bloxfruitscript.com Open in urlscan Pro
2606:4700:3034::ac43:b5a5 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://bloxfruitscript.com/
Effective URL:
https://bloxfruitscript.com/
Submission Tags: phish.gg anti.fish automated Search All
Submission: On December 29 via api (December 29th 2023, 10:04:04 am UTC) from DE — Scanned from DE

Summary HTTP 130 Redirects Behaviour Indicators

Summary

This website contacted 25 IPs in 8 countries across 20 domains to perform 130 HTTP transactions. The main IP is 2606:4700:3034::ac43:b5a5, located in United States and belongs to CLOUDFLARENET, US. The main domain is bloxfruitscript.com.
TLS certificate: Issued by GTS CA 1P5 on November 15th 2023. Valid for: 3 months.

This is the only time bloxfruitscript.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 9	2606:4700:303... 2606:4700:3034::ac43:b5a5	13335 (CLOUDFLAR...) (CLOUDFLARENET)
5	2a00:1450:400... 2a00:1450:4001:806::200a	15169 (GOOGLE) (GOOGLE)
1	192.0.77.37 192.0.77.37	2635 (AUTOMATTIC) (AUTOMATTIC)
21	2a00:1450:400... 2a00:1450:4001:831::2002	15169 (GOOGLE) (GOOGLE)
2	192.0.76.3 192.0.76.3	2635 (AUTOMATTIC) (AUTOMATTIC)
7	2a00:1450:400... 2a00:1450:4001:812::2003	15169 (GOOGLE) (GOOGLE)
2 14	2a00:1450:400... 2a00:1450:4001:812::2002	15169 (GOOGLE) (GOOGLE)
3	192.0.77.2 192.0.77.2	2635 (AUTOMATTIC) (AUTOMATTIC)
23	2a00:1450:400... 2a00:1450:4001:81c::2001	15169 (GOOGLE) (GOOGLE)
4	2a00:1450:400... 2a00:1450:4001:809::2002	15169 (GOOGLE) (GOOGLE)
7	2a00:1450:400... 2a00:1450:4001:830::2003	15169 (GOOGLE) (GOOGLE)
4	216.58.206.34 216.58.206.34	15169 (GOOGLE) (GOOGLE)
2 4	2a00:1450:400... 2a00:1450:4001:830::2004	15169 (GOOGLE) (GOOGLE)
4 10	172.217.16.194 172.217.16.194	15169 (GOOGLE) (GOOGLE)
2 4	172.64.151.101 172.64.151.101	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2 3	37.252.172.123 37.252.172.123	29990 (ASN-APPNEX) (ASN-APPNEX)
1 2	99.81.20.211 99.81.20.211	16509 (AMAZON-02) (AMAZON-02)
9	2a00:1450:400... 2a00:1450:4001:812::2006	15169 (GOOGLE) (GOOGLE)
1 2	2001:678:cb4:... 2001:678:cb4:bbbb::11	56396 (AMOBEE) (AMOBEE)
1	2a02:fa8:8806... 2a02:fa8:8806:13::1370	41041 (VCLK-EU-SE) (VCLK-EU-SE)
1 1	35.186.193.173 35.186.193.173	15169 (GOOGLE) (GOOGLE)
1 1	35.190.0.66 35.190.0.66	15169 (GOOGLE) (GOOGLE)
2 2	213.155.156.169 213.155.156.169	1299 (TWELVE99 ...) (TWELVE99 Arelion)
1	178.250.1.9 178.250.1.9	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
2 2	37.157.5.133 37.157.5.133	198622 (ADFORM) (ADFORM)
2	142.250.186.162 142.250.186.162	15169 (GOOGLE) (GOOGLE)
2	2600:9000:20a... 2600:9000:20ab:3400:8:48e:53c0:93a1	16509 (AMAZON-02) (AMAZON-02)
5	2600:1f18:1ac... 2600:1f18:1aca:4282:9b2a:61a7:aac6:a228	14618 (AMAZON-AES) (AMAZON-AES)
130	25

9 2606:4700:3034::ac43:b5a5 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

bloxfruitscript.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:806::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 192.0.77.37 (San Francisco, United States)

ASN2635 (AUTOMATTIC, US)
PTR: wordpress.com

c0.wp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

21 2a00:1450:4001:831::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 192.0.76.3 (San Francisco, United States)

ASN2635 (AUTOMATTIC, US)

stats.wp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
pixel.wp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2a00:1450:4001:812::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

14 2a00:1450:4001:812::2002 (Frankfurt am Main, Germany) 2 redirects

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 192.0.77.2 (San Francisco, United States)

ASN2635 (AUTOMATTIC, US)
PTR: i1.wp.com

i0.wp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

23 2a00:1450:4001:81c::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:809::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2a00:1450:4001:830::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 216.58.206.34 (United States)

ASN15169 (GOOGLE, US)
PTR: lcfraa-aa-in-f2.1e100.net

www.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:830::2004 (Frankfurt am Main, Germany) 2 redirects

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 172.217.16.194 (United States) 4 redirects

ASN15169 (GOOGLE, US)
PTR: fra16s08-in-f194.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 172.64.151.101 (United States) 2 redirects

ASN13335 (CLOUDFLARENET, US)

dsum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 37.252.172.123 (Frankfurt am Main, Germany) 2 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 868.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 99.81.20.211 (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-99-81-20-211.eu-west-1.compute.amazonaws.com

fw.adsafeprotected.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 2a00:1450:4001:812::2006 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

s0.2mdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2001:678:cb4:bbbb::11 (United Kingdom) 1 redirects

ASN56396 (AMOBEE, GB)

ad.turn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
r.turn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:fa8:8806:13::1370 (Singapore)

ASN41041 (VCLK-EU-SE, US)

dclk-match.dotomi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.186.193.173 (Kansas City, United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: 173.193.186.35.bc.googleusercontent.com

gcm.ctnsnet.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.190.0.66 (Kansas City, United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: 66.0.190.35.bc.googleusercontent.com

ads.travelaudience.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 213.155.156.169 (Sweden) 2 redirects

ASN1299 (TWELVE99 Arelion, fka Telia Carrier, SE)

d5p.de17a.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 178.250.1.9 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

dis.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 37.157.5.133 (Denmark) 2 redirects

ASN198622 (ADFORM, DK)

c1.adform.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.186.162 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s08-in-f2.1e100.net

googleads4.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2600:9000:20ab:3400:8:48e:53c0:93a1 (United States)

ASN16509 (AMAZON-02, US)

static.adsafeprotected.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2600:1f18:1aca:4282:9b2a:61a7:aac6:a228 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)

dt.adsafeprotected.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
44	googlesyndication.com pagead2.googlesyndication.com — Cisco Umbrella Rank: 102 tpc.googlesyndication.com — Cisco Umbrella Rank: 148	521 KB
26	doubleclick.net 6 redirects googleads.g.doubleclick.net — Cisco Umbrella Rank: 33 cm.g.doubleclick.net — Cisco Umbrella Rank: 219 googleads4.g.doubleclick.net — Cisco Umbrella Rank: 515	190 KB
14	gstatic.com fonts.gstatic.com www.gstatic.com	209 KB
9	2mdn.net s0.2mdn.net — Cisco Umbrella Rank: 300	120 KB
9	adsafeprotected.com 1 redirects fw.adsafeprotected.com — Cisco Umbrella Rank: 900 static.adsafeprotected.com — Cisco Umbrella Rank: 602 dt.adsafeprotected.com — Cisco Umbrella Rank: 567	102 KB
9	bloxfruitscript.com 1 redirects bloxfruitscript.com	108 KB
6	wp.com c0.wp.com — Cisco Umbrella Rank: 8588 stats.wp.com — Cisco Umbrella Rank: 2814 pixel.wp.com — Cisco Umbrella Rank: 2796 i0.wp.com — Cisco Umbrella Rank: 3858	97 KB
5	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 29	5 KB
4	casalemedia.com 2 redirects dsum-sec.casalemedia.com — Cisco Umbrella Rank: 578	2 KB
4	google.com 2 redirects www.google.com — Cisco Umbrella Rank: 2	863 B
4	googleadservices.com www.googleadservices.com — Cisco Umbrella Rank: 138
4	googletagservices.com www.googletagservices.com — Cisco Umbrella Rank: 206	258 KB
3	adnxs.com 2 redirects ib.adnxs.com — Cisco Umbrella Rank: 229	2 KB
2	adform.net 2 redirects c1.adform.net — Cisco Umbrella Rank: 560	1 KB
2	de17a.com 2 redirects d5p.de17a.com — Cisco Umbrella Rank: 4497	651 B
2	turn.com 1 redirects ad.turn.com — Cisco Umbrella Rank: 773 r.turn.com — Cisco Umbrella Rank: 3570	869 B
1	criteo.com dis.criteo.com — Cisco Umbrella Rank: 550	363 B
1	travelaudience.com 1 redirects ads.travelaudience.com — Cisco Umbrella Rank: 5555	554 B
1	ctnsnet.com 1 redirects gcm.ctnsnet.com — Cisco Umbrella Rank: 49153	609 B
1	dotomi.com dclk-match.dotomi.com — Cisco Umbrella Rank: 2627	104 B
130	20

	Domain	Requested by
23	tpc.googlesyndication.com	googleads.g.doubleclick.net bloxfruitscript.com tpc.googlesyndication.com pagead2.googlesyndication.com
21	pagead2.googlesyndication.com	bloxfruitscript.com pagead2.googlesyndication.com googleads.g.doubleclick.net www.googletagservices.com tpc.googlesyndication.com
14	googleads.g.doubleclick.net	2 redirects pagead2.googlesyndication.com googleads.g.doubleclick.net
10	cm.g.doubleclick.net	4 redirects googleads.g.doubleclick.net
9	s0.2mdn.net	bloxfruitscript.com s0.2mdn.net googleads.g.doubleclick.net
9	bloxfruitscript.com	1 redirects bloxfruitscript.com
7	www.gstatic.com	googleads.g.doubleclick.net
7	fonts.gstatic.com	fonts.googleapis.com
5	dt.adsafeprotected.com	googleads.g.doubleclick.net
5	fonts.googleapis.com	bloxfruitscript.com googleads.g.doubleclick.net
4	dsum-sec.casalemedia.com	2 redirects googleads.g.doubleclick.net
4	www.google.com	2 redirects googleads.g.doubleclick.net tpc.googlesyndication.com
4	www.googleadservices.com	bloxfruitscript.com
4	www.googletagservices.com	googleads.g.doubleclick.net
3	ib.adnxs.com	2 redirects googleads.g.doubleclick.net
3	i0.wp.com	bloxfruitscript.com
2	static.adsafeprotected.com	googleads.g.doubleclick.net
2	googleads4.g.doubleclick.net	bloxfruitscript.com
2	c1.adform.net	2 redirects
2	d5p.de17a.com	2 redirects
2	fw.adsafeprotected.com	1 redirects bloxfruitscript.com
1	dis.criteo.com	googleads.g.doubleclick.net
1	ads.travelaudience.com	1 redirects
1	gcm.ctnsnet.com	1 redirects
1	dclk-match.dotomi.com	googleads.g.doubleclick.net
1	r.turn.com	googleads.g.doubleclick.net
1	ad.turn.com	1 redirects
1	pixel.wp.com	bloxfruitscript.com
1	stats.wp.com	bloxfruitscript.com
1	c0.wp.com	bloxfruitscript.com
130	30

This site contains no links.

Subject Issuer	Validity	Valid
bloxfruitscript.com GTS CA 1P5	`2023-11-15` - `2024-02-13`	3 months	crt.sh
upload.video.google.com GTS CA 1C3	`2023-11-20` - `2024-02-12`	3 months	crt.sh
*.wp.com Sectigo ECC Domain Validation Secure Server CA	`2023-11-28` - `2024-12-28`	a year	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2023-11-20` - `2024-02-12`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2023-11-20` - `2024-02-12`	3 months	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2023-11-20` - `2024-02-12`	3 months	crt.sh
www.googleadservices.com GTS CA 1C3	`2023-11-20` - `2024-02-12`	3 months	crt.sh
www.google.com GTS CA 1C3	`2023-11-20` - `2024-02-12`	3 months	crt.sh
fw.adsafeprotected.com Amazon RSA 2048 M02	`2023-03-29` - `2024-04-27`	a year	crt.sh
*.doubleclick.net GTS CA 1C3	`2023-11-20` - `2024-02-12`	3 months	crt.sh
*.dotomi.com GlobalSign RSA OV SSL CA 2018	`2023-08-15` - `2024-09-15`	a year	crt.sh
*.criteo.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-12-01` - `2024-03-01`	3 months	crt.sh
static.adsafeprotected.com Amazon RSA 2048 M02	`2023-07-07` - `2024-08-04`	a year	crt.sh
dt.adsafeprotected.com Amazon RSA 2048 M02	`2023-05-09` - `2024-06-07`	a year	crt.sh
*.google.com GTS CA 1C3	`2023-11-20` - `2024-02-12`	3 months	crt.sh

This page contains 21 frames:

Primary Page: https://bloxfruitscript.com/
Frame ID: D1CB501E2CA22416B7F6820800C01B0B
Requests: 33 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20231207/r20190131/zrt_lookup_fy2021.html
Frame ID: 1CBF12C5EC73BAB7F2C687E4B1908D31
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5010780903860877&output=html&adk=1812271804&adf=3025194257&lmt=1703780621&plat=4%3A16%2C9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C41%3A32%2C42%3A32&plas=164x675_l&format=0x0&url=https%3A%2F%2Fbloxfruitscript.com%2F&ea=0&pra=5&wgl=1&easpi=0&asro=0&asiscm=1&aslmt=0.4&asamt=-1&asedf=0&asefa=1&aseiel=1~2~4~6&aslcwct=150&asacwct=25&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1703844240103&bpp=8&bdt=195&idt=172&shv=r20231207&mjsv=m202312070101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=7268847350637&frm=20&pv=2&ga_vid=1753788854.1703844240&ga_sid=1703844240&ga_hid=695921729&ga_fc=0&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31079265%2C31080103%2C44795921%2C95320885&oid=2&pvsid=2470216890726112&tmod=247982195&uas=0&nvt=1&fsapi=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=1&uci=a!1&fsb=1&dtd=188
Frame ID: D191CDFEEB9159B7D890922D9D7D4F78
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5010780903860877&output=html&h=280&adk=697371007&adf=2329691654&pi=t.aa~a.3189099640~rp.4&w=1200&fwrn=4&fwrnh=100&lmt=1703780621&rafmt=1&to=qs&pwprc=3637729518&format=1200x280&url=https%3A%2F%2Fbloxfruitscript.com%2F&ea=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1703844240111&bpp=1&bdt=203&idt=185&shv=r20231207&mjsv=m202312070101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=2&correlator=7268847350637&frm=20&pv=1&ga_vid=1753788854.1703844240&ga_sid=1703844240&ga_hid=695921729&ga_fc=0&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=143&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31079265%2C31080103%2C44795921%2C95320885&oid=2&pvsid=2470216890726112&tmod=247982195&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=a!2&fsb=1&dtd=187
Frame ID: EC5FE42A6B0B76F8F7F9074E58C041FE
Requests: 15 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5010780903860877&output=html&h=600&adk=3221264352&adf=4242688473&pi=t.aa~a.1544306476~rp.4&w=299&fwrn=4&fwrnh=100&lmt=1703780621&rafmt=1&to=qs&pwprc=3637729518&format=299x600&url=https%3A%2F%2Fbloxfruitscript.com%2F&ea=0&fwr=0&pra=3&rpe=1&resp_fmts=4&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1703844241508&bpp=1&bdt=1600&idt=0&shv=r20231207&mjsv=m202312070101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Df3892e151bbd3ba8%3AT%3D1703844240%3ART%3D1703844240%3AS%3DALNI_Ma033ZcpSt4llbqh9ajcvUW4jSlAw&gpic=UID%3D00000ce928b60a4c%3AT%3D1703844240%3ART%3D1703844240%3AS%3DALNI_MaGr1Ep4NojSsdq5MOuLeRB0XJ2Og&prev_fmts=0x0%2C1200x280&nras=3&correlator=7268847350637&frm=20&pv=1&ga_vid=1753788854.1703844240&ga_sid=1703844240&ga_hid=695921729&ga_fc=0&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1100&ady=1807&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31079265%2C31080103%2C44795921%2C95320885&oid=2&psts=AOrYGsm-_0Gk1Y2_NGbi1TEDUqov5nDlrnq6_1dmxgRHGlo01wl7d_WkSg0Zq5lriLZKoZhQMBN5b_PzrLx8tkm6PCm1qX3G&pvsid=2470216890726112&tmod=247982195&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=3&uci=a!3&btvi=1&fsb=1&dtd=151
Frame ID: 422098408D312F53330C8314FB2F4B79
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/gPTZx8Qg5YtqHYATuVEq7wiNXgGYJLmNtV6Q-nRIA0Y.js
Frame ID: 4129238941E0EE8115D3916BEE2306CA
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20231207/r20110914/zrt_lookup_fy2021.html?fsb=1
Frame ID: ACACCA524E3F3666F4F87F3244398C7C
Requests: 6 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20231207/r20110914/zrt_lookup_fy2021.html?fsb=1
Frame ID: B4AB5BC77ECFFE605B604EA961885F43
Requests: 15 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Frame ID: 84389262A2CA20E06DD7884EBA5D8FF8
Requests: 2 HTTP requests in this frame

Frame: https://fonts.googleapis.com/css?family=Montserrat%3A400%2C500%7CGoogle%20Sans%3A400
Frame ID: EB18ED086241ABA489BC17E89EF19660
Requests: 7 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Frame ID: 7497FE2A04CFA02E31D3129350F8C375
Requests: 2 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/gPTZx8Qg5YtqHYATuVEq7wiNXgGYJLmNtV6Q-nRIA0Y.js
Frame ID: 9EAEA27F53F1189BC2B079013203EAF8
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/gPTZx8Qg5YtqHYATuVEq7wiNXgGYJLmNtV6Q-nRIA0Y.js
Frame ID: DCC0F9FDB7AC88FED547E653CD6D23CD
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CNKOMxDkyTkYpq39xAEwAQ&v=APEucNUlcFnkoNQgLVLbr_8QdmVIVWiFkQwc-gX2yY-2rt10rXFZE9T5-zZAvwYHk8BS1cTdQiVPg2fvgH3bobrskV2e9WJOIRLUKFM7ykCI3sEboQLQ5JB0W7Pmzq0GJTfbyLW5P_dE-nTGWkANORpkZes_RWp6hNw0ZySh9SG8T33Apqp_VIY
Frame ID: EAE9BD03EE682848FACB099EEC389E93
Requests: 5 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/js/dv3.js
Frame ID: 84AC4750E8014E32501987996A956276
Requests: 23 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: BCC03A876F7A4AEDC1061DC5F77DF124
Requests: 9 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/62bHydCX.html
Frame ID: ABDB148CE3FA290301AFAD9BF36037CC
Requests: 3 HTTP requests in this frame

Frame: https://s0.2mdn.net/sadbundle/8464527532860307799/index.html?ev=01_250
Frame ID: 13D51950FFD7E6164AD1EECEF20105D1
Requests: 8 HTTP requests in this frame

Frame: https://static.adsafeprotected.com/sca.17.6.2.js
Frame ID: B9E36573E12095BEE749963D5FE16CD3
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 680B4B48A839D8C12A776DE983D47990
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 5CB8E1EB4F5AEED6F65B8680B96A5CC7
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Blox Fruit Script - Official website for Blox Fruit Script Collection

Page URL History Show full URLs

http://bloxfruitscript.com/ HTTP 301
https://bloxfruitscript.com/ Page URL

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

<link rel=["']stylesheet["'] [^>]+/wp-(?:content|includes)/
<link[^>]+s\d+\.wp\.com
/wp-(?:content|includes)/

AppNexus (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.(?:net|com)

DoubleClick Campaign Manager (DCM) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

2mdn\.net

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/
2mdn\.net

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

jQuery Migrate (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]migrate(?:-([\d.]+))?(?:\.min)?\.js(?:\?ver=([\d.]+))?

Page Statistics

130
Requests

91 %
HTTPS

50 %
IPv6

20
Domains

30
Subdomains

25
IPs

8
Countries

1611 kB
Transfer

4752 kB
Size

18
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://bloxfruitscript.com/ HTTP 301
https://bloxfruitscript.com/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 44

https://googleads.g.doubleclick.net/pagead/adview?ai=CisWskJmOZcfPE9DM1fAP6q6R2Azo8c6EdcWAlLiiEu7jgd6WDhABII_q7ZkBYJXikIKgB6ABrrzQ-CnIAQmpAgUKPBIfkLI-qAMByAPLBKoE3gFP0GgQ4dC3_ummBiYjQ-nQQlUYe0BByyqu7m5tI92t8_X_fkpemXEw-GIhAfvYw3B1f0reVzKVsCbQtfuhHaEd0dCiNRQJ4ald6wyLOPgjWAG9f51jXxeCeKNaQljEcIKRM7ZEJ-s_YjF0VSHLJJWv0mKzSPWb-53KSjFNASRwoCOaoiNyuQjjGoGBV4HOihRmEuIqBSNmXCEU8i-VrMok0R4aUp7KEcuFpYr8DMnytjYQif8GjryscQml-chC8Wgzh90FVR4bZfy7jklnjbZivhUiOAd3EsUdFC0OpU3ABLyS2ujoBIgF4KGI5U2SBQQIBBgBkgUECAUYBKAGLoAHrvSg2ASoB9m2sQKoB47OG6gHk9gbqAfulrECqAf-nrECqAfVyRuoB6a-G9gHAPIHBBCl0RnSCB8IgOGAEBABGB8yAqoCOgKAQEi9_cE6WKe5ybWytIMDmgkaaHR0cHM6Ly9kZS5zaG9mYXN0LmNvbS9kc3KACgHICwGiDBwqGgoY5LSxAu61sQK1uLECrLqxAuS0sQLutbECuBPkA9gTDNAVAYAXAbIXHAoaCAASFHB1Yi01MDEwNzgwOTAzODYwODc3GAA&sigh=5_VfMuqc_-c&uach_m=%5BUACH%5D&ase=2&nis=4&cid=CAQSTwAvHhf_M5mJgvCmb_Il8Bl5tq88v6NhXQctO97YRGL5CvQA07Hr3RmCh5Fqr1VDJSGcsyDJHr67cRAUT3lCvzXGtpdhW3XA6UmJg2mDuckYAQ&template_id=484&cbvp=2&vis=1 HTTP 302
https://www.googleadservices.com/pagead/ar-adview/?nrh={%22debug_key%22:%225138551311735403247%22,%22debug_reporting%22:true,%22destination%22:%22https://shofast.com%22,%22event_report_window%22:%22259200%22,%22expiry%22:%222592000%22,%22filter_data%22:{%222%22:[%2211258830382%22],%2222%22:[%22true%22],%224%22:[%2212-29%22],%226%22:[%22true%22]},%22priority%22:%22500%22,%22source_event_id%22:%2215404232360559836785%22}&andc=true

Request Chain 76

https://googleads.g.doubleclick.net/pagead/adview?ai=CwB_8kJmOZe3FE6bG1fAP66CO8AyetIb2dPzo6JvcEdrZHhABII_q7ZkBYJXikIKgB6AB84_7qSnIAQGpAgUKPBIfkLI-qAMByAPLBKoE5wFP0KkE-UyG05ovcBF6ws-ok6K-Ti9--5gmRUUrStH-AMsZ82rYz0xTYMR9sEv5pWvrooEafE0Hx5gn6nSLKbAgBed9X_prljPjw0ekXVZd5-_ieyJdPcnBUXdH-p0z4z7v5XeUqd4TjX2sueKMcYQzycJ8teq8B7MBsL53ZxVRtTtFPUYUD2l9bjzGWr61iSvtU4-Yyx7-kDNao4SJ1bJJfDV-4fCP1IfNGs1lxPQip5fx6jGx3pGEiao6yt1adtghO0gYvLoyWBRCNiqf8GPasgxiJHOM1vyiiWqQCkLgnOmXWUgCrQDABIq4vM-gBIgFyviL5UuSBQQIBBgBkgUECAUYBIAH88fLiQSoB9m2sQKoB47OG6gHk9gbqAfulrECqAf-nrECqAfVyRuoB6a-G9gHAfIHBBDO8gPSCB8IgOGAEBABGB8yAqoCOgKAQEi9_cE6WOmlybWytIMDmgmbAWh0dHBzOi8vZGUuc2hvZmFzdC5jb20vZHNyP3E9d2FyZWhvdXNlJTIwbWFuYWdlbWVudCUyMHNvZnR3YXJlJmFzaWQ9em13X2NoNDM1JmRlPWMmc2NsaWQ9MC0yNDAxNSZnY2xpZD17Z2NsaWR9JnJhYz1iZXN0JTIwd2FyZWhvdXNlJTIwbWFuYWdlbWVudCUyMHNvZnR3YXJlgAoByAsBogwUKhIKEOS0sQLutbECtbixAru7sQLYEwyIFAHQFQGYFgGAFwGyFxwKGggAEhRwdWItNTAxMDc4MDkwMzg2MDg3NxgAshgDIgEA&sigh=GFSPuT-VTvQ&uach_m=%5BUACH%5D&ase=2&nis=4&cid=CAQSTwAvHhf_1722jbaCr9u573rNVskfaRyVWMS968ufeH4O63gNeSY2fD6qF7cG3VeNVhHM1ZA56eO9qQBhSx7HqXTFiTnE3ZzJxfoRV19ZXwMYAQ&cbvp=2&vis=1 HTTP 302
https://www.googleadservices.com/pagead/ar-adview/?nrh={%22debug_key%22:%2210234732844106524899%22,%22debug_reporting%22:true,%22destination%22:%22https://shofast.com%22,%22event_report_window%22:%22259200%22,%22expiry%22:%222592000%22,%22filter_data%22:{%222%22:[%2211093854195%22],%2222%22:[%22true%22],%224%22:[%2212-29%22],%226%22:[%22true%22]},%22priority%22:%22500%22,%22source_event_id%22:%2211812281263006235969%22}&andc=true

Request Chain 77

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Request Chain 79

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Request Chain 90

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESELHSkmOj9hVz1dShluFk69A&google_cver=1

Request Chain 91

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZY6Zk8nDyjXm5gSoqSn29wAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESELHSkmOj9hVz1dShluFk69A&google_cver=1

Request Chain 92

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESELrrdcowc-mJp-SMFCxiUZo&google_cver=1

Request Chain 93

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 307
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NTI4MTAyNjk1MTQyMDYzMzEwMw%3D%3D

Request Chain 104

https://ad.turn.com/r/cs?pid=3&google_gid=CAESEE077m0N4y0xZRpBRoDhG-o&google_cver=1&google_push=AXcoOmQZDoem1v_M8EGbScLEi10BRX0n2vgWc7mG6mZXtkmQrYy5YaSIv7BD1vy5loWam0oUTGY7xDXC_fGKYxrgIqe1naVyU4rQyg HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=turn1&google_cm&google_sc&google_hm=NzAwODUzMjkwODA2MTEwMDQ0Ng==&gdpr=&gdpr_consent= HTTP 302
https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?gdpr=&gdpr_consent=&google_gid=CAESEE077m0N4y0xZRpBRoDhG-o&google_cver=1

Request Chain 106

https://gcm.ctnsnet.com/int/cm?exc=1&acc=crimtan&google_gid=CAESENoPKSzHf6Nd-K61t9psAIc&google_cver=1&google_push=AXcoOmTJ-d6Df0ExujURc6BxnbflIPxn_r_jb8tkB2mHEWVvXlamM-9T_bt5j6V-n62ZmlBurvhZKwIecR9hkFz0nHDa-SS77YrwGw HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=crimtan&google_push=AXcoOmTJ-d6Df0ExujURc6BxnbflIPxn_r_jb8tkB2mHEWVvXlamM-9T_bt5j6V-n62ZmlBurvhZKwIecR9hkFz0nHDa-SS77YrwGw&google_hm=-R9ylkjRQkuIrH7JzgaVhU0

Request Chain 107

https://ads.travelaudience.com/google_pixel?google_gid=CAESEPzcxb-OnZP0q2txM3t4W9I&google_cver=1&google_push=AXcoOmSPPLFvZ6ZCVxwbV7_OH9iu4EGkQHdQmJjDJBDVZl1Eb8JL_kOWFIAuBbYyyXePZk8pFdfU17gawqmzTjgjA_Q-8A5KWrIP HTTP 307
https://cm.g.doubleclick.net/pixel?google_nid=ta&google_hm=i0nwwt7wSQ0HK_sHT7il7Q&google_push=AXcoOmSPPLFvZ6ZCVxwbV7_OH9iu4EGkQHdQmJjDJBDVZl1Eb8JL_kOWFIAuBbYyyXePZk8pFdfU17gawqmzTjgjA_Q-8A5KWrIP

Request Chain 108

https://d5p.de17a.com/cookies/google?google_gid=CAESEJPPT8Q7dmSGB2L927r0qJU&google_cver=1&google_push=AXcoOmRLJzRzMc5rfge08DpkgDH0VMGX-RhqRcY5jKqMXs8kiDYVPZOyZ7OC6I9LnVsL8r6dW1C4K5sTd0ecLwxjEi_VmWaR54EJoA HTTP 302
https://d5p.de17a.com/cookies/google;c?google_gid=CAESEJPPT8Q7dmSGB2L927r0qJU&google_cver=1&google_push=AXcoOmRLJzRzMc5rfge08DpkgDH0VMGX-RhqRcY5jKqMXs8kiDYVPZOyZ7OC6I9LnVsL8r6dW1C4K5sTd0ecLwxjEi_VmWaR54EJoA HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=delta_projects_ab&google_ula=668382&google_push=AXcoOmRLJzRzMc5rfge08DpkgDH0VMGX-RhqRcY5jKqMXs8kiDYVPZOyZ7OC6I9LnVsL8r6dW1C4K5sTd0ecLwxjEi_VmWaR54EJoA

Request Chain 110

https://c1.adform.net/serving/cookie/match/?party=1&google_gid=CAESEO1_x9dMtH5AO7cnyYjm6hM&google_cver=1&google_push=AXcoOmRKZq3xcF1bgt6FwdPoCSqIkX5ddtYoZNNrXs11gBe_jRHArP6O9jNHUAD5tj5yODK1ajD2UcWMZIbGfrsPMGH2LXgLHeQE HTTP 302
https://c1.adform.net/serving/cookie/match/?CC=1&party=1&google_gid=CAESEO1_x9dMtH5AO7cnyYjm6hM&google_cver=1&google_push=AXcoOmRKZq3xcF1bgt6FwdPoCSqIkX5ddtYoZNNrXs11gBe_jRHArP6O9jNHUAD5tj5yODK1ajD2UcWMZIbGfrsPMGH2LXgLHeQE HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=MzQzNDU0OTAzOTY0NDExNzE4Mw&google_push=AXcoOmRKZq3xcF1bgt6FwdPoCSqIkX5ddtYoZNNrXs11gBe_jRHArP6O9jNHUAD5tj5yODK1ajD2UcWMZIbGfrsPMGH2LXgLHeQE

Request Chain 126

https://fw.adsafeprotected.com/rfw/st/987057/61527764/4.js?ias_dspID=3&ias_campId=1013380671&ias_pubId=pub-5010780903860877&ias_chanId=1&ias_placementId=20347772140&bidurl=https://bloxfruitscript.com/&ias_dealId=&adsafe_par&ias_impId=v4~~ABAjH0iUYi_6AeiadPaMboOPpvEi&adContainerId=brand_safety_k5mOZY27BLDpx_AP14eQ-AI&cbFunctionName=goog_wrapCb_k5mOZY27BLDpx_AP14eQ-AI&true_pb=https%3A%2F%2Fstatic.adsafeprotected.com%2Fpassback_160x600.js&adsafe_pb=https%3A%2F%2Fstatic.adsafeprotected.com%2F4a.js&adsafe_url=https%3A%2F%2Fbloxfruitscript.com&adsafe_type=g&adsafe_url=https%3A%2F%2Fbloxfruitscript.com%2F&adsafe_type=c&adsafe_url=https%3A%2F%2Fgoogleads.g.doubleclick.net%2F&adsafe_type=f&adsafe_url=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fpagead%2Fads%3Fclient%3Dca-pub-5010780903860877%26output%3Dhtml%26h%3D600%26adk%3D3221264352%26adf%3D4242688473%26pi%3Dt.aa~a.1544306476~rp.4%26w%3D299%26fwrn%3D4%26fwrnh%3D100%26lmt%3D1703780621%26rafmt%3D1%26to%3Dqs%26pwprc%3D3637729518%26format%3D299x600%26url%3Dhttps%253A%252F%252Fbloxfruitscript.com%252F%26ea%3D0%26fwr%3D0%26pra%3D3%26rpe%3D1%26resp_fmts%3D4%26wgl%3D1%26fa%3D40%26uach%3DWyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.%26dt%3D1703844241508%26bpp%3D1%26bdt%3D1600%26idt%3D0%26shv%3Dr20231207%26mjsv%3Dm202312070101%26ptt%3D9%26saldr%3Daa%26abxe%3D1%26cookie%3DID%253Df3892e151bbd3ba8%253AT%253D1703844240%253ART%253D1703844240%253AS%253DALNI_Ma033ZcpSt4llbqh9ajcvUW4jSlAw%26gpic%3DUID%253D00000ce928b60a4c%253AT%253D1703844240%253ART%253D1703844240%253AS%253DALNI_MaGr1Ep4NojSsdq5MOuLeRB0XJ2Og%26prev_fmts%3D0x0%252C1200x280%26nras%3D3%26correlator%3D7268847350637%26frm%3D20%26pv%3D1%26ga_vid%3D1753788854.1703844240%26ga_sid%3D1703844240%26ga_hid%3D695921729%26ga_fc%3D0%26u_tz%3D60%26u_his%3D2%26u_h%3D1200%26u_w%3D1600%26u_ah%3D1200%26u_aw%3D1600%26u_cd%3D24%26u_sd%3D1%26dmc%3D8%26adx%3D1100%26ady%3D1807%26biw%3D1600%26bih%3D1200%26scr_x%3D0%26scr_y%3D0%26eid%3D44759875%252C44759926%252C44759837%252C31079265%252C31080103%252C44795921%252C95320885%26oid%3D2%26psts%3DAOrYGsm-_0Gk1Y2_NGbi1TEDUqov5nDlrnq6_1dmxgRHGlo01wl7d_WkSg0Zq5lriLZKoZhQMBN5b_PzrLx8tkm6PCm1qX3G%26pvsid%3D2470216890726112%26tmod%3D247982195%26uas%3D0%26nvt%3D1%26fc%3D1920%26brdim%3D0%252C0%252C0%252C0%252C1600%252C0%252C1600%252C1200%252C1600%252C1200%26vis%3D1%26rsz%3D%257C%257Cs%257C%26abl%3DNS%26fu%3D128%26bc%3D31%26psd%3DW251bGwsbnVsbCxudWxsLDNd%26ifi%3D3%26uci%3Da!3%26btvi%3D1%26fsb%3D1%26dtd%3D151&adsafe_type=bed&adsafe_jsinfo=,id:101328b1-2f8f-b62f-da1b-fd6fd4977bf5,c:ybnrwe,sl:outOfView,em:true,fr:false,thd:1,mn:jsserver-primary-765c58974b-78k4p,rg:ie,pt:1-5-15,wc:0.0.1600.1200,ac:NaN.NaN.160.600,am:sp,cc:0.0.160.600,piv:0,obst:0,th:0,reas:r,mu:10000,br:c,bru:c,an:n,oam:0,scm:grpm1,mtim:2,mot:0,app:0,maw:0,fm:tZOYNYX+11%7C12%7C131%7C141*.987057-61527764%7C1411%7C1412%7C1413%7C1414%7C1511%7C1512%7C161%7C162,idMap:141*,ex:e2,pl:CV8L.VEBo.0YtC,rmeas:1,rend:0,renddet:na,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:1,tt:rjss,et:12,oid:98340c50-a631-11ee-a067-de31ac6dd47d,v:19.8.466,sp:0,st:0,fwm:0,wr:1600.1200,sr:1600.1200,ov:0 HTTP 302
https://static.adsafeprotected.com/4.js?adContainerId=brand_safety_k5mOZY27BLDpx_AP14eQ-AI&cbFunctionName=goog_wrapCb_k5mOZY27BLDpx_AP14eQ-AI&true_pb=https%3A%2F%2Fstatic.adsafeprotected.com%2Fpassback_160x600.js

130 HTTP transactions
12 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request / Show response
bloxfruitscript.com/
Redirect Chain

http://bloxfruitscript.com/
https://bloxfruitscript.com/

381 KB
42 KB

59ms
37ms

Document
text/html

2606:4700:3034::ac43:b5a5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://bloxfruitscript.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3034::ac43:b5a5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: a1cde121c60065658b9eaa739fcc032ca9093bded8bf58179f65bce07ab759c9

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cache-control: max-age=0
cf-cache-status: DYNAMIC
cf-ray: 83d137632ddfbbc7-FRA
content-encoding: br
content-type: text/html; charset=UTF-8
date: Fri, 29 Dec 2023 10:03:59 GMT
expires: Fri, 29 Dec 2023 10:03:59 GMT
last-modified: Thu, 28 Dec 2023 16:23:41 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xAxncc0Y1oGTkur8JN%2FGK39GC6fd0S6mIIixoNyTM12rnzMXGpSwnQQPMh9HicJ%2Bni%2B4tPR1h479yUg13i8Pesqg45jSih3GQ2jZlM3nedO3oP%2FkLZ1reb8LEGfLCL%2F8nMoSXXZroppckerIzZP6sODU"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: X-Forwarded-Proto,Accept-Encoding,User-Agent

Redirect headers

CF-RAY: 83d13762ed83918f-FRA
Cache-Control: max-age=3600
Connection: keep-alive
Date: Fri, 29 Dec 2023 10:03:59 GMT
Expires: Fri, 29 Dec 2023 11:03:59 GMT
Location: https://bloxfruitscript.com/
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jFcCoyA5d4dtsdHQ%2FCHNRP9EAD1U6LrnnCmS0di7kSSZGYHMDduegr48mtdweBDVagNNJag0I8TV5ViiY9%2Bw5u830ckaUSS4AtJLCIGnOQrplNvm4av0KNeO69IvZr5tlkQ5kTcOcd%2FUM9OFMMZDx9YT"}],"group":"cf-nel","max_age":604800}
Server: cloudflare
Transfer-Encoding: chunked
Vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400

GET
H2 200 css
fonts.googleapis.com/ 4 KB
1 KB 37ms
17ms Stylesheet
text/css 2a00:1450:4001:806::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Lato%3A400%2C700%7CInter%3A700&display=swap

Requested by

Host: bloxfruitscript.com
URL: https://bloxfruitscript.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

607fcc162ec3cac963485dbf55428b75f35dbf3010807cbf9c955228b3e54496

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://bloxfruitscript.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Fri, 29 Dec 2023 10:03:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Fri, 29 Dec 2023 10:03:59 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Fri, 29 Dec 2023 10:03:59 GMT

GET
H2 200 df1feaa26742d97a5ada348af3616d29.css
bloxfruitscript.com/wp-content/cache/min/1/ 272 KB
45 KB 28ms
27ms Stylesheet
text/css 2606:4700:3034::ac43:b5a5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://bloxfruitscript.com/wp-content/cache/min/1/df1feaa26742d97a5ada348af3616d29.css
Requested by: Host: bloxfruitscript.com
URL: https://bloxfruitscript.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3034::ac43:b5a5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 76f31e38c033dd85510fafbab0f869d688f97d2f8b1616b8d72186724b024cd5

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://bloxfruitscript.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Fri, 29 Dec 2023 10:03:59 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 06 Dec 2023 17:53:54 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 150015
vary: X-Forwarded-Proto,Accept-Encoding,User-Agent
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=B1E5iB1keZIT88vA2NQpfvKY4IvTLkKXPqnGXFvwCMyGhJDq3LFJCB0Nfjx1xcf8spIfOILg7QNcMLVk0lRf8NkXpdodIfboKabh813iuJTb0fOo9RqsPmTTsrc5aD%2BfLfPCtkXpulXqkRO956nbixau"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=utf-8
cache-control: public, max-age=31536000
cf-ray: 83d137636e21bbc7-FRA
alt-svc: h3=":443"; ma=86400
expires: Thu, 26 Dec 2024 16:23:44 GMT

GET
H2 200 jquery.min.js Show response
c0.wp.com/c/6.4.2/wp-includes/js/jquery/ 86 KB
29 KB 47ms
13ms Script
application/javascript 192.0.77.37
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://c0.wp.com/c/6.4.2/wp-includes/js/jquery/jquery.min.js

Requested by

Host: bloxfruitscript.com
URL: https://bloxfruitscript.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.37 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

cb6f2d32c49d1c2b25e9ffc9aaafa3f83075346c01bcd4ae6eb187392a4292cf

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://bloxfruitscript.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

x-nc: HIT ams 1
date: Fri, 29 Dec 2023 10:03:59 GMT
content-encoding: br
strict-transport-security: max-age=15552000
last-modified: Mon, 28 Aug 2023 17:14:23 GMT
server: nginx
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
timing-allow-origin: *
alt-svc: h3=":443"; ma=86400, h3=":443"; ma=86400
expires: Sat, 28 Dec 2024 10:03:59 GMT

GET
H2 200 jquery-migrate.min.js Show response
bloxfruitscript.com/wp-content/cache/min/1/c/6.4.2/wp-includes/js/jquery/ 13 KB
5 KB 18ms
18ms Script
application/javascript 2606:4700:3034::ac43:b5a5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://bloxfruitscript.com/wp-content/cache/min/1/c/6.4.2/wp-includes/js/jquery/jquery-migrate.min.js?ver=1701885234
Requested by: Host: bloxfruitscript.com
URL: https://bloxfruitscript.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3034::ac43:b5a5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: a7c3b69070e18da88843ce5865aae332f74fae0ada9c0a6004c6615c9813b4d6

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://bloxfruitscript.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Fri, 29 Dec 2023 10:03:59 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 06 Dec 2023 17:53:54 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 150015
vary: X-Forwarded-Proto,Accept-Encoding,User-Agent
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=RskCh1u1dC7a6AXeiWS3rSpex5cHwbeFoskfwInuYMIyQv29ZqP1SVk9bVeDmQD%2FRusQsAl5euCbYtOJ%2FWvuBGkwmQCbU150fqmNsk4XhmJ3Q8zLpeyw%2BOYrlXbG1YSblU0yVm4W8pleygBezFDR8s8i"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
cache-control: public, max-age=31536000
cf-ray: 83d137638e39bbc7-FRA
alt-svc: h3=":443"; ma=86400
expires: Thu, 26 Dec 2024 16:23:44 GMT

GET
H2 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ 151 KB
51 KB 75ms
55ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-5010780903860877

Requested by

Host: bloxfruitscript.com
URL: https://bloxfruitscript.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f1efa8480d940cd99ca0a02ace31c85ebb5d9c6dadc40c27dbcf8bb52b741778

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://bloxfruitscript.com/
Origin: https://bloxfruitscript.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Fri, 29 Dec 2023 10:03:59 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 51824
x-xss-protection: 0
server: cafe
etag: 4429519259020019391
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Fri, 29 Dec 2023 10:03:59 GMT

GET
H2 200 frontend.min.js Show response
bloxfruitscript.com/wp-content/themes/astra/assets/js/minified/ 20 KB
5 KB 22ms
21ms Script
application/javascript 2606:4700:3034::ac43:b5a5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://bloxfruitscript.com/wp-content/themes/astra/assets/js/minified/frontend.min.js?ver=4.2.1
Requested by: Host: bloxfruitscript.com
URL: https://bloxfruitscript.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3034::ac43:b5a5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 694da45e033114445455ea32bc0448bd950165a0eda0f92e16b9ed32bf5eb493

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://bloxfruitscript.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Fri, 29 Dec 2023 10:03:59 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Sun, 20 Aug 2023 06:53:03 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 2408460
vary: X-Forwarded-Proto,Accept-Encoding,User-Agent
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4nW%2BVWPifKEWMjw9L%2FQs0Czih0mWQ3Qw4kRmzH90LgHsQKafdmMWN%2B3c5TVs%2BF4z4P2MBesWiHzTYAwypA6eqzPnAKD4kJs6tWPvL62HZfe%2FEfnkcjW7BB%2FJA1OwYU3M%2FS0zxjjVshFwcLbYQ4KqyY75"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
cache-control: public, max-age=31536000
cf-ray: 83d137638e3cbbc7-FRA
alt-svc: h3=":443"; ma=86400
expires: Sat, 30 Nov 2024 13:02:59 GMT

GET
H2 200 image-cdn.js Show response
bloxfruitscript.com/wp-content/cache/min/1/wp-content/plugins/jetpack/jetpack_vendor/automattic/jetpack-image-cdn/dist/ 700 B
663 B 20ms
19ms Script
application/javascript 2606:4700:3034::ac43:b5a5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://bloxfruitscript.com/wp-content/cache/min/1/wp-content/plugins/jetpack/jetpack_vendor/automattic/jetpack-image-cdn/dist/image-cdn.js?ver=1689772553
Requested by: Host: bloxfruitscript.com
URL: https://bloxfruitscript.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3034::ac43:b5a5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 272e8dfb7d01bb5be5b39ad5f6742a0ebcf4cdca9a72390f859d89db3bacbc75

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://bloxfruitscript.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Fri, 29 Dec 2023 10:03:59 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 19 Jul 2023 13:15:53 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 324607
vary: X-Forwarded-Proto,Accept-Encoding,User-Agent
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=UordvsphNWPkI%2BecCvmnx952StL%2FZ6I5Z1X9%2Bq6DU%2Bg3IwSAvkUaKNzA9rMuPzAIOsr%2FOh0i%2BcubBoCdHa%2FC7McLZFW8I5eoeYNQyqatXLAblGws4tW%2FFV0FEIJUep7Xr4qO4VNlOX1eRaX%2BfZUXUlbL"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
cache-control: public, max-age=31536000
cf-ray: 83d137638e41bbc7-FRA
alt-svc: h3=":443"; ma=86400
expires: Tue, 24 Dec 2024 15:53:52 GMT

GET
H2 200 copy-the-code.js Show response
bloxfruitscript.com/wp-content/cache/min/1/wp-content/plugins/copy-the-code/assets/js/ 8 KB
3 KB 16ms
16ms Script
application/javascript 2606:4700:3034::ac43:b5a5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://bloxfruitscript.com/wp-content/cache/min/1/wp-content/plugins/copy-the-code/assets/js/copy-the-code.js?ver=1688914169
Requested by: Host: bloxfruitscript.com
URL: https://bloxfruitscript.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3034::ac43:b5a5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4146ef494d6bff41fd2880bbc5359ed6a8e7c552eee3cab9531b83943d98a4f2

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://bloxfruitscript.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Fri, 29 Dec 2023 10:03:59 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Sun, 09 Jul 2023 14:49:29 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 324607
vary: X-Forwarded-Proto,Accept-Encoding,User-Agent
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=laVklSXJdciycr%2B0NRN3E%2BOxe%2FvElOC2owAgjBi%2Fv4o5JSTEyF%2BEWxmjv6BvSxI8bqO9%2Bq96MqnYYjV%2BVT04tUj0fKIweGPqo0ZWd%2BVeOecxBBMev2gyOC1rRLLx9erKSx9hK1opBqjUCTna1tjm3Pnx"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
cache-control: public, max-age=31536000
cf-ray: 83d137638e42bbc7-FRA
alt-svc: h3=":443"; ma=86400
expires: Tue, 24 Dec 2024 15:53:52 GMT

GET
H2 200 e-202352.js Show response
stats.wp.com/ 7 KB
3 KB 40ms
13ms Script
application/javascript 192.0.76.3
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL: https://stats.wp.com/e-202352.js
Requested by: Host: bloxfruitscript.com
URL: https://bloxfruitscript.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.76.3 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software: nginx /
Resource Hash: ca7752fb33cf3a98c0f29bc4eec563112025da4109a0dcc69dabf5f861751258

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://bloxfruitscript.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

x-minify-cache: hit
x-nc: HIT ams
date: Fri, 29 Dec 2023 10:04:00 GMT
content-encoding: br
server: nginx
x-minify: t
etag: W/13576-1684461103136.7104
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
alt-svc: h3=":443"; ma=86400
expires: Wed, 25 Dec 2024 00:35:00 GMT

GET
H3 200 lazyload.min.js Show response
bloxfruitscript.com/wp-content/plugins/wp-rocket/assets/js/lazyload/17.5/ 8 KB
3 KB 27ms
26ms Script
application/javascript 2606:4700:3034::ac43:b5a5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://bloxfruitscript.com/wp-content/plugins/wp-rocket/assets/js/lazyload/17.5/lazyload.min.js
Requested by: Host: bloxfruitscript.com
URL: https://bloxfruitscript.com/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3034::ac43:b5a5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8ceb3992861ed1fda25855c2e500e76842ae0d788405e50e3a9f45df36499cf6

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://bloxfruitscript.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Fri, 29 Dec 2023 10:04:00 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Fri, 06 May 2022 05:06:56 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 3021552
vary: X-Forwarded-Proto,Accept-Encoding,User-Agent
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tzSqV4xqk%2Fivs9E%2F0gwX2p%2FL%2B%2FyDmq7QlZJtVrHKAqdxX1bxAeY8dlaarScpFL0bVUsr1CVmZMYvLYWbGCxSLJT%2Fb4TeyrtMvkHnlwSAm29DZqz0lLQxrNAEqOf5c3QnUCjZOLnUtrHE87MvzmB57nVR"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
cache-control: public, max-age=31536000
cf-ray: 83d13763fedc4d89-FRA
alt-svc: h3=":443"; ma=86400
expires: Sat, 23 Nov 2024 10:44:48 GMT

GET
DATA 200
OK truncated
/ 68 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: cc0c8acdd67ea1499d32049e83b9be486f8f10e518fad4d4ddaa3ca8e5ac6250

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 68 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 30ce41013884ad91288b2598001a775ee8cf40264b9d704ff17ba57aba2acdaf

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 68 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: ef3baefd00d0f3c3887e874241a1d882a8738753c5de311d48b07a38f746fb89

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 69 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: f9ad6189a89fa41bfd756d25eee3c9f779e2278f4d450a5c936d80353b397505

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 68 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 79f3393bbeb1793d9f395848d28b67735cf29ddade9d281d6e46c7f581306490

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 69 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 62a816655d1b8bf20887b55d0b3884828e772f07fc94b9551757b585d5634cdd

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 69 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 4000f7c9069075ac3ab72c0c8ed3039a65fc0f1ad97337fff91d95ce7c2ee773

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 69 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 7b0e825b8984bd8f5fd91845721bc15f55503ffef4bac9f611c53462d67ab54c

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 67 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: d26dfed56b64dcbd94fbd1ae0efe31024acdb33a691b7acb06ff06384b8faeec

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H2 200 S6uyw4BMUTPHjx4wXg.woff2
fonts.gstatic.com/s/lato/v24/ 23 KB
24 KB 28ms
8ms Font
font/woff2 2a00:1450:4001:812::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/lato/v24/S6uyw4BMUTPHjx4wXg.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Lato%3A400%2C700%7CInter%3A700&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

918b7dc3e2e2d015c16ce08b57bcb64d2253bafc1707658f361e72865498e537

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://bloxfruitscript.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Mon, 25 Dec 2023 15:36:20 GMT
x-content-type-options: nosniff
age: 325660
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 23580
x-xss-protection: 0
last-modified: Tue, 02 May 2023 15:17:22 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 24 Dec 2024 15:36:20 GMT

GET
H2 200 S6u9w4BMUTPHh6UVSwiPGQ.woff2
fonts.gstatic.com/s/lato/v24/ 23 KB
23 KB 36ms
16ms Font
font/woff2 2a00:1450:4001:812::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/lato/v24/S6u9w4BMUTPHh6UVSwiPGQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Lato%3A400%2C700%7CInter%3A700&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c447dd7677b419db7b21dbdfc6277c7816a913ffda76fd2e52702df538de0e49

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://bloxfruitscript.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Mon, 25 Dec 2023 14:33:15 GMT
x-content-type-options: nosniff
age: 329445
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 23040
x-xss-protection: 0
last-modified: Tue, 02 May 2023 15:07:25 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 24 Dec 2024 14:33:15 GMT

GET
H2 200 UcCO3FwrK3iLTeHuS_fvQtMwCp50KnMw2boKoduKmMEVuFuYAZ9hiA.woff2
fonts.gstatic.com/s/inter/v13/ 22 KB
22 KB 34ms
14ms Font
font/woff2 2a00:1450:4001:812::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/inter/v13/UcCO3FwrK3iLTeHuS_fvQtMwCp50KnMw2boKoduKmMEVuFuYAZ9hiA.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Lato%3A400%2C700%7CInter%3A700&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7b43cb86a0e63bbb55376b4ea60d8cc9527a1421c367aa09962725e0c5140f5f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://bloxfruitscript.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Tue, 26 Dec 2023 02:55:07 GMT
x-content-type-options: nosniff
age: 284933
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 22904
x-xss-protection: 0
last-modified: Wed, 13 Sep 2023 23:50:43 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 25 Dec 2024 02:55:07 GMT

GET
H3 200 astra.woff
bloxfruitscript.com/wp-content/themes/astra/assets/fonts/ 3 KB
4 KB 24ms
24ms Font
application/x-font-woff 2606:4700:3034::ac43:b5a5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://bloxfruitscript.com/wp-content/themes/astra/assets/fonts/astra.woff
Requested by: Host: bloxfruitscript.com
URL: https://bloxfruitscript.com/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3034::ac43:b5a5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ec7ef7aa5fd1e019f1c26193e95e46d481d4983673936a9dda086705ada6e3d5

Request headers

Referer: https://bloxfruitscript.com/
Origin: https://bloxfruitscript.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Fri, 29 Dec 2023 10:04:00 GMT
cf-cache-status: HIT
last-modified: Sun, 20 Aug 2023 06:53:03 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 1394771
vary: X-Forwarded-Proto,Accept-Encoding,User-Agent
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=AMN%2F03aD1N%2FLOg0enMssp8sczqSV%2BfwgF9%2BudwhbdnAk6Iq%2BaS%2FdacW5wN0tFlR0wE7TJrlmVKGwyfp%2BoqhIn2iC%2F1p5Y7o3xdRP7lfijRW%2BbNj7MoeSSHhYsmmxsdmEeeREnWSCbJ1cSjAQCB4b5ou2"}],"group":"cf-nel","max_age":604800}
content-type: application/x-font-woff
cache-control: max-age=2592000
cf-ray: 83d137642f184d89-FRA
alt-svc: h3=":443"; ma=86400
expires: Fri, 12 Jan 2024 06:37:49 GMT

GET
H2 200 g.gif
pixel.wp.com/ 50 B
177 B 13ms
13ms Image
image/gif 192.0.76.3
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.wp.com/g.gif?v=ext&blog=221435861&post=0&tz=0&srv=bloxfruitscript.com&j=1%3A12.8&host=bloxfruitscript.com&ref=&fcp=0&rand=0.011358520319949772
Requested by: Host: bloxfruitscript.com
URL: https://bloxfruitscript.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.76.3 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software: nginx /
Resource Hash: f3a8992acb9ab911e0fa4ae12f4b85ef8e61008619f13ee51c7a121ff87f63b1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://bloxfruitscript.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

access-control-allow-origin: *
date: Fri, 29 Dec 2023 10:04:00 GMT
cache-control: no-cache
server: nginx
alt-svc: h3=":443"; ma=86400
content-length: 50
content-type: image/gif

GET
H3 200 show_ads_impl_with_ama_fy2021.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202312070101/ 399 KB
135 KB 78ms
64ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202312070101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-5010780903860877&plah=bloxfruitscript.com

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-5010780903860877

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e5abc650a08fc56172358fdfc5e0748949ad5199165b7e5702d43bdba5253fbe

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://bloxfruitscript.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Fri, 29 Dec 2023 10:04:00 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 137960
x-xss-protection: 0
server: cafe
etag: 893234994771976413
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Fri, 29 Dec 2023 10:04:00 GMT

GET
H2 200 zrt_lookup_fy2021.html Show response
googleads.g.doubleclick.net/pagead/html/r20231207/r20190131/ Frame 1CBF 9 KB
4 KB 25ms
6ms Document
text/html 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20231207/r20190131/zrt_lookup_fy2021.html

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-5010780903860877

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

1fc8dfdb8f646e934bf93bc6f793604bb12c6b304c04ac509aa86cdc1a2dbbea

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://bloxfruitscript.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 72862
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4130
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 28 Dec 2023 13:49:38 GMT
etag: 5585625838579639069
expires: Thu, 11 Jan 2024 13:49:38 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 download__1_-removebg-preview.png
i0.wp.com/bloxfruitscript.com/wp-content/uploads/2023/01/ 47 KB
47 KB 46ms
13ms Image
image/webp 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i0.wp.com/bloxfruitscript.com/wp-content/uploads/2023/01/download__1_-removebg-preview.png?w=267&ssl=1

Requested by

Host: bloxfruitscript.com
URL: https://bloxfruitscript.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

i1.wp.com

Software

nginx /

Resource Hash

1f0b0122c3b8a29394f92e6fc389e2600d3f88c6d0f043b97f1e6a6b6965a12b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://bloxfruitscript.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Fri, 29 Dec 2023 10:04:00 GMT
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
content-length: 47656
x-nc: HIT ams 3
last-modified: Wed, 19 Jul 2023 13:46:14 GMT
server: nginx
etag: "aab5dd4053cd6764"
vary: Accept
access-control-allow-methods: GET, HEAD
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=63115200
timing-allow-origin: *
link: <https://bloxfruitscript.com/wp-content/uploads/2023/01/download__1_-removebg-preview.png>; rel="canonical"
expires: Sat, 19 Jul 2025 01:46:14 GMT

GET
H2 200 download.jpg
i0.wp.com/bloxfruitscript.com/wp-content/uploads/2023/12/ 11 KB
11 KB 72ms
40ms Image
image/webp 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i0.wp.com/bloxfruitscript.com/wp-content/uploads/2023/12/download.jpg?fit=300%2C168&ssl=1

Requested by

Host: bloxfruitscript.com
URL: https://bloxfruitscript.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

i1.wp.com

Software

nginx /

Resource Hash

ae9460723a0bb76d58644dae8d616fdd62db774b1df6426845c7520e276cf42e

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://bloxfruitscript.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Fri, 29 Dec 2023 10:04:00 GMT
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
content-length: 11206
x-nc: HIT ams 5
last-modified: Thu, 28 Dec 2023 18:03:42 GMT
server: nginx
etag: "ae1265e155d84e6a"
vary: Accept
access-control-allow-methods: GET, HEAD
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=63115200
timing-allow-origin: *
link: <https://bloxfruitscript.com/wp-content/uploads/2023/12/download.jpg>; rel="canonical"
expires: Sun, 28 Dec 2025 06:03:42 GMT

GET
H2 200 ESP-Universal-Mobile-Script.jpg
i0.wp.com/bloxfruitscript.com/wp-content/uploads/2023/12/ 6 KB
7 KB 72ms
40ms Image
image/webp 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i0.wp.com/bloxfruitscript.com/wp-content/uploads/2023/12/ESP-Universal-Mobile-Script.jpg?w=305&ssl=1

Requested by

Host: bloxfruitscript.com
URL: https://bloxfruitscript.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

i1.wp.com

Software

nginx /

Resource Hash

28abbd7619c91f20fdb865221bb3b87f3b38bdb6965904c58c413123e4bc3fd1

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://bloxfruitscript.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Fri, 29 Dec 2023 10:04:00 GMT
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
content-length: 6350
x-nc: HIT ams 1
last-modified: Thu, 28 Dec 2023 18:49:27 GMT
server: nginx
etag: "439b5e127c8d5647"
vary: Accept
access-control-allow-methods: GET, HEAD
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=63115200
timing-allow-origin: *
link: <https://bloxfruitscript.com/wp-content/uploads/2023/12/ESP-Universal-Mobile-Script.jpg>; rel="canonical"
expires: Sun, 28 Dec 2025 06:49:27 GMT

GET
H2 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame D191 356 KB
83 KB 1062ms
1062ms Document
text/html 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5010780903860877&output=html&adk=1812271804&adf=3025194257&lmt=1703780621&plat=4%3A16%2C9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C41%3A32%2C42%3A32&plas=164x675_l&format=0x0&url=https%3A%2F%2Fbloxfruitscript.com%2F&ea=0&pra=5&wgl=1&easpi=0&asro=0&asiscm=1&aslmt=0.4&asamt=-1&asedf=0&asefa=1&aseiel=1~2~4~6&aslcwct=150&asacwct=25&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1703844240103&bpp=8&bdt=195&idt=172&shv=r20231207&mjsv=m202312070101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=7268847350637&frm=20&pv=2&ga_vid=1753788854.1703844240&ga_sid=1703844240&ga_hid=695921729&ga_fc=0&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31079265%2C31080103%2C44795921%2C95320885&oid=2&pvsid=2470216890726112&tmod=247982195&uas=0&nvt=1&fsapi=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=1&uci=a!1&fsb=1&dtd=188

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202312070101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-5010780903860877&plah=bloxfruitscript.com

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

93db605fdf4f12c9dc772fe141cc764135c6c65cbe03343b6d64145f138081a6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://bloxfruitscript.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 84323
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 29 Dec 2023 10:04:01 GMT
expires: Fri, 29 Dec 2023 10:04:01 GMT
observe-browsing-topics: ?1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame EC5F 120 KB
40 KB 1039ms
1038ms Document
text/html 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5010780903860877&output=html&h=280&adk=697371007&adf=2329691654&pi=t.aa~a.3189099640~rp.4&w=1200&fwrn=4&fwrnh=100&lmt=1703780621&rafmt=1&to=qs&pwprc=3637729518&format=1200x280&url=https%3A%2F%2Fbloxfruitscript.com%2F&ea=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1703844240111&bpp=1&bdt=203&idt=185&shv=r20231207&mjsv=m202312070101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=2&correlator=7268847350637&frm=20&pv=1&ga_vid=1753788854.1703844240&ga_sid=1703844240&ga_hid=695921729&ga_fc=0&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=143&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31079265%2C31080103%2C44795921%2C95320885&oid=2&pvsid=2470216890726112&tmod=247982195&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=a!2&fsb=1&dtd=187

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

cf4cfe9a9025d3ce75775297c0cc278d74ef64677783c8b896c3032b24efdea7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://bloxfruitscript.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 40677
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 29 Dec 2023 10:04:01 GMT
expires: Fri, 29 Dec 2023 10:04:01 GMT
observe-browsing-topics: ?1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 css
fonts.googleapis.com/ Frame EC5F 4 KB
751 B 17ms
16ms Stylesheet
text/css 2a00:1450:4001:806::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto%3A400%2C500

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5010780903860877&output=html&h=280&adk=697371007&adf=2329691654&pi=t.aa~a.3189099640~rp.4&w=1200&fwrn=4&fwrnh=100&lmt=1703780621&rafmt=1&to=qs&pwprc=3637729518&format=1200x280&url=https%3A%2F%2Fbloxfruitscript.com%2F&ea=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1703844240111&bpp=1&bdt=203&idt=185&shv=r20231207&mjsv=m202312070101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=2&correlator=7268847350637&frm=20&pv=1&ga_vid=1753788854.1703844240&ga_sid=1703844240&ga_hid=695921729&ga_fc=0&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=143&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31079265%2C31080103%2C44795921%2C95320885&oid=2&pvsid=2470216890726112&tmod=247982195&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=a!2&fsb=1&dtd=187

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

f8238cdd1cc6032f1c34cf7e559b55a936097f78cc8839628e5cc39a6fc3f390

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Fri, 29 Dec 2023 10:04:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Fri, 29 Dec 2023 08:59:30 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Fri, 29 Dec 2023 10:04:01 GMT

GET
H2 200 load_preloaded_resource_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231207/r20110914/client/ Frame EC5F 2 KB
875 B 29ms
10ms Script
text/javascript 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231207/r20110914/client/load_preloaded_resource_fy2021.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

41d2526e9c4595fc1fc747555bda18a041033a863a9b2ed180e7b5836918facd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Fri, 29 Dec 2023 01:54:19 GMT
content-encoding: br
x-content-type-options: nosniff
age: 29382
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 795
x-xss-protection: 0
server: cafe
etag: 4925184154378345226
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 12 Jan 2024 01:54:19 GMT

GET
H2 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231207/r20110914/ Frame EC5F 23 KB
9 KB 27ms
9ms Script
text/javascript 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231207/r20110914/abg_lite_fy2021.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9844337d0b1b36b45473c8fc27cba7d1c9f8aab2107e23e684b9e1a48e6066b5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 28 Dec 2023 23:00:17 GMT
content-encoding: br
x-content-type-options: nosniff
age: 39824
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9269
x-xss-protection: 0
server: cafe
etag: 11706523405290302210
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 11 Jan 2024 23:00:17 GMT

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231207/r20110914/client/ Frame EC5F 3 KB
1 KB 29ms
11ms Script
text/javascript 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231207/r20110914/client/window_focus_fy2021.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Fri, 29 Dec 2023 09:53:11 GMT
content-encoding: br
x-content-type-options: nosniff
age: 650
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 12 Jan 2024 09:53:11 GMT

GET
H2 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231207/r20110914/client/ Frame EC5F 20 KB
9 KB 26ms
7ms Script
text/javascript 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231207/r20110914/client/qs_click_protection_fy2021.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8d6679c1ce1ac8605f5c410f30d1b06713479732043b75e81130cbe21b60e579

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Fri, 29 Dec 2023 01:54:19 GMT
content-encoding: br
x-content-type-options: nosniff
age: 29382
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8571
x-xss-protection: 0
server: cafe
etag: 5853369240893788875
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 12 Jan 2024 01:54:19 GMT

GET
H2 200 ufs_web_display.js Show response
www.googletagservices.com/activeview/js/current/ Frame EC5F 203 KB
65 KB 36ms
16ms Script
text/javascript 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

566012676f5d43acfea4dc0bc5d9bb2c0805d8775fcdd081b1c895310956829a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Fri, 29 Dec 2023 10:04:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 65731
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1702472459035717"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 29 Dec 2023 10:04:01 GMT

GET
H2 200 f9d9b65dbd646119ce96bad0f484d579.js Show response
www.gstatic.com/mysidia/ Frame EC5F 37 KB
16 KB 29ms
9ms Script
text/javascript 2a00:1450:4001:830::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/f9d9b65dbd646119ce96bad0f484d579.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

457852000f1b85c1d570224fe5aaacc709625fc3bff458ad4e8a35420d21843d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Mon, 25 Dec 2023 13:56:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 331638
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15460
x-xss-protection: 0
last-modified: Thu, 07 Dec 2023 22:13:01 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Sun, 24 Mar 2024 13:56:43 GMT

GET
H2 200 14763004658117789537
tpc.googlesyndication.com/simgad/17393105896654404965/ Frame EC5F 10 KB
10 KB 24ms
14ms Image
image/jpeg 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/17393105896654404965/14763004658117789537?w=600&h=314&tw=1&q=75

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f903b63e45ab643dd70ee8c7865a6b94ca5effc206cd258e54bcbb47a65dce81

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

expires: Wed, 25 Dec 2024 03:29:39 GMT
date: Tue, 26 Dec 2023 03:29:39 GMT
x-content-type-options: nosniff
age: 282862
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 10084
x-xss-protection: 0
last-modified: Wed, 19 Jul 2023 17:19:19 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
allow-fenced-frame-automatic-beacons: true

GET
H2 200 14763004658117789537
tpc.googlesyndication.com/simgad/14970396297974902211/ Frame EC5F 857 B
1 KB 23ms
13ms Image
image/jpeg 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/14970396297974902211/14763004658117789537?w=100&h=100&tw=1&q=75

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5a1187dc69710592986cdab241322adaf3c7576dd0594a5b1b0bd9b15b933eb5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

expires: Tue, 24 Dec 2024 15:58:10 GMT
date: Mon, 25 Dec 2023 15:58:10 GMT
x-content-type-options: nosniff
age: 324351
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 857
x-xss-protection: 0
last-modified: Wed, 19 Jul 2023 17:20:08 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
allow-fenced-frame-automatic-beacons: true

GET
DATA 200
OK truncated
/ Frame EC5F 206 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 1086ac2fd1edef0446f0dce64fce6f9698729116f0240471a7dc945216c14867

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 reactive_library_fy2021.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202312070101/ 160 KB
55 KB 99ms
98ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202312070101/reactive_library_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

2e44128a2911dbcc9031a191b00018005dbde321e10a7c330fa6d603b02a07ec

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://bloxfruitscript.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Fri, 29 Dec 2023 10:04:01 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 56011
x-xss-protection: 0
server: cafe
etag: 9336093937293375424
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=1209600
timing-allow-origin: *
expires: Fri, 29 Dec 2023 10:04:01 GMT

GET
H2 200 KFOlCnqEu92Fr1MmEU9fBBc4.woff2
fonts.gstatic.com/s/roboto/v30/ Frame EC5F 16 KB
16 KB 7ms
6ms Font
font/woff2 2a00:1450:4001:812::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto%3A400%2C500

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b019538234514166ec7665359d097403358f8a4c991901983922fb4d56989f1e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://googleads.g.doubleclick.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Mon, 25 Dec 2023 17:38:05 GMT
x-content-type-options: nosniff
age: 318356
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15920
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:45 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 24 Dec 2024 17:38:05 GMT

GET
H2 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v30/ Frame EC5F 15 KB
15 KB 8ms
7ms Font
font/woff2 2a00:1450:4001:812::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto%3A400%2C500

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://googleads.g.doubleclick.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Tue, 26 Dec 2023 08:54:09 GMT
x-content-type-options: nosniff
age: 263392
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15744
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:48 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 25 Dec 2024 08:54:09 GMT

GET
H3

200

/
www.googleadservices.com/pagead/ar-adview/ Frame EC5F
Redirect Chain

https://googleads.g.doubleclick.net/pagead/adview?ai=CisWskJmOZcfPE9DM1fAP6q6R2Azo8c6EdcWAlLiiEu7jgd6WDhABII_q7ZkBYJXikIKgB6ABrrzQ-CnIAQmpAgUKPBIfkLI-qAMByAPLBKoE3gFP0GgQ4dC3_ummBiYjQ-nQQlUYe0BByyq...
https://www.googleadservices.com/pagead/ar-adview/?nrh={%22debug_key%22:%225138551311735403247%22,%22debug_reporting%22:true,%22destination%22:%22https://shofast.com%22,%22event_report_window%22:%2...

0
0

56ms
41ms

Fetch
text/css

216.58.206.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/ar-adview/?nrh={%22debug_key%22:%225138551311735403247%22,%22debug_reporting%22:true,%22destination%22:%22https://shofast.com%22,%22event_report_window%22:%22259200%22,%22expiry%22:%222592000%22,%22filter_data%22:{%222%22:[%2211258830382%22],%2222%22:[%22true%22],%224%22:[%2212-29%22],%226%22:[%22true%22]},%22priority%22:%22500%22,%22source_event_id%22:%2215404232360559836785%22}&andc=true

Requested by

Host: bloxfruitscript.com
URL: https://bloxfruitscript.com/

Protocol

Server

216.58.206.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lcfraa-aa-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Fri, 29 Dec 2023 10:04:01 GMT
x-content-type-options: nosniff
attribution-reporting-register-source: {"debug_key":"5138551311735403247","debug_reporting":true,"destination":"https://shofast.com","event_report_window":"259200","expiry":"2592000","filter_data":{"2":["11258830382"],"22":["true"],"4":["12-29"],"6":["true"]},"priority":"500","source_event_id":"15404232360559836785"}
server: cafe
content-type: text/css; charset=UTF-8
access-control-allow-origin: https://googleads.g.doubleclick.net
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: private
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 29 Dec 2023 10:04:01 GMT

Redirect headers

content-security-policy: script-src 'none'; object-src 'none'
date: Fri, 29 Dec 2023 10:04:01 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
location: https://www.googleadservices.com/pagead/ar-adview/?nrh={"debug_key":"5138551311735403247","debug_reporting":true,"destination":"https://shofast.com","event_report_window":"259200","expiry":"2592000","filter_data":{"2":["11258830382"],"22":["true"],"4":["12-29"],"6":["true"]},"priority":"500","source_event_id":"15404232360559836785"}&andc=true
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 4220 28 KB
12 KB 1300ms
1299ms Document
text/html 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5010780903860877&output=html&h=600&adk=3221264352&adf=4242688473&pi=t.aa~a.1544306476~rp.4&w=299&fwrn=4&fwrnh=100&lmt=1703780621&rafmt=1&to=qs&pwprc=3637729518&format=299x600&url=https%3A%2F%2Fbloxfruitscript.com%2F&ea=0&fwr=0&pra=3&rpe=1&resp_fmts=4&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1703844241508&bpp=1&bdt=1600&idt=0&shv=r20231207&mjsv=m202312070101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Df3892e151bbd3ba8%3AT%3D1703844240%3ART%3D1703844240%3AS%3DALNI_Ma033ZcpSt4llbqh9ajcvUW4jSlAw&gpic=UID%3D00000ce928b60a4c%3AT%3D1703844240%3ART%3D1703844240%3AS%3DALNI_MaGr1Ep4NojSsdq5MOuLeRB0XJ2Og&prev_fmts=0x0%2C1200x280&nras=3&correlator=7268847350637&frm=20&pv=1&ga_vid=1753788854.1703844240&ga_sid=1703844240&ga_hid=695921729&ga_fc=0&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1100&ady=1807&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31079265%2C31080103%2C44795921%2C95320885&oid=2&psts=AOrYGsm-_0Gk1Y2_NGbi1TEDUqov5nDlrnq6_1dmxgRHGlo01wl7d_WkSg0Zq5lriLZKoZhQMBN5b_PzrLx8tkm6PCm1qX3G&pvsid=2470216890726112&tmod=247982195&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=3&uci=a!3&btvi=1&fsb=1&dtd=151

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0c35d2f70310ffd00409c5a045cd5167e43a0cedad7ee73c4a34c89a5f8e5914

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://bloxfruitscript.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: br
content-length: 12092
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 29 Dec 2023 10:04:02 GMT
observe-browsing-topics: ?1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 gPTZx8Qg5YtqHYATuVEq7wiNXgGYJLmNtV6Q-nRIA0Y.js Show response
pagead2.googlesyndication.com/bg/ Frame 4129 50 KB
19 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/gPTZx8Qg5YtqHYATuVEq7wiNXgGYJLmNtV6Q-nRIA0Y.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

80f4d9c7c420e58b6a1d8013b9512aef088d5e019824b98db55e90fa74480346

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Tue, 26 Dec 2023 13:49:16 GMT
content-encoding: br
x-content-type-options: nosniff
age: 245685
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 19632
x-xss-protection: 0
last-modified: Tue, 28 Nov 2023 18:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 25 Dec 2024 13:49:16 GMT

OPTIONS
H2 204 /
www.googleadservices.com/pagead/ar-adview/ Frame 0
0 61ms
41ms Preflight
text/html 216.58.206.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

216.58.206.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lcfraa-aa-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept: */*
Access-Control-Request-Headers: attribution-reporting-eligible
Access-Control-Request-Method: GET
Origin: https://googleads.g.doubleclick.net
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: attribution-reporting-eligible
access-control-allow-methods: POST, GET, OPTIONS
access-control-allow-origin: https://googleads.g.doubleclick.net
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
content-type: text/html; charset=UTF-8
date: Fri, 29 Dec 2023 10:04:01 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 zrt_lookup_fy2021.html Show response
googleads.g.doubleclick.net/pagead/html/r20231207/r20110914/ Frame ACAC 9 KB
4 KB 7ms
7ms Document
text/html 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20231207/r20110914/zrt_lookup_fy2021.html?fsb=1

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

1fc8dfdb8f646e934bf93bc6f793604bb12c6b304c04ac509aa86cdc1a2dbbea

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://bloxfruitscript.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 20814
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4130
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 29 Dec 2023 04:17:07 GMT
etag: 5585625838579639069
expires: Fri, 12 Jan 2024 04:17:07 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 zrt_lookup_fy2021.html Show response
googleads.g.doubleclick.net/pagead/html/r20231207/r20110914/ Frame B4AB 9 KB
4 KB 6ms
6ms Document
text/html 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20231207/r20110914/zrt_lookup_fy2021.html?fsb=1

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

1fc8dfdb8f646e934bf93bc6f793604bb12c6b304c04ac509aa86cdc1a2dbbea

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://bloxfruitscript.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 20814
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4130
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 29 Dec 2023 04:17:07 GMT
etag: 5585625838579639069
expires: Fri, 12 Jan 2024 04:17:07 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 css2
fonts.googleapis.com/ Frame ACAC 4 KB
671 B 19ms
19ms Stylesheet
text/css 2a00:1450:4001:806::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Roboto:wght@400;700&display=swap

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231207/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

2d0922bd18f06df3c7413fcd6a3f1c5ec9545b4b07b131e362f30df7275fc058

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Fri, 29 Dec 2023 10:04:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Fri, 29 Dec 2023 09:10:27 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Fri, 29 Dec 2023 10:04:01 GMT

GET
H2 200 feedback_grey600_24dp.png
www.gstatic.com/images/icons/material/system/2x/ Frame ACAC 205 B
295 B 11ms
10ms Image
image/png 2a00:1450:4001:830::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gstatic.com/images/icons/material/system/2x/feedback_grey600_24dp.png

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231207/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4d45982f2dc34f36c9045ee46a75a1943666bb7fd64e103cac8c7429e7012840

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 28 Dec 2023 10:12:33 GMT
x-content-type-options: nosniff
age: 85888
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 205
x-xss-protection: 0
last-modified: Thu, 20 Jul 2023 22:48:00 GMT
server: sffe
vary: Origin
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type: image/png
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
expires: Fri, 27 Dec 2024 10:12:33 GMT

GET
H2 200 settings_grey600_24dp.png
www.gstatic.com/images/icons/material/system/2x/ Frame ACAC 604 B
919 B 10ms
9ms Image
image/png 2a00:1450:4001:830::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gstatic.com/images/icons/material/system/2x/settings_grey600_24dp.png

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231207/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5c4a713ee4250851232be9f9f68d41586be39b299528cfc7266e0b0e7e582e1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 28 Dec 2023 01:13:33 GMT
x-content-type-options: nosniff
age: 118228
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 604
x-xss-protection: 0
last-modified: Thu, 20 Jul 2023 22:48:00 GMT
server: sffe
vary: Origin
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type: image/png
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
expires: Fri, 27 Dec 2024 01:13:33 GMT

GET
H2 200 fullscreen_api_adapter_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231207/r20110914/elements/html/ Frame ACAC 16 KB
7 KB 16ms
15ms Script
text/javascript 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231207/r20110914/elements/html/fullscreen_api_adapter_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231207/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

41b43f64c3e5d7f9eca80634429adb1b8e0a1c5e1fe67ad71ec651a991ebfe68

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Fri, 29 Dec 2023 01:54:43 GMT
content-encoding: br
x-content-type-options: nosniff
age: 29358
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6766
x-xss-protection: 0
server: cafe
etag: 14924840246271906451
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 12 Jan 2024 01:54:43 GMT

GET
H2 200 interstitial_ad_frame_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231207/r20110914/elements/html/ Frame ACAC 22 KB
9 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231207/r20110914/elements/html/interstitial_ad_frame_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231207/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

db2bdaad0dc9232fadb3de900bf039a0f356521698f213df1edf601e02a5870d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 28 Dec 2023 10:17:44 GMT
content-encoding: br
x-content-type-options: nosniff
age: 85577
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9210
x-xss-protection: 0
server: cafe
etag: 13914886398874665762
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 11 Jan 2024 10:17:44 GMT

GET
H2 200 e21910fd923a6283b5d44b2382eabc86.js Show response
www.gstatic.com/mysidia/ Frame B4AB 9 KB
4 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:830::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/e21910fd923a6283b5d44b2382eabc86.js?tag=client_fast_engine_2019

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231207/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

27d5ba2175dc395614adb2c69fe9f4bff9abddef3a7c6e3e30a68587f428a37b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Tue, 26 Dec 2023 01:04:19 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 291582
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4064
x-xss-protection: 0
last-modified: Thu, 07 Dec 2023 22:13:01 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Mon, 25 Mar 2024 01:04:19 GMT

GET
H2 200 eca8f43f04ace2cb887c6c133446ca43.js Show response
www.gstatic.com/mysidia/ Frame B4AB 11 KB
5 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:830::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/eca8f43f04ace2cb887c6c133446ca43.js?tag=text/vanilla_highlight_ms

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231207/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a2366f8ceefa49f15dbf946bb02a4cf52b6d2999f71712d3f52e8bd5f56e1988

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Mon, 25 Dec 2023 22:07:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 302192
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4745
x-xss-protection: 0
last-modified: Thu, 07 Dec 2023 22:13:01 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Sun, 24 Mar 2024 22:07:29 GMT

GET
H3 200 css
fonts.googleapis.com/ Frame B4AB 11 KB
1 KB 24ms
24ms Stylesheet
text/css 2a00:1450:4001:806::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Montserrat%3A400%2C500%7CGoogle%20Sans%3A400

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231207/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

e913a8990c885bd71ef289a424530af23b9aa3e431085874a2ed8681d93f95b7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Fri, 29 Dec 2023 10:04:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Fri, 29 Dec 2023 09:43:13 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Fri, 29 Dec 2023 10:04:01 GMT

GET
H2 200 load_preloaded_resource_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231207/r20110914/client/ Frame B4AB 2 KB
856 B 11ms
10ms Script
text/javascript 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231207/r20110914/client/load_preloaded_resource_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231207/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

41d2526e9c4595fc1fc747555bda18a041033a863a9b2ed180e7b5836918facd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Fri, 29 Dec 2023 01:54:19 GMT
content-encoding: br
x-content-type-options: nosniff
age: 29382
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 795
x-xss-protection: 0
server: cafe
etag: 4925184154378345226
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 12 Jan 2024 01:54:19 GMT

GET
H2 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231207/r20110914/ Frame B4AB 23 KB
9 KB 12ms
11ms Script
text/javascript 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231207/r20110914/abg_lite_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231207/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9844337d0b1b36b45473c8fc27cba7d1c9f8aab2107e23e684b9e1a48e6066b5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 28 Dec 2023 23:00:17 GMT
content-encoding: br
x-content-type-options: nosniff
age: 39824
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9269
x-xss-protection: 0
server: cafe
etag: 11706523405290302210
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 11 Jan 2024 23:00:17 GMT

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231207/r20110914/client/ Frame B4AB 3 KB
1 KB 12ms
12ms Script
text/javascript 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231207/r20110914/client/window_focus_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231207/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Fri, 29 Dec 2023 09:53:11 GMT
content-encoding: br
x-content-type-options: nosniff
age: 650
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 12 Jan 2024 09:53:11 GMT

GET
H2 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231207/r20110914/client/ Frame B4AB 20 KB
8 KB 10ms
9ms Script
text/javascript 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231207/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231207/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8d6679c1ce1ac8605f5c410f30d1b06713479732043b75e81130cbe21b60e579

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Fri, 29 Dec 2023 01:54:19 GMT
content-encoding: br
x-content-type-options: nosniff
age: 29382
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8571
x-xss-protection: 0
server: cafe
etag: 5853369240893788875
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 12 Jan 2024 01:54:19 GMT

GET
H2 200 ufs_web_display.js Show response
www.googletagservices.com/activeview/js/current/ Frame B4AB 203 KB
64 KB 20ms
19ms Script
text/javascript 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231207/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

566012676f5d43acfea4dc0bc5d9bb2c0805d8775fcdd081b1c895310956829a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Fri, 29 Dec 2023 10:04:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 65731
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1702472459035717"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 29 Dec 2023 10:04:01 GMT

GET
H2 200 f9d9b65dbd646119ce96bad0f484d579.js Show response
www.gstatic.com/mysidia/ Frame B4AB 37 KB
15 KB 9ms
8ms Script
text/javascript 2a00:1450:4001:830::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/f9d9b65dbd646119ce96bad0f484d579.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231207/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

457852000f1b85c1d570224fe5aaacc709625fc3bff458ad4e8a35420d21843d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Mon, 25 Dec 2023 13:56:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 331638
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15460
x-xss-protection: 0
last-modified: Thu, 07 Dec 2023 22:13:01 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Sun, 24 Mar 2024 13:56:43 GMT

GET
H3 200 s Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 8438 143 B
166 B 6ms
6ms Document
text/html 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231207/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/html/r20231207/r20110914/zrt_lookup_fy2021.html?fsb=1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 2064
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=3600
content-encoding: gzip
content-length: 145
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 29 Dec 2023 09:29:38 GMT
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 css
fonts.googleapis.com/ Frame EB18 11 KB
1 KB 14ms
14ms Stylesheet
text/css 2a00:1450:4001:806::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Montserrat%3A400%2C500%7CGoogle%20Sans%3A400

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231207/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

e913a8990c885bd71ef289a424530af23b9aa3e431085874a2ed8681d93f95b7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Fri, 29 Dec 2023 10:04:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Fri, 29 Dec 2023 08:19:30 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Fri, 29 Dec 2023 10:04:01 GMT

GET
H2 200 load_preloaded_resource_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231207/r20110914/client/ Frame EB18 2 KB
856 B 6ms
6ms Script
text/javascript 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231207/r20110914/client/load_preloaded_resource_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231207/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

41d2526e9c4595fc1fc747555bda18a041033a863a9b2ed180e7b5836918facd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Fri, 29 Dec 2023 01:54:19 GMT
content-encoding: br
x-content-type-options: nosniff
age: 29382
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 795
x-xss-protection: 0
server: cafe
etag: 4925184154378345226
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 12 Jan 2024 01:54:19 GMT

GET
H2 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231207/r20110914/ Frame EB18 23 KB
9 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231207/r20110914/abg_lite_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231207/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9844337d0b1b36b45473c8fc27cba7d1c9f8aab2107e23e684b9e1a48e6066b5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 28 Dec 2023 23:00:17 GMT
content-encoding: br
x-content-type-options: nosniff
age: 39824
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9269
x-xss-protection: 0
server: cafe
etag: 11706523405290302210
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 11 Jan 2024 23:00:17 GMT

GET
H3 200 s Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 7497 143 B
166 B 7ms
7ms Document
text/html 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231207/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/html/r20231207/r20110914/zrt_lookup_fy2021.html?fsb=1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 2064
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=3600
content-encoding: gzip
content-length: 145
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 29 Dec 2023 09:29:38 GMT
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231207/r20110914/client/ Frame EB18 3 KB
1 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231207/r20110914/client/window_focus_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231207/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Fri, 29 Dec 2023 09:53:11 GMT
content-encoding: br
x-content-type-options: nosniff
age: 650
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 12 Jan 2024 09:53:11 GMT

GET
H2 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231207/r20110914/client/ Frame EB18 20 KB
8 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231207/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231207/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8d6679c1ce1ac8605f5c410f30d1b06713479732043b75e81130cbe21b60e579

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Fri, 29 Dec 2023 01:54:19 GMT
content-encoding: br
x-content-type-options: nosniff
age: 29382
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8571
x-xss-protection: 0
server: cafe
etag: 5853369240893788875
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 12 Jan 2024 01:54:19 GMT

GET
H3 200 ufs_web_display.js Show response
www.googletagservices.com/activeview/js/current/ Frame EB18 203 KB
64 KB 25ms
25ms Script
text/javascript 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231207/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

566012676f5d43acfea4dc0bc5d9bb2c0805d8775fcdd081b1c895310956829a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Fri, 29 Dec 2023 10:04:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 65731
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1702472459035717"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 29 Dec 2023 10:04:01 GMT

GET
H3 200 f9d9b65dbd646119ce96bad0f484d579.js Show response
www.gstatic.com/mysidia/ Frame EB18 37 KB
15 KB 8ms
8ms Script
text/javascript 2a00:1450:4001:830::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/f9d9b65dbd646119ce96bad0f484d579.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231207/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

457852000f1b85c1d570224fe5aaacc709625fc3bff458ad4e8a35420d21843d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Mon, 25 Dec 2023 13:56:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 331638
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15460
x-xss-protection: 0
last-modified: Thu, 07 Dec 2023 22:13:01 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Sun, 24 Mar 2024 13:56:43 GMT

GET
DATA 200
OK truncated
/ Frame B4AB 215 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: eff10ab2bd198e1dc267b81efed1519ee7b0e6c177c2f5a20262c28833c13910

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 JTUSjIg1_i6t8kCHKm459Wlhyw.woff2
fonts.gstatic.com/s/montserrat/v26/ Frame B4AB 32 KB
32 KB 8ms
8ms Font
font/woff2 2a00:1450:4001:812::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/montserrat/v26/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Montserrat%3A400%2C500%7CGoogle%20Sans%3A400

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

bb2f90081933c0f2475883ca2c5cfee94e96d7314a09433fffc42e37f4cffd3b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://googleads.g.doubleclick.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Mon, 25 Dec 2023 17:34:04 GMT
x-content-type-options: nosniff
age: 318597
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 33092
x-xss-protection: 0
last-modified: Wed, 13 Sep 2023 22:51:58 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 24 Dec 2024 17:34:04 GMT

GET
H3 200 4Ua_rENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RFD48TE63OOYKtrwEIJllpyk.woff2
fonts.gstatic.com/s/googlesans/v58/ Frame B4AB 21 KB
21 KB 7ms
7ms Font
font/woff2 2a00:1450:4001:812::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/googlesans/v58/4Ua_rENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RFD48TE63OOYKtrwEIJllpyk.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Montserrat%3A400%2C500%7CGoogle%20Sans%3A400

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3fd13aa5309882955edefa1157aab289e1542b6cac5b258f7a486ef88ed1d876

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://googleads.g.doubleclick.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 28 Dec 2023 02:51:51 GMT
x-content-type-options: nosniff
age: 112330
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 21360
x-xss-protection: 0
last-modified: Tue, 23 May 2023 16:35:55 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 27 Dec 2024 02:51:51 GMT

GET
H3

200

/
www.googleadservices.com/pagead/ar-adview/ Frame B4AB
Redirect Chain

https://googleads.g.doubleclick.net/pagead/adview?ai=CwB_8kJmOZe3FE6bG1fAP66CO8AyetIb2dPzo6JvcEdrZHhABII_q7ZkBYJXikIKgB6AB84_7qSnIAQGpAgUKPBIfkLI-qAMByAPLBKoE5wFP0KkE-UyG05ovcBF6ws-ok6K-Ti9--5gmRUU...
https://www.googleadservices.com/pagead/ar-adview/?nrh={%22debug_key%22:%2210234732844106524899%22,%22debug_reporting%22:true,%22destination%22:%22https://shofast.com%22,%22event_report_window%22:%...

0
0

42ms
41ms

Fetch
text/css

216.58.206.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/ar-adview/?nrh={%22debug_key%22:%2210234732844106524899%22,%22debug_reporting%22:true,%22destination%22:%22https://shofast.com%22,%22event_report_window%22:%22259200%22,%22expiry%22:%222592000%22,%22filter_data%22:{%222%22:[%2211093854195%22],%2222%22:[%22true%22],%224%22:[%2212-29%22],%226%22:[%22true%22]},%22priority%22:%22500%22,%22source_event_id%22:%2211812281263006235969%22}&andc=true

Requested by

Host: bloxfruitscript.com
URL: https://bloxfruitscript.com/

Protocol

Server

216.58.206.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lcfraa-aa-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Fri, 29 Dec 2023 10:04:02 GMT
x-content-type-options: nosniff
attribution-reporting-register-source: {"debug_key":"10234732844106524899","debug_reporting":true,"destination":"https://shofast.com","event_report_window":"259200","expiry":"2592000","filter_data":{"2":["11093854195"],"22":["true"],"4":["12-29"],"6":["true"]},"priority":"500","source_event_id":"11812281263006235969"}
server: cafe
content-type: text/css; charset=UTF-8
access-control-allow-origin: https://googleads.g.doubleclick.net
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: private
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 29 Dec 2023 10:04:02 GMT

Redirect headers

content-security-policy: script-src 'none'; object-src 'none'
date: Fri, 29 Dec 2023 10:04:02 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
location: https://www.googleadservices.com/pagead/ar-adview/?nrh={"debug_key":"10234732844106524899","debug_reporting":true,"destination":"https://shofast.com","event_report_window":"259200","expiry":"2592000","filter_data":{"2":["11093854195"],"22":["true"],"4":["12-29"],"6":["true"]},"priority":"500","source_event_id":"11812281263006235969"}&andc=true
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H3

200

si Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 8438
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

0
17 B

24ms
23ms

Document
text/html

2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231207/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 29 Dec 2023 10:04:02 GMT
expires: Fri, 29 Dec 2023 10:04:02 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
x-content-type-options: nosniff
x-xss-protection: 0

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 29 Dec 2023 10:04:02 GMT
location: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 gPTZx8Qg5YtqHYATuVEq7wiNXgGYJLmNtV6Q-nRIA0Y.js Show response
pagead2.googlesyndication.com/bg/ Frame 9EAE 50 KB
19 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/gPTZx8Qg5YtqHYATuVEq7wiNXgGYJLmNtV6Q-nRIA0Y.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231207/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

80f4d9c7c420e58b6a1d8013b9512aef088d5e019824b98db55e90fa74480346

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Tue, 26 Dec 2023 13:49:16 GMT
content-encoding: br
x-content-type-options: nosniff
age: 245686
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 19632
x-xss-protection: 0
last-modified: Tue, 28 Nov 2023 18:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 25 Dec 2024 13:49:16 GMT

GET
H3

200

si Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 7497
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

0
17 B

24ms
23ms

Document
text/html

2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231207/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 29 Dec 2023 10:04:02 GMT
expires: Fri, 29 Dec 2023 10:04:02 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
x-content-type-options: nosniff
x-xss-protection: 0

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 29 Dec 2023 10:04:02 GMT
location: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

OPTIONS
H2 204 /
www.googleadservices.com/pagead/ar-adview/ Frame 0
0 41ms
41ms Preflight
text/html 216.58.206.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

216.58.206.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lcfraa-aa-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept: */*
Access-Control-Request-Headers: attribution-reporting-eligible
Access-Control-Request-Method: GET
Origin: https://googleads.g.doubleclick.net
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: attribution-reporting-eligible
access-control-allow-methods: POST, GET, OPTIONS
access-control-allow-origin: https://googleads.g.doubleclick.net
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
content-type: text/html; charset=UTF-8
date: Fri, 29 Dec 2023 10:04:02 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 gPTZx8Qg5YtqHYATuVEq7wiNXgGYJLmNtV6Q-nRIA0Y.js Show response
pagead2.googlesyndication.com/bg/ Frame DCC0 50 KB
19 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/gPTZx8Qg5YtqHYATuVEq7wiNXgGYJLmNtV6Q-nRIA0Y.js

Requested by

Host: bloxfruitscript.com
URL: https://bloxfruitscript.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

80f4d9c7c420e58b6a1d8013b9512aef088d5e019824b98db55e90fa74480346

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Tue, 26 Dec 2023 13:49:16 GMT
content-encoding: br
x-content-type-options: nosniff
age: 245686
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 19632
x-xss-protection: 0
last-modified: Tue, 28 Nov 2023 18:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 25 Dec 2024 13:49:16 GMT

GET
H2 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame EC5F 42 B
174 B 45ms
44ms Fetch
image/gif 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsv9S4k_Sovt-qdsUNQG_MIlPpFiBRP2eFksn2gFR-g6buY2vC3CnLb0ZNswat8wnQMYxAowKASJ0lQtOtSTTa5D7ycCCNPv7vkemS5sa4VPBWj2-NK8Wtnhtl0Xp2_f3uWhOa5TUpwRGOeFl4e39cEVHIr7&sai=AMfl-YTfEOMFaEB3XWgrsbX6_KP-WnDHSa1sIqOVsyncOWmuNen4WPhsQv5yUwlKBvD1xenqQz6XlOYR0PaBTIJ5W_cmd19vQiuUQ6d730zPOiWCD5_t7dOwCptJkGUqR65NA3YqqxK8WhnzAucIjjpxaw&sig=Cg0ArKJSzJPL5g98fOZhEAE&cid=CAQSTwAvHhf_M5mJgvCmb_Il8Bl5tq88v6NhXQctO97YRGL5CvQA07Hr3RmCh5Fqr1VDJSGcsyDJHr67cRAUT3lCvzXGtpdhW3XA6UmJg2mDuckYAQ&id=lidar2&mcvt=1000&p=0,0,280,1200&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20231213&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=22&adk=697371007&rs=2&la=1&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0%3D&vs=4&r=v&rst=1703844240298&rpt=1150&met=mue&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0&io2=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 29 Dec 2023 10:04:02 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame EAE9 624 B
242 B 51ms
49ms Document
text/html 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CNKOMxDkyTkYpq39xAEwAQ&v=APEucNUlcFnkoNQgLVLbr_8QdmVIVWiFkQwc-gX2yY-2rt10rXFZE9T5-zZAvwYHk8BS1cTdQiVPg2fvgH3bobrskV2e9WJOIRLUKFM7ykCI3sEboQLQ5JB0W7Pmzq0GJTfbyLW5P_dE-nTGWkANORpkZes_RWp6hNw0ZySh9SG8T33Apqp_VIY

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5010780903860877&output=html&h=600&adk=3221264352&adf=4242688473&pi=t.aa~a.1544306476~rp.4&w=299&fwrn=4&fwrnh=100&lmt=1703780621&rafmt=1&to=qs&pwprc=3637729518&format=299x600&url=https%3A%2F%2Fbloxfruitscript.com%2F&ea=0&fwr=0&pra=3&rpe=1&resp_fmts=4&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1703844241508&bpp=1&bdt=1600&idt=0&shv=r20231207&mjsv=m202312070101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Df3892e151bbd3ba8%3AT%3D1703844240%3ART%3D1703844240%3AS%3DALNI_Ma033ZcpSt4llbqh9ajcvUW4jSlAw&gpic=UID%3D00000ce928b60a4c%3AT%3D1703844240%3ART%3D1703844240%3AS%3DALNI_MaGr1Ep4NojSsdq5MOuLeRB0XJ2Og&prev_fmts=0x0%2C1200x280&nras=3&correlator=7268847350637&frm=20&pv=1&ga_vid=1753788854.1703844240&ga_sid=1703844240&ga_hid=695921729&ga_fc=0&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1100&ady=1807&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31079265%2C31080103%2C44795921%2C95320885&oid=2&psts=AOrYGsm-_0Gk1Y2_NGbi1TEDUqov5nDlrnq6_1dmxgRHGlo01wl7d_WkSg0Zq5lriLZKoZhQMBN5b_PzrLx8tkm6PCm1qX3G&pvsid=2470216890726112&tmod=247982195&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=3&uci=a!3&btvi=1&fsb=1&dtd=151

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5010780903860877&output=html&h=600&adk=3221264352&adf=4242688473&pi=t.aa~a.1544306476~rp.4&w=299&fwrn=4&fwrnh=100&lmt=1703780621&rafmt=1&to=qs&pwprc=3637729518&format=299x600&url=https%3A%2F%2Fbloxfruitscript.com%2F&ea=0&fwr=0&pra=3&rpe=1&resp_fmts=4&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1703844241508&bpp=1&bdt=1600&idt=0&shv=r20231207&mjsv=m202312070101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Df3892e151bbd3ba8%3AT%3D1703844240%3ART%3D1703844240%3AS%3DALNI_Ma033ZcpSt4llbqh9ajcvUW4jSlAw&gpic=UID%3D00000ce928b60a4c%3AT%3D1703844240%3ART%3D1703844240%3AS%3DALNI_MaGr1Ep4NojSsdq5MOuLeRB0XJ2Og&prev_fmts=0x0%2C1200x280&nras=3&correlator=7268847350637&frm=20&pv=1&ga_vid=1753788854.1703844240&ga_sid=1703844240&ga_hid=695921729&ga_fc=0&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1100&ady=1807&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31079265%2C31080103%2C44795921%2C95320885&oid=2&psts=AOrYGsm-_0Gk1Y2_NGbi1TEDUqov5nDlrnq6_1dmxgRHGlo01wl7d_WkSg0Zq5lriLZKoZhQMBN5b_PzrLx8tkm6PCm1qX3G&pvsid=2470216890726112&tmod=247982195&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=3&uci=a!3&btvi=1&fsb=1&dtd=151
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: br
content-length: 222
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 29 Dec 2023 10:04:03 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 dv3.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame 84AC 89 KB
31 KB 67ms
65ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/dv3.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

38eb0379c855f10a0e69073af6b54582216fa37b7e2b1563a1246bbf1ef49642

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Fri, 29 Dec 2023 10:04:03 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 31485
x-xss-protection: 0
server: cafe
etag: 7119415641918660631
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=600
timing-allow-origin: *
expires: Fri, 29 Dec 2023 10:04:03 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231207/r20110914/client/ Frame 84AC 3 KB
1 KB 8ms
6ms Script
text/javascript 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231207/r20110914/client/window_focus_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Fri, 29 Dec 2023 09:53:11 GMT
content-encoding: br
x-content-type-options: nosniff
age: 651
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 12 Jan 2024 09:53:11 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231207/r20110914/client/ Frame 84AC 20 KB
8 KB 9ms
7ms Script
text/javascript 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231207/r20110914/client/qs_click_protection_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8d6679c1ce1ac8605f5c410f30d1b06713479732043b75e81130cbe21b60e579

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Fri, 29 Dec 2023 01:54:19 GMT
content-encoding: br
x-content-type-options: nosniff
age: 29383
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8571
x-xss-protection: 0
server: cafe
etag: 5853369240893788875
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 12 Jan 2024 01:54:19 GMT

GET
H2 204 l
www.google.com/ads/measurement/ Frame 84AC 0
0 17ms
15ms Image
text/html 2a00:1450:4001:830::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaRPP3Tk_noFfzDowgBdSAdoxr6WueRjKzlHhMpwd57wx-kAB8GFD5mCQXjn1rVolAikWHqP67m1qL0kTHzDR-WT0cIYsg
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5010780903860877&output=html&h=600&adk=3221264352&adf=4242688473&pi=t.aa~a.1544306476~rp.4&w=299&fwrn=4&fwrnh=100&lmt=1703780621&rafmt=1&to=qs&pwprc=3637729518&format=299x600&url=https%3A%2F%2Fbloxfruitscript.com%2F&ea=0&fwr=0&pra=3&rpe=1&resp_fmts=4&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1703844241508&bpp=1&bdt=1600&idt=0&shv=r20231207&mjsv=m202312070101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Df3892e151bbd3ba8%3AT%3D1703844240%3ART%3D1703844240%3AS%3DALNI_Ma033ZcpSt4llbqh9ajcvUW4jSlAw&gpic=UID%3D00000ce928b60a4c%3AT%3D1703844240%3ART%3D1703844240%3AS%3DALNI_MaGr1Ep4NojSsdq5MOuLeRB0XJ2Og&prev_fmts=0x0%2C1200x280&nras=3&correlator=7268847350637&frm=20&pv=1&ga_vid=1753788854.1703844240&ga_sid=1703844240&ga_hid=695921729&ga_fc=0&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1100&ady=1807&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31079265%2C31080103%2C44795921%2C95320885&oid=2&psts=AOrYGsm-_0Gk1Y2_NGbi1TEDUqov5nDlrnq6_1dmxgRHGlo01wl7d_WkSg0Zq5lriLZKoZhQMBN5b_PzrLx8tkm6PCm1qX3G&pvsid=2470216890726112&tmod=247982195&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=3&uci=a!3&btvi=1&fsb=1&dtd=151
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:830::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

GET
H3 200 ufs_web_display.js Show response
www.googletagservices.com/activeview/js/current/ Frame 84AC 203 KB
64 KB 30ms
29ms Script
text/javascript 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

566012676f5d43acfea4dc0bc5d9bb2c0805d8775fcdd081b1c895310956829a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Fri, 29 Dec 2023 10:04:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 65731
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1702472459035717"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 29 Dec 2023 10:04:02 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 84AC 42 B
63 B 42ms
41ms Image
image/gif 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-BTEA0ZfV-zQlY90UcTM_IEIO66ts2y8iC3oi8DxGAVg2S7YrlH034k9CqR4JpWCPgoOCuzO3D3IohgWEGYyQUeYtOBW7dBRDtG0Vc6jA1zes-bPpQ

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 29 Dec 2023 10:04:02 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

rum
dsum-sec.casalemedia.com/ Frame EAE9
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESELHSkmOj9hVz1dShluFk69A&google_cver=1

43 B
335 B

25ms
24ms

Image
image/gif

172.64.151.101
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESELHSkmOj9hVz1dShluFk69A&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CNKOMxDkyTkYpq39xAEwAQ&v=APEucNUlcFnkoNQgLVLbr_8QdmVIVWiFkQwc-gX2yY-2rt10rXFZE9T5-zZAvwYHk8BS1cTdQiVPg2fvgH3bobrskV2e9WJOIRLUKFM7ykCI3sEboQLQ5JB0W7Pmzq0GJTfbyLW5P_dE-nTGWkANORpkZes_RWp6hNw0ZySh9SG8T33Apqp_VIY
Protocol: H2
Server: 172.64.151.101 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 29 Dec 2023 10:04:03 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yOwMV8XyofKpL5laodenf0klDA5tcYeiLwvJrkyazDzUFMcaCfvyibJSsdLrjldvOCsNl4dcfRqm0ckfVQ6bvZq%2B4kTk3h0UjGoZvb%2F4wVQmLb4xEGRxgF5AQ8YIILp1eOiMlLMuTHLtxA%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type: image/gif
cache-control: no-cache
cf-ray: 83d137776bb11ad4-FRA
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

pragma: no-cache
date: Fri, 29 Dec 2023 10:04:03 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESELHSkmOj9hVz1dShluFk69A&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

rum
dsum-sec.casalemedia.com/ Frame EAE9
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZY6Zk8nDyjXm5gSoqSn29wAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESELHSkmOj9hVz1dShluFk69A&google_cver=1

43 B
769 B

38ms
38ms

Image
image/gif

172.64.151.101
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESELHSkmOj9hVz1dShluFk69A&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CNKOMxDkyTkYpq39xAEwAQ&v=APEucNUlcFnkoNQgLVLbr_8QdmVIVWiFkQwc-gX2yY-2rt10rXFZE9T5-zZAvwYHk8BS1cTdQiVPg2fvgH3bobrskV2e9WJOIRLUKFM7ykCI3sEboQLQ5JB0W7Pmzq0GJTfbyLW5P_dE-nTGWkANORpkZes_RWp6hNw0ZySh9SG8T33Apqp_VIY
Protocol: H3
Server: 172.64.151.101 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 29 Dec 2023 10:04:03 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=a%2Fd8Ze6h20%2BRg7WXzdjCeCZnyWeW3QyHoeDZ1yGMlatQQ6Bo00tpWcatx1Z9MuEDo96%2Fxh6%2F2XeijXR1LcqyD2KDdFUay9Yam3eVPHk04vp6h3ktVjVo3JtGRxBHR%2FLKWrX1DSO4dq3g1w%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type: image/gif
cache-control: no-cache
cf-ray: 83d13777ce103651-FRA
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

pragma: no-cache
date: Fri, 29 Dec 2023 10:04:03 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESELHSkmOj9hVz1dShluFk69A&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

setuid
ib.adnxs.com/ Frame EAE9
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESELrrdcowc-mJp-SMFCxiUZo&google_cver=1

43 B
843 B

8ms
8ms

Image
image/gif

37.252.172.123
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/setuid?entity=101&code=CAESELrrdcowc-mJp-SMFCxiUZo&google_cver=1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CNKOMxDkyTkYpq39xAEwAQ&v=APEucNUlcFnkoNQgLVLbr_8QdmVIVWiFkQwc-gX2yY-2rt10rXFZE9T5-zZAvwYHk8BS1cTdQiVPg2fvgH3bobrskV2e9WJOIRLUKFM7ykCI3sEboQLQ5JB0W7Pmzq0GJTfbyLW5P_dE-nTGWkANORpkZes_RWp6hNw0ZySh9SG8T33Apqp_VIY

Protocol

Server

37.252.172.123 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

868.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.23.4 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 29 Dec 2023 10:04:03 GMT
an-x-request-uuid: 15057a96-c187-48f2-97c0-effe2edf18d8
server: nginx/1.23.4
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: image/gif
cache-control: no-store, no-cache, private
x-proxy-origin: 45.141.152.77; 45.141.152.77; 868.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
content-length: 43
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Fri, 29 Dec 2023 10:04:03 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://ib.adnxs.com/setuid?entity=101&code=CAESELrrdcowc-mJp-SMFCxiUZo&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 290
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

pixel
cm.g.doubleclick.net/ Frame EAE9
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NTI4MTAyNjk1MTQyMDYzMzEwMw%3D%3D

170 B
243 B

18ms
18ms

Image
image/png

172.217.16.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NTI4MTAyNjk1MTQyMDYzMzEwMw%3D%3D

Requested by

Protocol

Server

172.217.16.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s08-in-f194.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 29 Dec 2023 10:04:03 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Fri, 29 Dec 2023 10:04:03 GMT
an-x-request-uuid: 00642b51-1406-4770-ac34-6a8a4996be3c
server: nginx/1.23.4
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: text/html; charset=utf-8
access-control-allow-origin: *
cache-control: no-store, no-cache, private
access-control-allow-credentials: true
location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NTI4MTAyNjk1MTQyMDYzMzEwMw%3D%3D
x-proxy-origin: 45.141.152.77; 45.141.152.77; 868.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
content-length: 0
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 84AC 0
20 B 40ms
40ms Ping
image/gif 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=running&ord=7310611787414&version=m202309260101

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 29 Dec 2023 10:04:03 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 84AC 0
20 B 41ms
40ms Ping
image/gif 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tlbr&ord=7310611787414&version=m202309260101&ct=76&x=1&cor=6584385360053936000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 29 Dec 2023 10:04:03 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 84AC 107 KB
41 KB 50ms
50ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-AzOF91--vHN3IOjqCTZvVWug1NLdbcK02_RkSglSN6_np7MRCBzso-bx7gFF4vu7XtpVrscf1E0PADu-1Yk_AathHbk3sn-KhuT30h9l7XmmR_BnkvuFm5oFayyN46bOeUzlCYxKJk7Sfij7JcU_NA74hWE8a-ZX_9bsmX5ccDN2rQJmI&dbm_d=AKAmf-D_nR-I9ZQrc6dNiJ5hVkmNLk3auRPZW-5AeApLOUnuRDwJ_MSFWR0iFb53wuIt7fonuosPFGPVJzyvM9nFc2VyJrq8nZZhwESd1WAfYQvchSANrCo_ysovow7rFIN1eKv-Z3nFQJk4X7hfc4QjYC2heaf8zp5o-L6H58CGwKFPfDBSOc0IRL1ClcEEJhH1DMtDL-WhdwZ2ENuuIOin7t8q2RfZG6rMW0oGJ4u1m9kDFg5mt0126fEsmOCL2GYQbrMDfzaVpTa8a_kaUwTo_vFejED1ODrCXqwMMfePSOu6OGKvQDT-vyKfc5-utCB3-uWFUeNpgT25q8mdvCqtznGp0eG2-Afwpb2_O-vgyyvqvaTUmYsr8wL3bdUYAryWJDzPxYHe2CvQdAcRL_TtYn_by9Kr8WvhxFIGEpUBl_q3eHvtoODvqQ8k3UsvT1X9X4pfg2iQfeDu8xVGOoEzEF1IYQFnBx-UW-em8f5ZdQpO1GZhP925CNYwqUMiH21FQsQjDs8blIIaCW0oxTkfxO6NT5qQ-2zGGnWlKRiNkptf1t38d5ujZ1-3IZ_taEmbntiWEr73huzTn3XR6FjelO81KLlkRVDeSXxW7KGfyU4FE9bqb6CbN_UCCWhK7X4McSDyirSxqYzvM1m_dgGXDJpbD6QEHD98FMzg_aBmLeccAn-Pi9oVZy-FGr5pmo6omJcFBF-M3-H2sZvOd_ClG3ytTouZ90ZEqkzbVSxVvUwWbF76usiEFUTDViIXcPXH6DcYdlwqwEt1DEC4un_PATsxwBYiyL6Wj_kRmHzExXlnUn44QdjeePNkcKJwxXhPQk-z7N8ikr3xIRX4xCSTmtagF7yEYdMFkdl_PzkYlUQN4Z7otseAZnOtwawE3e3xeL2z7eJcV_r5e23yjmgo1xcGDyleXbgl90TrQy3vO-fKhOlkingkBt1YA69Uj9-r1fLcskmZpwJnkCmTHqWfvEcGf0e9Wt-3AtkqFXvbFHp-mKXplb-y1L6ZyWJ6vIaedx1ncUD4G-0RETqHf38ItT067ie_GI_9hJ3C17I2UsPYqCEpShT26bQOodQItGz2gojvmmaBjZWHkWxLaqI7AfQVoHEQeO5fOatzyG7IKtJ2QXYXVcp_QYWpNh_B1XjRzNzg3xoHD6mIdg-Z18QOkCEJJnh17iGOW2Q9PosJsG_2vq_acFUg3pzKTKxo8dj_JsiCNB1uABYxstOgM6ROU12Aglb7ER2PsrpnLFkHY2tM5HvrzxP88JlKVOXQKXuk_G6iVjzjdnTTEuobh-B2p37thIdvehu2U9-kSPybdf_5S5fxL7RFWV_P0gxVn0nxv93sRWyr10kerJ9HEHGdrMCcu7z2iA6ehY8Ge3uw8E2IKRxRBWLltO7ZHp93LP5eVNjhLmbhexjJBhmde437wM5Si8P1j7EvfXk5a5BrnhBN68uroBLhIvl_kpEfWH0e-KhQmIM0cf6qku6zFcay4AZY2myCxYOXfo5XASCF2pNnyFZLXnEIMapq-dNAaZYsTtfENmMs89-hfz5keLLaACyu99XkFHeEySzDxNjjiTOU3jwWRkQe5eRqIL6bdJMobYFGw7XSv7GZWcNmyrVb59q6bFKwNGRa2yXRhXBnYgDib5R0lnRBy103oAcy84oLd5st2Oo-bHn9OeIEGC8abad_rUfcyeBVC-E3xoXrQ9adJmdELLqy5mLjRFzRsznF9aobMNZAHEGjcG3xmBLUeoNxCqRs9da8k2KGyPZlgfbDdbl1uIp3mZnZgcKNGFVFpZ6eULqwDnZzTTDsaAcmB504FGOz4o9kike1ygdakHTyUOdluDJ8n8xWjNsVcKk9CIvS2mpzaT8ZAcbKM0166BsfgiIShX-vdLnYM5vwrsYnDmsEh8maqKMpHpwE7HcfmdDVWpwXmoIqKu21JMrHwTdHGL4PtIzY1G5NnFhEVdiqv5JBAjOYtik-871B4O2rkqpiPi4rg-XtW0CNC7euTZ87kfTDdCQRB1mlAq8thJYgxKKeSbOmJfeYd5cWKToyQdsrQRqCELCw0qPoMWbEvsLupelacKA0FZsyAVMfJbzBBtUQoXO7zdjM9kwvHBqlxK1RnS9yOkM0-KsR9MmT4pYlw4x5FZ2OFshMDsjqiv4dWSQ1ubYwAGIE6SRSJslLyH9_WMSa9dxehFhf1lDyYc9D35Bt9beT9ttLw4KGchMOWalPXc2vDSZ_cZy8yGF3Pwtmit2-N35L6Bi0jYTFsoi1keg5bZN68cm19Lh-BiEVf61W3rFc8Q_AoXcNQCJeyI-SNU_R4whb49T9P0gZcnlzrFajranPz52ZOXAO4s5VF8DE6B_w8wizn7Kf3t7t6jf7oUtzkoYxkbztXB7FXsnSB4Oug89A_Q9s_J6s_8pTiGtbrYXtkAKYZHAkBfZu76miA0NS6Ap4bHUtrJWPjx5v1EpmiJodFV-1ixRKVtkryDzmmH6HXzOBistJVV1S44Im65VxnHUsPPqEe1StjjgXdOMBF_XyeRh_u1aRygv8KX2cMGfXRvVIYcq8V180yy1cLDq_BjS_eQjyptkc3xBDsCzNPJEDAALgwblCcWb7gkkoyt9dGAnzCSbgDQFvcKjv-UK_GVK6Ok-mIQLlaILHtjWIe7bqtu1xshUei7vmFVJwl5Qk7O--wtz8r8T1I3kiSqxdAYu5HvjvD3l8Y-c2-3gYMOB96u6hJeOv7PQV2nlYFeNA2jX2REu6BSoyxCS1kvkc_hBL0dMaV9obTPKzKwk7xSKCYK7MWL_-AJ47xgvocHuGV7HWfgwvJi19Pk1N7OePZ9NRaMcAUTC_mUKPtTwH8p7Hvz39y1kaqn1SCLEySAmnNTVLur5E7KizHd47uzT-mWEfzPz9EAwBn73uvvxrWYs_RhR3oqYkHqbVAG-XxS57PL92hXxAqonLE61b4zaN6Yxdgc3sPJRFvUySNconu8VIgdsJrQ7Jq9I0DPnaW70GrnSsLEqLWaHqehqrpl97PPLRY6SotxWqFH5mORQHU4I4pLkUj35UCBAZKdeC2Z_T11QlFXJch3eYK10Qsuot8K9hr9spCFLxgWCggb7WtW5j5CPs3EZ6b85qRReRSNH8pjqd6rkJyJ0MydUNaR2zPpN45oDJGFgqVE-LpR_iGbwcXLNktfleSQOWz1LRrnO9aV1pcecq4P40Ggaz1XDLPfXd5dqWfy1GJfApmOA5YbyxHd-MfE0I3YUi66LTPKQWlRvLPg5l3raqx7LUwCDRwh7ghkTJdp-ndGJADKZvFdUxYf2QoFLzRleRlvaHcECcaj8UzXMQb6N3svJdw2-KC-ss_cSW_MCWMbMdZjJe-3xrhMt9rdGMKv8stWb1mBqGsnlJdZ1AeCoNfZNj3n-etJva5cyE_0ERWqxntJfGFHizMDC6l441P95rKKmnUCPEO6T46BFQtHo1lYV7mAZtct9P2vpWdXYAqIZYnx9_7C9epd0sAqBVSyvu0PWXXwXUl8X64HqlLviElqgdfxcb7QvwPzYH1LaevJvsM_6tAWJM1jo7aiWy97PA6kC1_uk1VfxlfRDH6-LVdbz06y0_g6nd4vHdTWpDkFrKqhWVOxSXZ3dEGlKzgmaTDSzhBWDuXdU3vrNqrsEmEJxCmRjeZYzKE-m6zhCLJXFgiAIG8Q&cid=CAQSPAAvHhf_H1cYMW06v9n4mQoQFkKVEaLlmydKj5BqN_M370v12zpVWFIai8SqJcbzqvEF7H-BM0DNtKKAYhgB&dv3_ver=m202309260101&rfl=https%3A%2F%2Fbloxfruitscript.com%2F&ds=l&xdt=1&iif=1&cor=6584385360053936000&adk=497053792&idt=73&cac=0&dtd=8

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b7499c39e7c8c0bd63ca74bbf7306b5b0033bd9fe6a25109943a125fcac68f65

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5010780903860877&output=html&h=600&adk=3221264352&adf=4242688473&pi=t.aa~a.1544306476~rp.4&w=299&fwrn=4&fwrnh=100&lmt=1703780621&rafmt=1&to=qs&pwprc=3637729518&format=299x600&url=https%3A%2F%2Fbloxfruitscript.com%2F&ea=0&fwr=0&pra=3&rpe=1&resp_fmts=4&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1703844241508&bpp=1&bdt=1600&idt=0&shv=r20231207&mjsv=m202312070101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Df3892e151bbd3ba8%3AT%3D1703844240%3ART%3D1703844240%3AS%3DALNI_Ma033ZcpSt4llbqh9ajcvUW4jSlAw&gpic=UID%3D00000ce928b60a4c%3AT%3D1703844240%3ART%3D1703844240%3AS%3DALNI_MaGr1Ep4NojSsdq5MOuLeRB0XJ2Og&prev_fmts=0x0%2C1200x280&nras=3&correlator=7268847350637&frm=20&pv=1&ga_vid=1753788854.1703844240&ga_sid=1703844240&ga_hid=695921729&ga_fc=0&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1100&ady=1807&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31079265%2C31080103%2C44795921%2C95320885&oid=2&psts=AOrYGsm-_0Gk1Y2_NGbi1TEDUqov5nDlrnq6_1dmxgRHGlo01wl7d_WkSg0Zq5lriLZKoZhQMBN5b_PzrLx8tkm6PCm1qX3G&pvsid=2470216890726112&tmod=247982195&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=3&uci=a!3&btvi=1&fsb=1&dtd=151
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 29 Dec 2023 10:04:03 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 41693
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 skeleton.js Show response
fw.adsafeprotected.com/rjss/st/987057/61527764/ Frame 84AC 256 KB
77 KB 125ms
32ms Script
application/javascript 99.81.20.211
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://fw.adsafeprotected.com/rjss/st/987057/61527764/skeleton.js?ias_dspID=3&ias_campId=1013380671&ias_pubId=pub-5010780903860877&ias_chanId=1&ias_placementId=20347772140&bidurl=https://bloxfruitscript.com/&ias_dealId=&adsafe_par&ias_impId=v4~~ABAjH0iUYi_6AeiadPaMboOPpvEi
Requested by: Host: bloxfruitscript.com
URL: https://bloxfruitscript.com/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 99.81.20.211 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-99-81-20-211.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: da1652fe44d65f8484559c1ad6f7701080d050c980f38baeec72108345f5d96b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 29 Dec 2023 10:04:03 GMT
content-encoding: gzip
vary: accept-encoding
content-type: application/javascript;charset=utf-8
access-control-allow-origin: fw.adsafeprotected.com
cache-control: no-cache
access-control-allow-credentials: true
expires: Wed, 31 Dec 1969 23:59:59 GMT

GET
H2 200 express_html_inpage_rendering_lib_200_278.js Show response
s0.2mdn.net/879366/ Frame 84AC 111 KB
39 KB 26ms
7ms Script
text/javascript 2a00:1450:4001:812::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_278.js

Requested by

Host: bloxfruitscript.com
URL: https://bloxfruitscript.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1642dd5dc126df4feff2255cba0988528507973d842d0a73331a5873f6b9d4e5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Origin: https://googleads.g.doubleclick.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Fri, 29 Dec 2023 06:30:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 12833
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 39806
x-xss-protection: 0
last-modified: Tue, 14 Mar 2023 18:44:05 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 30 Dec 2023 06:30:10 GMT

GET
H3 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20231207/r20110914/elements/html/ Frame 84AC 11 KB
4 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20231207/r20110914/elements/html/omrhp.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-AzOF91--vHN3IOjqCTZvVWug1NLdbcK02_RkSglSN6_np7MRCBzso-bx7gFF4vu7XtpVrscf1E0PADu-1Yk_AathHbk3sn-KhuT30h9l7XmmR_BnkvuFm5oFayyN46bOeUzlCYxKJk7Sfij7JcU_NA74hWE8a-ZX_9bsmX5ccDN2rQJmI&dbm_d=AKAmf-D_nR-I9ZQrc6dNiJ5hVkmNLk3auRPZW-5AeApLOUnuRDwJ_MSFWR0iFb53wuIt7fonuosPFGPVJzyvM9nFc2VyJrq8nZZhwESd1WAfYQvchSANrCo_ysovow7rFIN1eKv-Z3nFQJk4X7hfc4QjYC2heaf8zp5o-L6H58CGwKFPfDBSOc0IRL1ClcEEJhH1DMtDL-WhdwZ2ENuuIOin7t8q2RfZG6rMW0oGJ4u1m9kDFg5mt0126fEsmOCL2GYQbrMDfzaVpTa8a_kaUwTo_vFejED1ODrCXqwMMfePSOu6OGKvQDT-vyKfc5-utCB3-uWFUeNpgT25q8mdvCqtznGp0eG2-Afwpb2_O-vgyyvqvaTUmYsr8wL3bdUYAryWJDzPxYHe2CvQdAcRL_TtYn_by9Kr8WvhxFIGEpUBl_q3eHvtoODvqQ8k3UsvT1X9X4pfg2iQfeDu8xVGOoEzEF1IYQFnBx-UW-em8f5ZdQpO1GZhP925CNYwqUMiH21FQsQjDs8blIIaCW0oxTkfxO6NT5qQ-2zGGnWlKRiNkptf1t38d5ujZ1-3IZ_taEmbntiWEr73huzTn3XR6FjelO81KLlkRVDeSXxW7KGfyU4FE9bqb6CbN_UCCWhK7X4McSDyirSxqYzvM1m_dgGXDJpbD6QEHD98FMzg_aBmLeccAn-Pi9oVZy-FGr5pmo6omJcFBF-M3-H2sZvOd_ClG3ytTouZ90ZEqkzbVSxVvUwWbF76usiEFUTDViIXcPXH6DcYdlwqwEt1DEC4un_PATsxwBYiyL6Wj_kRmHzExXlnUn44QdjeePNkcKJwxXhPQk-z7N8ikr3xIRX4xCSTmtagF7yEYdMFkdl_PzkYlUQN4Z7otseAZnOtwawE3e3xeL2z7eJcV_r5e23yjmgo1xcGDyleXbgl90TrQy3vO-fKhOlkingkBt1YA69Uj9-r1fLcskmZpwJnkCmTHqWfvEcGf0e9Wt-3AtkqFXvbFHp-mKXplb-y1L6ZyWJ6vIaedx1ncUD4G-0RETqHf38ItT067ie_GI_9hJ3C17I2UsPYqCEpShT26bQOodQItGz2gojvmmaBjZWHkWxLaqI7AfQVoHEQeO5fOatzyG7IKtJ2QXYXVcp_QYWpNh_B1XjRzNzg3xoHD6mIdg-Z18QOkCEJJnh17iGOW2Q9PosJsG_2vq_acFUg3pzKTKxo8dj_JsiCNB1uABYxstOgM6ROU12Aglb7ER2PsrpnLFkHY2tM5HvrzxP88JlKVOXQKXuk_G6iVjzjdnTTEuobh-B2p37thIdvehu2U9-kSPybdf_5S5fxL7RFWV_P0gxVn0nxv93sRWyr10kerJ9HEHGdrMCcu7z2iA6ehY8Ge3uw8E2IKRxRBWLltO7ZHp93LP5eVNjhLmbhexjJBhmde437wM5Si8P1j7EvfXk5a5BrnhBN68uroBLhIvl_kpEfWH0e-KhQmIM0cf6qku6zFcay4AZY2myCxYOXfo5XASCF2pNnyFZLXnEIMapq-dNAaZYsTtfENmMs89-hfz5keLLaACyu99XkFHeEySzDxNjjiTOU3jwWRkQe5eRqIL6bdJMobYFGw7XSv7GZWcNmyrVb59q6bFKwNGRa2yXRhXBnYgDib5R0lnRBy103oAcy84oLd5st2Oo-bHn9OeIEGC8abad_rUfcyeBVC-E3xoXrQ9adJmdELLqy5mLjRFzRsznF9aobMNZAHEGjcG3xmBLUeoNxCqRs9da8k2KGyPZlgfbDdbl1uIp3mZnZgcKNGFVFpZ6eULqwDnZzTTDsaAcmB504FGOz4o9kike1ygdakHTyUOdluDJ8n8xWjNsVcKk9CIvS2mpzaT8ZAcbKM0166BsfgiIShX-vdLnYM5vwrsYnDmsEh8maqKMpHpwE7HcfmdDVWpwXmoIqKu21JMrHwTdHGL4PtIzY1G5NnFhEVdiqv5JBAjOYtik-871B4O2rkqpiPi4rg-XtW0CNC7euTZ87kfTDdCQRB1mlAq8thJYgxKKeSbOmJfeYd5cWKToyQdsrQRqCELCw0qPoMWbEvsLupelacKA0FZsyAVMfJbzBBtUQoXO7zdjM9kwvHBqlxK1RnS9yOkM0-KsR9MmT4pYlw4x5FZ2OFshMDsjqiv4dWSQ1ubYwAGIE6SRSJslLyH9_WMSa9dxehFhf1lDyYc9D35Bt9beT9ttLw4KGchMOWalPXc2vDSZ_cZy8yGF3Pwtmit2-N35L6Bi0jYTFsoi1keg5bZN68cm19Lh-BiEVf61W3rFc8Q_AoXcNQCJeyI-SNU_R4whb49T9P0gZcnlzrFajranPz52ZOXAO4s5VF8DE6B_w8wizn7Kf3t7t6jf7oUtzkoYxkbztXB7FXsnSB4Oug89A_Q9s_J6s_8pTiGtbrYXtkAKYZHAkBfZu76miA0NS6Ap4bHUtrJWPjx5v1EpmiJodFV-1ixRKVtkryDzmmH6HXzOBistJVV1S44Im65VxnHUsPPqEe1StjjgXdOMBF_XyeRh_u1aRygv8KX2cMGfXRvVIYcq8V180yy1cLDq_BjS_eQjyptkc3xBDsCzNPJEDAALgwblCcWb7gkkoyt9dGAnzCSbgDQFvcKjv-UK_GVK6Ok-mIQLlaILHtjWIe7bqtu1xshUei7vmFVJwl5Qk7O--wtz8r8T1I3kiSqxdAYu5HvjvD3l8Y-c2-3gYMOB96u6hJeOv7PQV2nlYFeNA2jX2REu6BSoyxCS1kvkc_hBL0dMaV9obTPKzKwk7xSKCYK7MWL_-AJ47xgvocHuGV7HWfgwvJi19Pk1N7OePZ9NRaMcAUTC_mUKPtTwH8p7Hvz39y1kaqn1SCLEySAmnNTVLur5E7KizHd47uzT-mWEfzPz9EAwBn73uvvxrWYs_RhR3oqYkHqbVAG-XxS57PL92hXxAqonLE61b4zaN6Yxdgc3sPJRFvUySNconu8VIgdsJrQ7Jq9I0DPnaW70GrnSsLEqLWaHqehqrpl97PPLRY6SotxWqFH5mORQHU4I4pLkUj35UCBAZKdeC2Z_T11QlFXJch3eYK10Qsuot8K9hr9spCFLxgWCggb7WtW5j5CPs3EZ6b85qRReRSNH8pjqd6rkJyJ0MydUNaR2zPpN45oDJGFgqVE-LpR_iGbwcXLNktfleSQOWz1LRrnO9aV1pcecq4P40Ggaz1XDLPfXd5dqWfy1GJfApmOA5YbyxHd-MfE0I3YUi66LTPKQWlRvLPg5l3raqx7LUwCDRwh7ghkTJdp-ndGJADKZvFdUxYf2QoFLzRleRlvaHcECcaj8UzXMQb6N3svJdw2-KC-ss_cSW_MCWMbMdZjJe-3xrhMt9rdGMKv8stWb1mBqGsnlJdZ1AeCoNfZNj3n-etJva5cyE_0ERWqxntJfGFHizMDC6l441P95rKKmnUCPEO6T46BFQtHo1lYV7mAZtct9P2vpWdXYAqIZYnx9_7C9epd0sAqBVSyvu0PWXXwXUl8X64HqlLviElqgdfxcb7QvwPzYH1LaevJvsM_6tAWJM1jo7aiWy97PA6kC1_uk1VfxlfRDH6-LVdbz06y0_g6nd4vHdTWpDkFrKqhWVOxSXZ3dEGlKzgmaTDSzhBWDuXdU3vrNqrsEmEJxCmRjeZYzKE-m6zhCLJXFgiAIG8Q&cid=CAQSPAAvHhf_H1cYMW06v9n4mQoQFkKVEaLlmydKj5BqN_M370v12zpVWFIai8SqJcbzqvEF7H-BM0DNtKKAYhgB&dv3_ver=m202309260101&rfl=https%3A%2F%2Fbloxfruitscript.com%2F&ds=l&xdt=1&iif=1&cor=6584385360053936000&adk=497053792&idt=73&cac=0&dtd=8

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

712bf11a3755c81fa1ce57249e7a61f6845b843b84aea09889a11478515234ca

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 28 Dec 2023 21:44:08 GMT
content-encoding: br
x-content-type-options: nosniff
age: 44395
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4206
x-xss-protection: 0
server: cafe
etag: 14415875674906819925
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 11 Jan 2024 21:44:08 GMT

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20231207/r20110914/ Frame 84AC 31 KB
12 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20231207/r20110914/abg_lite.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

565592ede82822decb298ebd1e6f56e9c6a680b1a79cd4208513a834295e4c43

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Fri, 29 Dec 2023 01:43:50 GMT
content-encoding: br
x-content-type-options: nosniff
age: 30013
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11872
x-xss-protection: 0
server: cafe
etag: 16225921609732785849
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 12 Jan 2024 01:43:50 GMT

GET
H3 200 Q12zgMmT.js Show response
tpc.googlesyndication.com/sodar/ Frame 84AC 41 KB
14 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Q12zgMmT.js

Requested by

Host: bloxfruitscript.com
URL: https://bloxfruitscript.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

435db380c9936c0970dcd3d9941eab6aec2fcf2a38c3e2b4e02d957e8e76bd1f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Fri, 22 Dec 2023 18:05:08 GMT
content-encoding: br
x-content-type-options: nosniff
age: 575935
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13937
x-xss-protection: 0
last-modified: Fri, 25 Aug 2023 23:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 21 Dec 2024 18:05:08 GMT

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame BCC0 1 KB
643 B 6ms
6ms Document
text/html 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 3033
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=86400
content-encoding: br
content-length: 618
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 29 Dec 2023 09:13:30 GMT
etag: 48472445140208031
expires: Sat, 30 Dec 2023 09:13:30 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame 84AC 219 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 2115ec740242975e1557d3478b1ada0b67adac83279c97ed7c5d445a492a4a21

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

Content-Type: image/png

GET
H2

200

/
r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/ Frame BCC0
Redirect Chain

https://ad.turn.com/r/cs?pid=3&google_gid=CAESEE077m0N4y0xZRpBRoDhG-o&google_cver=1&google_push=AXcoOmQZDoem1v_M8EGbScLEi10BRX0n2vgWc7mG6mZXtkmQrYy5YaSIv7BD1vy5loWam0oUTGY7xDXC_fGKYxrgIqe1naVyU4rQyg
https://cm.g.doubleclick.net/pixel?google_nid=turn1&google_cm&google_sc&google_hm=NzAwODUzMjkwODA2MTEwMDQ0Ng==&gdpr=&gdpr_consent=
https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?gdpr=&gdpr_consent=&google_gid=CAESEE077m0N4y0xZRpBRoDhG-o&google_cver=1

43 B
398 B

25ms
25ms

Image
image/gif

2001:678:cb4:bbbb::11
AMOBEE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?gdpr=&gdpr_consent=&google_gid=CAESEE077m0N4y0xZRpBRoDhG-o&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5010780903860877&output=html&h=600&adk=3221264352&adf=4242688473&pi=t.aa~a.1544306476~rp.4&w=299&fwrn=4&fwrnh=100&lmt=1703780621&rafmt=1&to=qs&pwprc=3637729518&format=299x600&url=https%3A%2F%2Fbloxfruitscript.com%2F&ea=0&fwr=0&pra=3&rpe=1&resp_fmts=4&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1703844241508&bpp=1&bdt=1600&idt=0&shv=r20231207&mjsv=m202312070101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Df3892e151bbd3ba8%3AT%3D1703844240%3ART%3D1703844240%3AS%3DALNI_Ma033ZcpSt4llbqh9ajcvUW4jSlAw&gpic=UID%3D00000ce928b60a4c%3AT%3D1703844240%3ART%3D1703844240%3AS%3DALNI_MaGr1Ep4NojSsdq5MOuLeRB0XJ2Og&prev_fmts=0x0%2C1200x280&nras=3&correlator=7268847350637&frm=20&pv=1&ga_vid=1753788854.1703844240&ga_sid=1703844240&ga_hid=695921729&ga_fc=0&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1100&ady=1807&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31079265%2C31080103%2C44795921%2C95320885&oid=2&psts=AOrYGsm-_0Gk1Y2_NGbi1TEDUqov5nDlrnq6_1dmxgRHGlo01wl7d_WkSg0Zq5lriLZKoZhQMBN5b_PzrLx8tkm6PCm1qX3G&pvsid=2470216890726112&tmod=247982195&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=3&uci=a!3&btvi=1&fsb=1&dtd=151
Protocol: H2
Server: 2001:678:cb4:bbbb::11 , United Kingdom, ASN56396 (AMOBEE, GB),
Reverse DNS
Software: /
Resource Hash: 48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

content-type: image/gif
pragma: no-cache
date: Fri, 29 Dec 2023 10:04:02 GMT
cache-control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
content-length: 43
p3p: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"

Redirect headers

pragma: no-cache
date: Fri, 29 Dec 2023 10:04:03 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?gdpr=&gdpr_consent=&google_gid=CAESEE077m0N4y0xZRpBRoDhG-o&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 329
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 204 current
dclk-match.dotomi.com/match/bounce/ Frame BCC0 0
104 B 94ms
66ms Image
text/plain 2a02:fa8:8806:13::1370
VCLK-EU-SE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dclk-match.dotomi.com/match/bounce/current?networkId=14000&version=1&google_gid=CAESEF1lD4yYIU-U7ICT96dbWL0&google_cver=1&google_push=AXcoOmSukud3A9H3Y2GOMlvZMDG08LZh1EWameX5dMHQjhOKCxvBV0ZN9hX2I7-AVaE7JE4W50WT-kPJYh3Vb86xHnOS1G5J3CBUhw
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5010780903860877&output=html&h=600&adk=3221264352&adf=4242688473&pi=t.aa~a.1544306476~rp.4&w=299&fwrn=4&fwrnh=100&lmt=1703780621&rafmt=1&to=qs&pwprc=3637729518&format=299x600&url=https%3A%2F%2Fbloxfruitscript.com%2F&ea=0&fwr=0&pra=3&rpe=1&resp_fmts=4&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1703844241508&bpp=1&bdt=1600&idt=0&shv=r20231207&mjsv=m202312070101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Df3892e151bbd3ba8%3AT%3D1703844240%3ART%3D1703844240%3AS%3DALNI_Ma033ZcpSt4llbqh9ajcvUW4jSlAw&gpic=UID%3D00000ce928b60a4c%3AT%3D1703844240%3ART%3D1703844240%3AS%3DALNI_MaGr1Ep4NojSsdq5MOuLeRB0XJ2Og&prev_fmts=0x0%2C1200x280&nras=3&correlator=7268847350637&frm=20&pv=1&ga_vid=1753788854.1703844240&ga_sid=1703844240&ga_hid=695921729&ga_fc=0&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1100&ady=1807&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31079265%2C31080103%2C44795921%2C95320885&oid=2&psts=AOrYGsm-_0Gk1Y2_NGbi1TEDUqov5nDlrnq6_1dmxgRHGlo01wl7d_WkSg0Zq5lriLZKoZhQMBN5b_PzrLx8tkm6PCm1qX3G&pvsid=2470216890726112&tmod=247982195&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=3&uci=a!3&btvi=1&fsb=1&dtd=151
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2a02:fa8:8806:13::1370 , Singapore, ASN41041 (VCLK-EU-SE, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 29 Dec 2023 10:04:03 GMT
cache-control: no-cache, private, max-age=0, no-store
server: nginx
expires: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame BCC0
Redirect Chain

https://gcm.ctnsnet.com/int/cm?exc=1&acc=crimtan&google_gid=CAESENoPKSzHf6Nd-K61t9psAIc&google_cver=1&google_push=AXcoOmTJ-d6Df0ExujURc6BxnbflIPxn_r_jb8tkB2mHEWVvXlamM-9T_bt5j6V-n62ZmlBurvhZKwIecR9...
https://cm.g.doubleclick.net/pixel?google_nid=crimtan&google_push=AXcoOmTJ-d6Df0ExujURc6BxnbflIPxn_r_jb8tkB2mHEWVvXlamM-9T_bt5j6V-n62ZmlBurvhZKwIecR9hkFz0nHDa-SS77YrwGw&google_hm=-R9ylkjRQkuIrH7Jzg...

170 B
188 B

16ms
16ms

Image
image/png

172.217.16.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=crimtan&google_push=AXcoOmTJ-d6Df0ExujURc6BxnbflIPxn_r_jb8tkB2mHEWVvXlamM-9T_bt5j6V-n62ZmlBurvhZKwIecR9hkFz0nHDa-SS77YrwGw&google_hm=-R9ylkjRQkuIrH7JzgaVhU0

Requested by

Protocol

Server

172.217.16.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s08-in-f194.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 29 Dec 2023 10:04:03 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Fri, 29 Dec 2023 10:04:02 GMT
via: 1.1 google
server: Apache-Coyote/1.1
p3p: CP="NOI DSP COR NID CUR OUR NOR"
status: 302
location: https://cm.g.doubleclick.net/pixel?google_nid=crimtan&google_push=AXcoOmTJ-d6Df0ExujURc6BxnbflIPxn_r_jb8tkB2mHEWVvXlamM-9T_bt5j6V-n62ZmlBurvhZKwIecR9hkFz0nHDa-SS77YrwGw&google_hm=-R9ylkjRQkuIrH7JzgaVhU0
content-type: text/html;charset=UTF-8
cache-control: no-cache, must-revalidate
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 1; mode=block
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame BCC0
Redirect Chain

https://ads.travelaudience.com/google_pixel?google_gid=CAESEPzcxb-OnZP0q2txM3t4W9I&google_cver=1&google_push=AXcoOmSPPLFvZ6ZCVxwbV7_OH9iu4EGkQHdQmJjDJBDVZl1Eb8JL_kOWFIAuBbYyyXePZk8pFdfU17gawqmzTjgj...
https://cm.g.doubleclick.net/pixel?google_nid=ta&google_hm=i0nwwt7wSQ0HK_sHT7il7Q&google_push=AXcoOmSPPLFvZ6ZCVxwbV7_OH9iu4EGkQHdQmJjDJBDVZl1Eb8JL_kOWFIAuBbYyyXePZk8pFdfU17gawqmzTjgjA_Q-8A5KWrIP

170 B
188 B

16ms
16ms

Image
image/png

172.217.16.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=ta&google_hm=i0nwwt7wSQ0HK_sHT7il7Q&google_push=AXcoOmSPPLFvZ6ZCVxwbV7_OH9iu4EGkQHdQmJjDJBDVZl1Eb8JL_kOWFIAuBbYyyXePZk8pFdfU17gawqmzTjgjA_Q-8A5KWrIP

Requested by

Protocol

Server

172.217.16.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s08-in-f194.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 29 Dec 2023 10:04:03 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Fri, 29 Dec 2023 10:04:03 GMT
via: 1.1 google
x-engine-version: 0.0.0
server: nginx/1.21.6
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR LAW CUR DEV PSA PSD IVA OUR BUS UNI COM NAV INT CNT LOC"
location: https://cm.g.doubleclick.net/pixel?google_nid=ta&google_hm=i0nwwt7wSQ0HK_sHT7il7Q&google_push=AXcoOmSPPLFvZ6ZCVxwbV7_OH9iu4EGkQHdQmJjDJBDVZl1Eb8JL_kOWFIAuBbYyyXePZk8pFdfU17gawqmzTjgjA_Q-8A5KWrIP
x-host: tde-deliveryengine-production-59dc4ccdb-9ztzr
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame BCC0
Redirect Chain

https://d5p.de17a.com/cookies/google?google_gid=CAESEJPPT8Q7dmSGB2L927r0qJU&google_cver=1&google_push=AXcoOmRLJzRzMc5rfge08DpkgDH0VMGX-RhqRcY5jKqMXs8kiDYVPZOyZ7OC6I9LnVsL8r6dW1C4K5sTd0ecLwxjEi_VmWa...
https://d5p.de17a.com/cookies/google;c?google_gid=CAESEJPPT8Q7dmSGB2L927r0qJU&google_cver=1&google_push=AXcoOmRLJzRzMc5rfge08DpkgDH0VMGX-RhqRcY5jKqMXs8kiDYVPZOyZ7OC6I9LnVsL8r6dW1C4K5sTd0ecLwxjEi_Vm...
https://cm.g.doubleclick.net/pixel?google_nid=delta_projects_ab&google_ula=668382&google_push=AXcoOmRLJzRzMc5rfge08DpkgDH0VMGX-RhqRcY5jKqMXs8kiDYVPZOyZ7OC6I9LnVsL8r6dW1C4K5sTd0ecLwxjEi_VmWaR54EJoA

170 B
188 B

16ms
16ms

Image
image/png

172.217.16.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=delta_projects_ab&google_ula=668382&google_push=AXcoOmRLJzRzMc5rfge08DpkgDH0VMGX-RhqRcY5jKqMXs8kiDYVPZOyZ7OC6I9LnVsL8r6dW1C4K5sTd0ecLwxjEi_VmWaR54EJoA

Requested by

Protocol

Server

172.217.16.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s08-in-f194.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 29 Dec 2023 10:04:03 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=delta_projects_ab&google_ula=668382&google_push=AXcoOmRLJzRzMc5rfge08DpkgDH0VMGX-RhqRcY5jKqMXs8kiDYVPZOyZ7OC6I9LnVsL8r6dW1C4K5sTd0ecLwxjEi_VmWaR54EJoA
content-length: 0
p3p: CP=NON CURa ADMa DEVa TAIa OUR STP IND UNI COM NAV

GET
H2 200 usersync.aspx
dis.criteo.com/dis/ Frame BCC0 43 B
363 B 40ms
13ms Image
image/gif 178.250.1.9
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dis.criteo.com/dis/usersync.aspx?r=4&p=14&cp=google&cu=1&url=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcjp%26google_hm%3D%40%40CRITEO_USERID%40%40%26google_push%3DAXcoOmSwkviuGjdxrjbCOSfCS1ej3JfO8TrXyU9oOZAqSopIQwgbwgqUKiyXHS-irYGS76ZXwZ2riZau5Hnug7LQffP5ck1LqXeg5Q&google_gid=CAESEMnLabaS3eOXqlKayd6O8T4&google_cver=1

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.1.9 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 29 Dec 2023 10:04:02 GMT
x-errorlevel: 0
strict-transport-security: max-age=31536000; preload;
server: Kestrel
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
content-type: image/gif
cache-control: no-cache
cross-origin-resource-policy: cross-origin
server-processing-duration-in-ticks: 219782
expires: Fri, 29 Dec 2023 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame BCC0
Redirect Chain

https://c1.adform.net/serving/cookie/match/?party=1&google_gid=CAESEO1_x9dMtH5AO7cnyYjm6hM&google_cver=1&google_push=AXcoOmRKZq3xcF1bgt6FwdPoCSqIkX5ddtYoZNNrXs11gBe_jRHArP6O9jNHUAD5tj5yODK1ajD2UcWM...
https://c1.adform.net/serving/cookie/match/?CC=1&party=1&google_gid=CAESEO1_x9dMtH5AO7cnyYjm6hM&google_cver=1&google_push=AXcoOmRKZq3xcF1bgt6FwdPoCSqIkX5ddtYoZNNrXs11gBe_jRHArP6O9jNHUAD5tj5yODK1ajD...
https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=MzQzNDU0OTAzOTY0NDExNzE4Mw&google_push=AXcoOmRKZq3xcF1bgt6FwdPoCSqIkX5ddtYoZNNrXs11gBe_jRHArP6O9jNHUAD5tj5yODK1ajD2Uc...

170 B
188 B

17ms
17ms

Image
image/png

172.217.16.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=MzQzNDU0OTAzOTY0NDExNzE4Mw&google_push=AXcoOmRKZq3xcF1bgt6FwdPoCSqIkX5ddtYoZNNrXs11gBe_jRHArP6O9jNHUAD5tj5yODK1ajD2UcWMZIbGfrsPMGH2LXgLHeQE

Requested by

Protocol

Server

172.217.16.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s08-in-f194.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 29 Dec 2023 10:04:03 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Fri, 29 Dec 2023 10:04:03 GMT
strict-transport-security: max-age=31536000; includeSubDomains
server: nginx
accept-ch: Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version
access-control-max-age: 86400
access-control-allow-methods: GET
location: https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=MzQzNDU0OTAzOTY0NDExNzE4Mw&google_push=AXcoOmRKZq3xcF1bgt6FwdPoCSqIkX5ddtYoZNNrXs11gBe_jRHArP6O9jNHUAD5tj5yODK1ajD2UcWMZIbGfrsPMGH2LXgLHeQE
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
content-length: 0
expires: -1

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame BCC0 0
12 B 14ms
13ms Image
text/html 172.217.16.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13IuDLftDKHMveFoP854Fz8siehk4aEPmvXtb-N2eXun-8HB5al2Bx7t2etrnik8ndcZm_P1

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.16.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s08-in-f194.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Fri, 29 Dec 2023 10:04:03 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H3 200 62bHydCX.html Show response
tpc.googlesyndication.com/sodar/ Frame ABDB 38 KB
13 KB 6ms
6ms Document
text/html 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/62bHydCX.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Q12zgMmT.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

eb66c7c9d097d5ba414230f422484c17fa6f37157d30e1ded2cc5f65a9667987

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 260325
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: br
content-length: 13045
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Tue, 26 Dec 2023 09:45:18 GMT
expires: Wed, 25 Dec 2024 09:45:18 GMT
last-modified: Fri, 25 Aug 2023 23:48:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 index.html Show response
s0.2mdn.net/sadbundle/8464527532860307799/ Frame 13D5 153 KB
23 KB 23ms
8ms Document
text/html 2a00:1450:4001:812::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/8464527532860307799/index.html?ev=01_250

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_278.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

59b036fb5e133a03feca939ab701a5eae28842f15573265dc8da1bfd5d100e6b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
age: 287790
allow-fenced-frame-automatic-beacons: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 23802
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
cross-origin-resource-policy: cross-origin
date: Tue, 26 Dec 2023 02:07:33 GMT
expires: Wed, 25 Dec 2024 02:07:33 GMT
last-modified: Wed, 09 Feb 2022 10:28:50 GMT
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-xss-protection: 0

GET
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame 84AC 0
0 73ms
52ms Fetch
image/gif 142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjssoqf1ycrf334fGfajRtP6-L0a1a9fauv26L6-vrl7t0fehFncOPQRarRUJcr2l46xbhH2zMUA1QypIZRitlDL-lU5qwqRANWfEb4pKwNxwseBYPQI_BGntjHAQ7WpYusr22bpSjdQOBpFSQh0JUifChnbG2ByxNSOrGM2xD6qrnuECWEHa2cFMfbP0zTb_DUy0USSlsI9ZYEG0xbwuKs52EDc1NdXJzOzoJzmt5pt0gGgQA7nlQYJQf7RFmKO7K35bxY57WOL6Zq1Kan3UrJa3XMp-l_htk7XP4w9a7WTaZjsLQs8uZYrz16EYlWAk1WDwVitSOTN-jisv4l3HStWhvCqMJzyXucUvesR3pygee-P7hM8gFv2HScJOg49m8ACV1JudqTqvKvfT65Tte3LflWNYS7mevP4PHx-aiH_nbw_II7LiX8l9DKrFQgLlcoyOqydcRjXsTx7W_9qdOXmt0SfBY_1XMb7z7jfTMPY7uGx1HATZw0i500YrO_gxEXnwC2qHqLSbcpvglvWkX44zZj4Xb7C24jMQkzQW6uD4euNTzGgnwwR88LjlwG0SZ12H8BXVvvrdbnzcLBpHLgM12F51s1VtsYDNIgQhXiuF8ol1M3pDgUG7JGwyBFGB0oVw_1iGrQ0TI4gYGad4cwtNAmPkPJOTdzTa1ATGdOp5E74y_mmQqLxeeXYn2pi4WMDNI2ImNiTVEsHjYA0Rd_TE7ytxwqXYTRKbqxR5wJbotdqcGc5hg_jWxJ1SEuV7zuGZ8jyY0wZm_N58lRaxu2awotmO4Mer8Yy19CMZlw3OmZow6Lp5bCE1hjVfnR3y8uoytAU5NhDUeYwocg5fETV3TaRTfa46ENj5miR7gCNlu8zbhgePJpiTj2WBSwd6Lp7A5h3E6OQccZPEgKPjpYOtg9L1ghuBmMtIeLoL5GzIWdySKjtpZotzYrh8-9S2gKtk7cqsQFxqz78d9fKXBnMQxi0BBQYdPMFwas2jdHVi_wq5hQsRgUY4Ny43bnkfiy1wHZcs8S9axqO8jxHK4HGLm2yMoWefqWW_s9g9PKlu8G8DFBeDd3Cbic2F5tline9uMbrs5QKBnlz2zRahlTrLwChwiqmq2BMUL011al2h03ApOTO1jszzBCR19Kizvez00ecocT-xIfwKwSSANaQh1gVcMXzLSwtktop1ulU4lmG6bsbRpfiH_P0taTodC-6Y6qhfrQmiLWD4JspsUbBhNjlLmXOzv68w48vDshyZs2oXqichtbUPVJwi2dxx5YEOnRC_HjbYM5rMzSn1Mql89MV4ZxyPVNriAWzYm_3bVpgu55qe8Pe_mQf9YC_al4qQkhea-tatyqx7zMB1z00X6bpxTgAFW79zzElE9BGplGaos5AposbGpXqH2A8Xb_iGe8MqnnCyR21ceXOssA&sai=AMfl-YQa1JZ5KqDMuSBQ3Lz8g2daUIPocyW267fTkpQnf4UWMtN4QiDP1b7H3OnbPcwZYjuQHInz5o525NU8jY2BvSYnUYQrPXBxMCH8r0f-F4fYpukZ9y4kLE9t8fpmDm2F6ezPfE5mYBlVBZh_u3o534kHYi4eFHkItd1Rm1NmkQf19oVWZ_X3xo9iPp9gJpVSJv7THWotpV0-B5N3Ea4eogESfy2rtfJZFJVrCyzv5rStYQk36yVnvdkGvQm7wZmN_1uGrpvyZ_PZ_utCdh_JKEtm7KNESyc&sig=Cg0ArKJSzCXTqIrsEkqlEAE&uach_m=%5BUACH%5D&cry=1&fbs_aeid=%5Bgw_fbsaeid%5D&urlfix=1&omid=0&rm=1&ctpt=43&cbvp=1&cstd=42&cisv=r20231207.38821&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&arae=0&ftch=1&adurl=

Requested by

Host: bloxfruitscript.com
URL: https://bloxfruitscript.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Fri, 29 Dec 2023 10:04:03 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
content-type: image/gif
cache-control: private
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H3 200 Dtt_-LR3WxpzwV0Gscftq1A_D1owstvxoTnWWhwY4Ow.js Show response
pagead2.googlesyndication.com/bg/ Frame ABDB 39 KB
15 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/Dtt_-LR3WxpzwV0Gscftq1A_D1owstvxoTnWWhwY4Ow.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/62bHydCX.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0edb7ff8b4775b1a73c15d06b1c7edab503f0f5a30b2dbf1a139d65a1c18e0ec

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 28 Dec 2023 15:59:50 GMT
content-encoding: br
x-content-type-options: nosniff
age: 65053
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15165
x-xss-protection: 0
last-modified: Tue, 28 Nov 2023 18:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 27 Dec 2024 15:59:50 GMT

GET
H3 200 DcmEnabler_01_247.js Show response
s0.2mdn.net/879366/ Frame 13D5 29 KB
10 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:812::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/DcmEnabler_01_247.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/8464527532860307799/index.html?ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

467a5b06cb117035f7882e8c71d80e093f04ce586c1ac2b84e7e4adf978edb30

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/8464527532860307799/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Fri, 29 Dec 2023 09:03:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 3631
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 10136
x-xss-protection: 0
last-modified: Mon, 27 Sep 2021 18:45:03 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 30 Dec 2023 09:03:32 GMT

GET
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame 84AC 0
0 45ms
44ms Fetch
image/gif 142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjssoqf1ycrf334fGfajRtP6-L0a1a9fauv26L6-vrl7t0fehFncOPQRarRUJcr2l46xbhH2zMUA1QypIZRitlDL-lU5qwqRANWfEb4pKwNxwseBYPQI_BGntjHAQ7WpYusr22bpSjdQOBpFSQh0JUifChnbG2ByxNSOrGM2xD6qrnuECWEHa2cFMfbP0zTb_DUy0USSlsI9ZYEG0xbwuKs52EDc1NdXJzOzoJzmt5pt0gGgQA7nlQYJQf7RFmKO7K35bxY57WOL6Zq1Kan3UrJa3XMp-l_htk7XP4w9a7WTaZjsLQs8uZYrz16EYlWAk1WDwVitSOTN-jisv4l3HStWhvCqMJzyXucUvesR3pygee-P7hM8gFv2HScJOg49m8ACV1JudqTqvKvfT65Tte3LflWNYS7mevP4PHx-aiH_nbw_II7LiX8l9DKrFQgLlcoyOqydcRjXsTx7W_9qdOXmt0SfBY_1XMb7z7jfTMPY7uGx1HATZw0i500YrO_gxEXnwC2qHqLSbcpvglvWkX44zZj4Xb7C24jMQkzQW6uD4euNTzGgnwwR88LjlwG0SZ12H8BXVvvrdbnzcLBpHLgM12F51s1VtsYDNIgQhXiuF8ol1M3pDgUG7JGwyBFGB0oVw_1iGrQ0TI4gYGad4cwtNAmPkPJOTdzTa1ATGdOp5E74y_mmQqLxeeXYn2pi4WMDNI2ImNiTVEsHjYA0Rd_TE7ytxwqXYTRKbqxR5wJbotdqcGc5hg_jWxJ1SEuV7zuGZ8jyY0wZm_N58lRaxu2awotmO4Mer8Yy19CMZlw3OmZow6Lp5bCE1hjVfnR3y8uoytAU5NhDUeYwocg5fETV3TaRTfa46ENj5miR7gCNlu8zbhgePJpiTj2WBSwd6Lp7A5h3E6OQccZPEgKPjpYOtg9L1ghuBmMtIeLoL5GzIWdySKjtpZotzYrh8-9S2gKtk7cqsQFxqz78d9fKXBnMQxi0BBQYdPMFwas2jdHVi_wq5hQsRgUY4Ny43bnkfiy1wHZcs8S9axqO8jxHK4HGLm2yMoWefqWW_s9g9PKlu8G8DFBeDd3Cbic2F5tline9uMbrs5QKBnlz2zRahlTrLwChwiqmq2BMUL011al2h03ApOTO1jszzBCR19Kizvez00ecocT-xIfwKwSSANaQh1gVcMXzLSwtktop1ulU4lmG6bsbRpfiH_P0taTodC-6Y6qhfrQmiLWD4JspsUbBhNjlLmXOzv68w48vDshyZs2oXqichtbUPVJwi2dxx5YEOnRC_HjbYM5rMzSn1Mql89MV4ZxyPVNriAWzYm_3bVpgu55qe8Pe_mQf9YC_al4qQkhea-tatyqx7zMB1z00X6bpxTgAFW79zzElE9BGplGaos5AposbGpXqH2A8Xb_iGe8MqnnCyR21ceXOssA&sai=AMfl-YQa1JZ5KqDMuSBQ3Lz8g2daUIPocyW267fTkpQnf4UWMtN4QiDP1b7H3OnbPcwZYjuQHInz5o525NU8jY2BvSYnUYQrPXBxMCH8r0f-F4fYpukZ9y4kLE9t8fpmDm2F6ezPfE5mYBlVBZh_u3o534kHYi4eFHkItd1Rm1NmkQf19oVWZ_X3xo9iPp9gJpVSJv7THWotpV0-B5N3Ea4eogESfy2rtfJZFJVrCyzv5rStYQk36yVnvdkGvQm7wZmN_1uGrpvyZ_PZ_utCdh_JKEtm7KNESyc&sig=Cg0ArKJSzCXTqIrsEkqlEAE&uach_m=%5BUACH%5D&cry=1&fbs_aeid=%5Bgw_fbsaeid%5D&urlfix=1&omid=0&rm=1&ctpt=114&vt=11&dtpt=71&dett=3&cstd=42&cisv=r20231207.38821&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&arae=0&ftch=1&adurl=

Requested by

Host: bloxfruitscript.com
URL: https://bloxfruitscript.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Fri, 29 Dec 2023 10:04:03 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame B4AB 42 B
64 B 45ms
45ms Fetch
image/gif 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsvAAZwxEaUTsxBmymMtn-5xPkzo0jg2bKGAvnAER1e8G35kSzNL6KUnuVBQzv_RMo7yqfUSjD9hbAeOA_KvvH-CIs8tfSjnujg1bgSbOcNaiFoMXktcaL7LVrsWxpKghYJmSnG-9rAEseR3hfkNgDDtgMtv&sai=AMfl-YTt2BieBI-LyKzwIDmxHQCS3hGrFGPz-GHNQFmlvJLTPR7JJ8LKaLV4dWmuUf3NNmBcH2u39C6SFpotjxlYtjokQFK0smJf-8IiYrIA7HbM12aItFL2Ut_SsZhTc2fKwLZupGEUPMhBWL8_ofKYug&sig=Cg0ArKJSzBpDRszWcr5uEAE&cid=CAQSTwAvHhf_1722jbaCr9u573rNVskfaRyVWMS968ufeH4O63gNeSY2fD6qF7cG3VeNVhHM1ZA56eO9qQBhSx7HqXTFiTnE3ZzJxfoRV19ZXwMYAQ&id=lidar2&mcvt=1001&p=0,0,124,1005&mtos=97,791,1001,1001,1001&tos=97,694,210,0,0&v=20231213&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=22&adk=1812271801&rs=2&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0%3D&vs=4&r=v&rst=1703844241808&rpt=403&met=mue&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0&io2=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 29 Dec 2023 10:04:03 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 tui_logo_live_happy.svg
s0.2mdn.net/creatives/assets/4364511/ Frame 13D5 6 KB
2 KB 7ms
7ms Image
image/svg+xml 2a00:1450:4001:812::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/creatives/assets/4364511/tui_logo_live_happy.svg

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

854a1cb3bf2ef67e6a303c0ca22cbf1616a6683a1415997646bb2129047a7e1d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/8464527532860307799/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Fri, 29 Dec 2023 09:58:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 325
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2072
x-xss-protection: 0
last-modified: Mon, 08 Nov 2021 07:44:21 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 29 Dec 2023 10:13:38 GMT

GET
H3 200 cta_jetzt_buchen.svg
s0.2mdn.net/creatives/assets/4331440/ Frame 13D5 2 KB
1 KB 13ms
12ms Image
image/svg+xml 2a00:1450:4001:812::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/creatives/assets/4331440/cta_jetzt_buchen.svg

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6b9b2b33d50320446996a318fbd7129b3b365e760c44e8acc28031438bb3f8d3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/8464527532860307799/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Fri, 29 Dec 2023 09:58:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 318
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1056
x-xss-protection: 0
last-modified: Wed, 13 Oct 2021 09:19:56 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 29 Dec 2023 10:13:45 GMT

GET
H3 200 logo_flextarif.svg
s0.2mdn.net/creatives/assets/4331440/ Frame 13D5 3 KB
1 KB 12ms
11ms Image
image/svg+xml 2a00:1450:4001:812::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/creatives/assets/4331440/logo_flextarif.svg

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

82df0096488e87333aaa0b7cad6ec583baee19c0d1cf7638e48fb609ed060a79

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/8464527532860307799/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Fri, 29 Dec 2023 09:59:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 279
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1288
x-xss-protection: 0
last-modified: Thu, 21 Oct 2021 13:24:58 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 29 Dec 2023 10:14:24 GMT

GET
H3 200 head2_5line_family.svg
s0.2mdn.net/creatives/assets/4453672/ Frame 13D5 12 KB
3 KB 14ms
13ms Image
image/svg+xml 2a00:1450:4001:812::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/creatives/assets/4453672/head2_5line_family.svg

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6ae81817c90052995774cacf096b367d746225338fcbbdf50031aec87f6165ac

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/8464527532860307799/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Fri, 29 Dec 2023 09:49:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 859
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 3267
x-xss-protection: 0
last-modified: Mon, 07 Feb 2022 08:15:13 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 29 Dec 2023 10:04:44 GMT

GET
H3 200 head1_3line_family.svg
s0.2mdn.net/creatives/assets/4453672/ Frame 13D5 7 KB
2 KB 14ms
14ms Image
image/svg+xml 2a00:1450:4001:812::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/creatives/assets/4453672/head1_3line_family.svg

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ec24c22b9203d16dbd13f6f6898ec8b39c5b2fb7f6ef5571b9f2481bbdb862f8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/8464527532860307799/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Fri, 29 Dec 2023 10:01:50 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 133
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2235
x-xss-protection: 0
last-modified: Mon, 07 Feb 2022 08:15:09 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 29 Dec 2023 10:16:50 GMT

GET
H3 200 160x600_kv_family.jpg
s0.2mdn.net/creatives/assets/4453672/ Frame 13D5 38 KB
38 KB 8ms
8ms Image
image/jpeg 2a00:1450:4001:812::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/creatives/assets/4453672/160x600_kv_family.jpg

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

89f34b3bc1c9a0181dffc795420e5e13874189f4f65c42f1523c882db1516c87

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/8464527532860307799/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Fri, 29 Dec 2023 09:49:41 GMT
x-content-type-options: nosniff
age: 862
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 38489
x-xss-protection: 0
last-modified: Mon, 07 Feb 2022 08:15:03 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 29 Dec 2023 10:04:41 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame ABDB 0
20 B 43ms
43ms Image
image/gif 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=44&t=2&bgai=BVg_Jk5mOZY27BLDpx_AP14eQ-AIAAAAAOAHgBAI&bg=!enmleTbNAAY3kmNgF5I7ADQBe5WfOCMdh2fhq-qP6vfobU7rrfDXMnT6ddcQS3CbvMapAV7AIy2AxdusYjLcsURI8CUnAgAAADhSAAAAAWgBB5kDLa-xctXE0OKp4SvJ3pD5ztNt1xwMsa6JiLQNf-pNMhmEAiR6zW1HgULBpkYRuM240N9VsTEWqvmcbqqg7WEVZ_5U4ef9X0CquPU0A6XoCdx3zKpaAn7TNtpluWbeg5yfxf9QDz5jRFAkrzCsuvjyBOmUM85qr0mrEoC9Aiotr-bx9OUVHCSXXsfZ7RuWrxqrgDXHMIXWKkFotfWZaNAwMDQLQn7jL0dELSj9suMxx3QOQqTP4_CB0SpJchp83AMZq_LbrJjaYd8sM41HXEO_cChVfGqUOO8pXySJNkD9p53Ee3Qi5B6RZk19_876ZWP2c5ywDI3ms-mzbE0xAYn6VHVuf8jb6RzTuG6CsYs6JZPTZlbK6oxV9aW_u42W13MGnSUkrcWQE0L177aKuXec2Ka9Udc6g9yLrUmq0CFMt7KXB8j42bKO9z8MsTAPpAbRiVrzZn7S9ySBTWNBbUfebJnJBafnlbyq2Jq3qlw_NMOBayhDBo2GAxgtIx7THcFaXHf9LoXQyX5CeuQemSc7tuCfBT3thBcBkMq07PRv4aFUvNPWox4e5Lv1f9WUiw_RMtNe0X6RtnJtGWCqmcHINQSEFyhHPtC4ZxNucZSIyp0-32xGH7D0T4a5bpuSd3Ka0B0Aa0SzDgqMiijgsbMunotwf6Qtjg890x_DCWhr6wdpJ1dlPG_x8WR0OH6Crjamf-1DiSYOaoxm6gv14sdKzVm_EsoowBQd-4tyFA7O-jNzK8VSpWFfxdk2DJFkQsfDAN_x-exmhXzx6S0LrhbITJlMCB2R75u6y5OjAZf3_nU-GIWkud3mHpf4fNU4OAQkck6l8eyE9OnH0C5t95k6EPAywaxuuMbIhPdKNS7yUQLjtENRMcsKmaCUtRCXAXD6c96-za2RMMZzpNgEZLg-kloFWqRWUDLmKDpF1Q1lMT_mCzQAQA9bhlNkMADkcXocUZ31nxpj-5BIi1ei2siOHmmudMDmKjyZ6ti3eqOGRTLLao7_nMol75ZJ0zhmV2RQdCNcTh3fjoy47TNjW1l_9F3jjgowIcVvgbUx5nCdjXp2QNyhfVj85i3oc-AiuA

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 29 Dec 2023 10:04:03 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

4.js Show response
static.adsafeprotected.com/ Frame 84AC
Redirect Chain

https://fw.adsafeprotected.com/rfw/st/987057/61527764/4.js?ias_dspID=3&ias_campId=1013380671&ias_pubId=pub-5010780903860877&ias_chanId=1&ias_placementId=20347772140&bidurl=https://bloxfruitscript.c...
https://static.adsafeprotected.com/4.js?adContainerId=brand_safety_k5mOZY27BLDpx_AP14eQ-AI&cbFunctionName=goog_wrapCb_k5mOZY27BLDpx_AP14eQ-AI&true_pb=https%3A%2F%2Fstatic.adsafeprotected.com%2Fpass...

1 KB
1 KB

13ms
12ms

Script
application/javascript

2600:9000:20ab:3400:8:48e:53c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.adsafeprotected.com/4.js?adContainerId=brand_safety_k5mOZY27BLDpx_AP14eQ-AI&cbFunctionName=goog_wrapCb_k5mOZY27BLDpx_AP14eQ-AI&true_pb=https%3A%2F%2Fstatic.adsafeprotected.com%2Fpassback_160x600.js
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5010780903860877&output=html&h=600&adk=3221264352&adf=4242688473&pi=t.aa~a.1544306476~rp.4&w=299&fwrn=4&fwrnh=100&lmt=1703780621&rafmt=1&to=qs&pwprc=3637729518&format=299x600&url=https%3A%2F%2Fbloxfruitscript.com%2F&ea=0&fwr=0&pra=3&rpe=1&resp_fmts=4&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1703844241508&bpp=1&bdt=1600&idt=0&shv=r20231207&mjsv=m202312070101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Df3892e151bbd3ba8%3AT%3D1703844240%3ART%3D1703844240%3AS%3DALNI_Ma033ZcpSt4llbqh9ajcvUW4jSlAw&gpic=UID%3D00000ce928b60a4c%3AT%3D1703844240%3ART%3D1703844240%3AS%3DALNI_MaGr1Ep4NojSsdq5MOuLeRB0XJ2Og&prev_fmts=0x0%2C1200x280&nras=3&correlator=7268847350637&frm=20&pv=1&ga_vid=1753788854.1703844240&ga_sid=1703844240&ga_hid=695921729&ga_fc=0&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1100&ady=1807&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31079265%2C31080103%2C44795921%2C95320885&oid=2&psts=AOrYGsm-_0Gk1Y2_NGbi1TEDUqov5nDlrnq6_1dmxgRHGlo01wl7d_WkSg0Zq5lriLZKoZhQMBN5b_PzrLx8tkm6PCm1qX3G&pvsid=2470216890726112&tmod=247982195&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=3&uci=a!3&btvi=1&fsb=1&dtd=151
Protocol: H2
Server: 2600:9000:20ab:3400:8:48e:53c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 27564fe0e5a95c61c9fbd45ecdb0a0a640fbb320bb64a54f3307a52fe96f86e4

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Sat, 23 Dec 2023 01:02:50 GMT
x-amz-version-id: vKEhI2DDF7x4y1d6KCleNAEq1uB6J8K1
content-encoding: gzip
via: 1.1 702b555619c53ec5f8f56dfeed61c334.cloudfront.net (CloudFront)
x-amz-cf-pop: AMS58-P3
age: 550873
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
last-modified: Wed, 13 Dec 2023 19:37:39 GMT
server: AmazonS3
etag: W/"33dffa7df253125904b2f354b5bb5e8d"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=604800
x-amz-cf-id: mLiYC99Cl8Uy4GSkLyN8Jit8fBQ6NNbEkT-roL5zP91gXOCsEpNmkw==

Redirect headers

pragma: no-cache
date: Fri, 29 Dec 2023 10:04:03 GMT
server: nginx
x-server-name: app14.ie.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
location: https://static.adsafeprotected.com/4.js?adContainerId=brand_safety_k5mOZY27BLDpx_AP14eQ-AI&cbFunctionName=goog_wrapCb_k5mOZY27BLDpx_AP14eQ-AI&true_pb=https%3A%2F%2Fstatic.adsafeprotected.com%2Fpassback_160x600.js
cache-control: no-cache
content-length: 0

GET
H2 200 sca.17.6.2.js Show response
static.adsafeprotected.com/ Frame B9E3 91 KB
23 KB 51ms
14ms Script
application/javascript 2600:9000:20ab:3400:8:48e:53c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.adsafeprotected.com/sca.17.6.2.js
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5010780903860877&output=html&h=600&adk=3221264352&adf=4242688473&pi=t.aa~a.1544306476~rp.4&w=299&fwrn=4&fwrnh=100&lmt=1703780621&rafmt=1&to=qs&pwprc=3637729518&format=299x600&url=https%3A%2F%2Fbloxfruitscript.com%2F&ea=0&fwr=0&pra=3&rpe=1&resp_fmts=4&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1703844241508&bpp=1&bdt=1600&idt=0&shv=r20231207&mjsv=m202312070101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Df3892e151bbd3ba8%3AT%3D1703844240%3ART%3D1703844240%3AS%3DALNI_Ma033ZcpSt4llbqh9ajcvUW4jSlAw&gpic=UID%3D00000ce928b60a4c%3AT%3D1703844240%3ART%3D1703844240%3AS%3DALNI_MaGr1Ep4NojSsdq5MOuLeRB0XJ2Og&prev_fmts=0x0%2C1200x280&nras=3&correlator=7268847350637&frm=20&pv=1&ga_vid=1753788854.1703844240&ga_sid=1703844240&ga_hid=695921729&ga_fc=0&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1100&ady=1807&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31079265%2C31080103%2C44795921%2C95320885&oid=2&psts=AOrYGsm-_0Gk1Y2_NGbi1TEDUqov5nDlrnq6_1dmxgRHGlo01wl7d_WkSg0Zq5lriLZKoZhQMBN5b_PzrLx8tkm6PCm1qX3G&pvsid=2470216890726112&tmod=247982195&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=3&uci=a!3&btvi=1&fsb=1&dtd=151
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:20ab:3400:8:48e:53c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 01cee6a7a3f1444680b188ab84052e2b6c85966f53a718d3926135ebcc832ffd

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Mon, 28 Aug 2023 08:07:09 GMT
x-amz-version-id: go8nfBUviNCPCwnrYX1LpMW5hEx3ASGy
content-encoding: gzip
via: 1.1 702b555619c53ec5f8f56dfeed61c334.cloudfront.net (CloudFront)
x-amz-cf-pop: AMS58-P3
age: 10634215
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
last-modified: Tue, 20 Sep 2022 19:21:34 GMT
server: AmazonS3
etag: W/"1f3488247c90bb5de253d3d0cb3b7458"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=315360000
x-amz-cf-id: KmmneJRthhPUGcs4hXemULY_vf3sVJRG_0f5QsZkoxIyqpvUmwEMlA==

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 84AC 43 B
215 B 284ms
93ms Image
image/gif 2600:1f18:1aca:4282:9b2a:61a7:aac6:a228
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=987057&asId=101328b1-2f8f-b62f-da1b-fd6fd4977bf5&tv=%7Bc:ybnrwA,pingTime:-3,time:33,type:v,im:%7BpBlk:27%7D,clog:%5B%7Bpiv:0,vs:o,r:r,w:160,h:600,t:11%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:1,slTimes:%7Bi:0,o:33,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:11,wc:0.0.1600.1200,ac:NaN.NaN.160.600,am:sp,cc:0.0.160.600,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B29~0%5D,as:%5B29~160.600%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:0,fm:tZOYNYX+11%7C12%7C131%7C141*.987057-61527764%7C1411%7C1412%7C1413%7C1414%7C1511%7C1512%7C161%7C162,idMap:141*,rmeas:1,rend:0,renddet:na,siq:12%7D&br=c
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5010780903860877&output=html&h=600&adk=3221264352&adf=4242688473&pi=t.aa~a.1544306476~rp.4&w=299&fwrn=4&fwrnh=100&lmt=1703780621&rafmt=1&to=qs&pwprc=3637729518&format=299x600&url=https%3A%2F%2Fbloxfruitscript.com%2F&ea=0&fwr=0&pra=3&rpe=1&resp_fmts=4&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1703844241508&bpp=1&bdt=1600&idt=0&shv=r20231207&mjsv=m202312070101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Df3892e151bbd3ba8%3AT%3D1703844240%3ART%3D1703844240%3AS%3DALNI_Ma033ZcpSt4llbqh9ajcvUW4jSlAw&gpic=UID%3D00000ce928b60a4c%3AT%3D1703844240%3ART%3D1703844240%3AS%3DALNI_MaGr1Ep4NojSsdq5MOuLeRB0XJ2Og&prev_fmts=0x0%2C1200x280&nras=3&correlator=7268847350637&frm=20&pv=1&ga_vid=1753788854.1703844240&ga_sid=1703844240&ga_hid=695921729&ga_fc=0&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1100&ady=1807&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31079265%2C31080103%2C44795921%2C95320885&oid=2&psts=AOrYGsm-_0Gk1Y2_NGbi1TEDUqov5nDlrnq6_1dmxgRHGlo01wl7d_WkSg0Zq5lriLZKoZhQMBN5b_PzrLx8tkm6PCm1qX3G&pvsid=2470216890726112&tmod=247982195&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=3&uci=a!3&btvi=1&fsb=1&dtd=151
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f18:1aca:4282:9b2a:61a7:aac6:a228 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 29 Dec 2023 10:04:03 GMT
server: nginx
x-server-name: dt01.va.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 84AC 43 B
215 B 283ms
93ms Image
image/gif 2600:1f18:1aca:4282:9b2a:61a7:aac6:a228
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=987057&asId=101328b1-2f8f-b62f-da1b-fd6fd4977bf5&tv=%7Bc:ybnrwA,pingTime:-6,time:33,type:i,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:1,slTimes:%7Bi:0,o:34,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:11,wc:0.0.1600.1200,ac:NaN.NaN.160.600,am:sp,cc:0.0.160.600,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B30~0%5D,as:%5B30~160.600%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:0,fm:tZOYNYX+11%7C12%7C131%7C141*.987057-61527764%7C1411%7C1412%7C1413%7C1414%7C1511%7C1512%7C161%7C162,idMap:141*,rmeas:1,rend:0,renddet:na,siq:12%7D&tpiLookup=ao:bloxfruitscript.com*%2Cgoogleads.g.doubleclick.net*&br=c
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5010780903860877&output=html&h=600&adk=3221264352&adf=4242688473&pi=t.aa~a.1544306476~rp.4&w=299&fwrn=4&fwrnh=100&lmt=1703780621&rafmt=1&to=qs&pwprc=3637729518&format=299x600&url=https%3A%2F%2Fbloxfruitscript.com%2F&ea=0&fwr=0&pra=3&rpe=1&resp_fmts=4&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1703844241508&bpp=1&bdt=1600&idt=0&shv=r20231207&mjsv=m202312070101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Df3892e151bbd3ba8%3AT%3D1703844240%3ART%3D1703844240%3AS%3DALNI_Ma033ZcpSt4llbqh9ajcvUW4jSlAw&gpic=UID%3D00000ce928b60a4c%3AT%3D1703844240%3ART%3D1703844240%3AS%3DALNI_MaGr1Ep4NojSsdq5MOuLeRB0XJ2Og&prev_fmts=0x0%2C1200x280&nras=3&correlator=7268847350637&frm=20&pv=1&ga_vid=1753788854.1703844240&ga_sid=1703844240&ga_hid=695921729&ga_fc=0&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1100&ady=1807&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31079265%2C31080103%2C44795921%2C95320885&oid=2&psts=AOrYGsm-_0Gk1Y2_NGbi1TEDUqov5nDlrnq6_1dmxgRHGlo01wl7d_WkSg0Zq5lriLZKoZhQMBN5b_PzrLx8tkm6PCm1qX3G&pvsid=2470216890726112&tmod=247982195&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=3&uci=a!3&btvi=1&fsb=1&dtd=151
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f18:1aca:4282:9b2a:61a7:aac6:a228 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 29 Dec 2023 10:04:03 GMT
server: nginx
x-server-name: dt06.va.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 84AC 43 B
215 B 282ms
94ms Image
image/gif 2600:1f18:1aca:4282:9b2a:61a7:aac6:a228
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=987057&asId=101328b1-2f8f-b62f-da1b-fd6fd4977bf5&tv=%7Bc:ybnrwE,pingTime:-2,time:37,type:a,im:%7Bsf:0,pom:1,prf:%7BbeA:334,beZ:335,mfA:337,cmA:337,inA:338,inZ:340,prA:340,prZ:343,si:346,poA:347,bl:362,poZ:362,cmZ:362,mfZ:362,loA:368,loZ:370,ltA:371,ltZ:371%7D%7D,sca:%7Bdfp:%7Bdf:4,sz:160.600,dom:div%7D%7D,env:%7Bgca:false,cca:false,gca2:false%7D,clog:%5B%7Bpiv:0,vs:o,r:r,w:160,h:600,t:11%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:1,slTimes:%7Bi:0,o:37,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:11,wc:0.0.1600.1200,ac:NaN.NaN.160.600,am:sp,cc:0.0.160.600,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B33~0%5D,as:%5B33~160.600%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:0,fm:tZOYNYX+11%7C12%7C131%7C141*.987057-61527764%7C1411%7C1412%7C1413%7C1414%7C1511%7C1512%7C161%7C162,idMap:141*,pd:0YtC.internal-nacl-plugin,rmeas:1,rend:0,renddet:na,siq:12,sinceFw:24,readyFired:true%7D&br=c
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5010780903860877&output=html&h=600&adk=3221264352&adf=4242688473&pi=t.aa~a.1544306476~rp.4&w=299&fwrn=4&fwrnh=100&lmt=1703780621&rafmt=1&to=qs&pwprc=3637729518&format=299x600&url=https%3A%2F%2Fbloxfruitscript.com%2F&ea=0&fwr=0&pra=3&rpe=1&resp_fmts=4&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1703844241508&bpp=1&bdt=1600&idt=0&shv=r20231207&mjsv=m202312070101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Df3892e151bbd3ba8%3AT%3D1703844240%3ART%3D1703844240%3AS%3DALNI_Ma033ZcpSt4llbqh9ajcvUW4jSlAw&gpic=UID%3D00000ce928b60a4c%3AT%3D1703844240%3ART%3D1703844240%3AS%3DALNI_MaGr1Ep4NojSsdq5MOuLeRB0XJ2Og&prev_fmts=0x0%2C1200x280&nras=3&correlator=7268847350637&frm=20&pv=1&ga_vid=1753788854.1703844240&ga_sid=1703844240&ga_hid=695921729&ga_fc=0&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1100&ady=1807&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31079265%2C31080103%2C44795921%2C95320885&oid=2&psts=AOrYGsm-_0Gk1Y2_NGbi1TEDUqov5nDlrnq6_1dmxgRHGlo01wl7d_WkSg0Zq5lriLZKoZhQMBN5b_PzrLx8tkm6PCm1qX3G&pvsid=2470216890726112&tmod=247982195&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=3&uci=a!3&btvi=1&fsb=1&dtd=151
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f18:1aca:4282:9b2a:61a7:aac6:a228 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 29 Dec 2023 10:04:03 GMT
server: nginx
x-server-name: dt11.va.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 84AC 43 B
216 B 232ms
92ms Image
image/gif 2600:1f18:1aca:4282:9b2a:61a7:aac6:a228
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=987057&asId=101328b1-2f8f-b62f-da1b-fd6fd4977bf5&tv=%7Bc:ybnrxq,time:85,type:e,im:%7BpWait:4%7D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:1,slTimes:%7Bi:0,o:85,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:11,wc:0.0.1600.1200,ac:NaN.NaN.160.600,am:sp,cc:0.0.160.600,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B81~0%5D,as:%5B81~160.600%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:0,fm:tZOYNYX+11%7C12%7C131%7C141*.987057-61527764%7C1411%7C1412%7C1413%7C1414%7C1511%7C1512%7C161%7C162,idMap:141*,rmeas:1,rend:0,renddet:na,siq:12%7D&br=c
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5010780903860877&output=html&h=600&adk=3221264352&adf=4242688473&pi=t.aa~a.1544306476~rp.4&w=299&fwrn=4&fwrnh=100&lmt=1703780621&rafmt=1&to=qs&pwprc=3637729518&format=299x600&url=https%3A%2F%2Fbloxfruitscript.com%2F&ea=0&fwr=0&pra=3&rpe=1&resp_fmts=4&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1703844241508&bpp=1&bdt=1600&idt=0&shv=r20231207&mjsv=m202312070101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Df3892e151bbd3ba8%3AT%3D1703844240%3ART%3D1703844240%3AS%3DALNI_Ma033ZcpSt4llbqh9ajcvUW4jSlAw&gpic=UID%3D00000ce928b60a4c%3AT%3D1703844240%3ART%3D1703844240%3AS%3DALNI_MaGr1Ep4NojSsdq5MOuLeRB0XJ2Og&prev_fmts=0x0%2C1200x280&nras=3&correlator=7268847350637&frm=20&pv=1&ga_vid=1753788854.1703844240&ga_sid=1703844240&ga_hid=695921729&ga_fc=0&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1100&ady=1807&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31079265%2C31080103%2C44795921%2C95320885&oid=2&psts=AOrYGsm-_0Gk1Y2_NGbi1TEDUqov5nDlrnq6_1dmxgRHGlo01wl7d_WkSg0Zq5lriLZKoZhQMBN5b_PzrLx8tkm6PCm1qX3G&pvsid=2470216890726112&tmod=247982195&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=3&uci=a!3&btvi=1&fsb=1&dtd=151
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f18:1aca:4282:9b2a:61a7:aac6:a228 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 29 Dec 2023 10:04:03 GMT
server: nginx
x-server-name: dt18.va.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 16 KB
12 KB 62ms
62ms XHR
application/json 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20231207&st=env

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

129b6513f093773983aaab0ca154ddc73e8f33bd69667f2aafebe3d5e2fec2d8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://bloxfruitscript.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Fri, 29 Dec 2023 10:04:03 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 12236
x-xss-protection: 0

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 84AC 43 B
215 B 93ms
93ms Image
image/gif 2600:1f18:1aca:4282:9b2a:61a7:aac6:a228
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=987057&asId=101328b1-2f8f-b62f-da1b-fd6fd4977bf5&tv=%7Bc:ybnrBI,pingTime:-10,time:351,type:s,mvn:ZnNjPTEzLHNkPTMsbm89OCxhc3A9MQ--,sd:MTcuNi4ydjEyMDB8fDE2MDB8fDF8fDF8fDI0fHwxMjAwfHwwfHwwfHwxfHxsYW5kc2NhcGUtcHJpbWFyeXx8MjR8fDQvM3x8NC8zfHwwfHwxNjAw,no:MTcuNi4ydk1vemlsbGF8fE5ldHNjYXBlfHxufHxufHwwfHxufHxXaW4zMnx8R2Vja298fDIwMDMwMTA3fHwtNjB8fE1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDEwLjA7IFdpbjY0OyB4NjQpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIENocm9tZS8xMjAuMC42MDk5LjEwOSBTYWZhcmkvNTM3LjM2fHwxfHwxfHxHb29nbGUgSW5jLnx8bg--,ch:n,fsc:17.6.2v222222220002222202222222220222222222202222222220222202000022000220222222220000222202002222202222222220222222220000020022222200022222220200000222200022220002022022022222202002220222022222022220000220200000022220222220222222222222202222222222222222222222222222222222222200000022022020020000002022202022022022222222000000000020222202022022222000000020000000000000000000020220202220000022200222202220022200200222022202220022220222200202222020002200002222022222202222000002002002222222202220022202200022002220222202,asp:1703844243654%7C%7C77a1ee5802eb0e2f54c6a502647d8abe%7C%7Cf5ef61ca1e560a2377dfd6c236fd3eb9%7C%7Cd8251a5efebadf0a5c7e812b5918260a%7C%7C9877243d490eb43e442231efaf40418a%7C%7Cd4e6bee0d185fa2b5264125880d9ba25%7C%7C401d89037e0b9e4b5bde06510969b687%7C%7Cc0ddf97af689dffd908fd96872a46233%7C%7C1663701684,im:%7Bpci:%7Btdr:313%7D,pLoad:321%7D%7D
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f18:1aca:4282:9b2a:61a7:aac6:a228 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 29 Dec 2023 10:04:03 GMT
server: nginx
x-server-name: dt02.va.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
6 KB 20ms
19ms Script
text/javascript 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://bloxfruitscript.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Fri, 29 Dec 2023 10:04:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Fri, 29 Dec 2023 10:04:03 GMT

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 680B 13 KB
5 KB 7ms
7ms Document
text/html 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://bloxfruitscript.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 605
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Fri, 29 Dec 2023 09:53:58 GMT
expires: Sat, 28 Dec 2024 09:53:58 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 5CB8 829 B
559 B 17ms
17ms Document
text/html 2a00:1450:4001:830::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

f9cc437bb8d41c8f653177c92e8a125c11a19fe7485ba95f3ba9b7431eb382c2

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-sPFhFzNpZHt2MO0mDfioBw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://bloxfruitscript.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=300
content-encoding: gzip
content-security-policy: script-src 'report-sample' 'nonce-sPFhFzNpZHt2MO0mDfioBw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Fri, 29 Dec 2023 10:04:03 GMT
expires: Fri, 29 Dec 2023 10:04:03 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H3 200 Dtt_-LR3WxpzwV0Gscftq1A_D1owstvxoTnWWhwY4Ow.js Show response
pagead2.googlesyndication.com/bg/ Frame 680B 39 KB
15 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/Dtt_-LR3WxpzwV0Gscftq1A_D1owstvxoTnWWhwY4Ow.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0edb7ff8b4775b1a73c15d06b1c7edab503f0f5a30b2dbf1a139d65a1c18e0ec

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 28 Dec 2023 15:59:50 GMT
content-encoding: br
x-content-type-options: nosniff
age: 65053
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15165
x-xss-protection: 0
last-modified: Tue, 28 Nov 2023 18:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 27 Dec 2024 15:59:50 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 5CB8 0
0 42ms
41ms Image
text/html 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gda_r20231207&jk=2470216890726112&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame 680B 0
10 B 6ms
6ms Image
text/plain 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?etNFqg
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Fri, 29 Dec 2023 10:04:03 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ 0
0 44ms
44ms Image
text/html 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gda_r20231207&jk=2470216890726112&bg=!x8SlxIvNAAY3kmNgF5I7ADQBe5WfODKdTboE5lWgX_TgxP3ZvhcRdTMi_rS0f4enXYZP8KHol1bTmr7b-5mJboNbcw2RAgAAADFSAAAAAWgBBwoAQORm_jhdgPyzxCibOTbk_asLcEXsEYM2f5YEMnV-uZmyTN147sjAEqR__OfJw799iVZORrGISQj7TiTeTDgBQBKZAulwJhhApyt3Ir77iy06r_aCzLYh7DQgSQ5PLqfERfFl-extgMzXuTqw226_wXD0uYnvdgBRqpIqiTkDkTYf70b3N8YWRfxj3lg8Zcp3eus3oJaac8ce9sbB5QRHHWqQC5S87M8Qg2A28BwwYoSQ2KEw8_ERep9jmlh7dGwNoG3aF30T-0kyZ53YFy9hKC8H-GeuTBrVACgB6g268nNJYSSrNX3jariY75lqZlBb3lzBOpflP3PrOXTLNBeVipIgT1hm66J-k_KGWBy5GHV6r5pQ6JXRr28PIiznCDhjpFyZe5bKCBj9nAh07_6Vp5Z-YWmXXXvuxGMphIOpMU3hwAWF-THlJZMQAL1zZ46yKyQodmxwtyXW9yrjeuNxn4aua5Kcl5s-YT3jGJ4uW30RdYifkr_L0QbLB4u0eOnfEVIGgpKOmoqLujBS1vn5k4nJgKf-PcsefJX1Jrhm3uFGzCeyv2Yq5ckoAnf4J6HvU4uzN51DRvlRu-NgkMwy2HX9zD_5bMia8ftZnTwc6F17_nIWCRB7-I6JtBMow1W4gGdC3iMNoN949z33nsF9sTFM5a7W4FhDStHa39L0MhYGGWs3PnWpwjUbDmug3anQ5yOfKwndBffTFyyEW2qtvollXEqW40yXyLw4cp9KbajtNW_bAcZty80YIWGdy1KI-5-E77Q3BbdjXKXH7X64xeTVPfk5CUJT_NsmPD2gCVIJVspQors8R7f7bECYJUFGCat3t-ncL8w9nz6qF19W0coIQoQadTvHY4_24gnsfhgocGhmlHVc78qwblhAKvxxyMU6Htn6a8rl0BjNrXM9OYaEIsc7mTfyPL_BLLW8JdM9Z3Jfo50fFRtVpO4cKrMnZw2vaviFtXz5zx1NQlfBa9lPjRPK5hjoACEeG4FrX3SNWr8lONLj1H6ILf752pyzI5HszF1eogWCV5I7E4xJm6uyGBTqP-_AxZFj00zWqyIybPGgixWErHurXxI3
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://bloxfruitscript.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

Verdicts & Comments Add Verdict or Comment

73 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

18 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.bloxfruitscript.com/	1970-01-21 02:39:00	Name: __gads Value: ID=f3892e151bbd3ba8:T=1703844240:RT=1703844240:S=ALNI_Ma033ZcpSt4llbqh9ajcvUW4jSlAw
.bloxfruitscript.com/	1970-01-21 02:39:00	Name: __gpi Value: UID=00000ce928b60a4c:T=1703844240:RT=1703844240:S=ALNI_MaGr1Ep4NojSsdq5MOuLeRB0XJ2Og
.doubleclick.net/	1970-01-21 02:39:00	Name: IDE Value: AHWqTUkJaV7W-JJ3t_gNGJBLwDhoqDEMguTIJvvX9Ix2RhzROhtLwKFo23Yg7zaDG4o
.googleadservices.com/	1970-01-20 19:27:00	Name: ar_debug Value: 1
.doubleclick.net/	1970-01-20 17:17:27	Name: DSID Value: NO_DATA
.adnxs.com/	1970-01-20 19:27:00	Name: uuid2 Value: 5281026951420633103
.casalemedia.com/	1970-01-21 02:03:00	Name: CMID Value: ZY6Zk8nDyjXm5gSoqSn29wAA
.casalemedia.com/	1970-01-20 19:27:00	Name: CMPS Value: 1110
.casalemedia.com/	1970-01-20 19:27:00	Name: CMPRO Value: 1110
.doubleclick.net/	1970-01-20 21:36:36	Name: APC Value: AfxxVi7EhvYv6toNXINCJ5V9uGWpW7EtPMrjWxvO0JrPBxSsaqsx3Q
.adnxs.com/	1970-01-20 19:27:00	Name: anj Value: dTM7k!M41.D>6NRF']wIg2GVSku@]C!]tbPl1M>e)ZlrFUfJ+tGXxo<?/Ow.M]28>^$l3q^hoS?:>u77c?2lWbDS5]3If)y3KL9D3I?-$E2EdY
.travelaudience.com/	1970-01-21 02:49:05	Name: _tracker Value: %7B%22UUID%22%3A%228B49F0C2-DEF0-490D-072B-FB074FB8A5ED%22%7D
.ctnsnet.com/	1970-01-21 02:03:00	Name: cid_f91f729648d1424b88ac7ec9ce069585 Value: 1
.ctnsnet.com/	1970-01-21 02:03:00	Name: gid_CAESENoPKSzHf6Nd-K61t9psAIc Value: 1
.de17a.com/	1970-01-21 01:55:48	Name: guid Value: 1.5400258797149507666
.adform.net/	1970-01-20 18:02:02	Name: C Value: 1
.turn.com/	1970-01-20 21:36:36	Name: uid Value: 7008532908061100446
.adform.net/	1970-01-20 18:43:48	Name: uid Value: 3434549039644117183

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ad.turn.com
ads.travelaudience.com
bloxfruitscript.com
c0.wp.com
c1.adform.net
cm.g.doubleclick.net
d5p.de17a.com
dclk-match.dotomi.com
dis.criteo.com
dsum-sec.casalemedia.com
dt.adsafeprotected.com
fonts.googleapis.com
fonts.gstatic.com
fw.adsafeprotected.com
gcm.ctnsnet.com
googleads.g.doubleclick.net
googleads4.g.doubleclick.net
i0.wp.com
ib.adnxs.com
pagead2.googlesyndication.com
pixel.wp.com
r.turn.com
s0.2mdn.net
static.adsafeprotected.com
stats.wp.com
tpc.googlesyndication.com
www.google.com
www.googleadservices.com
www.googletagservices.com
www.gstatic.com
142.250.186.162
172.217.16.194
172.64.151.101
178.250.1.9
192.0.76.3
192.0.77.2
192.0.77.37
2001:678:cb4:bbbb::11
213.155.156.169
216.58.206.34
2600:1f18:1aca:4282:9b2a:61a7:aac6:a228
2600:9000:20ab:3400:8:48e:53c0:93a1
2606:4700:3034::ac43:b5a5
2a00:1450:4001:806::200a
2a00:1450:4001:809::2002
2a00:1450:4001:812::2002
2a00:1450:4001:812::2003
2a00:1450:4001:812::2006
2a00:1450:4001:81c::2001
2a00:1450:4001:830::2003
2a00:1450:4001:830::2004
2a00:1450:4001:831::2002
2a02:fa8:8806:13::1370
35.186.193.173
35.190.0.66
37.157.5.133
37.252.172.123
99.81.20.211
01cee6a7a3f1444680b188ab84052e2b6c85966f53a718d3926135ebcc832ffd
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0c35d2f70310ffd00409c5a045cd5167e43a0cedad7ee73c4a34c89a5f8e5914
0edb7ff8b4775b1a73c15d06b1c7edab503f0f5a30b2dbf1a139d65a1c18e0ec
1086ac2fd1edef0446f0dce64fce6f9698729116f0240471a7dc945216c14867
129b6513f093773983aaab0ca154ddc73e8f33bd69667f2aafebe3d5e2fec2d8
1642dd5dc126df4feff2255cba0988528507973d842d0a73331a5873f6b9d4e5
18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421
1f0b0122c3b8a29394f92e6fc389e2600d3f88c6d0f043b97f1e6a6b6965a12b
1fc8dfdb8f646e934bf93bc6f793604bb12c6b304c04ac509aa86cdc1a2dbbea
2115ec740242975e1557d3478b1ada0b67adac83279c97ed7c5d445a492a4a21
272e8dfb7d01bb5be5b39ad5f6742a0ebcf4cdca9a72390f859d89db3bacbc75
27564fe0e5a95c61c9fbd45ecdb0a0a640fbb320bb64a54f3307a52fe96f86e4
27d5ba2175dc395614adb2c69fe9f4bff9abddef3a7c6e3e30a68587f428a37b
28abbd7619c91f20fdb865221bb3b87f3b38bdb6965904c58c413123e4bc3fd1
2d0922bd18f06df3c7413fcd6a3f1c5ec9545b4b07b131e362f30df7275fc058
2e44128a2911dbcc9031a191b00018005dbde321e10a7c330fa6d603b02a07ec
30ce41013884ad91288b2598001a775ee8cf40264b9d704ff17ba57aba2acdaf
3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5
38eb0379c855f10a0e69073af6b54582216fa37b7e2b1563a1246bbf1ef49642
3fd13aa5309882955edefa1157aab289e1542b6cac5b258f7a486ef88ed1d876
4000f7c9069075ac3ab72c0c8ed3039a65fc0f1ad97337fff91d95ce7c2ee773
4146ef494d6bff41fd2880bbc5359ed6a8e7c552eee3cab9531b83943d98a4f2
41b43f64c3e5d7f9eca80634429adb1b8e0a1c5e1fe67ad71ec651a991ebfe68
41d2526e9c4595fc1fc747555bda18a041033a863a9b2ed180e7b5836918facd
435db380c9936c0970dcd3d9941eab6aec2fcf2a38c3e2b4e02d957e8e76bd1f
457852000f1b85c1d570224fe5aaacc709625fc3bff458ad4e8a35420d21843d
467a5b06cb117035f7882e8c71d80e093f04ce586c1ac2b84e7e4adf978edb30
48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
4d45982f2dc34f36c9045ee46a75a1943666bb7fd64e103cac8c7429e7012840
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
565592ede82822decb298ebd1e6f56e9c6a680b1a79cd4208513a834295e4c43
566012676f5d43acfea4dc0bc5d9bb2c0805d8775fcdd081b1c895310956829a
59b036fb5e133a03feca939ab701a5eae28842f15573265dc8da1bfd5d100e6b
5a1187dc69710592986cdab241322adaf3c7576dd0594a5b1b0bd9b15b933eb5
5c4a713ee4250851232be9f9f68d41586be39b299528cfc7266e0b0e7e582e1b
607fcc162ec3cac963485dbf55428b75f35dbf3010807cbf9c955228b3e54496
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
62a816655d1b8bf20887b55d0b3884828e772f07fc94b9551757b585d5634cdd
694da45e033114445455ea32bc0448bd950165a0eda0f92e16b9ed32bf5eb493
6ae81817c90052995774cacf096b367d746225338fcbbdf50031aec87f6165ac
6b9b2b33d50320446996a318fbd7129b3b365e760c44e8acc28031438bb3f8d3
712bf11a3755c81fa1ce57249e7a61f6845b843b84aea09889a11478515234ca
76f31e38c033dd85510fafbab0f869d688f97d2f8b1616b8d72186724b024cd5
79f3393bbeb1793d9f395848d28b67735cf29ddade9d281d6e46c7f581306490
7b0e825b8984bd8f5fd91845721bc15f55503ffef4bac9f611c53462d67ab54c
7b43cb86a0e63bbb55376b4ea60d8cc9527a1421c367aa09962725e0c5140f5f
80f4d9c7c420e58b6a1d8013b9512aef088d5e019824b98db55e90fa74480346
82df0096488e87333aaa0b7cad6ec583baee19c0d1cf7638e48fb609ed060a79
854a1cb3bf2ef67e6a303c0ca22cbf1616a6683a1415997646bb2129047a7e1d
89f34b3bc1c9a0181dffc795420e5e13874189f4f65c42f1523c882db1516c87
8ceb3992861ed1fda25855c2e500e76842ae0d788405e50e3a9f45df36499cf6
8d6679c1ce1ac8605f5c410f30d1b06713479732043b75e81130cbe21b60e579
918b7dc3e2e2d015c16ce08b57bcb64d2253bafc1707658f361e72865498e537
93db605fdf4f12c9dc772fe141cc764135c6c65cbe03343b6d64145f138081a6
9844337d0b1b36b45473c8fc27cba7d1c9f8aab2107e23e684b9e1a48e6066b5
9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062
9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120
a1cde121c60065658b9eaa739fcc032ca9093bded8bf58179f65bce07ab759c9
a2366f8ceefa49f15dbf946bb02a4cf52b6d2999f71712d3f52e8bd5f56e1988
a7c3b69070e18da88843ce5865aae332f74fae0ada9c0a6004c6615c9813b4d6
ae9460723a0bb76d58644dae8d616fdd62db774b1df6426845c7520e276cf42e
b019538234514166ec7665359d097403358f8a4c991901983922fb4d56989f1e
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b7499c39e7c8c0bd63ca74bbf7306b5b0033bd9fe6a25109943a125fcac68f65
bb2f90081933c0f2475883ca2c5cfee94e96d7314a09433fffc42e37f4cffd3b
c447dd7677b419db7b21dbdfc6277c7816a913ffda76fd2e52702df538de0e49
ca7752fb33cf3a98c0f29bc4eec563112025da4109a0dcc69dabf5f861751258
cb6f2d32c49d1c2b25e9ffc9aaafa3f83075346c01bcd4ae6eb187392a4292cf
cc0c8acdd67ea1499d32049e83b9be486f8f10e518fad4d4ddaa3ca8e5ac6250
cf4cfe9a9025d3ce75775297c0cc278d74ef64677783c8b896c3032b24efdea7
d26dfed56b64dcbd94fbd1ae0efe31024acdb33a691b7acb06ff06384b8faeec
da1652fe44d65f8484559c1ad6f7701080d050c980f38baeec72108345f5d96b
db2bdaad0dc9232fadb3de900bf039a0f356521698f213df1edf601e02a5870d
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e5abc650a08fc56172358fdfc5e0748949ad5199165b7e5702d43bdba5253fbe
e913a8990c885bd71ef289a424530af23b9aa3e431085874a2ed8681d93f95b7
eb66c7c9d097d5ba414230f422484c17fa6f37157d30e1ded2cc5f65a9667987
ec24c22b9203d16dbd13f6f6898ec8b39c5b2fb7f6ef5571b9f2481bbdb862f8
ec7ef7aa5fd1e019f1c26193e95e46d481d4983673936a9dda086705ada6e3d5
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
ef3baefd00d0f3c3887e874241a1d882a8738753c5de311d48b07a38f746fb89
eff10ab2bd198e1dc267b81efed1519ee7b0e6c177c2f5a20262c28833c13910
f1efa8480d940cd99ca0a02ace31c85ebb5d9c6dadc40c27dbcf8bb52b741778
f3a8992acb9ab911e0fa4ae12f4b85ef8e61008619f13ee51c7a121ff87f63b1
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
f8238cdd1cc6032f1c34cf7e559b55a936097f78cc8839628e5cc39a6fc3f390
f903b63e45ab643dd70ee8c7865a6b94ca5effc206cd258e54bcbb47a65dce81
f9ad6189a89fa41bfd756d25eee3c9f779e2278f4d450a5c936d80353b397505
f9cc437bb8d41c8f653177c92e8a125c11a19fe7485ba95f3ba9b7431eb382c2

bloxfruitscript.com Open in urlscan Pro 2606:4700:3034::ac43:b5a5 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

130 Requests

91 %HTTPS

50 %IPv6

20 Domains

30 Subdomains

25 IPs

8 Countries

1611 kBTransfer

4752 kBSize

18 Cookies

0 Outgoing links

Page URL History

Redirected requests

130 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 12 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

bloxfruitscript.com Open in urlscan Pro
2606:4700:3034::ac43:b5a5 Public Scan

Screenshot
Live screenshot

Full Image

130
Requests

91 %
HTTPS

50 %
IPv6

20
Domains

30
Subdomains

25
IPs

8
Countries

1611 kB
Transfer

4752 kB
Size

18
Cookies

130 HTTP transactions
12 data transactions