graham-wjxt.zeustechnology.com Open in urlscan Pro
65.9.63.114 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://graham-wjxt.zeustechnology.com/
Submission: On May 18 via manual (May 18th 2022, 1:46:04 pm UTC) from US — Scanned from DE

Summary HTTP 192 Redirects Behaviour Indicators

Summary

This website contacted 37 IPs in 7 countries across 26 domains to perform 192 HTTP transactions. The main IP is 65.9.63.114, located in United States and belongs to AMAZON-02, US. The main domain is graham-wjxt.zeustechnology.com. The Cisco Umbrella rank of the primary domain is 351622.
TLS certificate: Issued by Amazon on April 15th 2022. Valid for: a year.

This is the only time graham-wjxt.zeustechnology.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
3	65.9.63.114 65.9.63.114	16509 (AMAZON-02) (AMAZON-02)
1	23.35.236.247 23.35.236.247	16625 (AKAMAI-AS) (AKAMAI-AS)
3	23.35.236.201 23.35.236.201	16625 (AKAMAI-AS) (AKAMAI-AS)
11	142.250.184.226 142.250.184.226	15169 (GOOGLE) (GOOGLE)
2	52.223.40.198 52.223.40.198	16509 (AMAZON-02) (AMAZON-02)
2	72.251.249.14 72.251.249.14	29791 (VOXEL-DOT...) (VOXEL-DOT-NET)
2	2a00:1288:80:... 2a00:1288:80:807::1	203220 (YAHOO-DEB) (YAHOO-DEB)
1	185.33.221.53 185.33.221.53	29990 (ASN-APPNEX) (ASN-APPNEX)
1	104.92.100.195 104.92.100.195	16625 (AKAMAI-AS) (AKAMAI-AS)
1	2602:803:c004... 2602:803:c004:200::141	26667 (RUBICONPR...) (RUBICONPROJECT)
1	192.82.242.209 192.82.242.209	62713 (AS-PUBMATIC) (AS-PUBMATIC)
1	2a00:1450:400... 2a00:1450:4001:831::2002	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:82f::2002	15169 (GOOGLE) (GOOGLE)
5	2a00:1450:400... 2a00:1450:4001:829::2001	15169 (GOOGLE) (GOOGLE)
1 2	37.157.2.238 37.157.2.238	198622 (ADFORM) (ADFORM)
2 2	151.101.66.49 151.101.66.49	54113 (FASTLY) (FASTLY)
3	185.64.190.80 185.64.190.80	62713 (AS-PUBMATIC) (AS-PUBMATIC)
2 3	52.215.3.215 52.215.3.215	16509 (AMAZON-02) (AMAZON-02)
7 9	142.250.185.130 142.250.185.130	15169 (GOOGLE) (GOOGLE)
2 2	103.229.206.240 103.229.206.240	30419 (MEDIAMATH...) (MEDIAMATH-INC)
1	35.244.174.68 35.244.174.68	15169 (GOOGLE) (GOOGLE)
3	198.47.127.20 198.47.127.20	3257 (GTT-BACKB...) (GTT-BACKBONE GTT)
2	185.64.189.110 185.64.189.110	62713 (AS-PUBMATIC) (AS-PUBMATIC)
1	169.50.137.182 169.50.137.182	36351 (SOFTLAYER) (SOFTLAYER)
1 1	2001:678:cb4:... 2001:678:cb4:bbbb::11	56396 (AMOBEE) (AMOBEE)
1	2a05:d018:d29... 2a05:d018:d29:3605:9b3d:59c:490d:6d21	16509 (AMAZON-02) (AMAZON-02)
1 1	18.156.0.31 18.156.0.31	16509 (AMAZON-02) (AMAZON-02)
10	2a00:1450:400... 2a00:1450:4001:827::2001	15169 (GOOGLE) (GOOGLE)
25	2a00:1450:400... 2a00:1450:4001:811::2001	15169 (GOOGLE) (GOOGLE)
2 8	2a00:1450:400... 2a00:1450:4001:801::2004	15169 (GOOGLE) (GOOGLE)
3	18.198.241.229 18.198.241.229	16509 (AMAZON-02) (AMAZON-02)
13	2a00:1288:80:... 2a00:1288:80:807::2	203220 (YAHOO-DEB) (YAHOO-DEB)
13	2a00:1450:400... 2a00:1450:4001:80f::2002	15169 (GOOGLE) (GOOGLE)
1	18.198.184.102 18.198.184.102	16509 (AMAZON-02) (AMAZON-02)
4	143.204.215.44 143.204.215.44	16509 (AMAZON-02) (AMAZON-02)
3	142.250.186.102 142.250.186.102	15169 (GOOGLE) (GOOGLE)
4	35.157.234.176 35.157.234.176	16509 (AMAZON-02) (AMAZON-02)
35	2a00:1450:400... 2a00:1450:4001:80e::2006	15169 (GOOGLE) (GOOGLE)
16	2a00:1450:400... 2a00:1450:4001:82a::2002	15169 (GOOGLE) (GOOGLE)
6	172.217.18.98 172.217.18.98	15169 (GOOGLE) (GOOGLE)
192	37

3 65.9.63.114 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-65-9-63-114.fra56.r.cloudfront.net

graham-wjxt.zeustechnology.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 23.35.236.247 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a23-35-236-247.deploy.static.akamaitechnologies.com

js-sec.indexww.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 23.35.236.201 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a23-35-236-201.deploy.static.akamaitechnologies.com

ads.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 142.250.184.226 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s12-in-f2.1e100.net

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.223.40.198 (United States)

ASN16509 (AMAZON-02, US)
PTR: a6370ebea231e0c9a.awsglobalaccelerator.com

match.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 72.251.249.14 (Amsterdam, Netherlands)

ASN29791 (VOXEL-DOT-NET, US)

ap.lijit.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1288:80:807::1 (United Kingdom)

ASN203220 (YAHOO-DEB, GB)

pubgw.ads.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.33.221.53 (Amsterdam, Netherlands)

ASN29990 (ASN-APPNEX, US)
PTR: 718.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.92.100.195 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a104-92-100-195.deploy.static.akamaitechnologies.com

htlb.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2602:803:c004:200::141 (Frankfurt am Main, Germany)

ASN26667 (RUBICONPROJECT, US)

fastlane.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 192.82.242.209 (United States)

ASN62713 (AS-PUBMATIC, US)

image6.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:831::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:82f::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:829::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

ee9fecf2ac2811dd91f15b66ab8d4687.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 37.157.2.238 (Denmark) 1 redirects

ASN198622 (ADFORM, DK)

c1.adform.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 151.101.66.49 (United States) 2 redirects

ASN54113 (FASTLY, US)

sync-tm.everesttech.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 185.64.190.80 (United Kingdom)

ASN62713 (AS-PUBMATIC, US)

simage2.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 52.215.3.215 (Dublin, Ireland) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-52-215-3-215.eu-west-1.compute.amazonaws.com

match.prod.bidr.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 142.250.185.130 (United States) 7 redirects

ASN15169 (GOOGLE, US)
PTR: fra16s50-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 103.229.206.240 (Singapore) 2 redirects

ASN30419 (MEDIAMATH-INC, US)

sync.mathtag.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.244.174.68 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 68.174.244.35.bc.googleusercontent.com

idsync.rlcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 198.47.127.20 (United States)

ASN3257 (GTT-BACKBONE GTT, US)

image4.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
simage4.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 185.64.189.110 (United Kingdom)

ASN62713 (AS-PUBMATIC, US)

image2.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 169.50.137.182 (United States)

ASN36351 (SOFTLAYER, US)
PTR: b6.89.32a9.ip4.static.sl-reverse.com

um.simpli.fi	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:678:cb4:bbbb::11 (United Kingdom) 1 redirects

ASN56396 (AMOBEE, GB)

ad.turn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a05:d018:d29:3605:9b3d:59c:490d:6d21 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)

pr-bh.ybp.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.156.0.31 (Frankfurt am Main, Germany) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-18-156-0-31.eu-central-1.compute.amazonaws.com

ups.analytics.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 2a00:1450:4001:827::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

cdn.ampproject.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

25 2a00:1450:4001:811::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2a00:1450:4001:801::2004 (Frankfurt am Main, Germany) 2 redirects

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 18.198.241.229 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-198-241-229.eu-central-1.compute.amazonaws.com

prod-m-node-3113.ssp.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

13 2a00:1288:80:807::2 (United Kingdom)

ASN203220 (YAHOO-DEB, GB)

pr.ybp.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cdn.js7k.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
s.yimg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
beap-bc.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

13 2a00:1450:4001:80f::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.198.184.102 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-198-184-102.eu-central-1.compute.amazonaws.com

ads.celtra.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 143.204.215.44 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-143-204-215-44.fra53.r.cloudfront.net

cache-ssl.celtra.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 142.250.186.102 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s06-in-f6.1e100.net

ad.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 35.157.234.176 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-35-157-234-176.eu-central-1.compute.amazonaws.com

track.celtra.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

35 2a00:1450:4001:80e::2006 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

s0.2mdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

16 2a00:1450:4001:82a::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 172.217.18.98 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s42-in-f2.1e100.net

googleads4.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
46	googlesyndication.com ee9fecf2ac2811dd91f15b66ab8d4687.safeframe.googlesyndication.com tpc.googlesyndication.com — Cisco Umbrella Rank: 130 pagead2.googlesyndication.com — Cisco Umbrella Rank: 95	358 KB
35	2mdn.net s0.2mdn.net — Cisco Umbrella Rank: 264	361 KB
29	doubleclick.net 7 redirects securepubads.g.doubleclick.net — Cisco Umbrella Rank: 187 cm.g.doubleclick.net — Cisco Umbrella Rank: 212 googleads.g.doubleclick.net — Cisco Umbrella Rank: 44 ad.doubleclick.net — Cisco Umbrella Rank: 202 googleads4.g.doubleclick.net — Cisco Umbrella Rank: 284	267 KB
13	googletagservices.com www.googletagservices.com — Cisco Umbrella Rank: 175	376 KB
12	pubmatic.com ads.pubmatic.com — Cisco Umbrella Rank: 439 image6.pubmatic.com — Cisco Umbrella Rank: 612 simage2.pubmatic.com — Cisco Umbrella Rank: 606 image4.pubmatic.com — Cisco Umbrella Rank: 875 image2.pubmatic.com — Cisco Umbrella Rank: 932 simage4.pubmatic.com — Cisco Umbrella Rank: 1170	29 KB
11	yahoo.com 1 redirects pubgw.ads.yahoo.com — Cisco Umbrella Rank: 12889 pr-bh.ybp.yahoo.com — Cisco Umbrella Rank: 485 ups.analytics.yahoo.com — Cisco Umbrella Rank: 297 prod-m-node-3113.ssp.yahoo.com — Cisco Umbrella Rank: 15355 pr.ybp.yahoo.com — Cisco Umbrella Rank: 900 beap-bc.yahoo.com — Cisco Umbrella Rank: 747	15 KB
10	ampproject.org cdn.ampproject.org — Cisco Umbrella Rank: 344	217 KB
9	celtra.com ads.celtra.com — Cisco Umbrella Rank: 3795 cache-ssl.celtra.com — Cisco Umbrella Rank: 4530 track.celtra.com — Cisco Umbrella Rank: 4343	133 KB
9	google.com 2 redirects adservice.google.com — Cisco Umbrella Rank: 74 www.google.com — Cisco Umbrella Rank: 7	1 KB
6	js7k.com cdn.js7k.com — Cisco Umbrella Rank: 852	91 KB
3	yimg.com s.yimg.com — Cisco Umbrella Rank: 413	2 KB
3	bidr.io 2 redirects match.prod.bidr.io — Cisco Umbrella Rank: 466	2 KB
3	zeustechnology.com graham-wjxt.zeustechnology.com — Cisco Umbrella Rank: 351622	83 KB
2	mathtag.com 2 redirects sync.mathtag.com — Cisco Umbrella Rank: 444	1 KB
2	everesttech.net 2 redirects sync-tm.everesttech.net — Cisco Umbrella Rank: 572	745 B
2	adform.net 1 redirects c1.adform.net — Cisco Umbrella Rank: 571	953 B
2	lijit.com ap.lijit.com — Cisco Umbrella Rank: 615	774 B
2	adsrvr.org match.adsrvr.org — Cisco Umbrella Rank: 338	665 B
1	turn.com 1 redirects ad.turn.com — Cisco Umbrella Rank: 755	518 B
1	simpli.fi um.simpli.fi — Cisco Umbrella Rank: 826	613 B
1	rlcdn.com idsync.rlcdn.com — Cisco Umbrella Rank: 330	98 B
1	google.de adservice.google.de — Cisco Umbrella Rank: 7678	792 B
1	rubiconproject.com fastlane.rubiconproject.com — Cisco Umbrella Rank: 471	2 KB
1	casalemedia.com htlb.casalemedia.com — Cisco Umbrella Rank: 477	362 B
1	adnxs.com ib.adnxs.com — Cisco Umbrella Rank: 240	8 KB
1	indexww.com js-sec.indexww.com — Cisco Umbrella Rank: 658	26 KB
192	26

	Domain	Requested by
35	s0.2mdn.net	graham-wjxt.zeustechnology.com s0.2mdn.net
25	tpc.googlesyndication.com	graham-wjxt.zeustechnology.com securepubads.g.doubleclick.net ee9fecf2ac2811dd91f15b66ab8d4687.safeframe.googlesyndication.com tpc.googlesyndication.com
16	pagead2.googlesyndication.com	ad.doubleclick.net tpc.googlesyndication.com graham-wjxt.zeustechnology.com ee9fecf2ac2811dd91f15b66ab8d4687.safeframe.googlesyndication.com securepubads.g.doubleclick.net www.googletagservices.com
13	www.googletagservices.com	ee9fecf2ac2811dd91f15b66ab8d4687.safeframe.googlesyndication.com pr.ybp.yahoo.com www.googletagservices.com s0.2mdn.net
11	securepubads.g.doubleclick.net	graham-wjxt.zeustechnology.com securepubads.g.doubleclick.net ee9fecf2ac2811dd91f15b66ab8d4687.safeframe.googlesyndication.com www.googletagservices.com
10	cdn.ampproject.org	securepubads.g.doubleclick.net
8	www.google.com	2 redirects graham-wjxt.zeustechnology.com ee9fecf2ac2811dd91f15b66ab8d4687.safeframe.googlesyndication.com tpc.googlesyndication.com
7	cm.g.doubleclick.net	7 redirects
6	googleads4.g.doubleclick.net	graham-wjxt.zeustechnology.com
6	cdn.js7k.com	graham-wjxt.zeustechnology.com pr.ybp.yahoo.com
5	ee9fecf2ac2811dd91f15b66ab8d4687.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
4	track.celtra.com	ee9fecf2ac2811dd91f15b66ab8d4687.safeframe.googlesyndication.com
4	cache-ssl.celtra.com	ads.celtra.com
3	ad.doubleclick.net	www.googletagservices.com
3	s.yimg.com	ee9fecf2ac2811dd91f15b66ab8d4687.safeframe.googlesyndication.com
3	pr.ybp.yahoo.com	graham-wjxt.zeustechnology.com
3	prod-m-node-3113.ssp.yahoo.com	graham-wjxt.zeustechnology.com
3	match.prod.bidr.io	2 redirects ads.pubmatic.com
3	simage2.pubmatic.com	ads.pubmatic.com
3	ads.pubmatic.com	graham-wjxt.zeustechnology.com ads.pubmatic.com
3	graham-wjxt.zeustechnology.com	graham-wjxt.zeustechnology.com
2	googleads.g.doubleclick.net	graham-wjxt.zeustechnology.com
2	image2.pubmatic.com	ads.pubmatic.com
2	image4.pubmatic.com	ads.pubmatic.com
2	sync.mathtag.com	2 redirects
2	sync-tm.everesttech.net	2 redirects
2	c1.adform.net	1 redirects ads.pubmatic.com
2	pubgw.ads.yahoo.com	graham-wjxt.zeustechnology.com
2	ap.lijit.com	graham-wjxt.zeustechnology.com
2	match.adsrvr.org	js-sec.indexww.com ads.pubmatic.com
1	beap-bc.yahoo.com	cdn.js7k.com
1	simage4.pubmatic.com	ads.pubmatic.com
1	ads.celtra.com	ee9fecf2ac2811dd91f15b66ab8d4687.safeframe.googlesyndication.com
1	ups.analytics.yahoo.com	1 redirects
1	pr-bh.ybp.yahoo.com	ads.pubmatic.com
1	ad.turn.com	1 redirects
1	um.simpli.fi	ads.pubmatic.com
1	idsync.rlcdn.com	ads.pubmatic.com
1	adservice.google.com	securepubads.g.doubleclick.net
1	adservice.google.de	securepubads.g.doubleclick.net
1	image6.pubmatic.com	ads.pubmatic.com
1	fastlane.rubiconproject.com	graham-wjxt.zeustechnology.com
1	htlb.casalemedia.com	graham-wjxt.zeustechnology.com
1	ib.adnxs.com	graham-wjxt.zeustechnology.com
1	js-sec.indexww.com	graham-wjxt.zeustechnology.com
192	45

This site contains no links.

Subject Issuer	Validity	Valid
*.zeustechnology.com Amazon	`2022-04-15` - `2023-05-14`	a year	crt.sh
san.casalemedia.com GeoTrust RSA CA 2018	`2021-12-12` - `2022-12-13`	a year	crt.sh
*.pubmatic.com DigiCert SHA2 Secure Server CA	`2022-02-04` - `2023-02-03`	a year	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2022-05-04` - `2022-07-27`	3 months	crt.sh
*.adsrvr.org GlobalSign GCC R3 DV TLS CA 2020	`2022-03-31` - `2023-05-02`	a year	crt.sh
*.lijit.com Go Daddy Secure Certificate Authority - G2	`2022-03-11` - `2023-04-12`	a year	crt.sh
ui.aps.ads.yahoo.com DigiCert SHA2 High Assurance Server CA	`2022-05-02` - `2022-06-22`	2 months	crt.sh
*.adnxs.com GeoTrust ECC CA 2018	`2022-02-11` - `2023-03-14`	a year	crt.sh
*.rubiconproject.com DigiCert TLS RSA SHA256 2020 CA1	`2022-03-08` - `2023-04-04`	a year	crt.sh
*.google.de GTS CA 1C3	`2022-05-04` - `2022-07-27`	3 months	crt.sh
*.google.com GTS CA 1C3	`2022-04-25` - `2022-07-18`	3 months	crt.sh
track.adform.net DigiCert TLS RSA SHA256 2020 CA1	`2021-09-06` - `2022-10-07`	a year	crt.sh
*.match.prod.bidr.io Amazon	`2022-01-27` - `2023-02-25`	a year	crt.sh
*.rlcdn.com Sectigo RSA Domain Validation Secure Server CA	`2022-02-03` - `2023-02-25`	a year	crt.sh
*.simpli.fi DigiCert TLS RSA SHA256 2020 CA1	`2021-10-27` - `2022-11-27`	a year	crt.sh
*.ybp.yahoo.com DigiCert SHA2 High Assurance Server CA	`2022-01-18` - `2022-07-13`	6 months	crt.sh
misc-sni.google.com GTS CA 1C3	`2022-05-04` - `2022-07-27`	3 months	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2022-04-25` - `2022-07-18`	3 months	crt.sh
www.google.com GTS CA 1C3	`2022-04-25` - `2022-07-18`	3 months	crt.sh
ssp.yahoo.com DigiCert SHA2 High Assurance Server CA	`2022-04-20` - `2022-07-20`	3 months	crt.sh
*.fantasysports.yahoo.com DigiCert SHA2 High Assurance Server CA	`2022-05-02` - `2022-06-22`	2 months	crt.sh
celtra.com Amazon	`2022-02-09` - `2023-03-10`	a year	crt.sh
*.doubleclick.net GTS CA 1C3	`2022-04-25` - `2022-07-18`	3 months	crt.sh

This page contains 22 frames:

Primary Page: https://graham-wjxt.zeustechnology.com/
Frame ID: FC8A1838ADDEEC7A4F46DD09272AF5ED
Requests: 20 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&SPug=true&p=160134&s=&predirect=&userIdMacro=&gdpr_consent=&gdpr=0&us_privacy=&
Frame ID: 9CF6FF6A206C2548195A0ECC4ED7A4D9
Requests: 13 HTTP requests in this frame

Frame: https://ee9fecf2ac2811dd91f15b66ab8d4687.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: A45E16702BF307B7C3374659C5269E68
Requests: 1 HTTP requests in this frame

Frame: https://c1.adform.net/serving/cookie/match?CC=1&party=14&cid=6690F3BD-439B-49CF-8730-FE9E5685864B
Frame ID: 747AAB32D436AF1475599962492E8E8B
Requests: 1 HTTP requests in this frame

Frame: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA=&piggybackCookie=YoT4lwACOygB7QAj&gdpr=0&gdpr_consent=&_test=YoT4lwACOygB7QAj
Frame ID: 7A107602B454799B7D9EB5B601DBE27D
Requests: 1 HTTP requests in this frame

Frame: https://match.prod.bidr.io/cookie-sync/adx?bee_sync_partners=sas%2Cpp%2Cpm&bee_sync_current_partner=adx&bee_sync_initiator=pm&bee_sync_hop_count=1
Frame ID: B207E5C4E77BCE2F21C4FBE6BF8B39CA
Requests: 1 HTTP requests in this frame

Frame: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD0xMjk2MDA==&piggybackCookie=uid:b4906284-f898-4d00-a433-307bf2263ce3&gdpr=0&gdpr_consent=
Frame ID: 643436CF107ACE5D9C76D0D878FB5AD4
Requests: 1 HTTP requests in this frame

Frame: https://cdn.ampproject.org/rtv/012204292129000/amp4ads-v0.mjs
Frame ID: 9D6BBFA4041102FF31C07BB73D8A2E7B
Requests: 13 HTTP requests in this frame

Frame: https://ee9fecf2ac2811dd91f15b66ab8d4687.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: B36167E7DEE465134E59C99E2EBE2835
Requests: 25 HTTP requests in this frame

Frame: https://cdn.ampproject.org/rtv/012204292129000/amp4ads-v0.mjs
Frame ID: F8ADAB3B33850CC2CA27786E94BAD61B
Requests: 12 HTTP requests in this frame

Frame: https://ee9fecf2ac2811dd91f15b66ab8d4687.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: 8947A9BAB8CA97BC7D60C9D5D53AEB34
Requests: 16 HTTP requests in this frame

Frame: https://ee9fecf2ac2811dd91f15b66ab8d4687.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: 0CF4082B0E3A40F7685F9442FC508393
Requests: 22 HTTP requests in this frame

Frame: https://ee9fecf2ac2811dd91f15b66ab8d4687.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: B1A7C34549384D6F281B6B18E1EE10CC
Requests: 22 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 8FF2D44116C53FBEC2127E29D63DB891
Requests: 3 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: E5DCD90A93E5CCAA6DD929245BED00D1
Requests: 3 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: A5B6EB24FFCA782A1B4B89158B176FB6
Requests: 3 HTTP requests in this frame

Frame: https://s0.2mdn.net/sadbundle/9921302201873989632/index.html
Frame ID: EA9FBD7EF7DE79FE41C106B81467045A
Requests: 11 HTTP requests in this frame

Frame: https://s0.2mdn.net/sadbundle/5497641467889319936/index.html
Frame ID: 0E78041E9771520D9D69879A0DE4E5A2
Requests: 11 HTTP requests in this frame

Frame: https://s0.2mdn.net/sadbundle/10835744032462733312/index.html
Frame ID: 1FE53A03CA3C73E47CD7709BB89344F6
Requests: 10 HTTP requests in this frame

Frame: https://cache-ssl.celtra.com/api/blobs/dd543083253758df176452bb45faa6b90ce5d21b16dabc109377c1e5d17d0a8d/100x120.jpg?transform=crush&quality=85
Frame ID: 5F45E1B8E33D23C65B61EA28F14002CD
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 53C777EE200E4A7737F9EF97EA7069EA
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: E017D99BDCA439CEAFA575AA26BAD4CE
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

graham-wjxt Test Index Page

Detected technologies

AppNexus (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.(?:net|com)

DoubleClick Ad Exchange (AdX) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

tpc\.googlesyndication\.com/safeframe

DoubleClick Campaign Manager (DCM) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

2mdn\.net

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/
2mdn\.net

Prebid (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.com/[^"]*(?:prebid|/pb\.js)

PubMatic (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.pubmatic\.com

Rubicon Project (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.rubiconproject\.com

Page Statistics

192
Requests

94 %
HTTPS

35 %
IPv6

26
Domains

45
Subdomains

37
IPs

7
Countries

1973 kB
Transfer

5388 kB
Size

28
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 21

https://c1.adform.net/serving/cookie/match?party=14&cid=6690F3BD-439B-49CF-8730-FE9E5685864B HTTP 302
https://c1.adform.net/serving/cookie/match?CC=1&party=14&cid=6690F3BD-439B-49CF-8730-FE9E5685864B

Request Chain 22

https://sync-tm.everesttech.net/upi/pid/b9pj45k4?redir=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA%3D%26piggybackCookie%3D%24%7BUSER_ID%7D%26gdpr%3D0%26gdpr_consent%3D HTTP 302
https://sync-tm.everesttech.net/ct/upi/pid/b9pj45k4?redir=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA%3D%26piggybackCookie%3D%24%7BUSER_ID%7D%26gdpr%3D0%26gdpr_consent%3D&_test=YoT4lwACOygB7QAj HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA=&piggybackCookie=YoT4lwACOygB7QAj&gdpr=0&gdpr_consent=&_test=YoT4lwACOygB7QAj

Request Chain 23

https://match.prod.bidr.io/cookie-sync/pm&gdpr=0&gdpr_consent= HTTP 303
https://match.prod.bidr.io/cookie-sync/pm&gdpr=0&gdpr_consent=?_bee_ppp=1 HTTP 303
https://cm.g.doubleclick.net/pixel?google_nid=beeswaxio&google_sc=&google_hm=QUFFVGpFN0ZDZkVBQUV3Z092Wjg5QQ&bee_sync_partners=sas%2Cpp%2Cpm&bee_sync_current_partner=adx&bee_sync_initiator=pm&bee_sync_hop_count=1 HTTP 302
https://match.prod.bidr.io/cookie-sync/adx?bee_sync_partners=sas%2Cpp%2Cpm&bee_sync_current_partner=adx&bee_sync_initiator=pm&bee_sync_hop_count=1

Request Chain 24

https://sync.mathtag.com/sync/img?mt_exid=3&gdpr=0&gdpr_consent=&redir=https%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD0xMjk2MDA%3D%3D%26piggybackCookie%3Duid%3A%5BMM_UUID%5D HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD0xMjk2MDA==&piggybackCookie=uid:b4906284-f898-4d00-a433-307bf2263ce3&gdpr=0&gdpr_consent=

Request Chain 25

https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=ZpDzvUObSc-HMP6eVoWGSw%3D%3D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=ZpDzvUObSc-HMP6eVoWGSw%3D%3D&google_tc= HTTP 302
https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156578&predirect=

Request Chain 27

https://sync.mathtag.com/sync/img?mt_exid=3&redir=https%3A%2F%2Fimage4.pubmatic.com%2FAdServer%2FSPug%3FpartnerID%3D27%26partnerUID%3D%5BMM_UUID%5D HTTP 302
https://image4.pubmatic.com/AdServer/SPug?partnerID=27&partnerUID=44886284-f898-4700-b64c-eb3ee08253b8

Request Chain 28

https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_hm=NjY5MEYzQkQtNDM5Qi00OUNGLTg3MzAtRkU5RTU2ODU4NjRC&gdpr=0&gdpr_consent= HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_hm=NjY5MEYzQkQtNDM5Qi00OUNGLTg3MzAtRkU5RTU2ODU4NjRC&gdpr=0&gdpr_consent=&google_tc= HTTP 302
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjImdGw9MTI5NjAw&gdpr=0&gdpr_consent=

Request Chain 29

https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_cm&google_sc&gdpr=0&gdpr_consent= HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_cm=&google_sc=&gdpr=0&gdpr_consent=&google_tc= HTTP 302
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTIxNzcmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=CAESEFGe5nPuwJYSB-VxOSaaf3Q&google_cver=1

Request Chain 31

https://ad.turn.com/r/cs?pid=1&gdpr=0&gdpr_consent= HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9ODImdGw9MTU3NjgwMCZkcF9pZD0yMg==&piggybackCookie=3200693521187788429&gdpr=0&gdpr_consent=&us_privacy=

Request Chain 34

https://ups.analytics.yahoo.com/ups/58292/sync?_origin=1&uid=6690F3BD-439B-49CF-8730-FE9E5685864B&redir=true&gdpr=0&gdpr_consent= HTTP 302
https://image4.pubmatic.com/AdServer/SPug?partnerID=156078&xid=y-INEmDRJE2uWlSyCuFIhL.qfmbImayeY-~A&gdpr=0&gdpr_consent=

Request Chain 90

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Request Chain 91

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

192 HTTP transactions
5 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request / Show response
graham-wjxt.zeustechnology.com/ 6 KB
2 KB 542ms
449ms Document
text/html 65.9.63.114
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://graham-wjxt.zeustechnology.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.63.114 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-65-9-63-114.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 77127ee6b7169577d071cc806cc157598e7d86b1d4d99835d6c69558aa02808c

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: max-age=600,s-maxage=3600
content-encoding: br
content-type: text/html
date: Wed, 18 May 2022 13:45:58 GMT
etag: W/"8c4377f2727b00878ef67c11b4730999"
last-modified: Wed, 11 May 2022 18:31:18 GMT
server: AmazonS3
vary: Accept-Encoding
via: 1.1 47a7b8b932d91b0edbfc42f1ba94ebc0.cloudfront.net (CloudFront)
x-amz-cf-id: GfeaA2OYIFPcihX1Vf-56eTayM_3LmHuf4ADzo5D5xTMvnwA53cvtQ==
x-amz-cf-pop: FRA56-C1
x-amz-version-id: IAE4YimOSf3gMahI8CLOlyX37_xwCAQL
x-cache: Miss from cloudfront

GET
H2 200 main.js Show response
graham-wjxt.zeustechnology.com/ 236 KB
59 KB 38ms
38ms Script
application/javascript 65.9.63.114
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://graham-wjxt.zeustechnology.com/main.js
Requested by: Host: graham-wjxt.zeustechnology.com
URL: https://graham-wjxt.zeustechnology.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.63.114 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-65-9-63-114.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 6f66aa6c35591e7d118e0e786fbac0c102d4453e87b4820ab3c65e5130212b6c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://graham-wjxt.zeustechnology.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

x-amz-version-id: Q3V7zMTBdAz2v19j_lXghivJsNahI4j9
content-encoding: gzip
last-modified: Wed, 11 May 2022 18:31:18 GMT
server: AmazonS3
age: 576
etag: W/"284738e2fa664229e2a6f1274d1e6f09"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
via: 1.1 47a7b8b932d91b0edbfc42f1ba94ebc0.cloudfront.net (CloudFront)
cache-control: max-age=600,s-maxage=3600
date: Wed, 18 May 2022 13:40:01 GMT
x-amz-cf-pop: FRA56-C1
x-amz-cf-id: dRJfihKvwsx7qpNj0euORVWFWzu1GwAKMvKiavAOhh-QFQnSNQdgrQ==

GET
H/1.1 200
OK 192789-135758754412126.js Show response
js-sec.indexww.com/ht/p/ 85 KB
26 KB 156ms
44ms Script
text/javascript 23.35.236.247
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://js-sec.indexww.com/ht/p/192789-135758754412126.js
Requested by: Host: graham-wjxt.zeustechnology.com
URL: https://graham-wjxt.zeustechnology.com/main.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.35.236.247 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-35-236-247.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 035a862ce3d6630dd76876ef5ed7b94d8d24b352317e462faf4e3142dd51b8d0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://graham-wjxt.zeustechnology.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

Date: Wed, 18 May 2022 13:45:58 GMT
Content-Encoding: gzip
Last-Modified: Wed, 18 May 2022 12:51:53 GMT
Server: Apache
ETag: "da4e65-15466-5df48b8bb9941"
Vary: Accept-Encoding
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=569
Connection: keep-alive
Accept-Ranges: bytes
Content-Type: text/javascript
Content-Length: 26345
Expires: Wed, 18 May 2022 13:55:27 GMT

GET
H2 200 userSync.js Show response
ads.pubmatic.com/AdServer/js/ 7 KB
3 KB 541ms
40ms Script
text/javascript 23.35.236.201
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.pubmatic.com/AdServer/js/userSync.js
Requested by: Host: graham-wjxt.zeustechnology.com
URL: https://graham-wjxt.zeustechnology.com/main.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.35.236.201 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-35-236-201.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 5a49ffdeec0e61058ab6cdd783275b84a2c27a7a26b95a644f7764a78b510a7a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://graham-wjxt.zeustechnology.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Wed, 18 May 2022 13:45:58 GMT
content-encoding: gzip
last-modified: Tue, 15 Jun 2021 06:08:14 GMT
server: Apache/2.2.15 (CentOS)
etag: "1300709-1af3-5c4c7cca9e573"
vary: Accept-Encoding
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
cache-control: public, max-age=92531
accept-ranges: bytes
content-type: text/javascript
content-length: 2267
expires: Thu, 19 May 2022 15:28:09 GMT

GET
H2 200 iris-main.js Show response
graham-wjxt.zeustechnology.com/iris/ 71 KB
22 KB 496ms
495ms Script
application/javascript 65.9.63.114
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://graham-wjxt.zeustechnology.com/iris/iris-main.js
Requested by: Host: graham-wjxt.zeustechnology.com
URL: https://graham-wjxt.zeustechnology.com/main.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.63.114 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-65-9-63-114.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 4cd9dc48f529174f1c5240d963a4a4f3c7e48d9d4908607e02daecfbf1b6f050

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://graham-wjxt.zeustechnology.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Wed, 18 May 2022 13:45:59 GMT
content-encoding: br
last-modified: Wed, 14 Jul 2021 16:43:06 GMT
server: AmazonS3
x-amz-cf-pop: FRA56-C1
etag: W/"d7ffba33d9d2044804420cfe39ec5215"
vary: Accept-Encoding
x-cache: Miss from cloudfront
x-amz-version-id: lwwA3AK6gd3JuGMfu7K.pK4yC8QmDjh.
via: 1.1 47a7b8b932d91b0edbfc42f1ba94ebc0.cloudfront.net (CloudFront)
cache-control: max-age=60,s-maxage=60
content-type: application/javascript
x-amz-cf-id: EywRh1USINjzR7ZQDE0vr_AHuJDUZkqkloGmQ-b7jRXy6fMPkUTr4w==

GET
H2 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ 83 KB
29 KB 140ms
55ms Script
text/javascript 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: graham-wjxt.zeustechnology.com
URL: https://graham-wjxt.zeustechnology.com/main.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

sffe /

Resource Hash

bf385a98378addd8dc168cb8dc765b81c6e7ef4c536c185078178eb7d731f096

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://graham-wjxt.zeustechnology.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Wed, 18 May 2022 13:45:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 29143
x-xss-protection: 0
server: sffe
etag: "1218 / 105 of 1000 / last-modified: 1652871935"
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Wed, 18 May 2022 13:45:58 GMT

GET
H2 200 pubads_impl_2022051701.js Show response
securepubads.g.doubleclick.net/gpt/ 366 KB
124 KB 39ms
38ms Script
text/javascript 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022051701.js?cb=31067666

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

sffe /

Resource Hash

3bd4eb2ece0fe98f279a14bb2b61ecbbcd501a598b50f1f8b211f76ecd420996

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://graham-wjxt.zeustechnology.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Wed, 18 May 2022 10:03:17 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 13361
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 127273
x-xss-protection: 0
last-modified: Tue, 17 May 2022 08:34:42 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Thu, 18 May 2023 10:03:17 GMT

GET
H3 200 ppub_config Show response
securepubads.g.doubleclick.net/pagead/ 52 B
91 B 126ms
49ms XHR
application/json 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/ppub_config?ippd=graham-wjxt.zeustechnology.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

cafe /

Resource Hash

e9fbcdf651a938d0c3ddfe6a72dc73cb13473ef40fc9783d7f470981324b2294

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://graham-wjxt.zeustechnology.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 18 May 2022 13:45:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private, max-age=3600, stale-while-revalidate=3600
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 66
x-xss-protection: 0
expires: Wed, 18 May 2022 13:45:58 GMT

GET
H2 200 rid Show response
match.adsrvr.org/track/ 63 B
401 B 173ms
54ms XHR
application/json 52.223.40.198
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://match.adsrvr.org/track/rid?ttd_pid=casale&fmt=json&p=192789
Requested by: Host: js-sec.indexww.com
URL: https://js-sec.indexww.com/ht/p/192789-135758754412126.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.223.40.198 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a6370ebea231e0c9a.awsglobalaccelerator.com
Software: /
Resource Hash: 6caa6be73cd9d8eecd46bf67b7f52a2192184e0f91618bdd297ab64e8346cdd0

Request headers

Referer: https://graham-wjxt.zeustechnology.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8

Response headers

date: Wed, 18 May 2022 13:45:58 GMT
x-aspnet-version: 4.0.30319
vary: Origin
content-type: application/json; charset=utf-8
access-control-allow-origin: https://graham-wjxt.zeustechnology.com
cache-control: private
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Content-Length, Content-Encoding, Vary, Cache-Control, Accept
content-length: 63
expires: Fri, 17 Jun 2022 13:45:58 GMT

OPTIONS
H/1.1 200
OK bid
ap.lijit.com/rtb/ Frame 0
0 139ms
41ms Preflight
text/plain 72.251.249.14
VOXEL-DOT-NET

General

Check archive.org

Show headers Download Go to

Full URL: https://ap.lijit.com/rtb/bid
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 72.251.249.14 Amsterdam, Netherlands, ASN29791 (VOXEL-DOT-NET, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://graham-wjxt.zeustechnology.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: X-Requested-With, Content-Type
Access-Control-Allow-Methods: GET, POST, DELETE, PUT
Access-Control-Allow-Origin: https://graham-wjxt.zeustechnology.com
Allow: HEAD,POST,GET,OPTIONS
Content-Length: 24
Content-Type: text/plain
Date: Wed, 18 May 2022 13:45:58 GMT
X-Sovrn-Pod: ad_ap1ams1

OPTIONS
H2 200 zeus
pubgw.ads.yahoo.com/bid/sra/ Frame 0
0 136ms
41ms Preflight 2a00:1288:80:807::1
YAHOO-DEB

General

Check archive.org

Show headers Download Go to

Full URL

https://pubgw.ads.yahoo.com/bid/sra/zeus

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1288:80:807::1 , United Kingdom, ASN203220 (YAHOO-DEB, GB),

Reverse DNS

Software

ATS /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept: */*
Access-Control-Request-Headers: content-type,x-openrtb-version
Access-Control-Request-Method: POST
Origin: https://graham-wjxt.zeustechnology.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: x-openrtb-version,Content-Type
access-control-allow-methods: OPTIONS,POST
access-control-allow-origin: https://graham-wjxt.zeustechnology.com
access-control-max-age: 600
age: 0
content-length: 0
date: Wed, 18 May 2022 13:45:58 GMT
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
referrer-policy: no-referrer-when-downgrade
server: ATS
strict-transport-security: max-age=15552000
vary: Origin,Access-Control-Request-Method,Access-Control-Request-Headers
x-content-type-options: nosniff
x-envoy-upstream-service-time: 0
x-request-id: 263dd6bd-a0a9-4d8e-83c2-ac98b55407d3
x-xss-protection: 1; mode=block

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ 23 KB
8 KB 551ms
446ms XHR
application/json 185.33.221.53
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: graham-wjxt.zeustechnology.com
URL: https://graham-wjxt.zeustechnology.com/main.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.221.53 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

718.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

4884e66b76e22283727befb2bafb182cf38dd29edc2cff43b69cae76669f6a47

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://graham-wjxt.zeustechnology.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
content-type: text/plain;charset=UTF-8

Response headers

Date: Wed, 18 May 2022 13:45:59 GMT
Content-Encoding: gzip
Transfer-Encoding: chunked
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Connection: keep-alive
X-Proxy-Origin: 80.255.7.100; 80.255.7.100; 718.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net; adnxs.com
X-XSS-Protection: 0
Pragma: no-cache
AN-X-Request-Uuid: c3e5bf0b-058d-44ad-a39e-f8aa381d58f8
Server: nginx/1.21.3
Vary: Accept-Encoding
Content-Type: application/json; charset=utf-8
Access-Control-Allow-Origin: https://graham-wjxt.zeustechnology.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 cygnus Show response
htlb.casalemedia.com/ 58 B
362 B 297ms
174ms XHR
application/json 104.92.100.195
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://htlb.casalemedia.com/cygnus?ac=j&s=661808&v=7.2&sd=1&r=%7B%22id%22%3A%229af9121b-8d60-4610-87bb-e2563dc6fa35%22%2C%22imp%22%3A%5B%7B%22id%22%3A%2282640eb6e15db99d%22%2C%22banner%22%3A%7B%22topframe%22%3A1%2C%22format%22%3A%5B%7B%22w%22%3A728%2C%22h%22%3A90%2C%22ext%22%3A%7B%22siteID%22%3A%22661821%22%7D%7D%5D%2C%22ext%22%3A%7B%22gpid%22%3A%2215466288%2Fzeus_AUTO_INCREASE1%22%7D%7D%7D%2C%7B%22id%22%3A%226f6885621e14ff2f%22%2C%22banner%22%3A%7B%22topframe%22%3A1%2C%22format%22%3A%5B%7B%22w%22%3A300%2C%22h%22%3A600%2C%22ext%22%3A%7B%22siteID%22%3A%22661822%22%7D%7D%2C%7B%22w%22%3A300%2C%22h%22%3A250%2C%22ext%22%3A%7B%22siteID%22%3A%22661822%22%7D%7D%5D%2C%22ext%22%3A%7B%22gpid%22%3A%2215466288%2Fzeus_DISPLAY1%22%7D%7D%7D%2C%7B%22id%22%3A%22a05e2fc570b7d1e3%22%2C%22banner%22%3A%7B%22topframe%22%3A1%2C%22format%22%3A%5B%7B%22w%22%3A300%2C%22h%22%3A600%2C%22ext%22%3A%7B%22siteID%22%3A%22661822%22%7D%7D%2C%7B%22w%22%3A300%2C%22h%22%3A250%2C%22ext%22%3A%7B%22siteID%22%3A%22661822%22%7D%7D%5D%2C%22ext%22%3A%7B%22gpid%22%3A%2215466288%2Fzeus_DISPLAY1%22%7D%7D%7D%2C%7B%22id%22%3A%22d9bf2420bf60e636%22%2C%22banner%22%3A%7B%22topframe%22%3A1%2C%22format%22%3A%5B%7B%22w%22%3A728%2C%22h%22%3A90%2C%22ext%22%3A%7B%22siteID%22%3A%22661823%22%7D%7D%2C%7B%22w%22%3A970%2C%22h%22%3A250%2C%22ext%22%3A%7B%22siteID%22%3A%22661823%22%7D%7D%2C%7B%22w%22%3A970%2C%22h%22%3A90%2C%22ext%22%3A%7B%22siteID%22%3A%22661823%22%7D%7D%2C%7B%22w%22%3A1000%2C%22h%22%3A300%2C%22ext%22%3A%7B%22siteID%22%3A%22661823%22%7D%7D%2C%7B%22w%22%3A1000%2C%22h%22%3A40%2C%22ext%22%3A%7B%22siteID%22%3A%22661823%22%7D%7D%5D%2C%22ext%22%3A%7B%22gpid%22%3A%2215466288%2Fzeus_LEADER_BOARD1%22%7D%7D%7D%2C%7B%22id%22%3A%2290d9ad28c182efcd%22%2C%22banner%22%3A%7B%22topframe%22%3A1%2C%22format%22%3A%5B%7B%22w%22%3A728%2C%22h%22%3A90%2C%22ext%22%3A%7B%22siteID%22%3A%22661823%22%7D%7D%2C%7B%22w%22%3A970%2C%22h%22%3A250%2C%22ext%22%3A%7B%22siteID%22%3A%22661823%22%7D%7D%2C%7B%22w%22%3A970%2C%22h%22%3A90%2C%22ext%22%3A%7B%22siteID%22%3A%22661823%22%7D%7D%2C%7B%22w%22%3A1000%2C%22h%22%3A300%2C%22ext%22%3A%7B%22siteID%22%3A%22661823%22%7D%7D%2C%7B%22w%22%3A1000%2C%22h%22%3A40%2C%22ext%22%3A%7B%22siteID%22%3A%22661823%22%7D%7D%5D%2C%22ext%22%3A%7B%22gpid%22%3A%2215466288%2Fzeus_LEADER_BOARD1%22%7D%7D%7D%2C%7B%22id%22%3A%225bee8d15ffd28df7%22%2C%22banner%22%3A%7B%22topframe%22%3A1%2C%22format%22%3A%5B%7B%22w%22%3A728%2C%22h%22%3A90%2C%22ext%22%3A%7B%22siteID%22%3A%22661823%22%7D%7D%2C%7B%22w%22%3A970%2C%22h%22%3A250%2C%22ext%22%3A%7B%22siteID%22%3A%22661823%22%7D%7D%2C%7B%22w%22%3A970%2C%22h%22%3A90%2C%22ext%22%3A%7B%22siteID%22%3A%22661823%22%7D%7D%2C%7B%22w%22%3A1000%2C%22h%22%3A300%2C%22ext%22%3A%7B%22siteID%22%3A%22661823%22%7D%7D%2C%7B%22w%22%3A1000%2C%22h%22%3A40%2C%22ext%22%3A%7B%22siteID%22%3A%22661823%22%7D%7D%5D%2C%22ext%22%3A%7B%22gpid%22%3A%2215466288%2Fzeus_LEADER_BOARD1%22%7D%7D%7D%2C%7B%22id%22%3A%222dec647a88cc37d6%22%2C%22banner%22%3A%7B%22topframe%22%3A1%2C%22format%22%3A%5B%7B%22w%22%3A728%2C%22h%22%3A90%2C%22ext%22%3A%7B%22siteID%22%3A%22661823%22%7D%7D%2C%7B%22w%22%3A970%2C%22h%22%3A250%2C%22ext%22%3A%7B%22siteID%22%3A%22661823%22%7D%7D%2C%7B%22w%22%3A970%2C%22h%22%3A90%2C%22ext%22%3A%7B%22siteID%22%3A%22661823%22%7D%7D%2C%7B%22w%22%3A1000%2C%22h%22%3A300%2C%22ext%22%3A%7B%22siteID%22%3A%22661823%22%7D%7D%2C%7B%22w%22%3A1000%2C%22h%22%3A40%2C%22ext%22%3A%7B%22siteID%22%3A%22661823%22%7D%7D%5D%2C%22ext%22%3A%7B%22gpid%22%3A%2215466288%2Fzeus_LEADER_BOARD1%22%7D%7D%7D%2C%7B%22id%22%3A%2246eb4a0635c81fd5%22%2C%22banner%22%3A%7B%22topframe%22%3A1%2C%22format%22%3A%5B%7B%22w%22%3A728%2C%22h%22%3A90%2C%22ext%22%3A%7B%22siteID%22%3A%22661823%22%7D%7D%2C%7B%22w%22%3A970%2C%22h%22%3A250%2C%22ext%22%3A%7B%22siteID%22%3A%22661823%22%7D%7D%2C%7B%22w%22%3A970%2C%22h%22%3A90%2C%22ext%22%3A%7B%22siteID%22%3A%22661823%22%7D%7D%2C%7B%22w%22%3A1000%2C%22h%22%3A300%2C%22ext%22%3A%7B%22siteID%22%3A%22661823%22%7D%7D%2C%7B%22w%22%3A1000%2C%22h%22%3A40%2C%22ext%22%3A%7B%22siteID%22%3A%22661823%22%7D%7D%5D%2C%22ext%22%3A%7B%22gpid%22%3A%2215466288%2Fzeus_LEADER_BOARD1%22%7D%7D%7D%5D%2C%22site%22%3A%7B%22page%22%3A%22https%3A%2F%2Fgraham-wjxt.zeustechnology.com%2F%22%2C%22ref%22%3A%22%22%7D%2C%22user%22%3A%7B%22eids%22%3A%5B%7B%7D%5D%7D%7D
Requested by: Host: graham-wjxt.zeustechnology.com
URL: https://graham-wjxt.zeustechnology.com/main.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 104.92.100.195 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-92-100-195.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 2b7ecfa16b35e4b6e585a4d2b267825e82da4cd4be5e6cdafe4c414c846368d5

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://graham-wjxt.zeustechnology.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 18 May 2022 13:45:58 GMT
x-ak-initial-geo: CC:[DE], RC:[BY], CN:[EU], CIP:[80.255.7.100], XFF:[]
server: Apache
content-type: application/json
access-control-allow-origin: https://graham-wjxt.zeustechnology.com
x-cs-client-geo: 12
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: true
content-length: 58
x-ak-client-geo: 12
expires: Wed, 18 May 2022 13:45:58 GMT

GET
H/1.1 200
OK fastlane.json Show response
fastlane.rubiconproject.com/a/api/ 507 B
2 KB 198ms
81ms XHR
application/json 2602:803:c004:200::141
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=16482&site_id=349420&tk_flint=custom&slots=3&size_id=2%3B15%3B2&alt_size_ids=%3B10%3B55%2C57%2C113&zone_id=1856174%3B1856172%3B1856170&rp_floor=0.01&p_gpid=15466288%2Fzeus_AUTO_INCREASE1%3B15466288%2Fzeus_DISPLAY1%3B15466288%2Fzeus_LEADER_BOARD1
Requested by: Host: graham-wjxt.zeustechnology.com
URL: https://graham-wjxt.zeustechnology.com/main.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_CBC
Server: 2602:803:c004:200::141 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: nginx/1.21.4 /
Resource Hash: 242808ea5594a45faf87265162b5d5dec28306f4a76af7294556c27f05ec7820

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://graham-wjxt.zeustechnology.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 18 May 2022 13:45:58 GMT
Server: nginx/1.21.4
Vary: Accept-Encoding
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: https://graham-wjxt.zeustechnology.com
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json
Content-Length: 507
Expires: Wed, 17 Sep 1975 21:32:10 GMT

POST
H/1.1 200
OK bid Show response
ap.lijit.com/rtb/ 115 B
774 B 235ms
157ms XHR
application/json 72.251.249.14
VOXEL-DOT-NET

General

Check archive.org

Show headers Download Go to

Full URL: https://ap.lijit.com/rtb/bid
Requested by: Host: graham-wjxt.zeustechnology.com
URL: https://graham-wjxt.zeustechnology.com/main.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 72.251.249.14 Amsterdam, Netherlands, ASN29791 (VOXEL-DOT-NET, US),
Reverse DNS
Software: /
Resource Hash: 4e16eccc11b3062d8dff542a1d2180c10e67e0dc29a4639abe96b058ebaf0811

Request headers

Referer: https://graham-wjxt.zeustechnology.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
content-type: application/json

Response headers

Date: Wed, 18 May 2022 13:45:58 GMT
Content-Encoding: gzip
Vary: Accept-Encoding, User-Agent
Access-Control-Allow-Methods: GET, POST, DELETE, PUT
Content-Type: application/json
Access-Control-Allow-Origin: https://graham-wjxt.zeustechnology.com
Access-Control-Allow-Credentials: true
X-Sovrn-Pod: ad_ap1ams1
Access-Control-Allow-Headers: X-Requested-With, Content-Type
Content-Length: 111

POST
H2 204 zeus Show response
pubgw.ads.yahoo.com/bid/sra/ 0
662 B 301ms
226ms XHR
text/plain 2a00:1288:80:807::1
YAHOO-DEB

General

Check archive.org

Show headers Download Go to

Full URL

https://pubgw.ads.yahoo.com/bid/sra/zeus

Requested by

Host: graham-wjxt.zeustechnology.com
URL: https://graham-wjxt.zeustechnology.com/main.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1288:80:807::1 , United Kingdom, ASN203220 (YAHOO-DEB, GB),

Reverse DNS

Software

ATS /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://graham-wjxt.zeustechnology.com/
x-openrtb-version: 2.5
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
Content-Type: application/json

Response headers

date: Wed, 18 May 2022 13:45:58 GMT
x-content-type-options: nosniff
age: 0
x-envoy-upstream-service-time: 185
strict-transport-security: max-age=15552000
vary: Origin,Access-Control-Request-Method,Access-Control-Request-Headers
x-xss-protection: 1; mode=block
x-request-id: 1e67ded4-1ff6-4e50-ae53-a7991df380e5
referrer-policy: no-referrer-when-downgrade
server: ATS
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
access-control-max-age: 600
access-control-allow-methods: OPTIONS,POST
access-control-allow-origin: https://graham-wjxt.zeustechnology.com
access-control-allow-credentials: true
access-control-allow-headers: x-openrtb-version,Content-Type

GET
H2 200 user_sync.html Show response
ads.pubmatic.com/AdServer/js/ Frame 9CF6 15 KB
6 KB 40ms
39ms Document
text/html 23.35.236.201
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&SPug=true&p=160134&s=&predirect=&userIdMacro=&gdpr_consent=&gdpr=0&us_privacy=&
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/userSync.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.35.236.201 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-35-236-201.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: ec24ec80719b83e32448bd568739a6b7c36f96cc746c3003a9d32a1ef4535152

Request headers

Referer: https://graham-wjxt.zeustechnology.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
cache-control: max-age=101188
content-encoding: gzip
content-length: 5549
content-type: text/html; charset=UTF-8
date: Wed, 18 May 2022 13:45:58 GMT
etag: "1300708-3de4-5d6ef246ef4cf"
expires: Thu, 19 May 2022 17:52:26 GMT
last-modified: Tue, 01 Feb 2022 06:38:00 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server: Apache/2.2.15 (CentOS)
vary: Accept-Encoding

GET
H2 200 PugMaster Show response
image6.pubmatic.com/AdServer/ Frame 9CF6 2 KB
3 KB 554ms
182ms Script
text/html 192.82.242.209
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://image6.pubmatic.com/AdServer/PugMaster?sec=1&async=1&kdntuid=1&rnd=29761520&p=160134&s=0&a=0&ptask=ALL&np=0&fp=0&rp=0&mpc=0&spug=1&coppa=0&gdpr=0&gdpr_consent=&us_privacy=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&SPug=true&p=160134&s=&predirect=&userIdMacro=&gdpr_consent=&gdpr=0&us_privacy=&
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 192.82.242.209 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: /
Resource Hash: b5de29bcba25545696a935537693e17fa5ce921281867af459ec7387b5265c47

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Wed, 18 May 2022 13:45:58 GMT
content-type: text/html; charset=UTF-8
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

GET
H2 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
792 B 151ms
45ms Script
application/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=graham-wjxt.zeustechnology.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022051701.js?cb=31067666

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://graham-wjxt.zeustechnology.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 18 May 2022 13:45:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
549 B 154ms
50ms Script
application/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=graham-wjxt.zeustechnology.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022051701.js?cb=31067666

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://graham-wjxt.zeustechnology.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 18 May 2022 13:45:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 183 KB
32 KB 406ms
406ms XHR
text/plain 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=1671799181567607&correlator=2086753227938215&eid=31067666&output=ldjh&gdfp_req=1&vrg=2022051701&ptt=17&impl=fifs&iu_parts=15466288%2CWJXT%2CWEB%2CTOP_STORIES&enc_prev_ius=0%2F1%2F2%2F3%2C0%2F1%2F2%2F3%2C0%2F1%2F2%2F3%2C0%2F1%2F2%2F3%2C0%2F1%2F2%2F3%2C0%2F1%2F2%2F3&prev_iu_szs=320x50%7C728x90%2C320x50%7C300x600%7C300x250%2C320x50%7C728x90%7C970x250%7C970x90%7C1000x300%7C1000x40%2C1x1%2C320x50%7C300x600%7C300x250%2C320x50%7C728x90&fluid=height%2Cheight%2Cheight%2C0%2Cheight%2Cheight&ifi=1&adks=1890678921%2C622255232%2C4063884295%2C2483972560%2C957652000%2C226606345&sfv=1-0-38&ecs=20220518&fsapi=false&prev_scp=zeus_rendercount%3D1%26zeus_slot%3Dzeus_AUTO_INCREASE1.init.dsk%26zeus_appnexus%3D0%26zeus_auctionid_appnexus%3D00e1b9c214208924%7Czeus_rendercount%3D1%26zeus_slot%3Dzeus_DISPLAY1.init.dsk%7Czeus_rendercount%3D1%26zeus_slot%3Dzeus_LEADER_BOARD1.init.dsk%26zeus_appnexus%3D1%26zeus_auctionid_appnexus%3D0256c79c06506d58%7Czeus_rendercount%3D1%26zeus_slot%3Dzeus_PIXEL.init.dsk%7Czeus_rendercount%3D1%26zeus_slot%3Dzeus_PREMIUM1.init.dsk%7Czeus_rendercount%3D1%26zeus_slot%3Dzeus_PREMIUM_BANNER1.init.dsk&eri=1&cust_params=zeus%3Dapplied%26zeus_15466288%3Dgraham-wjxt.zeustechnology.com%26url%3Dhttp%253A%252F%252Fwww.my-site.com%252F%26pl%3Dhomepage%26foo%3Dbar&sc=1&cookie_enabled=1&abxe=1&dt=1652881559119&lmt=1652293878&dlt=1652881558077&idt=446&biw=1600&bih=1200&adxs=800%2C800%2C800%2C800%2C800%2C800&adys=348%2C417%2C487%2C1157%2C1227%2C1297&ucis=1%7C2%7C3%7C4%7C5%7C6&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&nvt=1&url=https%3A%2F%2Fgraham-wjxt.zeustechnology.com%2F&frm=20&vis=1&scr_x=0&scr_y=0&psz=1544x69%7C1544x69%7C1544x69%7C1544x69%7C1544x69%7C1544x69&msz=1x0%7C1x0%7C1x0%7C1x0%7C1x0%7C1x0&fws=0%2C0%2C0%2C0%2C0%2C0&ohw=0%2C0%2C0%2C0%2C0%2C0&ga_vid=2004204733.1652881559&ga_sid=1652881559&ga_hid=133795404&ga_fc=false&btvi=0%7C0%7C0%7C0%7C1%7C2&topics=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022051701.js?cb=31067666

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

cafe /

Resource Hash

3dfebf35b2f3a4ba4000addc2c1d1495a3f3da602e47cc51a5175ab7dedabeb8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://graham-wjxt.zeustechnology.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Wed, 18 May 2022 13:45:59 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: 109201,109511,-2,109201,109511,109201
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 32426
x-xss-protection: 0
google-lineitem-id: -1,-1,-1,6016424820,-1,-1
pragma: no-cache
server: cafe
google-mediationtag-id: 576502
google-creative-id: -1,-1,-1,138391954221,-1,-1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://graham-wjxt.zeustechnology.com
access-control-expose-headers: x-google-amp-ad-validated-version
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html Show response
ee9fecf2ac2811dd91f15b66ab8d4687.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame A45E 6 KB
4 KB 183ms
45ms Document
text/html 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ee9fecf2ac2811dd91f15b66ab8d4687.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022051701.js?cb=31067666

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://graham-wjxt.zeustechnology.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, immutable, max-age=31536000
content-encoding: gzip
content-length: 3108
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Wed, 18 May 2022 13:45:59 GMT
expires: Thu, 18 May 2023 13:45:59 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2

200

match Show response
c1.adform.net/serving/cookie/ Frame 747A
Redirect Chain

https://c1.adform.net/serving/cookie/match?party=14&cid=6690F3BD-439B-49CF-8730-FE9E5685864B
https://c1.adform.net/serving/cookie/match?CC=1&party=14&cid=6690F3BD-439B-49CF-8730-FE9E5685864B

35 B
469 B

49ms
48ms

Document
image/gif

37.157.2.238
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://c1.adform.net/serving/cookie/match?CC=1&party=14&cid=6690F3BD-439B-49CF-8730-FE9E5685864B

Requested by

Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&SPug=true&p=160134&s=&predirect=&userIdMacro=&gdpr_consent=&gdpr=0&us_privacy=&

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.2.238 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://ads.pubmatic.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
access-control-allow-methods: GET
access-control-allow-origin: *
access-control-max-age: 86400
cache-control: no-cache, no-store, must-revalidate, no-transform
content-type: image/gif
date: Wed, 18 May 2022 13:45:59 GMT
expires: -1
pragma: no-cache
server: nginx
strict-transport-security: max-age=31536000; includeSubDomains

Redirect headers

access-control-allow-credentials: true
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
access-control-allow-methods: GET
access-control-allow-origin: *
access-control-max-age: 86400
cache-control: no-cache, no-store, must-revalidate, no-transform
content-length: 0
date: Wed, 18 May 2022 13:45:59 GMT
expires: -1
location: https://c1.adform.net/serving/cookie/match?CC=1&party=14&cid=6690F3BD-439B-49CF-8730-FE9E5685864B
pragma: no-cache
server: nginx
strict-transport-security: max-age=31536000; includeSubDomains

GET
H2

200

Pug Show response
simage2.pubmatic.com/AdServer/ Frame 7A10
Redirect Chain

https://sync-tm.everesttech.net/upi/pid/b9pj45k4?redir=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA%3D%26piggybackCookie%3D%24%7BUSER_ID%7D%...
https://sync-tm.everesttech.net/ct/upi/pid/b9pj45k4?redir=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA%3D%26piggybackCookie%3D%24%7BUSER_ID%...
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA=&piggybackCookie=YoT4lwACOygB7QAj&gdpr=0&gdpr_consent=&_test=YoT4lwACOygB7QAj

1 B
221 B

267ms
46ms

Document
text/html

185.64.190.80
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA=&piggybackCookie=YoT4lwACOygB7QAj&gdpr=0&gdpr_consent=&_test=YoT4lwACOygB7QAj
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&SPug=true&p=160134&s=&predirect=&userIdMacro=&gdpr_consent=&gdpr=0&us_privacy=&
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: 36a9e7f1c95b82ffb99743e0c5c4ce95d83c9a430aac59f84ef3cbfab6145068

Request headers

Referer: https://ads.pubmatic.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: no-store, no-cache, private
content-length: 1
content-type: text/html; charset=utf-8
date: Wed, 18 May 2022 13:45:59 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server: nginx

Redirect headers

accept-ranges: bytes
cache-control: no-cache
content-length: 0
date: Wed, 18 May 2022 13:45:59 GMT
location: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA=&piggybackCookie=YoT4lwACOygB7QAj&gdpr=0&gdpr_consent=&_test=YoT4lwACOygB7QAj
pragma: no-cache
retry-after: 0
server: Varnish
via: 1.1 varnish
x-cache: HIT
x-cache-hits: 0
x-served-by: cache-hhn4023-HHN
x-timer: S1652881560.630733,VS0,VE0

GET
H/1.1

200
OK

adx Show response
match.prod.bidr.io/cookie-sync/ Frame B207
Redirect Chain

https://match.prod.bidr.io/cookie-sync/pm&gdpr=0&gdpr_consent=
https://match.prod.bidr.io/cookie-sync/pm&gdpr=0&gdpr_consent=?_bee_ppp=1
https://cm.g.doubleclick.net/pixel?google_nid=beeswaxio&google_sc=&google_hm=QUFFVGpFN0ZDZkVBQUV3Z092Wjg5QQ&bee_sync_partners=sas%2Cpp%2Cpm&bee_sync_current_partner=adx&bee_sync_initiator=pm&bee_sy...
https://match.prod.bidr.io/cookie-sync/adx?bee_sync_partners=sas%2Cpp%2Cpm&bee_sync_current_partner=adx&bee_sync_initiator=pm&bee_sync_hop_count=1

43 B
430 B

58ms
58ms

Document
image/gif

52.215.3.215
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://match.prod.bidr.io/cookie-sync/adx?bee_sync_partners=sas%2Cpp%2Cpm&bee_sync_current_partner=adx&bee_sync_initiator=pm&bee_sync_hop_count=1

Requested by

Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&SPug=true&p=160134&s=&predirect=&userIdMacro=&gdpr_consent=&gdpr=0&us_privacy=&

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.215.3.215 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-215-3-215.eu-west-1.compute.amazonaws.com

Software

nginx /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000; includeSubDomains

Request headers

Referer: https://ads.pubmatic.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Connection: keep-alive
Content-Length: 43
Date: Wed, 18 May 2022 13:45:59 GMT
Server: nginx
cache-control: no-cache, must-revalidate
content-type: image/gif
expires: Fri, 01 Jan 1990 00:00:00 GMT
p3p: CP="This is not a P3P policy! See https://beeswax.com/privacy for more info."
pragma: no-cache
strict-transport-security: max-age=2592000; includeSubDomains

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: no-cache, must-revalidate
content-length: 355
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 18 May 2022 13:45:59 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
location: https://match.prod.bidr.io/cookie-sync/adx?bee_sync_partners=sas%2Cpp%2Cpm&bee_sync_current_partner=adx&bee_sync_initiator=pm&bee_sync_hop_count=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma: no-cache
server: HTTP server (unknown)
x-xss-protection: 0

GET
H2

200

Pug Show response
simage2.pubmatic.com/AdServer/ Frame 6434
Redirect Chain

https://sync.mathtag.com/sync/img?mt_exid=3&gdpr=0&gdpr_consent=&redir=https%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD0xMjk2MDA%3D%3D%26piggybackCookie%...
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD0xMjk2MDA==&piggybackCookie=uid:b4906284-f898-4d00-a433-307bf2263ce3&gdpr=0&gdpr_consent=

42 B
423 B

47ms
46ms

Document
image/gif

185.64.190.80
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD0xMjk2MDA==&piggybackCookie=uid:b4906284-f898-4d00-a433-307bf2263ce3&gdpr=0&gdpr_consent=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&SPug=true&p=160134&s=&predirect=&userIdMacro=&gdpr_consent=&gdpr=0&us_privacy=&
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: 1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002

Request headers

Referer: https://ads.pubmatic.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: no-store, no-cache, private
content-length: 42
content-type: image/gif; charset=utf-8
date: Wed, 18 May 2022 13:46:00 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server: nginx

Redirect headers

Access-Control-Allow-Origin: *
Cache-Control: no-cache
Connection: keep-alive
Content-Length: 0
Content-Type: image/gif
Date: Wed, 18 May 2022 13:46:00 GMT
Expires: Wed, 18 May 2022 13:45:59 GMT
Keep-Alive: timeout=360
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Server: MT3 4409 ba5503e master hkg-pixel-x11 config:1.0.0
location: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD0xMjk2MDA==&piggybackCookie=uid:b4906284-f898-4d00-a433-307bf2263ce3&gdpr=0&gdpr_consent=

GET
H2

200

user_sync.html
ads.pubmatic.com/AdServer/js/ Frame 9CF6
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=ZpDzvUObSc-HMP6eVoWGSw%3D%3D
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=ZpDzvUObSc-HMP6eVoWGSw%3D%3D&google_tc=
https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156578&predirect=

15 KB
15 KB

38ms
38ms

Image
text/html

23.35.236.201
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156578&predirect=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&SPug=true&p=160134&s=&predirect=&userIdMacro=&gdpr_consent=&gdpr=0&us_privacy=&
Protocol: H2
Server: 23.35.236.201 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-35-236-201.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Wed, 18 May 2022 13:45:59 GMT
content-encoding: gzip
last-modified: Tue, 01 Feb 2022 06:38:00 GMT
server: Apache/2.2.15 (CentOS)
etag: "1300708-3de4-5d6ef246ef4cf"
vary: Accept-Encoding
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
cache-control: max-age=101187
accept-ranges: bytes
content-type: text/html; charset=UTF-8
content-length: 5549
expires: Thu, 19 May 2022 17:52:26 GMT

Redirect headers

pragma: no-cache
date: Wed, 18 May 2022 13:45:59 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156578&predirect=
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 272
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 451 420486.gif
idsync.rlcdn.com/ Frame 9CF6 0
98 B 148ms
46ms Image
text/plain 35.244.174.68
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://idsync.rlcdn.com/420486.gif?partner_uid=6690F3BD-439B-49CF-8730-FE9E5685864B
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&SPug=true&p=160134&s=&predirect=&userIdMacro=&gdpr_consent=&gdpr=0&us_privacy=&
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.174.68 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 68.174.244.35.bc.googleusercontent.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Wed, 18 May 2022 13:45:59 GMT
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H2

200

SPug
image4.pubmatic.com/AdServer/ Frame 9CF6
Redirect Chain

https://sync.mathtag.com/sync/img?mt_exid=3&redir=https%3A%2F%2Fimage4.pubmatic.com%2FAdServer%2FSPug%3FpartnerID%3D27%26partnerUID%3D%5BMM_UUID%5D
https://image4.pubmatic.com/AdServer/SPug?partnerID=27&partnerUID=44886284-f898-4700-b64c-eb3ee08253b8

0
252 B

43ms
42ms

Image
text/plain

198.47.127.20
GTT-BACKBONE GTT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://image4.pubmatic.com/AdServer/SPug?partnerID=27&partnerUID=44886284-f898-4700-b64c-eb3ee08253b8
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&SPug=true&p=160134&s=&predirect=&userIdMacro=&gdpr_consent=&gdpr=0&us_privacy=&
Protocol: H2
Server: 198.47.127.20 , United States, ASN3257 (GTT-BACKBONE GTT, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Wed, 18 May 2022 13:45:59 GMT
cache-control: no-store, no-cache, private
server: nginx
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

Date: Wed, 18 May 2022 13:46:00 GMT
Server: MT3 4409 ba5503e master hkg-pixel-x3 config:1.0.0
Access-Control-Allow-Origin: *
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location: https://image4.pubmatic.com/AdServer/SPug?partnerID=27&partnerUID=44886284-f898-4700-b64c-eb3ee08253b8
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Keep-Alive: timeout=360
Content-Length: 0
Expires: Wed, 18 May 2022 13:45:59 GMT

GET
H2

200

Pug
image2.pubmatic.com/AdServer/ Frame 9CF6
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_hm=NjY5MEYzQkQtNDM5Qi00OUNGLTg3MzAtRkU5RTU2ODU4NjRC&gdpr=0&gdpr_consent=
https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_hm=NjY5MEYzQkQtNDM5Qi00OUNGLTg3MzAtRkU5RTU2ODU4NjRC&gdpr=0&gdpr_consent=&google_tc=
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjImdGw9MTI5NjAw&gdpr=0&gdpr_consent=

42 B
95 B

262ms
44ms

Image
image/gif

185.64.189.110
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjImdGw9MTI5NjAw&gdpr=0&gdpr_consent=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&SPug=true&p=160134&s=&predirect=&userIdMacro=&gdpr_consent=&gdpr=0&us_privacy=&
Protocol: H2
Server: 185.64.189.110 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Wed, 18 May 2022 13:45:59 GMT
cache-control: no-store, no-cache, private
server: nginx
content-type: image/gif; charset=utf-8
content-length: 42
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

pragma: no-cache
date: Wed, 18 May 2022 13:45:59 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjImdGw9MTI5NjAw&gdpr=0&gdpr_consent=
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

Pug
image2.pubmatic.com/AdServer/ Frame 9CF6
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_cm&google_sc&gdpr=0&gdpr_consent=
https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_cm=&google_sc=&gdpr=0&gdpr_consent=&google_tc=
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTIxNzcmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=CAESEFGe5nPuwJYSB-VxOSaaf3Q&google_cver=1

42 B
498 B

261ms
43ms

Image
image/gif

185.64.189.110
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTIxNzcmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=CAESEFGe5nPuwJYSB-VxOSaaf3Q&google_cver=1
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&SPug=true&p=160134&s=&predirect=&userIdMacro=&gdpr_consent=&gdpr=0&us_privacy=&
Protocol: H2
Server: 185.64.189.110 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Wed, 18 May 2022 13:45:57 GMT
cache-control: no-store, no-cache, private
server: nginx
content-type: image/gif; charset=utf-8
content-length: 42
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

pragma: no-cache
date: Wed, 18 May 2022 13:45:59 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTIxNzcmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=CAESEFGe5nPuwJYSB-VxOSaaf3Q&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 379
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 pubmatic
um.simpli.fi/ Frame 9CF6 43 B
613 B 160ms
43ms Image
image/gif 169.50.137.182
SOFTLAYER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://um.simpli.fi/pubmatic?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9ODA2JnRsPTUxODQwMA==&piggybackCookie=uid:$UID&gdpr=0&gdpr_consent=

Requested by

Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&SPug=true&p=160134&s=&predirect=&userIdMacro=&gdpr_consent=&gdpr=0&us_privacy=&

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

169.50.137.182 , United States, ASN36351 (SOFTLAYER, US),

Reverse DNS

b6.89.32a9.ip4.static.sl-reverse.com

Software

Resource Hash

cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Wed, 18 May 2022 13:45:59 GMT
x-content-type-options: nosniff
last-modified: Mon, 28 Sep 1970 06:00:00 GMT
strict-transport-security: max-age=63072000; includeSubdomains; preload
access-control-allow-methods: GET, POST, OPTIONS
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length: 43
expires: Tue, 17 May 2022 13:45:59 GMT

GET
H2

200

Pug
simage2.pubmatic.com/AdServer/ Frame 9CF6
Redirect Chain

https://ad.turn.com/r/cs?pid=1&gdpr=0&gdpr_consent=
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9ODImdGw9MTU3NjgwMCZkcF9pZD0yMg==&piggybackCookie=3200693521187788429&gdpr=0&gdpr_consent=&us_privacy=

1 B
383 B

276ms
45ms

Image
text/html

185.64.190.80
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9ODImdGw9MTU3NjgwMCZkcF9pZD0yMg==&piggybackCookie=3200693521187788429&gdpr=0&gdpr_consent=&us_privacy=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&SPug=true&p=160134&s=&predirect=&userIdMacro=&gdpr_consent=&gdpr=0&us_privacy=&
Protocol: H2
Server: 185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Wed, 18 May 2022 13:45:59 GMT
cache-control: no-store, no-cache, private
server: nginx
content-type: text/html; charset=utf-8
content-length: 1
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

location: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9ODImdGw9MTU3NjgwMCZkcF9pZD0yMg==&piggybackCookie=3200693521187788429&gdpr=0&gdpr_consent=&us_privacy=
pragma: no-cache
date: Wed, 18 May 2022 13:45:59 GMT
cache-control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
content-length: 0
p3p: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"

GET
H2 200 generic
match.adsrvr.org/track/cmf/ Frame 9CF6 70 B
264 B 55ms
54ms Image
image/gif 52.223.40.198
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.adsrvr.org/track/cmf/generic?ttd_pid=pubmatic&ttd_tpi=1&gdpr=0&gdpr_consent=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&SPug=true&p=160134&s=&predirect=&userIdMacro=&gdpr_consent=&gdpr=0&us_privacy=&
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.223.40.198 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a6370ebea231e0c9a.awsglobalaccelerator.com
Software: /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 18 May 2022 13:45:59 GMT
cache-control: private,no-cache, must-revalidate
x-aspnet-version: 4.0.30319
content-type: image/gif
content-length: 70
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"

GET
H2 200 6690F3BD-439B-49CF-8730-FE9E5685864B
pr-bh.ybp.yahoo.com/sync/pubmatic/ Frame 9CF6 43 B
991 B 194ms
62ms Image
image/gif 2a05:d018:d29:3605:9b3d:59c:490d:6d21
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pr-bh.ybp.yahoo.com/sync/pubmatic/6690F3BD-439B-49CF-8730-FE9E5685864B?gdpr=0&gdpr_consent=

Requested by

Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&SPug=true&p=160134&s=&predirect=&userIdMacro=&gdpr_consent=&gdpr=0&us_privacy=&

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a05:d018:d29:3605:9b3d:59c:490d:6d21 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

ATS /

Resource Hash

48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Wed, 18 May 2022 13:45:59 GMT
referrer-policy: strict-origin-when-cross-origin
server: ATS
age: 0
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
strict-transport-security: max-age=31536000
content-type: image/gif
x-xss-protection: 1; mode=block
content-length: 43
x-content-type-options: nosniff

GET
H2

502

SPug
image4.pubmatic.com/AdServer/ Frame 9CF6
Redirect Chain

https://ups.analytics.yahoo.com/ups/58292/sync?_origin=1&uid=6690F3BD-439B-49CF-8730-FE9E5685864B&redir=true&gdpr=0&gdpr_consent=
https://image4.pubmatic.com/AdServer/SPug?partnerID=156078&xid=y-INEmDRJE2uWlSyCuFIhL.qfmbImayeY-~A&gdpr=0&gdpr_consent=

0
0

395ms
51ms

Image
text/html

198.47.127.20
GTT-BACKBONE GTT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://image4.pubmatic.com/AdServer/SPug?partnerID=156078&xid=y-INEmDRJE2uWlSyCuFIhL.qfmbImayeY-~A&gdpr=0&gdpr_consent=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&SPug=true&p=160134&s=&predirect=&userIdMacro=&gdpr_consent=&gdpr=0&us_privacy=&
Protocol: H2
Server: 198.47.127.20 , United States, ASN3257 (GTT-BACKBONE GTT, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

Redirect headers

location: https://image4.pubmatic.com/AdServer/SPug?partnerID=156078&xid=y-INEmDRJE2uWlSyCuFIhL.qfmbImayeY-~A&gdpr=0&gdpr_consent=
date: Wed, 18 May 2022 13:45:59 GMT
server: ATS/9.1.0.46
age: 0
content-length: 0
strict-transport-security: max-age=31536000
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

GET
H2 200 amp4ads-v0.mjs Show response
cdn.ampproject.org/rtv/012204292129000/ Frame 9D6B 220 KB
61 KB 126ms
37ms Script
text/javascript 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012204292129000/amp4ads-v0.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022051701.js?cb=31067666

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8438fcae135714383f2e8b95e9a173d7dae352e433c16c07ab158e6c88c489d0

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://graham-wjxt.zeustechnology.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 187251
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 61295
x-xss-protection: 0
server: sffe
date: Mon, 16 May 2022 09:45:08 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "c00c4adb72e5cb7f"
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Tue, 16 May 2023 09:45:08 GMT

GET
H2 200 amp-ad-exit-0.1.mjs Show response
cdn.ampproject.org/rtv/012204292129000/v0/ Frame 9D6B 14 KB
5 KB 222ms
134ms Script
text/javascript 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012204292129000/v0/amp-ad-exit-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022051701.js?cb=31067666

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

42bd99c9d9c85bebd6419be0bc7cab4bbdd98f3743d9c0bf7e3e62cd627cb581

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://graham-wjxt.zeustechnology.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 187251
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5188
x-xss-protection: 0
server: sffe
date: Mon, 16 May 2022 09:45:08 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "176361d496ccc411"
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Tue, 16 May 2023 09:45:08 GMT

GET
H2 200 amp-analytics-0.1.mjs Show response
cdn.ampproject.org/rtv/012204292129000/v0/ Frame 9D6B 94 KB
28 KB 223ms
135ms Script
text/javascript 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012204292129000/v0/amp-analytics-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022051701.js?cb=31067666

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a05fdfb3e658a59c3b08dc4d5787cf76826988866a1be0bac3710c7753640d1f

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://graham-wjxt.zeustechnology.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 187251
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 28840
x-xss-protection: 0
server: sffe
date: Mon, 16 May 2022 09:45:08 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "4b15b3c971f95798"
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Tue, 16 May 2023 09:45:08 GMT

GET
H2 200 amp-fit-text-0.1.mjs Show response
cdn.ampproject.org/rtv/012204292129000/v0/ Frame 9D6B 5 KB
2 KB 234ms
147ms Script
text/javascript 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012204292129000/v0/amp-fit-text-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022051701.js?cb=31067666

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

742106aba0be6db1086baa20c675ca18298baf0eecf4f0ad7a99111be6796446

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://graham-wjxt.zeustechnology.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 180400
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1906
x-xss-protection: 0
server: sffe
date: Mon, 16 May 2022 11:39:19 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "a2652581fdabc981"
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Tue, 16 May 2023 11:39:19 GMT

GET
H2 200 amp-form-0.1.mjs Show response
cdn.ampproject.org/rtv/012204292129000/v0/ Frame 9D6B 40 KB
13 KB 235ms
148ms Script
text/javascript 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012204292129000/v0/amp-form-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022051701.js?cb=31067666

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

151ca0dbdad0610cbb5b206a106dd32b5a5915325c96ec690652e0e47abf8465

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://graham-wjxt.zeustechnology.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 187251
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12953
x-xss-protection: 0
server: sffe
date: Mon, 16 May 2022 09:45:08 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "8a2450dae6a66803"
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Tue, 16 May 2023 09:45:08 GMT

GET
DATA 200
OK truncated
/ Frame 9D6B 215 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 0acb3b80af7c0b57236950b299413314109b5e196eaf3861261c0cef5f5a290c

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 5306919286918329926
tpc.googlesyndication.com/daca_images/simgad/ Frame 9D6B 56 KB
56 KB 171ms
82ms Image
image/png 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/daca_images/simgad/5306919286918329926

Requested by

Host: graham-wjxt.zeustechnology.com
URL: https://graham-wjxt.zeustechnology.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a5b45d7709fc3d4c5a3ba78fbc6abbefa5e916c438be693258d326eac72140af

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://graham-wjxt.zeustechnology.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 17 May 2022 12:31:04 GMT
x-content-type-options: nosniff
age: 90895
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 57033
x-xss-protection: 0
last-modified: Sat, 07 Aug 2021 08:04:22 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Wed, 17 May 2023 12:31:04 GMT

GET
H2 200 en.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 9D6B 2 KB
3 KB 225ms
136ms Image
image/png 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/en.png

Requested by

Host: graham-wjxt.zeustechnology.com
URL: https://graham-wjxt.zeustechnology.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://graham-wjxt.zeustechnology.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 17 May 2022 18:59:48 GMT
x-content-type-options: nosniff
server: cafe
age: 67571
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
etag: 14819457070020093239
vary: Accept-Encoding
content-type: image/png
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2502
x-xss-protection: 0
expires: Wed, 18 May 2022 18:59:48 GMT

GET
H2 200 icon.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 9D6B 295 B
758 B 127ms
39ms Image
image/png 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/icon.png

Requested by

Host: graham-wjxt.zeustechnology.com
URL: https://graham-wjxt.zeustechnology.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://graham-wjxt.zeustechnology.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Wed, 18 May 2022 05:43:34 GMT
x-content-type-options: nosniff
server: cafe
age: 28945
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
etag: 426692510519060060
vary: Accept-Encoding
content-type: image/png
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 295
x-xss-protection: 0
expires: Thu, 19 May 2022 05:43:34 GMT

GET
H2 204 l
www.google.com/ads/measurement/ Frame 9D6B 0
0 142ms
45ms Image
text/html 2a00:1450:4001:801::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaToLPewI8KXHoMXUkJDHR8j75KLOGl6KrfLUULYP_8hp_csrfRyRDN7yc-Hc5CE4poLkrpc
Requested by: Host: graham-wjxt.zeustechnology.com
URL: https://graham-wjxt.zeustechnology.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:801::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://graham-wjxt.zeustechnology.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

GET
H3 200 adview
securepubads.g.doubleclick.net/pagead/ Frame 9D6B 0
0 82ms
82ms Image
text/html 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=Cgvahl_iEYuHWDI-cgQeXsIyAAdyS1vhpiL66htkOl5GV-cYqEAEgtMe0KGCV4qKCsAegAeSu27sCyAECqQLjJb5LmqKxPuACAKgDAcgDCKoEgwJP0BNlWI-WGSY4FS2XAMd2hvR7nQFMlujjdFLby6X8hLcpcu5hb77Y47lcrTcU9AgDY1v15Oeg9glBvgzWVrgYWcBsuBWOYdpkre-sS5O7Odivtrxng8Gfxz2gmTFstUrHV3d_44hdPP2eavOJDAqbcv8BNktklrVLVWP-Isnqhc4B8HHjDVKtTWAZfdGJS1kWjt6JZMhJc_jNZ-1mNLPTc_ocFJRnhUBLtW5eGXrk8oMRle4elPDIm6V-O_9lgEfLkx4eL2l-Rr3VgakeKSBLpVSDIWVu2CuFliS9iVTjhd5f2NdGGvaCTJBH7PHV22OfoJJOySiw78UBBwfgJNnMosA5wASco8amggTgBAGSBQQIBBgBkgUECAUYBJIFBAgFGBiSBQUIBRioAaAGAoAHhNGkxAGoB47OG6gHk9gbqAfulrECqAf-nrECqAeko7ECqAfVyRuoB6a-G9gHAfIHBBDnqAPSCAkIiOGAcBABGB2ACgPICwHYEwvQFQGYFgGAFwGyFx4KHAgAEhRwdWItNjcxNDgyNTYwODM1MDAwORi40BI&sigh=Ssuby3Xfork&uach_m=[UACH]
Requested by: Host: graham-wjxt.zeustechnology.com
URL: https://graham-wjxt.zeustechnology.com/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 142.250.184.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra24s12-in-f2.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://graham-wjxt.zeustechnology.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

GET
H3 200 container.html Show response
ee9fecf2ac2811dd91f15b66ab8d4687.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame B361 6 KB
3 KB 121ms
38ms Document
text/html 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ee9fecf2ac2811dd91f15b66ab8d4687.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022051701.js?cb=31067666

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://graham-wjxt.zeustechnology.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, immutable, max-age=31536000
content-encoding: gzip
content-length: 3108
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Wed, 18 May 2022 13:45:59 GMT
expires: Thu, 18 May 2023 13:45:59 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 amp4ads-v0.mjs Show response
cdn.ampproject.org/rtv/012204292129000/ Frame F8AD 220 KB
60 KB 148ms
101ms Script
text/javascript 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012204292129000/amp4ads-v0.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022051701.js?cb=31067666

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8438fcae135714383f2e8b95e9a173d7dae352e433c16c07ab158e6c88c489d0

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://graham-wjxt.zeustechnology.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 187251
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 61295
x-xss-protection: 0
server: sffe
date: Mon, 16 May 2022 09:45:08 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "c00c4adb72e5cb7f"
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Tue, 16 May 2023 09:45:08 GMT

GET
H2 200 amp-ad-exit-0.1.mjs Show response
cdn.ampproject.org/rtv/012204292129000/v0/ Frame F8AD 14 KB
5 KB 147ms
146ms Script
text/javascript 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012204292129000/v0/amp-ad-exit-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022051701.js?cb=31067666

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

42bd99c9d9c85bebd6419be0bc7cab4bbdd98f3743d9c0bf7e3e62cd627cb581

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://graham-wjxt.zeustechnology.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 187251
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5188
x-xss-protection: 0
server: sffe
date: Mon, 16 May 2022 09:45:08 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "176361d496ccc411"
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Tue, 16 May 2023 09:45:08 GMT

GET
H2 200 amp-analytics-0.1.mjs Show response
cdn.ampproject.org/rtv/012204292129000/v0/ Frame F8AD 94 KB
28 KB 148ms
148ms Script
text/javascript 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012204292129000/v0/amp-analytics-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022051701.js?cb=31067666

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a05fdfb3e658a59c3b08dc4d5787cf76826988866a1be0bac3710c7753640d1f

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://graham-wjxt.zeustechnology.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 187251
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 28840
x-xss-protection: 0
server: sffe
date: Mon, 16 May 2022 09:45:08 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "4b15b3c971f95798"
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Tue, 16 May 2023 09:45:08 GMT

GET
H2 200 amp-fit-text-0.1.mjs Show response
cdn.ampproject.org/rtv/012204292129000/v0/ Frame F8AD 5 KB
2 KB 156ms
155ms Script
text/javascript 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012204292129000/v0/amp-fit-text-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022051701.js?cb=31067666

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

742106aba0be6db1086baa20c675ca18298baf0eecf4f0ad7a99111be6796446

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://graham-wjxt.zeustechnology.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 180400
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1906
x-xss-protection: 0
server: sffe
date: Mon, 16 May 2022 11:39:19 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "a2652581fdabc981"
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Tue, 16 May 2023 11:39:19 GMT

GET
H2 200 amp-form-0.1.mjs Show response
cdn.ampproject.org/rtv/012204292129000/v0/ Frame F8AD 40 KB
13 KB 157ms
157ms Script
text/javascript 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012204292129000/v0/amp-form-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022051701.js?cb=31067666

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

151ca0dbdad0610cbb5b206a106dd32b5a5915325c96ec690652e0e47abf8465

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://graham-wjxt.zeustechnology.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 187251
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12953
x-xss-protection: 0
server: sffe
date: Mon, 16 May 2022 09:45:08 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "8a2450dae6a66803"
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Tue, 16 May 2023 09:45:08 GMT

GET
H2 200 en.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame F8AD 2 KB
3 KB 196ms
143ms Image
image/png 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/en.png

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022051701.js?cb=31067666

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://graham-wjxt.zeustechnology.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 17 May 2022 18:59:48 GMT
x-content-type-options: nosniff
server: cafe
age: 67571
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
etag: 14819457070020093239
vary: Accept-Encoding
content-type: image/png
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2502
x-xss-protection: 0
expires: Wed, 18 May 2022 18:59:48 GMT

GET
H2 200 icon.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame F8AD 295 B
353 B 92ms
39ms Image
image/png 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/icon.png

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022051701.js?cb=31067666

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://graham-wjxt.zeustechnology.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Wed, 18 May 2022 05:43:34 GMT
x-content-type-options: nosniff
server: cafe
age: 28945
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
etag: 426692510519060060
vary: Accept-Encoding
content-type: image/png
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 295
x-xss-protection: 0
expires: Thu, 19 May 2022 05:43:34 GMT

GET
DATA 200
OK truncated
/ Frame F8AD 212 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 8331b21ddc4c8d610c80aee1a2a961e81f3c6860de9496975660f18e34cde79c

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 container.html Show response
ee9fecf2ac2811dd91f15b66ab8d4687.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 8947 6 KB
3 KB 106ms
44ms Document
text/html 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ee9fecf2ac2811dd91f15b66ab8d4687.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022051701.js?cb=31067666

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://graham-wjxt.zeustechnology.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, immutable, max-age=31536000
content-encoding: gzip
content-length: 3108
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Wed, 18 May 2022 13:45:59 GMT
expires: Thu, 18 May 2023 13:45:59 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 container.html Show response
ee9fecf2ac2811dd91f15b66ab8d4687.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 0CF4 6 KB
3 KB 98ms
41ms Document
text/html 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ee9fecf2ac2811dd91f15b66ab8d4687.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022051701.js?cb=31067666

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://graham-wjxt.zeustechnology.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, immutable, max-age=31536000
content-encoding: gzip
content-length: 3108
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Wed, 18 May 2022 13:45:59 GMT
expires: Thu, 18 May 2023 13:45:59 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 container.html Show response
ee9fecf2ac2811dd91f15b66ab8d4687.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame B1A7 6 KB
3 KB 100ms
46ms Document
text/html 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ee9fecf2ac2811dd91f15b66ab8d4687.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022051701.js?cb=31067666

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://graham-wjxt.zeustechnology.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, immutable, max-age=31536000
content-encoding: gzip
content-length: 3108
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Wed, 18 May 2022 13:45:59 GMT
expires: Thu, 18 May 2023 13:45:59 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 9424738830463764972
tpc.googlesyndication.com/daca_images/simgad/ Frame F8AD 75 KB
75 KB 52ms
41ms Image
image/jpeg 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/daca_images/simgad/9424738830463764972

Requested by

Host: graham-wjxt.zeustechnology.com
URL: https://graham-wjxt.zeustechnology.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

bb6e5291a8c826dc889e43631a18e2020b28e15775f3f331c5fa82e65fe51851

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://graham-wjxt.zeustechnology.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 17 May 2022 09:55:04 GMT
x-content-type-options: nosniff
age: 100255
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 76545
x-xss-protection: 0
last-modified: Fri, 21 May 2021 11:09:27 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Wed, 17 May 2023 09:55:04 GMT

GET
H2 204 l
www.google.com/ads/measurement/ Frame F8AD 0
0 66ms
46ms Image
text/html 2a00:1450:4001:801::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaSXlSfbfL257y80Gd9qk3MvQz55nqx8O4R7QwFAqx_fCci2qSlmNlTFCESpvK-r5xUzT6X-
Requested by: Host: graham-wjxt.zeustechnology.com
URL: https://graham-wjxt.zeustechnology.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:801::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://graham-wjxt.zeustechnology.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

GET
H3 200 adview
securepubads.g.doubleclick.net/pagead/ Frame F8AD 0
0 81ms
81ms Image
text/html 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=CGMJEl_iEYuPWDI-cgQeXsIyAAdyS1vhp0Ni6htkOl5GV-cYqEAEgtMe0KGCV4qKCsAegAeSu27sCyAECqQLjJb5LmqKxPuACAKgDAcgDCKoEiAJP0Jq_EAj6EdPVyPLA6kq4OYRm6eutaI795tGzFXAKxtWvWxDU-8UKj7P1AudT54O5TgYqek71zM3gsz-vRXt7r0KKjoyXI3bl6KIZsEF7ASN0gxDpmXe8FvjsuFWHj7Qgw2pl48CqJpS45furlIBU14siz8Q_4si6_CWRIQ-TnWd1148VZO3XsUVIa_hRpHh_eXr2zoKXWXVWoUvzPHsFPFrh4qYV31r7So0sEuosWBQhOIz_KPxrDJQZBElH5Tj1K2eKHzw9iTUhR51yGV8pp2q3GoMp0NNN41s616IctK7hZ4IMa2SWqjAw9nd0ow7aP8eIwiytDeybvnMoS0g8MF5JCdxW6qzABJyjxqaCBOAEAZIFBAgEGAGSBQQIBRgEkgUECAUYGJIFBQgFGKgBoAYCgAeE0aTEAagHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4b2AcB8gcEEJSmBNIICQiI4YBwEAEYHYAKA8gLAdgTC9AVAZgWAYAXAbIXHgocCAASFHB1Yi02NzE0ODI1NjA4MzUwMDA5GLjQEg&sigh=zEwUKhob1o4&uach_m=[UACH]
Requested by: Host: graham-wjxt.zeustechnology.com
URL: https://graham-wjxt.zeustechnology.com/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 142.250.184.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra24s12-in-f2.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://graham-wjxt.zeustechnology.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

GET
H3 200 adview
securepubads.g.doubleclick.net/pagead/ Frame B361 0
0 76ms
76ms Fetch
text/html 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=CdWeSl_iEYuLWDI-cgQeXsIyAAZ75kpBcs8Tlw4gJwI23ARABIABgleKigrAHggEXY2EtcHViLTY3MTQ4MjU2MDgzNTAwMDnIAQngAgCoAwGqBPQBT9CiiBZGZoxOba51cDnGkDBheYE6iFA0gVnQPYbXBaytlUeK1XAdqf37BQme06eSKh1JKTfiwD65mxd9dgMdJcWnZC3g75yHmdxcPZfGDUwQYQHU1GaC3Mqt-9i_5aAthwWZpFKOiWG5WgivSpqgaNIVTAkdp4NnCSiuxcqCb0dSXxwxqzT75voj8PqB2eExAXNVxMAgeFYUODl3HkuawZd9TEfOPV2U3_CeuBcUXBmrhCFroGiR7NhwdsHEyUf0Qofrw2FtQr48EduO4pBPW98hybtx7cJyMA07GEm0BpC3rpeiugDv-ecbRgUUJBRwHiaO2uAEAYAGocDa6umu5Z9yoAYhqAeKmLECqAemvhuoB5bYG6gHqpuxAqgH35-xAtgHANIIBwiI4YBwEAGACgP6CwIIAYAMAdAVAYAXAbIXHAoaEhRwdWItNjcxNDgyNTYwODM1MDAwORi40BI&sigh=YlL9nTALmFI&uach_m=[UACH]&cid=CAQSPgCNIrLMenzxjYiSTBFOMi_qnhrlG-py7-bDRu4DgHUSQDbJjsN0U5sFgl1hwJIBN-liSYRd5f13ZinoMCTHGAE
Requested by: Host: graham-wjxt.zeustechnology.com
URL: https://graham-wjxt.zeustechnology.com/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 142.250.184.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra24s12-in-f2.1e100.net
Software: /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ee9fecf2ac2811dd91f15b66ab8d4687.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

GET
H2 200 adEvent.do Show response
prod-m-node-3113.ssp.yahoo.com/admax/ Frame B361 43 B
176 B 159ms
39ms Fetch
image/gif 18.198.241.229
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://prod-m-node-3113.ssp.yahoo.com/admax/adEvent.do?tidi=770957247&dcn=8a969167017e7ee4e1cce9bf477b00ab&posi=1640337&grp=???&nl=1652881559379&rts=1652881559297&pix=0&et=1&a=YoT4lwAEQfgK7dlPKgz8iw&m=aXAtMTAtMjItOTktMzE.&p=MC4wMDAwODk5NzM&b=MTMyMzQ7T0FUSDEwMDI2MzAwMDtzcG90aWZ5LmNvbTs7Ozs4YzBiNjk3NzkwNDQ0MDZkOGI0MGUxYmQ3YzEzNDdhMzszMDY0MDI2NTsxNjUyODc3MDQ5OzswLjAwMDA3MTk3ODs7MDs7NDYwNTA5NDthMjEyNzE3OTVkYWY5NGEwMjhjNDY0ZjU3OWY2YWE3OTVjODA5NmI2OzE.&xdi=Pz8_fEdvb2dsZXxOVCAxMC4wfDE3fERlc2t0b3A.&xoi=MHxERVU.&hb=true&type=2&hbp=6&af=5&dety=2
Requested by: Host: graham-wjxt.zeustechnology.com
URL: https://graham-wjxt.zeustechnology.com/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.198.241.229 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-198-241-229.eu-central-1.compute.amazonaws.com
Software: nginx/1.20.1 /
Resource Hash: f28236cf9fb53f0f4f4f35faf320aafaebca7c2f0679e6f13f8a4283ec5ed10b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ee9fecf2ac2811dd91f15b66ab8d4687.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Wed, 18 May 2022 13:45:59 GMT
last-modified: Wed, 18 May 2022 00:44:50 GMT
server: nginx/1.20.1
accept-ranges: bytes
content-length: 43
content-type: image/gif

GET
H2 200 https%3A%2F%2Fprod-m-node-3113.ssp.yahoo.com%2Fadmax%2FadClick.do%3Fdcn%3D8a969167017e7ee4e1cce9bf477b00ab%26n%3DYahoo%2BSSP%26id%3D15f190312ea54d868a1610a68c38387e%26tid%3D8a969404017e7eb0e718b14f... Show response
pr.ybp.yahoo.com/ab/secure/true/imp/71ow1ieoGasQFNCpSZU_FPJ72K98ooy1Y56gkBfjsw5UXJEp6y-yQavhn1I7MeherXHnjbOBnSWZHEXpuK9uodbMbKIcRov60bopDvdDfEGdf-EZTUBnNpKGvRPp1AnpJbeCSbUHEBR-icT3T-5P3CiEdrp0Jl1Q2... Frame B361 4 KB
4 KB 193ms
74ms Script
text/javascript 2a00:1288:80:807::2
YAHOO-DEB

General

Check archive.org

Show headers Download Go to

Full URL

https://pr.ybp.yahoo.com/ab/secure/true/imp/71ow1ieoGasQFNCpSZU_FPJ72K98ooy1Y56gkBfjsw5UXJEp6y-yQavhn1I7MeherXHnjbOBnSWZHEXpuK9uodbMbKIcRov60bopDvdDfEGdf-EZTUBnNpKGvRPp1AnpJbeCSbUHEBR-icT3T-5P3CiEdrp0Jl1Q2CCDaVZRsI_ExqS90qTBGi962-Icf_brTbQnUb17Qdw0SAlm7Dh4u90etPSpu62D_iYfXCYGiY0dlUL09GLbiHXcM2dbJTWy_GbBC2Z-0KN_oqeUG3oNiU0pZvi6-I2ikD6jQ2152ICncCZYbzucpsaAaHJ32Q9Sy3MD-IZiHsHipAQraVt8CbR0oTO1D8-77jSAdQ3u0cuEZhjJ6NnllzFwId0An8sS--kMwlesInULTp0ebEzgY25hnThuhyHE-KiYRB7ne_mclAs09jqM_mh1lMaJyFi7la4-FEd505T5E6Y2iiRx-BpfLSYfu5h-5PId7uAoa_vFj6trOB-6l7qEAs4gmT2Syqn9JfQk9of07alOE5wZ3weacwv8ov6C6qPOEKTSv8MEGJKhpw275vlFHIHxGuRjVnHNqhljauqj08SGQpYJhZxy6HUG8hinzyJuo2y-uNMlPvU5tw28U2OJwOwK5zRT_3PwEQNQjWfx6fLuT_Xkz-75qq_FnfkxM8hNS5ifp5DBculEsg8pVTRVRLNsbKsOHofaeFGlxBUxu_pKUNeOt_WTQU733t4-ICIGxNRVgBau4DS0LAN9p7TGVieCDzeyaQ6KYih639EyFwUEclw3btb28APk4ilz2VxbX5Iuelx6x01D4kHM3tv826BPy9C3IfzRw82ih15GAW3GFPiLoSYFbf5b9bZjSZKHIejk2eSV-Zzbhl2wjlYGHA2gsNEYKPkTlz1dDf1i6T92gUFNJhnYpMEAcVIcOfkrevTW-cl09b_RcPV0Zebsi3epaYnIOmEYcbqcaydMvqF5Ht2ggU3ZvrKEOB4Hr2vD7dbv4erFBHpV1HM7S8YMphTRb6fDfT8aCOAvs7_BtlaV0o5lNfg4WgUWWD5wBAJ6lmhjDYRSKeSufMfiBhdP_oMg4IDNRbk0EzgGN9X7xieIt-hxE1HFUyU6EMM62OU7hrg-L8Fm-Tt7_yKf7AMOohxpoaqSLe9ecR90np3Y0vDV4KUJZjFzjD8Nbh0f2S_rlk5704eSs9uFbbfbgBApyec_2PTCa2fR1GvSiYNiLnsrXyQ4eBhKKl11whzFIaUe0dkAI0kOStR39c4qFIC_1sN1N6ZUl4-0I2SgLTqbPc4fI6sJBUWT_tAJiA8RFpmUD6hoB0n6gky-F_t6j5s_czIJc3xvciDmLl7YUl91eaNbfw0XgliBwM7so_aYZOPAFPylI_FfSfcjN5fe2QRHOJAltFwEI4Wze2iR5ebNLZs_1D7IC86_vGDipNGMBYy0Ab4bsiOIKG28fXQnvpOfgolv5KY3XCH6TU-tYeCCCW_gBoSpuoS72u24LlKbxQlU6ZM4820eJh-fDY_dZQjdQeXZwaFlcbbheYwU7_dRrUJdqAhzidpWGu1hMsGnKUkfPnkBI_EYoEmHBHU35xeAVPW9y9S1/wp/0.089973/tr/0.017995/pa/null/pclick/https%3A%2F%2Fprod-m-node-3113.ssp.yahoo.com%2Fadmax%2FadClick.do%3Fdcn%3D8a969167017e7ee4e1cce9bf477b00ab%26n%3DYahoo%2BSSP%26id%3D15f190312ea54d868a1610a68c38387e%26tid%3D8a969404017e7eb0e718b14fb247000b%26nid%3D8a808aee2edf264a012f0d6ee4e87844%26pos%3D8a969167017e7ee4e1cce9bfa69800ad%26grp%3D%253F%253F%253F%26type%3D2%26hbp%3D6%26nl%3D1652881559378%26rts%3D1652881559297%26ari%3D8c0b69779044406d8b40e1bd7c1347a3%26b%3DMTMyMzQ7Ozs7Ozs7MzA2NDAyNjU7Ozs7Ozs7Ozs.%26a%3DYoT4lwAEQfgK7dlPKgz8iw%26rdm%3D1%26rd%3D

Requested by

Host: graham-wjxt.zeustechnology.com
URL: https://graham-wjxt.zeustechnology.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1288:80:807::2 , United Kingdom, ASN203220 (YAHOO-DEB, GB),

Reverse DNS

Software

ATS /

Resource Hash

a420cf37bab0b3ff0db3f13e8ad3f53d7be2bbe3692337260345f985212ebd82

Security Headers

Name	Value
Content-Security-Policy	sandbox; default-src 'self'; script-src 'none'; object-src 'none'; report-uri http://csp.yahoo.com/beacon/csp?src=generic
Strict-Transport-Security	max-age=15552000
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ee9fecf2ac2811dd91f15b66ab8d4687.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Wed, 18 May 2022 13:45:59 GMT
x-content-type-options: nosniff
age: 0
expiry: Thu, 01 Jan 1970 00:00:00 GMT
content-length: 3720
x-xss-protection: 1; mode=block
pragma: no-cache
referrer-policy: strict-origin-when-cross-origin
server: ATS
x-frame-options: DENY
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
strict-transport-security: max-age=15552000
content-type: text/javascript
cache-control: no-store, no-cache, must-revalidate, private, max-age=0
content-security-policy: sandbox; default-src 'self'; script-src 'none'; object-src 'none'; report-uri http://csp.yahoo.com/beacon/csp?src=generic
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 200 talon-1.0.40.js Show response
cdn.js7k.com/ix/ Frame B361 69 KB
17 KB 160ms
40ms Script
application/javascript 2a00:1288:80:807::2
YAHOO-DEB

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.js7k.com/ix/talon-1.0.40.js

Requested by

Host: graham-wjxt.zeustechnology.com
URL: https://graham-wjxt.zeustechnology.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1288:80:807::2 , United Kingdom, ASN203220 (YAHOO-DEB, GB),

Reverse DNS

Software

ATS /

Resource Hash

b3a1231790be53aa5210678e207c61bc8376c752f0c5a33df9e3eae23cc3b0a3

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ee9fecf2ac2811dd91f15b66ab8d4687.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Wed, 18 May 2022 11:33:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 7962
x-amz-server-side-encryption: AES256
vary: Origin, Accept-Encoding
content-length: 16540
x-amz-id-2: zmdsfKnaUqmmDQ81Bu8+Z28PIpB67FJZr/UODKK+2QybxSV98bba8h506xRsEIqceH95u12xIqU=
referrer-policy: no-referrer-when-downgrade
last-modified: Tue, 12 Apr 2022 16:08:42 GMT
server: ATS
etag: "adf514fab5c3f95007c73e6c3c901bfe-df"
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
strict-transport-security: max-age=15552000
x-amz-request-id: ZH2ZNY3MZSTVK7BM
x-xss-protection: 1; mode=block
cache-control: public,max-age=14400
accept-ranges: bytes
content-type: application/javascript; charset=utf-8

GET
H3 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220511/r20110914/client/ Frame B361 3 KB
1 KB 163ms
79ms Script
text/javascript 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220511/r20110914/client/window_focus_fy2019.js

Requested by

Host: ee9fecf2ac2811dd91f15b66ab8d4687.safeframe.googlesyndication.com
URL: https://ee9fecf2ac2811dd91f15b66ab8d4687.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8aa048082094d36080fc028ab1584264596c64fb5b362038c4761ac9838d6b14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ee9fecf2ac2811dd91f15b66ab8d4687.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Wed, 18 May 2022 13:43:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 149
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1359
x-xss-protection: 0
server: cafe
etag: 1484984001845508991
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 01 Jun 2022 13:43:30 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame B361 133 KB
41 KB 1783ms
1690ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: ee9fecf2ac2811dd91f15b66ab8d4687.safeframe.googlesyndication.com
URL: https://ee9fecf2ac2811dd91f15b66ab8d4687.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

53b0053087c796bee6fb74269f3ff3e6316beb7e06309cfbccb5d52a45e69d7f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ee9fecf2ac2811dd91f15b66ab8d4687.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Wed, 18 May 2022 13:46:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 41645
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1652701179351892"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Wed, 18 May 2022 13:46:01 GMT

GET
H3 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220511/r20110914/client/ Frame B361 15 KB
6 KB 122ms
40ms Script
text/javascript 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220511/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: ee9fecf2ac2811dd91f15b66ab8d4687.safeframe.googlesyndication.com
URL: https://ee9fecf2ac2811dd91f15b66ab8d4687.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

965195159be784009cc31e4aff2505c066643cf8cdc99df7f56c2eab2abeda82

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ee9fecf2ac2811dd91f15b66ab8d4687.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Wed, 18 May 2022 13:43:16 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 163
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6412
x-xss-protection: 0
server: cafe
etag: 1643562372680595834
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 01 Jun 2022 13:43:16 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame B361 0
0 140ms
55ms Image
text/html 2a00:1450:4001:801::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaTOO9t9DzXiLPF_cmPMA17x2ZI0sSelef3sI5ndXIh7DQahNm7KOqdGowen9BPrEWAKWeRC
Requested by: Host: ee9fecf2ac2811dd91f15b66ab8d4687.safeframe.googlesyndication.com
URL: https://ee9fecf2ac2811dd91f15b66ab8d4687.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:801::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ee9fecf2ac2811dd91f15b66ab8d4687.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

GET
H3 200 ext.js Show response
tpc.googlesyndication.com/safeframe/1-0-38/js/ Frame B361 22 KB
7 KB 138ms
56ms Script
text/javascript 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/safeframe/1-0-38/js/ext.js

Requested by

Host: ee9fecf2ac2811dd91f15b66ab8d4687.safeframe.googlesyndication.com
URL: https://ee9fecf2ac2811dd91f15b66ab8d4687.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0bcac89d72d5f0b2bef20f815406384ff05489e4294acee57409060c2eccffc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ee9fecf2ac2811dd91f15b66ab8d4687.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 17 May 2022 13:42:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 86581
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7022
x-xss-protection: 0
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Wed, 17 May 2023 13:42:58 GMT

GET
H3 200 adview
securepubads.g.doubleclick.net/pagead/ Frame 0CF4 0
0 77ms
77ms Fetch
text/html 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=Ctc2Bl_iEYuTWDI-cgQeXsIyAAZ75kpBcs8Tlw4gJwI23ARABIABgleKigrAHggEXY2EtcHViLTY3MTQ4MjU2MDgzNTAwMDnIAQngAgCoAwGqBPoBT9BRZaJrOQMhXnlHdkp-eHjUdUYHK-0-tsjfkcA7QQsejWTXgfmQbRn-kDj7s70sOn8q914lrr7pg_ruH8j7DP3QzzmWw9Y2D_wul3OcVcb6CJU3srduiQnU9sHVxuZxBydCbjAi_lTE-nTHm3S8MxzfZOfVD7qcl6XMRm6M5tMcE0wBrBmJ3FSGfolz2XqTFiTvFtNgKCyZi1_Wye7hIOplquIuts3Pri513bSmsgpeomPW89iLqD3S2jV-0lGEkOzr4A2flG76UoO0U0PdZfW5H942Sz9OOKfwYBHaIoiMkbBee_ndEOH79o8nVhgEnKD1pYDKDfG6g-AEAYAGocDa6umu5Z9yoAYhqAeKmLECqAemvhuoB5bYG6gHqpuxAqgH35-xAtgHANIIBwiI4YBwEAGACgP6CwIIAYAMAdAVAYAXAbIXHAoaEhRwdWItNjcxNDgyNTYwODM1MDAwORi40BI&sigh=yUA3UA4BeHM&uach_m=[UACH]&cid=CAQSPgCNIrLMenzxjYiSTBFOMi_qnhrlG-py7-bDRu4DgHUSQDbJjsN0U5sFgl1hwJIBN-liSYRd5f13ZinoMCTHGAE
Requested by: Host: graham-wjxt.zeustechnology.com
URL: https://graham-wjxt.zeustechnology.com/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 142.250.184.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra24s12-in-f2.1e100.net
Software: /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ee9fecf2ac2811dd91f15b66ab8d4687.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

GET
H2 200 adEvent.do Show response
prod-m-node-3113.ssp.yahoo.com/admax/ Frame 0CF4 43 B
175 B 148ms
40ms Fetch
image/gif 18.198.241.229
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://prod-m-node-3113.ssp.yahoo.com/admax/adEvent.do?tidi=770957247&dcn=8a969167017e7ee4e1cce9bf477b00ab&posi=1640337&grp=???&nl=1652881559379&rts=1652881559291&pix=0&et=1&a=YoT4lwAEPRMIEcRB0AvAvA&m=aXAtMTAtMjItOTktMTU1&p=MC4wMDAxMjMxNTg&b=MTMyMzQ7T0FUSDEwMDI2MzAwMDtzcG90aWZ5LmNvbTs7OzszNGIzOWYzNjM3ZmM0YzhhOThkZDZlMDkxZTA4NTE1MDszMDY0MDI2NTsxNjUyODc3MDQ5OzswLjAwMDA5ODUyNjs7MDs7NDYwNTA5NDthMjEyNzE3OTVkYWY5NGEwMjhjNDY0ZjU3OWY2YWE3OTVjODA5NmI2OzE.&xdi=Pz8_fEdvb2dsZXxOVCAxMC4wfDE3fERlc2t0b3A.&xoi=MHxERVU.&hb=true&type=2&hbp=6&af=5&dety=2
Requested by: Host: graham-wjxt.zeustechnology.com
URL: https://graham-wjxt.zeustechnology.com/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.198.241.229 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-198-241-229.eu-central-1.compute.amazonaws.com
Software: nginx/1.20.1 /
Resource Hash: f28236cf9fb53f0f4f4f35faf320aafaebca7c2f0679e6f13f8a4283ec5ed10b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ee9fecf2ac2811dd91f15b66ab8d4687.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Wed, 18 May 2022 13:45:59 GMT
last-modified: Wed, 18 May 2022 00:44:50 GMT
server: nginx/1.20.1
accept-ranges: bytes
content-length: 43
content-type: image/gif

GET
H2 200 https%3A%2F%2Fprod-m-node-3113.ssp.yahoo.com%2Fadmax%2FadClick.do%3Fdcn%3D8a969167017e7ee4e1cce9bf477b00ab%26n%3DYahoo%2BSSP%26id%3Dcf0433e47b6540b0a7f7bbe7c39bb4eb%26tid%3D8a969404017e7eb0e718b14f... Show response
pr.ybp.yahoo.com/ab/secure/true/imp/fpmPY8f7TubHv4nWrrlCH37PGMlKFMmGDOqutBy-g2ZN2TMR_vDKy6OwAzQEcQYfzpMRyzGGkJ2__amAA-7pfuGZEe8DWK0o7pczM4y7zrPbmtxJ9N4yhnNN3nkrhf7lGsNbcZ062W0eJXpWrcWBuDzphHVBtXkQm... Frame 0CF4 4 KB
4 KB 179ms
73ms Script
text/javascript 2a00:1288:80:807::2
YAHOO-DEB

General

Check archive.org

Show headers Download Go to

Full URL

https://pr.ybp.yahoo.com/ab/secure/true/imp/fpmPY8f7TubHv4nWrrlCH37PGMlKFMmGDOqutBy-g2ZN2TMR_vDKy6OwAzQEcQYfzpMRyzGGkJ2__amAA-7pfuGZEe8DWK0o7pczM4y7zrPbmtxJ9N4yhnNN3nkrhf7lGsNbcZ062W0eJXpWrcWBuDzphHVBtXkQmKl7qnDteB9wmdXGqmDiTfXkgFdDYxncauyFQwmvAm4aghW2anaIS_SRQC_-BJsWfOn8has_A-4iyz008gq6jtm823RiqbTKxBvAI7FysxisTMaPoI05TQjvniiyEAjOGin9iQD6WpaAqz5hXXiu5QyKmowILslVBeRx7v72XWmSSWybwFsmPxZcDkXlRheVMS0UUnU-5ddYoUwNYRjwzxwdmEpbRhXg8Y5j871pbS5YSVQTlU891Coia4qRcaZz6zqXqS4qejXNmW0SAfhD2pDMTpvPSP2L7jyGlrddQ8PsyiQTTvQEvB47mn5ItWwhmC9oLGaf3Y-Q0Gaatq9Xigj5J_sWxtHsoMhZf79YJb9EIgyI_OEr521MzS4bDalfHSexaUXWYoYHPEwNodVKrKFo_Sjw9AN1oxXB1hy3Pa25f7sV01Brvbg1QN80Qy5Vr9hitiGd-Ua6ARWflCmKsBUWmuxD0Eu0ok2EpuR5gH8loSnL4vEVu1hbPqrtAhXrSWGGi-vgJwJiNp0Jo7DlQwFFEWa56eQTdtPHjPK61JMA9dOiqd_-7g-GW5bEMWYUC2n3mWzvOobET94JWxPOMo6FugCyqK64OecO4VaAQ5ww-0a23AaWQa3Ypnqmqc6fgh3LR1ZAZRakkOBTbxo-Z-uTtS2h_Bt5qgZT_rFCdOtPbmtMiY2SWN_mAvNeqGv2i4GgsekYVESbeMt2-TeMUibzQkNgk81e29DzrJjSqOc9FsdeBKS0jzLQ3wUKBC2g4rPuJqh-ZPy30jYGLuk7dRvqYu-MrEDRYHkki7Cc0tvRgAtEUIcf1cWa-R65Tof0IQO95Kbcmy3gAf3XTR3jWyJbYPg0_HzA8MmpCijVdC1nHpffjPEE4slJRkzYNbLp0ekV3eaGTwp8gaFl_NoHl_aTplivuv0xM1R1ApmXxLJHu5t-9V9P-6G2tqSsiF2vz3g8cRnktVVFXNOCf20CL9dau3ke6FahfOrvgZzR_3dU3a-2n7YrB79HSBKmMEf3r7-dBMdejAbcSo6MRCfpqoPFZCij6y1QJRdCuPhxfnK0STjph5bpaNdX55hh4RSs6nby75He24FeZ-xxF41rOxSbPOrQXdbOXhrfYn7hWoF0eM60Stjt8VTytsDxbsxkZkdOFAdn78BcnnM07B1qa2tjhosRve4hagsMXlcwgoP5N3UtmtvYnMKFmoAn1Z8zfNp1W6zxaaj1jSWLqVpi8PnyJLJfdydZ5TLA_fcPI4oxHZXLmkQRVzI7ABmQLFn1NOHaBofQHNOFsHKfbIqmhtqzOfsYpFyANRt4aaj_9fDhVlJgUeyBc-oBm6pDzcwEk8JS4Y1fk8VhdtAGsMFcobnnO-8X1vZYMRdKZ4AxdSwgHWWwJ-VNfES-yI84aZRS3OJ8l-yBPQ4-gB0fNs17HstxDmt89tgd/wp/0.123158/tr/0.024632/pa/null/pclick/https%3A%2F%2Fprod-m-node-3113.ssp.yahoo.com%2Fadmax%2FadClick.do%3Fdcn%3D8a969167017e7ee4e1cce9bf477b00ab%26n%3DYahoo%2BSSP%26id%3Dcf0433e47b6540b0a7f7bbe7c39bb4eb%26tid%3D8a969404017e7eb0e718b14fb247000b%26nid%3D8a808aee2edf264a012f0d6ee4e87844%26pos%3D8a969167017e7ee4e1cce9bfa69800ad%26grp%3D%253F%253F%253F%26type%3D2%26hbp%3D6%26nl%3D1652881559378%26rts%3D1652881559291%26ari%3D34b39f3637fc4c8a98dd6e091e085150%26b%3DMTMyMzQ7Ozs7Ozs7MzA2NDAyNjU7Ozs7Ozs7Ozs.%26a%3DYoT4lwAEPRMIEcRB0AvAvA%26rdm%3D1%26rd%3D

Requested by

Host: graham-wjxt.zeustechnology.com
URL: https://graham-wjxt.zeustechnology.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1288:80:807::2 , United Kingdom, ASN203220 (YAHOO-DEB, GB),

Reverse DNS

Software

ATS /

Resource Hash

ff258a4070747a2894b586b3dd629e4b4ef4e19c1d011e65a2b8a337acd9b908

Security Headers

Name	Value
Content-Security-Policy	sandbox; default-src 'self'; script-src 'none'; object-src 'none'; report-uri http://csp.yahoo.com/beacon/csp?src=generic
Strict-Transport-Security	max-age=15552000
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ee9fecf2ac2811dd91f15b66ab8d4687.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Wed, 18 May 2022 13:45:59 GMT
x-content-type-options: nosniff
age: 0
expiry: Thu, 01 Jan 1970 00:00:00 GMT
content-length: 3720
x-xss-protection: 1; mode=block
pragma: no-cache
referrer-policy: strict-origin-when-cross-origin
server: ATS
x-frame-options: DENY
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
strict-transport-security: max-age=15552000
content-type: text/javascript
cache-control: no-store, no-cache, must-revalidate, private, max-age=0
content-security-policy: sandbox; default-src 'self'; script-src 'none'; object-src 'none'; report-uri http://csp.yahoo.com/beacon/csp?src=generic
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 200 talon-1.0.40.js Show response
cdn.js7k.com/ix/ Frame 0CF4 69 KB
16 KB 187ms
81ms Script
application/javascript 2a00:1288:80:807::2
YAHOO-DEB

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.js7k.com/ix/talon-1.0.40.js

Requested by

Host: graham-wjxt.zeustechnology.com
URL: https://graham-wjxt.zeustechnology.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1288:80:807::2 , United Kingdom, ASN203220 (YAHOO-DEB, GB),

Reverse DNS

Software

ATS /

Resource Hash

b3a1231790be53aa5210678e207c61bc8376c752f0c5a33df9e3eae23cc3b0a3

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ee9fecf2ac2811dd91f15b66ab8d4687.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Wed, 18 May 2022 11:33:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 7962
x-amz-server-side-encryption: AES256
vary: Origin, Accept-Encoding
content-length: 16540
x-amz-id-2: zmdsfKnaUqmmDQ81Bu8+Z28PIpB67FJZr/UODKK+2QybxSV98bba8h506xRsEIqceH95u12xIqU=
referrer-policy: no-referrer-when-downgrade
last-modified: Tue, 12 Apr 2022 16:08:42 GMT
server: ATS
etag: "adf514fab5c3f95007c73e6c3c901bfe-df"
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
strict-transport-security: max-age=15552000
x-amz-request-id: ZH2ZNY3MZSTVK7BM
x-xss-protection: 1; mode=block
cache-control: public,max-age=14400
accept-ranges: bytes
content-type: application/javascript; charset=utf-8

GET
H3 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220511/r20110914/client/ Frame 0CF4 3 KB
1 KB 148ms
77ms Script
text/javascript 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220511/r20110914/client/window_focus_fy2019.js

Requested by

Host: ee9fecf2ac2811dd91f15b66ab8d4687.safeframe.googlesyndication.com
URL: https://ee9fecf2ac2811dd91f15b66ab8d4687.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8aa048082094d36080fc028ab1584264596c64fb5b362038c4761ac9838d6b14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ee9fecf2ac2811dd91f15b66ab8d4687.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Wed, 18 May 2022 13:43:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 149
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1359
x-xss-protection: 0
server: cafe
etag: 1484984001845508991
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 01 Jun 2022 13:43:30 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 0CF4 133 KB
41 KB 1825ms
1745ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: ee9fecf2ac2811dd91f15b66ab8d4687.safeframe.googlesyndication.com
URL: https://ee9fecf2ac2811dd91f15b66ab8d4687.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

53b0053087c796bee6fb74269f3ff3e6316beb7e06309cfbccb5d52a45e69d7f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ee9fecf2ac2811dd91f15b66ab8d4687.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Wed, 18 May 2022 13:46:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 41645
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1652701179351892"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Wed, 18 May 2022 13:46:01 GMT

GET
H3 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220511/r20110914/client/ Frame 0CF4 15 KB
6 KB 130ms
60ms Script
text/javascript 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220511/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: ee9fecf2ac2811dd91f15b66ab8d4687.safeframe.googlesyndication.com
URL: https://ee9fecf2ac2811dd91f15b66ab8d4687.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

965195159be784009cc31e4aff2505c066643cf8cdc99df7f56c2eab2abeda82

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ee9fecf2ac2811dd91f15b66ab8d4687.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Wed, 18 May 2022 13:43:16 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 163
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6412
x-xss-protection: 0
server: cafe
etag: 1643562372680595834
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 01 Jun 2022 13:43:16 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame 0CF4 0
0 127ms
54ms Image
text/html 2a00:1450:4001:801::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaQVq9w3HY-a3EplWgORc_aqhtqIKMDHc7XuwABREeTKw_bOF3Xvgrwn6sh_l1jq04wARWIQ
Requested by: Host: ee9fecf2ac2811dd91f15b66ab8d4687.safeframe.googlesyndication.com
URL: https://ee9fecf2ac2811dd91f15b66ab8d4687.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:801::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ee9fecf2ac2811dd91f15b66ab8d4687.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

GET
H3 200 ext.js Show response
tpc.googlesyndication.com/safeframe/1-0-38/js/ Frame 0CF4 22 KB
7 KB 131ms
62ms Script
text/javascript 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/safeframe/1-0-38/js/ext.js

Requested by

Host: ee9fecf2ac2811dd91f15b66ab8d4687.safeframe.googlesyndication.com
URL: https://ee9fecf2ac2811dd91f15b66ab8d4687.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0bcac89d72d5f0b2bef20f815406384ff05489e4294acee57409060c2eccffc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ee9fecf2ac2811dd91f15b66ab8d4687.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 17 May 2022 13:42:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 86581
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7022
x-xss-protection: 0
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Wed, 17 May 2023 13:42:58 GMT

GET
H3 200 ext.js Show response
tpc.googlesyndication.com/safeframe/1-0-38/js/ Frame 8947 22 KB
7 KB 103ms
37ms Script
text/javascript 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/safeframe/1-0-38/js/ext.js

Requested by

Host: ee9fecf2ac2811dd91f15b66ab8d4687.safeframe.googlesyndication.com
URL: https://ee9fecf2ac2811dd91f15b66ab8d4687.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0bcac89d72d5f0b2bef20f815406384ff05489e4294acee57409060c2eccffc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ee9fecf2ac2811dd91f15b66ab8d4687.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 17 May 2022 13:42:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 86581
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7022
x-xss-protection: 0
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Wed, 17 May 2023 13:42:58 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 8947 133 KB
41 KB 1792ms
1717ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: ee9fecf2ac2811dd91f15b66ab8d4687.safeframe.googlesyndication.com
URL: https://ee9fecf2ac2811dd91f15b66ab8d4687.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

53b0053087c796bee6fb74269f3ff3e6316beb7e06309cfbccb5d52a45e69d7f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ee9fecf2ac2811dd91f15b66ab8d4687.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Wed, 18 May 2022 13:46:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 41645
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1652701179351892"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Wed, 18 May 2022 13:46:01 GMT

GET
H3 200 adview
securepubads.g.doubleclick.net/pagead/ Frame B1A7 0
0 77ms
76ms Fetch
text/html 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=CPN77l_iEYuXWDI-cgQeXsIyAAZ75kpBcs8Tlw4gJwI23ARABIABgleKigrAHggEXY2EtcHViLTY3MTQ4MjU2MDgzNTAwMDnIAQngAgCoAwGqBPkBT9CYBnT_KTgc7dno6Jm3PKNGaC8HBXrCdzqAikavhfUrvBuLCZLRCUBzjuCHh6HZRmN92wkA67vRcFLn0vvEV71y0x75p1rHI_gOvEZ-qcLFaSWQA-MrTLFmLVje7RQzrHQW0mgfgk5cvoUfknQlFQ5HQC_lLaMZtgo7kJPeKfKtaYaOQFQRcrc0qKdiga-WfzyuzglZve64B96Kn5JxueYEd6PolYveFtyx3_ONTdFtVFSbV38WLcHkmYpQTHAsJpqLuHIjtDemtC6sxoPeg5AbsyLgI-7piVG_CpSV3l1sIKMW0FIdP0vIyARwsHKPjd6nBzKRPbuD4AQBgAa92ve0q7aF6F2gBiGoB4qYsQKoB6a-G6gHltgbqAeqm7ECqAffn7EC2AcA0ggHCIjhgHAQAYAKA_oLAggBgAwB0BUBgBcBshccChoSFHB1Yi02NzE0ODI1NjA4MzUwMDA5GLjQEg&sigh=WKHFbEFPulg&uach_m=[UACH]&cid=CAQSPgCNIrLMenzxjYiSTBFOMi_qnhrlG-py7-bDRu4DgHUSQDbJjsN0U5sFgl1hwJIBN-liSYRd5f13ZinoMCTHGAE
Requested by: Host: graham-wjxt.zeustechnology.com
URL: https://graham-wjxt.zeustechnology.com/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 142.250.184.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra24s12-in-f2.1e100.net
Software: /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ee9fecf2ac2811dd91f15b66ab8d4687.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

GET
H2 200 adEvent.do Show response
prod-m-node-3113.ssp.yahoo.com/admax/ Frame B1A7 43 B
175 B 136ms
39ms Fetch
image/gif 18.198.241.229
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://prod-m-node-3113.ssp.yahoo.com/admax/adEvent.do?tidi=770957247&dcn=8a969167017e7ee4e1cce9bf477b00ab&posi=1640337&grp=???&nl=1652881559356&rts=1652881559281&pix=0&et=1&a=YoT4lwAEJFgK4DLXOg0gjQ&m=aXAtMTAtMjItMTEyLTg4&p=MC4wMDAwNjQxMDI&b=MTMyMzQ7T0FUSDEwMDI2MzAwMDtzcG90aWZ5LmNvbTs7Ozs1MTJkZDQ4NTQ1ODY0ZGUzYmIxMThiNjM0ZDUxZmFhYTszMDY0MDI2NTsxNjUyODgwNjUwOzswLjAwMDA1MTI4Mjs7MDs7NDYwNTE0Mzs3NDg1ZDA4NzFmZDc5ZGVjZmIyZTYzMjEwNGM4MGY3MjRiOWY0NDVjOzE.&xdi=Pz8_fEdvb2dsZXxOVCAxMC4wfDE3fERlc2t0b3A.&xoi=MHxERVU.&hb=true&type=2&hbp=6&af=5&dety=2
Requested by: Host: graham-wjxt.zeustechnology.com
URL: https://graham-wjxt.zeustechnology.com/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.198.241.229 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-198-241-229.eu-central-1.compute.amazonaws.com
Software: nginx/1.20.1 /
Resource Hash: f28236cf9fb53f0f4f4f35faf320aafaebca7c2f0679e6f13f8a4283ec5ed10b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ee9fecf2ac2811dd91f15b66ab8d4687.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Wed, 18 May 2022 13:45:59 GMT
last-modified: Wed, 18 May 2022 00:44:50 GMT
server: nginx/1.20.1
accept-ranges: bytes
content-length: 43
content-type: image/gif

GET
H2 200 https%3A%2F%2Fprod-m-node-3113.ssp.yahoo.com%2Fadmax%2FadClick.do%3Fdcn%3D8a969167017e7ee4e1cce9bf477b00ab%26n%3DYahoo%2BSSP%26id%3D77feebd7a129442da44bc2d1122fef2a%26tid%3D8a969404017e7eb0e718b14f... Show response
pr.ybp.yahoo.com/ab/secure/true/imp/Q_zIzgEohC9O6f3uporwnpeCN97tb_BR-erHmTYqFpYh1_homLLB4EiQfg2Fjks4uSkvBsxqlos59g27iVVrxYcs42FAhJP9o6MMUg8lkpM8LPoIf2EBeTkAdRTl0rTQ2NJMm1-ON1jI0T0c4kPUeE4Fj9NCy2vtS... Frame B1A7 4 KB
4 KB 229ms
136ms Script
text/javascript 2a00:1288:80:807::2
YAHOO-DEB

General

Check archive.org

Show headers Download Go to

Full URL

https://pr.ybp.yahoo.com/ab/secure/true/imp/Q_zIzgEohC9O6f3uporwnpeCN97tb_BR-erHmTYqFpYh1_homLLB4EiQfg2Fjks4uSkvBsxqlos59g27iVVrxYcs42FAhJP9o6MMUg8lkpM8LPoIf2EBeTkAdRTl0rTQ2NJMm1-ON1jI0T0c4kPUeE4Fj9NCy2vtSW0REy5jYI034pQuY6wL6eLUPu2vOMMt6ZeX-7MAaZSG3wHuU40cnQB_ANEd4ZzugTQ08VsBSQ9hvYIEeYRLgU8821uptiDf1kKM5-Y3EMwBbFPpTHtS20EUlWKkA-cROrP7LnTeZCE7kvQBZh87gO9DQDZcqX90HyvuhGbIwQ6H_eLbKKH6w6UyPhWF4sk3GAYJaEM4AtJfnGpAgBWB7FFHH5-QN-ijnXRS_hE_cD-HJBv_QQlu80uHRqwxuU1dF07X2lpUbFdSP_cQF8EKEYnQ7QM8Y6yJbnE4UCh2-8KUGm93XYuv2Zvl8woGl6QiQ9mLbDIGStP4vrjmojdgWOmT6Ghp0bKbY3b5fMwJPX1yLZv-8VqgwK5kBWw9a1fkEeP3DeomAIdEokPGs65mcZmmFClrnp3a4OhMqAi1fBeJWicQHML3_Oe17gWjfvPtjLoAR53aXeoQLfAmbyAgkRRNAGP5SmHMsQFYbgdMkS11FemTFCHrTYmckBdDf8NE3ga2l2kEe7b6K35tMT1q7l615HEDEhfW3T5eok2jDQDrcfilBOmDV9EgIgNS5HRCbATPRmazIlrfLdt0N7lq0I-Y7m-GFUAndrAnai9FMP4q5aGyanDckVlzW-943QOAc7VebllTM1JPUW7XozdxI9Mkw8dLv9WBGoVQ8QzkStCKwXawnZhY3i1T6R2D75XBBCVZHcJ8c3dubFTt5UW8cDv1dPqwB0JhVu8239oreDbkmV9wEByxMH0pk_8aH0NIaFXpBc8IST-sGS4DpxUy2lIWc1gJ-otPV-aUPpy6gXnDoolmyrhr7vLrutmxjk1wnM1nT9oOwgO5ECapKFniEPksjbci-4wQFkYi_4msEhQ5mwbWH7jL7W4geYH3YFkh8FDH-LZ08e_jCdYRA2v2k_aekVnrIKgeHk722H1lQMQxeMens7gV8gKXOUshzCKiJ3mxisCDsj5bbDO1WPsFMP6_-u-7acIew1uFe-GibLYNOhGgvDLoYXX5GTVZeeAlYMdIT4OacCHhCVcql3JxxLRXQXl2o_V02NUxY-5t70FR_UYRNgzdH7UBNYRtlnf40LG2cT9Wl0nlt6fllCnnuZbdqNnCKhBdMMMcC0Gwha04FpXRTjwtprBYS-Nr_QwIY-KxfBWIzXhesaDa7MiqVDvug8CY8pDzJCtq7UHOpNcvgzq4aUbMOAgy5WZv_MS_4qXYTZdVYuMfulz-pKSQMvRBow9zhqVh7J9AfS0oDewPsUV_39d4Mc5Wmaf2-lMlouebyJNjNmbaaTSHuhqUyxIYn7030wdDQhOYuc4MHWOUJsJDwW-izlZ2KtCIAP5gzUj5d6SqLHMsa4FF_CNfJ-EeQpHvvUCkj9GoifMJkWP0b1IIrml_dWP5WNR76Lg1ZvccV5bYbhX_U5btU17kFhO4wadawHvVgBGYvKTqvVU/wp/0.064102/tr/0.012820/pa/null/pclick/https%3A%2F%2Fprod-m-node-3113.ssp.yahoo.com%2Fadmax%2FadClick.do%3Fdcn%3D8a969167017e7ee4e1cce9bf477b00ab%26n%3DYahoo%2BSSP%26id%3D77feebd7a129442da44bc2d1122fef2a%26tid%3D8a969404017e7eb0e718b14fb247000b%26nid%3D8a808aee2edf264a012f0d6ee4e87844%26pos%3D8a969167017e7ee4e1cce9bfa69800ad%26grp%3D%253F%253F%253F%26type%3D2%26hbp%3D6%26nl%3D1652881559355%26rts%3D1652881559281%26ari%3D512dd48545864de3bb118b634d51faaa%26b%3DMTMyMzQ7Ozs7Ozs7MzA2NDAyNjU7Ozs7Ozs7Ozs.%26a%3DYoT4lwAEJFgK4DLXOg0gjQ%26rdm%3D1%26rd%3D

Requested by

Host: graham-wjxt.zeustechnology.com
URL: https://graham-wjxt.zeustechnology.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1288:80:807::2 , United Kingdom, ASN203220 (YAHOO-DEB, GB),

Reverse DNS

Software

ATS /

Resource Hash

7912117f323c2d45e1f5de214f8f36edb755822155beaee17ba50bb2a575c988

Security Headers

Name	Value
Content-Security-Policy	sandbox; default-src 'self'; script-src 'none'; object-src 'none'; report-uri http://csp.yahoo.com/beacon/csp?src=generic
Strict-Transport-Security	max-age=15552000
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ee9fecf2ac2811dd91f15b66ab8d4687.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Wed, 18 May 2022 13:45:59 GMT
x-content-type-options: nosniff
age: 0
expiry: Thu, 01 Jan 1970 00:00:00 GMT
content-length: 3719
x-xss-protection: 1; mode=block
pragma: no-cache
referrer-policy: strict-origin-when-cross-origin
server: ATS
x-frame-options: DENY
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
strict-transport-security: max-age=15552000
content-type: text/javascript
cache-control: no-store, no-cache, must-revalidate, private, max-age=0
content-security-policy: sandbox; default-src 'self'; script-src 'none'; object-src 'none'; report-uri http://csp.yahoo.com/beacon/csp?src=generic
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 200 talon-1.0.40.js Show response
cdn.js7k.com/ix/ Frame B1A7 69 KB
16 KB 203ms
111ms Script
application/javascript 2a00:1288:80:807::2
YAHOO-DEB

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.js7k.com/ix/talon-1.0.40.js

Requested by

Host: graham-wjxt.zeustechnology.com
URL: https://graham-wjxt.zeustechnology.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1288:80:807::2 , United Kingdom, ASN203220 (YAHOO-DEB, GB),

Reverse DNS

Software

ATS /

Resource Hash

b3a1231790be53aa5210678e207c61bc8376c752f0c5a33df9e3eae23cc3b0a3

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ee9fecf2ac2811dd91f15b66ab8d4687.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Wed, 18 May 2022 11:33:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 7962
x-amz-server-side-encryption: AES256
vary: Origin, Accept-Encoding
content-length: 16540
x-amz-id-2: zmdsfKnaUqmmDQ81Bu8+Z28PIpB67FJZr/UODKK+2QybxSV98bba8h506xRsEIqceH95u12xIqU=
referrer-policy: no-referrer-when-downgrade
last-modified: Tue, 12 Apr 2022 16:08:42 GMT
server: ATS
etag: "adf514fab5c3f95007c73e6c3c901bfe-df"
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
strict-transport-security: max-age=15552000
x-amz-request-id: ZH2ZNY3MZSTVK7BM
x-xss-protection: 1; mode=block
cache-control: public,max-age=14400
accept-ranges: bytes
content-type: application/javascript; charset=utf-8

GET
H3 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220511/r20110914/client/ Frame B1A7 3 KB
1 KB 137ms
79ms Script
text/javascript 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220511/r20110914/client/window_focus_fy2019.js

Requested by

Host: ee9fecf2ac2811dd91f15b66ab8d4687.safeframe.googlesyndication.com
URL: https://ee9fecf2ac2811dd91f15b66ab8d4687.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8aa048082094d36080fc028ab1584264596c64fb5b362038c4761ac9838d6b14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ee9fecf2ac2811dd91f15b66ab8d4687.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Wed, 18 May 2022 13:43:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 149
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1359
x-xss-protection: 0
server: cafe
etag: 1484984001845508991
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 01 Jun 2022 13:43:30 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame B1A7 133 KB
41 KB 1734ms
1667ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: ee9fecf2ac2811dd91f15b66ab8d4687.safeframe.googlesyndication.com
URL: https://ee9fecf2ac2811dd91f15b66ab8d4687.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

53b0053087c796bee6fb74269f3ff3e6316beb7e06309cfbccb5d52a45e69d7f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ee9fecf2ac2811dd91f15b66ab8d4687.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Wed, 18 May 2022 13:46:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 41645
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1652701179351892"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Wed, 18 May 2022 13:46:01 GMT

GET
H3 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220511/r20110914/client/ Frame B1A7 15 KB
6 KB 128ms
71ms Script
text/javascript 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220511/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: ee9fecf2ac2811dd91f15b66ab8d4687.safeframe.googlesyndication.com
URL: https://ee9fecf2ac2811dd91f15b66ab8d4687.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

965195159be784009cc31e4aff2505c066643cf8cdc99df7f56c2eab2abeda82

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ee9fecf2ac2811dd91f15b66ab8d4687.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Wed, 18 May 2022 13:43:16 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 163
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6412
x-xss-protection: 0
server: cafe
etag: 1643562372680595834
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 01 Jun 2022 13:43:16 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame B1A7 0
0 115ms
56ms Image
text/html 2a00:1450:4001:801::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaQ4h7Lq4cCpfTVcW_c5Uih2eF345xg8D88nlVz_J_qdz41ITZwbUIzx4gkjlaJsbRdGfyYv
Requested by: Host: ee9fecf2ac2811dd91f15b66ab8d4687.safeframe.googlesyndication.com
URL: https://ee9fecf2ac2811dd91f15b66ab8d4687.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:801::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ee9fecf2ac2811dd91f15b66ab8d4687.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

GET
H3 200 ext.js Show response
tpc.googlesyndication.com/safeframe/1-0-38/js/ Frame B1A7 22 KB
7 KB 124ms
68ms Script
text/javascript 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/safeframe/1-0-38/js/ext.js

Requested by

Host: ee9fecf2ac2811dd91f15b66ab8d4687.safeframe.googlesyndication.com
URL: https://ee9fecf2ac2811dd91f15b66ab8d4687.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0bcac89d72d5f0b2bef20f815406384ff05489e4294acee57409060c2eccffc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ee9fecf2ac2811dd91f15b66ab8d4687.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 17 May 2022 13:42:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 86581
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7022
x-xss-protection: 0
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Wed, 17 May 2023 13:42:58 GMT

GET
H2

200

si
googleads.g.doubleclick.net/pagead/drt/ Frame 9D6B
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

0
0

100ms
98ms

Image
text/html

142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Requested by: Host: graham-wjxt.zeustechnology.com
URL: https://graham-wjxt.zeustechnology.com/
Protocol: H2
Server: 142.250.185.130 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra16s50-in-f2.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

Redirect headers

date: Wed, 18 May 2022 13:45:59 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
location: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
cache-control: private
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0

GET
H2

200

si
googleads.g.doubleclick.net/pagead/drt/ Frame F8AD
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

0
0

139ms
139ms

Image
text/html

142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Requested by: Host: graham-wjxt.zeustechnology.com
URL: https://graham-wjxt.zeustechnology.com/
Protocol: H2
Server: 142.250.185.130 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra16s50-in-f2.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

Redirect headers

date: Wed, 18 May 2022 13:45:59 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
location: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
cache-control: private
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 8947 0
0 75ms
75ms Fetch
image/gif 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjstaaEsCOcFh_0xAPvEYFDkoW0MQ0zxJkXauM3esaCSwAzCdTqOuQBRI4PQZzpkHLFlJSCGFUVZoD0qYSmx5Qt4EXwymtMLXAzU3sGeWYPON76_Bj92HfdEYeL581KKM1-ABlcHmv9cbGVhvtca-eJaSDmrU-bIQLGMsXn3JNfQR-J86nj0ZZdZ8Jm7SXRgOA9mE7wq5hfnz3u08gtDXlujH7kStB1PF2DMom-GhpEjb2yZlfpB0ln7pLuZT6R1Z2GjoKN1P9U0vvyAxfIKGJG_3LWFCkSaMr6e2IKPKn084egRYVYkyZQdnh8R7kqHgu3SEwBQhp0O447eycYxuLY-mELE&sai=AMfl-YSjIOEOHeaBI61fcA0Wpf7BMzrm-OW7tiFb_tAicHWoSCzeV5ef4a8IzRH3ULg-ftbXPuCe-LowX3vztLuQgwzAS7ZzNwZ-XphXoa_ov_pPA70EBbLjZgfmYbobr6M&sig=Cg0ArKJSzHDwkw6ONuv0EAE&uach_m=[UACH]&urlfix=1&adurl=

Requested by

Host: ee9fecf2ac2811dd91f15b66ab8d4687.safeframe.googlesyndication.com
URL: https://ee9fecf2ac2811dd91f15b66ab8d4687.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ee9fecf2ac2811dd91f15b66ab8d4687.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 18 May 2022 13:46:00 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H2 200 dcmads.js Show response
www.googletagservices.com/dcm/ Frame 0CF4 24 KB
10 KB 38ms
37ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/dcm/dcmads.js

Requested by

Host: pr.ybp.yahoo.com
URL: https://pr.ybp.yahoo.com/ab/secure/true/imp/fpmPY8f7TubHv4nWrrlCH37PGMlKFMmGDOqutBy-g2ZN2TMR_vDKy6OwAzQEcQYfzpMRyzGGkJ2__amAA-7pfuGZEe8DWK0o7pczM4y7zrPbmtxJ9N4yhnNN3nkrhf7lGsNbcZ062W0eJXpWrcWBuDzphHVBtXkQmKl7qnDteB9wmdXGqmDiTfXkgFdDYxncauyFQwmvAm4aghW2anaIS_SRQC_-BJsWfOn8has_A-4iyz008gq6jtm823RiqbTKxBvAI7FysxisTMaPoI05TQjvniiyEAjOGin9iQD6WpaAqz5hXXiu5QyKmowILslVBeRx7v72XWmSSWybwFsmPxZcDkXlRheVMS0UUnU-5ddYoUwNYRjwzxwdmEpbRhXg8Y5j871pbS5YSVQTlU891Coia4qRcaZz6zqXqS4qejXNmW0SAfhD2pDMTpvPSP2L7jyGlrddQ8PsyiQTTvQEvB47mn5ItWwhmC9oLGaf3Y-Q0Gaatq9Xigj5J_sWxtHsoMhZf79YJb9EIgyI_OEr521MzS4bDalfHSexaUXWYoYHPEwNodVKrKFo_Sjw9AN1oxXB1hy3Pa25f7sV01Brvbg1QN80Qy5Vr9hitiGd-Ua6ARWflCmKsBUWmuxD0Eu0ok2EpuR5gH8loSnL4vEVu1hbPqrtAhXrSWGGi-vgJwJiNp0Jo7DlQwFFEWa56eQTdtPHjPK61JMA9dOiqd_-7g-GW5bEMWYUC2n3mWzvOobET94JWxPOMo6FugCyqK64OecO4VaAQ5ww-0a23AaWQa3Ypnqmqc6fgh3LR1ZAZRakkOBTbxo-Z-uTtS2h_Bt5qgZT_rFCdOtPbmtMiY2SWN_mAvNeqGv2i4GgsekYVESbeMt2-TeMUibzQkNgk81e29DzrJjSqOc9FsdeBKS0jzLQ3wUKBC2g4rPuJqh-ZPy30jYGLuk7dRvqYu-MrEDRYHkki7Cc0tvRgAtEUIcf1cWa-R65Tof0IQO95Kbcmy3gAf3XTR3jWyJbYPg0_HzA8MmpCijVdC1nHpffjPEE4slJRkzYNbLp0ekV3eaGTwp8gaFl_NoHl_aTplivuv0xM1R1ApmXxLJHu5t-9V9P-6G2tqSsiF2vz3g8cRnktVVFXNOCf20CL9dau3ke6FahfOrvgZzR_3dU3a-2n7YrB79HSBKmMEf3r7-dBMdejAbcSo6MRCfpqoPFZCij6y1QJRdCuPhxfnK0STjph5bpaNdX55hh4RSs6nby75He24FeZ-xxF41rOxSbPOrQXdbOXhrfYn7hWoF0eM60Stjt8VTytsDxbsxkZkdOFAdn78BcnnM07B1qa2tjhosRve4hagsMXlcwgoP5N3UtmtvYnMKFmoAn1Z8zfNp1W6zxaaj1jSWLqVpi8PnyJLJfdydZ5TLA_fcPI4oxHZXLmkQRVzI7ABmQLFn1NOHaBofQHNOFsHKfbIqmhtqzOfsYpFyANRt4aaj_9fDhVlJgUeyBc-oBm6pDzcwEk8JS4Y1fk8VhdtAGsMFcobnnO-8X1vZYMRdKZ4AxdSwgHWWwJ-VNfES-yI84aZRS3OJ8l-yBPQ4-gB0fNs17HstxDmt89tgd/wp/0.123158/tr/0.024632/pa/null/pclick/https%3A%2F%2Fprod-m-node-3113.ssp.yahoo.com%2Fadmax%2FadClick.do%3Fdcn%3D8a969167017e7ee4e1cce9bf477b00ab%26n%3DYahoo%2BSSP%26id%3Dcf0433e47b6540b0a7f7bbe7c39bb4eb%26tid%3D8a969404017e7eb0e718b14fb247000b%26nid%3D8a808aee2edf264a012f0d6ee4e87844%26pos%3D8a969167017e7ee4e1cce9bfa69800ad%26grp%3D%253F%253F%253F%26type%3D2%26hbp%3D6%26nl%3D1652881559378%26rts%3D1652881559291%26ari%3D34b39f3637fc4c8a98dd6e091e085150%26b%3DMTMyMzQ7Ozs7Ozs7MzA2NDAyNjU7Ozs7Ozs7Ozs.%26a%3DYoT4lwAEPRMIEcRB0AvAvA%26rdm%3D1%26rd%3D

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8066520d4f9a10b94ecaab59ccd265803acf8a1c1d1de3769ab889e95a77dd4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ee9fecf2ac2811dd91f15b66ab8d4687.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Wed, 18 May 2022 12:52:16 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 3224
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-dcm-tag
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9377
x-xss-protection: 0
last-modified: Wed, 11 May 2022 14:39:46 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-dcm-tag"
vary: Accept-Encoding
report-to: {"group":"ads-dcm-tag","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-dcm-tag"}]}
content-type: text/javascript
cache-control: public, max-age=3600
accept-ranges: bytes
expires: Wed, 18 May 2022 13:52:16 GMT

GET
H2 200 inside-20.js Show response
cdn.js7k.com/rq/iv/ Frame 0CF4 43 KB
14 KB 41ms
40ms Script
application/javascript 2a00:1288:80:807::2
YAHOO-DEB

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.js7k.com/rq/iv/inside-20.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1288:80:807::2 , United Kingdom, ASN203220 (YAHOO-DEB, GB),

Reverse DNS

Software

ATS /

Resource Hash

b881933fe54cb1f5fff57af861b24625152804dc14462501e7f1fde3b11fe4a1

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ee9fecf2ac2811dd91f15b66ab8d4687.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Wed, 18 May 2022 10:14:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 12679
x-amz-server-side-encryption: AES256
vary: Origin, Accept-Encoding
content-length: 14351
x-amz-id-2: vkuBYln448PJSR4tiMkL8gDphUAYi8rWBOJy2k+Yg46L0Q+AyvhFnj+zT+Dux3hmz7MmOCA2eM4=
referrer-policy: no-referrer-when-downgrade
last-modified: Thu, 09 Sep 2021 15:05:50 GMT
server: ATS
etag: "f881746c8b26f5492cfb9be16c44dbcc-df"
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
strict-transport-security: max-age=15552000
x-amz-request-id: 3VV1GKY81JVSYY6V
x-xss-protection: 1; mode=block
cache-control: public,max-age=14400
accept-ranges: bytes
content-type: application/javascript; charset=utf-8

GET
H2 200 dcmads.js Show response
www.googletagservices.com/dcm/ Frame B361 24 KB
9 KB 46ms
45ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/dcm/dcmads.js

Requested by

Host: pr.ybp.yahoo.com
URL: https://pr.ybp.yahoo.com/ab/secure/true/imp/71ow1ieoGasQFNCpSZU_FPJ72K98ooy1Y56gkBfjsw5UXJEp6y-yQavhn1I7MeherXHnjbOBnSWZHEXpuK9uodbMbKIcRov60bopDvdDfEGdf-EZTUBnNpKGvRPp1AnpJbeCSbUHEBR-icT3T-5P3CiEdrp0Jl1Q2CCDaVZRsI_ExqS90qTBGi962-Icf_brTbQnUb17Qdw0SAlm7Dh4u90etPSpu62D_iYfXCYGiY0dlUL09GLbiHXcM2dbJTWy_GbBC2Z-0KN_oqeUG3oNiU0pZvi6-I2ikD6jQ2152ICncCZYbzucpsaAaHJ32Q9Sy3MD-IZiHsHipAQraVt8CbR0oTO1D8-77jSAdQ3u0cuEZhjJ6NnllzFwId0An8sS--kMwlesInULTp0ebEzgY25hnThuhyHE-KiYRB7ne_mclAs09jqM_mh1lMaJyFi7la4-FEd505T5E6Y2iiRx-BpfLSYfu5h-5PId7uAoa_vFj6trOB-6l7qEAs4gmT2Syqn9JfQk9of07alOE5wZ3weacwv8ov6C6qPOEKTSv8MEGJKhpw275vlFHIHxGuRjVnHNqhljauqj08SGQpYJhZxy6HUG8hinzyJuo2y-uNMlPvU5tw28U2OJwOwK5zRT_3PwEQNQjWfx6fLuT_Xkz-75qq_FnfkxM8hNS5ifp5DBculEsg8pVTRVRLNsbKsOHofaeFGlxBUxu_pKUNeOt_WTQU733t4-ICIGxNRVgBau4DS0LAN9p7TGVieCDzeyaQ6KYih639EyFwUEclw3btb28APk4ilz2VxbX5Iuelx6x01D4kHM3tv826BPy9C3IfzRw82ih15GAW3GFPiLoSYFbf5b9bZjSZKHIejk2eSV-Zzbhl2wjlYGHA2gsNEYKPkTlz1dDf1i6T92gUFNJhnYpMEAcVIcOfkrevTW-cl09b_RcPV0Zebsi3epaYnIOmEYcbqcaydMvqF5Ht2ggU3ZvrKEOB4Hr2vD7dbv4erFBHpV1HM7S8YMphTRb6fDfT8aCOAvs7_BtlaV0o5lNfg4WgUWWD5wBAJ6lmhjDYRSKeSufMfiBhdP_oMg4IDNRbk0EzgGN9X7xieIt-hxE1HFUyU6EMM62OU7hrg-L8Fm-Tt7_yKf7AMOohxpoaqSLe9ecR90np3Y0vDV4KUJZjFzjD8Nbh0f2S_rlk5704eSs9uFbbfbgBApyec_2PTCa2fR1GvSiYNiLnsrXyQ4eBhKKl11whzFIaUe0dkAI0kOStR39c4qFIC_1sN1N6ZUl4-0I2SgLTqbPc4fI6sJBUWT_tAJiA8RFpmUD6hoB0n6gky-F_t6j5s_czIJc3xvciDmLl7YUl91eaNbfw0XgliBwM7so_aYZOPAFPylI_FfSfcjN5fe2QRHOJAltFwEI4Wze2iR5ebNLZs_1D7IC86_vGDipNGMBYy0Ab4bsiOIKG28fXQnvpOfgolv5KY3XCH6TU-tYeCCCW_gBoSpuoS72u24LlKbxQlU6ZM4820eJh-fDY_dZQjdQeXZwaFlcbbheYwU7_dRrUJdqAhzidpWGu1hMsGnKUkfPnkBI_EYoEmHBHU35xeAVPW9y9S1/wp/0.089973/tr/0.017995/pa/null/pclick/https%3A%2F%2Fprod-m-node-3113.ssp.yahoo.com%2Fadmax%2FadClick.do%3Fdcn%3D8a969167017e7ee4e1cce9bf477b00ab%26n%3DYahoo%2BSSP%26id%3D15f190312ea54d868a1610a68c38387e%26tid%3D8a969404017e7eb0e718b14fb247000b%26nid%3D8a808aee2edf264a012f0d6ee4e87844%26pos%3D8a969167017e7ee4e1cce9bfa69800ad%26grp%3D%253F%253F%253F%26type%3D2%26hbp%3D6%26nl%3D1652881559378%26rts%3D1652881559297%26ari%3D8c0b69779044406d8b40e1bd7c1347a3%26b%3DMTMyMzQ7Ozs7Ozs7MzA2NDAyNjU7Ozs7Ozs7Ozs.%26a%3DYoT4lwAEQfgK7dlPKgz8iw%26rdm%3D1%26rd%3D

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8066520d4f9a10b94ecaab59ccd265803acf8a1c1d1de3769ab889e95a77dd4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ee9fecf2ac2811dd91f15b66ab8d4687.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Wed, 18 May 2022 12:52:16 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 3224
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-dcm-tag
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9377
x-xss-protection: 0
last-modified: Wed, 11 May 2022 14:39:46 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-dcm-tag"
vary: Accept-Encoding
report-to: {"group":"ads-dcm-tag","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-dcm-tag"}]}
content-type: text/javascript
cache-control: public, max-age=3600
accept-ranges: bytes
expires: Wed, 18 May 2022 13:52:16 GMT

GET
H2 200 inside-20.js Show response
cdn.js7k.com/rq/iv/ Frame B361 43 KB
14 KB 39ms
39ms Script
application/javascript 2a00:1288:80:807::2
YAHOO-DEB

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.js7k.com/rq/iv/inside-20.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1288:80:807::2 , United Kingdom, ASN203220 (YAHOO-DEB, GB),

Reverse DNS

Software

ATS /

Resource Hash

b881933fe54cb1f5fff57af861b24625152804dc14462501e7f1fde3b11fe4a1

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ee9fecf2ac2811dd91f15b66ab8d4687.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Wed, 18 May 2022 10:14:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 12679
x-amz-server-side-encryption: AES256
vary: Origin, Accept-Encoding
content-length: 14351
x-amz-id-2: vkuBYln448PJSR4tiMkL8gDphUAYi8rWBOJy2k+Yg46L0Q+AyvhFnj+zT+Dux3hmz7MmOCA2eM4=
referrer-policy: no-referrer-when-downgrade
last-modified: Thu, 09 Sep 2021 15:05:50 GMT
server: ATS
etag: "f881746c8b26f5492cfb9be16c44dbcc-df"
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
strict-transport-security: max-age=15552000
x-amz-request-id: 3VV1GKY81JVSYY6V
x-xss-protection: 1; mode=block
cache-control: public,max-age=14400
accept-ranges: bytes
content-type: application/javascript; charset=utf-8

GET
H/1.1 200
OK web.js Show response
ads.celtra.com/7cbc9bc6/ Frame 8947 14 KB
5 KB 189ms
52ms Script
application/javascript 18.198.184.102
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.celtra.com/7cbc9bc6/web.js?&clickUrl=https%3A%2F%2Fadclick.g.doubleclick.net%2Fpcs%2Fclick%3Fxai%3DAKAOjsv74TKAScwZ7kSGPIXlo17owdrYDeksI3kvyRfT8EjfLrpfV8BkA_C5s-0plTJm61lUQMvwZoQ2U7icRew1jAlYlC9uVDLGtDeJF19bKnpSTr7rtA2F1Ya9qfnhUk49Rf1IkhIavqkKRwmz3m_b7ezFp4zifMVFaIV1r4_QWlG0cmq9WZ57Py-l0ImMwF1mzipRQ2QkXutibXnYMVcCXFLmKZ8cmp1ER8TypGQezFR25hDM9A1O94wyd4uLI61Xibia3_fLE4WSwMzgxZydRlICtnSo7dao7-IXDRDFfOQzddfL7YSwnp0KIZQ7EceOxmQ8s4JqJmikzm947iRL5tY%26sai%3DAMfl-YReHDh2S38SUoi0uY1v8guY6C9yl-WwW7iiv_v-r4p04IIKxbgt6YTAwN5KL1X9Hj_IuyCs1MWz9wQjithTAFhZ5CHyYPvqnX0Byk3ddbStqVkzfrhw5phaR5ozXYc%26sig%3DCg0ArKJSzB9oQLpmCDZHEAE%26fbs_aeid%3D%5Bgw_fbsaeid%5D%26urlfix%3D1%26adurl%3D&sticky=bottom&preferredClickThroughWindow=new&clickEvent=advertiser&iosAdvId=&androidAdvId=&externalAdServer=DFPPremium&tagVersion=html-standard-7&eas.JWVjaWQh=138391954221&externalCreativeId=138391954221&externalPlacementId=188961168&externalSiteId=14466408&externalSiteName=zeustechnology.com&externalLineItemId=6016424820&externalCampaignId=3028288711&externalAdvertiserId=5171270855&coppa=0&scriptId=celtra-script-1&clientTimestamp=1652881560.044&clientTimeZoneOffsetInMinutes=0&hostPageLoadId=2514031202456164
Requested by: Host: ee9fecf2ac2811dd91f15b66ab8d4687.safeframe.googlesyndication.com
URL: https://ee9fecf2ac2811dd91f15b66ab8d4687.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.198.184.102 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-198-184-102.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: 9cb25c26047c3494964247558aeb87ac4b4b71ea5185df8145a3077d20014e17

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ee9fecf2ac2811dd91f15b66ab8d4687.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 18 May 2022 13:45:59 GMT
content-encoding: gzip
Content-Type: application/javascript; charset=utf-8
Cache-Control: no-cache, no-store, must-revalidate
Connection: keep-alive
Content-Length: 4830
Expires: 0

GET
H2 200 adchoicesblue.png
s.yimg.com/ch/icons/adchoices/ Frame B361 565 B
917 B 46ms
40ms Image
image/png 2a00:1288:80:807::2
YAHOO-DEB

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s.yimg.com/ch/icons/adchoices/adchoicesblue.png

Requested by

Host: ee9fecf2ac2811dd91f15b66ab8d4687.safeframe.googlesyndication.com
URL: https://ee9fecf2ac2811dd91f15b66ab8d4687.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1288:80:807::2 , United Kingdom, ASN203220 (YAHOO-DEB, GB),

Reverse DNS

Software

ATS /

Resource Hash

b8954ed878ae615531f62b8d9a95a79d9a86a84f4af1504bcbec32d8e62d7ebd

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ee9fecf2ac2811dd91f15b66ab8d4687.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

ats-carp-promotion: 1
date: Tue, 10 May 2022 18:50:39 GMT
x-content-type-options: nosniff
age: 672922
x-amz-server-side-encryption: AES256
vary: Origin
content-length: 565
x-amz-id-2: iod8DfM+vfwb+unfQI/uahGaXR/pvULOqdFpz09hVxrIXiR8HT3xmkR+wdJoylGPTr/YYzAprHU=
referrer-policy: no-referrer-when-downgrade
last-modified: Wed, 22 Jul 2020 18:15:42 GMT
server: ATS
etag: "349bad1100a940608cb9109eb2b166a2"
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
strict-transport-security: max-age=15552000
x-amz-request-id: SHX9T0ABY4KN0NGH
x-xss-protection: 1; mode=block
cache-control: max-age=15552000, public
x-amz-version-id: null
accept-ranges: bytes
content-type: image/png

GET
H2 200 adchoicesblue.png
s.yimg.com/ch/icons/adchoices/ Frame 0CF4 565 B
604 B 46ms
41ms Image
image/png 2a00:1288:80:807::2
YAHOO-DEB

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s.yimg.com/ch/icons/adchoices/adchoicesblue.png

Requested by

Host: ee9fecf2ac2811dd91f15b66ab8d4687.safeframe.googlesyndication.com
URL: https://ee9fecf2ac2811dd91f15b66ab8d4687.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1288:80:807::2 , United Kingdom, ASN203220 (YAHOO-DEB, GB),

Reverse DNS

Software

ATS /

Resource Hash

b8954ed878ae615531f62b8d9a95a79d9a86a84f4af1504bcbec32d8e62d7ebd

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ee9fecf2ac2811dd91f15b66ab8d4687.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

ats-carp-promotion: 1
date: Tue, 10 May 2022 18:50:39 GMT
x-content-type-options: nosniff
age: 672922
x-amz-server-side-encryption: AES256
vary: Origin
content-length: 565
x-amz-id-2: iod8DfM+vfwb+unfQI/uahGaXR/pvULOqdFpz09hVxrIXiR8HT3xmkR+wdJoylGPTr/YYzAprHU=
referrer-policy: no-referrer-when-downgrade
last-modified: Wed, 22 Jul 2020 18:15:42 GMT
server: ATS
etag: "349bad1100a940608cb9109eb2b166a2"
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
strict-transport-security: max-age=15552000
x-amz-request-id: SHX9T0ABY4KN0NGH
x-xss-protection: 1; mode=block
cache-control: max-age=15552000, public
x-amz-version-id: null
accept-ranges: bytes
content-type: image/png

GET
H3 200 dcmads.js Show response
www.googletagservices.com/dcm/ Frame B1A7 24 KB
9 KB 117ms
39ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/dcm/dcmads.js

Requested by

Host: pr.ybp.yahoo.com
URL: https://pr.ybp.yahoo.com/ab/secure/true/imp/Q_zIzgEohC9O6f3uporwnpeCN97tb_BR-erHmTYqFpYh1_homLLB4EiQfg2Fjks4uSkvBsxqlos59g27iVVrxYcs42FAhJP9o6MMUg8lkpM8LPoIf2EBeTkAdRTl0rTQ2NJMm1-ON1jI0T0c4kPUeE4Fj9NCy2vtSW0REy5jYI034pQuY6wL6eLUPu2vOMMt6ZeX-7MAaZSG3wHuU40cnQB_ANEd4ZzugTQ08VsBSQ9hvYIEeYRLgU8821uptiDf1kKM5-Y3EMwBbFPpTHtS20EUlWKkA-cROrP7LnTeZCE7kvQBZh87gO9DQDZcqX90HyvuhGbIwQ6H_eLbKKH6w6UyPhWF4sk3GAYJaEM4AtJfnGpAgBWB7FFHH5-QN-ijnXRS_hE_cD-HJBv_QQlu80uHRqwxuU1dF07X2lpUbFdSP_cQF8EKEYnQ7QM8Y6yJbnE4UCh2-8KUGm93XYuv2Zvl8woGl6QiQ9mLbDIGStP4vrjmojdgWOmT6Ghp0bKbY3b5fMwJPX1yLZv-8VqgwK5kBWw9a1fkEeP3DeomAIdEokPGs65mcZmmFClrnp3a4OhMqAi1fBeJWicQHML3_Oe17gWjfvPtjLoAR53aXeoQLfAmbyAgkRRNAGP5SmHMsQFYbgdMkS11FemTFCHrTYmckBdDf8NE3ga2l2kEe7b6K35tMT1q7l615HEDEhfW3T5eok2jDQDrcfilBOmDV9EgIgNS5HRCbATPRmazIlrfLdt0N7lq0I-Y7m-GFUAndrAnai9FMP4q5aGyanDckVlzW-943QOAc7VebllTM1JPUW7XozdxI9Mkw8dLv9WBGoVQ8QzkStCKwXawnZhY3i1T6R2D75XBBCVZHcJ8c3dubFTt5UW8cDv1dPqwB0JhVu8239oreDbkmV9wEByxMH0pk_8aH0NIaFXpBc8IST-sGS4DpxUy2lIWc1gJ-otPV-aUPpy6gXnDoolmyrhr7vLrutmxjk1wnM1nT9oOwgO5ECapKFniEPksjbci-4wQFkYi_4msEhQ5mwbWH7jL7W4geYH3YFkh8FDH-LZ08e_jCdYRA2v2k_aekVnrIKgeHk722H1lQMQxeMens7gV8gKXOUshzCKiJ3mxisCDsj5bbDO1WPsFMP6_-u-7acIew1uFe-GibLYNOhGgvDLoYXX5GTVZeeAlYMdIT4OacCHhCVcql3JxxLRXQXl2o_V02NUxY-5t70FR_UYRNgzdH7UBNYRtlnf40LG2cT9Wl0nlt6fllCnnuZbdqNnCKhBdMMMcC0Gwha04FpXRTjwtprBYS-Nr_QwIY-KxfBWIzXhesaDa7MiqVDvug8CY8pDzJCtq7UHOpNcvgzq4aUbMOAgy5WZv_MS_4qXYTZdVYuMfulz-pKSQMvRBow9zhqVh7J9AfS0oDewPsUV_39d4Mc5Wmaf2-lMlouebyJNjNmbaaTSHuhqUyxIYn7030wdDQhOYuc4MHWOUJsJDwW-izlZ2KtCIAP5gzUj5d6SqLHMsa4FF_CNfJ-EeQpHvvUCkj9GoifMJkWP0b1IIrml_dWP5WNR76Lg1ZvccV5bYbhX_U5btU17kFhO4wadawHvVgBGYvKTqvVU/wp/0.064102/tr/0.012820/pa/null/pclick/https%3A%2F%2Fprod-m-node-3113.ssp.yahoo.com%2Fadmax%2FadClick.do%3Fdcn%3D8a969167017e7ee4e1cce9bf477b00ab%26n%3DYahoo%2BSSP%26id%3D77feebd7a129442da44bc2d1122fef2a%26tid%3D8a969404017e7eb0e718b14fb247000b%26nid%3D8a808aee2edf264a012f0d6ee4e87844%26pos%3D8a969167017e7ee4e1cce9bfa69800ad%26grp%3D%253F%253F%253F%26type%3D2%26hbp%3D6%26nl%3D1652881559355%26rts%3D1652881559281%26ari%3D512dd48545864de3bb118b634d51faaa%26b%3DMTMyMzQ7Ozs7Ozs7MzA2NDAyNjU7Ozs7Ozs7Ozs.%26a%3DYoT4lwAEJFgK4DLXOg0gjQ%26rdm%3D1%26rd%3D

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8066520d4f9a10b94ecaab59ccd265803acf8a1c1d1de3769ab889e95a77dd4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ee9fecf2ac2811dd91f15b66ab8d4687.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Wed, 18 May 2022 12:52:16 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 3224
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-dcm-tag
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9377
x-xss-protection: 0
last-modified: Wed, 11 May 2022 14:39:46 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-dcm-tag"
vary: Accept-Encoding
report-to: {"group":"ads-dcm-tag","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-dcm-tag"}]}
content-type: text/javascript
cache-control: public, max-age=3600
accept-ranges: bytes
expires: Wed, 18 May 2022 13:52:16 GMT

GET
H2 200 inside-20.js Show response
cdn.js7k.com/rq/iv/ Frame B1A7 43 KB
14 KB 40ms
39ms Script
application/javascript 2a00:1288:80:807::2
YAHOO-DEB

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.js7k.com/rq/iv/inside-20.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1288:80:807::2 , United Kingdom, ASN203220 (YAHOO-DEB, GB),

Reverse DNS

Software

ATS /

Resource Hash

b881933fe54cb1f5fff57af861b24625152804dc14462501e7f1fde3b11fe4a1

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ee9fecf2ac2811dd91f15b66ab8d4687.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Wed, 18 May 2022 10:14:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 12679
x-amz-server-side-encryption: AES256
vary: Origin, Accept-Encoding
content-length: 14351
x-amz-id-2: vkuBYln448PJSR4tiMkL8gDphUAYi8rWBOJy2k+Yg46L0Q+AyvhFnj+zT+Dux3hmz7MmOCA2eM4=
referrer-policy: no-referrer-when-downgrade
last-modified: Thu, 09 Sep 2021 15:05:50 GMT
server: ATS
etag: "f881746c8b26f5492cfb9be16c44dbcc-df"
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
strict-transport-security: max-age=15552000
x-amz-request-id: 3VV1GKY81JVSYY6V
x-xss-protection: 1; mode=block
cache-control: public,max-age=14400
accept-ranges: bytes
content-type: application/javascript; charset=utf-8

GET
H2 200 adchoicesblue.png
s.yimg.com/ch/icons/adchoices/ Frame B1A7 565 B
604 B 38ms
38ms Image
image/png 2a00:1288:80:807::2
YAHOO-DEB

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s.yimg.com/ch/icons/adchoices/adchoicesblue.png

Requested by

Host: ee9fecf2ac2811dd91f15b66ab8d4687.safeframe.googlesyndication.com
URL: https://ee9fecf2ac2811dd91f15b66ab8d4687.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1288:80:807::2 , United Kingdom, ASN203220 (YAHOO-DEB, GB),

Reverse DNS

Software

ATS /

Resource Hash

b8954ed878ae615531f62b8d9a95a79d9a86a84f4af1504bcbec32d8e62d7ebd

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ee9fecf2ac2811dd91f15b66ab8d4687.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

ats-carp-promotion: 1
date: Tue, 10 May 2022 18:50:39 GMT
x-content-type-options: nosniff
age: 672922
x-amz-server-side-encryption: AES256
vary: Origin
content-length: 565
x-amz-id-2: iod8DfM+vfwb+unfQI/uahGaXR/pvULOqdFpz09hVxrIXiR8HT3xmkR+wdJoylGPTr/YYzAprHU=
referrer-policy: no-referrer-when-downgrade
last-modified: Wed, 22 Jul 2020 18:15:42 GMT
server: ATS
etag: "349bad1100a940608cb9109eb2b166a2"
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
strict-transport-security: max-age=15552000
x-amz-request-id: SHX9T0ABY4KN0NGH
x-xss-protection: 1; mode=block
cache-control: max-age=15552000, public
x-amz-version-id: null
accept-ranges: bytes
content-type: image/png

GET
H3 200 impl_v88.js Show response
www.googletagservices.com/dcm/ Frame 0CF4 54 KB
21 KB 87ms
37ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/dcm/impl_v88.js

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/dcm/dcmads.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b225a72c3c0f0ce054225cf8748508f69d7315568bb5aacb38491e006a4372d5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ee9fecf2ac2811dd91f15b66ab8d4687.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Mon, 16 May 2022 16:12:48 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 163992
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-dcm-tag
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 21405
x-xss-protection: 0
last-modified: Mon, 02 May 2022 13:48:52 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-dcm-tag"
vary: Accept-Encoding
report-to: {"group":"ads-dcm-tag","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-dcm-tag"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 16 May 2023 16:12:48 GMT

GET
H3 200 impl_v88.js Show response
www.googletagservices.com/dcm/ Frame B361 54 KB
21 KB 96ms
46ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/dcm/impl_v88.js

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/dcm/dcmads.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b225a72c3c0f0ce054225cf8748508f69d7315568bb5aacb38491e006a4372d5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ee9fecf2ac2811dd91f15b66ab8d4687.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Mon, 16 May 2022 16:12:48 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 163992
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-dcm-tag
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 21405
x-xss-protection: 0
last-modified: Mon, 02 May 2022 13:48:52 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-dcm-tag"
vary: Accept-Encoding
report-to: {"group":"ads-dcm-tag","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-dcm-tag"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 16 May 2023 16:12:48 GMT

GET
H3 200 impl_v88.js Show response
www.googletagservices.com/dcm/ Frame B1A7 54 KB
21 KB 39ms
38ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/dcm/impl_v88.js

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/dcm/dcmads.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b225a72c3c0f0ce054225cf8748508f69d7315568bb5aacb38491e006a4372d5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ee9fecf2ac2811dd91f15b66ab8d4687.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Mon, 16 May 2022 16:12:48 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 163992
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-dcm-tag
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 21405
x-xss-protection: 0
last-modified: Mon, 02 May 2022 13:48:52 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-dcm-tag"
vary: Accept-Encoding
report-to: {"group":"ads-dcm-tag","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-dcm-tag"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 16 May 2023 16:12:48 GMT

GET
H2 200 web.js Show response
cache-ssl.celtra.com/api/creatives/c5e38e5a/compiled/ Frame 8947 485 KB
117 KB 155ms
45ms Script
application/javascript 143.204.215.44
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cache-ssl.celtra.com/api/creatives/c5e38e5a/compiled/web.js?v=3-1d0fe298c7&secure=1&cachedVariantChoices=W10-&isPurposePreview=0&eventMetadataExperiment=newMeta&inmobi=0
Requested by: Host: ads.celtra.com
URL: https://ads.celtra.com/7cbc9bc6/web.js?&clickUrl=https%3A%2F%2Fadclick.g.doubleclick.net%2Fpcs%2Fclick%3Fxai%3DAKAOjsv74TKAScwZ7kSGPIXlo17owdrYDeksI3kvyRfT8EjfLrpfV8BkA_C5s-0plTJm61lUQMvwZoQ2U7icRew1jAlYlC9uVDLGtDeJF19bKnpSTr7rtA2F1Ya9qfnhUk49Rf1IkhIavqkKRwmz3m_b7ezFp4zifMVFaIV1r4_QWlG0cmq9WZ57Py-l0ImMwF1mzipRQ2QkXutibXnYMVcCXFLmKZ8cmp1ER8TypGQezFR25hDM9A1O94wyd4uLI61Xibia3_fLE4WSwMzgxZydRlICtnSo7dao7-IXDRDFfOQzddfL7YSwnp0KIZQ7EceOxmQ8s4JqJmikzm947iRL5tY%26sai%3DAMfl-YReHDh2S38SUoi0uY1v8guY6C9yl-WwW7iiv_v-r4p04IIKxbgt6YTAwN5KL1X9Hj_IuyCs1MWz9wQjithTAFhZ5CHyYPvqnX0Byk3ddbStqVkzfrhw5phaR5ozXYc%26sig%3DCg0ArKJSzB9oQLpmCDZHEAE%26fbs_aeid%3D%5Bgw_fbsaeid%5D%26urlfix%3D1%26adurl%3D&sticky=bottom&preferredClickThroughWindow=new&clickEvent=advertiser&iosAdvId=&androidAdvId=&externalAdServer=DFPPremium&tagVersion=html-standard-7&eas.JWVjaWQh=138391954221&externalCreativeId=138391954221&externalPlacementId=188961168&externalSiteId=14466408&externalSiteName=zeustechnology.com&externalLineItemId=6016424820&externalCampaignId=3028288711&externalAdvertiserId=5171270855&coppa=0&scriptId=celtra-script-1&clientTimestamp=1652881560.044&clientTimeZoneOffsetInMinutes=0&hostPageLoadId=2514031202456164
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.215.44 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-215-44.fra53.r.cloudfront.net
Software: Apache /
Resource Hash: 06967de79eeb104946e3ccd80c4188d8d6068200ed7529968917809990b1c9cb

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ee9fecf2ac2811dd91f15b66ab8d4687.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Wed, 18 May 2022 04:00:16 GMT
content-encoding: gzip
age: 35144
x-cache: Hit from cloudfront
content-length: 119464
access-control-allow-origin: *
server: Apache
etag: "5fae3d089df808a89c420353e71b6c46331f2e587787657ed86b3bad18142ee8"
vary: Accept-Encoding
x-varnish: 1513241 4335802
via: 1.1 varnish (Varnish/6.2), 1.1 9d27077cd67d98c0474b05ec9d68df4a.cloudfront.net (CloudFront)
access-control-expose-headers: Accept-Ranges, Content-Encoding, Content-Length, Content-Range, Content-Disposition
cache-control: max-age=31556926
access-control-allow-credentials: false
x-amz-cf-pop: FRA53-C1
accept-ranges: bytes
content-type: application/javascript
x-amz-cf-id: B5xD1t_nVu5ddff2SD4JlD4-2PUvpR4fxzTfR7rEGFTUl-jcmLxAvQ==

GET
DATA 200
OK truncated
/ Frame 8947 167 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: d26432e661658ef9d3d538b1f71b1478193f6c141f1cd7dfed03e5b677d178c2

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

Content-Type: image/png

GET
BLOB 200
OK 4e08946c-f9bc-472c-9e6c-73761165f0ff
https://ee9fecf2ac2811dd91f15b66ab8d4687.safeframe.googlesyndication.com/ Frame 8947 167 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: blob:https://ee9fecf2ac2811dd91f15b66ab8d4687.safeframe.googlesyndication.com/4e08946c-f9bc-472c-9e6c-73761165f0ff
Requested by: Host: ee9fecf2ac2811dd91f15b66ab8d4687.safeframe.googlesyndication.com
URL: https://ee9fecf2ac2811dd91f15b66ab8d4687.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: d26432e661658ef9d3d538b1f71b1478193f6c141f1cd7dfed03e5b677d178c2

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

Content-Length: 167
Content-Type: image/png

GET
H2 200 B26831645.332141463;dc_ver=88.258;dc_eid=40004000;sz=300x250;u_sd=1;gdpr=1;dc_adk=305241873;ord=7e3yks;click=https%3A%2F%2Fprod-m-node-3113.ssp.yahoo.com%2Fadmax%2FadClick.do%3Fdcn%3D8a969167017e7e... Show response
ad.doubleclick.net/ddm/adj/N51703.3848558MATTERKIND1/ Frame 0CF4 64 KB
27 KB 382ms
92ms Script
text/javascript 142.250.186.102
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ad.doubleclick.net/ddm/adj/N51703.3848558MATTERKIND1/B26831645.332141463;dc_ver=88.258;dc_eid=40004000;sz=300x250;u_sd=1;gdpr=1;dc_adk=305241873;ord=7e3yks;click=https%3A%2F%2Fprod-m-node-3113.ssp.yahoo.com%2Fadmax%2FadClick.do%3Fdcn%3D8a969167017e7ee4e1cce9bf477b00ab%26n%3DYahoo%2BSSP%26id%3Dcf0433e47b6540b0a7f7bbe7c39bb4eb%26tid%3D8a969404017e7eb0e718b14fb247000b%26nid%3D8a808aee2edf264a012f0d6ee4e87844%26pos%3D8a969167017e7ee4e1cce9bfa69800ad%26grp%3D%253F%253F%253F%26type%3D2%26hbp%3D6%26nl%3D1652881559378%26rts%3D1652881559291%26ari%3D34b39f3637fc4c8a98dd6e091e085150%26b%3DMTMyMzQ7Ozs7Ozs7MzA2NDAyNjU7Ozs7Ozs7Ozs.%26a%3DYoT4lwAEPRMIEcRB0AvAvA%26rdm%3D1%26rd%3Dhttps%3A%2F%2Fpr.ybp.yahoo.com%2Fcj%2Fcd%2FR4Fr_UAf18wlY_VMKbbqACG0ieAtqBRLIAJnEoz65gdVmba0VAJUzGY_kBYtYh6F60K59NBQXvYglk3PcOKdjN3pXf-JQJPlWsuN3u36_FCeiIFtp6XgoVXI8UD_QyPaMzdgsZZM7obn61NubfObQGD3c0SdnYC7hMoBCpWMOY_P-WvsgjycyX32jXp6-kwmhqxYvSttPswWB1-6zPZbNlmBeJEQT0JqFQrGN4d_58JXG1toO0OjqbnnCJRVceWYrnWSLpFB-5-tC4OtfwMtYW3K9Ci6Lg1A%2Frurl%2F;dcopt=rcl;uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.;dc_rfl=1,https%3A%2F%2Fgraham-wjxt.zeustechnology.com%2F$0;xdt=1;crlt=QH-x2bcqGn;gcsr=m;stc=1;chaa=1;sttr=150;prcl=s

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/dcm/impl_v88.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.102 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f6.1e100.net

Software

cafe /

Resource Hash

eba3e78e8ef8169ba5951b869e594f227f33787886fa2fced4d12d6f70e84ccc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ee9fecf2ac2811dd91f15b66ab8d4687.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 18 May 2022 13:46:00 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 27055
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 B26831645.332141463;dc_ver=88.258;dc_eid=40004000;sz=300x250;u_sd=1;gdpr=1;dc_adk=3865833880;ord=c4xq4e;click=https%3A%2F%2Fprod-m-node-3113.ssp.yahoo.com%2Fadmax%2FadClick.do%3Fdcn%3D8a969167017e7... Show response
ad.doubleclick.net/ddm/adj/N51703.3848558MATTERKIND1/ Frame B361 63 KB
27 KB 359ms
75ms Script
text/javascript 142.250.186.102
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ad.doubleclick.net/ddm/adj/N51703.3848558MATTERKIND1/B26831645.332141463;dc_ver=88.258;dc_eid=40004000;sz=300x250;u_sd=1;gdpr=1;dc_adk=3865833880;ord=c4xq4e;click=https%3A%2F%2Fprod-m-node-3113.ssp.yahoo.com%2Fadmax%2FadClick.do%3Fdcn%3D8a969167017e7ee4e1cce9bf477b00ab%26n%3DYahoo%2BSSP%26id%3D15f190312ea54d868a1610a68c38387e%26tid%3D8a969404017e7eb0e718b14fb247000b%26nid%3D8a808aee2edf264a012f0d6ee4e87844%26pos%3D8a969167017e7ee4e1cce9bfa69800ad%26grp%3D%253F%253F%253F%26type%3D2%26hbp%3D6%26nl%3D1652881559378%26rts%3D1652881559297%26ari%3D8c0b69779044406d8b40e1bd7c1347a3%26b%3DMTMyMzQ7Ozs7Ozs7MzA2NDAyNjU7Ozs7Ozs7Ozs.%26a%3DYoT4lwAEQfgK7dlPKgz8iw%26rdm%3D1%26rd%3Dhttps%3A%2F%2Fpr.ybp.yahoo.com%2Fcj%2Fcd%2FT474gBUNCXwkDdttzlacTZ4K8SHHzA6gdKP70bBPX2NOB-9kFxObYBC2hJr_LRL98vgVKvKJJwGbrkQRX5kONz-_vnuJEnODr45ONS3NBrUcjqDATZJVIfdh2rbG_7pN7WINuFhbGs8VNDOSr6Cl0yQfcDrHrPEzGk3AqxH2Fyi3cm57Go4CBarNeD70O5CJRY-qmZIrOQP16fKulap-n1LRiMqkDn5bX47wJJ9MTmFvlZNZgUznf6ROD40HEuTMMivaP_FrlsPPwtQ4JccGx5amAPKr8ZdJ%2Frurl%2F;dcopt=rcl;uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.;dc_rfl=1,https%3A%2F%2Fgraham-wjxt.zeustechnology.com%2F$0;xdt=1;crlt=QH-x2bcqGn;gcsr=m;stc=1;chaa=1;sttr=156;prcl=s

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/dcm/impl_v88.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.102 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f6.1e100.net

Software

cafe /

Resource Hash

39b19dd23a0764aedb0fd9def9acf4b99e4c1395a131757889ac062b98897034

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ee9fecf2ac2811dd91f15b66ab8d4687.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 18 May 2022 13:46:00 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 26911
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 B26831645.332212027;dc_ver=88.258;dc_eid=40004001;sz=728x90;u_sd=1;gdpr=1;dc_adk=2472446333;ord=xn030j;click=https%3A%2F%2Fprod-m-node-3113.ssp.yahoo.com%2Fadmax%2FadClick.do%3Fdcn%3D8a969167017e7e... Show response
ad.doubleclick.net/ddm/adj/N51703.3848558MATTERKIND1/ Frame B1A7 63 KB
27 KB 399ms
129ms Script
text/javascript 142.250.186.102
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ad.doubleclick.net/ddm/adj/N51703.3848558MATTERKIND1/B26831645.332212027;dc_ver=88.258;dc_eid=40004001;sz=728x90;u_sd=1;gdpr=1;dc_adk=2472446333;ord=xn030j;click=https%3A%2F%2Fprod-m-node-3113.ssp.yahoo.com%2Fadmax%2FadClick.do%3Fdcn%3D8a969167017e7ee4e1cce9bf477b00ab%26n%3DYahoo%2BSSP%26id%3D77feebd7a129442da44bc2d1122fef2a%26tid%3D8a969404017e7eb0e718b14fb247000b%26nid%3D8a808aee2edf264a012f0d6ee4e87844%26pos%3D8a969167017e7ee4e1cce9bfa69800ad%26grp%3D%253F%253F%253F%26type%3D2%26hbp%3D6%26nl%3D1652881559355%26rts%3D1652881559281%26ari%3D512dd48545864de3bb118b634d51faaa%26b%3DMTMyMzQ7Ozs7Ozs7MzA2NDAyNjU7Ozs7Ozs7Ozs.%26a%3DYoT4lwAEJFgK4DLXOg0gjQ%26rdm%3D1%26rd%3Dhttps%3A%2F%2Fpr.ybp.yahoo.com%2Fcj%2Fcd%2F1oKBSmdM_JTw_dxaynJG8c7s2NxqQgBYisQdAjhLnmv6FoZrjCgqV7DREvkcKPZc5T4XaWSVFrcC03pdNy24EmrL_QuOo6iHc9EPydYC3U5dT6rsAG705wockjYZ0mAH0DI8qnxTaOVSIiDZNW7gOJnWhLhsgt2tGqCvc017ZNOnUeoTWgQWivmK1jEVOCJ9ZluJYzrb90d7ocWEmzcGrzJ_LTNHr_fQ-70th0ijNDXzy_x7bOLBrTpNrvxed58EJmT1irWnU7nRoR-2eBsQGqqXwa0PKWzJ%2Frurl%2F;dcopt=rcl;uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.;dc_rfl=1,https%3A%2F%2Fgraham-wjxt.zeustechnology.com%2F$0;xdt=1;crlt=QH-x2bcqGn;gcsr=m;stc=1;chaa=1;sttr=57;prcl=s

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/dcm/impl_v88.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.102 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f6.1e100.net

Software

cafe /

Resource Hash

f8b5ea735529423c4744b2bd5b5016134cb35062849ee79063888457e073d9aa

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ee9fecf2ac2811dd91f15b66ab8d4687.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 18 May 2022 13:46:00 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 27094
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK eyJldmVudHMiOlt7InNlc3Npb25JZCI6InMxNjUyODgxNTYweDM1YmE4MGUwZDMzYzBjeDgyNzczMzI3IiwiYWNjb3VudElkIjoiN2NlZWMxMDIiLCJzdHJlYW0iOiJhZEV2ZW50cyIsImluc3RhbnRpYXRpb24iOiI1MjA3Njg3MDc5Mzk2ODE5IiwiaW5kZXgiO...
track.celtra.com/json/ Frame 8947 35 B
242 B 193ms
47ms Image
image/gif 35.157.234.176
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://track.celtra.com/json/eyJldmVudHMiOlt7InNlc3Npb25JZCI6InMxNjUyODgxNTYweDM1YmE4MGUwZDMzYzBjeDgyNzczMzI3IiwiYWNjb3VudElkIjoiN2NlZWMxMDIiLCJzdHJlYW0iOiJhZEV2ZW50cyIsImluc3RhbnRpYXRpb24iOiI1MjA3Njg3MDc5Mzk2ODE5IiwiaW5kZXgiOjAsImNsaWVudFRpbWVzdGFtcCI6MTY1Mjg4MTU2MC41MTMsIm5hbWUiOiJ1c2VyRXJyb3IiLCJ1c2VyRXJyb3JJZCI6Im5vbkZyaWVuZGx5SUZyYW1lIn1dfQ==?crc32c=3048021224
Requested by: Host: ee9fecf2ac2811dd91f15b66ab8d4687.safeframe.googlesyndication.com
URL: https://ee9fecf2ac2811dd91f15b66ab8d4687.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.157.234.176 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-35-157-234-176.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: 8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ee9fecf2ac2811dd91f15b66ab8d4687.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 18 May 2022 13:46:00 GMT
Cache-Control: no-cache, no-store, must-revalidate
Expires: 0
Connection: keep-alive
Content-Length: 35
Content-Type: image/gif

GET
H2 200 express_html_inpage_rendering_lib_200_276.js Show response
s0.2mdn.net/879366/ Frame B361 106 KB
38 KB 173ms
37ms Script
text/javascript 2a00:1450:4001:80e::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_276.js

Requested by

Host: graham-wjxt.zeustechnology.com
URL: https://graham-wjxt.zeustechnology.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e41d1ae45acbf836b8dcc29544c7e41cced4211214df601d5284a7e9c7134c73

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ee9fecf2ac2811dd91f15b66ab8d4687.safeframe.googlesyndication.com/
Origin: https://ee9fecf2ac2811dd91f15b66ab8d4687.safeframe.googlesyndication.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Wed, 18 May 2022 11:48:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 7048
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37872
x-xss-protection: 0
last-modified: Wed, 02 Mar 2022 23:07:26 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 19 May 2022 11:48:32 GMT

GET
H2 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20220511/r20110914/elements/html/ Frame B361 8 KB
4 KB 128ms
41ms Script
text/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20220511/r20110914/elements/html/omrhp.js

Requested by

Host: ad.doubleclick.net
URL: https://ad.doubleclick.net/ddm/adj/N51703.3848558MATTERKIND1/B26831645.332141463;dc_ver=88.258;dc_eid=40004000;sz=300x250;u_sd=1;gdpr=1;dc_adk=3865833880;ord=c4xq4e;click=https%3A%2F%2Fprod-m-node-3113.ssp.yahoo.com%2Fadmax%2FadClick.do%3Fdcn%3D8a969167017e7ee4e1cce9bf477b00ab%26n%3DYahoo%2BSSP%26id%3D15f190312ea54d868a1610a68c38387e%26tid%3D8a969404017e7eb0e718b14fb247000b%26nid%3D8a808aee2edf264a012f0d6ee4e87844%26pos%3D8a969167017e7ee4e1cce9bfa69800ad%26grp%3D%253F%253F%253F%26type%3D2%26hbp%3D6%26nl%3D1652881559378%26rts%3D1652881559297%26ari%3D8c0b69779044406d8b40e1bd7c1347a3%26b%3DMTMyMzQ7Ozs7Ozs7MzA2NDAyNjU7Ozs7Ozs7Ozs.%26a%3DYoT4lwAEQfgK7dlPKgz8iw%26rdm%3D1%26rd%3Dhttps%3A%2F%2Fpr.ybp.yahoo.com%2Fcj%2Fcd%2FT474gBUNCXwkDdttzlacTZ4K8SHHzA6gdKP70bBPX2NOB-9kFxObYBC2hJr_LRL98vgVKvKJJwGbrkQRX5kONz-_vnuJEnODr45ONS3NBrUcjqDATZJVIfdh2rbG_7pN7WINuFhbGs8VNDOSr6Cl0yQfcDrHrPEzGk3AqxH2Fyi3cm57Go4CBarNeD70O5CJRY-qmZIrOQP16fKulap-n1LRiMqkDn5bX47wJJ9MTmFvlZNZgUznf6ROD40HEuTMMivaP_FrlsPPwtQ4JccGx5amAPKr8ZdJ%2Frurl%2F;dcopt=rcl;uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.;dc_rfl=1,https%3A%2F%2Fgraham-wjxt.zeustechnology.com%2F$0;xdt=1;crlt=QH-x2bcqGn;gcsr=m;stc=1;chaa=1;sttr=156;prcl=s

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

28f18d39406a4b70dfa6cd479fe03f7ed918ca5c05cee26b87d9e1626cea1ed9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ee9fecf2ac2811dd91f15b66ab8d4687.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Wed, 18 May 2022 13:45:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 59
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3159
x-xss-protection: 0
server: cafe
etag: 1394524276809619753
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 01 Jun 2022 13:45:01 GMT

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame B361 41 KB
15 KB 38ms
37ms Script
text/javascript 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: graham-wjxt.zeustechnology.com
URL: https://graham-wjxt.zeustechnology.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ee9fecf2ac2811dd91f15b66ab8d4687.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Wed, 18 May 2022 11:48:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 7048
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 18 May 2023 11:48:32 GMT

GET
H2 200 express_html_inpage_rendering_lib_200_276.js Show response
s0.2mdn.net/879366/ Frame 0CF4 106 KB
37 KB 190ms
84ms Script
text/javascript 2a00:1450:4001:80e::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_276.js

Requested by

Host: graham-wjxt.zeustechnology.com
URL: https://graham-wjxt.zeustechnology.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e41d1ae45acbf836b8dcc29544c7e41cced4211214df601d5284a7e9c7134c73

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ee9fecf2ac2811dd91f15b66ab8d4687.safeframe.googlesyndication.com/
Origin: https://ee9fecf2ac2811dd91f15b66ab8d4687.safeframe.googlesyndication.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Wed, 18 May 2022 11:48:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 7048
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37872
x-xss-protection: 0
last-modified: Wed, 02 Mar 2022 23:07:26 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 19 May 2022 11:48:32 GMT

GET
H2 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20220511/r20110914/elements/html/ Frame 0CF4 8 KB
3 KB 99ms
42ms Script
text/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20220511/r20110914/elements/html/omrhp.js

Requested by

Host: ad.doubleclick.net
URL: https://ad.doubleclick.net/ddm/adj/N51703.3848558MATTERKIND1/B26831645.332141463;dc_ver=88.258;dc_eid=40004000;sz=300x250;u_sd=1;gdpr=1;dc_adk=305241873;ord=7e3yks;click=https%3A%2F%2Fprod-m-node-3113.ssp.yahoo.com%2Fadmax%2FadClick.do%3Fdcn%3D8a969167017e7ee4e1cce9bf477b00ab%26n%3DYahoo%2BSSP%26id%3Dcf0433e47b6540b0a7f7bbe7c39bb4eb%26tid%3D8a969404017e7eb0e718b14fb247000b%26nid%3D8a808aee2edf264a012f0d6ee4e87844%26pos%3D8a969167017e7ee4e1cce9bfa69800ad%26grp%3D%253F%253F%253F%26type%3D2%26hbp%3D6%26nl%3D1652881559378%26rts%3D1652881559291%26ari%3D34b39f3637fc4c8a98dd6e091e085150%26b%3DMTMyMzQ7Ozs7Ozs7MzA2NDAyNjU7Ozs7Ozs7Ozs.%26a%3DYoT4lwAEPRMIEcRB0AvAvA%26rdm%3D1%26rd%3Dhttps%3A%2F%2Fpr.ybp.yahoo.com%2Fcj%2Fcd%2FR4Fr_UAf18wlY_VMKbbqACG0ieAtqBRLIAJnEoz65gdVmba0VAJUzGY_kBYtYh6F60K59NBQXvYglk3PcOKdjN3pXf-JQJPlWsuN3u36_FCeiIFtp6XgoVXI8UD_QyPaMzdgsZZM7obn61NubfObQGD3c0SdnYC7hMoBCpWMOY_P-WvsgjycyX32jXp6-kwmhqxYvSttPswWB1-6zPZbNlmBeJEQT0JqFQrGN4d_58JXG1toO0OjqbnnCJRVceWYrnWSLpFB-5-tC4OtfwMtYW3K9Ci6Lg1A%2Frurl%2F;dcopt=rcl;uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.;dc_rfl=1,https%3A%2F%2Fgraham-wjxt.zeustechnology.com%2F$0;xdt=1;crlt=QH-x2bcqGn;gcsr=m;stc=1;chaa=1;sttr=150;prcl=s

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

28f18d39406a4b70dfa6cd479fe03f7ed918ca5c05cee26b87d9e1626cea1ed9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ee9fecf2ac2811dd91f15b66ab8d4687.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Wed, 18 May 2022 13:45:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 59
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3159
x-xss-protection: 0
server: cafe
etag: 1394524276809619753
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 01 Jun 2022 13:45:01 GMT

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame 0CF4 41 KB
15 KB 37ms
37ms Script
text/javascript 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: graham-wjxt.zeustechnology.com
URL: https://graham-wjxt.zeustechnology.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ee9fecf2ac2811dd91f15b66ab8d4687.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Wed, 18 May 2022 11:48:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 7048
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 18 May 2023 11:48:32 GMT

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame 8FF2 22 KB
8 KB 44ms
44ms Document
text/html 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ee9fecf2ac2811dd91f15b66ab8d4687.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 7047
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 8395
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Wed, 18 May 2022 11:48:33 GMT
expires: Thu, 18 May 2023 11:48:33 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 express_html_inpage_rendering_lib_200_276.js Show response
s0.2mdn.net/879366/ Frame B1A7 106 KB
37 KB 183ms
112ms Script
text/javascript 2a00:1450:4001:80e::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_276.js

Requested by

Host: graham-wjxt.zeustechnology.com
URL: https://graham-wjxt.zeustechnology.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e41d1ae45acbf836b8dcc29544c7e41cced4211214df601d5284a7e9c7134c73

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ee9fecf2ac2811dd91f15b66ab8d4687.safeframe.googlesyndication.com/
Origin: https://ee9fecf2ac2811dd91f15b66ab8d4687.safeframe.googlesyndication.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Wed, 18 May 2022 11:48:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 7048
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37872
x-xss-protection: 0
last-modified: Wed, 02 Mar 2022 23:07:26 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 19 May 2022 11:48:32 GMT

GET
H2 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20220511/r20110914/elements/html/ Frame B1A7 8 KB
3 KB 64ms
42ms Script
text/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20220511/r20110914/elements/html/omrhp.js

Requested by

Host: ad.doubleclick.net
URL: https://ad.doubleclick.net/ddm/adj/N51703.3848558MATTERKIND1/B26831645.332212027;dc_ver=88.258;dc_eid=40004001;sz=728x90;u_sd=1;gdpr=1;dc_adk=2472446333;ord=xn030j;click=https%3A%2F%2Fprod-m-node-3113.ssp.yahoo.com%2Fadmax%2FadClick.do%3Fdcn%3D8a969167017e7ee4e1cce9bf477b00ab%26n%3DYahoo%2BSSP%26id%3D77feebd7a129442da44bc2d1122fef2a%26tid%3D8a969404017e7eb0e718b14fb247000b%26nid%3D8a808aee2edf264a012f0d6ee4e87844%26pos%3D8a969167017e7ee4e1cce9bfa69800ad%26grp%3D%253F%253F%253F%26type%3D2%26hbp%3D6%26nl%3D1652881559355%26rts%3D1652881559281%26ari%3D512dd48545864de3bb118b634d51faaa%26b%3DMTMyMzQ7Ozs7Ozs7MzA2NDAyNjU7Ozs7Ozs7Ozs.%26a%3DYoT4lwAEJFgK4DLXOg0gjQ%26rdm%3D1%26rd%3Dhttps%3A%2F%2Fpr.ybp.yahoo.com%2Fcj%2Fcd%2F1oKBSmdM_JTw_dxaynJG8c7s2NxqQgBYisQdAjhLnmv6FoZrjCgqV7DREvkcKPZc5T4XaWSVFrcC03pdNy24EmrL_QuOo6iHc9EPydYC3U5dT6rsAG705wockjYZ0mAH0DI8qnxTaOVSIiDZNW7gOJnWhLhsgt2tGqCvc017ZNOnUeoTWgQWivmK1jEVOCJ9ZluJYzrb90d7ocWEmzcGrzJ_LTNHr_fQ-70th0ijNDXzy_x7bOLBrTpNrvxed58EJmT1irWnU7nRoR-2eBsQGqqXwa0PKWzJ%2Frurl%2F;dcopt=rcl;uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.;dc_rfl=1,https%3A%2F%2Fgraham-wjxt.zeustechnology.com%2F$0;xdt=1;crlt=QH-x2bcqGn;gcsr=m;stc=1;chaa=1;sttr=57;prcl=s

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

28f18d39406a4b70dfa6cd479fe03f7ed918ca5c05cee26b87d9e1626cea1ed9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ee9fecf2ac2811dd91f15b66ab8d4687.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Wed, 18 May 2022 13:45:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 59
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3159
x-xss-protection: 0
server: cafe
etag: 1394524276809619753
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 01 Jun 2022 13:45:01 GMT

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame B1A7 41 KB
15 KB 37ms
37ms Script
text/javascript 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: graham-wjxt.zeustechnology.com
URL: https://graham-wjxt.zeustechnology.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ee9fecf2ac2811dd91f15b66ab8d4687.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Wed, 18 May 2022 11:48:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 7048
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 18 May 2023 11:48:32 GMT

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame E5DC 22 KB
8 KB 38ms
37ms Document
text/html 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ee9fecf2ac2811dd91f15b66ab8d4687.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 7047
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 8395
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Wed, 18 May 2022 11:48:33 GMT
expires: Thu, 18 May 2023 11:48:33 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame A5B6 22 KB
8 KB 39ms
37ms Document
text/html 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ee9fecf2ac2811dd91f15b66ab8d4687.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 7047
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 8395
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Wed, 18 May 2022 11:48:33 GMT
expires: Thu, 18 May 2023 11:48:33 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 g51hIJTSSbKmE1DfHFqbr9lDc41juRM9f8n7HMlSD3A.js Show response
pagead2.googlesyndication.com/bg/ Frame 8FF2 35 KB
13 KB 126ms
45ms Script
text/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/g51hIJTSSbKmE1DfHFqbr9lDc41juRM9f8n7HMlSD3A.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

839d612094d249b2a61350df1c5a9bafd943738d63b9133d7fc9fb1cc9520f70

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Wed, 18 May 2022 06:40:10 GMT
content-encoding: br
x-content-type-options: nosniff
age: 25550
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13648
x-xss-protection: 0
last-modified: Mon, 09 May 2022 12:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 18 May 2023 06:40:10 GMT

GET
H3 200 g51hIJTSSbKmE1DfHFqbr9lDc41juRM9f8n7HMlSD3A.js Show response
pagead2.googlesyndication.com/bg/ Frame E5DC 35 KB
13 KB 89ms
51ms Script
text/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/g51hIJTSSbKmE1DfHFqbr9lDc41juRM9f8n7HMlSD3A.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

839d612094d249b2a61350df1c5a9bafd943738d63b9133d7fc9fb1cc9520f70

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Wed, 18 May 2022 06:40:10 GMT
content-encoding: br
x-content-type-options: nosniff
age: 25550
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13648
x-xss-protection: 0
last-modified: Mon, 09 May 2022 12:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 18 May 2023 06:40:10 GMT

GET
H3 200 g51hIJTSSbKmE1DfHFqbr9lDc41juRM9f8n7HMlSD3A.js Show response
pagead2.googlesyndication.com/bg/ Frame A5B6 35 KB
13 KB 67ms
45ms Script
text/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/g51hIJTSSbKmE1DfHFqbr9lDc41juRM9f8n7HMlSD3A.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

839d612094d249b2a61350df1c5a9bafd943738d63b9133d7fc9fb1cc9520f70

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Wed, 18 May 2022 06:40:10 GMT
content-encoding: br
x-content-type-options: nosniff
age: 25550
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13648
x-xss-protection: 0
last-modified: Mon, 09 May 2022 12:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 18 May 2023 06:40:10 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame B361 133 KB
41 KB 640ms
639ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_276.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

53b0053087c796bee6fb74269f3ff3e6316beb7e06309cfbccb5d52a45e69d7f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ee9fecf2ac2811dd91f15b66ab8d4687.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Wed, 18 May 2022 13:46:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 41645
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1652701179351892"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Wed, 18 May 2022 13:46:01 GMT

GET
H3 200 index.html Show response
s0.2mdn.net/sadbundle/9921302201873989632/ Frame EA9F 26 KB
6 KB 123ms
38ms Document
text/html 2a00:1450:4001:80e::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/9921302201873989632/index.html

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_276.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7239d76e3e0f175856584bcd2ea60cb11247920b16dccb445117c974afc28787

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ee9fecf2ac2811dd91f15b66ab8d4687.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
age: 435419
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 6605
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
cross-origin-resource-policy: cross-origin
date: Fri, 13 May 2022 12:49:02 GMT
expires: Sat, 13 May 2023 12:49:02 GMT
last-modified: Wed, 13 Apr 2022 18:15:54 GMT
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-xss-protection: 0

POST
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame B361 0
575 B 201ms
84ms Ping
image/gif 172.217.18.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsubyioDvClHGS8SGWHxqORoB1ZmFeQYYTuSJDSX4KNyFWbEM7TvXKkM4lq4eKwH8uI53lNY7cQaMyUzUqx3z_9zILNc3j8AO4DCjJMaRA5M4pVqSg5VZbx8PM-M0ia_IWORIhKWJA38CHL5JIpbhQZgkHqzESmmktwkFo-OIOQ2x16yY-YzMoBLeBLVugsTN0fTlg&sig=Cg0ArKJSzBO-586Xn7-PEAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=247&cbvp=1&cstd=241&cisv=r20220511.03365&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&adurl=

Requested by

Host: graham-wjxt.zeustechnology.com
URL: https://graham-wjxt.zeustechnology.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.18.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s42-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ee9fecf2ac2811dd91f15b66ab8d4687.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 18 May 2022 13:46:01 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 0CF4 133 KB
41 KB 594ms
594ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_276.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

53b0053087c796bee6fb74269f3ff3e6316beb7e06309cfbccb5d52a45e69d7f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ee9fecf2ac2811dd91f15b66ab8d4687.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Wed, 18 May 2022 13:46:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 41645
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1652701179351892"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Wed, 18 May 2022 13:46:01 GMT

GET
H3 200 index.html Show response
s0.2mdn.net/sadbundle/5497641467889319936/ Frame 0E78 35 KB
10 KB 70ms
41ms Document
text/html 2a00:1450:4001:80e::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/5497641467889319936/index.html

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_276.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f1643cd8a87d5850035f6bab691629b04bba6b1224333f9e8f4e06efb6320dfd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ee9fecf2ac2811dd91f15b66ab8d4687.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
age: 435687
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 9822
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
cross-origin-resource-policy: cross-origin
date: Fri, 13 May 2022 12:44:34 GMT
expires: Sat, 13 May 2023 12:44:34 GMT
last-modified: Wed, 13 Apr 2022 18:16:47 GMT
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-xss-protection: 0

POST
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame 0CF4 0
63 B 153ms
85ms Ping
image/gif 172.217.18.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjstqx6xCzTXbJeF6uCyqyxuQ1WeJ16yGiKJ0Cp8lmJVasx5wEAb3Jak5RfTohy-F3voswNRAJjBc2_zd4dYH1QISEs_Kk5AtZ18dm6c3N5vA2QFiCvK6HlMFMg_2cAh0TsYKtqcSxxHO62oAEWRWZGPIXzXdEZKbn1DsPz4LkY89AizqQ4rmFxSpvRxffSGNH1qtkw&sig=Cg0ArKJSzJQ-7CBBRRYyEAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=267&cbvp=1&cstd=264&cisv=r20220511.81025&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&adurl=

Requested by

Host: graham-wjxt.zeustechnology.com
URL: https://graham-wjxt.zeustechnology.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.18.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s42-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ee9fecf2ac2811dd91f15b66ab8d4687.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 18 May 2022 13:46:01 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame B1A7 133 KB
41 KB 587ms
586ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_276.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

53b0053087c796bee6fb74269f3ff3e6316beb7e06309cfbccb5d52a45e69d7f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ee9fecf2ac2811dd91f15b66ab8d4687.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Wed, 18 May 2022 13:46:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 41645
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1652701179351892"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Wed, 18 May 2022 13:46:01 GMT

GET
H3 200 index.html Show response
s0.2mdn.net/sadbundle/10835744032462733312/ Frame 1FE5 23 KB
6 KB 76ms
53ms Document
text/html 2a00:1450:4001:80e::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/10835744032462733312/index.html

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_276.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

362cf45c9f2dbed05cf3905c180b4486e8378cbfff2ba4bd4405d8eed6511d6f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ee9fecf2ac2811dd91f15b66ab8d4687.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
age: 567764
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 6258
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
cross-origin-resource-policy: cross-origin
date: Thu, 12 May 2022 00:03:17 GMT
expires: Fri, 12 May 2023 00:03:17 GMT
last-modified: Wed, 13 Apr 2022 18:15:25 GMT
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-xss-protection: 0

POST
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame B1A7 0
63 B 146ms
85ms Ping
image/gif 172.217.18.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjssS0Si37POkYNPpyJS5NJKUr-dHl4OwMFBJdJthxg474_CWbs9MZlSMv-kdxMbOuXVODwJFYfJf0RoM8PLCFBrvbKKsEZCuHaC0jILZ4j07HMHJjIL4jYC0jTf6Sy4joobEL9EHGa8gkX4bTUxmAxGEtnuBlimg7W-H6TqzCZRNO8RFu6CQHjXwbP8hmpWySmoONg&sig=Cg0ArKJSzNrBFf6ujd15EAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=241&cbvp=1&cstd=239&cisv=r20220511.17785&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&adurl=

Requested by

Host: graham-wjxt.zeustechnology.com
URL: https://graham-wjxt.zeustechnology.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.18.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s42-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ee9fecf2ac2811dd91f15b66ab8d4687.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 18 May 2022 13:46:01 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H3 200 e9c75bf5.png
s0.2mdn.net/sadbundle/9921302201873989632/images/ Frame EA9F 4 KB
4 KB 100ms
97ms Image
image/png 2a00:1450:4001:80e::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/9921302201873989632/images/e9c75bf5.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/9921302201873989632/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6db34bd903920d0823ef8393e369782e90743dd91ceaa1600e406a26d0ae8bbd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/9921302201873989632/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Wed, 11 May 2022 23:57:06 GMT
x-content-type-options: nosniff
age: 568135
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4453
x-xss-protection: 0
last-modified: Wed, 13 Apr 2022 18:15:54 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 11 May 2023 23:57:06 GMT

GET
H3 200 8e7a10e0.jpg
s0.2mdn.net/sadbundle/9921302201873989632/images/ Frame EA9F 25 KB
25 KB 54ms
51ms Image
image/jpeg 2a00:1450:4001:80e::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/9921302201873989632/images/8e7a10e0.jpg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/9921302201873989632/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d0f43f5751af9af3d8681595897251ed0e9db8b4bb310b558cec4095bdb6c701

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/9921302201873989632/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Wed, 11 May 2022 23:57:06 GMT
x-content-type-options: nosniff
age: 568135
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 25760
x-xss-protection: 0
last-modified: Wed, 13 Apr 2022 18:15:54 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 11 May 2023 23:57:06 GMT

GET
H3 200 5e3f9081.png
s0.2mdn.net/sadbundle/9921302201873989632/images/ Frame EA9F 4 KB
4 KB 94ms
92ms Image
image/png 2a00:1450:4001:80e::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/9921302201873989632/images/5e3f9081.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/9921302201873989632/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8cc3aa3b08ba7c0bf3feef7a05281a246a13c5fa71cfead127ba89da5fbf883e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/9921302201873989632/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Wed, 11 May 2022 23:57:06 GMT
x-content-type-options: nosniff
age: 568135
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4306
x-xss-protection: 0
last-modified: Wed, 13 Apr 2022 18:15:54 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 11 May 2023 23:57:06 GMT

GET
H3 200 6e746ef2.png
s0.2mdn.net/sadbundle/9921302201873989632/images/ Frame EA9F 8 KB
8 KB 100ms
98ms Image
image/png 2a00:1450:4001:80e::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/9921302201873989632/images/6e746ef2.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/9921302201873989632/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4cae9257beae7f5001f5dd972ca07577a0a40a6634c53dfed2941a020a731a77

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/9921302201873989632/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Thu, 12 May 2022 04:01:50 GMT
x-content-type-options: nosniff
age: 553451
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8027
x-xss-protection: 0
last-modified: Wed, 13 Apr 2022 18:15:54 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 12 May 2023 04:01:50 GMT

GET
H3 200 aa89651a.png
s0.2mdn.net/sadbundle/9921302201873989632/images/ Frame EA9F 4 KB
4 KB 55ms
53ms Image
image/png 2a00:1450:4001:80e::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/9921302201873989632/images/aa89651a.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/9921302201873989632/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9e30bc3d455f45ae93ed29f99e746ec7ff75b5cfde50dc45a0465c45d7eb8506

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/9921302201873989632/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Wed, 11 May 2022 23:57:06 GMT
x-content-type-options: nosniff
age: 568135
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4490
x-xss-protection: 0
last-modified: Wed, 13 Apr 2022 18:15:54 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 11 May 2023 23:57:06 GMT

GET
H3 200 a16177d3.png
s0.2mdn.net/sadbundle/9921302201873989632/images/ Frame EA9F 8 KB
8 KB 52ms
50ms Image
image/png 2a00:1450:4001:80e::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/9921302201873989632/images/a16177d3.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/9921302201873989632/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

86e5ca96552a7f1c8f0010ecb3b9b304add126535536d5b1e940961244e86ab4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/9921302201873989632/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Thu, 12 May 2022 04:01:50 GMT
x-content-type-options: nosniff
age: 553451
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8320
x-xss-protection: 0
last-modified: Wed, 13 Apr 2022 18:15:54 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 12 May 2023 04:01:50 GMT

GET
H3 200 dc062863.png
s0.2mdn.net/sadbundle/9921302201873989632/images/ Frame EA9F 8 KB
8 KB 55ms
54ms Image
image/png 2a00:1450:4001:80e::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/9921302201873989632/images/dc062863.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/9921302201873989632/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1e91cece076431e89f7c6a36d7cfbc6ec031035bb3676a37fc481e16529c4a64

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/9921302201873989632/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Wed, 11 May 2022 23:57:06 GMT
x-content-type-options: nosniff
age: 568135
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8522
x-xss-protection: 0
last-modified: Wed, 13 Apr 2022 18:15:54 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 11 May 2023 23:57:06 GMT

GET
H3 200 f0102aef.png
s0.2mdn.net/sadbundle/9921302201873989632/images/ Frame EA9F 9 KB
9 KB 57ms
56ms Image
image/png 2a00:1450:4001:80e::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/9921302201873989632/images/f0102aef.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/9921302201873989632/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9c3411253a27e9bcf09880de6e1a94b5d99bfc88211f394e6bbefeef63a01bbf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/9921302201873989632/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Thu, 12 May 2022 04:01:50 GMT
x-content-type-options: nosniff
age: 553451
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9653
x-xss-protection: 0
last-modified: Wed, 13 Apr 2022 18:15:54 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 12 May 2023 04:01:50 GMT

GET
H3 200 f386244c.png
s0.2mdn.net/sadbundle/9921302201873989632/images/ Frame EA9F 1 KB
1 KB 97ms
95ms Image
image/png 2a00:1450:4001:80e::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/9921302201873989632/images/f386244c.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/9921302201873989632/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2f1437358fe43315deb086b8ec092f5c36c6d8c6c1ed44b13fa9d03e1f8bbdd0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/9921302201873989632/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Wed, 11 May 2022 23:57:06 GMT
x-content-type-options: nosniff
age: 568135
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1389
x-xss-protection: 0
last-modified: Wed, 13 Apr 2022 18:15:54 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 11 May 2023 23:57:06 GMT

GET
H3 200 a9e1bde9.png
s0.2mdn.net/sadbundle/9921302201873989632/images/ Frame EA9F 2 KB
2 KB 104ms
103ms Image
image/png 2a00:1450:4001:80e::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/9921302201873989632/images/a9e1bde9.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/9921302201873989632/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d71a686476343c935a476a1fa1898114d47b4509c9ac2b2a525a3e06eaab08ce

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/9921302201873989632/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Wed, 11 May 2022 15:36:58 GMT
x-content-type-options: nosniff
age: 598143
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2287
x-xss-protection: 0
last-modified: Wed, 13 Apr 2022 18:15:54 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 11 May 2023 15:36:58 GMT

GET
H3 200 72a383a2.png
s0.2mdn.net/sadbundle/5497641467889319936/images/ Frame 0E78 4 KB
4 KB 126ms
125ms Image
image/png 2a00:1450:4001:80e::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/5497641467889319936/images/72a383a2.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/5497641467889319936/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

64d0bfa9acda7c0a418f5da79de3f50ea6e9d57370dbf52a704c055f16cf842d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/5497641467889319936/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Wed, 11 May 2022 23:58:52 GMT
x-content-type-options: nosniff
age: 568029
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4449
x-xss-protection: 0
last-modified: Wed, 13 Apr 2022 18:16:47 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 11 May 2023 23:58:52 GMT

GET
H3 200 de19da5e.jpg
s0.2mdn.net/sadbundle/5497641467889319936/images/ Frame 0E78 30 KB
30 KB 124ms
122ms Image
image/jpeg 2a00:1450:4001:80e::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/5497641467889319936/images/de19da5e.jpg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/5497641467889319936/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b248db9b737338aed6fd13d753d17226adb656c6a41673cf5343f8ab4e092c98

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/5497641467889319936/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Wed, 11 May 2022 23:58:52 GMT
x-content-type-options: nosniff
age: 568029
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 30654
x-xss-protection: 0
last-modified: Wed, 13 Apr 2022 18:16:47 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 11 May 2023 23:58:52 GMT

GET
H3 200 7b532803.png
s0.2mdn.net/sadbundle/5497641467889319936/images/ Frame 0E78 4 KB
4 KB 99ms
97ms Image
image/png 2a00:1450:4001:80e::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/5497641467889319936/images/7b532803.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/5497641467889319936/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3a8401b9de517e95d1907c86f6a007332ab5f02012dc4777765c5ce5212684c8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/5497641467889319936/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Wed, 11 May 2022 23:58:52 GMT
x-content-type-options: nosniff
age: 568029
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4459
x-xss-protection: 0
last-modified: Wed, 13 Apr 2022 18:16:47 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 11 May 2023 23:58:52 GMT

GET
H3 200 6f227689.png
s0.2mdn.net/sadbundle/5497641467889319936/images/ Frame 0E78 8 KB
8 KB 126ms
124ms Image
image/png 2a00:1450:4001:80e::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/5497641467889319936/images/6f227689.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/5497641467889319936/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

48e317eef20a781057ccd63dfd7d961e5fe71134e640d31e63047083c0dca92a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/5497641467889319936/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Thu, 12 May 2022 04:02:46 GMT
x-content-type-options: nosniff
age: 553395
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8441
x-xss-protection: 0
last-modified: Wed, 13 Apr 2022 18:16:47 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 12 May 2023 04:02:46 GMT

GET
H3 200 60cab1ac.png
s0.2mdn.net/sadbundle/5497641467889319936/images/ Frame 0E78 4 KB
4 KB 105ms
104ms Image
image/png 2a00:1450:4001:80e::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/5497641467889319936/images/60cab1ac.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/5497641467889319936/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

48152a1780b8f664221952a9935ff1801866bd212b30420149ef5e55d6bfd2f0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/5497641467889319936/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Thu, 12 May 2022 04:02:46 GMT
x-content-type-options: nosniff
age: 553395
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4277
x-xss-protection: 0
last-modified: Wed, 13 Apr 2022 18:16:47 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 12 May 2023 04:02:46 GMT

GET
H3 200 e31ff4bd.png
s0.2mdn.net/sadbundle/5497641467889319936/images/ Frame 0E78 8 KB
8 KB 124ms
122ms Image
image/png 2a00:1450:4001:80e::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/5497641467889319936/images/e31ff4bd.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/5497641467889319936/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

728c5c649341926f2db94ec6c5266db00ef04e87748435619d0ac6fb006334bf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/5497641467889319936/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Thu, 12 May 2022 04:02:46 GMT
x-content-type-options: nosniff
age: 553395
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8308
x-xss-protection: 0
last-modified: Wed, 13 Apr 2022 18:16:47 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 12 May 2023 04:02:46 GMT

GET
H3 200 605c8acf.png
s0.2mdn.net/sadbundle/5497641467889319936/images/ Frame 0E78 8 KB
8 KB 124ms
123ms Image
image/png 2a00:1450:4001:80e::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/5497641467889319936/images/605c8acf.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/5497641467889319936/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0ff561f910ab53ad22542bfc801e0d7d996e34ecef33fe227e854e1983c72372

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/5497641467889319936/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Wed, 11 May 2022 23:58:52 GMT
x-content-type-options: nosniff
age: 568029
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8160
x-xss-protection: 0
last-modified: Wed, 13 Apr 2022 18:16:47 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 11 May 2023 23:58:52 GMT

GET
H3 200 54ac0da1.png
s0.2mdn.net/sadbundle/5497641467889319936/images/ Frame 0E78 9 KB
9 KB 101ms
100ms Image
image/png 2a00:1450:4001:80e::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/5497641467889319936/images/54ac0da1.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/5497641467889319936/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5d827510ae112e7feb108e8c4cd7d612c76fb6abf44928b9bf2693d2f45bf231

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/5497641467889319936/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Thu, 12 May 2022 04:02:46 GMT
x-content-type-options: nosniff
age: 553395
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9653
x-xss-protection: 0
last-modified: Wed, 13 Apr 2022 18:16:47 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 12 May 2023 04:02:46 GMT

GET
H3 200 b236f445.png
s0.2mdn.net/sadbundle/5497641467889319936/images/ Frame 0E78 1 KB
1 KB 164ms
163ms Image
image/png 2a00:1450:4001:80e::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/5497641467889319936/images/b236f445.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/5497641467889319936/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

79947be0178c4f930d940a94f0eab0755852281f225d8679c27d50a6a9b77503

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/5497641467889319936/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Wed, 11 May 2022 23:58:52 GMT
x-content-type-options: nosniff
age: 568029
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1389
x-xss-protection: 0
last-modified: Wed, 13 Apr 2022 18:16:47 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 11 May 2023 23:58:52 GMT

GET
H3 200 c02984e9.png
s0.2mdn.net/sadbundle/5497641467889319936/images/ Frame 0E78 2 KB
2 KB 158ms
157ms Image
image/png 2a00:1450:4001:80e::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/5497641467889319936/images/c02984e9.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/5497641467889319936/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4ff505470d0d1dc381cd8ec6536a1c61f18ae8190279ea98be0c43950f809fb0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/5497641467889319936/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Thu, 12 May 2022 04:02:46 GMT
x-content-type-options: nosniff
age: 553395
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2287
x-xss-protection: 0
last-modified: Wed, 13 Apr 2022 18:16:47 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 12 May 2023 04:02:46 GMT

GET
H3 200 e606a02f.png
s0.2mdn.net/sadbundle/10835744032462733312/images/ Frame 1FE5 6 KB
6 KB 155ms
154ms Image
image/png 2a00:1450:4001:80e::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/10835744032462733312/images/e606a02f.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/10835744032462733312/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cacceffa46d127d384e9b1317532a616067007a2991c1f91b7a348869f1a3439

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/10835744032462733312/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Thu, 12 May 2022 00:03:18 GMT
x-content-type-options: nosniff
age: 567763
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5634
x-xss-protection: 0
last-modified: Wed, 13 Apr 2022 18:15:25 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 12 May 2023 00:03:18 GMT

GET
H3 200 324f62e9.png
s0.2mdn.net/sadbundle/10835744032462733312/images/ Frame 1FE5 1 KB
2 KB 161ms
160ms Image
image/png 2a00:1450:4001:80e::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/10835744032462733312/images/324f62e9.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/10835744032462733312/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e740af47dce3c52fa79676a89f069df919742695c115d085622cba431198815f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/10835744032462733312/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Thu, 12 May 2022 04:13:05 GMT
x-content-type-options: nosniff
age: 552776
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1521
x-xss-protection: 0
last-modified: Wed, 13 Apr 2022 18:15:25 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 12 May 2023 04:13:05 GMT

GET
H3 200 b5b1e0e2.png
s0.2mdn.net/sadbundle/10835744032462733312/images/ Frame 1FE5 2 KB
2 KB 158ms
157ms Image
image/png 2a00:1450:4001:80e::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/10835744032462733312/images/b5b1e0e2.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/10835744032462733312/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

62ee6c0d232acefafa51670e4fa5cd462b05d5623a8eae34d1724d20ba39a8bf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/10835744032462733312/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Thu, 12 May 2022 00:03:18 GMT
x-content-type-options: nosniff
age: 567763
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2473
x-xss-protection: 0
last-modified: Wed, 13 Apr 2022 18:15:25 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 12 May 2023 00:03:18 GMT

GET
H3 200 7be47f1e.png
s0.2mdn.net/sadbundle/10835744032462733312/images/ Frame 1FE5 10 KB
10 KB 155ms
154ms Image
image/png 2a00:1450:4001:80e::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/10835744032462733312/images/7be47f1e.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/10835744032462733312/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0bb59aa6ceb39d415b9f5679af7ca1d6740616f6f6d1a8860549a4b6fea8ee83

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/10835744032462733312/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Thu, 12 May 2022 04:13:05 GMT
x-content-type-options: nosniff
age: 552776
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9774
x-xss-protection: 0
last-modified: Wed, 13 Apr 2022 18:15:25 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 12 May 2023 04:13:05 GMT

GET
H3 200 1fb982e1.png
s0.2mdn.net/sadbundle/10835744032462733312/images/ Frame 1FE5 18 KB
18 KB 126ms
125ms Image
image/png 2a00:1450:4001:80e::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/10835744032462733312/images/1fb982e1.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/10835744032462733312/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6b2b33ed233f2d69f55116939edbdf579975d7447fbfe829cfc64b3210c82fb2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/10835744032462733312/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Thu, 12 May 2022 00:03:18 GMT
x-content-type-options: nosniff
age: 567763
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 18481
x-xss-protection: 0
last-modified: Wed, 13 Apr 2022 18:15:25 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 12 May 2023 00:03:18 GMT

GET
H3 200 9bee5438.png
s0.2mdn.net/sadbundle/10835744032462733312/images/ Frame 1FE5 5 KB
5 KB 160ms
158ms Image
image/png 2a00:1450:4001:80e::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/10835744032462733312/images/9bee5438.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/10835744032462733312/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d980737570520417533b2bde977fc5db0b873096ec7adbd61281f03e45ff0bd7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/10835744032462733312/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Thu, 12 May 2022 00:03:18 GMT
x-content-type-options: nosniff
age: 567763
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5317
x-xss-protection: 0
last-modified: Wed, 13 Apr 2022 18:15:25 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 12 May 2023 00:03:18 GMT

GET
H3 200 b6081cbe.png
s0.2mdn.net/sadbundle/10835744032462733312/images/ Frame 1FE5 12 KB
12 KB 122ms
121ms Image
image/png 2a00:1450:4001:80e::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/10835744032462733312/images/b6081cbe.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/10835744032462733312/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2f4704e4382becd79f34955f70a299090ce001e24cb10451e25f65cde49f43fb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/10835744032462733312/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Thu, 12 May 2022 00:03:18 GMT
x-content-type-options: nosniff
age: 567763
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12497
x-xss-protection: 0
last-modified: Wed, 13 Apr 2022 18:15:25 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 12 May 2023 00:03:18 GMT

GET
H3 200 63e51ca6.png
s0.2mdn.net/sadbundle/10835744032462733312/images/ Frame 1FE5 5 KB
5 KB 131ms
129ms Image
image/png 2a00:1450:4001:80e::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/10835744032462733312/images/63e51ca6.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/10835744032462733312/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ccf2a1e8372060c8e6f5e31ae5088992a2f9b49b3365ecf223fa9d320072a5ed

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/10835744032462733312/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Thu, 12 May 2022 04:13:05 GMT
x-content-type-options: nosniff
age: 552776
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5272
x-xss-protection: 0
last-modified: Wed, 13 Apr 2022 18:15:25 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 12 May 2023 04:13:05 GMT

GET
H3 200 f4904a19.png
s0.2mdn.net/sadbundle/10835744032462733312/images/ Frame 1FE5 11 KB
11 KB 133ms
132ms Image
image/png 2a00:1450:4001:80e::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/10835744032462733312/images/f4904a19.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/10835744032462733312/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d2e2026a65b0a3901c8a3cf2044e7807e4f27dde90362491a2ef20d7c72c44ab

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/10835744032462733312/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Thu, 12 May 2022 00:03:18 GMT
x-content-type-options: nosniff
age: 567763
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11678
x-xss-protection: 0
last-modified: Wed, 13 Apr 2022 18:15:25 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 12 May 2023 00:03:18 GMT

GET
H3 200 activeview
pagead2.googlesyndication.com/pcs/ Frame 9D6B 42 B
64 B 75ms
74ms Image
image/gif 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsu-ez_u1Hg86xZHcmhsuMXeuzX_Z6IdpMA7EccO2ut1ZR_GEZjFDUOX2wlS9dpF2FTF1MHEMid29PINYiCPdSXXusx6Z1VJBqfGGiNYmTrorhpibpeneusYvsx5&sai=AMfl-YS25TY_Z-qxjymGJUTanvuU8WE4Z58KBWaj46lWWJPOzPL8skS732zgYvYVDMgr55DeyhVZim7qJUUTOpZHkWUa1QoaRZ4pUjMsxzA7t0RrRK4TVI3Xy1v8EFDOjk4&sig=Cg0ArKJSzOul661D05zqEAE&cid=CAAST-Ro5cYTnExbViwMS0b7X1LRW8fYxbKS9EVzDL2Yj3ZbHapVIbtHdVDOJRGReXyEUvLlLRVSuGLQURGJI2Exzx42QoJgz-3_ILI0mmpiIEM&id=ampim&o=436,348&d=728,90&ss=1600,1200&bs=1600,1200&mcvt=1034&mtos=0,0,1034,1034,1034&tos=0,0,1034,0,0&tfs=538&tls=1572&g=100&h=100&tt=1572&r=v&avms=ampa&uap=&uapv=&uaa=&uam=&uafv=&uab=&uafvl=%5B%5D&uaw=false&adk=1890678921

Requested by

Host: graham-wjxt.zeustechnology.com
URL: https://graham-wjxt.zeustechnology.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://graham-wjxt.zeustechnology.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 18 May 2022 13:46:01 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame B361 0
26 B 149ms
72ms Ping
image/gif 172.217.18.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsubyioDvClHGS8SGWHxqORoB1ZmFeQYYTuSJDSX4KNyFWbEM7TvXKkM4lq4eKwH8uI53lNY7cQaMyUzUqx3z_9zILNc3j8AO4DCjJMaRA5M4pVqSg5VZbx8PM-M0ia_IWORIhKWJA38CHL5JIpbhQZgkHqzESmmktwkFo-OIOQ2x16yY-YzMoBLeBLVugsTN0fTlg&sig=Cg0ArKJSzBO-586Xn7-PEAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=636&vt=11&dtpt=389&dett=3&cstd=241&cisv=r20220511.03365&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&adurl=

Requested by

Host: graham-wjxt.zeustechnology.com
URL: https://graham-wjxt.zeustechnology.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.18.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s42-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ee9fecf2ac2811dd91f15b66ab8d4687.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 18 May 2022 13:46:01 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

POST
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame B1A7 0
26 B 72ms
72ms Ping
image/gif 172.217.18.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjssS0Si37POkYNPpyJS5NJKUr-dHl4OwMFBJdJthxg474_CWbs9MZlSMv-kdxMbOuXVODwJFYfJf0RoM8PLCFBrvbKKsEZCuHaC0jILZ4j07HMHJjIL4jYC0jTf6Sy4joobEL9EHGa8gkX4bTUxmAxGEtnuBlimg7W-H6TqzCZRNO8RFu6CQHjXwbP8hmpWySmoONg&sig=Cg0ArKJSzNrBFf6ujd15EAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=655&vt=11&dtpt=414&dett=3&cstd=239&cisv=r20220511.17785&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&adurl=

Requested by

Host: graham-wjxt.zeustechnology.com
URL: https://graham-wjxt.zeustechnology.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.18.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s42-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ee9fecf2ac2811dd91f15b66ab8d4687.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 18 May 2022 13:46:01 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

POST
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame 0CF4 0
26 B 72ms
72ms Ping
image/gif 172.217.18.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjstqx6xCzTXbJeF6uCyqyxuQ1WeJ16yGiKJ0Cp8lmJVasx5wEAb3Jak5RfTohy-F3voswNRAJjBc2_zd4dYH1QISEs_Kk5AtZ18dm6c3N5vA2QFiCvK6HlMFMg_2cAh0TsYKtqcSxxHO62oAEWRWZGPIXzXdEZKbn1DsPz4LkY89AizqQ4rmFxSpvRxffSGNH1qtkw&sig=Cg0ArKJSzJQ-7CBBRRYyEAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=691&vt=11&dtpt=424&dett=3&cstd=264&cisv=r20220511.81025&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&adurl=

Requested by

Host: graham-wjxt.zeustechnology.com
URL: https://graham-wjxt.zeustechnology.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.18.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s42-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ee9fecf2ac2811dd91f15b66ab8d4687.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 18 May 2022 13:46:01 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H2 200 SPug Show response
simage4.pubmatic.com/AdServer/ Frame 9CF6 0
128 B 175ms
41ms Script
text/plain 198.47.127.20
GTT-BACKBONE GTT

General

Check archive.org

Show headers Download Go to

Full URL: https://simage4.pubmatic.com/AdServer/SPug?partnerID=160134&gdpr=0&gdpr_consent=&us_privacy=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&SPug=true&p=160134&s=&predirect=&userIdMacro=&gdpr_consent=&gdpr=0&us_privacy=&
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 198.47.127.20 , United States, ASN3257 (GTT-BACKBONE GTT, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Wed, 18 May 2022 13:46:00 GMT
cache-control: no-store, no-cache, private
server: nginx
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame A5B6 0
20 B 73ms
73ms Image
image/gif 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BqVXGmPiEYvbVI8Gl3gOG8764CQAAAAA4AeAEAg&bg=!7u2l7anNAAZL3OSAa9w7ACkAdvg8Wk8u-Dy12zyNscrRvx7AzaYkpIVcLSOLnvay9W837juz57inpAIAAAGxUgAAAAJoAQcKADmhautljJ1VllX2p1NZNbnYvtYMDscfRDRWlPUdpuJiM0gtnqBDVzE7C81mcD20bv3vq9KhPgNKSKmZAwXZuj-N9WJDmgrqlSSlL8tcLGSAIZ0UOaC4mJf4phMKFW2kZ8GZ8DXDoZms-MhbRK4bLKZb1sQqMPeh0dM1Xvb5VdQTDx8GdVsJGKSQ0iqNGpIycdwzW-gdvtoXmrhpZ3EQa6BTpwnO8hBG8C2Z9FidSXWxt1_W_q3BiawSayGfhsB6xVNbccW-SYQ14wShYVUlHpd_0dznnbT_P1y1kmawzHBjn4CHMLPYGP1o51j1IAysvkz8S-nExw9-kcag3mO1K9PQntDgwcUH6U5PZzRa_SuCs9X1VUvTQihI72pZBMMk36PZ69RtFG8M_jEGEdsF9_BGHEdG4hDdEk7Yjr96sap5YQUVrZuBOQvYUUz0sWb8T1rq_mjoh8_LCdqPCtWnv-w9SiWd1Yvw-JPNl-U7AbAIQWClIM5mLnvB4tiILYEF6cBuJFxMd1bIKdlyS1vHO91N7eGRF0MYYJC2QJfTODZBIcO1GX5NQrBlpR3AMEHi51akYTQ9RuMgwi5OXjdexyaTZfY5bFtW4ntyCY3dSNplPRNwD-idwNW6y2yAQv4wDWFdHp7yOwrZfQ5AIZwVEy6IV0Q0Zsgl3iyvMhm_OYjKu0_BMZOxAmfyHNA0LEBRBDk2a2tQEYxzxSiy-0Pip9E87OoN1AWNxzYMIoDI5c6ghRhehlA7mLtgek3j0FCWZhPfzvxnlAlaWA9th2snoRKbh5uONXn2UdLvNnXDk1tZS7drTdpr8NldykAlr8Sfi7o0CEwgSbkL7uuh6RDooIWHkJthqcvdCRX_SF7QIclUi2YqAGeCzESy-0tJumBmWO70_vnIZ-RWy92T8otEOOAYwBZzwCtrrYjjCRYfs2BSeF_yIRd9KYcvoE0paSxMdHPIStxdxm9vJUTpuouuoDIF2-Afh_uJThqwJihnTKq9wWw6o6Lc9EsV1aEpItoafa7Ktw-K_czPbMsBVl9PDCNB4Uvs1fwtzD4epcJIAHqTYOVBSjo_vBuFQF6ZVFbjRPpmY8d58eY9GR9Z_JoRi0hnSQ

Requested by

Host: ee9fecf2ac2811dd91f15b66ab8d4687.safeframe.googlesyndication.com
URL: https://ee9fecf2ac2811dd91f15b66ab8d4687.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 18 May 2022 13:46:01 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 8FF2 0
20 B 74ms
73ms Image
image/gif 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BT0BjmPiEYsjXI-PO7_UP5oCb4AUAAAAAOAHgBAI&bg=!9vWl9bHNAAZL3OSAa9w7ACkAdvg8WlwC5vIx-Uim0z2inqAZIAy7p_BTZYnP7ij2o6hXO2-xYPAv2wIAAAG0UgAAAAxoAQeZAwxAI-ptoyoEQ9-xfVfWa0mmcHvP_7Q1qhWzXN2EytJ7OpBMW1QKNwRHkfCD5ESUOnzAuYAiKWvt9BspifbJC8iwBpJn2mI1tgdlihD-FG9oaLhITuLDvU5_zq47xXzhfouhxD4D0oQoX9XFaT9Fg7Y-5iLxvU_YvzFN5vXDBupX20c2VVtQXKvCvjSAw_IyluUj0bDRWV0ZezmLw4g7jLddyf5GaeUZ-zBoMJl4uvegiBKvpdPNGqImvSQDQ011lXBEsZQcCtHmsFHDxi6N0-4g1ifCoaIeMXavKuP3ufkvVIswVlttsnkclDp928DVWXbB6G5o6fT_zNXwPlomCjGA_6qc88e2yogNgfwP-dSbYf7rmHDOb-9fB0WsC1u33Qohjnf3GO38lkYWE7HS0ThfIovWY9rUy08jGPkee0IZb7t_xo74XYDWrLAnkaQLKppw0alalDJGpUfVlD9hjvoH3gLTnRvxymLo8t1EFAko7q2vx0qMLlr9fkGhMS4-bymujxTbOIHjWYnzdGX-7deKk4dm96T8ELWAHR_tHzD-cHo-56aUWbcPYq4zJPmgetUIpdMjdS8UTbAqZzJo0kY2tikH1e-iucBv-04GCA6QfSAf7x4IO_ZZPuJ42gPFiM40B8XxUKMRRtNgWjNr6gYzeIqD37yTer6t-M0CgbBRgFlJW95AgY0cqZBD5pyBnnSqWadekP5gjG0NL3cvHMBEpecpWJaJeMmt9oePck1fY6fQB5xHvFFlIimijFZIvY7XzS2SGnHW08I5Db5Ny4dUFN5oSn1NbMxbdKOawbONXeuERj_YkJYgI9KdaM-xmFHJrUyiPY9ZjY5RCSoeJIAWVvyJzBr52ZMd6_cYlK2G0xDxUYxO19oDK8Iy0NHaQJ5nVzFkcyVq3muogvWJean0DG_3Z25WRLF5R9bB62RYlaW35S0nNV4vf9j2HgibjOyBIb9CSUWZCEVAc4eNRfJoLMT-LW6k1KkrEN2S7Cz8nP-DquUTPtmLPRehzRwYHlOFiCvlfX-pis21Ovs

Requested by

Host: ee9fecf2ac2811dd91f15b66ab8d4687.safeframe.googlesyndication.com
URL: https://ee9fecf2ac2811dd91f15b66ab8d4687.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 18 May 2022 13:46:01 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame E5DC 0
20 B 74ms
73ms Image
image/gif 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BM2e3mPiEYvnUI9v63gONo70wAAAAADgB4AQC&bg=!lpWlldHNAAZL3OSAa9w7ACkAdvg8WhSOPNEJKHvzAy9uJMiF35sNL0M9p8pHI7CLZaYImY_E2cGOeQIAAAGVUgAAAAJoAQeZAv4mBOVurIjNouA1vkRy90E8ZdU4DF4NIDC6dVzE0CFnukyPMZaqMk_yWG6KQ0YhY1t2dhMAUPhfpWnko0l1tFet5qw3y3FLI8luM3UbaI-05oFzlowCnDoiHPNcqULgBVLheIaOo2IA9jFI686VZEsfppGxCJ0KqpK4p_IisWYHLE2xnLkUL2Xc7IAOSvbRFdo54l3LM6z_8R5Yf0yHr9gPTWNHIZqdS5dZ0x03j8CfBZVLMBIlMBp9l086DXN4Yxt-t0u8g9JvVEIV2FGCMyq5MsZNiMLnhtRms94GZnqcFcE9cAEzwf-vrYx_mJlZe0syulr5wG37vLbP5BCIQy6CFCehVDrTcbUjtcVB0WBlld3hnletrRZnLLuO6Dj7gwvcW2A7vfaQXg5m53-EGmfcwEulgNejPWDMqV8gwRu3sPnq7_pVKsSiGyw2dCxCFGNpJaQzA0e8EYkD1nDvkz2289Ihx_5DYjqRNroWeJWOQxvAoih8OtxODLt1HhtiwmUMnQNxGyRuOfBoVlkkRFNLDK2ZchxcUNmRBOjOtSi1RamcGhZT1WAW3ABj8hMoUV_z5HGJGoZEeSXGt1MF8zmQ3Pj9zDEvPSjNJ0mD12FYhycbYJWG6ix3z7_fV-F6nKaecu43x_zPTQywRYJm0ziFut7vKC9ULME5a-CHGVeRMwlKxkiw13CgVhOxNzfk3l26V4TGpF7i0A59bxhu2tUAbbv1R8PO2X4B-VRj2aB9lMCJi07j5xH1QhXPEuyX1yy8yR40Jc6Bw8QK91axfctsHmUikeEnLe0uQjKN5T7edp5H0h31OGDAKB_WHRk9eb2OdC8n6qEWgM8xlq9D1yf6u5yJO5GyPfBdRkFS7d9jIqRJE5y0ZAfAyqj-UaJ-lpGCV-zs_KsyOHdbThZry4T7GmnNfBnf1w-Zz9yCc_knP4QQjlUcMjssz3inq-ed2_K3qcLkKZIVsHJlInWH_UGCqrVyJdpzXsTDtQ9sUdLnOtDDa5yDc5TnCd8vCSNB

Requested by

Host: ee9fecf2ac2811dd91f15b66ab8d4687.safeframe.googlesyndication.com
URL: https://ee9fecf2ac2811dd91f15b66ab8d4687.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 18 May 2022 13:46:01 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 8947 0
0 74ms
74ms Fetch
image/gif 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjssSoV5SVq2qa3-IVLWtMjS3Dg3pcBW03wvwfSWbyNsRbHCS7RCatIdlvbEK2pYMA-wjbzK_xPym1PAlmnlAHPC4JP27K10IkgVGDM1s3xmwdVQkbIY6iNkiJFZumb6hgTaoZvdQFkkbNRgMJQ7JrrpVJGO2Nmm1V-i0CDzB8fdDQ3ZYYo5jbmMjx85aiNrTMPcTaiJzPU2aCG-vszF2TcuQoIn2vYiqPHRu-Wkqn9YWVDAIhxAjg2xa0MevueXf5mzKkAhZPUeETXxOp6SUyk5OQItVntYKl20pvleen-oQ3U5GR3GDcksdLkPFpbbC_QWUPPLGsdNVFP7Z7gyiZNP78BHkBg&sai=AMfl-YRyGNm0qETsFPJ4pJUWJKSJPBG5GUz6liV8nJARgR0qROfp-XZShHQl4qJZpVRRzY9u-uK-yP7sA5xStyk9_gIiZHCYlOAbTwQZw2pJdUUGWb7t26Cz1RqBALpZlPo&sig=Cg0ArKJSzBredN_8MAwsEAE&uach_m=[UACH]&urlfix=1&adurl=

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ee9fecf2ac2811dd91f15b66ab8d4687.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 18 May 2022 13:46:01 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe
expires: Wed, 18 May 2022 13:46:01 GMT

POST
H2 200 yv
beap-bc.yahoo.com/ Frame B361 43 B
856 B 80ms
66ms Ping
image/gif 2a00:1288:80:807::2
YAHOO-DEB

General

Check archive.org

Show headers Download Go to

Full URL

https://beap-bc.yahoo.com/yv?sek=9119536716078364213:1652881559323&as=YAMPViewableImpressionPayload&av=2.19.0&kv=0&ea=1&ap=9ztZn1goJsh7IKKIXffpYnj7aInqoem3J_IHNXu5T6QlrwLh8f0nVZq0UgxAV7MvQRZaQeMRfKBzgW-vz8JfksqekCv6khNpWVau0cg5Z5icRDo9P47cVNmQrPX5d0XrxQ_34V765WpBWQCQvTfmvtaTsGC7w4PI4YfW1WATww2d1gnkl3dEYOww0-ZwKb_TMaEEW4GUGob6WBOlhEPOg7eHNjGMZVWAvlevzTTGF0PAW5fu_271AZY1EOj7wfPSBjfldb4pkpz7RMgTxVmWUY8k-8GfcGrF6snnR2HjAGc&iv=100&v=1&m=2&r=1652881561776&im=1&b=20&ad=jv=1.0.261:vd=0:na=0:ed=1:tpv=:tp=1:mt=7

Requested by

Host: cdn.js7k.com
URL: https://cdn.js7k.com/rq/iv/inside-20.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1288:80:807::2 , United Kingdom, ASN203220 (YAHOO-DEB, GB),

Reverse DNS

Software

ATS /

Resource Hash

b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ee9fecf2ac2811dd91f15b66ab8d4687.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Wed, 18 May 2022 13:46:01 GMT
referrer-policy: no-referrer-when-downgrade
server: ATS
age: 0
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
strict-transport-security: max-age=15552000
p3p: policyref="https://policies.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
x-xss-protection: 1; mode=block
cache-control: no-cache, private
content-type: image/gif
content-length: 43
x-content-type-options: nosniff
accept-charset: utf-8

GET
DATA 200
OK truncated
/ Frame B361 218 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 456e60be767a18d9f8dc23102e1eaf9b27ef2270133411528b5f6c2e80f8b9a7

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame 8947 214 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 4bdfde51645c62b6c69153c8385da7f48780aebdbbdb7f3c6009ac92ce78da2f

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame B1A7 216 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: dc66eb31eabfac7ca2ced902b2007708445d4368eac6acd466cf40bd60f360a0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame 0CF4 216 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 978f26559cf0dc9168eeab14846bc80467248c2ff37cfe5827d92248db48701d

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 14 KB
10 KB 132ms
53ms XHR
application/json 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2022051701&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022051701.js?cb=31067666

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e27e321c62e5ed1f81886154c3bd872968c8e902629df6a67ea56c74d08d0aa0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://graham-wjxt.zeustechnology.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 18 May 2022 13:46:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10521
x-xss-protection: 0

GET
H2 200 100x120.jpg
cache-ssl.celtra.com/api/blobs/dd543083253758df176452bb45faa6b90ce5d21b16dabc109377c1e5d17d0a8d/ Frame 5F45 6 KB
7 KB 38ms
38ms Image
image/jpeg 143.204.215.44
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cache-ssl.celtra.com/api/blobs/dd543083253758df176452bb45faa6b90ce5d21b16dabc109377c1e5d17d0a8d/100x120.jpg?transform=crush&quality=85
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.215.44 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-215-44.fra53.r.cloudfront.net
Software: Apache /
Resource Hash: 6084207970efc0ed81caab77c0c22ffe445bedae63409ee899f08a42be0872e4

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ee9fecf2ac2811dd91f15b66ab8d4687.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Wed, 18 May 2022 04:00:07 GMT
via: 1.1 varnish (Varnish/6.2), 1.1 9d27077cd67d98c0474b05ec9d68df4a.cloudfront.net (CloudFront)
age: 35154
x-cache: Hit from cloudfront
content-length: 6527
server: Apache
etag: "6084207970efc0ed81caab77c0c22ffe445bedae63409ee899f08a42be0872e4"
x-varnish: 3121996 400332
access-control-allow-origin: *
access-control-expose-headers: Accept-Ranges, Content-Encoding, Content-Length, Content-Range, Content-Disposition
cache-control: max-age=31556926
access-control-allow-credentials: false
x-amz-cf-pop: FRA53-C1
accept-ranges: bytes
content-type: image/jpeg
x-amz-cf-id: 0XcCP2lvh67YLDDa614a076pTwls-h2A_dXDSMOn7w93xmcV_vCyGQ==

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
6 KB 74ms
74ms Script
text/javascript 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022051701.js?cb=31067666

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://graham-wjxt.zeustechnology.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Wed, 18 May 2022 13:46:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Wed, 18 May 2022 13:46:02 GMT

GET
H2 200 close-up.svg
cache-ssl.celtra.com/api/static/v1d0fe298c7/runner/clazzes/CreativeUnit/ Frame 8947 1 KB
2 KB 40ms
39ms Image
image/svg+xml 143.204.215.44
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cache-ssl.celtra.com/api/static/v1d0fe298c7/runner/clazzes/CreativeUnit/close-up.svg
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.215.44 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-215-44.fra53.r.cloudfront.net
Software: Apache /
Resource Hash: d350cd3c1e1805977e3c9cd865c588fb33f853d94e07e59530a5417bcbd2245b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ee9fecf2ac2811dd91f15b66ab8d4687.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 17 May 2022 08:56:54 GMT
via: 1.1 varnish (Varnish/6.2), 1.1 9d27077cd67d98c0474b05ec9d68df4a.cloudfront.net (CloudFront)
age: 103745
x-cache: Hit from cloudfront
content-length: 1084
server: Apache
etag: "d350cd3c1e1805977e3c9cd865c588fb33f853d94e07e59530a5417bcbd2245b"
x-varnish: 1998865 327693
access-control-allow-origin: *
access-control-expose-headers: Accept-Ranges, Content-Encoding, Content-Length, Content-Range, Content-Disposition
cache-control: max-age=31556926
access-control-allow-credentials: false
x-amz-cf-pop: FRA53-C1
accept-ranges: bytes
content-type: image/svg+xml
x-amz-cf-id: llwzYpDYhP6jBIYMnDIrAbm2baaqjtY-KqyxlH7FI3Am2Wi5VUkVRw==

GET
H2 200 close-down.svg
cache-ssl.celtra.com/api/static/v1d0fe298c7/runner/clazzes/CreativeUnit/ Frame 8947 1 KB
2 KB 40ms
39ms Image
image/svg+xml 143.204.215.44
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cache-ssl.celtra.com/api/static/v1d0fe298c7/runner/clazzes/CreativeUnit/close-down.svg
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.215.44 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-215-44.fra53.r.cloudfront.net
Software: Apache /
Resource Hash: 93810046cf5293dcb79678f9e2301587886e4944044b113f03429b5650ef02c0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ee9fecf2ac2811dd91f15b66ab8d4687.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 17 May 2022 08:56:54 GMT
via: 1.1 varnish (Varnish/6.2), 1.1 9d27077cd67d98c0474b05ec9d68df4a.cloudfront.net (CloudFront)
age: 103746
x-cache: Hit from cloudfront
content-length: 1164
server: Apache
etag: "93810046cf5293dcb79678f9e2301587886e4944044b113f03429b5650ef02c0"
x-varnish: 720919 131077
access-control-allow-origin: *
access-control-expose-headers: Accept-Ranges, Content-Encoding, Content-Length, Content-Range, Content-Disposition
cache-control: max-age=31556926
access-control-allow-credentials: false
x-amz-cf-pop: FRA53-C1
accept-ranges: bytes
content-type: image/svg+xml
x-amz-cf-id: JnwO9gjRFhSa-4wUqGv8Wc-g2H0t3pkreT-mGMGK30KVzXA6M_1RRQ==

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://track.celtra.com/json/eyJldmVudHMiOlt7InNlc3Npb25JZCI6InMxNjUyODgxNTYweDM1YmE4MGUwZDMzYzBjeDgyNzczMzI3IiwiYWNjb3VudElkIjoiN2NlZWMxMDIiLCJzdHJlYW0iOiJhZEV2ZW50cyIsImluc3RhbnRpYXRpb24iOiI1MjA3Njg3MDc5Mzk2ODE5IiwiaW5kZXgiOjEsImNsaWVudFRpbWVzdGFtcCI6MTY1Mjg4MTU2MC41MTksInNjb3BlIjoiZ2xvYmFsIiwidXNlckFnZW50IjoiTW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NCkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzEwMS4wLjQ5NTEuNjQgU2FmYXJpLzUzNy4zNiIsIm9yaWVudGF0aW9uIjowLCJ0b3Btb3N0UmVhY2hhYmxlV2luZG93Ijp7IndpZHRoIjoxLCJoZWlnaHQiOjF9LCJob3N0V2luZG93Ijp7IndpZHRoIjoxLCJoZWlnaHQiOjF9LCJuZXN0aW5nIjp7ImlmcmFtZSI6dHJ1ZSwiZnJpZW5kbHlJZnJhbWUiOmZhbHNlLCJpYWJGcmllbmRseUlmcmFtZSI6ZmFsc2UsImhvc3RpbGVJZnJhbWUiOnRydWUsImlmcmFtZURlcHRoIjowfSwicGFnZVZpc2liaWxpdHlBcGkiOnRydWUsInJlcXVlc3RBbmltYXRpb25GcmFtZSI6dHJ1ZSwidG9wV2luZG93TmF0aXZlUkFGU3VwcG9ydGVkIjp0cnVlLCJhbGxvd05vbk5hdGl2ZVJBRkZvclZpZXdhYmxlVGltZVVzZWQiOmZhbHNlLCJjbGllbnRUaW1lWm9uZU9mZnNldEluTWludXRlcyI6MCwic3VwcG9ydHNDb250YWluZXJWaWV3YWJpbGl0eSI6ZmFsc2UsInN1cHBvcnRzQ29udGFpbmVySW5pdGlhbFZpZXdhYmlsaXR5IjpmYWxzZSwidGFnUGFyZW50V2lkdGgiOjAsInRhZ1BhcmVudEhlaWdodCI6MCwiYW1wRGV0ZWN0ZWQiOmZhbHNlLCJhbXBOZXN0aW5nTGV2ZWwiOiIiLCJzYWZlRnJhbWVEZXRlY3RlZCI6dHJ1ZSwiZmV0Y2hTdXBwb3J0ZWQiOnRydWUsImFzYXBFbmFibGVkIjpudWxsLCJuYXRpdmVQcm9taXNlc1N1cHBvcnRlZCI6dHJ1ZSwiYmVhY29uU3VwcG9ydGVkIjp0cnVlLCJJbnRlcnNlY3Rpb25PYnNlcnZlclN1cHBvcnRlZCI6dHJ1ZSwiaXNNdXRhdGlvbk9ic2VydmVyU3VwcG9ydGVkIjp0cnVlLCJ3ZWJWaWV3IjpudWxsLCJpc1dpbmRvd09wZW5OYXRpdmUiOnRydWUsInByb3RvTG9hZGluZyI6eyJkYXRhTG9hZFN0YXR1cyI6InN1cHBvcnRlZCIsImJsb2JMb2FkU3RhdHVzIjoic3VwcG9ydGVkIn0sIm5hbWUiOiJlbnZpcm9ubWVudEluZm8ifSx7InNlc3Npb25JZCI6InMxNjUyODgxNTYweDM1YmE4MGUwZDMzYzBjeDgyNzczMzI3IiwiYWNjb3VudElkIjoiN2NlZWMxMDIiLCJzdHJlYW0iOiJhZEV2ZW50cyIsImluc3RhbnRpYXRpb24iOiI1MjA3Njg3MDc5Mzk2ODE5IiwiaW5kZXgiOjIsImNsaWVudFRpbWVzdGFtcCI6MTY1Mjg4MTU2MS45NTQsIm5hbWUiOiJjcmVhdGl2ZUxvYWRlZCIsInZpZXdhYmlsaXR5MDBNZWFzdXJhYmxlIjpmYWxzZSwidmlld2FiaWxpdHk1MDFNZWFzdXJhYmxlIjpmYWxzZSwidmlld2FibGVUaW1lTWVhc3VyYWJsZSI6ZmFsc2UsImNkblZhcmlhbnQiOiJub25lIn1dfQ==?crc32c=2465348990
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.157.234.176 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-35-157-234-176.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: 8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ee9fecf2ac2811dd91f15b66ab8d4687.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 18 May 2022 13:46:01 GMT
Cache-Control: no-cache, no-store, must-revalidate
Expires: 0
Connection: keep-alive
Content-Length: 35
Content-Type: image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://track.celtra.com/json/eyJldmVudHMiOlt7InNlc3Npb25JZCI6InMxNjUyODgxNTYweDM1YmE4MGUwZDMzYzBjeDgyNzczMzI3IiwiYWNjb3VudElkIjoiN2NlZWMxMDIiLCJzdHJlYW0iOiJhZEV2ZW50cyIsImluc3RhbnRpYXRpb24iOiI1MjA3Njg3MDc5Mzk2ODE5IiwiaW5kZXgiOjMsImNsaWVudFRpbWVzdGFtcCI6MTY1Mjg4MTU2MS45NTYsIm5hbWUiOiJ1c2VyRXJyb3IiLCJ1c2VyRXJyb3JJZCI6InVuaXRWYXJpYW50c0RvTm90Rml0UGxhY2VtZW50In0seyJzZXNzaW9uSWQiOiJzMTY1Mjg4MTU2MHgzNWJhODBlMGQzM2MwY3g4Mjc3MzMyNyIsImFjY291bnRJZCI6IjdjZWVjMTAyIiwic3RyZWFtIjoiYWRFdmVudHMiLCJpbnN0YW50aWF0aW9uIjoiNTIwNzY4NzA3OTM5NjgxOSIsImluZGV4Ijo0LCJjbGllbnRUaW1lc3RhbXAiOjE2NTI4ODE1NjEuOTU3LCJ1bml0TmFtZSI6ImJhbm5lciIsInVuaXRWYXJpYW50TG9jYWxJZCI6NDIsInNjcmVlbkxvY2FsSWQiOm51bGwsInNjcmVlblRpdGxlIjpudWxsLCJzY3JlZW5Jc01hc3RlciI6bnVsbCwib2JqZWN0TG9jYWxJZCI6bnVsbCwib2JqZWN0TmFtZSI6bnVsbCwib2JqZWN0Q2xhenoiOm51bGwsImluaXRpYXRpb25UaW1lc3RhbXAiOjE2NTI4ODE1NjEuOTU2LCJuYW1lIjoidmlld1Nob3duIiwidmlld05hbWUiOiIxMDAgeCAxMjAiLCJjbGF6eiI6IkNyZWF0aXZlVW5pdFZhcmlhbnQiLCJkZXNpZ25TaXplIjp7IndpZHRoIjoxMDAsImhlaWdodCI6MTIwfSwiYXZhaWxhYmxlU2l6ZSI6eyJ3aWR0aCI6MSwiaGVpZ2h0IjowfX1dfQ==?crc32c=1399308199
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.157.234.176 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-35-157-234-176.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: 8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ee9fecf2ac2811dd91f15b66ab8d4687.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 18 May 2022 13:46:02 GMT
Cache-Control: no-cache, no-store, must-revalidate
Expires: 0
Connection: keep-alive
Content-Length: 35
Content-Type: image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://track.celtra.com/json/eyJldmVudHMiOlt7InNlc3Npb25JZCI6InMxNjUyODgxNTYweDM1YmE4MGUwZDMzYzBjeDgyNzczMzI3IiwiYWNjb3VudElkIjoiN2NlZWMxMDIiLCJzdHJlYW0iOiJhZEV2ZW50cyIsImluc3RhbnRpYXRpb24iOiI1MjA3Njg3MDc5Mzk2ODE5IiwiaW5kZXgiOjUsImNsaWVudFRpbWVzdGFtcCI6MTY1Mjg4MTU2MS45NTksInVuaXROYW1lIjoiYmFubmVyIiwidW5pdFZhcmlhbnRMb2NhbElkIjo0Miwic2NyZWVuTG9jYWxJZCI6NDUsInNjcmVlblRpdGxlIjoiU3RhcnQiLCJzY3JlZW5Jc01hc3RlciI6ZmFsc2UsIm9iamVjdExvY2FsSWQiOm51bGwsIm9iamVjdE5hbWUiOm51bGwsIm9iamVjdENsYXp6IjpudWxsLCJpbml0aWF0aW9uVGltZXN0YW1wIjoxNjUyODgxNTYxLjk1OSwibmFtZSI6InNjcmVlblNob3duIn0seyJzZXNzaW9uSWQiOiJzMTY1Mjg4MTU2MHgzNWJhODBlMGQzM2MwY3g4Mjc3MzMyNyIsImFjY291bnRJZCI6IjdjZWVjMTAyIiwic3RyZWFtIjoiYWRFdmVudHMiLCJpbnN0YW50aWF0aW9uIjoiNTIwNzY4NzA3OTM5NjgxOSIsImluZGV4Ijo2LCJjbGllbnRUaW1lc3RhbXAiOjE2NTI4ODE1NjEuOTU5LCJuYW1lIjoiY3JlYXRpdmVSZW5kZXJlZCJ9XX0=?crc32c=388721606
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.157.234.176 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-35-157-234-176.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: 8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ee9fecf2ac2811dd91f15b66ab8d4687.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 18 May 2022 13:46:02 GMT
Cache-Control: no-cache, no-store, must-revalidate
Expires: 0
Connection: keep-alive
Content-Length: 35
Content-Type: image/gif

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 53C7 13 KB
5 KB 40ms
39ms Document
text/html 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://graham-wjxt.zeustechnology.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 6653
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Wed, 18 May 2022 11:55:09 GMT
expires: Thu, 18 May 2023 11:55:09 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 aframe Show response
www.google.com/recaptcha/api2/ Frame E017 783 B
536 B 49ms
48ms Document
text/html 2a00:1450:4001:801::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

9f8f6cd670a92f7f7bdaa95007ddf2b10348e6aed44d6d505163b214b9923182

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-XKfGw2Oktn13l56X6Mvpfg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://graham-wjxt.zeustechnology.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private, max-age=300
content-encoding: gzip
content-length: 514
content-security-policy: script-src 'report-sample' 'nonce-XKfGw2Oktn13l56X6Mvpfg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Wed, 18 May 2022 13:46:02 GMT
expires: Wed, 18 May 2022 13:46:02 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame E017 0
0 86ms
86ms Image
text/html 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gpt_2022051701&jk=1671799181567607&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

GET
H3 200 Yd3cEgPtLOfKcy7GxWkHziCM9jl-6RVWGk-YTJsF5Kc.js Show response
pagead2.googlesyndication.com/bg/ Frame 53C7 35 KB
13 KB 39ms
38ms Script
text/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/Yd3cEgPtLOfKcy7GxWkHziCM9jl-6RVWGk-YTJsF5Kc.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61dddc1203ed2ce7ca732ec6c56907ce208cf6397ee915561a4f984c9b05e4a7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 17 May 2022 16:20:56 GMT
content-encoding: br
x-content-type-options: nosniff
age: 77106
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13574
x-xss-protection: 0
last-modified: Mon, 09 May 2022 12:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 17 May 2023 16:20:56 GMT

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame 53C7 0
9 B 37ms
37ms Image
text/plain 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?uUCasw
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Wed, 18 May 2022 13:46:02 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame B361 42 B
64 B 71ms
71ms Fetch
image/gif 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjst4Sbm8rjKE5JaVtU620-r3hVkcIOJPzqnAD-XkiIpl7qG_Zms-IfQUOMo6-VZdWr0UoMRvSiHt7-XcsEThQumJCc-IgEVpkqw&sig=Cg0ArKJSzAhI1lMzrka4EAE&id=lidar2&mcvt=1000&p=0,0,250,300&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20220516&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=34&adk=3865833880&rs=6&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0%3D&vs=4&r=v&rst=1652881559587&rpt=2026&met=mue&wmsd=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ee9fecf2ac2811dd91f15b66ab8d4687.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 18 May 2022 13:46:02 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame B361 42 B
64 B 73ms
72ms Fetch
image/gif 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsvYzm_dN28LlhXZrKeCwpaG4fJmnX4oARucpjsgC5kDwnr_ylsVpk4vq2it-nn0yptCYTlVkfWNboYga5i1woB7NA&sig=Cg0ArKJSzDUoxthEuh52EAE&id=lidar2&mcvt=1002&p=507,650,757,950&mtos=1002,1002,1002,1002,1002&tos=1002,0,0,0,0&v=20220516&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=20&adk=622255232&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0%3D&vs=4&r=v&rst=1652881559587&rpt=2023&isd=0&lsd=0&met=mue&wmsd=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ee9fecf2ac2811dd91f15b66ab8d4687.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 18 May 2022 13:46:02 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ 0
0 90ms
90ms Image
text/html 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gpt_2022051701&jk=1671799181567607&bg=!lZalltLNAAZL3OSAa9w7ACkAdvg8Wg4uhnxxeVGo3RUg3gYEC-j5ASTMB18rjQG7LdM-G9y0a3XTvQIAAACeUgAAAAJoAQeZAqzSgYpzRluNZFt0cV3R0eqxRdSpzMxb1N9IaD7qCPSl3I40n1Fr3G2Wv9UdYYbD_hM1Z1Uht80D1RnnhfKlTzWZOYQFUlOtG786-XSvcJbJ7h_drtp-oJqnhZLbV-rALEO1gIWK9Ln_AGKpdjVJyGUp0S1cpV4PFllUJkGLvl6Qk5-mKvSxqy1qWOI58j-pZKHy_a4JclGG-1EM_9B37Y_Sntjc28dcuGyH2qyKkqKBwuDdsYL5d2OiO5F1RP-Zyfe_2QJgX5OxHg9PCU0rGUTY4gFcJU6-qFuXcThl9n-ExKAxAmN6TjVhoV-NIB2B7SzfI-ITSI1CTfP2Z2fBNwxSTPK4EJ1FfswY1cgRwc8_hipRp9wma5jUNFOqcQ9ZajBx7Y6yFg6nfS2c4_xa3n6ftLvfNIHUwleZRvagn7HTuABZD57PVtVIwVzLlROGnXTmUZVvQIgVUoCG9oMS0kRqtNbJFQSRmOhk38M6OtK-HzOc0TJiaJ1j67-VldHU6dapxwcCTPzIiZqzDGT0HDbcE1UFEdFc_jj2DLOIozG8krZd1_1f0Qa7mHOuS0Wm50CTKKIy6tFYsaTZiVumDPlKwW_M1-u6SQdr4hXZLNqYjiGksGBTNsguFoMK11ZGmOw7QFro10dSxJNMoDoAAh4Bz-SXJwDAbB6B79eknW7evn7-J96s1EWjX9mZeCwRUJ8L0tjpCSUH8aQn5LZ29hceor_VJRU8yt7MRahwNSccSdxMQUJSZmnT8oq3gW6PqSYfCZ1dvZWc-id0OW2_nPCh6EyDqWL4jQSwyBegVETMVmCbVRmavLxV7Wk7CajmClf1ncJhkJa0zL1Ys6H01460MNOlYrQUJCnW4t-HiBtuOFqKQdM5yUVKEefYG5br8Lu-89HjRzkFkTXCqsI
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://graham-wjxt.zeustechnology.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

Verdicts & Comments Add Verdict or Comment

41 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

28 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.rubiconproject.com/	1970-01-20 11:53:37	Name: khaos Value: L3BN0529-17-4O4G
.rubiconproject.com/	1970-01-20 11:53:37	Name: audit Value: 1\|hLZGFuTafB02SmV/SXp+9wNb0fGVcfL/XWaA1sYWTLG0RTcz8e+19es6AXC74r0UvW9ws8oALynRIWLaGw/jZAhUs5qFQIXXBzFDayqp0/rMboWaW1ii7RrFj85P1vvO
.yahoo.com/	1970-01-20 11:53:59	Name: A3 Value: d=AQABBJb4hGICEOK0uhY8aNL4BTsa72vx0SIFEgEBAQFKhmKOYgAAAAAA_eMAAA&S=AQAAArIv9Ksl5iNl3y-DuoCkX98
.adnxs.com/	1970-01-20 05:17:37	Name: icu Value: ChgI1KhyEAoYASABKAEwl_GTlAY4AUABSAEQl_GTlAYYAA..
.adnxs.com/	1970-01-20 05:17:37	Name: uuid2 Value: 4070203339281356417
.pubmatic.com/	1970-01-20 05:17:37	Name: KADUSERCOOKIE Value: 6690F3BD-439B-49CF-8730-FE9E5685864B
.pubmatic.com/	1970-01-20 05:17:37	Name: chkChromeAb67Sec Value: 1
.pubmatic.com/	1970-01-20 03:09:27	Name: pi Value: 160134:2
.pubmatic.com/	1970-01-20 05:17:37	Name: DPSync3 Value: 1654041600%3A197_201%7C1653436800%3A164%7C1652918400%3A174
.pubmatic.com/	1970-01-20 05:17:37	Name: SyncRTB3 Value: 1653436800%3A2_223%7C1654041600%3A7_220_21_13_166_22_54_71
.analytics.yahoo.com/	1970-01-20 11:53:37	Name: IDSYNC Value: 18z8~24yd
.simpli.fi/	1970-01-20 11:55:03	Name: suid Value: 3F87694395E3489CA0AC4A9FBD7CB2FD
.zeustechnology.com/	1970-01-20 12:29:37	Name: __gads Value: ID=06a96c6262e10cb2-22307bc896cd00d0:T=1652881559:S=ALNI_MbsIke7GVfT_tDMknFVzDFrBLKGwg
.adform.net/	1970-01-20 03:52:39	Name: C Value: 1
.turn.com/	1970-01-20 07:27:13	Name: uid Value: 3200693521187788429
.everesttech.net/	1970-01-20 11:53:37	Name: everest_g_v2 Value: g_surferid~YoT4lwACOygB7QAj
.adform.net/	1970-01-20 04:34:25	Name: uid Value: 7359789744657717813
.bidr.io/	1970-01-20 12:36:35	Name: bito Value: AAETjE7FCfEAAEwgOvZ89A
.bidr.io/	1970-01-20 12:36:35	Name: bitoIsSecure Value: ok
.doubleclick.net/	1970-01-20 12:29:37	Name: IDE Value: AHWqTUky8MHGC488cDHR5gaeoOs7OE5-VR4b2KujHNYngXXjRXa-MelDRTX7GONiJ-0
.pubmatic.com/	1970-01-20 03:51:13	Name: KRTBCOOKIE_22 Value: 14911-3200693521187788429
.pubmatic.com/	1970-01-20 03:51:13	Name: KRTBCOOKIE_218 Value: 4056-YoT4lwACOygB7QAj&KRTB&22978-YoT4lwACOygB7QAj&KRTB&23194-YoT4lwACOygB7QAj&KRTB&23209-YoT4lwACOygB7QAj
.pubmatic.com/	1970-01-20 03:51:13	Name: KRTBCOOKIE_80 Value: 22987-CAESEFGe5nPuwJYSB-VxOSaaf3Q&KRTB&16514-CAESEFGe5nPuwJYSB-VxOSaaf3Q&KRTB&23025-CAESEFGe5nPuwJYSB-VxOSaaf3Q
.doubleclick.net/	1970-01-20 03:08:05	Name: DSID Value: NO_DATA
.mathtag.com/	1970-01-20 12:33:56	Name: uuid Value: 44886284-f898-4700-b64c-eb3ee08253b8
.pubmatic.com/	1970-01-20 03:51:13	Name: KRTBCOOKIE_27 Value: 16735-uid:b4906284-f898-4d00-a433-307bf2263ce3&KRTB&16736-uid:b4906284-f898-4d00-a433-307bf2263ce3&KRTB&23019-uid:b4906284-f898-4d00-a433-307bf2263ce3&KRTB&23208-uid:b4906284-f898-4d00-a433-307bf2263ce3
.pubmatic.com/	1970-01-20 03:51:13	Name: PugT Value: 1652881560
.pubmatic.com/	1970-01-20 03:51:13	Name: SPugT Value: 1652881560

4 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://idsync.rlcdn.com/420486.gif?partner_uid=6690F3BD-439B-49CF-8730-FE9E5685864B Message: Failed to load resource: the server responded with a status of 451 ()
other	warning	URL: https://cdn.ampproject.org/rtv/012204292129000/v0/amp-ad-exit-0.1.mjs(Line 1) Message: Unrecognized feature: 'attribution-reporting'.
other	warning	URL: https://cdn.ampproject.org/rtv/012204292129000/v0/amp-ad-exit-0.1.mjs(Line 1) Message: Unrecognized feature: 'attribution-reporting'.
network	error	URL: https://image4.pubmatic.com/AdServer/SPug?partnerID=156078&xid=y-INEmDRJE2uWlSyCuFIhL.qfmbImayeY-~A&gdpr=0&gdpr_consent= Message: Failed to load resource: the server responded with a status of 502 ()

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ad.doubleclick.net
ad.turn.com
ads.celtra.com
ads.pubmatic.com
adservice.google.com
adservice.google.de
ap.lijit.com
beap-bc.yahoo.com
c1.adform.net
cache-ssl.celtra.com
cdn.ampproject.org
cdn.js7k.com
cm.g.doubleclick.net
ee9fecf2ac2811dd91f15b66ab8d4687.safeframe.googlesyndication.com
fastlane.rubiconproject.com
googleads.g.doubleclick.net
googleads4.g.doubleclick.net
graham-wjxt.zeustechnology.com
htlb.casalemedia.com
ib.adnxs.com
idsync.rlcdn.com
image2.pubmatic.com
image4.pubmatic.com
image6.pubmatic.com
js-sec.indexww.com
match.adsrvr.org
match.prod.bidr.io
pagead2.googlesyndication.com
pr-bh.ybp.yahoo.com
pr.ybp.yahoo.com
prod-m-node-3113.ssp.yahoo.com
pubgw.ads.yahoo.com
s.yimg.com
s0.2mdn.net
securepubads.g.doubleclick.net
simage2.pubmatic.com
simage4.pubmatic.com
sync-tm.everesttech.net
sync.mathtag.com
tpc.googlesyndication.com
track.celtra.com
um.simpli.fi
ups.analytics.yahoo.com
www.google.com
www.googletagservices.com
103.229.206.240
104.92.100.195
142.250.184.226
142.250.185.130
142.250.186.102
143.204.215.44
151.101.66.49
169.50.137.182
172.217.18.98
18.156.0.31
18.198.184.102
18.198.241.229
185.33.221.53
185.64.189.110
185.64.190.80
192.82.242.209
198.47.127.20
2001:678:cb4:bbbb::11
23.35.236.201
23.35.236.247
2602:803:c004:200::141
2a00:1288:80:807::1
2a00:1288:80:807::2
2a00:1450:4001:801::2004
2a00:1450:4001:80e::2006
2a00:1450:4001:80f::2002
2a00:1450:4001:811::2001
2a00:1450:4001:827::2001
2a00:1450:4001:829::2001
2a00:1450:4001:82a::2002
2a00:1450:4001:82f::2002
2a00:1450:4001:831::2002
2a05:d018:d29:3605:9b3d:59c:490d:6d21
35.157.234.176
35.244.174.68
37.157.2.238
52.215.3.215
52.223.40.198
65.9.63.114
72.251.249.14
035a862ce3d6630dd76876ef5ed7b94d8d24b352317e462faf4e3142dd51b8d0
06967de79eeb104946e3ccd80c4188d8d6068200ed7529968917809990b1c9cb
0acb3b80af7c0b57236950b299413314109b5e196eaf3861261c0cef5f5a290c
0bb59aa6ceb39d415b9f5679af7ca1d6740616f6f6d1a8860549a4b6fea8ee83
0bcac89d72d5f0b2bef20f815406384ff05489e4294acee57409060c2eccffc5
0ff561f910ab53ad22542bfc801e0d7d996e34ecef33fe227e854e1983c72372
127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b
151ca0dbdad0610cbb5b206a106dd32b5a5915325c96ec690652e0e47abf8465
1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002
1e91cece076431e89f7c6a36d7cfbc6ec031035bb3676a37fc481e16529c4a64
242808ea5594a45faf87265162b5d5dec28306f4a76af7294556c27f05ec7820
28f18d39406a4b70dfa6cd479fe03f7ed918ca5c05cee26b87d9e1626cea1ed9
2b7ecfa16b35e4b6e585a4d2b267825e82da4cd4be5e6cdafe4c414c846368d5
2f1437358fe43315deb086b8ec092f5c36c6d8c6c1ed44b13fa9d03e1f8bbdd0
2f4704e4382becd79f34955f70a299090ce001e24cb10451e25f65cde49f43fb
36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1
362cf45c9f2dbed05cf3905c180b4486e8378cbfff2ba4bd4405d8eed6511d6f
36a9e7f1c95b82ffb99743e0c5c4ce95d83c9a430aac59f84ef3cbfab6145068
39b19dd23a0764aedb0fd9def9acf4b99e4c1395a131757889ac062b98897034
3a8401b9de517e95d1907c86f6a007332ab5f02012dc4777765c5ce5212684c8
3bd4eb2ece0fe98f279a14bb2b61ecbbcd501a598b50f1f8b211f76ecd420996
3dfebf35b2f3a4ba4000addc2c1d1495a3f3da602e47cc51a5175ab7dedabeb8
42bd99c9d9c85bebd6419be0bc7cab4bbdd98f3743d9c0bf7e3e62cd627cb581
456e60be767a18d9f8dc23102e1eaf9b27ef2270133411528b5f6c2e80f8b9a7
48152a1780b8f664221952a9935ff1801866bd212b30420149ef5e55d6bfd2f0
4884e66b76e22283727befb2bafb182cf38dd29edc2cff43b69cae76669f6a47
48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438
48e317eef20a781057ccd63dfd7d961e5fe71134e640d31e63047083c0dca92a
4bdfde51645c62b6c69153c8385da7f48780aebdbbdb7f3c6009ac92ce78da2f
4cae9257beae7f5001f5dd972ca07577a0a40a6634c53dfed2941a020a731a77
4cd9dc48f529174f1c5240d963a4a4f3c7e48d9d4908607e02daecfbf1b6f050
4e16eccc11b3062d8dff542a1d2180c10e67e0dc29a4639abe96b058ebaf0811
4ff505470d0d1dc381cd8ec6536a1c61f18ae8190279ea98be0c43950f809fb0
5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f
53b0053087c796bee6fb74269f3ff3e6316beb7e06309cfbccb5d52a45e69d7f
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
5a49ffdeec0e61058ab6cdd783275b84a2c27a7a26b95a644f7764a78b510a7a
5d827510ae112e7feb108e8c4cd7d612c76fb6abf44928b9bf2693d2f45bf231
6084207970efc0ed81caab77c0c22ffe445bedae63409ee899f08a42be0872e4
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
61dddc1203ed2ce7ca732ec6c56907ce208cf6397ee915561a4f984c9b05e4a7
62ee6c0d232acefafa51670e4fa5cd462b05d5623a8eae34d1724d20ba39a8bf
64d0bfa9acda7c0a418f5da79de3f50ea6e9d57370dbf52a704c055f16cf842d
6b2b33ed233f2d69f55116939edbdf579975d7447fbfe829cfc64b3210c82fb2
6caa6be73cd9d8eecd46bf67b7f52a2192184e0f91618bdd297ab64e8346cdd0
6db34bd903920d0823ef8393e369782e90743dd91ceaa1600e406a26d0ae8bbd
6f66aa6c35591e7d118e0e786fbac0c102d4453e87b4820ab3c65e5130212b6c
7239d76e3e0f175856584bcd2ea60cb11247920b16dccb445117c974afc28787
728c5c649341926f2db94ec6c5266db00ef04e87748435619d0ac6fb006334bf
742106aba0be6db1086baa20c675ca18298baf0eecf4f0ad7a99111be6796446
77127ee6b7169577d071cc806cc157598e7d86b1d4d99835d6c69558aa02808c
7912117f323c2d45e1f5de214f8f36edb755822155beaee17ba50bb2a575c988
79947be0178c4f930d940a94f0eab0755852281f225d8679c27d50a6a9b77503
7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b
8066520d4f9a10b94ecaab59ccd265803acf8a1c1d1de3769ab889e95a77dd4f
8331b21ddc4c8d610c80aee1a2a961e81f3c6860de9496975660f18e34cde79c
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
839d612094d249b2a61350df1c5a9bafd943738d63b9133d7fc9fb1cc9520f70
8438fcae135714383f2e8b95e9a173d7dae352e433c16c07ab158e6c88c489d0
86e5ca96552a7f1c8f0010ecb3b9b304add126535536d5b1e940961244e86ab4
8aa048082094d36080fc028ab1584264596c64fb5b362038c4761ac9838d6b14
8cc3aa3b08ba7c0bf3feef7a05281a246a13c5fa71cfead127ba89da5fbf883e
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0
93810046cf5293dcb79678f9e2301587886e4944044b113f03429b5650ef02c0
965195159be784009cc31e4aff2505c066643cf8cdc99df7f56c2eab2abeda82
978f26559cf0dc9168eeab14846bc80467248c2ff37cfe5827d92248db48701d
9c3411253a27e9bcf09880de6e1a94b5d99bfc88211f394e6bbefeef63a01bbf
9cb25c26047c3494964247558aeb87ac4b4b71ea5185df8145a3077d20014e17
9e30bc3d455f45ae93ed29f99e746ec7ff75b5cfde50dc45a0465c45d7eb8506
9f8f6cd670a92f7f7bdaa95007ddf2b10348e6aed44d6d505163b214b9923182
a05fdfb3e658a59c3b08dc4d5787cf76826988866a1be0bac3710c7753640d1f
a420cf37bab0b3ff0db3f13e8ad3f53d7be2bbe3692337260345f985212ebd82
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a5b45d7709fc3d4c5a3ba78fbc6abbefa5e916c438be693258d326eac72140af
a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b225a72c3c0f0ce054225cf8748508f69d7315568bb5aacb38491e006a4372d5
b248db9b737338aed6fd13d753d17226adb656c6a41673cf5343f8ab4e092c98
b3a1231790be53aa5210678e207c61bc8376c752f0c5a33df9e3eae23cc3b0a3
b5de29bcba25545696a935537693e17fa5ce921281867af459ec7387b5265c47
b881933fe54cb1f5fff57af861b24625152804dc14462501e7f1fde3b11fe4a1
b8954ed878ae615531f62b8d9a95a79d9a86a84f4af1504bcbec32d8e62d7ebd
bb6e5291a8c826dc889e43631a18e2020b28e15775f3f331c5fa82e65fe51851
bf385a98378addd8dc168cb8dc765b81c6e7ef4c536c185078178eb7d731f096
cacceffa46d127d384e9b1317532a616067007a2991c1f91b7a348869f1a3439
ccf2a1e8372060c8e6f5e31ae5088992a2f9b49b3365ecf223fa9d320072a5ed
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
d0f43f5751af9af3d8681595897251ed0e9db8b4bb310b558cec4095bdb6c701
d26432e661658ef9d3d538b1f71b1478193f6c141f1cd7dfed03e5b677d178c2
d2e2026a65b0a3901c8a3cf2044e7807e4f27dde90362491a2ef20d7c72c44ab
d350cd3c1e1805977e3c9cd865c588fb33f853d94e07e59530a5417bcbd2245b
d71a686476343c935a476a1fa1898114d47b4509c9ac2b2a525a3e06eaab08ce
d980737570520417533b2bde977fc5db0b873096ec7adbd61281f03e45ff0bd7
dc66eb31eabfac7ca2ced902b2007708445d4368eac6acd466cf40bd60f360a0
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
e27e321c62e5ed1f81886154c3bd872968c8e902629df6a67ea56c74d08d0aa0
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e41d1ae45acbf836b8dcc29544c7e41cced4211214df601d5284a7e9c7134c73
e740af47dce3c52fa79676a89f069df919742695c115d085622cba431198815f
e9fbcdf651a938d0c3ddfe6a72dc73cb13473ef40fc9783d7f470981324b2294
eba3e78e8ef8169ba5951b869e594f227f33787886fa2fced4d12d6f70e84ccc
ec24ec80719b83e32448bd568739a6b7c36f96cc746c3003a9d32a1ef4535152
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f1643cd8a87d5850035f6bab691629b04bba6b1224333f9e8f4e06efb6320dfd
f28236cf9fb53f0f4f4f35faf320aafaebca7c2f0679e6f13f8a4283ec5ed10b
f8b5ea735529423c4744b2bd5b5016134cb35062849ee79063888457e073d9aa
ff258a4070747a2894b586b3dd629e4b4ef4e19c1d011e65a2b8a337acd9b908

graham-wjxt.zeustechnology.com Open in urlscan Pro 65.9.63.114 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

192 Requests

94 %HTTPS

35 %IPv6

26 Domains

45 Subdomains

37 IPs

7 Countries

1973 kBTransfer

5388 kBSize

28 Cookies

0 Outgoing links

Redirected requests

192 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 5 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

graham-wjxt.zeustechnology.com Open in urlscan Pro
65.9.63.114 Public Scan

Screenshot
Live screenshot

Full Image

192
Requests

94 %
HTTPS

35 %
IPv6

26
Domains

45
Subdomains

37
IPs

7
Countries

1973 kB
Transfer

5388 kB
Size

28
Cookies

192 HTTP transactions
5 data transactions