8dSuMo2egcCJR6GfmQxW8GHa_V-vv1wVQY_kmXZSXXK0k5zwIDazLsBvqJqqjKJeERD-dI48li3Oqc6OvzxVaUJMPVsqdMjNDRIt8bIVrbySwPxJVrIgZf8NGIfgbIdzHNuJl_enzB31CvoCt6Hs4WB0zbGp7WhQk_GkhkXUfWQHlLsiwaKxY5dWCixRqwJUjAznUwb-C2wXG9aPNnW0zbjiSFz7Oj0T2ABq20_5ik46TPIqAGIagHpr4bqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCBQIgOGAEBABMgKqAjoCgEBIvf3BOvoLAggBgAwB0BUBgBcB%2526num%253D1%2526sig%253DAOD64_0KHn4mXPdoe_fe3yBWHXHoYfrjZg%2526client%253Dca-pub-6593523210010154%2526adurl%253D&y=1&s=&z=0

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

23.212.218.19 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-212-218-19.deploy.static.akamaitechnologies.com

Software

Resource Hash

2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 28 Nov 2023 18:33:25 GMT
Strict-Transport-Security: max-age=86400
Node: Helix
Content-Type: image/gif
P3P: policyref="http://www.awin1.com/w3c/p3p.xml", CP="NOI NID CURa ADMa PSAa HISa OUR IND UNI PUR COM NAV"
Cache-Control: no-store, no-cache, max-age=0, must-revalidate
Awin-Akamai-Rule-Set: default
Connection: keep-alive
Content-Length: 43
Expires: 0

GET
H3 200 A0843E9156C9D7335C02FDBAB8781B4AFFEEE9E59ABD085E1EDF62037D970710A817E95DBBFD727CE4E28B26524C9A8F4A33EB1E826BD3A7B2541F094E39D266
assets.ad4m.at/logo/ Frame 3FD6 2 KB
2 KB 56ms
55ms Image
image/webp 2606:4700:20::ac43:4a81
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.ad4m.at/logo/A0843E9156C9D7335C02FDBAB8781B4AFFEEE9E59ABD085E1EDF62037D970710A817E95DBBFD727CE4E28B26524C9A8F4A33EB1E826BD3A7B2541F094E39D266
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=23576%2C19769%2C117569&b=YX1Hrf15spBpHVH9HetQtRR8cAT1T6mHr%2C2xqt6fRQfDrbSVHWHkt8txZPcWT7TEYcg%2CApEhYf9mueRQdhAHRH4tkt3D6c7T4T1Ec9&f=qDRUmfD7H757CZHgHDtRCXXxaPTgTVZF3%2C4BxHEf1Ks2P6fGH9HdtzCmwPFZTpTjRHK%2CMYrCzfjQsGkwrSWHEHGtQCDkPF9T4T2gu3&c=300&d=250&e=&g=4f80aa19514401d9b49d42dc5b2ebe20%2F2104205774622579060&i=20774%2C21630%2C29981&j=14%2C16%2C16&k=0&l=0&m=0&n=&p=&q=&o=suite_Netmix_Reach13_BlackFridayPush&r=1701196405672&h=https%3A%2F%2Fas.ad4m.at%2Fdct%3Fed%3D1g4a3p4g46dt5gz0cznkc2kt1ch8xvjfg27k43edb6w8qjkbtvsnfsac9taf3dv1mpq3hbp3fvdwkq8tsg4p96hvyp4567s834cqn0ej2y2mg86ngbmzqytgc3sv3exm8v74phsv5gvsd80zjzp2raah5xbnm4nrbmnr1jj7p5vtwhgkjc315zv8x7nqsxwhxhjw5wsk70f5qkbjq4nna49e7s3ab1vnf2fm3c1xzayn0xskkx92dk59bzrwsg4nxq95zffrhfcvce3bg47g%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DCdDRDdDJmZdTlJ6rK998PkaeigAqQ4YGEXLaoworwAsCNtwEQASAAYJWCgICYB4IBF2NhLXB1Yi02NTkzNTIzMjEwMDEwMTU0yAEJqQKcXkyLdl-yPqgDAcgDAqoE6gFP0GSSNGuPZP6btp8oIK5frUXy3J-wWwSauAsN0Fh42wI8HcIvPBtSUWvRFaVHJfy9qlydzMUD3KOvrr7F2zicyP8dSuMo2egcCJR6GfmQxW8GHa_V-vv1wVQY_kmXZSXXK0k5zwIDazLsBvqJqqjKJeERD-dI48li3Oqc6OvzxVaUJMPVsqdMjNDRIt8bIVrbySwPxJVrIgZf8NGIfgbIdzHNuJl_enzB31CvoCt6Hs4WB0zbGp7WhQk_GkhkXUfWQHlLsiwaKxY5dWCixRqwJUjAznUwb-C2wXG9aPNnW0zbjiSFz7Oj0T2ABq20_5ik46TPIqAGIagHpr4bqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCBQIgOGAEBABMgKqAjoCgEBIvf3BOvoLAggBgAwB0BUBgBcB%2526num%253D1%2526sig%253DAOD64_0KHn4mXPdoe_fe3yBWHXHoYfrjZg%2526client%253Dca-pub-6593523210010154%2526adurl%253D&y=1&s=&z=0
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::ac43:4a81 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: bfe58c3e4f67928f320950cb05524dc012abf7ab1096958560101be80f83d447

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 18:33:25 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 590160
cf-polished: origFmt=png, origSize=2170
alt-svc: h3=":443"; ma=86400
content-length: 1662
cf-bgj: imgq:85,h2pri
last-modified: Mon, 13 Nov 2023 08:38:25 GMT
server: cloudflare
etag: "4721aa7c2d5fa652c8092463f9a485bd"
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=aRRQIR7kSirK7psF5Cmi9BmRXkCalFx%2BgGOtCEIDT1qFeVcQasbNfWL0aZnq5%2BtZD0yBVfpFfo%2BG3Z1AbPzqHq6IeXsj5wS00Qh77gRaVdlyl6TDqEOY4yyN%2BEXn1K7V97EW2SjLjt9GXSQ7"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
cache-control: public, max-age=315360000, immutable
accept-ranges: bytes
cf-ray: 82d4b30048689954-FRA

GET
H3 200 B4A4D4AE24A1FC5067FA06DB00E21DA5A143F663CF3153C1D2812B519806D793E1E07140C733352966C6C7C037FF39882FAEB141999BF28A93837E2C21DB35B1
assets.ad4m.at/ Frame 3FD6 23 KB
23 KB 56ms
55ms Image
image/jpeg 2606:4700:20::ac43:4a81
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.ad4m.at/B4A4D4AE24A1FC5067FA06DB00E21DA5A143F663CF3153C1D2812B519806D793E1E07140C733352966C6C7C037FF39882FAEB141999BF28A93837E2C21DB35B1
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=23576%2C19769%2C117569&b=YX1Hrf15spBpHVH9HetQtRR8cAT1T6mHr%2C2xqt6fRQfDrbSVHWHkt8txZPcWT7TEYcg%2CApEhYf9mueRQdhAHRH4tkt3D6c7T4T1Ec9&f=qDRUmfD7H757CZHgHDtRCXXxaPTgTVZF3%2C4BxHEf1Ks2P6fGH9HdtzCmwPFZTpTjRHK%2CMYrCzfjQsGkwrSWHEHGtQCDkPF9T4T2gu3&c=300&d=250&e=&g=4f80aa19514401d9b49d42dc5b2ebe20%2F2104205774622579060&i=20774%2C21630%2C29981&j=14%2C16%2C16&k=0&l=0&m=0&n=&p=&q=&o=suite_Netmix_Reach13_BlackFridayPush&r=1701196405672&h=https%3A%2F%2Fas.ad4m.at%2Fdct%3Fed%3D1g4a3p4g46dt5gz0cznkc2kt1ch8xvjfg27k43edb6w8qjkbtvsnfsac9taf3dv1mpq3hbp3fvdwkq8tsg4p96hvyp4567s834cqn0ej2y2mg86ngbmzqytgc3sv3exm8v74phsv5gvsd80zjzp2raah5xbnm4nrbmnr1jj7p5vtwhgkjc315zv8x7nqsxwhxhjw5wsk70f5qkbjq4nna49e7s3ab1vnf2fm3c1xzayn0xskkx92dk59bzrwsg4nxq95zffrhfcvce3bg47g%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DCdDRDdDJmZdTlJ6rK998PkaeigAqQ4YGEXLaoworwAsCNtwEQASAAYJWCgICYB4IBF2NhLXB1Yi02NTkzNTIzMjEwMDEwMTU0yAEJqQKcXkyLdl-yPqgDAcgDAqoE6gFP0GSSNGuPZP6btp8oIK5frUXy3J-wWwSauAsN0Fh42wI8HcIvPBtSUWvRFaVHJfy9qlydzMUD3KOvrr7F2zicyP8dSuMo2egcCJR6GfmQxW8GHa_V-vv1wVQY_kmXZSXXK0k5zwIDazLsBvqJqqjKJeERD-dI48li3Oqc6OvzxVaUJMPVsqdMjNDRIt8bIVrbySwPxJVrIgZf8NGIfgbIdzHNuJl_enzB31CvoCt6Hs4WB0zbGp7WhQk_GkhkXUfWQHlLsiwaKxY5dWCixRqwJUjAznUwb-C2wXG9aPNnW0zbjiSFz7Oj0T2ABq20_5ik46TPIqAGIagHpr4bqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCBQIgOGAEBABMgKqAjoCgEBIvf3BOvoLAggBgAwB0BUBgBcB%2526num%253D1%2526sig%253DAOD64_0KHn4mXPdoe_fe3yBWHXHoYfrjZg%2526client%253Dca-pub-6593523210010154%2526adurl%253D&y=1&s=&z=0
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::ac43:4a81 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 873e5c46cc8ce0b17fbe1f11dd95e9f15dbfa715e3e407d97f31611b5a460d8d

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 18:33:25 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 1354820
cf-polished: status=not_needed
alt-svc: h3=":443"; ma=86400
content-length: 23392
cf-bgj: imgq:85,h2pri
last-modified: Thu, 09 Nov 2023 08:08:23 GMT
server: cloudflare
etag: "faa9f958d13ef03f911b71f117846705"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=27x%2BrmnKMvaYNfTzVxP9MrBV59WjAeGuwkyM6l1Fu6g7%2FENJy8n30l0kWJH%2BGO345%2B5R%2BtaO2cpUfVzxPpLp4k7PR2qClpjV1f7GhvZvm5nDHzwsAOSyU4kbRTaASPwwFdAT9iu2QhTze5SW"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: public, max-age=315360000, immutable
accept-ranges: bytes
cf-ray: 82d4b300486a9954-FRA

GET
H/1.1 200
OK cshow.php
www.awin1.com/ Frame 3FD6 43 B
704 B 100ms
100ms Image
image/gif 23.212.218.19
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.awin1.com/cshow.php?s=2904924&v=20044&q=415363&r=412871&pv=1&pref3=oneidApEhYf9mueRQdhAHRH4tkt3D6c7T4T1Ec9oneid__suite_Netmix_Reach13_BlackFridayPush&gdpr_consent=&gdpr=0&gdpr_pd=0

Requested by

Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=23576%2C19769%2C117569&b=YX1Hrf15spBpHVH9HetQtRR8cAT1T6mHr%2C2xqt6fRQfDrbSVHWHkt8txZPcWT7TEYcg%2CApEhYf9mueRQdhAHRH4tkt3D6c7T4T1Ec9&f=qDRUmfD7H757CZHgHDtRCXXxaPTgTVZF3%2C4BxHEf1Ks2P6fGH9HdtzCmwPFZTpTjRHK%2CMYrCzfjQsGkwrSWHEHGtQCDkPF9T4T2gu3&c=300&d=250&e=&g=4f80aa19514401d9b49d42dc5b2ebe20%2F2104205774622579060&i=20774%2C21630%2C29981&j=14%2C16%2C16&k=0&l=0&m=0&n=&p=&q=&o=suite_Netmix_Reach13_BlackFridayPush&r=1701196405672&h=https%3A%2F%2Fas.ad4m.at%2Fdct%3Fed%3D1g4a3p4g46dt5gz0cznkc2kt1ch8xvjfg27k43edb6w8qjkbtvsnfsac9taf3dv1mpq3hbp3fvdwkq8tsg4p96hvyp4567s834cqn0ej2y2mg86ngbmzqytgc3sv3exm8v74phsv5gvsd80zjzp2raah5xbnm4nrbmnr1jj7p5vtwhgkjc315zv8x7nqsxwhxhjw5wsk70f5qkbjq4nna49e7s3ab1vnf2fm3c1xzayn0xskkx92dk59bzrwsg4nxq95zffrhfcvce3bg47g%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DCdDRDdDJmZdTlJ6rK998PkaeigAqQ4YGEXLaoworwAsCNtwEQASAAYJWCgICYB4IBF2NhLXB1Yi02NTkzNTIzMjEwMDEwMTU0yAEJqQKcXkyLdl-yPqgDAcgDAqoE6gFP0GSSNGuPZP6btp8oIK5frUXy3J-wWwSauAsN0Fh42wI8HcIvPBtSUWvRFaVHJfy9qlydzMUD3KOvrr7F2zicyP8dSuMo2egcCJR6GfmQxW8GHa_V-vv1wVQY_kmXZSXXK0k5zwIDazLsBvqJqqjKJeERD-dI48li3Oqc6OvzxVaUJMPVsqdMjNDRIt8bIVrbySwPxJVrIgZf8NGIfgbIdzHNuJl_enzB31CvoCt6Hs4WB0zbGp7WhQk_GkhkXUfWQHlLsiwaKxY5dWCixRqwJUjAznUwb-C2wXG9aPNnW0zbjiSFz7Oj0T2ABq20_5ik46TPIqAGIagHpr4bqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCBQIgOGAEBABMgKqAjoCgEBIvf3BOvoLAggBgAwB0BUBgBcB%2526num%253D1%2526sig%253DAOD64_0KHn4mXPdoe_fe3yBWHXHoYfrjZg%2526client%253Dca-pub-6593523210010154%2526adurl%253D&y=1&s=&z=0

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

23.212.218.19 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-212-218-19.deploy.static.akamaitechnologies.com

Software

Resource Hash

2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 28 Nov 2023 18:33:25 GMT
Strict-Transport-Security: max-age=86400
Node: Helix
Content-Type: image/gif
P3P: policyref="http://www.awin1.com/w3c/p3p.xml", CP="NOI NID CURa ADMa PSAa HISa OUR IND UNI PUR COM NAV"
Cache-Control: no-store, no-cache, max-age=0, must-revalidate
Awin-Akamai-Rule-Set: default
Connection: keep-alive
Content-Length: 43
Expires: 0

GET
H2 200 ads Show response
pubads.g.doubleclick.net/gampad/ Frame 872E 156 B
186 B 238ms
237ms XHR
text/xml 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pubads.g.doubleclick.net/gampad/ads?iu=%2F21728129623%2C158935454%2Fweb_foreks_preroll_FP2&description_url=http%3A%2F%2Fforeks.com&env=vp&correlator=3895725776204800&tfcd=0&npa=0&gdfp_req=1&output=xml_vast4&sz=640x360&unviewed_position_start=1&ppid=vnet7b02ca45a86b447babe00c93ef55687a&cust_params=site%3Dforeks%26env%3Dweb%26mt%3D1701196402186%26r%3D158737%40site_geneli%40foreks%3Asite_geneli%26info%3D%26policy%3D0%26targetCtr%3D0%26viewable%3D2%26site%3Dforeks%26plm%3Dnull%26pid%3Dvnet7b02ca45-a86b-447b-abe0-0c93ef55687a%26targetCr%3D0%26Mobile%3Dfalse%26env%3Dweb%26webmAd%3D1%26overlay%3D1%26rc%3D0%26datasave%3D0&sdkv=h.3.605.0&osd=2&frm=0&vis=1&sdr=1&hl=en&is_amp=0&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&u_so=l&ctv=0&sdki=445&ptt=20&adk=1366865759&sdk_apis=2%2C7%2C8&omid_p=Google1%2Fh.3.605.0&sid=245C6CEC-87AE-4AA7-B341-117F39CBD3ED&a3p=EhwKDWNyd2RjbnRybC5uZXQY96PUucExSABSAghkEhsKDDMzYWNyb3NzLmNvbRj3o9S5wTFIAFICCGQSGQoKcHViY2lkLm9yZxispdS5wTFIAFICCGoSHQoOZXNwLmNyaXRlby5jb20Y96PUucExSABSAghkEj4KBW9wZW54EixleUpwSWpvaVoycGFORzV6WTFSU1ZUWnFWVFZyU2toTFZHVTRkejA5SW4wPRjdqNS5wTFIABKBAQoIcnRiaG91c2USbHJ0aHJSQkpoU2dDSENwOHdTUU16b0ExYUw0WDlMWXF0N2NYYWdudXlhMWlXOE1PWVFVbmJ3U0ZWdXZqYWdzNUZYQ1hCaUptbTExeEc0U3JNeWlsQ3VEYUxjYjgvc2FQeXJyNFd5dDlNVjR3PRiSptS5wTFIABIbCgxpZDUtc3luYy5jb20YpabUucExSABSAghq&nel=0&eid=44768716%2C44772139%2C44777649%2C44781409%2C44802074%2C44802463%2C44803784%2C44804291&url=https%3A%2F%2Fforeks.com%2F&dlt=1701196400810&idt=3743&dt=1701196405793&cookie=ID%3D1e6f297c9b9b30af%3AT%3D1701196403%3ART%3D1701196403%3AS%3DALNI_MZlXdSTaDLNRTscaU5XCLG3I7W6kQ&gpic=UID%3D00000ce85ae6acf8%3AT%3D1701196403%3ART%3D1701196403%3AS%3DALNI_MYkWWSwSFlWjdOqcSWbfAltksoHtA&scor=662278382643970&ged=ve4_td5_tt1_pd5_la5000_er660.1142.813.1442_vi0.0.1200.1600_vp100_ts1_eb24171

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/core/bridge3.605.0_en.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8cd629187427fdb93787d7156be7a32c391bb2a8da471bbaa274e806e48b36e7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 18:33:26 GMT
content-encoding: br
x-content-type-options: nosniff
observe-browsing-topics: ?1
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 113
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/xml; charset=UTF-8
access-control-allow-origin: https://imasdk.googleapis.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 default.css
as.ad4m.at/ad/style/0.1.50/one-ad/ Frame B044 115 KB
14 KB 52ms
52ms Stylesheet
text/css 2606:4700:20::ac43:4a81
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://as.ad4m.at/ad/style/0.1.50/one-ad/default.css
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=196438&b=GjMSBfpfXwx9UKHeHGtPt31dHZSYTJ78sQVeB&f=Vx4HwfmfDjJEfVHbHAtXC8j4cBSzTgbrUDJdX&c=320&d=50&e=&g=1b683d6e216a1c1a76b16929036d83eb%2F12050752044450707625&i=25174&j=16&k=0&l=0&m=0&n=&p=&q=&o=suite_Netmix_Reach118_EXTRAPUSH&r=1701196405672&h=https%3A%2F%2Fas.ad4m.at%2Fdct%3Fed%3D1kjzrfksrn9jmrvxcgz32hbqge0v0ghmpknb2fkn41bh7djtbf3r6f9j9sjr392bvpj2yh1ksb6a8yvrbzmyp6nw691t3a1kmnswwekpeg5bjapen6dff5snyptmp1158hg2qkm62dt8p3bryv4f4m0kxjne0evg782z6jk6sthea4rd0x5defgyr7nd95ss2a00jtdq3ezv41dvq2ty461kbkayzc6hprcjyc2sxvnfqjfygttq5kbvhfvws5cdzqv7ax7pvz5d5k3jyevbebyp%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DCvdv8dDJmZYyoH6_OkPIPy9iN4AeQ4YGEXLaoworwAsCNtwEQASAAYJWCgICYB4IBF2NhLXB1Yi02NTkzNTIzMjEwMDEwMTU0yAEJqQLQvqB80mqyPqgDAcgDAqoE6QFP0HVSySJARTVk_Ue2gMFxYof1GbLy69hYaz94OBq_IXCQ1apdyNkozvzzdPxrIcIcUV2x_BgE7fRvzqEvnbiP13oDZS07hT8p6O_JCFn7Gsl9U7BrleW7TSNKIg2hsBU-jJmrIQ6JtOoJC-DFLzmvGc_JfOJaVIQvb5G9zMXklRaLAtqlO9QYBZGOxoTdGljU9WPftZmtNqErXlobr_45r_hslIdRFO3oIifQeso88JfDoWQcNbbGd8dMw5D-Afa61J3MkAeieqnHcsm3f_4ooqIk3PjkfxuBaUoYGNYGS90_GHWmT987sYAGxe-ql6zq8qYcoAYhqAemvhuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIFAiA4YAQEAEyAqoCOgKAQEi9_cE6-gsCCAGADAHQFQGAFwE%2526num%253D1%2526sig%253DAOD64_1pg0Z1J5xeFijqk4mbWJDG4sM7aQ%2526client%253Dca-pub-6593523210010154%2526adurl%253D&y=1&s=&z=0
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::ac43:4a81 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5f5a0db09b2c7d59fce00d749f6b857d80edafcca6897c038c5b77fb942f1393

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://as.ad4m.at/ad/rar?a=196438&b=GjMSBfpfXwx9UKHeHGtPt31dHZSYTJ78sQVeB&f=Vx4HwfmfDjJEfVHbHAtXC8j4cBSzTgbrUDJdX&c=320&d=50&e=&g=1b683d6e216a1c1a76b16929036d83eb%2F12050752044450707625&i=25174&j=16&k=0&l=0&m=0&n=&p=&q=&o=suite_Netmix_Reach118_EXTRAPUSH&r=1701196405672&h=https%3A%2F%2Fas.ad4m.at%2Fdct%3Fed%3D1kjzrfksrn9jmrvxcgz32hbqge0v0ghmpknb2fkn41bh7djtbf3r6f9j9sjr392bvpj2yh1ksb6a8yvrbzmyp6nw691t3a1kmnswwekpeg5bjapen6dff5snyptmp1158hg2qkm62dt8p3bryv4f4m0kxjne0evg782z6jk6sthea4rd0x5defgyr7nd95ss2a00jtdq3ezv41dvq2ty461kbkayzc6hprcjyc2sxvnfqjfygttq5kbvhfvws5cdzqv7ax7pvz5d5k3jyevbebyp%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DCvdv8dDJmZYyoH6_OkPIPy9iN4AeQ4YGEXLaoworwAsCNtwEQASAAYJWCgICYB4IBF2NhLXB1Yi02NTkzNTIzMjEwMDEwMTU0yAEJqQLQvqB80mqyPqgDAcgDAqoE6QFP0HVSySJARTVk_Ue2gMFxYof1GbLy69hYaz94OBq_IXCQ1apdyNkozvzzdPxrIcIcUV2x_BgE7fRvzqEvnbiP13oDZS07hT8p6O_JCFn7Gsl9U7BrleW7TSNKIg2hsBU-jJmrIQ6JtOoJC-DFLzmvGc_JfOJaVIQvb5G9zMXklRaLAtqlO9QYBZGOxoTdGljU9WPftZmtNqErXlobr_45r_hslIdRFO3oIifQeso88JfDoWQcNbbGd8dMw5D-Afa61J3MkAeieqnHcsm3f_4ooqIk3PjkfxuBaUoYGNYGS90_GHWmT987sYAGxe-ql6zq8qYcoAYhqAemvhuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIFAiA4YAQEAEyAqoCOgKAQEi9_cE6-gsCCAGADAHQFQGAFwE%2526num%253D1%2526sig%253DAOD64_1pg0Z1J5xeFijqk4mbWJDG4sM7aQ%2526client%253Dca-pub-6593523210010154%2526adurl%253D&y=1&s=&z=0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 18:33:25 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 1442625
cf-polished: origSize=118430
alt-svc: h3=":443"; ma=86400
cf-bgj: minify
last-modified: Thu, 02 Nov 2023 10:26:17 GMT
server: cloudflare
etag: W/"486507ccce9ac587d11c0ef3f32a109a"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=NMBqeORO9kAVqXGJtr3U9K%2Bv5E1YUF7KD2hslyralDONuu8TLYMJNb7FpOlL8rm8tsqwgBYpeuV1fs%2FpRN%2Basa0kZZPj%2F%2BJ%2F7xDYjL0Ev3zjvP%2BeKFwJt9x19gRkEGNJZhvakStoOFM%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: public, max-age=86400
cf-ray: 82d4b30048619954-FRA
expires: Wed, 29 Nov 2023 18:33:25 GMT

GET
H3 200 F1668CEEF41AAD8A0C029F9D23FE46EC6F8068CDC15DA60F85AFC1E3BD14A8C560B4DF91D88D53A78DBCC7160246BC21A8B17CCED604428331EE91402A545B83
assets.ad4m.at/logo/ Frame B044 9 KB
10 KB 53ms
52ms Image
image/webp 2606:4700:20::ac43:4a81
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.ad4m.at/logo/F1668CEEF41AAD8A0C029F9D23FE46EC6F8068CDC15DA60F85AFC1E3BD14A8C560B4DF91D88D53A78DBCC7160246BC21A8B17CCED604428331EE91402A545B83
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=196438&b=GjMSBfpfXwx9UKHeHGtPt31dHZSYTJ78sQVeB&f=Vx4HwfmfDjJEfVHbHAtXC8j4cBSzTgbrUDJdX&c=320&d=50&e=&g=1b683d6e216a1c1a76b16929036d83eb%2F12050752044450707625&i=25174&j=16&k=0&l=0&m=0&n=&p=&q=&o=suite_Netmix_Reach118_EXTRAPUSH&r=1701196405672&h=https%3A%2F%2Fas.ad4m.at%2Fdct%3Fed%3D1kjzrfksrn9jmrvxcgz32hbqge0v0ghmpknb2fkn41bh7djtbf3r6f9j9sjr392bvpj2yh1ksb6a8yvrbzmyp6nw691t3a1kmnswwekpeg5bjapen6dff5snyptmp1158hg2qkm62dt8p3bryv4f4m0kxjne0evg782z6jk6sthea4rd0x5defgyr7nd95ss2a00jtdq3ezv41dvq2ty461kbkayzc6hprcjyc2sxvnfqjfygttq5kbvhfvws5cdzqv7ax7pvz5d5k3jyevbebyp%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DCvdv8dDJmZYyoH6_OkPIPy9iN4AeQ4YGEXLaoworwAsCNtwEQASAAYJWCgICYB4IBF2NhLXB1Yi02NTkzNTIzMjEwMDEwMTU0yAEJqQLQvqB80mqyPqgDAcgDAqoE6QFP0HVSySJARTVk_Ue2gMFxYof1GbLy69hYaz94OBq_IXCQ1apdyNkozvzzdPxrIcIcUV2x_BgE7fRvzqEvnbiP13oDZS07hT8p6O_JCFn7Gsl9U7BrleW7TSNKIg2hsBU-jJmrIQ6JtOoJC-DFLzmvGc_JfOJaVIQvb5G9zMXklRaLAtqlO9QYBZGOxoTdGljU9WPftZmtNqErXlobr_45r_hslIdRFO3oIifQeso88JfDoWQcNbbGd8dMw5D-Afa61J3MkAeieqnHcsm3f_4ooqIk3PjkfxuBaUoYGNYGS90_GHWmT987sYAGxe-ql6zq8qYcoAYhqAemvhuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIFAiA4YAQEAEyAqoCOgKAQEi9_cE6-gsCCAGADAHQFQGAFwE%2526num%253D1%2526sig%253DAOD64_1pg0Z1J5xeFijqk4mbWJDG4sM7aQ%2526client%253Dca-pub-6593523210010154%2526adurl%253D&y=1&s=&z=0
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::ac43:4a81 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3dd5bb9fda081a3cb1bd6d513edb1a71746031bec07d8c646abe5813ba9dd4c4

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 18:33:25 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 606574
cf-polished: qual=85, origFmt=jpeg, origSize=13332
alt-svc: h3=":443"; ma=86400
content-length: 9604
cf-bgj: imgq:85,h2pri
last-modified: Fri, 03 Nov 2023 17:02:02 GMT
server: cloudflare
etag: "23e86ef8ba51d351917574e3e8d33ca5"
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8Ar3jCS3hdgN9lAX5BvUjmg7yTeD6s%2B203wVyf96KZ13CWw7c6anVnVGRBCITq7MJgodRJYLMxCgjASp%2Bg8HSOSowmy%2FFd7JmVR6jgbWibVG42flRyoPxTMbkvlNNTkowC%2F7P5s4BY5RxsrJ"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
cache-control: public, max-age=315360000, immutable
accept-ranges: bytes
cf-ray: 82d4b30048639954-FRA

GET
H3 200 BE6DC3223230068E9577E01057A3B7B2EF16298C4CB50492A156BC698A0B935475C050BE8658A2EEFAFF80ECE4CCAAFC1E82AC22B24DC4054F36591D448FD712
assets.ad4m.at/ Frame B044 28 KB
29 KB 34ms
34ms Image
image/jpeg 2606:4700:20::ac43:4a81
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.ad4m.at/BE6DC3223230068E9577E01057A3B7B2EF16298C4CB50492A156BC698A0B935475C050BE8658A2EEFAFF80ECE4CCAAFC1E82AC22B24DC4054F36591D448FD712
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=196438&b=GjMSBfpfXwx9UKHeHGtPt31dHZSYTJ78sQVeB&f=Vx4HwfmfDjJEfVHbHAtXC8j4cBSzTgbrUDJdX&c=320&d=50&e=&g=1b683d6e216a1c1a76b16929036d83eb%2F12050752044450707625&i=25174&j=16&k=0&l=0&m=0&n=&p=&q=&o=suite_Netmix_Reach118_EXTRAPUSH&r=1701196405672&h=https%3A%2F%2Fas.ad4m.at%2Fdct%3Fed%3D1kjzrfksrn9jmrvxcgz32hbqge0v0ghmpknb2fkn41bh7djtbf3r6f9j9sjr392bvpj2yh1ksb6a8yvrbzmyp6nw691t3a1kmnswwekpeg5bjapen6dff5snyptmp1158hg2qkm62dt8p3bryv4f4m0kxjne0evg782z6jk6sthea4rd0x5defgyr7nd95ss2a00jtdq3ezv41dvq2ty461kbkayzc6hprcjyc2sxvnfqjfygttq5kbvhfvws5cdzqv7ax7pvz5d5k3jyevbebyp%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DCvdv8dDJmZYyoH6_OkPIPy9iN4AeQ4YGEXLaoworwAsCNtwEQASAAYJWCgICYB4IBF2NhLXB1Yi02NTkzNTIzMjEwMDEwMTU0yAEJqQLQvqB80mqyPqgDAcgDAqoE6QFP0HVSySJARTVk_Ue2gMFxYof1GbLy69hYaz94OBq_IXCQ1apdyNkozvzzdPxrIcIcUV2x_BgE7fRvzqEvnbiP13oDZS07hT8p6O_JCFn7Gsl9U7BrleW7TSNKIg2hsBU-jJmrIQ6JtOoJC-DFLzmvGc_JfOJaVIQvb5G9zMXklRaLAtqlO9QYBZGOxoTdGljU9WPftZmtNqErXlobr_45r_hslIdRFO3oIifQeso88JfDoWQcNbbGd8dMw5D-Afa61J3MkAeieqnHcsm3f_4ooqIk3PjkfxuBaUoYGNYGS90_GHWmT987sYAGxe-ql6zq8qYcoAYhqAemvhuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIFAiA4YAQEAEyAqoCOgKAQEi9_cE6-gsCCAGADAHQFQGAFwE%2526num%253D1%2526sig%253DAOD64_1pg0Z1J5xeFijqk4mbWJDG4sM7aQ%2526client%253Dca-pub-6593523210010154%2526adurl%253D&y=1&s=&z=0
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::ac43:4a81 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 013c46bb69056b44df46c3a4d22b3b4ec4eb52aa2d8253019988ffe1494caf7f

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 18:33:25 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 470093
cf-polished: status=not_needed
alt-svc: h3=":443"; ma=86400
content-length: 28954
cf-bgj: imgq:85,h2pri
last-modified: Thu, 23 Nov 2023 07:58:31 GMT
server: cloudflare
etag: "85b2952dc2f72512aefd9f8454909e82"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=moOUBhQ%2BtECarMDVS4Z0WowptR%2BvFxFjJX%2F0S79ZeFBBGBeOXkQ66KrFvt6eB61UPGnxpeAKWeES8xn1q6sb9sxMlycRd%2Bx0v3F3%2Fw3r%2BJiCUAj2I2Malk98y0Lo0gvhG8ddNVDem%2FgwyMzY"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: public, max-age=315360000, immutable
accept-ranges: bytes
cf-ray: 82d4b30048649954-FRA

GET
H/1.1

200

/
banner.congstar.de/cookie/ Frame B044
Redirect Chain

https://ad.doubleclick.net/ddm/trackimp/N38306.140903ZANOX.COMDE/B22845801.273544483;dc_trk_aid=467891017;dc_trk_cid=64219029;ord=;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=?https%3A%...
https://ad.doubleclick.net/ddm/trackimp/N38306.140903ZANOX.COMDE/B22845801.273544483;dc_pre=CL6F2buq54IDFQrsuwgdgw0IGw;dc_trk_aid=467891017;dc_trk_cid=64219029;ord=;dc_lat=;dc_rdid=;tag_for_child_d...
https://www.awin1.com/cawshow.php?v=11938&s=2542680&q=367022&r=412871&pv=1&pref3=oneidGjMSBfpfXwx9UKHeHGtPt31dHZSYTJ78sQVeBoneid__suite_Netmix_Reach118_EXTRAPUSH&gdpr_consent=&gdpr=0&gdpr_pd=0
https://banner.congstar.de/cookie/?sp=awin&spfr=412871&awc=11938_412871_1701196405_9e32ec71-8e1c-11ee-ba35-226154e726d7

0
549 B

60ms
15ms

Image
text/plain

87.118.116.9
KEYWEB-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://banner.congstar.de/cookie/?sp=awin&spfr=412871&awc=11938_412871_1701196405_9e32ec71-8e1c-11ee-ba35-226154e726d7
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=196438&b=GjMSBfpfXwx9UKHeHGtPt31dHZSYTJ78sQVeB&f=Vx4HwfmfDjJEfVHbHAtXC8j4cBSzTgbrUDJdX&c=320&d=50&e=&g=1b683d6e216a1c1a76b16929036d83eb%2F12050752044450707625&i=25174&j=16&k=0&l=0&m=0&n=&p=&q=&o=suite_Netmix_Reach118_EXTRAPUSH&r=1701196405672&h=https%3A%2F%2Fas.ad4m.at%2Fdct%3Fed%3D1kjzrfksrn9jmrvxcgz32hbqge0v0ghmpknb2fkn41bh7djtbf3r6f9j9sjr392bvpj2yh1ksb6a8yvrbzmyp6nw691t3a1kmnswwekpeg5bjapen6dff5snyptmp1158hg2qkm62dt8p3bryv4f4m0kxjne0evg782z6jk6sthea4rd0x5defgyr7nd95ss2a00jtdq3ezv41dvq2ty461kbkayzc6hprcjyc2sxvnfqjfygttq5kbvhfvws5cdzqv7ax7pvz5d5k3jyevbebyp%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DCvdv8dDJmZYyoH6_OkPIPy9iN4AeQ4YGEXLaoworwAsCNtwEQASAAYJWCgICYB4IBF2NhLXB1Yi02NTkzNTIzMjEwMDEwMTU0yAEJqQLQvqB80mqyPqgDAcgDAqoE6QFP0HVSySJARTVk_Ue2gMFxYof1GbLy69hYaz94OBq_IXCQ1apdyNkozvzzdPxrIcIcUV2x_BgE7fRvzqEvnbiP13oDZS07hT8p6O_JCFn7Gsl9U7BrleW7TSNKIg2hsBU-jJmrIQ6JtOoJC-DFLzmvGc_JfOJaVIQvb5G9zMXklRaLAtqlO9QYBZGOxoTdGljU9WPftZmtNqErXlobr_45r_hslIdRFO3oIifQeso88JfDoWQcNbbGd8dMw5D-Afa61J3MkAeieqnHcsm3f_4ooqIk3PjkfxuBaUoYGNYGS90_GHWmT987sYAGxe-ql6zq8qYcoAYhqAemvhuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIFAiA4YAQEAEyAqoCOgKAQEi9_cE6-gsCCAGADAHQFQGAFwE%2526num%253D1%2526sig%253DAOD64_1pg0Z1J5xeFijqk4mbWJDG4sM7aQ%2526client%253Dca-pub-6593523210010154%2526adurl%253D&y=1&s=&z=0
Protocol: HTTP/1.1
Server: 87.118.116.9 , Germany, ASN31103 (KEYWEB-AS, DE),
Reverse DNS: km36617.keymachine.de
Software: Apache /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 28 Nov 2023 18:33:25 GMT
Server: Apache
P3P: CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
Access-Control-Allow-Origin: *
Cache-Control: no-cache, no-store, must-revalidate
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
Content-Length: 0

Redirect headers

Date: Tue, 28 Nov 2023 18:33:25 GMT
Strict-Transport-Security: max-age=86400
Node: Helix
P3P: policyref="http://www.awin1.com/w3c/p3p.xml", CP="NOI NID CURa ADMa PSAa HISa OUR IND UNI PUR COM NAV"
Location: https://banner.congstar.de/cookie/?sp=awin&spfr=412871&awc=11938_412871_1701196405_9e32ec71-8e1c-11ee-ba35-226154e726d7
Awin-Akamai-Rule-Set: default
Connection: keep-alive
Content-Length: 0

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 6C3E 0
0 54ms
54ms Image
text/html 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gda_r20231109&jk=381731750731463&rc=
Requested by: Host: foreks.com
URL: https://foreks.com/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

GET
H3 200 GOa2ZK97xVqw-WOSDw2lqG4V8l_qTiI5JNj0tnI6N88.js Show response
pagead2.googlesyndication.com/bg/ Frame 7421 39 KB
15 KB 21ms
21ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/GOa2ZK97xVqw-WOSDw2lqG4V8l_qTiI5JNj0tnI6N88.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

18e6b664af7bc55ab0f963920f0da5a86e15f25fea4e223924d8f4b6723a37cf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 17:29:53 GMT
content-encoding: br
x-content-type-options: nosniff
age: 3812
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15296
x-xss-protection: 0
last-modified: Mon, 06 Nov 2023 16:38:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 27 Nov 2024 17:29:53 GMT

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 2BD2 0
0 58ms
58ms Fetch
image/gif 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsvjmIqeNI112T44JPVDirksY54fJdx16FuMLS76zdK6e6ZJP-h8c1Lo2mqoBXxumRzjSC-FjDCF7vrxjrvdQ5DzSjsAbdVqzN6FSnIzxrSS4YBrmIsMPe7ylXteNVkqS19pERnXVXeXv-5E-okmsloFisp52vhFLT4bYtOgDNpKGLHobirTq3jz1e5Wrc0xfLWKGOhLLpuzQmbP7johcrW1seOW_5vCtI3Er9RBu5Ciw-Zso7XKD8bLzTOe6Ed3lyHAN5qle8HvO0Q3t6do_lXeNmQPKeZ00nVmcUzlLm03LXtSuFD1QQzrocJkx0cuf22EPTwRmG19zTgnRVVtbW9pMcRrzY11QdCLPn1yzXNV9Cjj&sai=AMfl-YQ2Q4xMLB4efOBPehQkpmdWJyCekzSsvHDqhWuELsS8pK5WZdKjzas_-sUzjIz15rtjvNK3iTGtVlBBRDJVqrn63lrsOf1tJhYfp0z8c6tQzAIGih-688YlUTn6eI3WYnWIGF37Qojkc2PqWpOFKAQUo49bnW9BzMr588YcH1AA1055ZFzHJt9EH6TvwvHR456B6EmaUvUf8v5eZ2T7WyAofCA8K4PtbD6u3RzVZYd7L5w&sig=Cg0ArKJSzIBwA8E0sez1EAE&uach_m=%5BUACH%5D&urlfix=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0%3D&adurl=

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://47edc2055ebf6f705c8dda5bf6329e59.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 18:33:25 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Tue, 28 Nov 2023 18:33:25 GMT

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame 2BD2 16 KB
12 KB 70ms
70ms XHR
application/json 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20231109&st=env

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

4110b8d5f1e03b8581973d54a6142fa9dff022f45070cbce000d027fd91e1fe8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://47edc2055ebf6f705c8dda5bf6329e59.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 18:33:25 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 12396
x-xss-protection: 0

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame 7421 0
10 B 21ms
21ms Image
text/plain 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?AUdBvA
Requested by: Host: foreks.com
URL: https://foreks.com/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 18:33:25 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H2 200 64f0a04de4b0a5353b11e8c6
ng2.virgul.com/tck/imp/ 0
209 B 59ms
59ms Image
text/plain 185.7.176.222
SH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ng2.virgul.com/tck/imp/64f0a04de4b0a5353b11e8c6?g=1&t=gb&r=158735@site_geneli@foreks:site_geneli&l=&c=%2Cas%2Crc0%2Chf1%2Cvv1&info=&mt=1701196402186&userId=vnet7b02ca45-a86b-447b-abe0-0c93ef55687a
Requested by: Host: foreks.com
URL: https://foreks.com/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 185.7.176.222 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://foreks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

access-control-allow-origin: https://foreks.com
date: Tue, 28 Nov 2023 18:33:25 GMT
access-control-allow-credentials: true
expires: Tue, 04 Jan 2022 10:49:40 GMT
server: openresty/1.15.8.3
content-length: 0
p3p: CP='IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT'

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame 2BD2 17 KB
6 KB 44ms
44ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://47edc2055ebf6f705c8dda5bf6329e59.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 18:33:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Tue, 28 Nov 2023 18:33:25 GMT

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame B3CC 13 KB
5 KB 23ms
21ms Document
text/html 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://47edc2055ebf6f705c8dda5bf6329e59.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 3813
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Tue, 28 Nov 2023 17:29:52 GMT
expires: Wed, 27 Nov 2024 17:29:52 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 aframe Show response
www.google.com/recaptcha/api2/ Frame E838 829 B
559 B 34ms
33ms Document
text/html 2a00:1450:4001:828::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

de1fbb553185a4282639c0d8ed05ce259c3f8d6c474e6d278c59c63f5a69771f

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-5PolWFBa0B0I_FrFlqsClA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://47edc2055ebf6f705c8dda5bf6329e59.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=300
content-encoding: gzip
content-security-policy: script-src 'report-sample' 'nonce-5PolWFBa0B0I_FrFlqsClA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Tue, 28 Nov 2023 18:33:25 GMT
expires: Tue, 28 Nov 2023 18:33:25 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H3 200 GOa2ZK97xVqw-WOSDw2lqG4V8l_qTiI5JNj0tnI6N88.js Show response
pagead2.googlesyndication.com/bg/ Frame B3CC 39 KB
15 KB 22ms
22ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/GOa2ZK97xVqw-WOSDw2lqG4V8l_qTiI5JNj0tnI6N88.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

18e6b664af7bc55ab0f963920f0da5a86e15f25fea4e223924d8f4b6723a37cf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 17:29:53 GMT
content-encoding: br
x-content-type-options: nosniff
age: 3813
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15296
x-xss-protection: 0
last-modified: Mon, 06 Nov 2023 16:38:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 27 Nov 2024 17:29:53 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame E838 0
0 55ms
55ms Image
text/html 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gda_r20231109&jk=1540846799569571&rc=
Requested by: Host: foreks.com
URL: https://foreks.com/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

POST
H2 204 csi
csi.gstatic.com/ Frame 872E 0
54 B 152ms
133ms Ping
image/gif 2607:f8b0:4001:c20::5e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://csi.gstatic.com/csi?v=2&s=ima&dmc=8&puid=2~lpioeznf&c=1919415049429&slotId=959707524714.5&ghmsh_eids=44768716%2C44772139%2C44777649%2C44781409%2C44802074%2C44802463%2C44803784%2C44804291
Requested by: Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/core/bridge3.605.0_en.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2607:f8b0:4001:c20::5e Council Bluffs, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 28 Nov 2023 18:33:26 GMT
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
server: Golfe2
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 count
logger.virgul.com/ 0
116 B 59ms
59ms Ping
image/jpeg 185.7.176.222
SH

General

Check archive.org

Show headers Download Go to

Full URL: https://logger.virgul.com/count?m=adError&g=m&r=npm_foreks:preroll:303:&o=&iv=&wVID=&info=&os=windows&dt=desktop
Requested by: Host: c1.imgiz.com
URL: https://c1.imgiz.com/player_others/html5/NoktaPlayer.js?d=11/28/2023
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 185.7.176.222 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://foreks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

access-control-allow-origin: *
date: Tue, 28 Nov 2023 18:33:26 GMT
server: openresty/1.15.8.3
content-length: 0
access-control-allow-methods: GET, POST
content-type: image/jpeg

POST
H2 200 count
logger.virgul.com/ 0
116 B 60ms
60ms Ping
image/jpeg 185.7.176.222
SH

General

Check archive.org

Show headers Download Go to

Full URL: https://logger.virgul.com/count?m=adRequest&g=m&r=npm_foreks:preroll&o=&iv=&wVID=&info=&os=windows&dt=desktop
Requested by: Host: c1.imgiz.com
URL: https://c1.imgiz.com/player_others/html5/NoktaPlayer.js?d=11/28/2023
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 185.7.176.222 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://foreks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

access-control-allow-origin: *
date: Tue, 28 Nov 2023 18:33:26 GMT
server: openresty/1.15.8.3
content-length: 0
access-control-allow-methods: GET, POST
content-type: image/jpeg

GET
H3 200 ads Show response
pubads.g.doubleclick.net/gampad/ Frame 872E 116 KB
19 KB 279ms
279ms XHR
text/xml 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pubads.g.doubleclick.net/gampad/ads?iu=%2F21728129623%2C158935454%2Fweb_foreks_preroll_FP1&description_url=http%3A%2F%2Fforeks.com&env=vp&correlator=3895725776204800&tfcd=0&npa=0&gdfp_req=1&output=xml_vast4&sz=640x360&unviewed_position_start=1&ppid=vnet7b02ca45a86b447babe00c93ef55687a&cust_params=site%3Dforeks%26env%3Dweb%26mt%3D1701196402186%26r%3D158737%40site_geneli%40foreks%3Asite_geneli%26info%3D%26policy%3D0%26targetCtr%3D0%26viewable%3D2%26site%3Dforeks%26plm%3Dnull%26pid%3Dvnet7b02ca45-a86b-447b-abe0-0c93ef55687a%26targetCr%3D0%26Mobile%3Dfalse%26env%3Dweb%26webmAd%3D1%26overlay%3D1%26rc%3D0%26datasave%3D0&sdkv=h.3.605.0&osd=2&frm=0&vis=1&sdr=1&hl=en&is_amp=0&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&u_so=l&ctv=0&sdki=445&ptt=20&adk=1366865759&sdk_apis=2%2C7%2C8&omid_p=Google1%2Fh.3.605.0&sid=245C6CEC-87AE-4AA7-B341-117F39CBD3ED&a3p=EhwKDWNyd2RjbnRybC5uZXQY96PUucExSABSAghkEhsKDDMzYWNyb3NzLmNvbRj3o9S5wTFIAFICCGQSGQoKcHViY2lkLm9yZxispdS5wTFIAFICCGoSHQoOZXNwLmNyaXRlby5jb20Y96PUucExSABSAghkEj4KBW9wZW54EixleUpwSWpvaVoycGFORzV6WTFSU1ZUWnFWVFZyU2toTFZHVTRkejA5SW4wPRjdqNS5wTFIABKBAQoIcnRiaG91c2USbHJ0aHJSQkpoU2dDSENwOHdTUU16b0ExYUw0WDlMWXF0N2NYYWdudXlhMWlXOE1PWVFVbmJ3U0ZWdXZqYWdzNUZYQ1hCaUptbTExeEc0U3JNeWlsQ3VEYUxjYjgvc2FQeXJyNFd5dDlNVjR3PRiSptS5wTFIABIbCgxpZDUtc3luYy5jb20YpabUucExSABSAghq&nel=0&eid=44768716%2C44772139%2C44777649%2C44781409%2C44802074%2C44802463%2C44803784%2C44804291&url=https%3A%2F%2Fforeks.com%2F&dlt=1701196400810&idt=3743&dt=1701196406040&cookie=ID%3D1e6f297c9b9b30af%3AT%3D1701196403%3ART%3D1701196403%3AS%3DALNI_MZlXdSTaDLNRTscaU5XCLG3I7W6kQ&gpic=UID%3D00000ce85ae6acf8%3AT%3D1701196403%3ART%3D1701196403%3AS%3DALNI_MYkWWSwSFlWjdOqcSWbfAltksoHtA&scor=662278382643970&ged=ve4_td5_tt1_pd5_la5000_er660.1142.813.1442_vi0.0.1200.1600_vp100_ts0_eb24171

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/core/bridge3.605.0_en.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

95a29f9cbea352c0e270f5bfb9440fe21cea2ace4c54d02b3248eb2930b518a4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 18:33:26 GMT
content-encoding: br
x-content-type-options: nosniff
observe-browsing-topics: ?1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 19500
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/xml; charset=UTF-8
access-control-allow-origin: https://imasdk.googleapis.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

c.gif
c.clarity.ms/
Redirect Chain

https://c.clarity.ms/c.gif
https://c.bing.com/c.gif?ctsa=mr&CtsSyncId=6CDF9A424F4342DFB24681D6BB17312F&RedC=c.clarity.ms&MXFR=12B0E5F02545683E0D90F627214566DC
https://c.clarity.ms/c.gif?ctsa=mr&CtsSyncId=6CDF9A424F4342DFB24681D6BB17312F&MUID=06038832C51F612D3E4D9BE5C474603F

42 B
444 B

53ms
52ms

Image
image/gif

68.219.88.97
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://c.clarity.ms/c.gif?ctsa=mr&CtsSyncId=6CDF9A424F4342DFB24681D6BB17312F&MUID=06038832C51F612D3E4D9BE5C474603F
Protocol: H2
Server: 68.219.88.97 Dublin, Ireland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: 99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://foreks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 28 Nov 2023 18:33:26 GMT
last-modified: Wed, 30 Aug 2023 19:01:41 GMT
server: Microsoft-IIS/10.0
etag: "8d59566974dbd91:0"
x-powered-by: ASP.NET
content-type: image/gif
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
cache-control: private, no-cache, proxy-revalidate, no-store
accept-ranges: bytes
content-length: 42

Redirect headers

pragma: no-cache
date: Tue, 28 Nov 2023 18:33:25 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: B50B71683D0F46A0B9A566D1F8C89D77 Ref B: FRAEDGE1416 Ref C: 2023-11-28T18:33:26Z
x-powered-by: ASP.NET
x-cache: CONFIG_NOCACHE
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
location: https://c.clarity.ms/c.gif?ctsa=mr&CtsSyncId=6CDF9A424F4342DFB24681D6BB17312F&MUID=06038832C51F612D3E4D9BE5C474603F
cache-control: private, no-cache, proxy-revalidate, no-store
content-length: 0

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 16 KB
12 KB 104ms
104ms XHR
application/json 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=m202311130101&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202311130101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

61ea2dab1eea4af85c70041ae92992c724cdabc0ccdd86d9dbf2fc737c09e81d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://foreks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 18:33:26 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 12231
x-xss-protection: 0

GET
H2 200 netmera_worker.html Show response
foreks.com/ Frame 95AA 4 KB
2 KB 36ms
35ms Document
text/html 18.173.154.20
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://foreks.com/netmera_worker.html
Requested by: Host: cdn.netmera-web.com
URL: https://cdn.netmera-web.com/wsdkjs/OcYc2nxy4-IE1PVMgxSo2cIXLNyzI3PXAb6uUisJim44jRp89r7eWQ
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.173.154.20 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-173-154-20.muc50.r.cloudfront.net
Software: /
Resource Hash: 46785e2006a27d27d52b4ed2ac2459d147ddd4b2843efbef626f9e3645b2254b

Request headers

Referer: https://foreks.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
cache-control: public, max-age=0
content-encoding: gzip
content-type: text/html; charset=UTF-8
date: Tue, 28 Nov 2023 18:33:26 GMT
etag: W/"ff3-18bfbd41858"
last-modified: Thu, 23 Nov 2023 10:57:43 GMT
vary: Accept-Encoding
via: 1.1 595547cdc2fce94aba8498c84797701a.cloudfront.net (CloudFront)
x-amz-cf-id: ZlwlLgV07QYeUG2nVZfESVr6obtpDDRVGZ2WijZyr6cYYN9mOPldyA==
x-amz-cf-pop: MUC50-P3
x-cache: Miss from cloudfront

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame E75F 0
0 87ms
87ms Image
text/html 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gda_r20231109&jk=3790986635859306&bg=!5Oel56jNAAZxrfrxUa07ADQBe5WfOLv9Kg2gWCCEjvA3lXWdqCg92LBhEQRMBcqbL3M_vHTYVl8MLK42etA5dvlcjoqgAgAAAFlSAAAAAmgBBwoAEeruFyXKGAQX9dC0KFsSm_FxmQL-r8qrxEp5K0Ap5ZbiA3nKJMBikH9lII8sdKtAuZFp0Nx5GJYCIzrRZSjuw-ySCWrkdM_PMRnhBQzCltdf_HIWm9WaVejh0EC_JfsfnFC8ZNauIlFtf-vxRdEK9FzgZkIHnb2cX_OR9tC38Zp0hQY0w991xlU26Q3ugybcyY7DQ9NSPD6tjxWCALPRyKidT-PP9ehJtBMTWZeXcOPFLgqh8owZQ9_p9Z-jGsefsKsmWI1cINNJrsSVfGort-O9Y1v_4Sm-Z_-eirqWOIKhlLmSDhl5rM9iAerSLrO6-8DqujtfZk8vd0-1DnDggNq9dUNBbBjkoWWNcEf86GBE5oqtWrLcTLr3P8AqmVwsGqIvBoFrD1ay_MtUO8_rjIm5hNyI31j1JbHx29_gu8RsLL8E5vchJfwPBe94MW0MkETceN838d07Ero0xlJ7ECopBY5OrL5N5OH3jFv1z_HLtYgeX-H2ELYuMYWMzMkYcsk7nuOYDm4NN9VhitSEbHZnJS5WM5PqSAOzt8qqa-xQeiT7qjXSZSUY35FMe7mAR_KC2Vrg8KSId0IQZV90ioNF7Zs3buEI9PzCjw0l_Ko77MU3XMJ1mcTNX_QXOOvMkO_GkV_f4D0LXrmmiYh_uW4SDeRkxmPJ_98T8BduO1H4oxRLLtRzl_paA1RzMUJ23op4eKN_y_sl6dgP9RR7Ox-o6xA-675LuKms9XydH2Rdm_Lq19Cy_wvBkTzxG0W6v6b8QIzsCT6Ngp1UuTMCiIFWpEEPBVhUZVqG7eIlheb7A0rjpdzwxIV59-JUFGEZDL0G9ELS1M7D054ajuosR3lMredDO9gLhzKHK9Rz9WABJbWMGVWz3b_5MuL8bg55Wcgeue0kBQgNP1JYJFW9rK2j3853kv2vPtc6dNLkjlqIFl0wTIeUgzdXzpKda_2NqBfoHNd81mO33bSuE6xfngn7rqihUTxUN50Khth02EOHdG4VGD-mWtXMcpVQIGzOCGDdq0roze6k4T9A1tiMscLy3w
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://47edc2055ebf6f705c8dda5bf6329e59.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 6A26 0
0 81ms
80ms Image
text/html 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gda_r20231109&jk=2346992362013379&bg=!U1ClUB_NAAZxrfrxUa07ADQBe5WfOI6q2yf2RvB2gK1EUuWqMfOnCb3zMxe7nfJUY4kMJvaVVcA0yr6kVDkGw7Sy6WYkAgAAAFhSAAAAAWgBBwoAb1HzwVei8WkOZp_8699VKvTL8qUgibJgtzM1rJf9q3JJn2Do72shHX_xUGZ_VowG-NamKvBEAYX9iBDn4DF50_toQZdPt_Wx_WxzaWSDFIWg1blzNcGmZLeKr0YGgTIDyYXwtoonYSDDONgRRJEb35kDEOGSEYsceq1R2hYTsdgh9yygrKpkIZrruRY1GsidCp10OAkHN_mjWnYgFoDGmQ3XJiQoYml_zhh60QOdm37fnE8rcmLFv6H7wq-S9fzg9-geCA4-fhhqLIRzaZIrtsrJPhv8adf9fD2Cp2p9JB5tBnM4o4-qeV1ntoHRGwDSySRCQDU9O3e00XKbvdOFRfZTGNVhoF4a4CF5sEjy0hCcd4m7Pa65upu6VZeLyHn1KcPb54M5Vifp4RE1rFhv0gY5C42e2ou5MKqs2YY_K5USKy4ad4t_nsL5KLlnKhhjIzyCDepGc1lEHK5LCc06vT4U_XRQLWIODGImqkTlX6J9LoOhacUrqFi7HRD1DewVompLEGk2_HJjw976uV2L4TxcyN36A2CdoJEiHUhwNHMtamb6nCrAYKVutRp1YV0iP5uqTs7JPEYY6V0rNUNJk7ChlgseHUYBCXhkE1AWqczYrF4f_lC4ZI8hXVoYpCruIRee-Q4ElooWKhXw2UTMDhOSfjSNu5oDexQmUkSVYtP_yB2XCd6uQiFG3MIr1s_Fk4FW1rc8OEHzq2wXY_oIQPDNBKguLPkU8pbbIA03ewTLeCWFYRC8vVk6chQVLbAGKqUTkGnfju3wVX2nrlMRh0ZsjrbhZHBAUvto5IcOXN4ufSSnYMrWs8gmJKnV6euokYx3ulzQPYkm8mNYAvcgWBguSQnTDsMi3DoRrHob2gNCWwnjkn0fdy2yIEFkufSYDOTevrItkWBW_Bb6fzWh7IDkH5nwE4kL4Ja12DOT5u603gj27rHCbxgfBWmj4T0uVUY0Xw7ryPpJVYE8cnKQSVARxHCkP5r04qx3Tfi9DgoRLpthY2NQG_ogF1IsGbTjuLx_V-b-nKg3m1yVYOyzYMwPyhQhxpE5yXVNstevNT67VGb0XiK7kYlf-WNeSVE9KlmN05kqqxvSBD0PBtH3MKEa5BmUcPY7DR8NJfYJ0QRlgkHdY5exezc7oN38n5Z_-0naYtcz2kpCIP5kZ6MdM8892Nh4Bb7PDSee3MK6cQMbLSA
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://47edc2055ebf6f705c8dda5bf6329e59.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame B3CC 0
10 B 21ms
21ms Image
text/plain 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?_9lD0w
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 18:33:26 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H2 200 foreks-notify-logo.svg
foreks.com/img/ Frame 95AA 667 B
718 B 49ms
49ms Image
image/svg+xml 18.173.154.20
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://foreks.com/img/foreks-notify-logo.svg
Requested by: Host: foreks.com
URL: https://foreks.com/netmera_worker.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.173.154.20 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-173-154-20.muc50.r.cloudfront.net
Software: /
Resource Hash: ea3f874e92d2f05121d133ae8ab4e2138a7f904af2b9f8f4719a0543bbc3bc9b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://foreks.com/netmera_worker.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 18:33:26 GMT
content-encoding: gzip
via: 1.1 595547cdc2fce94aba8498c84797701a.cloudfront.net (CloudFront)
last-modified: Thu, 23 Nov 2023 10:57:43 GMT
x-amz-cf-pop: MUC50-P3
etag: W/"29b-18bfbd41858"
vary: Accept-Encoding
x-cache: Miss from cloudfront
content-type: image/svg+xml
cache-control: public, max-age=0
accept-ranges: bytes
x-amz-cf-id: FXJS6yvHPLe1z-4Jw1f0lN1ZRWAvGET-op-1-H7tzY0K165h2AbHLw==

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame D026 0
20 B 56ms
56ms Ping
image/gif 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tler&ord=2864523947560&version=m202309260101&ct=77&x=1&cor=17055029869389728000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://47edc2055ebf6f705c8dda5bf6329e59.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 28 Nov 2023 18:33:26 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 fbox.js Show response
ntm.netmera-web.com/wsdk2/ Frame 95AA 4 KB
2 KB 32ms
23ms Script
application/javascript 31.3.2.72
MEDIANOVA-CDN

General

Check archive.org

Show headers Download Go to

Full URL: https://ntm.netmera-web.com/wsdk2/fbox.js?v=4.2.22
Requested by: Host: foreks.com
URL: https://foreks.com/netmera_worker.html
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 31.3.2.72 Frankfurt am Main, Germany, ASN21245 (MEDIANOVA-CDN, TR),
Reverse DNS
Software: MNCDN-236 /
Resource Hash: 7b890dc41d051c686bda87447a5556a4d7e1a53fd40dde66bc9f12ea83bc00d1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://foreks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 18:33:27 GMT
content-encoding: br
last-modified: Thu, 23 Nov 2023 22:11:47 GMT
server: MNCDN-236
x-mnrequest-id: 913c472fe95c3257a27f93b2e3944284
x-amz-request-id: 875VH9NCQHB599H6
x-edge-location: DE-372
x-amz-server-side-encryption: AES256
x-cache-status: Edge : HIT,
content-type: application/javascript
cache-control: private, max-age=900, s-maxage=604800
x-amz-id-2: mXPSQDAbvukCdsoECsNh4UTGL9VBK6L2WDj7RGPGHT/DPiIXVOuqBIZJ2QXec48ak1fAZJiZpwM=
x-mserver: DE-372

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
6 KB 57ms
57ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202311130101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://foreks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 18:33:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Tue, 28 Nov 2023 18:33:26 GMT

GET
H2 200 64f06d40e4b0a5353b1171f6
ng.virgul.com/tck/i_vb2/ 0
209 B 59ms
59ms Image
text/plain 185.7.176.222
SH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ng.virgul.com/tck/i_vb2/64f06d40e4b0a5353b1171f6?l=&r=158529@site_geneli@foreks:site_geneli&cs=1701196406178&userId=vnet7b02ca45-a86b-447b-abe0-0c93ef55687a
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 185.7.176.222 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://foreks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

access-control-allow-origin: https://foreks.com
date: Tue, 28 Nov 2023 18:33:26 GMT
access-control-allow-credentials: true
expires: Tue, 04 Jan 2022 10:49:40 GMT
server: openresty/1.15.8.3
content-length: 0
p3p: CP='IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT'

GET
H2 200 64633daae4b0e20873d6f248
ng.virgul.com/tck/i_vb2/ 0
209 B 60ms
60ms Image
text/plain 185.7.176.222
SH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ng.virgul.com/tck/i_vb2/64633daae4b0e20873d6f248?l=&r=158528@site_geneli@foreks:site_geneli&cs=1701196406178&userId=vnet7b02ca45-a86b-447b-abe0-0c93ef55687a
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 185.7.176.222 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://foreks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

access-control-allow-origin: https://foreks.com
date: Tue, 28 Nov 2023 18:33:26 GMT
access-control-allow-credentials: true
expires: Tue, 04 Jan 2022 10:49:40 GMT
server: openresty/1.15.8.3
content-length: 0
p3p: CP='IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT'

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame A998 13 KB
5 KB 22ms
21ms Document
text/html 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://foreks.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 3814
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Tue, 28 Nov 2023 17:29:52 GMT
expires: Wed, 27 Nov 2024 17:29:52 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 733C 829 B
560 B 31ms
31ms Document
text/html 2a00:1450:4001:828::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

bbdfcce5c48506045255faf20a94cbb773cc14c04e3f64e6507e6f9a9ccc91b7

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-3GKNpzu0A29kS2cuf9y7bQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://foreks.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=300
content-encoding: gzip
content-security-policy: script-src 'report-sample' 'nonce-3GKNpzu0A29kS2cuf9y7bQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Tue, 28 Nov 2023 18:33:26 GMT
expires: Tue, 28 Nov 2023 18:33:26 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 733C 0
0 65ms
64ms Image
text/html 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gpt_m202311130101&jk=4061356811091417&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

GET
H3 200 GOa2ZK97xVqw-WOSDw2lqG4V8l_qTiI5JNj0tnI6N88.js Show response
pagead2.googlesyndication.com/bg/ Frame A998 39 KB
15 KB 21ms
21ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/GOa2ZK97xVqw-WOSDw2lqG4V8l_qTiI5JNj0tnI6N88.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

18e6b664af7bc55ab0f963920f0da5a86e15f25fea4e223924d8f4b6723a37cf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 17:29:53 GMT
content-encoding: br
x-content-type-options: nosniff
age: 3813
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15296
x-xss-protection: 0
last-modified: Mon, 06 Nov 2023 16:38:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 27 Nov 2024 17:29:53 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame E490 0
0 57ms
57ms Image
text/html 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gda_r20231109&jk=654864279827728&bg=!7e6l7qHNAAZxrfrxUa07ADQBe5WfOI5VMfWhGXRcH_T_P054m_TZsh7k9Rkqa_Yw6ZDdo-fD-01vjvXVHrxJqbXKJ4ouAgAAAGFSAAAAAWgBB5kDH9-quOc84Q_fiKuhA-NecFOa5DQWW_Flnn5NtQjLmlrZ3337DlRwU8kuSBHh9hYeBPozqaMOTnOXnSviKumZsXQC0_F8eaq-aUgWr0S70l78OWR0MnWaaGrjng7TC2BzovF18JG-qjLWGAVehIqyQU2WN0X7qept0FncYkPUmwHTVCUJHa3YudWW7QoK5iXGSKRnWvlb49MSM6ThHFKRP-LutKqsgTUKMwDHnurVk_2kDZ--Pdyaz4gTIiArA2mLKsK6OZIRWGNt3mRZz_mNjNltc1hy5TncXwLYQJwQGfy1c97fuQGyKDDkaLb4K36mZZiXv_gWYCTYxCL8QVNDrSjPNIKKd93yN1KWzdE2DNWI3A0zow3yOlZOjwcQoF6oHPI1sUSAYsznZO4Ug3TXrl90qqrnBTvv5pfF38k70AeFHdNh_v7LfP6KanoLhD_xL5TfY6tlp1jvLV1WUeGHnf9Rl5UaIxcA1Q7ArvuKpb8Nxf27vvFe1Pqhby2KRpxqhRzYt1TQTRNZvYFF7ki1CC9mzFIfphbBC7v08t1I1GNY9rkBZfRG71stW8YJ19fp6OdYt5CfA2jaCSYeH8tvfxyppx3PxidmmdgtYvhHYFCReXx54MxAQIR_frKUtyb8kMnqwpAMMHTPvZT0fQKT6f6grkq9i_de1zlNBkaHQIVl57a9bn99C3QALqO_vSpXmpTlrIcvKyclDHKTdXCipwd1Oeu6RhvA9rtuxeaUVub-N_33HxXdsOImDQesoa4f_fGbfWIkcjiO-598rEDQ0jYhiJEgbgqgW4owf9CHl-2NljTngrBB6XRzLlB5oQ7RRhwMrwIJ8aBpVyixO9k5VuxkrukxVTC3K9ThluBmxtywvm8TLQckx278eME2sGE2p8LcHuSQr0qohVzTQOeZn3mZ9p4s1FJ28CosGn3e7C7ct0ygShmE77wzAq0nB_FMXJapwIprQVcHb-JOwxeySb2RwmbBKbmfGyqABrCfXri1NjcpQWQHOhGq0qrFCUwtgS1xiUbpktNuhmch4Ef5eriZzZuPtE5WEEH2_8lmU4k
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://47edc2055ebf6f705c8dda5bf6329e59.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 8451 0
0 63ms
58ms Image
text/html 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gda_r20231109&jk=3473004041416471&bg=!HxylHFPNAAZxrfrxUa07ADQBe5WfOIc3Z_ZHBpYNZL_d-UphOB-3OZmi4ohqw7d4p1LVKT337b4J8Ep2OA4FvKl7nCQEAgAAAGxSAAAAAWgBBwoABxd0ItHJtQ2ZAxiMoZcq4nwOTyS4zZXzyot_NA01EkrSrDYtb-0cy2Aq2pMW_nZYvwqciDvn6hBOMjpLJTxxOlw4an5o70IqGj2Lcx-95e-kQjBFUAXiQoCrV9rFlwqjr2kI6AdGt0FD34wbfrqYpHzVyhmGDOcWyuBiIRZWlzTzvIXWlNoL_jt4FND2mRd7G2d_swAqmyrYnpZrM3ibxgWQdkl5O6PD3pz_5pAmsy0gVMveR1zN7NEJnRHEjruCKeq7O_KhVFBCsJlLck9tl_GE-wf_C16TI1LdqOVnuUVTbcD1_Zuau_2X-7YqXCht2Wz6KAq5kZ_3LZ9YVegf-N8gTBQQTrgVQ0ZEeUmItuN8Kl4cKvmhlfITOwRVPcqZR4wR2hdnuEt_6TBE8hZtxf-X77bgHquIvi5c7B-EyU71Fz7rYeeiwSQIrbqOG7C200oy8Xl2TBjGNSqvEj8DV69U-xN8G3OsjGzo97fYkD9JeVkIiIllc6G6InOBqKm3yOi3LlC46pebNyJhO9J7jPlvzzEdUKAJ4i3CEMGgzBcQZrnq3OidGZdmpWdaOgz3s19cE1yaXPmBDNMYbwISgt01L6uFwU1yTNzqOy5a5Ezl0p0hWIXafbxONCJBuBzBL_YZ8R1ww1IYBGwch5--_SuW733wIQbLiFNTpgdGdoAi5aLxNX5YBDwYSKTxHfNeuBvsP9_kO8ZsAWXTOKpHnZ5kF1uJFspg_wF0DlAJaMewVlf2AuLTRSwRf-PgOYd0apR6BravtARS9GJrZtMuMA6KwOoKiazd4SpF1NOiOvCiGfbKoU56W7NlaawJ68J5NIMwMf4AhaCjn1UKDtXih8LIiSKl1jgtSIcBYlB5YClq0zAuPxfN6DPH625Za2e5q1xvWhOdEUswx5X8z5-f7-qldt4wvWvtLVT_ZznlLGjs1Dr5VbcU3lfW7BspxEjrw5Qqr5svuj_cIWyVx7elMJLzgFZ0PLaYuUVtQg-FaHz4Dmm5Zlx78G-aoX9kyMlZ2Ow1aD0astK1vQA7WOdxCiOwOJ_0k7YOnHj1dD5CORV__IQ
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://47edc2055ebf6f705c8dda5bf6329e59.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 58ED 0
0 58ms
58ms Image
text/html 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gda_r20231109&jk=2911161722174218&bg=!6uml6abNAAZxrfrxUa07ADQBe5WfOB0ZpQiqJ6eCEbQkag1kjgEgrEGaIV5rg5yj1ocF0hQT6hzNkdic1DT5waiZ2gqQAgAAAGZSAAAAAmgBB5kDC89K_j5KL-hhNYuTSeVr7c9qtaEnaqVBOMryaNl2e8FpvbIb2ArRVx6naPuWBjdMi98jk3P48AoRwPVrSLwtZmXBu6R_sVsh6VNRPmLEzSzrRCo3qxcCXDMc_0PJyOibrOV6qRRItqrmq24ZrqxOOOL3uX69AkXFyAndr9XbOMUNRoNiaOiX2J_Ua-2kg0pB5kYX9knPo0N01Jl6g7_cYiGzE4Cu6oR4kcZzH6GtzTkHQgvo9yTLJIDGw7tTgThp1RI9MxNgyP8trXlxBL3QbPedNIySBccjfmECkT81DLPI2wvskFMkHbRxcI7jGMtFYAbGthm5_oGtt7--Z5ZQufd8mBkFPhSsPzgas8560i0GRMonu8giBmZezA71-zuo5C8d7rLbaXwxRyfQT4Kxr9NBBLN2QBU-vIisTFCEL8dpFy5-W3zWe9qAxAWOABeccwm2QnL0bzeMADhNt1WFvEnv3ep-ZtAa76UA2eQnHH-6KKBLka-Gp0fgJw2mSc-2QFO8V7YXaHSsiAg1Yz4QWEawdepCX-tI095YK4P9e2vvBRQtf07dtsIevsqDbZUviiwGuZn8WahqoAHUiebVwm2Z_V-a_XHdl672GFD_zJFvDsU1XgZFAQXhjj2lDSlspXDOFoCQ0TtoVGrrqziL4G0ngd9wGShcr3kuJj0tg32-lcshQhLTRh0_NZClhqBlXhmByxfNKyArb4CuzGI7WtyGCNdiE2MvJCGrTrSsUMqDFDZiTu6nK5UidfI-sCDNa1Lg-my5WCXHfwiTd0iqDZe66Ze2FIzS8nk4Is-v47CCG00vQ_q5Y5_YhwNa3u86IW6H5oWsRAUOE6GdciIV0T1Xuu_zgyyLJY1ml_XH5w70zTNFC-0IYkK7IfIAP8G58wfp2giMibbn2x54eVCsnCuVqD7V0wCtydKiJ0jTOkpC0AWODSHgQ_usj7f4lQtL7Kw35oOqlPfMVQNcFU9aYW9vjKK8VilTTJdrDLZO2vI0vtYZXuEY-qKwZLSRpxX_W552VVn3c_TyaWco
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://47edc2055ebf6f705c8dda5bf6329e59.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame A998 0
10 B 21ms
21ms Image
text/plain 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?1REHQA
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 18:33:26 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

POST
H2 204 csi
csi.gstatic.com/ Frame 872E 0
54 B 133ms
133ms Ping
image/gif 2607:f8b0:4001:c20::5e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://csi.gstatic.com/csi?v=2&s=ima&dmc=8&puid=3~lpioezv6&c=1919415049429&slotId=959707524714.5&icc=1&icrh=0&icri=0&icrs=1&icru=0&icp=GoogleWhyThisAd&icdi=18x18&vmfc=3&vhc=0&wta=1&ytext_viu=0&ytext_hd=1&hghme=1
Requested by: Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/core/bridge3.605.0_en.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2607:f8b0:4001:c20::5e Council Bluffs, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 28 Nov 2023 18:33:26 GMT
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
server: Golfe2
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 csi
csi.gstatic.com/ Frame 872E 0
45 B 133ms
132ms Ping
image/gif 2607:f8b0:4001:c20::5e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://csi.gstatic.com/csi?v=2&s=ima&dmc=8&puid=4~lpiof05d&c=1919415049429&slotId=959707524714.5&qqid=CMSa6buq54IDFQNw4AodqdEPLg&gqid=djJmZa2XA9SEgAetmauIBQ&fb=ima_html5-lima&sdkv=h.3.605.0&mrd=10&aab=1&itv=1&met.4=ghmsh_s.lpiof05f~ghmsh_s.lpiof05g&ghmsh_hd=1&ghmsh_mi=22%2C18%2C&ghmsh_vi=134%2C136%2C243%2C247%2C&ghmsh_ai=139%2C140%2C250%2C&ghmsh_gvt=0&ams=1&vs=1280x720&vc=avc1.64001F&mt=video%2Fmp4&vsrc=youtube&bit=22&cpn=q-gBSxzisbrRG7zr
Requested by: Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/core/bridge3.605.0_en.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2607:f8b0:4001:c20::5e Council Bluffs, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 28 Nov 2023 18:33:26 GMT
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
server: Golfe2
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 help_outline_white_24dp_with_3px_trbl_padding.png
imasdk.googleapis.com/formats/wta/ Frame 872E 453 B
478 B 22ms
21ms Image
image/png 2a00:1450:4001:830::200a
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://imasdk.googleapis.com/formats/wta/help_outline_white_24dp_with_3px_trbl_padding.png?wp=ca-video-pub-7983651257838282

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e519cc4b7b8fdc64a7aaafc1b808cde266a234205aac0d6c55589c12446d565e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://imasdk.googleapis.com/js/core/bridge3.605.0_en.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 17:57:55 GMT
x-content-type-options: nosniff
age: 2131
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 453
x-xss-protection: 0
last-modified: Wed, 13 Oct 2021 14:28:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-doubleclick-instream-static"
report-to: {"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
content-type: image/png
cache-control: public, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 28 Nov 2023 18:47:55 GMT

GET
H2 200 BF3gSYUn7wpMb8JOPPmeq8-O2VAald4TgVUPCCkA_GEqMBxtulp0rhi6NthNIipLdEU35nvwn48=s48-c-k-c0x00ffffff-no-rj
yt3.ggpht.com/ Frame 872E 2 KB
2 KB 90ms
21ms Image
image/jpeg 2a00:1450:4001:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://yt3.ggpht.com/BF3gSYUn7wpMb8JOPPmeq8-O2VAald4TgVUPCCkA_GEqMBxtulp0rhi6NthNIipLdEU35nvwn48=s48-c-k-c0x00ffffff-no-rj

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

1f01e7b630ad2abbeac847633d3c040714f7c94ff371d6b4cb3e489947331ebe

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 15:36:14 GMT
x-content-type-options: nosniff
age: 10632
content-disposition: inline;filename="channels4_profile.jpg"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2117
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Wed, 29 Nov 2023 15:36:14 GMT

GET
H3 200 /
googleads.g.doubleclick.net/pagead/interaction/ Frame 872E 42 B
64 B 67ms
67ms Image
image/gif 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://googleads.g.doubleclick.net/pagead/interaction/?ai=CAo5rdjJmZcSHBYPggQepo7_wAqqx3790vInkzswSwPzB2q8JEAEg5rSCa2CVgoCAmAegAe2EwMspyAEFqQKzb43lTo4KPuACAKgDAZgEAKoExQJP0Owt8IRf5rzzripgJWzDJzpjCQFblI3FgsY4QJCCfFJ05yXyR1YUfCysJn-rhu1lcRtlh8isUTmCgnJMdUG_3J1eHEEFV2b0dOPtD4jb7JjTZ-dmCnoHAg377tGzG8HR0-kH-PKg_JTCPch3SifPrWNieotcooAdvB5mrkv1T7ScSf0de9Yej7RssRNI3lnxwimwPN2txl-HhB77jRaWxyNbkHNgehGMu7PuBiISPP0GRcitSpThJWD31q7OEXAuj6dqsdiur2FDhPFMLaLJPzsu8qAIcVc3lhJ7mxhsU-D_2uA9SZKDqVGhBN4bIzamHZKX45t3kvgZTmFPBaSOJbQ7wwL3yB2PncGOP_vwR7F3YU-HTc100iDGPGLK2WzRhxtj8tZ-GafejH-sH0s_O7gGP_ciL9IQGgpLm3a_tVq7ipDmwAT5_LWhwwTgBAGIBdmP1cZNoAZUgAftvJCrBKgH2baxAqgHjs4bqAeT2BuoB5zcG6gH7paxAqgH_p6xAqgH1ckbqAemvhuoB5oGqAfz0RuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAqgHyqmxAqgH66WxAtgHAagIAdIIFgiA4YAQEAEYHTICqgI6AoBASL39wTqxCXYROr4o_11QgAoDmAsByAsB0AsPogwUKhIKEOS0sQLutbECtbixAru7sQLaDBEKCxCwkeuYr_KawZcBEgIBA5oNAQ-qDQJERcgNAeINEwi1-ue7queCAxUDcOAKHanRDy7YEwLQFQGYFgH4FgGAFwE&sigh=4fuGUuEfXz0&label=show_ad&sdkv=h.3.605.0&vci=CmsIARIYcHViYWRzLmcuZG91YmxlY2xpY2submV0GgdBZFNlbnNlIAQqDDYzOTA0MTYwMjc0ODIMNjgyNjkwMzY4NDUxQOMCUiMQDyUAoJpEKAE6C2diUS1NUTdySHJNQglnb29nbGVhZHNQABgB

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 28 Nov 2023 18:33:26 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 adview
pubads.g.doubleclick.net/pagead/ Frame 872E 0
0 61ms
61ms Image
text/html 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pubads.g.doubleclick.net/pagead/adview?ai=CyuCDdjJmZcSHBYPggQepo7_wAqqx3790vInkzswSwPzB2q8JEAEg5rSCa2CVgoCAmAegAe2EwMspyAEFqQKzb43lTo4KPuACAKgDAZgEAKoEwgJP0Owt8IRf5rzzripgJWzDJzpjCQFblI3FgsY4QJCCfFJ05yXyR1YUfCysJn-rhu1lcRtlh8isUTmCgnJMdUG_3J1eHEEFV2b0dOPtD4jb7JjTZ-dmCnoHAg377tGzG8HR0-kH-PKg_JTCPch3SifPrWNieotcooAdvB5mrkv1T7ScSf0de9Yej7RssRNI3lnxwimwPN2txl-HhB77jRaWxyNbkHNgehGMu7PuBiISPP0GRcitSpThJWD31q7OEXAuj6dqsdiur2FDhPFMLaLJPzsu8qAIcVc3lhJ7mxhsU-D_2uA9SZKDqVGhBN4bIzamHZKX45t3kvgZTmFPBaSOJbQ7wwL3yEWOF4HMLTGI1VKUvg9xkqGjFQUR-y8XPSEMSwBE-CV3Mr8_Xbjs6baeFZYe8gL9CgX18iRng9NCSRdmwAT5_LWhwwTgBAGIBdmP1cZNkgURCBIQBRgPMLO9rPeQxo_agQGgBlSAB-28kKsEqAfZtrECqAeOzhuoB5PYG6gHnNwbqAfulrECqAf-nrECqAfVyRuoB6a-G9gHAfIHBBDV7QyoCAHSCBYIgOGAEBABGB0yAqoCOgKAQEi9_cE6mgkraHR0cHM6Ly95b3V0dS5iZS9nYlEtTVE3ckhyTT9mZWF0dXJlPXNoYXJlZIAKA8gLAaIMFCoSChDktLEC7rWxArW4sQK7u7EC4g0TCLX657uq54IDFQNw4AodqdEPLsITBhjthMDLKdgTAtAVAZgWAYAXAbIXHgocCAASFHB1Yi02NTkzNTIzMjEwMDEwMTU0GOrBbQ&sigh=7-dI3qpZ1UU&cmd=Ch1jYS12aWRlby1wdWItNzk4MzY1MTI1NzgzODI4MhAAGAI&uach_m=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&ase=2&nis=4&cid=CAQSTQDICaaNRJl7gdoWLojhsRXdQwapmq684URD5OBS7-3CC-skxBIUYr2bwTWw7nHOEuGOYGBjhgUc2MyWrgjflHc9K7bNo7iYhc-TotvXGAE&vt=10&sdkv=h.3.605.0&vci=CmsIARIYcHViYWRzLmcuZG91YmxlY2xpY2submV0GgdBZFNlbnNlIAQqDDYzOTA0MTYwMjc0ODIMNjgyNjkwMzY4NDUxQOMCUiMQDyUAoJpEKAE6C2diUS1NUTdySHJNQglnb29nbGVhZHNQABgB
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

POST
H2 200 tracking-event Show response
api.webgains.io/ Frame 1EDA 16 B
209 B 81ms
81ms Fetch
application/json 18.134.20.61
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://api.webgains.io/tracking-event

Requested by

Host: analytics.webgains.io
URL: https://analytics.webgains.io/pvClk.min.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

18.134.20.61 London, United Kingdom, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-18-134-20-61.eu-west-2.compute.amazonaws.com

Software

nginx / PHP/8.1.14

Resource Hash

c955e57777ec0d73639dca6748560d00aa5eb8e12f13ebb2ed9656add3908f97

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
Content-Type: application/json

Response headers

date: Tue, 28 Nov 2023 18:33:26 GMT
x-content-type-options: nosniff
server: nginx
x-powered-by: PHP/8.1.14
content-type: application/json
access-control-allow-origin: *
cache-control: no-cache, private
x-xss-protection: 1; mode=block

OPTIONS
H2 204 tracking-event
api.webgains.io/ Frame 0
0 40ms
39ms Preflight 18.134.20.61
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://api.webgains.io/tracking-event
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.134.20.61 London, United Kingdom, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-134-20-61.eu-west-2.compute.amazonaws.com
Software: nginx /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://as.ad4m.at
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

access-control-allow-headers: Authorization, Content-Type
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS
access-control-allow-origin: *
date: Tue, 28 Nov 2023 18:33:26 GMT
server: nginx

POST
H2 204 csi
csi.gstatic.com/ 0
54 B 133ms
132ms Ping
image/gif 2607:f8b0:4001:c20::5e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://csi.gstatic.com/csi?v=2&s=ima&dmc=8&top=1&puid=1~lpioeybe&c=1919415049429&slotId=959707524714.5&eee=missing-element&bi=missing-id
Requested by: Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2607:f8b0:4001:c20::5e Council Bluffs, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://foreks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 28 Nov 2023 18:33:26 GMT
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
server: Golfe2
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 206
Partial Content videoplayback
rr4---sn-4g5ednde.googlevideo.com/ 6 MB
0 324ms
245ms Media
video/mp4 2a00:1450:4001:17::9
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://rr4---sn-4g5ednde.googlevideo.com/videoplayback?expire=1701225206&ei=djJmZYvyD6nni9oPj6OE4A0&ip=2001:1b60:1010:3:1012:3ffe:6b0c:273f&id=81b43e310eeb1eb3&itag=22&source=youtube&requiressl=yes&xpc=Eghovf3BOnoBAQ==&mh=u8&mm=31&mn=sn-4g5ednde&ms=au&mv=m&mvi=4&pl=44&susc=gvp&acao=yes&ctier=L&mime=video/mp4&vprv=1&dur=1237.066&lmt=1701144837228569&mt=1701195443&cpn=q-gBSxzisbrRG7zr&txp=3308224&sparams=expire,ei,ip,id,itag,source,requiressl,xpc,susc,acao,ctier,mime,vprv,dur,lmt&sig=ANLwegAwRgIhAJliAvevdKrULlmOYEHBQhpBRbh0lPsOIzGRFkRnGAhxAiEA0LSHXQzhjnTC9y3fpyRS6aEEDN5xOHfb0D4XdoF5Oho=&lsparams=mh,mm,mn,ms,mv,mvi,pl&lsig=AM8Gb2swRgIhAJUN15tcZqXUpM-nmujy1f5ww0gissiP0aecLn5nZq_PAiEA5MZBytz6KBEXba2CUd4KRtm0-m7ErLPCICgdeuEvDpc=

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:17::9 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

gvs 1.0 /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://foreks.com/
Accept-Encoding: identity;q=1, *;q=0
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
Range: bytes=0-

Response headers

Date: Tue, 28 Nov 2023 18:33:26 GMT
X-Content-Type-Options: nosniff
Last-Modified: Tue, 28 Nov 2023 04:13:57 GMT
Server: gvs 1.0
Vary: Origin
Content-Type: video/mp4
Content-Range: bytes 0-275690092/275690093
Cache-Control: private, max-age=28500
Cross-Origin-Resource-Policy: cross-origin
Connection: close
Accept-Ranges: bytes
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,quic=":443"; ma=2592000; v="46"
Content-Length: 275690093
Expires: Tue, 28 Nov 2023 18:33:26 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 53C5 0
0 58ms
58ms Image
text/html 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gda_r20231109&jk=381731750731463&bg=!-fql-rXNAAZxrfrxUa07ADQBe5WfOFbzafiWaDrNKS0SLLEGdH8nsbubk5O2ql5e0xTcljaogoTVaAkXRfr_vPhUfBPsAgAAAEZSAAAAAWgBBwoAJnHCViurOqHgH9tG9xt2ywVT3hUiNZ8nLsmO62wi2D3nIvosF-Y6mQL-ISyEwg_pe3J2lSa-plOxo1_ftqDI9NrJDmSF47ERRT6MW-__jzjqQ5Fzz9wIRee0-klvlXupzZM0ry38yRHc6geal9m9Qk04l8rpVgBaqrDzA28avvh8cKR0fR9oBi2vkjamFzLF9eg3JXZ67qvIMOfzDiClwAlHcHSqDBv3UgrdGRY9rFF5jeJNX2MWZ2d7yENL7wyBnQtZJXPr9iwxOPqwCd0g9DQTZ_jIB-hJYiZ6CdIC6k9SL2PCVn8u3eehRJrJqcVhR0GKJ7TxZYi0cIavINVqmAs1S_o2twf_bQb-vY244frGcRFfcG57XCQyKpmgZNvd-Y5_gzfZJv18blsnXCDenm7OYXP-60tVUklUpDVkCiVTvqioEnUkPeKxKbLStYJHhNfnBkGyiltE118rN7Hhy8pEpK35cY6HhmSVPJdL11Pdybq_mX93evrEf5DQ609sfVOOSITa7EzpEK8HlCF4w7HXmk-k-haBWeJC9tD9lU_5ygmWmEzYu60WWWwqSu-8YBhaMsrrtltB-0sNWHpZsJzFBLMyP9MRz4xc0PqwZSqitZhkzZlwVL-AcJ3vrWFagNsNmTrMoyABh1EiLTx-_CkZgSd_JZtcQq5zb9B00kWQOhhmRfs-VJF7YbI7K0z4h1-qp3aijtr9qyNATqaGA_hu2puAuntiFZ8ozNQn5U2x-GUCxeUnotWLny1ZVhoAD30hukWrQdjjEB6pruR2zxSykBY3Vyfs8XwVYJkOAU23Rz_Vdy9Ro0mM0EQaVr85sReo8BA25m3VlDSKaA8MQy0VIa8FWrUnaYKd4UnP6mQ9ez51K2WTls5JKZhC1_9hjB-YnDrSRvLGK3stzmGEMkoEqrnMS9lmIu42JE6Kc6lA3bTJfn3-3IfYujowqnne3uXzhligeAbhK_3jaXe0Uc477b_BgzAlsRZlgNJ2vHBMLqA9btr0NOUfEaUQQONRfj0e3BzGATLlD_z6DJGu_1a4QFCnz0EaFwWsh_ciM3v-a2VszqgJSA
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://47edc2055ebf6f705c8dda5bf6329e59.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 2BD2 0
0 58ms
58ms Image
text/html 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gda_r20231109&jk=1540846799569571&bg=!PD-lP3DNAAZxrfrxUa07ADQBe5WfOLbchJGvyvqqXnVG6nHZi_4Mt4Txs1QHnqXO1bkfFhFlSUv_KAqfT8mFYnfq1HfDAgAAAEJSAAAAAWgBB5kDBVR17ZjdVbC2X5UJcQP__07qcMdMDXzSAJQyyBy8wy5KNQqFCLoUBZUycbvHDJJDcy1-7KYFGcGZtuicQ-XyUNDB3nYBgI5wvMmVGYydQd7p55H6CNCyseylvAXOtYL57Olx703KIdQJKLHx7mKCC0XWVL1X_DUbjmfbCoC6x-KKy5Sn27weX4YTug4Fi6edbc7BT6Hwkw0pIhMgdBscNltSj6h3vY_aB3COaHIIuzWQiucI9abanYRL1y8xIS6jbOfu5r9inJNSf0p6XMWR3q3fOMPZoN9weCnEBXzbzMAQE6PoxvaEGNlpkhUSLDUlCVJexDPPXMpKVjzHM71qf-XyDufItdyK5bGILjsOQfa-tPaFSUS2N_usvDrTzbY1T-uR1j59qSiIvlGhXBSbGEIiGIjTt12zMCgIjsniHWS845Zmqzmph_yO0MJD-VoEssHZ2TGGjwvjFWrq115-eV9RLk_FR4HfFPpwMOyP95QPfaMmJuOR0D_vdZqi01Ctl1GcdzON5hvQaEQ_AxOvPUzNXix0UBXU4uIob2AkpsdVVSYyDFNCxaL1m5LHB0lou4bpoITicvYw__gPbU54DAm02QyOC4trDbHQ1aSv3g_Jsgz_CzeWWGywMUYYzKiUHHNG2AsmX09krikOgPH-gkjeFy2EqJABG818B24P1kqeoNujF_OJx54461kSXBqzAvqmviA36KY96nV8t9O1bWxETFyS6HHzHgmTq2ebHqv5lSWslPLFSQNNAjE_KMe9tPXfeX1UVppFfdIHaA2k8fYm2SZYhLTSMnl_75WCS36ZakyKKTL71WJc4IUoOd41NiH7aItdapqg6pHv5hFsHWEaJ54-7YnxvofWNDjiyxth4YLL0wjRuG6zwe3EcAqrNcFcLojIJ-xsYsZ6GZi8x5_F7fcLSeajtgG07iDdDsQ8qfrak8Fccy9ruICFgptTMhUVncalaFEZr1j9UU_dGwmVaioZ5FPX9S89loNPTEoh66gWa1SWP32OI5FWsTMA_j3eHGj5
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://47edc2055ebf6f705c8dda5bf6329e59.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

POST
H2 200 fire Show response
wsdkapi.netmera.com/sdk/3.0/event/ 0
234 B 57ms
56ms Fetch 185.57.65.123
VMIND

General

Check archive.org

Show headers Download Go to

Full URL

https://wsdkapi.netmera.com/sdk/3.0/event/fire

Requested by

Host: cdn.netmera-web.com
URL: https://cdn.netmera-web.com/wsdkjs/OcYc2nxy4-IE1PVMgxSo2cIXLNyzI3PXAb6uUisJim44jRp89r7eWQ

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

185.57.65.123 Istanbul, Turkey, ASN9215 (VMIND, TR),

Reverse DNS

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

x-netmera-os: CHROME
accept-language: de-DE,de;q=0.9
x-netmera-device-type: DESKTOP
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type: application/json
accept: application/json
x-netmera-sdkv: 4.2.22
Referer: https://foreks.com/
x-netmera-api-key: OcYc2nxy4-IE1PVMgxSo2cIXLNyzI3PXAb6uUisJim44jRp89r7eWQ

Response headers

date: Tue, 28 Nov 2023 18:33:26 GMT
x-content-type-options: nosniff
server: nginx
access-control-allow-methods: GET, POST, PUT, OPTIONS
access-control-allow-origin: *
x-robots-tag: noindex
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
content-length: 0
x-xss-protection: 1; mode=block

OPTIONS
H2 204 fire
wsdkapi.netmera.com/sdk/3.0/event/ Frame 0
0 55ms
55ms Preflight 185.57.65.123
VMIND

General

Check archive.org

Show headers Download Go to

Full URL: https://wsdkapi.netmera.com/sdk/3.0/event/fire
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 185.57.65.123 Istanbul, Turkey, ASN9215 (VMIND, TR),
Reverse DNS
Software: nginx /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type,x-netmera-api-key,x-netmera-device-type,x-netmera-os,x-netmera-sdkv
Access-Control-Request-Method: POST
Origin: https://foreks.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
access-control-max-age: 1728000
content-length: 0
content-type: *
date: Tue, 28 Nov 2023 18:33:26 GMT
server: nginx

GET
H2 200 64f0a04de4b0a5353b11e8c6
ng2.virgul.com/tck/imp/ 0
209 B 60ms
59ms Image
text/plain 185.7.176.222
SH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ng2.virgul.com/tck/imp/64f0a04de4b0a5353b11e8c6?g=1&t=gb&r=158735@site_geneli@foreks:site_geneli&l=&c=%2Cas%2Crc0%2Chf1%2Cvv1&info=&mt=1701196402186&userId=vnet7b02ca45-a86b-447b-abe0-0c93ef55687a
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 185.7.176.222 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://foreks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

access-control-allow-origin: https://foreks.com
date: Tue, 28 Nov 2023 18:33:26 GMT
access-control-allow-credentials: true
expires: Tue, 04 Jan 2022 10:49:40 GMT
server: openresty/1.15.8.3
content-length: 0
p3p: CP='IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT'

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ 0
0 58ms
58ms Image
text/html 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gpt_m202311130101&jk=4061356811091417&bg=!paalpunNAAZxrfrxUa07ADQBe5WfOHUnKFEe-SMUSIJepEwcm5q16IgoSvg8HYz7cJJ8f39SIxXrgGBoVA7fNUEUyaS1AgAAAIxSAAAAAmgBBwoAnHjw42quggJEhUZq1yHFSccLFC7f_HFiw9MDl1qTXTXrNSpM65S4QdNLbz-yp2pqTR22HmTLKsNSzwWcCWDdccPWGhMzfcNGgFnPObUQr9Z5QnoHeq59K_CpBYMi3OVS5HVUaUg3rnMmrQb-TCAQiDBYhUc2FXfuY5xGBxJcOTS1OcYd7RkLiDWc0u_VgqyhMbI_NdRKTbv9sWsSZpkCxcTxa8Vhz2i91Yi_J1DDyt-vGJR5jC6mNjzWlEwVrWoY9LzZbjpbLlUr1FH7OAjaHWqIeEDWp_R1Gy14_paPlFwA1GhfvihmEOqKZLCulZ5LDcM_OZWpkFsz6lL5n6SWcfwv9kaFwHslPYMcJGUsjZ99NqO-x7f-t1AhFNLmjuHtLZWzdlAFRtBr4BzqndkRNG0n3L72cFUeqiynKNuxhodPlivNCk8X4Fsm0BvPbJ8kVf1wz-9NuV3v5gdH-FLGZ5wKheD00JY_AJsK0c4C7w4_3T6jq3lIZgce7J4m0r1gzhGFr4btb3Ogu_3Bv5-IF3soDv0u6R-GgZm8ODkhxEAK_BxPdT6xDOd5N5f97s7SI1AxRSGieHOdg3uAeWrF-rBvaLeOnJ2gdAZdpxvZgTtnZ2YcRMVz1ZE_pDm7oGUYf5I41V6qu5KFcMC2t0bMw9wvLDzxuj0jh1piOqeIMg-99Fw3AeWYAGGJ1qpk_IK2DhxVMUq0worUicvNUKhjQkz-984dvXH_iopGY04ebbUGdP6CfjANkCPaO-s0Dy-7qVlAi7MVl16L4X-mHE3DVE4rPPdPl96tNcj1vSWFGqOZaycIpBDtAmtYBYE2QYOgfw-RhiVF5L83TjlYZfOHG5wvPEUtxbbOrW-0hI4Uqb6Sv1wPYppbBn9yP_MpNdmcmTCnCYShYQFQhsCXMQT5XO3t1o2JWBm-PqmDPj4t6XRRFvkTJWT-F-JVzsLp6wSmDe8hLuGK9AGIDdzlGW4XkOkxpiW-DYSSb5XsQf6InxgBhwVYbcUYWxtxgi9htoukxnPKiyPnAwzN5jOemkAbD3zmdN1AXAY6hqdcAUXpNkSBbswTbUgBqLZAPmuOL4p6L0XZTPbaToRTgvfqvvBGG8aEuokx3tDd5uV7iCJj5ca1sF7iTa3MruYrsY3IyuPAWsqKCMg
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://foreks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

POST
H3 204 csi
csi.gstatic.com/ 0
17 B 133ms
132ms Ping
image/gif 2607:f8b0:4001:c20::5e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://csi.gstatic.com/csi?v=2&s=ima&dmc=8&top=1&puid=2~lpiof080&c=1919415049429&slotId=959707524714.5&met.4=hvd_lc.lpiof080~hvd_ad.lpiof080~hvd_mad.lpiof080~hvd_admu.lpiof080~hvd_src.lpiof080
Requested by: Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2607:f8b0:4001:c20::5e Council Bluffs, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://foreks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 28 Nov 2023 18:33:27 GMT
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
server: Golfe2
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 64f0a04de4b0a5353b11e8c6
ng2.virgul.com/tck/imp/ 0
209 B 60ms
60ms Image
text/plain 185.7.176.222
SH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ng2.virgul.com/tck/imp/64f0a04de4b0a5353b11e8c6?g=1&t=gb&r=158735@site_geneli@foreks:site_geneli&l=&c=%2Cas%2Crc0%2Chf1%2Cvv1&info=&mt=1701196402186&userId=vnet7b02ca45-a86b-447b-abe0-0c93ef55687a
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 185.7.176.222 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://foreks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

access-control-allow-origin: https://foreks.com
date: Tue, 28 Nov 2023 18:33:27 GMT
access-control-allow-credentials: true
expires: Tue, 04 Jan 2022 10:49:40 GMT
server: openresty/1.15.8.3
content-length: 0
p3p: CP='IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT'

POST
H/1.1 204
No Content collect Show response
u.clarity.ms/ 0
290 B 124ms
123ms XHR
text/plain 4.227.249.197
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://u.clarity.ms/collect
Requested by: Host: www.clarity.ms
URL: https://www.clarity.ms/s/0.7.18/clarity.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 4.227.249.197 Tappahannock, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: application/x-clarity-gzip
Referer: https://foreks.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Access-Control-Allow-Origin: https://foreks.com
Date: Tue, 28 Nov 2023 18:33:27 GMT
Access-Control-Allow-Credentials: true
Server: nginx/1.18.0 (Ubuntu)
Connection: keep-alive
Vary: Origin
Request-Context: appId=cid-v1:9c7c879b-c51a-427e-9701-218438da5f81

POST
H3 204 collect
region1.analytics.google.com/g/ 0
17 B 39ms
39ms Ping
text/plain 2001:4860:4802:34::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.analytics.google.com/g/collect?v=2&tid=G-3HPQ6LZVLP&gtm=45je3b81v9118958463z8888287377&_p=1701196400996&gcd=11l1l1l1l1&dma_cps=sypham&dma=1&cid=1202893231.1701196401&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_eu=AEI&sid=1701196401&sct=1&seg=0&dl=https%3A%2F%2Fforeks.com%2F&dt=Piyasalar%2C%20Canl%C4%B1%20Borsa%2C%20D%C3%B6viz%2C%20Alt%C4%B1n%20Fiyatlar%C4%B1%20-%20Foreks&_s=3&tfd=7922
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-3HPQ6LZVLP
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://foreks.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Tue, 28 Nov 2023 18:33:28 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://foreks.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 collect
region1.analytics.google.com/g/ 0
17 B 37ms
37ms Ping
text/plain 2001:4860:4802:34::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.analytics.google.com/g/collect?v=2&tid=G-4Y6C81V13E&gtm=45je3b81v888287377&_p=1701196400996&gcd=11l1l1l1l1&dma_cps=sypham&dma=1&cid=1202893231.1701196401&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_eu=AEII&sid=1701196401&sct=1&seg=1&dl=https%3A%2F%2Fforeks.com%2F&dt=Piyasalar%2C%20Canl%C4%B1%20Borsa%2C%20D%C3%B6viz%2C%20Alt%C4%B1n%20Fiyatlar%C4%B1%20-%20Foreks&_s=5&tfd=7923
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-4Y6C81V13E&l=dataLayer&cx=c
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://foreks.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Tue, 28 Nov 2023 18:33:28 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://foreks.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 64f0a04de4b0a5353b11e8c6
ng2.virgul.com/tck/imp/ 0
209 B 61ms
61ms Image
text/plain 185.7.176.222
SH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ng2.virgul.com/tck/imp/64f0a04de4b0a5353b11e8c6?g=1&t=gb&r=158735@site_geneli@foreks:site_geneli&l=&c=%2Cas%2Crc0%2Chf1%2Cvv1&info=&mt=1701196402186&userId=vnet7b02ca45-a86b-447b-abe0-0c93ef55687a
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 185.7.176.222 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://foreks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

access-control-allow-origin: https://foreks.com
date: Tue, 28 Nov 2023 18:33:28 GMT
access-control-allow-credentials: true
expires: Tue, 04 Jan 2022 10:49:40 GMT
server: openresty/1.15.8.3
content-length: 0
p3p: CP='IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT'

GET
H2 200 64f0a04de4b0a5353b11e8c6
ng2.virgul.com/tck/imp/ 0
209 B 60ms
59ms Image
text/plain 185.7.176.222
SH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ng2.virgul.com/tck/imp/64f0a04de4b0a5353b11e8c6?g=1&t=gb&r=158735@site_geneli@foreks:site_geneli&l=&c=%2Cas%2Crc0%2Chf1%2Cvv1&info=&mt=1701196402186&userId=vnet7b02ca45-a86b-447b-abe0-0c93ef55687a
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 185.7.176.222 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://foreks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

access-control-allow-origin: https://foreks.com
date: Tue, 28 Nov 2023 18:33:29 GMT
access-control-allow-credentials: true
expires: Tue, 04 Jan 2022 10:49:40 GMT
server: openresty/1.15.8.3
content-length: 0
p3p: CP='IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT'

GET
H2 200 64f0a04de4b0a5353b11e8c6
ng2.virgul.com/tck/imp/ 0
209 B 61ms
60ms Image
text/plain 185.7.176.222
SH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ng2.virgul.com/tck/imp/64f0a04de4b0a5353b11e8c6?g=1&t=gb&r=158735@site_geneli@foreks:site_geneli&l=&c=%2Cas%2Crc0%2Chf1%2Cvv1&info=&mt=1701196402186&userId=vnet7b02ca45-a86b-447b-abe0-0c93ef55687a
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 185.7.176.222 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://foreks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

access-control-allow-origin: https://foreks.com
date: Tue, 28 Nov 2023 18:33:30 GMT
access-control-allow-credentials: true
expires: Tue, 04 Jan 2022 10:49:40 GMT
server: openresty/1.15.8.3
content-length: 0
p3p: CP='IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT'

GET
H2 200 64633daae4b0e20873d6f248
ng2.virgul.com/tck/imp/ 0
209 B 60ms
60ms Image
text/plain 185.7.176.222
SH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ng2.virgul.com/tck/imp/64633daae4b0e20873d6f248?g=1&t=gb&r=158528@site_geneli@foreks:site_geneli&l=&c=%2Cas%2Crc0%2Chf1%2Cvv1&info=&mt=1701196402186&userId=vnet7b02ca45-a86b-447b-abe0-0c93ef55687a
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 185.7.176.222 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://foreks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

access-control-allow-origin: https://foreks.com
date: Tue, 28 Nov 2023 18:33:31 GMT
access-control-allow-credentials: true
expires: Tue, 04 Jan 2022 10:49:40 GMT
server: openresty/1.15.8.3
content-length: 0
p3p: CP='IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT'

POST
H2 200 all
csm.eu.criteo.net/ Frame F869 0
127 B 45ms
45ms Ping
text/plain 2a02:2638:3::1a
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::1a , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Finatra /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://ads.eu.criteo.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: *
date: Tue, 28 Nov 2023 18:33:31 GMT
strict-transport-security: max-age=31536000; preload;
cross-origin-resource-policy: cross-origin
server: Finatra
content-length: 0

POST
H2 200 all
csm.eu.criteo.net/ Frame C8AE 0
127 B 45ms
45ms Ping
text/plain 2a02:2638:3::1a
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::1a , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Finatra /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://ads.eu.criteo.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: *
date: Tue, 28 Nov 2023 18:33:30 GMT
strict-transport-security: max-age=31536000; preload;
cross-origin-resource-policy: cross-origin
server: Finatra
content-length: 0

GET
H3 200 /
googleads.g.doubleclick.net/pagead/interaction/ Frame 872E 42 B
64 B 91ms
91ms Image
image/gif 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://googleads.g.doubleclick.net/pagead/interaction/?ai=CAo5rdjJmZcSHBYPggQepo7_wAqqx3790vInkzswSwPzB2q8JEAEg5rSCa2CVgoCAmAegAe2EwMspyAEFqQKzb43lTo4KPuACAKgDAZgEAKoExQJP0Owt8IRf5rzzripgJWzDJzpjCQFblI3FgsY4QJCCfFJ05yXyR1YUfCysJn-rhu1lcRtlh8isUTmCgnJMdUG_3J1eHEEFV2b0dOPtD4jb7JjTZ-dmCnoHAg377tGzG8HR0-kH-PKg_JTCPch3SifPrWNieotcooAdvB5mrkv1T7ScSf0de9Yej7RssRNI3lnxwimwPN2txl-HhB77jRaWxyNbkHNgehGMu7PuBiISPP0GRcitSpThJWD31q7OEXAuj6dqsdiur2FDhPFMLaLJPzsu8qAIcVc3lhJ7mxhsU-D_2uA9SZKDqVGhBN4bIzamHZKX45t3kvgZTmFPBaSOJbQ7wwL3yB2PncGOP_vwR7F3YU-HTc100iDGPGLK2WzRhxtj8tZ-GafejH-sH0s_O7gGP_ciL9IQGgpLm3a_tVq7ipDmwAT5_LWhwwTgBAGIBdmP1cZNoAZUgAftvJCrBKgH2baxAqgHjs4bqAeT2BuoB5zcG6gH7paxAqgH_p6xAqgH1ckbqAemvhuoB5oGqAfz0RuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAqgHyqmxAqgH66WxAtgHAagIAdIIFgiA4YAQEAEYHTICqgI6AoBASL39wTqxCXYROr4o_11QgAoDmAsByAsB0AsPogwUKhIKEOS0sQLutbECtbixAru7sQLaDBEKCxCwkeuYr_KawZcBEgIBA5oNAQ-qDQJERcgNAeINEwi1-ue7queCAxUDcOAKHanRDy7YEwLQFQGYFgH4FgGAFwE&sigh=4fuGUuEfXz0&label=video_ad_loaded&sdkv=h.3.605.0&vci=Co8BCAESGHB1YmFkcy5nLmRvdWJsZWNsaWNrLm5ldBoHQWRTZW5zZSAEKgw2MzkwNDE2MDI3NDgyDDY4MjY5MDM2ODQ1MUDjAlIjEA8lAKCaRCgBOgtnYlEtTVE3ckhyTUIJZ29vZ2xlYWRzUABaImRvdWJsZWNsaWNrYnlnb29nbGUuY29tLW9taWQtdmlkZW8YAQ..

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 28 Nov 2023 18:33:31 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 adview
pubads.g.doubleclick.net/pagead/ Frame 872E 0
0 112ms
68ms Fetch
text/html 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://pubads.g.doubleclick.net/pagead/adview?ai=CyuCDdjJmZcSHBYPggQepo7_wAqqx3790vInkzswSwPzB2q8JEAEg5rSCa2CVgoCAmAegAe2EwMspyAEFqQKzb43lTo4KPuACAKgDAZgEAKoEwgJP0Owt8IRf5rzzripgJWzDJzpjCQFblI3FgsY4QJCCfFJ05yXyR1YUfCysJn-rhu1lcRtlh8isUTmCgnJMdUG_3J1eHEEFV2b0dOPtD4jb7JjTZ-dmCnoHAg377tGzG8HR0-kH-PKg_JTCPch3SifPrWNieotcooAdvB5mrkv1T7ScSf0de9Yej7RssRNI3lnxwimwPN2txl-HhB77jRaWxyNbkHNgehGMu7PuBiISPP0GRcitSpThJWD31q7OEXAuj6dqsdiur2FDhPFMLaLJPzsu8qAIcVc3lhJ7mxhsU-D_2uA9SZKDqVGhBN4bIzamHZKX45t3kvgZTmFPBaSOJbQ7wwL3yEWOF4HMLTGI1VKUvg9xkqGjFQUR-y8XPSEMSwBE-CV3Mr8_Xbjs6baeFZYe8gL9CgX18iRng9NCSRdmwAT5_LWhwwTgBAGIBdmP1cZNkgURCBIQBRgPMLO9rPeQxo_agQGgBlSAB-28kKsEqAfZtrECqAeOzhuoB5PYG6gHnNwbqAfulrECqAf-nrECqAfVyRuoB6a-G9gHAfIHBBDV7QyoCAHSCBYIgOGAEBABGB0yAqoCOgKAQEi9_cE6mgkraHR0cHM6Ly95b3V0dS5iZS9nYlEtTVE3ckhyTT9mZWF0dXJlPXNoYXJlZIAKA8gLAaIMFCoSChDktLEC7rWxArW4sQK7u7EC4g0TCLX657uq54IDFQNw4AodqdEPLsITBhjthMDLKdgTAtAVAZgWAYAXAbIXHgocCAASFHB1Yi02NTkzNTIzMjEwMDEwMTU0GOrBbQ&sigh=7-dI3qpZ1UU&cmd=Ch1jYS12aWRlby1wdWItNzk4MzY1MTI1NzgzODI4MhAAGAI&uach_m=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&ase=2&nis=4&cid=CAQSTQDICaaNRJl7gdoWLojhsRXdQwapmq684URD5OBS7-3CC-skxBIUYr2bwTWw7nHOEuGOYGBjhgUc2MyWrgjflHc9K7bNo7iYhc-TotvXGAE&sdkv=h.3.605.0
Requested by: Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/core/bridge3.605.0_en.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

GET
H3 200 Oy6hyfNY.js Show response
tpc.googlesyndication.com/sodar/ Frame 872E 41 KB
15 KB 23ms
22ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Oy6hyfNY.js

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/core/bridge3.605.0_en.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3b2ea1c9f3587781b58285cf64279e67f6329a3924fb93f81529f1826e2f4d16

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Fri, 24 Nov 2023 20:50:19 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 337392
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15406
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 23 Nov 2024 20:50:19 GMT

GET
H3 200 /
googleads.g.doubleclick.net/pagead/interaction/ Frame 872E 42 B
64 B 92ms
91ms Image
image/gif 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://googleads.g.doubleclick.net/pagead/interaction/?ai=CBl4RdjJmZcSHBYPggQepo7_wAqqx3790vInkzswSwPzB2q8JEAEg5rSCa2CVgoCAmAegAe2EwMspyAEFqQKzb43lTo4KPuACAKgDAZgEAKoEwgJP0Owt8IRf5rzzripgJWzDJzpjCQFblI3FgsY4QJCCfFJ05yXyR1YUfCysJn-rhu1lcRtlh8isUTmCgnJMdUG_3J1eHEEFV2b0dOPtD4jb7JjTZ-dmCnoHAg377tGzG8HR0-kH-PKg_JTCPch3SifPrWNieotcooAdvB5mrkv1T7ScSf0de9Yej7RssRNI3lnxwimwPN2txl-HhB77jRaWxyNbkHNgehGMu7PuBiISPP0GRcitSpThJWD31q7OEXAuj6dqsdiur2FDhPFMLaLJPzsu8qAIcVc3lhJ7mxhsU-D_2uA9SZKDqVGhBN4bIzamHZKX45t3kvgZTmFPBaSOJbQ7wwL3yEWOF4HMLTGI1VKUvg9xkqGjFQUR-y8XPSEMSwBE-CV3Mr8_Xbjs6baeFZYe8gL9CgX18iRng9NCSRdmwAT5_LWhwwTgBAGIBdmP1cZNoAZUgAftvJCrBKgH2baxAqgHjs4bqAeT2BuoB5zcG6gH7paxAqgH_p6xAqgH1ckbqAemvhuoB5oGqAfz0RuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAqgHyqmxAqgH66WxAtgHAagIAdIIFgiA4YAQEAEYHTICqgI6AoBASL39wTqACgPICwGiDBQqEgoQ5LSxAu61sQK1uLECu7uxAtoMEQoLELCR65iv8prBlwESAgEDqg0CREXiDRMItfrnu6rnggMVA3DgCh2p0Q8u2BMC0BUBmBYB-BYBgBcB&sigh=09766O7j0L0&cmd=Ch1jYS12aWRlby1wdWItNzk4MzY1MTI1NzgzODI4MhAAGAI&label=vast_creativeview&ad_mt=0&sdkv=h.3.605.0&vci=CpIBCAESGHB1YmFkcy5nLmRvdWJsZWNsaWNrLm5ldBoHQWRTZW5zZSAEKgw2MzkwNDE2MDI3NDgyDDY4MjY5MDM2ODQ1MUDjAlImEA8lAKCaRCgBOgtnYlEtTVE3ckhyTUIJZ29vZ2xlYWRzSJQqUABaImRvdWJsZWNsaWNrYnlnb29nbGUuY29tLW9taWQtdmlkZW8YAQ..

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 28 Nov 2023 18:33:31 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 /
googleads.g.doubleclick.net/pagead/interaction/ Frame 872E 42 B
64 B 92ms
92ms Image
image/gif 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://googleads.g.doubleclick.net/pagead/interaction/?ai=CBl4RdjJmZcSHBYPggQepo7_wAqqx3790vInkzswSwPzB2q8JEAEg5rSCa2CVgoCAmAegAe2EwMspyAEFqQKzb43lTo4KPuACAKgDAZgEAKoEwgJP0Owt8IRf5rzzripgJWzDJzpjCQFblI3FgsY4QJCCfFJ05yXyR1YUfCysJn-rhu1lcRtlh8isUTmCgnJMdUG_3J1eHEEFV2b0dOPtD4jb7JjTZ-dmCnoHAg377tGzG8HR0-kH-PKg_JTCPch3SifPrWNieotcooAdvB5mrkv1T7ScSf0de9Yej7RssRNI3lnxwimwPN2txl-HhB77jRaWxyNbkHNgehGMu7PuBiISPP0GRcitSpThJWD31q7OEXAuj6dqsdiur2FDhPFMLaLJPzsu8qAIcVc3lhJ7mxhsU-D_2uA9SZKDqVGhBN4bIzamHZKX45t3kvgZTmFPBaSOJbQ7wwL3yEWOF4HMLTGI1VKUvg9xkqGjFQUR-y8XPSEMSwBE-CV3Mr8_Xbjs6baeFZYe8gL9CgX18iRng9NCSRdmwAT5_LWhwwTgBAGIBdmP1cZNoAZUgAftvJCrBKgH2baxAqgHjs4bqAeT2BuoB5zcG6gH7paxAqgH_p6xAqgH1ckbqAemvhuoB5oGqAfz0RuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAqgHyqmxAqgH66WxAtgHAagIAdIIFgiA4YAQEAEYHTICqgI6AoBASL39wTqACgPICwGiDBQqEgoQ5LSxAu61sQK1uLECu7uxAtoMEQoLELCR65iv8prBlwESAgEDqg0CREXiDRMItfrnu6rnggMVA3DgCh2p0Q8u2BMC0BUBmBYB-BYBgBcB&sigh=09766O7j0L0&cmd=Ch1jYS12aWRlby1wdWItNzk4MzY1MTI1NzgzODI4MhAAGAI&label=part2viewed&ad_mt=0&sdkv=h.3.605.0&vci=CpIBCAESGHB1YmFkcy5nLmRvdWJsZWNsaWNrLm5ldBoHQWRTZW5zZSAEKgw2MzkwNDE2MDI3NDgyDDY4MjY5MDM2ODQ1MUDjAlImEA8lAKCaRCgBOgtnYlEtTVE3ckhyTUIJZ29vZ2xlYWRzSJQqUABaImRvdWJsZWNsaWNrYnlnb29nbGUuY29tLW9taWQtdmlkZW8YAQ..

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 28 Nov 2023 18:33:31 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 playback
www.youtube.com/api/stats/ Frame 872E 0
0 31ms
30ms Image
text/html 2a00:1450:4001:82a::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.youtube.com/api/stats/playback?cmt=0&rt=0&rtn=10&delay=30&adformat=2_2_1&c=vast_gvp_ads&el=adunit&len=1237&ns=yt&ver=2&vtype=gvp&cplatform=desktop&cpn=q-gBSxzisbrRG7zr&docid=gbQ-MQ7rHrM&visitordata=CgtQMWhNOUxiWndIWQ%3D%3D&of=BGRU97MsR2E3n-DM8GRveg
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:82a::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

GET
H3 200 /
googleads.g.doubleclick.net/pagead/interaction/ Frame 872E 42 B
64 B 60ms
60ms Image
image/gif 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://googleads.g.doubleclick.net/pagead/interaction/?ai=CBl4RdjJmZcSHBYPggQepo7_wAqqx3790vInkzswSwPzB2q8JEAEg5rSCa2CVgoCAmAegAe2EwMspyAEFqQKzb43lTo4KPuACAKgDAZgEAKoEwgJP0Owt8IRf5rzzripgJWzDJzpjCQFblI3FgsY4QJCCfFJ05yXyR1YUfCysJn-rhu1lcRtlh8isUTmCgnJMdUG_3J1eHEEFV2b0dOPtD4jb7JjTZ-dmCnoHAg377tGzG8HR0-kH-PKg_JTCPch3SifPrWNieotcooAdvB5mrkv1T7ScSf0de9Yej7RssRNI3lnxwimwPN2txl-HhB77jRaWxyNbkHNgehGMu7PuBiISPP0GRcitSpThJWD31q7OEXAuj6dqsdiur2FDhPFMLaLJPzsu8qAIcVc3lhJ7mxhsU-D_2uA9SZKDqVGhBN4bIzamHZKX45t3kvgZTmFPBaSOJbQ7wwL3yEWOF4HMLTGI1VKUvg9xkqGjFQUR-y8XPSEMSwBE-CV3Mr8_Xbjs6baeFZYe8gL9CgX18iRng9NCSRdmwAT5_LWhwwTgBAGIBdmP1cZNoAZUgAftvJCrBKgH2baxAqgHjs4bqAeT2BuoB5zcG6gH7paxAqgH_p6xAqgH1ckbqAemvhuoB5oGqAfz0RuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAqgHyqmxAqgH66WxAtgHAagIAdIIFgiA4YAQEAEYHTICqgI6AoBASL39wTqACgPICwGiDBQqEgoQ5LSxAu61sQK1uLECu7uxAtoMEQoLELCR65iv8prBlwESAgEDqg0CREXiDRMItfrnu6rnggMVA3DgCh2p0Q8u2BMC0BUBmBYB-BYBgBcB&sigh=09766O7j0L0&cmd=Ch1jYS12aWRlby1wdWItNzk4MzY1MTI1NzgzODI4MhAAGAI&label=admute&ad_mt=0&sdkv=h.3.605.0&vci=CpIBCAESGHB1YmFkcy5nLmRvdWJsZWNsaWNrLm5ldBoHQWRTZW5zZSAEKgw2MzkwNDE2MDI3NDgyDDY4MjY5MDM2ODQ1MUDjAlImEA8lAKCaRCgBOgtnYlEtTVE3ckhyTUIJZ29vZ2xlYWRzSJQqUABaImRvdWJsZWNsaWNrYnlnb29nbGUuY29tLW9taWQtdmlkZW8YAQ..

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 28 Nov 2023 18:33:31 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 64f81c55e4b029924474153b
ng.virgul.com/tck/imp/ 0
209 B 61ms
61ms Image
text/plain 185.7.176.222
SH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ng.virgul.com/tck/imp/64f81c55e4b029924474153b?pai=1&r=158737@site_geneli@foreks:site_geneli&info=&t=linear:preroll:cl10o0&cs=1701196411865&v=https%3A%2F%2Fforeks.com%2F
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 185.7.176.222 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://foreks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

access-control-allow-origin: https://foreks.com
date: Tue, 28 Nov 2023 18:33:31 GMT
access-control-allow-credentials: true
expires: Tue, 04 Jan 2022 10:49:40 GMT
server: openresty/1.15.8.3
content-length: 0
p3p: CP='IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT'

POST
H2 200 count
logger.virgul.com/ 0
116 B 60ms
59ms Ping
image/jpeg 185.7.176.222
SH

General

Check archive.org

Show headers Download Go to

Full URL: https://logger.virgul.com/count?m=adStart&g=m&r=npm_foreks:preroll:7300-7400&o=&iv=&wVID=&info=&os=windows&dt=desktop
Requested by: Host: c1.imgiz.com
URL: https://c1.imgiz.com/player_others/html5/NoktaPlayer.js?d=11/28/2023
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 185.7.176.222 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://foreks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

access-control-allow-origin: *
date: Tue, 28 Nov 2023 18:33:31 GMT
server: openresty/1.15.8.3
content-length: 0
access-control-allow-methods: GET, POST
content-type: image/jpeg

GET
H3 200 hhrtBw21.html Show response
tpc.googlesyndication.com/sodar/ Frame D6BF 23 KB
9 KB 22ms
22ms Document
text/html 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/hhrtBw21.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Oy6hyfNY.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

861aed070db50ce0da9928455deff784c115b44540b09450f225ff7cff0c7429

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://imasdk.googleapis.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 325170
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 8727
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Sat, 25 Nov 2023 00:14:01 GMT
expires: Sun, 24 Nov 2024 00:14:01 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

POST
H/1.1 204
No Content collect Show response
u.clarity.ms/ 0
290 B 125ms
125ms XHR
text/plain 4.227.249.197
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://u.clarity.ms/collect
Requested by: Host: www.clarity.ms
URL: https://www.clarity.ms/s/0.7.18/clarity.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 4.227.249.197 Tappahannock, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: application/x-clarity-gzip
Referer: https://foreks.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Access-Control-Allow-Origin: https://foreks.com
Date: Tue, 28 Nov 2023 18:33:31 GMT
Access-Control-Allow-Credentials: true
Server: nginx/1.18.0 (Ubuntu)
Connection: keep-alive
Vary: Origin
Request-Context: appId=cid-v1:9c7c879b-c51a-427e-9701-218438da5f81

GET
H3 200 GOa2ZK97xVqw-WOSDw2lqG4V8l_qTiI5JNj0tnI6N88.js Show response
pagead2.googlesyndication.com/bg/ Frame D6BF 39 KB
15 KB 21ms
21ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/GOa2ZK97xVqw-WOSDw2lqG4V8l_qTiI5JNj0tnI6N88.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/hhrtBw21.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

18e6b664af7bc55ab0f963920f0da5a86e15f25fea4e223924d8f4b6723a37cf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 17:29:53 GMT
content-encoding: br
x-content-type-options: nosniff
age: 3818
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15296
x-xss-protection: 0
last-modified: Mon, 06 Nov 2023 16:38:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 27 Nov 2024 17:29:53 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame D6BF 0
20 B 58ms
58ms Image
image/gif 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=36&t=2&li=v_h.3.605.0&bgai=B5upfdjJmZcSHBYPggQepo7_wAgAAAAA4AboFEwitque7queCAxVUAuAKHa3MClE&bg=!zc6lzoHNAAZxrfrxUa07ADQBe5WfOI_Z2rowzxYcdHE0ADJL_jGI8UD1xJUsndDmqqLPvkovUu_UhlKfpIJYxLLRF3Q1AgAAAC9SAAAAAWgBBwoBH9FHC1v1Li05Sh-1RrTIhI7y2LZd8pd4IbzInIRaTEloACFGOCMMS7eLA3znMt4Hqc9VT3v7Wd_OR_if66gAiaaThYoHRIaEfm4Y6QNrR_AI45yw8FUCR0FacFCLqLIG0B8yxi4MJyASTPxmVdAK28dXrQY1QU-SFu35Rv1qotuOi1ZuD4OneShNFydPcKBxlpykQ9KcigFBNBt9FmfxDIEh-qaa-mc9l2yiPZZVfto6oPji8HR_sc_hOtVtDzGDQZ_QnDAXWpB5ZzbZmd4Y7V6RPq5OUAtsUno2IEQ5yxLvXgpTa0ye-Ps34UWHJ6-VEpxCsbT71YBBQSgX04IZPxZJYK1NLtSZpY11Xo1FlwfFVeYCLCO0f8CMeYA4Cw00mQI-uGfUjFlxjKcQwdOd2GwmE9cAGn4T-51P1PPZ0kthfPmjJctWpXrS55J87kQ6YQsb9WSKUoy8bt4P9za-UkvYK2zaKoPz7LyywdzG4zn4lrtG6OEYWdbrCZS_aKD6TH2HXizSIeyDncK7n7-faBpzLNu-pEl6Wk5YZyKz35RMFG-kH2fnjzgPsG3YEvOk6371bI_g2mQMbS8uMkb6VuIyOjJLVMtXKVFxozh6yGrIbknT_jJhTkjgknUloolDmP3La3DR5Mqk9ZAlKrUoF1hWgYbaYnCfWy0d2PlgJma30dN1w3kipjVF5j6HfO5knEdDH9Z2-6R45nYm5EjEO6VW39BeU3H9nkWob5aY8nr3dOgjZYZ2H7MuGatAJwjmG1TOnTf1fe5ZIOzLCM4M_Y5fu4Vpe8HG-SpBljw4EB0B_BoEPmlRe9ksN6Mf6pMhm-YW6wDz22CbOGRA2LR46BKuEJJEcDlkI5e71Z742vd602WlnkFPLDq3Jdjfz9T0GhohZ1LGGF2qVJKZgLFYUk1uxlr4QDZ_Et6QQGAGU5omW--FxgUSFPtnLjm4yo59VHWwMiQz9C5rtd6ho8HzP4UyWsnkpUwGraaEvst089Yc72li2w9tMFj5o7g4crKRrU3qfaovnaseK82q-no99ht5bmUOuXT_Q4SSpz6dugX8MUFaJv2ZE69BLzN1QvNjbPUlkuaWwIU5mvBNa4H3AHSVImRZydFAGPwFg7-BdtnpAe1Y2zb7T7nULUyw6Wh5rQ

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 28 Nov 2023 18:33:32 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 64f09edee4b0a5353b11e8c0
ng2.virgul.com/tck/imp/ 0
209 B 60ms
60ms Image
text/plain 185.7.176.222
SH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ng2.virgul.com/tck/imp/64f09edee4b0a5353b11e8c0?g=1&t=gb&r=158733@site_geneli@foreks:site_geneli&l=&c=%2Cas%2Crc0%2Chf1%2Cvv1&info=&mt=1701196402186&userId=vnet7b02ca45-a86b-447b-abe0-0c93ef55687a
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 185.7.176.222 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://foreks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

access-control-allow-origin: https://foreks.com
date: Tue, 28 Nov 2023 18:33:32 GMT
access-control-allow-credentials: true
expires: Tue, 04 Jan 2022 10:49:40 GMT
server: openresty/1.15.8.3
content-length: 0
p3p: CP='IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT'

GET
H2 200 6523f9f7e4b01517ba94400b
ng2.virgul.com/tck/imp/ 0
210 B 60ms
60ms Image
text/plain 185.7.176.222
SH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ng2.virgul.com/tck/imp/6523f9f7e4b01517ba94400b?g=1&t=gb&r=158820@site_geneli@foreks:site_geneli&l=&c=%2Cas%2Crc0%2Chf1%2Cvv1&info=&mt=1701196402186&userId=vnet7b02ca45-a86b-447b-abe0-0c93ef55687a
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 185.7.176.222 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://foreks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

access-control-allow-origin: https://foreks.com
date: Tue, 28 Nov 2023 18:33:33 GMT
access-control-allow-credentials: true
expires: Tue, 04 Jan 2022 10:49:40 GMT
server: openresty/1.15.8.3
content-length: 0
p3p: CP='IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT'

POST
H/1.1 204
No Content collect Show response
u.clarity.ms/ 0
290 B 352ms
125ms XHR
text/plain 4.227.249.197
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://u.clarity.ms/collect
Requested by: Host: www.clarity.ms
URL: https://www.clarity.ms/s/0.7.18/clarity.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 4.227.249.197 Tappahannock, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: application/x-clarity-gzip
Referer: https://foreks.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Access-Control-Allow-Origin: https://foreks.com
Date: Tue, 28 Nov 2023 18:33:37 GMT
Access-Control-Allow-Credentials: true
Server: nginx/1.18.0 (Ubuntu)
Connection: keep-alive
Vary: Origin
Request-Context: appId=cid-v1:9c7c879b-c51a-427e-9701-218438da5f81

GET
H3 200 /
googleads.g.doubleclick.net/pagead/interaction/ Frame 872E 42 B
64 B 61ms
61ms Image
image/gif 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://googleads.g.doubleclick.net/pagead/interaction/?ai=CBl4RdjJmZcSHBYPggQepo7_wAqqx3790vInkzswSwPzB2q8JEAEg5rSCa2CVgoCAmAegAe2EwMspyAEFqQKzb43lTo4KPuACAKgDAZgEAKoEwgJP0Owt8IRf5rzzripgJWzDJzpjCQFblI3FgsY4QJCCfFJ05yXyR1YUfCysJn-rhu1lcRtlh8isUTmCgnJMdUG_3J1eHEEFV2b0dOPtD4jb7JjTZ-dmCnoHAg377tGzG8HR0-kH-PKg_JTCPch3SifPrWNieotcooAdvB5mrkv1T7ScSf0de9Yej7RssRNI3lnxwimwPN2txl-HhB77jRaWxyNbkHNgehGMu7PuBiISPP0GRcitSpThJWD31q7OEXAuj6dqsdiur2FDhPFMLaLJPzsu8qAIcVc3lhJ7mxhsU-D_2uA9SZKDqVGhBN4bIzamHZKX45t3kvgZTmFPBaSOJbQ7wwL3yEWOF4HMLTGI1VKUvg9xkqGjFQUR-y8XPSEMSwBE-CV3Mr8_Xbjs6baeFZYe8gL9CgX18iRng9NCSRdmwAT5_LWhwwTgBAGIBdmP1cZNoAZUgAftvJCrBKgH2baxAqgHjs4bqAeT2BuoB5zcG6gH7paxAqgH_p6xAqgH1ckbqAemvhuoB5oGqAfz0RuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAqgHyqmxAqgH66WxAtgHAagIAdIIFgiA4YAQEAEYHTICqgI6AoBASL39wTqACgPICwGiDBQqEgoQ5LSxAu61sQK1uLECu7uxAtoMEQoLELCR65iv8prBlwESAgEDqg0CREXiDRMItfrnu6rnggMVA3DgCh2p0Q8u2BMC0BUBmBYB-BYBgBcB&sigh=09766O7j0L0&cmd=Ch1jYS12aWRlby1wdWItNzk4MzY1MTI1NzgzODI4MhAAGAI&label=video_skip_shown&ad_mt=5256&sdkv=h.3.605.0&vci=CpIBCAESGHB1YmFkcy5nLmRvdWJsZWNsaWNrLm5ldBoHQWRTZW5zZSAEKgw2MzkwNDE2MDI3NDgyDDY4MjY5MDM2ODQ1MUDjAlImEA8lAKCaRCgBOgtnYlEtTVE3ckhyTUIJZ29vZ2xlYWRzSJQqUABaImRvdWJsZWNsaWNrYnlnb29nbGUuY29tLW9taWQtdmlkZW8YAQ..

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 28 Nov 2023 18:33:37 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

204

aclk
www.googleadservices.com/pagead/ Frame 872E
Redirect Chain

https://googleads.g.doubleclick.net/aclk?sa=l&ai=CAo5rdjJmZcSHBYPggQepo7_wAqqx3790vInkzswSwPzB2q8JEAEg5rSCa2CVgoCAmAegAe2EwMspyAEFqQKzb43lTo4KPuACAKgDAZgEAKoExQJP0Owt8IRf5rzzripgJWzDJzpjCQFblI3FgsY...
https://www.googleadservices.com/pagead/aclk?sa=L&ai=C2LZ1djJmZcSHBYPggQepo7_wAqqx3790vInkzswSwPzB2q8JEAEg5rSCa2CVgoCAmAegAe2EwMspyAEFqQKzb43lTo4KPuACAKgDAZgEAKoExQJP0Owt8IRf5rzzripgJWzDJzpjCQFblI3...

0
0

95ms
32ms

Fetch
text/html

172.217.18.2
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://www.googleadservices.com/pagead/aclk?sa=L&ai=C2LZ1djJmZcSHBYPggQepo7_wAqqx3790vInkzswSwPzB2q8JEAEg5rSCa2CVgoCAmAegAe2EwMspyAEFqQKzb43lTo4KPuACAKgDAZgEAKoExQJP0Owt8IRf5rzzripgJWzDJzpjCQFblI3FgsY4QJCCfFJ05yXyR1YUfCysJn-rhu1lcRtlh8isUTmCgnJMdUG_3J1eHEEFV2b0dOPtD4jb7JjTZ-dmCnoHAg377tGzG8HR0-kH-PKg_JTCPch3SifPrWNieotcooAdvB5mrkv1T7ScSf0de9Yej7RssRNI3lnxwimwPN2txl-HhB77jRaWxyNbkHNgehGMu7PuBiISPP0GRcitSpThJWD31q7OEXAuj6dqsdiur2FDhPFMLaLJPzsu8qAIcVc3lhJ7mxhsU-D_2uA9SZKDqVGhBN4bIzamHZKX45t3kvgZTmFPBaSOJbQ7wwL3yB2PncGOP_vwR7F3YU-HTc100iDGPGLK2WzRhxtj8tZ-GafejH-sH0s_O7gGP_ciL9IQGgpLm3a_tVq7ipDmwAT5_LWhwwTgBAGIBdmP1cZNwAVuoAZUgAftvJCrBKgH2baxAqgHjs4bqAeT2BuoB5zcG6gH7paxAqgH_p6xAqgH1ckbqAemvhuoB5oGqAfz0RuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAqgHyqmxAqgH66WxAtgHAagIAdIIFgiA4YAQEAEYHTICqgI6AoBASL39wTqaCRxodHRwczovL3lvdXR1LmJlL2diUS1NUTdySHJNsQl2ETq-KP9dUIAKA5gLAcgLAdALD6IMFCoSChDktLEC7rWxArW4sQK7u7EC2gwRCgsQsJHrmK_ymsGXARICAQOaDQEPqg0CREXIDQHiDRMItfrnu6rnggMVA3DgCh2p0Q8u2BMC0BUBmBYB-BYBgBcB&ase=2&gclid=EAIaIQobChMIxJrpu6rnggMVA3DgCh2p0Q8uEAEYASAAEgKQfvD_BwE&num=1&cid=CAQSTQDICaaNRJl7gdoWLojhsRXdQwapmq684URD5OBS7-3CC-skxBIUYr2bwTWw7nHOEuGOYGBjhgUc2MyWrgjflHc9K7bNo7iYhc-TotvXGAE&client=ca-video-pub-7983651257838282&ctype=110&label=video_10s_engaged_view&ad_mt=10054&nis=5&dblrd=1&sig=AOD64_0-CEM342E8RpNcM8r7x7MzrI_CQQ&adurl=https://youtu.be/gbQ-MQ7rHrM%3Ffeature%3Dshared
Protocol: H2
Server: 172.217.18.2 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra24s22-in-f2.1e100.net
Software: /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Redirect headers

pragma: no-cache
date: Tue, 28 Nov 2023 18:33:42 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List, Sec-CH-UA-WoW64
server: adclick_server
p3p: policyref="http://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: text/html; charset=UTF-8
location: https://www.googleadservices.com/pagead/aclk?sa=L&ai=C2LZ1djJmZcSHBYPggQepo7_wAqqx3790vInkzswSwPzB2q8JEAEg5rSCa2CVgoCAmAegAe2EwMspyAEFqQKzb43lTo4KPuACAKgDAZgEAKoExQJP0Owt8IRf5rzzripgJWzDJzpjCQFblI3FgsY4QJCCfFJ05yXyR1YUfCysJn-rhu1lcRtlh8isUTmCgnJMdUG_3J1eHEEFV2b0dOPtD4jb7JjTZ-dmCnoHAg377tGzG8HR0-kH-PKg_JTCPch3SifPrWNieotcooAdvB5mrkv1T7ScSf0de9Yej7RssRNI3lnxwimwPN2txl-HhB77jRaWxyNbkHNgehGMu7PuBiISPP0GRcitSpThJWD31q7OEXAuj6dqsdiur2FDhPFMLaLJPzsu8qAIcVc3lhJ7mxhsU-D_2uA9SZKDqVGhBN4bIzamHZKX45t3kvgZTmFPBaSOJbQ7wwL3yB2PncGOP_vwR7F3YU-HTc100iDGPGLK2WzRhxtj8tZ-GafejH-sH0s_O7gGP_ciL9IQGgpLm3a_tVq7ipDmwAT5_LWhwwTgBAGIBdmP1cZNwAVuoAZUgAftvJCrBKgH2baxAqgHjs4bqAeT2BuoB5zcG6gH7paxAqgH_p6xAqgH1ckbqAemvhuoB5oGqAfz0RuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAqgHyqmxAqgH66WxAtgHAagIAdIIFgiA4YAQEAEYHTICqgI6AoBASL39wTqaCRxodHRwczovL3lvdXR1LmJlL2diUS1NUTdySHJNsQl2ETq-KP9dUIAKA5gLAcgLAdALD6IMFCoSChDktLEC7rWxArW4sQK7u7EC2gwRCgsQsJHrmK_ymsGXARICAQOaDQEPqg0CREXIDQHiDRMItfrnu6rnggMVA3DgCh2p0Q8u2BMC0BUBmBYB-BYBgBcB&ase=2&gclid=EAIaIQobChMIxJrpu6rnggMVA3DgCh2p0Q8uEAEYASAAEgKQfvD_BwE&num=1&cid=CAQSTQDICaaNRJl7gdoWLojhsRXdQwapmq684URD5OBS7-3CC-skxBIUYr2bwTWw7nHOEuGOYGBjhgUc2MyWrgjflHc9K7bNo7iYhc-TotvXGAE&client=ca-video-pub-7983651257838282&ctype=110&label=video_10s_engaged_view&ad_mt=10054&nis=5&dblrd=1&sig=AOD64_0-CEM342E8RpNcM8r7x7MzrI_CQQ&adurl=https://youtu.be/gbQ-MQ7rHrM%3Ffeature%3Dshared
cache-control: no-cache, must-revalidate
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 watchtime
www.youtube.com/api/stats/ Frame 872E 0
0 29ms
28ms Image
text/html 2a00:1450:4001:82a::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.youtube.com/api/stats/watchtime?state=playing&st=0&et=10&rti=10&cmt=10&rt=10&rtn=20&adformat=2_2_1&c=vast_gvp_ads&el=adunit&len=1237&ns=yt&ver=2&vtype=gvp&cplatform=desktop&cpn=q-gBSxzisbrRG7zr&docid=gbQ-MQ7rHrM&visitordata=CgtQMWhNOUxiWndIWQ%3D%3D&of=BGRU97MsR2E3n-DM8GRveg
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:82a::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

POST
H/1.1 204
No Content collect Show response
u.clarity.ms/ 0
290 B 343ms
117ms XHR
text/plain 4.227.249.197
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://u.clarity.ms/collect
Requested by: Host: www.clarity.ms
URL: https://www.clarity.ms/s/0.7.18/clarity.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 4.227.249.197 Tappahannock, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: application/x-clarity-gzip
Referer: https://foreks.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Access-Control-Allow-Origin: https://foreks.com
Date: Tue, 28 Nov 2023 18:33:43 GMT
Access-Control-Allow-Credentials: true
Server: nginx/1.18.0 (Ubuntu)
Connection: keep-alive
Vary: Origin
Request-Context: appId=cid-v1:9c7c879b-c51a-427e-9701-218438da5f81

POST
H/1.1 204
No Content collect Show response
u.clarity.ms/ 0
290 B 147ms
146ms XHR
text/plain 4.227.249.197
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://u.clarity.ms/collect
Requested by: Host: www.clarity.ms
URL: https://www.clarity.ms/s/0.7.18/clarity.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 4.227.249.197 Tappahannock, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: application/x-clarity-gzip
Referer: https://foreks.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Access-Control-Allow-Origin: https://foreks.com
Date: Tue, 28 Nov 2023 18:33:50 GMT
Access-Control-Allow-Credentials: true
Server: nginx/1.18.0 (Ubuntu)
Connection: keep-alive
Vary: Origin
Request-Context: appId=cid-v1:9c7c879b-c51a-427e-9701-218438da5f81

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: lb.eu-1-id5-sync.com
URL: https://lb.eu-1-id5-sync.com/lb/v1

Verdicts & Comments Add Verdict or Comment

382 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

71 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.youtube.com/	1969-12-31 23:59:59	Name: YSC Value: M_DCqo02q3g
.youtube.com/	1970-01-20 20:52:28	Name: VISITOR_INFO1_LIVE Value: _j6rJHPM2mw
.foreks.com/	1970-01-20 16:34:42	Name: _gid Value: GA1.2.388237801.1701196401
.foreks.com/	1970-01-20 16:33:16	Name: _gat_gtag_UA_82686003_1 Value: 1
.foreks.com/	1970-01-21 02:09:16	Name: _ga Value: GA1.1.1202893231.1701196401
foreks.com/	1970-01-21 01:18:52	Name: i18n_redirected Value: tr
foreks.com/	1970-01-20 16:43:21	Name: token Value: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VybmFtZSI6ImZvcmVrcy5jb20iLCJwYXNzd29yZCI6InY0YSFLJTJSIiwiaWF0IjoxNzAxMTk2NDAxfQ.ynph5GxBAnqLuIisZ-HZAECHUXRR5UpwLvd86p6RigY
.foreks.com/	1969-12-31 23:59:59	Name: CloudFront-Key-Pair-Id Value: APKAIVVJE7R23ILHVNCQ
www.clarity.ms/	1970-01-21 01:18:52	Name: CLID Value: e6584392f030428ea27b91f1ee5151a2.20231128.20241127
.foreks.com/	1969-12-31 23:59:59	Name: CloudFront-Signature Value: Nd5R1f5XxPdtsMtb2aRXJ3cmlZBNW3pxLnFAAYQ-rBcr2Rta8rlsfos6Xp0Pd1BBl5eltLnRFYSUyiyElLWchQL4Euhs8Hm1xUNRpu~~nQUUNMrK4G6vWZjfBQJZzqmBrso8YQM~Zb5e8ttkgcuBOm~NsIm~wPsR9JvVteieIrjtAZtffaDDTD8tFjIZkerCY2Vidmn1ek3xqxYaOPN8UzWJngFZ8YirHzLyGFyD7uWz-XsSlSP2gbJmI~ODJsfbPqJE1Q0udjfVEUG3-huIk4qM0L~QHqTwEj3hRiR-SgWewNQScZjhrCgmJzoJIg4s7NCDoKglsx0GbTkCcKVZWQ__
.foreks.com/	1969-12-31 23:59:59	Name: CloudFront-Policy Value: eyJTdGF0ZW1lbnQiOiBbeyJSZXNvdXJjZSI6Imh0dHBzOi8vbmV3cy1jb250ZW50LmZvcmVrcy5jb20vKiIsIkNvbmRpdGlvbiI6eyJEYXRlTGVzc1RoYW4iOnsiQVdTOkVwb2NoVGltZSI6MTcwMTE5OTkzNn19fV19
.hubspot.com/	1970-01-20 16:33:18	Name: __cf_bm Value: DvJp6jRF4nMhxWwFZIzAX9_uqSaEZ2ZzYj5n8qfZ.ho-1701196402-0-Ad2Hbo1JfBnSG5IknzkyTVIVjXhtKaSCjTbsHX4v2tYpMFahASWqlsn7dbeaHRh7nqHnCoIsLXhUnPCQz4sufjY=
.hubspot.com/	1969-12-31 23:59:59	Name: _cfuvid Value: w3k03wVfrqT9MLd2dlbWxJdbifU5jZfvFIScu9rLSto-1701196402201-0-604800000
.foreks.com/	1970-01-21 01:18:52	Name: _clck Value: 1u97uy2%7C2%7Cfh3%7C0%7C1427
foreks.com/	1969-12-31 23:59:59	Name: pId Value: vnet7b02ca45-a86b-447b-abe0-0c93ef55687a
foreks.com/	1969-12-31 23:59:59	Name: TAPAD Value: %7B%22id%22%3A%22af818d53-9094-4e15-a793-5d72837adbeb%22%7D
.foreks.com/	1970-01-20 16:34:42	Name: _clsk Value: 192pu1n%7C1701196403514%7C1%7C1%7Cu.clarity.ms%2Fcollect
.openx.net/	1970-01-21 01:18:52	Name: i Value: 8236789e-c713-454e-a353-99091ca4def3\|1701196403
.criteo.com/	1970-01-21 01:54:52	Name: uid Value: 72987a8f-3e9c-44b2-8479-59aff01b5d3d
.criteo.com/	1970-01-21 01:54:52	Name: receive-cookie-deprecation Value: 1
.doubleclick.net/	1970-01-21 01:54:52	Name: IDE Value: AHWqTUmtumZm1s08mOoEn_mXl5940kFpCqPg1hjONmJUSgHQ2oqbqO_o9XvaxLvb
.foreks.com/	1970-01-21 02:09:16	Name: _ga_4Y6C81V13E Value: GS1.1.1701196401.1.1.1701196403.58.0.0
.foreks.com/	1970-01-21 01:54:52	Name: __gads Value: ID=1e6f297c9b9b30af:T=1701196403:RT=1701196403:S=ALNI_MZlXdSTaDLNRTscaU5XCLG3I7W6kQ
.foreks.com/	1970-01-21 01:54:52	Name: __gpi Value: UID=00000ce85ae6acf8:T=1701196403:RT=1701196403:S=ALNI_MYkWWSwSFlWjdOqcSWbfAltksoHtA
.foreks.com/	1970-01-21 02:09:16	Name: _ga_3HPQ6LZVLP Value: GS1.1.1701196401.1.0.1701196403.58.0.0
.doubleclick.net/	1970-01-20 20:52:28	Name: APC Value: AfxxVi5eNYwxnskWbdudIN2QT3mjT_Mrw0nsALTk8WsAcVqFzkzDIQ
.casalemedia.com/	1970-01-21 01:18:52	Name: CMID Value: ZWYyc0pImS5wPhHx7xk.iAAA
.casalemedia.com/	1970-01-20 18:42:52	Name: CMPS Value: 3211
.casalemedia.com/	1970-01-20 18:42:52	Name: CMPRO Value: 3211
.foreks.com/	1970-01-21 01:54:52	Name: cto_bundle Value: c63GqF9UbnRuU1ZPV0tXMWgzV3REdnE3UFZtOTN5MFdldno5MmZJVlR6RGV4SnlRSkl5a1dYRjEwekRZJTJGaDdLQXJncHNuVDRqajlBcGttSXF2WHRKbjhYJTJCZFpwWE9sUWlscklwTjJXM3BBJTJCVWVyaGhRQUpHYWx0RHo3OFBzdENOczc0Nm85RjA4MldwSG8wUEE2ZGVpUmZta0ElM0QlM0Q
.adnxs.com/	1970-01-20 18:42:52	Name: anj Value: dTM7k!M41.D>6NRF']wIg2In>oQpxy!]tbPl1M>e)ZlrFUfJ+tGXxpSKB]w)?VY#lD?bP`aSYE%=4HLa_KB[R4OPmV3If)y3KL9D3I?+pO/=JK
.adnxs.com/	1970-01-20 18:42:52	Name: uuid2 Value: 4345065914235814122
.doubleclick.net/	1970-01-20 17:16:28	Name: ar_debug Value: 1
.redintelligence.net/	1970-01-20 18:42:52	Name: 8lcfmzhxc8d6_uid Value: 9d0e94b2c4698ed4
foreks.com/	1969-12-31 23:59:59	Name: watchID Value: 3ee25b2e-6659-4d57-8e70-0e5ba767f131
foreks.com/	1970-01-20 17:16:28	Name: userID Value: d3d7dd3e-82e4-4561-addf-0d81923eb088
.awin1.com/	1970-01-20 16:43:21	Name: awpv11601 Value: 113440\|1701196404\|9d6e63f0-8e1c-11ee-825d-22629e669530
.office-partner.de/	1970-01-21 02:09:16	Name: source Value: {"webgains_webgains":{"timestamp":1701196404772,"clickCookie":false}}
.ctnsnet.com/	1970-01-21 01:18:52	Name: gid_CAESEL1oEDOw2usnmqZ2vY9mNL8 Value: 1
.adform.net/	1970-01-20 17:16:28	Name: C Value: 1
pb.media01.eu/	1969-12-31 23:59:59	Name: ASP.NET_SessionId Value: w5py1p5xqtt1we2p3morsxmn
pb.media01.eu/	1970-01-21 02:09:16	Name: DTU Value: 306C86D0E10EC9345D343FA35DDFA572
.ctnsnet.com/	1970-01-21 01:18:52	Name: cid Value: 40f1f627af3e4a27bcb702e5ef06b0f2
.adform.net/	1970-01-20 17:59:40	Name: uid Value: 1548324997395374821
.everesttech.net/	1970-01-21 01:18:52	Name: everest_g_v2 Value: g_surferid~ZWYydAADCboNkgBd
.quantserve.com/	1970-01-20 18:42:52	Name: d Value: EHYBCQHEKoEA
.quantserve.com/	1970-01-21 02:03:30	Name: mc Value: 65663275-2135d-610ea-d4d4d
.simpli.fi/	1970-01-21 01:20:18	Name: suid Value: 3534AE636D094441BDD62128203564A6
.turn.com/	1970-01-20 20:52:28	Name: uid Value: 7009348291126668545
.w55c.net/	1970-01-20 17:16:28	Name: matchgoogle Value: 5
.w55c.net/	1970-01-21 02:03:30	Name: wfivefivec Value: wZeXBLbK1R82TH5
.yahoo.com/	1970-01-21 01:19:14	Name: A3 Value: d=AQABBHUyZmUCEN7-aIDywv_GvD3dLhj6Q6MFEgEBAQGDZ2VwZQAAAAAA_eMAAA&S=AQAAAs6zDjz9iWhwc088xig4gNg
.awin1.com/	1970-01-20 16:37:35	Name: awpv11354 Value: 412871\|1701196405\|9e0b6740-8e1c-11ee-a3ae-223050cf75aa
www.conrad.de/	1970-01-20 16:37:35	Name: CEAffHA Value: YD
www.conrad.de/	1970-01-20 16:37:35	Name: HTLP_timestamp Value: 1701196405741
.www.conrad.de/	1970-01-20 16:33:18	Name: __cf_bm Value: 8oqErXY8SQMpHGg06u0eHwmNUNrBep8n5Sf7r40f0_A-1701196405-0-AVLiJpJ7y6UE3QuJ76OIQ7VhQpNsKJ0DM8MMGINnxk+nBqRPP38PCBE33Adb0YaqGKsWQp+ssCSchqVqYihg7rw=
.awin1.com/	1970-01-20 16:36:09	Name: awpv14702 Value: 412871\|1701196405\|9e22bfd0-8e1c-11ee-825d-22629e669530
.awin1.com/	1970-01-20 16:36:09	Name: awpv20044 Value: 412871\|1701196405\|9e25f421-8e1c-11ee-85f5-22347f548c7f
.o2online.de/	1970-01-20 16:43:21	Name: nscQ485 Value: V
.awin1.com/	1970-01-20 16:43:21	Name: awpv11938 Value: 412871\|1701196405\|9e32ec71-8e1c-11ee-ba35-226154e726d7
.awin1.com/	1969-12-31 23:59:59	Name: AWSESS Value: 367022:2542680
.o2online.de/	1970-01-20 16:43:21	Name: nscT485 Value: v01MTQyMTExMzExMTExMTExMTEwMTQyMTMwMDAwMDAwMDA2MTcwMTE5NjQwNXZsZWExZGUyMDIzMTEyODE5MzMyNTkwODc3MDYzMDExWDEyMDIxMVYxMjI2MTMyNzAyTVN2aWV3b25laWRZWDFIcmYxNXNwQnBIVkg5SGV0UXRSUjhjQVQxVDZtSHJvbmVpZF9fc3VpdGVfTmV0bWl4X1JlYWNoMTNfQmxhY2tGcmlkYXlQdXNoMTIwMjEx
.o2online.de/	1970-01-20 16:43:21	Name: webShopPV Value: ?partnerId=O2_AFF_POV_EXA_15008&mediacode=AFF_la_120211_-HTLP&utm_term=AFF_la_120211_-HTLP&utm_content=O2_AFF_POV_EXA_15008&spid=2023112819332590877063011X120211V1226132702MSviewoneidYX1Hrf15spBpHVH9HetQtRR8cAT1T6mHroneid__suite_Netmix_Reach13_BlackFridayPush&wfid=120211&affiliateId=v01MTQyMTExMzExMTExMTExMTEwMTQyMTMwMDAwMDAwMDA2MTcwMTE5NjQwNXZsZWExZGUyMDIzMTEyODE5MzMyNTkwODc3MDYzMDExWDEyMDIxMVYxMjI2MTMyNzAyT
.congstar.de/	1970-01-20 16:43:24	Name: staticentry Value: %7B%22spfr%22%3A%22412871%22%2C%22awc%22%3A%2211938_412871_1701196405_9e32ec71-8e1c-11ee-ba35-226154e726d7%22%2C%22sp%22%3A%22awin%22%7D
.bing.com/	1970-01-21 01:54:52	Name: MUID Value: 06038832C51F612D3E4D9BE5C474603F
.c.bing.com/	1970-01-20 16:43:21	Name: MR Value: 0
.c.bing.com/	1970-01-21 01:54:52	Name: SRM_B Value: 06038832C51F612D3E4D9BE5C474603F
.c.clarity.ms/	1969-12-31 23:59:59	Name: SM Value: C
.clarity.ms/	1970-01-21 01:54:52	Name: MUID Value: 06038832C51F612D3E4D9BE5C474603F
.c.clarity.ms/	1970-01-20 16:43:21	Name: MR Value: 0
.c.clarity.ms/	1970-01-20 16:33:17	Name: ANONCHK Value: 0

24 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
other	warning	URL: https://47edc2055ebf6f705c8dda5bf6329e59.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html(Line 15) Message: Origin trial controlled feature not enabled: 'attribution-reporting'.
security	warning	URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js(Line 500) Message: An iframe which has both allow-scripts and allow-same-origin for its sandbox attribute can escape its sandboxing.
security	warning	Message: Error with Permissions-Policy header: Unrecognized feature: 'web-share'.
security	warning	Message: Error with Permissions-Policy header: Unrecognized feature: 'web-share'.
security	warning	Message: Error with Permissions-Policy header: Unrecognized feature: 'web-share'.
security	warning	Message: Error with Permissions-Policy header: Unrecognized feature: 'web-share'.
security	warning	Message: Error with Permissions-Policy header: Unrecognized feature: 'web-share'.
security	warning	Message: Error with Permissions-Policy header: Unrecognized feature: 'web-share'.
security	warning	Message: Error with Permissions-Policy header: Unrecognized feature: 'web-share'.
security	warning	Message: Error with Permissions-Policy header: Unrecognized feature: 'web-share'.
security	warning	Message: Error with Permissions-Policy header: Unrecognized feature: 'web-share'.
security	warning	Message: Error with Permissions-Policy header: Unrecognized feature: 'web-share'.
javascript	warning	URL: https://foreks.com/ Message: The resource https://foreks.com/_nuxt/e2626c4.js was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.
javascript	warning	URL: https://foreks.com/ Message: The resource https://foreks.com/_nuxt/0d507e1.js was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.
javascript	warning	URL: https://foreks.com/ Message: The resource https://foreks.com/_nuxt/489f27f.js was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.
javascript	warning	URL: https://foreks.com/ Message: The resource https://foreks.com/_nuxt/e2626c4.js was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.
javascript	warning	URL: https://foreks.com/ Message: The resource https://foreks.com/_nuxt/0d507e1.js was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.
javascript	warning	URL: https://foreks.com/ Message: The resource https://foreks.com/_nuxt/489f27f.js was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.
javascript	warning	URL: https://foreks.com/ Message: The resource https://foreks.com/_nuxt/e2626c4.js was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.
javascript	warning	URL: https://foreks.com/ Message: The resource https://foreks.com/_nuxt/0d507e1.js was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.
javascript	warning	URL: https://foreks.com/ Message: The resource https://foreks.com/_nuxt/489f27f.js was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.
javascript	warning	URL: https://foreks.com/ Message: The resource https://foreks.com/_nuxt/e2626c4.js was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.
javascript	warning	URL: https://foreks.com/ Message: The resource https://foreks.com/_nuxt/0d507e1.js was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.
javascript	warning	URL: https://foreks.com/ Message: The resource https://foreks.com/_nuxt/489f27f.js was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

47edc2055ebf6f705c8dda5bf6329e59.safeframe.googlesyndication.com
5994599.fls.doubleclick.net
ad.doubleclick.net
ad.turn.com
ad4m.at
ads.eu.criteo.com
adservice.google.com
adv.office-partner.de
analytics.webgains.io
api.webgains.io
as.ad4m.at
assets.ad4m.at
banner.congstar.de
bcp.crwdcntrl.net
c.amazon-adsystem.com
c.bing.com
c.clarity.ms
c1.adform.net
c1.imgiz.com
cat.nl3.eu.criteo.com
cdn-ima.33across.com
cdn.id5-sync.com
cdn.jsdelivr.net
cdn.netmera-web.com
cdn.track.production.webgains.team
cdnjs.cloudflare.com
cm.g.doubleclick.net
cms.quantserve.com
config.aps.amazon-adsystem.com
csi.gstatic.com
csm.eu.criteo.net
cta-service-cms2.hubspot.com
dclk-match.dotomi.com
dis.criteo.com
dsum-sec.casalemedia.com
esp.rtbhouse.com
feed.pghub.io
fonts.googleapis.com
foreks.com
google-bidout-d.openx.net
googleads.g.doubleclick.net
gum.criteo.com
hal9000.redintelligence.net
hal900023.redintelligence.net
i.ytimg.com
ib.adnxs.com
id5-sync.com
imageproxy.eu.criteo.net
imasdk.googleapis.com
invstatic101.creativecdn.com
istr-n8.nktcdn.com
ius.ctnsnet.com
js.hscta.net
lb.eu-1-id5-sync.com
logger.virgul.com
match.adsrvr.org
medialead.de
mug.criteo.com
news-files.foreks.com
ng.virgul.com
ng2.virgul.com
ntm.netmera-web.com
oa.openxcdn.net
oajs.openx.net
onetag-sys.com
pagead2.googlesyndication.com
partner.o2online.de
pb.media01.eu
perf.hsforms.com
pghub.io
pm.w55c.net
pr-bh.ybp.yahoo.com
prod-rtb.ad4mat.net
pubads.g.doubleclick.net
pv.medialead.de
r.turn.com
region1.analytics.google.com
rr4---sn-4g5ednde.googlevideo.com
rtb.fr3.eu.criteo.com
rtb.nl3.eu.criteo.com
s0.2mdn.net
secure-gl.imrworldwide.com
securepubads.g.doubleclick.net
static-de.ad4mat.net
static.criteo.net
static.virgul.com
stats.g.doubleclick.net
sync-tm.everesttech.net
tags.crwdcntrl.net
tpc.googlesyndication.com
track.webgains.com
u.clarity.ms
um.simpli.fi
wsdkapi.netmera.com
www.awin1.com
www.clarity.ms
www.conrad.de
www.google-analytics.com
www.google.com
www.google.de
www.googleadservices.com
www.googletagmanager.com
www.googletagservices.com
www.lead-alliance.net
www.telefonica-partner.de
www.youtube.com
x.bidswitch.net
yt3.ggpht.com
lb.eu-1-id5-sync.com
108.138.36.46
108.138.36.69
108.138.36.78
108.138.36.8
108.138.37.209
138.201.63.157
142.250.185.194
142.250.185.198
142.250.74.198
145.239.193.130
151.101.2.49
162.19.138.118
167.233.13.224
172.217.18.2
172.64.151.101
172.64.152.89
178.250.1.6
178.250.1.9
18.134.20.61
18.173.154.20
18.173.154.9
18.66.97.13
185.57.65.123
185.7.176.208
185.7.176.222
2001:4860:4802:34::36
2001:678:cb4:bbbb::11
23.212.218.19
2600:1901:0:76b9::
2600:9000:225b:ac00:1e:a43d:b640:93a1
2606:4700:10::ac43:266a
2606:4700:20::ac43:444e
2606:4700:20::ac43:4a81
2606:4700::6810:5814
2606:4700::6810:c0cb
2606:4700::6811:180e
2606:4700::6812:c07d
2606:4700::6812:d133
2606:4700::6813:9b53
2607:f8b0:4001:c20::5e
2620:116:800d:21:ef75:8280:f209:5ba1
2620:1ec:bdf::45
2620:1ec:c11::200
2a00:1450:4001:17::9
2a00:1450:4001:802::2001
2a00:1450:4001:806::2001
2a00:1450:4001:806::2002
2a00:1450:4001:80b::2002
2a00:1450:4001:80e::200e
2a00:1450:4001:810::2008
2a00:1450:4001:811::200a
2a00:1450:4001:827::2003
2a00:1450:4001:828::2002
2a00:1450:4001:828::2004
2a00:1450:4001:829::2016
2a00:1450:4001:82a::2002
2a00:1450:4001:82a::200e
2a00:1450:4001:82f::2002
2a00:1450:4001:830::2001
2a00:1450:4001:830::2006
2a00:1450:4001:830::200a
2a00:1450:4001:831::2002
2a00:1450:400c:c0c::9a
2a02:2638:3::10
2a02:2638:3::12
2a02:2638:3::1a
2a02:2638:3::3
2a02:2638:3::9
2a02:2638:3::c
2a02:2638:d::c
2a02:fa8:8806:13::1370
2a05:d018:d29:3605:110e:d660:4b1d:6eeb
2a0b:4d07:102::1
3.11.123.127
31.3.2.72
34.102.146.192
34.102.243.38
34.120.107.143
34.96.70.87
35.156.210.91
35.186.193.173
35.190.39.111
35.204.158.49
35.241.45.217
35.244.159.8
35.71.131.137
37.157.4.28
37.252.173.215
4.227.249.197
51.38.120.206
52.29.13.21
54.170.121.144
54.170.64.73
68.219.88.97
78.46.23.46
84.200.5.215
87.118.116.9
88.198.250.30
94.23.99.218
0094de2bafc315adb10a0c8e302a2d5069f17ed1b746f04bdb572949eba66987
00cf365b081cc5eae31f6ece71de10ea0b42857b86a511835e5b33e5ab7a585e
013c46bb69056b44df46c3a4d22b3b4ec4eb52aa2d8253019988ffe1494caf7f
0188821dd12386173e0f54df67c6256c18fda68f62df507b001dbdbdf75cdbb4
0201329263acddaf31c80ab50b42f64817eb72d365487549cdd404e795c532f5
0391154f033f1181959e7820f2b33e8c9e5bf9cdb1e03ad0a56e6e3625babfa5
05be26faf168f0d41811b685416d1e5c495f7718dd74d1b26692d5f0dcaa9624
06b99248a163333e36980a6cfb756f1a7de60fa49517162b87b1a44d5d48f844
07bc62ec05a4c43febb0d675bfa4fb404d07f0cc993b5d23d573d30ec89febb8
08106c7bf341e3850ac42fe1844e6a66013f726e6927a91c2b965a6861c97121
08204982c484faf6890c60557a4e642971f17625ddddc0559dc0e3ca728ac9e0
08409d08d8d118c6c6d1c375e079bfce656ac367ff4d1dd9551fff110033c185
084dfc6236ad61686eccbb10710be44b70afddf750aad7694f1ae81c92c79b20
086ad890fd0f983a64e291907934666cdcfebb94f40c247d4641bdc666089baf
095c997695f6a290fdba58b778eb0a0fdcdd9c108669e41265527a262223f1e6
0a98542c5c77556365676280c173fee3e7cf786f90303ec7e74aeac0855c591b
0adb33ca1a9776a37cb4501f171ea405ab5ec85ccd1b6b07ca2f534932f86cd0
0b20952a816c5a65c9f78ddfd6eead55a7e656a65d38fd6c75946af447b816b2
0b29697868cd68cfd1b5650054cc96ea755016b3242bd26469cdbd4e4f6fc18a
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0b907b3bb8a500584ac1447891fa5b93c8b3fb5d20604eae9771ce7259b72805
0bb23de06711894ad6d763f25ab3b5576bdb41046983f9e3776937b05418f6e5
0c94f7120af1dd1e52881cfb218fb4fda3f26d6971c0ebd317ba23b459dcaa1e
0de2a176ad08f62d4eb01561e51936094f156760b03746e2f17e69345824f7b2
0e937dbbcc6ac86d5eea66d1c88c0a4d73d48a0b1ebdabd7c76bf0aab271a0c3
0f140f44defc2e33fda3dfa698b98562fdff1b7af2bdf76166beb1bc6ff2f2c6
0f9eae9df4a466cc9addece97de7d812741e1cac54ce97f94e08a467f13b0d3e
1078a9471c288413efb56e6171522052654e75f88c9c7b522317f481a8ab54d1
1126261762db36bce53560ac36f5ede1954662d33a6d6eeb62d84b715070e7bc
11dc97e7b64c29a3ea8fc907dfa8962fa734ab07efb284ad1af1ec858f158c41
12674ff2c46e5d135f5489a5147cc4996d75efe7a24f2f0b1eb712e9e3327fde
15ffdf30230da879b6ccc878dbe00664ead25fa8c1d9c5980211ac9ad559975b
1658b269a9afc892f8a1f498fc54b1a1d945f270c7ea4c227d56fb9cb69b5d56
17552888328b6085e086c040dd1a688bb82d68c71522e70b8b2444f5442265d1
178c85dd1cd4028c38f2a5812f63414c9d0bc67308a56227ffc9f18e5e2fa863
18a4c05c50ff534451dd71190a11ffd4296cdcf519ad13afa11a365fcb2618a5
18e6b664af7bc55ab0f963920f0da5a86e15f25fea4e223924d8f4b6723a37cf
19567dc1cab0ae72cb4d6a90200d6b1e6bfda3a4cc05421bc6d595d64602f444
19d3bf1a3bf9275c245e9135ef6efe01287a8bacf41914ebfbd26f29a5efbecf
1ad97cb0d89f96b8ddd36a533819f8d4468090c0e807db064e47f382c5d7e93a
1aec6f14ee52905d7f545897a9dfbc42ed61b5f8017f94d8c6a44b185c776722
1b985f9aa1ec76a17cf3c68a46b021562d55fd2e7733b28e6f74c4188696a3f0
1cd58a827318c4a29b32a0db15c8c39d5651b42d8cad227519ad81bce4adb944
1e57378e77a92940db56c07311efdbe76662b76eebd32f3098c016426df8f9dc
1e88e7d1d0170fdb08fc22f8e0a4549f01477fc6654f4efb900c65eb9b4b88fe
1ed413663ea4e8bd13f628842383aaeba0f88fecbf83b3edee26a2a256e47ab1
1f01e7b630ad2abbeac847633d3c040714f7c94ff371d6b4cb3e489947331ebe
1f2bde94d6e56103c547cc33b29ab3c814a150688c1835b785186682073c5290
1f4b2fd2bb6b0c6955b91b7f006468abc0b88b534a77a573fcc1100db24aa5ea
1f7401be53d97db43455bdbcedc182e33833c813e66543e44cdeb1de45615e0d
21c8d4ab514fb2e48242431a3dfaae0a589b145806d10faa701811467e7ce9fc
222489894fb44e82cb7ec52b552b854827065d5c34cf435f1664b11d29d05b5c
224720e350fded9c7fc48c26baa3b7ba40dae30313775642add0784388de8b81
23c3fea99053954c39183a25166a315ed3a34db8300d5db6cbc992b3dc8295ae
241be130e68ed432d9be6d5357a0809683ca2b0d141cca5175d175aabb14a306
24d762fbab387aacaffe0c312772e4294a76685a326d898dfd69b87208bbb942
252a35e9ed3ac9f0334d139fe4c4af52ddb3591173565b8044b3c7a661d45179
256412fe6592632da6ec86565a509e73384d126d983612aec4cf77665f150031
25e6d12bbcd9584a5c073d331a9a9c8030752eec2b909609d4de870f7fb1eae2
25ed9577fc68cbd07e1f845fe2a130b544ae521b97a04f40e54a64a46875fbea
26e3a285b10a3454896111829ad6044ca3d12ed2dfaa0954ecb82467e99f4941
27961ab8c37cddad89230364167c048c6377a80e38542a5ffbca600faf4098ea
29d65a57d9d45a39e1f3d1e608e3c6228bd4dbb189e15bea20bb508aacfa1b37
2a4b16a34759fec47ef434fb04b4c177a682990e3fe33a4935b6202146662a71
2ac9a15a222d71dad9aced6ab7b351383210cf03dbe27aed07ec71da79354a18
2af1b8e91e1ea0f27fab2f6bac1dd1d81867b7a2a8d7cef1084fa39309e0ac6f
2b57f15eb2287dd8e3be27c13aa3f4c572e444cc15988a37cd3db58255e2b7fb
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363
2e2d77d972f1681a879d7bfcb40b851f77cb9fb8be1d53c4af4f1d9cceb02bd0
2f1cf33c64319f125a4e50c6306e8dc1c6bfc9d75d61d2cae90a42a8f0e85424
3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5
3209947ef5d4b55b88a7e0d39ab85696dc6703ac784b476abc58c7b28463d79e
325ea95921d5de02943b01477a94bd966108340481a0b8571c446faff119d5bf
33c60b04ab627662ee9fb07a7d60112c91ebb9989dc2fa7e4b6650323a20b6e4
33fb46b1d3bd789033cbb8cfa7b72c00c9c0be7eecedde183c253668d3fa4a1b
348e29cc1eb9e32d323a9138519e1091c257e0cf8392b0197145401444a6d77b
35e85f594c04ef934a854211495ca955eb7e122feca413160f2d7e6a093319f4
371fc4d7abeecf248aeac4d83200a34cd4ec12f9b7635c9df766540c81159c91
384179ee8fb1fd393558e28ea811532ea776e8cd69f9e94f379ddefb78948bd7
388bd8a442f1f00dc936139630985d910c0b93903b0babf90522f4d7e0456d18
38eb0379c855f10a0e69073af6b54582216fa37b7e2b1563a1246bbf1ef49642
398192df861e2dbbe8d4c7b127d1b276c413501f45b01ddfcee428cfa9bc70d8
39a6b618a1111a172e995cb024510053a8fcefdf57b9367a7ee997b863dff91b
3a58de8d9c7b24b39cfd318f36cf8ac8e2eb491829df30979155028a448fa254
3b2ea1c9f3587781b58285cf64279e67f6329a3924fb93f81529f1826e2f4d16
3c30eaaa059a466037880c18c01c2fe94183d8e67eaab42061d4d2a180114658
3d2fe410ab45a24e9692ca96ebc31f580a39666b12c0aa1beb2c3c52de20e5c1
3d9b0e771bf0255ccf5583a85b215c674e866614409b9c5f10c0e8264d1687b1
3dd5bb9fda081a3cb1bd6d513edb1a71746031bec07d8c646abe5813ba9dd4c4
3deb8da1fe71f561d2f7d06e97143102426b926954ddb829aa27ea2599ef490b
3df6389a8ff7dde8ee50f8c6b0d119e3f773979d9f16e974e4af1f15e3821956
3e306ba371e47b7473091bcc3574b1f9be8962c28ffb6bd5ef07d52c59846726
3e5262f8dd2e248bae2b81dc6d3910298e930ce8f34d36751392e5e1cfe0be60
3f0133a51dbe2306a5d32fbc64643af6fc2503036a2ebec0e61b377d6e60ae75
3f7ae59f6444b922ea4840c69f9feea86a26fae6f3642b31bf48c6f9b3e94341
4062edaf750fb8074e7e83e0c9028c94e32468a8b6f1614774328ef045150f93
40fbdf939ee958bdf305369fb51495e63cc44d2a6357e138a865c1faca904c56
4110b8d5f1e03b8581973d54a6142fa9dff022f45070cbce000d027fd91e1fe8
424a6bfe62d0faa083c180ed119f14d62c3033a3fe57783e1229b0fd16230a08
4275ee4b58a39dcbd59ebeb2c806cb7afc45bde82e90daf14808b64702ad40b7
42e6e358bc7f764358842d65d23e2fa64dca92a503e253654538a43236ee3562
4338b900dcb0f658dc52b480e9a98fad20b051f31d48277fe8a7b0cc0ba8f684
435db380c9936c0970dcd3d9941eab6aec2fcf2a38c3e2b4e02d957e8e76bd1f
44017113e515baeb9edbc21bd74660937194feead9156878006411232f1e4302
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
445b5b95e4474b6e13b379f0cc68237eb927d7da669d8fd4f83d2f7fce3732e7
4512e492257199f988691a0f342b97d0a0d0956bb867996666dc966e24862b71
45941cddb32c44e5eff43b00a2f5ead40b9d0e6323ae161a40c426bc8c500f71
45e18b1689e2f8036562775b899e2b5e1a6af1f30cc1b22f5b5d257d3d21b955
46785e2006a27d27d52b4ed2ac2459d147ddd4b2843efbef626f9e3645b2254b
468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99
47444c3556b254a17d7b6fee8d662cefd56d998a48ee6c36974ef6c7a668b9b2
47fb417f6b72c4edc08dfb90a376b2c88b3b51992bf3c83dd14e011edba2f339
48504d4f0bae1e1d8a3bc5a59a9fba63ac0af15b3ac1a7e8f5c97b4ac82abc03
48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438
49330dbdf50dc3440d871a2408c7ec4fec185d62e419fd9960000cd8eed78950
49652d66df6277d900c3c071868a22a9ae1c45072da5ff7efde056bb43a6de0b
4a32283aaba0418ac1b0953af32fbe71948d43e7cdc08abeca552a9373809087
4b356968ce27532d3582bd20e3792337f1d0f0e324f4b9499ebb0e533cc1c11f
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
4c8fe936e012d2d229577704c34c41a451d7a98aa5c2566ea5c3930aa7e3f40f
4d052b72d024c0b9de9b3f3246595b755ab7e654ac59578770101e2f14ea97f7
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
5023f73a1cb261153ffc1365da89d8312aecb973ccc5d5626f6a539a75509d2f
525d4bcb494f29edfbcf472fec04988765bb0cd93dafc4bf88bf7e66af4e6b40
5306fe709fd7d0683852ea492aef6c85dccbaa53ad430051ff2199a7a5f17919
53e1ec1e1b29a093e5b53bd64414c8191f2de7107d7231a942b6159eb475f195
544c55ca9f05d425f3beb90f287308d7a408b1f60d17728eff5c605a494bc1b9
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
55568d78493cb7e0ee57d25db4418b7d0514549f94dc27314e7626f886b68f8a
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
55dece1e39dc7c1b24fbd04da5d5cec393712b34646ae6b17b0bb8ea39b887b5
56af915ccd90afbb8e6f22a753592c0d82dce00fb636628e53ad05ad3f217c1b
579948647ed5eae6d4e15aedbea9e083223aed76ecfc1c5920ad32e3cc0ae270
5812d2557010d144492cc7ac39b6a8196983793dc1dc16ca6e9df8d0f4e57a39
58a7c01f5b8ec5a2d6e25b2a22b74c84a4a4004d1c430f0c0d3d24c19aacbb3a
595037caf8c890b62b819df7b1a156792c2e455b6ab92ac93cae6d87ab3b7da3
59511404e7b124b5c463ecc182f1a103bf66c45a54be37854d8e0589099ee8ba
5a3c81f4a28442033728698f12f70350c1683788a922661d9be585f139349950
5b46f150b18a795d554d57bfed352f4fe732c5abb15a532537db0710ec1f59b6
5c8aaf3a0a4a9840eef8109904bf9d8ca3cf0933567fc63c82f239b7bd344ce3
5d57d88f79fd5b685f1ba3bd66081456f0b90c1da546002d4e5a6d4517e11156
5d9d6578c454b092af85edcf169a58a394b418c948bcbb510188bdc5c1083297
5e21b054e57b342ba854e5e953d8bfea2d05b93a4a0c297834cc98a58c83bad9
5ecb58845a9ac30e4eb4b18eb0e7431ba1fb195ce035309735efaee67421c7a3
5f5a0db09b2c7d59fce00d749f6b857d80edafcca6897c038c5b77fb942f1393
5feb736923115c10a6ce2636540d6950f32509e1f3554226ac004b73a8382675
60bf02832688d14251ec1c7b8acfda233a91f927f26c7202bdaba781a1f0fcdf
61bb554f7f2636654d8753efec0e55ae8e1ff4853af1942d7efd1f28f54e783a
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
61ea2dab1eea4af85c70041ae92992c724cdabc0ccdd86d9dbf2fc737c09e81d
623c81b092a6116d4d60ff89b14803818efb0b9aebf6e4e2c50241e802f6e016
6300f448d738e70ac11f0140df0b3ce91a2de9e0da7fdf09d32d28031600ba51
631ea14bc6b92620f3cc699986718e52be31a0373605a8ff8aa4af9cf7bc1a08
643dd75cf9812c16397f2d14bd471c6265b4b2edf68b1a4297ca7daaf0f97dc3
648eb61cc2aef711390dbcc92b5f73a833671a5e048b9bf0692405a1271354dc
66336dcbe328647fef40d08c176254965b5e2df5172842bca2ad326653903986
666a81a98b9d8ce2098b91b1ae26d1b7262f82c43c3ecf8232622d4f614f9a0a
67f63277f6b82526068df07bf12fad11eb52a2d7a9818991705a68a69376e44b
67fa96ffd1a223224aa9256a2e859303f3a1f61c4007490350cd620493d12736
6803be2f52ead1d309115282023659e463e493570ab7f63b7ef7e794d6455e40
6823cdc5c5bc297bd4ac06187687fecb2a5c110658ebd5efba820132571fe6a2
68efbddaf18604b239c9507b60f9837b892697a3d698bcf2c131a2be8dd5fe6c
6a00ef2670157738264638d4f31a657e3990ec342fd82599617f8934f4f9de72
6a898f6ff520ba34bd5d8ece4f39b5b6f782065bcedfb4cbf5a87b16e54c4d4a
6abdd3135520376845aea7f867e21036763fca3c80deb3cfd9a834027ca11a89
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
6d52aeb6e2813d5de1488fc255332bd2efeca1e1b739d2d77b0b656efe9b7e85
6efe7e4964448fbdd5349e5116703648d6692fc191736eb19b62515e21a7a3d2
6fb38a6d586ca0ce8cfa72b2a79079e62ba35f35cd8bd92e0414576f7e093a93
701986f7bcc7d1c2c44605fbf0796b72f7c421ae2180621a9acc5f25ce293a7c
718922936ee6947830e53e237f190f64e4c3143a49abbbe9c30a08bcf6cd9e44
725e869434fef8013208ed4c233d29744f9b363f867dcfb8f23e862880fa699a
7377039b14c85308d94f29e779acfc69fd32b2c00b09bdc2f26a2542409973e5
739608eb3f50f513d7bd20bb3f96296b6323d0bb8fc791ed2db3264a03123673
74398a201227d8ecfec89fee85fdd54b35675b0e3905914f81d336071b769872
74cfeedc4343ae6b4171c4c1484e5b7c4c8a2d7b2a399023c97e3740725de227
74e4cdeeb9d39cb5cde81b406f2d3dadb2ec92e4643a6afb1a436e921fef8a39
74e57933319387bbdf961b65b978eedc4cbad7f61f8b2b6f47a7d0886ad95ea0
7567d21efad4a22bbbad2b19bbb5b1b4eff9ec6ce410a2137e9ea3dcd83ee92b
7571db16348512fc55b35102ce3699733cf0882f4b4fb3e652fa8db700c07fb5
7608dfff6715fd99be71577da2a08ca91c4b003313f41e0ffdda76b09f5b749d
77246737e6000f65f7b6a7fa576976553e1dbc84f125d2fc3ae6b157cf9bf4e0
77c2fcac7e77f0bc0ffe790dc7845c51850c50d4b8444a157f7206837475d6d8
77cea5181400dcea09d396e614b6d0ecf9ac52f4bb388178a3086c6b4a4d85cd
77dfd1999fedfc054298bf9888d846f95ee8d27702d06113a5be3202bc9bd87e
78fca88f95be91c7135968634b0a9bda02fbda308f0f5fad5600040a8691ee23
7912e72b602b2d0f47219cf7b075968b46b017f2f775ed62df64f28160d618ac
79a108af13c1880a50a1334cf87b41db4fdf6a1f641fc8eca0cfc86f9fc05ab5
7a643ae090dcbeeaccbe36489da4999b023396bc49ae725f3e7f10927dd6bd69
7aa6352acc051116fdf2b9d65f0b20712a358940fd0f3b0e1140c475c1d8bfc6
7b890dc41d051c686bda87447a5556a4d7e1a53fd40dde66bc9f12ea83bc00d1
7d8e89f8a9f0f83d17f5fcd12ace577219a0ddcf73eece11c8a89e6bfb0a2d6e
7da612499b4e2c12c48f55480b703a7fed3227d97b6877753c53e090a9ae229c
7df956c080a1bb3ed36decdc5b978505ddf07aa8d4b1b69e6ded3a9773464a2b
806bd0ebadf98dbdfee863e715a395ab7a2a82eddefd365648deb48ef592302c
80f16409981f33de594f7f75ba13f3414afbd7b8663afa0e495a9c601496b198
810b0e748dd879fdceae5278bb2277b80f7cc620a2e05b0a8a62e3010df2bad5
8201b02c2df0c6496a05372d58423399054d4553832a91fcc83150854c39ad7f
825f99a399ad27c48025d7dc29e1f7e79f0da08282dccece11495a299a19eb78
827a38de1edccf1536e6ae86cb89b4fafe9a3fc616e9486f8172f57ebf88f972
82eb0724b3cfebe17ce8aff8c8b33ea9f258453e37c395b31d429d70f314b307
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
844b87b27dc65dd4bfd6b4a840673478ecdb0512337f6b30f7af691c339908af
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
861aed070db50ce0da9928455deff784c115b44540b09450f225ff7cff0c7429
873e5c46cc8ce0b17fbe1f11dd95e9f15dbfa715e3e407d97f31611b5a460d8d
8784ce0b0c3714b41e920f2ae49c677a2b475a65ae70df49e417a2096134d47b
87960e7994f9fc5f6d2fc8c0b93be02f4b9b7cdca0dd9c726f5806d8e9092068
8a3930ca668cd6b46c0e55cd440671f570ef70d309e64359e89c2c9ec96c43ea
8abf600128e431bb9631811f74561e1bab28dabc060b06ac5cf66b3a6c80f086
8af3879e79e84eb580e9e23f86880c32d97f52d56896d789bbf4896a9d002c17
8be82f349b2994d7f0ed7fcba5e50ffb8a960f135e513b34730af4578cab9883
8bec500b5753418a55c12012f17927edaa52dca7f56f1e7e57f0159125ae1149
8c9bf9333f6e1ec3b4a1344f7030099f19d9f5040a397c70481b744190e8d6a9
8cd629187427fdb93787d7156be7a32c391bb2a8da471bbaa274e806e48b36e7
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0
8ec89605fe3d580e9539c7b858e8f69ba4e26fe06377ebe04585397de23a7395
91c32cf62c2a7ec7bc63bd4354823f66812d56d2323a5298eac81e5b969811c2
926538d55b53165dde3d6a5390b690d1d78efc097dbe307be0998ecf6bff6887
926d0470826aa90ed4f834f73cc2e6d0fea211a2efea75537c324f24f6668744
92e4e60b11970c28f248f17e7d79e2338c956418393f15ee25da0d9ff8718d57
932ffc85d925259f1a133aec23869b5d519252b9e4acc58faaf076d9c077e06e
94a78761682fa48e72a3f4547a7d7f3bd6b9adf948c5885ef0988f294a5f68aa
9587db045d9ba3eaec6420e5db67290e2ad0a037c16c5aa6055db938cd9dc911
95a29f9cbea352c0e270f5bfb9440fe21cea2ace4c54d02b3248eb2930b518a4
96d2738ac93887026499a36bbead36fbb3307af0389119ce89bff112618577ab
98f30b947680b7dbada879a4db41df995c221400d6f2c31bf4fa87b75e17a7d1
994f7280fd7e284cf6dce90a5432ec8521bd4153deb56a1ba72e9c9a35b45fb1
99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12
9a26a2ec72589679ce3749fab1f86389709be7df0dd8b2f1ab17d275f5b91d23
9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062
9c0bd36219bb937456f173bbee8ea6a99cf568e1e8c01aad699f44e31a725510
9c31edb555f9d7750905c3d52e87092fdca1f5443c1eb729758217972c5ce03d
9d3ec63457fdafe8c9c5934698f5aac38ac8e8958ca23311e10be773a8767b47
9efbec8ee30e2771f5ad94e0f5882cde3f7d6c8a98e87effcbe66928c2b40a42
9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120
a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8
a0e62ca4a82bef79bbe9dc2aba6c0782a7d8eca046bb1baa30ee91ec37931553
a120491ca294d6de83b6a11c10883b4bba4d2e931544678177d178999f0aec38
a1a256244f073b9ed474c52d16f8b7d0ed5d92ca4129042d6ee150817671bcd9
a2e14a498cfcc1b6920f069a9d657ad3c6fbbe217dd26dbfe54815db5107fed6
a2eacbd0a55e794d92e79a03b68c07f613a0ab710ffaffe5f1d12d67aac843a1
a2ede4aa857862dca8b7b0c07012f84ed86a40571ac6066873ab107c5e7b3713
a32a2f8e63f3c2d90d9653f6f762f980b13b90e3a32777b2228930045a951213
a42170b060c772626a291adefc56be90d372bd294689d19e246fc4b48f37dea7
a4b471bfbc1a37faddcca86c5a70140f0f79636b5c497a2f17f58624a0e0dc43
a4f90120be35c42f1e51350c3e2ff9b4426c0bccb7bcc85260620e66a666c6ae
a5230196df9a4e9f6382c504668862efc8e25c1ec093c7dc997fbedb4b3ec54e
a5c8319a5fdb00c0748e8eb7a989aa943e95eebc2d3b4c0331f95a43ccf11751
a71fdb2af0679f36edbf63eb7944dc2403c85572d9de916cfcb12bf6277c5c37
a7871476057d36f6562b06be9d18fdea94c2265820128c364c815d8b24831030
aa51d6bede73a68a7d5922d73fae8402e12f0eda136e2fa13e9f4eea947c4523
ad1f50f1e4313474a3cb121265effa186bd223e4d2a7e58dd6c6772868e8edc6
ad3264366bc0d6c4da713c77b542d378664d3432220f55c72545af60add6e051
ae76deb1204078b68925cfa67f9d54d2daae3cce0211a2942fe90b5e32ee5842
aeb35390525c9a2ff55b35bceabd869925940837d658ac837fd1603db2c1455f
af82cd92cb1df231870f60b847a411fcc4adfffef67f01fff41885828edee2e3
af88c5b082e4cdbb9016a00827bb33933af866357815b28d63be65ea330e8b23
afd440caeab862648e849e7150b6c15c064c05483441139c1f20d420b2474793
b04a268fbd6ac543dcd653b1c529871767a5b78cb2a2f40e54bcb0bfe2daa154
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b2a9b88d0ebb9c7c56c71ef4760225be1c6c871d12cc64114cb37145b8661b43
b2fcfbc79f4d51f9afaa3f8c42ce6b8ade64c1c36f599876bbd018a69eb6301d
b633a587c652d02386c4f16f8c6f6aab7352d97f16367c3c40576214372dd628
b6af033ab5b5d74fc4c4a81e72593e34f1c2b76bd74f5a568f69ee7a66026e83
b7bc51683d3e3a95e0744903fdaff5c820cfc7815bcc28478b7194eb4975030b
b8047588ad2d604669ffc521341dd306637c33983a7cee27131df6f91914b479
b95912fff3048adf5d4a37abd7491429e01ceaad7e97437be6399fb17bb222cc
b96d12ea9b5782f13375aa77457fbcb1250f5620c799035d861f4ea3c709550e
b9b9778ace17303aa6e66559d1a8fad8fe4aceef1556947c304a0d4200201a07
ba4a0c91bdda0c6f615970c6c39dbe9e47f84613f5460c2b21bf5d1eec6277a3
ba9f43fbd9c0782c72ff6eddd221abdcfd9642cd4625227ad693347e4d6989db
baae3a9e8285066a823d816f606ccebbc57e20e690195b02f56c5273c9b3d50f
bbdfcce5c48506045255faf20a94cbb773cc14c04e3f64e6507e6f9a9ccc91b7
bc7ce0f61451a214b44271aa6889d36324b4f3ca65102ccfcac15c59208f7e8a
bd44131b24d9a9ebb36660539de4140617f42deadf12c14910fa25b10b9012bd
bd639d613b54759e08ba0e73fcac45edef560aadcbb73d5103721134fd2103a8
bdb15d2cef0af4bf502f8635323a0ed0eb9915e8c4966f9466783b296666f721
be0aca6d438e35555fb33379f42ad1e025bac66905f97b1044331e434c9901f4
bf5b911ce6645add415b3dbf40d50dc8cda426f38f5300525bf4793c4131b2c2
bfe58c3e4f67928f320950cb05524dc012abf7ab1096958560101be80f83d447
c03170446d5d481a6fab2a752f1dc6f971558dff1d43c516fa461a4d2bb53bd0
c14345412751f84fd061a93eeacdcae18c1d53a21501609217b1cf3f6f9dea41
c1d5a94de96e16ff5cade47262ae251a766b737cdb70440e0aa96f2f3848f575
c22f9d5f6507963d8f78d019c222001b4e6f0819bb2fac28c8b02353f667b80b
c2583c951d2e578bbac20cc1186b6ac4346b4d1e65a6e43279f2a08f6633846e
c38b547a6d5485fa245db5e9e4396710e338171ee706b6acd0e2fdedd2ad9145
c3aa6b68b2e8512c49dcbbc74c0975cf10c0afdb9fa17a37d5d1e7fa3a609604
c41da4ed8360857d1789b6356a4562ac9a0c57d7dbf0d5e9571372abd73bc162
c60a414860972a7deb0e0ceb8ec906b237f9a869c754090dbdd2ecdab5cac26c
c615b6a6d65218717a118f2c54fb6dedd4902cdf1f88475bec7d5dae8b9cc28b
c6bdd002d23dcb0adbd87e3518bdd994de73818a0f0f502707986301b9fbc404
c7f7f5265aeb0202ce88e8a6dfcc0ca25a7b990bb9ffac2f9e430ae6af2b6154
c82162a5a7f4a06b7a8766275c1cbf2f28fa93ca2bd34336d25a7f7b13616892
c8d350cf1477e8a48ca70a7392867aeb7735116b19a9cf1bee19198f61e4d9d7
c93052185dec9b10410892facf4df051c873fd4f84c0bb720f9c0fe5a6b88c0c
c955e57777ec0d73639dca6748560d00aa5eb8e12f13ebb2ed9656add3908f97
caa43ed473ddfb5eb632d383a083e448deb8307c98602cc2e51fdef4e1612483
cb8f1d149e89e2fc12e167bca2ffd7d934fac475417136b6ad6369a514523a4e
cc79a1c2e75cb8a81a7df1aab90877149ae77867bb537fbf22c62a0977658344
ccae2b61a3aad8c4e607d727eb78e09f10c040b45f9188dcd461281a188ec3e8
cd95cecd716db33446afbe8d93bae288bec7a6c98793dfd57b05838e78c31544
d00881661ce5e766ce98430f69d6d217ab80bdfa98811e039afc92a327d57a68
d050c56b76cb2dae10e3eadd8e8f5e83594db0916d25946bec2f662f69dd776d
d0bffc7261df1454c5e05475cda7d9e6647318dc6c3936767e1252bfe8849c54
d0f9ffbf017a391762a1aa768aab2b749feeec6b3fa6759b151ef7bbd836c3d8
d1ed3276e903679b77d2ffcd87d28628d2ffd0ec052ea933c45dbb38befe1dcf
d222cce9b803f746e839aa0febec4740b5d087d00deb8de050bb20db32164cce
d3d52f12ba1350354373d48fa007a3c4603a36df4b4436ebd1430fdd2fc6ce75
d3ed093ef75f693748e92c966ae8e42e7fcb5307e328b574194cb3c47271ddfa
d41dc07aed30cb54de661289691254b1288a52bcf4d121cec3acb89d4aa872a8
d46df17d4e3239b6eaf05d2e349fc1bcc81d004d35f3e1fb8c12308aa2d439b5
d83c85fef6e02623df4b37dbf7735c828dbed85e56443e765ec996f38cbb4db1
d9fd0aeda423bd39a36871759ef7b17dab3d51e5981cd5839103f990b8b9ef60
da048d750f80c54a010a455dea80502cdbb958225d4e4bf059c087adc42a96a9
da0664b7efdcc5c22d0f37d64ca3b2db52c4257ed285b9c5f4b9f2e23b5477ae
da6a1ca340234163aa46a071d282d0810bb058be8163fb5b7042fd88a07a91d9
dd750c079ff8953fb54c97e67fde64e5ca38e999a76d4ece21dd3b87629d2929
ddb55b0f3f26f1275a2191e499b60f530cceb7384faab53141743243bacfc090
de1fbb553185a4282639c0d8ed05ce259c3f8d6c474e6d278c59c63f5a69771f
de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
de9bb3e58f837a29cf3a31068bdf4c216576f066d162a6c626843deb5253ca1c
e03e2c7a11bbba28e59c5bbbeaa5713859f90db11e37867140ffd2cb48dc0b50
e04392671705056b0815a17acc2fac35b55fbc59367e1f60f3fbf542e5e3cee0
e0ee294b5487df566aad23b603fd902535634cfa957be8e7620396515afb1047
e35dce4f870650ac2bca9673112895e5d3b79414c55c226c249f8c34d6f797a0
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e3c185d7172e2bbe4b5febef13973e745e0fa130113b993b150602b3bcdf9b32
e3dc66b3397d684337d6b13f9ccf369b42acfd23d1ed020d93e84c40899cb023
e495b74c18a68ec1925b1c0164d481afeae65e2b893034b51d2efc680eee1dbb
e519cc4b7b8fdc64a7aaafc1b808cde266a234205aac0d6c55589c12446d565e
e54e4ec49d2a8ee4acdfcd89ab85619fc73f25874d7761dab806ec336927dd97
e6114f5ed1915856e4ea247624aeb630ecb726047813218f5955cdc071562c20
e741fb44e74cfbc464a6c5c8f9123efc8ddf9c4b6384af557c0881c7fd3e3934
e81e6b638202bbdf9e2ebe46b4137db06f58c43baa9f35b3e79d98108001a212
e885badff253144e188588b5657e13cfa1135d4cd682053c9cca02b83baf1ef2
e894790f94e3a05204133a40f03afc95448a6baa36b93ed42ea63b1139f779ac
e89edfaac75319e12d2ba18d9398bd6407b6ff6f2e00476a860d3d14a924f696
e8ee6af1358b1bb58da21b134881a294a1832e932edc73bc0020217e6acf82ba
ea3f874e92d2f05121d133ae8ab4e2138a7f904af2b9f8f4719a0543bbc3bc9b
eb567300d575011433a1bd14890a51802add041d48c7944e0256f169c12c2d3a
eb658766bc0865b719c76913b6b82ba32d0e14660216bf8d6d3953e30ad3e06d
eb66c7c9d097d5ba414230f422484c17fa6f37157d30e1ded2cc5f65a9667987
edb25d4948f45365d19947d467871cea6d24b32b95fc2f336f9e7ca1e5ed22db
eebe29898b8b7de5c9e47daab474152be8095e3ab42d768b84b085c5a12b95c6
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
efe09652f2190403a1b77dd117d5cb7053301cc8d5677859ae31846c3a1d56d0
f01fed9f6b8b421848fa06f07ccc4574ac54ba7ed184d0c4ca3230a061006262
f18b85971e56c57e43b66269687d31d7e9e68be4bb695a3d17c9fc2de86d842d
f3bd93baf2d7ea7fe404497a78897e9300a56e1ef8e452cdd29c0156b2ff3aa5
f3d846f975b75dd38fe6fd59c7cc54dfc8a75d1961fde4658c622004e772fe4f
f4e16c137bfcf443839c20e1038b9ee2dec570f047ae3b1c8f9378e9176750dd
f4fc90162e85811939db0e7f4e28a2bd21a6bbd016abf382698b5c1c2b0aba7e
f51deb4b17f3929fc38473d43ed9b2a88d480864757574ff0e8f1ce327a5babe
f5a48b3eeb24a28a9a489068208f8b1bc9723b8aa20d0972ef48d5383adc665b
f5ac04f16be2eb0fbb4477e9e100a88674bda296ce7acf2419ec2898858b37f1
f6cfe89b284e6a2100a86b8d6b0e52b76b85cc62622a40d63e929f328d883a6a
f70e8b2108edfbcc2ff74ac7fd6e7cf46f0e9c381ab9b8781beb016f77061ac4
f823642585e5efb071f9d6d4d78abb7fdd15e447049275b662307f2e7e7595ec
f9efcae330a872c802ed89b8c84a76283fd15ee41a69aede0a6e283a3cbd051c
fae2a3711c236a7fab2f5639cf38d448a2f97ace2e113098838994958f2ebb5b
fbb6a8fd8eb8b0e9642821c3000b8346b1b64eb8e75f8d55bd5e3be5b3887a96
fbc6bed540723f219a878e5735ae8cb1c05aa9f7012bf21870cd79e41af25bcd
fc4e402a4567150f1ed2fc6d4724d0a2c3af03b4830d04c924ecd3310b40664c
ff70c9bc4650cf5e6b12d1feaa7af29ebf0681993fc0c5ffe3658cea0dbd5403
ffbffd1cbbe99c8bf0b6d90ad55f20f6138691e971565cd1a55e39ab4b61278a

foreks.com Open in urlscan Pro 18.173.154.20 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

690 Requests

94 %HTTPS

47 %IPv6

70 Domains

108 Subdomains

87 IPs

11 Countries

10365 kBTransfer

47107 kBSize

71 Cookies

30 Outgoing links

Page URL History

Redirected requests

690 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 28 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

foreks.com Open in urlscan Pro
18.173.154.20 Public Scan

Screenshot
Live screenshot

Full Image

690
Requests

94 %
HTTPS

47 %
IPv6

70
Domains

108
Subdomains

87
IPs

11
Countries

10365 kB
Transfer

47107 kB
Size

71
Cookies

690 HTTP transactions
28 data transactions