nets4.com Open in urlscan Pro
2a06:98c1:3121::7 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://nets4.com/domain/megaplay.cc
Submission: On March 02 via api (March 2nd 2022, 12:15:08 am UTC) from US — Scanned from DE

Summary HTTP 351 Redirects Links 15 Behaviour Indicators

Summary

This website contacted 52 IPs in 7 countries across 46 domains to perform 351 HTTP transactions. The main IP is 2a06:98c1:3121::7, located in United States and belongs to CLOUDFLARENET, US. The main domain is nets4.com.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on April 29th 2021. Valid for: a year.

This is the only time nets4.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
14	2a06:98c1:312... 2a06:98c1:3121::7	13335 (CLOUDFLAR...) (CLOUDFLARENET)
11	2606:4700::68... 2606:4700::6810:135e	13335 (CLOUDFLAR...) (CLOUDFLARENET)
16	2606:4700:e0:... 2606:4700:e0::ac40:631d	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	108.138.7.59 108.138.7.59	16509 (AMAZON-02) (AMAZON-02)
1 15	2a00:1450:400... 2a00:1450:4001:810::2004	15169 (GOOGLE) (GOOGLE)
1	2606:4700::68... 2606:4700::6810:5e41	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2a00:1450:400... 2a00:1450:4001:810::200e	15169 (GOOGLE) (GOOGLE)
1	2620:1ec:27::... 2620:1ec:27::cafe:1784	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
5	40.76.174.66 40.76.174.66	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1 2	52.142.114.2 52.142.114.2	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1 1	2620:1ec:c11:... 2620:1ec:c11::200	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
29	34.227.128.233 34.227.128.233	14618 (AMAZON-AES) (AMAZON-AES)
2	2606:4700:10:... 2606:4700:10::6816:47c5	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	2a04:4e42:400... 2a04:4e42:400::649	54113 (FASTLY) (FASTLY)
5	2a04:4e42:200... 2a04:4e42:200::649	54113 (FASTLY) (FASTLY)
5	2a00:1450:400... 2a00:1450:4001:811::2003	15169 (GOOGLE) (GOOGLE)
2	2606:4700::68... 2606:4700::6810:5f41	13335 (CLOUDFLAR...) (CLOUDFLARENET)
24	142.250.185.130 142.250.185.130	15169 (GOOGLE) (GOOGLE)
42	2a00:1450:400... 2a00:1450:4001:827::2002	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:829::2002	15169 (GOOGLE) (GOOGLE)
9	2a00:1450:400... 2a00:1450:4001:82f::2002	15169 (GOOGLE) (GOOGLE)
11	2a00:1450:400... 2a00:1450:4001:810::2001	15169 (GOOGLE) (GOOGLE)
9	2a00:1450:400... 2a00:1450:4001:80f::2002	15169 (GOOGLE) (GOOGLE)
36	2a00:1450:400... 2a00:1450:4001:82f::2001	15169 (GOOGLE) (GOOGLE)
4	2a00:1450:400... 2a00:1450:4001:809::2002	15169 (GOOGLE) (GOOGLE)
6 25	172.217.16.130 172.217.16.130	15169 (GOOGLE) (GOOGLE)
3 7	2.21.141.232 2.21.141.232	16625 (AKAMAI-AS) (AKAMAI-AS)
3 5	37.252.173.22 37.252.173.22	29990 (ASN-APPNEX) (ASN-APPNEX)
8	138.201.63.150 138.201.63.150	24940 (HETZNER-AS) (HETZNER-AS)
5	2a00:1450:400... 2a00:1450:4001:813::2001	15169 (GOOGLE) (GOOGLE)
4	2a00:1450:400... 2a00:1450:4001:82a::200a	15169 (GOOGLE) (GOOGLE)
1	37.157.6.245 37.157.6.245	198622 (ADFORM) (ADFORM)
1 4	46.4.10.47 46.4.10.47	24940 (HETZNER-AS) (HETZNER-AS)
4	2a00:1450:400... 2a00:1450:4001:803::2003	15169 (GOOGLE) (GOOGLE)
9	37.157.6.247 37.157.6.247	198622 (ADFORM) (ADFORM)
5	37.157.2.248 37.157.2.248	198622 (ADFORM) (ADFORM)
4 4	145.239.193.130 145.239.193.130	16276 (OVH) (OVH)
2	88.198.250.30 88.198.250.30	24940 (HETZNER-AS) (HETZNER-AS)
2	46.236.13.147 46.236.13.147	12703 (PULSANT-AS) (PULSANT-AS)
2 4	216.58.212.134 216.58.212.134	15169 (GOOGLE) (GOOGLE)
1 1	94.23.99.218 94.23.99.218	16276 (OVH) (OVH)
2	54.76.176.197 54.76.176.197	16509 (AMAZON-02) (AMAZON-02)
2	104.92.94.3 104.92.94.3	16625 (AKAMAI-AS) (AKAMAI-AS)
1	2.18.232.28 2.18.232.28	16625 (AKAMAI-AS) (AKAMAI-AS)
2	64.202.112.95 64.202.112.95	22075 (AS-OUTBRAIN) (AS-OUTBRAIN)
1	13.225.73.126 13.225.73.126	16509 (AMAZON-02) (AMAZON-02)
7	2606:4700:20:... 2606:4700:20::681a:ad1	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 1	52.215.248.120 52.215.248.120	16509 (AMAZON-02) (AMAZON-02)
2	52.223.40.198 52.223.40.198	16509 (AMAZON-02) (AMAZON-02)
2 2	213.155.156.167 213.155.156.167	1299 (TWELVE99 ...) (TWELVE99 Twelve99)
2 2	18.196.142.162 18.196.142.162	16509 (AMAZON-02) (AMAZON-02)
3 3	18.156.0.31 18.156.0.31	16509 (AMAZON-02) (AMAZON-02)
3	144.76.104.53 144.76.104.53	24940 (HETZNER-AS) (HETZNER-AS)
2 2	185.29.134.248 185.29.134.248	30419 (MEDIAMATH...) (MEDIAMATH-INC)
2 2	151.101.194.49 151.101.194.49	54113 (FASTLY) (FASTLY)
1 1	159.122.14.34 159.122.14.34	36351 (SOFTLAYER) (SOFTLAYER)
2 2	37.157.4.29 37.157.4.29	198622 (ADFORM) (ADFORM)
2 2	76.223.111.18 76.223.111.18	16509 (AMAZON-02) (AMAZON-02)
1	185.86.137.107 185.86.137.107	201081 (SMARTADSE...) (SMARTADSERVER)
1	2a00:1450:400... 2a00:1450:4001:810::2006	15169 (GOOGLE) (GOOGLE)
1 2	2a01:4f8:d0a:... 2a01:4f8:d0a:2321::2	24940 (HETZNER-AS) (HETZNER-AS)
1	49.12.16.151 49.12.16.151	24940 (HETZNER-AS) (HETZNER-AS)
2	52.30.107.253 52.30.107.253	16509 (AMAZON-02) (AMAZON-02)
1 1	69.173.144.138 69.173.144.138	26667 (RUBICONPR...) (RUBICONPROJECT)
3 3	213.19.147.44 213.19.147.44	26120 (RHYTHMONE) (RHYTHMONE)
351	52

14 2a06:98c1:3121::7 (United States)

ASN13335 (CLOUDFLARENET, US)

nets4.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
s0.nets4.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 2606:4700::6810:135e (United States)

ASN13335 (CLOUDFLARENET, US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

16 2606:4700:e0::ac40:631d (United States)

ASN13335 (CLOUDFLARENET, US)

img.nets4.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 108.138.7.59 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-108-138-7-59.fra56.r.cloudfront.net

cdn.purpleads.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

15 2a00:1450:4001:810::2004 (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:5e41 (United States)

ASN13335 (CLOUDFLARENET, US)

static.cloudflareinsights.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:810::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2620:1ec:27::cafe:1784 (United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

www.clarity.ms	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 40.76.174.66 (Tappahannock, United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

d.clarity.ms	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.142.114.2 (Dublin, Ireland) 1 redirects

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

c.clarity.ms	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2620:1ec:c11::200 (United States) 1 redirects

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

c.bing.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

29 34.227.128.233 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-227-128-233.compute-1.amazonaws.com

api.purpleads.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700:10::6816:47c5 (United States)

ASN13335 (CLOUDFLARENET, US)

static.addtoany.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a04:4e42:400::649 (United States)

ASN54113 (FASTLY, US)

a.tile.openstreetmap.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a04:4e42:200::649 (United States)

ASN54113 (FASTLY, US)

b.tile.openstreetmap.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
c.tile.openstreetmap.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:811::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6810:5f41 (United States)

ASN13335 (CLOUDFLARENET, US)

cloudflareinsights.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

24 142.250.185.130 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s50-in-f2.1e100.net

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

42 2a00:1450:4001:827::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:829::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 2a00:1450:4001:82f::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 2a00:1450:4001:810::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

9d3db8ab1ff0389442585139645ed3bb.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
32c3efa6714cb2b02cf65da12bc75bcc.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
70b0ceb22da14a85eb434682fdac30c3.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
7ce4d47c5fc3eeb26be33dce2b4e0b6d.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
16ef2bfb7fd529af9b454a60baa82224.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
41930831e50f6c0a667ec604b453a08b.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
5d1e409b7e761b3a6327b2b6b243a2fb.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 2a00:1450:4001:80f::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

36 2a00:1450:4001:82f::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:809::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

25 172.217.16.130 (United States) 6 redirects

ASN15169 (GOOGLE, US)
PTR: zrh04s06-in-f130.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2.21.141.232 (Frankfurt am Main, Germany) 3 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a2-21-141-232.deploy.static.akamaitechnologies.com

dsum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 37.252.173.22 (Frankfurt am Main, Germany) 3 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 536.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 138.201.63.150 (Germany)

ASN24940 (HETZNER-AS, DE)
PTR: static.150.63.201.138.clients.your-server.de

hal9000.redintelligence.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:813::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

cdn.ampproject.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:82a::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 37.157.6.245 (Denmark)

ASN198622 (ADFORM, DK)

track.seadform.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 46.4.10.47 (Germany) 1 redirects

ASN24940 (HETZNER-AS, DE)
PTR: static.47.10.4.46.clients.your-server.de

hal90002.redintelligence.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:803::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 37.157.6.247 (Denmark)

ASN198622 (ADFORM, DK)

track.adform.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 37.157.2.248 (Denmark)

ASN198622 (ADFORM, DK)

s1.adform.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 145.239.193.130 (France) 4 redirects

ASN16276 (OVH, FR)

pv.medialead.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 88.198.250.30 (Baienfurt, Germany)

ASN24940 (HETZNER-AS, DE)
PTR: static.88-198-250-30.clients.your-server.de

pb.media01.eu	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 46.236.13.147 (United Kingdom)

ASN12703 (PULSANT-AS, GB)
PTR: 46-236-13-147.servers.dedipower.net

track.webgains.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 216.58.212.134 (United States) 2 redirects

ASN15169 (GOOGLE, US)
PTR: fra16s46-in-f6.1e100.net

5994599.fls.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 94.23.99.218 (France) 1 redirects

ASN16276 (OVH, FR)
PTR: ip218.ip-94-23-99.eu

medialead.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 54.76.176.197 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-76-176-197.eu-west-1.compute.amazonaws.com

ad-server.eu	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.92.94.3 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a104-92-94-3.deploy.static.akamaitechnologies.com

www.awin1.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2.18.232.28 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a2-18-232-28.deploy.static.akamaitechnologies.com

images.outbrainimg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 64.202.112.95 (United States)

ASN22075 (AS-OUTBRAIN, US)
PTR: ny.outbrain.com

log.outbrainimg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.225.73.126 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-225-73-126.fra2.r.cloudfront.net

analytics.webgains.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2606:4700:20::681a:ad1 (United States)

ASN13335 (CLOUDFLARENET, US)

ad4m.at	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
as.ad4m.at	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
assets.ad4m.at	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.215.248.120 (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-52-215-248-120.eu-west-1.compute.amazonaws.com

pixel.everesttech.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.223.40.198 (United States)

ASN16509 (AMAZON-02, US)
PTR: a6370ebea231e0c9a.awsglobalaccelerator.com

match.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 213.155.156.167 (Sweden) 2 redirects

ASN1299 (TWELVE99 Twelve99, Telia Carrier, SE)
PTR: 213-155-156-167.teliacarrier-cust.com

d5p.de17a.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 18.196.142.162 (Frankfurt am Main, Germany) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-18-196-142-162.eu-central-1.compute.amazonaws.com

pixel.advertising.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 18.156.0.31 (Frankfurt am Main, Germany) 3 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-18-156-0-31.eu-central-1.compute.amazonaws.com

ups.analytics.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 144.76.104.53 (Germany)

ASN24940 (HETZNER-AS, DE)
PTR: static.53.104.76.144.clients.your-server.de

hal900022.redintelligence.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 185.29.134.248 (United Kingdom) 2 redirects

ASN30419 (MEDIAMATH-INC, US)

sync.mathtag.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 151.101.194.49 (United States) 2 redirects

ASN54113 (FASTLY, US)

sync-tm.everesttech.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 159.122.14.34 (United States) 1 redirects

ASN36351 (SOFTLAYER, US)
PTR: 22.0e.7a9f.ip4.static.sl-reverse.com

um.simpli.fi	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 37.157.4.29 (Denmark) 2 redirects

ASN198622 (ADFORM, DK)

c1.adform.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 76.223.111.18 (United States) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: a0f671730127a0812.awsglobalaccelerator.com

eb2.3lift.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.86.137.107 (France)

ASN201081 (SMARTADSERVER, FR)

ssbsync.smartadserver.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:810::2006 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

s0.2mdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a01:4f8:d0a:2321::2 (Germany) 1 redirects

ASN24940 (HETZNER-AS, DE)

cdn.retailads.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 49.12.16.151 (Germany)

ASN24940 (HETZNER-AS, DE)
PTR: lb-1.futalis.de

futalis.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.30.107.253 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-30-107-253.eu-west-1.compute.amazonaws.com

api.webgains.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 69.173.144.138 (Frankfurt am Main, Germany) 1 redirects

ASN26667 (RUBICONPROJECT, US)

pixel.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 213.19.147.44 (United Kingdom) 3 redirects

ASN26120 (RHYTHMONE, US)

sync.1rx.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
sync.targeting.unrulymedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
89	googlesyndication.com pagead2.googlesyndication.com — Cisco Umbrella Rank: 92 9d3db8ab1ff0389442585139645ed3bb.safeframe.googlesyndication.com 32c3efa6714cb2b02cf65da12bc75bcc.safeframe.googlesyndication.com 70b0ceb22da14a85eb434682fdac30c3.safeframe.googlesyndication.com 7ce4d47c5fc3eeb26be33dce2b4e0b6d.safeframe.googlesyndication.com tpc.googlesyndication.com — Cisco Umbrella Rank: 120 16ef2bfb7fd529af9b454a60baa82224.safeframe.googlesyndication.com 41930831e50f6c0a667ec604b453a08b.safeframe.googlesyndication.com 5d1e409b7e761b3a6327b2b6b243a2fb.safeframe.googlesyndication.com	542 KB
58	doubleclick.net 8 redirects securepubads.g.doubleclick.net — Cisco Umbrella Rank: 159 googleads.g.doubleclick.net — Cisco Umbrella Rank: 37 cm.g.doubleclick.net — Cisco Umbrella Rank: 175 5994599.fls.doubleclick.net — Cisco Umbrella Rank: 70120	1 MB
32	purpleads.io cdn.purpleads.io — Cisco Umbrella Rank: 233927 api.purpleads.io — Cisco Umbrella Rank: 196419	49 KB
30	nets4.com nets4.com img.nets4.com s0.nets4.com	419 KB
24	google.com 1 redirects www.google.com — Cisco Umbrella Rank: 2 adservice.google.com — Cisco Umbrella Rank: 59	29 KB
16	adform.net 2 redirects track.adform.net — Cisco Umbrella Rank: 3678 s1.adform.net — Cisco Umbrella Rank: 7462 c1.adform.net — Cisco Umbrella Rank: 529	195 KB
15	redintelligence.net 1 redirects hal9000.redintelligence.net — Cisco Umbrella Rank: 31122 hal90002.redintelligence.net — Cisco Umbrella Rank: 212477 hal900022.redintelligence.net — Cisco Umbrella Rank: 242383	143 KB
11	cloudflare.com cdnjs.cloudflare.com — Cisco Umbrella Rank: 197	271 KB
9	gstatic.com www.gstatic.com fonts.gstatic.com	547 KB
8	openstreetmap.org a.tile.openstreetmap.org — Cisco Umbrella Rank: 13156 b.tile.openstreetmap.org — Cisco Umbrella Rank: 13394 c.tile.openstreetmap.org — Cisco Umbrella Rank: 13402	44 KB
8	clarity.ms 1 redirects www.clarity.ms — Cisco Umbrella Rank: 1248 d.clarity.ms — Cisco Umbrella Rank: 2006 c.clarity.ms — Cisco Umbrella Rank: 693	25 KB
7	ad4m.at ad4m.at — Cisco Umbrella Rank: 1613 as.ad4m.at — Cisco Umbrella Rank: 1936 assets.ad4m.at — Cisco Umbrella Rank: 33179	38 KB
7	casalemedia.com 3 redirects dsum-sec.casalemedia.com — Cisco Umbrella Rank: 488	7 KB
7	google.de adservice.google.de — Cisco Umbrella Rank: 9027	2 KB
5	medialead.de 5 redirects pv.medialead.de — Cisco Umbrella Rank: 46456 medialead.de — Cisco Umbrella Rank: 45537	2 KB
5	ampproject.org cdn.ampproject.org — Cisco Umbrella Rank: 346	111 KB
5	adnxs.com 3 redirects ib.adnxs.com — Cisco Umbrella Rank: 210	5 KB
4	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 35	3 KB
4	googletagservices.com www.googletagservices.com — Cisco Umbrella Rank: 146	153 KB
3	yahoo.com 3 redirects ups.analytics.yahoo.com — Cisco Umbrella Rank: 269	1 KB
3	everesttech.net 3 redirects pixel.everesttech.net — Cisco Umbrella Rank: 2907 sync-tm.everesttech.net — Cisco Umbrella Rank: 491	1 KB
3	webgains.io analytics.webgains.io — Cisco Umbrella Rank: 19741 api.webgains.io — Cisco Umbrella Rank: 54493	51 KB
3	outbrainimg.com images.outbrainimg.com — Cisco Umbrella Rank: 2144 log.outbrainimg.com — Cisco Umbrella Rank: 2231	35 KB
3	cloudflareinsights.com static.cloudflareinsights.com — Cisco Umbrella Rank: 1184 cloudflareinsights.com — Cisco Umbrella Rank: 1179	5 KB
2	1rx.io 2 redirects sync.1rx.io — Cisco Umbrella Rank: 480	2 KB
2	retailads.net 1 redirects cdn.retailads.net — Cisco Umbrella Rank: 148948	6 KB
2	3lift.com 2 redirects eb2.3lift.com — Cisco Umbrella Rank: 356	943 B
2	mathtag.com 2 redirects sync.mathtag.com — Cisco Umbrella Rank: 387	2 KB
2	advertising.com 2 redirects pixel.advertising.com — Cisco Umbrella Rank: 307	941 B
2	de17a.com 2 redirects d5p.de17a.com — Cisco Umbrella Rank: 4441	722 B
2	adsrvr.org match.adsrvr.org — Cisco Umbrella Rank: 295	529 B
2	awin1.com www.awin1.com — Cisco Umbrella Rank: 14416	1 KB
2	ad-server.eu ad-server.eu — Cisco Umbrella Rank: 70137	624 B
2	webgains.com track.webgains.com — Cisco Umbrella Rank: 41085	2 KB
2	media01.eu pb.media01.eu — Cisco Umbrella Rank: 65528	809 B
2	addtoany.com static.addtoany.com — Cisco Umbrella Rank: 3662	34 KB
2	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 31	20 KB
1	unrulymedia.com 1 redirects sync.targeting.unrulymedia.com — Cisco Umbrella Rank: 821	582 B
1	rubiconproject.com 1 redirects pixel.rubiconproject.com — Cisco Umbrella Rank: 288	457 B
1	futalis.de futalis.de — Cisco Umbrella Rank: 193766	409 B
1	2mdn.net s0.2mdn.net — Cisco Umbrella Rank: 246	577 B
1	smartadserver.com ssbsync.smartadserver.com — Cisco Umbrella Rank: 1193	75 B
1	simpli.fi 1 redirects um.simpli.fi — Cisco Umbrella Rank: 691	710 B
1	seadform.net track.seadform.net — Cisco Umbrella Rank: 85995	304 B
1	bing.com 1 redirects c.bing.com — Cisco Umbrella Rank: 212	553 B
0	netmng.com Failed google2waycm.netmng.com Failed
351	46

	Domain	Requested by
42	pagead2.googlesyndication.com	securepubads.g.doubleclick.net nets4.com tpc.googlesyndication.com 7ce4d47c5fc3eeb26be33dce2b4e0b6d.safeframe.googlesyndication.com googleads.g.doubleclick.net 41930831e50f6c0a667ec604b453a08b.safeframe.googlesyndication.com 16ef2bfb7fd529af9b454a60baa82224.safeframe.googlesyndication.com 5d1e409b7e761b3a6327b2b6b243a2fb.safeframe.googlesyndication.com www.googletagservices.com
36	tpc.googlesyndication.com	securepubads.g.doubleclick.net tpc.googlesyndication.com 7ce4d47c5fc3eeb26be33dce2b4e0b6d.safeframe.googlesyndication.com googleads.g.doubleclick.net nets4.com 16ef2bfb7fd529af9b454a60baa82224.safeframe.googlesyndication.com 41930831e50f6c0a667ec604b453a08b.safeframe.googlesyndication.com 5d1e409b7e761b3a6327b2b6b243a2fb.safeframe.googlesyndication.com
29	api.purpleads.io	cdn.purpleads.io nets4.com
25	cm.g.doubleclick.net	6 redirects googleads.g.doubleclick.net 16ef2bfb7fd529af9b454a60baa82224.safeframe.googlesyndication.com 5d1e409b7e761b3a6327b2b6b243a2fb.safeframe.googlesyndication.com 41930831e50f6c0a667ec604b453a08b.safeframe.googlesyndication.com
24	securepubads.g.doubleclick.net	cdn.purpleads.io securepubads.g.doubleclick.net nets4.com
16	img.nets4.com	nets4.com
15	www.google.com	1 redirects nets4.com www.gstatic.com tpc.googlesyndication.com 7ce4d47c5fc3eeb26be33dce2b4e0b6d.safeframe.googlesyndication.com 16ef2bfb7fd529af9b454a60baa82224.safeframe.googlesyndication.com 5d1e409b7e761b3a6327b2b6b243a2fb.safeframe.googlesyndication.com
11	cdnjs.cloudflare.com	nets4.com cdnjs.cloudflare.com
11	nets4.com	nets4.com
9	track.adform.net	16ef2bfb7fd529af9b454a60baa82224.safeframe.googlesyndication.com s1.adform.net 5d1e409b7e761b3a6327b2b6b243a2fb.safeframe.googlesyndication.com
9	adservice.google.com	securepubads.g.doubleclick.net 5994599.fls.doubleclick.net
8	hal9000.redintelligence.net	7ce4d47c5fc3eeb26be33dce2b4e0b6d.safeframe.googlesyndication.com hal90002.redintelligence.net 41930831e50f6c0a667ec604b453a08b.safeframe.googlesyndication.com hal900022.redintelligence.net
7	dsum-sec.casalemedia.com	3 redirects googleads.g.doubleclick.net
7	adservice.google.de	securepubads.g.doubleclick.net
5	s1.adform.net	track.adform.net s1.adform.net 5d1e409b7e761b3a6327b2b6b243a2fb.safeframe.googlesyndication.com
5	cdn.ampproject.org	securepubads.g.doubleclick.net
5	ib.adnxs.com	3 redirects googleads.g.doubleclick.net
5	googleads.g.doubleclick.net	7ce4d47c5fc3eeb26be33dce2b4e0b6d.safeframe.googlesyndication.com nets4.com 41930831e50f6c0a667ec604b453a08b.safeframe.googlesyndication.com
5	www.gstatic.com	www.google.com
5	d.clarity.ms	www.clarity.ms d.clarity.ms
4	ad4m.at	s1.adform.net ad4m.at
4	5994599.fls.doubleclick.net	2 redirects nets4.com
4	pv.medialead.de	4 redirects
4	fonts.gstatic.com	fonts.googleapis.com
4	hal90002.redintelligence.net	1 redirects 7ce4d47c5fc3eeb26be33dce2b4e0b6d.safeframe.googlesyndication.com hal90002.redintelligence.net
4	fonts.googleapis.com	securepubads.g.doubleclick.net cdn.purpleads.io hal90002.redintelligence.net hal900022.redintelligence.net
4	www.googletagservices.com	7ce4d47c5fc3eeb26be33dce2b4e0b6d.safeframe.googlesyndication.com 16ef2bfb7fd529af9b454a60baa82224.safeframe.googlesyndication.com 41930831e50f6c0a667ec604b453a08b.safeframe.googlesyndication.com 5d1e409b7e761b3a6327b2b6b243a2fb.safeframe.googlesyndication.com
3	hal900022.redintelligence.net	hal9000.redintelligence.net hal900022.redintelligence.net
3	ups.analytics.yahoo.com	3 redirects
3	c.tile.openstreetmap.org
3	a.tile.openstreetmap.org
3	s0.nets4.com	nets4.com
3	cdn.purpleads.io	nets4.com
2	sync.1rx.io	2 redirects
2	api.webgains.io	analytics.webgains.io
2	cdn.retailads.net	1 redirects futalis.de
2	eb2.3lift.com	2 redirects
2	c1.adform.net	2 redirects
2	sync-tm.everesttech.net	2 redirects
2	sync.mathtag.com	2 redirects
2	as.ad4m.at	ad4m.at as.ad4m.at
2	pixel.advertising.com	2 redirects
2	d5p.de17a.com	2 redirects
2	match.adsrvr.org	16ef2bfb7fd529af9b454a60baa82224.safeframe.googlesyndication.com 41930831e50f6c0a667ec604b453a08b.safeframe.googlesyndication.com
2	5d1e409b7e761b3a6327b2b6b243a2fb.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
2	log.outbrainimg.com	nets4.com
2	www.awin1.com	7ce4d47c5fc3eeb26be33dce2b4e0b6d.safeframe.googlesyndication.com 41930831e50f6c0a667ec604b453a08b.safeframe.googlesyndication.com
2	ad-server.eu	7ce4d47c5fc3eeb26be33dce2b4e0b6d.safeframe.googlesyndication.com 41930831e50f6c0a667ec604b453a08b.safeframe.googlesyndication.com
2	track.webgains.com	nets4.com 7ce4d47c5fc3eeb26be33dce2b4e0b6d.safeframe.googlesyndication.com
2	pb.media01.eu	hal90002.redintelligence.net hal900022.redintelligence.net
2	41930831e50f6c0a667ec604b453a08b.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
2	16ef2bfb7fd529af9b454a60baa82224.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
2	7ce4d47c5fc3eeb26be33dce2b4e0b6d.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
2	cloudflareinsights.com	static.cloudflareinsights.com
2	b.tile.openstreetmap.org
2	static.addtoany.com	nets4.com
2	c.clarity.ms	1 redirects nets4.com
2	www.google-analytics.com	nets4.com www.google-analytics.com
1	sync.targeting.unrulymedia.com	1 redirects
1	pixel.rubiconproject.com	1 redirects
1	assets.ad4m.at	as.ad4m.at
1	futalis.de	hal900022.redintelligence.net
1	s0.2mdn.net	5d1e409b7e761b3a6327b2b6b243a2fb.safeframe.googlesyndication.com
1	ssbsync.smartadserver.com	5d1e409b7e761b3a6327b2b6b243a2fb.safeframe.googlesyndication.com
1	um.simpli.fi	1 redirects
1	pixel.everesttech.net	1 redirects
1	analytics.webgains.io	track.webgains.com
1	images.outbrainimg.com	nets4.com
1	medialead.de	1 redirects
1	track.seadform.net	nets4.com
1	70b0ceb22da14a85eb434682fdac30c3.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
1	32c3efa6714cb2b02cf65da12bc75bcc.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
1	9d3db8ab1ff0389442585139645ed3bb.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
1	c.bing.com	1 redirects
1	www.clarity.ms	nets4.com
1	static.cloudflareinsights.com	nets4.com
0	google2waycm.netmng.com Failed	16ef2bfb7fd529af9b454a60baa82224.safeframe.googlesyndication.com
351	77

This site contains links to these domains. Also see Links.

Domain
blog.nets4.com
link.nets4.com
megaplay.cc
leafletjs.com
www.openstreetmap.org
www.addtoany.com

Subject Issuer	Validity	Valid
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2021-04-29` - `2022-04-28`	a year	crt.sh
img.nets4.com Cloudflare Inc RSA CA-2	`2021-08-07` - `2022-08-06`	a year	crt.sh
*.purpleads.io Amazon	`2021-12-01` - `2022-12-29`	a year	crt.sh
www.google.com GTS CA 1C3	`2022-02-17` - `2022-05-12`	3 months	crt.sh
*.google-analytics.com GTS CA 1C3	`2022-02-17` - `2022-05-12`	3 months	crt.sh
www.clarity.ms DigiCert TLS RSA SHA256 2020 CA1	`2021-06-01` - `2022-06-01`	a year	crt.sh
a.clarity.ms Microsoft RSA TLS CA 01	`2021-07-27` - `2022-07-27`	a year	crt.sh
*.tile.openstreetmap.org GlobalSign Atlas R3 DV TLS CA H2 2021	`2021-11-26` - `2022-12-28`	a year	crt.sh
*.gstatic.com GTS CA 1C3	`2022-02-17` - `2022-05-12`	3 months	crt.sh
*.google.com GTS CA 1C3	`2022-02-17` - `2022-05-12`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2022-02-17` - `2022-05-12`	3 months	crt.sh
*.google.de GTS CA 1C3	`2022-02-17` - `2022-05-12`	3 months	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2022-02-17` - `2022-05-12`	3 months	crt.sh
redintelligence.net R3	`2022-01-27` - `2022-04-27`	3 months	crt.sh
misc-sni.google.com GTS CA 1C3	`2022-02-17` - `2022-05-12`	3 months	crt.sh
upload.video.google.com GTS CA 1C3	`2022-02-17` - `2022-05-12`	3 months	crt.sh
*.seadform.net DigiCert TLS RSA SHA256 2020 CA1	`2021-10-20` - `2022-11-04`	a year	crt.sh
track.adform.net DigiCert TLS RSA SHA256 2020 CA1	`2021-09-06` - `2022-10-07`	a year	crt.sh
*.media01.eu RapidSSL TLS DV RSA Mixed SHA256 2020 CA-1	`2021-05-27` - `2022-05-27`	a year	crt.sh
*.webgains.com Sectigo RSA Domain Validation Secure Server CA	`2021-05-20` - `2022-06-20`	a year	crt.sh
*.doubleclick.net GTS CA 1C3	`2022-02-17` - `2022-05-12`	3 months	crt.sh
www.awin1.com DigiCert SHA2 Secure Server CA	`2021-06-11` - `2022-06-16`	a year	crt.sh
*.outbrainimg.com DigiCert SHA2 Secure Server CA	`2021-05-04` - `2022-05-09`	a year	crt.sh
*.webgains.io Amazon	`2022-02-10` - `2023-03-11`	a year	crt.sh
*.adsrvr.org GlobalSign GCC R3 DV TLS CA 2020	`2021-03-18` - `2022-04-19`	a year	crt.sh
*.smartadserver.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-01-25` - `2023-01-25`	a year	crt.sh
*.futalis.de R3	`2022-02-21` - `2022-05-22`	3 months	crt.sh
cdn.retailads.net Encryption Everywhere DV TLS CA - G1	`2021-07-17` - `2022-07-17`	a year	crt.sh

This page contains 54 frames:

Primary Page: https://nets4.com/domain/megaplay.cc
Frame ID: 556A200E7C3F21B28AD64F1498824CA3
Requests: 81 HTTP requests in this frame

Frame: https://static.addtoany.com/menu/sm.22.html
Frame ID: 540E6CA265B5224D33ACCAD861E312E5
Requests: 1 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LdBUMUZAAAAAK9sWAfAA-Kd5C0Y4AGlWbDlHXpD&co=aHR0cHM6Ly9uZXRzNC5jb206NDQz&hl=de&v=PdoyIVkd8v16xl_NMp3H0N1Y&size=normal&cb=lkt4hkxsxxqp
Frame ID: 77A56EDAC4BEF1238292C1B71F0C2989
Requests: 4 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/bframe?hl=de&v=PdoyIVkd8v16xl_NMp3H0N1Y&k=6LdBUMUZAAAAAK9sWAfAA-Kd5C0Y4AGlWbDlHXpD
Frame ID: D0A1DFD5B4300707F6F7198FFD6A4D6B
Requests: 3 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/tag/js/gpt.js
Frame ID: 6DD3E5846ED4A2318E3859B6C33CD9CA
Requests: 9 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/tag/js/gpt.js
Frame ID: BA499A7E7D043C1DCFE32E0CF820D2A6
Requests: 7 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/tag/js/gpt.js
Frame ID: 473D3BF2DD6086B9D95654D3C9DCC36B
Requests: 8 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/tag/js/gpt.js
Frame ID: 33212117B7C55C7D07A0CF8EED7BCE36
Requests: 8 HTTP requests in this frame

Frame: https://9d3db8ab1ff0389442585139645ed3bb.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1
Frame ID: 856F3CF249E03CC7E988CC2C03A6B7D3
Requests: 1 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/tag/js/gpt.js
Frame ID: 821B01D36B42DF53EC7AD0018051D419
Requests: 8 HTTP requests in this frame

Frame: https://32c3efa6714cb2b02cf65da12bc75bcc.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1
Frame ID: 43025E7AD9887DE0312A4674A29162B9
Requests: 1 HTTP requests in this frame

Frame: https://70b0ceb22da14a85eb434682fdac30c3.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1
Frame ID: D8557944D1192B1AFDB39B52F59D614F
Requests: 1 HTTP requests in this frame

Frame: https://7ce4d47c5fc3eeb26be33dce2b4e0b6d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1
Frame ID: 2F9B04DDFE93882229272BC100DCB6BB
Requests: 1 HTTP requests in this frame

Frame: https://16ef2bfb7fd529af9b454a60baa82224.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1
Frame ID: 6F76A18CB2E96E3E05846AFEC4E4F54E
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: EFC1303084B1100F548530E5A19C3D39
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 04A5E1E71512948C15D587A7E8090E4A
Requests: 2 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 8F954A46C2D6C2561230EE4EC3C44CC1
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 464E2C5B09EFF0466E5C2B87D06DDF4B
Requests: 2 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: A8AA6888FA0EB43BB315B91C030B92BD
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: BE9851DD10F6A695FECF031FC000F759
Requests: 2 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 32BC362EE0D6BD69EDEF4D16F61C3337
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 95E0C76D0BF4A9568E0AB289AADCA8EF
Requests: 2 HTTP requests in this frame

Frame: https://7ce4d47c5fc3eeb26be33dce2b4e0b6d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1
Frame ID: CE6BC052F4113574FAFF2DB6471F55EA
Requests: 18 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhCn9EsY6s3FlQEwAQ&v=APEucNUtk-MLkIkSFXSTNLnbRGbhy-TVAhBIXCSjM-oTWWT7vOSLFy_6atGwQUozCYXIrnNrVPkFQ_Lpw_UGjK7Hiz60oq1KLC1HqrLsftR3qjv_yLwfsfpoGtTo4Mh5P0yaVHCt_MbdmkxnfjsV4xZN7fbzAS5kiYa_Fm6tGZyznpmgUKfxwVU
Frame ID: 7C7CB687BA1A52E7CCAF3FA15F3E562C
Requests: 5 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: AD6A7239D9C22E78AB4A33024572B4CF
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: D1881E76C1669471FCBA75C6142648C4
Requests: 2 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: DEB1CBB8375B86F3FD9B398BBDC9C8A8
Requests: 3 HTTP requests in this frame

Frame: https://cdn.ampproject.org/rtv/012202072236000/amp4ads-v0.mjs
Frame ID: 161B5DEF019009ABE60D4DDC5C92E859
Requests: 14 HTTP requests in this frame

Frame: https://16ef2bfb7fd529af9b454a60baa82224.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1
Frame ID: 2324DD03AF2FC12DA123A656005AAFFC
Requests: 16 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/tag/js/gpt.js
Frame ID: 9F95288726192A1166D282C44538544D
Requests: 8 HTTP requests in this frame

Frame: https://41930831e50f6c0a667ec604b453a08b.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1
Frame ID: 126DBEFB4966D3E30BC69D83D1C7D859
Requests: 1 HTTP requests in this frame

Frame: https://fonts.googleapis.com/css?family=Lato&display=swap
Frame ID: 95F25A01F63F58B5BBD339D838BA455A
Requests: 11 HTTP requests in this frame

Frame: https://pb.media01.eu/view.aspx?trackid=529D4F146E3238B0FD87AE72E1190AD4&dt_subid1=52180&dt_subid2=84224500007001300710618011886002&actionid=981741&produktid=&dt_url=
Frame ID: 014E5CD9AD4AADBA20456D1A25703226
Requests: 1 HTTP requests in this frame

Frame: https://5994599.fls.doubleclick.net/activityi;dc_pre=CLbr-eGSpvYCFeXuuwgdO7oMpA;src=5994599;type=invmedia;cat=wieh99wc;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=9636254871140.271
Frame ID: 89DBCC95CB9413BE75FD131CDB97B04C
Requests: 2 HTTP requests in this frame

Frame: https://hal90002.redintelligence.net/request_content.php?s=84224500007001300710618011886002&a=dff5b77f
Frame ID: C9A09614D135430336F70D49B772DC92
Requests: 8 HTTP requests in this frame

Frame: https://images.outbrainimg.com/transform/v3/eyJpdSI6IjgyZWZjMDkzMjM0YWU0ZWY2YmVlOTI4YWU1ZDI3OTQ1ZmIxMWU5ZTBkMzQ2NWZlZDIxOWUyOWRkZWJjMmU4NDMiLCJ3Ijo2NDAsImgiOjQ4MCwiZCI6MS4wLCJjcyI6MCwiZiI6NH0.webp
Frame ID: CD93B128303EE963B5E67E9165133453
Requests: 4 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 0A1062E353AB3E5DE39F788BADA005CE
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 9BB54E11C89101535A541151CBFDC227
Requests: 2 HTTP requests in this frame

Frame: https://5d1e409b7e761b3a6327b2b6b243a2fb.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1
Frame ID: 5DEFA57C2533C85E5DD91F1F0504EB9F
Requests: 1 HTTP requests in this frame

Frame: https://41930831e50f6c0a667ec604b453a08b.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1
Frame ID: DE75B66F39E16EDCA4A953DA2EDC2CA1
Requests: 13 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhCn9EsYvNLFlQEwAQ&v=APEucNU4gKzUdjKEo3zjzPCRtOaAWDyl97oPlroppmN9PGpbk6TlqFB4xcF1QkRyurXL9WPg5O-vSFgxpyi-mMDnSFa5le0dT1uQReSuefcoz8EEsX4e2AxGy3CapKga4AQ-LHjY4MjcQVqW_zjeLJBA3dhRgQaa6dRn4ufV6z5LqpIT86Mawmo
Frame ID: 738C54B1995A8412A05F82319D51B264
Requests: 5 HTTP requests in this frame

Frame: https://5d1e409b7e761b3a6327b2b6b243a2fb.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1
Frame ID: 4DE6A8DA3B73B584B58534012DF137F0
Requests: 17 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: B2747E7F2698A453BC5CDDDFAF539DCC
Requests: 8 HTTP requests in this frame

Frame: https://ad4m.at/frame.html
Frame ID: C1F8CDC1742E2C9CD377673F1AA6BD77
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 02733312D675F234923277508D609B5C
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 4B19CA66E38F9FF23CD6EAD7A31A6B22
Requests: 2 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 0D69E9CF3DFC1A61ED001382EDB680B4
Requests: 3 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 07DEE296B71F10CB5B5D8A3C83BFE867
Requests: 9 HTTP requests in this frame

Frame: https://as.ad4m.at/ad/rar?a=164568&b=VxqtwfMRKqfrAVpHVHetrHRtpbYFkTzTpMsQ&f=m39hefx6V2FDBkRcmH8tjHQC2j8SDTwTbpFA&c=468&d=60&e=n8B_4eoSzolwyRQrtLGsMV4EVfYeRD8i&g=7c80c34d9bc83cc15cf19ebcda88e7c3%2F16181067057231556120&i=27903&j=22&k=0&l=0&m=0&n=&p=&q=&o=adfPros&r=1646180103123&h=https%3A%2F%2Fadclick.g.doubleclick.net%2Faclk%3Fsa%3DL%26ai%3DCSsZ3BbceYpnfJoz23wO87K6IC_PYq5NcybzUs6IHwI23ARABIABglYKAgLAHggEXY2EtcHViLTU0MTMzMjk1NDQwNDA5NDfIAQmpArEOR4vCqbI-4AIAqAMBqgTKAk_QLqh_HUZ1j_DwLFBKOY_uOWKwPUUK_sExgJPkBoEUgHCRETw1xVo_u9uCB66euzB3g5mHxzFm2YyIs6o3HjtBlQGRuJnLTIYZSaVeBveBzvX6W7tPI4O_1I_OldSwqKTC-uthC9STxz1n77PmO0IQ3rwi0E-H_VXP6nSy1tZ5BnegOdu-fV438HukSJVkHsovUaTfnziQAR-tCtcZs8MROuFludgZ9CNoSu55sNaTTNRbjUpsHCJZ1r6yz8-FpY5ixNmlr04SMM1GOfsEctAspkNtjWz-h7mqE0AdQljl8jBay_y4UJbwy6Oc7pf2XFP1iSDz9yeiUTdshZpXHGqpPHBmGnZV9PrtqK_IyyUQXfqsdLBOr2kVqC5XCF-Gc0kvlui6utj9gEJosa_WhmRekG84BfWaEqPPQgVbFZcHKjBaW22P0P3E9eAEAYAG-NuLrdKw4bOZAaAGIagHpr4bqAeW2BuoB6qbsQKoB9-fsQLYBwDSCAcIgOGAEBAB-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_0pIlc87fXsGxqOuxoufCwnp3NNLQ%26client%3Dca-pub-5413329544040947%26adurl%3Dhttps%3A%2F%2Ftrack.adform.net%2FC%2F%3Fbn%3D38516441%3Bcrtbwp%3DYh63BQAJr5kKd_sMAAu2PPS5UDvVctmOrqzshA%3Bcrtbdata%3DjMNqeDmYZHhNpueflJD4Fqi1RJ7kEJGV8Dab6dzqVdnyEOHvwTTfCw6lzVbaIVSCz2H8BUGO2GN7YivtyqnHvJ4njTShSpQRJpSNbM-lEoX8L4auf8hiaSI6TCT45abKviLQ1T7f49UsVVTyv_CHqQFv_3CBxlGP6bZH-F4ocYPTU60VogpPVcnSB96SqMD18VBsQGyzA2TJVWRWroDVuC0tIH0ewKtslbLBcIpUZ7FULoOKEbZeX4V0LcYr737tK8G-vBFKtmOivyDzGMbpcGiVjUO9Hc_IeiDNb4WVFnSnaL3DEImJQQ_4t0VNroP79JWraxIEfh3XR7n2NFFky-l_OwOneNqMkydbcz0HpcA1%3Badfibeg%3D0%3Bcdata%3DSUPQiXb9jVWCnyoDaqEmOqN36vXFMkj9gk7w-HBrbA2C61UiWIhEiJu--XfSPHkswmc-8Rq07SfB81ifIhuSCY3scUm5kCP3a7iCPj1oc7qgXUBK3i7RPhl-DCJBfit9VJwbV8YU6RbHoFEk39kKgMN4iOtIBxgX0%3B%3BCREFURL%3Dhttps%253a%252f%252fnets4.com%3BC%3D1%3Bcpdir%3D&y=1&z=0
Frame ID: 36021742AEF063126BE8103322769137
Requests: 3 HTTP requests in this frame

Frame: https://pb.media01.eu/view.aspx?trackid=529D4F146E3238B0FD87AE72E1190AD4&dt_subid1=52180&dt_subid2=31069800007113400710612011886022&actionid=981741&produktid=&dt_url=
Frame ID: C3CAE52F11AAF3D7930FA4BE5F66A655
Requests: 1 HTTP requests in this frame

Frame: https://futalis.de/htlp?utm_medium=affiliate&utm_source=retailads&utm_campaign=150337&ra_id=1244095258
Frame ID: 0441452DC1E0782C3377B2C2E999F1B1
Requests: 2 HTTP requests in this frame

Frame: https://5994599.fls.doubleclick.net/activityi;dc_pre=CLrnqOKSpvYCFWuC_QcdyaIErQ;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=2025144497817.7878
Frame ID: 59F1FD7D8FDB9F22E41E4ABFD11E70E8
Requests: 2 HTTP requests in this frame

Frame: https://hal900022.redintelligence.net/request_content.php?s=31069800007113400710612011886022&a=07f82495
Frame ID: D1406D5D6BF837FE4DF2F476898CED4B
Requests: 6 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 60D2EDF0A966439DFB087A772956A76C
Requests: 9 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Megaplay domain statistics - Megaplay.cc

Detected technologies

Leaflet (Maps) Expand

Overall confidence: 100%
Detected patterns

leaflet.{0,32}\.js

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

AppNexus (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.(?:net|com)

Cloudflare Browser Insights (Analytics) Expand

Overall confidence: 100%
Detected patterns

static\.cloudflareinsights\.com/beacon(?:\.min)?\.js

DoubleClick Ad Exchange (AdX) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

tpc\.googlesyndication\.com/safeframe

DoubleClick Campaign Manager (DCM) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

2mdn\.net

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/
2mdn\.net

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Popper (Miscellaneous) Expand

Overall confidence: 100%
Detected patterns

<script [^>]*src="[^"]*/popper\.js/([0-9.]+)
/popper\.js/([0-9.]+)

Webgains (Affiliate programs) Expand

Overall confidence: 100%
Detected patterns

analytics\.webgains\.io

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

/([\d.]+)/jquery(?:\.min)?\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

reCAPTCHA (Captchas) Expand

Overall confidence: 100%
Detected patterns

/recaptcha/api\.js

Page Statistics

351
Requests

91 %
HTTPS

40 %
IPv6

46
Domains

77
Subdomains

52
IPs

7
Countries

3859 kB
Transfer

9180 kB
Size

43
Cookies

15 Outgoing links

These are links going to different origins than the main page.

URL: https://blog.nets4.com/
Title: Blog

Search URL Search Domain Scan URL

URL: https://link.nets4.com/digitalocean

Search URL Search Domain Scan URL

URL: https://link.nets4.com/google
Title: Signin to Nets4.com

Search URL Search Domain Scan URL

URL: http://megaplay.cc/?utm_source=nets4.com&utm_medium=referral&utm_campaign=domain_page
Title: megaplay.cc

Search URL Search Domain Scan URL

URL: https://leafletjs.com/
Title: Leaflet

Search URL Search Domain Scan URL

URL: https://www.openstreetmap.org/copyright
Title: OpenStreetMap

Search URL Search Domain Scan URL

URL: https://blog.nets4.com/p/privacy-policy.html
Title: Privacy

Search URL Search Domain Scan URL

URL: https://blog.nets4.com/p/about.html
Title: About Us

Search URL Search Domain Scan URL

URL: https://link.nets4.com/facebook

Search URL Search Domain Scan URL

URL: https://link.nets4.com/twitter

Search URL Search Domain Scan URL

URL: https://link.nets4.com/youtube

Search URL Search Domain Scan URL

URL: https://link.nets4.com/instagram

Search URL Search Domain Scan URL

URL: https://link.nets4.com/quora

Search URL Search Domain Scan URL

URL: https://link.nets4.com/pinterest

Search URL Search Domain Scan URL

URL: https://www.addtoany.com/
Title: AddToAny

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 44

https://c.clarity.ms/c.gif HTTP 302
https://c.bing.com/c.gif?CtsSyncId=68A4FED5C4B341179036209CD676B289&RedC=c.clarity.ms&MXFR=272DA5B1647764C12477B4EA60776A44 HTTP 302
https://c.clarity.ms/c.gif?CtsSyncId=68A4FED5C4B341179036209CD676B289&MUID=0551108247766BC6377D01D946DA6A88

Request Chain 161

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEH_Ro_0w04SZQQxGRUdTEZI&google_cver=1

Request Chain 162

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=Yh63BZGECoamCwQZMGVtTAAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEH_Ro_0w04SZQQxGRUdTEZI&google_cver=1

Request Chain 163

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESEPPGl5yIpfV_r8n40FPhpHE&google_cver=1

Request Chain 164

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 307
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NDgzMjg0NDE4NDcwMzI2NTU3OA%3D%3D

Request Chain 191

https://hal90002.redintelligence.net/request.php?zone=z9erfcgupzvd&nw=20&renderingType=javascript&namespace=3dbff98acd&subid=&uid=7c791723d5846289&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=160x600&scrollPos=0x0&extData[]=&envData=&gdpr=-1&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCTA4uBbceYvXMHrKprATs2auADLXN-YNX3Ny5q-UM8C4QASC52_MmYJWCgICwB8gBCakCeVt4gCqosj6oAwGqBNkBT9C5L3Apc_1nqYOwYNqEUmjzJcNMTpmyHyuByYCe5ZU-L6NaybZpVBGi-JFpffwEbj-6bZEKfhcqvQQmTTJ3znybEPvQ6I0MX8vQTj42qxkkbNEvikX8IPEV2-MnN7zLOzzlxmAeyztfCtposcF1HNnTXFxuQGnRekhtyf1bddAf5MwiTT6RJsFXYJd_Icb7moabQhsj0rBjmjXb3s8zWDcs4xvhPbPZjGX-C2RgOuFBnWZlxe1mwphobJ1sjE-ZHussXJkAbOicTK-y9zAbRvwYxpNXzT7OkcAEqp38vs8B4AQDkAYBoAZNgAfr5-heqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhuoB_PRG6gHltgbqAeqm7ECqAffn7EC2AcA0ggJCIjhgBAQARgd8ggbYWR4LXN1YnN5bi00ODIzOTY5OTg1MDgyMTM2gAoDmAsByAsBgAwBsBPcmesN0BMA2BMD2BQB0BUB-BYBgBcB%26ae%3D1%26num%3D1%26cid%3DCAASFeRon192knxB6B5pGgb-aR9s_Ff3qw%26sig%3DAOD64_0cxdIlTArhSpr42xBeU_ofe6cyMw%26client%3Dca-pub-4903453974745530%26dbm_c%3DAKAmf-BsfztWRcTF90X3W4L7UT2IqrrDetlqwqZKAygGUwUNdJeYlIkRdYEq99M7FLIx3NL4AVScNtXigGzoTmoGL93FI4hP1tgsxi5Enyd3xtlx8V0bJVFWevjoSnwGI76PldP9_e0PNwLBEuvBK5rkYM0fIc3o2Q%26cry%3D1%26dbm_d%3DAKAmf-Cjp65UXSCEGBOqRH33MfhL2elzOrcDGuTKFYHF7vvwnxzLdFV816jBoH-wpMpSy34q0_-dn7znk3XpvWf8DWSkXMSUaTw7-iG4GBCV4uZopO6Os6DA_MwmtKAt9KV3YC4gLZaBJUztVew61-InDMHSO81E0IKLd7ETJF4vKSi-DtJjK0VpsLewdI9gpjxon9rDs0eTenMdxsEWoq2GszhdDBocppWzHdP4tHor1JrEC0sc3wMQyhbqf7T19649kQ4zjq5n_D3MIiCQQZTFUOJ0yC4_L72Q3mqqQKYMRV3qJLBHfjO5nvyesRVJq4O8DR3Gtu0sIYEPHfjXpV0gplbr1MH21wby1Q-gOoSMhjOPd_c_7yrgIYKwf_Ym3szjjmEs5Poc7D_fDqCL34EuaiJGjbPBgWrZFLPatZlLksycpTUtZPJp13ysi6jd3RVtxEXPRkqlXhL8-bBw_ugvXwwl6ByxwQ%26adurl%3D&documentReferer=https%3A%2F%2Fnets4.com%2F&ancestorOrigins=https%3A%2F%2Fnets4.com%2Chttps%3A%2F%2Fnets4.com&random=3833985871716&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0 HTTP 302
https://hal90002.redintelligence.net/request.php?zone=z9erfcgupzvd&nw=20&renderingType=javascript&namespace=3dbff98acd&subid=&uid=7c791723d5846289&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=160x600&scrollPos=0x0&extData[]=&envData=&gdpr=-1&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCTA4uBbceYvXMHrKprATs2auADLXN-YNX3Ny5q-UM8C4QASC52_MmYJWCgICwB8gBCakCeVt4gCqosj6oAwGqBNkBT9C5L3Apc_1nqYOwYNqEUmjzJcNMTpmyHyuByYCe5ZU-L6NaybZpVBGi-JFpffwEbj-6bZEKfhcqvQQmTTJ3znybEPvQ6I0MX8vQTj42qxkkbNEvikX8IPEV2-MnN7zLOzzlxmAeyztfCtposcF1HNnTXFxuQGnRekhtyf1bddAf5MwiTT6RJsFXYJd_Icb7moabQhsj0rBjmjXb3s8zWDcs4xvhPbPZjGX-C2RgOuFBnWZlxe1mwphobJ1sjE-ZHussXJkAbOicTK-y9zAbRvwYxpNXzT7OkcAEqp38vs8B4AQDkAYBoAZNgAfr5-heqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhuoB_PRG6gHltgbqAeqm7ECqAffn7EC2AcA0ggJCIjhgBAQARgd8ggbYWR4LXN1YnN5bi00ODIzOTY5OTg1MDgyMTM2gAoDmAsByAsBgAwBsBPcmesN0BMA2BMD2BQB0BUB-BYBgBcB%26ae%3D1%26num%3D1%26cid%3DCAASFeRon192knxB6B5pGgb-aR9s_Ff3qw%26sig%3DAOD64_0cxdIlTArhSpr42xBeU_ofe6cyMw%26client%3Dca-pub-4903453974745530%26dbm_c%3DAKAmf-BsfztWRcTF90X3W4L7UT2IqrrDetlqwqZKAygGUwUNdJeYlIkRdYEq99M7FLIx3NL4AVScNtXigGzoTmoGL93FI4hP1tgsxi5Enyd3xtlx8V0bJVFWevjoSnwGI76PldP9_e0PNwLBEuvBK5rkYM0fIc3o2Q%26cry%3D1%26dbm_d%3DAKAmf-Cjp65UXSCEGBOqRH33MfhL2elzOrcDGuTKFYHF7vvwnxzLdFV816jBoH-wpMpSy34q0_-dn7znk3XpvWf8DWSkXMSUaTw7-iG4GBCV4uZopO6Os6DA_MwmtKAt9KV3YC4gLZaBJUztVew61-InDMHSO81E0IKLd7ETJF4vKSi-DtJjK0VpsLewdI9gpjxon9rDs0eTenMdxsEWoq2GszhdDBocppWzHdP4tHor1JrEC0sc3wMQyhbqf7T19649kQ4zjq5n_D3MIiCQQZTFUOJ0yC4_L72Q3mqqQKYMRV3qJLBHfjO5nvyesRVJq4O8DR3Gtu0sIYEPHfjXpV0gplbr1MH21wby1Q-gOoSMhjOPd_c_7yrgIYKwf_Ym3szjjmEs5Poc7D_fDqCL34EuaiJGjbPBgWrZFLPatZlLksycpTUtZPJp13ysi6jd3RVtxEXPRkqlXhL8-bBw_ugvXwwl6ByxwQ%26adurl%3D&documentReferer=https%3A%2F%2Fnets4.com%2F&ancestorOrigins=https%3A%2F%2Fnets4.com%2Chttps%3A%2F%2Fnets4.com&random=3833985871716&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0&uidRedirect=1

Request Chain 194

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Request Chain 212

https://pv.medialead.de/trck/epv/e99aace94e6e5873881d3400993e1e7e?subid=84224500007001300710618011886002&t=htlp HTTP 302
https://pb.media01.eu/view.aspx?trackid=529D4F146E3238B0FD87AE72E1190AD4&dt_subid1=52180&dt_subid2=84224500007001300710618011886002&actionid=981741&produktid=&dt_url=

Request Chain 214

https://5994599.fls.doubleclick.net/activityi;src=5994599;type=invmedia;cat=wieh99wc;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=9636254871140.271 HTTP 302
https://5994599.fls.doubleclick.net/activityi;dc_pre=CLbr-eGSpvYCFeXuuwgdO7oMpA;src=5994599;type=invmedia;cat=wieh99wc;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=9636254871140.271

Request Chain 216

https://medialead.de/trck/eview/e99aace94e6e5873881d3400993e1e7e?subid=84224500007001300710618011886002 HTTP 302
https://pv.medialead.de/trck/eview/e99aace94e6e5873881d3400993e1e7e?subid=84224500007001300710618011886002 HTTP 302
https://ad-server.eu/wm/pb/native.png

Request Chain 271

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEOfp2Talr_hYa-xkwIV5Q5E&google_cver=1

Request Chain 272

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=Yh63BZGECoamCwQZMGVtTAAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEOfp2Talr_hYa-xkwIV5Q5E&google_cver=1

Request Chain 273

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESEM3rqXKyYCp8LKWaHgTWUaw&google_cver=1

Request Chain 274

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NDgzMjg0NDE4NDcwMzI2NTU3OA%3D%3D

Request Chain 286

https://pixel.everesttech.net/1/m?url=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Deverest%26google_hm%3D__EFGSURFER_USB64__%26google_push%3DAYg5qPKNay1gJwTFDBVv2RMiit9vGihStW1D48la7Ji7iljk2_waMaUaalcya2X8gwQDp2iwlvMHA65V-DuHrz9M1M5v9v0dimSK&google_gid=CAESEM8D1SUpN0sxC_MZlPIwpGE&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=everest&google_hm=WWg2M0J3QUFBR3hxVUR5bA&google_push=AYg5qPKNay1gJwTFDBVv2RMiit9vGihStW1D48la7Ji7iljk2_waMaUaalcya2X8gwQDp2iwlvMHA65V-DuHrz9M1M5v9v0dimSK

Request Chain 288

https://d5p.de17a.com/cookies/google?google_gid=CAESEE9B-9qOdHKv_L4lxqyTYoI&google_cver=1&google_push=AYg5qPIXClLgPRLAL6uQOWoY7PnopoIP9HQU9QSDxTzVSiiJM44C8hfRBA0bzXOtyQp6nq3fTBl_2AVVrp3wofbSyXafdRK1Z-JV HTTP 302
https://d5p.de17a.com/cookies/google;c?google_gid=CAESEE9B-9qOdHKv_L4lxqyTYoI&google_cver=1&google_push=AYg5qPIXClLgPRLAL6uQOWoY7PnopoIP9HQU9QSDxTzVSiiJM44C8hfRBA0bzXOtyQp6nq3fTBl_2AVVrp3wofbSyXafdRK1Z-JV HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=delta_projects_ab&google_ula=668382&google_push=AYg5qPIXClLgPRLAL6uQOWoY7PnopoIP9HQU9QSDxTzVSiiJM44C8hfRBA0bzXOtyQp6nq3fTBl_2AVVrp3wofbSyXafdRK1Z-JV

Request Chain 289

https://onetag-sys.com/sync/i,19/?google_gid=CAESEGKSSvrgcZ-Ag_73g0jwtgk&google_cver=1&google_push=AYg5qPKeTMXyvqTskVtXU7-doGpV2n-5CYpCDHp1LeY0t8t9ZxiJib7bcNHS8wK78aHZrf3YXpeWJxTDtcCESfgr6QVPxp3Hv6FJ HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_push=AYg5qPKeTMXyvqTskVtXU7-doGpV2n-5CYpCDHp1LeY0t8t9ZxiJib7bcNHS8wK78aHZrf3YXpeWJxTDtcCESfgr6QVPxp3Hv6FJ HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_push=AYg5qPKeTMXyvqTskVtXU7-doGpV2n-5CYpCDHp1LeY0t8t9ZxiJib7bcNHS8wK78aHZrf3YXpeWJxTDtcCESfgr6QVPxp3Hv6FJ HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_push=AYg5qPKeTMXyvqTskVtXU7-doGpV2n-5CYpCDHp1LeY0t8t9ZxiJib7bcNHS8wK78aHZrf3YXpeWJxTDtcCESfgr6QVPxp3Hv6FJ HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_push=AYg5qPKeTMXyvqTskVtXU7-doGpV2n-5CYpCDHp1LeY0t8t9ZxiJib7bcNHS8wK78aHZrf3YXpeWJxTDtcCESfgr6QVPxp3Hv6FJ HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_push=AYg5qPKeTMXyvqTskVtXU7-doGpV2n-5CYpCDHp1LeY0t8t9ZxiJib7bcNHS8wK78aHZrf3YXpeWJxTDtcCESfgr6QVPxp3Hv6FJ HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_push=AYg5qPKeTMXyvqTskVtXU7-doGpV2n-5CYpCDHp1LeY0t8t9ZxiJib7bcNHS8wK78aHZrf3YXpeWJxTDtcCESfgr6QVPxp3Hv6FJ HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_push=AYg5qPKeTMXyvqTskVtXU7-doGpV2n-5CYpCDHp1LeY0t8t9ZxiJib7bcNHS8wK78aHZrf3YXpeWJxTDtcCESfgr6QVPxp3Hv6FJ HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_push=AYg5qPKeTMXyvqTskVtXU7-doGpV2n-5CYpCDHp1LeY0t8t9ZxiJib7bcNHS8wK78aHZrf3YXpeWJxTDtcCESfgr6QVPxp3Hv6FJ HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_push=AYg5qPKeTMXyvqTskVtXU7-doGpV2n-5CYpCDHp1LeY0t8t9ZxiJib7bcNHS8wK78aHZrf3YXpeWJxTDtcCESfgr6QVPxp3Hv6FJ HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_push=AYg5qPKeTMXyvqTskVtXU7-doGpV2n-5CYpCDHp1LeY0t8t9ZxiJib7bcNHS8wK78aHZrf3YXpeWJxTDtcCESfgr6QVPxp3Hv6FJ HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_push=AYg5qPKeTMXyvqTskVtXU7-doGpV2n-5CYpCDHp1LeY0t8t9ZxiJib7bcNHS8wK78aHZrf3YXpeWJxTDtcCESfgr6QVPxp3Hv6FJ HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_push=AYg5qPKeTMXyvqTskVtXU7-doGpV2n-5CYpCDHp1LeY0t8t9ZxiJib7bcNHS8wK78aHZrf3YXpeWJxTDtcCESfgr6QVPxp3Hv6FJ HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_push=AYg5qPKeTMXyvqTskVtXU7-doGpV2n-5CYpCDHp1LeY0t8t9ZxiJib7bcNHS8wK78aHZrf3YXpeWJxTDtcCESfgr6QVPxp3Hv6FJ HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_push=AYg5qPKeTMXyvqTskVtXU7-doGpV2n-5CYpCDHp1LeY0t8t9ZxiJib7bcNHS8wK78aHZrf3YXpeWJxTDtcCESfgr6QVPxp3Hv6FJ HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_push=AYg5qPKeTMXyvqTskVtXU7-doGpV2n-5CYpCDHp1LeY0t8t9ZxiJib7bcNHS8wK78aHZrf3YXpeWJxTDtcCESfgr6QVPxp3Hv6FJ HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_push=AYg5qPKeTMXyvqTskVtXU7-doGpV2n-5CYpCDHp1LeY0t8t9ZxiJib7bcNHS8wK78aHZrf3YXpeWJxTDtcCESfgr6QVPxp3Hv6FJ HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_push=AYg5qPKeTMXyvqTskVtXU7-doGpV2n-5CYpCDHp1LeY0t8t9ZxiJib7bcNHS8wK78aHZrf3YXpeWJxTDtcCESfgr6QVPxp3Hv6FJ HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_push=AYg5qPKeTMXyvqTskVtXU7-doGpV2n-5CYpCDHp1LeY0t8t9ZxiJib7bcNHS8wK78aHZrf3YXpeWJxTDtcCESfgr6QVPxp3Hv6FJ HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_push=AYg5qPKeTMXyvqTskVtXU7-doGpV2n-5CYpCDHp1LeY0t8t9ZxiJib7bcNHS8wK78aHZrf3YXpeWJxTDtcCESfgr6QVPxp3Hv6FJ HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_push=AYg5qPKeTMXyvqTskVtXU7-doGpV2n-5CYpCDHp1LeY0t8t9ZxiJib7bcNHS8wK78aHZrf3YXpeWJxTDtcCESfgr6QVPxp3Hv6FJ

Request Chain 290

https://pixel.advertising.com/ups/58202/sync?gdpr=&gdpr_consent=&redir=true&google_gid=CAESEJCoeJBhDBSsIvWXzCsyazw&google_cver=1&google_push=AYg5qPIp_aEiXuBHwNMbypCaK1MS3nSQAT6llEssgZ-tPKZ4jRsNRkVBV7tEfmNOdmwekKWYVCt589uAqoRgZJFo7Uenf226NOFlRg HTTP 302
https://pixel.advertising.com/ups/58202/sync?gdpr=&gdpr_consent=&redir=true&google_gid=CAESEJCoeJBhDBSsIvWXzCsyazw&google_cver=1&google_push=AYg5qPIp_aEiXuBHwNMbypCaK1MS3nSQAT6llEssgZ-tPKZ4jRsNRkVBV7tEfmNOdmwekKWYVCt589uAqoRgZJFo7Uenf226NOFlRg&verify=true HTTP 302
https://ups.analytics.yahoo.com/ups/58202/sync?gdpr=&gdpr_consent=&redir=true&google_gid=CAESEJCoeJBhDBSsIvWXzCsyazw&google_cver=1&google_push=AYg5qPIp_aEiXuBHwNMbypCaK1MS3nSQAT6llEssgZ-tPKZ4jRsNRkVBV7tEfmNOdmwekKWYVCt589uAqoRgZJFo7Uenf226NOFlRg&apid=UPce4a5822-99bd-11ec-8bf3-064ce793d06a HTTP 302
https://ups.analytics.yahoo.com/ups/58202/sync?gdpr=&gdpr_consent=&redir=true&google_gid=CAESEJCoeJBhDBSsIvWXzCsyazw&google_cver=1&google_push=AYg5qPIp_aEiXuBHwNMbypCaK1MS3nSQAT6llEssgZ-tPKZ4jRsNRkVBV7tEfmNOdmwekKWYVCt589uAqoRgZJFo7Uenf226NOFlRg&apid=UPce4a5822-99bd-11ec-8bf3-064ce793d06a&verify=true HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=oath_eb&google_hm=VVBjZTRhNTgyMi05OWJkLTExZWMtOGJmMy0wNjRjZTc5M2QwNmE%3D&google_push=AYg5qPIp_aEiXuBHwNMbypCaK1MS3nSQAT6llEssgZ-tPKZ4jRsNRkVBV7tEfmNOdmwekKWYVCt589uAqoRgZJFo7Uenf226NOFlRg

Request Chain 306

https://sync.mathtag.com/sync/img?mt_exid=4&google_gid=CAESEINvAJq3L1aetPy69fRTWOE&google_cver=1&google_push=AYg5qPL03YsvZ1D5kGtBLuZZR-Cf1wjDxosNNPvNLepFIpWYayjfwt6ZmgHjzdCFomp7mJQecl008JN3Fx_czD9NnMlcOikyagE HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=mediamath&google_hm=&google_push=AYg5qPL03YsvZ1D5kGtBLuZZR-Cf1wjDxosNNPvNLepFIpWYayjfwt6ZmgHjzdCFomp7mJQecl008JN3Fx_czD9NnMlcOikyagE

Request Chain 307

https://sync-tm.everesttech.net/upi/pid/5w3jqr4k?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dg8f47s39e399f3fe%26google_hm%3D%24%7BTM_USER_ID_BASE64ENC_URLENC%7D&google_gid=CAESEJCgftM8ZglYDbp0S_3rkuk&google_cver=1&google_push=AYg5qPLEPwKVfIQcB0mT4Ck5GtcqqIpM5C4DbAV9md6fRevrO6idJMqj_4QejCAVoiYYKqjtr8nZ6Fi_tIxiRlWMNez6pC-iWg HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_hm=&google_cver=1&google_gid=CAESEJCgftM8ZglYDbp0S_3rkuk&google_push=AYg5qPLEPwKVfIQcB0mT4Ck5GtcqqIpM5C4DbAV9md6fRevrO6idJMqj_4QejCAVoiYYKqjtr8nZ6Fi_tIxiRlWMNez6pC-iWg

Request Chain 308

https://um.simpli.fi/gp_match?google_gid=CAESENVe3AyxzuwwPiZcwr5YJI0&google_cver=1&google_push=AYg5qPKQIKZeJ47-uhcPflniVr2x-3ncW2fyycCenVceztYPRXZUEY7mcNTF0ggUOaM8DlP8BJlgSYjefDqDc7cnRw5btzwU4Q HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=D136C792BEC145DE8F2DB6DCDE8CA529&google_push=AYg5qPKQIKZeJ47-uhcPflniVr2x-3ncW2fyycCenVceztYPRXZUEY7mcNTF0ggUOaM8DlP8BJlgSYjefDqDc7cnRw5btzwU4Q

Request Chain 309

https://c1.adform.net/serving/cookie/match/?party=1&google_gid=CAESED6h37YZHwtP6Svip--XP6o&google_cver=1&google_push=AYg5qPJaWqb0I8ccGCpWHw5dqLu5LT_g3-_lbgIl5Sip6U-bEzijGGaWHubFcYYWn8nQkd5-03BaC3uTbnGt52WHn7KQj8in1l8 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=NjY3MTgyNjA0NzM1MTU1NzUx&google_push=AYg5qPJaWqb0I8ccGCpWHw5dqLu5LT_g3-_lbgIl5Sip6U-bEzijGGaWHubFcYYWn8nQkd5-03BaC3uTbnGt52WHn7KQj8in1l8

Request Chain 310

https://eb2.3lift.com/ebda?sync=1&google_gid=CAESEHmCzhItMaDMGi2xPiRWNOI&google_cver=1&google_push=AYg5qPKrbr2LT9rAnLbS1gaBPex7bP00qI9vC5sqyFchm6vHgM6ZlnXDcEJ17niHn-xXj1RgU77xbJKF65RMgfiWVzBpi-Om9RU HTTP 302
https://eb2.3lift.com/sync/google/supply?ld=1&gdpr=1&cmp_cs=&us_privacy=&sync=1&google_push=AYg5qPKrbr2LT9rAnLbS1gaBPex7bP00qI9vC5sqyFchm6vHgM6ZlnXDcEJ17niHn-xXj1RgU77xbJKF65RMgfiWVzBpi-Om9RU&google_gid=CAESEHmCzhItMaDMGi2xPiRWNOI HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_hm=NDkwNTkyMDk3MjY4ODgxNzQzODg4&google_push=AYg5qPKrbr2LT9rAnLbS1gaBPex7bP00qI9vC5sqyFchm6vHgM6ZlnXDcEJ17niHn-xXj1RgU77xbJKF65RMgfiWVzBpi-Om9RU

Request Chain 314

https://pv.medialead.de/trck/epv/e99aace94e6e5873830a7df8deda4aa6?subid=31069800007113400710612011886022&t=htlp HTTP 302
https://pb.media01.eu/view.aspx?trackid=529D4F146E3238B0FD87AE72E1190AD4&dt_subid1=52180&dt_subid2=31069800007113400710612011886022&actionid=981741&produktid=&dt_url=

Request Chain 315

https://cdn.retailads.net/tb.php?t=150337V2172132532M&subid=31069800007113400710612011886022&ra_cnt_active=1&ra_cnt=1 HTTP 302
https://futalis.de/htlp?utm_medium=affiliate&utm_source=retailads&utm_campaign=150337&ra_id=1244095258

Request Chain 316

https://5994599.fls.doubleclick.net/activityi;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=2025144497817.7878 HTTP 302
https://5994599.fls.doubleclick.net/activityi;dc_pre=CLrnqOKSpvYCFWuC_QcdyaIErQ;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=2025144497817.7878

Request Chain 318

https://pv.medialead.de/trck/eview/e99aace94e6e5873830a7df8deda4aa6?subid=31069800007113400710612011886022 HTTP 302
https://ad-server.eu/wm/pb/native.png

Request Chain 338

https://sync.mathtag.com/sync/img?mt_exid=4&google_gid=CAESEINvAJq3L1aetPy69fRTWOE&google_cver=1&google_push=AYg5qPKULUBU_F5zzPSw16RWWlekPEgfEvmbEqZ8ZQPTYvJYy-Df9ZUlZHg8bJ65JE4fdl5P_PRQgrRrvCwTLz907Hx7FhmJwII HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=mediamath&google_hm=N0FiHrcHTwCex7Wuop7JAA&google_push=AYg5qPKULUBU_F5zzPSw16RWWlekPEgfEvmbEqZ8ZQPTYvJYy-Df9ZUlZHg8bJ65JE4fdl5P_PRQgrRrvCwTLz907Hx7FhmJwII

Request Chain 339

https://sync-tm.everesttech.net/upi/pid/5w3jqr4k?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dg8f47s39e399f3fe%26google_hm%3D%24%7BTM_USER_ID_BASE64ENC_URLENC%7D&google_gid=CAESEJCgftM8ZglYDbp0S_3rkuk&google_cver=1&google_push=AYg5qPLCAOGNWzOgI7MDyQ7KEgcFReIaSdMfd7_B1YbhffQixavTF-eVpEvW0qpDCqaQw1TQUfxUhQboSbNSxtLkXAqJdI5RiuYw HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_hm=WWg2M0J3QUo2Tk1QblFBeQ==&google_gid=CAESEJCgftM8ZglYDbp0S_3rkuk&google_cver=1&google_push=AYg5qPLCAOGNWzOgI7MDyQ7KEgcFReIaSdMfd7_B1YbhffQixavTF-eVpEvW0qpDCqaQw1TQUfxUhQboSbNSxtLkXAqJdI5RiuYw

Request Chain 341

https://c1.adform.net/serving/cookie/match/?party=1&google_gid=CAESED6h37YZHwtP6Svip--XP6o&google_cver=1&google_push=AYg5qPLKYOEUHV11CRUO9bA4o7AdwCUDjhr343AesK70PSxQZOA-SvBzbuVl9hHvuwbTKKDSRG1_VJZEkt9RKgUNxMRXoR82dkw3 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=NjY3MTgyNjA0NzM1MTU1NzUx&google_push=AYg5qPLKYOEUHV11CRUO9bA4o7AdwCUDjhr343AesK70PSxQZOA-SvBzbuVl9hHvuwbTKKDSRG1_VJZEkt9RKgUNxMRXoR82dkw3

Request Chain 342

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEGvBBO62PSk7IEBKwzMD_Ik&google_cver=1&google_push=AYg5qPJXHosdzWLT-s7RYhEd39zp_LnNcdMEQwxHGZHkHvIVTjLMWGR7BetDRhVZYtjwZ7NC25GPYyvCyEvT1oSm_T9f0YbMS0Qe HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TDA4VDRQQUgtNi02WVo0&google_push=AYg5qPJXHosdzWLT-s7RYhEd39zp_LnNcdMEQwxHGZHkHvIVTjLMWGR7BetDRhVZYtjwZ7NC25GPYyvCyEvT1oSm_T9f0YbMS0Qe

Request Chain 343

https://sync.1rx.io/usersync2/rmpssp?sub=google&redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dr1%26google_push%3D%5BRX_SPD%5D%26google_hm%3D%5BRX_UUID_B64_BIN%5D&google_gid=CAESEHAhjd52bqj9XmrNLnXaPh0&google_cver=1&google_push=AYg5qPKIzYldzHv46l3QDgAP-CankrfBWKuYYcpi6hg551I1xX524o-zV27xW6VmIXGB_bypHqjJGfAPXJ2WTES6q_LkdQhIfP0c HTTP 302
https://sync.1rx.io/usersync2/rmpssp?sub=google&zcc=1&google_push=AYg5qPKIzYldzHv46l3QDgAP-CankrfBWKuYYcpi6hg551I1xX524o-zV27xW6VmIXGB_bypHqjJGfAPXJ2WTES6q_LkdQhIfP0c&redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dr1%26google_push%3D%5BRX_SPD%5D%26google_hm%3D%5BRX_UUID_B64_BIN%5D&cb=1646180103705 HTTP 302
https://sync.targeting.unrulymedia.com/csync/RX-91839e45-61c5-40cc-ae8d-dde583822137-003?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dr1%26google_push%3DAYg5qPKIzYldzHv46l3QDgAP-CankrfBWKuYYcpi6hg551I1xX524o-zV27xW6VmIXGB_bypHqjJGfAPXJ2WTES6q_LkdQhIfP0c%26google_hm%3DA5GDnkVhxUDMro3d5YOCITc HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=r1&google_push=AYg5qPKIzYldzHv46l3QDgAP-CankrfBWKuYYcpi6hg551I1xX524o-zV27xW6VmIXGB_bypHqjJGfAPXJ2WTES6q_LkdQhIfP0c&google_hm=A5GDnkVhxUDMro3d5YOCITc

Request Chain 344

https://ups.analytics.yahoo.com/ups/58281/sync?redir=true&google_gid=CAESEJHsC2cbGb-iM_ugvUJzpjI&google_cver=1&google_push=AYg5qPJjM2fTSakEZ2-KLFwUolsGhrnSejx8-K0XRfns_LfHN2mWRv_PwPLb5AwnER7qVATUKM8MhfMUxUfTTaN_pEvFQkFuiybjcg HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=oath__display__app_eb_&google_hm=eS1Nd1N1UXNSRTJ1R2xzV3ZQX2RfUlZMQW96eHFmM1JpSn5B&google_push=AYg5qPJjM2fTSakEZ2-KLFwUolsGhrnSejx8-K0XRfns_LfHN2mWRv_PwPLb5AwnER7qVATUKM8MhfMUxUfTTaN_pEvFQkFuiybjcg

351 HTTP transactions
6 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request megaplay.cc Show response
nets4.com/domain/ 45 KB
13 KB 780ms
752ms Document
text/html 2a06:98c1:3121::7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://nets4.com/domain/megaplay.cc
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a06:98c1:3121::7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: fde974ca085b62100b9ed63785cccea4175989b809690969950bb0ef71eb238c

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Accept-Language: de-DE,de;q=0.9

Response headers

date: Wed, 02 Mar 2022 00:14:59 GMT
content-type: text/html; charset=UTF-8
cf-ray: 6e55ef71f8fd9052-FRA
cache-control: public, max-age=86400, proxy-revalidate
last-modified: Wed, 02 Mar 2022 00:14:59 GMT
vary: Accept-Encoding
cf-cache-status: MISS
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=b3N%2BmflwH%2FGAL5ICb3ZcEKNDJI%2FZUizlOClNUbpd2ofK15mBHyAcOljA2FB8nWNguY7LmS1AfzibSZsqHsBF3PEvyL1U%2BkkQZQE3h7W%2BMe4dwaV2%2Bjd5ph0guaA3iL%2FEOfLAmW%2FX9qU%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 awkqrI1qzYcE0gTfW6uXyLl_1bA.js Show response
nets4.com/cdn-cgi/apps/head/ 7 KB
3 KB 15ms
14ms Script
application/javascript 2a06:98c1:3121::7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://nets4.com/cdn-cgi/apps/head/awkqrI1qzYcE0gTfW6uXyLl_1bA.js
Requested by: Host: nets4.com
URL: https://nets4.com/domain/megaplay.cc
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a06:98c1:3121::7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f70751d4b3f5d5c9f208ea16e8cbcac3c6abf1bda80357da3fcd21dde4333449

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/domain/megaplay.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Wed, 02 Mar 2022 00:14:59 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 3085752
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: BY6CAZDM09BG4BCW
x-amz-id-2: ehIXWVY/ZUF5Ooi83TSBV1+KlYYK1I/8tpZOmWF/sUwesuxopnAJy2SIiernsJLpc1vgoFVbpXM=
last-modified: Fri, 10 Dec 2021 11:06:12 GMT
server: cloudflare
etag: W/"e951628ea64bbeadb19c6d855ca98c7a"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=c3j8moB1DeWgpSypuBDaHE9TnET7xlA5vhRStNYaziKjHlvw9auNnbD8iHT5XnLpe65g3NbTgakGuEzFHeM5lM08%2Bq0Ov8FBY%2FYNp9JhKjXSXc19ehBm%2F3sS9bQoJPafc88TqGNGr0Y%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
cache-control: public, max-age=31536000
x-amz-version-id: 7KspX51u1Msx7FcOmJWweyW7FbGqzJNg
cf-ray: 6e55ef76ceea9052-FRA

GET
H2 200 bootstrap.min.css
cdnjs.cloudflare.com/ajax/libs/bootstrap/4.5.3/css/ 157 KB
18 KB 32ms
15ms Stylesheet
text/css 2606:4700::6810:135e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/bootstrap/4.5.3/css/bootstrap.min.css

Requested by

Host: nets4.com
URL: https://nets4.com/domain/megaplay.cc

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:135e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f77c0d1739b618edc4a01ca3f6b2990b01a3009030af49ee8cf68e83052df194

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Wed, 02 Mar 2022 00:14:59 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 5094
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 17620
timing-allow-origin: *
last-modified: Tue, 20 Jul 2021 01:00:47 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "60f6203f-44d4"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15780000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=DmrKJiMexoxLeL9fQrgf4zrM4%2Fj2zWDBvxynL32n5MwHqLum9M4nnmOLf1lW5JtdUPbY431O497QEBhawGMMdETv%2B76EarEWJckzvg2PvdGhnb0VMT76YQ8bczcEMZbjgR14kHtlFwd46xSphYecq%2BHj"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=30672000
accept-ranges: bytes
cf-ray: 6e55ef76ec369bad-FRA
expires: Mon, 20 Feb 2023 00:14:59 GMT

GET
H2 200 all.min.css
cdnjs.cloudflare.com/ajax/libs/font-awesome/5.15.4/css/ 58 KB
11 KB 31ms
13ms Stylesheet
text/css 2606:4700::6810:135e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.15.4/css/all.min.css

Requested by

Host: nets4.com
URL: https://nets4.com/domain/megaplay.cc

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:135e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

99464ceb71bc9bbdcc72275faefe44f98eb5cbb6b5d8ee665b87b35376f1a96e

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Wed, 02 Mar 2022 00:14:59 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 86214
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 10462
timing-allow-origin: *
last-modified: Mon, 13 Sep 2021 19:10:03 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "613fa20b-28de"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15780000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GOmuIqei%2BB2AhnL4uswOAU0Xgt%2B4NeB5HpV80W%2FZjDMhh5Rthg%2Bjs%2FWwtBIO6vGf3nKQkQSGTGDbYIEv8Az3JIffo8KnT3p7wKR5EangJTclN6XraftUFWhYrEZtlf9NSR%2FO6p%2BoOQm1vCjdd6s8%2FvRB"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=30672000
accept-ranges: bytes
cf-ray: 6e55ef76ec389bad-FRA
expires: Mon, 20 Feb 2023 00:14:59 GMT

GET
H2 200 style.css
nets4.com/assets/css/ 345 B
563 B 28ms
27ms Stylesheet
text/css 2a06:98c1:3121::7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://nets4.com/assets/css/style.css
Requested by: Host: nets4.com
URL: https://nets4.com/domain/megaplay.cc
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a06:98c1:3121::7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f0f382f3320ade05dd14f969ff7dd9d894c6a6571165ab6d7fcdade2f4836dfc

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/domain/megaplay.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Wed, 02 Mar 2022 00:14:59 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 6494
cf-polished: origSize=451
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Mon, 01 Nov 2021 12:55:19 GMT
server: cloudflare
etag: W/"617fe3b7-1c3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6qKWWlmuwTeZJOY54padG1VTsOKhHbO%2Fp2kS1UBnpIVv2nsgGOBYti3ShUsE%2B5gF4ziMnwt2sSrFPibAgopYDblA7NvzpmRkS1ti0YF5ajYD2AlxMoSF0QjGwAScAe2yPVR8oxd%2FTTA%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cf-ray: 6e55ef76ceeb9052-FRA
cf-bgj: minify

GET
H3 200 invisible.js Show response
nets4.com/cdn-cgi/challenge-platform/h/g/scripts/ 46 KB
16 KB 27ms
26ms Script
text/javascript 2a06:98c1:3121::7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://nets4.com/cdn-cgi/challenge-platform/h/g/scripts/invisible.js
Requested by: Host: nets4.com
URL: https://nets4.com/domain/megaplay.cc
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a06:98c1:3121::7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2a9310b3d6d32551db700bc98a42958fa39766173e5c6d07585ac477e9d3e419

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/domain/megaplay.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Wed, 02 Mar 2022 00:14:59 GMT
content-encoding: br
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vYtz71LDB%2BTiym0J2erd52aLJWBpsvuHo23j%2Fc629m2VQPdbWeA0CoShNXMnQc6Gw77Zsmlhc5ZpI2xu%2FtHoAt%2FlT51tIIFLQog1wLTv7Ot9lYpHD0hiXN2UpzaxJoah762t%2BDGMfik%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/javascript
cache-control: max-age=604800, public
x-control-type-options: nosniff
cf-ray: 6e55ef771ba26955-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 Th69y9F.png
img.nets4.com/img/i.imgur.com/ 3 KB
4 KB 53ms
32ms Image
image/gif 2606:4700:e0::ac40:631d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://img.nets4.com/img/i.imgur.com/Th69y9F.png?w=120&h=20&f=auto

Requested by

Host: nets4.com
URL: https://nets4.com/domain/megaplay.cc

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:e0::ac40:631d , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

704f6f54ae77cd5ea0a0bf47ebb70727a9bd76a311d7e54788ad3dc79b366739

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Wed, 02 Mar 2022 00:14:59 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 1718722
cf-ray: 6e55ef772dbc9a3c-FRA
x-cache: MISS
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 3395
x-served-by: cache-sea4474-SEA
server: cloudflare
etag: W/"6df89d86deba278d112332afb4bb100b1a6165842a7fdb7f78a5a70c7c7218aa"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=eKf0LNRx%2FdmJiItQgBg34ErSZjxzOQVJKDUsOcgjD83U4Kw4cFKg86S58XEf01j8fAA1F5Fqvg2O9fd%2B4tDecWNzpCmdSfco5vSEkbo6smVfgjCTnzxsQUJ%2B%2B%2BqrgleK4UrV5J9B7%2FF6wVXY"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
access-control-allow-origin: *
vary: Accept, Accept-Encoding
cache-control: public, max-age=31536000, immutable
accept-ranges: bytes
timing-allow-origin: *
link: <https://img.nets4.com/image/Th69y9F.png>; rel="canonical"
access-control-expose-headers: *

GET
H2 200 58T3Wrl.png
img.nets4.com/img/i.imgur.com/ 1 KB
2 KB 48ms
27ms Image
image/gif 2606:4700:e0::ac40:631d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://img.nets4.com/img/i.imgur.com/58T3Wrl.png?w=20h=20&f=auto

Requested by

Host: nets4.com
URL: https://nets4.com/domain/megaplay.cc

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:e0::ac40:631d , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2255ec4c3254a41b448889224b2cc5c32f8d6f8a6165d3c58aa6523f86c0957c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Wed, 02 Mar 2022 00:14:59 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 425232
cf-ray: 6e55ef772dbd9a3c-FRA
x-cache: MISS
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 1117
x-served-by: cache-sea4474-SEA
server: cloudflare
etag: W/"86d32e1b83f7c87590ac6aad5f278dca67bb9675a7a7869ed47749c6cf91763d"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4RGFTwT01gkjCKSIGJUoM5D0Mp%2Bo3EJQ5xeA%2FL23mw%2BZbCQP9hUq%2BY6a8ypUT9%2B2taGGv3iZFzlDxlB1yDfZnv1AB0bZoRE8%2F0OgFbYf3X4G%2FwxPeYN9pciNQnUV2M12HsKbP61UGnzoQJ%2FO"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
access-control-allow-origin: *
vary: Accept, Accept-Encoding
cache-control: public, max-age=31536000, immutable
accept-ranges: bytes
timing-allow-origin: *
link: <https://img.nets4.com/image/58T3Wrl.png>; rel="canonical"
access-control-expose-headers: *

GET
H3 200 leaflet.min.css
cdnjs.cloudflare.com/ajax/libs/leaflet/1.7.1/ 10 KB
3 KB 29ms
17ms Stylesheet
text/css 2606:4700::6810:135e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/leaflet/1.7.1/leaflet.min.css

Requested by

Host: nets4.com
URL: https://nets4.com/domain/megaplay.cc

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6810:135e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

722c5b95144aaf980dafacd36b1df0a3a0cff78962e8eee8f56e40c423f00b6f

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

Referer: https://nets4.com/
Origin: https://nets4.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Wed, 02 Mar 2022 00:14:59 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 2350672
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 2153
timing-allow-origin: *
last-modified: Thu, 03 Sep 2020 12:27:33 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5f50e135-298f"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15780000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jrys7nrCBd9MEAYiN9gyy%2BXAoqhzdxjFrO80fKkLDwoUM00B21cYDDVj18h6MxSovravgDibAHGXQI1lqJdgJ6fvCVhyjqnrF0fjqqJtVMB2rpitdsUALxUSMlermWS7V7MHuPEEj%2BuyENt%2FN3uSir67"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=30672000
accept-ranges: bytes
cf-ray: 6e55ef771f928ff2-FRA
expires: Mon, 20 Feb 2023 00:14:59 GMT

GET
H2 200 Zc4iwuj.png
img.nets4.com/img/i.imgur.com/ 276 B
791 B 58ms
37ms Image
image/webp 2606:4700:e0::ac40:631d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://img.nets4.com/img/i.imgur.com/Zc4iwuj.png?w=15h=15&f=auto

Requested by

Host: nets4.com
URL: https://nets4.com/domain/megaplay.cc

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:e0::ac40:631d , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d4648625a5fae7230decf8abcad29c8ebee03c7a1b2a96a855b59afa3d79c72f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Wed, 02 Mar 2022 00:14:59 GMT
via: 1.1 varnish
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 10704111
cf-ray: 6e55ef772dc09a3c-FRA
x-cache: HIT, MISS
x-cache-hits: 0
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 276
x-served-by: cache-sea4455-SEA, cache-fra19150-FRA
st-img-id: 68f950008bd130ec-SEA
server: cloudflare
x-timer: S1635475988.075430,VS0,VE331
etag: "stlyF3QRxIsyMBMOzqO7SdrLBA:7e9cf63ea9ef81cea66567607047245c"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=AM2IdSIpgO7T5yIIKb15zrpZTDcfwCGnbZ%2BpapOg4%2Fq9lwRCTiGfwxEpvgcIXnGSEtAfM09EYSCtJ1dsfZn76hsrLM1vYGnra8kVQltpUpXDXE7pVW510mgsm%2B4glLKDWx9z%2BJoKX%2BSPyql2"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
access-control-allow-origin: *
vary: Accept, Accept-Encoding
cache-control: public, max-age=31536000, immutable
accept-ranges: bytes
timing-allow-origin: *
link: <https://i.imgur.com/Zc4iwuj.png>; rel="canonical"
access-control-expose-headers: *

GET
H3 200 email-decode.min.js Show response
nets4.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/ 1 KB
1 KB 11ms
10ms Script
application/javascript 2a06:98c1:3121::7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://nets4.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js

Requested by

Host: nets4.com
URL: https://nets4.com/domain/megaplay.cc

Protocol

Security

QUIC, , AES_128_GCM

Server

2a06:98c1:3121::7 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/domain/megaplay.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Wed, 02 Mar 2022 00:14:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 23 Feb 2022 21:08:07 GMT
server: cloudflare
etag: W/"6216a237-4d7"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
x-frame-options: DENY
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=c2e4vo4Onub%2F7lNOcF4JItxU5NbeNOPbADdogklJmhOnzLL1wWwMqa72gHeKk5CTuEJzg8L0dqn%2B9VhF7KFlHqGMQ1Nw3JgFjK5Ly0hGpaVS9z0WA8spzRV83H883JQMNB0CudY0cwM%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=172800, public
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 6e55ef770b916955-FRA
vary: Accept-Encoding
expires: Fri, 04 Mar 2022 00:14:59 GMT

GET
H3 200 rocket-loader.min.js Show response
nets4.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/ 12 KB
4 KB 15ms
15ms Script
application/javascript 2a06:98c1:3121::7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://nets4.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Requested by

Host: nets4.com
URL: https://nets4.com/domain/megaplay.cc

Protocol

Security

QUIC, , AES_128_GCM

Server

2a06:98c1:3121::7 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ccf00d1923b0131a10e0c6d26f95e5dee6ebf8621a27e83c5a2f68a2e0093142

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/domain/megaplay.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Wed, 02 Mar 2022 00:14:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 23 Feb 2022 21:08:07 GMT
server: cloudflare
etag: W/"6216a237-302c"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
x-frame-options: DENY
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WGU55rgwtNtBWQM7v7MfFW54wfS%2Fyzn5L8GTOZR8xlR%2B4ntGNB6lZs2r94xnONL%2B2%2FkWxD9hMnFqc3rM5AA%2F3Xk3EgeirWCROfnvBYThSbTbSl2eQ7NPgOrqueSUYV0dVqmlTWs7Do0%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=172800, public
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 6e55ef771ba36955-FRA
vary: Accept-Encoding
expires: Fri, 04 Mar 2022 00:14:59 GMT

GET
H2 200 W25b9ht.png
img.nets4.com/img/i.imgur.com/ 2 KB
2 KB 30ms
28ms Image
image/gif 2606:4700:e0::ac40:631d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://img.nets4.com/img/i.imgur.com/W25b9ht.png?w=40&h=40&f=auto

Requested by

Host: nets4.com
URL: https://nets4.com/domain/megaplay.cc

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:e0::ac40:631d , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

17a97981604a1fe56f8804e77655010e70cbfbbac2c66e03a303e876dfd72640

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Wed, 02 Mar 2022 00:14:59 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 134950
cf-ray: 6e55ef772dbe9a3c-FRA
x-cache: MISS
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 1574
x-served-by: cache-sea4438-SEA
server: cloudflare
etag: W/"74f823912b396fff2471f0918e1ae56696e6d198857eb0589e93307e557ccf4c"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=SYTa1k96SI%2BTJ3KhhDhyi%2BTZj5V0Wwpa8prSGw8TIFe2gCEdWnjXW%2Fg06AEOv%2BL5UAOB%2BVKN3MFwAyBn27DqG4YTrY0Rh%2B7wGlNJJ4BrD77y%2B3FBBcw2GAf68YZk1IPJuQzcDqWMpkTlbiDg"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
access-control-allow-origin: *
vary: Accept, Accept-Encoding
cache-control: public, max-age=31536000, immutable
accept-ranges: bytes
timing-allow-origin: *
link: <https://img.nets4.com/image/W25b9ht.png>; rel="canonical"
access-control-expose-headers: *

GET
H3 200 megaplay.cc
nets4.com/domain/ 15 B
0 18ms
18ms Fetch
application/json 2a06:98c1:3121::7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://nets4.com/domain/megaplay.cc
Requested by: Host: nets4.com
URL: https://nets4.com/domain/megaplay.cc
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a06:98c1:3121::7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Referer: https://nets4.com/domain/megaplay.cc
ts-request-embed-key: 9c4eda35-4858-4cd4-ad17-3833c719d93b:73c8f8c0eb953f92173ed76f8168e3313f392eb39446f3b739bbd1cd6193792c
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 02 Mar 2022 00:14:59 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PLQTFYt%2B7A5SGBnFeXKLr9HJYkIUdFeczUdar%2BeuDj5ymqmm7TROq11ioC9vaC5GDqg7bzQNyegmP8MWGG7Y7c1AWnpcD3WljdgVsfdUiQ3RkPak%2FxYbS6Id4usK9bFzOccZubvNM0w%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/json; charset=UTF-8
cache-control: no-store
cf-ray: 6e55ef773bcf6955-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 15

GET
H3 200 leaflet.js Show response
cdnjs.cloudflare.com/ajax/libs/leaflet/1.7.1/ 139 KB
36 KB 14ms
13ms Script
application/javascript 2606:4700::6810:135e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/leaflet/1.7.1/leaflet.js

Requested by

Host: nets4.com
URL: https://nets4.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6810:135e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c837347a297c1a35852aa375392cc74950a2b868214e8b1909c4637b8b63ee24

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

Referer: https://nets4.com/
Origin: https://nets4.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Wed, 02 Mar 2022 00:14:59 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 1499471
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 35659
timing-allow-origin: *
last-modified: Thu, 03 Sep 2020 12:27:01 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5f50e115-22a75"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15780000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HkSmWJyjK9NO1yduxoEjkUcaoM7jl874dtVZguGizTFAuCUrDsXJnnEIWoby8URHiVbuye1p6Unqw0KNa1Oj%2F02%2Bza6sk6ZAtL%2FhvnfVwAWhtD%2BnlvzMYTZvbWMn7rq36IX0C9n58AQem0VWN2XLJQP%2F"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=30672000
accept-ranges: bytes
cf-ray: 6e55ef773fb18ff2-FRA
expires: Mon, 20 Feb 2023 00:14:59 GMT

GET
H2 200 agent.js Show response
cdn.purpleads.io/ 34 KB
10 KB 24ms
6ms Script
application/javascript 108.138.7.59
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.purpleads.io/agent.js?publisherId=344ad2e45bc351c4ada152793585a015:8aed5d81ec539e8e6c45776fc6ee38d0aa92f5aeb356bf9114996f6476591916247996f56f76a9fe14770cd4806b54edb29d6938615ba1769d3b435fb1fcd83b
Requested by: Host: nets4.com
URL: https://nets4.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 108.138.7.59 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-108-138-7-59.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 38bf08369b9d72ce4d22d5b555e9e5ee2e7a5fab8980ba2787f47d89d55e2c99

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Tue, 01 Mar 2022 17:41:22 GMT
content-encoding: gzip
last-modified: Mon, 21 Feb 2022 08:37:50 GMT
server: AmazonS3
age: 23617
etag: "0c008aa8cd8d5ae47e2eb77cc10e9a3c"
x-cache: Hit from cloudfront
content-type: application/javascript
via: 1.1 20a87151baa74b57c01624c82e244c6a.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P6
accept-ranges: bytes
content-length: 10377
x-amz-cf-id: lC95MRninA04GnGGnylsf5EZ96t0xv-cWvnM5jKXN-CcKyFD7TI0jw==

GET
H3 200 sharebutton.js Show response
nets4.com/assets/js/ 80 KB
28 KB 37ms
36ms Script
application/javascript 2a06:98c1:3121::7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://nets4.com/assets/js/sharebutton.js
Requested by: Host: nets4.com
URL: https://nets4.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a06:98c1:3121::7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 21af66f64bb18b1159ee363a933d5630e27419c83915d4d5ef42d8154f3921da

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/domain/megaplay.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Wed, 02 Mar 2022 00:14:59 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 3940
cf-polished: origSize=120806
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Sat, 03 Jul 2021 07:08:27 GMT
server: cloudflare
etag: W/"60e00ceb-1d7e6"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9hhCOGYIBn4fCwtXKmzIEGtDfw7h17904pEJaxxslCW1CFnBLSO3a7Eh1zDxqpisqZJS6waYrH%2BF%2F4bTiQ1NUDZNK%2B1kcV6sjJXx9zTgpu5DtIiaMBtyVVwQGukGlwCE6vXd1PkOo00%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cf-ray: 6e55ef773bd46955-FRA
cf-bgj: minify

GET
H2 200 load.js Show response
cdn.purpleads.io/ 24 KB
7 KB 24ms
7ms Script
application/javascript 108.138.7.59
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.purpleads.io/load.js?publisherId=344ad2e45bc351c4ada152793585a015:8aed5d81ec539e8e6c45776fc6ee38d0aa92f5aeb356bf9114996f6476591916247996f56f76a9fe14770cd4806b54edb29d6938615ba1769d3b435fb1fcd83b
Requested by: Host: nets4.com
URL: https://nets4.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 108.138.7.59 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-108-138-7-59.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 56386db6fedf5475ff6ac57939cfaac58722f519fdce666cee7494b993c84e81

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Tue, 01 Mar 2022 03:00:41 GMT
content-encoding: gzip
last-modified: Mon, 21 Feb 2022 10:12:20 GMT
server: AmazonS3
age: 76459
etag: "46df8e234dd4307137411d6b4887edad"
x-cache: Hit from cloudfront
content-type: application/javascript
via: 1.1 20a87151baa74b57c01624c82e244c6a.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P6
accept-ranges: bytes
content-length: 6702
x-amz-cf-id: YQUUU1sSbYpe2UqFZ5_n8iqYql0CzzVA1xJzYl6Jy_ljKq0I3hc9vQ==

GET
H2 200 api.js Show response
www.google.com/recaptcha/ 850 B
968 B 45ms
15ms Script
text/javascript 2a00:1450:4001:810::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api.js

Requested by

Host: nets4.com
URL: https://nets4.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

d78ee501fd3af17e979356da8b12261e4647ea87c01df316a742de9deb090eda

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Wed, 02 Mar 2022 00:14:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: GSE
x-frame-options: SAMEORIGIN
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=300
cross-origin-resource-policy: cross-origin
content-security-policy: frame-ancestors 'self'
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 555
x-xss-protection: 1; mode=block
expires: Wed, 02 Mar 2022 00:14:59 GMT

GET
H3 200 bootstrap.min.js Show response
cdnjs.cloudflare.com/ajax/libs/bootstrap/4.5.3/js/ 62 KB
13 KB 34ms
19ms Script
application/javascript 2606:4700::6810:135e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/bootstrap/4.5.3/js/bootstrap.min.js

Requested by

Host: nets4.com
URL: https://nets4.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6810:135e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d8968086f7509df34c3278563dab87399da4f9dcdfb419818e3a309eedc70b88

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Wed, 02 Mar 2022 00:14:59 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 429235
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 13102
timing-allow-origin: *
last-modified: Tue, 20 Jul 2021 01:00:47 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "60f6203f-332e"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15780000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=h6EiZ%2BLuX%2BIZ%2FxujysDilYYwArVyHzbADJZjyFiVny7IkVfOymrb0HIhXhDJ7Jc8XWNMKC3EzixvM9Zrp8GSaIgSuSO7%2FAVy%2BU6EpuazSvDp9SGbAl%2BaJ9upsGCjCE%2FtxT%2BDdxKQSKSldA902zwXHyRC"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=30672000
accept-ranges: bytes
cf-ray: 6e55ef7759275b38-FRA
expires: Mon, 20 Feb 2023 00:14:59 GMT

GET
H3 200 popper.min.js Show response
cdnjs.cloudflare.com/ajax/libs/popper.js/2.10.0/umd/ 18 KB
7 KB 28ms
14ms Script
application/javascript 2606:4700::6810:135e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/popper.js/2.10.0/umd/popper.min.js

Requested by

Host: nets4.com
URL: https://nets4.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6810:135e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

691d4bd7b9b31f9ab1b1837e7d956e0e3041ef63c1ee0edee8ca6208a4234efd

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Wed, 02 Mar 2022 00:14:59 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 460066
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 6107
timing-allow-origin: *
last-modified: Thu, 02 Sep 2021 17:01:41 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "61310375-17db"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15780000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bNtm9g%2FNfaMrRKW1ocO0a0ojLwaZpBFBQo8BunwuDxt9zwfztzSGitxMHxG4k4lBJF4KqgPwaxVaJqD6Smtft09UDse2kIHlPhCNRj%2BYbCB909uk07hqFfQ%2FbFR8DiS%2BbQ1yflEgdkroAyiRZroaJ8tb"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=30672000
accept-ranges: bytes
cf-ray: 6e55ef7759265b38-FRA
expires: Mon, 20 Feb 2023 00:14:59 GMT

GET
H3 200 jquery.min.js Show response
cdnjs.cloudflare.com/ajax/libs/jquery/3.6.0/ 87 KB
28 KB 28ms
14ms Script
application/javascript 2606:4700::6810:135e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/jquery/3.6.0/jquery.min.js

Requested by

Host: nets4.com
URL: https://nets4.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6810:135e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Wed, 02 Mar 2022 00:14:59 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 1055749
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 27938
timing-allow-origin: *
last-modified: Tue, 02 Mar 2021 18:58:36 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "603e8adc-15d9d"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15780000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gkG7wihkGmCqTmy0skwDNQ%2BdM9qun2EYx87TSFPJDuAEozBMO9IJycdTRRjB2srAwkDv6shcb7frafoOGAJZ5MWg2iFAkxC3UPTiXVA3TXfaY3vuEMBXMeYwHHZJUebgr8w%2F5HKZibFKGaySREbGzye7"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=30672000
accept-ranges: bytes
cf-ray: 6e55ef7759285b38-FRA
expires: Mon, 20 Feb 2023 00:14:59 GMT

GET
H2 200 beacon.min.js Show response
static.cloudflareinsights.com/ 14 KB
5 KB 69ms
51ms Script
text/javascript 2606:4700::6810:5e41
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://static.cloudflareinsights.com/beacon.min.js
Requested by: Host: nets4.com
URL: https://nets4.com/cdn-cgi/apps/head/awkqrI1qzYcE0gTfW6uXyLl_1bA.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6810:5e41 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: fd0a1ac929c11b08e819fe4b0a18c5574012c44f09de8987c6be99a0f055a505

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Wed, 02 Mar 2022 00:14:59 GMT
content-encoding: gzip
last-modified: Thu, 09 Dec 2021 19:55:17 GMT
server: cloudflare
etag: W/2021.12.0
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
cf-ray: 6e55ef775ca59975-FRA

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 49 KB
20 KB 34ms
6ms Script
text/javascript 2a00:1450:4001:810::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: nets4.com
URL: https://nets4.com/domain/megaplay.cc

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 02 Nov 2021 17:39:06 GMT
server: Golfe2
age: 2406
date: Tue, 01 Mar 2022 23:34:53 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 20006
expires: Wed, 02 Mar 2022 01:34:53 GMT

GET
H3 200 s.js Show response
nets4.com/cdn-cgi/zaraz/ 4 KB
2 KB 239ms
239ms Script
text/javascript 2a06:98c1:3121::7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://nets4.com/cdn-cgi/zaraz/s.js?z=JTdCJTIyZXhlY3V0ZWQlMjIlM0ElNUIlNUQlMkMlMjJ0cmFja3MlMjIlM0ElNUIlNUQlMkMlMjJ0JTIyJTNBJTIyTWVnYXBsYXklMjBkb21haW4lMjBzdGF0aXN0aWNzJTIwLSUyME1lZ2FwbGF5LmNjJTIyJTJDJTIydyUyMiUzQTE2MDAlMkMlMjJoJTIyJTNBMTIwMCUyQyUyMmolMjIlM0ExMjAwJTJDJTIyZSUyMiUzQTE2MDAlMkMlMjJsJTIyJTNBJTIyaHR0cHMlM0ElMkYlMkZuZXRzNC5jb20lMkZkb21haW4lMkZtZWdhcGxheS5jYyUyMiUyQyUyMnIlMjIlM0ElMjIlMjIlMkMlMjJrJTIyJTNBMjQlMkMlMjJuJTIyJTNBJTIyVVRGLTglMjIlMkMlMjJvJTIyJTNBMCU3RA==
Requested by: Host: nets4.com
URL: https://nets4.com/domain/megaplay.cc
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a06:98c1:3121::7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 22d7e00449ca81f34b0926fe4573ec056a674d959ad42d7fa0ad680e90f27992

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/domain/megaplay.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Wed, 02 Mar 2022 00:14:59 GMT
content-encoding: br
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Origin, Accept-Encoding
access-control-allow-methods: GET, HEAD, POST, OPTIONS
content-type: text/javascript
access-control-allow-origin: https://nets4.com
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vcbcZCPTRT9%2Bbt%2FlsGzASw76b4WlfRGgHVJEPzilE25ajwhrO7EHm%2BzhwRzwVYzCQsPlzdGOUuWjjQwcHOs4N%2F3Ghoe%2FwADUJcUB%2F2FNFZpUb0YmWOalILAoRcd7aLJJosyCy8eFIUE%3D"}],"group":"cf-nel","max_age":604800}
access-control-max-age: 600
access-control-allow-credentials: true
cf-ray: 6e55ef773bd56955-FRA
access-control-allow-headers: Content-Type, Set-Cookie, Cache-Control
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H3 200 fa-brands-400.woff2
cdnjs.cloudflare.com/ajax/libs/font-awesome/5.15.4/webfonts/ 75 KB
76 KB 24ms
24ms Font
application/octet-stream 2606:4700::6810:135e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.15.4/webfonts/fa-brands-400.woff2

Requested by

Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.15.4/css/all.min.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6810:135e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

23cc8f32949c8b6960b1a4ca216ccaff2db4b769f6565bef2ee1fa954e072029

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

Referer: https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.15.4/css/all.min.css
Origin: https://nets4.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Wed, 02 Mar 2022 00:14:59 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 1056138
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 76736
timing-allow-origin: *
last-modified: Mon, 13 Sep 2021 19:10:03 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "613fa20b-12bc0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15780000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=iXTgMQC%2F%2Fvygk%2F0U%2FkJ2oRSlsS5PewSIs4IyOcKAJKCzcbcVr95wVm%2B1%2B8o9M8uPPHfLp6%2BOMt%2FKwTzeg2yBMAxb1NHBELhb1rppFRBT4%2BJwMQmU%2F41J6UoWXgcM1XXSZwgOO7l%2BQzY46wEmYq593F56"}],"group":"cf-nel","max_age":604800}
content-type: application/octet-stream; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=30672000
accept-ranges: bytes
cf-ray: 6e55ef774fba8ff2-FRA
expires: Mon, 20 Feb 2023 00:14:59 GMT

GET
H3 200 fa-solid-900.woff2
cdnjs.cloudflare.com/ajax/libs/font-awesome/5.15.4/webfonts/ 76 KB
77 KB 15ms
15ms Font
application/octet-stream 2606:4700::6810:135e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.15.4/webfonts/fa-solid-900.woff2

Requested by

Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.15.4/css/all.min.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6810:135e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8f52ae059ebd18fcb45ca5d2f81ab410ade2b54e096aa1284fd4b2b97bf3ddc9

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

Referer: https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.15.4/css/all.min.css
Origin: https://nets4.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Wed, 02 Mar 2022 00:14:59 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 452162
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 78268
timing-allow-origin: *
last-modified: Mon, 13 Sep 2021 19:10:03 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "613fa20b-131bc"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15780000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3v19T%2F1y3bgOeglaKRgz0kT2v9pa4w8v8u62QmZL1Heu1uyDfC4LL%2FRSlvgTX3U%2FiegtxTapl%2FI9V%2BKL5PNEU2NWJa%2Fya0vs3lLe5fElPXTd9476M6qnEdpVjcQO%2FvHN9v3CZ7pkoPTFPQ%2FVFckitefi"}],"group":"cf-nel","max_age":604800}
content-type: application/octet-stream; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=30672000
accept-ranges: bytes
cf-ray: 6e55ef774fbe8ff2-FRA
expires: Mon, 20 Feb 2023 00:14:59 GMT

GET
H2 200 02f58d4f-b70d-4a56-9c09-6c05aa1b9f52.png
s0.nets4.com/s/ 255 KB
256 KB 2935ms
2931ms Image
image/gif 2a06:98c1:3121::7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.nets4.com/s/02f58d4f-b70d-4a56-9c09-6c05aa1b9f52.png?w=500

Requested by

Host: nets4.com
URL: https://nets4.com/domain/megaplay.cc

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a06:98c1:3121::7 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b4316435298c4566eafd73dfeaa7ea02dfe56fda6cab81d4e6fd420632d5a538

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Wed, 02 Mar 2022 00:15:02 GMT
x-content-type-options: nosniff
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-cache: MISS
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 261177
x-served-by: cache-sea4428-SEA
timing-allow-origin: *
server: cloudflare
etag: W/"00506a3513b643ec1016067de06ab9686f42e04272ed98cf33308afed621a545"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=L3BaYWB5tImWLbPbI%2F%2BbfR%2BYPxlzOoHclQLsfpnsCib4vPcDyfKRoeUko32tappv0MTmhkedKE9a5nfc0SF1e2TtQ5AoJY6yilGKazluYZsmrgJ%2BDTDZftr2FbqAh4tO38U2fkgUHY4MLkA%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
access-control-allow-origin: *
vary: Accept, Accept-Encoding
cache-control: public, max-age=31536000, immutable
accept-ranges: bytes
cf-ray: 6e55ef77afda9052-FRA
link: <https://urlscan.io/screenshots/02f58d4f-b70d-4a56-9c09-6c05aa1b9f52.png>; rel="canonical"
access-control-expose-headers: *

GET
H2 200 megaplay.cc
img.nets4.com/favs/ 220 B
505 B 1329ms
1028ms Image
image/png 2606:4700:e0::ac40:631d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://img.nets4.com/favs/megaplay.cc?size=32

Requested by

Host: nets4.com
URL: https://nets4.com/domain/megaplay.cc

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:e0::ac40:631d , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

aba920553f96e6cabc093fc495c6f421dcfa5578cda7c5edac78d5937d98a3a5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Wed, 02 Mar 2022 00:15:01 GMT
x-content-type-options: nosniff
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 220
x-xss-protection: 1; mode=block
last-modified: Wed, 02 Mar 2022 00:15:01 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Q1EmeEDRnsiIED%2BKVggPJtbWmUipzz2hSIAhK%2BCU4oOMBFeE5RPdrzbqYf%2BN8eVKp5toL1tMShrgWMkVjb36xM6ZeHVPe798VQs1WNejYUaAHbKrXWvQ%2BFVNQbd0QmzBmSzrD2UJbSggKiYr"}],"group":"cf-nel","max_age":604800}
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=691200
accept-ranges: bytes
cf-ray: 6e55ef7989779a3c-FRA

GET
H2 200 megaplay.cc
img.nets4.com/favs/ 188 B
510 B 773ms
473ms Image
image/png 2606:4700:e0::ac40:631d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://img.nets4.com/favs/megaplay.cc?size=16

Requested by

Host: nets4.com
URL: https://nets4.com/domain/megaplay.cc

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:e0::ac40:631d , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

bc616a4a40d659edc4180ae63f878c94c0d7e25539aa97ccdd4414d93db5ddc7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Wed, 02 Mar 2022 00:15:00 GMT
x-content-type-options: nosniff
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 188
x-xss-protection: 1; mode=block
last-modified: Wed, 02 Mar 2022 00:15:00 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=sPC%2FmBmrSJSQSQ%2BqtOxaLaMgNln6swD%2F5XRWzEp7A8EKZ2C24JZvSz5N%2BoXzWr%2BdY8ndwrhfLY6%2BWzQX6Jy8tojPEwbdMQzfTfAgWFJS7mh2LnMkZCEfG%2B33LRXCmls8ZkdWiLnn5SJ9XLAX"}],"group":"cf-nel","max_age":604800}
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=691200
accept-ranges: bytes
cf-ray: 6e55ef7989799a3c-FRA

GET
H2 200 backlinks-discovery-chart
s0.nets4.com/charts/ 34 KB
35 KB 1290ms
1287ms Image
image/png 2a06:98c1:3121::7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.nets4.com/charts/backlinks-discovery-chart?d=megaplay.cc&w=400&h=200&entries=12&ctype=2

Requested by

Host: nets4.com
URL: https://nets4.com/domain/megaplay.cc

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a06:98c1:3121::7 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3241f3656532de169a86f4cb2195882c17a1c8b2be8c3150c43dad6100422a53

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors https://docs.google.com https://*.googleusercontent.com;
X-Content-Type-Options	nosniff
X-Frame-Options	ALLOW-FROM https://docs.google.com
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Wed, 02 Mar 2022 00:15:01 GMT
x-content-type-options: nosniff
cf-cache-status: BYPASS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-security-policy-report-only: default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' analytics.majesticseo.com analytics.majestic.com info.majestic.com https://www.googletagmanager.com www.google-analytics.com https://www.googleadservices.com/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://platform.twitter.com/;style-src 'self' 'unsafe-inline';img-src 'self' data: https:;font-src 'none';object-src 'none';media-src 'none';frame-src www.openstreetmap.org www.youtube.com https://www.google.com/recaptcha/ https://platform.twitter.com/ https://syndication.twitter.com/;child-src www.openstreetmap.org www.youtube.com https://www.google.com/recaptcha/ https://platform.twitter.com/ https://syndication.twitter.com/;frame-ancestors https://docs.google.com https://*.googleusercontent.com;report-uri /csp/report
content-disposition: filename=BacklinkHistoryChart.png
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 35264
x-xss-protection: 1; mode=block
server: cloudflare
x-frame-options: ALLOW-FROM https://docs.google.com
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Language, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=nCcBEWQ%2BhxDC7RNUWMRuMEC%2FFNvyaIeMiJGyNDmCXtvuS7xoG%2FlauC02ibzZPXCgSWuYha%2BNCI%2BSxSA0cGnNx4AYN9apVuS0OD7wcijp48yp5IHZUBlP8Pl6wXpYM1twMpcN5yn2zSdOZKU%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=604800
content-security-policy: frame-ancestors https://docs.google.com https://*.googleusercontent.com;
accept-ranges: bytes
cf-ray: 6e55ef77afdb9052-FRA
expires: Wed, 09 Mar 2022 00:15:00 GMT

GET
H2 200 referring-domains-discovery
s0.nets4.com/charts/ 31 KB
33 KB 1179ms
1176ms Image
image/png 2a06:98c1:3121::7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.nets4.com/charts/referring-domains-discovery?d=megaplay.cc&w=400&h=200&entries=12&ctype=2

Requested by

Host: nets4.com
URL: https://nets4.com/domain/megaplay.cc

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a06:98c1:3121::7 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

12347956c15a319e227ed67861e6ffb5fa2c809bdaee276444d13f118d35514c

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors https://docs.google.com https://*.googleusercontent.com;
X-Content-Type-Options	nosniff
X-Frame-Options	ALLOW-FROM https://docs.google.com
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Wed, 02 Mar 2022 00:15:00 GMT
x-content-type-options: nosniff
cf-cache-status: BYPASS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-security-policy-report-only: default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' analytics.majesticseo.com analytics.majestic.com info.majestic.com https://www.googletagmanager.com www.google-analytics.com https://www.googleadservices.com/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://platform.twitter.com/;style-src 'self' 'unsafe-inline';img-src 'self' data: https:;font-src 'none';object-src 'none';media-src 'none';frame-src www.openstreetmap.org www.youtube.com https://www.google.com/recaptcha/ https://platform.twitter.com/ https://syndication.twitter.com/;child-src www.openstreetmap.org www.youtube.com https://www.google.com/recaptcha/ https://platform.twitter.com/ https://syndication.twitter.com/;frame-ancestors https://docs.google.com https://*.googleusercontent.com;report-uri /csp/report
content-disposition: filename=BacklinkHistoryChart.png
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 31794
x-xss-protection: 1; mode=block
server: cloudflare
x-frame-options: ALLOW-FROM https://docs.google.com
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Language, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=M2U4rdnaUJftv%2BFS6AdxSqhlEwrX2H3mXEYcSecDZmhc9WpeZRHACHQAW6heGuskYOQSkCpJcylRTlB20qNWiCPDoBNmh%2BNAt0ZaP7nJYcfSxIxvrtP5nV4Z%2BPc2Eh7%2BFeNoSWbpSGFM4GU%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=604800
content-security-policy: frame-ancestors https://docs.google.com https://*.googleusercontent.com;
accept-ranges: bytes
cf-ray: 6e55ef77afdd9052-FRA
expires: Wed, 09 Mar 2022 00:15:00 GMT

GET
H2 200 freefollower.net
img.nets4.com/favs/ 787 B
1 KB 335ms
33ms Image
image/png 2606:4700:e0::ac40:631d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://img.nets4.com/favs/freefollower.net?size=16

Requested by

Host: nets4.com
URL: https://nets4.com/domain/megaplay.cc

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:e0::ac40:631d , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7e76375fd2fba555f67e920bd62b7f671177d0018df1514aaca56529b12b121a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Wed, 02 Mar 2022 00:15:00 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 56980
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 787
x-xss-protection: 1; mode=block
last-modified: Tue, 01 Mar 2022 08:25:20 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Lm2fm2JMKVACvRMU0Nsg1KPP0BSc1TUUW6O%2FZ7Adrd4ANAaWvNNyglx8ncSzBZw%2BxnhVffRblwuqBNCzSI5HLAMmXu%2BxW2N1dVMsMcHCQRi6G%2F%2FPoM46IZptBG%2B63b6GgrzhMeN6F9ZuQXxV"}],"group":"cf-nel","max_age":604800}
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=691200
accept-ranges: bytes
cf-ray: 6e55ef79897c9a3c-FRA

GET
H2 200 boastclub.com
img.nets4.com/favs/ 410 B
776 B 981ms
678ms Image
image/png 2606:4700:e0::ac40:631d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://img.nets4.com/favs/boastclub.com?size=16

Requested by

Host: nets4.com
URL: https://nets4.com/domain/megaplay.cc

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:e0::ac40:631d , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8c3320d07c6a15846cb81c02418f6ab46c5353aee8e73b913a250e75e1e14352

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Wed, 02 Mar 2022 00:15:00 GMT
x-content-type-options: nosniff
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 410
x-xss-protection: 1; mode=block
last-modified: Wed, 02 Mar 2022 00:15:00 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=IZDG9oIQPlRcwWX9AjVkzDVm83l%2F9kqR9VMEZfYKEMKDatitXmmkItZTL2y6O%2BeoJ1d%2Bh6wXtnp9Nkeei0sMVbnk3I%2F%2Fv9LnydzGuoYQpZX04SOeAq4boB9JvhfVslGMQjzyzCHkc%2Bdflbt1"}],"group":"cf-nel","max_age":604800}
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=691200
accept-ranges: bytes
cf-ray: 6e55ef7989809a3c-FRA

GET
H2 200 sanita.it
img.nets4.com/favs/ 747 B
1 KB 1277ms
974ms Image
image/png 2606:4700:e0::ac40:631d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://img.nets4.com/favs/sanita.it?size=16

Requested by

Host: nets4.com
URL: https://nets4.com/domain/megaplay.cc

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:e0::ac40:631d , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

fb45a061174a7fe730246c291473534dee8d6a9881b4adddceb63d94e4e0339c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Wed, 02 Mar 2022 00:15:01 GMT
x-content-type-options: nosniff
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 747
x-xss-protection: 1; mode=block
last-modified: Wed, 02 Mar 2022 00:15:01 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LCd%2Btl%2Fcquora%2Be7agD563N%2FA%2ByLyZQu8t9FtepN5dRCoFUeLnEyv63yNWxpDwnIZB4QL6XY%2BaUaITojri%2FT7CgNBTJ%2FgKNQJ8oz0bHcr%2B33sCzBKzgeTAK3qr3hv8Iu%2Bj31PMeaTJJqyq%2Bp"}],"group":"cf-nel","max_age":604800}
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=691200
accept-ranges: bytes
cf-ray: 6e55ef7989829a3c-FRA

GET
H2 200 themorrislawgroup.com
img.nets4.com/favs/ 782 B
1 KB 807ms
504ms Image
image/png 2606:4700:e0::ac40:631d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://img.nets4.com/favs/themorrislawgroup.com?size=16

Requested by

Host: nets4.com
URL: https://nets4.com/domain/megaplay.cc

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:e0::ac40:631d , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

fa3a529b5e712410bd0980baca01171b973e79b9a7b82c3dd571a3f932553954

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Wed, 02 Mar 2022 00:15:00 GMT
x-content-type-options: nosniff
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 782
x-xss-protection: 1; mode=block
last-modified: Wed, 02 Mar 2022 00:15:00 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=NtDzwzOAeGmblK5i5o9%2BvA8D8rv570fVjUlhJFvzjBYJerb4CDWE%2BdQzc3riG8OKxsB5eoPaG87RCvKI3OQuVIA2wnwXsUhUVwmgndz4PWEAoGKN9OCiAEAZpgjqMhvdDk3FM7iILpDVMVKM"}],"group":"cf-nel","max_age":604800}
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=691200
accept-ranges: bytes
cf-ray: 6e55ef7989869a3c-FRA

GET
H2 200 recipepuppy.com
img.nets4.com/favs/ 878 B
1 KB 792ms
489ms Image
image/png 2606:4700:e0::ac40:631d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://img.nets4.com/favs/recipepuppy.com?size=16

Requested by

Host: nets4.com
URL: https://nets4.com/domain/megaplay.cc

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:e0::ac40:631d , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6ed3a7345baa289cb3167c3f31c095ce59e28791dc69cf40f37c7c59159ddab4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Wed, 02 Mar 2022 00:15:00 GMT
x-content-type-options: nosniff
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 878
x-xss-protection: 1; mode=block
last-modified: Wed, 02 Mar 2022 00:15:00 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=IREYdvfmQ1W24fLtK3%2B%2BlfNukIJEeyrYnxEPSNge1h40DKWD5Gg5fTcDIM07eqA6HPBZxCl79SpnF1oukYcZVI17xdUnsmnSM41LbgVYedi0S16Wem9MdEjpMZadPLAZefLlJAj4eIV9cA%2FK"}],"group":"cf-nel","max_age":604800}
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=691200
accept-ranges: bytes
cf-ray: 6e55ef7989879a3c-FRA

GET
H2 200 studentrecipes.com
img.nets4.com/favs/ 460 B
748 B 794ms
492ms Image
image/png 2606:4700:e0::ac40:631d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://img.nets4.com/favs/studentrecipes.com?size=16

Requested by

Host: nets4.com
URL: https://nets4.com/domain/megaplay.cc

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:e0::ac40:631d , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

79df09b7a101a202b799af57356766ec71ac38b9c6a8371306b1ef2bd403ad1c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Wed, 02 Mar 2022 00:15:00 GMT
x-content-type-options: nosniff
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 460
x-xss-protection: 1; mode=block
last-modified: Wed, 02 Mar 2022 00:15:00 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vrKmGc%2BSK%2Be%2BQyNdgzh1gt5Tct1J6RE0nBu2dzEdfzjKex6nys3AGzUZBEQB9nKEQmbpY5PbtGmnheD0AO1tqQMZjaXuiD2TPgKgN8ZA7SxekH6NQ40F%2BSLep%2Be%2B5PSmJ5clbgg3DphDFwLI"}],"group":"cf-nel","max_age":604800}
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=691200
accept-ranges: bytes
cf-ray: 6e55ef7989889a3c-FRA

GET
H2 200 bct0088.com
img.nets4.com/favs/ 70 B
371 B 1474ms
1172ms Image
image/png 2606:4700:e0::ac40:631d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://img.nets4.com/favs/bct0088.com?size=16

Requested by

Host: nets4.com
URL: https://nets4.com/domain/megaplay.cc

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:e0::ac40:631d , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9681c0a0a13d8581f202bfaf62e53563ea6d0d6bd8e542b35b6d7c09b0e7b41b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Wed, 02 Mar 2022 00:15:01 GMT
x-content-type-options: nosniff
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 70
x-xss-protection: 1; mode=block
last-modified: Wed, 02 Mar 2022 00:15:01 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BzZ3hRRyFJYTUKRfM2FeBLSIxPG6QAwgaErgbDgUBC0S9BqTy6Jiz7mRRO0f87MXJb9mvOSOb6N4NqnU8iQWp87%2BS7AjuyetFp3XOihuW%2B4mV4mQAudk9M33J3%2BszhSbK9eR5GjYhnDzBuFy"}],"group":"cf-nel","max_age":604800}
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=691200
accept-ranges: bytes
cf-ray: 6e55ef7989899a3c-FRA

GET
H2 200 profakta.com
img.nets4.com/favs/ 612 B
943 B 949ms
647ms Image
image/png 2606:4700:e0::ac40:631d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://img.nets4.com/favs/profakta.com?size=16

Requested by

Host: nets4.com
URL: https://nets4.com/domain/megaplay.cc

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:e0::ac40:631d , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

bb0146cf440b2cd6f888c83f1a7c8c8cb7a4a83935b102c57d8695c706945adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Wed, 02 Mar 2022 00:15:00 GMT
x-content-type-options: nosniff
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 612
x-xss-protection: 1; mode=block
last-modified: Wed, 02 Mar 2022 00:15:00 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mdowETs0F03lsMRbc0IiRSCnWKrLepN%2Bqj39%2Fz9mSuXMa3pW3F96LVQmB65ugtutysi7j7fHLTdd2xM6e1Yqk6wfK8sJheKD3eTHQOS0%2FanvF2YF2dFsBXdl9DUHOqUEOvhC5jv1Vgxj5pB6"}],"group":"cf-nel","max_age":604800}
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=691200
accept-ranges: bytes
cf-ray: 6e55ef79898c9a3c-FRA

GET
H2 200 kyddo.com
img.nets4.com/favs/ 821 B
1 KB 329ms
28ms Image
image/png 2606:4700:e0::ac40:631d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://img.nets4.com/favs/kyddo.com?size=16

Requested by

Host: nets4.com
URL: https://nets4.com/domain/megaplay.cc

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:e0::ac40:631d , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

34e388213f012ba29597411c042c5e5e0a98e68b7adc9f51a2cae545217b7c89

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Wed, 02 Mar 2022 00:15:00 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 301
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 821
x-xss-protection: 1; mode=block
last-modified: Wed, 02 Mar 2022 00:09:59 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=TRPu2imRLJRz%2F6rZH3AwwkO9TkgpzSf4q3pNxWNXQPYNoRhICrVPL3a3C3jGGbgoLMeuDKl%2BkxOA4mYmluV3eQkdwx2pA18yPJhHWeCk%2B%2BCRKB3xlvF5GYyq6UmcOuTuHRREltBEkM%2B1p2zt"}],"group":"cf-nel","max_age":604800}
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=691200
accept-ranges: bytes
cf-ray: 6e55ef7989909a3c-FRA

GET
H2 200 infosniper.net
img.nets4.com/favs/ 473 B
969 B 331ms
29ms Image
image/png 2606:4700:e0::ac40:631d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://img.nets4.com/favs/infosniper.net?size=16

Requested by

Host: nets4.com
URL: https://nets4.com/domain/megaplay.cc

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:e0::ac40:631d , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e246cc0309f5e004a9b748b5de9dc08f3258919e63f1335424ed4989cb5ad5c4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Wed, 02 Mar 2022 00:15:00 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 1316
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 473
x-xss-protection: 1; mode=block
last-modified: Tue, 01 Mar 2022 23:53:04 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=XfI%2B%2BmEPIV5I0P2kO7HqYiW5Cbe6NsxgXavev%2FAiH5kd4BRSMrcyo%2F0xXNck1LV7%2B8aabQ7%2BANG04K67%2BdqfqGerXaM42ID%2FkFUPmgSt%2BUPt1EujLd%2BCfZiZKBodAqGqDELraloXmZm%2FXqAo"}],"group":"cf-nel","max_age":604800}
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=691200
accept-ranges: bytes
cf-ray: 6e55ef7989929a3c-FRA

POST
H3 200 collect Show response
www.google-analytics.com/j/ 2 B
22 B 30ms
14ms XHR
text/plain 2a00:1450:4001:810::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j96&a=128097721&t=pageview&_s=1&dl=https%3A%2F%2Fnets4.com%2Fdomain%2Fmegaplay.cc&ul=en-us&de=UTF-8&dt=Megaplay%20domain%20statistics%20-%20Megaplay.cc&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=IEBAAEABAAAAAC~&jid=276444919&gjid=710112635&cid=959488425.1646180100&tid=UA-123511935-10&_gid=1657247849.1646180100&_r=1&_slc=1&z=7818055

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

a048e640908046be06e00eab37742b5d5ff80964af58cfd22f7cb2de4dfe375f

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://nets4.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Wed, 02 Mar 2022 00:14:59 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://nets4.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 550j6zn5gn Show response
www.clarity.ms/tag/ 588 B
970 B 254ms
170ms Script
application/x-javascript 2620:1ec:27::cafe:1784
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.clarity.ms/tag/550j6zn5gn
Requested by: Host: nets4.com
URL: https://nets4.com/domain/megaplay.cc
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:27::cafe:1784 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: / ASP.NET
Resource Hash: f9b63eb55392ca4c7f285043c62b8fe54b74428e9f58b9a4abe050630436243e

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Wed, 02 Mar 2022 00:14:59 GMT
x-powered-by: ASP.NET
x-azure-ref: 0BLceYgAAAADFEwcD65VzR7vXCK8nc+VPSVNUMzBFREdFMDIwNwA2Y2ZiZWVlMC01MDI3LTQ4NGItODk2Ny00YTI5YWY3N2YxZTE=
x-cache: CONFIG_NOCACHE
content-type: application/x-javascript
cache-control: no-cache, no-store
request-context: appId=cid-v1:238681e8-7d6b-453a-acb6-7dcad74f3111
content-length: 588
expires: -1

GET
H2 200 clarity.js Show response
d.clarity.ms/s/0.6.32/ 53 KB
23 KB 287ms
93ms Script
application/javascript 40.76.174.66
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://d.clarity.ms/s/0.6.32/clarity.js
Requested by: Host: www.clarity.ms
URL: https://www.clarity.ms/tag/550j6zn5gn
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 40.76.174.66 Tappahannock, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: 3701cadc5fc84e8ad639f83a87e20d82575e3cc28d479d73a0e66e5230e71c65

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Wed, 02 Mar 2022 00:15:00 GMT
content-encoding: br
etag: "1d82c9e8417ef90"
last-modified: Mon, 28 Feb 2022 12:27:14 GMT
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET
vary: Accept-Encoding
content-type: application/javascript;charset=utf-8
cache-control: public,max-age=86400
accept-ranges: bytes
request-context: appId=cid-v1:238681e8-7d6b-453a-acb6-7dcad74f3111

GET
H2

200

c.gif
c.clarity.ms/
Redirect Chain

https://c.clarity.ms/c.gif
https://c.bing.com/c.gif?CtsSyncId=68A4FED5C4B341179036209CD676B289&RedC=c.clarity.ms&MXFR=272DA5B1647764C12477B4EA60776A44
https://c.clarity.ms/c.gif?CtsSyncId=68A4FED5C4B341179036209CD676B289&MUID=0551108247766BC6377D01D946DA6A88

42 B
366 B

34ms
33ms

Image
image/gif

52.142.114.2
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://c.clarity.ms/c.gif?CtsSyncId=68A4FED5C4B341179036209CD676B289&MUID=0551108247766BC6377D01D946DA6A88
Requested by: Host: nets4.com
URL: https://nets4.com/domain/megaplay.cc
Protocol: H2
Server: 52.142.114.2 Dublin, Ireland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: 99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 02 Mar 2022 00:15:00 GMT
last-modified: Fri, 18 Feb 2022 21:27:03 GMT
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET
etag: "7f9eac45e25d81:0"
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
cache-control: private, no-cache, proxy-revalidate, no-store
accept-ranges: bytes
content-type: image/gif
content-length: 42

Redirect headers

pragma: no-cache
date: Wed, 02 Mar 2022 00:15:00 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 143F30C6BBE74BA28568C26F33C3E070 Ref B: FRA31EDGE0812 Ref C: 2022-03-02T00:15:00Z
x-powered-by: ASP.NET
x-cache: CONFIG_NOCACHE
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
location: https://c.clarity.ms/c.gif?CtsSyncId=68A4FED5C4B341179036209CD676B289&MUID=0551108247766BC6377D01D946DA6A88
cache-control: private, no-cache, proxy-revalidate, no-store
content-length: 0

GET
H2 200 / Show response
api.purpleads.io/x/ 4 KB
2 KB 373ms
187ms Fetch
application/json 34.227.128.233
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://api.purpleads.io/x/?ts=1646180100637
Requested by: Host: cdn.purpleads.io
URL: https://cdn.purpleads.io/load.js?publisherId=344ad2e45bc351c4ada152793585a015:8aed5d81ec539e8e6c45776fc6ee38d0aa92f5aeb356bf9114996f6476591916247996f56f76a9fe14770cd4806b54edb29d6938615ba1769d3b435fb1fcd83b
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.227.128.233 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-227-128-233.compute-1.amazonaws.com
Software: /
Resource Hash: b941385c3fb719f98fad39e2948a71eb697418dc7cebb65c0031dd13f34e4f69

Request headers

Accept-Language: de-DE,de;q=0.9
Authorization: Bearer 344ad2e45bc351c4ada152793585a015:8aed5d81ec539e8e6c45776fc6ee38d0aa92f5aeb356bf9114996f6476591916247996f56f76a9fe14770cd4806b54edb29d6938615ba1769d3b435fb1fcd83b
x-request-url: aHR0cHM6Ly9uZXRzNC5jb20vZG9tYWluL21lZ2FwbGF5LmNj
Accept: application/json
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type: application/json
x-purpleads-version: 0.4.13

Response headers

date: Wed, 02 Mar 2022 00:15:01 GMT
content-encoding: gzip
etag: W/"11ab-8TPt3GwchfPBRt3xV3o9yfYfJq0"
vary: Accept-Encoding
access-control-allow-methods: GET, PUT, POST, DELETE, HEAD, OPTIONS
content-type: application/json; charset=utf-8
access-control-allow-origin: https://nets4.com
access-control-allow-credentials: true
x-request-id: 6f2d7891-fd73-43af-bfd8-4b2dd0814fd3

GET
H2 200 agent.js Show response
cdn.purpleads.io/ 34 KB
10 KB 7ms
7ms Script
application/javascript 108.138.7.59
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.purpleads.io/agent.js?publisherId=344ad2e45bc351c4ada152793585a015:8aed5d81ec539e8e6c45776fc6ee38d0aa92f5aeb356bf9114996f6476591916247996f56f76a9fe14770cd4806b54edb29d6938615ba1769d3b435fb1fcd83b
Requested by: Host: nets4.com
URL: https://nets4.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 108.138.7.59 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-108-138-7-59.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 38bf08369b9d72ce4d22d5b555e9e5ee2e7a5fab8980ba2787f47d89d55e2c99

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Tue, 01 Mar 2022 17:41:22 GMT
content-encoding: gzip
last-modified: Mon, 21 Feb 2022 08:37:50 GMT
server: AmazonS3
age: 23618
etag: "0c008aa8cd8d5ae47e2eb77cc10e9a3c"
x-cache: Hit from cloudfront
content-type: application/javascript
via: 1.1 20a87151baa74b57c01624c82e244c6a.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P6
accept-ranges: bytes
content-length: 10377
x-amz-cf-id: FWuCfs36VyRS4zpsuNIx7XcYP-V27ouv8uLOx-bencCdK-4YAB1m1w==

GET
H2 200 sm.22.html Show response
static.addtoany.com/menu/ Frame 540E 278 B
650 B 41ms
22ms Document
text/html 2606:4700:10::6816:47c5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.addtoany.com/menu/sm.22.html

Requested by

Host: nets4.com
URL: https://nets4.com/assets/js/sharebutton.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:47c5 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4fef239ebd936e96f316dee1aca599952e7adaaba26fab72b45328871855ac4b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/

Response headers

date: Wed, 02 Mar 2022 00:15:00 GMT
content-type: text/html; charset=utf-8
via: e3s
p3p: CP="ALL DSP COR CURa ADMa DEVa TAIa PSAa PSDa OUR IND UNI COM NAV INT"
last-modified: Tue, 28 Sep 2021 21:02:23 GMT
etag: W/"116-5cd1487afaaea"
cache-control: max-age=315360000, immutable
vary: Accept-Encoding
cf-cache-status: HIT
age: 120944
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 6e55ef7dab7d9be2-FRA
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
DATA 200
OK truncated
/ 34 B
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 1e85ec81b9800b4c443d39caca0d0926089a3ac201120db1ceb45b93789480b8

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Content-Type: image/gif

GET
H2 200 init Show response
api.purpleads.io/x/ 68 B
358 B 289ms
102ms Fetch
application/json 34.227.128.233
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://api.purpleads.io/x/init?ts=1646180100667
Requested by: Host: cdn.purpleads.io
URL: https://cdn.purpleads.io/agent.js?publisherId=344ad2e45bc351c4ada152793585a015:8aed5d81ec539e8e6c45776fc6ee38d0aa92f5aeb356bf9114996f6476591916247996f56f76a9fe14770cd4806b54edb29d6938615ba1769d3b435fb1fcd83b
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.227.128.233 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-227-128-233.compute-1.amazonaws.com
Software: /
Resource Hash: 587259314084a04755f0dfb2d0f0e9f07bdf03a575352e366e308d2e19cfc70a

Request headers

Accept-Language: de-DE,de;q=0.9
Authorization: Bearer 344ad2e45bc351c4ada152793585a015:8aed5d81ec539e8e6c45776fc6ee38d0aa92f5aeb356bf9114996f6476591916247996f56f76a9fe14770cd4806b54edb29d6938615ba1769d3b435fb1fcd83b
x-request-url: aHR0cHM6Ly9uZXRzNC5jb20vZG9tYWluL21lZ2FwbGF5LmNj
Accept: application/json
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type: application/json
x-purpleads-version: 2.0.26

Response headers

date: Wed, 02 Mar 2022 00:15:01 GMT
etag: W/"44-Pm5SJt3t2KI5gMvsRd3GV+dxT2U"
vary: Accept-Encoding
access-control-allow-methods: GET, PUT, POST, DELETE, HEAD, OPTIONS
content-type: application/json; charset=utf-8
access-control-allow-origin: https://nets4.com
access-control-allow-credentials: true
content-length: 68
x-request-id: 587c3ea8-ead6-409a-85b6-1815ab1edc81

GET
H3 200 marker-icon.png
cdnjs.cloudflare.com/ajax/libs/leaflet/1.7.1/images/ 1 KB
2 KB 15ms
15ms Image
image/png 2606:4700::6810:135e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdnjs.cloudflare.com/ajax/libs/leaflet/1.7.1/images/marker-icon.png

Requested by

Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/leaflet/1.7.1/leaflet.min.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6810:135e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

574c3a5cca85f4114085b6841596d62f00d7c892c7b03f28cbfa301deb1dc437

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://cdnjs.cloudflare.com/ajax/libs/leaflet/1.7.1/leaflet.min.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Wed, 02 Mar 2022 00:15:00 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 137294
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 1470
timing-allow-origin: *
last-modified: Thu, 03 Sep 2020 12:27:01 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5f50e115-5ba"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15780000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HpXhRZUrHjt1ldkSgbMqhMCMgUtx0K%2BlGQKOxpfu2b0ZaQJ5RorOo0K5M8nFL2ZdCgx3EcfVbFLjK%2FIjJj5l%2B0z8iO8uwnfrkrNi3sHT5pjFFJpkYUW1gIqnHZPX2goV1W%2B%2FOMLRyhnjIaJDSz0%2Bsxh1"}],"group":"cf-nel","max_age":604800}
content-type: image/png; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=30672000
accept-ranges: bytes
cf-ray: 6e55ef7d4fc45b38-FRA
expires: Mon, 20 Feb 2023 00:15:00 GMT

GET
H2 200 2.png
a.tile.openstreetmap.org/3/1/ 8 KB
9 KB 756ms
250ms Image
image/png 2a04:4e42:400::649
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://a.tile.openstreetmap.org/3/1/2.png

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:400::649 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Apache/2.4.41 (Ubuntu) /

Resource Hash

32a5bada13f5b3f281f90d7d47eecfde4712568baaaa5fa9de23e57f0d421b00

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 varnish
etag: "e2b4d7e3b2fcb02b5dd2b690b212df7e"
age: 387053
x-cache: HIT
x-cache-hits: 124
content-length: 8577
x-served-by: cache-icn1450023-ICN
server: Apache/2.4.41 (Ubuntu)
x-timer: S1646180101.321869,VS0,VE0
date: Wed, 02 Mar 2022 00:15:01 GMT
expect-ct: max-age=0
content-type: image/png
access-control-allow-origin: *
x-tilerender: balerion.openstreetmap.org
cache-control: max-age=93232, stale-while-revalidate=604800, stale-if-error=604800
accept-ranges: bytes
expires: Fri, 04 Feb 2022 23:27:15 GMT

GET
H2 200 2.png
b.tile.openstreetmap.org/3/2/ 10 KB
10 KB 756ms
251ms Image
image/png 2a04:4e42:200::649
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.tile.openstreetmap.org/3/2/2.png

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:200::649 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Apache/2.4.41 (Ubuntu) /

Resource Hash

3ca6974abe3584eb2694b62d30b3fc691bbde4b8f2a62a4a45139a4abcc6dda8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 varnish
etag: "2fc4aaa222876ddac1b60716cf345150"
age: 392134
x-cache: HIT
x-cache-hits: 294
content-length: 10124
x-served-by: cache-icn1450040-ICN
server: Apache/2.4.41 (Ubuntu)
x-timer: S1646180101.321435,VS0,VE0
date: Wed, 02 Mar 2022 00:15:01 GMT
expect-ct: max-age=0
content-type: image/png
access-control-allow-origin: *
x-tilerender: balerion.openstreetmap.org
cache-control: max-age=90313, stale-while-revalidate=604800, stale-if-error=604800
accept-ranges: bytes
expires: Fri, 04 Feb 2022 22:16:41 GMT

GET
H2 200 3.png
b.tile.openstreetmap.org/3/1/ 4 KB
4 KB 756ms
250ms Image
image/png 2a04:4e42:200::649
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.tile.openstreetmap.org/3/1/3.png

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:200::649 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Apache/2.4.41 (Ubuntu) /

Resource Hash

516fadf20aefdc9565d38ff12fd35aa4262d20408dace2f5849cd191119496c0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 varnish
etag: "bc52a0f704ebee39a8cb5a58715363ce"
age: 38195
x-cache: HIT
x-cache-hits: 30
content-length: 3910
x-served-by: cache-icn1450040-ICN
server: Apache/2.4.41 (Ubuntu)
x-timer: S1646180101.321471,VS0,VE0
date: Wed, 02 Mar 2022 00:15:01 GMT
expect-ct: max-age=0
content-type: image/png
access-control-allow-origin: *
x-tilerender: bowser.openstreetmap.org
cache-control: max-age=47584, stale-while-revalidate=604800, stale-if-error=604800
accept-ranges: bytes
expires: Wed, 02 Mar 2022 02:51:29 GMT

GET
H2 200 3.png
c.tile.openstreetmap.org/3/2/ 5 KB
6 KB 753ms
250ms Image
image/png 2a04:4e42:200::649
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://c.tile.openstreetmap.org/3/2/3.png

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:200::649 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Apache/2.4.41 (Ubuntu) /

Resource Hash

c6cd28b8f48cd9c890723dbd16c6847083e7c322af81fc3da91b9730ac576658

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 varnish
etag: "7c25652ac6639939d717ee7de6a8d342"
age: 29821
x-cache: HIT
x-cache-hits: 27
content-length: 5621
x-served-by: cache-icn1450042-ICN
server: Apache/2.4.41 (Ubuntu)
x-timer: S1646180101.319774,VS0,VE0
date: Wed, 02 Mar 2022 00:15:01 GMT
expect-ct: max-age=0
content-type: image/png
access-control-allow-origin: *
x-tilerender: bowser.openstreetmap.org
cache-control: max-age=30662, stale-while-revalidate=604800, stale-if-error=604800
accept-ranges: bytes
expires: Mon, 28 Feb 2022 20:44:07 GMT

GET
H2 200 2.png
c.tile.openstreetmap.org/3/0/ 5 KB
5 KB 753ms
250ms Image
image/png 2a04:4e42:200::649
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://c.tile.openstreetmap.org/3/0/2.png

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:200::649 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Apache/2.4.41 (Ubuntu) /

Resource Hash

ae3fb4cec2d5745573835548b53585d0aed3cacc83b013b2a6098dfaad4d9c02

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 varnish
etag: "a5ffe82b8ee31bae8b61087dfe939093"
age: 394073
x-cache: HIT
x-cache-hits: 85
content-length: 4701
x-served-by: cache-icn1450042-ICN
server: Apache/2.4.41 (Ubuntu)
x-timer: S1646180101.319829,VS0,VE0
date: Wed, 02 Mar 2022 00:15:01 GMT
expect-ct: max-age=0
content-type: image/png
access-control-allow-origin: *
x-tilerender: balerion.openstreetmap.org
cache-control: max-age=152010, stale-while-revalidate=604800, stale-if-error=604800
accept-ranges: bytes
expires: Wed, 09 Feb 2022 11:48:08 GMT

GET
H2 200 2.png
c.tile.openstreetmap.org/3/3/ 5 KB
5 KB 753ms
250ms Image
image/png 2a04:4e42:200::649
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://c.tile.openstreetmap.org/3/3/2.png

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:200::649 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Apache/2.4.41 (Ubuntu) /

Resource Hash

142bf18b4ee8bed840353fbac14ab5e43ae0e96fea42877407eabd7a9a70f485

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 varnish
etag: "b5649fa3ba592f847b0e83ee9421ecd5"
age: 345865
x-cache: HIT
x-cache-hits: 131
content-length: 4828
x-served-by: cache-icn1450042-ICN
server: Apache/2.4.41 (Ubuntu)
x-timer: S1646180101.319853,VS0,VE0
date: Wed, 02 Mar 2022 00:15:01 GMT
expect-ct: max-age=0
content-type: image/png
access-control-allow-origin: *
x-tilerender: bowser.openstreetmap.org
cache-control: max-age=158519, stale-while-revalidate=604800, stale-if-error=604800
accept-ranges: bytes
expires: Wed, 09 Feb 2022 16:38:44 GMT

GET
H2 200 3.png
a.tile.openstreetmap.org/3/0/ 249 B
439 B 782ms
278ms Image
image/png 2a04:4e42:400::649
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://a.tile.openstreetmap.org/3/0/3.png

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:400::649 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Apache/2.4.41 (Ubuntu) /

Resource Hash

6ad584690f7fa3e788ea1df9a6a567211be5d9d627908e9339e84e99efe70126

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 varnish
etag: "07a14efdf923d78dad7320032b8d412c"
age: 18630
x-cache: HIT
x-cache-hits: 13
content-length: 249
x-served-by: cache-icn1450023-ICN
server: Apache/2.4.41 (Ubuntu)
x-timer: S1646180101.321967,VS0,VE0
date: Wed, 02 Mar 2022 00:15:01 GMT
expect-ct: max-age=0
content-type: image/png
access-control-allow-origin: *
x-tilerender: bowser.openstreetmap.org
cache-control: max-age=32618, stale-while-revalidate=604800, stale-if-error=604800
accept-ranges: bytes
expires: Tue, 01 Mar 2022 07:42:46 GMT

GET
H2 200 3.png
a.tile.openstreetmap.org/3/3/ 5 KB
5 KB 767ms
262ms Image
image/png 2a04:4e42:400::649
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://a.tile.openstreetmap.org/3/3/3.png

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:400::649 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Apache/2.4.41 (Ubuntu) /

Resource Hash

d5cc8369b549989d9f50336f2c1bd2919f5da181c9ebf1201ec2e4fb5b271105

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 varnish
etag: "d549b34450823d1af8d3a468b5281a05"
age: 402766
x-cache: HIT
x-cache-hits: 47
content-length: 4834
x-served-by: cache-icn1450023-ICN
server: Apache/2.4.41 (Ubuntu)
x-timer: S1646180101.321913,VS0,VE0
date: Wed, 02 Mar 2022 00:15:01 GMT
expect-ct: max-age=0
content-type: image/png
access-control-allow-origin: *
x-tilerender: balerion.openstreetmap.org
cache-control: max-age=92466, stale-while-revalidate=604800, stale-if-error=604800
accept-ranges: bytes
expires: Fri, 04 Feb 2022 23:15:23 GMT

GET
H3 200 marker-shadow.png
cdnjs.cloudflare.com/ajax/libs/leaflet/1.7.1/images/ 618 B
1 KB 15ms
14ms Image
image/png 2606:4700::6810:135e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdnjs.cloudflare.com/ajax/libs/leaflet/1.7.1/images/marker-shadow.png

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6810:135e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

264f5c640339f042dd729062cfc04c17f8ea0f29882b538e3848ed8f10edb4da

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Wed, 02 Mar 2022 00:15:00 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 1350
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 622
timing-allow-origin: *
last-modified: Thu, 03 Sep 2020 12:27:01 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5f50e115-26a"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15780000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ns9uAVMvBVngjSgRPN92P5UL553gvonnusixvtbLe2pm1JA07dnfQseGjzR0vxIMT3rGUZnyeJHS1dJV%2BplTTe8sBMfhwC5A80K8wp5vrVWIhW%2FPM12JblwbIF4wDYGo47lATuhX3Qa0z5v%2BTA%2BeoKAh"}],"group":"cf-nel","max_age":604800}
content-type: image/png; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=30672000
accept-ranges: bytes
cf-ray: 6e55ef7d6fe85b38-FRA
expires: Mon, 20 Feb 2023 00:15:00 GMT

GET
H2 200 icons.29.svg.js Show response
static.addtoany.com/menu/svg/ 78 KB
33 KB 26ms
26ms Script
application/javascript 2606:4700:10::6816:47c5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.addtoany.com/menu/svg/icons.29.svg.js

Requested by

Host: nets4.com
URL: https://nets4.com/assets/js/sharebutton.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:47c5 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e30f848c353b8ab801c18d2109527cb32a27f145262dccb3cd4db9f309cc53bb

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Wed, 02 Mar 2022 00:15:00 GMT
via: e1s
x-content-type-options: nosniff
cf-cache-status: HIT
age: 120858
p3p: CP="ALL DSP COR CURa ADMa DEVa TAIa PSAa PSDa OUR IND UNI COM NAV INT"
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Mon, 31 Dec 2018 23:29:11 GMT
server: cloudflare
etag: W/"13937-57e59c7b88bd6"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
vary: Accept-Encoding
cache-control: max-age=315360000, immutable
cf-ray: 6e55ef7dbb859be2-FRA
cf-bgj: minify

GET
H2 200 recaptcha__de.js Show response
www.gstatic.com/recaptcha/releases/PdoyIVkd8v16xl_NMp3H0N1Y/ 357 KB
142 KB 43ms
7ms Script
text/javascript 2a00:1450:4001:811::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/PdoyIVkd8v16xl_NMp3H0N1Y/recaptcha__de.js

Requested by

Host: www.google.com
URL: https://www.google.com/recaptcha/api.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

13c7ce8eb4433ee82ab08c5b401235d0c97a6dff3af0c288ee9a64d1afe964cb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://nets4.com/
Origin: https://nets4.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Tue, 01 Mar 2022 21:18:46 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 10574
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 144239
x-xss-protection: 0
last-modified: Tue, 22 Feb 2022 21:22:22 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
vary: Accept-Encoding
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 01 Mar 2023 21:18:46 GMT

POST
H2 200 rum Show response
cloudflareinsights.com/cdn-cgi/ 0
77 B 12ms
12ms XHR
text/plain 2606:4700::6810:5f41
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cloudflareinsights.com/cdn-cgi/rum

Requested by

Host: static.cloudflareinsights.com
URL: https://static.cloudflareinsights.com/beacon.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:5f41 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://nets4.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
content-type: application/json

Response headers

date: Wed, 02 Mar 2022 00:15:00 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cloudflare
x-frame-options: DENY
access-control-allow-methods: POST,OPTIONS
content-type: text/plain
access-control-allow-origin: https://nets4.com
access-control-max-age: 86400
access-control-allow-credentials: true
cf-ray: 6e55ef7da9fe695e-FRA
vary: Origin

OPTIONS
H2 200 /
api.purpleads.io/x/ Frame 0
0 284ms
96ms Preflight 34.227.128.233
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://api.purpleads.io/x/?ts=1646180100637
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.227.128.233 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-227-128-233.compute-1.amazonaws.com
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: GET
Access-Control-Request-Headers: authorization,content-type,x-purpleads-version,x-request-url
Origin: https://nets4.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

date: Wed, 02 Mar 2022 00:15:00 GMT
access-control-allow-origin: https://nets4.com
access-control-allow-credentials: true
access-control-allow-methods: GET, PUT, POST, DELETE, HEAD, OPTIONS
access-control-allow-headers: authorization,content-type,x-purpleads-version,x-request-url
x-request-id: 8d968d63-81dc-4f3b-a75e-139df51428f6

OPTIONS
H2 200 init
api.purpleads.io/x/ Frame 0
0 253ms
94ms Preflight 34.227.128.233
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://api.purpleads.io/x/init?ts=1646180100667
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.227.128.233 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-227-128-233.compute-1.amazonaws.com
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: GET
Access-Control-Request-Headers: authorization,content-type,x-purpleads-version,x-request-url
Origin: https://nets4.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

date: Wed, 02 Mar 2022 00:15:00 GMT
access-control-allow-origin: https://nets4.com
access-control-allow-credentials: true
access-control-allow-methods: GET, PUT, POST, DELETE, HEAD, OPTIONS
access-control-allow-headers: authorization,content-type,x-purpleads-version,x-request-url
x-request-id: a9555d10-03fa-476f-93ad-bf1e38d15889

OPTIONS
H2 200 rum
cloudflareinsights.com/cdn-cgi/ Frame 0
0 26ms
9ms Preflight
text/plain 2606:4700::6810:5f41
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cloudflareinsights.com/cdn-cgi/rum

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:5f41 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Origin: https://nets4.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

date: Wed, 02 Mar 2022 00:15:00 GMT
content-type: text/plain
access-control-allow-origin: https://nets4.com
access-control-allow-methods: POST,OPTIONS
access-control-allow-headers: Content-Type
access-control-max-age: 86400
vary: Origin
access-control-allow-credentials: true
server: cloudflare
cf-ray: 6e55ef7d99e8695e-FRA
x-frame-options: DENY
x-content-type-options: nosniff
content-encoding: gzip

POST
H2 204 collect Show response
d.clarity.ms/ 0
65 B 186ms
186ms XHR
text/plain 40.76.174.66
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://d.clarity.ms/collect
Requested by: Host: d.clarity.ms
URL: https://d.clarity.ms/s/0.6.32/clarity.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 40.76.174.66 Tappahannock, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: application/x-clarity-gzip
Referer: https://nets4.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

access-control-allow-origin: https://nets4.com
date: Wed, 02 Mar 2022 00:15:00 GMT
access-control-allow-credentials: true
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET
request-context: appId=cid-v1:238681e8-7d6b-453a-acb6-7dcad74f3111

GET
H3 200 pica.js
nets4.com/cdn-cgi/challenge-platform/h/g/scripts/ 22 KB
8 KB 22ms
21ms Other
text/javascript 2a06:98c1:3121::7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://nets4.com/cdn-cgi/challenge-platform/h/g/scripts/pica.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a06:98c1:3121::7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 40c12ad5776059bf3fecbf0aeb0b34d1a60581c878b7972bbf78d1d99d800497

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/domain/megaplay.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Wed, 02 Mar 2022 00:15:00 GMT
content-encoding: br
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PM6ALejR7zAMU5BDJo%2BW0Czh3zgUOwHyKSNeYrzGdWQR3NHJl%2FyTSUzWBkU74dfLhvPTlropTsXEi2Es3VbtV1%2FsyBJTFSKo8plNq8%2BeEiDsN2BSuTvhO8YQGVZy1e2FVWtlIDaqubA%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/javascript
cache-control: max-age=604800, public
x-control-type-options: nosniff
cf-ray: 6e55ef7dad216955-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H3 200 anchor Show response
www.google.com/recaptcha/api2/ Frame 77A5 42 KB
22 KB 42ms
25ms Document
text/html 2a00:1450:4001:810::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LdBUMUZAAAAAK9sWAfAA-Kd5C0Y4AGlWbDlHXpD&co=aHR0cHM6Ly9uZXRzNC5jb206NDQz&hl=de&v=PdoyIVkd8v16xl_NMp3H0N1Y&size=normal&cb=lkt4hkxsxxqp

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/PdoyIVkd8v16xl_NMp3H0N1Y/recaptcha__de.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

9f18456354d4af5cb1b9a3c6bb626487928182a4b82d827e431c1b051766e375

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-c8DGQW4YAOMzHvepQ4OLSg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/

Response headers

cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Wed, 02 Mar 2022 00:15:00 GMT
content-security-policy: script-src 'report-sample' 'nonce-c8DGQW4YAOMzHvepQ4OLSg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 22457
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

OPTIONS
H2 200 /
api.purpleads.io/x/b/ Frame 0
0 94ms
93ms Preflight 34.227.128.233
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://api.purpleads.io/x/b/?idx=0&pid=0020eaa0615a4470a36653ca0bda8ece&sizes=[[728,90],[468,60],[200,200],[320,100],[320,50],[300,100]]&slotid=6da35d3d-6d4e-4401-95b4-41ee28cbc9cb&ts=1646180100892
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.227.128.233 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-227-128-233.compute-1.amazonaws.com
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: GET
Access-Control-Request-Headers: authorization,content-type,x-purpleads-version,x-request-url
Origin: https://nets4.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

date: Wed, 02 Mar 2022 00:15:00 GMT
access-control-allow-origin: https://nets4.com
access-control-allow-credentials: true
access-control-allow-methods: GET, PUT, POST, DELETE, HEAD, OPTIONS
access-control-allow-headers: authorization,content-type,x-purpleads-version,x-request-url
x-request-id: 0deed452-5508-4940-bbe8-064b9cebfff7

OPTIONS
H2 200 /
api.purpleads.io/x/b/ Frame 0
0 94ms
93ms Preflight 34.227.128.233
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://api.purpleads.io/x/b/?idx=1&pid=0020eaa0615a4470a36653ca0bda8ece&sizes=[[728,90],[468,60],[200,200],[320,100],[320,50],[300,100]]&slotid=ec89a163-34c3-449c-9a11-cbb3baec46b8&ts=1646180100892
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.227.128.233 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-227-128-233.compute-1.amazonaws.com
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: GET
Access-Control-Request-Headers: authorization,content-type,x-purpleads-version,x-request-url
Origin: https://nets4.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

date: Wed, 02 Mar 2022 00:15:00 GMT
access-control-allow-origin: https://nets4.com
access-control-allow-credentials: true
access-control-allow-methods: GET, PUT, POST, DELETE, HEAD, OPTIONS
access-control-allow-headers: authorization,content-type,x-purpleads-version,x-request-url
x-request-id: b5359fff-5523-4d62-a5fc-7e3102e0992e

OPTIONS
H2 200 /
api.purpleads.io/x/b/ Frame 0
0 94ms
93ms Preflight 34.227.128.233
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://api.purpleads.io/x/b/?idx=2&pid=0020eaa0615a4470a36653ca0bda8ece&sizes=[[728,90],[468,60],[200,200],[320,100],[320,50],[300,100]]&slotid=47c692c7-eb43-4b85-a5ed-176a2e7dd2e2&ts=1646180100893
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.227.128.233 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-227-128-233.compute-1.amazonaws.com
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: GET
Access-Control-Request-Headers: authorization,content-type,x-purpleads-version,x-request-url
Origin: https://nets4.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

date: Wed, 02 Mar 2022 00:15:00 GMT
access-control-allow-origin: https://nets4.com
access-control-allow-credentials: true
access-control-allow-methods: GET, PUT, POST, DELETE, HEAD, OPTIONS
access-control-allow-headers: authorization,content-type,x-purpleads-version,x-request-url
x-request-id: d3aadaac-92d8-4344-96f5-2637ae51bffb

OPTIONS
H2 200 /
api.purpleads.io/x/b/ Frame 0
0 96ms
96ms Preflight 34.227.128.233
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://api.purpleads.io/x/b/?idx=3&pid=0020eaa0615a4470a36653ca0bda8ece&sizes=[[728,90],[468,60],[200,200],[320,100],[320,50],[300,100]]&slotid=7309ac33-ba28-469e-bea4-04c496c8d5a3&ts=1646180100893
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.227.128.233 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-227-128-233.compute-1.amazonaws.com
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: GET
Access-Control-Request-Headers: authorization,content-type,x-purpleads-version,x-request-url
Origin: https://nets4.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

date: Wed, 02 Mar 2022 00:15:00 GMT
access-control-allow-origin: https://nets4.com
access-control-allow-credentials: true
access-control-allow-methods: GET, PUT, POST, DELETE, HEAD, OPTIONS
access-control-allow-headers: authorization,content-type,x-purpleads-version,x-request-url
x-request-id: 50305c17-d478-4a77-a7f1-74f1b882c172

OPTIONS
H2 200 /
api.purpleads.io/x/b/ Frame 0
0 93ms
93ms Preflight 34.227.128.233
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://api.purpleads.io/x/b/?idx=4&pid=0020eaa0615a4470a36653ca0bda8ece&sizes=[[160,600],[120,600],[200,200],[250,250]]&slotid=c90261ae-7ca3-46b9-8a75-470526aa237c&ts=1646180100893
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.227.128.233 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-227-128-233.compute-1.amazonaws.com
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: GET
Access-Control-Request-Headers: authorization,content-type,x-purpleads-version,x-request-url
Origin: https://nets4.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

date: Wed, 02 Mar 2022 00:15:00 GMT
access-control-allow-origin: https://nets4.com
access-control-allow-credentials: true
access-control-allow-methods: GET, PUT, POST, DELETE, HEAD, OPTIONS
access-control-allow-headers: authorization,content-type,x-purpleads-version,x-request-url
x-request-id: 492ac042-e130-4239-bd19-24b94084e864

GET
H2 200 / Show response
api.purpleads.io/x/b/ 9 KB
2 KB 321ms
200ms Fetch
application/json 34.227.128.233
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://api.purpleads.io/x/b/?idx=0&pid=0020eaa0615a4470a36653ca0bda8ece&sizes=[[728,90],[468,60],[200,200],[320,100],[320,50],[300,100]]&slotid=6da35d3d-6d4e-4401-95b4-41ee28cbc9cb&ts=1646180100892
Requested by: Host: cdn.purpleads.io
URL: https://cdn.purpleads.io/agent.js?publisherId=344ad2e45bc351c4ada152793585a015:8aed5d81ec539e8e6c45776fc6ee38d0aa92f5aeb356bf9114996f6476591916247996f56f76a9fe14770cd4806b54edb29d6938615ba1769d3b435fb1fcd83b
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.227.128.233 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-227-128-233.compute-1.amazonaws.com
Software: /
Resource Hash: 996a28ccdeb58f9fdc3735580a3762a5b3f58bd9e695a7af52208c59437cccb9

Request headers

Accept-Language: de-DE,de;q=0.9
Authorization: Bearer 344ad2e45bc351c4ada152793585a015:8aed5d81ec539e8e6c45776fc6ee38d0aa92f5aeb356bf9114996f6476591916247996f56f76a9fe14770cd4806b54edb29d6938615ba1769d3b435fb1fcd83b
x-request-url: aHR0cHM6Ly9uZXRzNC5jb20vZG9tYWluL21lZ2FwbGF5LmNj
Accept: application/json
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type: application/json
x-purpleads-version: 2.0.26

Response headers

date: Wed, 02 Mar 2022 00:15:01 GMT
content-encoding: gzip
etag: W/"240a-sA+WhyhElE4abp9Bx8acjzf04e4"
vary: Accept-Encoding
access-control-allow-methods: GET, PUT, POST, DELETE, HEAD, OPTIONS
content-type: application/json; charset=utf-8
access-control-allow-origin: https://nets4.com
access-control-allow-credentials: true
x-request-id: 3d80b021-90ca-4926-a559-55fbd8795687

GET
H2 200 / Show response
api.purpleads.io/x/b/ 9 KB
2 KB 245ms
124ms Fetch
application/json 34.227.128.233
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://api.purpleads.io/x/b/?idx=1&pid=0020eaa0615a4470a36653ca0bda8ece&sizes=[[728,90],[468,60],[200,200],[320,100],[320,50],[300,100]]&slotid=ec89a163-34c3-449c-9a11-cbb3baec46b8&ts=1646180100892
Requested by: Host: cdn.purpleads.io
URL: https://cdn.purpleads.io/agent.js?publisherId=344ad2e45bc351c4ada152793585a015:8aed5d81ec539e8e6c45776fc6ee38d0aa92f5aeb356bf9114996f6476591916247996f56f76a9fe14770cd4806b54edb29d6938615ba1769d3b435fb1fcd83b
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.227.128.233 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-227-128-233.compute-1.amazonaws.com
Software: /
Resource Hash: 80db18bfcded8aefdadd333d0a2cbf874b534e013071691218e6305835dc29a0

Request headers

Accept-Language: de-DE,de;q=0.9
Authorization: Bearer 344ad2e45bc351c4ada152793585a015:8aed5d81ec539e8e6c45776fc6ee38d0aa92f5aeb356bf9114996f6476591916247996f56f76a9fe14770cd4806b54edb29d6938615ba1769d3b435fb1fcd83b
x-request-url: aHR0cHM6Ly9uZXRzNC5jb20vZG9tYWluL21lZ2FwbGF5LmNj
Accept: application/json
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type: application/json
x-purpleads-version: 2.0.26

Response headers

date: Wed, 02 Mar 2022 00:15:01 GMT
content-encoding: gzip
etag: W/"235a-jJsk5bf+zEUkeGhET2JBbDzRzuc"
vary: Accept-Encoding
access-control-allow-methods: GET, PUT, POST, DELETE, HEAD, OPTIONS
content-type: application/json; charset=utf-8
access-control-allow-origin: https://nets4.com
access-control-allow-credentials: true
x-request-id: 123ca74a-b6ea-47c4-8cb2-60c289aa6dcb

GET
H2 200 / Show response
api.purpleads.io/x/b/ 9 KB
2 KB 258ms
137ms Fetch
application/json 34.227.128.233
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://api.purpleads.io/x/b/?idx=2&pid=0020eaa0615a4470a36653ca0bda8ece&sizes=[[728,90],[468,60],[200,200],[320,100],[320,50],[300,100]]&slotid=47c692c7-eb43-4b85-a5ed-176a2e7dd2e2&ts=1646180100893
Requested by: Host: cdn.purpleads.io
URL: https://cdn.purpleads.io/agent.js?publisherId=344ad2e45bc351c4ada152793585a015:8aed5d81ec539e8e6c45776fc6ee38d0aa92f5aeb356bf9114996f6476591916247996f56f76a9fe14770cd4806b54edb29d6938615ba1769d3b435fb1fcd83b
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.227.128.233 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-227-128-233.compute-1.amazonaws.com
Software: /
Resource Hash: 0e5ef1fc0bbc77d69291553ae8e2040ead97eb1946cbe1229bc97fe72940e913

Request headers

Accept-Language: de-DE,de;q=0.9
Authorization: Bearer 344ad2e45bc351c4ada152793585a015:8aed5d81ec539e8e6c45776fc6ee38d0aa92f5aeb356bf9114996f6476591916247996f56f76a9fe14770cd4806b54edb29d6938615ba1769d3b435fb1fcd83b
x-request-url: aHR0cHM6Ly9uZXRzNC5jb20vZG9tYWluL21lZ2FwbGF5LmNj
Accept: application/json
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type: application/json
x-purpleads-version: 2.0.26

Response headers

date: Wed, 02 Mar 2022 00:15:01 GMT
content-encoding: gzip
etag: W/"235a-7hK+ryFTUu0f2U3HtvICVP7wqy4"
vary: Accept-Encoding
access-control-allow-methods: GET, PUT, POST, DELETE, HEAD, OPTIONS
content-type: application/json; charset=utf-8
access-control-allow-origin: https://nets4.com
access-control-allow-credentials: true
x-request-id: 5bafd57f-9342-4b8b-ba26-e4499dda4de9

GET
H2 200 / Show response
api.purpleads.io/x/b/ 9 KB
2 KB 399ms
280ms Fetch
application/json 34.227.128.233
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://api.purpleads.io/x/b/?idx=3&pid=0020eaa0615a4470a36653ca0bda8ece&sizes=[[728,90],[468,60],[200,200],[320,100],[320,50],[300,100]]&slotid=7309ac33-ba28-469e-bea4-04c496c8d5a3&ts=1646180100893
Requested by: Host: cdn.purpleads.io
URL: https://cdn.purpleads.io/agent.js?publisherId=344ad2e45bc351c4ada152793585a015:8aed5d81ec539e8e6c45776fc6ee38d0aa92f5aeb356bf9114996f6476591916247996f56f76a9fe14770cd4806b54edb29d6938615ba1769d3b435fb1fcd83b
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.227.128.233 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-227-128-233.compute-1.amazonaws.com
Software: /
Resource Hash: 8949569ed88e967b56f6d2ba91a91e54967054ccd6ad06d02e29cae94c701732

Request headers

Accept-Language: de-DE,de;q=0.9
Authorization: Bearer 344ad2e45bc351c4ada152793585a015:8aed5d81ec539e8e6c45776fc6ee38d0aa92f5aeb356bf9114996f6476591916247996f56f76a9fe14770cd4806b54edb29d6938615ba1769d3b435fb1fcd83b
x-request-url: aHR0cHM6Ly9uZXRzNC5jb20vZG9tYWluL21lZ2FwbGF5LmNj
Accept: application/json
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type: application/json
x-purpleads-version: 2.0.26

Response headers

date: Wed, 02 Mar 2022 00:15:01 GMT
content-encoding: gzip
etag: W/"235a-K9ZByqdXaZ65M08xBZo66lP5syY"
vary: Accept-Encoding
access-control-allow-methods: GET, PUT, POST, DELETE, HEAD, OPTIONS
content-type: application/json; charset=utf-8
access-control-allow-origin: https://nets4.com
access-control-allow-credentials: true
x-request-id: 8df9c4ea-a6e2-4167-b300-ee81507cf54a

GET
H2 200 / Show response
api.purpleads.io/x/b/ 9 KB
2 KB 304ms
183ms Fetch
application/json 34.227.128.233
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://api.purpleads.io/x/b/?idx=4&pid=0020eaa0615a4470a36653ca0bda8ece&sizes=[[160,600],[120,600],[200,200],[250,250]]&slotid=c90261ae-7ca3-46b9-8a75-470526aa237c&ts=1646180100893
Requested by: Host: cdn.purpleads.io
URL: https://cdn.purpleads.io/agent.js?publisherId=344ad2e45bc351c4ada152793585a015:8aed5d81ec539e8e6c45776fc6ee38d0aa92f5aeb356bf9114996f6476591916247996f56f76a9fe14770cd4806b54edb29d6938615ba1769d3b435fb1fcd83b
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.227.128.233 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-227-128-233.compute-1.amazonaws.com
Software: /
Resource Hash: c3bd0512b2a24a6d674001cee88036b62b8888d45478d15a68926f025876bd7c

Request headers

Accept-Language: de-DE,de;q=0.9
Authorization: Bearer 344ad2e45bc351c4ada152793585a015:8aed5d81ec539e8e6c45776fc6ee38d0aa92f5aeb356bf9114996f6476591916247996f56f76a9fe14770cd4806b54edb29d6938615ba1769d3b435fb1fcd83b
x-request-url: aHR0cHM6Ly9uZXRzNC5jb20vZG9tYWluL21lZ2FwbGF5LmNj
Accept: application/json
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type: application/json
x-purpleads-version: 2.0.26

Response headers

date: Wed, 02 Mar 2022 00:15:01 GMT
content-encoding: gzip
etag: W/"23f9-MfIkvJpL0cIWmNhQsLALztvqHiw"
vary: Accept-Encoding
access-control-allow-methods: GET, PUT, POST, DELETE, HEAD, OPTIONS
content-type: application/json; charset=utf-8
access-control-allow-origin: https://nets4.com
access-control-allow-credentials: true
x-request-id: 580da56b-3ffe-4ae9-8302-b6235d27222b

GET
H3 200 styles__ltr.css
www.gstatic.com/recaptcha/releases/PdoyIVkd8v16xl_NMp3H0N1Y/ Frame 77A5 51 KB
24 KB 22ms
7ms Stylesheet
text/css 2a00:1450:4001:811::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/PdoyIVkd8v16xl_NMp3H0N1Y/styles__ltr.css

Requested by

Host: www.google.com
URL: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LdBUMUZAAAAAK9sWAfAA-Kd5C0Y4AGlWbDlHXpD&co=aHR0cHM6Ly9uZXRzNC5jb206NDQz&hl=de&v=PdoyIVkd8v16xl_NMp3H0N1Y&size=normal&cb=lkt4hkxsxxqp

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f6d032132eed5aa1a417456f07864c51fe631858b190224cf7d1a50116d15f48

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Mon, 28 Feb 2022 13:56:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 123522
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 24237
x-xss-protection: 0
last-modified: Tue, 22 Feb 2022 21:22:22 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
vary: Accept-Encoding
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/css
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 28 Feb 2023 13:56:18 GMT

GET
H3 200 recaptcha__de.js Show response
www.gstatic.com/recaptcha/releases/PdoyIVkd8v16xl_NMp3H0N1Y/ Frame 77A5 357 KB
141 KB 21ms
7ms Script
text/javascript 2a00:1450:4001:811::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/PdoyIVkd8v16xl_NMp3H0N1Y/recaptcha__de.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

13c7ce8eb4433ee82ab08c5b401235d0c97a6dff3af0c288ee9a64d1afe964cb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Tue, 01 Mar 2022 21:18:46 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 10574
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 144239
x-xss-protection: 0
last-modified: Tue, 22 Feb 2022 21:22:22 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
vary: Accept-Encoding
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 01 Mar 2023 21:18:46 GMT

POST
H3 200 6e55ef71f8fd9052 Show response
nets4.com/cdn-cgi/challenge-platform/h/g/cv/result/ 2 B
688 B 37ms
36ms XHR
text/plain 2a06:98c1:3121::7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://nets4.com/cdn-cgi/challenge-platform/h/g/cv/result/6e55ef71f8fd9052
Requested by: Host: nets4.com
URL: https://nets4.com/cdn-cgi/challenge-platform/h/g/scripts/invisible.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a06:98c1:3121::7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df

Request headers

Referer: https://nets4.com/domain/megaplay.cc
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type: application/json

Response headers

date: Wed, 02 Mar 2022 00:15:01 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 6e55ef805fed6955-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YCTrV2FKUJ2%2FbZ%2FcV1pg%2Fi2jvIlxSWqvQ5q%2FtTfXDzhQ%2FhyQm2aeZoGvVYDoTwa7kvnMelGoqSs8x36xtXFDEI2TyQHQtXZSoAEuG%2FzhTA7PcykIscdOZyb3cXS0YLEtOtGFSdHaxgk%3D"}],"group":"cf-nel","max_age":604800}

GET
H3 200 webworker.js
www.google.com/recaptcha/api2/ Frame 77A5 102 B
134 B 16ms
15ms Other
text/javascript 2a00:1450:4001:810::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/webworker.js?hl=de&v=PdoyIVkd8v16xl_NMp3H0N1Y

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

89567d8c6d40b4b724c621cd789d46041d7312ca07647afd0f8ce3939e3631cc

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LdBUMUZAAAAAK9sWAfAA-Kd5C0Y4AGlWbDlHXpD&co=aHR0cHM6Ly9uZXRzNC5jb206NDQz&hl=de&v=PdoyIVkd8v16xl_NMp3H0N1Y&size=normal&cb=lkt4hkxsxxqp
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Wed, 02 Mar 2022 00:15:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: GSE
cross-origin-embedder-policy: require-corp
x-frame-options: SAMEORIGIN
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=300
content-security-policy: frame-ancestors 'self'
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 112
x-xss-protection: 1; mode=block
expires: Wed, 02 Mar 2022 00:15:01 GMT

GET
H3 200 bframe Show response
www.google.com/recaptcha/api2/ Frame D0A1 7 KB
1 KB 19ms
18ms Document
text/html 2a00:1450:4001:810::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/bframe?hl=de&v=PdoyIVkd8v16xl_NMp3H0N1Y&k=6LdBUMUZAAAAAK9sWAfAA-Kd5C0Y4AGlWbDlHXpD

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/PdoyIVkd8v16xl_NMp3H0N1Y/recaptcha__de.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

97522f5816591045f02c8969f5ae9f8207ae680fdb4e3f84a782201e5f3acf94

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-80jGhAkKysKEbrziS4yYkQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/

Response headers

cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Wed, 02 Mar 2022 00:15:01 GMT
content-security-policy: script-src 'report-sample' 'nonce-80jGhAkKysKEbrziS4yYkQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 1112
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ Frame 6DD3 82 KB
28 KB 39ms
17ms Script
text/javascript 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: cdn.purpleads.io
URL: https://cdn.purpleads.io/agent.js?publisherId=344ad2e45bc351c4ada152793585a015:8aed5d81ec539e8e6c45776fc6ee38d0aa92f5aeb356bf9114996f6476591916247996f56f76a9fe14770cd4806b54edb29d6938615ba1769d3b435fb1fcd83b

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

sffe /

Resource Hash

0335465e1a4e82345f000f45a2c83e4166c38473b3a6f39a45b823212ed8cd73

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Wed, 02 Mar 2022 00:15:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 27854
x-xss-protection: 0
server: sffe
etag: "1147 / 849 of 1000 / last-modified: 1646179388"
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Wed, 02 Mar 2022 00:15:01 GMT

GET
H3 200 styles__ltr.css
www.gstatic.com/recaptcha/releases/PdoyIVkd8v16xl_NMp3H0N1Y/ Frame D0A1 51 KB
24 KB 7ms
6ms Stylesheet
text/css 2a00:1450:4001:811::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/PdoyIVkd8v16xl_NMp3H0N1Y/styles__ltr.css

Requested by

Host: www.google.com
URL: https://www.google.com/recaptcha/api2/bframe?hl=de&v=PdoyIVkd8v16xl_NMp3H0N1Y&k=6LdBUMUZAAAAAK9sWAfAA-Kd5C0Y4AGlWbDlHXpD

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f6d032132eed5aa1a417456f07864c51fe631858b190224cf7d1a50116d15f48

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Mon, 28 Feb 2022 13:56:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 123523
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 24237
x-xss-protection: 0
last-modified: Tue, 22 Feb 2022 21:22:22 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
vary: Accept-Encoding
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/css
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 28 Feb 2023 13:56:18 GMT

GET
H3 200 recaptcha__de.js Show response
www.gstatic.com/recaptcha/releases/PdoyIVkd8v16xl_NMp3H0N1Y/ Frame D0A1 357 KB
141 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:811::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/PdoyIVkd8v16xl_NMp3H0N1Y/recaptcha__de.js

Requested by

Host: www.google.com
URL: https://www.google.com/recaptcha/api2/bframe?hl=de&v=PdoyIVkd8v16xl_NMp3H0N1Y&k=6LdBUMUZAAAAAK9sWAfAA-Kd5C0Y4AGlWbDlHXpD

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

13c7ce8eb4433ee82ab08c5b401235d0c97a6dff3af0c288ee9a64d1afe964cb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Tue, 01 Mar 2022 21:18:46 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 10575
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 144239
x-xss-protection: 0
last-modified: Tue, 22 Feb 2022 21:22:22 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
vary: Accept-Encoding
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 01 Mar 2023 21:18:46 GMT

GET
H3 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ Frame BA49 82 KB
27 KB 35ms
20ms Script
text/javascript 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

sffe /

Resource Hash

8d88dc75e1792ba99b055eaf55f34ceb2145a32b47b4bc53e417f362194f10fd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Wed, 02 Mar 2022 00:15:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 27848
x-xss-protection: 0
server: sffe
etag: "1147 / 12 of 1000 / last-modified: 1646179388"
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Wed, 02 Mar 2022 00:15:01 GMT

GET
H3 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ Frame 473D 82 KB
27 KB 42ms
34ms Script
text/javascript 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

sffe /

Resource Hash

0335465e1a4e82345f000f45a2c83e4166c38473b3a6f39a45b823212ed8cd73

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Wed, 02 Mar 2022 00:15:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 27854
x-xss-protection: 0
server: sffe
etag: "1147 / 401 of 1000 / last-modified: 1646179388"
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Wed, 02 Mar 2022 00:15:01 GMT

GET
H3 200 pubads_impl_2022022401.js Show response
securepubads.g.doubleclick.net/gpt/ Frame 6DD3 363 KB
121 KB 7ms
7ms Script
text/javascript 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022022401.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

sffe /

Resource Hash

eb17a933f0977509c796b9055e3c140746326ecd3ec343dfa3614e8bdb1ac2f5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Tue, 01 Mar 2022 21:35:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 9563
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 124299
x-xss-protection: 0
last-modified: Thu, 24 Feb 2022 09:41:14 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Wed, 01 Mar 2023 21:35:38 GMT

GET
H3 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ Frame 3321 82 KB
27 KB 18ms
17ms Script
text/javascript 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

sffe /

Resource Hash

0335465e1a4e82345f000f45a2c83e4166c38473b3a6f39a45b823212ed8cd73

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Wed, 02 Mar 2022 00:15:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 27854
x-xss-protection: 0
server: sffe
etag: "1147 / 888 of 1000 / last-modified: 1646179388"
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Wed, 02 Mar 2022 00:15:01 GMT

GET
H3 200 pubads_impl_2022022401.js Show response
securepubads.g.doubleclick.net/gpt/ Frame BA49 363 KB
121 KB 7ms
7ms Script
text/javascript 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022022401.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

sffe /

Resource Hash

eb17a933f0977509c796b9055e3c140746326ecd3ec343dfa3614e8bdb1ac2f5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Tue, 01 Mar 2022 21:35:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 9563
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 124299
x-xss-protection: 0
last-modified: Thu, 24 Feb 2022 09:41:14 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Wed, 01 Mar 2023 21:35:38 GMT

GET
H2 200 pubads_impl.js Show response
pagead2.googlesyndication.com/pagead/managed/js/gpt/m202102160101/ Frame 6DD3 363 KB
122 KB 59ms
36ms Script
text/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/gpt/m202102160101/pubads_impl.js?0.6306803880960292

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022022401.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

530df2b45413cb4d92e2c98a4d09bcf4746dcd9ffd73ed84275ec7ff79e15f89

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Wed, 02 Mar 2022 00:15:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 123917
x-xss-protection: 0
server: cafe
etag: 2900804438344570373
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, immutable, max-age=31536000
timing-allow-origin: *
expires: Thu, 02 Mar 2023 00:15:01 GMT

GET
H2 200 integrator.js Show response
adservice.google.de/adsid/ Frame 6DD3 107 B
792 B 71ms
16ms Script
application/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=nets4.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022022401.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 02 Mar 2022 00:15:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ Frame 6DD3 107 B
549 B 37ms
15ms Script
application/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=nets4.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022022401.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 02 Mar 2022 00:15:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ Frame 6DD3 518 B
302 B 179ms
179ms XHR
text/plain 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=4304250172464152&correlator=1916613686356971&output=ldjh&impl=fifs&eid=31064957%2C31065017%2C31065428&vrg=2022022401&ptt=17&sc=1&sfv=1-0-38&ecs=20220302&iu_parts=21902364955%3A22652385948%2Ccm_pu_nets4.com_technology_and_computing_top%2Ccm_pu_nets4.com_technology_and_computing_btf_banner&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=728x90%7C468x60%7C200x200%7C320x100%7C320x50%7C300x100&eri=4&cookie_enabled=1&bc=31&abxe=1&dt=1646180101382&dlt=1646180101241&idt=119&ea=0&biw=1600&bih=1200&isw=728&ish=90&oid=2&adxs=294&adys=1398&ucis=odflw54puihh&adks=471609500&ifi=1&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&dmc=8&nhd=1&url=https%3A%2F%2Fnets4.com%2Fdomain%2Fmegaplay.cc&top=nets4.com&frm=23&vis=1&scr_x=0&scr_y=0&psz=728x0&msz=728x0&ga_vid=959488425.1646180100&ga_sid=1646180101&ga_hid=1325601514&ga_fc=true&fws=256&ohw=0&btvi=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&nvt=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022022401.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

cafe /

Resource Hash

e65847bfc69dfc7d25348e3f903fd5cfdf54801ff94295837b615fedb2673503

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Wed, 02 Mar 2022 00:15:01 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 272
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://nets4.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame 6DD3 14 KB
11 KB 48ms
24ms XHR
application/json 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2022022401&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022022401.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9831d66db5c4588f8aca650b3a7776665e74bb11f51ba4a7f4260f9c789f95d9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 02 Mar 2022 00:15:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10664
x-xss-protection: 0

GET
H2 200 container.html Show response
9d3db8ab1ff0389442585139645ed3bb.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 856F 6 KB
4 KB 78ms
18ms Document
text/html 2a00:1450:4001:810::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://9d3db8ab1ff0389442585139645ed3bb.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022022401.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 3108
date: Wed, 02 Mar 2022 00:15:01 GMT
expires: Thu, 02 Mar 2023 00:15:01 GMT
cache-control: public, immutable, max-age=31536000
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 pubads_impl_2022022401.js Show response
securepubads.g.doubleclick.net/gpt/ Frame 473D 363 KB
121 KB 7ms
7ms Script
text/javascript 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022022401.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

sffe /

Resource Hash

eb17a933f0977509c796b9055e3c140746326ecd3ec343dfa3614e8bdb1ac2f5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Tue, 01 Mar 2022 21:35:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 9563
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 124299
x-xss-protection: 0
last-modified: Thu, 24 Feb 2022 09:41:14 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Wed, 01 Mar 2023 21:35:38 GMT

GET
H3 200 pubads_impl_2022022401.js Show response
securepubads.g.doubleclick.net/gpt/ Frame 3321 363 KB
121 KB 8ms
8ms Script
text/javascript 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022022401.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

sffe /

Resource Hash

eb17a933f0977509c796b9055e3c140746326ecd3ec343dfa3614e8bdb1ac2f5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Tue, 01 Mar 2022 21:35:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 9563
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 124299
x-xss-protection: 0
last-modified: Thu, 24 Feb 2022 09:41:14 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Wed, 01 Mar 2023 21:35:38 GMT

GET
H3 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ Frame 821B 81 KB
27 KB 25ms
22ms Script
text/javascript 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

sffe /

Resource Hash

3dcdff49c9e3cadadf9852af34e0f499ac94b23deb3513fa4e2b1b659f6de6b8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Wed, 02 Mar 2022 00:15:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 27825
x-xss-protection: 0
server: sffe
etag: "1147 / 292 of 1000 / last-modified: 1646175953"
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Wed, 02 Mar 2022 00:15:01 GMT

GET
H2 200 integrator.js Show response
adservice.google.de/adsid/ Frame BA49 107 B
165 B 32ms
25ms Script
application/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=nets4.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022022401.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 02 Mar 2022 00:15:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 integrator.js Show response
adservice.google.com/adsid/ Frame BA49 107 B
122 B 31ms
16ms Script
application/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=nets4.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022022401.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 02 Mar 2022 00:15:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ Frame BA49 518 B
303 B 165ms
165ms XHR
text/plain 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=3009482583844552&correlator=2563700169156392&output=ldjh&impl=fifs&eid=31065007%2C31063246%2C44758226&vrg=2022022401&ptt=17&sc=1&sfv=1-0-38&ecs=20220302&iu_parts=21902364955%3A22652385948%2Ccm_pu_nets4.com_technology_and_computing_top%2Ccm_pu_nets4.com_technology_and_computing_btf_banner&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=728x90%7C468x60%7C200x200%7C320x100%7C320x50%7C300x100&eri=4&cookie_enabled=1&bc=31&abxe=1&dt=1646180101423&dlt=1646180101297&idt=119&ea=0&biw=1600&bih=1200&isw=728&ish=90&oid=2&adxs=294&adys=1927&ucis=3rsjv747c5c7&adks=471609500&ifi=1&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&dmc=8&nhd=1&url=https%3A%2F%2Fnets4.com%2Fdomain%2Fmegaplay.cc&top=nets4.com&frm=23&vis=1&scr_x=0&scr_y=0&psz=728x0&msz=728x0&ga_vid=959488425.1646180100&ga_sid=1646180101&ga_hid=1124990953&ga_fc=true&fws=256&ohw=0&btvi=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&nvt=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022022401.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

cafe /

Resource Hash

f050f8b27c0cf777e2d58434d619208dfd72984f9e7a64eaa6b69bef378606af

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Wed, 02 Mar 2022 00:15:01 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 273
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://nets4.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame BA49 14 KB
10 KB 21ms
21ms XHR
application/json 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2022022401&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022022401.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b6ad33fafc6d5e7037365f37f7d39a6efd48b5de334f98aa2df7d551bedffc12

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 02 Mar 2022 00:15:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10551
x-xss-protection: 0

GET
H2 200 container.html Show response
32c3efa6714cb2b02cf65da12bc75bcc.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 4302 6 KB
4 KB 61ms
14ms Document
text/html 2a00:1450:4001:810::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://32c3efa6714cb2b02cf65da12bc75bcc.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022022401.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 3108
date: Wed, 02 Mar 2022 00:15:01 GMT
expires: Thu, 02 Mar 2023 00:15:01 GMT
cache-control: public, immutable, max-age=31536000
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 integrator.js Show response
adservice.google.de/adsid/ Frame 3321 107 B
165 B 27ms
26ms Script
application/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=nets4.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022022401.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 02 Mar 2022 00:15:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 integrator.js Show response
adservice.google.com/adsid/ Frame 3321 107 B
122 B 20ms
19ms Script
application/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=nets4.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022022401.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 02 Mar 2022 00:15:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ Frame 3321 49 KB
12 KB 561ms
560ms XHR
text/plain 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=3561317065608990&correlator=2916333030446471&output=ldjh&impl=fif&eid=31065436%2C31063247%2C44756896&vrg=2022022401&ptt=17&sc=1&sfv=1-0-38&ecs=20220302&iu_parts=22178702878%2Cpurpleapl%2Callsizesv2&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=728x90%7C468x60%7C200x200%7C320x100%7C320x50%7C300x100&eri=4&cookie_enabled=1&bc=31&abxe=1&dt=1646180101443&dlt=1646180101326&idt=110&ea=0&biw=1600&bih=1200&isw=728&ish=90&oid=2&adxs=294&adys=555&ucis=d6ocwgv763d5&adks=4203880072&ifi=1&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&dmc=8&nhd=1&url=https%3A%2F%2Fnets4.com%2Fdomain%2Fmegaplay.cc&top=nets4.com&frm=23&vis=1&scr_x=0&scr_y=0&psz=728x0&msz=728x0&ga_vid=959488425.1646180100&ga_sid=1646180101&ga_hid=1790663181&ga_fc=true&fws=256&ohw=0&btvi=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&nvt=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022022401.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

cafe /

Resource Hash

b42de0e11f46b96bfaa23d4c0a36b7255a4a8f826d75c84a826b4e8df91bbf2b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Wed, 02 Mar 2022 00:15:01 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11902
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://nets4.com
access-control-expose-headers: x-google-amp-ad-validated-version
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame 3321 13 KB
10 KB 42ms
20ms XHR
application/json 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2022022401&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022022401.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3bdb799f2ddf50a8c2b4a9727bf1788314b694a4ddac9dda25d2b26c68a513fb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 02 Mar 2022 00:15:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10405
x-xss-protection: 0

GET
H2 200 container.html Show response
70b0ceb22da14a85eb434682fdac30c3.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame D855 6 KB
3 KB 31ms
16ms Document
text/html 2a00:1450:4001:810::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://70b0ceb22da14a85eb434682fdac30c3.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022022401.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 3108
date: Wed, 02 Mar 2022 00:15:01 GMT
expires: Thu, 02 Mar 2023 00:15:01 GMT
cache-control: public, immutable, max-age=31536000
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 integrator.js Show response
adservice.google.de/adsid/ Frame 473D 107 B
122 B 43ms
17ms Script
application/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=nets4.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022022401.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 02 Mar 2022 00:15:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 integrator.js Show response
adservice.google.com/adsid/ Frame 473D 107 B
122 B 19ms
17ms Script
application/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=nets4.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022022401.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 02 Mar 2022 00:15:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ Frame 473D 17 KB
9 KB 243ms
243ms XHR
text/plain 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=1614471560653474&correlator=3577334680349140&output=ldjh&impl=fif&eid=31064905%2C31065294%2C31060032&vrg=2022022401&ptt=17&sc=1&sfv=1-0-38&ecs=20220302&iu_parts=22178702878%2Cpurpleapl%2Callsizesv2&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=160x600%7C120x600%7C200x200%7C250x250&eri=4&cookie_enabled=1&bc=31&abxe=1&dt=1646180101460&dlt=1646180101303&idt=146&ea=0&biw=1600&bih=1200&isw=160&ish=600&oid=2&adxs=1148&adys=1298&ucis=kwzvbaxiluvd&adks=113378651&ifi=1&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&dmc=8&nhd=1&url=https%3A%2F%2Fnets4.com%2Fdomain%2Fmegaplay.cc&top=nets4.com&frm=23&vis=1&scr_x=0&scr_y=0&psz=160x0&msz=160x0&ga_vid=959488425.1646180100&ga_sid=1646180101&ga_hid=1848042608&ga_fc=true&fws=256&ohw=0&btvi=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&nvt=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022022401.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

cafe /

Resource Hash

d31de97a34e2a5014fc743059225896532e91e3a7ef3194f1f5f0aff40654895

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Wed, 02 Mar 2022 00:15:01 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8870
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://nets4.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame 473D 14 KB
11 KB 27ms
22ms XHR
application/json 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2022022401&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022022401.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

bfd8562e18815515eb700f6ab9619eec667b930d59fd1bedef059299a47519fd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 02 Mar 2022 00:15:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10766
x-xss-protection: 0

GET
H2 200 container.html Show response
7ce4d47c5fc3eeb26be33dce2b4e0b6d.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 2F9B 6 KB
3 KB 31ms
15ms Document
text/html 2a00:1450:4001:810::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://7ce4d47c5fc3eeb26be33dce2b4e0b6d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022022401.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 3108
date: Wed, 02 Mar 2022 00:15:01 GMT
expires: Thu, 02 Mar 2023 00:15:01 GMT
cache-control: public, immutable, max-age=31536000
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame 6DD3 17 KB
7 KB 48ms
18ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022022401.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Wed, 02 Mar 2022 00:15:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Wed, 02 Mar 2022 00:15:01 GMT

GET
H2 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame BA49 17 KB
6 KB 56ms
27ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022022401.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Wed, 02 Mar 2022 00:15:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Wed, 02 Mar 2022 00:15:01 GMT

GET
H3 200 pubads_impl_2022022401.js Show response
securepubads.g.doubleclick.net/gpt/ Frame 821B 363 KB
121 KB 7ms
6ms Script
text/javascript 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022022401.js?cb=31065383

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

sffe /

Resource Hash

eb17a933f0977509c796b9055e3c140746326ecd3ec343dfa3614e8bdb1ac2f5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Tue, 01 Mar 2022 17:59:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 22532
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 124299
x-xss-protection: 0
last-modified: Thu, 24 Feb 2022 09:41:14 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Wed, 01 Mar 2023 17:59:29 GMT

GET
H2 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame 3321 17 KB
6 KB 20ms
20ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022022401.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Wed, 02 Mar 2022 00:15:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Wed, 02 Mar 2022 00:15:01 GMT

GET
H2 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame 473D 17 KB
6 KB 21ms
21ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022022401.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Wed, 02 Mar 2022 00:15:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Wed, 02 Mar 2022 00:15:01 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 6DD3 0
20 B 55ms
39ms Image
image/gif 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=gpt_bvslt&pvsid=4304250172464152&vrg=2022022401&nw_id=21902364955%5C%2C22652385948&nslots=1&eid=31064957%2C31065017%2C31065428&pub_url=https%3A%2F%2Fnets4.com%2Fdomain%2Fmegaplay.cc&t=152&f=1

Requested by

Host: nets4.com
URL: https://nets4.com/domain/megaplay.cc

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 02 Mar 2022 00:15:01 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 integrator.js Show response
adservice.google.de/adsid/ Frame 821B 107 B
122 B 19ms
19ms Script
application/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=nets4.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022022401.js?cb=31065383

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 02 Mar 2022 00:15:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 integrator.js Show response
adservice.google.com/adsid/ Frame 821B 107 B
122 B 18ms
18ms Script
application/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=nets4.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022022401.js?cb=31065383

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 02 Mar 2022 00:15:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ Frame 821B 25 KB
11 KB 452ms
452ms XHR
text/plain 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=2062520611254302&correlator=3614182529020771&eid=31064958%2C31065383&output=ldjh&gdfp_req=1&vrg=2022022401&ptt=17&impl=fifs&sc=1&sfv=1-0-38&ecs=20220302&iu_parts=21902364955%3A22652385948%2Ccm_pu_nets4.com_technology_and_computing_top%2Ccm_pu_nets4.com_technology_and_computing_btf_banner&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=728x90%7C468x60%7C200x200%7C320x100%7C320x50%7C300x100&eri=4&cookie_enabled=1&bc=31&abxe=1&dt=1646180101589&dlt=1646180101404&idt=149&ea=0&biw=1600&bih=1200&isw=728&ish=90&oid=2&adxs=294&adys=3914&ucis=8nkj74dl2m80&adks=471609500&ifi=1&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&dmc=8&nhd=1&url=https%3A%2F%2Fnets4.com%2Fdomain%2Fmegaplay.cc&top=nets4.com&frm=23&vis=1&scr_x=0&scr_y=0&psz=728x0&msz=728x0&ga_vid=959488425.1646180100&ga_sid=1646180102&ga_hid=195877429&ga_fc=true&fws=256&ohw=0&btvi=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&nvt=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022022401.js?cb=31065383

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

cafe /

Resource Hash

1e01a2164aa16305acff14391ade705f91a21b22e3260dbd1d84e06a97eb4da9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Wed, 02 Mar 2022 00:15:02 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10991
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://nets4.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame 821B 13 KB
10 KB 21ms
21ms XHR
application/json 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2022022401&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022022401.js?cb=31065383

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d64a0ebc851a15ff3eb26c9cdfeb424b000a3e3023aeae2054ffff899bff4c9e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 02 Mar 2022 00:15:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10390
x-xss-protection: 0

GET
H2 200 container.html Show response
16ef2bfb7fd529af9b454a60baa82224.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 6F76 6 KB
3 KB 29ms
14ms Document
text/html 2a00:1450:4001:810::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://16ef2bfb7fd529af9b454a60baa82224.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022022401.js?cb=31065383

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 3108
date: Wed, 02 Mar 2022 00:15:01 GMT
expires: Thu, 02 Mar 2023 00:15:01 GMT
cache-control: public, immutable, max-age=31536000
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame EFC1 13 KB
5 KB 23ms
6ms Document
text/html 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-length: 5046
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 01 Mar 2022 20:59:40 GMT
expires: Wed, 01 Mar 2023 20:59:40 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
content-type: text/html
age: 11721
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 04A5 783 B
537 B 16ms
16ms Document
text/html 2a00:1450:4001:810::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

ac5997ad977a976202e7f71c01c2f4747d4fc55ab72f33ef89f0d4501b68da26

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-1gkbe80U8FK5YCkzwDjTYQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/

Response headers

cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
expires: Wed, 02 Mar 2022 00:15:01 GMT
date: Wed, 02 Mar 2022 00:15:01 GMT
cache-control: private, max-age=300
content-type: text/html; charset=utf-8
content-security-policy: script-src 'report-sample' 'nonce-1gkbe80U8FK5YCkzwDjTYQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 515
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 8F95 13 KB
5 KB 7ms
7ms Document
text/html 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-length: 5046
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 01 Mar 2022 20:59:40 GMT
expires: Wed, 01 Mar 2023 20:59:40 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
content-type: text/html
age: 11721
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 464E 783 B
534 B 16ms
16ms Document
text/html 2a00:1450:4001:810::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

da9a284a37ec23c8122360f9c76ad375e3dc30412128eccd5bf7533c11018530

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-hdNcLM87UpooSzaM6m6IWg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/

Response headers

cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
expires: Wed, 02 Mar 2022 00:15:01 GMT
date: Wed, 02 Mar 2022 00:15:01 GMT
cache-control: private, max-age=300
content-type: text/html; charset=utf-8
content-security-policy: script-src 'report-sample' 'nonce-hdNcLM87UpooSzaM6m6IWg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 512
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame A8AA 13 KB
5 KB 7ms
7ms Document
text/html 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-length: 5046
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 01 Mar 2022 20:59:40 GMT
expires: Wed, 01 Mar 2023 20:59:40 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
content-type: text/html
age: 11721
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 aframe Show response
www.google.com/recaptcha/api2/ Frame BE98 783 B
537 B 16ms
16ms Document
text/html 2a00:1450:4001:810::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

410d34afaa7362fc45cfbf224937e199e4a2b3798ef64857e1d28d34b43788b5

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-pJWYnGWyU67V0XIj5ch3VQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/

Response headers

cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
expires: Wed, 02 Mar 2022 00:15:01 GMT
date: Wed, 02 Mar 2022 00:15:01 GMT
cache-control: private, max-age=300
content-type: text/html; charset=utf-8
content-security-policy: script-src 'report-sample' 'nonce-pJWYnGWyU67V0XIj5ch3VQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 515
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 32BC 13 KB
5 KB 6ms
6ms Document
text/html 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-length: 5046
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 01 Mar 2022 20:59:40 GMT
expires: Wed, 01 Mar 2023 20:59:40 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
content-type: text/html
age: 11721
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 95E0 783 B
534 B 18ms
16ms Document
text/html 2a00:1450:4001:810::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

06b9a4bd8c62293b0446da2e50a5926910c35a077be766dce2248c30b70773e6

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-+BZOQGLA3LNhdOlo8zpRdg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/

Response headers

cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
expires: Wed, 02 Mar 2022 00:15:01 GMT
date: Wed, 02 Mar 2022 00:15:01 GMT
cache-control: private, max-age=300
content-type: text/html; charset=utf-8
content-security-policy: script-src 'report-sample' 'nonce-+BZOQGLA3LNhdOlo8zpRdg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 512
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 / Show response
api.purpleads.io/x/b/ 20 KB
4 KB 552ms
552ms Fetch
application/json 34.227.128.233
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://api.purpleads.io/x/b/?idx=5&pid=0020eaa0615a4470a36653ca0bda8ece&sizes=[[728,90],[468,60],[200,200],[320,100],[320,50],[300,100]]&slotid=ec89a163-34c3-449c-9a11-cbb3baec46b8&demand=cybermedia&ts=1646180101702
Requested by: Host: cdn.purpleads.io
URL: https://cdn.purpleads.io/agent.js?publisherId=344ad2e45bc351c4ada152793585a015:8aed5d81ec539e8e6c45776fc6ee38d0aa92f5aeb356bf9114996f6476591916247996f56f76a9fe14770cd4806b54edb29d6938615ba1769d3b435fb1fcd83b
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.227.128.233 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-227-128-233.compute-1.amazonaws.com
Software: /
Resource Hash: de8dc7b843352b7199cbd6162052d8ce7e9cd3122729df2173b3b8d2877c8453

Request headers

Accept-Language: de-DE,de;q=0.9
Authorization: Bearer 344ad2e45bc351c4ada152793585a015:8aed5d81ec539e8e6c45776fc6ee38d0aa92f5aeb356bf9114996f6476591916247996f56f76a9fe14770cd4806b54edb29d6938615ba1769d3b435fb1fcd83b
x-request-url: aHR0cHM6Ly9uZXRzNC5jb20vZG9tYWluL21lZ2FwbGF5LmNj
Accept: application/json
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type: application/json
x-purpleads-version: 2.0.26

Response headers

date: Wed, 02 Mar 2022 00:15:02 GMT
content-encoding: gzip
etag: W/"517c-MDtw1W6UHeL9PV630gbHMXlKnRM"
vary: Accept-Encoding
access-control-allow-methods: GET, PUT, POST, DELETE, HEAD, OPTIONS
content-type: application/json; charset=utf-8
access-control-allow-origin: https://nets4.com
access-control-allow-credentials: true
x-request-id: 22c0cd25-2be0-4f4e-a904-05d6b7bf1f93

GET
H2 200 / Show response
api.purpleads.io/x/b/ 9 KB
2 KB 121ms
120ms Fetch
application/json 34.227.128.233
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://api.purpleads.io/x/b/?idx=6&pid=0020eaa0615a4470a36653ca0bda8ece&sizes=[[728,90],[468,60],[200,200],[320,100],[320,50],[300,100]]&slotid=47c692c7-eb43-4b85-a5ed-176a2e7dd2e2&demand=cybermedia&ts=1646180101702
Requested by: Host: cdn.purpleads.io
URL: https://cdn.purpleads.io/agent.js?publisherId=344ad2e45bc351c4ada152793585a015:8aed5d81ec539e8e6c45776fc6ee38d0aa92f5aeb356bf9114996f6476591916247996f56f76a9fe14770cd4806b54edb29d6938615ba1769d3b435fb1fcd83b
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.227.128.233 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-227-128-233.compute-1.amazonaws.com
Software: /
Resource Hash: df8838cda494b25aca2f21ef8f4d04fc61c6b9376bdba1530f2bb44f250d5586

Request headers

Accept-Language: de-DE,de;q=0.9
Authorization: Bearer 344ad2e45bc351c4ada152793585a015:8aed5d81ec539e8e6c45776fc6ee38d0aa92f5aeb356bf9114996f6476591916247996f56f76a9fe14770cd4806b54edb29d6938615ba1769d3b435fb1fcd83b
x-request-url: aHR0cHM6Ly9uZXRzNC5jb20vZG9tYWluL21lZ2FwbGF5LmNj
Accept: application/json
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type: application/json
x-purpleads-version: 2.0.26

Response headers

date: Wed, 02 Mar 2022 00:15:01 GMT
content-encoding: gzip
etag: W/"240a-Q0TYlOEX760TEmNYwZSBLRitbm4"
vary: Accept-Encoding
access-control-allow-methods: GET, PUT, POST, DELETE, HEAD, OPTIONS
content-type: application/json; charset=utf-8
access-control-allow-origin: https://nets4.com
access-control-allow-credentials: true
x-request-id: 9b5f53df-a781-484d-a034-06121a99e9e0

OPTIONS
H2 200 /
api.purpleads.io/x/b/ Frame 0
0 101ms
101ms Preflight 34.227.128.233
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://api.purpleads.io/x/b/?idx=5&pid=0020eaa0615a4470a36653ca0bda8ece&sizes=[[728,90],[468,60],[200,200],[320,100],[320,50],[300,100]]&slotid=ec89a163-34c3-449c-9a11-cbb3baec46b8&demand=cybermedia&ts=1646180101702
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.227.128.233 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-227-128-233.compute-1.amazonaws.com
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: GET
Access-Control-Request-Headers: authorization,content-type,x-purpleads-version,x-request-url
Origin: https://nets4.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

date: Wed, 02 Mar 2022 00:15:01 GMT
access-control-allow-origin: https://nets4.com
access-control-allow-credentials: true
access-control-allow-methods: GET, PUT, POST, DELETE, HEAD, OPTIONS
access-control-allow-headers: authorization,content-type,x-purpleads-version,x-request-url
x-request-id: 99b7cddf-cb8d-4bbc-8744-d475b685e748

OPTIONS
H2 200 /
api.purpleads.io/x/b/ Frame 0
0 179ms
179ms Preflight 34.227.128.233
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://api.purpleads.io/x/b/?idx=6&pid=0020eaa0615a4470a36653ca0bda8ece&sizes=[[728,90],[468,60],[200,200],[320,100],[320,50],[300,100]]&slotid=47c692c7-eb43-4b85-a5ed-176a2e7dd2e2&demand=cybermedia&ts=1646180101702
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.227.128.233 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-227-128-233.compute-1.amazonaws.com
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: GET
Access-Control-Request-Headers: authorization,content-type,x-purpleads-version,x-request-url
Origin: https://nets4.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

date: Wed, 02 Mar 2022 00:15:01 GMT
access-control-allow-origin: https://nets4.com
access-control-allow-credentials: true
access-control-allow-methods: GET, PUT, POST, DELETE, HEAD, OPTIONS
access-control-allow-headers: authorization,content-type,x-purpleads-version,x-request-url
x-request-id: cd1fc217-8938-4da3-b542-590d28617909

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame 821B 17 KB
6 KB 69ms
68ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022022401.js?cb=31065383

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Wed, 02 Mar 2022 00:15:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Wed, 02 Mar 2022 00:15:01 GMT

GET
H3 200 container.html Show response
7ce4d47c5fc3eeb26be33dce2b4e0b6d.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame CE6B 6 KB
3 KB 26ms
8ms Document
text/html 2a00:1450:4001:810::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://7ce4d47c5fc3eeb26be33dce2b4e0b6d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022022401.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 3108
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 02 Mar 2022 00:15:01 GMT
expires: Thu, 02 Mar 2023 00:15:01 GMT
cache-control: public, immutable, max-age=31536000
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
content-type: text/html
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

OPTIONS
H2 200 i
api.purpleads.io/x/a/3b67079620aa9f5516cb6510474b5c8f:ebd5ea3a72fe11a1a625769f73492d90eb7ca41700af66b7864323783331c6242ab2e7cf3058dde8f00c774582d0b911d4332e303b0cb3fea8977378ee59c1e563863569e5badd8... Frame 0
0 94ms
94ms Preflight 34.227.128.233
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://api.purpleads.io/x/a/3b67079620aa9f5516cb6510474b5c8f:ebd5ea3a72fe11a1a625769f73492d90eb7ca41700af66b7864323783331c6242ab2e7cf3058dde8f00c774582d0b911d4332e303b0cb3fea8977378ee59c1e563863569e5badd8b5eb4d1b5fdc926cfec8a8efa9767f56023df8d2672d2422b8fffb3902a243ea09c83d1d1ec4aae11c357d66d2dbb98c8c112c8fd201aaa091305b8000afba3f1cdf29f2ba8622205/i?id=580da56b-3ffe-4ae9-8302-b6235d27222b&ts=1646180101719
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.227.128.233 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-227-128-233.compute-1.amazonaws.com
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: GET
Access-Control-Request-Headers: authorization,content-type,x-purpleads-version,x-request-url
Origin: https://nets4.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

date: Wed, 02 Mar 2022 00:15:01 GMT
access-control-allow-origin: https://nets4.com
access-control-allow-credentials: true
access-control-allow-methods: GET, PUT, POST, DELETE, HEAD, OPTIONS
access-control-allow-headers: authorization,content-type,x-purpleads-version,x-request-url
x-request-id: 072de586-822a-4b2b-893b-716c2c3b8764

GET
H2 200 i Show response
api.purpleads.io/x/a/3b67079620aa9f5516cb6510474b5c8f:ebd5ea3a72fe11a1a625769f73492d90eb7ca41700af66b7864323783331c6242ab2e7cf3058dde8f00c774582d0b911d4332e303b0cb3fea8977378ee59c1e563863569e5badd8... 0
199 B 277ms
277ms Fetch 34.227.128.233
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://api.purpleads.io/x/a/3b67079620aa9f5516cb6510474b5c8f:ebd5ea3a72fe11a1a625769f73492d90eb7ca41700af66b7864323783331c6242ab2e7cf3058dde8f00c774582d0b911d4332e303b0cb3fea8977378ee59c1e563863569e5badd8b5eb4d1b5fdc926cfec8a8efa9767f56023df8d2672d2422b8fffb3902a243ea09c83d1d1ec4aae11c357d66d2dbb98c8c112c8fd201aaa091305b8000afba3f1cdf29f2ba8622205/i?id=580da56b-3ffe-4ae9-8302-b6235d27222b&ts=1646180101719
Requested by: Host: cdn.purpleads.io
URL: https://cdn.purpleads.io/agent.js?publisherId=344ad2e45bc351c4ada152793585a015:8aed5d81ec539e8e6c45776fc6ee38d0aa92f5aeb356bf9114996f6476591916247996f56f76a9fe14770cd4806b54edb29d6938615ba1769d3b435fb1fcd83b
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.227.128.233 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-227-128-233.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Authorization: Bearer 344ad2e45bc351c4ada152793585a015:8aed5d81ec539e8e6c45776fc6ee38d0aa92f5aeb356bf9114996f6476591916247996f56f76a9fe14770cd4806b54edb29d6938615ba1769d3b435fb1fcd83b
x-request-url: aHR0cHM6Ly9uZXRzNC5jb20vZG9tYWluL21lZ2FwbGF5LmNj
Accept: application/json
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type: application/json
x-purpleads-version: 2.0.26

Response headers

access-control-allow-origin: https://nets4.com
date: Wed, 02 Mar 2022 00:15:02 GMT
access-control-allow-methods: GET, PUT, POST, DELETE, HEAD, OPTIONS
access-control-allow-credentials: true
x-request-id: 8bc29ec7-b7b1-4c61-894f-66338e6a852c

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 04A5 0
0 44ms
43ms Image
text/html 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gpt_2022022401&jk=4304250172464152&rc=null
Requested by: Host: nets4.com
URL: https://nets4.com/domain/megaplay.cc
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 464E 0
0 56ms
55ms Image
text/html 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gpt_2022022401&jk=3561317065608990&rc=null
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame BE98 0
0 55ms
54ms Image
text/html 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gpt_2022022401&jk=3009482583844552&rc=null
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 95E0 0
0 55ms
55ms Image
text/html 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gpt_2022022401&jk=1614471560653474&rc=null
Requested by: Host: nets4.com
URL: https://nets4.com/domain/megaplay.cc
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

GET
H3 200 mF8jAiIKdU2I24lDkXEdvB6f9nJ-5cys-Upa-8ZRieM.js Show response
pagead2.googlesyndication.com/bg/ Frame EFC1 35 KB
13 KB 9ms
7ms Script
text/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/mF8jAiIKdU2I24lDkXEdvB6f9nJ-5cys-Upa-8ZRieM.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

985f2302220a754d88db894391711dbc1e9ff6727ee5ccacf94a5afbc65189e3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Fri, 25 Feb 2022 08:07:31 GMT
content-encoding: br
x-content-type-options: nosniff
age: 403650
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13514
x-xss-protection: 0
last-modified: Thu, 24 Feb 2022 13:28:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sat, 25 Feb 2023 08:07:31 GMT

GET
H3 200 mF8jAiIKdU2I24lDkXEdvB6f9nJ-5cys-Upa-8ZRieM.js Show response
pagead2.googlesyndication.com/bg/ Frame 8F95 35 KB
13 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/mF8jAiIKdU2I24lDkXEdvB6f9nJ-5cys-Upa-8ZRieM.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

985f2302220a754d88db894391711dbc1e9ff6727ee5ccacf94a5afbc65189e3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Fri, 25 Feb 2022 08:07:31 GMT
content-encoding: br
x-content-type-options: nosniff
age: 403650
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13514
x-xss-protection: 0
last-modified: Thu, 24 Feb 2022 13:28:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sat, 25 Feb 2023 08:07:31 GMT

GET
H3 200 mF8jAiIKdU2I24lDkXEdvB6f9nJ-5cys-Upa-8ZRieM.js Show response
pagead2.googlesyndication.com/bg/ Frame A8AA 35 KB
13 KB 10ms
10ms Script
text/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/mF8jAiIKdU2I24lDkXEdvB6f9nJ-5cys-Upa-8ZRieM.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

985f2302220a754d88db894391711dbc1e9ff6727ee5ccacf94a5afbc65189e3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Fri, 25 Feb 2022 08:07:31 GMT
content-encoding: br
x-content-type-options: nosniff
age: 403650
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13514
x-xss-protection: 0
last-modified: Thu, 24 Feb 2022 13:28:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sat, 25 Feb 2023 08:07:31 GMT

GET
H3 200 mF8jAiIKdU2I24lDkXEdvB6f9nJ-5cys-Upa-8ZRieM.js Show response
pagead2.googlesyndication.com/bg/ Frame 32BC 35 KB
13 KB 9ms
8ms Script
text/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/mF8jAiIKdU2I24lDkXEdvB6f9nJ-5cys-Upa-8ZRieM.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

985f2302220a754d88db894391711dbc1e9ff6727ee5ccacf94a5afbc65189e3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Fri, 25 Feb 2022 08:07:31 GMT
content-encoding: br
x-content-type-options: nosniff
age: 403650
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13514
x-xss-protection: 0
last-modified: Thu, 24 Feb 2022 13:28:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sat, 25 Feb 2023 08:07:31 GMT

GET
H2 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 7C7C 624 B
974 B 41ms
18ms Document
text/html 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhCn9EsY6s3FlQEwAQ&v=APEucNUtk-MLkIkSFXSTNLnbRGbhy-TVAhBIXCSjM-oTWWT7vOSLFy_6atGwQUozCYXIrnNrVPkFQ_Lpw_UGjK7Hiz60oq1KLC1HqrLsftR3qjv_yLwfsfpoGtTo4Mh5P0yaVHCt_MbdmkxnfjsV4xZN7fbzAS5kiYa_Fm6tGZyznpmgUKfxwVU

Requested by

Host: 7ce4d47c5fc3eeb26be33dce2b4e0b6d.safeframe.googlesyndication.com
URL: https://7ce4d47c5fc3eeb26be33dce2b4e0b6d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://7ce4d47c5fc3eeb26be33dce2b4e0b6d.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
date: Wed, 02 Mar 2022 00:15:01 GMT
server: cafe
cache-control: private
content-length: 276
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Wed, 02 Mar 2022 00:15:01 GMT

GET
H2 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame CE6B 26 KB
16 KB 73ms
51ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-DKAWd1Xwkpl4TJSndWS3McOzbN5ddG7pti5IeHagsXcVHzlPD-hCU8fHr4gWVnhHDfem7ehugYQd8Kkde4nu41frVZ7gHGHV9d8vpwu6S53oGflChNycGBoCPb7ro-vbs008EKZIm32k08vkO3dqM1RnGO0Q&cry=1&dbm_d=AKAmf-AcEKD6CyVDpGPd-nuoTVXlKLtdUkQT0qJEcovJi79yEa3HvVaRaboFqWt_WJ9qWo3dhyZ8E-Mb59eNeZsrIfdqGZbm6gqgHK6FhwSrq1EN1vZO_0jE2bmHHAuoteC0lvWA0PyMWMN6jHyYvOlr15W41PPdCFZqh-uYRRipZlrYDKc4N9M62qyt6OpByzLPeDifjJtLkJLhBu6mFAtoXRRH6ZOrA38bmM75rMTLwKOo6HaVObpHCWVKqdbqfVvXG_UzoA0lGVrDBAfOuS9enB8zOqy_DHfqysqgUA85A69rUkwkNj496yRcrh0tdTUPietUbp4UVl-y5JSkxIiEarUKAN2sf6bJstwfSXwEtaaZcQRCZ2nt0JdcfV0tMoSJZMWw-IqCvLZAQZRuPvOBQjw3o0PMHaWUIa80BIUK4iU6Mwv1JA1SGXnEJtjRwGB3MyOiIcIt4ROaw0CI8NNwx_GAb-r2ihKlsbtx26XDvdHqEhL-PZhSG8VQJ-6wLiU1PRUe2ZM0qCPjKi8xB7WYtwniKDvYnijOL9zyCPEJY95UWBAODr6y7VlzIDui6P8pu3BOipbL2y_f05UsDNeu2tpxaIF0Ict6ba_LNJk1jkoDVDB-AJV34rP6kvNHU2hBPdeqwiPebRc7gS8vxsopgfKl1vQgjQDq5Qd4N7jAkZbOJVym5PApB-zf9gjcaA33wmo6uxVFDu9uDgkO2ekid3gF0mrsg8GFyAZGdeXCDmKgfJQsdzTbXFph8Hn2L2a9zTxrxuOlJlCrMYmwlUROh-t6FDXsFguihM9T4nFsoCRModHekfCUCay1zL8kJsbvhk6lPNfG9nUFhXtH7zMXRSBDTdvfvv0MKs2QBaWRRu5fbFIlW2ANkbuyho-uMacUYl2W_i0oALq8G1ToMWfgzO1_bknfOpf-8wiy4S1Qj6Phk-zUQmW0PQIJfSE4pH1z_5CQTSgmraLDookANy4C4MVJroBW4hGLXSYb6E7XYyyzESANffPWNATkzW9U9Piiub7VSIJraQiehYitYTDoqzmzHduVNqsf3DqhHcPT92b9GsL4bUdQ7YL50aChlltiUfIsjqaWtjX0p4lmuZ7YjpS3sxfdy9g9-WNWZP6z54D8oya5kFh40Haq3JSkOIiGl-QpqJZRyRleMgZo4GDlYpkl3S2IpCX44kGoLxumnznGAhalaVu0vVh8JlxbCYcrtSphPaJKCMtxQrR_mmTVtUPI6Wkvm5F-eJttOZ39meBgEBQ9ZqH9Tx4Mde2LnwhO78fAx0I1mJrW0KFSRymC-2k2XLNsLlyebDlQm5__9aELgCZ_xMNFJIxSWuAR0gA38XrQ-NCoBRf6_X-IhahdLq95mZjUFMh5ih5SKoiB1Pd0F8OikMzS-Z4gdMIe3C8XL-nAEwsGzLVlCzJqFoQRcR5Mcpo3aduH60JRSMpvmYK9CcpBjRof47U0voi05BDQJAqY1QtlMNt0Ifq2yljhwKL_DS4YlMFsvF2SFbf_fS9pYLuY6Zw_RZ1BxoNuuXtw9gSKrH9UgsBY1TUC5NY1eRf4EH3tcra9PdyvZtR1Z09MCGdXeOtXhU8Wsnz9ThA0kMvP34wcnLYSQU8qIXzjg-ojJpt03V8DODURHMeTllG8Gw5Xov5XpOueXRuMKtvS44valHO64YlpzHgmNCdlk28X3yZ3RD-P9OOdBZRzgxDlwUbIDAASyH0rVTelex0v_7XK64AtEHovk-f2t0FqI9dPnsu0D3nSpyN57ksCArkwC6_1CSL2MpoPcj8xCsGOr9da6L-HqSkWhf_V4Uzk6vjmM_zDu3RBoFWkIGtH8RHBoA__g6X3kBAdld_3MB2aZKLjsV3ZZ_dkELnlv_E_5RuMK32dG_INUMD3e6EbdQA0vgVMxVZt7QaTt1n0EInpf-h6kmQumyOvRoWHgK2IX2nfCKFryfTUWQwfG5Ut103kAqVM8JOuNBQYd5TEzvQpJ-fHBm5IzTs6E6r2D4iyUOfmWAxCfh7nRZ4Xhc2wrxRotYMH04zhXXVXIEqf4SVCAswVrdW-xrPkFeOZkKb54Hdfot8trhjLevmfD8JgUzFJlef-TMfkzjSf3KkVxwlrIZ32ewOap8u-wnlvMizUFVkB0yplhpwW_sYpCjB8J5wHV9Ys5-D3fRruzDrpZ2cQrCUoZv1lZPPfTu52BxPEWZ3-Z0FAvu9h9jDLYYnlFS-ldiKFc8_xiWYxc_aFuw33I4ESzsJwdRvxLiqpwfXOJXKM3Yk7udq9S5xkINaL1qmXyHB2XpXaJR0w3Gf-lv3z6lyRnw7S4njNkqC5XIu8e3UhontnVFCrbdE-evYRT4HlkGmHBRZsLCDhkuCPeQzBE-cIAL3D5szlrgW__nFAyQJx0Fz988KFvY_L4FAgIrzHl3Qiwy9E-dvJ0ZikiZoxNJT6hKOcTdxEmQC8vNKZWA1P8Ir8KaYrikGbrXtj_G6xApAUBjYdBrMhvi15jEAaVm2NowzTHOhevqWmIkbCdgJjV3Bxn0EPcSdc9_8c3k_cloA9Z-cIy7lJj4ilFex840uh-LYmfJJjiu7Gmh85JAyeL0dcIftlch6nhf2NTjTq_1a7ccQaNYFEUgOkTr3zDkL8y14Fdiv8RUiORckI4tUr7Nd975EXOBZ9MSRbsggqiZxoYZ2cCT2bOHh-dOwWn-p70oq0-FwIh2bBCiZQU-fAnhYy0z3kxKW9SUMlexjih6IIWelir0bySPOV9Ty9EiOUaxdwPgWo8aGaj3C2OksSZogzdyftFeFea1-gyqN3a7hJTxe69IZQoGz-O4b5A1xmc6qs7RNqMUOPZi2_b3DZJA8xO6qSLmWbO4ZPdS75ugP5-X6QFsr6vlHIWaul0EeHzWcnCim-61nWoCwCU_qp14_rg5K-u2FDBKVz0vs4Gi53uBSi5cYQVY_SByiIP8v1Tw-3ZA8lHJ_O5x7Pujnu7IJ0zK5bcQoDfk6zsCdmQmcayE5VTLeMKJjVHjo9-uKc4LACGFatxYXAFQf3dcLE618uOsp01HWfvA5-YS0qUiw21tq45Mqx3SlRPXRfzlt_GpuX6LVR9EUGCbZmq6e_cpNqDEVUgJN-nJaoC3Kxcc4eS2AAdHimtRr9zO01nZGoJmvK8-ir4kv730v88VBSXz3YjpQqDOK_ldIkrY3JhgqbEONMnJ-oToKmysoPyGfVsbDl&cid=CAASFeRon192knxB6B5pGgb-aR9s_Ff3qw&rfl=2%2Chttps%253A%252F%252Fnets4.com%242%2Chttps%253A%252F%252Fnets4.com%252F%240

Requested by

Host: nets4.com
URL: https://nets4.com/domain/megaplay.cc

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

05dbd2c3a25e583fa2c9eb63d2ce48e5bbb5fca3c994bc5f2ec3b1939d4bbb20

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://7ce4d47c5fc3eeb26be33dce2b4e0b6d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 02 Mar 2022 00:15:01 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 16100
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame CE6B 42 B
63 B 41ms
40ms Image
image/gif 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-A-uwap5hH19Hx3QeLlmJ0IBSqyoKr5TjJDiPtfdfTo-_nwqTYIeWCyhZZEnt7Nz3m3s0CjSR88r_G3vAdqZc4SXHqigeO0NLyv8dLA-KHv1KVEJ18

Requested by

Host: 7ce4d47c5fc3eeb26be33dce2b4e0b6d.safeframe.googlesyndication.com
URL: https://7ce4d47c5fc3eeb26be33dce2b4e0b6d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://7ce4d47c5fc3eeb26be33dce2b4e0b6d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 02 Mar 2022 00:15:01 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220225/r20110914/client/ Frame CE6B 2 KB
1 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220225/r20110914/client/window_focus_fy2019.js

Requested by

Host: 7ce4d47c5fc3eeb26be33dce2b4e0b6d.safeframe.googlesyndication.com
URL: https://7ce4d47c5fc3eeb26be33dce2b4e0b6d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

68026f99511fbc5c2275b7068b5fac19797d638977ffb9db12c5c1523614c18f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://7ce4d47c5fc3eeb26be33dce2b4e0b6d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Tue, 01 Mar 2022 23:59:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 950
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1233
x-xss-protection: 0
server: cafe
etag: 16517525077337815633
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 15 Mar 2022 23:59:11 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame CE6B 124 KB
39 KB 39ms
16ms Script
text/javascript 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 7ce4d47c5fc3eeb26be33dce2b4e0b6d.safeframe.googlesyndication.com
URL: https://7ce4d47c5fc3eeb26be33dce2b4e0b6d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

421826ba172a54d9fd676a0a6ec9d635c3f2210aba81b270d1505c8c653ae4ff

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://7ce4d47c5fc3eeb26be33dce2b4e0b6d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Wed, 02 Mar 2022 00:15:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 38862
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1646052075697155"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Wed, 02 Mar 2022 00:15:01 GMT

GET
H3 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220225/r20110914/client/ Frame CE6B 15 KB
6 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220225/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: 7ce4d47c5fc3eeb26be33dce2b4e0b6d.safeframe.googlesyndication.com
URL: https://7ce4d47c5fc3eeb26be33dce2b4e0b6d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

383f95a75b02bb1370e93c9c3c6b9f060a98dbe492b16d8e1da3f653a800e435

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://7ce4d47c5fc3eeb26be33dce2b4e0b6d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Tue, 01 Mar 2022 23:58:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 985
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6433
x-xss-protection: 0
server: cafe
etag: 3306657128042699500
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 15 Mar 2022 23:58:36 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame CE6B 0
0 15ms
14ms Image
text/html 2a00:1450:4001:810::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaS1lbBgOvdbmEbP5H54I32Ikd2Shhuzh-L_KTPfLFGkJBjilBbQR74B7Bsii416I3cjaXwZQ9VOn-gxkS0XWvSX_ynipQ
Requested by: Host: 7ce4d47c5fc3eeb26be33dce2b4e0b6d.safeframe.googlesyndication.com
URL: https://7ce4d47c5fc3eeb26be33dce2b4e0b6d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:810::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://7ce4d47c5fc3eeb26be33dce2b4e0b6d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

POST
H2 204 collect Show response
d.clarity.ms/ 0
48 B 185ms
184ms XHR
text/plain 40.76.174.66
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://d.clarity.ms/collect
Requested by: Host: d.clarity.ms
URL: https://d.clarity.ms/s/0.6.32/clarity.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 40.76.174.66 Tappahannock, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: application/x-clarity-gzip
Referer: https://nets4.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

access-control-allow-origin: https://nets4.com
date: Wed, 02 Mar 2022 00:15:01 GMT
access-control-allow-credentials: true
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET
request-context: appId=cid-v1:238681e8-7d6b-453a-acb6-7dcad74f3111

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame AD6A 13 KB
5 KB 7ms
7ms Document
text/html 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-length: 5046
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 01 Mar 2022 20:59:40 GMT
expires: Wed, 01 Mar 2023 20:59:40 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
content-type: text/html
age: 11721
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 aframe Show response
www.google.com/recaptcha/api2/ Frame D188 783 B
534 B 16ms
16ms Document
text/html 2a00:1450:4001:810::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

f0759b40ed05e9e62aae0dceb2eb9b6387fb83c8c26822fcab9ec0c98d90d456

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-6h4mbi+Y1+P2dURPE6eltw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/

Response headers

cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
expires: Wed, 02 Mar 2022 00:15:01 GMT
date: Wed, 02 Mar 2022 00:15:01 GMT
cache-control: private, max-age=300
content-type: text/html; charset=utf-8
content-security-policy: script-src 'report-sample' 'nonce-6h4mbi+Y1+P2dURPE6eltw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 512
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 7C7C
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEH_Ro_0w04SZQQxGRUdTEZI&google_cver=1

43 B
1014 B

28ms
12ms

Image
image/gif

2.21.141.232
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEH_Ro_0w04SZQQxGRUdTEZI&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhCn9EsY6s3FlQEwAQ&v=APEucNUtk-MLkIkSFXSTNLnbRGbhy-TVAhBIXCSjM-oTWWT7vOSLFy_6atGwQUozCYXIrnNrVPkFQ_Lpw_UGjK7Hiz60oq1KLC1HqrLsftR3qjv_yLwfsfpoGtTo4Mh5P0yaVHCt_MbdmkxnfjsV4xZN7fbzAS5kiYa_Fm6tGZyznpmgUKfxwVU
Protocol: HTTP/1.1
Server: 2.21.141.232 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-21-141-232.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 02 Mar 2022 00:15:02 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Wed, 02 Mar 2022 00:15:02 GMT

Redirect headers

pragma: no-cache
date: Wed, 02 Mar 2022 00:15:01 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEH_Ro_0w04SZQQxGRUdTEZI&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 7C7C
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=Yh63BZGECoamCwQZMGVtTAAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEH_Ro_0w04SZQQxGRUdTEZI&google_cver=1

43 B
894 B

14ms
13ms

Image
image/gif

2.21.141.232
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEH_Ro_0w04SZQQxGRUdTEZI&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhCn9EsY6s3FlQEwAQ&v=APEucNUtk-MLkIkSFXSTNLnbRGbhy-TVAhBIXCSjM-oTWWT7vOSLFy_6atGwQUozCYXIrnNrVPkFQ_Lpw_UGjK7Hiz60oq1KLC1HqrLsftR3qjv_yLwfsfpoGtTo4Mh5P0yaVHCt_MbdmkxnfjsV4xZN7fbzAS5kiYa_Fm6tGZyznpmgUKfxwVU
Protocol: HTTP/1.1
Server: 2.21.141.232 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-21-141-232.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 02 Mar 2022 00:15:02 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Wed, 02 Mar 2022 00:15:02 GMT

Redirect headers

pragma: no-cache
date: Wed, 02 Mar 2022 00:15:02 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEH_Ro_0w04SZQQxGRUdTEZI&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

setuid
ib.adnxs.com/ Frame 7C7C
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESEPPGl5yIpfV_r8n40FPhpHE&google_cver=1

43 B
1018 B

23ms
9ms

Image
image/gif

37.252.173.22
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/setuid?entity=101&code=CAESEPPGl5yIpfV_r8n40FPhpHE&google_cver=1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhCn9EsY6s3FlQEwAQ&v=APEucNUtk-MLkIkSFXSTNLnbRGbhy-TVAhBIXCSjM-oTWWT7vOSLFy_6atGwQUozCYXIrnNrVPkFQ_Lpw_UGjK7Hiz60oq1KLC1HqrLsftR3qjv_yLwfsfpoGtTo4Mh5P0yaVHCt_MbdmkxnfjsV4xZN7fbzAS5kiYa_Fm6tGZyznpmgUKfxwVU

Protocol

HTTP/1.1

Server

37.252.173.22 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

536.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 02 Mar 2022 00:15:02 GMT
X-Proxy-Origin: 138.199.38.132; 138.199.38.132; 536.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
AN-X-Request-Uuid: ef3e51ac-3b5e-4d85-922b-b8fb70babda3
Server: nginx/1.21.3
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Wed, 02 Mar 2022 00:15:01 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://ib.adnxs.com/setuid?entity=101&code=CAESEPPGl5yIpfV_r8n40FPhpHE&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 290
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 7C7C
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NDgzMjg0NDE4NDcwMzI2NTU3OA%3D%3D

170 B
188 B

25ms
18ms

Image
image/png

172.217.16.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NDgzMjg0NDE4NDcwMzI2NTU3OA%3D%3D

Requested by

Protocol

Server

172.217.16.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

zrh04s06-in-f130.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 02 Mar 2022 00:15:02 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Wed, 02 Mar 2022 00:15:01 GMT
X-Proxy-Origin: 138.199.38.132; 138.199.38.132; 536.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
AN-X-Request-Uuid: b92ead6d-ca17-431b-8d7e-0eb2e067a093
Server: nginx/1.21.3
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NDgzMjg0NDE4NDcwMzI2NTU3OA%3D%3D
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20220225/r20110914/ Frame CE6B 25 KB
9 KB 9ms
8ms Script
text/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20220225/r20110914/abg_lite.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-DKAWd1Xwkpl4TJSndWS3McOzbN5ddG7pti5IeHagsXcVHzlPD-hCU8fHr4gWVnhHDfem7ehugYQd8Kkde4nu41frVZ7gHGHV9d8vpwu6S53oGflChNycGBoCPb7ro-vbs008EKZIm32k08vkO3dqM1RnGO0Q&cry=1&dbm_d=AKAmf-AcEKD6CyVDpGPd-nuoTVXlKLtdUkQT0qJEcovJi79yEa3HvVaRaboFqWt_WJ9qWo3dhyZ8E-Mb59eNeZsrIfdqGZbm6gqgHK6FhwSrq1EN1vZO_0jE2bmHHAuoteC0lvWA0PyMWMN6jHyYvOlr15W41PPdCFZqh-uYRRipZlrYDKc4N9M62qyt6OpByzLPeDifjJtLkJLhBu6mFAtoXRRH6ZOrA38bmM75rMTLwKOo6HaVObpHCWVKqdbqfVvXG_UzoA0lGVrDBAfOuS9enB8zOqy_DHfqysqgUA85A69rUkwkNj496yRcrh0tdTUPietUbp4UVl-y5JSkxIiEarUKAN2sf6bJstwfSXwEtaaZcQRCZ2nt0JdcfV0tMoSJZMWw-IqCvLZAQZRuPvOBQjw3o0PMHaWUIa80BIUK4iU6Mwv1JA1SGXnEJtjRwGB3MyOiIcIt4ROaw0CI8NNwx_GAb-r2ihKlsbtx26XDvdHqEhL-PZhSG8VQJ-6wLiU1PRUe2ZM0qCPjKi8xB7WYtwniKDvYnijOL9zyCPEJY95UWBAODr6y7VlzIDui6P8pu3BOipbL2y_f05UsDNeu2tpxaIF0Ict6ba_LNJk1jkoDVDB-AJV34rP6kvNHU2hBPdeqwiPebRc7gS8vxsopgfKl1vQgjQDq5Qd4N7jAkZbOJVym5PApB-zf9gjcaA33wmo6uxVFDu9uDgkO2ekid3gF0mrsg8GFyAZGdeXCDmKgfJQsdzTbXFph8Hn2L2a9zTxrxuOlJlCrMYmwlUROh-t6FDXsFguihM9T4nFsoCRModHekfCUCay1zL8kJsbvhk6lPNfG9nUFhXtH7zMXRSBDTdvfvv0MKs2QBaWRRu5fbFIlW2ANkbuyho-uMacUYl2W_i0oALq8G1ToMWfgzO1_bknfOpf-8wiy4S1Qj6Phk-zUQmW0PQIJfSE4pH1z_5CQTSgmraLDookANy4C4MVJroBW4hGLXSYb6E7XYyyzESANffPWNATkzW9U9Piiub7VSIJraQiehYitYTDoqzmzHduVNqsf3DqhHcPT92b9GsL4bUdQ7YL50aChlltiUfIsjqaWtjX0p4lmuZ7YjpS3sxfdy9g9-WNWZP6z54D8oya5kFh40Haq3JSkOIiGl-QpqJZRyRleMgZo4GDlYpkl3S2IpCX44kGoLxumnznGAhalaVu0vVh8JlxbCYcrtSphPaJKCMtxQrR_mmTVtUPI6Wkvm5F-eJttOZ39meBgEBQ9ZqH9Tx4Mde2LnwhO78fAx0I1mJrW0KFSRymC-2k2XLNsLlyebDlQm5__9aELgCZ_xMNFJIxSWuAR0gA38XrQ-NCoBRf6_X-IhahdLq95mZjUFMh5ih5SKoiB1Pd0F8OikMzS-Z4gdMIe3C8XL-nAEwsGzLVlCzJqFoQRcR5Mcpo3aduH60JRSMpvmYK9CcpBjRof47U0voi05BDQJAqY1QtlMNt0Ifq2yljhwKL_DS4YlMFsvF2SFbf_fS9pYLuY6Zw_RZ1BxoNuuXtw9gSKrH9UgsBY1TUC5NY1eRf4EH3tcra9PdyvZtR1Z09MCGdXeOtXhU8Wsnz9ThA0kMvP34wcnLYSQU8qIXzjg-ojJpt03V8DODURHMeTllG8Gw5Xov5XpOueXRuMKtvS44valHO64YlpzHgmNCdlk28X3yZ3RD-P9OOdBZRzgxDlwUbIDAASyH0rVTelex0v_7XK64AtEHovk-f2t0FqI9dPnsu0D3nSpyN57ksCArkwC6_1CSL2MpoPcj8xCsGOr9da6L-HqSkWhf_V4Uzk6vjmM_zDu3RBoFWkIGtH8RHBoA__g6X3kBAdld_3MB2aZKLjsV3ZZ_dkELnlv_E_5RuMK32dG_INUMD3e6EbdQA0vgVMxVZt7QaTt1n0EInpf-h6kmQumyOvRoWHgK2IX2nfCKFryfTUWQwfG5Ut103kAqVM8JOuNBQYd5TEzvQpJ-fHBm5IzTs6E6r2D4iyUOfmWAxCfh7nRZ4Xhc2wrxRotYMH04zhXXVXIEqf4SVCAswVrdW-xrPkFeOZkKb54Hdfot8trhjLevmfD8JgUzFJlef-TMfkzjSf3KkVxwlrIZ32ewOap8u-wnlvMizUFVkB0yplhpwW_sYpCjB8J5wHV9Ys5-D3fRruzDrpZ2cQrCUoZv1lZPPfTu52BxPEWZ3-Z0FAvu9h9jDLYYnlFS-ldiKFc8_xiWYxc_aFuw33I4ESzsJwdRvxLiqpwfXOJXKM3Yk7udq9S5xkINaL1qmXyHB2XpXaJR0w3Gf-lv3z6lyRnw7S4njNkqC5XIu8e3UhontnVFCrbdE-evYRT4HlkGmHBRZsLCDhkuCPeQzBE-cIAL3D5szlrgW__nFAyQJx0Fz988KFvY_L4FAgIrzHl3Qiwy9E-dvJ0ZikiZoxNJT6hKOcTdxEmQC8vNKZWA1P8Ir8KaYrikGbrXtj_G6xApAUBjYdBrMhvi15jEAaVm2NowzTHOhevqWmIkbCdgJjV3Bxn0EPcSdc9_8c3k_cloA9Z-cIy7lJj4ilFex840uh-LYmfJJjiu7Gmh85JAyeL0dcIftlch6nhf2NTjTq_1a7ccQaNYFEUgOkTr3zDkL8y14Fdiv8RUiORckI4tUr7Nd975EXOBZ9MSRbsggqiZxoYZ2cCT2bOHh-dOwWn-p70oq0-FwIh2bBCiZQU-fAnhYy0z3kxKW9SUMlexjih6IIWelir0bySPOV9Ty9EiOUaxdwPgWo8aGaj3C2OksSZogzdyftFeFea1-gyqN3a7hJTxe69IZQoGz-O4b5A1xmc6qs7RNqMUOPZi2_b3DZJA8xO6qSLmWbO4ZPdS75ugP5-X6QFsr6vlHIWaul0EeHzWcnCim-61nWoCwCU_qp14_rg5K-u2FDBKVz0vs4Gi53uBSi5cYQVY_SByiIP8v1Tw-3ZA8lHJ_O5x7Pujnu7IJ0zK5bcQoDfk6zsCdmQmcayE5VTLeMKJjVHjo9-uKc4LACGFatxYXAFQf3dcLE618uOsp01HWfvA5-YS0qUiw21tq45Mqx3SlRPXRfzlt_GpuX6LVR9EUGCbZmq6e_cpNqDEVUgJN-nJaoC3Kxcc4eS2AAdHimtRr9zO01nZGoJmvK8-ir4kv730v88VBSXz3YjpQqDOK_ldIkrY3JhgqbEONMnJ-oToKmysoPyGfVsbDl&cid=CAASFeRon192knxB6B5pGgb-aR9s_Ff3qw&rfl=2%2Chttps%253A%252F%252Fnets4.com%242%2Chttps%253A%252F%252Fnets4.com%252F%240

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b7fb55cee3f07d021bbc1a8812f42e584f1c2fbd540f147dbeb7f3c4818f9fdd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://7ce4d47c5fc3eeb26be33dce2b4e0b6d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Tue, 01 Mar 2022 23:42:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1947
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9649
x-xss-protection: 0
server: cafe
etag: 14231210586090289831
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 15 Mar 2022 23:42:34 GMT

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame CE6B 41 KB
15 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://7ce4d47c5fc3eeb26be33dce2b4e0b6d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Thu, 24 Feb 2022 16:13:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 460880
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 24 Feb 2023 16:13:41 GMT

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame EFC1 0
9 B 7ms
7ms Image
text/plain 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?9LSGAA
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Wed, 02 Mar 2022 00:15:01 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0

GET
H/1.1 200
OK z9erfcgupzvd Show response
hal9000.redintelligence.net/zone/ Frame CE6B 11 KB
4 KB 39ms
13ms Script
text/html 138.201.63.150
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal9000.redintelligence.net/zone/z9erfcgupzvd?subid=&gdpr=-1&gdpr_consent=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCTA4uBbceYvXMHrKprATs2auADLXN-YNX3Ny5q-UM8C4QASC52_MmYJWCgICwB8gBCakCeVt4gCqosj6oAwGqBNkBT9C5L3Apc_1nqYOwYNqEUmjzJcNMTpmyHyuByYCe5ZU-L6NaybZpVBGi-JFpffwEbj-6bZEKfhcqvQQmTTJ3znybEPvQ6I0MX8vQTj42qxkkbNEvikX8IPEV2-MnN7zLOzzlxmAeyztfCtposcF1HNnTXFxuQGnRekhtyf1bddAf5MwiTT6RJsFXYJd_Icb7moabQhsj0rBjmjXb3s8zWDcs4xvhPbPZjGX-C2RgOuFBnWZlxe1mwphobJ1sjE-ZHussXJkAbOicTK-y9zAbRvwYxpNXzT7OkcAEqp38vs8B4AQDkAYBoAZNgAfr5-heqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhuoB_PRG6gHltgbqAeqm7ECqAffn7EC2AcA0ggJCIjhgBAQARgd8ggbYWR4LXN1YnN5bi00ODIzOTY5OTg1MDgyMTM2gAoDmAsByAsBgAwBsBPcmesN0BMA2BMD2BQB0BUB-BYBgBcB%26ae%3D1%26num%3D1%26cid%3DCAASFeRon192knxB6B5pGgb-aR9s_Ff3qw%26sig%3DAOD64_0cxdIlTArhSpr42xBeU_ofe6cyMw%26client%3Dca-pub-4903453974745530%26dbm_c%3DAKAmf-BsfztWRcTF90X3W4L7UT2IqrrDetlqwqZKAygGUwUNdJeYlIkRdYEq99M7FLIx3NL4AVScNtXigGzoTmoGL93FI4hP1tgsxi5Enyd3xtlx8V0bJVFWevjoSnwGI76PldP9_e0PNwLBEuvBK5rkYM0fIc3o2Q%26cry%3D1%26dbm_d%3DAKAmf-Cjp65UXSCEGBOqRH33MfhL2elzOrcDGuTKFYHF7vvwnxzLdFV816jBoH-wpMpSy34q0_-dn7znk3XpvWf8DWSkXMSUaTw7-iG4GBCV4uZopO6Os6DA_MwmtKAt9KV3YC4gLZaBJUztVew61-InDMHSO81E0IKLd7ETJF4vKSi-DtJjK0VpsLewdI9gpjxon9rDs0eTenMdxsEWoq2GszhdDBocppWzHdP4tHor1JrEC0sc3wMQyhbqf7T19649kQ4zjq5n_D3MIiCQQZTFUOJ0yC4_L72Q3mqqQKYMRV3qJLBHfjO5nvyesRVJq4O8DR3Gtu0sIYEPHfjXpV0gplbr1MH21wby1Q-gOoSMhjOPd_c_7yrgIYKwf_Ym3szjjmEs5Poc7D_fDqCL34EuaiJGjbPBgWrZFLPatZlLksycpTUtZPJp13ysi6jd3RVtxEXPRkqlXhL8-bBw_ugvXwwl6ByxwQ%26adurl%3D
Requested by: Host: 7ce4d47c5fc3eeb26be33dce2b4e0b6d.safeframe.googlesyndication.com
URL: https://7ce4d47c5fc3eeb26be33dce2b4e0b6d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.63.150 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.150.63.201.138.clients.your-server.de
Software: Apache /
Resource Hash: e36b0c65a44ffabe387bae473005d98f216af7257881984fa7489a50afe08af3

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://7ce4d47c5fc3eeb26be33dce2b4e0b6d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Date: Wed, 02 Mar 2022 00:15:02 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 3934
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame DEB1 22 KB
8 KB 7ms
7ms Document
text/html 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://7ce4d47c5fc3eeb26be33dce2b4e0b6d.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
timing-allow-origin: *
content-length: 8395
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 26 Feb 2022 12:21:42 GMT
expires: Sun, 26 Feb 2023 12:21:42 GMT
cache-control: public, max-age=31536000
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
content-type: text/html
age: 302000
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame 8F95 0
9 B 7ms
6ms Image
text/plain 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?tMCZjQ
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Wed, 02 Mar 2022 00:15:02 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame D188 0
0 57ms
56ms Image
text/html 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gpt_2022022401&jk=2062520611254302&rc=null
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

GET
H2 200 amp4ads-v0.mjs Show response
cdn.ampproject.org/rtv/012202072236000/ Frame 161B 220 KB
61 KB 30ms
7ms Script
text/javascript 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012202072236000/amp4ads-v0.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022022401.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

332dd9d8872171a7ce122129c088ef587eb876ee04f178f5e62310dff3747514

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 328643
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 61519
x-xss-protection: 0
server: sffe
date: Sat, 26 Feb 2022 04:57:39 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "609f9f524fc23ab6"
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Sun, 26 Feb 2023 04:57:39 GMT

GET
H2 200 amp-ad-exit-0.1.mjs Show response
cdn.ampproject.org/rtv/012202072236000/v0/ Frame 161B 16 KB
6 KB 40ms
17ms Script
text/javascript 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012202072236000/v0/amp-ad-exit-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022022401.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

372ddb86deaa3e11e5a4b1eec16924bcd6e6232bc8bab79338426b2faff7e7dd

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 328643
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5708
x-xss-protection: 0
server: sffe
date: Sat, 26 Feb 2022 04:57:39 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "4c9170e21c83610c"
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Sun, 26 Feb 2023 04:57:39 GMT

GET
H2 200 amp-analytics-0.1.mjs Show response
cdn.ampproject.org/rtv/012202072236000/v0/ Frame 161B 96 KB
29 KB 43ms
20ms Script
text/javascript 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012202072236000/v0/amp-analytics-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022022401.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

af42f8a986eefec222a68474cc9c9591028b07b082157631d810ecbbf4a652fe

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 328643
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 29623
x-xss-protection: 0
server: sffe
date: Sat, 26 Feb 2022 04:57:39 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "f660f99fdfd5d6c6"
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Sun, 26 Feb 2023 04:57:39 GMT

GET
H2 200 amp-fit-text-0.1.mjs Show response
cdn.ampproject.org/rtv/012202072236000/v0/ Frame 161B 5 KB
2 KB 44ms
21ms Script
text/javascript 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012202072236000/v0/amp-fit-text-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022022401.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d3ef00ccf0d1329768a9546012c96ecb5ac031695b0418da9ae3297979ad60bb

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 328643
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1844
x-xss-protection: 0
server: sffe
date: Sat, 26 Feb 2022 04:57:39 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "b0f41eb8e6d0a727"
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Sun, 26 Feb 2023 04:57:39 GMT

GET
H2 200 amp-form-0.1.mjs Show response
cdn.ampproject.org/rtv/012202072236000/v0/ Frame 161B 42 KB
13 KB 44ms
22ms Script
text/javascript 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012202072236000/v0/amp-form-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022022401.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

93b1f78578f169d4f472ecda3c79d72e81fa9e199bdb979d13139f5ddbe5a06d

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 328643
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13623
x-xss-protection: 0
server: sffe
date: Sat, 26 Feb 2022 04:57:39 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "14164defe327400f"
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Sun, 26 Feb 2023 04:57:39 GMT

GET
H2 200 css
fonts.googleapis.com/ Frame 161B 8 KB
1 KB 53ms
17ms Stylesheet
text/css 2a00:1450:4001:82a::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022022401.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

e3ad8c90cec1318c90852dc018d75e7afadcb71c36508344fc1c133021007bb3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Tue, 01 Mar 2022 22:21:23 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Wed, 02 Mar 2022 00:15:02 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Wed, 02 Mar 2022 00:15:02 GMT

OPTIONS
H2 200 i
api.purpleads.io/x/a/cfc471e0dfd02c26c431b129f6286e45:666da1759628004f130bd45de23a3508a992d40e64e8f4dcc757dd6fc23462104123e43612a707f1c470f3c7a10134bdf896e063aca284cd3e558bdd99d38c9ee3cbd5ffa2b925d... Frame 0
0 99ms
99ms Preflight 34.227.128.233
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://api.purpleads.io/x/a/cfc471e0dfd02c26c431b129f6286e45:666da1759628004f130bd45de23a3508a992d40e64e8f4dcc757dd6fc23462104123e43612a707f1c470f3c7a10134bdf896e063aca284cd3e558bdd99d38c9ee3cbd5ffa2b925ded676155346a54c617d5dd90381cfa6d37c9ee9b359cdd02cf5122792045b4f3d299631df3ba14f3535e8f0be77dd3476b01cfbfb1633a0ff05e684ebf0d2fe332d1c0164a237ac32/i?id=3d80b021-90ca-4926-a559-55fbd8795687&ts=1646180102053
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.227.128.233 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-227-128-233.compute-1.amazonaws.com
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: GET
Access-Control-Request-Headers: authorization,content-type,x-purpleads-version,x-request-url
Origin: https://nets4.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

date: Wed, 02 Mar 2022 00:15:02 GMT
access-control-allow-origin: https://nets4.com
access-control-allow-credentials: true
access-control-allow-methods: GET, PUT, POST, DELETE, HEAD, OPTIONS
access-control-allow-headers: authorization,content-type,x-purpleads-version,x-request-url
x-request-id: 7f50994b-6d25-4052-a076-4f8823527b5f

GET
H3 200 en.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 161B 2 KB
2 KB 7ms
7ms Image
image/png 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/en.png

Requested by

Host: nets4.com
URL: https://nets4.com/domain/megaplay.cc

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Tue, 01 Mar 2022 18:59:48 GMT
x-content-type-options: nosniff
server: cafe
age: 18914
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
etag: 14819457070020093239
vary: Accept-Encoding
content-type: image/png
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2502
x-xss-protection: 0
expires: Wed, 02 Mar 2022 18:59:48 GMT

GET
H3 200 icon.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 161B 295 B
319 B 7ms
7ms Image
image/png 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/icon.png

Requested by

Host: nets4.com
URL: https://nets4.com/domain/megaplay.cc

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Tue, 01 Mar 2022 05:43:34 GMT
x-content-type-options: nosniff
server: cafe
age: 66688
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
etag: 426692510519060060
vary: Accept-Encoding
content-type: image/png
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 295
x-xss-protection: 0
expires: Wed, 02 Mar 2022 05:43:34 GMT

GET
H2 200 /
track.seadform.net/adfserve/ Frame 161B 35 B
304 B 101ms
22ms Image
image/gif 37.157.6.245
ADFORM

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://track.seadform.net/adfserve/?bn=52090547;1x1inv=1;srctype=3;ord=1902650623

Requested by

Host: nets4.com
URL: https://nets4.com/domain/megaplay.cc

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.6.245 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 02 Mar 2022 00:15:02 GMT
server: nginx
strict-transport-security: max-age=31536000; includeSubDomains
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
content-type: image/gif
expires: -1

GET
H3 200 adview
securepubads.g.doubleclick.net/pagead/ Frame 161B 0
0 52ms
52ms Image
text/html 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=Cz1IiBbceYrPmHabH3gP6nIDoBe-649Jo9sO3pv0OweuCiJMOEAEgudvzJmCVgoCAsAegAcjk14oDyAEBqQKxDkeLwqmyPuACAKgDAcgDCqoE6gFP0D3OCo46bkfUosjpO4gN60IPa7QUuYFCjRD6Dt-UiNIOnqT69PQpi-0T29ZiUOuAu7pAJUaV6R54J-gHWev-t9tDVmcUO_FyVKXi3ME2qYU2R_G22j9rZhLjDvR5ku7nq43eJXx4EI1hYOZ8NHN9euwoPKSeymAZeOCcbmIEwVHtJ9QPkKcPqMVvNjD9PaLjIsAfKjroOUbmdjuiSs41MHd9xeStScA75kJvsmJREiG-z9HytGzOHguDzetAv1xv9atXZ4ObDV5ioNmBg1ymbgR8FLdpNhN5Itsm1nOYvp-VIrX71Z6RXAXABJq0gq7xA-AEAZIFBAgEGAGSBQQIBRgEgAegm6h1qAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhvYBwHyBwQQt5pM0ggJCIjhgBAQARgd8ggbYWR4LXN1YnN5bi00ODIzOTY5OTg1MDgyMTM2gAoDyAsB2BMNiBQD0BUBmBYBgBcBshceChwIABIUcHViLTQ5MDM0NTM5NzQ3NDU1MzAYi7l3&sigh=6FdOqYxe3rI&uach_m=[UACH]
Requested by: Host: nets4.com
URL: https://nets4.com/domain/megaplay.cc
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 142.250.185.130 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra16s50-in-f2.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

GET
H2 200 i Show response
api.purpleads.io/x/a/cfc471e0dfd02c26c431b129f6286e45:666da1759628004f130bd45de23a3508a992d40e64e8f4dcc757dd6fc23462104123e43612a707f1c470f3c7a10134bdf896e063aca284cd3e558bdd99d38c9ee3cbd5ffa2b925d... 0
199 B 136ms
135ms Fetch 34.227.128.233
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://api.purpleads.io/x/a/cfc471e0dfd02c26c431b129f6286e45:666da1759628004f130bd45de23a3508a992d40e64e8f4dcc757dd6fc23462104123e43612a707f1c470f3c7a10134bdf896e063aca284cd3e558bdd99d38c9ee3cbd5ffa2b925ded676155346a54c617d5dd90381cfa6d37c9ee9b359cdd02cf5122792045b4f3d299631df3ba14f3535e8f0be77dd3476b01cfbfb1633a0ff05e684ebf0d2fe332d1c0164a237ac32/i?id=3d80b021-90ca-4926-a559-55fbd8795687&ts=1646180102053
Requested by: Host: cdn.purpleads.io
URL: https://cdn.purpleads.io/agent.js?publisherId=344ad2e45bc351c4ada152793585a015:8aed5d81ec539e8e6c45776fc6ee38d0aa92f5aeb356bf9114996f6476591916247996f56f76a9fe14770cd4806b54edb29d6938615ba1769d3b435fb1fcd83b
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.227.128.233 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-227-128-233.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Authorization: Bearer 344ad2e45bc351c4ada152793585a015:8aed5d81ec539e8e6c45776fc6ee38d0aa92f5aeb356bf9114996f6476591916247996f56f76a9fe14770cd4806b54edb29d6938615ba1769d3b435fb1fcd83b
x-request-url: aHR0cHM6Ly9uZXRzNC5jb20vZG9tYWluL21lZ2FwbGF5LmNj
Accept: application/json
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type: application/json
x-purpleads-version: 2.0.26

Response headers

access-control-allow-origin: https://nets4.com
date: Wed, 02 Mar 2022 00:15:02 GMT
access-control-allow-methods: GET, PUT, POST, DELETE, HEAD, OPTIONS
access-control-allow-credentials: true
x-request-id: f227afc1-db62-4196-8e53-d59c100fdced

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame 32BC 0
9 B 9ms
8ms Image
text/plain 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?m6pJGw
Requested by: Host: nets4.com
URL: https://nets4.com/domain/megaplay.cc
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Wed, 02 Mar 2022 00:15:02 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0

GET
H3 200 container.html Show response
16ef2bfb7fd529af9b454a60baa82224.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 2324 6 KB
3 KB 7ms
7ms Document
text/html 2a00:1450:4001:810::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://16ef2bfb7fd529af9b454a60baa82224.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022022401.js?cb=31065383

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 3108
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 02 Mar 2022 00:15:01 GMT
expires: Thu, 02 Mar 2023 00:15:01 GMT
cache-control: public, immutable, max-age=31536000
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
content-type: text/html
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

OPTIONS
H2 200 i
api.purpleads.io/x/a/bba4907a77775481549d53c09da122e6:99560fab3232015af7557ccd344983530b1b459754eceb846eeca79f32077aa4e9ea4d0d6713c7844b1286fd529be7ba110b9340b1a76aefacadbd64bab0b7cdd77302b8af87579... Frame 0
0 93ms
93ms Preflight 34.227.128.233
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://api.purpleads.io/x/a/bba4907a77775481549d53c09da122e6:99560fab3232015af7557ccd344983530b1b459754eceb846eeca79f32077aa4e9ea4d0d6713c7844b1286fd529be7ba110b9340b1a76aefacadbd64bab0b7cdd77302b8af87579aaa24a3c7a3a6206d0578416165e608443c8a77deb3f805c27cbe121e0ed27b9bfe8bab763e4b2cea8b899e3e0069f3b47b7406af4280fdf4f4fe8e95bf252a38da5f9f5399098e67dca644899d7e8de0270a1d150c2ef0f3/i?id=8df9c4ea-a6e2-4167-b300-ee81507cf54a&ts=1646180102100
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.227.128.233 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-227-128-233.compute-1.amazonaws.com
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: GET
Access-Control-Request-Headers: authorization,content-type,x-purpleads-version,x-request-url
Origin: https://nets4.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

date: Wed, 02 Mar 2022 00:15:02 GMT
access-control-allow-origin: https://nets4.com
access-control-allow-credentials: true
access-control-allow-methods: GET, PUT, POST, DELETE, HEAD, OPTIONS
access-control-allow-headers: authorization,content-type,x-purpleads-version,x-request-url
x-request-id: d1519f91-1479-47fb-aa99-7af9d57a9ade

GET
H2 200 i Show response
api.purpleads.io/x/a/bba4907a77775481549d53c09da122e6:99560fab3232015af7557ccd344983530b1b459754eceb846eeca79f32077aa4e9ea4d0d6713c7844b1286fd529be7ba110b9340b1a76aefacadbd64bab0b7cdd77302b8af87579... 0
199 B 252ms
251ms Fetch 34.227.128.233
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://api.purpleads.io/x/a/bba4907a77775481549d53c09da122e6:99560fab3232015af7557ccd344983530b1b459754eceb846eeca79f32077aa4e9ea4d0d6713c7844b1286fd529be7ba110b9340b1a76aefacadbd64bab0b7cdd77302b8af87579aaa24a3c7a3a6206d0578416165e608443c8a77deb3f805c27cbe121e0ed27b9bfe8bab763e4b2cea8b899e3e0069f3b47b7406af4280fdf4f4fe8e95bf252a38da5f9f5399098e67dca644899d7e8de0270a1d150c2ef0f3/i?id=8df9c4ea-a6e2-4167-b300-ee81507cf54a&ts=1646180102100
Requested by: Host: cdn.purpleads.io
URL: https://cdn.purpleads.io/agent.js?publisherId=344ad2e45bc351c4ada152793585a015:8aed5d81ec539e8e6c45776fc6ee38d0aa92f5aeb356bf9114996f6476591916247996f56f76a9fe14770cd4806b54edb29d6938615ba1769d3b435fb1fcd83b
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.227.128.233 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-227-128-233.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Authorization: Bearer 344ad2e45bc351c4ada152793585a015:8aed5d81ec539e8e6c45776fc6ee38d0aa92f5aeb356bf9114996f6476591916247996f56f76a9fe14770cd4806b54edb29d6938615ba1769d3b435fb1fcd83b
x-request-url: aHR0cHM6Ly9uZXRzNC5jb20vZG9tYWluL21lZ2FwbGF5LmNj
Accept: application/json
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type: application/json
x-purpleads-version: 2.0.26

Response headers

access-control-allow-origin: https://nets4.com
date: Wed, 02 Mar 2022 00:15:02 GMT
access-control-allow-methods: GET, PUT, POST, DELETE, HEAD, OPTIONS
access-control-allow-credentials: true
x-request-id: e2024501-f8f4-41bf-bb58-e6a22f9a891f

GET generate_204
tpc.googlesyndication.com/ Frame A8AA 0
0

GET
H3 200 mF8jAiIKdU2I24lDkXEdvB6f9nJ-5cys-Upa-8ZRieM.js Show response
pagead2.googlesyndication.com/bg/ Frame AD6A 35 KB
13 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/mF8jAiIKdU2I24lDkXEdvB6f9nJ-5cys-Upa-8ZRieM.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

985f2302220a754d88db894391711dbc1e9ff6727ee5ccacf94a5afbc65189e3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Fri, 25 Feb 2022 08:07:31 GMT
content-encoding: br
x-content-type-options: nosniff
age: 403651
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13514
x-xss-protection: 0
last-modified: Thu, 24 Feb 2022 13:28:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sat, 25 Feb 2023 08:07:31 GMT

GET
H3 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ Frame 9F95 81 KB
27 KB 18ms
18ms Script
text/javascript 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

sffe /

Resource Hash

3dcdff49c9e3cadadf9852af34e0f499ac94b23deb3513fa4e2b1b659f6de6b8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Wed, 02 Mar 2022 00:15:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 27825
x-xss-protection: 0
server: sffe
etag: "1147 / 212 of 1000 / last-modified: 1646175953"
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Wed, 02 Mar 2022 00:15:02 GMT

GET
H/1.1

200
OK

request.php Show response
hal90002.redintelligence.net/ Frame CE6B
Redirect Chain

https://hal90002.redintelligence.net/request.php?zone=z9erfcgupzvd&nw=20&renderingType=javascript&namespace=3dbff98acd&subid=&uid=7c791723d5846289&screenSize=1600x1200&screenSizeAvail=1600x1200&cli...
https://hal90002.redintelligence.net/request.php?zone=z9erfcgupzvd&nw=20&renderingType=javascript&namespace=3dbff98acd&subid=&uid=7c791723d5846289&screenSize=1600x1200&screenSizeAvail=1600x1200&cli...

4 KB
2 KB

112ms
86ms

Script
application/x-javascript

46.4.10.47
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal90002.redintelligence.net/request.php?zone=z9erfcgupzvd&nw=20&renderingType=javascript&namespace=3dbff98acd&subid=&uid=7c791723d5846289&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=160x600&scrollPos=0x0&extData[]=&envData=&gdpr=-1&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCTA4uBbceYvXMHrKprATs2auADLXN-YNX3Ny5q-UM8C4QASC52_MmYJWCgICwB8gBCakCeVt4gCqosj6oAwGqBNkBT9C5L3Apc_1nqYOwYNqEUmjzJcNMTpmyHyuByYCe5ZU-L6NaybZpVBGi-JFpffwEbj-6bZEKfhcqvQQmTTJ3znybEPvQ6I0MX8vQTj42qxkkbNEvikX8IPEV2-MnN7zLOzzlxmAeyztfCtposcF1HNnTXFxuQGnRekhtyf1bddAf5MwiTT6RJsFXYJd_Icb7moabQhsj0rBjmjXb3s8zWDcs4xvhPbPZjGX-C2RgOuFBnWZlxe1mwphobJ1sjE-ZHussXJkAbOicTK-y9zAbRvwYxpNXzT7OkcAEqp38vs8B4AQDkAYBoAZNgAfr5-heqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhuoB_PRG6gHltgbqAeqm7ECqAffn7EC2AcA0ggJCIjhgBAQARgd8ggbYWR4LXN1YnN5bi00ODIzOTY5OTg1MDgyMTM2gAoDmAsByAsBgAwBsBPcmesN0BMA2BMD2BQB0BUB-BYBgBcB%26ae%3D1%26num%3D1%26cid%3DCAASFeRon192knxB6B5pGgb-aR9s_Ff3qw%26sig%3DAOD64_0cxdIlTArhSpr42xBeU_ofe6cyMw%26client%3Dca-pub-4903453974745530%26dbm_c%3DAKAmf-BsfztWRcTF90X3W4L7UT2IqrrDetlqwqZKAygGUwUNdJeYlIkRdYEq99M7FLIx3NL4AVScNtXigGzoTmoGL93FI4hP1tgsxi5Enyd3xtlx8V0bJVFWevjoSnwGI76PldP9_e0PNwLBEuvBK5rkYM0fIc3o2Q%26cry%3D1%26dbm_d%3DAKAmf-Cjp65UXSCEGBOqRH33MfhL2elzOrcDGuTKFYHF7vvwnxzLdFV816jBoH-wpMpSy34q0_-dn7znk3XpvWf8DWSkXMSUaTw7-iG4GBCV4uZopO6Os6DA_MwmtKAt9KV3YC4gLZaBJUztVew61-InDMHSO81E0IKLd7ETJF4vKSi-DtJjK0VpsLewdI9gpjxon9rDs0eTenMdxsEWoq2GszhdDBocppWzHdP4tHor1JrEC0sc3wMQyhbqf7T19649kQ4zjq5n_D3MIiCQQZTFUOJ0yC4_L72Q3mqqQKYMRV3qJLBHfjO5nvyesRVJq4O8DR3Gtu0sIYEPHfjXpV0gplbr1MH21wby1Q-gOoSMhjOPd_c_7yrgIYKwf_Ym3szjjmEs5Poc7D_fDqCL34EuaiJGjbPBgWrZFLPatZlLksycpTUtZPJp13ysi6jd3RVtxEXPRkqlXhL8-bBw_ugvXwwl6ByxwQ%26adurl%3D&documentReferer=https%3A%2F%2Fnets4.com%2F&ancestorOrigins=https%3A%2F%2Fnets4.com%2Chttps%3A%2F%2Fnets4.com&random=3833985871716&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0&uidRedirect=1
Requested by: Host: 7ce4d47c5fc3eeb26be33dce2b4e0b6d.safeframe.googlesyndication.com
URL: https://7ce4d47c5fc3eeb26be33dce2b4e0b6d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1
Protocol: HTTP/1.1
Server: 46.4.10.47 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.47.10.4.46.clients.your-server.de
Software: Apache /
Resource Hash: 592f9d97b8103ef58e9c0bbf1aaab0dff6c4d0f541e0ed97d2f0f72775c7c60b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://7ce4d47c5fc3eeb26be33dce2b4e0b6d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 02 Mar 2022 00:15:02 GMT
Content-Encoding: gzip
Server: Apache
Vary: Accept-Encoding
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
X-NEORY-SubId: 84224500007001300710618011886002
Connection: close
Content-Type: application/x-javascript; charset=utf-8
Content-Length: 1265
Expires: Wed, 02 Mar 2022 00:15:02 +0100

Redirect headers

Pragma: no-cache
Date: Wed, 02 Mar 2022 00:15:02 GMT
Server: Apache
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Location: request.php?zone=z9erfcgupzvd&nw=20&renderingType=javascript&namespace=3dbff98acd&subid=&uid=7c791723d5846289&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=160x600&scrollPos=0x0&extData[]=&envData=&gdpr=-1&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCTA4uBbceYvXMHrKprATs2auADLXN-YNX3Ny5q-UM8C4QASC52_MmYJWCgICwB8gBCakCeVt4gCqosj6oAwGqBNkBT9C5L3Apc_1nqYOwYNqEUmjzJcNMTpmyHyuByYCe5ZU-L6NaybZpVBGi-JFpffwEbj-6bZEKfhcqvQQmTTJ3znybEPvQ6I0MX8vQTj42qxkkbNEvikX8IPEV2-MnN7zLOzzlxmAeyztfCtposcF1HNnTXFxuQGnRekhtyf1bddAf5MwiTT6RJsFXYJd_Icb7moabQhsj0rBjmjXb3s8zWDcs4xvhPbPZjGX-C2RgOuFBnWZlxe1mwphobJ1sjE-ZHussXJkAbOicTK-y9zAbRvwYxpNXzT7OkcAEqp38vs8B4AQDkAYBoAZNgAfr5-heqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhuoB_PRG6gHltgbqAeqm7ECqAffn7EC2AcA0ggJCIjhgBAQARgd8ggbYWR4LXN1YnN5bi00ODIzOTY5OTg1MDgyMTM2gAoDmAsByAsBgAwBsBPcmesN0BMA2BMD2BQB0BUB-BYBgBcB%26ae%3D1%26num%3D1%26cid%3DCAASFeRon192knxB6B5pGgb-aR9s_Ff3qw%26sig%3DAOD64_0cxdIlTArhSpr42xBeU_ofe6cyMw%26client%3Dca-pub-4903453974745530%26dbm_c%3DAKAmf-BsfztWRcTF90X3W4L7UT2IqrrDetlqwqZKAygGUwUNdJeYlIkRdYEq99M7FLIx3NL4AVScNtXigGzoTmoGL93FI4hP1tgsxi5Enyd3xtlx8V0bJVFWevjoSnwGI76PldP9_e0PNwLBEuvBK5rkYM0fIc3o2Q%26cry%3D1%26dbm_d%3DAKAmf-Cjp65UXSCEGBOqRH33MfhL2elzOrcDGuTKFYHF7vvwnxzLdFV816jBoH-wpMpSy34q0_-dn7znk3XpvWf8DWSkXMSUaTw7-iG4GBCV4uZopO6Os6DA_MwmtKAt9KV3YC4gLZaBJUztVew61-InDMHSO81E0IKLd7ETJF4vKSi-DtJjK0VpsLewdI9gpjxon9rDs0eTenMdxsEWoq2GszhdDBocppWzHdP4tHor1JrEC0sc3wMQyhbqf7T19649kQ4zjq5n_D3MIiCQQZTFUOJ0yC4_L72Q3mqqQKYMRV3qJLBHfjO5nvyesRVJq4O8DR3Gtu0sIYEPHfjXpV0gplbr1MH21wby1Q-gOoSMhjOPd_c_7yrgIYKwf_Ym3szjjmEs5Poc7D_fDqCL34EuaiJGjbPBgWrZFLPatZlLksycpTUtZPJp13ysi6jd3RVtxEXPRkqlXhL8-bBw_ugvXwwl6ByxwQ%26adurl%3D&documentReferer=https%3A%2F%2Fnets4.com%2F&ancestorOrigins=https%3A%2F%2Fnets4.com%2Chttps%3A%2F%2Fnets4.com&random=3833985871716&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0&uidRedirect=1
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 0
Expires: Wed, 02 Mar 2022 00:15:02 +0100

GET
DATA 200
OK truncated
/ Frame 161B 215 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 35ff8c11afe813b8068ffafdfa1f18f9e5c4f40947c04c0b09d4d3b9cbb17bea

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 4UasrENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RPjIUvQ.woff2
fonts.gstatic.com/s/googlesans/v41/ Frame 161B 28 KB
28 KB 36ms
14ms Font
font/woff2 2a00:1450:4001:803::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/googlesans/v41/4UasrENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RPjIUvQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

05e2888e835d97fe6e4cfb256f62f47d5dccf6d9ac202ea9d82a6bc2b1716c1d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://nets4.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Tue, 01 Mar 2022 18:14:29 GMT
x-content-type-options: nosniff
age: 21633
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 28196
x-xss-protection: 0
last-modified: Tue, 18 Jan 2022 17:53:50 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Wed, 01 Mar 2023 18:14:29 GMT

GET
H3

200

si
googleads.g.doubleclick.net/pagead/drt/ Frame 161B
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

0
0

58ms
31ms

Image
text/html

2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Requested by: Host: nets4.com
URL: https://nets4.com/domain/megaplay.cc
Protocol: H3
Server: 2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Redirect headers

date: Wed, 02 Mar 2022 00:15:02 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
location: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
cache-control: private
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0

GET
H3 200 adview
securepubads.g.doubleclick.net/pagead/ Frame 2324 0
0 50ms
48ms Fetch
text/html 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=CMtkvBbceYpnfJoz23wO87K6IC_PYq5NcybzUs6IHwI23ARABIABglYKAgLAHggEXY2EtcHViLTU0MTMzMjk1NDQwNDA5NDfIAQmpArEOR4vCqbI-4AIAqAMBqgTHAk_QLqh_HUZ1j_DwLFBKOY_uOWKwPUUK_sExgJPkBoEUgHCRETw1xVo_u9uCB66euzB3g5mHxzFm2YyIs6o3HjtBlQGRuJnLTIYZSaVeBveBzvX6W7tPI4O_1I_OldSwqKTC-uthC9STxz1n77PmO0IQ3rwi0E-H_VXP6nSy1tZ5BnegOdu-fV438HukSJVkHsovUaTfnziQAR-tCtcZs8MROuFludgZ9CNoSu55sNaTTNRbjUpsHCJZ1r6yz8-FpY5ixNmlr04SMM1GOfsEctAspkNtjWz-h7mqE0AdQljl8jBay_y4UJbwy6Oc7pf2XFP1iSDz9yeiUTdshZpXHGqpPHBmGnZV9PrtqK_IyyUQXfqsdLBOr2kVqC5XCF-Gc0ltlMkoJ2RCvc_XqwMEk8ykkHsyqP-0Cht1iBDz5ToZBijFwsqyXeAEAYAG-NuLrdKw4bOZAaAGIagHpr4bqAeW2BuoB6qbsQKoB9-fsQLYBwDSCAcIgOGAEBABgAoD-gsCCAGADAHQFQGAFwGyFxwKGhIUcHViLTU0MTMzMjk1NDQwNDA5NDcYwYx0&sigh=gHVK-n85hxE&uach_m=[UACH]&cid=CAQSPACNIrLML-TteBH6HCGNiuA34HVlfVS09za3X_ntXsX0OcUFVvR3lM-stPqWFkWXXAwYYW1uFrczRMjbIBgB
Requested by: Host: nets4.com
URL: https://nets4.com/domain/megaplay.cc
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 142.250.185.130 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra16s50-in-f2.1e100.net
Software: /
Resource Hash

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://16ef2bfb7fd529af9b454a60baa82224.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

GET
H2 200 / Show response
track.adform.net/adfscript/ Frame 2324 2 KB
2 KB 58ms
19ms Script
text/javascript 37.157.6.247
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://track.adform.net/adfscript/?bn=38516441;rtbwp=Yh63BQAJr5kKd_sMAAu2PPS5UDvVctmOrqzshA;rtbdata=jMNqeDmYZHhNpueflJD4Fqi1RJ7kEJGV8Dab6dzqVdnyEOHvwTTfCw6lzVbaIVSCz2H8BUGO2GN7YivtyqnHvJ4njTShSpQRJpSNbM-lEoX8L4auf8hiaSI6TCT45abKviLQ1T7f49UsVVTyv_CHqQFv_3CBxlGP6bZH-F4ocYPTU60VogpPVcnSB96SqMD18VBsQGyzA2TJVWRWroDVuC0tIH0ewKtslbLBcIpUZ7FULoOKEbZeX4V0LcYr737tK8G-vBFKtmOivyDzGMbpcGiVjUO9Hc_IeiDNb4WVFnSnaL3DEImJQQ_4t0VNroP79JWraxIEfh3XR7n2NFFky-l_OwOneNqMkydbcz0HpcA1;nofp=1;click=https://adclick.g.doubleclick.net/aclk?sa=L&ai=CSsZ3BbceYpnfJoz23wO87K6IC_PYq5NcybzUs6IHwI23ARABIABglYKAgLAHggEXY2EtcHViLTU0MTMzMjk1NDQwNDA5NDfIAQmpArEOR4vCqbI-4AIAqAMBqgTKAk_QLqh_HUZ1j_DwLFBKOY_uOWKwPUUK_sExgJPkBoEUgHCRETw1xVo_u9uCB66euzB3g5mHxzFm2YyIs6o3HjtBlQGRuJnLTIYZSaVeBveBzvX6W7tPI4O_1I_OldSwqKTC-uthC9STxz1n77PmO0IQ3rwi0E-H_VXP6nSy1tZ5BnegOdu-fV438HukSJVkHsovUaTfnziQAR-tCtcZs8MROuFludgZ9CNoSu55sNaTTNRbjUpsHCJZ1r6yz8-FpY5ixNmlr04SMM1GOfsEctAspkNtjWz-h7mqE0AdQljl8jBay_y4UJbwy6Oc7pf2XFP1iSDz9yeiUTdshZpXHGqpPHBmGnZV9PrtqK_IyyUQXfqsdLBOr2kVqC5XCF-Gc0kvlui6utj9gEJosa_WhmRekG84BfWaEqPPQgVbFZcHKjBaW22P0P3E9eAEAYAG-NuLrdKw4bOZAaAGIagHpr4bqAeW2BuoB6qbsQKoB9-fsQLYBwDSCAcIgOGAEBAB-gsCCAGADAHQFQGAFwE&num=1&sig=AOD64_0pIlc87fXsGxqOuxoufCwnp3NNLQ&client=ca-pub-5413329544040947&adurl=

Requested by

Host: 16ef2bfb7fd529af9b454a60baa82224.safeframe.googlesyndication.com
URL: https://16ef2bfb7fd529af9b454a60baa82224.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.6.247 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

1bda1716fe1fa1faffa05aa35a11bd3e09e6457baf55a17dee0432f2d8e43d88

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://16ef2bfb7fd529af9b454a60baa82224.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 02 Mar 2022 00:15:02 GMT
content-encoding: gzip
server: nginx
vary: Accept-Encoding
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
strict-transport-security: max-age=31536000; includeSubDomains
content-type: text/javascript; charset=utf-8
content-length: 1853
expires: -1

GET
H3 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220225/r20110914/client/ Frame 2324 2 KB
1 KB 8ms
6ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220225/r20110914/client/window_focus_fy2019.js

Requested by

Host: 16ef2bfb7fd529af9b454a60baa82224.safeframe.googlesyndication.com
URL: https://16ef2bfb7fd529af9b454a60baa82224.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

68026f99511fbc5c2275b7068b5fac19797d638977ffb9db12c5c1523614c18f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://16ef2bfb7fd529af9b454a60baa82224.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Tue, 01 Mar 2022 23:59:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 951
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1233
x-xss-protection: 0
server: cafe
etag: 16517525077337815633
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 15 Mar 2022 23:59:11 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 2324 124 KB
38 KB 41ms
26ms Script
text/javascript 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 16ef2bfb7fd529af9b454a60baa82224.safeframe.googlesyndication.com
URL: https://16ef2bfb7fd529af9b454a60baa82224.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

421826ba172a54d9fd676a0a6ec9d635c3f2210aba81b270d1505c8c653ae4ff

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://16ef2bfb7fd529af9b454a60baa82224.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Wed, 02 Mar 2022 00:15:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 38862
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1646052075697155"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Wed, 02 Mar 2022 00:15:02 GMT

GET
H3 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220225/r20110914/client/ Frame 2324 15 KB
6 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220225/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: 16ef2bfb7fd529af9b454a60baa82224.safeframe.googlesyndication.com
URL: https://16ef2bfb7fd529af9b454a60baa82224.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

383f95a75b02bb1370e93c9c3c6b9f060a98dbe492b16d8e1da3f653a800e435

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://16ef2bfb7fd529af9b454a60baa82224.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Tue, 01 Mar 2022 23:58:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 986
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6433
x-xss-protection: 0
server: cafe
etag: 3306657128042699500
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 15 Mar 2022 23:58:36 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame 2324 0
0 16ms
15ms Image
text/html 2a00:1450:4001:810::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaTv7CyRh2GOusYU30GhpGzeNMX-koQ6nJ9taKmuHEVR3XWdzPOAP7vK-c_VlNc-RV8N6ddRxsGJBCIbApZFRV-pnSeoUA
Requested by: Host: 16ef2bfb7fd529af9b454a60baa82224.safeframe.googlesyndication.com
URL: https://16ef2bfb7fd529af9b454a60baa82224.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:810::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://16ef2bfb7fd529af9b454a60baa82224.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

GET
H3 200 ext.js Show response
tpc.googlesyndication.com/safeframe/1-0-38/js/ Frame 2324 22 KB
7 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/safeframe/1-0-38/js/ext.js

Requested by

Host: 16ef2bfb7fd529af9b454a60baa82224.safeframe.googlesyndication.com
URL: https://16ef2bfb7fd529af9b454a60baa82224.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0bcac89d72d5f0b2bef20f815406384ff05489e4294acee57409060c2eccffc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://16ef2bfb7fd529af9b454a60baa82224.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Wed, 23 Feb 2022 14:03:17 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 555105
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7022
x-xss-protection: 0
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Thu, 23 Feb 2023 14:03:17 GMT

GET
H3 200 pubads_impl_2022022401.js Show response
securepubads.g.doubleclick.net/gpt/ Frame 9F95 363 KB
121 KB 7ms
7ms Script
text/javascript 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022022401.js?cb=31065383

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

sffe /

Resource Hash

eb17a933f0977509c796b9055e3c140746326ecd3ec343dfa3614e8bdb1ac2f5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Tue, 01 Mar 2022 17:59:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 22533
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 124299
x-xss-protection: 0
last-modified: Thu, 24 Feb 2022 09:41:14 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Wed, 01 Mar 2023 17:59:29 GMT

GET
H3 200 mF8jAiIKdU2I24lDkXEdvB6f9nJ-5cys-Upa-8ZRieM.js Show response
pagead2.googlesyndication.com/bg/ Frame DEB1 35 KB
13 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/mF8jAiIKdU2I24lDkXEdvB6f9nJ-5cys-Upa-8ZRieM.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

985f2302220a754d88db894391711dbc1e9ff6727ee5ccacf94a5afbc65189e3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Fri, 25 Feb 2022 08:07:31 GMT
content-encoding: br
x-content-type-options: nosniff
age: 403651
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13514
x-xss-protection: 0
last-modified: Thu, 24 Feb 2022 13:28:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sat, 25 Feb 2023 08:07:31 GMT

GET
H3 200 integrator.js Show response
adservice.google.de/adsid/ Frame 9F95 107 B
122 B 18ms
18ms Script
application/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=nets4.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022022401.js?cb=31065383

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 02 Mar 2022 00:15:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 integrator.js Show response
adservice.google.com/adsid/ Frame 9F95 107 B
122 B 18ms
17ms Script
application/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=nets4.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022022401.js?cb=31065383

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 02 Mar 2022 00:15:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ Frame 9F95 19 KB
10 KB 396ms
395ms XHR
text/plain 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=197523846785933&correlator=3712258605141437&output=ldjh&impl=fif&eid=31061815%2C31063378%2C31064957%2C31064976%2C31065383&vrg=2022022401&ptt=17&sc=1&sfv=1-0-38&ecs=20220302&iu_parts=22178702878%2Cpurpleapl%2Callsizesv2&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=728x90%7C468x60%7C200x200%7C320x100%7C320x50%7C300x100&eri=4&cookie=ID%3D8d6cbc1c2e195d62%3AT%3D1646180101%3AS%3DALNI_Mbi_YfkpMToZ-NnOXe_ipbYmjRbTQ&abxe=1&dt=1646180102317&dlt=1646180102119&idt=181&ea=0&biw=1600&bih=1200&isw=728&ish=90&oid=2&adxs=294&adys=2037&ucis=sdjvx4x808x0&adks=4203880072&ifi=1&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&nhd=1&url=https%3A%2F%2Fnets4.com%2Fdomain%2Fmegaplay.cc&top=nets4.com&frm=23&vis=1&scr_x=0&scr_y=0&psz=728x0&msz=728x0&ga_vid=959488425.1646180100&ga_sid=1646180102&ga_hid=970794658&ga_fc=true&fws=256&ohw=0&btvi=1&nvt=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022022401.js?cb=31065383

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

cafe /

Resource Hash

42dd562fedf7d006deac2445cfe630125d8b9d4f3f3b2fa1dd9e4aeefd007b2f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Wed, 02 Mar 2022 00:15:02 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10360
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://nets4.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame 9F95 14 KB
10 KB 25ms
25ms XHR
application/json 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2022022401&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022022401.js?cb=31065383

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d38172c73e138d635d73d169885bb69aa395ce4bd213e5ae1ca2dfb3c7ddd60a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 02 Mar 2022 00:15:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10648
x-xss-protection: 0

GET
H2 200 container.html Show response
41930831e50f6c0a667ec604b453a08b.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 126D 6 KB
3 KB 30ms
14ms Document
text/html 2a00:1450:4001:810::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://41930831e50f6c0a667ec604b453a08b.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022022401.js?cb=31065383

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 3108
date: Wed, 02 Mar 2022 00:15:02 GMT
expires: Thu, 02 Mar 2023 00:15:02 GMT
cache-control: public, immutable, max-age=31536000
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 css
fonts.googleapis.com/ Frame 95F2 708 B
367 B 33ms
17ms Stylesheet
text/css 2a00:1450:4001:82a::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Lato&display=swap

Requested by

Host: cdn.purpleads.io
URL: https://cdn.purpleads.io/load.js?publisherId=344ad2e45bc351c4ada152793585a015:8aed5d81ec539e8e6c45776fc6ee38d0aa92f5aeb356bf9114996f6476591916247996f56f76a9fe14770cd4806b54edb29d6938615ba1769d3b435fb1fcd83b

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

230f27646f2460a7e13106d06ec50cb822acf254ae08fba4058aa06ca57b9dab

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Tue, 01 Mar 2022 23:00:00 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Wed, 02 Mar 2022 00:15:02 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Wed, 02 Mar 2022 00:15:02 GMT

GET
H3 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ Frame 95F2 82 KB
27 KB 17ms
16ms Script
text/javascript 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

sffe /

Resource Hash

0335465e1a4e82345f000f45a2c83e4166c38473b3a6f39a45b823212ed8cd73

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Wed, 02 Mar 2022 00:15:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 27854
x-xss-protection: 0
server: sffe
etag: "1147 / 582 of 1000 / last-modified: 1646179388"
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Wed, 02 Mar 2022 00:15:02 GMT

GET
H2 200 bootstrap.js Show response
s1.adform.net/stoat/626/s1.adform.net/ Frame 2324 33 KB
16 KB 307ms
17ms Script
text/javascript 37.157.2.248
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL: https://s1.adform.net/stoat/626/s1.adform.net/bootstrap.js
Requested by: Host: track.adform.net
URL: https://track.adform.net/adfscript/?bn=38516441;rtbwp=Yh63BQAJr5kKd_sMAAu2PPS5UDvVctmOrqzshA;rtbdata=jMNqeDmYZHhNpueflJD4Fqi1RJ7kEJGV8Dab6dzqVdnyEOHvwTTfCw6lzVbaIVSCz2H8BUGO2GN7YivtyqnHvJ4njTShSpQRJpSNbM-lEoX8L4auf8hiaSI6TCT45abKviLQ1T7f49UsVVTyv_CHqQFv_3CBxlGP6bZH-F4ocYPTU60VogpPVcnSB96SqMD18VBsQGyzA2TJVWRWroDVuC0tIH0ewKtslbLBcIpUZ7FULoOKEbZeX4V0LcYr737tK8G-vBFKtmOivyDzGMbpcGiVjUO9Hc_IeiDNb4WVFnSnaL3DEImJQQ_4t0VNroP79JWraxIEfh3XR7n2NFFky-l_OwOneNqMkydbcz0HpcA1;nofp=1;click=https://adclick.g.doubleclick.net/aclk?sa=L&ai=CSsZ3BbceYpnfJoz23wO87K6IC_PYq5NcybzUs6IHwI23ARABIABglYKAgLAHggEXY2EtcHViLTU0MTMzMjk1NDQwNDA5NDfIAQmpArEOR4vCqbI-4AIAqAMBqgTKAk_QLqh_HUZ1j_DwLFBKOY_uOWKwPUUK_sExgJPkBoEUgHCRETw1xVo_u9uCB66euzB3g5mHxzFm2YyIs6o3HjtBlQGRuJnLTIYZSaVeBveBzvX6W7tPI4O_1I_OldSwqKTC-uthC9STxz1n77PmO0IQ3rwi0E-H_VXP6nSy1tZ5BnegOdu-fV438HukSJVkHsovUaTfnziQAR-tCtcZs8MROuFludgZ9CNoSu55sNaTTNRbjUpsHCJZ1r6yz8-FpY5ixNmlr04SMM1GOfsEctAspkNtjWz-h7mqE0AdQljl8jBay_y4UJbwy6Oc7pf2XFP1iSDz9yeiUTdshZpXHGqpPHBmGnZV9PrtqK_IyyUQXfqsdLBOr2kVqC5XCF-Gc0kvlui6utj9gEJosa_WhmRekG84BfWaEqPPQgVbFZcHKjBaW22P0P3E9eAEAYAG-NuLrdKw4bOZAaAGIagHpr4bqAeW2BuoB6qbsQKoB9-fsQLYBwDSCAcIgOGAEBAB-gsCCAGADAHQFQGAFwE&num=1&sig=AOD64_0pIlc87fXsGxqOuxoufCwnp3NNLQ&client=ca-pub-5413329544040947&adurl=
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.157.2.248 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software: nginx /
Resource Hash: 3d0bf782b47dcd079eedf6bb34ecb0742c114a4e4b90e37a58a412482101b475

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://16ef2bfb7fd529af9b454a60baa82224.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Wed, 02 Mar 2022 00:15:02 GMT
content-encoding: gzip
last-modified: Thu, 10 Feb 2022 15:16:56 GMT
server: nginx
x-cache-status: HIT
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=100000
expires: Thu, 03 Mar 2022 03:50:18 GMT

GET
H2

200

view.aspx Show response
pb.media01.eu/ Frame 014E
Redirect Chain

https://pv.medialead.de/trck/epv/e99aace94e6e5873881d3400993e1e7e?subid=84224500007001300710618011886002&t=htlp
https://pb.media01.eu/view.aspx?trackid=529D4F146E3238B0FD87AE72E1190AD4&dt_subid1=52180&dt_subid2=84224500007001300710618011886002&actionid=981741&produktid=&dt_url=

0
628 B

75ms
33ms

Document
text/html

88.198.250.30
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://pb.media01.eu/view.aspx?trackid=529D4F146E3238B0FD87AE72E1190AD4&dt_subid1=52180&dt_subid2=84224500007001300710618011886002&actionid=981741&produktid=&dt_url=

Requested by

Host: hal90002.redintelligence.net
URL: https://hal90002.redintelligence.net/request.php?zone=z9erfcgupzvd&nw=20&renderingType=javascript&namespace=3dbff98acd&subid=&uid=7c791723d5846289&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=160x600&scrollPos=0x0&extData[]=&envData=&gdpr=-1&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCTA4uBbceYvXMHrKprATs2auADLXN-YNX3Ny5q-UM8C4QASC52_MmYJWCgICwB8gBCakCeVt4gCqosj6oAwGqBNkBT9C5L3Apc_1nqYOwYNqEUmjzJcNMTpmyHyuByYCe5ZU-L6NaybZpVBGi-JFpffwEbj-6bZEKfhcqvQQmTTJ3znybEPvQ6I0MX8vQTj42qxkkbNEvikX8IPEV2-MnN7zLOzzlxmAeyztfCtposcF1HNnTXFxuQGnRekhtyf1bddAf5MwiTT6RJsFXYJd_Icb7moabQhsj0rBjmjXb3s8zWDcs4xvhPbPZjGX-C2RgOuFBnWZlxe1mwphobJ1sjE-ZHussXJkAbOicTK-y9zAbRvwYxpNXzT7OkcAEqp38vs8B4AQDkAYBoAZNgAfr5-heqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhuoB_PRG6gHltgbqAeqm7ECqAffn7EC2AcA0ggJCIjhgBAQARgd8ggbYWR4LXN1YnN5bi00ODIzOTY5OTg1MDgyMTM2gAoDmAsByAsBgAwBsBPcmesN0BMA2BMD2BQB0BUB-BYBgBcB%26ae%3D1%26num%3D1%26cid%3DCAASFeRon192knxB6B5pGgb-aR9s_Ff3qw%26sig%3DAOD64_0cxdIlTArhSpr42xBeU_ofe6cyMw%26client%3Dca-pub-4903453974745530%26dbm_c%3DAKAmf-BsfztWRcTF90X3W4L7UT2IqrrDetlqwqZKAygGUwUNdJeYlIkRdYEq99M7FLIx3NL4AVScNtXigGzoTmoGL93FI4hP1tgsxi5Enyd3xtlx8V0bJVFWevjoSnwGI76PldP9_e0PNwLBEuvBK5rkYM0fIc3o2Q%26cry%3D1%26dbm_d%3DAKAmf-Cjp65UXSCEGBOqRH33MfhL2elzOrcDGuTKFYHF7vvwnxzLdFV816jBoH-wpMpSy34q0_-dn7znk3XpvWf8DWSkXMSUaTw7-iG4GBCV4uZopO6Os6DA_MwmtKAt9KV3YC4gLZaBJUztVew61-InDMHSO81E0IKLd7ETJF4vKSi-DtJjK0VpsLewdI9gpjxon9rDs0eTenMdxsEWoq2GszhdDBocppWzHdP4tHor1JrEC0sc3wMQyhbqf7T19649kQ4zjq5n_D3MIiCQQZTFUOJ0yC4_L72Q3mqqQKYMRV3qJLBHfjO5nvyesRVJq4O8DR3Gtu0sIYEPHfjXpV0gplbr1MH21wby1Q-gOoSMhjOPd_c_7yrgIYKwf_Ym3szjjmEs5Poc7D_fDqCL34EuaiJGjbPBgWrZFLPatZlLksycpTUtZPJp13ysi6jd3RVtxEXPRkqlXhL8-bBw_ugvXwwl6ByxwQ%26adurl%3D&documentReferer=https%3A%2F%2Fnets4.com%2F&ancestorOrigins=https%3A%2F%2Fnets4.com%2Chttps%3A%2F%2Fnets4.com&random=3833985871716&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

88.198.250.30 Baienfurt, Germany, ASN24940 (HETZNER-AS, DE),

Reverse DNS

static.88-198-250-30.clients.your-server.de

Software

Microsoft-IIS/10.0 / ASP.NET

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://7ce4d47c5fc3eeb26be33dce2b4e0b6d.safeframe.googlesyndication.com/

Response headers

cache-control: no-cache, must-revalidate
pragma: no-cache
content-type: text/html; charset=UTF-8
expires: Mon, 26 Jul 1997 05:00:00 GMT
last-modified: Wed, 02 Mar 2022 01:15:01 GMT
server: Microsoft-IIS/10.0
p3p: policyref="https://pb.media01.eu/pb.media01.eu/p3p.xml", CP="NOI NID PSA OUR BUS NAV STA"
access-control-allow-origin: *
access-control-allow-credentials: true
x-xss-protection: 1; mode=block
access-control-allow-methods: GET,POST
access-control-allow-headers: Content-Type, Content-Range, Content-Disposition, Content-Description, X-XSRF-TOKEN, X-Location
x-aspnet-version: 4.0.30319
x-powered-by: ASP.NET
date: Wed, 02 Mar 2022 00:15:01 GMT
content-length: 0

Redirect headers

Server: nginx/1.17.5
Date: Wed, 02 Mar 2022 00:15:02 GMT
Content-Type: application/javascript
Content-Length: 0
Keep-Alive: timeout=20
Location: https://pb.media01.eu/view.aspx?trackid=529D4F146E3238B0FD87AE72E1190AD4&dt_subid1=52180&dt_subid2=84224500007001300710618011886002&actionid=981741&produktid=&dt_url=
Host: pv.medialead.de
Proxy-Host: pv.medialead.de
X-IPLB-Request-ID: 8AC72684:EB2A_91EFC182:01BB_621EB706_5A313FE:F725
Strict-Transport-Security: max-age=15768000
X-IPLB-Instance: 40027

GET
H/1.1 200
OK link.html Show response
track.webgains.com/ Frame CE6B 1 KB
2 KB 208ms
129ms Script
text/html 46.236.13.147
PULSANT-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://track.webgains.com/link.html?wglinkid=3392345&wgcampaignid=99582&viewref=84224500007001300710618011886002&js=1&nw=1
Requested by: Host: nets4.com
URL: https://nets4.com/domain/megaplay.cc
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_CBC
Server: 46.236.13.147 , United Kingdom, ASN12703 (PULSANT-AS, GB),
Reverse DNS: 46-236-13-147.servers.dedipower.net
Software: Apache /
Resource Hash: 016beddc8171c134f6e9dd133a73f7300a7edf1260a2331444af4198e86c0e13

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://7ce4d47c5fc3eeb26be33dce2b4e0b6d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 02 Mar 2022 00:15:02 GMT
Last-Modified: Wed, 02 Mar 2022 00:15:02 GMT
Server: Apache
P3P: policyref="http://www.webgains.com/w3c/p3p.xml", CP="NON DSP COR NID ADM DEV CURi OUR NOR COM NAV"
X-WG-cache: hit
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection: close
Content-Type: text/html;charset=utf-8
Content-Length: 1239
Expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H3

200

activityi;dc_pre=CLbr-eGSpvYCFeXuuwgdO7oMpA;src=5994599;type=invmedia;cat=wieh99wc;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=9636254871140.271 Show response
5994599.fls.doubleclick.net/ Frame 89DB
Redirect Chain

https://5994599.fls.doubleclick.net/activityi;src=5994599;type=invmedia;cat=wieh99wc;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=9636254871140.271?
https://5994599.fls.doubleclick.net/activityi;dc_pre=CLbr-eGSpvYCFeXuuwgdO7oMpA;src=5994599;type=invmedia;cat=wieh99wc;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=9636254871140.271?

391 B
346 B

40ms
25ms

Document
text/html

216.58.212.134
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://5994599.fls.doubleclick.net/activityi;dc_pre=CLbr-eGSpvYCFeXuuwgdO7oMpA;src=5994599;type=invmedia;cat=wieh99wc;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=9636254871140.271?

Requested by

Host: nets4.com
URL: https://nets4.com/domain/megaplay.cc

Protocol

Security

QUIC, , AES_128_GCM

Server

216.58.212.134 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s46-in-f6.1e100.net

Software

cafe /

Resource Hash

1fd186c8aeddc4447f6bc4392ded7aafbb4aea1977b82f6611f2cff41f8c9dd1

Security Headers

Name	Value
Strict-Transport-Security	max-age=21600
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://7ce4d47c5fc3eeb26be33dce2b4e0b6d.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Wed, 02 Mar 2022 00:15:02 GMT
expires: Wed, 02 Mar 2022 00:15:02 GMT
cache-control: private, max-age=0
strict-transport-security: max-age=21600
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 323
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

Redirect headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Wed, 02 Mar 2022 00:15:02 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
follow-only-when-prerender-shown: 1
strict-transport-security: max-age=21600
location: https://5994599.fls.doubleclick.net/activityi;dc_pre=CLbr-eGSpvYCFeXuuwgdO7oMpA;src=5994599;type=invmedia;cat=wieh99wc;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=9636254871140.271?
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
server: cafe
content-length: 0
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H/1.1 200
OK request_content.php Show response
hal90002.redintelligence.net/ Frame C9A0 7 KB
2 KB 41ms
16ms Document
text/html 46.4.10.47
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal90002.redintelligence.net/request_content.php?s=84224500007001300710618011886002&a=dff5b77f
Requested by: Host: hal90002.redintelligence.net
URL: https://hal90002.redintelligence.net/request.php?zone=z9erfcgupzvd&nw=20&renderingType=javascript&namespace=3dbff98acd&subid=&uid=7c791723d5846289&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=160x600&scrollPos=0x0&extData[]=&envData=&gdpr=-1&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCTA4uBbceYvXMHrKprATs2auADLXN-YNX3Ny5q-UM8C4QASC52_MmYJWCgICwB8gBCakCeVt4gCqosj6oAwGqBNkBT9C5L3Apc_1nqYOwYNqEUmjzJcNMTpmyHyuByYCe5ZU-L6NaybZpVBGi-JFpffwEbj-6bZEKfhcqvQQmTTJ3znybEPvQ6I0MX8vQTj42qxkkbNEvikX8IPEV2-MnN7zLOzzlxmAeyztfCtposcF1HNnTXFxuQGnRekhtyf1bddAf5MwiTT6RJsFXYJd_Icb7moabQhsj0rBjmjXb3s8zWDcs4xvhPbPZjGX-C2RgOuFBnWZlxe1mwphobJ1sjE-ZHussXJkAbOicTK-y9zAbRvwYxpNXzT7OkcAEqp38vs8B4AQDkAYBoAZNgAfr5-heqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhuoB_PRG6gHltgbqAeqm7ECqAffn7EC2AcA0ggJCIjhgBAQARgd8ggbYWR4LXN1YnN5bi00ODIzOTY5OTg1MDgyMTM2gAoDmAsByAsBgAwBsBPcmesN0BMA2BMD2BQB0BUB-BYBgBcB%26ae%3D1%26num%3D1%26cid%3DCAASFeRon192knxB6B5pGgb-aR9s_Ff3qw%26sig%3DAOD64_0cxdIlTArhSpr42xBeU_ofe6cyMw%26client%3Dca-pub-4903453974745530%26dbm_c%3DAKAmf-BsfztWRcTF90X3W4L7UT2IqrrDetlqwqZKAygGUwUNdJeYlIkRdYEq99M7FLIx3NL4AVScNtXigGzoTmoGL93FI4hP1tgsxi5Enyd3xtlx8V0bJVFWevjoSnwGI76PldP9_e0PNwLBEuvBK5rkYM0fIc3o2Q%26cry%3D1%26dbm_d%3DAKAmf-Cjp65UXSCEGBOqRH33MfhL2elzOrcDGuTKFYHF7vvwnxzLdFV816jBoH-wpMpSy34q0_-dn7znk3XpvWf8DWSkXMSUaTw7-iG4GBCV4uZopO6Os6DA_MwmtKAt9KV3YC4gLZaBJUztVew61-InDMHSO81E0IKLd7ETJF4vKSi-DtJjK0VpsLewdI9gpjxon9rDs0eTenMdxsEWoq2GszhdDBocppWzHdP4tHor1JrEC0sc3wMQyhbqf7T19649kQ4zjq5n_D3MIiCQQZTFUOJ0yC4_L72Q3mqqQKYMRV3qJLBHfjO5nvyesRVJq4O8DR3Gtu0sIYEPHfjXpV0gplbr1MH21wby1Q-gOoSMhjOPd_c_7yrgIYKwf_Ym3szjjmEs5Poc7D_fDqCL34EuaiJGjbPBgWrZFLPatZlLksycpTUtZPJp13ysi6jd3RVtxEXPRkqlXhL8-bBw_ugvXwwl6ByxwQ%26adurl%3D&documentReferer=https%3A%2F%2Fnets4.com%2F&ancestorOrigins=https%3A%2F%2Fnets4.com%2Chttps%3A%2F%2Fnets4.com&random=3833985871716&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 46.4.10.47 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.47.10.4.46.clients.your-server.de
Software: Apache /
Resource Hash: dda9998140361d519e0c91d7f749f0141e25f0fa38b2bb4437e5014e48d26acc

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://7ce4d47c5fc3eeb26be33dce2b4e0b6d.safeframe.googlesyndication.com/

Response headers

Date: Wed, 02 Mar 2022 00:15:02 GMT
Server: Apache
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Expires: Wed, 02 Mar 2022 00:15:02 +0100
Pragma: no-cache
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 2076
Connection: close
Content-Type: text/html; charset=utf-8

GET
H/1.1

200
OK

native.png
ad-server.eu/wm/pb/ Frame CE6B
Redirect Chain

https://medialead.de/trck/eview/e99aace94e6e5873881d3400993e1e7e?subid=84224500007001300710618011886002
https://pv.medialead.de/trck/eview/e99aace94e6e5873881d3400993e1e7e?subid=84224500007001300710618011886002
https://ad-server.eu/wm/pb/native.png

68 B
312 B

161ms
30ms

Image
image/png

54.76.176.197
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ad-server.eu/wm/pb/native.png
Requested by: Host: 7ce4d47c5fc3eeb26be33dce2b4e0b6d.safeframe.googlesyndication.com
URL: https://7ce4d47c5fc3eeb26be33dce2b4e0b6d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1
Protocol: HTTP/1.1
Server: 54.76.176.197 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-76-176-197.eu-west-1.compute.amazonaws.com
Software: nginx/1.4.6 (Ubuntu) /
Resource Hash: 93ae7d494fad0fb30cbf3ae746a39c4bc7a0f8bbf87fbb587a3f3c01f3c5ce20

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://7ce4d47c5fc3eeb26be33dce2b4e0b6d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Date: Wed, 02 Mar 2022 00:20:42 GMT
Last-Modified: Sat, 21 Dec 2019 23:06:59 GMT
Server: nginx/1.4.6 (Ubuntu)
ETag: "5dfea593-44"
Content-Type: image/png
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 68

Redirect headers

Date: Wed, 02 Mar 2022 00:15:02 GMT
Server: nginx/1.17.5
Host: pv.medialead.de
X-IPLB-Request-ID: 8AC72684:EB2A_91EFC182:01BB_621EB706_5A31401:F725
X-IPLB-Instance: 40027
Strict-Transport-Security: max-age=15768000
Content-Type: application/go
Location: https://ad-server.eu/wm/pb/native.png
Keep-Alive: timeout=20
Content-Length: 0
Proxy-Host: pv.medialead.de

GET
H/1.1 200
OK cshow.php
www.awin1.com/ Frame CE6B 43 B
705 B 34ms
15ms Image
image/gif 104.92.94.3
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.awin1.com/cshow.php?s=2519595&v=14098&q=379097&r=296283&pref1=84224500007001300710618011886002&pv=1

Requested by

Host: 7ce4d47c5fc3eeb26be33dce2b4e0b6d.safeframe.googlesyndication.com
URL: https://7ce4d47c5fc3eeb26be33dce2b4e0b6d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

104.92.94.3 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-92-94-3.deploy.static.akamaitechnologies.com

Software

Resource Hash

2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://7ce4d47c5fc3eeb26be33dce2b4e0b6d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 02 Mar 2022 00:15:02 GMT
Strict-Transport-Security: max-age=86400
P3P: policyref="http://www.awin1.com/w3c/p3p.xml", CP="NOI NID CURa ADMa PSAa HISa OUR IND UNI PUR COM NAV"
Cache-Control: no-store, no-cache, max-age=0, must-revalidate
Awin-Akamai-Rule-Set: default
Node: Helix
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: 0

GET
DATA 200
OK truncated
/ Frame CE6B 212 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 43665d36a273a41d997a381c3c54b80b9f98151383ac4827513a89959cc1685f

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame 9F95 17 KB
6 KB 31ms
31ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022022401.js?cb=31065383

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Wed, 02 Mar 2022 00:15:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Wed, 02 Mar 2022 00:15:02 GMT

GET
H3 200 S6uyw4BMUTPHjx4wXg.woff2
fonts.gstatic.com/s/lato/v22/ Frame 95F2 23 KB
23 KB 24ms
8ms Font
font/woff2 2a00:1450:4001:803::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/lato/v22/S6uyw4BMUTPHjx4wXg.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Lato&display=swap

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

918b7dc3e2e2d015c16ce08b57bcb64d2253bafc1707658f361e72865498e537

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://nets4.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Wed, 23 Feb 2022 19:30:30 GMT
x-content-type-options: nosniff
age: 535472
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 23580
x-xss-protection: 0
last-modified: Wed, 26 Jan 2022 19:14:03 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Thu, 23 Feb 2023 19:30:30 GMT

GET
H2 200 eyJpdSI6IjgyZWZjMDkzMjM0YWU0ZWY2YmVlOTI4YWU1ZDI3OTQ1ZmIxMWU5ZTBkMzQ2NWZlZDIxOWUyOWRkZWJjMmU4NDMiLCJ3Ijo2NDAsImgiOjQ4MCwiZCI6MS4wLCJjcyI6MCwiZiI6NH0.webp
images.outbrainimg.com/transform/v3/ Frame CD93 34 KB
34 KB 49ms
12ms Image
image/webp 2.18.232.28
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.outbrainimg.com/transform/v3/eyJpdSI6IjgyZWZjMDkzMjM0YWU0ZWY2YmVlOTI4YWU1ZDI3OTQ1ZmIxMWU5ZTBkMzQ2NWZlZDIxOWUyOWRkZWJjMmU4NDMiLCJ3Ijo2NDAsImgiOjQ4MCwiZCI6MS4wLCJjcyI6MCwiZiI6NH0.webp
Requested by: Host: nets4.com
URL: https://nets4.com/domain/megaplay.cc
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2.18.232.28 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-232-28.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: e66f39bed45bb1608a2b36aaa3eb2c0b16a47ac056a851ae1d1a35d02c67ed5a

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Wed, 02 Mar 2022 00:15:02 GMT
cache-control: max-age=1756472
last-modified: Fri, 07 Jan 2022 15:12:34 GMT
x-traceid: 534caf13f8ffdc86b890923f47ada061
timing-allow-origin: *
content-length: 34548
content-type: image/webp

GET
H2 200 i
api.purpleads.io/x/a/b081f2f434331cf5532b1f73d905f492:7944cea2d3af8a08bf5e8185237bf76343f7d096d15fec510d61fe7bd1eb9445ab8beb14f63341f2ece65a062cc57d8bc05eb644ff0c2799b17ee1aa175ce61e07daecd051b1f2b... Frame CD93 0
199 B 115ms
113ms Image
text/plain 34.227.128.233
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://api.purpleads.io/x/a/b081f2f434331cf5532b1f73d905f492:7944cea2d3af8a08bf5e8185237bf76343f7d096d15fec510d61fe7bd1eb9445ab8beb14f63341f2ece65a062cc57d8bc05eb644ff0c2799b17ee1aa175ce61e07daecd051b1f2b19275872e0eab49a6d16d57f18fe917bb28abe2afd170ec726f8e8cda3c5b9f13771921a8af2049f3f1e49627233cc4b924cfd18c80d5dbe3c4703bcd623f731161ce30daa69de5d4/i?id=22c0cd25-2be0-4f4e-a904-05d6b7bf1f93
Requested by: Host: nets4.com
URL: https://nets4.com/domain/megaplay.cc
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.227.128.233 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-227-128-233.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

access-control-allow-origin: api.purpleads.io
date: Wed, 02 Mar 2022 00:15:02 GMT
access-control-allow-methods: GET, PUT, POST, DELETE, HEAD, OPTIONS
access-control-allow-credentials: true
x-request-id: 67314b3a-7c78-48d5-8c50-e0af00bdcbe5

GET
H/1.1 200
OK widgetGlobalEvent
log.outbrainimg.com/loggerServices/ Frame CD93 4 B
325 B 374ms
88ms Image
application/json 64.202.112.95
AS-OUTBRAIN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://log.outbrainimg.com/loggerServices/widgetGlobalEvent?rId=694b4b9c9f879e7d074e9bfd1f6ea14d&pvId=694b4b9c9f879e7d074e9bfd1f6ea14d&sid=8304872&pid=45718&idx=5&wId=171&pad=1&org=0&tm=0&eT=3&cnsnt=no_consent
Requested by: Host: nets4.com
URL: https://nets4.com/domain/megaplay.cc
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 64.202.112.95 , United States, ASN22075 (AS-OUTBRAIN, US),
Reverse DNS: ny.outbrain.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 02 Mar 2022 00:15:02 GMT
Access-Control-Allow-Methods: GET,POST
Content-Type: application/json; charset=UTF-8
Access-Control-Allow-Origin: *
Cache-Control: no-cache, no-store, must-revalidate
X-TraceId: 34b52096392babd3c50f54ca292faf7c
Content-Length: 4
Expires: 0

GET
H/1.1 200
OK log-viewability
log.outbrainimg.com/loggerServices/ Frame CD93 4 B
325 B 376ms
88ms Image
application/json 64.202.112.95
AS-OUTBRAIN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://log.outbrainimg.com/loggerServices/log-viewability?requestId=694b4b9c9f879e7d074e9bfd1f6ea14d&position=0
Requested by: Host: nets4.com
URL: https://nets4.com/domain/megaplay.cc
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 64.202.112.95 , United States, ASN22075 (AS-OUTBRAIN, US),
Reverse DNS: ny.outbrain.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 02 Mar 2022 00:15:02 GMT
Access-Control-Allow-Methods: GET,POST
Content-Type: application/json; charset=UTF-8
Access-Control-Allow-Origin: *
Cache-Control: no-cache, no-store, must-revalidate
X-TraceId: 33b69765cc9075ac21be16c59c869e56
Content-Length: 4
Expires: 0

GET
H3 200 pubads_impl_2022022401.js Show response
securepubads.g.doubleclick.net/gpt/ Frame 95F2 363 KB
121 KB 8ms
7ms Script
text/javascript 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022022401.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

sffe /

Resource Hash

eb17a933f0977509c796b9055e3c140746326ecd3ec343dfa3614e8bdb1ac2f5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Tue, 01 Mar 2022 21:35:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 9564
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 124299
x-xss-protection: 0
last-modified: Thu, 24 Feb 2022 09:41:14 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Wed, 01 Mar 2023 21:35:38 GMT

GET
H3 200 css
fonts.googleapis.com/ Frame C9A0 4 KB
649 B 20ms
19ms Stylesheet
text/css 2a00:1450:4001:82a::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Source+Sans+Pro:400,600

Requested by

Host: hal90002.redintelligence.net
URL: https://hal90002.redintelligence.net/request_content.php?s=84224500007001300710618011886002&a=dff5b77f

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

97efeda8567c33ed3cd7eb616868f1282f50e8ca9ec1ebe3ab632b0913dbdc26

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hal90002.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Tue, 01 Mar 2022 22:33:11 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Wed, 02 Mar 2022 00:15:02 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Wed, 02 Mar 2022 00:15:02 GMT

GET
H/1.1 200
OK /
hal9000.redintelligence.net/scale/ Frame C9A0 27 KB
27 KB 122ms
85ms Image
image/png 138.201.63.150
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://hal9000.redintelligence.net/scale/?nw=20&mode=bb&width=150&height=90&url=https://cdn.contentspread.net/24i/advertiser/6383/creativesup/postbank_pool_privatkredit_1200x627.jpg
Requested by: Host: hal90002.redintelligence.net
URL: https://hal90002.redintelligence.net/request_content.php?s=84224500007001300710618011886002&a=dff5b77f
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.63.150 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.150.63.201.138.clients.your-server.de
Software: Apache /
Resource Hash: 838152350fcd33b060dc6fb25467f18f8c9a6932f0f29349192f62deba3dee0f

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hal90002.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Date: Wed, 02 Mar 2022 00:15:02 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 27150
Vary: Accept-Encoding
Content-Type: image/png

GET
H/1.1 200
OK /
hal9000.redintelligence.net/scale/ Frame C9A0 26 KB
26 KB 102ms
76ms Image
image/png 138.201.63.150
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://hal9000.redintelligence.net/scale/?nw=20&mode=bb&width=150&height=90&url=https://cdn.contentspread.net/24i/advertiser/3839/creativesup/father_daughter_1200x627.jpg
Requested by: Host: hal90002.redintelligence.net
URL: https://hal90002.redintelligence.net/request_content.php?s=84224500007001300710618011886002&a=dff5b77f
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.63.150 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.150.63.201.138.clients.your-server.de
Software: Apache /
Resource Hash: 8bfce8943cce60c071a83295841bb82d92a73db4ce37230dddba2121b6cba91c

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hal90002.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Date: Wed, 02 Mar 2022 00:15:02 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 26376
Vary: Accept-Encoding
Content-Type: image/png

GET
H/1.1 200
OK /
hal9000.redintelligence.net/scale/ Frame C9A0 25 KB
25 KB 124ms
99ms Image
image/png 138.201.63.150
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://hal9000.redintelligence.net/scale/?nw=20&mode=bb&width=150&height=90&url=https://cdn.contentspread.net/24i/advertiser/52085/creativesup/affiliate-panini-familienzeit-banner-1200x627.jpg
Requested by: Host: hal90002.redintelligence.net
URL: https://hal90002.redintelligence.net/request_content.php?s=84224500007001300710618011886002&a=dff5b77f
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.63.150 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.150.63.201.138.clients.your-server.de
Software: Apache /
Resource Hash: 0602e5df255a6c569054343211b4fde9d51415092dd0e2f310e59363c3f8d4a6

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hal90002.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Date: Wed, 02 Mar 2022 00:15:02 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 25890
Vary: Accept-Encoding
Content-Type: image/png

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 0A10 13 KB
5 KB 9ms
7ms Document
text/html 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-length: 5046
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 01 Mar 2022 20:59:40 GMT
expires: Wed, 01 Mar 2023 20:59:40 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
content-type: text/html
age: 11722
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 9BB5 783 B
536 B 20ms
18ms Document
text/html 2a00:1450:4001:810::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

33d0e6dc0882a521d240cc4a61c9d94aa69f1c2edaede2ec5a2750f6d28eadcb

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-BwJHzYJ5tDuLBvfuGTq3RA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/

Response headers

cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
expires: Wed, 02 Mar 2022 00:15:02 GMT
date: Wed, 02 Mar 2022 00:15:02 GMT
cache-control: private, max-age=300
content-type: text/html; charset=utf-8
content-security-policy: script-src 'report-sample' 'nonce-BwJHzYJ5tDuLBvfuGTq3RA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 514
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame AD6A 0
9 B 11ms
11ms Image
text/plain 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?oAWJ0A
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Wed, 02 Mar 2022 00:15:02 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0

GET
H3 200 dc_pre=CLbr-eGSpvYCFeXuuwgdO7oMpA;src=5994599;type=invmedia;cat=wieh99wc;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=9636254871140.271
adservice.google.com/ddm/fls/z/ Frame 89DB 42 B
63 B 43ms
43ms Image
image/gif 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://adservice.google.com/ddm/fls/z/dc_pre=CLbr-eGSpvYCFeXuuwgdO7oMpA;src=5994599;type=invmedia;cat=wieh99wc;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=9636254871140.271

Requested by

Host: 5994599.fls.doubleclick.net
URL: https://5994599.fls.doubleclick.net/activityi;dc_pre=CLbr-eGSpvYCFeXuuwgdO7oMpA;src=5994599;type=invmedia;cat=wieh99wc;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=9636254871140.271?

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://5994599.fls.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 02 Mar 2022 00:15:02 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK viewability Show response
hal90002.redintelligence.net/ Frame C9A0 0
150 B 36ms
13ms Script
text/html 46.4.10.47
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal90002.redintelligence.net/viewability?s=84224500007001300710618011886002&a=b184ac31&vb=m
Requested by: Host: hal90002.redintelligence.net
URL: https://hal90002.redintelligence.net/request_content.php?s=84224500007001300710618011886002&a=dff5b77f
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 46.4.10.47 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.47.10.4.46.clients.your-server.de
Software: Apache /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hal90002.redintelligence.net/request_content.php?s=84224500007001300710618011886002&a=dff5b77f
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Date: Wed, 02 Mar 2022 00:15:02 GMT
Server: Apache
Connection: close
Content-Length: 0
Content-Type: text/html; charset=UTF-8

GET
H3 200 6xKydSBYKcSV-LCoeQqfX1RYOo3i54rwlxdu.woff2
fonts.gstatic.com/s/sourcesanspro/v19/ Frame C9A0 13 KB
13 KB 8ms
7ms Font
font/woff2 2a00:1450:4001:803::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/sourcesanspro/v19/6xKydSBYKcSV-LCoeQqfX1RYOo3i54rwlxdu.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Source+Sans+Pro:400,600

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

bc9a16cd945457ad9463cdaed95129b01c589466978dfee3d019d9c604b2171a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://hal90002.redintelligence.net
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Wed, 23 Feb 2022 18:04:09 GMT
x-content-type-options: nosniff
age: 540653
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13052
x-xss-protection: 0
last-modified: Wed, 23 Feb 2022 17:37:40 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 23 Feb 2023 18:04:09 GMT

GET
H3 200 6xK3dSBYKcSV-LCoeQqfX1RYOo3qOK7l.woff2
fonts.gstatic.com/s/sourcesanspro/v19/ Frame C9A0 13 KB
13 KB 8ms
8ms Font
font/woff2 2a00:1450:4001:803::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/sourcesanspro/v19/6xK3dSBYKcSV-LCoeQqfX1RYOo3qOK7l.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Source+Sans+Pro:400,600

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c124c88ca4fcb4336e97617647ef0d32441329371120c8eabaea0fea226560b0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://hal90002.redintelligence.net
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Wed, 23 Feb 2022 18:03:30 GMT
x-content-type-options: nosniff
age: 540692
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13036
x-xss-protection: 0
last-modified: Wed, 23 Feb 2022 17:39:39 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 23 Feb 2023 18:03:30 GMT

GET
H3 200 integrator.js Show response
adservice.google.de/adsid/ Frame 95F2 107 B
122 B 19ms
18ms Script
application/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=nets4.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022022401.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 02 Mar 2022 00:15:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 integrator.js Show response
adservice.google.com/adsid/ Frame 95F2 107 B
122 B 19ms
19ms Script
application/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=nets4.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022022401.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 02 Mar 2022 00:15:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ Frame 95F2 25 KB
11 KB 163ms
162ms XHR
text/plain 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=4382323256364540&correlator=2098103743686683&output=ldjh&impl=fifs&eid=31061815%2C31064957%2C31065293&vrg=2022022401&ptt=17&sc=1&sfv=1-0-38&ecs=20220302&iu_parts=21902364955%3A22652385948%2Ccm_pu_nets4.com_technology_and_computing_top%2Ccm_pu_nets4.com_technology_and_computing_btf_2&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=320x50%7C320x100%7C300x250&eri=4&cookie=ID%3D8d6cbc1c2e195d62%3AT%3D1646180101%3AS%3DALNI_Mbi_YfkpMToZ-NnOXe_ipbYmjRbTQ&bc=31&abxe=1&dt=1646180102657&dlt=1646180102360&idt=287&ea=0&biw=1600&bih=1200&isw=345&ish=85&oid=2&adxs=1244&adys=1121&ucis=jougbw1114tk&adks=2232668132&ifi=1&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&dmc=8&nhd=1&url=https%3A%2F%2Fnets4.com%2Fdomain%2Fmegaplay.cc&top=nets4.com&frm=23&vis=1&scr_x=0&scr_y=0&psz=345x0&msz=345x0&ga_vid=959488425.1646180100&ga_sid=1646180103&ga_hid=44219874&ga_fc=true&fws=256&ohw=0&btvi=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&nvt=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022022401.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

cafe /

Resource Hash

5466ac2e631a44e5216356c31d5f7310d44241cbe22c75669dd30d10ed915020

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Wed, 02 Mar 2022 00:15:02 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11125
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://nets4.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html Show response
5d1e409b7e761b3a6327b2b6b243a2fb.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 5DEF 6 KB
3 KB 42ms
15ms Document
text/html 2a00:1450:4001:810::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://5d1e409b7e761b3a6327b2b6b243a2fb.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022022401.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 3108
date: Wed, 02 Mar 2022 00:15:02 GMT
expires: Thu, 02 Mar 2023 00:15:02 GMT
cache-control: public, immutable, max-age=31536000
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 pvClk.min.js Show response
analytics.webgains.io/ Frame CE6B 51 KB
51 KB 80ms
30ms Script
application/javascript 13.225.73.126
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.webgains.io/pvClk.min.js
Requested by: Host: track.webgains.com
URL: https://track.webgains.com/link.html?wglinkid=3392345&wgcampaignid=99582&viewref=84224500007001300710618011886002&js=1&nw=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.225.73.126 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-225-73-126.fra2.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: c6ce2b47cde7cf913a3c34ddce355fa9c75012577dd34c35928add8676cb7fa0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://7ce4d47c5fc3eeb26be33dce2b4e0b6d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

x-amz-version-id: wvDglZsFnxZ0eZ1mUErJkFMo1VNidWYJ
via: 1.1 ec9e3bc729d9c6d55ed32446408ad62e.cloudfront.net (CloudFront)
last-modified: Tue, 09 Nov 2021 11:05:10 GMT
server: AmazonS3
age: 68047
etag: "ec0ced40cbb5211db06b8a36f209e442"
x-cache: Hit from cloudfront
content-type: application/javascript
date: Tue, 01 Mar 2022 05:20:56 GMT
x-amz-cf-pop: FRA2-C2
accept-ranges: bytes
content-length: 51794
x-amz-cf-id: ZhtAcxzSihrnjNra8XnjBIFcTdaL4pMQ9gDN54qzG6Aosh1hf58WGA==

GET
H/1.1 200
OK link.html
track.webgains.com/ Frame CE6B 160 B
618 B 76ms
28ms Image
image/jpeg 46.236.13.147
PULSANT-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://track.webgains.com/link.html?wgcampaignid=99582&viewref=61132900006974800710776011886002&wglinkid=3392345
Requested by: Host: 7ce4d47c5fc3eeb26be33dce2b4e0b6d.safeframe.googlesyndication.com
URL: https://7ce4d47c5fc3eeb26be33dce2b4e0b6d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_CBC
Server: 46.236.13.147 , United Kingdom, ASN12703 (PULSANT-AS, GB),
Reverse DNS: 46-236-13-147.servers.dedipower.net
Software: Apache /
Resource Hash: 6b71d2bd27010cbb01e505314423d9c903230bf4182019eb1ca8016bd2b624a0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://7ce4d47c5fc3eeb26be33dce2b4e0b6d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 02 Mar 2022 00:15:02 GMT
Last-Modified: Wed, 02 Mar 2022 00:15:02 GMT
Server: Apache
P3P: policyref="http://www.webgains.com/w3c/p3p.xml", CP="NON DSP COR NID ADM DEV CURi OUR NOR COM NAV"
X-WG-cache: hit
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection: close
Content-Type: image/jpeg
Content-Length: 160
Expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 9BB5 0
0 55ms
55ms Image
text/html 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gpt_2022022401&jk=197523846785933&rc=null
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 3321 0
20 B 42ms
42ms Image
image/gif 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=225&t=2&li=gpt_2022022401&jk=3561317065608990&bg=!ZmWlZSHNAAYFuXAgBbk7ACkAdvg8WqBJlB6CDMp2rvV_r9mo9BpeQufdLgqcNxjSGBv0sWj6N_EZwQIAAAFMUgAAAAJoAQcKAJCUe8CVvcXv1PPzjeIdk0lvk5lRJimqt2tOmQ9qvxG4G6MAyBCw9_4ijExblonw1igNY8JmphX7XX0-t1Ws1Ft9LM97OFTo5DoAKm19GPPm6YxogSh9vDeusMsHDFXZCtd3s8XYbB8qA9GEdVKRZ65gi9rMfwz11MPR2_NsLwJ_fACBymvS8esr9NmKFj_H0NmZAvCsqB2FRsdyk9X4KPIPoG3Vb-Wajc-NV5B29GUOXHERlxwc-eLCCDt4e-oe3i1Gkl7DWBAd2izc9s65wxaNrKkKiWjY597vRdZ7Q_ozbsCW5Q6cEtzqQlq--C55GN8_hHMZ87gYWkhgo7-S6lj-6MsUb5QuNpKQJJKIyZ6ZmibmhJ6ZadZQ6hnGz3D74TtuCHTV7kRTX8mJwUBZS5meJJGUHz0XaJk1qmYyDzYnyVims9lQtW4Yhg95cBBsbAzhW9V0iHZFMBWyCQ_qtodRp0UWLOgCsEhGd0oXxJxAl9Ls1XxdATjAR6N3-drQM_bEQZR1RdxiUcnbCUSku3qk3V0m0imRN6ecQ9NukxhL4i5KxwNWgSkN6bt2IXsfsBeQWWAK3RXtdlcwFOSBuFjxmfLv0op4QtwJ524D4LBkfYk3Y3KREi-DBAqjcbgR5XSpTVkaGue3rNlIhavYhprK_lXVmDMeh6NytEXCOuWPs6qJwFVrqumRS1O2ZaNisSyytvlMij3YS918NcHcoZKMxzKk2wXJYydlo78aTQidhe-W40pYJUr2BF8OC8eg-2cPZjhAw5beYwBZdC-ETFvlltkxOiKTmBz3mWUN07b_Uqdu_GckWsf1n2oiiGxqtqKxG07w-yetexHnxdpRisTccHi4UQYLqO1YA_dgWOukyEdzNKxfrUtlHZTc70JWMoBSU2SofQrh5bsRzcKefdO2HeV-ZfBGDAj-6UM6MZ548zwsfvloZaLyR0jBPKlb2iSIrLbZTcXjruon-YUqAskYsparBlpGQGOn7dL48zCUPIe2YQ--fP0mSa_6sv3oVUmlx9sGFcYvAsYzVGmRapbzMS_S9ptYO1GhEFlI2AX0WJBlqHK6-ANdsKMPt-REQmmvU_imW7_kIykyqxZTV6P7Rh-9AvaMyFrcbghkePeZ722b__GFwYPrE72qkwKx4-R4CNI_U0AE5capO2iDFU-TOdb-Hm5GETu6kWfAc_HR_jCGyA

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 02 Mar 2022 00:15:02 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 / Show response
track.adform.net/adfserve/ Frame 2324 9 KB
4 KB 21ms
21ms Script
text/javascript 37.157.6.247
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://track.adform.net/adfserve/?CC=1&bn=38516441;rtbwp=Yh63BQAJr5kKd_sMAAu2PPS5UDvVctmOrqzshA;rtbdata=jMNqeDmYZHhNpueflJD4Fqi1RJ7kEJGV8Dab6dzqVdnyEOHvwTTfCw6lzVbaIVSCz2H8BUGO2GN7YivtyqnHvJ4njTShSpQRJpSNbM-lEoX8L4auf8hiaSI6TCT45abKviLQ1T7f49UsVVTyv_CHqQFv_3CBxlGP6bZH-F4ocYPTU60VogpPVcnSB96SqMD18VBsQGyzA2TJVWRWroDVuC0tIH0ewKtslbLBcIpUZ7FULoOKEbZeX4V0LcYr737tK8G-vBFKtmOivyDzGMbpcGiVjUO9Hc_IeiDNb4WVFnSnaL3DEImJQQ_4t0VNroP79JWraxIEfh3XR7n2NFFky-l_OwOneNqMkydbcz0HpcA1;nofp=1;click=https://adclick.g.doubleclick.net/aclk?sa=L&ai=CSsZ3BbceYpnfJoz23wO87K6IC_PYq5NcybzUs6IHwI23ARABIABglYKAgLAHggEXY2EtcHViLTU0MTMzMjk1NDQwNDA5NDfIAQmpArEOR4vCqbI-4AIAqAMBqgTKAk_QLqh_HUZ1j_DwLFBKOY_uOWKwPUUK_sExgJPkBoEUgHCRETw1xVo_u9uCB66euzB3g5mHxzFm2YyIs6o3HjtBlQGRuJnLTIYZSaVeBveBzvX6W7tPI4O_1I_OldSwqKTC-uthC9STxz1n77PmO0IQ3rwi0E-H_VXP6nSy1tZ5BnegOdu-fV438HukSJVkHsovUaTfnziQAR-tCtcZs8MROuFludgZ9CNoSu55sNaTTNRbjUpsHCJZ1r6yz8-FpY5ixNmlr04SMM1GOfsEctAspkNtjWz-h7mqE0AdQljl8jBay_y4UJbwy6Oc7pf2XFP1iSDz9yeiUTdshZpXHGqpPHBmGnZV9PrtqK_IyyUQXfqsdLBOr2kVqC5XCF-Gc0kvlui6utj9gEJosa_WhmRekG84BfWaEqPPQgVbFZcHKjBaW22P0P3E9eAEAYAG-NuLrdKw4bOZAaAGIagHpr4bqAeW2BuoB6qbsQKoB9-fsQLYBwDSCAcIgOGAEBAB-gsCCAGADAHQFQGAFwE&num=1&sig=AOD64_0pIlc87fXsGxqOuxoufCwnp3NNLQ&client=ca-pub-5413329544040947&adurl=;js=1;adfxid=1x;4620;set=en-US|en-US|1600X1200|0|450|50|24|8|3|7|1|;fd=0|0&CREFURL=https%3A%2F%2Fnets4.com

Requested by

Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/bootstrap.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.6.247 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

e098b783735f3a261009f30db776db45d94eb837cfeaa32d718427a36d4d980d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://16ef2bfb7fd529af9b454a60baa82224.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 02 Mar 2022 00:15:02 GMT
content-encoding: gzip
server: nginx
vary: Accept-Encoding
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
strict-transport-security: max-age=31536000; includeSubDomains
content-type: text/javascript; charset=utf-8
content-length: 3547
expires: -1

GET
H3 200 mF8jAiIKdU2I24lDkXEdvB6f9nJ-5cys-Upa-8ZRieM.js Show response
pagead2.googlesyndication.com/bg/ Frame 0A10 35 KB
13 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/mF8jAiIKdU2I24lDkXEdvB6f9nJ-5cys-Upa-8ZRieM.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

985f2302220a754d88db894391711dbc1e9ff6727ee5ccacf94a5afbc65189e3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Fri, 25 Feb 2022 08:07:31 GMT
content-encoding: br
x-content-type-options: nosniff
age: 403651
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13514
x-xss-protection: 0
last-modified: Thu, 24 Feb 2022 13:28:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sat, 25 Feb 2023 08:07:31 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame DEB1 0
20 B 44ms
44ms Image
image/gif 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BNuMPBbceYoiOMs-x3gPIw4LoCgAAAAA4AeAEAg&bg=!8POl87fNAAYFuXAgBbk7ACkAdvg8WqeWeULjCoS1VZv_TNJ-fO30OyhtUd-9B7y4W66nlwf3rGpAAQIAAAFjUgAAAAJoAQeZA08rwYS33eN3j4YyOX3KVG9iNDZdm7UOPepx84cgpoZEnSk4NaCgzqx1y1IdwGBc7ORtDHaHfkicPEC8oHPOlQdX3vLn61m6TV0w0vr3WUA4v-1gm-KvvNaPA-BHp9OM1sfwf1Dmj3kiARtEmz5ZFYRefjII9by36mfqWfja61aNZbKeWozXLB1bgDdSjaUg9_FAy7bmiWt7bkHk3Cfpfwu2bUY05wtxfUq7m7uST1WEEzjG7C84AATaHMk9wXidwYZy2vgAdIiDuISTR_AwNdhxa5QkHxAZnYGQi2uP5Cm13wheoF8zl0PuF6nMPwLHJAXk7Bo-vK6AQlDaS7aA9ppDJEk6_SLNhvV6XD62ALmfx-ovOWBpvfjd5XGXs46REHOcP4JfLoSWBpqDH3Hmz_-2hqkJ0XHSrUJx_crOgQBw16neTcPkooKNeoFnKY23J5nHQskNiVIrJCFY1F0ZTz36plUzRaKm_YX4DF6xcM3jBxTXNI2H7du6ItVVysQSBlB2Dd4fMkt0wmizjJ5Bgj0tPX82OglEbSX_AJ-RkGman1Z-BLx-fiOSVqK4sNN9OGOXyxxvHKMDZDhZG00bZTjoZg7F3eMfdADWtafhs_TQZKSexBabFT28mBNyHlA5gTErJQtscV3gPgyAd2Rr1XIYpgdNDELMG3dVLzAB03Dn5MukAAXNZjLmxOYe6Ceweprcf2PV0rxj0qkaaCkwkK5uxQTjrAM7rjjKGf54QLT75CG9DQyE_z3Qx9ZfBK_Xi8LZw-Jxa-9CbTdUMsaPKjGSNkZRoZWp4YVpmp2nPWQuorVc4vRwH9dR8pTFyLXFRXEDVpRx1oq5fwIdrMuGTLX6RX431JdIytB8QZGW1GG-7JbpWKEOwPv0ZH5WPjAcBziDafGa-3q3BPLkN6k2l2i_BSPuX7T6cee1NHpux3gV16kkX3oRsioH9XS5S3A77rBiydo7Ym7zHE8eyAUtsM7InVITNRa2yOVcj31B-PMrHoDtkzI8YPQDO1nn1wbgvHSA20P23nc-hjEYoT8WPWVJbLwHTZsRrHaoZt3JmhxAGZn2WipqGZn5O98RPF-CjVdYIkDdtdFVLPypov3AYmwiBS2iRuNqmK-WDgJFTlL_

Requested by

Host: 7ce4d47c5fc3eeb26be33dce2b4e0b6d.safeframe.googlesyndication.com
URL: https://7ce4d47c5fc3eeb26be33dce2b4e0b6d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 02 Mar 2022 00:15:02 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 container.html Show response
41930831e50f6c0a667ec604b453a08b.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame DE75 6 KB
3 KB 7ms
7ms Document
text/html 2a00:1450:4001:810::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://41930831e50f6c0a667ec604b453a08b.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022022401.js?cb=31065383

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 3108
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 02 Mar 2022 00:15:02 GMT
expires: Thu, 02 Mar 2023 00:15:02 GMT
cache-control: public, immutable, max-age=31536000
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
content-type: text/html
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

OPTIONS
H2 200 i
api.purpleads.io/x/a/a65e0cedb17bde399b239e5d31573e7c:3e055ac56df74c2d71dd8c6066668f14193394ded19c57a8d176215c81a1895c93fe0cd6141c8da99f9373c166c18d2bc9d9fd8fcf3aafa4a5f58d69866492b115a7f996a7bb626... Frame 0
0 93ms
93ms Preflight 34.227.128.233
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://api.purpleads.io/x/a/a65e0cedb17bde399b239e5d31573e7c:3e055ac56df74c2d71dd8c6066668f14193394ded19c57a8d176215c81a1895c93fe0cd6141c8da99f9373c166c18d2bc9d9fd8fcf3aafa4a5f58d69866492b115a7f996a7bb62618db577b74c3ee4d864e8d97f6dd7b31a42777e4af339dbdbc20a32c52763be079e408129e36cd5596a67a8a64578f85417638e6f9eacd1a0c6e065ee460c84fd65abd2066f2cc904/i?id=9b5f53df-a781-484d-a034-06121a99e9e0&ts=1646180102741
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.227.128.233 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-227-128-233.compute-1.amazonaws.com
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: GET
Access-Control-Request-Headers: authorization,content-type,x-purpleads-version,x-request-url
Origin: https://nets4.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

date: Wed, 02 Mar 2022 00:15:02 GMT
access-control-allow-origin: https://nets4.com
access-control-allow-credentials: true
access-control-allow-methods: GET, PUT, POST, DELETE, HEAD, OPTIONS
access-control-allow-headers: authorization,content-type,x-purpleads-version,x-request-url
x-request-id: ed28589f-b435-4a2d-a9fd-2bd0b789f33e

GET
H2 200 i Show response
api.purpleads.io/x/a/a65e0cedb17bde399b239e5d31573e7c:3e055ac56df74c2d71dd8c6066668f14193394ded19c57a8d176215c81a1895c93fe0cd6141c8da99f9373c166c18d2bc9d9fd8fcf3aafa4a5f58d69866492b115a7f996a7bb626... 0
199 B 115ms
113ms Fetch 34.227.128.233
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://api.purpleads.io/x/a/a65e0cedb17bde399b239e5d31573e7c:3e055ac56df74c2d71dd8c6066668f14193394ded19c57a8d176215c81a1895c93fe0cd6141c8da99f9373c166c18d2bc9d9fd8fcf3aafa4a5f58d69866492b115a7f996a7bb62618db577b74c3ee4d864e8d97f6dd7b31a42777e4af339dbdbc20a32c52763be079e408129e36cd5596a67a8a64578f85417638e6f9eacd1a0c6e065ee460c84fd65abd2066f2cc904/i?id=9b5f53df-a781-484d-a034-06121a99e9e0&ts=1646180102741
Requested by: Host: cdn.purpleads.io
URL: https://cdn.purpleads.io/agent.js?publisherId=344ad2e45bc351c4ada152793585a015:8aed5d81ec539e8e6c45776fc6ee38d0aa92f5aeb356bf9114996f6476591916247996f56f76a9fe14770cd4806b54edb29d6938615ba1769d3b435fb1fcd83b
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.227.128.233 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-227-128-233.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Authorization: Bearer 344ad2e45bc351c4ada152793585a015:8aed5d81ec539e8e6c45776fc6ee38d0aa92f5aeb356bf9114996f6476591916247996f56f76a9fe14770cd4806b54edb29d6938615ba1769d3b435fb1fcd83b
x-request-url: aHR0cHM6Ly9uZXRzNC5jb20vZG9tYWluL21lZ2FwbGF5LmNj
Accept: application/json
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type: application/json
x-purpleads-version: 2.0.26

Response headers

access-control-allow-origin: https://nets4.com
date: Wed, 02 Mar 2022 00:15:02 GMT
access-control-allow-methods: GET, PUT, POST, DELETE, HEAD, OPTIONS
access-control-allow-credentials: true
x-request-id: a8759b6c-0ec8-4e89-9391-cc503b187360

GET
H2 200 r62eglto.js Show response
ad4m.at/ Frame 2324 35 KB
13 KB 49ms
17ms Script
application/javascript 2606:4700:20::681a:ad1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ad4m.at/r62eglto.js
Requested by: Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/bootstrap.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:ad1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 533e8ab00e73a9a61f550b956a872f9091fe48b79b4072d87bdb07348af7f4bc

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://16ef2bfb7fd529af9b454a60baa82224.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

x-goog-hash: crc32c=tEZe3A==, md5=Jdq10Kok9oEWJwphx1gWLw==
date: Wed, 02 Mar 2022 00:15:02 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 34654
x-guploader-uploadid: ADPycds1S9GbOzl75swOIMTP1TgdW5VToJrXkAx5weMmg0b7-qhqoxLoMGYPaWNRe5vM0AjfXsXSWP1R5dQzER9hlP2KOLEwAA
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: gzip
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Wed, 26 Jan 2022 11:00:45 GMT
server: cloudflare
etag: W/"25dab5d0aa24f68116270a61c758162f"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hGDulGigqRDM3BGn8c8EtQZRkKs%2Bf0hGlVg92isxU9EnD4afejjDbhhr8c2GXtSTLZ6Ryy1EGoV1g%2BPWPgedqBiBEouAKi3daYCKronlEl6DZTow%2FGZd9pMof8eArD0pGdFLFyA%3D"}],"group":"cf-nel","max_age":604800}
x-goog-generation: 1643194845770575
content-type: application/javascript; charset=utf-8
expires: Tue, 01 Mar 2022 14:37:28 GMT
cache-control: public, max-age=3600, must-revalidate, stale-while-revalidate=300
x-goog-stored-content-length: 11870
cf-ray: 6e55ef8a6a7f914d-FRA
cf-bgj: minify

POST
H2 200 /
track.adform.net/csimpr/ Frame 2324 35 B
503 B 19ms
19ms Ping
image/gif 37.157.6.247
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://track.adform.net/csimpr/?bn=38516441&csi=jzI7d4FWsxPO-y4vYkArubeD0gRV3BqknKRWaOGiMrDrygPkIxxfkyBqYa8S3ksVYk_dfiPo92QAqPX2rL4in2QBbo50IEXs0

Requested by

Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/bootstrap.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.6.247 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://16ef2bfb7fd529af9b454a60baa82224.safeframe.googlesyndication.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Wed, 02 Mar 2022 00:15:02 GMT
server: nginx
access-control-max-age: 86400
access-control-allow-methods: GET, POST
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: https://16ef2bfb7fd529af9b454a60baa82224.safeframe.googlesyndication.com
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
access-control-allow-headers: Content-Type, Cache-Control, Accept-Encoding, X-Requested-With
expires: -1

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 473D 0
20 B 45ms
44ms Image
image/gif 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=225&t=2&li=gpt_2022022401&jk=1614471560653474&bg=!c3ClcDTNAAYFuXAgBbk7ACkAdvg8WiYPuldbeQlehdCP-FOrZPUYmWTNEyDgL4GUEJO9fQhskbXyWAIAAAE1UgAAAAFoAQeZAvp94XbR2238HZoL2WCRtdf-73hngGrC-TyyjsfJnRZIAvml5YhaRyWp1xSKteWXujY_7Sbrvl50HGUfeASctd_XHIXb5LL3PetyC1vt4xoOGGCb3SeUaVcDEEJHWCGRZePNqQD77AYrwXusfT0O5jSFuIas0F43zYrnfnu5c0SMTBctc9U09RM9VkZKOibtf9SwuUYgWtp6qxdadQXclrw0vDg8a4qyHALfpzzWvg-GnCuNR6N7Xx07tKVi0fJa03Vl3KOaeW5VKcCOShDgEyI9X9UUXkQ_hVUbjMZtf_pO9tZPEP390G0Snh1JuSFA_sJ2d1Gfe9Id3FjKRsGh85RZC6ho1xEle1n0ak1u0pqUU0eHYdzN4nSedgJ2Kl2_o3io5OQCVAq77ulj2AcmAUvonzVvbLMhwzXl7ZvBbqENJVEa309y1LxGo7wwFwy_B9KcAnDbq-VRUddW6zzcLHaRXvldCo9yLsD6-v6zGl--lFeII-jLocoIrd2SycjHXVDnvmp14pBb_wBpslQaWpIQwlD4WA1PBoggkvq63Of0-JVgMsvKIsr1ksaBBSDVLdyZjMaZjZfRYv5ADRNrkIIE7sNpUOshME1gcoHqCb7hf9B55AnAtnpiKcjXFGAvn53YVAUKPsnoTFxSeB2ZMnkZQefjLGVqk7900-PALBljzHbAa5bApR3VhylAhBheOY-iOSyt95j7lCV2yx9IvMrTTYzRXeDSSHop294PBCGCQSYQpPK59Evtj3I9aL9TUpKodZfg4-mlmaZc1HHeQC-DZYygYDNHo5ts3_xkvQsCisT3oeKQs05doW4yIvwXiIZYjhw0TpdKpPgFimZcnmiDNeXvRCepai9AMs974S3Q7T8RtIfFmtc4JwRO-IUbBgORLDLkgxN_bzZtV3JE6iZWBQTTfCqchjUf3Yspm_4EzmgZYW1vdP_mP0ymejDRoVDyofFSefGVUJW1xfEuVSpBvoOCzGx-S9C0Gwb2xWULGXg90bePjrbUHNM

Requested by

Host: nets4.com
URL: https://nets4.com/domain/megaplay.cc

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 02 Mar 2022 00:15:02 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame 95F2 14 KB
10 KB 22ms
22ms XHR
application/json 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2022022401&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022022401.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

87209f78fb2e2b1f42ee8f630e0f4bdd80078e4f96697fe284f6f5b617f1fdd4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 02 Mar 2022 00:15:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10590
x-xss-protection: 0

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 738C 624 B
297 B 19ms
16ms Document
text/html 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhCn9EsYvNLFlQEwAQ&v=APEucNU4gKzUdjKEo3zjzPCRtOaAWDyl97oPlroppmN9PGpbk6TlqFB4xcF1QkRyurXL9WPg5O-vSFgxpyi-mMDnSFa5le0dT1uQReSuefcoz8EEsX4e2AxGy3CapKga4AQ-LHjY4MjcQVqW_zjeLJBA3dhRgQaa6dRn4ufV6z5LqpIT86Mawmo

Requested by

Host: 41930831e50f6c0a667ec604b453a08b.safeframe.googlesyndication.com
URL: https://41930831e50f6c0a667ec604b453a08b.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://41930831e50f6c0a667ec604b453a08b.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
date: Wed, 02 Mar 2022 00:15:02 GMT
server: cafe
cache-control: private
content-length: 276
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame DE75 26 KB
16 KB 47ms
45ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-BRINy6wFGBeXwGIx54Ju7PTBP_C1DffJ_uHGKB6fx440bfU6ZOWxfQ8W1YoJ8z2pVyF39XmDvtbpMyFYHxAdD6lrgs-17O7Nle6Voq5EkMy2j7InV_9ZUqjx9NNLoB_0hiAldT3pTgaRD-iEjLzlW-KvfEuw&cry=1&dbm_d=AKAmf-D-zlUiRSdvDVv9UmW01SduTTwFF3qDIFDfwJCWISRWWB49owjzvoRhEHJHdUgzUn_odg7_A88pq1GtAIw3aNZLZmIhh4VZsUFjf0IzoCMs7pBF84YT_1MQfqLoTlWvMmT_6cDTARH4LJlMha-6AiRkLS0XVZipRsYmdryvXDm1hRP6CfYCYDKy8aTrZeL0wzWPBGBhftr9tp898iZZBfLHnj74VISbIPUuu27V_XI4WRL4f0BHOGVV4DqDJYbDoh9A07AoZFybaJLDCTD0y80GP0mfChYSPtpsLDCHzfjHofbaiXI7B_cEheERbAkhEgymWYB6YETawZ_1kkQ4kgQK9pjKXcaol822HMOIryJY-AF4716Of6cjdV2Z34jtg9vwpbBSCPd48CG-NxR7pwxDNA3Un3BINew91WK7PZlsoZIcRgIJsNGdc9C0f13Dk8kUYKxZxNUxW7OhGdc0lXSxOewdvgOPtn7-qbN15q3qm3wwbda2ya8tpCapm8AOQ0cK3E6mOnjXZuAgRG7_TOh4oc1yc27oz9DUGvt1Vh6gnVXtLuYV_dk8kxZMk0vuQIi69r3dzYjBZdF2C_ACnVoe3NINtbyCynu90yGz9EozbHKDycvBwp4lBkj5pEr-SVxRUX6MM_YYQs_Kx1XoRRo0jjWrhsEblSD8hDFucZuj-Q6gDytOz5qo_roEBkKiVXKijqYhe-NkXeAdar1GY_cOhOwsDK37qUcQLwO8MNV2z-KgQWegQIfE4cKFRTQD3tBgQU3Gdbt0UdotiBUbQsV7eQ4SK5FPDTS_FDfn3zalESyJZejRB-wnZrEq7A_fb3U8qVSEk1-o47UU8BFTTaqF0ihvCg4fZMTwilPW_Dtgi9HWaRDzJ81don_w5P4GYk8li_YoPIPlPt8Z9Nq33qolJ3RRizOpA40EtaIZa-k8tGEXQL2OdpCsgOJWZ7OSiGUcDT-jQLfMbhHES-esY0YGKSl89qYDN8htFjSJkNrlMt8RoN5scmlarm7omtjzkoRa3nN1lpfuHKWItmVrYvakDNZACcrrPqqTZ_VM_BHJpPhxRfPe4nyMnzy4RfzdFgyTJU9tsiWcsh5Jpy3oGrWQlUwVzq0z7svTqt3fe-rILOP-4A5_siC_JGmK1TqZ7vOON0wfZrqyQyj0TyGBFcY3XXdFZp8EslsO96abGQB7cU_aNtqFtY72em83v4kcgtOR6ReHBFUu4B1KDjZ-znVvzKIAJF0fyHIZ5aDuPDdU3uDogdSBkWd-b1G6NvtH2DTeyW-50N9IQCxU4nhb5CtYvNuOQHDjEcuNLqEPb1xvSlKoWYpE-OTzk31sT453f0-E_wbsv5Zg8FnTuN-B_cuYb78VZg0IMybogsArkAFgtcnWPrGYLsJW_rM2N5xhn-QwX2nY1rQhbTr9fIVI9TrSBmRQpJkm-ajQMV9PH5LJfimYLrb2a-puLNH7eGmTNoJ1IWCfHfNcGWCagbdexZsz6fVONyVxwoLQVvQie7LZmve-_OER-35AL5oRCmwkZ6hx1yw4BMw4DcThfk9dcAvtRxtp6GgSrYeg_I6rqekGF8BL3C15blYLUQUV9V2zZZXL5zF5sAaxTbkG3YcryA7pACI31oErrEPfpdSEQF_H3kmcxiAIUIVGZBLWmUrWV7AyyOP3m80OgZ0uWP6CLrClc8awswl4y4lTIVuxnSiZ-BsFA65t9gABMGJObCPlUJREXuAf6cdov8j0w5B1w_YCwA2M_tTteDh21rxIQcrkvdAhHxd8dCjGOhch2LmUzHqwuwA6YosBikZ31jNeQMMAMB-N0_MtFSPi6-7AhLV-l0htG31HblXCVUpmGPxcbcSEiu9PcHFF-B1Y8lAxCqorpUA73fXIfA7aBRh8_U8rSlJ345ZDxarExYAlZzsYfmEd-wiTIiybRTUDw2AqCZn07ePMTATPG-G7HwAnueqeYQNPDnINgFyRZIcfpDAk0s1GNUpPQSh_WzA9jaaOowGh4p8-YT-eI3m_ogcTGgLIqwcRCWkvIsni_dXaUHqa3J5YxPcIOwWhrkmSyTByp98d9vhDwGuXeZYsPRC0aEMsKOJovWRrwoJA9YVGndontW5UCIw4VjVLXefaMyIyAje_JpoP4uxPXhdTpkt5vAXbH0ohcoYNiL2ny64s7eU53FoTEqRh1ylrSMkBSqMEsjnZpI-8l17RAui1D5fS5IkJSGsmvr8fY3tUcQ7wYXkHT_29w3IG20or9USdqz7e2O9lmZhAJ5veEvdTo3_pythRBah_8PC5KsHhRQTfaYAwnHedcoMKgzpZKDM04aOER4xrpFN93XpjZSjb1rWm4C9S54NhEQcI2QMWFuqwULMaktNj-3av7n_6wgAtRNLmNisYwBPE2utDfHvLIdpeQNXivOjLDIUSe6noD4n4k1I5xJcRtISR_zF-VYewbWGCALBleuMk7_o4VD00AdG16n64NikVK80Ghez6EemSILh2AuIDb_7SOoIJgKoVJfjI6GF4ht5dVgPTBqJ7Y3onRimsJ4ekpMr7q9qZVZPxhhteG93Ybj4nDvys68DsipkP7dRzxx4IbNdEIXKIII1bDwKVsCEbPlS5PmNjvjph0rsNBzdu8wlBmdWv_-m-D6BrXu7KsvFlvM3xv-8xHvspJ67ihVE_uSmDrhC-PxIqZMP434vtggmDWMhV84fMWG-CV_v7NBeYQqTTiFc4pPWGVOU8on_XU2MLX5A2Fl5cAAwKNARA39ogxgAtAENjwCtNdE_Aq8OIHPlFM4ZhRoUNdutdGAsLkB2yNvYxiDi9dOXSxgNVO4XzWBn1e3q3mT-S674sS2ylVHGJidVxPy09Bjzxt0_yfs-1s1IjahGuzM8f4dJLiw14Ej9E-ADPCxyhkvyU2FwTVAwx_UwB4dL3lqdW_24IH2eZ6OPUr00xkCjGM9Ze5KsxJXiZyzvVu9yjFtQEaB3-dKmrUC7b1cHRTsLaDkaBJbcwoqTqnOT_Vj1v1YO-C0Wh7opKxNT9Bpps55cEfBms9UJHk9-JliV8joMiYv0K-dspR-nnMdhSeckvMD5ssHrorm2-JmpBxA8nyKYiFiRtz43Xs2bjHiT9W6JIJa4_4g8YpsMK5lts_YhlitPbXNC2Zl7M2worLZE9xksX95qk7FBdufBFqlDnFOzO1ShSBYbssuBJwjn_2EONC0ELzcnJlhruGfNA2RV6RNA-UHnBMm3jPPK3tEkTkKbsKTtQYMo&cid=CAASEuRoCYXDousSUCqGVklKwhX-SA&rfl=2%2Chttps%253A%252F%252Fnets4.com%242%2Chttps%253A%252F%252Fnets4.com%252F%240

Requested by

Host: nets4.com
URL: https://nets4.com/domain/megaplay.cc

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b5bf7d3c3fb273f048b80e7467c8974558b290460d6b0111f86481a5fb2a313a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://41930831e50f6c0a667ec604b453a08b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 02 Mar 2022 00:15:02 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 16019
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame DE75 42 B
63 B 41ms
40ms Image
image/gif 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-D1pbIwytlMRebbEfzd46UaLVSNu2HUfoXMnd_sK3JzKiT4C2ailVV9Y6bqBWrl-KIoacq2M-HJ3rRh-TJrxwQGr76IZ3LJJtcpRUOFBfZGF6ldXWo

Requested by

Host: 41930831e50f6c0a667ec604b453a08b.safeframe.googlesyndication.com
URL: https://41930831e50f6c0a667ec604b453a08b.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://41930831e50f6c0a667ec604b453a08b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 02 Mar 2022 00:15:02 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220225/r20110914/client/ Frame DE75 2 KB
1 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220225/r20110914/client/window_focus_fy2019.js

Requested by

Host: 41930831e50f6c0a667ec604b453a08b.safeframe.googlesyndication.com
URL: https://41930831e50f6c0a667ec604b453a08b.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

68026f99511fbc5c2275b7068b5fac19797d638977ffb9db12c5c1523614c18f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://41930831e50f6c0a667ec604b453a08b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Tue, 01 Mar 2022 23:59:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 951
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1233
x-xss-protection: 0
server: cafe
etag: 16517525077337815633
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 15 Mar 2022 23:59:11 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame DE75 124 KB
38 KB 32ms
31ms Script
text/javascript 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 41930831e50f6c0a667ec604b453a08b.safeframe.googlesyndication.com
URL: https://41930831e50f6c0a667ec604b453a08b.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

421826ba172a54d9fd676a0a6ec9d635c3f2210aba81b270d1505c8c653ae4ff

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://41930831e50f6c0a667ec604b453a08b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Wed, 02 Mar 2022 00:15:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 38862
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1646052075697155"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Wed, 02 Mar 2022 00:15:02 GMT

GET
H3 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220225/r20110914/client/ Frame DE75 15 KB
6 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220225/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: 41930831e50f6c0a667ec604b453a08b.safeframe.googlesyndication.com
URL: https://41930831e50f6c0a667ec604b453a08b.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

383f95a75b02bb1370e93c9c3c6b9f060a98dbe492b16d8e1da3f653a800e435

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://41930831e50f6c0a667ec604b453a08b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Tue, 01 Mar 2022 23:58:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 986
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6433
x-xss-protection: 0
server: cafe
etag: 3306657128042699500
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 15 Mar 2022 23:58:36 GMT

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame 95F2 17 KB
6 KB 26ms
25ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022022401.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Wed, 02 Mar 2022 00:15:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Wed, 02 Mar 2022 00:15:02 GMT

GET
H2 200 ThirdParty Show response
s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.219/e/igSBggDQ/i/vCAv.IAAAAAoAA/r:types/ Frame 2324 34 KB
15 KB 24ms
21ms Script
text/javascript 37.157.2.248
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL: https://s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.219/e/igSBggDQ/i/vCAv.IAAAAAoAA/r:types/ThirdParty
Requested by: Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/bootstrap.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.157.2.248 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software: nginx /
Resource Hash: 7d7628a205cb2d3fbb20a6bd04e0a0c0631e143c2e6449b2eeaae4eccaa65d05

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://16ef2bfb7fd529af9b454a60baa82224.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Wed, 02 Mar 2022 00:15:02 GMT
content-encoding: gzip
last-modified: Thu, 10 Feb 2022 15:16:56 GMT
server: nginx
x-cache-status: HIT
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=100000
expires: Thu, 03 Mar 2022 03:54:45 GMT

GET
H3 200 container.html Show response
5d1e409b7e761b3a6327b2b6b243a2fb.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 4DE6 6 KB
3 KB 8ms
7ms Document
text/html 2a00:1450:4001:810::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://5d1e409b7e761b3a6327b2b6b243a2fb.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022022401.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 3108
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 02 Mar 2022 00:15:02 GMT
expires: Thu, 02 Mar 2023 00:15:02 GMT
cache-control: public, immutable, max-age=31536000
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
content-type: text/html
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

OPTIONS
H2 200 i
api.purpleads.io/x/a/525b00b754cc09c56c884261cbb6426f:4daec7e45a4ce6a05a7da3819abefe19e7c9ba935eec2a435389061e09cf0951aac39f3e61428b879a6af499d071fbe79e351e5cb1eacdfac86058c43552a40171d31ff7c3dee20... Frame 0
0 99ms
98ms Preflight 34.227.128.233
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://api.purpleads.io/x/a/525b00b754cc09c56c884261cbb6426f:4daec7e45a4ce6a05a7da3819abefe19e7c9ba935eec2a435389061e09cf0951aac39f3e61428b879a6af499d071fbe79e351e5cb1eacdfac86058c43552a40171d31ff7c3dee20342040c8ba0023433a4513283116dc97c33706d468a3383e8/i?id=6f2d7891-fd73-43af-bfd8-4b2dd0814fd3&ts=1646180102852
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.227.128.233 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-227-128-233.compute-1.amazonaws.com
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: GET
Access-Control-Request-Headers: authorization,content-type,x-purpleads-version,x-request-url
Origin: https://nets4.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

date: Wed, 02 Mar 2022 00:15:02 GMT
access-control-allow-origin: https://nets4.com
access-control-allow-credentials: true
access-control-allow-methods: GET, PUT, POST, DELETE, HEAD, OPTIONS
access-control-allow-headers: authorization,content-type,x-purpleads-version,x-request-url
x-request-id: d6c6690e-ae3d-4c04-aa5b-c15baefc2b40

GET
H2 200 i Show response
api.purpleads.io/x/a/525b00b754cc09c56c884261cbb6426f:4daec7e45a4ce6a05a7da3819abefe19e7c9ba935eec2a435389061e09cf0951aac39f3e61428b879a6af499d071fbe79e351e5cb1eacdfac86058c43552a40171d31ff7c3dee20... 0
199 B 151ms
148ms Fetch 34.227.128.233
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://api.purpleads.io/x/a/525b00b754cc09c56c884261cbb6426f:4daec7e45a4ce6a05a7da3819abefe19e7c9ba935eec2a435389061e09cf0951aac39f3e61428b879a6af499d071fbe79e351e5cb1eacdfac86058c43552a40171d31ff7c3dee20342040c8ba0023433a4513283116dc97c33706d468a3383e8/i?id=6f2d7891-fd73-43af-bfd8-4b2dd0814fd3&ts=1646180102852
Requested by: Host: cdn.purpleads.io
URL: https://cdn.purpleads.io/load.js?publisherId=344ad2e45bc351c4ada152793585a015:8aed5d81ec539e8e6c45776fc6ee38d0aa92f5aeb356bf9114996f6476591916247996f56f76a9fe14770cd4806b54edb29d6938615ba1769d3b435fb1fcd83b
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.227.128.233 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-227-128-233.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Authorization: Bearer 344ad2e45bc351c4ada152793585a015:8aed5d81ec539e8e6c45776fc6ee38d0aa92f5aeb356bf9114996f6476591916247996f56f76a9fe14770cd4806b54edb29d6938615ba1769d3b435fb1fcd83b
x-request-url: aHR0cHM6Ly9uZXRzNC5jb20vZG9tYWluL21lZ2FwbGF5LmNj
Accept: application/json
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type: application/json
x-purpleads-version: 0.4.13

Response headers

access-control-allow-origin: https://nets4.com
date: Wed, 02 Mar 2022 00:15:03 GMT
access-control-allow-methods: GET, PUT, POST, DELETE, HEAD, OPTIONS
access-control-allow-credentials: true
x-request-id: df4c443e-2574-469e-a8d6-b0c044cea066

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame B274 1 KB
749 B 7ms
7ms Document
text/html 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: 16ef2bfb7fd529af9b454a60baa82224.safeframe.googlesyndication.com
URL: https://16ef2bfb7fd529af9b454a60baa82224.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://16ef2bfb7fd529af9b454a60baa82224.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 724
x-xss-protection: 0
date: Tue, 01 Mar 2022 13:26:12 GMT
expires: Wed, 02 Mar 2022 13:26:12 GMT
cache-control: public, max-age=86400
age: 38930
etag: 48472445140208031
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
DATA 200
OK truncated
/ Frame 2324 213 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e51c3ac8c961bc189c932f973561e713a6279e5fec069c8b68f74581259c4195

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 frame.html Show response
ad4m.at/ Frame C1F8 2 KB
2 KB 33ms
20ms Document
text/html 2606:4700:20::681a:ad1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ad4m.at/frame.html
Requested by: Host: ad4m.at
URL: https://ad4m.at/r62eglto.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::681a:ad1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d12a71cd626ac8f0fc91e6f1b98280cfb49fd724f2dcc118d192adff9a0154b4

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://16ef2bfb7fd529af9b454a60baa82224.safeframe.googlesyndication.com/

Response headers

date: Wed, 02 Mar 2022 00:15:02 GMT
content-type: text/html; charset=utf-8
x-guploader-uploadid: ADPycdtpjC_BIP2JYJZvmIEVoowNNyTqNe6BE0JRdKJ1uhQ6k3Yfe6DPCN0GjBPS_zYil04QuBTjwG5dQACzvgbqPw78EHDYzg
x-goog-generation: 1588777770164783
x-goog-metageneration: 3
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 1681
x-goog-meta-
x-goog-custom-time: 1970-01-01T00:00:00Z
content-language: en
x-goog-hash: crc32c=iTDHew== md5=c2ZaqCqAXxKd4MgeeQDU8g==
x-goog-storage-class: MULTI_REGIONAL
expires: Wed, 02 Mar 2022 01:15:02 GMT
cache-control: public, max-age=3600
age: 629747
last-modified: Wed, 06 May 2020 15:09:30 GMT
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-cache-status: HIT
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=EzrlIslVLZTSWGxdCEz5IBpwNh1oyXJP%2Fzom0JdgG69CJSxXy7mm43TiMUYyriPCC87Ba%2Bb2TfrFvdy0y%2FXYka3L0AYYNhVxVwn%2F6QBR7ygkXamVeaOCNBcS8K3yk6a8a7UmtAk%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 6e55ef8b5c149944-FRA
content-encoding: br

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20220225/r20110914/ Frame DE75 25 KB
9 KB 9ms
8ms Script
text/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20220225/r20110914/abg_lite.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-BRINy6wFGBeXwGIx54Ju7PTBP_C1DffJ_uHGKB6fx440bfU6ZOWxfQ8W1YoJ8z2pVyF39XmDvtbpMyFYHxAdD6lrgs-17O7Nle6Voq5EkMy2j7InV_9ZUqjx9NNLoB_0hiAldT3pTgaRD-iEjLzlW-KvfEuw&cry=1&dbm_d=AKAmf-D-zlUiRSdvDVv9UmW01SduTTwFF3qDIFDfwJCWISRWWB49owjzvoRhEHJHdUgzUn_odg7_A88pq1GtAIw3aNZLZmIhh4VZsUFjf0IzoCMs7pBF84YT_1MQfqLoTlWvMmT_6cDTARH4LJlMha-6AiRkLS0XVZipRsYmdryvXDm1hRP6CfYCYDKy8aTrZeL0wzWPBGBhftr9tp898iZZBfLHnj74VISbIPUuu27V_XI4WRL4f0BHOGVV4DqDJYbDoh9A07AoZFybaJLDCTD0y80GP0mfChYSPtpsLDCHzfjHofbaiXI7B_cEheERbAkhEgymWYB6YETawZ_1kkQ4kgQK9pjKXcaol822HMOIryJY-AF4716Of6cjdV2Z34jtg9vwpbBSCPd48CG-NxR7pwxDNA3Un3BINew91WK7PZlsoZIcRgIJsNGdc9C0f13Dk8kUYKxZxNUxW7OhGdc0lXSxOewdvgOPtn7-qbN15q3qm3wwbda2ya8tpCapm8AOQ0cK3E6mOnjXZuAgRG7_TOh4oc1yc27oz9DUGvt1Vh6gnVXtLuYV_dk8kxZMk0vuQIi69r3dzYjBZdF2C_ACnVoe3NINtbyCynu90yGz9EozbHKDycvBwp4lBkj5pEr-SVxRUX6MM_YYQs_Kx1XoRRo0jjWrhsEblSD8hDFucZuj-Q6gDytOz5qo_roEBkKiVXKijqYhe-NkXeAdar1GY_cOhOwsDK37qUcQLwO8MNV2z-KgQWegQIfE4cKFRTQD3tBgQU3Gdbt0UdotiBUbQsV7eQ4SK5FPDTS_FDfn3zalESyJZejRB-wnZrEq7A_fb3U8qVSEk1-o47UU8BFTTaqF0ihvCg4fZMTwilPW_Dtgi9HWaRDzJ81don_w5P4GYk8li_YoPIPlPt8Z9Nq33qolJ3RRizOpA40EtaIZa-k8tGEXQL2OdpCsgOJWZ7OSiGUcDT-jQLfMbhHES-esY0YGKSl89qYDN8htFjSJkNrlMt8RoN5scmlarm7omtjzkoRa3nN1lpfuHKWItmVrYvakDNZACcrrPqqTZ_VM_BHJpPhxRfPe4nyMnzy4RfzdFgyTJU9tsiWcsh5Jpy3oGrWQlUwVzq0z7svTqt3fe-rILOP-4A5_siC_JGmK1TqZ7vOON0wfZrqyQyj0TyGBFcY3XXdFZp8EslsO96abGQB7cU_aNtqFtY72em83v4kcgtOR6ReHBFUu4B1KDjZ-znVvzKIAJF0fyHIZ5aDuPDdU3uDogdSBkWd-b1G6NvtH2DTeyW-50N9IQCxU4nhb5CtYvNuOQHDjEcuNLqEPb1xvSlKoWYpE-OTzk31sT453f0-E_wbsv5Zg8FnTuN-B_cuYb78VZg0IMybogsArkAFgtcnWPrGYLsJW_rM2N5xhn-QwX2nY1rQhbTr9fIVI9TrSBmRQpJkm-ajQMV9PH5LJfimYLrb2a-puLNH7eGmTNoJ1IWCfHfNcGWCagbdexZsz6fVONyVxwoLQVvQie7LZmve-_OER-35AL5oRCmwkZ6hx1yw4BMw4DcThfk9dcAvtRxtp6GgSrYeg_I6rqekGF8BL3C15blYLUQUV9V2zZZXL5zF5sAaxTbkG3YcryA7pACI31oErrEPfpdSEQF_H3kmcxiAIUIVGZBLWmUrWV7AyyOP3m80OgZ0uWP6CLrClc8awswl4y4lTIVuxnSiZ-BsFA65t9gABMGJObCPlUJREXuAf6cdov8j0w5B1w_YCwA2M_tTteDh21rxIQcrkvdAhHxd8dCjGOhch2LmUzHqwuwA6YosBikZ31jNeQMMAMB-N0_MtFSPi6-7AhLV-l0htG31HblXCVUpmGPxcbcSEiu9PcHFF-B1Y8lAxCqorpUA73fXIfA7aBRh8_U8rSlJ345ZDxarExYAlZzsYfmEd-wiTIiybRTUDw2AqCZn07ePMTATPG-G7HwAnueqeYQNPDnINgFyRZIcfpDAk0s1GNUpPQSh_WzA9jaaOowGh4p8-YT-eI3m_ogcTGgLIqwcRCWkvIsni_dXaUHqa3J5YxPcIOwWhrkmSyTByp98d9vhDwGuXeZYsPRC0aEMsKOJovWRrwoJA9YVGndontW5UCIw4VjVLXefaMyIyAje_JpoP4uxPXhdTpkt5vAXbH0ohcoYNiL2ny64s7eU53FoTEqRh1ylrSMkBSqMEsjnZpI-8l17RAui1D5fS5IkJSGsmvr8fY3tUcQ7wYXkHT_29w3IG20or9USdqz7e2O9lmZhAJ5veEvdTo3_pythRBah_8PC5KsHhRQTfaYAwnHedcoMKgzpZKDM04aOER4xrpFN93XpjZSjb1rWm4C9S54NhEQcI2QMWFuqwULMaktNj-3av7n_6wgAtRNLmNisYwBPE2utDfHvLIdpeQNXivOjLDIUSe6noD4n4k1I5xJcRtISR_zF-VYewbWGCALBleuMk7_o4VD00AdG16n64NikVK80Ghez6EemSILh2AuIDb_7SOoIJgKoVJfjI6GF4ht5dVgPTBqJ7Y3onRimsJ4ekpMr7q9qZVZPxhhteG93Ybj4nDvys68DsipkP7dRzxx4IbNdEIXKIII1bDwKVsCEbPlS5PmNjvjph0rsNBzdu8wlBmdWv_-m-D6BrXu7KsvFlvM3xv-8xHvspJ67ihVE_uSmDrhC-PxIqZMP434vtggmDWMhV84fMWG-CV_v7NBeYQqTTiFc4pPWGVOU8on_XU2MLX5A2Fl5cAAwKNARA39ogxgAtAENjwCtNdE_Aq8OIHPlFM4ZhRoUNdutdGAsLkB2yNvYxiDi9dOXSxgNVO4XzWBn1e3q3mT-S674sS2ylVHGJidVxPy09Bjzxt0_yfs-1s1IjahGuzM8f4dJLiw14Ej9E-ADPCxyhkvyU2FwTVAwx_UwB4dL3lqdW_24IH2eZ6OPUr00xkCjGM9Ze5KsxJXiZyzvVu9yjFtQEaB3-dKmrUC7b1cHRTsLaDkaBJbcwoqTqnOT_Vj1v1YO-C0Wh7opKxNT9Bpps55cEfBms9UJHk9-JliV8joMiYv0K-dspR-nnMdhSeckvMD5ssHrorm2-JmpBxA8nyKYiFiRtz43Xs2bjHiT9W6JIJa4_4g8YpsMK5lts_YhlitPbXNC2Zl7M2worLZE9xksX95qk7FBdufBFqlDnFOzO1ShSBYbssuBJwjn_2EONC0ELzcnJlhruGfNA2RV6RNA-UHnBMm3jPPK3tEkTkKbsKTtQYMo&cid=CAASEuRoCYXDousSUCqGVklKwhX-SA&rfl=2%2Chttps%253A%252F%252Fnets4.com%242%2Chttps%253A%252F%252Fnets4.com%252F%240

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b7fb55cee3f07d021bbc1a8812f42e584f1c2fbd540f147dbeb7f3c4818f9fdd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://41930831e50f6c0a667ec604b453a08b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Tue, 01 Mar 2022 23:42:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1948
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9649
x-xss-protection: 0
server: cafe
etag: 14231210586090289831
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 15 Mar 2022 23:42:34 GMT

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame DE75 41 KB
15 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://41930831e50f6c0a667ec604b453a08b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Thu, 24 Feb 2022 16:13:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 460881
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 24 Feb 2023 16:13:41 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 738C
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEOfp2Talr_hYa-xkwIV5Q5E&google_cver=1

43 B
894 B

18ms
18ms

Image
image/gif

2.21.141.232
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEOfp2Talr_hYa-xkwIV5Q5E&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhCn9EsYvNLFlQEwAQ&v=APEucNU4gKzUdjKEo3zjzPCRtOaAWDyl97oPlroppmN9PGpbk6TlqFB4xcF1QkRyurXL9WPg5O-vSFgxpyi-mMDnSFa5le0dT1uQReSuefcoz8EEsX4e2AxGy3CapKga4AQ-LHjY4MjcQVqW_zjeLJBA3dhRgQaa6dRn4ufV6z5LqpIT86Mawmo
Protocol: HTTP/1.1
Server: 2.21.141.232 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-21-141-232.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 02 Mar 2022 00:15:02 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Wed, 02 Mar 2022 00:15:02 GMT

Redirect headers

pragma: no-cache
date: Wed, 02 Mar 2022 00:15:02 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEOfp2Talr_hYa-xkwIV5Q5E&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 738C
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=Yh63BZGECoamCwQZMGVtTAAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEOfp2Talr_hYa-xkwIV5Q5E&google_cver=1

43 B
1014 B

16ms
15ms

Image
image/gif

2.21.141.232
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEOfp2Talr_hYa-xkwIV5Q5E&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhCn9EsYvNLFlQEwAQ&v=APEucNU4gKzUdjKEo3zjzPCRtOaAWDyl97oPlroppmN9PGpbk6TlqFB4xcF1QkRyurXL9WPg5O-vSFgxpyi-mMDnSFa5le0dT1uQReSuefcoz8EEsX4e2AxGy3CapKga4AQ-LHjY4MjcQVqW_zjeLJBA3dhRgQaa6dRn4ufV6z5LqpIT86Mawmo
Protocol: HTTP/1.1
Server: 2.21.141.232 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-21-141-232.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 02 Mar 2022 00:15:03 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Wed, 02 Mar 2022 00:15:03 GMT

Redirect headers

pragma: no-cache
date: Wed, 02 Mar 2022 00:15:02 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEOfp2Talr_hYa-xkwIV5Q5E&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

setuid
ib.adnxs.com/ Frame 738C
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESEM3rqXKyYCp8LKWaHgTWUaw&google_cver=1

43 B
1018 B

9ms
8ms

Image
image/gif

37.252.173.22
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/setuid?entity=101&code=CAESEM3rqXKyYCp8LKWaHgTWUaw&google_cver=1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhCn9EsYvNLFlQEwAQ&v=APEucNU4gKzUdjKEo3zjzPCRtOaAWDyl97oPlroppmN9PGpbk6TlqFB4xcF1QkRyurXL9WPg5O-vSFgxpyi-mMDnSFa5le0dT1uQReSuefcoz8EEsX4e2AxGy3CapKga4AQ-LHjY4MjcQVqW_zjeLJBA3dhRgQaa6dRn4ufV6z5LqpIT86Mawmo

Protocol

HTTP/1.1

Server

37.252.173.22 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

536.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 02 Mar 2022 00:15:02 GMT
X-Proxy-Origin: 138.199.38.132; 138.199.38.132; 536.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
AN-X-Request-Uuid: da96beb8-11ec-4f01-83b5-d00ac1a1d89e
Server: nginx/1.21.3
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Wed, 02 Mar 2022 00:15:02 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://ib.adnxs.com/setuid?entity=101&code=CAESEM3rqXKyYCp8LKWaHgTWUaw&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 290
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 738C
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NDgzMjg0NDE4NDcwMzI2NTU3OA%3D%3D

170 B
188 B

21ms
21ms

Image
image/png

172.217.16.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NDgzMjg0NDE4NDcwMzI2NTU3OA%3D%3D

Requested by

Protocol

Server

172.217.16.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

zrh04s06-in-f130.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 02 Mar 2022 00:15:03 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Wed, 02 Mar 2022 00:15:02 GMT
X-Proxy-Origin: 138.199.38.132; 138.199.38.132; 536.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
AN-X-Request-Uuid: 25f9ed11-d1b0-4c9a-95cf-036702258f9d
Server: nginx/1.21.3
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NDgzMjg0NDE4NDcwMzI2NTU3OA%3D%3D
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 0273 13 KB
5 KB 21ms
20ms Document
text/html 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-length: 5046
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 01 Mar 2022 20:59:40 GMT
expires: Wed, 01 Mar 2023 20:59:40 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
content-type: text/html
age: 11722
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 4B19 783 B
535 B 20ms
19ms Document
text/html 2a00:1450:4001:810::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

be28fbf138d5b4e52243ed8e013cdfa8f2fa2bcb0813557387b40234a7170ffd

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-16FrHNmnfmmZo4K7K/CKBg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/

Response headers

cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
expires: Wed, 02 Mar 2022 00:15:02 GMT
date: Wed, 02 Mar 2022 00:15:02 GMT
cache-control: private, max-age=300
content-type: text/html; charset=utf-8
content-security-policy: script-src 'report-sample' 'nonce-16FrHNmnfmmZo4K7K/CKBg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 513
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 / Show response
track.adform.net/adfscript/ Frame 4DE6 2 KB
2 KB 20ms
18ms Script
text/javascript 37.157.6.247
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://track.adform.net/adfscript/?bn=45644900;rtbwp=Yh63BgAKoAoHg4VQAAmSHeX38k_QPJokNi4sYg;rtbdata=jMNqeDmYZHhqJs8LPqZN7CEIWyH6MK7Vsys4F_k4Srcj5mLkIOMPnw6lzVbaIVSCz2H8BUGO2GN7YivtyqnHvJ4njTShSpQRJpSNbM-lEoX8L4auf8hiaSI6TCT45abKviLQ1T7f49UsVVTyv_CHqewB0V_IzYJrb_MopXzN9CsJYDSWPYEHD0_xMSCO6M6-ZyMC0bR8vGetMk5V5N9JdMyEZsIH1IEMTEqaPYYoJ2CU-dbjVktkYdLfs_VvKGNZWIjyVP-UU81kkIBdFMC2B7rd3-UFq8FHzE84L7myRcmuoXq5I2RfAVmVu0cmYLQFDch6SEXxZziBppdUcd6ImuFBboVeNKvP0;nofp=1;click=https://adclick.g.doubleclick.net/aclk?sa=L&ai=CD7HgBrceYorAKtCKjuwPnaSmqAHovpiUXKCls8n9CMCNtwEQASAAYJWCgICwB4IBF2NhLXB1Yi01NDEzMzI5NTQ0MDQwOTQ3yAEJqQJ67Vjh_wqEPuACAKgDAaoEywJP0JFf0ZBtymH4Io-Dh7c3q1Ka0sOseg7Bj8H9Ozm-mA8Q0FOq5Z7TUBLgu34mFXZOwNe9EiUX9Daudn5vu39wsboBYnAQiEYPtG8Fx_6STcAKGRHrgSqO7NmPOe-xEBHxJShYzFccI0oZcDH2ty_95z08UpxIEcdDGG_p9DXxlxBp8OkQxLHrsSUydJmgkIR6TN37zq7sfBpYfg2pJtXeQMFaU0fuPmC1UIsoNHxJP_SQ0oo6TxL-PizYrKLKDrMV0KuvaXNaHdSR7yGyCCKXvk7OSD7Fj8XzfTZEUWJpG9uXAhz1GPVVlg2avDpdLawVFM1g43QOhB58TGApzSeS64juxTHcZ67y3J9jrMeX7sVXidH05hrHazeT_l1iRw8-74OVQzQJizhpbpNyFx8Xlf5hnm8rQtXKvhp-JTXyeIRDchn1Q2CqgpyP4AQBgAbjyrPj9Nfi048BoAYhqAemvhuoB5bYG6gHqpuxAqgH35-xAtgHANIIBwiA4YAQEAH6CwIIAYAMAdAVAYAXAQ&num=1&sig=AOD64_3IRhjcXk4iKXF8VJEUk4zkHLTT9A&client=ca-pub-5413329544040947&adurl=

Requested by

Host: 5d1e409b7e761b3a6327b2b6b243a2fb.safeframe.googlesyndication.com
URL: https://5d1e409b7e761b3a6327b2b6b243a2fb.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.6.247 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

c690d8b9e573fc5f3222a7b337c4201a88e96700853f6980bdca7d741dc3f95c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://5d1e409b7e761b3a6327b2b6b243a2fb.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 02 Mar 2022 00:15:02 GMT
content-encoding: gzip
server: nginx
vary: Accept-Encoding
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
strict-transport-security: max-age=31536000; includeSubDomains
content-type: text/javascript; charset=utf-8
content-length: 1850
expires: -1

GET
H3 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220225/r20110914/client/ Frame 4DE6 2 KB
1 KB 8ms
6ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220225/r20110914/client/window_focus_fy2019.js

Requested by

Host: 5d1e409b7e761b3a6327b2b6b243a2fb.safeframe.googlesyndication.com
URL: https://5d1e409b7e761b3a6327b2b6b243a2fb.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

68026f99511fbc5c2275b7068b5fac19797d638977ffb9db12c5c1523614c18f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://5d1e409b7e761b3a6327b2b6b243a2fb.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Tue, 01 Mar 2022 23:59:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 951
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1233
x-xss-protection: 0
server: cafe
etag: 16517525077337815633
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 15 Mar 2022 23:59:11 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 4DE6 124 KB
38 KB 18ms
17ms Script
text/javascript 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 5d1e409b7e761b3a6327b2b6b243a2fb.safeframe.googlesyndication.com
URL: https://5d1e409b7e761b3a6327b2b6b243a2fb.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

421826ba172a54d9fd676a0a6ec9d635c3f2210aba81b270d1505c8c653ae4ff

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://5d1e409b7e761b3a6327b2b6b243a2fb.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Wed, 02 Mar 2022 00:15:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 38862
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1646052075697155"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Wed, 02 Mar 2022 00:15:02 GMT

GET
H3 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220225/r20110914/client/ Frame 4DE6 15 KB
6 KB 9ms
8ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220225/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: 5d1e409b7e761b3a6327b2b6b243a2fb.safeframe.googlesyndication.com
URL: https://5d1e409b7e761b3a6327b2b6b243a2fb.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

383f95a75b02bb1370e93c9c3c6b9f060a98dbe492b16d8e1da3f653a800e435

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://5d1e409b7e761b3a6327b2b6b243a2fb.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Tue, 01 Mar 2022 23:58:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 986
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6433
x-xss-protection: 0
server: cafe
etag: 3306657128042699500
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 15 Mar 2022 23:58:36 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame 4DE6 0
0 16ms
15ms Image
text/html 2a00:1450:4001:810::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaTzaLCqgQhuMhSc6FBdd0w3ko9e9KSuZkmBCK2l7EjOOfL-0XHKG3eGnhSbpLR0WLcClVG5tpcHj9rsHL-t_FZRiBC0LA
Requested by: Host: 5d1e409b7e761b3a6327b2b6b243a2fb.safeframe.googlesyndication.com
URL: https://5d1e409b7e761b3a6327b2b6b243a2fb.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:810::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://5d1e409b7e761b3a6327b2b6b243a2fb.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

GET
H3 200 ext.js Show response
tpc.googlesyndication.com/safeframe/1-0-38/js/ Frame 4DE6 22 KB
7 KB 9ms
8ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/safeframe/1-0-38/js/ext.js

Requested by

Host: 5d1e409b7e761b3a6327b2b6b243a2fb.safeframe.googlesyndication.com
URL: https://5d1e409b7e761b3a6327b2b6b243a2fb.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0bcac89d72d5f0b2bef20f815406384ff05489e4294acee57409060c2eccffc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://5d1e409b7e761b3a6327b2b6b243a2fb.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Wed, 23 Feb 2022 14:03:17 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 555105
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7022
x-xss-protection: 0
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Thu, 23 Feb 2023 14:03:17 GMT

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame 0A10 0
9 B 6ms
6ms Image
text/plain 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?Karpag
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Wed, 02 Mar 2022 00:15:02 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0

GET
H3 200 adview
securepubads.g.doubleclick.net/pagead/ Frame 4DE6 0
0 52ms
52ms Fetch
text/html 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=CML6dBrceYorAKtCKjuwPnaSmqAHovpiUXKCls8n9CMCNtwEQASAAYJWCgICwB4IBF2NhLXB1Yi01NDEzMzI5NTQ0MDQwOTQ3yAEJqQJ67Vjh_wqEPuACAKgDAaoEyAJP0JFf0ZBtymH4Io-Dh7c3q1Ka0sOseg7Bj8H9Ozm-mA8Q0FOq5Z7TUBLgu34mFXZOwNe9EiUX9Daudn5vu39wsboBYnAQiEYPtG8Fx_6STcAKGRHrgSqO7NmPOe-xEBHxJShYzFccI0oZcDH2ty_95z08UpxIEcdDGG_p9DXxlxBp8OkQxLHrsSUydJmgkIR6TN37zq7sfBpYfg2pJtXeQMFaU0fuPmC1UIsoNHxJP_SQ0oo6TxL-PizYrKLKDrMV0KuvaXNaHdSR7yGyCCKXvk7OSD7Fj8XzfTZEUWJpG9uXAhz1GPVVlg2avDpdLawVFM1g43QOhB58TGApzSeS64juxTHcZ67y3J9jrMeX7sVXidH05hrHazeT_l1iRw8-78GXYqaVE5kFxDJW0fdsVD4FimXiSPvSaMmOXvQ41ZpvaodI-gwA4AQBgAbjyrPj9Nfi048BoAYhqAemvhuoB5bYG6gHqpuxAqgH35-xAtgHANIIBwiA4YAQEAGACgP6CwIIAYAMAdAVAYAXAbIXHAoaEhRwdWItNTQxMzMyOTU0NDA0MDk0NxjBjHQ&sigh=2BvgXafaa5g&uach_m=[UACH]&cid=CAQSPACNIrLM55wcXZZZwqqrA0EX4YW5ccAed1PmsWp1ujSCe5gM3vEiZIUJtXoJMDNdCIxag6oNJtlzWYW-kRgB&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.
Requested by: Host: nets4.com
URL: https://nets4.com/domain/megaplay.cc
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 142.250.185.130 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra16s50-in-f2.1e100.net
Software: /
Resource Hash

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://5d1e409b7e761b3a6327b2b6b243a2fb.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

GET /
google2waycm.netmng.com/cm/ Frame B274 0
0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame B274
Redirect Chain

https://pixel.everesttech.net/1/m?url=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Deverest%26google_hm%3D__EFGSURFER_USB64__%26google_push%3DAYg5qPKNay1gJwTFDBVv2RMiit9vGihStW1D48la7Ji...
https://cm.g.doubleclick.net/pixel?google_nid=everest&google_hm=WWg2M0J3QUFBR3hxVUR5bA&google_push=AYg5qPKNay1gJwTFDBVv2RMiit9vGihStW1D48la7Ji7iljk2_waMaUaalcya2X8gwQDp2iwlvMHA65V-DuHrz9M1M5v9v0dimSK

170 B
188 B

18ms
18ms

Image
image/png

172.217.16.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=everest&google_hm=WWg2M0J3QUFBR3hxVUR5bA&google_push=AYg5qPKNay1gJwTFDBVv2RMiit9vGihStW1D48la7Ji7iljk2_waMaUaalcya2X8gwQDp2iwlvMHA65V-DuHrz9M1M5v9v0dimSK

Protocol

Server

172.217.16.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

zrh04s06-in-f130.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 02 Mar 2022 00:15:03 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location: https://cm.g.doubleclick.net/pixel?google_nid=everest&google_hm=WWg2M0J3QUFBR3hxVUR5bA&google_push=AYg5qPKNay1gJwTFDBVv2RMiit9vGihStW1D48la7Ji7iljk2_waMaUaalcya2X8gwQDp2iwlvMHA65V-DuHrz9M1M5v9v0dimSK
Date: Wed, 02 Mar 2022 00:15:03 GMT
Server: Apache
Connection: keep-alive
Content-Length: 391
Content-Type: text/html; charset=iso-8859-1

GET
H2 200 google
match.adsrvr.org/track/cmf/ Frame B274 70 B
265 B 108ms
34ms Image
image/gif 52.223.40.198
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.adsrvr.org/track/cmf/google?google_gid=CAESEFMuMYPwg8m0cl-sukd2uLI&google_cver=1&google_push=AYg5qPKdQ_ews0VBgsL0VPPRgLIM_xa2Y15kPOcM--EYfREzxRRpXbjivC2yxec7fMNRJnUp-1Kzk0pUoJSekapOPiO_2Z_e-ovi
Requested by: Host: 16ef2bfb7fd529af9b454a60baa82224.safeframe.googlesyndication.com
URL: https://16ef2bfb7fd529af9b454a60baa82224.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.223.40.198 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a6370ebea231e0c9a.awsglobalaccelerator.com
Software: /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 02 Mar 2022 00:15:03 GMT
cache-control: private,no-cache, must-revalidate
x-aspnet-version: 4.0.30319
content-type: image/gif
content-length: 70
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame B274
Redirect Chain

https://d5p.de17a.com/cookies/google?google_gid=CAESEE9B-9qOdHKv_L4lxqyTYoI&google_cver=1&google_push=AYg5qPIXClLgPRLAL6uQOWoY7PnopoIP9HQU9QSDxTzVSiiJM44C8hfRBA0bzXOtyQp6nq3fTBl_2AVVrp3wofbSyXafdRK...
https://d5p.de17a.com/cookies/google;c?google_gid=CAESEE9B-9qOdHKv_L4lxqyTYoI&google_cver=1&google_push=AYg5qPIXClLgPRLAL6uQOWoY7PnopoIP9HQU9QSDxTzVSiiJM44C8hfRBA0bzXOtyQp6nq3fTBl_2AVVrp3wofbSyXafd...
https://cm.g.doubleclick.net/pixel?google_nid=delta_projects_ab&google_ula=668382&google_push=AYg5qPIXClLgPRLAL6uQOWoY7PnopoIP9HQU9QSDxTzVSiiJM44C8hfRBA0bzXOtyQp6nq3fTBl_2AVVrp3wofbSyXafdRK1Z-JV

170 B
188 B

20ms
20ms

Image
image/png

172.217.16.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=delta_projects_ab&google_ula=668382&google_push=AYg5qPIXClLgPRLAL6uQOWoY7PnopoIP9HQU9QSDxTzVSiiJM44C8hfRBA0bzXOtyQp6nq3fTBl_2AVVrp3wofbSyXafdRK1Z-JV

Protocol

Server

172.217.16.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

zrh04s06-in-f130.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 02 Mar 2022 00:15:03 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=delta_projects_ab&google_ula=668382&google_push=AYg5qPIXClLgPRLAL6uQOWoY7PnopoIP9HQU9QSDxTzVSiiJM44C8hfRBA0bzXOtyQp6nq3fTBl_2AVVrp3wofbSyXafdRK1Z-JV
content-length: 0
p3p: CP=NON CURa ADMa DEVa TAIa OUR STP IND UNI COM NAV

GET

pixel
cm.g.doubleclick.net/ Frame B274
Redirect Chain

https://onetag-sys.com/sync/i,19/?google_gid=CAESEGKSSvrgcZ-Ag_73g0jwtgk&google_cver=1&google_push=AYg5qPKeTMXyvqTskVtXU7-doGpV2n-5CYpCDHp1LeY0t8t9ZxiJib7bcNHS8wK78aHZrf3YXpeWJxTDtcCESfgr6QVPxp3Hv6FJ
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_push=AYg5qPKeTMXyvqTskVtXU7-doGpV2n-5CYpCDHp1LeY0t8t9ZxiJib7bcNHS8wK78aHZrf3YXpeWJxTDtcCESfgr6QVPxp3Hv6FJ
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_push=AYg5qPKeTMXyvqTskVtXU7-doGpV2n-5CYpCDHp1LeY0t8t9ZxiJib7bcNHS8wK78aHZrf3YXpeWJxTDtcCESfgr6QVPxp3Hv6FJ
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_push=AYg5qPKeTMXyvqTskVtXU7-doGpV2n-5CYpCDHp1LeY0t8t9ZxiJib7bcNHS8wK78aHZrf3YXpeWJxTDtcCESfgr6QVPxp3Hv6FJ
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_push=AYg5qPKeTMXyvqTskVtXU7-doGpV2n-5CYpCDHp1LeY0t8t9ZxiJib7bcNHS8wK78aHZrf3YXpeWJxTDtcCESfgr6QVPxp3Hv6FJ
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_push=AYg5qPKeTMXyvqTskVtXU7-doGpV2n-5CYpCDHp1LeY0t8t9ZxiJib7bcNHS8wK78aHZrf3YXpeWJxTDtcCESfgr6QVPxp3Hv6FJ
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_push=AYg5qPKeTMXyvqTskVtXU7-doGpV2n-5CYpCDHp1LeY0t8t9ZxiJib7bcNHS8wK78aHZrf3YXpeWJxTDtcCESfgr6QVPxp3Hv6FJ
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_push=AYg5qPKeTMXyvqTskVtXU7-doGpV2n-5CYpCDHp1LeY0t8t9ZxiJib7bcNHS8wK78aHZrf3YXpeWJxTDtcCESfgr6QVPxp3Hv6FJ
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_push=AYg5qPKeTMXyvqTskVtXU7-doGpV2n-5CYpCDHp1LeY0t8t9ZxiJib7bcNHS8wK78aHZrf3YXpeWJxTDtcCESfgr6QVPxp3Hv6FJ
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_push=AYg5qPKeTMXyvqTskVtXU7-doGpV2n-5CYpCDHp1LeY0t8t9ZxiJib7bcNHS8wK78aHZrf3YXpeWJxTDtcCESfgr6QVPxp3Hv6FJ
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_push=AYg5qPKeTMXyvqTskVtXU7-doGpV2n-5CYpCDHp1LeY0t8t9ZxiJib7bcNHS8wK78aHZrf3YXpeWJxTDtcCESfgr6QVPxp3Hv6FJ
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_push=AYg5qPKeTMXyvqTskVtXU7-doGpV2n-5CYpCDHp1LeY0t8t9ZxiJib7bcNHS8wK78aHZrf3YXpeWJxTDtcCESfgr6QVPxp3Hv6FJ
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_push=AYg5qPKeTMXyvqTskVtXU7-doGpV2n-5CYpCDHp1LeY0t8t9ZxiJib7bcNHS8wK78aHZrf3YXpeWJxTDtcCESfgr6QVPxp3Hv6FJ
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_push=AYg5qPKeTMXyvqTskVtXU7-doGpV2n-5CYpCDHp1LeY0t8t9ZxiJib7bcNHS8wK78aHZrf3YXpeWJxTDtcCESfgr6QVPxp3Hv6FJ
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_push=AYg5qPKeTMXyvqTskVtXU7-doGpV2n-5CYpCDHp1LeY0t8t9ZxiJib7bcNHS8wK78aHZrf3YXpeWJxTDtcCESfgr6QVPxp3Hv6FJ
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_push=AYg5qPKeTMXyvqTskVtXU7-doGpV2n-5CYpCDHp1LeY0t8t9ZxiJib7bcNHS8wK78aHZrf3YXpeWJxTDtcCESfgr6QVPxp3Hv6FJ
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_push=AYg5qPKeTMXyvqTskVtXU7-doGpV2n-5CYpCDHp1LeY0t8t9ZxiJib7bcNHS8wK78aHZrf3YXpeWJxTDtcCESfgr6QVPxp3Hv6FJ
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_push=AYg5qPKeTMXyvqTskVtXU7-doGpV2n-5CYpCDHp1LeY0t8t9ZxiJib7bcNHS8wK78aHZrf3YXpeWJxTDtcCESfgr6QVPxp3Hv6FJ
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_push=AYg5qPKeTMXyvqTskVtXU7-doGpV2n-5CYpCDHp1LeY0t8t9ZxiJib7bcNHS8wK78aHZrf3YXpeWJxTDtcCESfgr6QVPxp3Hv6FJ
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_push=AYg5qPKeTMXyvqTskVtXU7-doGpV2n-5CYpCDHp1LeY0t8t9ZxiJib7bcNHS8wK78aHZrf3YXpeWJxTDtcCESfgr6QVPxp3Hv6FJ
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_push=AYg5qPKeTMXyvqTskVtXU7-doGpV2n-5CYpCDHp1LeY0t8t9ZxiJib7bcNHS8wK78aHZrf3YXpeWJxTDtcCESfgr6QVPxp3Hv6FJ

0
0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame B274
Redirect Chain

https://pixel.advertising.com/ups/58202/sync?gdpr=&gdpr_consent=&redir=true&google_gid=CAESEJCoeJBhDBSsIvWXzCsyazw&google_cver=1&google_push=AYg5qPIp_aEiXuBHwNMbypCaK1MS3nSQAT6llEssgZ-tPKZ4jRsNRkVB...
https://pixel.advertising.com/ups/58202/sync?gdpr=&gdpr_consent=&redir=true&google_gid=CAESEJCoeJBhDBSsIvWXzCsyazw&google_cver=1&google_push=AYg5qPIp_aEiXuBHwNMbypCaK1MS3nSQAT6llEssgZ-tPKZ4jRsNRkVB...
https://ups.analytics.yahoo.com/ups/58202/sync?gdpr=&gdpr_consent=&redir=true&google_gid=CAESEJCoeJBhDBSsIvWXzCsyazw&google_cver=1&google_push=AYg5qPIp_aEiXuBHwNMbypCaK1MS3nSQAT6llEssgZ-tPKZ4jRsNRk...
https://ups.analytics.yahoo.com/ups/58202/sync?gdpr=&gdpr_consent=&redir=true&google_gid=CAESEJCoeJBhDBSsIvWXzCsyazw&google_cver=1&google_push=AYg5qPIp_aEiXuBHwNMbypCaK1MS3nSQAT6llEssgZ-tPKZ4jRsNRk...
https://cm.g.doubleclick.net/pixel?google_nid=oath_eb&google_hm=VVBjZTRhNTgyMi05OWJkLTExZWMtOGJmMy0wNjRjZTc5M2QwNmE%3D&google_push=AYg5qPIp_aEiXuBHwNMbypCaK1MS3nSQAT6llEssgZ-tPKZ4jRsNRkVBV7tEfmNOdm...

170 B
188 B

19ms
18ms

Image
image/png

172.217.16.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=oath_eb&google_hm=VVBjZTRhNTgyMi05OWJkLTExZWMtOGJmMy0wNjRjZTc5M2QwNmE%3D&google_push=AYg5qPIp_aEiXuBHwNMbypCaK1MS3nSQAT6llEssgZ-tPKZ4jRsNRkVBV7tEfmNOdmwekKWYVCt589uAqoRgZJFo7Uenf226NOFlRg

Protocol

Server

172.217.16.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

zrh04s06-in-f130.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 02 Mar 2022 00:15:03 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=oath_eb&google_hm=VVBjZTRhNTgyMi05OWJkLTExZWMtOGJmMy0wNjRjZTc5M2QwNmE%3D&google_push=AYg5qPIp_aEiXuBHwNMbypCaK1MS3nSQAT6llEssgZ-tPKZ4jRsNRkVBV7tEfmNOdmwekKWYVCt589uAqoRgZJFo7Uenf226NOFlRg
date: Wed, 02 Mar 2022 00:15:03 GMT
server: ATS/9.1.0.33
age: 0
content-length: 0
strict-transport-security: max-age=31536000
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame B274 0
12 B 19ms
18ms Image
text/html 172.217.16.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13I6fW6nyYrna0M4bGupsgVge04XW3oxFMCbQUTae2nfqwKP8A-1HcQXqNvq-ANm0uc

Requested by

Host: 16ef2bfb7fd529af9b454a60baa82224.safeframe.googlesyndication.com
URL: https://16ef2bfb7fd529af9b454a60baa82224.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.16.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

zrh04s06-in-f130.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Wed, 02 Mar 2022 00:15:03 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H/1.1 200
OK 4727t6qteyti Show response
hal9000.redintelligence.net/zone/ Frame DE75 11 KB
4 KB 38ms
13ms Script
text/html 138.201.63.150
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal9000.redintelligence.net/zone/4727t6qteyti?subid=&gdpr=-1&gdpr_consent=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCBB3LBrceYqn0FZD-3wOqjKOoCLXN-YNX_Ni5q-UM8C4QASC52_MmYJWCgICwB8gBCakCeVt4gCqosj6oAwGqBNgBT9ADhcghjpSM6sg7vQzQvlWVBxRRbOdAhkt3TB9qaLD15tgKebthaxwY8sA5VlgxHRyRmQ2ZHsm1-V7hRbyW-1hDyUtci_DqoDPsIzCM2EU4erU6vPnzrajUurS-gBQukhgEH19y6LnFHLT49vZXK2FxlvB1CQUZRXxL-NQz-1RwrzNnJWmqUd-HFtXHX9x1Zb4wiw1HFPR013MRsKyvZ-rzwiXQcG2L_7nfQWwKN3_ImgVMO74ds5exkiEnQcUwAmpZyJserNUshxMVC8iNJV7zeBV08XkAwASqnfy-zwHgBAOQBgGgBk2AB-vn6F6oB47OG6gHk9gbqAfulrECqAf-nrECqAeko7ECqAfVyRuoB6a-G6gH89EbqAeW2BuoB6qbsQKoB9-fsQLYBwDSCAkIgOGAEBABGB3yCBthZHgtc3Vic3luLTQ4MjM5Njk5ODUwODIxMzaACgOYCwHICwGADAGwE9yZ6w3QEwDYEwPYFAHQFQH4FgGAFwE%26ae%3D1%26num%3D1%26cid%3DCAASEuRoCYXDousSUCqGVklKwhX-SA%26sig%3DAOD64_2D7GZUD_4g8glKRbCKuCjVIVpEbw%26client%3Dca-pub-4903453974745530%26dbm_c%3DAKAmf-C4khkvkN_T2E7kJRwR4uzivWJWbIibsPRXeQAShQn_foiykMGuulzX1pjEkb9-mAcSS7jVp9ce2sUbnPhRlEyhBX0XdOoIXL0JxlK8PLBb7rUWQy_pnXTsPadVEh8rE6CnXXDj2CQ4Pc3D-plBCyyw-aoowQ%26cry%3D1%26dbm_d%3DAKAmf-D77vRJVbPOsApgWGDnkVwC8s-otL9CF7vtVEgsw2EtrqEPZ4YCp8a7DKDRAVHuHLi_qvgT88nRs2Rlo6YhjO2cWbMEERQWKpCUiW63p2q3q72Nm8CwgGUyOXNBw92sTScLlgVgtTvoOFqzpFNHn9t7O9MPGD36XA32kbidRdnWpxeB_7NjAayOyyLw0mrrf51554DmDXOLyegFCuEchNLYj469cpIFPD1bA0XY6s3jf7EI9ZIH1KdA_pSBOw5gO06Rp3t8de7a2NZCHL2RCc-5NxPjW0d2_VQuuRolxLLWsfNEBCifvXfQSIQfJoQLTbxbAVlseOS8NXDStlge8VXnIVtO4J0McaYl29x5afFtUNK2O5FEt6QlFivnRb9GAdal73lCS9oYbdprI4BbPKrQZGoQwn5uz93mqy2gs6NFSD5--mf8WfTx8GUTTlJFY6m4IGaw-r0vxJxDz4hRz9hKGJnzfA%26adurl%3D
Requested by: Host: 41930831e50f6c0a667ec604b453a08b.safeframe.googlesyndication.com
URL: https://41930831e50f6c0a667ec604b453a08b.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.63.150 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.150.63.201.138.clients.your-server.de
Software: Apache /
Resource Hash: d8968c0861b532ad6e645450e6014be8e5370af89d55bb7dbb6ae77cf5901968

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://41930831e50f6c0a667ec604b453a08b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Date: Wed, 02 Mar 2022 00:15:03 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 3937
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8

GET
H2 200 bootstrap.js Show response
s1.adform.net/stoat/626/s1.adform.net/ Frame 4DE6 33 KB
16 KB 27ms
26ms Script
text/javascript 37.157.2.248
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL: https://s1.adform.net/stoat/626/s1.adform.net/bootstrap.js
Requested by: Host: track.adform.net
URL: https://track.adform.net/adfscript/?bn=45644900;rtbwp=Yh63BgAKoAoHg4VQAAmSHeX38k_QPJokNi4sYg;rtbdata=jMNqeDmYZHhqJs8LPqZN7CEIWyH6MK7Vsys4F_k4Srcj5mLkIOMPnw6lzVbaIVSCz2H8BUGO2GN7YivtyqnHvJ4njTShSpQRJpSNbM-lEoX8L4auf8hiaSI6TCT45abKviLQ1T7f49UsVVTyv_CHqewB0V_IzYJrb_MopXzN9CsJYDSWPYEHD0_xMSCO6M6-ZyMC0bR8vGetMk5V5N9JdMyEZsIH1IEMTEqaPYYoJ2CU-dbjVktkYdLfs_VvKGNZWIjyVP-UU81kkIBdFMC2B7rd3-UFq8FHzE84L7myRcmuoXq5I2RfAVmVu0cmYLQFDch6SEXxZziBppdUcd6ImuFBboVeNKvP0;nofp=1;click=https://adclick.g.doubleclick.net/aclk?sa=L&ai=CD7HgBrceYorAKtCKjuwPnaSmqAHovpiUXKCls8n9CMCNtwEQASAAYJWCgICwB4IBF2NhLXB1Yi01NDEzMzI5NTQ0MDQwOTQ3yAEJqQJ67Vjh_wqEPuACAKgDAaoEywJP0JFf0ZBtymH4Io-Dh7c3q1Ka0sOseg7Bj8H9Ozm-mA8Q0FOq5Z7TUBLgu34mFXZOwNe9EiUX9Daudn5vu39wsboBYnAQiEYPtG8Fx_6STcAKGRHrgSqO7NmPOe-xEBHxJShYzFccI0oZcDH2ty_95z08UpxIEcdDGG_p9DXxlxBp8OkQxLHrsSUydJmgkIR6TN37zq7sfBpYfg2pJtXeQMFaU0fuPmC1UIsoNHxJP_SQ0oo6TxL-PizYrKLKDrMV0KuvaXNaHdSR7yGyCCKXvk7OSD7Fj8XzfTZEUWJpG9uXAhz1GPVVlg2avDpdLawVFM1g43QOhB58TGApzSeS64juxTHcZ67y3J9jrMeX7sVXidH05hrHazeT_l1iRw8-74OVQzQJizhpbpNyFx8Xlf5hnm8rQtXKvhp-JTXyeIRDchn1Q2CqgpyP4AQBgAbjyrPj9Nfi048BoAYhqAemvhuoB5bYG6gHqpuxAqgH35-xAtgHANIIBwiA4YAQEAH6CwIIAYAMAdAVAYAXAQ&num=1&sig=AOD64_3IRhjcXk4iKXF8VJEUk4zkHLTT9A&client=ca-pub-5413329544040947&adurl=
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.157.2.248 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software: nginx /
Resource Hash: 3d0bf782b47dcd079eedf6bb34ecb0742c114a4e4b90e37a58a412482101b475

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://5d1e409b7e761b3a6327b2b6b243a2fb.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Wed, 02 Mar 2022 00:15:02 GMT
content-encoding: gzip
last-modified: Thu, 10 Feb 2022 15:16:56 GMT
server: nginx
x-cache-status: HIT
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=100000
expires: Thu, 03 Mar 2022 03:50:18 GMT

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame 0D69 22 KB
8 KB 8ms
7ms Document
text/html 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://41930831e50f6c0a667ec604b453a08b.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
timing-allow-origin: *
content-length: 8395
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 26 Feb 2022 12:21:42 GMT
expires: Sun, 26 Feb 2023 12:21:42 GMT
cache-control: public, max-age=31536000
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
content-type: text/html
age: 302001
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 4B19 0
0 59ms
58ms Image
text/html 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gpt_2022022401&jk=4382323256364540&rc=null
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

GET
H3 200 mF8jAiIKdU2I24lDkXEdvB6f9nJ-5cys-Upa-8ZRieM.js Show response
pagead2.googlesyndication.com/bg/ Frame 0273 35 KB
13 KB 8ms
8ms Script
text/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/mF8jAiIKdU2I24lDkXEdvB6f9nJ-5cys-Upa-8ZRieM.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

985f2302220a754d88db894391711dbc1e9ff6727ee5ccacf94a5afbc65189e3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Fri, 25 Feb 2022 08:07:31 GMT
content-encoding: br
x-content-type-options: nosniff
age: 403652
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13514
x-xss-protection: 0
last-modified: Thu, 24 Feb 2022 13:28:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sat, 25 Feb 2023 08:07:31 GMT

POST
H3 200 rs Show response
ad4m.at/ Frame 2324 2 KB
2 KB 36ms
35ms XHR
text/plain 2606:4700:20::681a:ad1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ad4m.at/rs
Requested by: Host: ad4m.at
URL: https://ad4m.at/r62eglto.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::681a:ad1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2f170b0ebf7ff2c38ba2233093787b063a67ac1f50510ac70e8cde5772ce3ad4

Request headers

Referer: https://16ef2bfb7fd529af9b454a60baa82224.safeframe.googlesyndication.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type: application/json

Response headers

cf-ray: 6e55ef8c6d4f9960-FRA
date: Wed, 02 Mar 2022 00:15:03 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3PZZqVmoE%2FOZeAwmHsscPQuA5TszlWIwnd04KxbG15RTNqasr3yGjn0k2RuDJ%2FcFUk2xw1VL0yqLNefShkqP1M7YUkgo5K3imzMoqj0%2F402LnX3vvPCQvlQJjeRd7e%2BDIq07clo%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/plain
access-control-allow-origin: https://16ef2bfb7fd529af9b454a60baa82224.safeframe.googlesyndication.com
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
access-control-allow-credentials: true
content-encoding: br
x-backend-server: aa-reachservice-group-europe-west1-8rj5

OPTIONS
H3 200 rs
ad4m.at/ Frame 0
0 39ms
30ms Preflight
text/plain 2606:4700:20::681a:ad1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ad4m.at/rs
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::681a:ad1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Origin: https://16ef2bfb7fd529af9b454a60baa82224.safeframe.googlesyndication.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

date: Wed, 02 Mar 2022 00:15:03 GMT
content-type: text/plain
content-length: 24
access-control-allow-origin: https://16ef2bfb7fd529af9b454a60baa82224.safeframe.googlesyndication.com
access-control-allow-credentials: true
access-control-max-age: 1800
access-control-allow-methods: GET,PATCH,POST,OPTIONS,DELETE
access-control-allow-headers: content-type
allow: HEAD,POST,GET,OPTIONS
x-backend-server: aa-reachservice-group-europe-west1-8rj5
via: 1.1 google
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1Ey9zxRkXBpKvh8rdrwbBG%2F%2F1ORxqEQ6%2BcNBid3NovF3aEJgYD1Ojx17VaT979I5eCTruEtYfQdsRbnP%2FxWs240zXUhhRRNrh25vxL0vgZAETPqloNay%2B07X9DioKCEOEjhSuJk%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 6e55ef8c3d019960-FRA

GET
H2 200 / Show response
track.adform.net/adfserve/ Frame 4DE6 7 KB
4 KB 22ms
19ms Script
text/javascript 37.157.6.247
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://track.adform.net/adfserve/?bn=45644900;rtbwp=Yh63BgAKoAoHg4VQAAmSHeX38k_QPJokNi4sYg;rtbdata=jMNqeDmYZHhqJs8LPqZN7CEIWyH6MK7Vsys4F_k4Srcj5mLkIOMPnw6lzVbaIVSCz2H8BUGO2GN7YivtyqnHvJ4njTShSpQRJpSNbM-lEoX8L4auf8hiaSI6TCT45abKviLQ1T7f49UsVVTyv_CHqewB0V_IzYJrb_MopXzN9CsJYDSWPYEHD0_xMSCO6M6-ZyMC0bR8vGetMk5V5N9JdMyEZsIH1IEMTEqaPYYoJ2CU-dbjVktkYdLfs_VvKGNZWIjyVP-UU81kkIBdFMC2B7rd3-UFq8FHzE84L7myRcmuoXq5I2RfAVmVu0cmYLQFDch6SEXxZziBppdUcd6ImuFBboVeNKvP0;nofp=1;click=https://adclick.g.doubleclick.net/aclk?sa=L&ai=CD7HgBrceYorAKtCKjuwPnaSmqAHovpiUXKCls8n9CMCNtwEQASAAYJWCgICwB4IBF2NhLXB1Yi01NDEzMzI5NTQ0MDQwOTQ3yAEJqQJ67Vjh_wqEPuACAKgDAaoEywJP0JFf0ZBtymH4Io-Dh7c3q1Ka0sOseg7Bj8H9Ozm-mA8Q0FOq5Z7TUBLgu34mFXZOwNe9EiUX9Daudn5vu39wsboBYnAQiEYPtG8Fx_6STcAKGRHrgSqO7NmPOe-xEBHxJShYzFccI0oZcDH2ty_95z08UpxIEcdDGG_p9DXxlxBp8OkQxLHrsSUydJmgkIR6TN37zq7sfBpYfg2pJtXeQMFaU0fuPmC1UIsoNHxJP_SQ0oo6TxL-PizYrKLKDrMV0KuvaXNaHdSR7yGyCCKXvk7OSD7Fj8XzfTZEUWJpG9uXAhz1GPVVlg2avDpdLawVFM1g43QOhB58TGApzSeS64juxTHcZ67y3J9jrMeX7sVXidH05hrHazeT_l1iRw8-74OVQzQJizhpbpNyFx8Xlf5hnm8rQtXKvhp-JTXyeIRDchn1Q2CqgpyP4AQBgAbjyrPj9Nfi048BoAYhqAemvhuoB5bYG6gHqpuxAqgH35-xAtgHANIIBwiA4YAQEAH6CwIIAYAMAdAVAYAXAQ&num=1&sig=AOD64_3IRhjcXk4iKXF8VJEUk4zkHLTT9A&client=ca-pub-5413329544040947&adurl=;js=1;adfxid=1x;5196;set=en-US|en-US|1600X1200|0|300|250|24|8|3|7|1|;fd=0|0&CREFURL=https%3A%2F%2Fnets4.com

Requested by

Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/bootstrap.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.6.247 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

a4ab1974a4a21c80abc72e658637ec84112b9515dd1f1b99e31444f45f40a9df

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://5d1e409b7e761b3a6327b2b6b243a2fb.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 02 Mar 2022 00:15:03 GMT
content-encoding: gzip
server: nginx
vary: Accept-Encoding
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
strict-transport-security: max-age=31536000; includeSubDomains
content-type: text/javascript; charset=utf-8
content-length: 3359
expires: -1

GET
H/1.1 200
OK request.php Show response
hal900022.redintelligence.net/ Frame DE75 3 KB
2 KB 135ms
96ms Script
application/x-javascript 144.76.104.53
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal900022.redintelligence.net/request.php?zone=4727t6qteyti&nw=20&renderingType=javascript&namespace=b5e8ff54fd&subid=&uid=10157cd62a79cb51&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=728x90&scrollPos=0x0&extData[]=&envData=&gdpr=-1&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCBB3LBrceYqn0FZD-3wOqjKOoCLXN-YNX_Ni5q-UM8C4QASC52_MmYJWCgICwB8gBCakCeVt4gCqosj6oAwGqBNgBT9ADhcghjpSM6sg7vQzQvlWVBxRRbOdAhkt3TB9qaLD15tgKebthaxwY8sA5VlgxHRyRmQ2ZHsm1-V7hRbyW-1hDyUtci_DqoDPsIzCM2EU4erU6vPnzrajUurS-gBQukhgEH19y6LnFHLT49vZXK2FxlvB1CQUZRXxL-NQz-1RwrzNnJWmqUd-HFtXHX9x1Zb4wiw1HFPR013MRsKyvZ-rzwiXQcG2L_7nfQWwKN3_ImgVMO74ds5exkiEnQcUwAmpZyJserNUshxMVC8iNJV7zeBV08XkAwASqnfy-zwHgBAOQBgGgBk2AB-vn6F6oB47OG6gHk9gbqAfulrECqAf-nrECqAeko7ECqAfVyRuoB6a-G6gH89EbqAeW2BuoB6qbsQKoB9-fsQLYBwDSCAkIgOGAEBABGB3yCBthZHgtc3Vic3luLTQ4MjM5Njk5ODUwODIxMzaACgOYCwHICwGADAGwE9yZ6w3QEwDYEwPYFAHQFQH4FgGAFwE%26ae%3D1%26num%3D1%26cid%3DCAASEuRoCYXDousSUCqGVklKwhX-SA%26sig%3DAOD64_2D7GZUD_4g8glKRbCKuCjVIVpEbw%26client%3Dca-pub-4903453974745530%26dbm_c%3DAKAmf-C4khkvkN_T2E7kJRwR4uzivWJWbIibsPRXeQAShQn_foiykMGuulzX1pjEkb9-mAcSS7jVp9ce2sUbnPhRlEyhBX0XdOoIXL0JxlK8PLBb7rUWQy_pnXTsPadVEh8rE6CnXXDj2CQ4Pc3D-plBCyyw-aoowQ%26cry%3D1%26dbm_d%3DAKAmf-D77vRJVbPOsApgWGDnkVwC8s-otL9CF7vtVEgsw2EtrqEPZ4YCp8a7DKDRAVHuHLi_qvgT88nRs2Rlo6YhjO2cWbMEERQWKpCUiW63p2q3q72Nm8CwgGUyOXNBw92sTScLlgVgtTvoOFqzpFNHn9t7O9MPGD36XA32kbidRdnWpxeB_7NjAayOyyLw0mrrf51554DmDXOLyegFCuEchNLYj469cpIFPD1bA0XY6s3jf7EI9ZIH1KdA_pSBOw5gO06Rp3t8de7a2NZCHL2RCc-5NxPjW0d2_VQuuRolxLLWsfNEBCifvXfQSIQfJoQLTbxbAVlseOS8NXDStlge8VXnIVtO4J0McaYl29x5afFtUNK2O5FEt6QlFivnRb9GAdal73lCS9oYbdprI4BbPKrQZGoQwn5uz93mqy2gs6NFSD5--mf8WfTx8GUTTlJFY6m4IGaw-r0vxJxDz4hRz9hKGJnzfA%26adurl%3D&documentReferer=https%3A%2F%2Fnets4.com%2F&ancestorOrigins=https%3A%2F%2Fnets4.com%2Chttps%3A%2F%2Fnets4.com&random=2482302778529&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0
Requested by: Host: hal9000.redintelligence.net
URL: https://hal9000.redintelligence.net/zone/4727t6qteyti?subid=&gdpr=-1&gdpr_consent=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCBB3LBrceYqn0FZD-3wOqjKOoCLXN-YNX_Ni5q-UM8C4QASC52_MmYJWCgICwB8gBCakCeVt4gCqosj6oAwGqBNgBT9ADhcghjpSM6sg7vQzQvlWVBxRRbOdAhkt3TB9qaLD15tgKebthaxwY8sA5VlgxHRyRmQ2ZHsm1-V7hRbyW-1hDyUtci_DqoDPsIzCM2EU4erU6vPnzrajUurS-gBQukhgEH19y6LnFHLT49vZXK2FxlvB1CQUZRXxL-NQz-1RwrzNnJWmqUd-HFtXHX9x1Zb4wiw1HFPR013MRsKyvZ-rzwiXQcG2L_7nfQWwKN3_ImgVMO74ds5exkiEnQcUwAmpZyJserNUshxMVC8iNJV7zeBV08XkAwASqnfy-zwHgBAOQBgGgBk2AB-vn6F6oB47OG6gHk9gbqAfulrECqAf-nrECqAeko7ECqAfVyRuoB6a-G6gH89EbqAeW2BuoB6qbsQKoB9-fsQLYBwDSCAkIgOGAEBABGB3yCBthZHgtc3Vic3luLTQ4MjM5Njk5ODUwODIxMzaACgOYCwHICwGADAGwE9yZ6w3QEwDYEwPYFAHQFQH4FgGAFwE%26ae%3D1%26num%3D1%26cid%3DCAASEuRoCYXDousSUCqGVklKwhX-SA%26sig%3DAOD64_2D7GZUD_4g8glKRbCKuCjVIVpEbw%26client%3Dca-pub-4903453974745530%26dbm_c%3DAKAmf-C4khkvkN_T2E7kJRwR4uzivWJWbIibsPRXeQAShQn_foiykMGuulzX1pjEkb9-mAcSS7jVp9ce2sUbnPhRlEyhBX0XdOoIXL0JxlK8PLBb7rUWQy_pnXTsPadVEh8rE6CnXXDj2CQ4Pc3D-plBCyyw-aoowQ%26cry%3D1%26dbm_d%3DAKAmf-D77vRJVbPOsApgWGDnkVwC8s-otL9CF7vtVEgsw2EtrqEPZ4YCp8a7DKDRAVHuHLi_qvgT88nRs2Rlo6YhjO2cWbMEERQWKpCUiW63p2q3q72Nm8CwgGUyOXNBw92sTScLlgVgtTvoOFqzpFNHn9t7O9MPGD36XA32kbidRdnWpxeB_7NjAayOyyLw0mrrf51554DmDXOLyegFCuEchNLYj469cpIFPD1bA0XY6s3jf7EI9ZIH1KdA_pSBOw5gO06Rp3t8de7a2NZCHL2RCc-5NxPjW0d2_VQuuRolxLLWsfNEBCifvXfQSIQfJoQLTbxbAVlseOS8NXDStlge8VXnIVtO4J0McaYl29x5afFtUNK2O5FEt6QlFivnRb9GAdal73lCS9oYbdprI4BbPKrQZGoQwn5uz93mqy2gs6NFSD5--mf8WfTx8GUTTlJFY6m4IGaw-r0vxJxDz4hRz9hKGJnzfA%26adurl%3D
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 144.76.104.53 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.53.104.76.144.clients.your-server.de
Software: Apache /
Resource Hash: 25e574f9fa25bdd1e8f7f326963ed69b45538a9fa958a2aad71657af63885288

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://41930831e50f6c0a667ec604b453a08b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 02 Mar 2022 00:15:03 GMT
Content-Encoding: gzip
Server: Apache
Vary: Accept-Encoding
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
X-NEORY-SubId: 31069800007113400710612011886022
Connection: close
Content-Type: application/x-javascript; charset=utf-8
Content-Length: 1132
Expires: Wed, 02 Mar 2022 00:15:03 +0100

GET
H3 200 mF8jAiIKdU2I24lDkXEdvB6f9nJ-5cys-Upa-8ZRieM.js Show response
pagead2.googlesyndication.com/bg/ Frame 0D69 35 KB
13 KB 8ms
8ms Script
text/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/mF8jAiIKdU2I24lDkXEdvB6f9nJ-5cys-Upa-8ZRieM.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

985f2302220a754d88db894391711dbc1e9ff6727ee5ccacf94a5afbc65189e3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Fri, 25 Feb 2022 08:07:31 GMT
content-encoding: br
x-content-type-options: nosniff
age: 403652
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13514
x-xss-protection: 0
last-modified: Thu, 24 Feb 2022 13:28:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sat, 25 Feb 2023 08:07:31 GMT

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 07DE 1 KB
749 B 7ms
7ms Document
text/html 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: 5d1e409b7e761b3a6327b2b6b243a2fb.safeframe.googlesyndication.com
URL: https://5d1e409b7e761b3a6327b2b6b243a2fb.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://5d1e409b7e761b3a6327b2b6b243a2fb.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 724
x-xss-protection: 0
date: Tue, 01 Mar 2022 13:26:12 GMT
expires: Wed, 02 Mar 2022 13:26:12 GMT
cache-control: public, max-age=86400
age: 38931
etag: 48472445140208031
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
DATA 200
OK truncated
/ Frame 4DE6 214 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: ff8eb962f2051da7da41e3d867cbf2dca3af04b319812b459f2707f89144bd7a

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 rar Show response
as.ad4m.at/ad/ Frame 3602 3 KB
3 KB 34ms
26ms Document
text/html 2606:4700:20::681a:ad1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://as.ad4m.at/ad/rar?a=164568&b=VxqtwfMRKqfrAVpHVHetrHRtpbYFkTzTpMsQ&f=m39hefx6V2FDBkRcmH8tjHQC2j8SDTwTbpFA&c=468&d=60&e=n8B_4eoSzolwyRQrtLGsMV4EVfYeRD8i&g=7c80c34d9bc83cc15cf19ebcda88e7c3%2F16181067057231556120&i=27903&j=22&k=0&l=0&m=0&n=&p=&q=&o=adfPros&r=1646180103123&h=https%3A%2F%2Fadclick.g.doubleclick.net%2Faclk%3Fsa%3DL%26ai%3DCSsZ3BbceYpnfJoz23wO87K6IC_PYq5NcybzUs6IHwI23ARABIABglYKAgLAHggEXY2EtcHViLTU0MTMzMjk1NDQwNDA5NDfIAQmpArEOR4vCqbI-4AIAqAMBqgTKAk_QLqh_HUZ1j_DwLFBKOY_uOWKwPUUK_sExgJPkBoEUgHCRETw1xVo_u9uCB66euzB3g5mHxzFm2YyIs6o3HjtBlQGRuJnLTIYZSaVeBveBzvX6W7tPI4O_1I_OldSwqKTC-uthC9STxz1n77PmO0IQ3rwi0E-H_VXP6nSy1tZ5BnegOdu-fV438HukSJVkHsovUaTfnziQAR-tCtcZs8MROuFludgZ9CNoSu55sNaTTNRbjUpsHCJZ1r6yz8-FpY5ixNmlr04SMM1GOfsEctAspkNtjWz-h7mqE0AdQljl8jBay_y4UJbwy6Oc7pf2XFP1iSDz9yeiUTdshZpXHGqpPHBmGnZV9PrtqK_IyyUQXfqsdLBOr2kVqC5XCF-Gc0kvlui6utj9gEJosa_WhmRekG84BfWaEqPPQgVbFZcHKjBaW22P0P3E9eAEAYAG-NuLrdKw4bOZAaAGIagHpr4bqAeW2BuoB6qbsQKoB9-fsQLYBwDSCAcIgOGAEBAB-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_0pIlc87fXsGxqOuxoufCwnp3NNLQ%26client%3Dca-pub-5413329544040947%26adurl%3Dhttps%3A%2F%2Ftrack.adform.net%2FC%2F%3Fbn%3D38516441%3Bcrtbwp%3DYh63BQAJr5kKd_sMAAu2PPS5UDvVctmOrqzshA%3Bcrtbdata%3DjMNqeDmYZHhNpueflJD4Fqi1RJ7kEJGV8Dab6dzqVdnyEOHvwTTfCw6lzVbaIVSCz2H8BUGO2GN7YivtyqnHvJ4njTShSpQRJpSNbM-lEoX8L4auf8hiaSI6TCT45abKviLQ1T7f49UsVVTyv_CHqQFv_3CBxlGP6bZH-F4ocYPTU60VogpPVcnSB96SqMD18VBsQGyzA2TJVWRWroDVuC0tIH0ewKtslbLBcIpUZ7FULoOKEbZeX4V0LcYr737tK8G-vBFKtmOivyDzGMbpcGiVjUO9Hc_IeiDNb4WVFnSnaL3DEImJQQ_4t0VNroP79JWraxIEfh3XR7n2NFFky-l_OwOneNqMkydbcz0HpcA1%3Badfibeg%3D0%3Bcdata%3DSUPQiXb9jVWCnyoDaqEmOqN36vXFMkj9gk7w-HBrbA2C61UiWIhEiJu--XfSPHkswmc-8Rq07SfB81ifIhuSCY3scUm5kCP3a7iCPj1oc7qgXUBK3i7RPhl-DCJBfit9VJwbV8YU6RbHoFEk39kKgMN4iOtIBxgX0%3B%3BCREFURL%3Dhttps%253a%252f%252fnets4.com%3BC%3D1%3Bcpdir%3D&y=1&z=0

Requested by

Host: ad4m.at
URL: https://ad4m.at/r62eglto.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:ad1 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ed6afae24707300b5e7a62a5607656b00e8c05ea0dbea02fd583f167e009a58c

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content; report-to report-endpoint;report-uri /ad/rcv; upgrade-insecure-requests;sandbox allow-scripts allow-same-origin allow-popups allow-popups-to-escape-sandbox;base-uri ;child-src ;connect-src ;default-src 'self';font-src ;form-action 'none';frame-ancestors * data:;frame-src ;img-src data:;manifest-src 'none';media-src 'none';navigate-to ;object-src 'none';prefetch-src 'none';script-src 'unsafe-inline' 'unsafe-eval';style-src * 'unsafe-inline';worker-src 'none'
Strict-Transport-Security	max-age=86400; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://16ef2bfb7fd529af9b454a60baa82224.safeframe.googlesyndication.com/

Response headers

date: Wed, 02 Mar 2022 00:15:03 GMT
content-type: text/html; charset=utf-8
strict-transport-security: max-age=86400; includeSubDomains; preload
cache-control: no-store, no-cache, must-revalidate, proxy-revalidate
x-download-options: noopen
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"/ad/vre"}],"group":"report-endpoint","max_age":86400}
x-xss-protection: 1; mode=block
cross-origin-embedder-policy: unsafe-none
content-security-policy: block-all-mixed-content; report-to report-endpoint;report-uri /ad/rcv; upgrade-insecure-requests;sandbox allow-scripts allow-same-origin allow-popups allow-popups-to-escape-sandbox;base-uri *;child-src *;connect-src *;default-src 'self';font-src *;form-action 'none';frame-ancestors * data:;frame-src *;img-src * data:;manifest-src 'none';media-src 'none';navigate-to *;object-src 'none';prefetch-src 'none';script-src * 'unsafe-inline' 'unsafe-eval';style-src * 'unsafe-inline';worker-src 'none'
referrer-policy: same-origin
feature-policy: geolocation 'none';midi 'none';sync-xhr 'none';microphone 'none';camera 'none';magnetometer 'none';gyroscope 'none';fullscreen 'none';payment 'none';accelerometer 'none';usb 'none';autoplay 'self'
nel: {"failure_fraction":"1.0","max_age":86400,"report_to":"report-endpoint","success_fraction":"0.0","include_subdomains":true}
expires: 0
surrogate-control: no-store
pragma: no-cache
cross-origin-opener-policy: unsafe-none
via: 1.1 google
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server: cloudflare
cf-ray: 6e55ef8cdf06914d-FRA
content-encoding: br

GET
H2 200 Standard Show response
s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.219/e/igSBggDQ/i/vCAv.IAAAAAoAA/r:AdConstructor:contents/ImageTag:types/ Frame 4DE6 85 KB
36 KB 26ms
26ms Script
text/javascript 37.157.2.248
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL: https://s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.219/e/igSBggDQ/i/vCAv.IAAAAAoAA/r:AdConstructor:contents/ImageTag:types/Standard
Requested by: Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/bootstrap.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.157.2.248 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software: nginx /
Resource Hash: 40ab2b56907ff44c4370185a254dbd2ea8fc2ac40e6ab6050b93b986a2b43867

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://5d1e409b7e761b3a6327b2b6b243a2fb.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Wed, 02 Mar 2022 00:15:03 GMT
content-encoding: gzip
last-modified: Thu, 10 Feb 2022 15:16:56 GMT
server: nginx
x-cache-status: HIT
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=100000
expires: Thu, 03 Mar 2022 03:50:31 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 07DE
Redirect Chain

https://sync.mathtag.com/sync/img?mt_exid=4&google_gid=CAESEINvAJq3L1aetPy69fRTWOE&google_cver=1&google_push=AYg5qPL03YsvZ1D5kGtBLuZZR-Cf1wjDxosNNPvNLepFIpWYayjfwt6ZmgHjzdCFomp7mJQecl008JN3Fx_czD9N...
https://cm.g.doubleclick.net/pixel?google_nid=mediamath&google_hm=&google_push=AYg5qPL03YsvZ1D5kGtBLuZZR-Cf1wjDxosNNPvNLepFIpWYayjfwt6ZmgHjzdCFomp7mJQecl008JN3Fx_czD9NnMlcOikyagE

170 B
188 B

18ms
17ms

Image
image/png

172.217.16.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=mediamath&google_hm=&google_push=AYg5qPL03YsvZ1D5kGtBLuZZR-Cf1wjDxosNNPvNLepFIpWYayjfwt6ZmgHjzdCFomp7mJQecl008JN3Fx_czD9NnMlcOikyagE

Requested by

Host: 5d1e409b7e761b3a6327b2b6b243a2fb.safeframe.googlesyndication.com
URL: https://5d1e409b7e761b3a6327b2b6b243a2fb.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Server

172.217.16.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

zrh04s06-in-f130.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 02 Mar 2022 00:15:03 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date: Wed, 02 Mar 2022 00:15:03 GMT
Server: MT3 4172 645ee8c master cdg-pixel-x29 config:1.0.0
Access-Control-Allow-Origin: *
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location: https://cm.g.doubleclick.net/pixel?google_nid=mediamath&google_hm=&google_push=AYg5qPL03YsvZ1D5kGtBLuZZR-Cf1wjDxosNNPvNLepFIpWYayjfwt6ZmgHjzdCFomp7mJQecl008JN3Fx_czD9NnMlcOikyagE
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Keep-Alive: timeout=360
Content-Length: 0
Expires: Wed, 02 Mar 2022 00:15:02 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 07DE
Redirect Chain

https://sync-tm.everesttech.net/upi/pid/5w3jqr4k?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dg8f47s39e399f3fe%26google_hm%3D%24%7BTM_USER_ID_BASE64ENC_URLENC%7D&google_gid=CAESE...
https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_hm=&google_cver=1&google_gid=CAESEJCgftM8ZglYDbp0S_3rkuk&google_push=AYg5qPLEPwKVfIQcB0mT4Ck5GtcqqIpM5C4DbAV9md6fRevrO6idJMqj_4...

170 B
188 B

20ms
19ms

Image
image/png

172.217.16.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_hm=&google_cver=1&google_gid=CAESEJCgftM8ZglYDbp0S_3rkuk&google_push=AYg5qPLEPwKVfIQcB0mT4Ck5GtcqqIpM5C4DbAV9md6fRevrO6idJMqj_4QejCAVoiYYKqjtr8nZ6Fi_tIxiRlWMNez6pC-iWg

Requested by

Host: 5d1e409b7e761b3a6327b2b6b243a2fb.safeframe.googlesyndication.com
URL: https://5d1e409b7e761b3a6327b2b6b243a2fb.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Server

172.217.16.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

zrh04s06-in-f130.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 02 Mar 2022 00:15:03 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Wed, 02 Mar 2022 00:15:03 GMT
via: 1.1 varnish
server: Jetty(9.4.35.v20201120)
x-timer: S1646180103.258240,VS0,VE89
x-served-by: cache-hhn4080-HHN
x-cache: MISS
p3p: CP="NOI DSP COR LAW PSAo PSDo IVAo IVDo OUR BUS UNI DEM"
location: https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_hm=&google_cver=1&google_gid=CAESEJCgftM8ZglYDbp0S_3rkuk&google_push=AYg5qPLEPwKVfIQcB0mT4Ck5GtcqqIpM5C4DbAV9md6fRevrO6idJMqj_4QejCAVoiYYKqjtr8nZ6Fi_tIxiRlWMNez6pC-iWg
cache-control: no-cache
accept-ranges: bytes
access-control-allow-origin: *
content-length: 0
x-cache-hits: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 07DE
Redirect Chain

https://um.simpli.fi/gp_match?google_gid=CAESENVe3AyxzuwwPiZcwr5YJI0&google_cver=1&google_push=AYg5qPKQIKZeJ47-uhcPflniVr2x-3ncW2fyycCenVceztYPRXZUEY7mcNTF0ggUOaM8DlP8BJlgSYjefDqDc7cnRw5btzwU4Q
https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=D136C792BEC145DE8F2DB6DCDE8CA529&google_push=AYg5qPKQIKZeJ47-uhcPflniVr2x-3ncW2fyycCenVceztYPRXZUEY7mcNTF0ggUOaM8DlP8BJlgSYjefDqDc7c...

170 B
188 B

18ms
18ms

Image
image/png

172.217.16.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=D136C792BEC145DE8F2DB6DCDE8CA529&google_push=AYg5qPKQIKZeJ47-uhcPflniVr2x-3ncW2fyycCenVceztYPRXZUEY7mcNTF0ggUOaM8DlP8BJlgSYjefDqDc7cnRw5btzwU4Q

Requested by

Host: 5d1e409b7e761b3a6327b2b6b243a2fb.safeframe.googlesyndication.com
URL: https://5d1e409b7e761b3a6327b2b6b243a2fb.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Server

172.217.16.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

zrh04s06-in-f130.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 02 Mar 2022 00:15:03 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Wed, 02 Mar 2022 00:15:03 GMT
x-content-type-options: nosniff
server: nginx
location: https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=D136C792BEC145DE8F2DB6DCDE8CA529&google_push=AYg5qPKQIKZeJ47-uhcPflniVr2x-3ncW2fyycCenVceztYPRXZUEY7mcNTF0ggUOaM8DlP8BJlgSYjefDqDc7cnRw5btzwU4Q
strict-transport-security: max-age=63072000; includeSubdomains; preload
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/html
access-control-allow-origin: *
cache-control: no-cache
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length: 138
expires: Tue, 01 Mar 2022 00:15:03 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 07DE
Redirect Chain

https://c1.adform.net/serving/cookie/match/?party=1&google_gid=CAESED6h37YZHwtP6Svip--XP6o&google_cver=1&google_push=AYg5qPJaWqb0I8ccGCpWHw5dqLu5LT_g3-_lbgIl5Sip6U-bEzijGGaWHubFcYYWn8nQkd5-03BaC3uT...
https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=NjY3MTgyNjA0NzM1MTU1NzUx&google_push=AYg5qPJaWqb0I8ccGCpWHw5dqLu5LT_g3-_lbgIl5Sip6U-bEzijGGaWHubFcYYWn8nQkd5-03BaC3uT...

170 B
188 B

18ms
17ms

Image
image/png

172.217.16.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=NjY3MTgyNjA0NzM1MTU1NzUx&google_push=AYg5qPJaWqb0I8ccGCpWHw5dqLu5LT_g3-_lbgIl5Sip6U-bEzijGGaWHubFcYYWn8nQkd5-03BaC3uTbnGt52WHn7KQj8in1l8

Requested by

Host: 5d1e409b7e761b3a6327b2b6b243a2fb.safeframe.googlesyndication.com
URL: https://5d1e409b7e761b3a6327b2b6b243a2fb.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Server

172.217.16.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

zrh04s06-in-f130.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 02 Mar 2022 00:15:03 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Wed, 02 Mar 2022 00:15:03 GMT
server: nginx
location: https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=NjY3MTgyNjA0NzM1MTU1NzUx&google_push=AYg5qPJaWqb0I8ccGCpWHw5dqLu5LT_g3-_lbgIl5Sip6U-bEzijGGaWHubFcYYWn8nQkd5-03BaC3uTbnGt52WHn7KQj8in1l8
access-control-max-age: 86400
access-control-allow-methods: GET
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
content-length: 0
expires: -1

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 07DE
Redirect Chain

https://eb2.3lift.com/ebda?sync=1&google_gid=CAESEHmCzhItMaDMGi2xPiRWNOI&google_cver=1&google_push=AYg5qPKrbr2LT9rAnLbS1gaBPex7bP00qI9vC5sqyFchm6vHgM6ZlnXDcEJ17niHn-xXj1RgU77xbJKF65RMgfiWVzBpi-Om9RU
https://eb2.3lift.com/sync/google/supply?ld=1&gdpr=1&cmp_cs=&us_privacy=&sync=1&google_push=AYg5qPKrbr2LT9rAnLbS1gaBPex7bP00qI9vC5sqyFchm6vHgM6ZlnXDcEJ17niHn-xXj1RgU77xbJKF65RMgfiWVzBpi-Om9RU&googl...
https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_hm=NDkwNTkyMDk3MjY4ODgxNzQzODg4&google_push=AYg5qPKrbr2LT9rAnLbS1gaBPex7bP00qI9vC5sqyFchm6vHgM6ZlnXDcEJ17niH...

170 B
188 B

18ms
17ms

Image
image/png

172.217.16.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_hm=NDkwNTkyMDk3MjY4ODgxNzQzODg4&google_push=AYg5qPKrbr2LT9rAnLbS1gaBPex7bP00qI9vC5sqyFchm6vHgM6ZlnXDcEJ17niHn-xXj1RgU77xbJKF65RMgfiWVzBpi-Om9RU

Requested by

Host: 5d1e409b7e761b3a6327b2b6b243a2fb.safeframe.googlesyndication.com
URL: https://5d1e409b7e761b3a6327b2b6b243a2fb.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Server

172.217.16.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

zrh04s06-in-f130.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 02 Mar 2022 00:15:03 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_hm=NDkwNTkyMDk3MjY4ODgxNzQzODg4&google_push=AYg5qPKrbr2LT9rAnLbS1gaBPex7bP00qI9vC5sqyFchm6vHgM6ZlnXDcEJ17niHn-xXj1RgU77xbJKF65RMgfiWVzBpi-Om9RU
date: Wed, 02 Mar 2022 00:15:03 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 0
p3p: policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

GET
H/1.1 200
OK sync
ssbsync.smartadserver.com/api/ Frame 07DE 0
75 B 84ms
16ms Image
text/plain 185.86.137.107
SMARTADSERVER

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ssbsync.smartadserver.com/api/sync?callerId=3&google_gid=CAESEGhmQ8iRiVRBRV1Z28p9LVc&google_cver=1&google_push=AYg5qPJ-XPQbrrHGm2009BB-jocvqsVm1Ii62uT7THcqVzHtEZs07YgqUeSAcSBZdXGlzSXI8PbmWZP5zTVK4mi9FsovQpqYvw
Requested by: Host: 5d1e409b7e761b3a6327b2b6b243a2fb.safeframe.googlesyndication.com
URL: https://5d1e409b7e761b3a6327b2b6b243a2fb.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 185.86.137.107 , France, ASN201081 (SMARTADSERVER, FR),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Wed, 02 Mar 2022 00:15:02 GMT
content-length: 0

GET
H2 200 dot.gif
s0.2mdn.net/ Frame 07DE 43 B
577 B 48ms
13ms Image
image/gif 2a00:1450:4001:810::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/dot.gif?google_gid=CAESECh5CWkOT5ZSjSDEFvsZRf4&google_cver=1&google_push=AYg5qPIR1mKSk-iN0heOMduSHyyyNp_exxlYUshJOpHSfZhhdt_aTmAU3TP1i_uT2y6r59sFCp8K54NmcGIcQgMBWGxl5JTPUp0

Requested by

Host: 5d1e409b7e761b3a6327b2b6b243a2fb.safeframe.googlesyndication.com
URL: https://5d1e409b7e761b3a6327b2b6b243a2fb.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Wed, 02 Mar 2022 00:15:03 GMT
x-content-type-options: nosniff
last-modified: Sun, 01 Feb 2009 08:00:00 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/gif
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 43
x-xss-protection: 0
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 03 Mar 2022 00:15:03 GMT

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame 07DE 0
12 B 22ms
15ms Image
text/html 172.217.16.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13Ly97LoU4INCofalPl6W9kDTov-kFWqV-vyYLv_SZIKu44dvrQGIcfD1Xih1LBnEFLBB-W7cw

Requested by

Host: 5d1e409b7e761b3a6327b2b6b243a2fb.safeframe.googlesyndication.com
URL: https://5d1e409b7e761b3a6327b2b6b243a2fb.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.16.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

zrh04s06-in-f130.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Wed, 02 Mar 2022 00:15:03 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H2

200

view.aspx Show response
pb.media01.eu/ Frame C3CA
Redirect Chain

https://pv.medialead.de/trck/epv/e99aace94e6e5873830a7df8deda4aa6?subid=31069800007113400710612011886022&t=htlp
https://pb.media01.eu/view.aspx?trackid=529D4F146E3238B0FD87AE72E1190AD4&dt_subid1=52180&dt_subid2=31069800007113400710612011886022&actionid=981741&produktid=&dt_url=

0
181 B

32ms
32ms

Document
text/html

88.198.250.30
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://pb.media01.eu/view.aspx?trackid=529D4F146E3238B0FD87AE72E1190AD4&dt_subid1=52180&dt_subid2=31069800007113400710612011886022&actionid=981741&produktid=&dt_url=

Requested by

Host: hal900022.redintelligence.net
URL: https://hal900022.redintelligence.net/request.php?zone=4727t6qteyti&nw=20&renderingType=javascript&namespace=b5e8ff54fd&subid=&uid=10157cd62a79cb51&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=728x90&scrollPos=0x0&extData[]=&envData=&gdpr=-1&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCBB3LBrceYqn0FZD-3wOqjKOoCLXN-YNX_Ni5q-UM8C4QASC52_MmYJWCgICwB8gBCakCeVt4gCqosj6oAwGqBNgBT9ADhcghjpSM6sg7vQzQvlWVBxRRbOdAhkt3TB9qaLD15tgKebthaxwY8sA5VlgxHRyRmQ2ZHsm1-V7hRbyW-1hDyUtci_DqoDPsIzCM2EU4erU6vPnzrajUurS-gBQukhgEH19y6LnFHLT49vZXK2FxlvB1CQUZRXxL-NQz-1RwrzNnJWmqUd-HFtXHX9x1Zb4wiw1HFPR013MRsKyvZ-rzwiXQcG2L_7nfQWwKN3_ImgVMO74ds5exkiEnQcUwAmpZyJserNUshxMVC8iNJV7zeBV08XkAwASqnfy-zwHgBAOQBgGgBk2AB-vn6F6oB47OG6gHk9gbqAfulrECqAf-nrECqAeko7ECqAfVyRuoB6a-G6gH89EbqAeW2BuoB6qbsQKoB9-fsQLYBwDSCAkIgOGAEBABGB3yCBthZHgtc3Vic3luLTQ4MjM5Njk5ODUwODIxMzaACgOYCwHICwGADAGwE9yZ6w3QEwDYEwPYFAHQFQH4FgGAFwE%26ae%3D1%26num%3D1%26cid%3DCAASEuRoCYXDousSUCqGVklKwhX-SA%26sig%3DAOD64_2D7GZUD_4g8glKRbCKuCjVIVpEbw%26client%3Dca-pub-4903453974745530%26dbm_c%3DAKAmf-C4khkvkN_T2E7kJRwR4uzivWJWbIibsPRXeQAShQn_foiykMGuulzX1pjEkb9-mAcSS7jVp9ce2sUbnPhRlEyhBX0XdOoIXL0JxlK8PLBb7rUWQy_pnXTsPadVEh8rE6CnXXDj2CQ4Pc3D-plBCyyw-aoowQ%26cry%3D1%26dbm_d%3DAKAmf-D77vRJVbPOsApgWGDnkVwC8s-otL9CF7vtVEgsw2EtrqEPZ4YCp8a7DKDRAVHuHLi_qvgT88nRs2Rlo6YhjO2cWbMEERQWKpCUiW63p2q3q72Nm8CwgGUyOXNBw92sTScLlgVgtTvoOFqzpFNHn9t7O9MPGD36XA32kbidRdnWpxeB_7NjAayOyyLw0mrrf51554DmDXOLyegFCuEchNLYj469cpIFPD1bA0XY6s3jf7EI9ZIH1KdA_pSBOw5gO06Rp3t8de7a2NZCHL2RCc-5NxPjW0d2_VQuuRolxLLWsfNEBCifvXfQSIQfJoQLTbxbAVlseOS8NXDStlge8VXnIVtO4J0McaYl29x5afFtUNK2O5FEt6QlFivnRb9GAdal73lCS9oYbdprI4BbPKrQZGoQwn5uz93mqy2gs6NFSD5--mf8WfTx8GUTTlJFY6m4IGaw-r0vxJxDz4hRz9hKGJnzfA%26adurl%3D&documentReferer=https%3A%2F%2Fnets4.com%2F&ancestorOrigins=https%3A%2F%2Fnets4.com%2Chttps%3A%2F%2Fnets4.com&random=2482302778529&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

88.198.250.30 Baienfurt, Germany, ASN24940 (HETZNER-AS, DE),

Reverse DNS

static.88-198-250-30.clients.your-server.de

Software

Microsoft-IIS/10.0 / ASP.NET

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://41930831e50f6c0a667ec604b453a08b.safeframe.googlesyndication.com/

Response headers

cache-control: no-cache, must-revalidate
pragma: no-cache
content-type: text/html; charset=UTF-8
expires: Mon, 26 Jul 1997 05:00:00 GMT
last-modified: Wed, 02 Mar 2022 01:15:02 GMT
server: Microsoft-IIS/10.0
p3p: policyref="https://pb.media01.eu/pb.media01.eu/p3p.xml", CP="NOI NID PSA OUR BUS NAV STA"
access-control-allow-origin: *
access-control-allow-credentials: true
x-xss-protection: 1; mode=block
access-control-allow-methods: GET,POST
access-control-allow-headers: Content-Type, Content-Range, Content-Disposition, Content-Description, X-XSRF-TOKEN, X-Location
x-aspnet-version: 4.0.30319
x-powered-by: ASP.NET
date: Wed, 02 Mar 2022 00:15:02 GMT
content-length: 0

Redirect headers

Server: nginx/1.17.5
Date: Wed, 02 Mar 2022 00:15:03 GMT
Content-Type: application/javascript
Content-Length: 0
Keep-Alive: timeout=20
Location: https://pb.media01.eu/view.aspx?trackid=529D4F146E3238B0FD87AE72E1190AD4&dt_subid1=52180&dt_subid2=31069800007113400710612011886022&actionid=981741&produktid=&dt_url=
Host: pv.medialead.de
Proxy-Host: pv.medialead.de
X-IPLB-Request-ID: 8AC72684:EB2A_91EFC182:01BB_621EB707_5A31418:F725
Strict-Transport-Security: max-age=15768000
X-IPLB-Instance: 40027

GET
H2

200

htlp Show response
futalis.de/ Frame 0441
Redirect Chain

https://cdn.retailads.net/tb.php?t=150337V2172132532M&subid=31069800007113400710612011886022&ra_cnt_active=1&ra_cnt=1
https://futalis.de/htlp?utm_medium=affiliate&utm_source=retailads&utm_campaign=150337&ra_id=1244095258

350 B
409 B

39ms
12ms

Document
text/html

49.12.16.151
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://futalis.de/htlp?utm_medium=affiliate&utm_source=retailads&utm_campaign=150337&ra_id=1244095258
Requested by: Host: hal900022.redintelligence.net
URL: https://hal900022.redintelligence.net/request.php?zone=4727t6qteyti&nw=20&renderingType=javascript&namespace=b5e8ff54fd&subid=&uid=10157cd62a79cb51&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=728x90&scrollPos=0x0&extData[]=&envData=&gdpr=-1&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCBB3LBrceYqn0FZD-3wOqjKOoCLXN-YNX_Ni5q-UM8C4QASC52_MmYJWCgICwB8gBCakCeVt4gCqosj6oAwGqBNgBT9ADhcghjpSM6sg7vQzQvlWVBxRRbOdAhkt3TB9qaLD15tgKebthaxwY8sA5VlgxHRyRmQ2ZHsm1-V7hRbyW-1hDyUtci_DqoDPsIzCM2EU4erU6vPnzrajUurS-gBQukhgEH19y6LnFHLT49vZXK2FxlvB1CQUZRXxL-NQz-1RwrzNnJWmqUd-HFtXHX9x1Zb4wiw1HFPR013MRsKyvZ-rzwiXQcG2L_7nfQWwKN3_ImgVMO74ds5exkiEnQcUwAmpZyJserNUshxMVC8iNJV7zeBV08XkAwASqnfy-zwHgBAOQBgGgBk2AB-vn6F6oB47OG6gHk9gbqAfulrECqAf-nrECqAeko7ECqAfVyRuoB6a-G6gH89EbqAeW2BuoB6qbsQKoB9-fsQLYBwDSCAkIgOGAEBABGB3yCBthZHgtc3Vic3luLTQ4MjM5Njk5ODUwODIxMzaACgOYCwHICwGADAGwE9yZ6w3QEwDYEwPYFAHQFQH4FgGAFwE%26ae%3D1%26num%3D1%26cid%3DCAASEuRoCYXDousSUCqGVklKwhX-SA%26sig%3DAOD64_2D7GZUD_4g8glKRbCKuCjVIVpEbw%26client%3Dca-pub-4903453974745530%26dbm_c%3DAKAmf-C4khkvkN_T2E7kJRwR4uzivWJWbIibsPRXeQAShQn_foiykMGuulzX1pjEkb9-mAcSS7jVp9ce2sUbnPhRlEyhBX0XdOoIXL0JxlK8PLBb7rUWQy_pnXTsPadVEh8rE6CnXXDj2CQ4Pc3D-plBCyyw-aoowQ%26cry%3D1%26dbm_d%3DAKAmf-D77vRJVbPOsApgWGDnkVwC8s-otL9CF7vtVEgsw2EtrqEPZ4YCp8a7DKDRAVHuHLi_qvgT88nRs2Rlo6YhjO2cWbMEERQWKpCUiW63p2q3q72Nm8CwgGUyOXNBw92sTScLlgVgtTvoOFqzpFNHn9t7O9MPGD36XA32kbidRdnWpxeB_7NjAayOyyLw0mrrf51554DmDXOLyegFCuEchNLYj469cpIFPD1bA0XY6s3jf7EI9ZIH1KdA_pSBOw5gO06Rp3t8de7a2NZCHL2RCc-5NxPjW0d2_VQuuRolxLLWsfNEBCifvXfQSIQfJoQLTbxbAVlseOS8NXDStlge8VXnIVtO4J0McaYl29x5afFtUNK2O5FEt6QlFivnRb9GAdal73lCS9oYbdprI4BbPKrQZGoQwn5uz93mqy2gs6NFSD5--mf8WfTx8GUTTlJFY6m4IGaw-r0vxJxDz4hRz9hKGJnzfA%26adurl%3D&documentReferer=https%3A%2F%2Fnets4.com%2F&ancestorOrigins=https%3A%2F%2Fnets4.com%2Chttps%3A%2F%2Fnets4.com&random=2482302778529&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 49.12.16.151 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: lb-1.futalis.de
Software: /
Resource Hash: 582e283baa4cce4006055beb2eb8fe257c1ec5ef573a40f173b880636089e8cd

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://41930831e50f6c0a667ec604b453a08b.safeframe.googlesyndication.com/

Response headers

content-length: 350
content-type: text/html; charset=utf-8

Redirect headers

date: Wed, 02 Mar 2022 00:15:03 GMT
server: Apache
p3p: policyref="https://www.retailads.net//w3c/p3p.xml",CP="NOI CUR OUR STP"
location: https://futalis.de/htlp?utm_medium=affiliate&utm_source=retailads&utm_campaign=150337&ra_id=1244095258
content-length: 0
content-type: text/html; charset=utf-8

GET
H3

200

activityi;dc_pre=CLrnqOKSpvYCFWuC_QcdyaIErQ;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=2025144497817.7878 Show response
5994599.fls.doubleclick.net/ Frame 59F1
Redirect Chain

https://5994599.fls.doubleclick.net/activityi;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=2025144497817.7878?
https://5994599.fls.doubleclick.net/activityi;dc_pre=CLrnqOKSpvYCFWuC_QcdyaIErQ;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=2025144497817.7878?

392 B
346 B

36ms
35ms

Document
text/html

216.58.212.134
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://5994599.fls.doubleclick.net/activityi;dc_pre=CLrnqOKSpvYCFWuC_QcdyaIErQ;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=2025144497817.7878?

Requested by

Host: nets4.com
URL: https://nets4.com/domain/megaplay.cc

Protocol

Security

QUIC, , AES_128_GCM

Server

216.58.212.134 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s46-in-f6.1e100.net

Software

cafe /

Resource Hash

f56327f7cd1e3f48d5d94db9182009ed1f774f36384daa3655955c3d00b6784a

Security Headers

Name	Value
Strict-Transport-Security	max-age=21600
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://41930831e50f6c0a667ec604b453a08b.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Wed, 02 Mar 2022 00:15:03 GMT
expires: Wed, 02 Mar 2022 00:15:03 GMT
cache-control: private, max-age=0
strict-transport-security: max-age=21600
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 323
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

Redirect headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Wed, 02 Mar 2022 00:15:03 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
follow-only-when-prerender-shown: 1
strict-transport-security: max-age=21600
location: https://5994599.fls.doubleclick.net/activityi;dc_pre=CLrnqOKSpvYCFWuC_QcdyaIErQ;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=2025144497817.7878?
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
server: cafe
content-length: 0
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H/1.1 200
OK request_content.php Show response
hal900022.redintelligence.net/ Frame D140 7 KB
2 KB 41ms
12ms Document
text/html 144.76.104.53
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal900022.redintelligence.net/request_content.php?s=31069800007113400710612011886022&a=07f82495
Requested by: Host: hal900022.redintelligence.net
URL: https://hal900022.redintelligence.net/request.php?zone=4727t6qteyti&nw=20&renderingType=javascript&namespace=b5e8ff54fd&subid=&uid=10157cd62a79cb51&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=728x90&scrollPos=0x0&extData[]=&envData=&gdpr=-1&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCBB3LBrceYqn0FZD-3wOqjKOoCLXN-YNX_Ni5q-UM8C4QASC52_MmYJWCgICwB8gBCakCeVt4gCqosj6oAwGqBNgBT9ADhcghjpSM6sg7vQzQvlWVBxRRbOdAhkt3TB9qaLD15tgKebthaxwY8sA5VlgxHRyRmQ2ZHsm1-V7hRbyW-1hDyUtci_DqoDPsIzCM2EU4erU6vPnzrajUurS-gBQukhgEH19y6LnFHLT49vZXK2FxlvB1CQUZRXxL-NQz-1RwrzNnJWmqUd-HFtXHX9x1Zb4wiw1HFPR013MRsKyvZ-rzwiXQcG2L_7nfQWwKN3_ImgVMO74ds5exkiEnQcUwAmpZyJserNUshxMVC8iNJV7zeBV08XkAwASqnfy-zwHgBAOQBgGgBk2AB-vn6F6oB47OG6gHk9gbqAfulrECqAf-nrECqAeko7ECqAfVyRuoB6a-G6gH89EbqAeW2BuoB6qbsQKoB9-fsQLYBwDSCAkIgOGAEBABGB3yCBthZHgtc3Vic3luLTQ4MjM5Njk5ODUwODIxMzaACgOYCwHICwGADAGwE9yZ6w3QEwDYEwPYFAHQFQH4FgGAFwE%26ae%3D1%26num%3D1%26cid%3DCAASEuRoCYXDousSUCqGVklKwhX-SA%26sig%3DAOD64_2D7GZUD_4g8glKRbCKuCjVIVpEbw%26client%3Dca-pub-4903453974745530%26dbm_c%3DAKAmf-C4khkvkN_T2E7kJRwR4uzivWJWbIibsPRXeQAShQn_foiykMGuulzX1pjEkb9-mAcSS7jVp9ce2sUbnPhRlEyhBX0XdOoIXL0JxlK8PLBb7rUWQy_pnXTsPadVEh8rE6CnXXDj2CQ4Pc3D-plBCyyw-aoowQ%26cry%3D1%26dbm_d%3DAKAmf-D77vRJVbPOsApgWGDnkVwC8s-otL9CF7vtVEgsw2EtrqEPZ4YCp8a7DKDRAVHuHLi_qvgT88nRs2Rlo6YhjO2cWbMEERQWKpCUiW63p2q3q72Nm8CwgGUyOXNBw92sTScLlgVgtTvoOFqzpFNHn9t7O9MPGD36XA32kbidRdnWpxeB_7NjAayOyyLw0mrrf51554DmDXOLyegFCuEchNLYj469cpIFPD1bA0XY6s3jf7EI9ZIH1KdA_pSBOw5gO06Rp3t8de7a2NZCHL2RCc-5NxPjW0d2_VQuuRolxLLWsfNEBCifvXfQSIQfJoQLTbxbAVlseOS8NXDStlge8VXnIVtO4J0McaYl29x5afFtUNK2O5FEt6QlFivnRb9GAdal73lCS9oYbdprI4BbPKrQZGoQwn5uz93mqy2gs6NFSD5--mf8WfTx8GUTTlJFY6m4IGaw-r0vxJxDz4hRz9hKGJnzfA%26adurl%3D&documentReferer=https%3A%2F%2Fnets4.com%2F&ancestorOrigins=https%3A%2F%2Fnets4.com%2Chttps%3A%2F%2Fnets4.com&random=2482302778529&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 144.76.104.53 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.53.104.76.144.clients.your-server.de
Software: Apache /
Resource Hash: 683658fe704f37257dae36ab6c0ac85ccdb166afc84c9c8174d3fc383cc05bba

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://41930831e50f6c0a667ec604b453a08b.safeframe.googlesyndication.com/

Response headers

Date: Wed, 02 Mar 2022 00:15:03 GMT
Server: Apache
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Expires: Wed, 02 Mar 2022 00:15:03 +0100
Pragma: no-cache
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 2066
Connection: close
Content-Type: text/html; charset=utf-8

GET
H/1.1

200
OK

native.png
ad-server.eu/wm/pb/ Frame DE75
Redirect Chain

https://pv.medialead.de/trck/eview/e99aace94e6e5873830a7df8deda4aa6?subid=31069800007113400710612011886022
https://ad-server.eu/wm/pb/native.png

68 B
312 B

30ms
30ms

Image
image/png

54.76.176.197
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ad-server.eu/wm/pb/native.png
Requested by: Host: 41930831e50f6c0a667ec604b453a08b.safeframe.googlesyndication.com
URL: https://41930831e50f6c0a667ec604b453a08b.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1
Protocol: HTTP/1.1
Server: 54.76.176.197 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-76-176-197.eu-west-1.compute.amazonaws.com
Software: nginx/1.4.6 (Ubuntu) /
Resource Hash: 93ae7d494fad0fb30cbf3ae746a39c4bc7a0f8bbf87fbb587a3f3c01f3c5ce20

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://41930831e50f6c0a667ec604b453a08b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Date: Wed, 02 Mar 2022 00:20:43 GMT
Last-Modified: Sat, 21 Dec 2019 23:06:59 GMT
Server: nginx/1.4.6 (Ubuntu)
ETag: "5dfea593-44"
Content-Type: image/png
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 68

Redirect headers

Date: Wed, 02 Mar 2022 00:15:03 GMT
Server: nginx/1.17.5
Host: pv.medialead.de
X-IPLB-Request-ID: 8AC72684:EB30_91EFC182:01BB_621EB706_5A1A17A:F723
X-IPLB-Instance: 40027
Strict-Transport-Security: max-age=15768000
Content-Type: application/go
Location: https://ad-server.eu/wm/pb/native.png
Keep-Alive: timeout=20
Content-Length: 0
Proxy-Host: pv.medialead.de

GET
H/1.1 200
OK cshow.php
www.awin1.com/ Frame DE75 43 B
705 B 21ms
16ms Image
image/gif 104.92.94.3
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.awin1.com/cshow.php?s=2519595&v=14098&q=379097&r=296283&pref1=31069800007113400710612011886022&pv=1

Requested by

Host: 41930831e50f6c0a667ec604b453a08b.safeframe.googlesyndication.com
URL: https://41930831e50f6c0a667ec604b453a08b.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

104.92.94.3 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-92-94-3.deploy.static.akamaitechnologies.com

Software

Resource Hash

2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://41930831e50f6c0a667ec604b453a08b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 02 Mar 2022 00:15:03 GMT
Strict-Transport-Security: max-age=86400
P3P: policyref="http://www.awin1.com/w3c/p3p.xml", CP="NOI NID CURa ADMa PSAa HISa OUR IND UNI PUR COM NAV"
Cache-Control: no-store, no-cache, max-age=0, must-revalidate
Awin-Akamai-Rule-Set: default
Node: Helix
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: 0

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 60D2 1 KB
749 B 11ms
7ms Document
text/html 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: 41930831e50f6c0a667ec604b453a08b.safeframe.googlesyndication.com
URL: https://41930831e50f6c0a667ec604b453a08b.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://41930831e50f6c0a667ec604b453a08b.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 724
x-xss-protection: 0
date: Tue, 01 Mar 2022 13:26:12 GMT
expires: Wed, 02 Mar 2022 13:26:12 GMT
cache-control: public, max-age=86400
age: 38931
etag: 48472445140208031
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
DATA 200
OK truncated
/ Frame DE75 211 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 88190fa2b17fe929cde14caa7eeaff2d0792c8b2fb6cc4bcd788056c1d465ff7

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 821B 0
20 B 43ms
42ms Image
image/gif 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=225&t=2&li=gpt_2022022401&jk=2062520611254302&bg=!-_il-LzNAAYFuXAgBbk7ACkAdvg8WjBvMZ1ninL8Mn_-3hfHGKy2iOXNUSbAZDicemYJ9CpBC6GuxwIAAAHSUgAAAAJoAQcKAHrjH8kGuGWmGwXlxAlpBH2ETlRN01dLMAt8TokV35QuHkn973PnK6Al2BcLLlHOQQv2SboDUWkqr5hAErmX0TeR2fEI3_APZqBD_UT9VAoW6n4pxKhoDw9YoiZDeC16C6fi6pSrOtw1tjenIcvzMXD69Tuyn8lPIKjtQJkC3b0ywFkLjvt9kMCfCXAjCn3T_VIyQHJbtAdpDqc3_co1YiGjrxdUBOBqQUJNRctPIwGiVoejy0TZgi9VQ2khpPA4bKZ7EMNIIRlv8G3nY6e_5_A_E-LYlqL85yhkRHdo8Zfj7xspTdVfrzpoqdBppWUX4ieaNOY_ZJLzxa7KE47USaRYnzMgAqOG7ALVAl4GYGHCvNVYoJw-iteOBmOqdE3MlepHeZ5w2dGGh5UjzR6CKOuqT6TgvW5HarV9pezZokawJvz4VeCgOHEaju52y_jbz3EHo3wl_nV7F-m4K838KzSWe9iLi-dUIBk9ZwgXH6arl7Wwe-GV4VCrVfP26PynYcKi4HfcXcTVHqu2_5akBpoggd8KCHUWw4icJxOfhzdRAq6L3WVFmItrUInRh76hihD-BiEekK-upFAxqtPNU9fdZLqXGYJSXowOBnw7rHGd85mnsGBoQjoWx8Q3JvPoy1XIerdwLhtL332fRI8QVcb3pL2VisIP2wca6Hu5Smxyf4WEY3ApMRtp4ohqb8wke5h1VrXdODwBC7MEWCtH-bL7KNimnsjfafm6_XyH9ZzEN2UUWVUDvFTXNPDxnEtiRpMxVamLmrxlu4HTPinG9aTSY3b1IpYsNHgVR7Wo1yNjPyk_mOMgM8I3NmVNG6uQ-CcfW6ePzp4kn7Z-I-uJH0-s8jqpWqHu__6ZjI5b5Jf7i-B3aoxYaVHAc37ZeGH8uPSBu2ZrgrHqLt2YdO_V66EOteLalSjfsUAMdKs4zk6EgEkD1JRJ6gJZLh_--l_9JywG0dmBRD7PP7LFKvdq1Vj9CnV5i3qvq18-B7f-klnGauZ1v0-hc73s-Cfg4-4MMooCMB0GkJ2UcD6O8NxE7JEljDpPWbo4DJUqICvw-22s2_y5hmrxJkSnZ8w-tJOzso9Ahx94eVg6HqGOJzH1I901IGB5PEYhpTsU_lREdMQSuFob3nF5r4XLKb4

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 02 Mar 2022 00:15:03 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 default.css
as.ad4m.at/ad/style/0.1.18/one-ad/ Frame 3602 81 KB
11 KB 18ms
17ms Stylesheet
text/css 2606:4700:20::681a:ad1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://as.ad4m.at/ad/style/0.1.18/one-ad/default.css

Requested by

Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=164568&b=VxqtwfMRKqfrAVpHVHetrHRtpbYFkTzTpMsQ&f=m39hefx6V2FDBkRcmH8tjHQC2j8SDTwTbpFA&c=468&d=60&e=n8B_4eoSzolwyRQrtLGsMV4EVfYeRD8i&g=7c80c34d9bc83cc15cf19ebcda88e7c3%2F16181067057231556120&i=27903&j=22&k=0&l=0&m=0&n=&p=&q=&o=adfPros&r=1646180103123&h=https%3A%2F%2Fadclick.g.doubleclick.net%2Faclk%3Fsa%3DL%26ai%3DCSsZ3BbceYpnfJoz23wO87K6IC_PYq5NcybzUs6IHwI23ARABIABglYKAgLAHggEXY2EtcHViLTU0MTMzMjk1NDQwNDA5NDfIAQmpArEOR4vCqbI-4AIAqAMBqgTKAk_QLqh_HUZ1j_DwLFBKOY_uOWKwPUUK_sExgJPkBoEUgHCRETw1xVo_u9uCB66euzB3g5mHxzFm2YyIs6o3HjtBlQGRuJnLTIYZSaVeBveBzvX6W7tPI4O_1I_OldSwqKTC-uthC9STxz1n77PmO0IQ3rwi0E-H_VXP6nSy1tZ5BnegOdu-fV438HukSJVkHsovUaTfnziQAR-tCtcZs8MROuFludgZ9CNoSu55sNaTTNRbjUpsHCJZ1r6yz8-FpY5ixNmlr04SMM1GOfsEctAspkNtjWz-h7mqE0AdQljl8jBay_y4UJbwy6Oc7pf2XFP1iSDz9yeiUTdshZpXHGqpPHBmGnZV9PrtqK_IyyUQXfqsdLBOr2kVqC5XCF-Gc0kvlui6utj9gEJosa_WhmRekG84BfWaEqPPQgVbFZcHKjBaW22P0P3E9eAEAYAG-NuLrdKw4bOZAaAGIagHpr4bqAeW2BuoB6qbsQKoB9-fsQLYBwDSCAcIgOGAEBAB-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_0pIlc87fXsGxqOuxoufCwnp3NNLQ%26client%3Dca-pub-5413329544040947%26adurl%3Dhttps%3A%2F%2Ftrack.adform.net%2FC%2F%3Fbn%3D38516441%3Bcrtbwp%3DYh63BQAJr5kKd_sMAAu2PPS5UDvVctmOrqzshA%3Bcrtbdata%3DjMNqeDmYZHhNpueflJD4Fqi1RJ7kEJGV8Dab6dzqVdnyEOHvwTTfCw6lzVbaIVSCz2H8BUGO2GN7YivtyqnHvJ4njTShSpQRJpSNbM-lEoX8L4auf8hiaSI6TCT45abKviLQ1T7f49UsVVTyv_CHqQFv_3CBxlGP6bZH-F4ocYPTU60VogpPVcnSB96SqMD18VBsQGyzA2TJVWRWroDVuC0tIH0ewKtslbLBcIpUZ7FULoOKEbZeX4V0LcYr737tK8G-vBFKtmOivyDzGMbpcGiVjUO9Hc_IeiDNb4WVFnSnaL3DEImJQQ_4t0VNroP79JWraxIEfh3XR7n2NFFky-l_OwOneNqMkydbcz0HpcA1%3Badfibeg%3D0%3Bcdata%3DSUPQiXb9jVWCnyoDaqEmOqN36vXFMkj9gk7w-HBrbA2C61UiWIhEiJu--XfSPHkswmc-8Rq07SfB81ifIhuSCY3scUm5kCP3a7iCPj1oc7qgXUBK3i7RPhl-DCJBfit9VJwbV8YU6RbHoFEk39kKgMN4iOtIBxgX0%3B%3BCREFURL%3Dhttps%253a%252f%252fnets4.com%3BC%3D1%3Bcpdir%3D&y=1&z=0

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::681a:ad1 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0442de55e3838ce2b8cfca9a7ad2a6bcecfd94844453c13b38d7a9f1d31944b9

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://as.ad4m.at/ad/rar?a=164568&b=VxqtwfMRKqfrAVpHVHetrHRtpbYFkTzTpMsQ&f=m39hefx6V2FDBkRcmH8tjHQC2j8SDTwTbpFA&c=468&d=60&e=n8B_4eoSzolwyRQrtLGsMV4EVfYeRD8i&g=7c80c34d9bc83cc15cf19ebcda88e7c3%2F16181067057231556120&i=27903&j=22&k=0&l=0&m=0&n=&p=&q=&o=adfPros&r=1646180103123&h=https%3A%2F%2Fadclick.g.doubleclick.net%2Faclk%3Fsa%3DL%26ai%3DCSsZ3BbceYpnfJoz23wO87K6IC_PYq5NcybzUs6IHwI23ARABIABglYKAgLAHggEXY2EtcHViLTU0MTMzMjk1NDQwNDA5NDfIAQmpArEOR4vCqbI-4AIAqAMBqgTKAk_QLqh_HUZ1j_DwLFBKOY_uOWKwPUUK_sExgJPkBoEUgHCRETw1xVo_u9uCB66euzB3g5mHxzFm2YyIs6o3HjtBlQGRuJnLTIYZSaVeBveBzvX6W7tPI4O_1I_OldSwqKTC-uthC9STxz1n77PmO0IQ3rwi0E-H_VXP6nSy1tZ5BnegOdu-fV438HukSJVkHsovUaTfnziQAR-tCtcZs8MROuFludgZ9CNoSu55sNaTTNRbjUpsHCJZ1r6yz8-FpY5ixNmlr04SMM1GOfsEctAspkNtjWz-h7mqE0AdQljl8jBay_y4UJbwy6Oc7pf2XFP1iSDz9yeiUTdshZpXHGqpPHBmGnZV9PrtqK_IyyUQXfqsdLBOr2kVqC5XCF-Gc0kvlui6utj9gEJosa_WhmRekG84BfWaEqPPQgVbFZcHKjBaW22P0P3E9eAEAYAG-NuLrdKw4bOZAaAGIagHpr4bqAeW2BuoB6qbsQKoB9-fsQLYBwDSCAcIgOGAEBAB-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_0pIlc87fXsGxqOuxoufCwnp3NNLQ%26client%3Dca-pub-5413329544040947%26adurl%3Dhttps%3A%2F%2Ftrack.adform.net%2FC%2F%3Fbn%3D38516441%3Bcrtbwp%3DYh63BQAJr5kKd_sMAAu2PPS5UDvVctmOrqzshA%3Bcrtbdata%3DjMNqeDmYZHhNpueflJD4Fqi1RJ7kEJGV8Dab6dzqVdnyEOHvwTTfCw6lzVbaIVSCz2H8BUGO2GN7YivtyqnHvJ4njTShSpQRJpSNbM-lEoX8L4auf8hiaSI6TCT45abKviLQ1T7f49UsVVTyv_CHqQFv_3CBxlGP6bZH-F4ocYPTU60VogpPVcnSB96SqMD18VBsQGyzA2TJVWRWroDVuC0tIH0ewKtslbLBcIpUZ7FULoOKEbZeX4V0LcYr737tK8G-vBFKtmOivyDzGMbpcGiVjUO9Hc_IeiDNb4WVFnSnaL3DEImJQQ_4t0VNroP79JWraxIEfh3XR7n2NFFky-l_OwOneNqMkydbcz0HpcA1%3Badfibeg%3D0%3Bcdata%3DSUPQiXb9jVWCnyoDaqEmOqN36vXFMkj9gk7w-HBrbA2C61UiWIhEiJu--XfSPHkswmc-8Rq07SfB81ifIhuSCY3scUm5kCP3a7iCPj1oc7qgXUBK3i7RPhl-DCJBfit9VJwbV8YU6RbHoFEk39kKgMN4iOtIBxgX0%3B%3BCREFURL%3Dhttps%253a%252f%252fnets4.com%3BC%3D1%3Bcpdir%3D&y=1&z=0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Wed, 02 Mar 2022 00:15:03 GMT
via: 1.1 google
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"failure_fraction":"1.0","max_age":86400,"report_to":"report-endpoint","success_fraction":"0.0","include_subdomains":true}
age: 103443
cross-origin-embedder-policy: unsafe-none
cf-polished: origSize=83581
surrogate-control: no-store
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=86400; includeSubDomains; preload
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection: 1; mode=block
pragma: no-cache
referrer-policy: same-origin
expires: 0
last-modified: Mon, 28 Feb 2022 19:31:00 GMT
server: cloudflare
cross-origin-opener-policy: unsafe-none
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
x-download-options: noopen
report-to: {"endpoints":[{"url":"/ad/vre"}],"group":"report-endpoint","max_age":86400}
content-type: text/css; charset=utf-8
vary: Accept-Encoding
cache-control: max-age=3600, must-revalidate, proxy-revalidate
cf-ray: 6e55ef8d481b9944-FRA
cf-bgj: minify

GET
H2 200 AC94A773D858B1DBF385F1F87275689545E70FCEB074F719B3E594A120C9BD2A5CB44B47076CB6928DE23C56FA8796D1C784BBADA4A9AEE0397C455B3FAF9242
assets.ad4m.at/product_image/ Frame 3602 7 KB
8 KB 33ms
16ms Image
image/webp 2606:4700:20::681a:ad1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.ad4m.at/product_image/AC94A773D858B1DBF385F1F87275689545E70FCEB074F719B3E594A120C9BD2A5CB44B47076CB6928DE23C56FA8796D1C784BBADA4A9AEE0397C455B3FAF9242
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=164568&b=VxqtwfMRKqfrAVpHVHetrHRtpbYFkTzTpMsQ&f=m39hefx6V2FDBkRcmH8tjHQC2j8SDTwTbpFA&c=468&d=60&e=n8B_4eoSzolwyRQrtLGsMV4EVfYeRD8i&g=7c80c34d9bc83cc15cf19ebcda88e7c3%2F16181067057231556120&i=27903&j=22&k=0&l=0&m=0&n=&p=&q=&o=adfPros&r=1646180103123&h=https%3A%2F%2Fadclick.g.doubleclick.net%2Faclk%3Fsa%3DL%26ai%3DCSsZ3BbceYpnfJoz23wO87K6IC_PYq5NcybzUs6IHwI23ARABIABglYKAgLAHggEXY2EtcHViLTU0MTMzMjk1NDQwNDA5NDfIAQmpArEOR4vCqbI-4AIAqAMBqgTKAk_QLqh_HUZ1j_DwLFBKOY_uOWKwPUUK_sExgJPkBoEUgHCRETw1xVo_u9uCB66euzB3g5mHxzFm2YyIs6o3HjtBlQGRuJnLTIYZSaVeBveBzvX6W7tPI4O_1I_OldSwqKTC-uthC9STxz1n77PmO0IQ3rwi0E-H_VXP6nSy1tZ5BnegOdu-fV438HukSJVkHsovUaTfnziQAR-tCtcZs8MROuFludgZ9CNoSu55sNaTTNRbjUpsHCJZ1r6yz8-FpY5ixNmlr04SMM1GOfsEctAspkNtjWz-h7mqE0AdQljl8jBay_y4UJbwy6Oc7pf2XFP1iSDz9yeiUTdshZpXHGqpPHBmGnZV9PrtqK_IyyUQXfqsdLBOr2kVqC5XCF-Gc0kvlui6utj9gEJosa_WhmRekG84BfWaEqPPQgVbFZcHKjBaW22P0P3E9eAEAYAG-NuLrdKw4bOZAaAGIagHpr4bqAeW2BuoB6qbsQKoB9-fsQLYBwDSCAcIgOGAEBAB-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_0pIlc87fXsGxqOuxoufCwnp3NNLQ%26client%3Dca-pub-5413329544040947%26adurl%3Dhttps%3A%2F%2Ftrack.adform.net%2FC%2F%3Fbn%3D38516441%3Bcrtbwp%3DYh63BQAJr5kKd_sMAAu2PPS5UDvVctmOrqzshA%3Bcrtbdata%3DjMNqeDmYZHhNpueflJD4Fqi1RJ7kEJGV8Dab6dzqVdnyEOHvwTTfCw6lzVbaIVSCz2H8BUGO2GN7YivtyqnHvJ4njTShSpQRJpSNbM-lEoX8L4auf8hiaSI6TCT45abKviLQ1T7f49UsVVTyv_CHqQFv_3CBxlGP6bZH-F4ocYPTU60VogpPVcnSB96SqMD18VBsQGyzA2TJVWRWroDVuC0tIH0ewKtslbLBcIpUZ7FULoOKEbZeX4V0LcYr737tK8G-vBFKtmOivyDzGMbpcGiVjUO9Hc_IeiDNb4WVFnSnaL3DEImJQQ_4t0VNroP79JWraxIEfh3XR7n2NFFky-l_OwOneNqMkydbcz0HpcA1%3Badfibeg%3D0%3Bcdata%3DSUPQiXb9jVWCnyoDaqEmOqN36vXFMkj9gk7w-HBrbA2C61UiWIhEiJu--XfSPHkswmc-8Rq07SfB81ifIhuSCY3scUm5kCP3a7iCPj1oc7qgXUBK3i7RPhl-DCJBfit9VJwbV8YU6RbHoFEk39kKgMN4iOtIBxgX0%3B%3BCREFURL%3Dhttps%253a%252f%252fnets4.com%3BC%3D1%3Bcpdir%3D&y=1&z=0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:ad1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 493d1800254052115a3f4a130e8f354351a5854c8ef77d6c8425a715ac62f992

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

x-goog-hash: crc32c=XRlL3w==, md5=4Azr9W/LpcE0kF/nEE62dw==
date: Wed, 02 Mar 2022 00:15:03 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 4137
cf-polished: qual=85, origFmt=jpeg, origSize=16099
x-guploader-uploadid: ADPycdtC39K4tGrJEqgDzpp4bdCSPh84L6ZGwSC6vgVWDCUpkwKqOtkDM3rX4JVXvJalBipgIdDc3jOaXeywgf-kcfY
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 7444
last-modified: Tue, 01 Mar 2022 17:04:40 GMT
server: cloudflare
etag: "e00cebf56fcba5c134905fe7104eb677"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=i%2FfYv3ftkFi1KQTea6XX%2Bm0J6fRWdwGmal7reeSXZBofsuIBfdp2bIsjV0fySdVERG01O2tOBMMfaFfGr7AOkksl8wQol0qH%2B2RvUq%2Fnbgc4D4NXsGM6FgV61ZCK%2F%2BhzByz9IYCSpn%2FMN2AX"}],"group":"cf-nel","max_age":604800}
x-goog-generation: 1646047717771376
content-type: image/webp
expires: Thu, 03 Mar 2022 00:15:03 GMT
cache-control: public, max-age=86400
x-goog-stored-content-length: 16099
accept-ranges: bytes
cf-ray: 6e55ef8d6829914d-FRA
cf-bgj: imgq:85,h2pri

POST
H2 200 /
track.adform.net/csimpr/ Frame 4DE6 35 B
503 B 19ms
18ms Ping
image/gif 37.157.6.247
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://track.adform.net/csimpr/?bn=45644900&csi=5EKWOCwSXtjGQnYRGB_jZLas9uqGoTAtRwNZDwsFMKcJDwKV3Zer3CBqYa8S3ksVVRLRQAJwr-o4CrUdWnqQOGQBbo50IEXs0

Requested by

Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/bootstrap.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.6.247 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://5d1e409b7e761b3a6327b2b6b243a2fb.safeframe.googlesyndication.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Wed, 02 Mar 2022 00:15:03 GMT
server: nginx
access-control-max-age: 86400
access-control-allow-methods: GET, POST
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: https://5d1e409b7e761b3a6327b2b6b243a2fb.safeframe.googlesyndication.com
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
access-control-allow-headers: Content-Type, Cache-Control, Accept-Encoding, X-Requested-With
expires: -1

GET
H2 200 44787403.png
s1.adform.net/Banners/44787403/ Frame 4DE6 96 KB
97 KB 21ms
21ms Image
image/png 37.157.2.248
ADFORM

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s1.adform.net/Banners/44787403/44787403.png?bv=1

Requested by

Host: 5d1e409b7e761b3a6327b2b6b243a2fb.safeframe.googlesyndication.com
URL: https://5d1e409b7e761b3a6327b2b6b243a2fb.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.2.248 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

886fb18e9211c9b78fc389742c1583bdd5e13591f66ece3706b0db2f22eaf58d

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://5d1e409b7e761b3a6327b2b6b243a2fb.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Wed, 02 Mar 2022 00:15:03 GMT
last-modified: Tue, 27 Apr 2021 09:51:56 GMT
server: nginx
etag: "6087debc-181ae"
x-cache-status: HIT
strict-transport-security: max-age=0
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: *
cache-control: public, max-age=604800
accept-ranges: bytes
content-type: image/png
content-length: 98734

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame 0273 0
9 B 7ms
6ms Image
text/plain 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?ZEpHUw
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Wed, 02 Mar 2022 00:15:03 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0

GET
H3 200 activeview
pagead2.googlesyndication.com/pcs/ Frame 161B 42 B
64 B 42ms
41ms Image
image/gif 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsuBZdGdxyftKMWWtqFPpXLEa-fpMkMyEdKVyQtNayE23E_l5kO7Gu7VOzF4WfhErC-k2087E8S_7_T1r06UsaTccxzgDAAl1ezCbaTe-rkVz6qOR006aA&sai=AMfl-YSyRawX3URkDcBmRjEQUbrPVKE_XBcbMnSaFVv_1KoutkvTglItermqXFcfXVbuqT9WtGW5fLeB80SWuKLfdEbdgKljFs8dPzpFAMuuK9gTU8n35HvshOdt9KvC6b94&sig=Cg0ArKJSzDI9nghxpPOTEAE&id=ampim&o=294,555&d=728,200&ss=1600,1200&bs=1600,1200&mcvt=1059&mtos=0,0,1059,1059,1059&tos=0,0,1059,0,0&tfs=243&tls=1302&g=100&h=100&tt=1302&r=v&avms=ampa&uap=&uapv=&uaa=&uam=&uafv=&uab=&adk=4203880072

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 02 Mar 2022 00:15:03 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 css
fonts.googleapis.com/ Frame D140 1 KB
419 B 17ms
17ms Stylesheet
text/css 2a00:1450:4001:82a::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Titillium+Web:400,700

Requested by

Host: hal900022.redintelligence.net
URL: https://hal900022.redintelligence.net/request_content.php?s=31069800007113400710612011886022&a=07f82495

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

ea795a298e37c1cd48937e8d9b242162d213ebaa07c997769a6bfe4b4d8ec411

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hal900022.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Tue, 01 Mar 2022 23:10:59 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Wed, 02 Mar 2022 00:15:03 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Wed, 02 Mar 2022 00:15:03 GMT

GET
H/1.1 200
OK /
hal9000.redintelligence.net/scale/ Frame D140 16 KB
16 KB 36ms
13ms Image
image/png 138.201.63.150
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://hal9000.redintelligence.net/scale/?nw=20&mode=bb&width=120&height=60&url=https://cdn.contentspread.net/24i/advertiser/6383/creativesup/pb_goldschmied_1200x627.jpg
Requested by: Host: hal900022.redintelligence.net
URL: https://hal900022.redintelligence.net/request_content.php?s=31069800007113400710612011886022&a=07f82495
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.63.150 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.150.63.201.138.clients.your-server.de
Software: Apache /
Resource Hash: 5c3f921519dc59b601c93ad36a7e63c16442d8648b91deea9d2f184a5e42274b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hal900022.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Date: Wed, 02 Mar 2022 00:15:03 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 16465
Vary: Accept-Encoding
Content-Type: image/png

GET
H/1.1 200
OK /
hal9000.redintelligence.net/scale/ Frame D140 17 KB
17 KB 41ms
13ms Image
image/png 138.201.63.150
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://hal9000.redintelligence.net/scale/?nw=20&mode=bb&width=120&height=60&url=https://cdn.contentspread.net/24i/advertiser/3839/creativesup/father_daughter_1200x627.jpg
Requested by: Host: hal900022.redintelligence.net
URL: https://hal900022.redintelligence.net/request_content.php?s=31069800007113400710612011886022&a=07f82495
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.63.150 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.150.63.201.138.clients.your-server.de
Software: Apache /
Resource Hash: b8a3ac1803da07434a3804286b1fc22907acb9d5aa8a96a4fbb0064538c4bb80

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hal900022.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Date: Wed, 02 Mar 2022 00:15:03 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 16856
Vary: Accept-Encoding
Content-Type: image/png

GET
H/1.1 200
OK /
hal9000.redintelligence.net/scale/ Frame D140 13 KB
13 KB 40ms
13ms Image
image/png 138.201.63.150
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://hal9000.redintelligence.net/scale/?nw=20&mode=bb&width=120&height=60&url=https://cdn.contentspread.net/24i/advertiser/55487/creativesup/1200x627.jpg
Requested by: Host: hal900022.redintelligence.net
URL: https://hal900022.redintelligence.net/request_content.php?s=31069800007113400710612011886022&a=07f82495
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.63.150 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.150.63.201.138.clients.your-server.de
Software: Apache /
Resource Hash: 3cc24413a065fbb078a96e2d2d85f6bcc9133e7c94592ab06a8d154ebc2f02c2

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hal900022.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Date: Wed, 02 Mar 2022 00:15:03 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 12987
Vary: Accept-Encoding
Content-Type: image/png

GET
H3 200 dc_pre=CLrnqOKSpvYCFWuC_QcdyaIErQ;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=2025144497817.7878
adservice.google.com/ddm/fls/z/ Frame 59F1 42 B
63 B 42ms
42ms Image
image/gif 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://adservice.google.com/ddm/fls/z/dc_pre=CLrnqOKSpvYCFWuC_QcdyaIErQ;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=2025144497817.7878

Requested by

Host: 5994599.fls.doubleclick.net
URL: https://5994599.fls.doubleclick.net/activityi;dc_pre=CLrnqOKSpvYCFWuC_QcdyaIErQ;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=2025144497817.7878?

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://5994599.fls.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 02 Mar 2022 00:15:03 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 95F2 0
20 B 40ms
39ms Image
image/gif 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=gpt_pgbrk&pvsid=4382323256364540&vrg=2022022401&nw_id=21902364955%5C%2C22652385948&nslots=1&eid=31061815%2C31064957%2C31065293%2C676982961&pub_url=https%3A%2F%2Fnets4.com%2Fdomain%2Fmegaplay.cc&qid=CIrbh-KSpvYCFVCFgwcdHZIJFQ&iu=%2F21902364955%2C22652385948%2Fcm_pu_nets4.com_technology_and_computing_top%2Fcm_pu_nets4.com_technology_and_computing_btf_2&e=0&ret=300x250&req=320x50%7C320x100%7C300x250&bm=0&efh=1&stk=0&ifi=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 02 Mar 2022 00:15:03 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ts.js Show response
cdn.retailads.net/ Frame 0441 5 KB
5 KB 11ms
10ms Script
application/javascript 2a01:4f8:d0a:2321::2
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.retailads.net/ts.js
Requested by: Host: futalis.de
URL: https://futalis.de/htlp?utm_medium=affiliate&utm_source=retailads&utm_campaign=150337&ra_id=1244095258
Protocol: H2
Security: TLS 1.3, , CHACHA20_POLY1305
Server: 2a01:4f8:d0a:2321::2 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
Software: Apache /
Resource Hash: c45a84e5e0ff6ed83afd426788be38a5cbc442dc6cce4631bfd5c22fdd1fc8df

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://futalis.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Wed, 02 Mar 2022 00:15:03 GMT
last-modified: Fri, 21 Jan 2022 14:35:51 GMT
server: Apache
accept-ranges: bytes
etag: "14aa-5d6188919baaa"
content-length: 5290
content-type: application/javascript

OPTIONS
H2 204 tracking-event
api.webgains.io/ Frame 0
0 93ms
30ms Preflight 52.30.107.253
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://api.webgains.io/tracking-event
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.30.107.253 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-30-107-253.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Origin: https://7ce4d47c5fc3eeb26be33dce2b4e0b6d.safeframe.googlesyndication.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

date: Wed, 02 Mar 2022 00:15:03 GMT
server: nginx
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS

POST
H2 200 tracking-event Show response
api.webgains.io/ Frame CE6B 16 B
232 B 88ms
88ms Fetch
application/json 52.30.107.253
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://api.webgains.io/tracking-event

Requested by

Host: analytics.webgains.io
URL: https://analytics.webgains.io/pvClk.min.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.30.107.253 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-30-107-253.eu-west-1.compute.amazonaws.com

Software

nginx / PHP/7.4.25

Resource Hash

c955e57777ec0d73639dca6748560d00aa5eb8e12f13ebb2ed9656add3908f97

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://7ce4d47c5fc3eeb26be33dce2b4e0b6d.safeframe.googlesyndication.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type: application/json

Response headers

date: Wed, 02 Mar 2022 00:15:03 GMT
x-content-type-options: nosniff
server: nginx
x-powered-by: PHP/7.4.25
x-frame-options: SAMEORIGIN
content-type: application/json
access-control-allow-origin: *
cache-control: no-cache, private
x-xss-protection: 1; mode=block

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 60D2
Redirect Chain

https://sync.mathtag.com/sync/img?mt_exid=4&google_gid=CAESEINvAJq3L1aetPy69fRTWOE&google_cver=1&google_push=AYg5qPKULUBU_F5zzPSw16RWWlekPEgfEvmbEqZ8ZQPTYvJYy-Df9ZUlZHg8bJ65JE4fdl5P_PRQgrRrvCwTLz90...
https://cm.g.doubleclick.net/pixel?google_nid=mediamath&google_hm=N0FiHrcHTwCex7Wuop7JAA&google_push=AYg5qPKULUBU_F5zzPSw16RWWlekPEgfEvmbEqZ8ZQPTYvJYy-Df9ZUlZHg8bJ65JE4fdl5P_PRQgrRrvCwTLz907Hx7FhmJwII

170 B
188 B

19ms
18ms

Image
image/png

172.217.16.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=mediamath&google_hm=N0FiHrcHTwCex7Wuop7JAA&google_push=AYg5qPKULUBU_F5zzPSw16RWWlekPEgfEvmbEqZ8ZQPTYvJYy-Df9ZUlZHg8bJ65JE4fdl5P_PRQgrRrvCwTLz907Hx7FhmJwII

Requested by

Host: 41930831e50f6c0a667ec604b453a08b.safeframe.googlesyndication.com
URL: https://41930831e50f6c0a667ec604b453a08b.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Server

172.217.16.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

zrh04s06-in-f130.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 02 Mar 2022 00:15:03 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date: Wed, 02 Mar 2022 00:15:03 GMT
Server: MT3 4172 645ee8c master cdg-pixel-x24 config:1.0.0
Access-Control-Allow-Origin: *
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location: https://cm.g.doubleclick.net/pixel?google_nid=mediamath&google_hm=N0FiHrcHTwCex7Wuop7JAA&google_push=AYg5qPKULUBU_F5zzPSw16RWWlekPEgfEvmbEqZ8ZQPTYvJYy-Df9ZUlZHg8bJ65JE4fdl5P_PRQgrRrvCwTLz907Hx7FhmJwII
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Keep-Alive: timeout=360
Content-Length: 0
Expires: Wed, 02 Mar 2022 00:15:02 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 60D2
Redirect Chain

https://sync-tm.everesttech.net/upi/pid/5w3jqr4k?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dg8f47s39e399f3fe%26google_hm%3D%24%7BTM_USER_ID_BASE64ENC_URLENC%7D&google_gid=CAESE...
https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_hm=WWg2M0J3QUo2Tk1QblFBeQ==&google_gid=CAESEJCgftM8ZglYDbp0S_3rkuk&google_cver=1&google_push=AYg5qPLCAOGNWzOgI7MDyQ7KEgcFReIaSd...

170 B
188 B

19ms
18ms

Image
image/png

172.217.16.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_hm=WWg2M0J3QUo2Tk1QblFBeQ==&google_gid=CAESEJCgftM8ZglYDbp0S_3rkuk&google_cver=1&google_push=AYg5qPLCAOGNWzOgI7MDyQ7KEgcFReIaSdMfd7_B1YbhffQixavTF-eVpEvW0qpDCqaQw1TQUfxUhQboSbNSxtLkXAqJdI5RiuYw

Requested by

Host: 41930831e50f6c0a667ec604b453a08b.safeframe.googlesyndication.com
URL: https://41930831e50f6c0a667ec604b453a08b.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Server

172.217.16.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

zrh04s06-in-f130.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 02 Mar 2022 00:15:03 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Wed, 02 Mar 2022 00:15:03 GMT
via: 1.1 varnish
server: Varnish
x-timer: S1646180104.661126,VS0,VE0
x-served-by: cache-hhn4080-HHN
x-cache: HIT
location: https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_hm=WWg2M0J3QUo2Tk1QblFBeQ==&google_gid=CAESEJCgftM8ZglYDbp0S_3rkuk&google_cver=1&google_push=AYg5qPLCAOGNWzOgI7MDyQ7KEgcFReIaSdMfd7_B1YbhffQixavTF-eVpEvW0qpDCqaQw1TQUfxUhQboSbNSxtLkXAqJdI5RiuYw
cache-control: no-cache
accept-ranges: bytes
content-length: 0
retry-after: 0
x-cache-hits: 0

GET
H2 200 google
match.adsrvr.org/track/cmf/ Frame 60D2 70 B
264 B 38ms
31ms Image
image/gif 52.223.40.198
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.adsrvr.org/track/cmf/google?google_gid=CAESEFMuMYPwg8m0cl-sukd2uLI&google_cver=1&google_push=AYg5qPILX9Vxoqjh2CDoN8opJe-Far-Wpgzx4ZQusI9mmlbtKck6i7OUNiyq7L-9wEdJoGVoTlffHS5Kc5AxTV2iHPqXLZ-UVDo9
Requested by: Host: 41930831e50f6c0a667ec604b453a08b.safeframe.googlesyndication.com
URL: https://41930831e50f6c0a667ec604b453a08b.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.223.40.198 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a6370ebea231e0c9a.awsglobalaccelerator.com
Software: /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 02 Mar 2022 00:15:03 GMT
cache-control: private,no-cache, must-revalidate
x-aspnet-version: 4.0.30319
content-type: image/gif
content-length: 70
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 60D2
Redirect Chain

https://c1.adform.net/serving/cookie/match/?party=1&google_gid=CAESED6h37YZHwtP6Svip--XP6o&google_cver=1&google_push=AYg5qPLKYOEUHV11CRUO9bA4o7AdwCUDjhr343AesK70PSxQZOA-SvBzbuVl9hHvuwbTKKDSRG1_VJZE...
https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=NjY3MTgyNjA0NzM1MTU1NzUx&google_push=AYg5qPLKYOEUHV11CRUO9bA4o7AdwCUDjhr343AesK70PSxQZOA-SvBzbuVl9hHvuwbTKKDSRG1_VJZE...

170 B
188 B

18ms
17ms

Image
image/png

172.217.16.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=NjY3MTgyNjA0NzM1MTU1NzUx&google_push=AYg5qPLKYOEUHV11CRUO9bA4o7AdwCUDjhr343AesK70PSxQZOA-SvBzbuVl9hHvuwbTKKDSRG1_VJZEkt9RKgUNxMRXoR82dkw3

Requested by

Host: 41930831e50f6c0a667ec604b453a08b.safeframe.googlesyndication.com
URL: https://41930831e50f6c0a667ec604b453a08b.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Server

172.217.16.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

zrh04s06-in-f130.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 02 Mar 2022 00:15:03 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Wed, 02 Mar 2022 00:15:03 GMT
server: nginx
location: https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=NjY3MTgyNjA0NzM1MTU1NzUx&google_push=AYg5qPLKYOEUHV11CRUO9bA4o7AdwCUDjhr343AesK70PSxQZOA-SvBzbuVl9hHvuwbTKKDSRG1_VJZEkt9RKgUNxMRXoR82dkw3
access-control-max-age: 86400
access-control-allow-methods: GET
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
content-length: 0
expires: -1

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 60D2
Redirect Chain

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEGvBBO62PSk7IEBKwzMD_Ik&google_cver=1&google_push=AYg5qPJXHosdzWLT-s7RYhEd39zp_LnNcdMEQwxHGZHkHvIVTjLMWGR7BetDRhVZYtjwZ7NC25G...
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TDA4VDRQQUgtNi02WVo0&google_push=AYg5qPJXHosdzWLT-s7RYhEd39zp_LnNcdMEQwxHGZHkHvIVTjLMWGR7BetDRhVZYtjwZ7NC25GPYyvCyEvT1oSm_T9f0YbMS0Qe

170 B
188 B

17ms
17ms

Image
image/png

172.217.16.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TDA4VDRQQUgtNi02WVo0&google_push=AYg5qPJXHosdzWLT-s7RYhEd39zp_LnNcdMEQwxHGZHkHvIVTjLMWGR7BetDRhVZYtjwZ7NC25GPYyvCyEvT1oSm_T9f0YbMS0Qe

Requested by

Host: 41930831e50f6c0a667ec604b453a08b.safeframe.googlesyndication.com
URL: https://41930831e50f6c0a667ec604b453a08b.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Server

172.217.16.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

zrh04s06-in-f130.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 02 Mar 2022 00:15:03 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Location: https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TDA4VDRQQUgtNi02WVo0&google_push=AYg5qPJXHosdzWLT-s7RYhEd39zp_LnNcdMEQwxHGZHkHvIVTjLMWGR7BetDRhVZYtjwZ7NC25GPYyvCyEvT1oSm_T9f0YbMS0Qe
Cache-Control: no-cache,no-store,must-revalidate
Content-Type: text/html
content-length: 0
X-RPHost: 8f052d4f888ae4e0626c5f819879cacd
Expires: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 60D2
Redirect Chain

https://sync.1rx.io/usersync2/rmpssp?sub=google&redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dr1%26google_push%3D%5BRX_SPD%5D%26google_hm%3D%5BRX_UUID_B64_BIN%5D&google_gid=CAESEH...
https://sync.1rx.io/usersync2/rmpssp?sub=google&zcc=1&google_push=AYg5qPKIzYldzHv46l3QDgAP-CankrfBWKuYYcpi6hg551I1xX524o-zV27xW6VmIXGB_bypHqjJGfAPXJ2WTES6q_LkdQhIfP0c&redir=https%3A%2F%2Fcm.g.doubl...
https://sync.targeting.unrulymedia.com/csync/RX-91839e45-61c5-40cc-ae8d-dde583822137-003?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dr1%26google_push%3DAYg5qPKIzYldzHv46l3QDgAP-...
https://cm.g.doubleclick.net/pixel?google_nid=r1&google_push=AYg5qPKIzYldzHv46l3QDgAP-CankrfBWKuYYcpi6hg551I1xX524o-zV27xW6VmIXGB_bypHqjJGfAPXJ2WTES6q_LkdQhIfP0c&google_hm=A5GDnkVhxUDMro3d5YOCITc

170 B
188 B

18ms
17ms

Image
image/png

172.217.16.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=r1&google_push=AYg5qPKIzYldzHv46l3QDgAP-CankrfBWKuYYcpi6hg551I1xX524o-zV27xW6VmIXGB_bypHqjJGfAPXJ2WTES6q_LkdQhIfP0c&google_hm=A5GDnkVhxUDMro3d5YOCITc

Protocol

Server

172.217.16.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

zrh04s06-in-f130.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 02 Mar 2022 00:15:03 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=r1&google_push=AYg5qPKIzYldzHv46l3QDgAP-CankrfBWKuYYcpi6hg551I1xX524o-zV27xW6VmIXGB_bypHqjJGfAPXJ2WTES6q_LkdQhIfP0c&google_hm=A5GDnkVhxUDMro3d5YOCITc
date: Wed, 02 Mar 2022 00:15:03 GMT
server: Tengine
p3p: CP="This is not a P3P policy! See https://www.rhythmone.com/p3p to learn why"
etag: RX91839e4561c540ccae8ddde583822137003
content-type: text/html

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 60D2
Redirect Chain

https://ups.analytics.yahoo.com/ups/58281/sync?redir=true&google_gid=CAESEJHsC2cbGb-iM_ugvUJzpjI&google_cver=1&google_push=AYg5qPJjM2fTSakEZ2-KLFwUolsGhrnSejx8-K0XRfns_LfHN2mWRv_PwPLb5AwnER7qVATUKM...
https://cm.g.doubleclick.net/pixel?google_nid=oath__display__app_eb_&google_hm=eS1Nd1N1UXNSRTJ1R2xzV3ZQX2RfUlZMQW96eHFmM1JpSn5B&google_push=AYg5qPJjM2fTSakEZ2-KLFwUolsGhrnSejx8-K0XRfns_LfHN2mWRv_Pw...

170 B
188 B

18ms
17ms

Image
image/png

172.217.16.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=oath__display__app_eb_&google_hm=eS1Nd1N1UXNSRTJ1R2xzV3ZQX2RfUlZMQW96eHFmM1JpSn5B&google_push=AYg5qPJjM2fTSakEZ2-KLFwUolsGhrnSejx8-K0XRfns_LfHN2mWRv_PwPLb5AwnER7qVATUKM8MhfMUxUfTTaN_pEvFQkFuiybjcg

Requested by

Host: 41930831e50f6c0a667ec604b453a08b.safeframe.googlesyndication.com
URL: https://41930831e50f6c0a667ec604b453a08b.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Server

172.217.16.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

zrh04s06-in-f130.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 02 Mar 2022 00:15:03 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=oath__display__app_eb_&google_hm=eS1Nd1N1UXNSRTJ1R2xzV3ZQX2RfUlZMQW96eHFmM1JpSn5B&google_push=AYg5qPJjM2fTSakEZ2-KLFwUolsGhrnSejx8-K0XRfns_LfHN2mWRv_PwPLb5AwnER7qVATUKM8MhfMUxUfTTaN_pEvFQkFuiybjcg
date: Wed, 02 Mar 2022 00:15:03 GMT
server: ATS/9.1.0.33
age: 0
content-length: 0
strict-transport-security: max-age=31536000
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame 60D2 0
12 B 17ms
15ms Image
text/html 172.217.16.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13IjOuR7ibk6vcxWegAXMmnaS4wKd4vbR7POZftYxfZjLG_TVU_YS_UKn6UODEyVhCN447kK3Q

Requested by

Host: 41930831e50f6c0a667ec604b453a08b.safeframe.googlesyndication.com
URL: https://41930831e50f6c0a667ec604b453a08b.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.16.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

zrh04s06-in-f130.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Wed, 02 Mar 2022 00:15:03 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H/1.1 200
OK viewability Show response
hal900022.redintelligence.net/ Frame D140 0
150 B 36ms
13ms Script
text/html 144.76.104.53
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal900022.redintelligence.net/viewability?s=31069800007113400710612011886022&a=eb91429b&vb=m
Requested by: Host: hal900022.redintelligence.net
URL: https://hal900022.redintelligence.net/request_content.php?s=31069800007113400710612011886022&a=07f82495
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 144.76.104.53 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.53.104.76.144.clients.your-server.de
Software: Apache /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hal900022.redintelligence.net/request_content.php?s=31069800007113400710612011886022&a=07f82495
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Date: Wed, 02 Mar 2022 00:15:03 GMT
Server: Apache
Connection: close
Content-Length: 0
Content-Type: text/html; charset=UTF-8

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 9F95 0
20 B 43ms
43ms Image
image/gif 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=225&t=2&li=gpt_2022022401&jk=197523846785933&bg=!LS6lLmrNAAYFuXAgBbk7ACkAdvg8Wt6HKfJBXrIFERepBe3VkKQGi6BsaBB7SAvW8hbgerNxC7wYiwIAAAEHUgAAAANoAQeZAvzO8En6Xz5ozZWdHD9i6jGDN1DJq86PnLNQ_g49U09ZA1wPgbKoRG1Q6D95Kk0ZT9I_PGz64DKDj2fGC_siGQ4Ap0HNv16VQtfYNVo8BH5yasqhJpJiAzXO-NUp_f9eJlWMrDKD6URkU_CwR1zqLrBiFSO0Mimol5Yko6Qob-m4tLx9Btv-CGJRDrOL8WM9e_8vV6RyZ2Spq0U4PduiKO-lm1OIXC2OTPHdF7EWXTO1zBhfzcLfPB8WMuCrFqS31TRx5wCfkA2c9kqy_TcvJz0U4UgiP-OJaR0c5pkf-yzWzsgG41nRaw46cGClDquTT-ThslXj-yUZfpTLSaF4qOrtxuy58OGATfNIGkVTYilYK-IV510K_RV7TZdZssfuD0ND2l7tBz4g3-UUZMXb9HNgP2xjYFyxNKSXARMqFZI9mO6J7et4Yh-fjNKZL9pBECtBDHtKUM-5XTpBVAx-iR1fYrueps-eqwPg9vDibdokIw6WRLw4MN9zWM0vG9KyM1pbvdAncfGrJTWZDfO31DynZnzrmM7MLeEp8UO7R5EOcyKGuIvgG1zx36ZxJp7hcqDdkxT6ncQamRMlhC8wJ9la_43smY8bXiYGEqhG9WRk2OlOJirwM1-Cs6Hco6MxotlLmoni2BJgZKI5HdqucoPXVyBBXnzITnquNQhv9F6muFvXbDiP9FiiovNGIayHRkyJuNfsOr7wq-R1L75cse0650vNv5ay-z_OVB3v6lcnetswdCxwvizYBB73sQ3p7eld208Mlg96uw_E9N0AKdBVjKVjNEzDNtka1osqmQn1pGhTsSXdDmiMz6FGnBQAnhyuOPQVoCNZoicEmqiyWLgRM9AgXapw-n0NXFdDHDKlJGxhOS6LmhEZAAEamSmMni5ZlD277lcmdMpyJ_yaD_uMCQs_OLMeXmelXGOdoxi1QjR4fPPBMWXpV7BIJnqpz0y6E0PIoryXfaYDl-Xx4Oow9hefU3iwpLNetD3H63POa_BlkXa4Zk-mKGQ83A

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 02 Mar 2022 00:15:03 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 0D69 0
20 B 42ms
41ms Image
image/gif 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=Bo46fBrceYq-9MtKtrATaoKyIBwAAAAA4AeAEAg&bg=!k5ClkNTNAAYFuXAgBbk7ACkAdvg8Wogz1YKXpMq05zapkvXTV_FdxK-j7Qj5ejyd_mxPSZOsSUGgUAIAAAIZUgAAAAJoAQeZAyk-S2aEepcSuyHY0arNpgXEcT2-DX6GDP2GBIYk2ZCpd84cwlgDlULSbZyqc0nw4VNNS7ct_Bx9dCvPtXKD7sCdWQ2FD0qYQ8SX4Tt5nOHAHkgiVz2bacf7RhvL8YWpS9Swgog_mU01lfwLnizzV-8_mBndkRRvdQ9ohxvz315fedusWwBpuHhF7g6-46eW21bNg0SUPgBLQe06jLIF4F3fbXjzoIzbjRd1LWVZA50FNlnKIIP2HTPP7P4qQlp-ZC470mkrxiLbL63q3j_XipJTvfjfhO9c2CocbcplxW2_r_OB9zKX-5Txpy1zCFFCDiiRyR07AqV9EJyvwyFnoI6B-Bz7QSsrDsKzibHgXVfoi0WJ8eSI3JXjuPqcO5cUQkcZmKgJEOXuE_a73QSYY2NoMtgpZ2_nesjTfrjq3a3B3IyW12-cfmHbBFoy8BKuNJlvWdrTF8VojGs3HSXSl4HptHNwvBspHg6te_xuQc9IOSdikWtkNiPfneQaOoFZSh86VN-T0k0m3vfQ5rNOJmbF2X6tBek5VUAg51NJj3JE-sfW7H46lvQ1IrOKjwQtZMTWp2cudMi2yQ0bkSaWtg-p8xsN4J-CdPez2nCofIdP2_ttFclmIoG_X9bX9hvz5CsxMi15KTHtoFVIw3iadL6P88sWV8g2rxr9egGusTJWDg_vauBO0uhFx4UUF3PETBhJlUIiJJS4Rs12GaBH9Mt5OyDCJEt3GapGgcGBWz94KusiwrNFyulqFXpgDPf6p122nD47LDFgfLzQ0oyvtOpfVOmv04-s7yvCcI_5sVbZZjZ5tIm862XHvzymEwUXWG0cjx1IJ5U9XF-jJQvrpVWb1MJdvCgO9R8qMVQTH1qDqa-yT3thU-DcAcblh9cJTH7FPiyhs6dvLfjUqCJWvCq5JFdmeQNblT4OEWlc-6EkNYKWXED0WF-MYQJLVCgtn5SepPOQ_Yt0Ou_-O-A6kdpSzbaC5GNvJpwB9Jgh_8xQcma0zSNnay7ef3gx6Wvz_s9wcV30NJV8K4nAXyZehOSyyxAdfFupL7pJKWYTbUWfnmx0BpSG7HEZMw

Requested by

Host: 41930831e50f6c0a667ec604b453a08b.safeframe.googlesyndication.com
URL: https://41930831e50f6c0a667ec604b453a08b.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 02 Mar 2022 00:15:03 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 collect Show response
d.clarity.ms/ 0
48 B 186ms
185ms XHR
text/plain 40.76.174.66
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://d.clarity.ms/collect
Requested by: Host: d.clarity.ms
URL: https://d.clarity.ms/s/0.6.32/clarity.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 40.76.174.66 Tappahannock, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: application/x-clarity-gzip
Referer: https://nets4.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

access-control-allow-origin: https://nets4.com
date: Wed, 02 Mar 2022 00:15:03 GMT
access-control-allow-credentials: true
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET
request-context: appId=cid-v1:238681e8-7d6b-453a-acb6-7dcad74f3111

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 95F2 0
20 B 46ms
46ms Image
image/gif 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=225&t=2&li=gpt_2022022401&jk=4382323256364540&bg=!ZGelZyPNAAYFuXAgBbk7ACkAdvg8WjeDvhs3eO_7D0jrekDoViVOEapCwTvQYOyP1luTQTCnB1sjFwIAAAIvUgAAAAJoAQeZAtHq_T7qC28Et-5w8sFpinW7VAaF60QHMwg0F7Jws4IHRQPs27CiBnVlh4ybkBrwmUYXXCiTtwpvIiKEOnfdzdKDZhbkWYIaMCuQx0eCryRu33-8uMc3bZdSWl1kciWa9c-cJLeheLzLGU8RGB2rSilc-iPVRwoYS7m3L6Lu6RfqPuBDnLwqJh9-f3h-ZBeYaGTe4jZChSPLN3TkVEMZsQNWp7UhvOF9Dfew3t0GDKM55YzKgrf8o4PvtCx0Dhaq-RQK8RfYNmX2j5RHPHKs5dTsaX55XBdVwSK0Ua6i0uBabe5noovxKx-fTo-3-iYmhYX5UU1FXQ6fmHXIoTStDHZF1_s2_rVMASMfLSmEKl_djX9PaXeiv-SmO4lmTigao46T5cSWU6fqdJc8vGoEsj05q3m3NYMMhJVxwFfuTeJoJ9lmF7F8XMnYBxx3F5L_xNf5ojDt_zlurVqj7633tXN3FWl1c1FygOvP4N50AjugJg8kyxsKNwebhRSuDAmurvrlg2E7t05izZmr9eCjJfTsa0hS0QeyX-dv-PJ83YyqGOZDGo-e8eBCoLpritvrPnPTNqExpL9xLH2J4MbYsqutFzGVuk7Yhd4GzYWmQewvfJWMRxgD3UHx391KTrU--q2XCI_bW_pGwONfYSMKnTRHfAaOfjlyMhQnuObm2Vl3vHIBVLYqWvMVX1TCaDUhclH84kQO_v3aWRFJxesdca6JaafkwwittVgYQwR1DGAGRst9ZzId67ku2zNBgJWtys0b-16_jjoIPsiXkDRPcyqD_ZNnCjQxL_FiWNZLnILafIz27VBMknNn9QtwOH-qzHNB-7ej1q5-RKFDskTC_Sl5P5Z7z1jiL1L9qGZmiQ79c_ieGSM-99WexiHaY-RhnWRsCLGh2H7T6tq4cPjcI1Xwtwr87Hv1qZ3-gWzvDZjr3c_I50nkSViMxdtRIat5h669

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 02 Mar 2022 00:15:04 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 4DE6 42 B
64 B 41ms
40ms Fetch
image/gif 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsv--I60JLyOauNlVONk0dgiI7o9tmt9_jKuoR_7cOtTqgYpw-DiyvQPeAGJQSYBBr-7IX0GbeGFKNS_z0oOa5KdPQ&sig=Cg0ArKJSzPjvXMN_JSzlEAE&cid=CAASF-RoFiwNxrYeSc9IgvATxhVM4SDKK0TQ&id=lidar2&mcvt=1000&p=939,1289,1189,1589&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20220228&bin=7&avms=nio&bs=0,0&mc=1&if=1&app=0&itpl=20&adk=2232668132&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0%3D&vs=4&r=v&rst=1646180102849&rpt=771&isd=0&lsd=0&met=mue&wmsd=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://5d1e409b7e761b3a6327b2b6b243a2fb.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 02 Mar 2022 00:15:04 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 /
track.adform.net/serving/unload/ Frame 4DE6 35 B
503 B 19ms
18ms Ping
image/gif 37.157.6.247
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://track.adform.net/serving/unload/?version=15&unload=667182604735155751@@45644900,8231170024563128139,100|1161|0|0|0|0|0|0|0||45|1|1|621eb706000b80a90a7792ea92069cd4_1|||1|0|0|Z1CuP_Tu2nS48M5tcwHHbaMS8Nd_ZWoTi65j5KIjfOb3FnfHeJG_iMkllzAqADQrA7z_uuw_WOM1|||11||0

Requested by

Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/bootstrap.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.6.247 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://5d1e409b7e761b3a6327b2b6b243a2fb.safeframe.googlesyndication.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Wed, 02 Mar 2022 00:15:04 GMT
server: nginx
access-control-max-age: 86400
access-control-allow-methods: GET, POST
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: https://5d1e409b7e761b3a6327b2b6b243a2fb.safeframe.googlesyndication.com
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
access-control-allow-headers: Content-Type, Cache-Control, Accept-Encoding, X-Requested-With
expires: -1

GET
H2 200 /
track.adform.net/Serving/Event/ Frame 4DE6 35 B
303 B 19ms
19ms Image
image/gif 37.157.6.247
ADFORM

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://track.adform.net/Serving/Event/?bn=45644900&event=178&time=2&baid=44787403&name=Viewable%20impressions&imprid=8231170024563128139&icid=667182604735155751&eData=5EKWOCwSXtjOcxJArU-3q0LefXOBh2p2YaJU2uM20NkcMaC-4zTmUAA057j9GXcc_6B5-tzDgG4au94oJsHc8Q2&rtbdata=jMNqeDmYZHhqJs8LPqZN7CEIWyH6MK7Vsys4F_k4Srcj5mLkIOMPnw6lzVbaIVSCz2H8BUGO2GN7YivtyqnHvJ4njTShSpQRJpSNbM-lEoX8L4auf8hiaSI6TCT45abKviLQ1T7f49UsVVTyv_CHqewB0V_IzYJrb_MopXzN9CsJYDSWPYEHD0_xMSCO6M6-ZyMC0bR8vGetMk5V5N9JdMyEZsIH1IEMTEqaPYYoJ2CU-dbjVktkYdLfs_VvKGNZWIjyVP-UU81kkIBdFMC2B7rd3-UFq8FHzE84L7myRcmuoXq5I2RfAVmVu0cmYLQFDch6SEXxZziBppdUcd6ImuFBboVeNKvP0&rtbwp=Yh63BgAKoAoHg4VQAAmSHeX38k_QPJokNi4sYg&rnd=692811884

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.6.247 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://5d1e409b7e761b3a6327b2b6b243a2fb.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 02 Mar 2022 00:15:04 GMT
server: nginx
strict-transport-security: max-age=31536000; includeSubDomains
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
content-type: image/gif
expires: -1

POST
H2 204 collect Show response
d.clarity.ms/ 0
48 B 92ms
91ms XHR
text/plain 40.76.174.66
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://d.clarity.ms/collect
Requested by: Host: d.clarity.ms
URL: https://d.clarity.ms/s/0.6.32/clarity.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 40.76.174.66 Tappahannock, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: application/x-clarity-gzip
Referer: https://nets4.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

access-control-allow-origin: https://nets4.com
date: Wed, 02 Mar 2022 00:15:06 GMT
access-control-allow-credentials: true
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET
request-context: appId=cid-v1:238681e8-7d6b-453a-acb6-7dcad74f3111

POST
H2 200 /
track.adform.net/serving/unload/ Frame 2324 35 B
503 B 19ms
18ms Ping
image/gif 37.157.6.247
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://track.adform.net/serving/unload/?version=15&unload=667182604735155751@@38516441,1536764570838013280,0|0|0|0|0|0|0|0|0||0|1|1|621eb705000ac247078385a3e80ce2a8_1|||1|0|0|XKlTAyn-q8JX7EYoWZQhUaMS8Nd_ZWoTtEjf4CFvMQWIx24dZlJtIckllzAqADQrA7z_uuw_WOM1|||11||0

Requested by

Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/bootstrap.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.6.247 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://16ef2bfb7fd529af9b454a60baa82224.safeframe.googlesyndication.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Wed, 02 Mar 2022 00:15:07 GMT
server: nginx
access-control-max-age: 86400
access-control-allow-methods: GET, POST
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: https://16ef2bfb7fd529af9b454a60baa82224.safeframe.googlesyndication.com
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
access-control-allow-headers: Content-Type, Cache-Control, Accept-Encoding, X-Requested-With
expires: -1

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/generate_204?lQbNAQ

Domain: google2waycm.netmng.com
URL: https://google2waycm.netmng.com/cm/?google_gid=CAESEBuM8dfmX-jHQ0gzqq-VzUE&google_cver=1&google_push=AYg5qPJm41FgujTMHcRgG6Lh_uzfrV3Cl8tPuM1BgXaj3sQ51WcuYxvPHcJLginxckWRZq9V5ewQ6jD2PwHZCVwmO0PbMSbmV3rq

Domain: cm.g.doubleclick.net
URL: https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_push=AYg5qPKeTMXyvqTskVtXU7-doGpV2n-5CYpCDHp1LeY0t8t9ZxiJib7bcNHS8wK78aHZrf3YXpeWJxTDtcCESfgr6QVPxp3Hv6FJ

Verdicts & Comments Add Verdict or Comment

66 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

43 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.nets4.com/	1970-01-20 18:47:32	Name: _ga Value: GA1.2.959488425.1646180100
.nets4.com/	1970-01-20 01:17:46	Name: _gid Value: GA1.2.1657247849.1646180100
.nets4.com/	1970-01-20 01:16:20	Name: _gat Value: 1
www.clarity.ms/	1970-01-20 10:01:56	Name: CLID Value: 6b0a92d250ee49209213d1a12df8224b.20220302.20230302
.c.bing.com/	1970-01-20 10:37:56	Name: SRM_B Value: 0551108247766BC6377D01D946DA6A88
.c.clarity.ms/	1969-12-31 23:59:59	Name: SM Value: C
.clarity.ms/	1970-01-20 10:37:56	Name: MUID Value: 0551108247766BC6377D01D946DA6A88
.c.clarity.ms/	1970-01-20 01:16:20	Name: ANONCHK Value: 0
.nets4.com/	1970-01-20 10:01:56	Name: _clck Value: xws0ix\|1\|ezf\|0
.nets4.com/	1970-01-20 01:17:46	Name: _clsk Value: c3r7sy\|1646180100907\|1\|1\|d.clarity.ms/collect
.nets4.com/	1970-01-20 01:16:21	Name: __cf_bm Value: 1.09DBZgBo4PUxz93_wIQKCAZwSR0HoVtMDfb.OD7r0-1646180101-0-ARxvXpq+ulp8vla3PZ9bhwKSz7oA0uDCHA4P2tm1xtfBdqPgyQAr9AEB3nyFqpcWm3qYPe6z+F9ERGYidn0X4LaOLpjamLTIs2XUM5DmycD/fGhwR8/BFThC8AWB1HOzLw==
.casalemedia.com/	1970-01-20 10:01:56	Name: CMID Value: Yh63BZGECoamCwQZMGVtTAAA
.casalemedia.com/	1970-01-20 03:25:56	Name: CMPS Value: 3239
.adnxs.com/	1970-01-20 03:25:56	Name: uuid2 Value: 4832844184703265578
.casalemedia.com/	1970-01-20 03:25:56	Name: CMPRO Value: 1185
.doubleclick.net/	1970-01-20 10:37:56	Name: IDE Value: AHWqTUmPut97LRi92X07wKNGyqFstsayXrh9DS8AwYCWS21FfPuuEVvZ6cNYUCA2f2Q
.nets4.com/	1970-01-20 10:37:56	Name: __gads Value: ID=8d6cbc1c2e195d62:T=1646180101:S=ALNI_Mbi_YfkpMToZ-NnOXe_ipbYmjRbTQ
.redintelligence.net/	1970-01-20 03:25:56	Name: 8lcfmzhxc8d6_uid Value: ed6501a144f0c0d1
.adform.net/	1970-01-20 02:00:54	Name: C Value: 1
.doubleclick.net/	1970-01-20 01:16:23	Name: DSID Value: NO_DATA
.awin1.com/	1969-12-31 23:59:59	Name: AWSESS Value: 429086:2519595
pb.media01.eu/	1969-12-31 23:59:59	Name: ASP.NET_SessionId Value: hxu4x2zsf5xcf3nalkv1oqjp
pb.media01.eu/	1970-01-20 18:48:58	Name: DTU Value: 52AF7AEC975BB2931926F548C730C844
.adform.net/	1970-01-20 02:42:44	Name: uid Value: 667182604735155751
.adform.net/	1970-01-20 01:26:24	Name: TPC Value: 1646180102705
.adnxs.com/	1970-01-20 03:25:56	Name: anj Value: dTM7k!M41.D>6NRF']wIg2HaOpRgKY!@wnfH8K6pQK`!5=E<L5?%M5aBZ-zb2'lJcw#/V7SKF>/[rtlBgPOC^9k#]%nugO%v4VB%nnv<=rnB
.casalemedia.com/	1970-01-20 10:01:56	Name: CMRUM3 Value: 2d621eb7072760CAESEOfp2Talr_hYa-xkwIV5Q5E
.casalemedia.com/	1970-01-20 01:17:46	Name: CMST Value: Yh63BmIetwcA
.advertising.com/	1970-01-20 10:03:22	Name: APID Value: UPce4a5822-99bd-11ec-8bf3-064ce793d06a
.onetag-sys.com/	1970-01-20 18:47:32	Name: OTP Value: NrdWBj-ZTTgCBVMjRp1PRU0wdKNwKJMp0eaYIYszj4k
.de17a.com/	1970-01-20 09:54:44	Name: guid2 Value: 1.3480156997929313147
.yahoo.com/	1970-01-20 10:02:17	Name: A3 Value: d=AQABBAe3HmICED0TpPlYZXvDv4CCA7KeoIYFEgEBAQEIIGIoYgAAAAAA_eMAAA&S=AQAAApsra33dvkk4ydYCilFZNvQ
.awin1.com/	1970-01-20 01:26:24	Name: awpv14098 Value: 296283\|1646180103\|ce67a390-99bd-11ec-931c-22627d215c9c
.3lift.com/	1970-01-20 03:25:56	Name: tluid Value: 490592097268881743888
.simpli.fi/	1970-01-20 10:03:22	Name: suid Value: D136C792BEC145DE8F2DB6DCDE8CA529
.retailads.net/	1970-01-20 01:59:32	Name: ppb2172 Value: 1244095258
.mathtag.com/	1970-01-20 10:42:15	Name: uuid Value: 3741621e-b707-4f00-9ec7-b5aea29ec900
.mathtag.com/	1970-01-20 01:59:32	Name: mt_mop Value: 4:1646180103
.everesttech.net/	1970-01-20 10:01:56	Name: everest_g_v2 Value: g_surferid~Yh63BwAJ6NMPnQAy
.futalis.de/	1970-01-20 02:42:44	Name: raSIDb Value: 1244095258
.analytics.yahoo.com/	1970-01-20 10:01:56	Name: IDSYNC Value: "18wq~23io:18yx~23io"
.1rx.io/	1970-01-20 10:01:56	Name: _rxuuid Value: %7B%22rx_uuid%22%3A%22RX-91839e45-61c5-40cc-ae8d-dde583822137-003%22%7D
.targeting.unrulymedia.com/	1970-01-20 10:01:56	Name: _rxuuid Value: %7B%22rx_uuid%22%3A%22RX-91839e45-61c5-40cc-ae8d-dde583822137-003%22%7D

2 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
other	warning	URL: https://cdn.ampproject.org/rtv/012202072236000/v0/amp-ad-exit-0.1.mjs Message: Unrecognized feature: 'attribution-reporting'.
network	error	URL: https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_push=AYg5qPKeTMXyvqTskVtXU7-doGpV2n-5CYpCDHp1LeY0t8t9ZxiJib7bcNHS8wK78aHZrf3YXpeWJxTDtcCESfgr6QVPxp3Hv6FJ Message: Failed to load resource: net::ERR_TOO_MANY_REDIRECTS

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

16ef2bfb7fd529af9b454a60baa82224.safeframe.googlesyndication.com
32c3efa6714cb2b02cf65da12bc75bcc.safeframe.googlesyndication.com
41930831e50f6c0a667ec604b453a08b.safeframe.googlesyndication.com
5994599.fls.doubleclick.net
5d1e409b7e761b3a6327b2b6b243a2fb.safeframe.googlesyndication.com
70b0ceb22da14a85eb434682fdac30c3.safeframe.googlesyndication.com
7ce4d47c5fc3eeb26be33dce2b4e0b6d.safeframe.googlesyndication.com
9d3db8ab1ff0389442585139645ed3bb.safeframe.googlesyndication.com
a.tile.openstreetmap.org
ad-server.eu
ad4m.at
adservice.google.com
adservice.google.de
analytics.webgains.io
api.purpleads.io
api.webgains.io
as.ad4m.at
assets.ad4m.at
b.tile.openstreetmap.org
c.bing.com
c.clarity.ms
c.tile.openstreetmap.org
c1.adform.net
cdn.ampproject.org
cdn.purpleads.io
cdn.retailads.net
cdnjs.cloudflare.com
cloudflareinsights.com
cm.g.doubleclick.net
d.clarity.ms
d5p.de17a.com
dsum-sec.casalemedia.com
eb2.3lift.com
fonts.googleapis.com
fonts.gstatic.com
futalis.de
google2waycm.netmng.com
googleads.g.doubleclick.net
hal9000.redintelligence.net
hal90002.redintelligence.net
hal900022.redintelligence.net
ib.adnxs.com
images.outbrainimg.com
img.nets4.com
log.outbrainimg.com
match.adsrvr.org
medialead.de
nets4.com
pagead2.googlesyndication.com
pb.media01.eu
pixel.advertising.com
pixel.everesttech.net
pixel.rubiconproject.com
pv.medialead.de
s0.2mdn.net
s0.nets4.com
s1.adform.net
securepubads.g.doubleclick.net
ssbsync.smartadserver.com
static.addtoany.com
static.cloudflareinsights.com
sync-tm.everesttech.net
sync.1rx.io
sync.mathtag.com
sync.targeting.unrulymedia.com
tpc.googlesyndication.com
track.adform.net
track.seadform.net
track.webgains.com
um.simpli.fi
ups.analytics.yahoo.com
www.awin1.com
www.clarity.ms
www.google-analytics.com
www.google.com
www.googletagservices.com
www.gstatic.com
cm.g.doubleclick.net
google2waycm.netmng.com
tpc.googlesyndication.com
104.92.94.3
108.138.7.59
13.225.73.126
138.201.63.150
142.250.185.130
144.76.104.53
145.239.193.130
151.101.194.49
159.122.14.34
172.217.16.130
18.156.0.31
18.196.142.162
185.29.134.248
185.86.137.107
2.18.232.28
2.21.141.232
213.155.156.167
213.19.147.44
216.58.212.134
2606:4700:10::6816:47c5
2606:4700:20::681a:ad1
2606:4700::6810:135e
2606:4700::6810:5e41
2606:4700::6810:5f41
2606:4700:e0::ac40:631d
2620:1ec:27::cafe:1784
2620:1ec:c11::200
2a00:1450:4001:803::2003
2a00:1450:4001:809::2002
2a00:1450:4001:80f::2002
2a00:1450:4001:810::2001
2a00:1450:4001:810::2004
2a00:1450:4001:810::2006
2a00:1450:4001:810::200e
2a00:1450:4001:811::2003
2a00:1450:4001:813::2001
2a00:1450:4001:827::2002
2a00:1450:4001:829::2002
2a00:1450:4001:82a::200a
2a00:1450:4001:82f::2001
2a00:1450:4001:82f::2002
2a01:4f8:d0a:2321::2
2a04:4e42:200::649
2a04:4e42:400::649
2a06:98c1:3121::7
34.227.128.233
37.157.2.248
37.157.4.29
37.157.6.245
37.157.6.247
37.252.173.22
40.76.174.66
46.236.13.147
46.4.10.47
49.12.16.151
52.142.114.2
52.215.248.120
52.223.40.198
52.30.107.253
54.76.176.197
64.202.112.95
69.173.144.138
76.223.111.18
88.198.250.30
94.23.99.218
016beddc8171c134f6e9dd133a73f7300a7edf1260a2331444af4198e86c0e13
0335465e1a4e82345f000f45a2c83e4166c38473b3a6f39a45b823212ed8cd73
0442de55e3838ce2b8cfca9a7ad2a6bcecfd94844453c13b38d7a9f1d31944b9
05dbd2c3a25e583fa2c9eb63d2ce48e5bbb5fca3c994bc5f2ec3b1939d4bbb20
05e2888e835d97fe6e4cfb256f62f47d5dccf6d9ac202ea9d82a6bc2b1716c1d
0602e5df255a6c569054343211b4fde9d51415092dd0e2f310e59363c3f8d4a6
06b9a4bd8c62293b0446da2e50a5926910c35a077be766dce2248c30b70773e6
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0bcac89d72d5f0b2bef20f815406384ff05489e4294acee57409060c2eccffc5
0e5ef1fc0bbc77d69291553ae8e2040ead97eb1946cbe1229bc97fe72940e913
12347956c15a319e227ed67861e6ffb5fa2c809bdaee276444d13f118d35514c
127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b
13c7ce8eb4433ee82ab08c5b401235d0c97a6dff3af0c288ee9a64d1afe964cb
142bf18b4ee8bed840353fbac14ab5e43ae0e96fea42877407eabd7a9a70f485
17a97981604a1fe56f8804e77655010e70cbfbbac2c66e03a303e876dfd72640
1bda1716fe1fa1faffa05aa35a11bd3e09e6457baf55a17dee0432f2d8e43d88
1e01a2164aa16305acff14391ade705f91a21b22e3260dbd1d84e06a97eb4da9
1e85ec81b9800b4c443d39caca0d0926089a3ac201120db1ceb45b93789480b8
1fd186c8aeddc4447f6bc4392ded7aafbb4aea1977b82f6611f2cff41f8c9dd1
21af66f64bb18b1159ee363a933d5630e27419c83915d4d5ef42d8154f3921da
2255ec4c3254a41b448889224b2cc5c32f8d6f8a6165d3c58aa6523f86c0957c
22d7e00449ca81f34b0926fe4573ec056a674d959ad42d7fa0ad680e90f27992
230f27646f2460a7e13106d06ec50cb822acf254ae08fba4058aa06ca57b9dab
23cc8f32949c8b6960b1a4ca216ccaff2db4b769f6565bef2ee1fa954e072029
2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8
25e574f9fa25bdd1e8f7f326963ed69b45538a9fa958a2aad71657af63885288
264f5c640339f042dd729062cfc04c17f8ea0f29882b538e3848ed8f10edb4da
2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df
2a9310b3d6d32551db700bc98a42958fa39766173e5c6d07585ac477e9d3e419
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363
2f170b0ebf7ff2c38ba2233093787b063a67ac1f50510ac70e8cde5772ce3ad4
3241f3656532de169a86f4cb2195882c17a1c8b2be8c3150c43dad6100422a53
32a5bada13f5b3f281f90d7d47eecfde4712568baaaa5fa9de23e57f0d421b00
332dd9d8872171a7ce122129c088ef587eb876ee04f178f5e62310dff3747514
33d0e6dc0882a521d240cc4a61c9d94aa69f1c2edaede2ec5a2750f6d28eadcb
34e388213f012ba29597411c042c5e5e0a98e68b7adc9f51a2cae545217b7c89
35ff8c11afe813b8068ffafdfa1f18f9e5c4f40947c04c0b09d4d3b9cbb17bea
36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1
3701cadc5fc84e8ad639f83a87e20d82575e3cc28d479d73a0e66e5230e71c65
372ddb86deaa3e11e5a4b1eec16924bcd6e6232bc8bab79338426b2faff7e7dd
383f95a75b02bb1370e93c9c3c6b9f060a98dbe492b16d8e1da3f653a800e435
38bf08369b9d72ce4d22d5b555e9e5ee2e7a5fab8980ba2787f47d89d55e2c99
3bdb799f2ddf50a8c2b4a9727bf1788314b694a4ddac9dda25d2b26c68a513fb
3ca6974abe3584eb2694b62d30b3fc691bbde4b8f2a62a4a45139a4abcc6dda8
3cc24413a065fbb078a96e2d2d85f6bcc9133e7c94592ab06a8d154ebc2f02c2
3d0bf782b47dcd079eedf6bb34ecb0742c114a4e4b90e37a58a412482101b475
3dcdff49c9e3cadadf9852af34e0f499ac94b23deb3513fa4e2b1b659f6de6b8
40ab2b56907ff44c4370185a254dbd2ea8fc2ac40e6ab6050b93b986a2b43867
40c12ad5776059bf3fecbf0aeb0b34d1a60581c878b7972bbf78d1d99d800497
410d34afaa7362fc45cfbf224937e199e4a2b3798ef64857e1d28d34b43788b5
421826ba172a54d9fd676a0a6ec9d635c3f2210aba81b270d1505c8c653ae4ff
42dd562fedf7d006deac2445cfe630125d8b9d4f3f3b2fa1dd9e4aeefd007b2f
43665d36a273a41d997a381c3c54b80b9f98151383ac4827513a89959cc1685f
493d1800254052115a3f4a130e8f354351a5854c8ef77d6c8425a715ac62f992
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
4fef239ebd936e96f316dee1aca599952e7adaaba26fab72b45328871855ac4b
5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f
516fadf20aefdc9565d38ff12fd35aa4262d20408dace2f5849cd191119496c0
530df2b45413cb4d92e2c98a4d09bcf4746dcd9ffd73ed84275ec7ff79e15f89
533e8ab00e73a9a61f550b956a872f9091fe48b79b4072d87bdb07348af7f4bc
5466ac2e631a44e5216356c31d5f7310d44241cbe22c75669dd30d10ed915020
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
56386db6fedf5475ff6ac57939cfaac58722f519fdce666cee7494b993c84e81
574c3a5cca85f4114085b6841596d62f00d7c892c7b03f28cbfa301deb1dc437
582e283baa4cce4006055beb2eb8fe257c1ec5ef573a40f173b880636089e8cd
587259314084a04755f0dfb2d0f0e9f07bdf03a575352e366e308d2e19cfc70a
592f9d97b8103ef58e9c0bbf1aaab0dff6c4d0f541e0ed97d2f0f72775c7c60b
5c3f921519dc59b601c93ad36a7e63c16442d8648b91deea9d2f184a5e42274b
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
68026f99511fbc5c2275b7068b5fac19797d638977ffb9db12c5c1523614c18f
683658fe704f37257dae36ab6c0ac85ccdb166afc84c9c8174d3fc383cc05bba
691d4bd7b9b31f9ab1b1837e7d956e0e3041ef63c1ee0edee8ca6208a4234efd
6ad584690f7fa3e788ea1df9a6a567211be5d9d627908e9339e84e99efe70126
6b71d2bd27010cbb01e505314423d9c903230bf4182019eb1ca8016bd2b624a0
6ed3a7345baa289cb3167c3f31c095ce59e28791dc69cf40f37c7c59159ddab4
704f6f54ae77cd5ea0a0bf47ebb70727a9bd76a311d7e54788ad3dc79b366739
722c5b95144aaf980dafacd36b1df0a3a0cff78962e8eee8f56e40c423f00b6f
79df09b7a101a202b799af57356766ec71ac38b9c6a8371306b1ef2bd403ad1c
7d7628a205cb2d3fbb20a6bd04e0a0c0631e143c2e6449b2eeaae4eccaa65d05
7e76375fd2fba555f67e920bd62b7f671177d0018df1514aaca56529b12b121a
7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b
80db18bfcded8aefdadd333d0a2cbf874b534e013071691218e6305835dc29a0
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
838152350fcd33b060dc6fb25467f18f8c9a6932f0f29349192f62deba3dee0f
87209f78fb2e2b1f42ee8f630e0f4bdd80078e4f96697fe284f6f5b617f1fdd4
88190fa2b17fe929cde14caa7eeaff2d0792c8b2fb6cc4bcd788056c1d465ff7
886fb18e9211c9b78fc389742c1583bdd5e13591f66ece3706b0db2f22eaf58d
8949569ed88e967b56f6d2ba91a91e54967054ccd6ad06d02e29cae94c701732
89567d8c6d40b4b724c621cd789d46041d7312ca07647afd0f8ce3939e3631cc
8bfce8943cce60c071a83295841bb82d92a73db4ce37230dddba2121b6cba91c
8c3320d07c6a15846cb81c02418f6ab46c5353aee8e73b913a250e75e1e14352
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0
8d88dc75e1792ba99b055eaf55f34ceb2145a32b47b4bc53e417f362194f10fd
8f52ae059ebd18fcb45ca5d2f81ab410ade2b54e096aa1284fd4b2b97bf3ddc9
918b7dc3e2e2d015c16ce08b57bcb64d2253bafc1707658f361e72865498e537
93ae7d494fad0fb30cbf3ae746a39c4bc7a0f8bbf87fbb587a3f3c01f3c5ce20
93b1f78578f169d4f472ecda3c79d72e81fa9e199bdb979d13139f5ddbe5a06d
9681c0a0a13d8581f202bfaf62e53563ea6d0d6bd8e542b35b6d7c09b0e7b41b
97522f5816591045f02c8969f5ae9f8207ae680fdb4e3f84a782201e5f3acf94
97efeda8567c33ed3cd7eb616868f1282f50e8ca9ec1ebe3ab632b0913dbdc26
9831d66db5c4588f8aca650b3a7776665e74bb11f51ba4a7f4260f9c789f95d9
985f2302220a754d88db894391711dbc1e9ff6727ee5ccacf94a5afbc65189e3
99464ceb71bc9bbdcc72275faefe44f98eb5cbb6b5d8ee665b87b35376f1a96e
996a28ccdeb58f9fdc3735580a3762a5b3f58bd9e695a7af52208c59437cccb9
99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12
9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062
9f18456354d4af5cb1b9a3c6bb626487928182a4b82d827e431c1b051766e375
9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120
a048e640908046be06e00eab37742b5d5ff80964af58cfd22f7cb2de4dfe375f
a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a4ab1974a4a21c80abc72e658637ec84112b9515dd1f1b99e31444f45f40a9df
a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb
aba920553f96e6cabc093fc495c6f421dcfa5578cda7c5edac78d5937d98a3a5
ac5997ad977a976202e7f71c01c2f4747d4fc55ab72f33ef89f0d4501b68da26
ae3fb4cec2d5745573835548b53585d0aed3cacc83b013b2a6098dfaad4d9c02
af42f8a986eefec222a68474cc9c9591028b07b082157631d810ecbbf4a652fe
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b42de0e11f46b96bfaa23d4c0a36b7255a4a8f826d75c84a826b4e8df91bbf2b
b4316435298c4566eafd73dfeaa7ea02dfe56fda6cab81d4e6fd420632d5a538
b5bf7d3c3fb273f048b80e7467c8974558b290460d6b0111f86481a5fb2a313a
b6ad33fafc6d5e7037365f37f7d39a6efd48b5de334f98aa2df7d551bedffc12
b7fb55cee3f07d021bbc1a8812f42e584f1c2fbd540f147dbeb7f3c4818f9fdd
b8a3ac1803da07434a3804286b1fc22907acb9d5aa8a96a4fbb0064538c4bb80
b941385c3fb719f98fad39e2948a71eb697418dc7cebb65c0031dd13f34e4f69
bb0146cf440b2cd6f888c83f1a7c8c8cb7a4a83935b102c57d8695c706945adb
bc616a4a40d659edc4180ae63f878c94c0d7e25539aa97ccdd4414d93db5ddc7
bc9a16cd945457ad9463cdaed95129b01c589466978dfee3d019d9c604b2171a
be28fbf138d5b4e52243ed8e013cdfa8f2fa2bcb0813557387b40234a7170ffd
bfd8562e18815515eb700f6ab9619eec667b930d59fd1bedef059299a47519fd
c124c88ca4fcb4336e97617647ef0d32441329371120c8eabaea0fea226560b0
c3bd0512b2a24a6d674001cee88036b62b8888d45478d15a68926f025876bd7c
c45a84e5e0ff6ed83afd426788be38a5cbc442dc6cce4631bfd5c22fdd1fc8df
c690d8b9e573fc5f3222a7b337c4201a88e96700853f6980bdca7d741dc3f95c
c6cd28b8f48cd9c890723dbd16c6847083e7c322af81fc3da91b9730ac576658
c6ce2b47cde7cf913a3c34ddce355fa9c75012577dd34c35928add8676cb7fa0
c837347a297c1a35852aa375392cc74950a2b868214e8b1909c4637b8b63ee24
c955e57777ec0d73639dca6748560d00aa5eb8e12f13ebb2ed9656add3908f97
ccf00d1923b0131a10e0c6d26f95e5dee6ebf8621a27e83c5a2f68a2e0093142
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
d12a71cd626ac8f0fc91e6f1b98280cfb49fd724f2dcc118d192adff9a0154b4
d31de97a34e2a5014fc743059225896532e91e3a7ef3194f1f5f0aff40654895
d38172c73e138d635d73d169885bb69aa395ce4bd213e5ae1ca2dfb3c7ddd60a
d3ef00ccf0d1329768a9546012c96ecb5ac031695b0418da9ae3297979ad60bb
d4648625a5fae7230decf8abcad29c8ebee03c7a1b2a96a855b59afa3d79c72f
d5cc8369b549989d9f50336f2c1bd2919f5da181c9ebf1201ec2e4fb5b271105
d64a0ebc851a15ff3eb26c9cdfeb424b000a3e3023aeae2054ffff899bff4c9e
d78ee501fd3af17e979356da8b12261e4647ea87c01df316a742de9deb090eda
d8968086f7509df34c3278563dab87399da4f9dcdfb419818e3a309eedc70b88
d8968c0861b532ad6e645450e6014be8e5370af89d55bb7dbb6ae77cf5901968
da9a284a37ec23c8122360f9c76ad375e3dc30412128eccd5bf7533c11018530
dda9998140361d519e0c91d7f749f0141e25f0fa38b2bb4437e5014e48d26acc
de8dc7b843352b7199cbd6162052d8ce7e9cd3122729df2173b3b8d2877c8453
df8838cda494b25aca2f21ef8f4d04fc61c6b9376bdba1530f2bb44f250d5586
e098b783735f3a261009f30db776db45d94eb837cfeaa32d718427a36d4d980d
e246cc0309f5e004a9b748b5de9dc08f3258919e63f1335424ed4989cb5ad5c4
e30f848c353b8ab801c18d2109527cb32a27f145262dccb3cd4db9f309cc53bb
e36b0c65a44ffabe387bae473005d98f216af7257881984fa7489a50afe08af3
e3ad8c90cec1318c90852dc018d75e7afadcb71c36508344fc1c133021007bb3
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e51c3ac8c961bc189c932f973561e713a6279e5fec069c8b68f74581259c4195
e65847bfc69dfc7d25348e3f903fd5cfdf54801ff94295837b615fedb2673503
e66f39bed45bb1608a2b36aaa3eb2c0b16a47ac056a851ae1d1a35d02c67ed5a
ea795a298e37c1cd48937e8d9b242162d213ebaa07c997769a6bfe4b4d8ec411
eb17a933f0977509c796b9055e3c140746326ecd3ec343dfa3614e8bdb1ac2f5
ed6afae24707300b5e7a62a5607656b00e8c05ea0dbea02fd583f167e009a58c
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f050f8b27c0cf777e2d58434d619208dfd72984f9e7a64eaa6b69bef378606af
f0759b40ed05e9e62aae0dceb2eb9b6387fb83c8c26822fcab9ec0c98d90d456
f0f382f3320ade05dd14f969ff7dd9d894c6a6571165ab6d7fcdade2f4836dfc
f56327f7cd1e3f48d5d94db9182009ed1f774f36384daa3655955c3d00b6784a
f6d032132eed5aa1a417456f07864c51fe631858b190224cf7d1a50116d15f48
f70751d4b3f5d5c9f208ea16e8cbcac3c6abf1bda80357da3fcd21dde4333449
f77c0d1739b618edc4a01ca3f6b2990b01a3009030af49ee8cf68e83052df194
f9b63eb55392ca4c7f285043c62b8fe54b74428e9f58b9a4abe050630436243e
fa3a529b5e712410bd0980baca01171b973e79b9a7b82c3dd571a3f932553954
fb45a061174a7fe730246c291473534dee8d6a9881b4adddceb63d94e4e0339c
fd0a1ac929c11b08e819fe4b0a18c5574012c44f09de8987c6be99a0f055a505
fde974ca085b62100b9ed63785cccea4175989b809690969950bb0ef71eb238c
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e
ff8eb962f2051da7da41e3d867cbf2dca3af04b319812b459f2707f89144bd7a

nets4.com Open in urlscan Pro 2a06:98c1:3121::7 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

351 Requests

91 %HTTPS

40 %IPv6

46 Domains

77 Subdomains

52 IPs

7 Countries

3859 kBTransfer

9180 kBSize

43 Cookies

15 Outgoing links

Redirected requests

351 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 6 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

nets4.com Open in urlscan Pro
2a06:98c1:3121::7 Public Scan

Screenshot
Live screenshot

Full Image

351
Requests

91 %
HTTPS

40 %
IPv6

46
Domains

77
Subdomains

52
IPs

7
Countries

3859 kB
Transfer

9180 kB
Size

43
Cookies

351 HTTP transactions
6 data transactions