nets4.com Open in urlscan Pro
2a06:98c1:3121::7 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://nets4.com/domain/ornatus.ru
Submission: On April 06 via api (April 6th 2022, 11:11:54 am UTC) from US — Scanned from DE

Summary HTTP 329 Redirects Links 15 Behaviour Indicators

Summary

This website contacted 62 IPs in 8 countries across 49 domains to perform 329 HTTP transactions. The main IP is 2a06:98c1:3121::7, located in United States and belongs to CLOUDFLARENET, US. The main domain is nets4.com. The Cisco Umbrella rank of the primary domain is 406603.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on March 29th 2022. Valid for: a year.

This is the only time nets4.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
29	2a06:98c1:312... 2a06:98c1:3121::7	13335 (CLOUDFLAR...) (CLOUDFLARENET)
11	2606:4700::68... 2606:4700::6811:190e	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	99.86.4.120 99.86.4.120	16509 (AMAZON-02) (AMAZON-02)
25	23.23.7.90 23.23.7.90	14618 (AMAZON-AES) (AMAZON-AES)
1 14	2a00:1450:400... 2a00:1450:4001:800::2004	15169 (GOOGLE) (GOOGLE)
3	2606:4700:440... 2606:4700:440e::6812:2fe6	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2a00:1450:400... 2a00:1450:4001:80e::200e	15169 (GOOGLE) (GOOGLE)
1	2620:1ec:27::... 2620:1ec:27::cafe:1799	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
5	52.167.85.21 52.167.85.21	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
2	2606:4700:10:... 2606:4700:10::ac43:2794	13335 (CLOUDFLAR...) (CLOUDFLARENET)
8	2a04:4e42:400... 2a04:4e42:400::649	54113 (FASTLY) (FASTLY)
1 2	52.142.114.2 52.142.114.2	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1 1	2620:1ec:c11:... 2620:1ec:c11::200	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
5	2a00:1450:400... 2a00:1450:4001:813::2003	15169 (GOOGLE) (GOOGLE)
16	142.250.186.66 142.250.186.66	15169 (GOOGLE) (GOOGLE)
1 3	104.19.135.78 104.19.135.78	13335 (CLOUDFLAR...) (CLOUDFLARENET)
5	2a00:1450:400... 2a00:1450:4001:80f::200a	15169 (GOOGLE) (GOOGLE)
4	2a00:1450:400... 2a00:1450:4001:827::2002	15169 (GOOGLE) (GOOGLE)
5	2a00:1450:400... 2a00:1450:4001:829::2002	15169 (GOOGLE) (GOOGLE)
35	2a00:1450:400... 2a00:1450:4001:803::2002	15169 (GOOGLE) (GOOGLE)
9	2a00:1450:400... 2a00:1450:4001:829::2001	15169 (GOOGLE) (GOOGLE)
6	2a00:1450:400... 2a00:1450:4001:831::2003	15169 (GOOGLE) (GOOGLE)
33	2a00:1450:400... 2a00:1450:4001:82a::2001	15169 (GOOGLE) (GOOGLE)
10	2a00:1450:400... 2a00:1450:4001:80f::2002	15169 (GOOGLE) (GOOGLE)
5	2a00:1450:400... 2a00:1450:4001:82f::2001	15169 (GOOGLE) (GOOGLE)
1	217.79.188.59 217.79.188.59	24961 (MYLOC-AS ...) (MYLOC-AS IP Backbone of myLoc managed IT AG)
2	217.79.188.54 217.79.188.54	24961 (MYLOC-AS ...) (MYLOC-AS IP Backbone of myLoc managed IT AG)
4	2a00:1450:400... 2a00:1450:4001:808::2002	15169 (GOOGLE) (GOOGLE)
10	178.63.52.121 178.63.52.121	24940 (HETZNER-AS) (HETZNER-AS)
15 24	172.217.23.98 172.217.23.98	15169 (GOOGLE) (GOOGLE)
7 15	104.102.29.65 104.102.29.65	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
5 9	37.252.172.38 37.252.172.38	29990 (ASN-APPNEX) (ASN-APPNEX)
1 4	136.243.149.243 136.243.149.243	24940 (HETZNER-AS) (HETZNER-AS)
1 4	46.4.10.47 46.4.10.47	24940 (HETZNER-AS) (HETZNER-AS)
1	94.130.102.164 94.130.102.164	24940 (HETZNER-AS) (HETZNER-AS)
4	138.201.63.165 138.201.63.165	24940 (HETZNER-AS) (HETZNER-AS)
1 4	138.201.63.117 138.201.63.117	24940 (HETZNER-AS) (HETZNER-AS)
6 7	145.239.193.130 145.239.193.130	16276 (OVH) (OVH)
4	88.198.250.30 88.198.250.30	24940 (HETZNER-AS) (HETZNER-AS)
1 2	2a01:4f8:d0a:... 2a01:4f8:d0a:2321::2	24940 (HETZNER-AS) (HETZNER-AS)
1	49.12.16.151 49.12.16.151	24940 (HETZNER-AS) (HETZNER-AS)
2	46.236.13.147 46.236.13.147	12703 (PULSANT-AS) (PULSANT-AS)
2 2	94.23.99.218 94.23.99.218	16276 (OVH) (OVH)
4	54.76.176.197 54.76.176.197	16509 (AMAZON-02) (AMAZON-02)
6 8	104.92.94.3 104.92.94.3	16625 (AKAMAI-AS) (AKAMAI-AS)
1	2606:4700::68... 2606:4700::6812:7f05	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	85.10.231.200 85.10.231.200	24940 (HETZNER-AS) (HETZNER-AS)
1	65.9.65.116 65.9.65.116	16509 (AMAZON-02) (AMAZON-02)
3	151.139.128.11 151.139.128.11	20446 (STACKPATH...) (STACKPATH-CDN)
1	18.66.97.9 18.66.97.9	16509 (AMAZON-02) (AMAZON-02)
1	2a02:fa8:8806... 2a02:fa8:8806:12::1400	41041 (VCLK-EU-SE) (VCLK-EU-SE)
2 2	3.123.52.20 3.123.52.20	16509 (AMAZON-02) (AMAZON-02)
1 2	2606:4700::68... 2606:4700::6812:c05	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 1	151.101.194.49 151.101.194.49	54113 (FASTLY) (FASTLY)
1 3	15.197.193.217 15.197.193.217	16509 (AMAZON-02) (AMAZON-02)
1 1	2a05:d018:d29... 2a05:d018:d29:3602:7d0f:60be:20fc:1243	16509 (AMAZON-02) (AMAZON-02)
2 2	216.52.2.48 216.52.2.48	29791 (VOXEL-DOT...) (VOXEL-DOT-NET)
1	178.79.242.245 178.79.242.245	22822 (LLNW) (LLNW)
1	164.132.182.207 164.132.182.207	16276 (OVH) (OVH)
1	88.99.65.215 88.99.65.215	24940 (HETZNER-AS) (HETZNER-AS)
2	54.76.212.160 54.76.212.160	16509 (AMAZON-02) (AMAZON-02)
2	51.195.5.232 51.195.5.232	16276 (OVH) (OVH)
1 3	3.122.214.5 3.122.214.5	16509 (AMAZON-02) (AMAZON-02)
6 8	3.122.93.90 3.122.93.90	16509 (AMAZON-02) (AMAZON-02)
1	18.200.96.173 18.200.96.173	16509 (AMAZON-02) (AMAZON-02)
1 2	52.16.70.86 52.16.70.86	16509 (AMAZON-02) (AMAZON-02)
1	18.158.99.238 18.158.99.238	16509 (AMAZON-02) (AMAZON-02)
329	62

29 2a06:98c1:3121::7 (United States)

ASN13335 (CLOUDFLARENET, US)

nets4.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
img.nets4.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
s0.nets4.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 2606:4700::6811:190e (United States)

ASN13335 (CLOUDFLARENET, US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 99.86.4.120 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-99-86-4-120.fra6.r.cloudfront.net

cdn.purpleads.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

25 23.23.7.90 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-23-23-7-90.compute-1.amazonaws.com

api.purpleads.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

14 2a00:1450:4001:800::2004 (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2606:4700:440e::6812:2fe6 (United States)

ASN13335 (CLOUDFLARENET, US)

static.cloudflareinsights.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cloudflareinsights.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:80e::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2620:1ec:27::cafe:1799 (United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

www.clarity.ms	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 52.167.85.21 (Boydton, United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

i.clarity.ms	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700:10::ac43:2794 (United States)

ASN13335 (CLOUDFLARENET, US)

static.addtoany.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2a04:4e42:400::649 (United States)

ASN54113 (FASTLY, US)

a.tile.openstreetmap.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
b.tile.openstreetmap.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
c.tile.openstreetmap.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.142.114.2 (Dublin, Ireland) 1 redirects

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

c.clarity.ms	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2620:1ec:c11::200 (United States) 1 redirects

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

c.bing.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:813::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

16 142.250.186.66 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s05-in-f2.1e100.net

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 104.19.135.78 (None, ) 1 redirects

ASN13335 (CLOUDFLARENET, US)

s-img.mgid.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
c.mgid.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:80f::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:827::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:829::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

35 2a00:1450:4001:803::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 2a00:1450:4001:829::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

ec81b50761337029cbc265e61aaf7f67.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
4e1be5275b477400f210f1089b7df493.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
dafc551e4e9c5169a7a13f3d713e9282.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
ac6c1c7be8da81617cd43340af360d9f.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
44b06eb17c5c54e89d8592603d21ef87.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a00:1450:4001:831::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

33 2a00:1450:4001:82a::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 2a00:1450:4001:80f::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:82f::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

cdn.ampproject.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 217.79.188.59 (Germany)

ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE)
PTR: imagesrv.adition.com

imagesrv.adition.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 217.79.188.54 (Germany)

ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE)
PTR: aa.adfarm1.adition.com

ad13.adfarm1.adition.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:808::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 178.63.52.121 (Germany)

ASN24940 (HETZNER-AS, DE)
PTR: static.121.52.63.178.clients.your-server.de

hal9000.redintelligence.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

24 172.217.23.98 (United States) 15 redirects

ASN15169 (GOOGLE, US)
PTR: mil04s23-in-f98.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

15 104.102.29.65 (Milan, Italy) 7 redirects

ASN20940 (AKAMAI-ASN1, NL)
PTR: a104-102-29-65.deploy.static.akamaitechnologies.com

dsum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 37.252.172.38 (Frankfurt am Main, Germany) 5 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 690.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 136.243.149.243 (Berlin, Germany) 1 redirects

ASN24940 (HETZNER-AS, DE)
PTR: static.243.149.243.136.clients.your-server.de

hal900030.redintelligence.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 46.4.10.47 (Germany) 1 redirects

ASN24940 (HETZNER-AS, DE)
PTR: static.47.10.4.46.clients.your-server.de

hal90002.redintelligence.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 94.130.102.164 (Germany)

ASN24940 (HETZNER-AS, DE)
PTR: static.164.102.130.94.clients.your-server.de

ad.ad-srv.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 138.201.63.165 (Reilingen, Germany)

ASN24940 (HETZNER-AS, DE)
PTR: static.165.63.201.138.clients.your-server.de

hal90005.redintelligence.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 138.201.63.117 (Reilingen, Germany) 1 redirects

ASN24940 (HETZNER-AS, DE)
PTR: static.117.63.201.138.clients.your-server.de

ad3.ad-srv.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 145.239.193.130 (France) 6 redirects

ASN16276 (OVH, FR)

pv.medialead.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 88.198.250.30 (Hamburg, Germany)

ASN24940 (HETZNER-AS, DE)
PTR: static.88-198-250-30.clients.your-server.de

pb.media01.eu	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a01:4f8:d0a:2321::2 (Germany) 1 redirects

ASN24940 (HETZNER-AS, DE)

cdn.retailads.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 49.12.16.151 (Germany)

ASN24940 (HETZNER-AS, DE)
PTR: lb-1.futalis.de

futalis.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 46.236.13.147 (United Kingdom)

ASN12703 (PULSANT-AS, GB)
PTR: 46-236-13-147.servers.dedipower.net

track.webgains.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 94.23.99.218 (France) 2 redirects

ASN16276 (OVH, FR)
PTR: ip218.ip-94-23-99.eu

medialead.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 54.76.176.197 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-76-176-197.eu-west-1.compute.amazonaws.com

ad-server.eu	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 104.92.94.3 (Frankfurt am Main, Germany) 6 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a104-92-94-3.deploy.static.akamaitechnologies.com

www.awin1.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.zenaps.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6812:7f05 (United States)

ASN13335 (CLOUDFLARENET, US)

www.conrad.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 85.10.231.200 (Kassel, Germany)

ASN24940 (HETZNER-AS, DE)
PTR: 85-10-231-200.clients.your-server.de

www.media01.eu	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 65.9.65.116 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-65-9-65-116.fra56.r.cloudfront.net

js.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 151.139.128.11 (United States)

ASN20446 (STACKPATH-CDN, US)

static2.creative-serving.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.66.97.9 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-66-97-9.fra56.r.cloudfront.net

analytics.webgains.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:fa8:8806:12::1400 (Singapore)

ASN41041 (VCLK-EU-SE, US)

dclk-match.dotomi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 3.123.52.20 (Frankfurt am Main, Germany) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-3-123-52-20.eu-central-1.compute.amazonaws.com

pm.w55c.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6812:c05 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

a.tribalfusion.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
s.tribalfusion.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.194.49 (United States) 1 redirects

ASN54113 (FASTLY, US)

sync-tm.everesttech.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 15.197.193.217 (United States) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: a12b7a488abeaa9e4.awsglobalaccelerator.com

match.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
insight.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a05:d018:d29:3602:7d0f:60be:20fc:1243 (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02, US)

pr-bh.ybp.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 216.52.2.48 (United States) 2 redirects

ASN29791 (VOXEL-DOT-NET, US)

ap.lijit.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 178.79.242.245 (United States)

ASN22822 (LLNW, US)
PTR: https-178-79-242-245.fra.llnw.net

asset.conrad.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 164.132.182.207 (France)

ASN16276 (OVH, FR)
PTR: ip207.ip-164-132-182.eu

cdn.ad-sun.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 88.99.65.215 (Germany)

ASN24940 (HETZNER-AS, DE)
PTR: static.215.65.99.88.clients.your-server.de

cdn.contentspread.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 54.76.212.160 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-76-212-160.eu-west-1.compute.amazonaws.com

api.webgains.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 51.195.5.232 (France)

ASN16276 (OVH, FR)
PTR: p15.id5-sync.com

id5-sync.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 3.122.214.5 (Frankfurt am Main, Germany) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-3-122-214-5.eu-central-1.compute.amazonaws.com

ads.creative-serving.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 3.122.93.90 (Frankfurt am Main, Germany) 6 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-3-122-93-90.eu-central-1.compute.amazonaws.com

x.bidswitch.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.200.96.173 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-200-96-173.eu-west-1.compute.amazonaws.com

rtb.gumgum.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.16.70.86 (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-52-16-70-86.eu-west-1.compute.amazonaws.com

dpm.demdex.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.158.99.238 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-158-99-238.eu-central-1.compute.amazonaws.com

match.justpremium.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
77	googlesyndication.com pagead2.googlesyndication.com — Cisco Umbrella Rank: 98 ec81b50761337029cbc265e61aaf7f67.safeframe.googlesyndication.com 4e1be5275b477400f210f1089b7df493.safeframe.googlesyndication.com dafc551e4e9c5169a7a13f3d713e9282.safeframe.googlesyndication.com ac6c1c7be8da81617cd43340af360d9f.safeframe.googlesyndication.com tpc.googlesyndication.com — Cisco Umbrella Rank: 125 44b06eb17c5c54e89d8592603d21ef87.safeframe.googlesyndication.com	382 KB
49	doubleclick.net 15 redirects securepubads.g.doubleclick.net — Cisco Umbrella Rank: 193 googleads.g.doubleclick.net — Cisco Umbrella Rank: 43 cm.g.doubleclick.net — Cisco Umbrella Rank: 206	863 KB
29	nets4.com nets4.com — Cisco Umbrella Rank: 406603 img.nets4.com — Cisco Umbrella Rank: 575665 s0.nets4.com	207 KB
27	purpleads.io cdn.purpleads.io — Cisco Umbrella Rank: 131948 api.purpleads.io — Cisco Umbrella Rank: 109672	33 KB
22	redintelligence.net 2 redirects hal9000.redintelligence.net — Cisco Umbrella Rank: 31903 hal900030.redintelligence.net — Cisco Umbrella Rank: 210705 hal90002.redintelligence.net — Cisco Umbrella Rank: 270524 hal90005.redintelligence.net — Cisco Umbrella Rank: 297927	112 KB
19	google.com 1 redirects www.google.com — Cisco Umbrella Rank: 7 adservice.google.com — Cisco Umbrella Rank: 76	28 KB
15	casalemedia.com 7 redirects dsum-sec.casalemedia.com — Cisco Umbrella Rank: 568	14 KB
11	gstatic.com www.gstatic.com fonts.gstatic.com	580 KB
11	cloudflare.com cdnjs.cloudflare.com — Cisco Umbrella Rank: 229	271 KB
9	medialead.de 8 redirects pv.medialead.de — Cisco Umbrella Rank: 45052 medialead.de — Cisco Umbrella Rank: 44533	5 KB
9	adnxs.com 5 redirects ib.adnxs.com — Cisco Umbrella Rank: 245	9 KB
8	bidswitch.net 6 redirects x.bidswitch.net — Cisco Umbrella Rank: 285	4 KB
8	openstreetmap.org a.tile.openstreetmap.org — Cisco Umbrella Rank: 14498 b.tile.openstreetmap.org — Cisco Umbrella Rank: 14729 c.tile.openstreetmap.org — Cisco Umbrella Rank: 14837	70 KB
8	clarity.ms 1 redirects www.clarity.ms — Cisco Umbrella Rank: 1230 i.clarity.ms — Cisco Umbrella Rank: 2095 c.clarity.ms — Cisco Umbrella Rank: 644	25 KB
6	creative-serving.com 1 redirects static2.creative-serving.com — Cisco Umbrella Rank: 47799 ads.creative-serving.com — Cisco Umbrella Rank: 3682	14 KB
6	awin1.com 4 redirects www.awin1.com — Cisco Umbrella Rank: 15359	4 KB
5	media01.eu pb.media01.eu — Cisco Umbrella Rank: 43911 www.media01.eu — Cisco Umbrella Rank: 257265	2 KB
5	ad-srv.net 1 redirects ad.ad-srv.net — Cisco Umbrella Rank: 35537 ad3.ad-srv.net — Cisco Umbrella Rank: 270403	7 KB
5	ampproject.org cdn.ampproject.org — Cisco Umbrella Rank: 344	112 KB
5	google.de adservice.google.de — Cisco Umbrella Rank: 8069	1 KB
5	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 45	3 KB
4	adsrvr.org 1 redirects js.adsrvr.org — Cisco Umbrella Rank: 1585 match.adsrvr.org — Cisco Umbrella Rank: 326 insight.adsrvr.org — Cisco Umbrella Rank: 591	3 KB
4	ad-server.eu ad-server.eu — Cisco Umbrella Rank: 80262	13 KB
4	googletagservices.com www.googletagservices.com — Cisco Umbrella Rank: 169	145 KB
3	webgains.io analytics.webgains.io — Cisco Umbrella Rank: 18421 api.webgains.io — Cisco Umbrella Rank: 52373	52 KB
3	adition.com imagesrv.adition.com — Cisco Umbrella Rank: 16634 ad13.adfarm1.adition.com — Cisco Umbrella Rank: 37009	11 KB
3	mgid.com 1 redirects s-img.mgid.com — Cisco Umbrella Rank: 7239 c.mgid.com — Cisco Umbrella Rank: 5828	59 KB
3	cloudflareinsights.com static.cloudflareinsights.com — Cisco Umbrella Rank: 1209 cloudflareinsights.com — Cisco Umbrella Rank: 1202	5 KB
2	demdex.net 1 redirects dpm.demdex.net — Cisco Umbrella Rank: 208	2 KB
2	id5-sync.com id5-sync.com — Cisco Umbrella Rank: 607	2 KB
2	lijit.com 2 redirects ap.lijit.com — Cisco Umbrella Rank: 602	1 KB
2	tribalfusion.com 1 redirects a.tribalfusion.com — Cisco Umbrella Rank: 800 s.tribalfusion.com — Cisco Umbrella Rank: 2468	1 KB
2	w55c.net 2 redirects pm.w55c.net — Cisco Umbrella Rank: 873	2 KB
2	zenaps.com 2 redirects www.zenaps.com — Cisco Umbrella Rank: 20418	1 KB
2	webgains.com track.webgains.com — Cisco Umbrella Rank: 38601	2 KB
2	retailads.net 1 redirects cdn.retailads.net — Cisco Umbrella Rank: 137218	6 KB
2	addtoany.com static.addtoany.com — Cisco Umbrella Rank: 4110	34 KB
2	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 39	20 KB
1	justpremium.com match.justpremium.com — Cisco Umbrella Rank: 2770	325 B
1	gumgum.com rtb.gumgum.com — Cisco Umbrella Rank: 1242	209 B
1	contentspread.net cdn.contentspread.net — Cisco Umbrella Rank: 52453	9 KB
1	ad-sun.de cdn.ad-sun.de — Cisco Umbrella Rank: 307947	3 KB
1	conrad.com asset.conrad.com — Cisco Umbrella Rank: 82119	22 KB
1	yahoo.com 1 redirects pr-bh.ybp.yahoo.com — Cisco Umbrella Rank: 370	1 KB
1	everesttech.net 1 redirects sync-tm.everesttech.net — Cisco Umbrella Rank: 575	538 B
1	dotomi.com dclk-match.dotomi.com — Cisco Umbrella Rank: 2899	104 B
1	conrad.de www.conrad.de — Cisco Umbrella Rank: 63935	726 B
1	futalis.de futalis.de — Cisco Umbrella Rank: 213046	409 B
1	bing.com 1 redirects c.bing.com — Cisco Umbrella Rank: 230	556 B
329	49

	Domain	Requested by
35	pagead2.googlesyndication.com	securepubads.g.doubleclick.net ec81b50761337029cbc265e61aaf7f67.safeframe.googlesyndication.com dafc551e4e9c5169a7a13f3d713e9282.safeframe.googlesyndication.com ac6c1c7be8da81617cd43340af360d9f.safeframe.googlesyndication.com nets4.com tpc.googlesyndication.com googleads.g.doubleclick.net 44b06eb17c5c54e89d8592603d21ef87.safeframe.googlesyndication.com www.googletagservices.com
33	tpc.googlesyndication.com	securepubads.g.doubleclick.net nets4.com tpc.googlesyndication.com ec81b50761337029cbc265e61aaf7f67.safeframe.googlesyndication.com dafc551e4e9c5169a7a13f3d713e9282.safeframe.googlesyndication.com ac6c1c7be8da81617cd43340af360d9f.safeframe.googlesyndication.com googleads.g.doubleclick.net 44b06eb17c5c54e89d8592603d21ef87.safeframe.googlesyndication.com
25	api.purpleads.io	cdn.purpleads.io nets4.com
24	cm.g.doubleclick.net	15 redirects googleads.g.doubleclick.net 44b06eb17c5c54e89d8592603d21ef87.safeframe.googlesyndication.com
16	securepubads.g.doubleclick.net	cdn.purpleads.io securepubads.g.doubleclick.net nets4.com
16	img.nets4.com	nets4.com
15	dsum-sec.casalemedia.com	7 redirects googleads.g.doubleclick.net
14	www.google.com	1 redirects nets4.com www.gstatic.com www.google.com tpc.googlesyndication.com ec81b50761337029cbc265e61aaf7f67.safeframe.googlesyndication.com dafc551e4e9c5169a7a13f3d713e9282.safeframe.googlesyndication.com ac6c1c7be8da81617cd43340af360d9f.safeframe.googlesyndication.com 44b06eb17c5c54e89d8592603d21ef87.safeframe.googlesyndication.com
11	cdnjs.cloudflare.com	nets4.com cdnjs.cloudflare.com
10	hal9000.redintelligence.net	ac6c1c7be8da81617cd43340af360d9f.safeframe.googlesyndication.com dafc551e4e9c5169a7a13f3d713e9282.safeframe.googlesyndication.com 44b06eb17c5c54e89d8592603d21ef87.safeframe.googlesyndication.com hal90002.redintelligence.net hal900030.redintelligence.net hal90005.redintelligence.net
10	nets4.com	nets4.com
9	ib.adnxs.com	5 redirects googleads.g.doubleclick.net
9	googleads.g.doubleclick.net	ec81b50761337029cbc265e61aaf7f67.safeframe.googlesyndication.com nets4.com dafc551e4e9c5169a7a13f3d713e9282.safeframe.googlesyndication.com ac6c1c7be8da81617cd43340af360d9f.safeframe.googlesyndication.com 44b06eb17c5c54e89d8592603d21ef87.safeframe.googlesyndication.com
8	x.bidswitch.net	6 redirects
7	pv.medialead.de	6 redirects ad3.ad-srv.net
6	www.awin1.com	4 redirects 44b06eb17c5c54e89d8592603d21ef87.safeframe.googlesyndication.com
6	fonts.gstatic.com	fonts.googleapis.com
5	cdn.ampproject.org	securepubads.g.doubleclick.net
5	adservice.google.com	securepubads.g.doubleclick.net
5	adservice.google.de	securepubads.g.doubleclick.net
5	fonts.googleapis.com	cdn.purpleads.io securepubads.g.doubleclick.net hal90002.redintelligence.net hal900030.redintelligence.net hal90005.redintelligence.net
5	www.gstatic.com	www.google.com
5	i.clarity.ms	www.clarity.ms i.clarity.ms
4	ad-server.eu	dafc551e4e9c5169a7a13f3d713e9282.safeframe.googlesyndication.com ac6c1c7be8da81617cd43340af360d9f.safeframe.googlesyndication.com 44b06eb17c5c54e89d8592603d21ef87.safeframe.googlesyndication.com ad3.ad-srv.net
4	pb.media01.eu	hal90002.redintelligence.net hal900030.redintelligence.net hal90005.redintelligence.net pv.medialead.de
4	ad3.ad-srv.net	1 redirects ec81b50761337029cbc265e61aaf7f67.safeframe.googlesyndication.com ad3.ad-srv.net
4	hal90005.redintelligence.net	hal9000.redintelligence.net hal90005.redintelligence.net
4	hal90002.redintelligence.net	1 redirects dafc551e4e9c5169a7a13f3d713e9282.safeframe.googlesyndication.com hal90002.redintelligence.net
4	hal900030.redintelligence.net	1 redirects ac6c1c7be8da81617cd43340af360d9f.safeframe.googlesyndication.com hal900030.redintelligence.net
4	www.googletagservices.com	ec81b50761337029cbc265e61aaf7f67.safeframe.googlesyndication.com dafc551e4e9c5169a7a13f3d713e9282.safeframe.googlesyndication.com ac6c1c7be8da81617cd43340af360d9f.safeframe.googlesyndication.com 44b06eb17c5c54e89d8592603d21ef87.safeframe.googlesyndication.com
3	ads.creative-serving.com	1 redirects
3	static2.creative-serving.com	ad3.ad-srv.net static2.creative-serving.com
3	c.tile.openstreetmap.org
3	a.tile.openstreetmap.org
3	s0.nets4.com	nets4.com
2	dpm.demdex.net	1 redirects
2	id5-sync.com	static2.creative-serving.com
2	api.webgains.io	analytics.webgains.io
2	ap.lijit.com	2 redirects
2	match.adsrvr.org	44b06eb17c5c54e89d8592603d21ef87.safeframe.googlesyndication.com js.adsrvr.org
2	pm.w55c.net	2 redirects
2	www.zenaps.com	2 redirects
2	medialead.de	2 redirects
2	track.webgains.com	nets4.com dafc551e4e9c5169a7a13f3d713e9282.safeframe.googlesyndication.com
2	cdn.retailads.net	1 redirects futalis.de
2	ad13.adfarm1.adition.com	ec81b50761337029cbc265e61aaf7f67.safeframe.googlesyndication.com ad13.adfarm1.adition.com
2	44b06eb17c5c54e89d8592603d21ef87.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
2	ac6c1c7be8da81617cd43340af360d9f.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
2	dafc551e4e9c5169a7a13f3d713e9282.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
2	ec81b50761337029cbc265e61aaf7f67.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
2	s-img.mgid.com	nets4.com
2	cloudflareinsights.com	static.cloudflareinsights.com
2	c.clarity.ms	1 redirects
2	b.tile.openstreetmap.org
2	static.addtoany.com	nets4.com
2	www.google-analytics.com	nets4.com www.google-analytics.com
2	cdn.purpleads.io	nets4.com
1	match.justpremium.com
1	rtb.gumgum.com
1	insight.adsrvr.org	1 redirects
1	cdn.contentspread.net	ad3.ad-srv.net
1	cdn.ad-sun.de	ad3.ad-srv.net
1	asset.conrad.com	ad3.ad-srv.net
1	pr-bh.ybp.yahoo.com	1 redirects
1	sync-tm.everesttech.net	1 redirects
1	s.tribalfusion.com
1	a.tribalfusion.com	1 redirects
1	dclk-match.dotomi.com	44b06eb17c5c54e89d8592603d21ef87.safeframe.googlesyndication.com
1	analytics.webgains.io	track.webgains.com
1	js.adsrvr.org	ad3.ad-srv.net
1	www.media01.eu	ad3.ad-srv.net
1	www.conrad.de	ad3.ad-srv.net
1	futalis.de	hal90002.redintelligence.net
1	ad.ad-srv.net	nets4.com
1	imagesrv.adition.com	ec81b50761337029cbc265e61aaf7f67.safeframe.googlesyndication.com
1	4e1be5275b477400f210f1089b7df493.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
1	c.mgid.com	1 redirects
1	c.bing.com	1 redirects
1	www.clarity.ms	nets4.com
1	static.cloudflareinsights.com	nets4.com
329	80

This site contains links to these domains. Also see Links.

Domain
blog.nets4.com
link.nets4.com
ornatus.ru
leafletjs.com
www.openstreetmap.org
www.addtoany.com

Subject Issuer	Validity	Valid
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2022-03-29` - `2023-03-29`	a year	crt.sh
*.purpleads.io Amazon	`2021-12-01` - `2022-12-29`	a year	crt.sh
www.google.com GTS CA 1C3	`2022-03-17` - `2022-06-09`	3 months	crt.sh
*.google-analytics.com GTS CA 1C3	`2022-03-17` - `2022-06-09`	3 months	crt.sh
www.clarity.ms DigiCert TLS RSA SHA256 2020 CA1	`2022-02-27` - `2023-02-27`	a year	crt.sh
a.clarity.ms Microsoft RSA TLS CA 01	`2021-07-27` - `2022-07-27`	a year	crt.sh
*.tile.openstreetmap.org GlobalSign Atlas R3 DV TLS CA H2 2021	`2021-11-26` - `2022-12-28`	a year	crt.sh
*.gstatic.com GTS CA 1C3	`2022-03-17` - `2022-06-09`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2022-03-17` - `2022-06-09`	3 months	crt.sh
*.google.com GTS CA 1C3	`2022-03-17` - `2022-06-09`	3 months	crt.sh
upload.video.google.com GTS CA 1C3	`2022-03-21` - `2022-06-13`	3 months	crt.sh
*.google.de GTS CA 1C3	`2022-03-21` - `2022-06-13`	3 months	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2022-03-17` - `2022-06-09`	3 months	crt.sh
misc-sni.google.com GTS CA 1C3	`2022-03-17` - `2022-06-09`	3 months	crt.sh
*.adition.com AlphaSSL CA - SHA256 - G2	`2021-04-15` - `2022-05-17`	a year	crt.sh
*.adfarm1.adition.com AlphaSSL CA - SHA256 - G2	`2021-05-21` - `2022-06-22`	a year	crt.sh
redintelligence.net R3	`2022-03-29` - `2022-06-27`	3 months	crt.sh
ad-srv.net R3	`2022-03-29` - `2022-06-27`	3 months	crt.sh
*.media01.eu RapidSSL TLS DV RSA Mixed SHA256 2020 CA-1	`2021-05-27` - `2022-05-27`	a year	crt.sh
*.futalis.de R3	`2022-02-21` - `2022-05-22`	3 months	crt.sh
*.webgains.com Sectigo RSA Domain Validation Secure Server CA	`2021-05-20` - `2022-06-20`	a year	crt.sh
www.awin1.com DigiCert SHA2 Secure Server CA	`2021-06-11` - `2022-06-16`	a year	crt.sh
www.conrad.de Cloudflare Inc ECC CA-3	`2021-05-17` - `2022-05-16`	a year	crt.sh
*.adsrvr.org GlobalSign GCC R3 DV TLS CA 2020	`2022-03-31` - `2023-05-02`	a year	crt.sh
static2.creative-serving.com Sectigo RSA Domain Validation Secure Server CA	`2021-09-10` - `2022-09-10`	a year	crt.sh
cdn.retailads.net Encryption Everywhere DV TLS CA - G1	`2021-07-17` - `2022-07-17`	a year	crt.sh
*.webgains.io Amazon	`2022-02-10` - `2023-03-11`	a year	crt.sh
*.dotomi.com GlobalSign RSA OV SSL CA 2018	`2021-08-10` - `2022-09-11`	a year	crt.sh
pv.medialead.de R3	`2022-02-20` - `2022-05-21`	3 months	crt.sh
contentspread.net R3	`2022-03-31` - `2022-06-29`	3 months	crt.sh
ad-server.eu R3	`2022-02-13` - `2022-05-14`	3 months	crt.sh
*.id5-sync.com R3	`2022-03-08` - `2022-06-06`	3 months	crt.sh
tracking.justpremium.com Amazon	`2022-01-30` - `2023-02-28`	a year	crt.sh

This page contains 51 frames:

Primary Page: https://nets4.com/domain/ornatus.ru
Frame ID: 52BDF72D9B2474439C731B99316CED95
Requests: 77 HTTP requests in this frame

Frame: https://static.addtoany.com/menu/sm.22.html
Frame ID: 333440CEB58C5F69D2B1E186F1646694
Requests: 1 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/tag/js/gpt.js
Frame ID: 5DD7EC22654CE5D64CCE5583CDD97788
Requests: 8 HTTP requests in this frame

Frame: https://s-img.mgid.com/g/10839610/492x277/-/aHR0cDovL2NsLmltZ2hvc3RzLmNvbS9pbWdoL2ltYWdlL2ZldGNoL2FyXzE2OjksY19maWxsLGVfc2hhcnBlbjoxMDAsZl9qcGcsZ19mYWNlczphdXRvLHdfMTAyMC9odHRwOi8vaW1naG9zdHMuY29tL3QvMjAyMS0wOC8xMDE5MjQvZTBkYzJhZWNiOWFlOWMxYTY0N2JiYTU5YjFiMTc4YjIuanBlZw.webp?v=1649243506-ym-V8GGpZKjSp68iKNx4L76zxSYFKGjD8YgfHIhQv6A
Frame ID: 87A772B999D5182A362053ECB60BC168
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LdBUMUZAAAAAK9sWAfAA-Kd5C0Y4AGlWbDlHXpD&co=aHR0cHM6Ly9uZXRzNC5jb206NDQz&hl=de&v=gZWLhEUEJFxEhoT5hpjn2xHK&size=normal&cb=syl7lx1wm190
Frame ID: AE4BA1C0B56436A4A0E3A274B0B36498
Requests: 4 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/tag/js/gpt.js
Frame ID: AB47646650FD473A4D3347BD3CFFEB0B
Requests: 8 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/tag/js/gpt.js
Frame ID: 40D2BC48F033999013123E6FDABEA028
Requests: 8 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/tag/js/gpt.js
Frame ID: 8347E9042B0AE27FED9764A080945880
Requests: 8 HTTP requests in this frame

Frame: https://fonts.googleapis.com/css?family=Lato&display=swap
Frame ID: 0E1B121B64310AF1B6051B0ECB7773E0
Requests: 10 HTTP requests in this frame

Frame: https://ec81b50761337029cbc265e61aaf7f67.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1
Frame ID: 06BB62E11F486562F524BE0283D48352
Requests: 1 HTTP requests in this frame

Frame: https://4e1be5275b477400f210f1089b7df493.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1
Frame ID: ADF460E0407B19B738B7469B79681D4C
Requests: 1 HTTP requests in this frame

Frame: https://dafc551e4e9c5169a7a13f3d713e9282.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1
Frame ID: 6D422E8109EAF36D9AC0C8F511E6DF95
Requests: 1 HTTP requests in this frame

Frame: https://ac6c1c7be8da81617cd43340af360d9f.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1
Frame ID: 28D87DB1B7397B4B0FCB1AE3DFEFE971
Requests: 1 HTTP requests in this frame

Frame: https://44b06eb17c5c54e89d8592603d21ef87.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1
Frame ID: CE48A0E634A3B1A72DE84DF62AFE7729
Requests: 1 HTTP requests in this frame

Frame: https://ec81b50761337029cbc265e61aaf7f67.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1
Frame ID: 557FC86582209E9F08BA0433C87D309F
Requests: 28 HTTP requests in this frame

Frame: https://ac6c1c7be8da81617cd43340af360d9f.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1
Frame ID: 91AC0C44F718B89B2E4696BCBDB95B02
Requests: 12 HTTP requests in this frame

Frame: https://dafc551e4e9c5169a7a13f3d713e9282.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1
Frame ID: 5886B7A56C6905C220B397B9F2A9FB59
Requests: 16 HTTP requests in this frame

Frame: https://cdn.ampproject.org/rtv/012203150226000/amp4ads-v0.mjs
Frame ID: D67037669318FA74F5637550CAA9E8A5
Requests: 13 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/bframe?hl=de&v=gZWLhEUEJFxEhoT5hpjn2xHK&k=6LdBUMUZAAAAAK9sWAfAA-Kd5C0Y4AGlWbDlHXpD
Frame ID: F8CEA2A5BF5951031A92B0A6DA89755F
Requests: 3 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: AFCE6ECD1C0A0A3C7A20737376A1C57F
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: CEC96E3B37224851D309FD42EF284BC6
Requests: 2 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 91267CC20941FA68E5F604CE1AC2F1F7
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: DB0D5A6E7803CCD9F1BEE5803E509EEC
Requests: 2 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 6E8FCF2438864D54A76D5F122EA7D0E8
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 2FB0B8E583AC2E3C405F7770F8D1CF21
Requests: 2 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 6EB221AFAF608FC80DBFC04D63CD0F6F
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 1CCFB899312F55A4A6E8D3B1A122E9A1
Requests: 2 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CMmp1wIQ19vYAhiGqrrHATAB&v=APEucNWThcXor2c1UvYRZ9fmwF-hlxak7ycmmbuePjOaHs1JNS5EJ0LM__D05hwxLFiHPH0HpRwfdCHEQ85lM4HQYAXDFOO7UrdFUklS-hSNq4XG170qp2xXep6S52nRQ0THra4NYc6e9XDXG-eNeFf8ii2fiU5__78328TMSsfrIHtSDaTfaWQ
Frame ID: 12873C209DC3DCA6960191415FDC1F02
Requests: 5 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxj-rbvGATAB&v=APEucNURRK4QBFbcPdmZo8JOopE_HaJK99vZzVIjEYF4bDHho_OygiTehmh2JnHM_zbr8Ps5sIPukSLMybMZ2I3EnjtgEB1ldBoDziCY7_gKrFk48k2DgEQySwy_43GRQ09kihRj_8kBFyCRdHtmeu894o30IAjZDLwwmAx2NVEDiqgGKsyPDvo
Frame ID: B21C4D8D3D035E5CB90F47C11D46CDD8
Requests: 5 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxi2hrvGATAB&v=APEucNXrW2A3zcaurhz9CikU-mCIZb4n8m8V50HvbZp4CSZqgNClp-iWjLIpCYz-aZXO3Ubt9mRbPxMTR4Hl0ghT1yESm7GtfRqYRClF_klrt9IDEFJ6npqIU6uMwkwTeoWS-IUU9xygA9CkbtSPjN_QF5IXNdYhweQf_JgjH_9n0KjrCa_JyTA
Frame ID: 317D9CEDC5BCA0209BB397FA3FD23178
Requests: 5 HTTP requests in this frame

Frame: https://44b06eb17c5c54e89d8592603d21ef87.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1
Frame ID: 3D2EBA11AEBB2E2A8F8BB53456561662
Requests: 15 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: A2469841C09AAD21495862646F928393
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 3DBCACB93BB58BC6A52850A572EA2D46
Requests: 2 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxjbobvGATAB&v=APEucNXg85uw-QUaB4e2n3GjCqAsjKdKtohglbpd9N9JUFCJn__3BWyrhfPpbf-199igT8WceigduCWPz1KDEFUW6EybT0YDQX3jlWVjtWlvwAkngx_1lVmD4PdiBEekIivszp2e4hpOG7T3GGHkTw_vcmCqCH5Siwl1rpwDlPR8-_guQPOrYo8
Frame ID: 6188C519C2E42A39D073C1F50B35F779
Requests: 5 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 5506CB035D3546D13CA57F76B2D95862
Requests: 3 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: CD5C95938943168BD459F81967D74E03
Requests: 3 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 1687DB77C0FA09939E264989B175A914
Requests: 3 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 45FF13D7715C28EB63E4E95D94A36F72
Requests: 3 HTTP requests in this frame

Frame: https://pb.media01.eu/view.aspx?trackid=529D4F146E3238B0FD87AE72E1190AD4&dt_subid1=52180&dt_subid2=83512400094733504444550011921002&actionid=981741&produktid=&dt_url=
Frame ID: 3EB9E53B8B25FE8371586688D272605E
Requests: 1 HTTP requests in this frame

Frame: https://futalis.de/htlp?utm_medium=affiliate&utm_source=retailads&utm_campaign=150337&ra_id=1311527129
Frame ID: C26D8C85CD4F9FB28C8FD3310E91818B
Requests: 2 HTTP requests in this frame

Frame: https://hal90002.redintelligence.net/request_content.php?s=83512400094733504444550011921002&a=d3ca1251
Frame ID: E11045BFEB65D85063500FF176F37B28
Requests: 6 HTTP requests in this frame

Frame: https://pb.media01.eu/view.aspx?trackid=529D4F146E3238B0FD87AE72E1190AD4&dt_subid1=52180&dt_subid2=17772100104078704444964011921030&actionid=981741&produktid=&dt_url=
Frame ID: E6D19CA4EC6F7FEF659BFFA76557838A
Requests: 1 HTTP requests in this frame

Frame: https://hal900030.redintelligence.net/request_content.php?s=17772100104078704444964011921030&a=0da63cfe
Frame ID: 60F754BB11E6FC3F844913A0AA90F88D
Requests: 6 HTTP requests in this frame

Frame: https://pb.media01.eu/view.aspx?trackid=529D4F146E3238B0FD87AE72E1190AD4&dt_subid1=52180&dt_subid2=52083000108516004444554011921005&actionid=981741&produktid=&dt_url=
Frame ID: 4636A6C365B0207B9353D3E33FBE3C36
Requests: 1 HTTP requests in this frame

Frame: https://hal90005.redintelligence.net/request_content.php?s=52083000108516004444554011921005&a=13c98686
Frame ID: 9C027664548A6D02E92B479A0FF100AE
Requests: 9 HTTP requests in this frame

Frame: https://www.conrad.de/ztpv.php?awc=11354_473322_1649243509_5a9d44d0-b59a-11ec-ba92-2231672bdcd1&insert=AW
Frame ID: D22D408125716C496EFC0971DFFCC33A
Requests: 1 HTTP requests in this frame

Frame: https://www.media01.eu/view.aspx?trackid=4FFE2293E3AB03641C3925C92FA06F0B&dt_subid1=&dt_subid2=affiliate&dt_keywords=&dt_freetext=&awc=20646_473322_1649243509_5a9c5a70-b59a-11ec-b304-2261978923a5&dt_mode=iframe&dt_url=
Frame ID: FFA4C1E469554E65BE8FC449C1BBAB2C
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 27DF69549EF4198D460C477F7B74BB3C
Requests: 9 HTTP requests in this frame

Frame: https://ad3.ad-srv.net/request_content.php?s=28472900099787900383828011921003&a=765cbec3
Frame ID: 1360065849E3CAE128537A0482F3BC78
Requests: 7 HTTP requests in this frame

Frame: https://pb.media01.eu/view.aspx?trackid=529D4F146E3238B0FD87AE72E1190AD4&dt_subid1=50099&dt_subid2=28472900099787900383828011921003&actionid=981741&produktid=&dt_url=
Frame ID: 4AF1E4F6991B43BEFFA14A0FB5553A02
Requests: 1 HTTP requests in this frame

Frame: https://match.adsrvr.org/track/upb/?adv=4qqx4oo&ref=https%3A%2F%2Fnets4.com%2F&upid=t9831l4&upv=1.1.0
Frame ID: E2B1B2C982F4BABA7E1C7F0D9B7A16C6
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Ornatus.ru - Дипломы, рефераты и курсовые на заказ Москва (499) 677-51-59

Detected technologies

Leaflet (Maps) Expand

Overall confidence: 100%
Detected patterns

leaflet.{0,32}\.js

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

AppNexus (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.(?:net|com)

Cloudflare Browser Insights (Analytics) Expand

Overall confidence: 100%
Detected patterns

static\.cloudflareinsights\.com/beacon(?:\.min)?\.js

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Popper (Miscellaneous) Expand

Overall confidence: 100%
Detected patterns

<script [^>]*src="[^"]*/popper\.js/([0-9.]+)
/popper\.js/([0-9.]+)

Webgains (Affiliate programs) Expand

Overall confidence: 100%
Detected patterns

analytics\.webgains\.io

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

/([\d.]+)/jquery(?:\.min)?\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

reCAPTCHA (Captchas) Expand

Overall confidence: 100%
Detected patterns

/recaptcha/api\.js

Page Statistics

329
Requests

88 %
HTTPS

37 %
IPv6

49
Domains

80
Subdomains

62
IPs

8
Countries

3105 kB
Transfer

7371 kB
Size

63
Cookies

15 Outgoing links

These are links going to different origins than the main page.

URL: https://blog.nets4.com/
Title: Blog

Search URL Search Domain Scan URL

URL: https://link.nets4.com/digitalocean

Search URL Search Domain Scan URL

URL: https://link.nets4.com/google
Title: Signin to Nets4.com

Search URL Search Domain Scan URL

URL: http://ornatus.ru/?utm_source=nets4.com&utm_medium=referral&utm_campaign=domain_page
Title: ornatus.ru

Search URL Search Domain Scan URL

URL: https://leafletjs.com/
Title: Leaflet

Search URL Search Domain Scan URL

URL: https://www.openstreetmap.org/copyright
Title: OpenStreetMap

Search URL Search Domain Scan URL

URL: https://blog.nets4.com/p/privacy-policy.html
Title: Privacy

Search URL Search Domain Scan URL

URL: https://blog.nets4.com/p/about.html
Title: About Us

Search URL Search Domain Scan URL

URL: https://link.nets4.com/facebook

Search URL Search Domain Scan URL

URL: https://link.nets4.com/twitter

Search URL Search Domain Scan URL

URL: https://link.nets4.com/youtube

Search URL Search Domain Scan URL

URL: https://link.nets4.com/instagram

Search URL Search Domain Scan URL

URL: https://link.nets4.com/quora

Search URL Search Domain Scan URL

URL: https://link.nets4.com/pinterest

Search URL Search Domain Scan URL

URL: https://www.addtoany.com/
Title: AddToAny

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 58

https://c.clarity.ms/c.gif HTTP 302
https://c.bing.com/c.gif?CtsSyncId=12809CB917BA4EF3B72EEBA198CFAA6E&RedC=c.clarity.ms&MXFR=05F59026A28F68152E008158A68F660A HTTP 302
https://c.clarity.ms/c.gif?CtsSyncId=12809CB917BA4EF3B72EEBA198CFAA6E&MUID=3E5B7A5264856DC928A76B2C65EE6C5B

Request Chain 80

https://c.mgid.com/c?pv=2&v=0|0|0|iipvUuSV0TwgKzIsS92rS1oPETljGBiJPwr6Ib5ALBZrL9_52jBkOV8IEvEsy0LF&cid=1221081&f=1&h2=CBvd3SiXK6CDlaashqQY2B-LAifAvcAwR1nWkedwnPI*&rid=592c297b-b59a-11ec-9f6c-e4434b374c12&psid=608532c2eac0e20ce6d36538&iub=aHR0cHM6Ly9zLWltZy5tZ2lkLmNvbS9nLzEwODM5NjEwLzMyOHgzMjgvLS9hSFIwY0RvdkwyTnNMbWx0WjJodmMzUnpMbU52YlM5cGJXZG9MMmx0WVdkbEwyWmxkR05vTDJGeVh6RTZNU3hqWDJacGJHd3NaVjl6YUdGeWNHVnVPakV3TUN4bVgycHdaeXhuWDJaaFkyVnpPbUYxZEc4c2QxODVOakF2YUhSMGNEb3ZMMmx0WjJodmMzUnpMbU52YlM5MEx6SXdNakV0TURndk1UQXhPVEkwTDJVd1pHTXlZV1ZqWWpsaFpUbGpNV0UyTkRkaVltRTFPV0l4WWpFM09HSXlMbXB3WldjLndlYnA_dj0xNjQ5MjQzNTA2LW9LZXExLWNPZUpOQkVPRGxHcTVyemFoRzRpaE1GSm1JNlVPY2w2djhsZWc= HTTP 301
https://s-img.mgid.com/g/10839610/328x328/-/aHR0cDovL2NsLmltZ2hvc3RzLmNvbS9pbWdoL2ltYWdlL2ZldGNoL2FyXzE6MSxjX2ZpbGwsZV9zaGFycGVuOjEwMCxmX2pwZyxnX2ZhY2VzOmF1dG8sd185NjAvaHR0cDovL2ltZ2hvc3RzLmNvbS90LzIwMjEtMDgvMTAxOTI0L2UwZGMyYWVjYjlhZTljMWE2NDdiYmE1OWIxYjE3OGIyLmpwZWc.webp?v=1649243506-oKeq1-cOeJNBEODlGq5rzahG4ihMFJmI6UOcl6v8leg

Request Chain 195

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Request Chain 209

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEF6PErmG0PFNJk8lbREOAzE&google_cver=1

Request Chain 210

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=Yk11dEdjGAxHR9TcUSJamQAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEF6PErmG0PFNJk8lbREOAzE&google_cver=1

Request Chain 211

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESEDkI3CWiAzySwOcKDfhdLyo&google_cver=1

Request Chain 212

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 307
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=ODg3MzU5MTM4ODczNzExMzI1OA%3D%3D

Request Chain 213

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEF6PErmG0PFNJk8lbREOAzE&google_cver=1

Request Chain 214

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=Yk11dEdjGAxHR9TcUSJamQAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEF6PErmG0PFNJk8lbREOAzE&google_cver=1

Request Chain 215

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESEDkI3CWiAzySwOcKDfhdLyo&google_cver=1

Request Chain 216

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=ODg3MzU5MTM4ODczNzExMzI1OA%3D%3D

Request Chain 217

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEF6PErmG0PFNJk8lbREOAzE&google_cver=1

Request Chain 218

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=Yk11dEdjGAxHR9TcUSJamQAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEF6PErmG0PFNJk8lbREOAzE&google_cver=1

Request Chain 219

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESEDkI3CWiAzySwOcKDfhdLyo&google_cver=1

Request Chain 220

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=ODg3MzU5MTM4ODczNzExMzI1OA%3D%3D

Request Chain 227

https://hal900030.redintelligence.net/request.php?zone=hlbrm3vhvew1&nw=20&renderingType=javascript&namespace=aab503079c&subid=&uid=1ddc300c1e32d356&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=320x100&scrollPos=0x0&extData[]=&envData=&gdpr=-1&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCGZFjc3VNYr_RH4jD7_UP64-Q4Azr0sGhad343vTFD_AuEAEg8tO5e2CV4pCCoAfIAQmpApzIbW2TRLI-qAMBqgTjAU_QRdcxx22Xdef64H_N4BbPyjigAVRhj9gb96nIayoF_eXShBEkKgAc1J0SStt__kE5D2s5Q7-FiA4QBtqoa3-wfS3clHv4YL1-hn3ftT4pFSFDj0cQ-j0vAjhiWlmyChR_58PdPxb5NTz3ksNgBgz0BPmuQELa7_McrcalwBgIA3Co64t4bx37NLvlxmw7Ydkne1jWIsSaGif7kQxrm3SfAg5DmqRjLAayBgxBFiXN2W-UYA0hlCjE6gMQyFkmkdM5gdsbe0jIvx0Mamu1-c3ghMYCcza7ieLvaOXSnDgWecnHwAS-jurk-QPgBAOQBgGgBk2AB6yt9Z8DqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhuoB_PRG6gHltgbqAeqm7ECqAffn7EC2AcA0ggJCIjhgBAQARgdgAoDmAsByAsBgAwBsBOPtdEO0BMA2BMD2BQB0BUB-BYBgBcB%26ae%3D1%26num%3D1%26cid%3DCAASJ-RoxXWFTzELul37GAv6AGfb5sYGvjmr3OJ_rozOX3NmHfwkd1dQ3w%26sig%3DAOD64_31ZOdYVrI3cg0FRfC72y2RK2wiuw%26client%3Dca-pub-5413329544040947%26dbm_c%3DAKAmf-D84dvb0AThHjuB8YYIXav89xB4ri-Sw45Q4ycMZ3dAox3N0kkbafKWqCf40ZoVwQK_4cCrwYxQ2tzlhwBBKrSvxLT5YxYo4nCI3_fk7gQ4LGSPw2fvFChZz2jhkKktXl-u_IlpNfsMKbTLbGMnWkRZxubS8A%26cry%3D1%26dbm_d%3DAKAmf-DtgzYNeaALiTHsHXo98ZYuTDCYbo24StRvmVYPzLQr-SQV3IlBAD9aekEOcvzD0ZpBImrs7BvLeAbCRzOXwO6PK86U66Arx2CO2UbCej10H5f5Ah7pBJuf71Z5dJtzfxDk7IAvNVqo9FkdtnIjTyp87tutPbK1a5edBEmwLWjECzIjVse1RXXDx1H9duOH4i2P5yj3SE-A4UMJIMajeukZdnr_Im_vbJHZtzlxQ_BMIrGY8Qw77UzUf1lTBOvmGSSjB8JtMh8u-8E3Iro_GEzpGOGYWpYAexZmsZZXBNPcSUWRzti2LpSQNC8tgOaSGurEHzUJGHAAnSRxTU3nFrwBGB0joLOAH64m5bIC8mJV7rfeAEkcDHarcCOcp6_Ahrf2Ff1eJIZWtErfVZNtZbmdlwDu6K-hB5mHfaP92IUDBt3U9qFnuKum0dkGmowFEMK0NtbCszJW3IZGmHYNuA1DhTQjhg%26adurl%3D&documentReferer=https%3A%2F%2Fnets4.com%2F&ancestorOrigins=https%3A%2F%2Fnets4.com%2Chttps%3A%2F%2Fnets4.com&random=2957861810&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0 HTTP 302
https://hal900030.redintelligence.net/request.php?zone=hlbrm3vhvew1&nw=20&renderingType=javascript&namespace=aab503079c&subid=&uid=1ddc300c1e32d356&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=320x100&scrollPos=0x0&extData[]=&envData=&gdpr=-1&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCGZFjc3VNYr_RH4jD7_UP64-Q4Azr0sGhad343vTFD_AuEAEg8tO5e2CV4pCCoAfIAQmpApzIbW2TRLI-qAMBqgTjAU_QRdcxx22Xdef64H_N4BbPyjigAVRhj9gb96nIayoF_eXShBEkKgAc1J0SStt__kE5D2s5Q7-FiA4QBtqoa3-wfS3clHv4YL1-hn3ftT4pFSFDj0cQ-j0vAjhiWlmyChR_58PdPxb5NTz3ksNgBgz0BPmuQELa7_McrcalwBgIA3Co64t4bx37NLvlxmw7Ydkne1jWIsSaGif7kQxrm3SfAg5DmqRjLAayBgxBFiXN2W-UYA0hlCjE6gMQyFkmkdM5gdsbe0jIvx0Mamu1-c3ghMYCcza7ieLvaOXSnDgWecnHwAS-jurk-QPgBAOQBgGgBk2AB6yt9Z8DqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhuoB_PRG6gHltgbqAeqm7ECqAffn7EC2AcA0ggJCIjhgBAQARgdgAoDmAsByAsBgAwBsBOPtdEO0BMA2BMD2BQB0BUB-BYBgBcB%26ae%3D1%26num%3D1%26cid%3DCAASJ-RoxXWFTzELul37GAv6AGfb5sYGvjmr3OJ_rozOX3NmHfwkd1dQ3w%26sig%3DAOD64_31ZOdYVrI3cg0FRfC72y2RK2wiuw%26client%3Dca-pub-5413329544040947%26dbm_c%3DAKAmf-D84dvb0AThHjuB8YYIXav89xB4ri-Sw45Q4ycMZ3dAox3N0kkbafKWqCf40ZoVwQK_4cCrwYxQ2tzlhwBBKrSvxLT5YxYo4nCI3_fk7gQ4LGSPw2fvFChZz2jhkKktXl-u_IlpNfsMKbTLbGMnWkRZxubS8A%26cry%3D1%26dbm_d%3DAKAmf-DtgzYNeaALiTHsHXo98ZYuTDCYbo24StRvmVYPzLQr-SQV3IlBAD9aekEOcvzD0ZpBImrs7BvLeAbCRzOXwO6PK86U66Arx2CO2UbCej10H5f5Ah7pBJuf71Z5dJtzfxDk7IAvNVqo9FkdtnIjTyp87tutPbK1a5edBEmwLWjECzIjVse1RXXDx1H9duOH4i2P5yj3SE-A4UMJIMajeukZdnr_Im_vbJHZtzlxQ_BMIrGY8Qw77UzUf1lTBOvmGSSjB8JtMh8u-8E3Iro_GEzpGOGYWpYAexZmsZZXBNPcSUWRzti2LpSQNC8tgOaSGurEHzUJGHAAnSRxTU3nFrwBGB0joLOAH64m5bIC8mJV7rfeAEkcDHarcCOcp6_Ahrf2Ff1eJIZWtErfVZNtZbmdlwDu6K-hB5mHfaP92IUDBt3U9qFnuKum0dkGmowFEMK0NtbCszJW3IZGmHYNuA1DhTQjhg%26adurl%3D&documentReferer=https%3A%2F%2Fnets4.com%2F&ancestorOrigins=https%3A%2F%2Fnets4.com%2Chttps%3A%2F%2Fnets4.com&random=2957861810&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0&uidRedirect=1

Request Chain 228

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEF6PErmG0PFNJk8lbREOAzE&google_cver=1

Request Chain 229

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=Yk11dEdjGAxHR9TcUSJamQAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEF6PErmG0PFNJk8lbREOAzE&google_cver=1

Request Chain 230

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESEDkI3CWiAzySwOcKDfhdLyo&google_cver=1

Request Chain 231

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=ODg3MzU5MTM4ODczNzExMzI1OA%3D%3D

Request Chain 233

https://hal90002.redintelligence.net/request.php?zone=g72h7lz2c4az&nw=20&renderingType=javascript&namespace=b879aabd82&subid=&uid=0ac18f36c27f8108&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=728x90&scrollPos=0x0&extData[]=&envData=&gdpr=-1&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCqHWOc3VNYvL6Hf6I9u8P6pyVwAWm5b2gaYWVnKfJD_AuEAEg8tO5e2CV4pCCoAfIAQmpAmqjHRtJQrI-qAMBqgTiAU_QqrfO8R2QjWey3xKR4YmjTNNghKxfZsSq2HBejlv5b0SFJsxlS0vb0IIlSFCfIZU2gIomMAPmUyYUL_t6MqlkzfxVoftml6AYR0L9CfGQi8lC_hsvkki6azrvtpik0XJ4wm3LIC-KSvKt3THxw4gSFQ5MJU2i1TZ6F5RCg67bNLfhJ26Ehs1ONZKiYBaLQFjpTO9XhxS25fI1MrjFygaPOmLb0QjFzEHJGcug1f3jU_rZuGuMa-n2bhPQrtPGO6hgEISLta5NV-7Dr6CsAe0_Zn2yDw07iCJnTN3JI4ijE9zABOuP_I73A-AEA5AGAaAGTYAHrK31nwOoB47OG6gHk9gbqAfulrECqAf-nrECqAeko7ECqAfVyRuoB6a-G6gH89EbqAeW2BuoB6qbsQKoB_-esQKoB9-fsQLYBwDSCAkIiOGAEBABGB2ACgOYCwHICwGADAGwE4-10Q7QEwDYEwPYFAHQFQH4FgGAFwE%26ae%3D1%26num%3D1%26cid%3DCAQSLgCNIrLMjgSLvxNtLs6euBYjFZCsdwcCs97R97Y8p96xexUe7MeW8L0dLsj2k9E%26sig%3DAOD64_0pKc0OUaZACsRUg-AQKI0ZgqY5Xw%26client%3Dca-pub-5413329544040947%26dbm_c%3DAKAmf-Da0r3TV4h5kgOvRIPnMw8lU5z3DTLKX3r1mKMf27cCn-FWNXhaSlgLZIoPX4GtBZDGDKB4ZZd1mDES71C2LAlDoYKolXhVAjPI0QZxNc33Aot7kMjuneio9QguCIK_i_jwDaoVOW0MJ0OmS3JxDWz1gqhBZQ%26cry%3D1%26dbm_d%3DAKAmf-A23UMbXabmDNy2e7ezZJHtFt04BH_COYbfV4Qlz4vlNUkNVRL8-fFaPM0w3Zx2sWxp5O7nbl5vb7XJxFvjn6jIPO2jLFPHFUZpK2juzavVC-l4Iw-hw6qo55loB0BwYbEcUV15YqPv9yRIBVtsTHMp_T3c6sOXw2oS8ibDcBR45fnCfiEYI3naMw0w66L69X7tV6bpeh67gueodKCeM4eBd8FPFC3VeAq5KavDlEudVYLqexCPU8qka1J-o7DqUeDEijaVQFjZwJWDZlqfmaP23oQvLJlBQIV9ZFSJ_KcokbNWWZftAczaToQblz7W9Td5lcYOY9t0DuAuhE3jUOeK2CxvCvEGxNgpJ3y2jDLOIpEjWXl3CgpXxtmtoUKM0k5UV75ehPAZ45EuWk4g3R6MlXR3dwxXyeqAqdlB6cnJbKVKtQ8qunsuBfjIPZWUKuyqPmzwCsZk1M5XW-onVtRZQHZsCg%26adurl%3D&documentReferer=https%3A%2F%2Fnets4.com%2F&ancestorOrigins=https%3A%2F%2Fnets4.com%2Chttps%3A%2F%2Fnets4.com&random=8617591050016&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0 HTTP 302
https://hal90002.redintelligence.net/request.php?zone=g72h7lz2c4az&nw=20&renderingType=javascript&namespace=b879aabd82&subid=&uid=0ac18f36c27f8108&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=728x90&scrollPos=0x0&extData[]=&envData=&gdpr=-1&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCqHWOc3VNYvL6Hf6I9u8P6pyVwAWm5b2gaYWVnKfJD_AuEAEg8tO5e2CV4pCCoAfIAQmpAmqjHRtJQrI-qAMBqgTiAU_QqrfO8R2QjWey3xKR4YmjTNNghKxfZsSq2HBejlv5b0SFJsxlS0vb0IIlSFCfIZU2gIomMAPmUyYUL_t6MqlkzfxVoftml6AYR0L9CfGQi8lC_hsvkki6azrvtpik0XJ4wm3LIC-KSvKt3THxw4gSFQ5MJU2i1TZ6F5RCg67bNLfhJ26Ehs1ONZKiYBaLQFjpTO9XhxS25fI1MrjFygaPOmLb0QjFzEHJGcug1f3jU_rZuGuMa-n2bhPQrtPGO6hgEISLta5NV-7Dr6CsAe0_Zn2yDw07iCJnTN3JI4ijE9zABOuP_I73A-AEA5AGAaAGTYAHrK31nwOoB47OG6gHk9gbqAfulrECqAf-nrECqAeko7ECqAfVyRuoB6a-G6gH89EbqAeW2BuoB6qbsQKoB_-esQKoB9-fsQLYBwDSCAkIiOGAEBABGB2ACgOYCwHICwGADAGwE4-10Q7QEwDYEwPYFAHQFQH4FgGAFwE%26ae%3D1%26num%3D1%26cid%3DCAQSLgCNIrLMjgSLvxNtLs6euBYjFZCsdwcCs97R97Y8p96xexUe7MeW8L0dLsj2k9E%26sig%3DAOD64_0pKc0OUaZACsRUg-AQKI0ZgqY5Xw%26client%3Dca-pub-5413329544040947%26dbm_c%3DAKAmf-Da0r3TV4h5kgOvRIPnMw8lU5z3DTLKX3r1mKMf27cCn-FWNXhaSlgLZIoPX4GtBZDGDKB4ZZd1mDES71C2LAlDoYKolXhVAjPI0QZxNc33Aot7kMjuneio9QguCIK_i_jwDaoVOW0MJ0OmS3JxDWz1gqhBZQ%26cry%3D1%26dbm_d%3DAKAmf-A23UMbXabmDNy2e7ezZJHtFt04BH_COYbfV4Qlz4vlNUkNVRL8-fFaPM0w3Zx2sWxp5O7nbl5vb7XJxFvjn6jIPO2jLFPHFUZpK2juzavVC-l4Iw-hw6qo55loB0BwYbEcUV15YqPv9yRIBVtsTHMp_T3c6sOXw2oS8ibDcBR45fnCfiEYI3naMw0w66L69X7tV6bpeh67gueodKCeM4eBd8FPFC3VeAq5KavDlEudVYLqexCPU8qka1J-o7DqUeDEijaVQFjZwJWDZlqfmaP23oQvLJlBQIV9ZFSJ_KcokbNWWZftAczaToQblz7W9Td5lcYOY9t0DuAuhE3jUOeK2CxvCvEGxNgpJ3y2jDLOIpEjWXl3CgpXxtmtoUKM0k5UV75ehPAZ45EuWk4g3R6MlXR3dwxXyeqAqdlB6cnJbKVKtQ8qunsuBfjIPZWUKuyqPmzwCsZk1M5XW-onVtRZQHZsCg%26adurl%3D&documentReferer=https%3A%2F%2Fnets4.com%2F&ancestorOrigins=https%3A%2F%2Fnets4.com%2Chttps%3A%2F%2Fnets4.com&random=8617591050016&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0&uidRedirect=1

Request Chain 242

https://ad3.ad-srv.net/request.php?zone=0s3p1fkb96mt&nw=11&renderingType=javascript&namespace=b89440fabb&subid=&uid=5462ca8861222054&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=728x90&scrollPos=0x0&extData[]=&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=&documentReferer=https%3A%2F%2Fnets4.com%2F&ancestorOrigins=https%3A%2F%2Fnets4.com%2Chttps%3A%2F%2Fnets4.com&random=2047792836401&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0 HTTP 302
https://ad3.ad-srv.net/request.php?zone=0s3p1fkb96mt&nw=11&renderingType=javascript&namespace=b89440fabb&subid=&uid=5462ca8861222054&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=728x90&scrollPos=0x0&extData[]=&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=&documentReferer=https%3A%2F%2Fnets4.com%2F&ancestorOrigins=https%3A%2F%2Fnets4.com%2Chttps%3A%2F%2Fnets4.com&random=2047792836401&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0&uidRedirect=1

Request Chain 247

https://pv.medialead.de/trck/epv/e99aace94e6e5873881d3400993e1e7e?subid=83512400094733504444550011921002&t=htlp HTTP 302
https://pb.media01.eu/view.aspx?trackid=529D4F146E3238B0FD87AE72E1190AD4&dt_subid1=52180&dt_subid2=83512400094733504444550011921002&actionid=981741&produktid=&dt_url=

Request Chain 248

https://cdn.retailads.net/tb.php?t=150337V2172132532M&subid=83512400094733504444550011921002&ra_cnt_active=1&ra_cnt=1 HTTP 302
https://futalis.de/htlp?utm_medium=affiliate&utm_source=retailads&utm_campaign=150337&ra_id=1311527129

Request Chain 251

https://medialead.de/trck/eview/e99aace94e6e5873881d3400993e1e7e?subid=83512400094733504444550011921002 HTTP 302
https://pv.medialead.de/trck/eview/e99aace94e6e5873881d3400993e1e7e?subid=83512400094733504444550011921002 HTTP 302
https://ad-server.eu/wm/pb/native.png

Request Chain 254

https://pv.medialead.de/trck/epv/e99aace94e6e5873881d3400993e1e7e?subid=17772100104078704444964011921030&t=htlp HTTP 302
https://pb.media01.eu/view.aspx?trackid=529D4F146E3238B0FD87AE72E1190AD4&dt_subid1=52180&dt_subid2=17772100104078704444964011921030&actionid=981741&produktid=&dt_url=

Request Chain 256

https://medialead.de/trck/eview/e99aace94e6e5873881d3400993e1e7e?subid=17772100104078704444964011921030 HTTP 302
https://pv.medialead.de/trck/eview/e99aace94e6e5873881d3400993e1e7e?subid=17772100104078704444964011921030 HTTP 302
https://ad-server.eu/wm/pb/native.png

Request Chain 263

https://pv.medialead.de/trck/epv/e99aace94e6e5873830a7df8deda4aa6?subid=52083000108516004444554011921005&t=htlp HTTP 302
https://pb.media01.eu/view.aspx?trackid=529D4F146E3238B0FD87AE72E1190AD4&dt_subid1=52180&dt_subid2=52083000108516004444554011921005&actionid=981741&produktid=&dt_url=

Request Chain 265

https://pv.medialead.de/trck/eview/e99aace94e6e5873830a7df8deda4aa6?subid=52083000108516004444554011921005 HTTP 302
https://ad-server.eu/wm/pb/native.png

Request Chain 268

https://www.awin1.com/cshow.php?s=2470208&v=11354&q=371931&r=473322&pv=1&pref1=28472900099787900383828011921003 HTTP 302
https://www.zenaps.com/cshow.php?pvr=5a9d44d0-b59a-11ec-ba92-2231672bdcd1&v=11354&r=473322&q=371931&s=2470208&viewref=28472900099787900383828011921003&pv=1 HTTP 302
https://www.conrad.de/ztpv.php?awc=11354_473322_1649243509_5a9d44d0-b59a-11ec-ba92-2231672bdcd1&insert=AW

Request Chain 269

https://www.awin1.com/cshow.php?s=2840015&v=20646&q=409071&r=473322&pv=1&pref1=28472900099787900383828011921003 HTTP 302
https://www.media01.eu/view.aspx?trackid=4FFE2293E3AB03641C3925C92FA06F0B&dt_subid1=&dt_subid2=affiliate&dt_keywords=&dt_freetext=&awc=20646_473322_1649243509_5a9c5a70-b59a-11ec-b304-2261978923a5&dt_mode=iframe&dt_url=

Request Chain 291

https://pm.w55c.net/ping_match.gif?ei=GOOGLE&rurl=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3D9675309%26google_hm%3D_wfivefivec64esc_&google_gid=CAESEIHfw5UUlwTODXllegSMVwI&google_cver=1&google_push=AYg5qPIXzWL50aljRqeYI-qS0NkyDzHN0r0ocuU0P0iRwWrlVrSPf4UfrGujxY7V-HOS_3-TfjjmssWi2e_uxH7NX_IPg25O9nKL HTTP 302
https://pm.w55c.net/ping_match.gif?scc=1&ei=GOOGLE&rurl=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3D9675309%26google_hm%3D_wfivefivec64esc_&google_gid=CAESEIHfw5UUlwTODXllegSMVwI&google_cver=1&google_push=AYg5qPIXzWL50aljRqeYI-qS0NkyDzHN0r0ocuU0P0iRwWrlVrSPf4UfrGujxY7V-HOS_3-TfjjmssWi2e_uxH7NX_IPg25O9nKL HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=9675309&google_hm=VlAzZUc3MG0xTkMzekw1&google_gid=CAESEIHfw5UUlwTODXllegSMVwI&google_cver=1&google_push=AYg5qPIXzWL50aljRqeYI-qS0NkyDzHN0r0ocuU0P0iRwWrlVrSPf4UfrGujxY7V-HOS_3-TfjjmssWi2e_uxH7NX_IPg25O9nKL

Request Chain 292

https://a.tribalfusion.com/i.match?p=b6&u=CAESEPSTX1podvlLhbsViWhVeRg&google_cver=1&google_push=AYg5qPJiHJu4Co9wvW-jfBgWq51GiN6tYmWi_VXva67V7l6fmCqYNXdpb7HQv6HA0AccB3GS21SfJtyleabNlRywnHF6zkjGOsIL&redirect=https%3A//cm.g.doubleclick.net/pixel%3Fgoogle_nid%3Dexp%26google_push%3DAYg5qPJiHJu4Co9wvW-jfBgWq51GiN6tYmWi_VXva67V7l6fmCqYNXdpb7HQv6HA0AccB3GS21SfJtyleabNlRywnHF6zkjGOsIL%26google_ula%3D2786954%26google_hm%3D%24TF_USER_ID_ENC%24 HTTP 302
https://s.tribalfusion.com/z/i.match?p=b6&u=CAESEPSTX1podvlLhbsViWhVeRg&google_cver=1&google_push=AYg5qPJiHJu4Co9wvW-jfBgWq51GiN6tYmWi_VXva67V7l6fmCqYNXdpb7HQv6HA0AccB3GS21SfJtyleabNlRywnHF6zkjGOsIL&redirect=https%3A//cm.g.doubleclick.net/pixel%3Fgoogle_nid%3Dexp%26google_push%3DAYg5qPJiHJu4Co9wvW-jfBgWq51GiN6tYmWi_VXva67V7l6fmCqYNXdpb7HQv6HA0AccB3GS21SfJtyleabNlRywnHF6zkjGOsIL%26google_ula%3D2786954%26google_hm%3D%24TF_USER_ID_ENC%24

Request Chain 293

https://sync-tm.everesttech.net/upi/pid/5w3jqr4k?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dg8f47s39e399f3fe%26google_hm%3D%24%7BTM_USER_ID_BASE64ENC_URLENC%7D&google_gid=CAESEM5MqKSduLRIPeM5Ne98CrY&google_cver=1&google_push=AYg5qPJj5N2r2k4HEhuq-ZB6oHgpGK5AtIBDMSSkD_iimSR3vzREgQtqHl185UWGk4ysVK7tjVu6bD1MKR5xmuxKzYFQgS7gEXRJ HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_hm=&google_cver=1&google_gid=CAESEM5MqKSduLRIPeM5Ne98CrY&google_push=AYg5qPJj5N2r2k4HEhuq-ZB6oHgpGK5AtIBDMSSkD_iimSR3vzREgQtqHl185UWGk4ysVK7tjVu6bD1MKR5xmuxKzYFQgS7gEXRJ

Request Chain 295

https://pr-bh.ybp.yahoo.com/sync/adx?google_gid=CAESEL2IB5RiNcihETFRcg2_738&google_cver=1&google_push=AYg5qPLVkJuuxBvmiAJKAml9AHoUjgmZVxstGZZhw4izj-oAHbM2OJojhVFgvzP68hQU9WVhApYko0Rxnphb7OpKqbzFhmiLtR3_ HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=AYg5qPLVkJuuxBvmiAJKAml9AHoUjgmZVxstGZZhw4izj-oAHbM2OJojhVFgvzP68hQU9WVhApYko0Rxnphb7OpKqbzFhmiLtR3_&google_hm=MzM4MDM1NjgwNTMyODAxODc5

Request Chain 296

https://ap.lijit.com/dsp/google/pixelmatch?google_gid=CAESEGt_BSvtjZUIxwRUqZjm0e4&google_cver=1&google_push=AYg5qPLA2ayjrvBvULnfas8AoXocVsSw3eTF9kK6-GTN_cbyrKaUEvAvjNJMhnNH1P5IbFTxqbICdINbpfluIh2QfF-X3kHDjG5E HTTP 307
https://ap.lijit.com/dsp/google/pixelmatch?google_gid=CAESEGt_BSvtjZUIxwRUqZjm0e4&google_cver=1&google_push=AYg5qPLA2ayjrvBvULnfas8AoXocVsSw3eTF9kK6-GTN_cbyrKaUEvAvjNJMhnNH1P5IbFTxqbICdINbpfluIh2QfF-X3kHDjG5E&sovrn_retry=true HTTP 307
https://cm.g.doubleclick.net/pixel?google_nid=sovrn&google_push=AYg5qPLA2ayjrvBvULnfas8AoXocVsSw3eTF9kK6-GTN_cbyrKaUEvAvjNJMhnNH1P5IbFTxqbICdINbpfluIh2QfF-X3kHDjG5E&google_hm=aa98a56f6619d14a33e48a08

Request Chain 301

https://www.awin1.com/cshow.php?s=2470208&v=11354&q=371931&r=473322&pref1=28472900099787900383828011921003 HTTP 302
https://www.zenaps.com/cshow.php?pvr=5ada74e1-b59a-11ec-956f-22655f6734d7&v=11354&r=473322&q=371931&s=2470208&viewref=28472900099787900383828011921003 HTTP 302
https://asset.conrad.com/media10/isa/160267/c1/-/de/boschaktion_234x60?format=gif

Request Chain 303

https://www.awin1.com/cshow.php?s=2840015&v=20646&q=409071&r=473322&pref1=28472900099787900383828011921003 HTTP 302
https://cdn.ad-sun.de/STIHL/Werbemittel/Logo/STIHL-Logo-V2_234x60.png

Request Chain 316

https://insight.adsrvr.org/track/up?adv=4qqx4oo&ref=https%3A%2F%2Fnets4.com%2F&upid=t9831l4&upv=1.1.0 HTTP 302
https://match.adsrvr.org/track/upb/?adv=4qqx4oo&ref=https%3A%2F%2Fnets4.com%2F&upid=t9831l4&upv=1.1.0

Request Chain 326

https://ads.creative-serving.com/pixel?id=3156564&id5id=0&type=jsonp&cb=syncResponse HTTP 302
https://ads.creative-serving.com/ul_cb/pixel?id=3156564&id5id=0&type=jsonp&cb=syncResponse

Request Chain 328

https://x.bidswitch.net/sync?dsp_id=4&user_id=1a9273fe-1d6b-4765-b064-0b82d284b098&ssp=&expires=5&user_group=4&cb=696 HTTP 302
https://x.bidswitch.net/ul_cb/sync?dsp_id=4&user_id=1a9273fe-1d6b-4765-b064-0b82d284b098&ssp=&expires=5&user_group=4&cb=696 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=bdsw&google_cm=1&google_hm=_68aJq-5TDCLSZu9g5rVdA== HTTP 302
https://x.bidswitch.net/google_sync_status?ssp_name=google&google_gid=CAESEOboLpV8auVFcq0PMUsrTW0&google_cver=1

Request Chain 329

https://x.bidswitch.net/sync?dsp_id=4&user_id=1a9273fe-1d6b-4765-b064-0b82d284b098&ssp=&expires=5&user_group=4&cb=172 HTTP 302
https://x.bidswitch.net/ul_cb/sync?dsp_id=4&user_id=1a9273fe-1d6b-4765-b064-0b82d284b098&ssp=&expires=5&user_group=4&cb=172 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=bdsw&google_cm=1&google_hm=_68aJq-5TDCLSZu9g5rVdA== HTTP 302
https://x.bidswitch.net/google_sync_status?ssp_name=google&google_gid=CAESEOboLpV8auVFcq0PMUsrTW0&google_cver=1

Request Chain 330

https://x.bidswitch.net/sync?dsp_id=4&user_id=1a9273fe-1d6b-4765-b064-0b82d284b098&ssp=&expires=5&user_group=4&cb=75 HTTP 302
https://x.bidswitch.net/ul_cb/sync?dsp_id=4&user_id=1a9273fe-1d6b-4765-b064-0b82d284b098&ssp=&expires=5&user_group=4&cb=75 HTTP 302
https://rtb.gumgum.com/usersync?b=bsw&i=fbdf528b-ce79-4879-af70-59f92a092804

Request Chain 332

https://dpm.demdex.net/ibs:dpid=393426&dpuuid=1a9273fe-1d6b-4765-b064-0b82d284b098 HTTP 302
https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=393426&dpuuid=1a9273fe-1d6b-4765-b064-0b82d284b098

Request Chain 334

https://cm.g.doubleclick.net/pixel?google_nid=platform161_direct_new&google_cm&google_sc HTTP 302
https://ads.creative-serving.com/gcm?google_gid=CAESEKzpXG3FAHFBthtkrmZQZ_U&google_cver=1

329 HTTP transactions
7 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request ornatus.ru Show response
nets4.com/domain/ 43 KB
11 KB 653ms
609ms Document
text/html 2a06:98c1:3121::7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://nets4.com/domain/ornatus.ru
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a06:98c1:3121::7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8c553687a3a7325fe5225887b98af00b0ba87c43440e7f8f4116c277fb947e04

Request headers

Accept-Language: de-DE,de;q=0.9
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control: public, max-age=86400, proxy-revalidate
cf-cache-status: MISS
cf-ray: 6f7a159d6d11696f-FRA
content-encoding: br
content-type: text/html; charset=UTF-8
date: Wed, 06 Apr 2022 11:11:44 GMT
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
last-modified: Wed, 06 Apr 2022 11:11:44 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3AcDnt42JGGjhIeUSwE28j%2BveoiaqbfiQvhovCUfJyBob%2Fozyn6CTDI8d3A85XtU5vxNI5GaXMxs2zoWKBzWhY4nf0i9EenbsrnpPWIaNDAVDmzDba08UlU%2F6z8PNaDrxutvPVwTnzs%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding

GET
H2 200 awkqrI1qzYcE0gTfW6uXyLl_1bA.js Show response
nets4.com/cdn-cgi/apps/head/ 7 KB
3 KB 28ms
27ms Script
application/javascript 2a06:98c1:3121::7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://nets4.com/cdn-cgi/apps/head/awkqrI1qzYcE0gTfW6uXyLl_1bA.js
Requested by: Host: nets4.com
URL: https://nets4.com/domain/ornatus.ru
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a06:98c1:3121::7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f70751d4b3f5d5c9f208ea16e8cbcac3c6abf1bda80357da3fcd21dde4333449

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/domain/ornatus.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Wed, 06 Apr 2022 11:11:44 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 7875356
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: 07K7R0E8EZNWXT79
x-amz-id-2: OMUg+mT+hOG19680g7fOd55T/KCYRnANxr5FzhTlCPRIxj4G18VfrEGY5SzocIg08tKdfo3u4bs=
last-modified: Fri, 10 Dec 2021 11:06:12 GMT
server: cloudflare
etag: W/"e951628ea64bbeadb19c6d855ca98c7a"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Z3pDV0dd92TfeaGZUjmV7XNTPy%2B%2FdrzIIwzVBgglZrXPa881bPXek%2BnHac9oRNUiJgR6IfboBNxR6yi0Yx3bQHMfSBAy7RWhW%2BlkPWEBA1zKCkerBJ%2BGVX5J%2FYqGDNwfNsSyT%2FjM8ks%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
cache-control: public, max-age=31536000
x-amz-version-id: 7KspX51u1Msx7FcOmJWweyW7FbGqzJNg
cf-ray: 6f7a15a16c5b696f-FRA

GET
H2 200 bootstrap.min.css
cdnjs.cloudflare.com/ajax/libs/bootstrap/4.5.3/css/ 157 KB
18 KB 53ms
21ms Stylesheet
text/css 2606:4700::6811:190e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/bootstrap/4.5.3/css/bootstrap.min.css

Requested by

Host: nets4.com
URL: https://nets4.com/domain/ornatus.ru

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:190e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f77c0d1739b618edc4a01ca3f6b2990b01a3009030af49ee8cf68e83052df194

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Wed, 06 Apr 2022 11:11:44 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 3512639
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 17620
timing-allow-origin: *
last-modified: Tue, 20 Jul 2021 01:00:47 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "60f6203f-44d4"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15780000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tM%2FRy%2FdJMy9SJewF%2BdppxqBi64TP9NXun00Yy9rFYswrs1ja8AxKGwne2%2Bt16xzWwnyEly2bMjykcl8ueMjGJKYNhEwB4psjrfRoU5Lb9S1YBgcVG4eGzK2ziGR%2F%2BCa%2Bt%2BXb4ctUvQr%2BrJ1xfJrrQ3F4"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=30672000
accept-ranges: bytes
cf-ray: 6f7a15a1998c8fe2-FRA
expires: Mon, 27 Mar 2023 11:11:44 GMT

GET
H2 200 all.min.css
cdnjs.cloudflare.com/ajax/libs/font-awesome/5.15.4/css/ 58 KB
11 KB 51ms
19ms Stylesheet
text/css 2606:4700::6811:190e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.15.4/css/all.min.css

Requested by

Host: nets4.com
URL: https://nets4.com/domain/ornatus.ru

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:190e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

99464ceb71bc9bbdcc72275faefe44f98eb5cbb6b5d8ee665b87b35376f1a96e

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Wed, 06 Apr 2022 11:11:44 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 143478
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 10462
timing-allow-origin: *
last-modified: Mon, 13 Sep 2021 19:10:03 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "613fa20b-28de"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15780000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=B3kZl%2B%2FE6b9AlBZJvvgwUruoqSqd5MOtKb6Y9rGsj37HWrmGx%2BmkyOnMIgFVqmR3SKueMG4PN953O4wwNnG3NXGW2MM8jBBecdBixOR1RHz0H%2B0pH792SCeLueKYY2o%2FQx7x548R5DKk56K9K2WolShY"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=30672000
accept-ranges: bytes
cf-ray: 6f7a15a199918fe2-FRA
expires: Mon, 27 Mar 2023 11:11:44 GMT

GET
H2 200 style.css
nets4.com/assets/css/ 345 B
577 B 35ms
35ms Stylesheet
text/css 2a06:98c1:3121::7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://nets4.com/assets/css/style.css
Requested by: Host: nets4.com
URL: https://nets4.com/domain/ornatus.ru
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a06:98c1:3121::7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f0f382f3320ade05dd14f969ff7dd9d894c6a6571165ab6d7fcdade2f4836dfc

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/domain/ornatus.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Wed, 06 Apr 2022 11:11:44 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 2824
cf-polished: origSize=451
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Mon, 01 Nov 2021 12:55:19 GMT
server: cloudflare
etag: W/"617fe3b7-1c3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=IenqZvmigDKjS%2FqklkFvWauJV9Ko6wjrHiUgOjZhkr%2BQIx3GEpkAroD%2Fl4Dm6t%2BHQ13uBl2UrgCPBlZ7D6NXoax5VkGmE2oKqxR0QOyTDgfGOH1B0RX1NzKs0HDw75BYn4LIyjush8Y%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cf-ray: 6f7a15a16c5e696f-FRA
cf-bgj: minify

GET
H3 200 invisible.js Show response
nets4.com/cdn-cgi/challenge-platform/h/b/scripts/ 44 KB
16 KB 30ms
29ms Script
text/javascript 2a06:98c1:3121::7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://nets4.com/cdn-cgi/challenge-platform/h/b/scripts/invisible.js?ts=1649242800
Requested by: Host: nets4.com
URL: https://nets4.com/domain/ornatus.ru
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a06:98c1:3121::7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 02314cb7a74a60fc1c6b4aab803e9c1ae4201102ed4004b441b0f2fae21def03

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/domain/ornatus.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Wed, 06 Apr 2022 11:11:44 GMT
content-encoding: br
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=C2sfWf1iB9iG6edwmv%2BSVC%2F6SB76L62kUv5FsaWo%2FGqMRGcBIi8yZ18oITcEhFZN%2FeJz9lFRmP5zH0eRICIV4H8tR%2FCdD9Z6NkiNsL9w2pAjmds2L1i9NGmwlcIyTp7IA5EaGz3isec%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/javascript
cache-control: max-age=604800, public
x-control-type-options: nosniff
cf-ray: 6f7a15a1cb889be9-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 Th69y9F.png
img.nets4.com/img/i.imgur.com/ 3 KB
4 KB 64ms
50ms Image
image/gif 2a06:98c1:3121::7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://img.nets4.com/img/i.imgur.com/Th69y9F.png?w=120&h=20&f=auto

Requested by

Host: nets4.com
URL: https://nets4.com/domain/ornatus.ru

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a06:98c1:3121::7 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

704f6f54ae77cd5ea0a0bf47ebb70727a9bd76a311d7e54788ad3dc79b366739

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Wed, 06 Apr 2022 11:11:44 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 4782127
cf-ray: 6f7a15a1ed2d696f-FRA
x-cache: MISS
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 3395
x-served-by: cache-sea4474-SEA
server: cloudflare
etag: W/"6df89d86deba278d112332afb4bb100b1a6165842a7fdb7f78a5a70c7c7218aa"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gZ5MWkGM%2Fa%2FrDAMJaZCztHNG%2BkZ53weMjot7vKjtEiYqVLaIFz4O5naPxy1Rxe5MW%2BrrAcyUrpoYOR8Wz9ZkbJ2AwaOVli9ptgaH3%2BVEFyKZ4UjNp%2B4BDkCGXM0tGPsIvrkC9Jh0Tw%2Fj4zyd"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
access-control-allow-origin: *
vary: Accept, Accept-Encoding
cache-control: public, max-age=31536000, immutable
accept-ranges: bytes
timing-allow-origin: *
link: <https://img.nets4.com/image/Th69y9F.png>; rel="canonical"
access-control-expose-headers: *

GET
H2 200 58T3Wrl.png
img.nets4.com/img/i.imgur.com/ 1 KB
2 KB 60ms
46ms Image
image/gif 2a06:98c1:3121::7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://img.nets4.com/img/i.imgur.com/58T3Wrl.png?w=20h=20&f=auto

Requested by

Host: nets4.com
URL: https://nets4.com/domain/ornatus.ru

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a06:98c1:3121::7 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2255ec4c3254a41b448889224b2cc5c32f8d6f8a6165d3c58aa6523f86c0957c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Wed, 06 Apr 2022 11:11:44 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 3488637
cf-ray: 6f7a15a1ed2f696f-FRA
x-cache: MISS
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 1117
x-served-by: cache-sea4474-SEA
server: cloudflare
etag: W/"86d32e1b83f7c87590ac6aad5f278dca67bb9675a7a7869ed47749c6cf91763d"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=f%2FlDQ%2FrKuE9kCZz0vrgVaBiXOeq%2BZRggfN2UmIKZjm2t6jvzGTbDQJOWxWrRTw5up7truYIOyWnrABuTN5lFSJQPnDkfe5aQryAr1XR2fFsftFh3h8vrDUz%2BeUsI8Fwam%2BmiDJhpJhG5YcK9"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
access-control-allow-origin: *
vary: Accept, Accept-Encoding
cache-control: public, max-age=31536000, immutable
accept-ranges: bytes
timing-allow-origin: *
link: <https://img.nets4.com/image/58T3Wrl.png>; rel="canonical"
access-control-expose-headers: *

GET
H3 200 leaflet.min.css
cdnjs.cloudflare.com/ajax/libs/leaflet/1.7.1/ 10 KB
3 KB 50ms
32ms Stylesheet
text/css 2606:4700::6811:190e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/leaflet/1.7.1/leaflet.min.css

Requested by

Host: nets4.com
URL: https://nets4.com/domain/ornatus.ru

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6811:190e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

722c5b95144aaf980dafacd36b1df0a3a0cff78962e8eee8f56e40c423f00b6f

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

Referer: https://nets4.com/
Origin: https://nets4.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Wed, 06 Apr 2022 11:11:44 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 5328063
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 2153
timing-allow-origin: *
last-modified: Thu, 03 Sep 2020 12:27:33 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5f50e135-298f"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15780000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=b1HIPeolFICeqpdOFDOuepmjRTtEscpCpiczy3f9GJfUEY%2BY498KB6G9Op35y1SxlWm93pv1w%2ByIMJfd5UJfXXmENZaFSkUwW%2FynO0cXh1iZKfoOAMiIISDjDKsRKlamE8Q%2BTbophtCr94di0WewN3Dd"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=30672000
accept-ranges: bytes
cf-ray: 6f7a15a1df7e9a06-FRA
expires: Mon, 27 Mar 2023 11:11:44 GMT

GET
H3 200 rocket-loader.min.js Show response
nets4.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/ 12 KB
4 KB 19ms
18ms Script
application/javascript 2a06:98c1:3121::7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://nets4.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Requested by

Host: nets4.com
URL: https://nets4.com/domain/ornatus.ru

Protocol

Security

QUIC, , AES_128_GCM

Server

2a06:98c1:3121::7 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ccf00d1923b0131a10e0c6d26f95e5dee6ebf8621a27e83c5a2f68a2e0093142

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/domain/ornatus.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Wed, 06 Apr 2022 11:11:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Thu, 24 Mar 2022 11:29:35 GMT
server: cloudflare
etag: W/"623c561f-302c"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
x-frame-options: DENY
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=AwDxoSfFW0Kukj6iFi%2BwTOUlxyp3DU9wnJ%2F%2FUik%2BsI5Gqsm3t2piL1VnRITmfM%2FOL%2B8rpps79O39d6NjD2ESxbT2ySD95wTE9blFonXp2VPdwRuV2EWhJz27NZ28V1pxvRtIt40Qpls%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=172800, public
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 6f7a15a1cb729be9-FRA
vary: Accept-Encoding
expires: Fri, 08 Apr 2022 11:11:44 GMT

GET
H2 200 Zc4iwuj.png
img.nets4.com/img/i.imgur.com/ 276 B
990 B 61ms
46ms Image
image/webp 2a06:98c1:3121::7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://img.nets4.com/img/i.imgur.com/Zc4iwuj.png?w=15h=15&f=auto

Requested by

Host: nets4.com
URL: https://nets4.com/domain/ornatus.ru

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a06:98c1:3121::7 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d4648625a5fae7230decf8abcad29c8ebee03c7a1b2a96a855b59afa3d79c72f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Wed, 06 Apr 2022 11:11:44 GMT
via: 1.1 varnish
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 13767516
cf-ray: 6f7a15a1ed2c696f-FRA
x-cache: HIT, MISS
x-cache-hits: 0
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 276
x-served-by: cache-sea4455-SEA, cache-fra19150-FRA
st-img-id: 68f950008bd130ec-SEA
server: cloudflare
x-timer: S1635475988.075430,VS0,VE331
etag: "stlyF3QRxIsyMBMOzqO7SdrLBA:7e9cf63ea9ef81cea66567607047245c"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xVBQpX0i0UB%2BXbfce0LB1Kr7AgqWoh1J357On4ILquSto%2F0rrfL1kE5KyiFnUSYn2GI%2FoFM5OYnM%2BPSGkHVJxPbcf8mqCJivnBGfGBu06COGrqKpXvKTTUqnP%2B5dv98J0VePoaHnqppSnPzp"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
access-control-allow-origin: *
vary: Accept, Accept-Encoding
cache-control: public, max-age=31536000, immutable
accept-ranges: bytes
timing-allow-origin: *
link: <https://i.imgur.com/Zc4iwuj.png>; rel="canonical"
access-control-expose-headers: *

GET
H2 200 W25b9ht.png
img.nets4.com/img/i.imgur.com/ 2 KB
2 KB 50ms
50ms Image
image/gif 2a06:98c1:3121::7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://img.nets4.com/img/i.imgur.com/W25b9ht.png?w=40&h=40&f=auto

Requested by

Host: nets4.com
URL: https://nets4.com/domain/ornatus.ru

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a06:98c1:3121::7 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

17a97981604a1fe56f8804e77655010e70cbfbbac2c66e03a303e876dfd72640

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Wed, 06 Apr 2022 11:11:44 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 3198355
cf-ray: 6f7a15a1fd56696f-FRA
x-cache: MISS
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 1574
x-served-by: cache-sea4438-SEA
server: cloudflare
etag: W/"74f823912b396fff2471f0918e1ae56696e6d198857eb0589e93307e557ccf4c"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=XdOG5muHfGPSz97oSh3K08kt89tmSpiI0Y7RF3A3LNN29HZ2rdVeBDnXIe9gUXRm1R%2BDu1BgwpyBu0jcE37OfjHe7itYOX9TpwqmbQBP61hnctPWwR8R%2FrVfGZDJqC2DneoJ0hJBF3LwO%2BtZ"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
access-control-allow-origin: *
vary: Accept, Accept-Encoding
cache-control: public, max-age=31536000, immutable
accept-ranges: bytes
timing-allow-origin: *
link: <https://img.nets4.com/image/W25b9ht.png>; rel="canonical"
access-control-expose-headers: *

GET
H3 200 jquery.min.js Show response
cdnjs.cloudflare.com/ajax/libs/jquery/3.6.0/ 87 KB
28 KB 30ms
18ms Script
application/javascript 2606:4700::6811:190e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/jquery/3.6.0/jquery.min.js

Requested by

Host: nets4.com
URL: https://nets4.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6811:190e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

Referer: https://nets4.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36
Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

date: Wed, 06 Apr 2022 11:11:44 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 1179293
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 27938
timing-allow-origin: *
last-modified: Tue, 02 Mar 2021 18:58:36 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "603e8adc-15d9d"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15780000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2B8IYYasxfKyTg0df%2BiQ1E95CMRZM%2FiecQn%2B1ceHCOUTabeQTnGYirZ%2BKWbZ3BB0yvaQNHBKpNoOg8wMiYj%2FGD%2FQuNgkokefw%2FkNcg%2Fx8%2BimDOT5kIlqWdnqVROc1jT63q0xrNWLlX%2FsSWbpwi1APG%2FLh"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=30672000
accept-ranges: bytes
cf-ray: 6f7a15a22c886946-FRA
expires: Mon, 27 Mar 2023 11:11:44 GMT

GET
H3 200 popper.min.js Show response
cdnjs.cloudflare.com/ajax/libs/popper.js/2.10.0/umd/ 18 KB
7 KB 16ms
16ms Script
application/javascript 2606:4700::6811:190e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/popper.js/2.10.0/umd/popper.min.js

Requested by

Host: nets4.com
URL: https://nets4.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6811:190e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

691d4bd7b9b31f9ab1b1837e7d956e0e3041ef63c1ee0edee8ca6208a4234efd

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

Referer: https://nets4.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36
Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

date: Wed, 06 Apr 2022 11:11:45 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 3523472
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 6107
timing-allow-origin: *
last-modified: Thu, 02 Sep 2021 17:01:41 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "61310375-17db"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15780000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HHCDOBpV2kbVJjYT7Ed0S26m2DDAoNhjMWR%2BSR98drFUGDm%2FFqxEWWvvoYhUfn5gWww5jW0RIaedJAjDWxq1T7S%2FI0Wom6WVLhOr0yFv3YtvdGRUTfcsPFt0Iaotgf15qHuvos58FnVvrP4j%2FIAvTtp8"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=30672000
accept-ranges: bytes
cf-ray: 6f7a15a28d5c6946-FRA
expires: Mon, 27 Mar 2023 11:11:45 GMT

GET
H3 200 bootstrap.min.js Show response
cdnjs.cloudflare.com/ajax/libs/bootstrap/4.5.3/js/ 62 KB
13 KB 14ms
13ms Script
application/javascript 2606:4700::6811:190e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/bootstrap/4.5.3/js/bootstrap.min.js

Requested by

Host: nets4.com
URL: https://nets4.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6811:190e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d8968086f7509df34c3278563dab87399da4f9dcdfb419818e3a309eedc70b88

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

Referer: https://nets4.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36
Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

date: Wed, 06 Apr 2022 11:11:45 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 1175483
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 13102
timing-allow-origin: *
last-modified: Tue, 20 Jul 2021 01:00:47 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "60f6203f-332e"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15780000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=F6ZHadhhFG%2B06qMWfiwaGbcH%2F9FgIWKMeOPh%2BaZJ0iznx8d54WrBSHeSnZcJbPfRRKNWGsLSDYI2cN21iA6H0DEP0YdqGoI9TS1puwlGpfMBJbChse7Yfrcpv39FMEbOtGvPqW%2BmguUqDWVnZc10Cr63"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=30672000
accept-ranges: bytes
cf-ray: 6f7a15a2ad996946-FRA
expires: Mon, 27 Mar 2023 11:11:45 GMT

GET
H2 200 load.js Show response
cdn.purpleads.io/ 23 KB
7 KB 43ms
11ms Script
application/javascript 99.86.4.120
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.purpleads.io/load.js?publisherId=344ad2e45bc351c4ada152793585a015:8aed5d81ec539e8e6c45776fc6ee38d0aa92f5aeb356bf9114996f6476591916247996f56f76a9fe14770cd4806b54edb29d6938615ba1769d3b435fb1fcd83b
Requested by: Host: nets4.com
URL: https://nets4.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.86.4.120 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-86-4-120.fra6.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 1be3f8db7331dbe20847830fe8f0cd134175676ccd9d3db4ae6a00e21b7fb541

Request headers

Referer: https://nets4.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36
Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

date: Wed, 06 Apr 2022 05:53:03 GMT
content-encoding: gzip
last-modified: Thu, 24 Mar 2022 11:56:20 GMT
server: AmazonS3
age: 19123
etag: "49ae84e8390be6f705ad2d720112c923"
x-cache: Hit from cloudfront
content-type: application/javascript
via: 1.1 2ef0748a2a8fca13fd6065b6b046c33c.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA6-C1
accept-ranges: bytes
content-length: 6561
x-amz-cf-id: uLznj2AmaNQCouDyiSZPXMJtp38WN6NiP7Sq_DPIWAxfZhZMs2PsiQ==

GET
H2 200 / Show response
api.purpleads.io/x/ 3 KB
2 KB 711ms
517ms Fetch
application/json 23.23.7.90
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://api.purpleads.io/x/?ts=1649243504478
Requested by: Host: cdn.purpleads.io
URL: https://cdn.purpleads.io/load.js?publisherId=344ad2e45bc351c4ada152793585a015:8aed5d81ec539e8e6c45776fc6ee38d0aa92f5aeb356bf9114996f6476591916247996f56f76a9fe14770cd4806b54edb29d6938615ba1769d3b435fb1fcd83b
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 23.23.7.90 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-23-23-7-90.compute-1.amazonaws.com
Software: /
Resource Hash: 3d1ac181488f95d8e42cdf1c11b4dd3f41aa099de812b634f297832b5b8361d6

Request headers

Accept-Language: de-DE,de;q=0.9
Authorization: Bearer 344ad2e45bc351c4ada152793585a015:8aed5d81ec539e8e6c45776fc6ee38d0aa92f5aeb356bf9114996f6476591916247996f56f76a9fe14770cd4806b54edb29d6938615ba1769d3b435fb1fcd83b
x-request-url: aHR0cHM6Ly9uZXRzNC5jb20vZG9tYWluL29ybmF0dXMucnU=
Accept: application/json
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36
Content-Type: application/json
x-purpleads-version: 0.4.18

Response headers

date: Wed, 06 Apr 2022 11:11:46 GMT
content-encoding: gzip
etag: W/"cde-fXF97qF3uKsVEP9tWh9WGT9rQe4"
vary: Accept-Encoding
access-control-allow-methods: GET, PUT, POST, DELETE, HEAD, OPTIONS
content-type: application/json; charset=utf-8
access-control-allow-origin: https://nets4.com
access-control-allow-credentials: true
x-request-id: 14815894-af12-4081-bee2-332405191c69

OPTIONS
H2 200 /
api.purpleads.io/x/ Frame 0
0 333ms
122ms Preflight 23.23.7.90
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://api.purpleads.io/x/?ts=1649243504478
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 23.23.7.90 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-23-23-7-90.compute-1.amazonaws.com
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: authorization,content-type,x-purpleads-version,x-request-url
Access-Control-Request-Method: GET
Origin: https://nets4.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: authorization,content-type,x-purpleads-version,x-request-url
access-control-allow-methods: GET, PUT, POST, DELETE, HEAD, OPTIONS
access-control-allow-origin: https://nets4.com
date: Wed, 06 Apr 2022 11:11:45 GMT
x-request-id: ddef9248-eeee-49af-ac40-18e45d4f0f96

GET
H3 200 ornatus.ru
nets4.com/domain/ 15 B
0 32ms
32ms Fetch
application/json 2a06:98c1:3121::7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://nets4.com/domain/ornatus.ru
Requested by: Host: nets4.com
URL: https://nets4.com/domain/ornatus.ru
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a06:98c1:3121::7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Referer: https://nets4.com/domain/ornatus.ru
ts-request-embed-key: 33880a02-30e0-4e60-b095-ab6ed9419ae2:4a2110026581983e7e3a966a91f7236690bb54f224332491d7f6eec7dd28b0ce
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 06 Apr 2022 11:11:45 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1SiiMQE7Ft1MdF0o%2B9HSu6bOH8nQH4phv%2FT2uYE3qUnRjp42aySnQ4lGe4ltrqOfxvaTsUqL%2BC%2BsBLj0tA5ZEekX6A%2FrvafgyZ%2FbaJaSUhZROwXY3D1%2BgVZuksB7ycgB%2Fm0bJHWzPe8%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/json; charset=UTF-8
cache-control: no-store
cf-ray: 6f7a15a33e4b9be9-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 15

GET
H3 200 leaflet.js Show response
cdnjs.cloudflare.com/ajax/libs/leaflet/1.7.1/ 139 KB
36 KB 21ms
21ms Script
application/javascript 2606:4700::6811:190e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/leaflet/1.7.1/leaflet.js

Requested by

Host: nets4.com
URL: https://nets4.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6811:190e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c837347a297c1a35852aa375392cc74950a2b868214e8b1909c4637b8b63ee24

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

Referer: https://nets4.com/
Origin: https://nets4.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Wed, 06 Apr 2022 11:11:45 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 1338246
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 35659
timing-allow-origin: *
last-modified: Thu, 03 Sep 2020 12:27:01 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5f50e115-22a75"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15780000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mRUaOPLzdvk8VDkrdiamYFPTO3qJw%2FqY3uX74YNNWrkeMqXqWAs0v5EPn35pwijtp5DBifWdVDEL75fWyvfrGxX0WEKPjOAHsfY5iTU6R%2BojnTTaz5Iq5vaI0uAUgbyjoJx0Z0aA0ny%2FrK%2BBK%2B5u0Qc6"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=30672000
accept-ranges: bytes
cf-ray: 6f7a15a339429a06-FRA
expires: Mon, 27 Mar 2023 11:11:45 GMT

GET
H2 200 agent.js Show response
cdn.purpleads.io/ 36 KB
11 KB 8ms
7ms Script
application/javascript 99.86.4.120
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.purpleads.io/agent.js?publisherId=344ad2e45bc351c4ada152793585a015:8aed5d81ec539e8e6c45776fc6ee38d0aa92f5aeb356bf9114996f6476591916247996f56f76a9fe14770cd4806b54edb29d6938615ba1769d3b435fb1fcd83b
Requested by: Host: nets4.com
URL: https://nets4.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.86.4.120 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-86-4-120.fra6.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: eef64f7a397e400b8f553622d72e44cfcfb2630f74b958fb561f0392a13ba48d

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Wed, 06 Apr 2022 09:26:22 GMT
content-encoding: gzip
last-modified: Wed, 30 Mar 2022 09:26:13 GMT
server: AmazonS3
age: 6324
etag: "459fced820cea712f76c27f56f23821c"
x-cache: Hit from cloudfront
content-type: application/javascript
via: 1.1 2ef0748a2a8fca13fd6065b6b046c33c.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA6-C1
accept-ranges: bytes
content-length: 10804
x-amz-cf-id: -PKRIgT9bDnVwV4qegriLkI7z_HdQmYLvjsAYfxZXUzOH6a8-nkzIw==

GET
H3 200 sharebutton.js Show response
nets4.com/assets/js/ 80 KB
28 KB 53ms
52ms Script
application/javascript 2a06:98c1:3121::7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://nets4.com/assets/js/sharebutton.js
Requested by: Host: nets4.com
URL: https://nets4.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a06:98c1:3121::7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 21af66f64bb18b1159ee363a933d5630e27419c83915d4d5ef42d8154f3921da

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/domain/ornatus.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Wed, 06 Apr 2022 11:11:45 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 2880
cf-polished: origSize=120806
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Sat, 03 Jul 2021 07:08:27 GMT
server: cloudflare
etag: W/"60e00ceb-1d7e6"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vVsdzxNIhbgJLsCpM5rrnd5qZ4OeG5gjTa4V8opMDjiRqVRiY7i4EGakT6%2B1s5QHmw84ifABzk8Suiu%2FURcIAxcl%2FYTSPb98q5LFLisYuwMI0gpWMeDQAcG45s%2BMEr3UfQvrg7qVtg0%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cf-ray: 6f7a15a33e4e9be9-FRA
cf-bgj: minify

GET
H2 200 api.js Show response
www.google.com/recaptcha/ 850 B
969 B 205ms
73ms Script
text/javascript 2a00:1450:4001:800::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api.js

Requested by

Host: nets4.com
URL: https://nets4.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

e1afac4f639ccfd2a3176184d598ee162e4c2f66e56900e5897e9d821553f169

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Wed, 06 Apr 2022 11:11:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: GSE
x-frame-options: SAMEORIGIN
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=300
cross-origin-resource-policy: cross-origin
content-security-policy: frame-ancestors 'self'
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 556
x-xss-protection: 1; mode=block
expires: Wed, 06 Apr 2022 11:11:45 GMT

GET
H2 200 beacon.min.js Show response
static.cloudflareinsights.com/ 14 KB
5 KB 91ms
52ms Script
text/javascript 2606:4700:440e::6812:2fe6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://static.cloudflareinsights.com/beacon.min.js
Requested by: Host: nets4.com
URL: https://nets4.com/cdn-cgi/apps/head/awkqrI1qzYcE0gTfW6uXyLl_1bA.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:440e::6812:2fe6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: fd0a1ac929c11b08e819fe4b0a18c5574012c44f09de8987c6be99a0f055a505

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Wed, 06 Apr 2022 11:11:45 GMT
content-encoding: gzip
last-modified: Thu, 09 Dec 2021 19:55:17 GMT
server: cloudflare
etag: W/2021.12.0
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
cf-ray: 6f7a15a37b499110-FRA

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 49 KB
20 KB 188ms
59ms Script
text/javascript 2a00:1450:4001:80e::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: nets4.com
URL: https://nets4.com/domain/ornatus.ru

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 02 Nov 2021 17:39:06 GMT
server: Golfe2
age: 5815
date: Wed, 06 Apr 2022 09:34:50 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 20006
expires: Wed, 06 Apr 2022 11:34:50 GMT

GET
H3 200 s.js Show response
nets4.com/cdn-cgi/zaraz/ 4 KB
2 KB 114ms
113ms Script
text/javascript 2a06:98c1:3121::7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://nets4.com/cdn-cgi/zaraz/s.js?z=JTdCJTIyZXhlY3V0ZWQlMjIlM0ElNUIlNUQlMkMlMjJ0cmFja3MlMjIlM0ElNUIlNUQlMkMlMjJ0JTIyJTNBJTIyT3JuYXR1cy5ydSUyMC0lMjAlRDAlOTQlRDAlQjglRDAlQkYlRDAlQkIlRDAlQkUlRDAlQkMlRDElOEIlMkMlMjAlRDElODAlRDAlQjUlRDElODQlRDAlQjUlRDElODAlRDAlQjAlRDElODIlRDElOEIlMjAlRDAlQjglMjAlRDAlQkElRDElODMlRDElODAlRDElODElRDAlQkUlRDAlQjIlRDElOEIlRDAlQjUlMjAlRDAlQkQlRDAlQjAlMjAlRDAlQjclRDAlQjAlRDAlQkElRDAlQjAlRDAlQjclMjAlRDAlOUMlRDAlQkUlRDElODElRDAlQkElRDAlQjIlRDAlQjAlMjAoNDk5KSUyMDY3Ny01MS01OSUyMiUyQyUyMnclMjIlM0ExNjAwJTJDJTIyaCUyMiUzQTEyMDAlMkMlMjJqJTIyJTNBMTIwMCUyQyUyMmUlMjIlM0ExNjAwJTJDJTIybCUyMiUzQSUyMmh0dHBzJTNBJTJGJTJGbmV0czQuY29tJTJGZG9tYWluJTJGb3JuYXR1cy5ydSUyMiUyQyUyMnIlMjIlM0ElMjIlMjIlMkMlMjJrJTIyJTNBMjQlMkMlMjJuJTIyJTNBJTIyVVRGLTglMjIlMkMlMjJvJTIyJTNBMCU3RA==
Requested by: Host: nets4.com
URL: https://nets4.com/domain/ornatus.ru
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a06:98c1:3121::7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d81da1c2333ea18b9649d21dd0dbb2a09141d43d18ef3e2eea1157f3e56d6277

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/domain/ornatus.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Wed, 06 Apr 2022 11:11:45 GMT
content-encoding: br
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Origin, Accept-Encoding
access-control-allow-methods: GET, HEAD, POST, OPTIONS
content-type: text/javascript
access-control-allow-origin: https://nets4.com
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5dCrOuIAum%2FLUqdbo1ts9rpvdrK7%2BS2IaSD4k%2B%2Bl8SzLQWBI7qngpJAW93u%2B201%2F%2BBXfd1Tnx7%2FtelreEiuFPtcgqyiqOO8gU9e9Td4HR5R5CW21ZAFrdxCvLOkVY74bN%2BZmF14bHhs%3D"}],"group":"cf-nel","max_age":604800}
access-control-max-age: 600
access-control-allow-credentials: true
cf-ray: 6f7a15a33e5c9be9-FRA
access-control-allow-headers: Content-Type, Set-Cookie, Cache-Control
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H3 200 fa-brands-400.woff2
cdnjs.cloudflare.com/ajax/libs/font-awesome/5.15.4/webfonts/ 75 KB
76 KB 44ms
43ms Font
application/octet-stream 2606:4700::6811:190e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.15.4/webfonts/fa-brands-400.woff2

Requested by

Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.15.4/css/all.min.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6811:190e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

23cc8f32949c8b6960b1a4ca216ccaff2db4b769f6565bef2ee1fa954e072029

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

Referer: https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.15.4/css/all.min.css
Origin: https://nets4.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Wed, 06 Apr 2022 11:11:45 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 1099688
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 76736
timing-allow-origin: *
last-modified: Mon, 13 Sep 2021 19:10:03 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "613fa20b-12bc0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15780000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=DeJ4u3trVm9KuQ2p%2BYuUnOJxcJXo%2Fvp7aEAeVl5qD7dXxYKwfIWjjEaJuDVm2gMoEyEvkvJcJFNHqaUKy95TVheH%2BBuifshXyINR7X%2FECddahJun9QCpIybz8%2F7sMpXsZ93ppkad3r0uAOIs15R%2BVT6a"}],"group":"cf-nel","max_age":604800}
content-type: application/octet-stream; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=30672000
accept-ranges: bytes
cf-ray: 6f7a15a3494f9a06-FRA
expires: Mon, 27 Mar 2023 11:11:45 GMT

GET
H3 200 fa-solid-900.woff2
cdnjs.cloudflare.com/ajax/libs/font-awesome/5.15.4/webfonts/ 76 KB
77 KB 25ms
24ms Font
application/octet-stream 2606:4700::6811:190e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.15.4/webfonts/fa-solid-900.woff2

Requested by

Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.15.4/css/all.min.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6811:190e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8f52ae059ebd18fcb45ca5d2f81ab410ade2b54e096aa1284fd4b2b97bf3ddc9

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

Referer: https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.15.4/css/all.min.css
Origin: https://nets4.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Wed, 06 Apr 2022 11:11:45 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 1182756
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 78268
timing-allow-origin: *
last-modified: Mon, 13 Sep 2021 19:10:03 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "613fa20b-131bc"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15780000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=cm8YFRIDszhlfUndQOkUK%2FkCvDhPOZ3S1DifOf5TgZWzourNQgbJXH7VVkjc5LExb43y4qA%2Bm%2By6py0gfP3NXbQDvCD6EUGVST7yGV8PGu697XsH4GWRQZs%2FW3UkEpudz1JTksOW68vZDW88CkBiK3Mb"}],"group":"cf-nel","max_age":604800}
content-type: application/octet-stream; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=30672000
accept-ranges: bytes
cf-ray: 6f7a15a349509a06-FRA
expires: Mon, 27 Mar 2023 11:11:45 GMT

GET
H2 200 509ca043-ed73-401d-b8d6-95a9180af9e1.png
s0.nets4.com/s/ 48 KB
49 KB 2283ms
2271ms Image
image/webp 2a06:98c1:3121::7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.nets4.com/s/509ca043-ed73-401d-b8d6-95a9180af9e1.png?w=500

Requested by

Host: nets4.com
URL: https://nets4.com/domain/ornatus.ru

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a06:98c1:3121::7 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b6c1dcfde57de4ef2ac2a4e85d4e539f7bba953e52028adefd895d75dde3e6a7

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Wed, 06 Apr 2022 11:11:47 GMT
access-control-allow-methods: GET, HEAD
x-content-type-options: nosniff
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
timing-allow-origin: *
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 49172
x-nc: MISS bur 6
last-modified: Wed, 06 Apr 2022 11:11:47 GMT
server: cloudflare
etag: "9e10ec1b7dee0238"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=m0z8pBFWqBUZqtp2b1dRaXzJXqxOug7dfVRcW3go%2BZTOXn9SzW2m7Oc9nHvpGbVo3sWCwsr0YC6Dfy9%2FiPjm%2B71lWJjcFk6XuU4U5xnDyNmkkc9QuvULev25Vp%2BG6BtmdtlR%2BfEMBKRn%2BFI%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=63115200
accept-ranges: bytes
cf-ray: 6f7a15a3d8f9696f-FRA
link: <http://urlscan.io/screenshots/509ca043-ed73-401d-b8d6-95a9180af9e1.png>; rel="canonical"
expires: Fri, 05 Apr 2024 23:11:47 GMT

GET
H3 200 ornatus.ru
img.nets4.com/favs/ 808 B
1 KB 1237ms
1237ms Image
image/png 2a06:98c1:3121::7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://img.nets4.com/favs/ornatus.ru?size=32

Requested by

Host: nets4.com
URL: https://nets4.com/domain/ornatus.ru

Protocol

Security

QUIC, , AES_128_GCM

Server

2a06:98c1:3121::7 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c5e29a638775df9e7257ce07f1dc1c1c0d50d9ced6082956c7b4976e80316788

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Wed, 06 Apr 2022 11:11:46 GMT
x-content-type-options: nosniff
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 808
x-xss-protection: 1; mode=block
last-modified: Wed, 06 Apr 2022 11:11:46 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Q2%2BlNiVDBqtoZoYL%2FCWLsuUkQkUJYeQ4xIyN5aamaKHYgPRkbMIIDAJFpD6IfxqMrtveITps6QlQ0vLBB5BlehBOmgtadObL0O9XreoiVxTsC16g6CxhYU3YHENd72KjShSscDiOGigrST4%2B"}],"group":"cf-nel","max_age":604800}
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=691200
accept-ranges: bytes
cf-ray: 6f7a15a3cf7d9be9-FRA

GET
H3 200 ornatus.ru
img.nets4.com/favs/ 678 B
1 KB 520ms
519ms Image
image/png 2a06:98c1:3121::7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://img.nets4.com/favs/ornatus.ru?size=16

Requested by

Host: nets4.com
URL: https://nets4.com/domain/ornatus.ru

Protocol

Security

QUIC, , AES_128_GCM

Server

2a06:98c1:3121::7 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

fad24fba2fe04bb12ddc32c058288d856c7b4e64b33d4fb63ca27afb0e5ca944

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Wed, 06 Apr 2022 11:11:45 GMT
x-content-type-options: nosniff
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 678
x-xss-protection: 1; mode=block
last-modified: Wed, 06 Apr 2022 11:11:45 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GE2aeLByOYS6DQ1NiZPayiHqVbpRdUBZkqWnacURqrujEC1JP7WmiGdFLj9L%2BFK1JFUxfEAc2%2FmsSJ%2Bs%2Bcmxe%2FFQk0NFzY5id2WIXEBRBS9dvX4dMSLCYDhV9WNkaa11P7cdQihlpalLSlUj"}],"group":"cf-nel","max_age":604800}
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=691200
accept-ranges: bytes
cf-ray: 6f7a15a3cf7e9be9-FRA

GET
H2 200 backlinks-discovery-chart
s0.nets4.com/charts/ 31 KB
33 KB 1359ms
1348ms Image
image/png 2a06:98c1:3121::7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.nets4.com/charts/backlinks-discovery-chart?d=ornatus.ru&w=400&h=200&entries=12&ctype=2

Requested by

Host: nets4.com
URL: https://nets4.com/domain/ornatus.ru

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a06:98c1:3121::7 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

eb78b3891acbc3d14761e44de1b0453edf65f0a5e03a4bacb8328afff743327c

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors https://docs.google.com https://*.googleusercontent.com;
X-Content-Type-Options	nosniff
X-Frame-Options	ALLOW-FROM https://docs.google.com
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Wed, 06 Apr 2022 11:11:46 GMT
x-content-type-options: nosniff
cf-cache-status: BYPASS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-security-policy-report-only: default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' analytics.majesticseo.com analytics.majestic.com info.majestic.com https://www.googletagmanager.com www.google-analytics.com https://www.googleadservices.com/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://platform.twitter.com/;style-src 'self' 'unsafe-inline';img-src 'self' data: https:;font-src 'none';object-src 'none';media-src 'none';frame-src www.openstreetmap.org www.youtube.com https://www.google.com/recaptcha/ https://platform.twitter.com/ https://syndication.twitter.com/;child-src www.openstreetmap.org www.youtube.com https://www.google.com/recaptcha/ https://platform.twitter.com/ https://syndication.twitter.com/;frame-ancestors https://docs.google.com https://*.googleusercontent.com;report-uri /csp/report
content-disposition: filename=BacklinkHistoryChart.png
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 32065
x-xss-protection: 1; mode=block
server: cloudflare
x-frame-options: ALLOW-FROM https://docs.google.com
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Language, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rG6PIl6WFpA8uywFAMLFvCflEoaUdSAsxc8zV6itUbU%2BsheNKcXl01qeJKqoAvIz8KJck9rJWaLUGpOUwHAya4kNUV5uDlwRWIyJM6CTvxa5yC%2Bfz1zBAIRNTplxVSyHAWw31Vfy7k4v%2Fsk%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=604800
content-security-policy: frame-ancestors https://docs.google.com https://*.googleusercontent.com;
accept-ranges: bytes
cf-ray: 6f7a15a3d8fd696f-FRA
expires: Wed, 13 Apr 2022 11:11:45 GMT

GET
H2 200 referring-domains-discovery
s0.nets4.com/charts/ 31 KB
32 KB 1382ms
1372ms Image
image/png 2a06:98c1:3121::7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.nets4.com/charts/referring-domains-discovery?d=ornatus.ru&w=400&h=200&entries=12&ctype=2

Requested by

Host: nets4.com
URL: https://nets4.com/domain/ornatus.ru

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a06:98c1:3121::7 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

76b8cf8962bf0f785a1f593b2f052306324200c82512c5f73db5f8f72fe1eb75

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors https://docs.google.com https://*.googleusercontent.com;
X-Content-Type-Options	nosniff
X-Frame-Options	ALLOW-FROM https://docs.google.com
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Wed, 06 Apr 2022 11:11:46 GMT
x-content-type-options: nosniff
cf-cache-status: BYPASS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-security-policy-report-only: default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' analytics.majesticseo.com analytics.majestic.com info.majestic.com https://www.googletagmanager.com www.google-analytics.com https://www.googleadservices.com/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://platform.twitter.com/;style-src 'self' 'unsafe-inline';img-src 'self' data: https:;font-src 'none';object-src 'none';media-src 'none';frame-src www.openstreetmap.org www.youtube.com https://www.google.com/recaptcha/ https://platform.twitter.com/ https://syndication.twitter.com/;child-src www.openstreetmap.org www.youtube.com https://www.google.com/recaptcha/ https://platform.twitter.com/ https://syndication.twitter.com/;frame-ancestors https://docs.google.com https://*.googleusercontent.com;report-uri /csp/report
content-disposition: filename=BacklinkHistoryChart.png
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 31949
x-xss-protection: 1; mode=block
server: cloudflare
x-frame-options: ALLOW-FROM https://docs.google.com
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Language, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MJN3FUDr4GtP0YBOQe5lDbHcjGg9M9MKCTA1Y8Y1gnAkuzAqXel1PZb0iK0jbcHDLtnxBUhIgvxcW%2FSTG8HVism6jxDwmM1ILC4Ig2eyKthhq3Wrt8%2BQg2usDDZ3TYvwLFbDGXgBA7OwDMQ%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=604800
content-security-policy: frame-ancestors https://docs.google.com https://*.googleusercontent.com;
accept-ranges: bytes
cf-ray: 6f7a15a3d900696f-FRA
expires: Wed, 13 Apr 2022 11:11:45 GMT

GET
H3 200 weecheck.io
img.nets4.com/favs/ 439 B
974 B 49ms
46ms Image
image/png 2a06:98c1:3121::7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://img.nets4.com/favs/weecheck.io?size=16

Requested by

Host: nets4.com
URL: https://nets4.com/domain/ornatus.ru

Protocol

Security

QUIC, , AES_128_GCM

Server

2a06:98c1:3121::7 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e5dc577d94f9f87f94a797846949133a3184e78e0832261a841188d3d65966b0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Wed, 06 Apr 2022 11:11:45 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 128903
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 439
x-xss-protection: 1; mode=block
last-modified: Mon, 04 Apr 2022 23:23:22 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=73Jjl3IkKf5r3ENyJIDRU4XkGPg4qzWIxlWXHJ%2B0QjnTeVAzXjLC64rb4wWA06EZ%2FOs0K4fpyT8U9TtVrE197X7DokcR4xqDFIEwC6Mrauw83f3yw7LSPonBvnJUgH7VaGtol3SVubDI8ioL"}],"group":"cf-nel","max_age":604800}
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=691200
accept-ranges: bytes
cf-ray: 6f7a15a3cf8c9be9-FRA

GET
H3 200 amindi.org
img.nets4.com/favs/ 570 B
1 KB 62ms
60ms Image
image/png 2a06:98c1:3121::7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://img.nets4.com/favs/amindi.org?size=16

Requested by

Host: nets4.com
URL: https://nets4.com/domain/ornatus.ru

Protocol

Security

QUIC, , AES_128_GCM

Server

2a06:98c1:3121::7 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6aedd28f95f9a2694ebb36535b969f1b4fa6bd75ed11833a223db42e43a0e99e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Wed, 06 Apr 2022 11:11:45 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 724
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 570
x-xss-protection: 1; mode=block
last-modified: Wed, 06 Apr 2022 10:59:41 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=geRh0%2BQWIlenMng%2B5AkDgnM5GeE2bUzgkE%2BdeompFDU7JpITaiSuEv%2BvPfPyp9aQK%2FfLk5vxVZYtzVxSwFXAJY5N8PW1bs5tIFAvPf%2BC4TNBOSwE6WstFBJSdLx%2BvT6NwfELofmnuWDLKHTr"}],"group":"cf-nel","max_age":604800}
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=691200
accept-ranges: bytes
cf-ray: 6f7a15a3cf8f9be9-FRA

GET
H3 200 wlftv.com
img.nets4.com/favs/ 480 B
1012 B 51ms
49ms Image
image/png 2a06:98c1:3121::7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://img.nets4.com/favs/wlftv.com?size=16

Requested by

Host: nets4.com
URL: https://nets4.com/domain/ornatus.ru

Protocol

Security

QUIC, , AES_128_GCM

Server

2a06:98c1:3121::7 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3399f219e42f1f3fb9db276a5d29a4bb4de8b6d56d12e2f361d991a7eecaba5e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Wed, 06 Apr 2022 11:11:45 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 1444
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 480
x-xss-protection: 1; mode=block
last-modified: Wed, 06 Apr 2022 10:47:41 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=cRJAQRZz1yBmznVNfYrokgZgShxO%2BaqGEWye1plbyqVW4NqoSTHtBPvOCEqvrxqZOHWB7e0CI28jfteOuJmkmUcAsvrhOZ2gypm3uFQrRdW2%2BceS31INAJrJlN2jPg8emzGdqrEun0ZExG2i"}],"group":"cf-nel","max_age":604800}
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=691200
accept-ranges: bytes
cf-ray: 6f7a15a3cf919be9-FRA

GET
H3 200 sgpics.net
img.nets4.com/favs/ 713 B
1 KB 50ms
47ms Image
image/png 2a06:98c1:3121::7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://img.nets4.com/favs/sgpics.net?size=16

Requested by

Host: nets4.com
URL: https://nets4.com/domain/ornatus.ru

Protocol

Security

QUIC, , AES_128_GCM

Server

2a06:98c1:3121::7 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

619a04c246a9a1865e88e72522bd253ddf9eb3bf1db374b38abf693558cac6a1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Wed, 06 Apr 2022 11:11:45 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 4023
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 713
x-xss-protection: 1; mode=block
last-modified: Wed, 06 Apr 2022 10:04:42 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6oLafbSJe7PFA7qFe0gXI%2BRj%2B%2Fb7Voux2oUSURHrcUFWHMN6Q%2BFfgY%2BAJsrU%2F9TPrFG6H%2BJQilogWjdo8RXOvl2oIXc68aqrheKLPO2aZ9UWPxICHjggFQ3R8MEaf%2BqQQ1pXz%2FGtF72RXX6m"}],"group":"cf-nel","max_age":604800}
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=691200
accept-ranges: bytes
cf-ray: 6f7a15a3cf949be9-FRA

GET
H3 200 shubhrushi.com
img.nets4.com/favs/ 70 B
602 B 99ms
96ms Image
image/png 2a06:98c1:3121::7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://img.nets4.com/favs/shubhrushi.com?size=16

Requested by

Host: nets4.com
URL: https://nets4.com/domain/ornatus.ru

Protocol

Security

QUIC, , AES_128_GCM

Server

2a06:98c1:3121::7 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9681c0a0a13d8581f202bfaf62e53563ea6d0d6bd8e542b35b6d7c09b0e7b41b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Wed, 06 Apr 2022 11:11:45 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 4024
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 70
x-xss-protection: 1; mode=block
last-modified: Wed, 06 Apr 2022 10:04:41 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Ji5JdDCi0pFqptAk0tlgjinVJdIM7UB34pPfUwXtbho8G6NRsrGmP2UfbBt0IVDcAPSZCO%2F8PXi5pViIDRCSlCQQFZrjcCObaKPoLiJss4hqVgAzW7oIIblOlOlxd%2Fms2GyvpS63fEFd%2BwZQ"}],"group":"cf-nel","max_age":604800}
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=691200
accept-ranges: bytes
cf-ray: 6f7a15a3cf959be9-FRA

GET
H3 200 vidfin.com
img.nets4.com/favs/ 70 B
608 B 59ms
57ms Image
image/png 2a06:98c1:3121::7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://img.nets4.com/favs/vidfin.com?size=16

Requested by

Host: nets4.com
URL: https://nets4.com/domain/ornatus.ru

Protocol

Security

QUIC, , AES_128_GCM

Server

2a06:98c1:3121::7 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9681c0a0a13d8581f202bfaf62e53563ea6d0d6bd8e542b35b6d7c09b0e7b41b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Wed, 06 Apr 2022 11:11:45 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 4023
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 70
x-xss-protection: 1; mode=block
last-modified: Wed, 06 Apr 2022 10:04:42 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=J%2B5r%2FtHkRGDEw020rF0BuOzbRif0JhzTHotFpwDFP0hJK3DVyM7jLAaTvxCOAdae%2BCsrEzlamFk%2FtNnezpm%2BNRcIy4s9%2BgDh%2FA7y6vDMRiynPY7o9fmJe5C%2BmMlqu8ku3uHaxaPlaWv842IL"}],"group":"cf-nel","max_age":604800}
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=691200
accept-ranges: bytes
cf-ray: 6f7a15a3cf969be9-FRA

GET
H3 200 futures-infinity.com
img.nets4.com/favs/ 70 B
601 B 49ms
47ms Image
image/png 2a06:98c1:3121::7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://img.nets4.com/favs/futures-infinity.com?size=16

Requested by

Host: nets4.com
URL: https://nets4.com/domain/ornatus.ru

Protocol

Security

QUIC, , AES_128_GCM

Server

2a06:98c1:3121::7 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9681c0a0a13d8581f202bfaf62e53563ea6d0d6bd8e542b35b6d7c09b0e7b41b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Wed, 06 Apr 2022 11:11:45 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 4023
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 70
x-xss-protection: 1; mode=block
last-modified: Wed, 06 Apr 2022 10:04:42 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gNUDKSHRuyhl72iFk%2BSKehSUstPXYlRkPslgPIRRdC8AlIFFw3rKY07C2n7pI7art8%2BU4yTreiL0I6x69Dvs3OrvHnrtOZe62PpCPyHTIp75whpzIbfHqNSwY12W4HF4xz9ipqUec3gyYN3I"}],"group":"cf-nel","max_age":604800}
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=691200
accept-ranges: bytes
cf-ray: 6f7a15a3cf9a9be9-FRA

GET
H3 200 intuya.com
img.nets4.com/favs/ 785 B
1 KB 62ms
60ms Image
image/png 2a06:98c1:3121::7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://img.nets4.com/favs/intuya.com?size=16

Requested by

Host: nets4.com
URL: https://nets4.com/domain/ornatus.ru

Protocol

Security

QUIC, , AES_128_GCM

Server

2a06:98c1:3121::7 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d46bcd63be2ada9ac7dd28a10f03b0581c4d068ed229d6b0bb2c61ed6a0457be

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Wed, 06 Apr 2022 11:11:45 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 10083
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 785
x-xss-protection: 1; mode=block
last-modified: Wed, 06 Apr 2022 08:23:42 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=00Jz4Sf7AO2xLT%2FWuoYt%2BDAYVB0fPrW45ihQ6yLlZVQJQa1fhV5icwznLbq9yMJdRASJtuvH%2B5A3ERfdSFqN1WBivVhmH7n9kTNV%2FXLEc48FQomfiyjH5AR3pEpOR%2BlYZh%2BEnGcuXihZPE2C"}],"group":"cf-nel","max_age":604800}
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=691200
accept-ranges: bytes
cf-ray: 6f7a15a3cf9c9be9-FRA

GET
H3 200 bovens.org
img.nets4.com/favs/ 566 B
1 KB 55ms
53ms Image
image/png 2a06:98c1:3121::7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://img.nets4.com/favs/bovens.org?size=16

Requested by

Host: nets4.com
URL: https://nets4.com/domain/ornatus.ru

Protocol

Security

QUIC, , AES_128_GCM

Server

2a06:98c1:3121::7 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

16cef97823982975a9034a00b686571421daff884d1c1e14b1b6ed52c58c7829

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Wed, 06 Apr 2022 11:11:45 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 10924
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 566
x-xss-protection: 1; mode=block
last-modified: Wed, 06 Apr 2022 08:09:41 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zYrHH5xHcxEyASr2RgS2NqK5YcuvIB0Q9kx0ord4WjsG0Tf4Yc6zeNojBicU8UARvu9V9i%2FOoXU9yjwCr4SedsLKDcsYHeueRCu3xH7hvqz7Y5BzdFLNqidkdmASePuRnRZWNdFaWqeQvowu"}],"group":"cf-nel","max_age":604800}
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=691200
accept-ranges: bytes
cf-ray: 6f7a15a3cf9d9be9-FRA

GET
H3 200 codecombat.com
img.nets4.com/favs/ 984 B
1 KB 51ms
49ms Image
image/png 2a06:98c1:3121::7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://img.nets4.com/favs/codecombat.com?size=16

Requested by

Host: nets4.com
URL: https://nets4.com/domain/ornatus.ru

Protocol

Security

QUIC, , AES_128_GCM

Server

2a06:98c1:3121::7 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4f05b5ed2b178f7c38f1a3f0af73f71316ce04680485eaf0a67e9c4ba887e34c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Wed, 06 Apr 2022 11:11:45 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 13374
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 984
x-xss-protection: 1; mode=block
last-modified: Wed, 06 Apr 2022 07:28:51 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FW2PIrGHMUMk2BdhoatEgtc6S3IDkHeDIq0BzMYTlXvG97zMy2Rk%2BY7SqUpaBjc0k1ybD93eaxR47Djve3vLLgba64xMsmkfh9922YEdDmxLfCDBWgKVunKgmsPt%2FG5L7rSnBVP08cZlrawd"}],"group":"cf-nel","max_age":604800}
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=691200
accept-ranges: bytes
cf-ray: 6f7a15a3cf9f9be9-FRA

GET
H2 200 550j6zn5gn Show response
www.clarity.ms/tag/ 683 B
1 KB 167ms
112ms Script
application/x-javascript 2620:1ec:27::cafe:1799
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.clarity.ms/tag/550j6zn5gn
Requested by: Host: nets4.com
URL: https://nets4.com/domain/ornatus.ru
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:27::cafe:1799 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: / ASP.NET
Resource Hash: cd19ddf2050ec063fd0ae53bf3a43ef1009c232e94099c82a6bbad13ff3da956

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Wed, 06 Apr 2022 11:11:44 GMT
x-powered-by: ASP.NET
x-azure-ref: 0cXVNYgAAAACx78zlogpVQbJ1vmtwBzzWTUFOMzBFREdFMDcxMAA2Y2ZiZWVlMC01MDI3LTQ4NGItODk2Ny00YTI5YWY3N2YxZTE=
x-cache: CONFIG_NOCACHE
content-type: application/x-javascript
cache-control: no-cache, no-store
request-context: appId=cid-v1:593e4080-f032-4d00-a652-e17f01252a9d
content-length: 683
expires: -1

POST
H3 200 collect Show response
www.google-analytics.com/j/ 2 B
22 B 126ms
63ms XHR
text/plain 2a00:1450:4001:80e::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j96&a=1266448606&t=pageview&_s=1&dl=https%3A%2F%2Fnets4.com%2Fdomain%2Fornatus.ru&ul=en-us&de=UTF-8&dt=Ornatus.ru%20-%20%D0%94%D0%B8%D0%BF%D0%BB%D0%BE%D0%BC%D1%8B%2C%20%D1%80%D0%B5%D1%84%D0%B5%D1%80%D0%B0%D1%82%D1%8B%20%D0%B8%20%D0%BA%D1%83%D1%80%D1%81%D0%BE%D0%B2%D1%8B%D0%B5%20%D0%BD%D0%B0%20%D0%B7%D0%B0%D0%BA%D0%B0%D0%B7%20%D0%9C%D0%BE%D1%81%D0%BA%D0%B2%D0%B0%20(499)%20677-51-59&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=IEBAAEABAAAAAC~&jid=1872296087&gjid=342944353&cid=1196927865.1649243505&tid=UA-123511935-10&_gid=1661632077.1649243505&_r=1&_slc=1&z=1250494220

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

a048e640908046be06e00eab37742b5d5ff80964af58cfd22f7cb2de4dfe375f

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://nets4.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Wed, 06 Apr 2022 11:11:45 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://nets4.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 clarity.js Show response
i.clarity.ms/s/0.6.34/ 53 KB
23 KB 650ms
98ms Script
application/javascript 52.167.85.21
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://i.clarity.ms/s/0.6.34/clarity.js
Requested by: Host: www.clarity.ms
URL: https://www.clarity.ms/tag/550j6zn5gn
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 52.167.85.21 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: ca63193ce799e4e00c9106349365981dc6e26cb77632ebf5df23dffba2aaccfa

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Wed, 06 Apr 2022 11:11:45 GMT
content-encoding: br
etag: "1d84959b978c254"
last-modified: Wed, 06 Apr 2022 01:57:52 GMT
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET
vary: Accept-Encoding
content-type: application/javascript;charset=utf-8
cache-control: public,max-age=86400
accept-ranges: bytes
request-context: appId=cid-v1:593e4080-f032-4d00-a652-e17f01252a9d

GET
H2 200 sm.22.html Show response
static.addtoany.com/menu/ Frame 3334 278 B
327 B 50ms
39ms Document
text/html 2606:4700:10::ac43:2794
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.addtoany.com/menu/sm.22.html

Requested by

Host: nets4.com
URL: https://nets4.com/assets/js/sharebutton.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:2794 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4fef239ebd936e96f316dee1aca599952e7adaaba26fab72b45328871855ac4b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

age: 765135
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control: max-age=315360000, immutable
cf-cache-status: HIT
cf-ray: 6f7a15ac0c489bd1-FRA
content-encoding: br
content-type: text/html; charset=utf-8
date: Wed, 06 Apr 2022 11:11:46 GMT
etag: W/"116-5cd1487afaaea"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
last-modified: Tue, 28 Sep 2021 21:02:23 GMT
p3p: CP="ALL DSP COR CURa ADMa DEVa TAIa PSAa PSDa OUR IND UNI COM NAV INT"
server: cloudflare
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: Accept-Encoding
via: e3s
x-content-type-options: nosniff

GET
DATA 200
OK truncated
/ 34 B
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 1e85ec81b9800b4c443d39caca0d0926089a3ac201120db1ceb45b93789480b8

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Content-Type: image/gif

GET
H2 200 init Show response
api.purpleads.io/x/ 68 B
357 B 123ms
122ms Fetch
application/json 23.23.7.90
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://api.purpleads.io/x/init?ts=1649243505597
Requested by: Host: cdn.purpleads.io
URL: https://cdn.purpleads.io/agent.js?publisherId=344ad2e45bc351c4ada152793585a015:8aed5d81ec539e8e6c45776fc6ee38d0aa92f5aeb356bf9114996f6476591916247996f56f76a9fe14770cd4806b54edb29d6938615ba1769d3b435fb1fcd83b
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 23.23.7.90 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-23-23-7-90.compute-1.amazonaws.com
Software: /
Resource Hash: 587259314084a04755f0dfb2d0f0e9f07bdf03a575352e366e308d2e19cfc70a

Request headers

Accept-Language: de-DE,de;q=0.9
Authorization: Bearer 344ad2e45bc351c4ada152793585a015:8aed5d81ec539e8e6c45776fc6ee38d0aa92f5aeb356bf9114996f6476591916247996f56f76a9fe14770cd4806b54edb29d6938615ba1769d3b435fb1fcd83b
x-request-url: aHR0cHM6Ly9uZXRzNC5jb20vZG9tYWluL29ybmF0dXMucnU=
Accept: application/json
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36
Content-Type: application/json
x-purpleads-version: 2.1.3

Response headers

date: Wed, 06 Apr 2022 11:11:46 GMT
etag: W/"44-Pm5SJt3t2KI5gMvsRd3GV+dxT2U"
vary: Accept-Encoding
access-control-allow-methods: GET, PUT, POST, DELETE, HEAD, OPTIONS
content-type: application/json; charset=utf-8
access-control-allow-origin: https://nets4.com
access-control-allow-credentials: true
content-length: 68
x-request-id: c1066dbe-ceb8-40ba-bd75-b180044cef05

GET
H3 200 marker-icon.png
cdnjs.cloudflare.com/ajax/libs/leaflet/1.7.1/images/ 1 KB
2 KB 13ms
13ms Image
image/png 2606:4700::6811:190e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdnjs.cloudflare.com/ajax/libs/leaflet/1.7.1/images/marker-icon.png

Requested by

Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/leaflet/1.7.1/leaflet.min.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6811:190e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

574c3a5cca85f4114085b6841596d62f00d7c892c7b03f28cbfa301deb1dc437

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://cdnjs.cloudflare.com/ajax/libs/leaflet/1.7.1/leaflet.min.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Wed, 06 Apr 2022 11:11:46 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 3200700
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 1470
timing-allow-origin: *
last-modified: Thu, 03 Sep 2020 12:27:01 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5f50e115-5ba"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15780000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qfT82fQHsSWd8RezTpaOZhnUlYIroo0mUqbj1BAS3npQADlEeJRqJsDjVrnmV4i3Je4Ge6ryfXBbkyblTvHog%2BZ7YTjChe1WTHfqFzjAKOkwyQZh%2BQU4NxBQKhhrlXY9QKd%2Fzr6%2BT%2BOfvQVss5uJYxSW"}],"group":"cf-nel","max_age":604800}
content-type: image/png; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=30672000
accept-ranges: bytes
cf-ray: 6f7a15aa497f6946-FRA
expires: Mon, 27 Mar 2023 11:11:46 GMT

GET
H2 200 2.png
a.tile.openstreetmap.org/3/4/ 15 KB
15 KB 273ms
7ms Image
image/png 2a04:4e42:400::649
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://a.tile.openstreetmap.org/3/4/2.png

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:400::649 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Apache/2.4.41 (Ubuntu) /

Resource Hash

f3f30f98fb696b7b54369ba11203f339b26a75ad472f9b663afa2a33b9dab9ad

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 varnish
etag: "968b1e2e3870d6474d65043ba92dfc8d"
age: 141110
x-cache: HIT
x-cache-hits: 2872
content-length: 14955
x-served-by: cache-hhn4061-HHN
server: Apache/2.4.41 (Ubuntu)
x-timer: S1649243507.565208,VS0,VE0
date: Wed, 06 Apr 2022 11:11:46 GMT
expect-ct: max-age=0
content-type: image/png
access-control-allow-origin: *
x-tilerender: odin.openstreetmap.org
cache-control: max-age=162464, stale-while-revalidate=604800, stale-if-error=604800
accept-ranges: bytes
expires: Wed, 06 Apr 2022 17:07:40 GMT

GET
H2 200 2.png
b.tile.openstreetmap.org/3/5/ 6 KB
6 KB 271ms
7ms Image
image/png 2a04:4e42:400::649
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.tile.openstreetmap.org/3/5/2.png

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:400::649 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Apache/2.4.41 (Ubuntu) /

Resource Hash

f4073adb41241b4c3c306e68f84ce76d36c2ce59ff6c4e2e10bcacec6793296e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 varnish
etag: "954ac017a60bb7ea59dd8f349f98d4a0"
age: 46879
x-cache: HIT
x-cache-hits: 523
content-length: 5851
x-served-by: cache-hhn4050-HHN
server: Apache/2.4.41 (Ubuntu)
x-timer: S1649243507.564219,VS0,VE0
date: Wed, 06 Apr 2022 11:11:46 GMT
expect-ct: max-age=0
content-type: image/png
access-control-allow-origin: *
x-tilerender: nidhogg.openstreetmap.org
cache-control: max-age=333455, stale-while-revalidate=604800, stale-if-error=604800
accept-ranges: bytes
expires: Mon, 21 Mar 2022 20:05:39 GMT

GET
H2 200 3.png
b.tile.openstreetmap.org/3/4/ 13 KB
13 KB 272ms
7ms Image
image/png 2a04:4e42:400::649
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.tile.openstreetmap.org/3/4/3.png

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:400::649 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Apache/2.4.41 (Ubuntu) /

Resource Hash

1475e0a2e33aae77763234c10544414357996b7223e2e8869d219fbeff78f700

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 varnish
etag: "49707ed2370465d4aa132d7c25c2d9e7"
age: 72726
x-cache: HIT
x-cache-hits: 2
content-length: 13197
x-served-by: cache-hhn4050-HHN
server: Apache/2.4.41 (Ubuntu)
x-timer: S1649243507.564335,VS0,VE0
date: Wed, 06 Apr 2022 11:11:46 GMT
expect-ct: max-age=0
content-type: image/png
access-control-allow-origin: *
x-tilerender: odin.openstreetmap.org
cache-control: max-age=166005, stale-while-revalidate=604800, stale-if-error=604800
accept-ranges: bytes
expires: Thu, 07 Apr 2022 13:06:25 GMT

GET
H2 200 3.png
c.tile.openstreetmap.org/3/5/ 9 KB
9 KB 270ms
7ms Image
image/png 2a04:4e42:400::649
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://c.tile.openstreetmap.org/3/5/3.png

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:400::649 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Apache/2.4.41 (Ubuntu) /

Resource Hash

0b2c9b60c8382e0008dff754724cdaf620d7b7cc18908b6de3f9d69eaceb3f19

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 varnish
etag: "55a3d8bc458425e9ce9ab6586bbd0656"
fastly-original-body-size: 9322
age: 146799
x-cache: HIT
content-length: 9322
x-served-by: cache-hhn4069-HHN
server: Apache/2.4.41 (Ubuntu)
x-timer: S1649243507.563813,VS0,VE0
date: Wed, 06 Apr 2022 11:11:46 GMT
expect-ct: max-age=0
content-type: image/png
access-control-allow-origin: *
x-tilerender: odin.openstreetmap.org
expires: Wed, 06 Apr 2022 12:28:49 GMT
cache-control: max-age=151422, stale-while-revalidate=604800, stale-if-error=604800
accept-ranges: bytes
x-cache-hits: 2587

GET
H2 200 2.png
c.tile.openstreetmap.org/3/3/ 5 KB
5 KB 270ms
7ms Image
image/png 2a04:4e42:400::649
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://c.tile.openstreetmap.org/3/3/2.png

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:400::649 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Apache/2.4.41 (Ubuntu) /

Resource Hash

bbbd0d76b4eb1b3faa278c9737e75817c677a64e1651881d2f1686e26fe27279

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 varnish
etag: "d474ef03da03270ab2ceda090aa9bc1d"
age: 154364
x-cache: HIT
x-cache-hits: 4053
content-length: 4828
x-served-by: cache-hhn4069-HHN
server: Apache/2.4.41 (Ubuntu)
x-timer: S1649243507.563876,VS0,VE0
date: Wed, 06 Apr 2022 11:11:46 GMT
expect-ct: max-age=0
content-type: image/png
access-control-allow-origin: *
x-tilerender: odin.openstreetmap.org
cache-control: max-age=104211, stale-while-revalidate=604800, stale-if-error=604800
accept-ranges: bytes
expires: Sun, 03 Apr 2022 03:45:06 GMT

GET
H2 200 2.png
c.tile.openstreetmap.org/3/6/ 6 KB
6 KB 270ms
7ms Image
image/png 2a04:4e42:400::649
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://c.tile.openstreetmap.org/3/6/2.png

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:400::649 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Apache/2.4.41 (Ubuntu) /

Resource Hash

b79a19ec1a1788fc55c0c46f51480e21ebef1cb08abcd89d995ae88c0aee67b9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 varnish
etag: "8e043694376739c6ebad695aa89bf245"
age: 12105
x-cache: HIT
x-cache-hits: 175
content-length: 5901
x-served-by: cache-hhn4069-HHN
server: Apache/2.4.41 (Ubuntu)
x-timer: S1649243507.564013,VS0,VE0
date: Wed, 06 Apr 2022 11:11:46 GMT
expect-ct: max-age=0
content-type: image/png
access-control-allow-origin: *
x-tilerender: odin.openstreetmap.org
cache-control: max-age=92964, stale-while-revalidate=604800, stale-if-error=604800
accept-ranges: bytes
expires: Sat, 02 Apr 2022 04:33:50 GMT

GET
H2 200 3.png
a.tile.openstreetmap.org/3/3/ 5 KB
5 KB 271ms
7ms Image
image/png 2a04:4e42:400::649
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://a.tile.openstreetmap.org/3/3/3.png

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:400::649 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Apache/2.4.41 (Ubuntu) /

Resource Hash

2b3152a59a1a3eef47ef93f33e672b3638284172ebca34d0f4d9bf27732d9779

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 varnish
etag: "ac676cd0a4c7abef460aa6ff165e7d88"
fastly-original-body-size: 4835
age: 128248
x-cache: HIT
content-length: 4835
x-served-by: cache-hhn4061-HHN
server: Apache/2.4.41 (Ubuntu)
x-timer: S1649243507.565328,VS0,VE0
date: Wed, 06 Apr 2022 11:11:46 GMT
expect-ct: max-age=0
content-type: image/png
access-control-allow-origin: *
x-tilerender: odin.openstreetmap.org
expires: Wed, 06 Apr 2022 20:21:19 GMT
cache-control: max-age=161221, stale-while-revalidate=604800, stale-if-error=604800
accept-ranges: bytes
x-cache-hits: 2469

GET
H2 200 3.png
a.tile.openstreetmap.org/3/6/ 11 KB
11 KB 271ms
7ms Image
image/png 2a04:4e42:400::649
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://a.tile.openstreetmap.org/3/6/3.png

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:400::649 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Apache/2.4.41 (Ubuntu) /

Resource Hash

86da3c1df1dce7393141008d26503c0e4980928c7274786fafeb84aa2d3fecec

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 varnish
etag: "3211bba2eb87a1334c768334b7281328"
fastly-original-body-size: 10806
age: 45374
x-cache: HIT
content-length: 10806
x-served-by: cache-hhn4061-HHN
server: Apache/2.4.41 (Ubuntu)
x-timer: S1649243507.565374,VS0,VE0
date: Wed, 06 Apr 2022 11:11:46 GMT
expect-ct: max-age=0
content-type: image/png
access-control-allow-origin: *
x-tilerender: odin.openstreetmap.org
expires: Thu, 07 Apr 2022 23:15:29 GMT
cache-control: max-age=175197, stale-while-revalidate=604800, stale-if-error=604800
accept-ranges: bytes
x-cache-hits: 350

GET
H3 200 marker-shadow.png
cdnjs.cloudflare.com/ajax/libs/leaflet/1.7.1/images/ 618 B
1 KB 13ms
12ms Image
image/png 2606:4700::6811:190e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdnjs.cloudflare.com/ajax/libs/leaflet/1.7.1/images/marker-shadow.png

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6811:190e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

264f5c640339f042dd729062cfc04c17f8ea0f29882b538e3848ed8f10edb4da

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Wed, 06 Apr 2022 11:11:46 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 3064756
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 622
timing-allow-origin: *
last-modified: Thu, 03 Sep 2020 12:27:01 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5f50e115-26a"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15780000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=v%2FLBT4CH%2FHUD0mADr1f76V5KI4EWPGOYT60bJm6YOVRIx26UeY6gI8rVxbI6r9q%2B4Ez3ZaXZZ3y%2BklZBmKbOgkpdpAGMpJYJinuvYzFME8Q4e8RlJq7f9IRW%2FpPNTeQkyu0whRrpKncqjQfSjLcPsXHv"}],"group":"cf-nel","max_age":604800}
content-type: image/png; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=30672000
accept-ranges: bytes
cf-ray: 6f7a15aa69a56946-FRA
expires: Mon, 27 Mar 2023 11:11:46 GMT

GET
H2

200

c.gif
c.clarity.ms/
Redirect Chain

https://c.clarity.ms/c.gif
https://c.bing.com/c.gif?CtsSyncId=12809CB917BA4EF3B72EEBA198CFAA6E&RedC=c.clarity.ms&MXFR=05F59026A28F68152E008158A68F660A
https://c.clarity.ms/c.gif?CtsSyncId=12809CB917BA4EF3B72EEBA198CFAA6E&MUID=3E5B7A5264856DC928A76B2C65EE6C5B

42 B
369 B

28ms
28ms

Image
image/gif

52.142.114.2
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://c.clarity.ms/c.gif?CtsSyncId=12809CB917BA4EF3B72EEBA198CFAA6E&MUID=3E5B7A5264856DC928A76B2C65EE6C5B
Protocol: H2
Server: 52.142.114.2 Dublin, Ireland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: 99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 06 Apr 2022 11:11:46 GMT
last-modified: Fri, 18 Mar 2022 19:39:54 GMT
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET
etag: "8120eaf0ff3ad81:0"
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
cache-control: private, no-cache, proxy-revalidate, no-store
accept-ranges: bytes
content-type: image/gif
content-length: 42

Redirect headers

pragma: no-cache
date: Wed, 06 Apr 2022 11:11:46 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 4971A92E680C480AA7FB4FAABC271BBB Ref B: FRAEDGE1421 Ref C: 2022-04-06T11:11:46Z
x-powered-by: ASP.NET
x-cache: CONFIG_NOCACHE
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
location: https://c.clarity.ms/c.gif?CtsSyncId=12809CB917BA4EF3B72EEBA198CFAA6E&MUID=3E5B7A5264856DC928A76B2C65EE6C5B
cache-control: private, no-cache, proxy-revalidate, no-store
content-length: 0

GET
H2 200 icons.29.svg.js Show response
static.addtoany.com/menu/svg/ 78 KB
33 KB 116ms
35ms Script
application/javascript 2606:4700:10::ac43:2794
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.addtoany.com/menu/svg/icons.29.svg.js

Requested by

Host: nets4.com
URL: https://nets4.com/assets/js/sharebutton.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:2794 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e30f848c353b8ab801c18d2109527cb32a27f145262dccb3cd4db9f309cc53bb

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Wed, 06 Apr 2022 11:11:46 GMT
via: e1s
x-content-type-options: nosniff
cf-cache-status: HIT
age: 3184264
p3p: CP="ALL DSP COR CURa ADMa DEVa TAIa PSAa PSDa OUR IND UNI COM NAV INT"
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Mon, 31 Dec 2018 23:29:11 GMT
server: cloudflare
etag: W/"13937-57e59c7b88bd6"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
vary: Accept-Encoding
cache-control: max-age=315360000, immutable
cf-ray: 6f7a15ac0c4d9bd1-FRA
cf-bgj: minify

GET
H2 200 recaptcha__de.js Show response
www.gstatic.com/recaptcha/releases/gZWLhEUEJFxEhoT5hpjn2xHK/ 362 KB
144 KB 186ms
58ms Script
text/javascript 2a00:1450:4001:813::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/gZWLhEUEJFxEhoT5hpjn2xHK/recaptcha__de.js

Requested by

Host: www.google.com
URL: https://www.google.com/recaptcha/api.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

dff2681d8f5f16b61b464b599d7c62f61efe496b54a77044145495bc8cad36d0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://nets4.com/
Origin: https://nets4.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Wed, 06 Apr 2022 10:37:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 2061
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 146406
x-xss-protection: 0
last-modified: Mon, 28 Mar 2022 04:22:14 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
vary: Accept-Encoding
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 06 Apr 2023 10:37:25 GMT

POST
H2 200 rum Show response
cloudflareinsights.com/cdn-cgi/ 0
77 B 49ms
48ms XHR
text/plain 2606:4700:440e::6812:2fe6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cloudflareinsights.com/cdn-cgi/rum

Requested by

Host: static.cloudflareinsights.com
URL: https://static.cloudflareinsights.com/beacon.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:440e::6812:2fe6 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://nets4.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36
content-type: application/json

Response headers

date: Wed, 06 Apr 2022 11:11:46 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cloudflare
x-frame-options: DENY
access-control-allow-methods: POST,OPTIONS
content-type: text/plain
access-control-allow-origin: https://nets4.com
access-control-max-age: 86400
access-control-allow-credentials: true
cf-ray: 6f7a15ac29179956-FRA
vary: Origin

POST
H2 204 collect Show response
i.clarity.ms/ 0
88 B 95ms
95ms XHR
text/plain 52.167.85.21
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://i.clarity.ms/collect
Requested by: Host: i.clarity.ms
URL: https://i.clarity.ms/s/0.6.34/clarity.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 52.167.85.21 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: application/x-clarity-gzip
Referer: https://nets4.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

access-control-allow-origin: https://nets4.com
date: Wed, 06 Apr 2022 11:11:46 GMT
access-control-allow-credentials: true
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET
request-context: appId=cid-v1:593e4080-f032-4d00-a652-e17f01252a9d

POST
H2 204 collect Show response
i.clarity.ms/ 0
25 B 200ms
199ms XHR
text/plain 52.167.85.21
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://i.clarity.ms/collect
Requested by: Host: i.clarity.ms
URL: https://i.clarity.ms/s/0.6.34/clarity.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 52.167.85.21 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: application/x-clarity-gzip
Referer: https://nets4.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

access-control-allow-origin: https://nets4.com
date: Wed, 06 Apr 2022 11:11:46 GMT
access-control-allow-credentials: true
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET
request-context: appId=cid-v1:593e4080-f032-4d00-a652-e17f01252a9d

GET
H2 200 / Show response
api.purpleads.io/x/b/ 12 KB
3 KB 230ms
229ms Fetch
application/json 23.23.7.90
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://api.purpleads.io/x/b/?idx=0&pid=e5531c08d9494b1cb884d10940416261&sizes=[[728,90],[468,60],[200,200],[320,100],[320,50],[300,100]]&slotid=39059ad9-eabc-4e6e-bc32-04ddb2307726&ts=1649243505812
Requested by: Host: cdn.purpleads.io
URL: https://cdn.purpleads.io/agent.js?publisherId=344ad2e45bc351c4ada152793585a015:8aed5d81ec539e8e6c45776fc6ee38d0aa92f5aeb356bf9114996f6476591916247996f56f76a9fe14770cd4806b54edb29d6938615ba1769d3b435fb1fcd83b
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 23.23.7.90 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-23-23-7-90.compute-1.amazonaws.com
Software: /
Resource Hash: 89507290fc857e541bb690c370096afce43424a5a9aca6c5c4c8be26d1232970

Request headers

Accept-Language: de-DE,de;q=0.9
Authorization: Bearer 344ad2e45bc351c4ada152793585a015:8aed5d81ec539e8e6c45776fc6ee38d0aa92f5aeb356bf9114996f6476591916247996f56f76a9fe14770cd4806b54edb29d6938615ba1769d3b435fb1fcd83b
x-request-url: aHR0cHM6Ly9uZXRzNC5jb20vZG9tYWluL29ybmF0dXMucnU=
Accept: application/json
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36
Content-Type: application/json
x-purpleads-version: 2.1.3

Response headers

date: Wed, 06 Apr 2022 11:11:46 GMT
content-encoding: gzip
etag: W/"3063-ItzPSSUzLXimYoo0x1OZDYPmtrA"
vary: Accept-Encoding
access-control-allow-methods: GET, PUT, POST, DELETE, HEAD, OPTIONS
content-type: application/json; charset=utf-8
access-control-allow-origin: https://nets4.com
access-control-allow-credentials: true
x-request-id: b0c2e3ce-6a35-44ec-867e-2ba3b3bdb852

GET
H2 200 / Show response
api.purpleads.io/x/b/ 6 KB
2 KB 245ms
244ms Fetch
application/json 23.23.7.90
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://api.purpleads.io/x/b/?idx=1&pid=e5531c08d9494b1cb884d10940416261&sizes=[[728,90],[468,60],[200,200],[320,100],[320,50],[300,100]]&slotid=b249b6ed-1363-48e3-97ec-db03d94631e5&ts=1649243505812
Requested by: Host: cdn.purpleads.io
URL: https://cdn.purpleads.io/agent.js?publisherId=344ad2e45bc351c4ada152793585a015:8aed5d81ec539e8e6c45776fc6ee38d0aa92f5aeb356bf9114996f6476591916247996f56f76a9fe14770cd4806b54edb29d6938615ba1769d3b435fb1fcd83b
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 23.23.7.90 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-23-23-7-90.compute-1.amazonaws.com
Software: /
Resource Hash: 320745faf87da68643f10c633f265988291fce9163c7bf448f9bd9f88bfade27

Request headers

Accept-Language: de-DE,de;q=0.9
Authorization: Bearer 344ad2e45bc351c4ada152793585a015:8aed5d81ec539e8e6c45776fc6ee38d0aa92f5aeb356bf9114996f6476591916247996f56f76a9fe14770cd4806b54edb29d6938615ba1769d3b435fb1fcd83b
x-request-url: aHR0cHM6Ly9uZXRzNC5jb20vZG9tYWluL29ybmF0dXMucnU=
Accept: application/json
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36
Content-Type: application/json
x-purpleads-version: 2.1.3

Response headers

date: Wed, 06 Apr 2022 11:11:46 GMT
content-encoding: gzip
etag: W/"1730-OP0qtzUZ56lYbOb/KEIPXWu6l7M"
vary: Accept-Encoding
access-control-allow-methods: GET, PUT, POST, DELETE, HEAD, OPTIONS
content-type: application/json; charset=utf-8
access-control-allow-origin: https://nets4.com
access-control-allow-credentials: true
x-request-id: 0c7a457f-44cd-4b31-9b48-5b373a3ade0e

GET
H2 200 / Show response
api.purpleads.io/x/b/ 6 KB
2 KB 270ms
270ms Fetch
application/json 23.23.7.90
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://api.purpleads.io/x/b/?idx=2&pid=e5531c08d9494b1cb884d10940416261&sizes=[[728,90],[468,60],[200,200],[320,100],[320,50],[300,100]]&slotid=e3746b45-25d0-4e6a-89ba-6577c1e9188c&ts=1649243505812
Requested by: Host: cdn.purpleads.io
URL: https://cdn.purpleads.io/agent.js?publisherId=344ad2e45bc351c4ada152793585a015:8aed5d81ec539e8e6c45776fc6ee38d0aa92f5aeb356bf9114996f6476591916247996f56f76a9fe14770cd4806b54edb29d6938615ba1769d3b435fb1fcd83b
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 23.23.7.90 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-23-23-7-90.compute-1.amazonaws.com
Software: /
Resource Hash: 10ffd3ea4639f3a477eafbba53bf08c9aa464623a5414f7ec6845090eb1a898f

Request headers

Accept-Language: de-DE,de;q=0.9
Authorization: Bearer 344ad2e45bc351c4ada152793585a015:8aed5d81ec539e8e6c45776fc6ee38d0aa92f5aeb356bf9114996f6476591916247996f56f76a9fe14770cd4806b54edb29d6938615ba1769d3b435fb1fcd83b
x-request-url: aHR0cHM6Ly9uZXRzNC5jb20vZG9tYWluL29ybmF0dXMucnU=
Accept: application/json
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36
Content-Type: application/json
x-purpleads-version: 2.1.3

Response headers

date: Wed, 06 Apr 2022 11:11:46 GMT
content-encoding: gzip
etag: W/"1730-OJQvNAo/afzESAH+tV+Ce7hCWVI"
vary: Accept-Encoding
access-control-allow-methods: GET, PUT, POST, DELETE, HEAD, OPTIONS
content-type: application/json; charset=utf-8
access-control-allow-origin: https://nets4.com
access-control-allow-credentials: true
x-request-id: 898b257e-2f14-447b-9ac4-073efc4ac647

GET
H2 200 / Show response
api.purpleads.io/x/b/ 6 KB
2 KB 168ms
168ms Fetch
application/json 23.23.7.90
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://api.purpleads.io/x/b/?idx=3&pid=e5531c08d9494b1cb884d10940416261&sizes=[[728,90],[468,60],[200,200],[320,100],[320,50],[300,100]]&slotid=6406237e-cb1e-4894-9696-5497ac4309c6&ts=1649243505813
Requested by: Host: cdn.purpleads.io
URL: https://cdn.purpleads.io/agent.js?publisherId=344ad2e45bc351c4ada152793585a015:8aed5d81ec539e8e6c45776fc6ee38d0aa92f5aeb356bf9114996f6476591916247996f56f76a9fe14770cd4806b54edb29d6938615ba1769d3b435fb1fcd83b
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 23.23.7.90 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-23-23-7-90.compute-1.amazonaws.com
Software: /
Resource Hash: 26c7426e89318f3467f80ab4d4b765569689298ac9f1f4ffa7e1420db10acff4

Request headers

Accept-Language: de-DE,de;q=0.9
Authorization: Bearer 344ad2e45bc351c4ada152793585a015:8aed5d81ec539e8e6c45776fc6ee38d0aa92f5aeb356bf9114996f6476591916247996f56f76a9fe14770cd4806b54edb29d6938615ba1769d3b435fb1fcd83b
x-request-url: aHR0cHM6Ly9uZXRzNC5jb20vZG9tYWluL29ybmF0dXMucnU=
Accept: application/json
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36
Content-Type: application/json
x-purpleads-version: 2.1.3

Response headers

date: Wed, 06 Apr 2022 11:11:46 GMT
content-encoding: gzip
etag: W/"1730-C1rSTGUDvTtnDEQuLzZFbqTSa6s"
vary: Accept-Encoding
access-control-allow-methods: GET, PUT, POST, DELETE, HEAD, OPTIONS
content-type: application/json; charset=utf-8
access-control-allow-origin: https://nets4.com
access-control-allow-credentials: true
x-request-id: 83edb3df-0046-4d95-9e31-ecd56bc04edf

GET
H2 200 / Show response
api.purpleads.io/x/b/ 6 KB
2 KB 326ms
325ms Fetch
application/json 23.23.7.90
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://api.purpleads.io/x/b/?idx=4&pid=e5531c08d9494b1cb884d10940416261&sizes=[[160,600],[120,600],[200,200],[250,250]]&slotid=06e858da-91bd-4751-9da5-a87b35998492&ts=1649243505813
Requested by: Host: cdn.purpleads.io
URL: https://cdn.purpleads.io/agent.js?publisherId=344ad2e45bc351c4ada152793585a015:8aed5d81ec539e8e6c45776fc6ee38d0aa92f5aeb356bf9114996f6476591916247996f56f76a9fe14770cd4806b54edb29d6938615ba1769d3b435fb1fcd83b
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 23.23.7.90 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-23-23-7-90.compute-1.amazonaws.com
Software: /
Resource Hash: bf4130221b52940cd13bbac1be2e2fc863aa4f16626be404724f0598c3c50681

Request headers

Accept-Language: de-DE,de;q=0.9
Authorization: Bearer 344ad2e45bc351c4ada152793585a015:8aed5d81ec539e8e6c45776fc6ee38d0aa92f5aeb356bf9114996f6476591916247996f56f76a9fe14770cd4806b54edb29d6938615ba1769d3b435fb1fcd83b
x-request-url: aHR0cHM6Ly9uZXRzNC5jb20vZG9tYWluL29ybmF0dXMucnU=
Accept: application/json
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36
Content-Type: application/json
x-purpleads-version: 2.1.3

Response headers

date: Wed, 06 Apr 2022 11:11:46 GMT
content-encoding: gzip
etag: W/"171f-qPUGvd8oAQotVFd2t2O/j7gw6Sc"
vary: Accept-Encoding
access-control-allow-methods: GET, PUT, POST, DELETE, HEAD, OPTIONS
content-type: application/json; charset=utf-8
access-control-allow-origin: https://nets4.com
access-control-allow-credentials: true
x-request-id: 11c70bcf-6e92-4b30-9e34-7e0e9f2aaa64

OPTIONS
H2 200 init
api.purpleads.io/x/ Frame 0
0 123ms
122ms Preflight 23.23.7.90
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://api.purpleads.io/x/init?ts=1649243505597
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 23.23.7.90 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-23-23-7-90.compute-1.amazonaws.com
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: authorization,content-type,x-purpleads-version,x-request-url
Access-Control-Request-Method: GET
Origin: https://nets4.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: authorization,content-type,x-purpleads-version,x-request-url
access-control-allow-methods: GET, PUT, POST, DELETE, HEAD, OPTIONS
access-control-allow-origin: https://nets4.com
date: Wed, 06 Apr 2022 11:11:46 GMT
x-request-id: 5956225c-8a8d-4936-ab01-696d1fd62e09

OPTIONS
H2 200 rum
cloudflareinsights.com/cdn-cgi/ Frame 0
0 271ms
17ms Preflight
text/plain 2606:4700:440e::6812:2fe6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cloudflareinsights.com/cdn-cgi/rum

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:440e::6812:2fe6 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://nets4.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Content-Type
access-control-allow-methods: POST,OPTIONS
access-control-allow-origin: https://nets4.com
access-control-max-age: 86400
cf-ray: 6f7a15ac08d79956-FRA
content-encoding: gzip
content-type: text/plain
date: Wed, 06 Apr 2022 11:11:46 GMT
server: cloudflare
vary: Origin
x-content-type-options: nosniff
x-frame-options: DENY

OPTIONS
H2 200 /
api.purpleads.io/x/b/ Frame 0
0 101ms
101ms Preflight 23.23.7.90
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://api.purpleads.io/x/b/?idx=0&pid=e5531c08d9494b1cb884d10940416261&sizes=[[728,90],[468,60],[200,200],[320,100],[320,50],[300,100]]&slotid=39059ad9-eabc-4e6e-bc32-04ddb2307726&ts=1649243505812
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 23.23.7.90 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-23-23-7-90.compute-1.amazonaws.com
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: authorization,content-type,x-purpleads-version,x-request-url
Access-Control-Request-Method: GET
Origin: https://nets4.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: authorization,content-type,x-purpleads-version,x-request-url
access-control-allow-methods: GET, PUT, POST, DELETE, HEAD, OPTIONS
access-control-allow-origin: https://nets4.com
date: Wed, 06 Apr 2022 11:11:46 GMT
x-request-id: 9b182a3f-99de-412a-8b02-0ef0c72371cb

OPTIONS
H2 200 /
api.purpleads.io/x/b/ Frame 0
0 98ms
98ms Preflight 23.23.7.90
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://api.purpleads.io/x/b/?idx=1&pid=e5531c08d9494b1cb884d10940416261&sizes=[[728,90],[468,60],[200,200],[320,100],[320,50],[300,100]]&slotid=b249b6ed-1363-48e3-97ec-db03d94631e5&ts=1649243505812
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 23.23.7.90 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-23-23-7-90.compute-1.amazonaws.com
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: authorization,content-type,x-purpleads-version,x-request-url
Access-Control-Request-Method: GET
Origin: https://nets4.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: authorization,content-type,x-purpleads-version,x-request-url
access-control-allow-methods: GET, PUT, POST, DELETE, HEAD, OPTIONS
access-control-allow-origin: https://nets4.com
date: Wed, 06 Apr 2022 11:11:46 GMT
x-request-id: 4bb80578-7d10-463d-a32e-463fe6f3277d

OPTIONS
H2 200 /
api.purpleads.io/x/b/ Frame 0
0 99ms
98ms Preflight 23.23.7.90
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://api.purpleads.io/x/b/?idx=2&pid=e5531c08d9494b1cb884d10940416261&sizes=[[728,90],[468,60],[200,200],[320,100],[320,50],[300,100]]&slotid=e3746b45-25d0-4e6a-89ba-6577c1e9188c&ts=1649243505812
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 23.23.7.90 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-23-23-7-90.compute-1.amazonaws.com
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: authorization,content-type,x-purpleads-version,x-request-url
Access-Control-Request-Method: GET
Origin: https://nets4.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: authorization,content-type,x-purpleads-version,x-request-url
access-control-allow-methods: GET, PUT, POST, DELETE, HEAD, OPTIONS
access-control-allow-origin: https://nets4.com
date: Wed, 06 Apr 2022 11:11:46 GMT
x-request-id: f006822a-144c-47f0-9263-256d69a07d24

OPTIONS
H2 200 /
api.purpleads.io/x/b/ Frame 0
0 106ms
105ms Preflight 23.23.7.90
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://api.purpleads.io/x/b/?idx=3&pid=e5531c08d9494b1cb884d10940416261&sizes=[[728,90],[468,60],[200,200],[320,100],[320,50],[300,100]]&slotid=6406237e-cb1e-4894-9696-5497ac4309c6&ts=1649243505813
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 23.23.7.90 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-23-23-7-90.compute-1.amazonaws.com
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: authorization,content-type,x-purpleads-version,x-request-url
Access-Control-Request-Method: GET
Origin: https://nets4.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: authorization,content-type,x-purpleads-version,x-request-url
access-control-allow-methods: GET, PUT, POST, DELETE, HEAD, OPTIONS
access-control-allow-origin: https://nets4.com
date: Wed, 06 Apr 2022 11:11:46 GMT
x-request-id: ff374c9d-465d-4c41-a653-410463a03843

OPTIONS
H2 200 /
api.purpleads.io/x/b/ Frame 0
0 98ms
97ms Preflight 23.23.7.90
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://api.purpleads.io/x/b/?idx=4&pid=e5531c08d9494b1cb884d10940416261&sizes=[[160,600],[120,600],[200,200],[250,250]]&slotid=06e858da-91bd-4751-9da5-a87b35998492&ts=1649243505813
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 23.23.7.90 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-23-23-7-90.compute-1.amazonaws.com
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: authorization,content-type,x-purpleads-version,x-request-url
Access-Control-Request-Method: GET
Origin: https://nets4.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: authorization,content-type,x-purpleads-version,x-request-url
access-control-allow-methods: GET, PUT, POST, DELETE, HEAD, OPTIONS
access-control-allow-origin: https://nets4.com
date: Wed, 06 Apr 2022 11:11:46 GMT
x-request-id: e105ee72-f25b-4f9e-aac2-86963d502ac1

GET
H3 200 pica.js
nets4.com/cdn-cgi/challenge-platform/h/b/scripts/ 20 KB
7 KB 35ms
33ms Other
text/javascript 2a06:98c1:3121::7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://nets4.com/cdn-cgi/challenge-platform/h/b/scripts/pica.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a06:98c1:3121::7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2d33a89869cac41936e1e97087b4e5539b1c9990f77b91d24f90d108034a7db1

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/domain/ornatus.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Wed, 06 Apr 2022 11:11:46 GMT
content-encoding: br
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GiP%2Fky74IHV3AwY8UOVHzJJxKNw3f8hASyzHvbgQwABGni%2B45ipEqEur6KSa%2BdGxvzf4K1nTk%2F5mDlexA5pjQVN35g00p3%2BZ2aTHtHQ%2FNfmD7Nwtd41up5ZplwcXwBlDCXGCwyTBQDo%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/javascript
cache-control: max-age=604800, public
x-control-type-options: nosniff
cf-ray: 6f7a15ac09119be9-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ Frame 5DD7 82 KB
28 KB 124ms
42ms Script
text/javascript 142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: cdn.purpleads.io
URL: https://cdn.purpleads.io/agent.js?publisherId=344ad2e45bc351c4ada152793585a015:8aed5d81ec539e8e6c45776fc6ee38d0aa92f5aeb356bf9114996f6476591916247996f56f76a9fe14770cd4806b54edb29d6938615ba1769d3b435fb1fcd83b

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

sffe /

Resource Hash

5cab1a7dec602bb81ebd24664ecd0b0d3e2ca0940ba5324b7a191dfc079610ad

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Wed, 06 Apr 2022 11:11:46 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 28230
x-xss-protection: 0
server: sffe
etag: "1179 / 859 of 1000 / last-modified: 1649196481"
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Wed, 06 Apr 2022 11:11:46 GMT

GET
H2 200 aHR0cDovL2NsLmltZ2hvc3RzLmNvbS9pbWdoL2ltYWdlL2ZldGNoL2FyXzE2OjksY19maWxsLGVfc2hhcnBlbjoxMDAsZl9qcGcsZ19mYWNlczphdXRvLHdfMTAyMC9odHRwOi8vaW1naG9zdHMuY29tL3QvMjAyMS0wOC8xMDE5MjQvZTBkYzJhZWNiOWFlOWMxY...
s-img.mgid.com/g/10839610/492x277/-/ Frame 87A7 33 KB
34 KB 73ms
26ms Image
image/webp 104.19.135.78
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s-img.mgid.com/g/10839610/492x277/-/aHR0cDovL2NsLmltZ2hvc3RzLmNvbS9pbWdoL2ltYWdlL2ZldGNoL2FyXzE2OjksY19maWxsLGVfc2hhcnBlbjoxMDAsZl9qcGcsZ19mYWNlczphdXRvLHdfMTAyMC9odHRwOi8vaW1naG9zdHMuY29tL3QvMjAyMS0wOC8xMDE5MjQvZTBkYzJhZWNiOWFlOWMxYTY0N2JiYTU5YjFiMTc4YjIuanBlZw.webp?v=1649243506-ym-V8GGpZKjSp68iKNx4L76zxSYFKGjD8YgfHIhQv6A
Requested by: Host: nets4.com
URL: https://nets4.com/domain/ornatus.ru
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.19.135.78 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5fefbf977a8d40467ac761025f18a0f2f39b28482b3d13d4a238ea3922896168

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Wed, 06 Apr 2022 11:11:46 GMT
cf-cache-status: HIT
last-modified: Thu, 11 Nov 2021 15:51:47 GMT
x-mg-request-uuid: 93b869a5-e33c-4ebc-8bc3-5ed5f4130c67
age: 181490
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/webp
access-control-allow-origin: *
cache-control: immutable, max-age=31536000
accept-ranges: bytes
cf-ray: 6f7a15ae1c1d690f-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 34016
server: cloudflare

GET
H2 200 i
api.purpleads.io/x/a/d9e8bb1e8e26a2e7b20c2b5272c1a739:7687b7d865e83212397f7c10fd54a3e15aded68044ccd20ecc2bb76db6bd5c1dfd4f83ad3a07e4e33bd01f4aab9ba2092fb01a430a6bb4920b9a1720d48ef80ef9e0b9a8e0fb03e... Frame 87A7 0
199 B 139ms
139ms Image
text/plain 23.23.7.90
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://api.purpleads.io/x/a/d9e8bb1e8e26a2e7b20c2b5272c1a739:7687b7d865e83212397f7c10fd54a3e15aded68044ccd20ecc2bb76db6bd5c1dfd4f83ad3a07e4e33bd01f4aab9ba2092fb01a430a6bb4920b9a1720d48ef80ef9e0b9a8e0fb03efbc8655b60ac41927b8f0a2de63dd9964b5a649620579302dabe60748a9f02877dd9b49b25818d4ba79b055b6a479eada8fccf8d62287d03273e3a555d0f0ec17302df45591ed88c9/i?id=b0c2e3ce-6a35-44ec-867e-2ba3b3bdb852
Requested by: Host: nets4.com
URL: https://nets4.com/domain/ornatus.ru
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 23.23.7.90 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-23-23-7-90.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

access-control-allow-origin: api.purpleads.io
date: Wed, 06 Apr 2022 11:11:46 GMT
access-control-allow-methods: GET, PUT, POST, DELETE, HEAD, OPTIONS
access-control-allow-credentials: true
x-request-id: 7b6e5a57-3847-458b-bd84-184edeaec4d5

GET
H3

200

aHR0cDovL2NsLmltZ2hvc3RzLmNvbS9pbWdoL2ltYWdlL2ZldGNoL2FyXzE6MSxjX2ZpbGwsZV9zaGFycGVuOjEwMCxmX2pwZyxnX2ZhY2VzOmF1dG8sd185NjAvaHR0cDovL2ltZ2hvc3RzLmNvbS90LzIwMjEtMDgvMTAxOTI0L2UwZGMyYWVjYjlhZTljMWE2N...
s-img.mgid.com/g/10839610/328x328/-/ Frame 87A7
Redirect Chain

https://c.mgid.com/c?pv=2&v=0|0|0|iipvUuSV0TwgKzIsS92rS1oPETljGBiJPwr6Ib5ALBZrL9_52jBkOV8IEvEsy0LF&cid=1221081&f=1&h2=CBvd3SiXK6CDlaashqQY2B-LAifAvcAwR1nWkedwnPI*&rid=592c297b-b59a-11ec-9f6c-e4434b...
https://s-img.mgid.com/g/10839610/328x328/-/aHR0cDovL2NsLmltZ2hvc3RzLmNvbS9pbWdoL2ltYWdlL2ZldGNoL2FyXzE6MSxjX2ZpbGwsZV9zaGFycGVuOjEwMCxmX2pwZyxnX2ZhY2VzOmF1dG8sd185NjAvaHR0cDovL2ltZ2hvc3RzLmNvbS90L...

24 KB
24 KB

44ms
26ms

Image
image/webp

104.19.135.78
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s-img.mgid.com/g/10839610/328x328/-/aHR0cDovL2NsLmltZ2hvc3RzLmNvbS9pbWdoL2ltYWdlL2ZldGNoL2FyXzE6MSxjX2ZpbGwsZV9zaGFycGVuOjEwMCxmX2pwZyxnX2ZhY2VzOmF1dG8sd185NjAvaHR0cDovL2ltZ2hvc3RzLmNvbS90LzIwMjEtMDgvMTAxOTI0L2UwZGMyYWVjYjlhZTljMWE2NDdiYmE1OWIxYjE3OGIyLmpwZWc.webp?v=1649243506-oKeq1-cOeJNBEODlGq5rzahG4ihMFJmI6UOcl6v8leg
Requested by: Host: nets4.com
URL: https://nets4.com/domain/ornatus.ru
Protocol: H3
Server: 104.19.135.78 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5de9370fd2e10b4780e3c82d6aa229929a10c475cd2b043410545aafd5646706

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Wed, 06 Apr 2022 11:11:47 GMT
cf-cache-status: HIT
last-modified: Thu, 11 Nov 2021 15:49:27 GMT
x-mg-request-uuid: b657381c-05e9-463e-9880-8242095999d7
age: 181355
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/webp
access-control-allow-origin: *
cache-control: immutable, max-age=31536000
accept-ranges: bytes
cf-ray: 6f7a15af6beb9b7a-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 24308
server: cloudflare

Redirect headers

date: Wed, 06 Apr 2022 11:11:47 GMT
cf-cache-status: DYNAMIC
x-mg-request-uuid: 5c712cac-f53c-4c65-9fe8-3055ba611f69
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
location: https://s-img.mgid.com/g/10839610/328x328/-/aHR0cDovL2NsLmltZ2hvc3RzLmNvbS9pbWdoL2ltYWdlL2ZldGNoL2FyXzE6MSxjX2ZpbGwsZV9zaGFycGVuOjEwMCxmX2pwZyxnX2ZhY2VzOmF1dG8sd185NjAvaHR0cDovL2ltZ2hvc3RzLmNvbS90LzIwMjEtMDgvMTAxOTI0L2UwZGMyYWVjYjlhZTljMWE2NDdiYmE1OWIxYjE3OGIyLmpwZWc.webp?v=1649243506-oKeq1-cOeJNBEODlGq5rzahG4ihMFJmI6UOcl6v8leg
cf-ray: 6f7a15ae1a119b8c-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 0
server: cloudflare

POST
H3 200 6f7a159d6d11696f Show response
nets4.com/cdn-cgi/challenge-platform/h/b/cv/result/ 2 B
684 B 38ms
38ms XHR
text/plain 2a06:98c1:3121::7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://nets4.com/cdn-cgi/challenge-platform/h/b/cv/result/6f7a159d6d11696f
Requested by: Host: nets4.com
URL: https://nets4.com/cdn-cgi/challenge-platform/h/b/scripts/invisible.js?ts=1649242800
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a06:98c1:3121::7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df

Request headers

Referer: https://nets4.com/domain/ornatus.ru
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36
Content-Type: application/json

Response headers

date: Wed, 06 Apr 2022 11:11:47 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 6f7a15af38999be9-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Y0ddgO2xDLN4hvSYsmrW%2F6KKlQsUHou1MEUwiaa0PRClcwr3Dow9NMxmuw41Mlhl2PeAt35tMecjWFAUMnlFQvaSYL8GXW8q8rqnq2aQPn4%2BYCF5Llma7sS4buqYk%2BU7LXCRoJL3ZDA%3D"}],"group":"cf-nel","max_age":604800}

GET
H3 200 anchor Show response
www.google.com/recaptcha/api2/ Frame AE4B 43 KB
22 KB 139ms
75ms Document
text/html 2a00:1450:4001:800::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LdBUMUZAAAAAK9sWAfAA-Kd5C0Y4AGlWbDlHXpD&co=aHR0cHM6Ly9uZXRzNC5jb206NDQz&hl=de&v=gZWLhEUEJFxEhoT5hpjn2xHK&size=normal&cb=syl7lx1wm190

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/gZWLhEUEJFxEhoT5hpjn2xHK/recaptcha__de.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

8317c7c6e472750c43071ebc9b3eb21bae4da754165b559d49e315d29e03e83f

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-M6Jzsmrm5s+DDCfaYvrgBg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: no-cache, no-store, max-age=0, must-revalidate
content-encoding: gzip
content-length: 22711
content-security-policy: script-src 'report-sample' 'nonce-M6Jzsmrm5s+DDCfaYvrgBg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Wed, 06 Apr 2022 11:11:47 GMT
expires: Mon, 01 Jan 1990 00:00:00 GMT
pragma: no-cache
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H3 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ Frame AB47 82 KB
28 KB 146ms
105ms Script
text/javascript 142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

sffe /

Resource Hash

85ed1de661855ab0d4c63f6f66c6c14397e178abff7a4edd412fc5a7e7954f46

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Wed, 06 Apr 2022 11:11:47 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 28341
x-xss-protection: 0
server: sffe
etag: "1179 / 211 of 1000 / last-modified: 1649196586"
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Wed, 06 Apr 2022 11:11:47 GMT

GET
H3 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ Frame 40D2 82 KB
28 KB 145ms
110ms Script
text/javascript 142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

sffe /

Resource Hash

5cab1a7dec602bb81ebd24664ecd0b0d3e2ca0940ba5324b7a191dfc079610ad

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Wed, 06 Apr 2022 11:11:47 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 28230
x-xss-protection: 0
server: sffe
etag: "1179 / 555 of 1000 / last-modified: 1649196481"
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Wed, 06 Apr 2022 11:11:47 GMT

GET
H3 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ Frame 8347 82 KB
28 KB 94ms
69ms Script
text/javascript 142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

sffe /

Resource Hash

5cab1a7dec602bb81ebd24664ecd0b0d3e2ca0940ba5324b7a191dfc079610ad

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Wed, 06 Apr 2022 11:11:47 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 28230
x-xss-protection: 0
server: sffe
etag: "1179 / 883 of 1000 / last-modified: 1649196481"
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Wed, 06 Apr 2022 11:11:47 GMT

GET
H3 200 pubads_impl_2022033101.js Show response
securepubads.g.doubleclick.net/gpt/ Frame 5DD7 366 KB
125 KB 48ms
33ms Script
text/javascript 142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022033101.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

sffe /

Resource Hash

a58d46d853c21c8e11eb057aba26dbeeb32041b51a61d4e2c3adc86c09c08704

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Wed, 06 Apr 2022 10:38:17 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 2010
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 127477
x-xss-protection: 0
last-modified: Thu, 31 Mar 2022 08:37:09 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Thu, 06 Apr 2023 10:38:17 GMT

GET
H3 200 styles__ltr.css
www.gstatic.com/recaptcha/releases/gZWLhEUEJFxEhoT5hpjn2xHK/ Frame AE4B 51 KB
24 KB 125ms
58ms Stylesheet
text/css 2a00:1450:4001:813::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/gZWLhEUEJFxEhoT5hpjn2xHK/styles__ltr.css

Requested by

Host: www.google.com
URL: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LdBUMUZAAAAAK9sWAfAA-Kd5C0Y4AGlWbDlHXpD&co=aHR0cHM6Ly9uZXRzNC5jb206NDQz&hl=de&v=gZWLhEUEJFxEhoT5hpjn2xHK&size=normal&cb=syl7lx1wm190

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f6d032132eed5aa1a417456f07864c51fe631858b190224cf7d1a50116d15f48

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Wed, 06 Apr 2022 10:26:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 2692
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 24237
x-xss-protection: 0
last-modified: Mon, 28 Mar 2022 04:22:14 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
vary: Accept-Encoding
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/css
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 06 Apr 2023 10:26:55 GMT

GET
H3 200 recaptcha__de.js Show response
www.gstatic.com/recaptcha/releases/gZWLhEUEJFxEhoT5hpjn2xHK/ Frame AE4B 362 KB
143 KB 124ms
58ms Script
text/javascript 2a00:1450:4001:813::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/gZWLhEUEJFxEhoT5hpjn2xHK/recaptcha__de.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

dff2681d8f5f16b61b464b599d7c62f61efe496b54a77044145495bc8cad36d0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Wed, 06 Apr 2022 11:09:50 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 117
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 146406
x-xss-protection: 0
last-modified: Mon, 28 Mar 2022 04:22:14 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
vary: Accept-Encoding
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 06 Apr 2023 11:09:50 GMT

GET
H3 200 pubads_impl_2022033101.js Show response
securepubads.g.doubleclick.net/gpt/ Frame 8347 366 KB
125 KB 34ms
33ms Script
text/javascript 142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022033101.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

sffe /

Resource Hash

a58d46d853c21c8e11eb057aba26dbeeb32041b51a61d4e2c3adc86c09c08704

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Wed, 06 Apr 2022 10:38:17 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 2010
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 127477
x-xss-protection: 0
last-modified: Thu, 31 Mar 2022 08:37:09 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Thu, 06 Apr 2023 10:38:17 GMT

GET
H2 200 css
fonts.googleapis.com/ Frame 0E1B 708 B
869 B 195ms
68ms Stylesheet
text/css 2a00:1450:4001:80f::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Lato&display=swap

Requested by

Host: cdn.purpleads.io
URL: https://cdn.purpleads.io/load.js?publisherId=344ad2e45bc351c4ada152793585a015:8aed5d81ec539e8e6c45776fc6ee38d0aa92f5aeb356bf9114996f6476591916247996f56f76a9fe14770cd4806b54edb29d6938615ba1769d3b435fb1fcd83b

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

230f27646f2460a7e13106d06ec50cb822acf254ae08fba4058aa06ca57b9dab

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Wed, 06 Apr 2022 09:42:05 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Wed, 06 Apr 2022 11:11:47 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Wed, 06 Apr 2022 11:11:47 GMT

GET
H3 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ Frame 0E1B 82 KB
28 KB 47ms
46ms Script
text/javascript 142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

sffe /

Resource Hash

85ed1de661855ab0d4c63f6f66c6c14397e178abff7a4edd412fc5a7e7954f46

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Wed, 06 Apr 2022 11:11:47 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 28341
x-xss-protection: 0
server: sffe
etag: "1179 / 145 of 1000 / last-modified: 1649196586"
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Wed, 06 Apr 2022 11:11:47 GMT

GET
H3 200 pubads_impl_2022040501.js Show response
securepubads.g.doubleclick.net/gpt/ Frame AB47 369 KB
125 KB 34ms
33ms Script
text/javascript 142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022040501.js?cb=31066992

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

sffe /

Resource Hash

e8a56b7248517b052849b0d606b0c402c9a147d231cfba361af5dfb5794a3766

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Wed, 06 Apr 2022 08:56:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 8121
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 128191
x-xss-protection: 0
last-modified: Tue, 05 Apr 2022 08:36:10 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Thu, 06 Apr 2023 08:56:26 GMT

GET
H3 200 pubads_impl_2022033101.js Show response
securepubads.g.doubleclick.net/gpt/ Frame 40D2 366 KB
125 KB 35ms
35ms Script
text/javascript 142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022033101.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

sffe /

Resource Hash

a58d46d853c21c8e11eb057aba26dbeeb32041b51a61d4e2c3adc86c09c08704

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Wed, 06 Apr 2022 10:38:17 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 2010
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 127477
x-xss-protection: 0
last-modified: Thu, 31 Mar 2022 08:37:09 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Thu, 06 Apr 2023 10:38:17 GMT

GET
H2 200 integrator.js Show response
adservice.google.de/adsid/ Frame 5DD7 107 B
792 B 203ms
64ms Script
application/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=nets4.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022033101.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 06 Apr 2022 11:11:47 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ Frame 5DD7 107 B
549 B 214ms
64ms Script
application/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=nets4.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022033101.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 06 Apr 2022 11:11:47 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ Frame 5DD7 18 KB
9 KB 427ms
426ms XHR
text/plain 142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=702374415149123&correlator=1165578818885715&output=ldjh&gdfp_req=1&vrg=2022033101&ptt=17&impl=fif&iu_parts=21902364955%3A22652385948%2Ccm_pu_nets4.com_technology_and_computing_top%2Ccm_pu_nets4.com_technology_and_computing_btf_banner&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=728x90%7C468x60%7C200x200%7C320x100%7C320x50%7C300x100&ifi=1&adks=1944610241&sfv=1-0-38&ecs=20220406&fsapi=false&eri=4&sc=1&cookie_enabled=1&abxe=1&dt=1649243506710&dlt=1649243506137&idt=550&biw=1600&bih=1200&isw=728&ish=90&adxs=294&adys=3074&ucis=62fxqlj5nmf5&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&nhd=1&url=https%3A%2F%2Fnets4.com%2Fdomain%2Fornatus.ru&top=nets4.com&frm=23&vis=1&scr_x=0&scr_y=0&psz=728x0&msz=728x0&fws=256&ohw=0&ea=0&ga_vid=1196927865.1649243505&ga_sid=1649243507&ga_hid=1308342384&ga_fc=true&btvi=1&nvt=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022033101.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

cafe /

Resource Hash

cf6161e5fa3be7823574c6e50cded4a8122e5f4e36f9b9438e3e0dc50f30a3e9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Wed, 06 Apr 2022 11:11:47 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8793
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://nets4.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame 5DD7 14 KB
10 KB 270ms
137ms XHR
application/json 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2022033101&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022033101.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c2a9dee7037bc0b8a27838018d37bfce2d5340dce3c33bcb7e3ef65092abc7ad

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 06 Apr 2022 11:11:47 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10651
x-xss-protection: 0

GET
H2 200 container.html
ec81b50761337029cbc265e61aaf7f67.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 06BB 6 KB
0 240ms
63ms Document
text/html 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ec81b50761337029cbc265e61aaf7f67.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022033101.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, immutable, max-age=31536000
content-encoding: gzip
content-length: 3108
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Wed, 06 Apr 2022 11:11:47 GMT
expires: Thu, 06 Apr 2023 11:11:47 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.de/adsid/ Frame 8347 107 B
165 B 188ms
83ms Script
application/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=nets4.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022033101.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 06 Apr 2022 11:11:47 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ Frame 8347 107 B
165 B 190ms
74ms Script
application/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=nets4.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022033101.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 06 Apr 2022 11:11:47 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ Frame 8347 56 KB
12 KB 493ms
492ms XHR
text/plain 142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=3907680314576310&correlator=1365541365816360&eid=44761482%2C31064019&output=ldjh&gdfp_req=1&vrg=2022033101&ptt=17&impl=fif&iu_parts=21902364955%3A22652385948%2Ccm_pu_nets4.com_technology_and_computing_top%2Ccm_pu_nets4.com_technology_and_computing_btf_banner&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=160x600%7C120x600%7C200x200%7C250x250&ifi=1&adks=3930092508&sfv=1-0-38&ecs=20220406&fsapi=false&eri=4&sc=1&cookie_enabled=1&abxe=1&dt=1649243506738&dlt=1649243506499&idt=231&biw=1600&bih=1200&isw=160&ish=600&adxs=1148&adys=1298&ucis=uhwlhnojmbzm&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&nhd=1&url=https%3A%2F%2Fnets4.com%2Fdomain%2Fornatus.ru&top=nets4.com&frm=23&vis=1&scr_x=0&scr_y=0&psz=160x0&msz=160x0&fws=256&ohw=0&ea=0&ga_vid=1196927865.1649243505&ga_sid=1649243507&ga_hid=506543187&ga_fc=true&btvi=1&nvt=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022033101.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

cafe /

Resource Hash

574e92357a18e7ed3289bf990a58c75bbba557dce33dd8f593871aa481971432

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Wed, 06 Apr 2022 11:11:47 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12165
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://nets4.com
access-control-expose-headers: x-google-amp-ad-validated-version
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame 8347 14 KB
10 KB 192ms
82ms XHR
application/json 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2022033101&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022033101.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0c097a6ea3574402b7bf7402d93496f158783a822d18351b3fee7a7a80434741

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 06 Apr 2022 11:11:47 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10677
x-xss-protection: 0

GET
H2 200 container.html
4e1be5275b477400f210f1089b7df493.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame ADF4 6 KB
0 227ms
70ms Document
text/html 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://4e1be5275b477400f210f1089b7df493.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022033101.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, immutable, max-age=31536000
content-encoding: gzip
content-length: 3108
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Wed, 06 Apr 2022 11:11:47 GMT
expires: Thu, 06 Apr 2023 11:11:47 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.de/adsid/ Frame AB47 107 B
165 B 140ms
73ms Script
application/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=nets4.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022040501.js?cb=31066992

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 06 Apr 2022 11:11:47 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ Frame AB47 107 B
165 B 161ms
84ms Script
application/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=nets4.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022040501.js?cb=31066992

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 06 Apr 2022 11:11:47 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ Frame AB47 17 KB
9 KB 412ms
412ms XHR
text/plain 142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=119089816863529&correlator=734183801007192&eid=31064682%2C31066342%2C31066992&output=ldjh&gdfp_req=1&vrg=2022040501&ptt=17&impl=fif&iu_parts=21902364955%3A22652385948%2Ccm_pu_nets4.com_technology_and_computing_top%2Ccm_pu_nets4.com_technology_and_computing_btf_banner&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=728x90%7C468x60%7C200x200%7C320x100%7C320x50%7C300x100&ifi=1&adks=1944610241&sfv=1-0-38&ecs=20220406&fsapi=false&eri=4&sc=1&cookie_enabled=1&abxe=1&dt=1649243506784&dlt=1649243506480&idt=275&biw=1600&bih=1200&isw=728&ish=90&adxs=294&adys=1350&ucis=t3k1ojd9zo9g&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&nhd=1&url=https%3A%2F%2Fnets4.com%2Fdomain%2Fornatus.ru&top=nets4.com&frm=23&vis=1&scr_x=0&scr_y=0&psz=728x0&msz=728x0&fws=256&ohw=0&ea=0&ga_vid=1196927865.1649243505&ga_sid=1649243507&ga_hid=21791266&ga_fc=true&btvi=1&nvt=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022040501.js?cb=31066992

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

cafe /

Resource Hash

d24ef6d9e49add68a3dcf18db8c140195c1686fc2ec2a9a24e0fa57ce8562768

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Wed, 06 Apr 2022 11:11:47 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8837
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://nets4.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame AB47 14 KB
11 KB 130ms
71ms XHR
application/json 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2022040501&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022040501.js?cb=31066992

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

fc3d7a62b564bfbf77c7ef8e33bb91751adf8bea9df9f1330726e57e7378f22f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 06 Apr 2022 11:11:47 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10584
x-xss-protection: 0

GET
H2 200 container.html
dafc551e4e9c5169a7a13f3d713e9282.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 6D42 0
0 224ms
67ms Document
text/html 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://dafc551e4e9c5169a7a13f3d713e9282.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022040501.js?cb=31066992

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, immutable, max-age=31536000
content-encoding: gzip
content-length: 3108
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Wed, 06 Apr 2022 11:11:47 GMT
expires: Thu, 06 Apr 2023 11:11:47 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.de/adsid/ Frame 40D2 107 B
165 B 114ms
84ms Script
application/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=nets4.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022033101.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 06 Apr 2022 11:11:47 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ Frame 40D2 107 B
165 B 125ms
83ms Script
application/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=nets4.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022033101.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 06 Apr 2022 11:11:47 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ Frame 40D2 17 KB
9 KB 337ms
336ms XHR
text/plain 142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=1185533996339920&correlator=3432355539461451&eid=31064835%2C31065713%2C31064225&output=ldjh&gdfp_req=1&vrg=2022033101&ptt=17&impl=fif&iu_parts=21902364955%3A22652385948%2Ccm_pu_nets4.com_technology_and_computing_top%2Ccm_pu_nets4.com_technology_and_computing_btf_banner&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=728x90%7C468x60%7C200x200%7C320x100%7C320x50%7C300x100&ifi=1&adks=1944610241&sfv=1-0-38&ecs=20220406&fsapi=false&eri=4&sc=1&cookie_enabled=1&abxe=1&dt=1649243506814&dlt=1649243506490&idt=313&biw=1600&bih=1200&isw=728&ish=90&adxs=294&adys=1855&ucis=imyydkrx1o5q&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&nhd=1&url=https%3A%2F%2Fnets4.com%2Fdomain%2Fornatus.ru&top=nets4.com&frm=23&vis=1&scr_x=0&scr_y=0&psz=728x0&msz=728x0&fws=256&ohw=0&ea=0&ga_vid=1196927865.1649243505&ga_sid=1649243507&ga_hid=327918042&ga_fc=true&btvi=1&nvt=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022033101.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

cafe /

Resource Hash

d9b43ddd50aaf42ec00d71a4dea71e5125ceb5af70bd85952712b0d559139f65

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Wed, 06 Apr 2022 11:11:47 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8893
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://nets4.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame 40D2 14 KB
11 KB 148ms
114ms XHR
application/json 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2022033101&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022033101.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b9385f6255100579484319d100f6d0facda9efd0a55bea1907679f6ae85b4376

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 06 Apr 2022 11:11:47 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10871
x-xss-protection: 0

GET
H2 200 container.html
ac6c1c7be8da81617cd43340af360d9f.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 28D8 0
0 208ms
66ms Document
text/html 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ac6c1c7be8da81617cd43340af360d9f.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022033101.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, immutable, max-age=31536000
content-encoding: gzip
content-length: 3108
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Wed, 06 Apr 2022 11:11:47 GMT
expires: Thu, 06 Apr 2023 11:11:47 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 S6uyw4BMUTPHjx4wXg.woff2
fonts.gstatic.com/s/lato/v22/ Frame 0E1B 23 KB
24 KB 192ms
60ms Font
font/woff2 2a00:1450:4001:831::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/lato/v22/S6uyw4BMUTPHjx4wXg.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Lato&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

918b7dc3e2e2d015c16ce08b57bcb64d2253bafc1707658f361e72865498e537

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://nets4.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Wed, 30 Mar 2022 19:30:30 GMT
x-content-type-options: nosniff
age: 574877
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 23580
x-xss-protection: 0
last-modified: Wed, 26 Jan 2022 19:14:03 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Thu, 30 Mar 2023 19:30:30 GMT

GET
H3 200 pubads_impl_2022040501.js Show response
securepubads.g.doubleclick.net/gpt/ Frame 0E1B 369 KB
125 KB 33ms
32ms Script
text/javascript 142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022040501.js?cb=31066992

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

sffe /

Resource Hash

e8a56b7248517b052849b0d606b0c402c9a147d231cfba361af5dfb5794a3766

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Wed, 06 Apr 2022 08:56:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 8121
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 128191
x-xss-protection: 0
last-modified: Tue, 05 Apr 2022 08:36:10 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Thu, 06 Apr 2023 08:56:26 GMT

GET
H2 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame AB47 17 KB
7 KB 232ms
67ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022040501.js?cb=31066992

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Wed, 06 Apr 2022 11:11:47 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Wed, 06 Apr 2022 11:11:47 GMT

GET
H2 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame 8347 17 KB
6 KB 243ms
84ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022033101.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Wed, 06 Apr 2022 11:11:47 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Wed, 06 Apr 2022 11:11:47 GMT

GET
H3 200 webworker.js
www.google.com/recaptcha/api2/ Frame AE4B 102 B
134 B 65ms
65ms Other
text/javascript 2a00:1450:4001:800::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/webworker.js?hl=de&v=gZWLhEUEJFxEhoT5hpjn2xHK

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

51540e98209e949f0a7f01c1332f6bf5dfe526adeaabe2705f42184d721f90b1

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LdBUMUZAAAAAK9sWAfAA-Kd5C0Y4AGlWbDlHXpD&co=aHR0cHM6Ly9uZXRzNC5jb206NDQz&hl=de&v=gZWLhEUEJFxEhoT5hpjn2xHK&size=normal&cb=syl7lx1wm190
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Wed, 06 Apr 2022 11:11:47 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: GSE
cross-origin-embedder-policy: require-corp
x-frame-options: SAMEORIGIN
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=300
content-security-policy: frame-ancestors 'self'
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 112
x-xss-protection: 1; mode=block
expires: Wed, 06 Apr 2022 11:11:47 GMT

GET
H3 200 integrator.js Show response
adservice.google.de/adsid/ Frame 0E1B 107 B
122 B 137ms
68ms Script
application/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=nets4.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022040501.js?cb=31066992

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 06 Apr 2022 11:11:47 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 integrator.js Show response
adservice.google.com/adsid/ Frame 0E1B 107 B
122 B 128ms
64ms Script
application/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=nets4.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022040501.js?cb=31066992

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 06 Apr 2022 11:11:47 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ Frame 0E1B 20 KB
11 KB 394ms
391ms XHR
text/plain 142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=680082383470449&correlator=3480403665070368&eid=31063377%2C31066023%2C31066992%2C31064019&output=ldjh&gdfp_req=1&vrg=2022040501&ptt=17&impl=fif&iu_parts=21902364955%3A22652385948%2Ccm_pu_nets4.com_technology_and_computing_top%2Ccm_pu_nets4.com_technology_and_computing_btf_2&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=320x50%7C320x100%7C300x250&ifi=1&adks=882885121&sfv=1-0-38&ecs=20220406&fsapi=false&eri=4&sc=1&cookie_enabled=1&abxe=1&dt=1649243507142&dlt=1649243506637&idt=393&biw=1600&bih=1200&isw=345&ish=85&adxs=1244&adys=1121&ucis=ei32jxmutp9o&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&nhd=1&url=https%3A%2F%2Fnets4.com%2Fdomain%2Fornatus.ru&top=nets4.com&frm=23&vis=1&scr_x=0&scr_y=0&psz=345x0&msz=345x0&fws=256&ohw=0&ea=0&ga_vid=1196927865.1649243505&ga_sid=1649243507&ga_hid=724764714&ga_fc=true&btvi=0&nvt=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022040501.js?cb=31066992

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

cafe /

Resource Hash

e0adc349e413c4a6dd0e43237ac42891a0b6b4bb36b9f18a247a2f256de60b80

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Wed, 06 Apr 2022 11:11:48 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10748
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://nets4.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html Show response
44b06eb17c5c54e89d8592603d21ef87.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame CE48 6 KB
3 KB 102ms
67ms Document
text/html 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://44b06eb17c5c54e89d8592603d21ef87.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022040501.js?cb=31066992

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, immutable, max-age=31536000
content-encoding: gzip
content-length: 3108
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Wed, 06 Apr 2022 11:11:47 GMT
expires: Thu, 06 Apr 2023 11:11:47 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame 40D2 17 KB
6 KB 78ms
78ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022033101.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Wed, 06 Apr 2022 11:11:47 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Wed, 06 Apr 2022 11:11:47 GMT

GET
H2 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame 5DD7 17 KB
6 KB 103ms
103ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022033101.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Wed, 06 Apr 2022 11:11:47 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Wed, 06 Apr 2022 11:11:47 GMT

GET
H3 200 container.html Show response
ec81b50761337029cbc265e61aaf7f67.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 557F 6 KB
3 KB 124ms
57ms Document
text/html 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ec81b50761337029cbc265e61aaf7f67.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022033101.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

accept-ranges: bytes
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, immutable, max-age=31536000
content-encoding: gzip
content-length: 3108
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Wed, 06 Apr 2022 11:11:47 GMT
expires: Thu, 06 Apr 2023 11:11:47 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

OPTIONS
H2 200 i
api.purpleads.io/x/a/7bece372152b6a464e797a8753847c5e:ddcceda06f1417e46267142746b05b61a18619473dfaf9f786bc2c453dbaefbecfde533369a78a9da32db75fbc873bf59b90c25b7a1597a017c4849f4eaa1cbfe3cb0f339b8d19b... Frame 0
0 104ms
104ms Preflight 23.23.7.90
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://api.purpleads.io/x/a/7bece372152b6a464e797a8753847c5e:ddcceda06f1417e46267142746b05b61a18619473dfaf9f786bc2c453dbaefbecfde533369a78a9da32db75fbc873bf59b90c25b7a1597a017c4849f4eaa1cbfe3cb0f339b8d19b7f626a150b8bc4724e8513627fa69669ac6cab2574f06574a0d5b337f198930ee1b7e098ba7333ed68cc3188362abb3aaa8f2a65981b36064c5766d4e42a07461cf87a1f905105a877c590ad7d059f59dada20e05ea9a3bd4/i?id=83edb3df-0046-4d95-9e31-ecd56bc04edf&ts=1649243507232
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 23.23.7.90 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-23-23-7-90.compute-1.amazonaws.com
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: authorization,content-type,x-purpleads-version,x-request-url
Access-Control-Request-Method: GET
Origin: https://nets4.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: authorization,content-type,x-purpleads-version,x-request-url
access-control-allow-methods: GET, PUT, POST, DELETE, HEAD, OPTIONS
access-control-allow-origin: https://nets4.com
date: Wed, 06 Apr 2022 11:11:47 GMT
x-request-id: c395df36-ee87-4930-a19c-98aec8a87e72

GET
H2 200 i Show response
api.purpleads.io/x/a/7bece372152b6a464e797a8753847c5e:ddcceda06f1417e46267142746b05b61a18619473dfaf9f786bc2c453dbaefbecfde533369a78a9da32db75fbc873bf59b90c25b7a1597a017c4849f4eaa1cbfe3cb0f339b8d19b... 0
199 B 207ms
206ms Fetch 23.23.7.90
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://api.purpleads.io/x/a/7bece372152b6a464e797a8753847c5e:ddcceda06f1417e46267142746b05b61a18619473dfaf9f786bc2c453dbaefbecfde533369a78a9da32db75fbc873bf59b90c25b7a1597a017c4849f4eaa1cbfe3cb0f339b8d19b7f626a150b8bc4724e8513627fa69669ac6cab2574f06574a0d5b337f198930ee1b7e098ba7333ed68cc3188362abb3aaa8f2a65981b36064c5766d4e42a07461cf87a1f905105a877c590ad7d059f59dada20e05ea9a3bd4/i?id=83edb3df-0046-4d95-9e31-ecd56bc04edf&ts=1649243507232
Requested by: Host: cdn.purpleads.io
URL: https://cdn.purpleads.io/agent.js?publisherId=344ad2e45bc351c4ada152793585a015:8aed5d81ec539e8e6c45776fc6ee38d0aa92f5aeb356bf9114996f6476591916247996f56f76a9fe14770cd4806b54edb29d6938615ba1769d3b435fb1fcd83b
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 23.23.7.90 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-23-23-7-90.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Authorization: Bearer 344ad2e45bc351c4ada152793585a015:8aed5d81ec539e8e6c45776fc6ee38d0aa92f5aeb356bf9114996f6476591916247996f56f76a9fe14770cd4806b54edb29d6938615ba1769d3b435fb1fcd83b
x-request-url: aHR0cHM6Ly9uZXRzNC5jb20vZG9tYWluL29ybmF0dXMucnU=
Accept: application/json
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36
Content-Type: application/json
x-purpleads-version: 2.1.3

Response headers

access-control-allow-origin: https://nets4.com
date: Wed, 06 Apr 2022 11:11:48 GMT
access-control-allow-methods: GET, PUT, POST, DELETE, HEAD, OPTIONS
access-control-allow-credentials: true
x-request-id: 0628c72a-f693-4a97-bd9d-911b1b8c2053

GET
H3 200 container.html Show response
ac6c1c7be8da81617cd43340af360d9f.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 91AC 6 KB
3 KB 125ms
59ms Document
text/html 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ac6c1c7be8da81617cd43340af360d9f.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022033101.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

accept-ranges: bytes
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, immutable, max-age=31536000
content-encoding: gzip
content-length: 3108
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Wed, 06 Apr 2022 11:11:47 GMT
expires: Thu, 06 Apr 2023 11:11:47 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

OPTIONS
H2 200 i
api.purpleads.io/x/a/2d443c26a1172f9898adf3802d1b4604:40c753a982a8d2f1d12f9b6bd215acf0497e74b5ada6d2070e0c377607a14d3ae60d5c3bccede203dbbf91c13d4fa2ef641db6bec2e6127274281882c52bf9ece0581319d959707... Frame 0
0 113ms
112ms Preflight 23.23.7.90
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://api.purpleads.io/x/a/2d443c26a1172f9898adf3802d1b4604:40c753a982a8d2f1d12f9b6bd215acf0497e74b5ada6d2070e0c377607a14d3ae60d5c3bccede203dbbf91c13d4fa2ef641db6bec2e6127274281882c52bf9ece0581319d9597078d54a2c3fd2f6ba9fd210970ba17f7cd551c3ea21587a7508930f8dda29dab52b4f16972e9042bb7d7e29c8bb6b21a2b0e5558151249df9a3fe26f30e77648474119ae3a4d15348e15c249c1b94ee0fe24f9c5e68b52adaac/i?id=898b257e-2f14-447b-9ac4-073efc4ac647&ts=1649243507244
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 23.23.7.90 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-23-23-7-90.compute-1.amazonaws.com
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: authorization,content-type,x-purpleads-version,x-request-url
Access-Control-Request-Method: GET
Origin: https://nets4.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: authorization,content-type,x-purpleads-version,x-request-url
access-control-allow-methods: GET, PUT, POST, DELETE, HEAD, OPTIONS
access-control-allow-origin: https://nets4.com
date: Wed, 06 Apr 2022 11:11:47 GMT
x-request-id: daf14c30-54ee-4e45-bd70-59b5d9115a16

GET
H2 200 i Show response
api.purpleads.io/x/a/2d443c26a1172f9898adf3802d1b4604:40c753a982a8d2f1d12f9b6bd215acf0497e74b5ada6d2070e0c377607a14d3ae60d5c3bccede203dbbf91c13d4fa2ef641db6bec2e6127274281882c52bf9ece0581319d959707... 0
199 B 172ms
171ms Fetch 23.23.7.90
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://api.purpleads.io/x/a/2d443c26a1172f9898adf3802d1b4604:40c753a982a8d2f1d12f9b6bd215acf0497e74b5ada6d2070e0c377607a14d3ae60d5c3bccede203dbbf91c13d4fa2ef641db6bec2e6127274281882c52bf9ece0581319d9597078d54a2c3fd2f6ba9fd210970ba17f7cd551c3ea21587a7508930f8dda29dab52b4f16972e9042bb7d7e29c8bb6b21a2b0e5558151249df9a3fe26f30e77648474119ae3a4d15348e15c249c1b94ee0fe24f9c5e68b52adaac/i?id=898b257e-2f14-447b-9ac4-073efc4ac647&ts=1649243507244
Requested by: Host: cdn.purpleads.io
URL: https://cdn.purpleads.io/agent.js?publisherId=344ad2e45bc351c4ada152793585a015:8aed5d81ec539e8e6c45776fc6ee38d0aa92f5aeb356bf9114996f6476591916247996f56f76a9fe14770cd4806b54edb29d6938615ba1769d3b435fb1fcd83b
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 23.23.7.90 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-23-23-7-90.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Authorization: Bearer 344ad2e45bc351c4ada152793585a015:8aed5d81ec539e8e6c45776fc6ee38d0aa92f5aeb356bf9114996f6476591916247996f56f76a9fe14770cd4806b54edb29d6938615ba1769d3b435fb1fcd83b
x-request-url: aHR0cHM6Ly9uZXRzNC5jb20vZG9tYWluL29ybmF0dXMucnU=
Accept: application/json
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36
Content-Type: application/json
x-purpleads-version: 2.1.3

Response headers

access-control-allow-origin: https://nets4.com
date: Wed, 06 Apr 2022 11:11:48 GMT
access-control-allow-methods: GET, PUT, POST, DELETE, HEAD, OPTIONS
access-control-allow-credentials: true
x-request-id: b54ee988-bd8a-4f73-811d-b7acfabe1ae2

GET
H3 200 container.html Show response
dafc551e4e9c5169a7a13f3d713e9282.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 5886 6 KB
3 KB 62ms
61ms Document
text/html 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://dafc551e4e9c5169a7a13f3d713e9282.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022040501.js?cb=31066992

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

accept-ranges: bytes
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, immutable, max-age=31536000
content-encoding: gzip
content-length: 3108
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Wed, 06 Apr 2022 11:11:47 GMT
expires: Thu, 06 Apr 2023 11:11:47 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

OPTIONS
H2 200 i
api.purpleads.io/x/a/a8e73d34b60e1d14333806218bd625db:b7418fc78ba79cc0079c707c23f27db27b11d466fc4ae92d2c1f92363734c3f73d5c7151f36e0c4d013c7f472c3c07204f21ea29c109f035e5f759ffe8824cf253a6e3edb430da9... Frame 0
0 107ms
107ms Preflight 23.23.7.90
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://api.purpleads.io/x/a/a8e73d34b60e1d14333806218bd625db:b7418fc78ba79cc0079c707c23f27db27b11d466fc4ae92d2c1f92363734c3f73d5c7151f36e0c4d013c7f472c3c07204f21ea29c109f035e5f759ffe8824cf253a6e3edb430da91e7277048e857b7d5ce00504414d5420dd80e1477d81d56342550d651ea23d769f45ec89b4fc31643ae8de0b351c66124c99faaed1ff1a33e9f3580acff36ba8bb6455ff9ba1d41e25be06110cd5b48db853a8676f823aef5/i?id=0c7a457f-44cd-4b31-9b48-5b373a3ade0e&ts=1649243507296
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 23.23.7.90 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-23-23-7-90.compute-1.amazonaws.com
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: authorization,content-type,x-purpleads-version,x-request-url
Access-Control-Request-Method: GET
Origin: https://nets4.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: authorization,content-type,x-purpleads-version,x-request-url
access-control-allow-methods: GET, PUT, POST, DELETE, HEAD, OPTIONS
access-control-allow-origin: https://nets4.com
date: Wed, 06 Apr 2022 11:11:48 GMT
x-request-id: b028335d-940d-47b3-adbb-fb130e51ee25

GET
H2 200 i Show response
api.purpleads.io/x/a/a8e73d34b60e1d14333806218bd625db:b7418fc78ba79cc0079c707c23f27db27b11d466fc4ae92d2c1f92363734c3f73d5c7151f36e0c4d013c7f472c3c07204f21ea29c109f035e5f759ffe8824cf253a6e3edb430da9... 0
199 B 266ms
266ms Fetch 23.23.7.90
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://api.purpleads.io/x/a/a8e73d34b60e1d14333806218bd625db:b7418fc78ba79cc0079c707c23f27db27b11d466fc4ae92d2c1f92363734c3f73d5c7151f36e0c4d013c7f472c3c07204f21ea29c109f035e5f759ffe8824cf253a6e3edb430da91e7277048e857b7d5ce00504414d5420dd80e1477d81d56342550d651ea23d769f45ec89b4fc31643ae8de0b351c66124c99faaed1ff1a33e9f3580acff36ba8bb6455ff9ba1d41e25be06110cd5b48db853a8676f823aef5/i?id=0c7a457f-44cd-4b31-9b48-5b373a3ade0e&ts=1649243507296
Requested by: Host: cdn.purpleads.io
URL: https://cdn.purpleads.io/agent.js?publisherId=344ad2e45bc351c4ada152793585a015:8aed5d81ec539e8e6c45776fc6ee38d0aa92f5aeb356bf9114996f6476591916247996f56f76a9fe14770cd4806b54edb29d6938615ba1769d3b435fb1fcd83b
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 23.23.7.90 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-23-23-7-90.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Authorization: Bearer 344ad2e45bc351c4ada152793585a015:8aed5d81ec539e8e6c45776fc6ee38d0aa92f5aeb356bf9114996f6476591916247996f56f76a9fe14770cd4806b54edb29d6938615ba1769d3b435fb1fcd83b
x-request-url: aHR0cHM6Ly9uZXRzNC5jb20vZG9tYWluL29ybmF0dXMucnU=
Accept: application/json
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36
Content-Type: application/json
x-purpleads-version: 2.1.3

Response headers

access-control-allow-origin: https://nets4.com
date: Wed, 06 Apr 2022 11:11:48 GMT
access-control-allow-methods: GET, PUT, POST, DELETE, HEAD, OPTIONS
access-control-allow-credentials: true
x-request-id: 70cbb8c3-f277-4ae9-a299-5ccb935b07b9

GET
H2 200 amp4ads-v0.mjs Show response
cdn.ampproject.org/rtv/012203150226000/ Frame D670 222 KB
61 KB 192ms
63ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012203150226000/amp4ads-v0.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022033101.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b94ed570e00f5bba0eaed65da67bf6f2fc5e107446a682eb045f20dbd12ab0e8

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 449499
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 62084
x-xss-protection: 0
server: sffe
date: Fri, 01 Apr 2022 06:20:09 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "fa1474a6dd6481f4"
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Sat, 01 Apr 2023 06:20:09 GMT

GET
H2 200 amp-ad-exit-0.1.mjs Show response
cdn.ampproject.org/rtv/012203150226000/v0/ Frame D670 16 KB
7 KB 184ms
55ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012203150226000/v0/amp-ad-exit-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022033101.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

aec5ee5147fdc283bcb601dc6231c234d9bec077d32756aef2a75eeedf78038f

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 151282
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5728
x-xss-protection: 0
server: sffe
date: Mon, 04 Apr 2022 17:10:26 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "d91e62368f79b48d"
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Tue, 04 Apr 2023 17:10:26 GMT

GET
H2 200 amp-analytics-0.1.mjs Show response
cdn.ampproject.org/rtv/012203150226000/v0/ Frame D670 96 KB
29 KB 302ms
174ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012203150226000/v0/amp-analytics-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022033101.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

213738a8de7a1e55874dcbc92825c84599256579b64f60f19c2514e61844e6bb

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 151282
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 29618
x-xss-protection: 0
server: sffe
date: Mon, 04 Apr 2022 17:10:26 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "9a9baa9802fa29d2"
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Tue, 04 Apr 2023 17:10:26 GMT

GET
H2 200 amp-fit-text-0.1.mjs Show response
cdn.ampproject.org/rtv/012203150226000/v0/ Frame D670 5 KB
2 KB 191ms
62ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012203150226000/v0/amp-fit-text-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022033101.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2eb2a641ec9143273f4f5ba4f1526364fd4b1a040b628b4be54b77dbe362690f

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 161988
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1900
x-xss-protection: 0
server: sffe
date: Mon, 04 Apr 2022 14:12:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "3393210d007db9ca"
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Tue, 04 Apr 2023 14:12:00 GMT

GET
H2 200 amp-form-0.1.mjs Show response
cdn.ampproject.org/rtv/012203150226000/v0/ Frame D670 42 KB
13 KB 312ms
184ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012203150226000/v0/amp-form-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022033101.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0b43999f77e447254a78e068f55a6cc9075071b252277337b901e095e607e474

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 151282
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13669
x-xss-protection: 0
server: sffe
date: Mon, 04 Apr 2022 17:10:26 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "565eca32a909292d"
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Tue, 04 Apr 2023 17:10:26 GMT

GET
H3 200 css
fonts.googleapis.com/ Frame D670 8 KB
891 B 139ms
68ms Stylesheet
text/css 2a00:1450:4001:80f::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C700

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022033101.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

2fc1b2d9aba57e8f207c9272af85d95eacbaa7ed664abb4fdcfe3c9fda7c1f66

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Wed, 06 Apr 2022 10:08:27 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Wed, 06 Apr 2022 11:11:48 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Wed, 06 Apr 2022 11:11:48 GMT

OPTIONS
H2 200 i
api.purpleads.io/x/a/dd0a2e489974791f10fed00c26b15f98:621adccedef07783d4dbe40ee11617178bacfe99f4e9a49de68a256884b2e2b5f848182847a0f5e2186e91ad4871a78828c867bc28acddedb5423f517d71ebefc362df6fbf7849e... Frame 0
0 107ms
106ms Preflight 23.23.7.90
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://api.purpleads.io/x/a/dd0a2e489974791f10fed00c26b15f98:621adccedef07783d4dbe40ee11617178bacfe99f4e9a49de68a256884b2e2b5f848182847a0f5e2186e91ad4871a78828c867bc28acddedb5423f517d71ebefc362df6fbf7849ef58ca0634b252242cc4caa65a7ac051cafe28e7c5aa166aa2f9fe6e5f1d7148a61fa5b961a8a632c5337a32bbff7144000f86f6b3d044fed5e6bf399b27a1b5ea2fe7c4f08ffd86645ef4b38267a68ffc52750627f92ec608/i?id=11c70bcf-6e92-4b30-9e34-7e0e9f2aaa64&ts=1649243507315
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 23.23.7.90 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-23-23-7-90.compute-1.amazonaws.com
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: authorization,content-type,x-purpleads-version,x-request-url
Access-Control-Request-Method: GET
Origin: https://nets4.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: authorization,content-type,x-purpleads-version,x-request-url
access-control-allow-methods: GET, PUT, POST, DELETE, HEAD, OPTIONS
access-control-allow-origin: https://nets4.com
date: Wed, 06 Apr 2022 11:11:48 GMT
x-request-id: d3d2a6d9-b665-4496-8cfe-b816379926e5

GET
H3 200 en.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame D670 2 KB
2 KB 186ms
112ms Image
image/png 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/en.png

Requested by

Host: nets4.com
URL: https://nets4.com/domain/ornatus.ru

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Wed, 06 Apr 2022 09:41:38 GMT
x-content-type-options: nosniff
server: cafe
age: 5410
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
etag: 14819457070020093239
vary: Accept-Encoding
content-type: image/png
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2502
x-xss-protection: 0
expires: Thu, 07 Apr 2022 09:41:38 GMT

GET
H3 200 icon.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame D670 295 B
319 B 185ms
112ms Image
image/png 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/icon.png

Requested by

Host: nets4.com
URL: https://nets4.com/domain/ornatus.ru

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Wed, 06 Apr 2022 09:53:05 GMT
x-content-type-options: nosniff
server: cafe
age: 4723
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
etag: 426692510519060060
vary: Accept-Encoding
content-type: image/png
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 295
x-xss-protection: 0
expires: Thu, 07 Apr 2022 09:53:05 GMT

GET
H3 200 adview
securepubads.g.doubleclick.net/pagead/ Frame D670 0
0 76ms
76ms Image
text/html 142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=C6hdbc3VNYrOVG8WN7_UP2sGtwAzH3t2raYzt0fmUELCygOyQAhABIPLTuXtgleKQgqAHoAGUpJzHAsgBAakCNsTwkR9Hsj7gAgCoAwGqBNkCT9Bax4aj7_387M7Qag0FfPCHU0GlpVaZk1lPi4atSsKvm2LtI8MwOXlbQ8dzIBbQp5Ej38KgQh23mXSDjfc9OLJQ7w1Fy0VybwhbepHn_LBZJBLE6BtWlIp5H1oVNEd1F-NXDacw6w0PnJh37dopXA_nHjEQY_D0aybqBzebNWItTsNg37_Y8ijXWYTI1LnjWyx9hXYaQaR4KijYe2oWK79dVFctY5Vps1P3BfS3VSOjlEjVuyAAFMu4STnKsB5blpdfcMckh130GKEghfHjYVJrA7F4I2pq9hASRD3VOB4-4MMqQLdDwKiHRXjQDM9Agmy08USI9VCmqKBrFgimSoQvuJiECQzrle3Ok6uGpyqf2CUgf7kVtonN53q_0JOOTpdU9f_qxCng215xTzcWyuf2b_mJfBqZva6ilUw9TCxVEfevyW2XhqfLUq2sR4gErOzsSvg4qyAJwATFwfeE9QPgBAGAB-yi4-4BqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhvYBwHyBwQQkqUO0ggJCIDhgBAQARgdgAoDyAsB2BMD0BUBgBcBshceChwIABIUcHViLTU0MTMzMjk1NDQwNDA5NDcYwYx0&sigh=RYXtpHsMP_8&uach_m=[UACH]&template_id=5020
Requested by: Host: nets4.com
URL: https://nets4.com/domain/ornatus.ru
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 142.250.186.66 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra24s05-in-f2.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

GET
H2 200 i Show response
api.purpleads.io/x/a/dd0a2e489974791f10fed00c26b15f98:621adccedef07783d4dbe40ee11617178bacfe99f4e9a49de68a256884b2e2b5f848182847a0f5e2186e91ad4871a78828c867bc28acddedb5423f517d71ebefc362df6fbf7849e... 0
199 B 194ms
192ms Fetch 23.23.7.90
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://api.purpleads.io/x/a/dd0a2e489974791f10fed00c26b15f98:621adccedef07783d4dbe40ee11617178bacfe99f4e9a49de68a256884b2e2b5f848182847a0f5e2186e91ad4871a78828c867bc28acddedb5423f517d71ebefc362df6fbf7849ef58ca0634b252242cc4caa65a7ac051cafe28e7c5aa166aa2f9fe6e5f1d7148a61fa5b961a8a632c5337a32bbff7144000f86f6b3d044fed5e6bf399b27a1b5ea2fe7c4f08ffd86645ef4b38267a68ffc52750627f92ec608/i?id=11c70bcf-6e92-4b30-9e34-7e0e9f2aaa64&ts=1649243507315
Requested by: Host: cdn.purpleads.io
URL: https://cdn.purpleads.io/agent.js?publisherId=344ad2e45bc351c4ada152793585a015:8aed5d81ec539e8e6c45776fc6ee38d0aa92f5aeb356bf9114996f6476591916247996f56f76a9fe14770cd4806b54edb29d6938615ba1769d3b435fb1fcd83b
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 23.23.7.90 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-23-23-7-90.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Authorization: Bearer 344ad2e45bc351c4ada152793585a015:8aed5d81ec539e8e6c45776fc6ee38d0aa92f5aeb356bf9114996f6476591916247996f56f76a9fe14770cd4806b54edb29d6938615ba1769d3b435fb1fcd83b
x-request-url: aHR0cHM6Ly9uZXRzNC5jb20vZG9tYWluL29ybmF0dXMucnU=
Accept: application/json
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36
Content-Type: application/json
x-purpleads-version: 2.1.3

Response headers

access-control-allow-origin: https://nets4.com
date: Wed, 06 Apr 2022 11:11:48 GMT
access-control-allow-methods: GET, PUT, POST, DELETE, HEAD, OPTIONS
access-control-allow-credentials: true
x-request-id: 0d7beb6a-7b37-4a3c-a9de-873ed861726f

GET
H3 200 bframe Show response
www.google.com/recaptcha/api2/ Frame F8CE 7 KB
1 KB 69ms
68ms Document
text/html 2a00:1450:4001:800::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/bframe?hl=de&v=gZWLhEUEJFxEhoT5hpjn2xHK&k=6LdBUMUZAAAAAK9sWAfAA-Kd5C0Y4AGlWbDlHXpD

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/gZWLhEUEJFxEhoT5hpjn2xHK/recaptcha__de.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

8d426dcde2b7e01ae4013742cf7b8f121955a66395dd67486cef84515638e149

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-HYHZlMePFnsCXEIf0OsQEQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: no-cache, no-store, max-age=0, must-revalidate
content-encoding: gzip
content-length: 1110
content-security-policy: script-src 'report-sample' 'nonce-HYHZlMePFnsCXEIf0OsQEQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Wed, 06 Apr 2022 11:11:48 GMT
expires: Mon, 01 Jan 1990 00:00:00 GMT
pragma: no-cache
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame AFCE 13 KB
5 KB 96ms
55ms Document
text/html 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

accept-ranges: bytes
age: 940
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Wed, 06 Apr 2022 10:56:08 GMT
expires: Thu, 06 Apr 2023 10:56:08 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 aframe Show response
www.google.com/recaptcha/api2/ Frame CEC9 783 B
535 B 67ms
66ms Document
text/html 2a00:1450:4001:800::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

ea4905c24de147d6f1bc3c4b8d52f83031b343f96bfe737d61ce8feeabd7a373

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-fh0gS1zPeg4Wl3c1kg8Fhg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private, max-age=300
content-encoding: gzip
content-length: 513
content-security-policy: script-src 'report-sample' 'nonce-fh0gS1zPeg4Wl3c1kg8Fhg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Wed, 06 Apr 2022 11:11:48 GMT
expires: Wed, 06 Apr 2022 11:11:48 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 9126 13 KB
5 KB 94ms
57ms Document
text/html 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

accept-ranges: bytes
age: 940
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Wed, 06 Apr 2022 10:56:08 GMT
expires: Thu, 06 Apr 2023 10:56:08 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 aframe Show response
www.google.com/recaptcha/api2/ Frame DB0D 783 B
535 B 65ms
65ms Document
text/html 2a00:1450:4001:800::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

19d07ce311c19a2138905ffa3efdee1e3c52141bf05942af482e8a6f5abbc671

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-KInfLslO6z3R7aS36wSLWA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private, max-age=300
content-encoding: gzip
content-length: 513
content-security-policy: script-src 'report-sample' 'nonce-KInfLslO6z3R7aS36wSLWA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Wed, 06 Apr 2022 11:11:48 GMT
expires: Wed, 06 Apr 2022 11:11:48 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 6E8F 13 KB
5 KB 101ms
74ms Document
text/html 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

accept-ranges: bytes
age: 940
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Wed, 06 Apr 2022 10:56:08 GMT
expires: Thu, 06 Apr 2023 10:56:08 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 2FB0 783 B
534 B 66ms
66ms Document
text/html 2a00:1450:4001:800::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

28a4e7f6ae4805000c80fa6f1c395a8c82a56fbf9366ec1dfc1a296ba872723b

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-NT2IFyBUmce12XdBdnPNUQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private, max-age=300
content-encoding: gzip
content-length: 512
content-security-policy: script-src 'report-sample' 'nonce-NT2IFyBUmce12XdBdnPNUQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Wed, 06 Apr 2022 11:11:48 GMT
expires: Wed, 06 Apr 2022 11:11:48 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 6EB2 13 KB
5 KB 91ms
68ms Document
text/html 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

accept-ranges: bytes
age: 940
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Wed, 06 Apr 2022 10:56:08 GMT
expires: Thu, 06 Apr 2023 10:56:08 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 1CCF 783 B
535 B 66ms
65ms Document
text/html 2a00:1450:4001:800::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

c4c936e763c459b86bcaf792f34793f14f68b0d2d159bf5948d4fc0fff64604c

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-v03Rj4me/Rc+ZCJcYgpAqA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private, max-age=300
content-encoding: gzip
content-length: 513
content-security-policy: script-src 'report-sample' 'nonce-v03Rj4me/Rc+ZCJcYgpAqA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Wed, 06 Apr 2022 11:11:48 GMT
expires: Wed, 06 Apr 2022 11:11:48 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame 0E1B 14 KB
11 KB 139ms
72ms XHR
application/json 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2022040501&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022040501.js?cb=31066992

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

159112235a160206d91fdd8b857233a34d2ca01d372e7806949a97757ea22bf1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 06 Apr 2022 11:11:48 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10745
x-xss-protection: 0

GET
H2 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 1287 624 B
340 B 282ms
154ms Document
text/html 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CMmp1wIQ19vYAhiGqrrHATAB&v=APEucNWThcXor2c1UvYRZ9fmwF-hlxak7ycmmbuePjOaHs1JNS5EJ0LM__D05hwxLFiHPH0HpRwfdCHEQ85lM4HQYAXDFOO7UrdFUklS-hSNq4XG170qp2xXep6S52nRQ0THra4NYc6e9XDXG-eNeFf8ii2fiU5__78328TMSsfrIHtSDaTfaWQ

Requested by

Host: ec81b50761337029cbc265e61aaf7f67.safeframe.googlesyndication.com
URL: https://ec81b50761337029cbc265e61aaf7f67.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ec81b50761337029cbc265e61aaf7f67.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-encoding: gzip
content-length: 276
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 06 Apr 2022 11:11:48 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 557F 26 KB
16 KB 219ms
93ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-AOss_-TGuxEsx2TPyqJi_jmqBR6eTIo7u8I1yYzbLJfPmDWQKrmtJGOWfZxY5pghZKqkrPnZr36C_Ev-np3e7a0-GJeWivbN6BFezLRcQsSbBh9KpgaO7GmDUU6iD7zFhZDbmFU4eQ40rcQfXE-dw6-79DvQ&cry=1&dbm_d=AKAmf-AKHfeDQeHlHSo_zCqAVShdXcx1zLNjjAZsa0p_sztCJf09T48sTt9bhbyv1dI0NO7RIsJTjeSFFyz4vILwwjBBEQnZdUOAJaQUcsJsITYYSFgbfURLuTK9XnYAIxvSY6hRFiEE8cQ0l7-b-zEmSevlGBlWHzTgEArxiPoJDi8GR35AYrNqqrkRhLyG2kFjxcp5ZPpytrB9ojHF5WkL8SZS9E9DHgvwmDlqKpxFcTqXbJTZF0Yj1SfeDwwUc2yogDybEMgwdkzIBiPPlx2WsIOwqlOSTsfcYkwPOEm-70WLO4wUD_pY6oLmXDKXLZA__FZQ0IFg5A66frm5iXV7jaeADxXRmLFoVCj_gKarAo0wWq4eioa-wRtPmhhMnIcaqgTWQr5NttstGffsC1w9Q0GkG6Z0VMiy-49rFAnDGPL2i8jVeWAl7FankdKSuvolifd3LV7RH_S0KnpTm9isrsxY2XA8tiPFnlWS7nenKSy_xT9v9tH-gn43Ob2AAeWMSpgA7SRD621JHeoIsOBGk4thp85a71VtH2dFjOuGGbbjgDOP2Br-LbRXboep17YzEOK11t9QgiiLZoCSloAZmOj4XE0DOOhjbwoCdBwr4UoYc16kmNtgrPRU_dMR1ti-tIfSH_E0ql8kC92D8hwA1V1a4G7DTQAKmiC-BdMd5wQ2T9Bz4lG_ogpqr8pcPFnpEBB7QCQ0r3AADXYGV3moKiEI-1lv8m4RxkHoUv5029-GsKkFibsLhsyj5F1lsZXgkNGM4xBcwlZlf4Mr_4SX8O40BG1hWWQ16l7ySKlY2SjeUj24slfyT97-Nd5_XhKZAZceKsg6tfYSdGBEscTtlVUoeeCc3brTjdJ-zz3cCXJCC1VKv9upDjkGgw7QVUONfywxLYgljkJAIGhb32_WIn-8A9ygDy3Rdbud8l9Pry6Ki5Fn00a-pSQnC540wtUxy6iD5xucRUkvvYfD3OiDAyX5dyQ8b9mVoqtpZk8XmOjA8tCzJKFlRQN1bizpOdyvYfvB_pFG2ERzEpBwLNprvt3I05nRk2Lz8McAtg_j8aDBUrozxgkL_5U-dOy_4g9vW2Xhd-6aiC2vJDBOYeatRx1jrfHHSjSjHO_ZNrLotcZ8FoQfnMyFZpjwFcOogBITgdHbKwg7QaC2Ws6qvJR0fhYiqef-uEkDQ_UFTi1vyuma9AZ_wLKPIx5_LRADu4w1lj85uN4nsF0RZtUX-PLDOJf_eKJUudVxREYkzwXMYIFAnCezMzIbZnw01M-FCMPf90Efq3q12lIKa94iKAXsKFPbIXGgt6ud7X-aA1GUslROYWC_SIalBwHvuM65OSB5ZyVKiXsLZ1jlHEVGwmv29Sy9DqPqH-nePt7C0PN_ppHMg30OnNrF37FPyZKJXXBN4rdDqpHq5EcEecs7LXftyuY_1_MbQjgGspngiyrvx-ClY1hcWOp4WA344RAAaqytr0eYLSwk3v7Gzv5nyzWvHIpLnwS7WelPronx3l_mhYBFjHx8l0GUfpYeEHrXp9hD5Az8DcQvyzCs1KSHXBN1nw577EvE0OPaCSVfygpdj5YwCAn_mjoZA1uJ54Rz3XCzoJW3XYZo0Vdv624NdWPX3N5kVh_wQvagsbNA2871KGFAWTsYST1aERE-zHWMQakiZuHGs_d3lA4D6sO261Vn2xNGMafh4RTBi8XsuNxg55gqw02oh7yEvZuS1ls2Rqt_mHe4HXoiSrA_Vr5z-NCv3X7m3lEbbfLofdX0BIyQTf3D-pFgkjV3KqsX_h0Hoy1msDXVABt7hQpYFE_wZ6E8DwPesGHdc3wa4baQhKbvHLkFep2FYINkFDczPkb90RByIRp9ClNrtBXlwAt9_eJWohmF1HzGkbg7K_J-s6XnadS1uwa4bpX0G17LK5BWw2ZncgxSs6Y1MIh7bZOP0hxmKG2b12O9E_bTvKr6aC2ASp2mGNdcMfuL1mgS4Dm3VNymM89o-ah63BSEPJwy1F_t9RzWFILi4WBNgrFkgOKibOmuN2-MZw0O1MDKngGNPurA_JOt60AwM2gp-S5rpjOMaPlASdHedurjz-pJ-rwovO5NI6d044QgXpySRVq0vf1mtWNwQutb_h3butIy9U-Ow6Sgrh_JAls31CCXIb5cYBYUwGr3p8p-BM7nLiQM-F2e8t37lJIReuw94BTzVyCLI_3PXtecwYG7Xz9W8G67mf7cOJYSSWWbfnbN0J0YYzQ2w34a2bRc9h7aJVAQKyTq79pCJIka_TGd2-lUvR08bVEHU0OsYhzLFDTy1UEM1OKw8evpEqigYvpeUmRa8ldFiNh12puEqzYhi-rqoByTOtOEQCrUmQmHg8wSpkZxXNBXlUY_p9Oun3Hs26R4XC2PbbP5x7_OVsLKQkT8rrCQi067aEaOHxSIVME2bDIv06McIs5LT_6LenohTdCiNAycZRfYndX9D_PhlljXrS0kuy0OZyiYoAOdLhwnz8FrEio6duB3FlP7BvK1HpGx5WD_uJEvHHizsk2OAtTBtkk19gn8IlmQM3GF_xiuvCVm8ESjGotwoI0dmNYi721dfWPb1Y6j4iRM5f09fAqKXnH74Ye0di89XWVK8h1FQnzYpg7YBQ-DMsKRY6dpp7eJVtoA8g59YARKkHvF8GKVawa-3_7Jc94HGbzDa2RNrTGLxNPyjOPdDij___iUQrh0p8icfv8Jw0NifgOUOPEwQc5BvxSZYesmzgdret-pZhNfhhFkuFrpuVI90RVpLXTIdV30cybjFvaUukyp7elrxRuToDMsM0YezLxMjdcGaocpK91p0g8dQmKcCYtbkQ0j1cn500rwN1puKygfv-KkAajlMB21Dkq9ofpHgN3JOXTLMSfDbA8onkenpBoE0oBqvxBwRZumzFtLxc_kzCO8ZgfBfxLzXD5CSWuVMYN-cBySgZlHycXOPr4RS5dYAe0P5qL_OLTbHUYDnXyCjaq6q3_L8-WgGPz15-gX0YedkwRz_Sh9V3vdZQZahsPUsxOD2vSGaRj6aPOJatlC1JIquLgDgXDBYzgU3_D0Gxgs5iBSj-JnM1fT-7853PMIppc9x7eJUkRgjvIMW4JdlGA-e97ViaKUuJp40LpUvwc_iflN8lYzy17FTux2xm7Rn-9o7N-GX92OEEgXhWeXv9XwqaBhSPQCNyThkhRdagFCdUMzlYmSOrNmCk7_lD0oCJWqs6nyZjDxMZfWQFhWxoHSEwuB91n7OWN46zn9GU5pdEYWUGXkNyRi4hGb&cid=CAQSLgCNIrLMDGbgTueWJMdmEt7-Cw5SqYD12HyfTRSSyAjWbOqlbhQe-R3hqVJ7J7gYAQ&rfl=2%2Chttps%253A%252F%252Fnets4.com%242%2Chttps%253A%252F%252Fnets4.com%252F%240

Requested by

Host: nets4.com
URL: https://nets4.com/domain/ornatus.ru

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f6d0fb9990196571b14faca069dd24dfacde70bd9b2f243c1ff4e511584a816b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ec81b50761337029cbc265e61aaf7f67.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 06 Apr 2022 11:11:48 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 16148
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 557F 42 B
63 B 157ms
91ms Image
image/gif 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-B3D3ArS0qHsoPeWz-jf6Qtr4OKJ8Xuq6buaz2N3JPOrZvWu89fHakqLZQE1DJlUgxw3vVp3atmzC7yLV0yoo510GLGJUwK4diCmlq69wbp6iuhI3g

Requested by

Host: ec81b50761337029cbc265e61aaf7f67.safeframe.googlesyndication.com
URL: https://ec81b50761337029cbc265e61aaf7f67.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ec81b50761337029cbc265e61aaf7f67.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 06 Apr 2022 11:11:48 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 adition.js Show response
imagesrv.adition.com/js/ Frame 557F 32 KB
8 KB 44ms
10ms Script
application/javascript 217.79.188.59
MYLOC-AS IP Backb...

General

Check archive.org

Show headers Download Go to

Full URL: https://imagesrv.adition.com/js/adition.js
Requested by: Host: ec81b50761337029cbc265e61aaf7f67.safeframe.googlesyndication.com
URL: https://ec81b50761337029cbc265e61aaf7f67.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 217.79.188.59 , Germany, ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE),
Reverse DNS: imagesrv.adition.com
Software: /
Resource Hash: 70e0a3b2c82384039a2e4b31c305c9ef1f72a59b585acad421c54a6101a25237

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ec81b50761337029cbc265e61aaf7f67.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Wed, 06 Apr 2022 11:11:48 GMT
content-encoding: br
last-modified: Thu, 21 Oct 2021 06:32:42 GMT
etag: "4043560335-br"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
accept-ranges: bytes
content-length: 8355

GET
H2 200 js Show response
ad13.adfarm1.adition.com/ Frame 557F 3 KB
2 KB 47ms
11ms Script
application/x-javascript 217.79.188.54
MYLOC-AS IP Backb...

General

Check archive.org

Show headers Download Go to

Full URL: https://ad13.adfarm1.adition.com/js?wp_id=4285695&kid=2954778&clickurl=https://googleads.g.doubleclick.net/dbm/clk%3Fsa%3DL%26ai%3DCPNHyc3VNYvCrGaKLlQfmk62wC7WQ1-FokbK10vkP8C4QASDy07l7YJXikIKgB8gBCakCaqMdG0lCsj6oAwGqBOgBT9B_T70TkuoJKpVhv9ne9HY_snL8pUrh-GAc9wD31iSvvRxlguJCJHIwz5lKFB7FRZbEWXy_UCKzeJMJwz0G8wczeuPHNcDZ8F89SwlykpJht1N8gDUs4R5QAumzYACqWu3xtj_f0trNhrPwqyW5-wGMSJ3BMhannlbwZ3NCn2NRKjw2IuIwPaWmH6piVxCZvLwW20aXXCO3iY4fG0W_IyVefjfepuDhYNEnnWjhZU4QvDu7qKWESnrMUYdeyhP9ZuIO9iQwUeEKv0U6C2CKx_uqrH0rVft9yeuLytUsrPoNtb7WrpWhxcAE_OTPmNIC4AQDkAYBoAZNgAesqMu9AagHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4bqAfz0RuoB5bYG6gHqpuxAqgH_56xAqgH35-xAtgHANIICQiI4YAQEAEYHYAKA5gLAcgLAYAMAbAT3a-xDdATANgTA9gUAdAVAfgWAYAXAQ%26ae%3D1%26num%3D1%26cid%3DCAQSLgCNIrLMDGbgTueWJMdmEt7-Cw5SqYD12HyfTRSSyAjWbOqlbhQe-R3hqVJ7J7gYAQ%26sig%3DAOD64_2CsszaPaEg3QxEqQMAe0cH1JDM9Q%26client%3Dca-pub-5413329544040947%26dbm_c%3DAKAmf-Coa0Qd_l_GAKmeq2X_JuWMOb55g6OEXvETHHF3ev3GJ2N33hONvYxgEZrZR6yei0Fi0VV5g1SjFkm8akpLzwsr6ZyxgYXcxe9NzYeNCES1eFjzd25sKIEtGubgmAAxnCg0S_a8CROOZYNKEyxtyT_gpGsE3Q%26cry%3D1%26dbm_d%3DAKAmf-AIcYOe9fs6Rqs3c8daMMOWx8eUHKAlz2kzaC79MKdBRoWzw8_xiu7DUHqpaTuiUUCG7Lz36hcwRYKUjIhm1Alj6XeEExESLmtP236UXF4J895_DoaoGdYLdeRcnMHkqbkxYRG-QBs72yUtWElFT5mlHeN9ojo8hwsWgCJJ8XdZH5xPd9MWt1HwJIeHZWLrAhoH0VCGkw4e_xqpLPFQ3vxmvHM44hIDiSRzTLyFSXEPz5nvuzI20O8XmjOpNhNQMBOb3NOjwAUwiOc8-0BpXt7aixZhOLaQAB7XTmIJjMC2ChfodRbLOQ0ZA702kJEoUuDHtygUWhzsdD00rQHZEWki01hmtJ7nCRzpAhBPyxKMN9MDUS5ASGgtj5EMxv8pu0vATp2MVC1Rl-WdHFEkgcLx1sQv06xWVb8Sv9HvNln8ECrINTjfdYY9TixtUy1uznfEVzDnbKzeHpOWHo7TKlLHnjvpSw%26adurl%3D
Requested by: Host: ec81b50761337029cbc265e61aaf7f67.safeframe.googlesyndication.com
URL: https://ec81b50761337029cbc265e61aaf7f67.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 217.79.188.54 , Germany, ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE),
Reverse DNS: aa.adfarm1.adition.com
Software: ADITIONSERVER v1.0 /
Resource Hash: c237b6558cae79ac9abac3f4f7a2bf9eb345254442eda28521a0d01f74ece616

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ec81b50761337029cbc265e61aaf7f67.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Wed, 06 Apr 2022 13:11:48 +0200
content-encoding: gzip
content-type: application/x-javascript
server: ADITIONSERVER v1.0
cache-control: max-age=600
p3p: policyref="https://imagesrv.adition.com/w3c/p3p-ssl.xml",CP="NON DSP ADM DEV PSD IVDo OTPi OUR IND STP PHY PRE NAV UNI"
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H3 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220404/r20110914/client/ Frame 557F 2 KB
1 KB 96ms
95ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220404/r20110914/client/window_focus_fy2019.js

Requested by

Host: ec81b50761337029cbc265e61aaf7f67.safeframe.googlesyndication.com
URL: https://ec81b50761337029cbc265e61aaf7f67.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

68026f99511fbc5c2275b7068b5fac19797d638977ffb9db12c5c1523614c18f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ec81b50761337029cbc265e61aaf7f67.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Wed, 06 Apr 2022 10:56:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 909
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1233
x-xss-protection: 0
server: cafe
etag: 16517525077337815633
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 20 Apr 2022 10:56:39 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 557F 119 KB
37 KB 214ms
84ms Script
text/javascript 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: ec81b50761337029cbc265e61aaf7f67.safeframe.googlesyndication.com
URL: https://ec81b50761337029cbc265e61aaf7f67.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a59c05d1a0531610285fb30680c6ff8cb80b987cfd7f118a84e44ca4dd942f55

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ec81b50761337029cbc265e61aaf7f67.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Wed, 06 Apr 2022 11:11:48 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 36931
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1649071906742826"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Wed, 06 Apr 2022 11:11:48 GMT

GET
H3 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220404/r20110914/client/ Frame 557F 15 KB
6 KB 66ms
65ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220404/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: ec81b50761337029cbc265e61aaf7f67.safeframe.googlesyndication.com
URL: https://ec81b50761337029cbc265e61aaf7f67.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ecc2e585ea072abb205881f3aad6f36e92d556537e7100a8a128ddbc75edb436

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ec81b50761337029cbc265e61aaf7f67.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Wed, 06 Apr 2022 11:00:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 677
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6407
x-xss-protection: 0
server: cafe
etag: 6055885685211612390
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 20 Apr 2022 11:00:31 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame 557F 0
0 64ms
64ms Image
text/html 2a00:1450:4001:800::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaRqrdZ9elZGZbqW2iPPmg4zM9-F2p_TH5-0x-wxPLeuLiBTTR5ZO_NHaQMC69R0Frko2wgu
Requested by: Host: ec81b50761337029cbc265e61aaf7f67.safeframe.googlesyndication.com
URL: https://ec81b50761337029cbc265e61aaf7f67.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:800::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ec81b50761337029cbc265e61aaf7f67.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

GET
H2 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame B21C 624 B
340 B 268ms
153ms Document
text/html 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxj-rbvGATAB&v=APEucNURRK4QBFbcPdmZo8JOopE_HaJK99vZzVIjEYF4bDHho_OygiTehmh2JnHM_zbr8Ps5sIPukSLMybMZ2I3EnjtgEB1ldBoDziCY7_gKrFk48k2DgEQySwy_43GRQ09kihRj_8kBFyCRdHtmeu894o30IAjZDLwwmAx2NVEDiqgGKsyPDvo

Requested by

Host: dafc551e4e9c5169a7a13f3d713e9282.safeframe.googlesyndication.com
URL: https://dafc551e4e9c5169a7a13f3d713e9282.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://dafc551e4e9c5169a7a13f3d713e9282.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-encoding: gzip
content-length: 276
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 06 Apr 2022 11:11:48 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 5886 14 KB
11 KB 266ms
154ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-BXITxnywl8xj0IYQXGYNXMCWV9rePm9eUO7tT--_JH0CuHKKyW_jCWu4rMl5RA7S0pdf_i7eocwhBU-G7hFo9ZCtHvSuctDDdSSvSGGpDcWZCsRMKuMah-cm_SffKj2soPUuV6RaIncfbjZKVFgB1bpBk7mg&cry=1&dbm_d=AKAmf-Dxw3Nk3k0vaks-aksO5n_lDuKHG2eMV_HnWcccvqdFMlNIiDhOqD_QM4E8h4JPUNjTaOL2x3rmBHvBqxfYi36vn-BM_O5dmosNzqPh-UyyklwyML1pOS_PLS5HScr2mk5iW4KqH5-DBzW6llx7Rh2KyBE_fzEbDwMNkvzfJ6IXXGH7InRmy_BJ_St8Q25ikfSeMM3l0-Fp28J6WCMEZrmYfgDyW2sI1NmXYVxwXM2lNrZ0wFvVhWYODBi5Plu7rbDDzVj8alnRu8MWAxtDi8tPavgZe39vOtrf1_F865cE2a_10qsTwuB1eBsMiclSmHN3dyEtCofRNyfurQsSVF4RdMb-Ch3yCcCmxIeOoCg112S37y0CVU8VWRpC4fVLxZr-fdRhS0E0L3GFlpBSwnA567TUfp79jZU_680NFv9yyGKRamfv2eB7HgPCzc4HzzKmHuttKgcbdZmSRHLUEXDbh6kFuXRj-sgcAhRkg3ManCdq3OP2127EAltDfXuQC7KWZpDJdbtPVI_F0acgEcl5ofI2rs4hZumAHsvQe0quv35uVvnrETnRYiWwMxNuD0r0jBtp6cTs_G79jO8ZJSte98Y-WQKFdZ-lYen6vXe0HyK6AhTevcdYwTD4udncsooaJq5o2DdNCZoq_qia50onm0CqbBGqmyXWE2oNhWWHMt-d-ZtQvNcX24f0c3aecZeRkqtDRcX-lqNk4YYhIgS2cXkP00mr-bYBjE8nKa-XJjH5O5P5ugrHXIBHPlaUVIJOZCaKO69D2HnarVl-yqZl7WWuJTPRHMXq99o-ufdmyf4FIj_atAuU5iUkOCxyp5PLzbYguRoWOoKpi8vBqQ6I_4l3KgMSnJfADOL4ND8xBhFyog0KN_7HxyFl22LW4fNv1j-xMEp0wXyriNYL4OUode0U64Ul6XYgNkwkju0uqlu-1YK-IZ2fVPdEy3q5fMdnEf0nTZ7MlCSi2uoruK_rjmDF6cf0KAOYOQ1rO_cgxUYbbOLsvZ46krt8JQJXYhVzk1R7gs2SDmPfmx6LNyWS32R4XemXrzvs5sE7RJ-3PBcrpkDCti-lRLZKbrH-aJAjcn9yXiJQ8rCV8ngnrsoo88s5nCIE-nTm784k_l4yMeA7qmDIGFnVG88Xg5Yzl7z-GCCRqNYkMZUpzfSzzwqn1KyOG-Q22Qb8icfl4K0pLTqnJ3wA5ezjgSNOA52nbZwDUg2sUmqoC8PgG7IhjAzRjQReMOq1Z8TOz4A0m-sf5eKPjJoYe2-Q_2Fhv-J9FT7AGb42ePzFRJZ7v87I8fa2fV-y7wLntDW_bQaaR40t9R7MIOvNXhDV0tLLBSZvLUHIdYT1gzYwFASznXfgzhXG1ad3g5ZNqpPTYvW7cFpCpAXNG-7nxzdo_CFf3jwUwtY0kYMG9JtHmYMV3NPwqoQ59585iB332_1Wps1rQOu5caZIeYfDkPS5nQQ11EYaxTTDraj2tXxd9qo6d9BekFChcRcqG7d3utdJangheW5edRBVxTVPQ2-d7T4ERQk4nV1wVwcoxzcAWvXYlECFHRNvKqv0gGV5H-K5RyBcDmSDXsaVL2yo-IjmW9umUyfIoYcSqdfNsOR0n12kY4FZHVLvFZ1qXTw8Vr21PlhslAnNCeZJKQFkJAwNe7E5yPZ2za6rDY5GFDVTfb009EMvb_BB0tEaw5d9tPsUQ-xu2mWHIk-WbekAxQVvNDxdJqu5UrGRgRKB8ZN3ocNMWHaaXep2L3y0booLJn45p9JcDuzYb_xHha3G_jvuGXMsXuqPDCRsflgaKZZFYaO2RriJfnuWfqckPxbiqQ4TWRzeZYihTcv4CxI1V__oUDukve9uQAebzE8XWMWQCORpNmMn1gmHh9HgSE8M7_ASuGAsVCXhfiL8aXhH5Rm-ZrDTJkadrSrqoSSCpYQUo2oXzpM8JMPa9mOGOY5UUkODRgDQX--Mefkq694yuA55eZjLSzXBOqwD9WrzrmdXWmfAzmdNAinv395RlddH6K8OChgmtkXPNef8QGU2m46k3PuKMvRdq-xpelzulA9e0F55rd8ZR2e_VkWHnqRvNWVD4pZCN1-ZUsg8RjRsLs5EvH2AAcsQGbO4qDu9VsmXujKCLAGxFyRgfDZgcDtnL7MxGIN0sw75KnSWqf3OeLTqeivHf4BuO1xL21vjD7RRbQ-eJXPnVZJDlAmeQ1oXSuqVBhjUFcc20gIEojFJnhFB1b0kYtni1oIBVYzINalL6ddvJqKYKNat-RIuF0hH73JeFsSKvW3LQlPd3dAtpVmHh40J_80t-sK-oE5wMKtMu4MoksX43JkSRw8pY7PMFCSuXCekxlQ-BVV3YXniOUuk0JN8pIhb7EG0Zy8OOM69-2rovRc9XUdzNVXUdwsstm57t-aZejpIbhfRMlywJ5cv1YS2BYXjbkfSmLlp-zlLYG509UlI6xTkJaQ1SdAKW0JJtf1aab1DC-xkHU6-55xkhdbWiuML3HZsh4JmPFNc2bPGqG5HcvTVw5TN7-Vz8grcL8u1r_QgO7EOpZ0BpSnMxUJJNBXnvOrpIwlELepKrSpCWyiaQ15qImdUeNbsC9Mrx3MXMZA9WiBqfuv821hfhqEy2-_XJHJXQGppYuHAfDXDEolRCoOJRQuhjYKJi8BQFGrOWbHUhX3MUI6E09ZEZKDhazV4BiOvuH7TpjoFIQBlE5Dk1z8unf7Ov8cjHkfPQnKXsrtE_95n1aQ8eKeSU3fJ7Xu00qPGJK8aI4FjL2IrYHrCuDB0CpXYwuzhNjXpAhAFYP4bgTJWLU8Rxdo0jd0L7Rb1tOFaiBVeHiRhiNJ6XnY1K39oJBKrmB6ij3fp-EcZ-ziawqdkawQRxTOuD0xtrtv-cjwgkPwavir1rkoFNsKyrIACUEs1yIa7gqO-X2daoqEuvyqkEy2TIM4qydnqw21cQGJKHtAjDRKapV995nflwe8eH_gOuiC27kz6OgEeDSB4hE7f3QjCl5s43U928QSFNmqbweduXLPOSg5lGEz16yFKHwj1y-if7wWoM07A_a8PqN6VIMc20e0TnPGgPqhsc9422LKIM0gdVLIo70kao31REn52RwfoVwyOtMDnAKE0vGWFXi-xxjUG7wVk0CdkXlVC3yH6Cdk-ByF_jiAUrTn9PQF2RT4VdBbwdUaqH385H-eydeB-ZfiOoam7in1pNACkyiv4vPjpcHON2_6ZnEG26xUHQrXl9sPjL_LsvsCom7jXhzmPOLs__FIpvpaxANWdEPhu&cid=CAQSLgCNIrLMjgSLvxNtLs6euBYjFZCsdwcCs97R97Y8p96xexUe7MeW8L0dLsj2k9E&rfl=2%2Chttps%253A%252F%252Fnets4.com%242%2Chttps%253A%252F%252Fnets4.com%252F%240

Requested by

Host: nets4.com
URL: https://nets4.com/domain/ornatus.ru

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0d6c3894b0d09a611896147410168fee78895e65f445fefb7a109d8056ea676f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://dafc551e4e9c5169a7a13f3d713e9282.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 06 Apr 2022 11:11:48 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10812
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 5886 42 B
63 B 142ms
91ms Image
image/gif 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-AHrswCeM9OT-NY0IYexAjLAoIQXKSxks8MKX_cDwfcUv6A19uxP_lrXtWh4uoK1eiaCIo7E-awckkwWJO28el_K7rtL_eIhSiQrwXU3vnANHj2Xvg

Requested by

Host: dafc551e4e9c5169a7a13f3d713e9282.safeframe.googlesyndication.com
URL: https://dafc551e4e9c5169a7a13f3d713e9282.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://dafc551e4e9c5169a7a13f3d713e9282.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 06 Apr 2022 11:11:48 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220404/r20110914/client/ Frame 5886 2 KB
1 KB 89ms
88ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220404/r20110914/client/window_focus_fy2019.js

Requested by

Host: dafc551e4e9c5169a7a13f3d713e9282.safeframe.googlesyndication.com
URL: https://dafc551e4e9c5169a7a13f3d713e9282.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

68026f99511fbc5c2275b7068b5fac19797d638977ffb9db12c5c1523614c18f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://dafc551e4e9c5169a7a13f3d713e9282.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Wed, 06 Apr 2022 10:56:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 909
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1233
x-xss-protection: 0
server: cafe
etag: 16517525077337815633
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 20 Apr 2022 10:56:39 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 5886 119 KB
36 KB 289ms
172ms Script
text/javascript 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: dafc551e4e9c5169a7a13f3d713e9282.safeframe.googlesyndication.com
URL: https://dafc551e4e9c5169a7a13f3d713e9282.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a59c05d1a0531610285fb30680c6ff8cb80b987cfd7f118a84e44ca4dd942f55

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://dafc551e4e9c5169a7a13f3d713e9282.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Wed, 06 Apr 2022 11:11:48 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 36931
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1649071906742826"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Wed, 06 Apr 2022 11:11:48 GMT

GET
H3 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220404/r20110914/client/ Frame 5886 15 KB
6 KB 61ms
60ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220404/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: dafc551e4e9c5169a7a13f3d713e9282.safeframe.googlesyndication.com
URL: https://dafc551e4e9c5169a7a13f3d713e9282.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ecc2e585ea072abb205881f3aad6f36e92d556537e7100a8a128ddbc75edb436

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://dafc551e4e9c5169a7a13f3d713e9282.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Wed, 06 Apr 2022 11:00:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 677
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6407
x-xss-protection: 0
server: cafe
etag: 6055885685211612390
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 20 Apr 2022 11:00:31 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame 5886 0
0 65ms
64ms Image
text/html 2a00:1450:4001:800::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaTXMXoUj8rS_LmlQFfxbogjJPPVEwvKhpsVkxbn8hYP3JWJEFHSpQBq9xpenB8tVCn19fcR
Requested by: Host: dafc551e4e9c5169a7a13f3d713e9282.safeframe.googlesyndication.com
URL: https://dafc551e4e9c5169a7a13f3d713e9282.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:800::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://dafc551e4e9c5169a7a13f3d713e9282.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

GET
H2 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 317D 624 B
373 B 258ms
151ms Document
text/html 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxi2hrvGATAB&v=APEucNXrW2A3zcaurhz9CikU-mCIZb4n8m8V50HvbZp4CSZqgNClp-iWjLIpCYz-aZXO3Ubt9mRbPxMTR4Hl0ghT1yESm7GtfRqYRClF_klrt9IDEFJ6npqIU6uMwkwTeoWS-IUU9xygA9CkbtSPjN_QF5IXNdYhweQf_JgjH_9n0KjrCa_JyTA

Requested by

Host: ac6c1c7be8da81617cd43340af360d9f.safeframe.googlesyndication.com
URL: https://ac6c1c7be8da81617cd43340af360d9f.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ac6c1c7be8da81617cd43340af360d9f.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-encoding: gzip
content-length: 276
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 06 Apr 2022 11:11:48 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 91AC 14 KB
11 KB 215ms
110ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-B6sMh8PM7Pj7Hum3uGLk_jTd9TbWyk_QkPFpTfBZcyK_UCcDfsflsi_tjeZzFX1Rlf0EPUUKUoY2aUvDeM0f0IarGBUYDXQFH7nqqmz5MM73zWHMiKr4R3687iEHt0ZBmNEdQ8CHWy9_xeq7knmEg0O9BaUw&cry=1&dbm_d=AKAmf-AxyxiWJDdN5ftmyvEwDdDERha9Wca-J85rF6Qib4pvH3zEq6l5s9pbkcqNz2kOzRD04BerKZMpBmlEln2zW_JiFjcBGzRNIPbDXgTrecg0W2F1FbR58ngD900jwMAO6Pvmf7LV2_Na3wQFFZ8VOUoh3cR2mit1uEYl2w7PPC_JT9fmrtVdjVUV-07-uG890uPWeO5AQ3tzzlbgXjGtxgEGM2wou9W2QTWwVK6u50TnXfQatMQELHc8MrAEbVQXnm8UcVQRonRv3RH70N9wkOB3wR5luK2W0d9JlPkzi3nIumCUUhQ8I1IeG3mQHvTa7yxuz_NNS6PaTmFusQpqmdg6-BP39aTNS086ydC9JXEt5-d4ltPncUdWxL4MSEO47kTF2tUFRAEG9WNI7rJZctRYd7M_SBFQSgfSINk-g8MCZub8V4IbtlMoQ9AuCZXAI8pRpDV9y_kj7RVbqSyPPFTjChC3h3wpBCIwtJ3lnpAi7BZURfcTvYpn9bkKn_Oa8Wtbnyd1KjfmlN8GXOjk9j_cusR8PEOILe4lGu_BODT76zWM5zFsiAaNhieLDqhCwmfE47r03T42m0XA1WHosQFu8ftkQbGHclF1V8X3lUfmj9d4pd-m_ZMQLcbO2jfzzdtPUWiDTvPDHINAPj8PyLIMHZsdj4drrnVckofmH8ZjaeoP6Z6-uY0AH3o5QoPHE3C0f21kKAo8EqizfT3wE-8zmZx21XiNC8uC5lcBF5aDPD-PCymDkr5dajGU37WQCMgcyih2M0FKmqsX65C2ex3EaHrOotzC8mqTTpYvXTBdrPuppeyrqh5Wh4hWHxckNT190Vz-YG2izbpMQ7M1kAsurlua-Ah1xas-jwZhj5B2FBB-B9UULUZ89HHq1ZGzJTz7iGp81yzF_SCURKFN34G5busQr7DvsM5quJeplIJ72CIbbcuKPsDXYxgo8s0xg-k4VFHmlEVcpkzwudhlcLtxvzpkkSNM_Aeewu7rxyQIMxsOnsazdNY6EJO7_nLzXjK4DhjtfqF2sUlPgrUsEvHnDzh2BAeCI_hKAxyKQJhp2hp2uF2OuDIUrT9sTyhV7mV-P5Q14z9OtpMhi2TjXMyw4hHEj2ZDwJ6_Js4DgncwvwMqjlBdRsoS_MACPD8SZuqh2lBoDuSHcXjCgR3IyE3-5FI8pD0pPbaVev1aFsHmT5NhJWMrd3R64kY3gTByXzLNXeoV9_2Y-tEbC73dZFWzcn7MQt2gkrU9H0QZGNstjOsoDp6KAnNjlWT80k_vDE8-mInBYlTQhSk-YNeM-RizF0mTeKUzGHKnqRLNCMMcQFWpCdKl-hgbO40Ya1hAGJVhGZ1bCEoGibl4zvtE62esvGJyW9SwNBcpC_VhhmpgHYndPaEQ_VxWC4k60m70ZRPn-v8K9v2CVTU5v62NfQSMF_LcaTJO48DU-UNietuaZM5yDtaWxNS4yC_s7HdS1tZnMXb7TWqY1UG0n5PW1RQhia7pgabrDstzvk2FeOcQAUkl7-fXtzb70zC9JlVfpWwn393O5stMbJirNiJ1MB84772jgHe5qEERxR3KeSiOrF_a17IuHvkNVtJczl89GFmjCZSKZQcq83h0CrWS4z2bOyBjDgUCMimXim4QxuBOZn4kxLcZxWTbPdRndFRf-3qTeTSK_5QLP-fvPFmEC_B7tCgD2Dhj_qYM1hgchnsBmUKocl12V7Q4XuurXcBA0dcDZj56LPhb3B9QfuF-oiKGgrHjKrcLvL75qSctsQ-gE0HEntWRo7BxM1Y7sO0gsQa_LlUyli0k9Sb2OthqM6ITwHsGFl1tYXl4diR6BWEPmVfDJXmBLUAY2ZJK0eCRhmN1J9Hu0lT5hM99f8z6Ux6oaaUSt3I32w9pdaYUtQBwzo0-V_1a6SB8h-s9ZE5X65veB52PaBdD7RJe78it60bY0fvyiYx4gZsFbzQap8aO-fSIl3C-fS95oacmrb_zRKumpGtjwZ9tTWMHTTi24os-rgz5lZL3BpJxaN75AfApjNbLfTh2j487dB7kErJ9pjteheJrCnNV60yJAYjF3TzWj2LUNc6JCxiLiOhLAGVqCfe7HjpXKQ3vIx84vKh2ZOpAsD95xUZMt19g7UeaxYNnAYdrHg2V91WlfBqz_qP4vSGsqHbZnMGysT4rgkhTGRcmKeL6remsj36LoJnKW2Q47PtYT1a8iO8w2XkRhN_OOFDAuIMM5rIXJ23qTtbg_ImSInstfil1XPGKs4_XKJQFohLnRrwJ0_Bcv0K5De36-4wmG42Hr7zkstt3QD6EJnKYE7dOh03igrgD8P7_GKXPleq4Yu4NTC-oxglHxDRbMmxQ7ZsAa1OTn65ZxUjISrcw_gVwuVwlzy09RZQcZ6aWO9tTfIF3j8vtrhuDPz8KPRUn4zyL-vqbe1o2uRMhyIam--T3LgbqH2XqYlqt13Am10Oyz-Y1ZRgok0OGA6d1rMczyMRgzAqgBGKqPinxJix3-cOpLyJOKWDkXi5INt9Lf4dzj3DdXUHebP-NpgDA3oekpH_5d8Hv7EPZF75LaW7qe2gXA535mZrcho4p_GfK08dI55tH9E9ggohbDuKJMeXNmFzv9tKKmGnTctzi-ZGTO5Pxuh6Ww6uPUH1MKtq5C8nIWPdQMWDImkPZ_-nqGZ0Xm45zW23-cN__8sNsNnZLN3Ghk2UkaW9CBm7-E1ZOKVMg35K89ax43qkkK46gFY0Q-3MdyXjdDWDpwetRPSCGF1xsrpHFviyi7Zi5-oOW1UeyZyFRiuvEbyVWzzdkhH1s50g2GDdSLgddvCMu60hbE8lughmqs-9GiGs4TpoXHV8APa02A8Ni2ZwJ8sHISKJTCDRYesMnKIOBTMbRh-WFmXfbHm3hdTBzrga47M7p822DIZ2M61nfZsB50N_DtjwzDExsydbw0cJilI6RemyHD4AwwCN3KsTw4frWhVLk1BVCpt_HfA9rcrmFDZk5TIx2LVpCkP0ljWKnMlLZCoceAixOrgoBxhAtlshcuG6u9kMWGQwqpb3nW27Ed0DCgUoAp7Y22psL5zysvcYE-13vUGsnNduIHaKUI9HbVkAZYY3zxMusUXh8ZjfTaEZ98Qj63TBrHCt4sfDbRUyeoe5q5bai4nlyCQ0WcyU0rhACL6GFkaz_0gTiLzLficcQ2UAvtfq-0lGTxhDBypPmI70BYkmzzs3ySPAM6C6ff0Y5aYbYwZ28goeRchJaGf71Oed5BTo&cid=CAASJ-RoxXWFTzELul37GAv6AGfb5sYGvjmr3OJ_rozOX3NmHfwkd1dQ3w&rfl=2%2Chttps%253A%252F%252Fnets4.com%242%2Chttps%253A%252F%252Fnets4.com%252F%240

Requested by

Host: nets4.com
URL: https://nets4.com/domain/ornatus.ru

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3616a3c591db6aa0640850fa19e1c61db2b7e8775619183d299cf0ed2a236d26

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ac6c1c7be8da81617cd43340af360d9f.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 06 Apr 2022 11:11:48 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10751
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 91AC 42 B
63 B 135ms
90ms Image
image/gif 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-CEqgGzNyRFxxR_IJ7UhYjQt9P6WCvcXFge4IAQKXQfen0pP5PZ7u1ROOmBdWQIi3fN2IkOmShnvaieLE3qjIbjzFDaTHU9Y7Jw3goAjrDngQX1e1c

Requested by

Host: ac6c1c7be8da81617cd43340af360d9f.safeframe.googlesyndication.com
URL: https://ac6c1c7be8da81617cd43340af360d9f.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ac6c1c7be8da81617cd43340af360d9f.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 06 Apr 2022 11:11:48 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220404/r20110914/client/ Frame 91AC 2 KB
1 KB 83ms
81ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220404/r20110914/client/window_focus_fy2019.js

Requested by

Host: ac6c1c7be8da81617cd43340af360d9f.safeframe.googlesyndication.com
URL: https://ac6c1c7be8da81617cd43340af360d9f.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

68026f99511fbc5c2275b7068b5fac19797d638977ffb9db12c5c1523614c18f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ac6c1c7be8da81617cd43340af360d9f.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Wed, 06 Apr 2022 10:56:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 909
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1233
x-xss-protection: 0
server: cafe
etag: 16517525077337815633
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 20 Apr 2022 10:56:39 GMT

GET
H3 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220404/r20110914/client/ Frame 91AC 15 KB
6 KB 63ms
62ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220404/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: ac6c1c7be8da81617cd43340af360d9f.safeframe.googlesyndication.com
URL: https://ac6c1c7be8da81617cd43340af360d9f.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ecc2e585ea072abb205881f3aad6f36e92d556537e7100a8a128ddbc75edb436

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ac6c1c7be8da81617cd43340af360d9f.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Wed, 06 Apr 2022 11:00:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 677
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6407
x-xss-protection: 0
server: cafe
etag: 6055885685211612390
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 20 Apr 2022 11:00:31 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame 91AC 0
0 64ms
62ms Image
text/html 2a00:1450:4001:800::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaTUo8aTV1B7gGbXF-lkYKWRbj91hiT2L5Ur3eKbhmsQVgQfOuxKswLw3Re966ARUxyC8pSamc7KWkChPlQvMeCPpv1sew
Requested by: Host: ac6c1c7be8da81617cd43340af360d9f.safeframe.googlesyndication.com
URL: https://ac6c1c7be8da81617cd43340af360d9f.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:800::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ac6c1c7be8da81617cd43340af360d9f.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 91AC 119 KB
36 KB 266ms
156ms Script
text/javascript 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: ac6c1c7be8da81617cd43340af360d9f.safeframe.googlesyndication.com
URL: https://ac6c1c7be8da81617cd43340af360d9f.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a59c05d1a0531610285fb30680c6ff8cb80b987cfd7f118a84e44ca4dd942f55

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ac6c1c7be8da81617cd43340af360d9f.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Wed, 06 Apr 2022 11:11:48 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 36931
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1649071906742826"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Wed, 06 Apr 2022 11:11:48 GMT

GET
H3 200 styles__ltr.css
www.gstatic.com/recaptcha/releases/gZWLhEUEJFxEhoT5hpjn2xHK/ Frame F8CE 51 KB
24 KB 58ms
57ms Stylesheet
text/css 2a00:1450:4001:813::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/gZWLhEUEJFxEhoT5hpjn2xHK/styles__ltr.css

Requested by

Host: www.google.com
URL: https://www.google.com/recaptcha/api2/bframe?hl=de&v=gZWLhEUEJFxEhoT5hpjn2xHK&k=6LdBUMUZAAAAAK9sWAfAA-Kd5C0Y4AGlWbDlHXpD

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f6d032132eed5aa1a417456f07864c51fe631858b190224cf7d1a50116d15f48

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Wed, 06 Apr 2022 10:26:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 2693
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 24237
x-xss-protection: 0
last-modified: Mon, 28 Mar 2022 04:22:14 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
vary: Accept-Encoding
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/css
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 06 Apr 2023 10:26:55 GMT

GET
H3 200 recaptcha__de.js Show response
www.gstatic.com/recaptcha/releases/gZWLhEUEJFxEhoT5hpjn2xHK/ Frame F8CE 362 KB
143 KB 61ms
60ms Script
text/javascript 2a00:1450:4001:813::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/gZWLhEUEJFxEhoT5hpjn2xHK/recaptcha__de.js

Requested by

Host: www.google.com
URL: https://www.google.com/recaptcha/api2/bframe?hl=de&v=gZWLhEUEJFxEhoT5hpjn2xHK&k=6LdBUMUZAAAAAK9sWAfAA-Kd5C0Y4AGlWbDlHXpD

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

dff2681d8f5f16b61b464b599d7c62f61efe496b54a77044145495bc8cad36d0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Wed, 06 Apr 2022 11:09:50 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 118
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 146406
x-xss-protection: 0
last-modified: Mon, 28 Mar 2022 04:22:14 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
vary: Accept-Encoding
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 06 Apr 2023 11:09:50 GMT

GET
DATA 200
OK truncated
/ Frame D670 209 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 3a663467e111fd2237a1bc5255e8d702b099f29cb553ecab24efe98cbf898b5d

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ Frame D670 217 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 2849d8d2183da5372df2c04733260f2aa258e634e02d6a9f76c27feb0612eb89

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 4UasrENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RPjIUvQ.woff2
fonts.gstatic.com/s/googlesans/v42/ Frame D670 28 KB
28 KB 131ms
64ms Font
font/woff2 2a00:1450:4001:831::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/googlesans/v42/4UasrENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RPjIUvQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C700

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a67d07f733785876b3192826e76f537e2b9dc0be172ce52c773d30d65f712a07

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://nets4.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Tue, 05 Apr 2022 22:46:42 GMT
x-content-type-options: nosniff
age: 44706
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 28328
x-xss-protection: 0
last-modified: Tue, 01 Mar 2022 21:57:43 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 05 Apr 2023 22:46:42 GMT

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame 0E1B 17 KB
6 KB 91ms
89ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022040501.js?cb=31066992

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Wed, 06 Apr 2022 11:11:48 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Wed, 06 Apr 2022 11:11:48 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame CEC9 0
0 99ms
98ms Image
text/html 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gpt_2022040501&jk=119089816863529&rc=null
Requested by: Host: nets4.com
URL: https://nets4.com/domain/ornatus.ru
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame DB0D 0
0 175ms
173ms Image
text/html 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gpt_2022033101&jk=3907680314576310&rc=null
Requested by: Host: nets4.com
URL: https://nets4.com/domain/ornatus.ru
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 2FB0 0
0 98ms
98ms Image
text/html 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gpt_2022033101&jk=1185533996339920&rc=null
Requested by: Host: nets4.com
URL: https://nets4.com/domain/ornatus.ru
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 1CCF 0
0 173ms
172ms Image
text/html 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gpt_2022033101&jk=702374415149123&rc=null
Requested by: Host: nets4.com
URL: https://nets4.com/domain/ornatus.ru
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

GET
H3 200 container.html Show response
44b06eb17c5c54e89d8592603d21ef87.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 3D2E 6 KB
3 KB 65ms
64ms Document
text/html 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://44b06eb17c5c54e89d8592603d21ef87.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022040501.js?cb=31066992

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

accept-ranges: bytes
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, immutable, max-age=31536000
content-encoding: gzip
content-length: 3108
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Wed, 06 Apr 2022 11:11:47 GMT
expires: Thu, 06 Apr 2023 11:11:47 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 i Show response
api.purpleads.io/x/a/5888ca483d407f9898ae080442e1de15:f1d8ccf8bddb1f6a83814a9b503f0cd09e14aca63cb160378777572a7868ce3b65521bdb65ac2e9ae5b2f24e11618ea742a1ba8f3ba060dd4784da60d56d9010038a9a0e1cc40d0... 0
199 B 124ms
122ms Fetch 23.23.7.90
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://api.purpleads.io/x/a/5888ca483d407f9898ae080442e1de15:f1d8ccf8bddb1f6a83814a9b503f0cd09e14aca63cb160378777572a7868ce3b65521bdb65ac2e9ae5b2f24e11618ea742a1ba8f3ba060dd4784da60d56d9010038a9a0e1cc40d079ed27797cc7eb021e56333cd19020b7ed8296497c177bcd8/i?id=14815894-af12-4081-bee2-332405191c69&ts=1649243507560
Requested by: Host: cdn.purpleads.io
URL: https://cdn.purpleads.io/load.js?publisherId=344ad2e45bc351c4ada152793585a015:8aed5d81ec539e8e6c45776fc6ee38d0aa92f5aeb356bf9114996f6476591916247996f56f76a9fe14770cd4806b54edb29d6938615ba1769d3b435fb1fcd83b
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 23.23.7.90 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-23-23-7-90.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Authorization: Bearer 344ad2e45bc351c4ada152793585a015:8aed5d81ec539e8e6c45776fc6ee38d0aa92f5aeb356bf9114996f6476591916247996f56f76a9fe14770cd4806b54edb29d6938615ba1769d3b435fb1fcd83b
x-request-url: aHR0cHM6Ly9uZXRzNC5jb20vZG9tYWluL29ybmF0dXMucnU=
Accept: application/json
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36
Content-Type: application/json
x-purpleads-version: 0.4.18

Response headers

access-control-allow-origin: https://nets4.com
date: Wed, 06 Apr 2022 11:11:48 GMT
access-control-allow-methods: GET, PUT, POST, DELETE, HEAD, OPTIONS
access-control-allow-credentials: true
x-request-id: 8d42e968-ea17-4271-9b52-b1fd1571223f

OPTIONS
H2 200 i
api.purpleads.io/x/a/5888ca483d407f9898ae080442e1de15:f1d8ccf8bddb1f6a83814a9b503f0cd09e14aca63cb160378777572a7868ce3b65521bdb65ac2e9ae5b2f24e11618ea742a1ba8f3ba060dd4784da60d56d9010038a9a0e1cc40d0... Frame 0
0 126ms
123ms Preflight 23.23.7.90
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://api.purpleads.io/x/a/5888ca483d407f9898ae080442e1de15:f1d8ccf8bddb1f6a83814a9b503f0cd09e14aca63cb160378777572a7868ce3b65521bdb65ac2e9ae5b2f24e11618ea742a1ba8f3ba060dd4784da60d56d9010038a9a0e1cc40d079ed27797cc7eb021e56333cd19020b7ed8296497c177bcd8/i?id=14815894-af12-4081-bee2-332405191c69&ts=1649243507560
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 23.23.7.90 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-23-23-7-90.compute-1.amazonaws.com
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: authorization,content-type,x-purpleads-version,x-request-url
Access-Control-Request-Method: GET
Origin: https://nets4.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: authorization,content-type,x-purpleads-version,x-request-url
access-control-allow-methods: GET, PUT, POST, DELETE, HEAD, OPTIONS
access-control-allow-origin: https://nets4.com
date: Wed, 06 Apr 2022 11:11:48 GMT
x-request-id: 50ca4769-21b7-4b6f-ae4f-79941c8db8c5

GET
H3 200 gjBotrajnK0yz4ntvsDRFlMTAuB3twHveDeuldaHPWQ.js Show response
pagead2.googlesyndication.com/bg/ Frame AFCE 35 KB
13 KB 60ms
58ms Script
text/javascript 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/gjBotrajnK0yz4ntvsDRFlMTAuB3twHveDeuldaHPWQ.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

823068b6b6a39cad32cf89edbec0d116531302e077b701ef7837ae95d6873d64

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Wed, 06 Apr 2022 06:29:56 GMT
content-encoding: br
x-content-type-options: nosniff
age: 16912
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13748
x-xss-protection: 0
last-modified: Mon, 28 Mar 2022 10:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 06 Apr 2023 06:29:56 GMT

GET
H3 200 gjBotrajnK0yz4ntvsDRFlMTAuB3twHveDeuldaHPWQ.js Show response
pagead2.googlesyndication.com/bg/ Frame 9126 35 KB
13 KB 77ms
75ms Script
text/javascript 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/gjBotrajnK0yz4ntvsDRFlMTAuB3twHveDeuldaHPWQ.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

823068b6b6a39cad32cf89edbec0d116531302e077b701ef7837ae95d6873d64

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Wed, 06 Apr 2022 06:29:56 GMT
content-encoding: br
x-content-type-options: nosniff
age: 16912
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13748
x-xss-protection: 0
last-modified: Mon, 28 Mar 2022 10:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 06 Apr 2023 06:29:56 GMT

GET
H3 200 gjBotrajnK0yz4ntvsDRFlMTAuB3twHveDeuldaHPWQ.js Show response
pagead2.googlesyndication.com/bg/ Frame 6EB2 35 KB
13 KB 92ms
91ms Script
text/javascript 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/gjBotrajnK0yz4ntvsDRFlMTAuB3twHveDeuldaHPWQ.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

823068b6b6a39cad32cf89edbec0d116531302e077b701ef7837ae95d6873d64

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Wed, 06 Apr 2022 06:29:56 GMT
content-encoding: br
x-content-type-options: nosniff
age: 16912
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13748
x-xss-protection: 0
last-modified: Mon, 28 Mar 2022 10:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 06 Apr 2023 06:29:56 GMT

GET
H3 200 gjBotrajnK0yz4ntvsDRFlMTAuB3twHveDeuldaHPWQ.js Show response
pagead2.googlesyndication.com/bg/ Frame 6E8F 35 KB
13 KB 110ms
110ms Script
text/javascript 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/gjBotrajnK0yz4ntvsDRFlMTAuB3twHveDeuldaHPWQ.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

823068b6b6a39cad32cf89edbec0d116531302e077b701ef7837ae95d6873d64

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Wed, 06 Apr 2022 06:29:56 GMT
content-encoding: br
x-content-type-options: nosniff
age: 16912
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13748
x-xss-protection: 0
last-modified: Mon, 28 Mar 2022 10:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 06 Apr 2023 06:29:56 GMT

GET
H3

200

si
googleads.g.doubleclick.net/pagead/drt/ Frame D670
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

0
0

106ms
106ms

Image
text/html

2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Requested by: Host: nets4.com
URL: https://nets4.com/domain/ornatus.ru
Protocol: H3
Server: 2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Redirect headers

date: Wed, 06 Apr 2022 11:11:48 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
location: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
cache-control: private
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20220404/r20110914/ Frame 557F 25 KB
9 KB 60ms
58ms Script
text/javascript 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20220404/r20110914/abg_lite.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-AOss_-TGuxEsx2TPyqJi_jmqBR6eTIo7u8I1yYzbLJfPmDWQKrmtJGOWfZxY5pghZKqkrPnZr36C_Ev-np3e7a0-GJeWivbN6BFezLRcQsSbBh9KpgaO7GmDUU6iD7zFhZDbmFU4eQ40rcQfXE-dw6-79DvQ&cry=1&dbm_d=AKAmf-AKHfeDQeHlHSo_zCqAVShdXcx1zLNjjAZsa0p_sztCJf09T48sTt9bhbyv1dI0NO7RIsJTjeSFFyz4vILwwjBBEQnZdUOAJaQUcsJsITYYSFgbfURLuTK9XnYAIxvSY6hRFiEE8cQ0l7-b-zEmSevlGBlWHzTgEArxiPoJDi8GR35AYrNqqrkRhLyG2kFjxcp5ZPpytrB9ojHF5WkL8SZS9E9DHgvwmDlqKpxFcTqXbJTZF0Yj1SfeDwwUc2yogDybEMgwdkzIBiPPlx2WsIOwqlOSTsfcYkwPOEm-70WLO4wUD_pY6oLmXDKXLZA__FZQ0IFg5A66frm5iXV7jaeADxXRmLFoVCj_gKarAo0wWq4eioa-wRtPmhhMnIcaqgTWQr5NttstGffsC1w9Q0GkG6Z0VMiy-49rFAnDGPL2i8jVeWAl7FankdKSuvolifd3LV7RH_S0KnpTm9isrsxY2XA8tiPFnlWS7nenKSy_xT9v9tH-gn43Ob2AAeWMSpgA7SRD621JHeoIsOBGk4thp85a71VtH2dFjOuGGbbjgDOP2Br-LbRXboep17YzEOK11t9QgiiLZoCSloAZmOj4XE0DOOhjbwoCdBwr4UoYc16kmNtgrPRU_dMR1ti-tIfSH_E0ql8kC92D8hwA1V1a4G7DTQAKmiC-BdMd5wQ2T9Bz4lG_ogpqr8pcPFnpEBB7QCQ0r3AADXYGV3moKiEI-1lv8m4RxkHoUv5029-GsKkFibsLhsyj5F1lsZXgkNGM4xBcwlZlf4Mr_4SX8O40BG1hWWQ16l7ySKlY2SjeUj24slfyT97-Nd5_XhKZAZceKsg6tfYSdGBEscTtlVUoeeCc3brTjdJ-zz3cCXJCC1VKv9upDjkGgw7QVUONfywxLYgljkJAIGhb32_WIn-8A9ygDy3Rdbud8l9Pry6Ki5Fn00a-pSQnC540wtUxy6iD5xucRUkvvYfD3OiDAyX5dyQ8b9mVoqtpZk8XmOjA8tCzJKFlRQN1bizpOdyvYfvB_pFG2ERzEpBwLNprvt3I05nRk2Lz8McAtg_j8aDBUrozxgkL_5U-dOy_4g9vW2Xhd-6aiC2vJDBOYeatRx1jrfHHSjSjHO_ZNrLotcZ8FoQfnMyFZpjwFcOogBITgdHbKwg7QaC2Ws6qvJR0fhYiqef-uEkDQ_UFTi1vyuma9AZ_wLKPIx5_LRADu4w1lj85uN4nsF0RZtUX-PLDOJf_eKJUudVxREYkzwXMYIFAnCezMzIbZnw01M-FCMPf90Efq3q12lIKa94iKAXsKFPbIXGgt6ud7X-aA1GUslROYWC_SIalBwHvuM65OSB5ZyVKiXsLZ1jlHEVGwmv29Sy9DqPqH-nePt7C0PN_ppHMg30OnNrF37FPyZKJXXBN4rdDqpHq5EcEecs7LXftyuY_1_MbQjgGspngiyrvx-ClY1hcWOp4WA344RAAaqytr0eYLSwk3v7Gzv5nyzWvHIpLnwS7WelPronx3l_mhYBFjHx8l0GUfpYeEHrXp9hD5Az8DcQvyzCs1KSHXBN1nw577EvE0OPaCSVfygpdj5YwCAn_mjoZA1uJ54Rz3XCzoJW3XYZo0Vdv624NdWPX3N5kVh_wQvagsbNA2871KGFAWTsYST1aERE-zHWMQakiZuHGs_d3lA4D6sO261Vn2xNGMafh4RTBi8XsuNxg55gqw02oh7yEvZuS1ls2Rqt_mHe4HXoiSrA_Vr5z-NCv3X7m3lEbbfLofdX0BIyQTf3D-pFgkjV3KqsX_h0Hoy1msDXVABt7hQpYFE_wZ6E8DwPesGHdc3wa4baQhKbvHLkFep2FYINkFDczPkb90RByIRp9ClNrtBXlwAt9_eJWohmF1HzGkbg7K_J-s6XnadS1uwa4bpX0G17LK5BWw2ZncgxSs6Y1MIh7bZOP0hxmKG2b12O9E_bTvKr6aC2ASp2mGNdcMfuL1mgS4Dm3VNymM89o-ah63BSEPJwy1F_t9RzWFILi4WBNgrFkgOKibOmuN2-MZw0O1MDKngGNPurA_JOt60AwM2gp-S5rpjOMaPlASdHedurjz-pJ-rwovO5NI6d044QgXpySRVq0vf1mtWNwQutb_h3butIy9U-Ow6Sgrh_JAls31CCXIb5cYBYUwGr3p8p-BM7nLiQM-F2e8t37lJIReuw94BTzVyCLI_3PXtecwYG7Xz9W8G67mf7cOJYSSWWbfnbN0J0YYzQ2w34a2bRc9h7aJVAQKyTq79pCJIka_TGd2-lUvR08bVEHU0OsYhzLFDTy1UEM1OKw8evpEqigYvpeUmRa8ldFiNh12puEqzYhi-rqoByTOtOEQCrUmQmHg8wSpkZxXNBXlUY_p9Oun3Hs26R4XC2PbbP5x7_OVsLKQkT8rrCQi067aEaOHxSIVME2bDIv06McIs5LT_6LenohTdCiNAycZRfYndX9D_PhlljXrS0kuy0OZyiYoAOdLhwnz8FrEio6duB3FlP7BvK1HpGx5WD_uJEvHHizsk2OAtTBtkk19gn8IlmQM3GF_xiuvCVm8ESjGotwoI0dmNYi721dfWPb1Y6j4iRM5f09fAqKXnH74Ye0di89XWVK8h1FQnzYpg7YBQ-DMsKRY6dpp7eJVtoA8g59YARKkHvF8GKVawa-3_7Jc94HGbzDa2RNrTGLxNPyjOPdDij___iUQrh0p8icfv8Jw0NifgOUOPEwQc5BvxSZYesmzgdret-pZhNfhhFkuFrpuVI90RVpLXTIdV30cybjFvaUukyp7elrxRuToDMsM0YezLxMjdcGaocpK91p0g8dQmKcCYtbkQ0j1cn500rwN1puKygfv-KkAajlMB21Dkq9ofpHgN3JOXTLMSfDbA8onkenpBoE0oBqvxBwRZumzFtLxc_kzCO8ZgfBfxLzXD5CSWuVMYN-cBySgZlHycXOPr4RS5dYAe0P5qL_OLTbHUYDnXyCjaq6q3_L8-WgGPz15-gX0YedkwRz_Sh9V3vdZQZahsPUsxOD2vSGaRj6aPOJatlC1JIquLgDgXDBYzgU3_D0Gxgs5iBSj-JnM1fT-7853PMIppc9x7eJUkRgjvIMW4JdlGA-e97ViaKUuJp40LpUvwc_iflN8lYzy17FTux2xm7Rn-9o7N-GX92OEEgXhWeXv9XwqaBhSPQCNyThkhRdagFCdUMzlYmSOrNmCk7_lD0oCJWqs6nyZjDxMZfWQFhWxoHSEwuB91n7OWN46zn9GU5pdEYWUGXkNyRi4hGb&cid=CAQSLgCNIrLMDGbgTueWJMdmEt7-Cw5SqYD12HyfTRSSyAjWbOqlbhQe-R3hqVJ7J7gYAQ&rfl=2%2Chttps%253A%252F%252Fnets4.com%242%2Chttps%253A%252F%252Fnets4.com%252F%240

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

2cd44768f593bf50da4fef0e9b6871187ae76f0f0259b3e103b9d5ea1fb99459

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ec81b50761337029cbc265e61aaf7f67.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Wed, 06 Apr 2022 11:11:05 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 43
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9667
x-xss-protection: 0
server: cafe
etag: 18132634833399189292
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 20 Apr 2022 11:11:05 GMT

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame 557F 41 KB
15 KB 57ms
55ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ec81b50761337029cbc265e61aaf7f67.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 19:34:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 142646
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 04 Apr 2023 19:34:22 GMT

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame 91AC 41 KB
15 KB 56ms
55ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-B6sMh8PM7Pj7Hum3uGLk_jTd9TbWyk_QkPFpTfBZcyK_UCcDfsflsi_tjeZzFX1Rlf0EPUUKUoY2aUvDeM0f0IarGBUYDXQFH7nqqmz5MM73zWHMiKr4R3687iEHt0ZBmNEdQ8CHWy9_xeq7knmEg0O9BaUw&cry=1&dbm_d=AKAmf-AxyxiWJDdN5ftmyvEwDdDERha9Wca-J85rF6Qib4pvH3zEq6l5s9pbkcqNz2kOzRD04BerKZMpBmlEln2zW_JiFjcBGzRNIPbDXgTrecg0W2F1FbR58ngD900jwMAO6Pvmf7LV2_Na3wQFFZ8VOUoh3cR2mit1uEYl2w7PPC_JT9fmrtVdjVUV-07-uG890uPWeO5AQ3tzzlbgXjGtxgEGM2wou9W2QTWwVK6u50TnXfQatMQELHc8MrAEbVQXnm8UcVQRonRv3RH70N9wkOB3wR5luK2W0d9JlPkzi3nIumCUUhQ8I1IeG3mQHvTa7yxuz_NNS6PaTmFusQpqmdg6-BP39aTNS086ydC9JXEt5-d4ltPncUdWxL4MSEO47kTF2tUFRAEG9WNI7rJZctRYd7M_SBFQSgfSINk-g8MCZub8V4IbtlMoQ9AuCZXAI8pRpDV9y_kj7RVbqSyPPFTjChC3h3wpBCIwtJ3lnpAi7BZURfcTvYpn9bkKn_Oa8Wtbnyd1KjfmlN8GXOjk9j_cusR8PEOILe4lGu_BODT76zWM5zFsiAaNhieLDqhCwmfE47r03T42m0XA1WHosQFu8ftkQbGHclF1V8X3lUfmj9d4pd-m_ZMQLcbO2jfzzdtPUWiDTvPDHINAPj8PyLIMHZsdj4drrnVckofmH8ZjaeoP6Z6-uY0AH3o5QoPHE3C0f21kKAo8EqizfT3wE-8zmZx21XiNC8uC5lcBF5aDPD-PCymDkr5dajGU37WQCMgcyih2M0FKmqsX65C2ex3EaHrOotzC8mqTTpYvXTBdrPuppeyrqh5Wh4hWHxckNT190Vz-YG2izbpMQ7M1kAsurlua-Ah1xas-jwZhj5B2FBB-B9UULUZ89HHq1ZGzJTz7iGp81yzF_SCURKFN34G5busQr7DvsM5quJeplIJ72CIbbcuKPsDXYxgo8s0xg-k4VFHmlEVcpkzwudhlcLtxvzpkkSNM_Aeewu7rxyQIMxsOnsazdNY6EJO7_nLzXjK4DhjtfqF2sUlPgrUsEvHnDzh2BAeCI_hKAxyKQJhp2hp2uF2OuDIUrT9sTyhV7mV-P5Q14z9OtpMhi2TjXMyw4hHEj2ZDwJ6_Js4DgncwvwMqjlBdRsoS_MACPD8SZuqh2lBoDuSHcXjCgR3IyE3-5FI8pD0pPbaVev1aFsHmT5NhJWMrd3R64kY3gTByXzLNXeoV9_2Y-tEbC73dZFWzcn7MQt2gkrU9H0QZGNstjOsoDp6KAnNjlWT80k_vDE8-mInBYlTQhSk-YNeM-RizF0mTeKUzGHKnqRLNCMMcQFWpCdKl-hgbO40Ya1hAGJVhGZ1bCEoGibl4zvtE62esvGJyW9SwNBcpC_VhhmpgHYndPaEQ_VxWC4k60m70ZRPn-v8K9v2CVTU5v62NfQSMF_LcaTJO48DU-UNietuaZM5yDtaWxNS4yC_s7HdS1tZnMXb7TWqY1UG0n5PW1RQhia7pgabrDstzvk2FeOcQAUkl7-fXtzb70zC9JlVfpWwn393O5stMbJirNiJ1MB84772jgHe5qEERxR3KeSiOrF_a17IuHvkNVtJczl89GFmjCZSKZQcq83h0CrWS4z2bOyBjDgUCMimXim4QxuBOZn4kxLcZxWTbPdRndFRf-3qTeTSK_5QLP-fvPFmEC_B7tCgD2Dhj_qYM1hgchnsBmUKocl12V7Q4XuurXcBA0dcDZj56LPhb3B9QfuF-oiKGgrHjKrcLvL75qSctsQ-gE0HEntWRo7BxM1Y7sO0gsQa_LlUyli0k9Sb2OthqM6ITwHsGFl1tYXl4diR6BWEPmVfDJXmBLUAY2ZJK0eCRhmN1J9Hu0lT5hM99f8z6Ux6oaaUSt3I32w9pdaYUtQBwzo0-V_1a6SB8h-s9ZE5X65veB52PaBdD7RJe78it60bY0fvyiYx4gZsFbzQap8aO-fSIl3C-fS95oacmrb_zRKumpGtjwZ9tTWMHTTi24os-rgz5lZL3BpJxaN75AfApjNbLfTh2j487dB7kErJ9pjteheJrCnNV60yJAYjF3TzWj2LUNc6JCxiLiOhLAGVqCfe7HjpXKQ3vIx84vKh2ZOpAsD95xUZMt19g7UeaxYNnAYdrHg2V91WlfBqz_qP4vSGsqHbZnMGysT4rgkhTGRcmKeL6remsj36LoJnKW2Q47PtYT1a8iO8w2XkRhN_OOFDAuIMM5rIXJ23qTtbg_ImSInstfil1XPGKs4_XKJQFohLnRrwJ0_Bcv0K5De36-4wmG42Hr7zkstt3QD6EJnKYE7dOh03igrgD8P7_GKXPleq4Yu4NTC-oxglHxDRbMmxQ7ZsAa1OTn65ZxUjISrcw_gVwuVwlzy09RZQcZ6aWO9tTfIF3j8vtrhuDPz8KPRUn4zyL-vqbe1o2uRMhyIam--T3LgbqH2XqYlqt13Am10Oyz-Y1ZRgok0OGA6d1rMczyMRgzAqgBGKqPinxJix3-cOpLyJOKWDkXi5INt9Lf4dzj3DdXUHebP-NpgDA3oekpH_5d8Hv7EPZF75LaW7qe2gXA535mZrcho4p_GfK08dI55tH9E9ggohbDuKJMeXNmFzv9tKKmGnTctzi-ZGTO5Pxuh6Ww6uPUH1MKtq5C8nIWPdQMWDImkPZ_-nqGZ0Xm45zW23-cN__8sNsNnZLN3Ghk2UkaW9CBm7-E1ZOKVMg35K89ax43qkkK46gFY0Q-3MdyXjdDWDpwetRPSCGF1xsrpHFviyi7Zi5-oOW1UeyZyFRiuvEbyVWzzdkhH1s50g2GDdSLgddvCMu60hbE8lughmqs-9GiGs4TpoXHV8APa02A8Ni2ZwJ8sHISKJTCDRYesMnKIOBTMbRh-WFmXfbHm3hdTBzrga47M7p822DIZ2M61nfZsB50N_DtjwzDExsydbw0cJilI6RemyHD4AwwCN3KsTw4frWhVLk1BVCpt_HfA9rcrmFDZk5TIx2LVpCkP0ljWKnMlLZCoceAixOrgoBxhAtlshcuG6u9kMWGQwqpb3nW27Ed0DCgUoAp7Y22psL5zysvcYE-13vUGsnNduIHaKUI9HbVkAZYY3zxMusUXh8ZjfTaEZ98Qj63TBrHCt4sfDbRUyeoe5q5bai4nlyCQ0WcyU0rhACL6GFkaz_0gTiLzLficcQ2UAvtfq-0lGTxhDBypPmI70BYkmzzs3ySPAM6C6ff0Y5aYbYwZ28goeRchJaGf71Oed5BTo&cid=CAASJ-RoxXWFTzELul37GAv6AGfb5sYGvjmr3OJ_rozOX3NmHfwkd1dQ3w&rfl=2%2Chttps%253A%252F%252Fnets4.com%242%2Chttps%253A%252F%252Fnets4.com%252F%240

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ac6c1c7be8da81617cd43340af360d9f.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 19:34:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 142646
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 04 Apr 2023 19:34:22 GMT

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame A246 13 KB
5 KB 55ms
55ms Document
text/html 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

accept-ranges: bytes
age: 940
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Wed, 06 Apr 2022 10:56:08 GMT
expires: Thu, 06 Apr 2023 10:56:08 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 3DBC 783 B
535 B 66ms
66ms Document
text/html 2a00:1450:4001:800::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

a83ecbc0d9026bab9558734a5038c8b10e4cfe56bab870bf954c01946f92396f

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-H5OwW0LnsCuisoZnjGFUOQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private, max-age=300
content-encoding: gzip
content-length: 513
content-security-policy: script-src 'report-sample' 'nonce-H5OwW0LnsCuisoZnjGFUOQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Wed, 06 Apr 2022 11:11:48 GMT
expires: Wed, 06 Apr 2022 11:11:48 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 6188 624 B
297 B 131ms
66ms Document
text/html 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxjbobvGATAB&v=APEucNXg85uw-QUaB4e2n3GjCqAsjKdKtohglbpd9N9JUFCJn__3BWyrhfPpbf-199igT8WceigduCWPz1KDEFUW6EybT0YDQX3jlWVjtWlvwAkngx_1lVmD4PdiBEekIivszp2e4hpOG7T3GGHkTw_vcmCqCH5Siwl1rpwDlPR8-_guQPOrYo8

Requested by

Host: 44b06eb17c5c54e89d8592603d21ef87.safeframe.googlesyndication.com
URL: https://44b06eb17c5c54e89d8592603d21ef87.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://44b06eb17c5c54e89d8592603d21ef87.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-encoding: gzip
content-length: 276
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 06 Apr 2022 11:11:48 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 3D2E 14 KB
10 KB 149ms
87ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-ASuprM8FGld7cFayTLvLCrVvjTvbIe-5lKUzHcEV4RHjh67dscN-Mcft90pu59dujDL8DdzZzAK7oyg5YzmKENDSbuCOqGa0X872txx5qvkac5-BkwAYgvn_6pPy_eVRdW1HX4tgKoV4MICZu70qa2MUDR1g&cry=1&dbm_d=AKAmf-DApuTJk2SyPDgLqw6Io2-Irw4ZNfYhssXmx1jyuzKfVrhsfvSC6WXKR-_RBPpnHT2C3nCly2_iDBTsQZTXDvX2SRRAZV0EzSL6Ru94zptpqVU21u7YEa3YQt3kyt11z8gUFOfw-a7vKHs2KogozTLPMhnwKc0nMhorAMtihTascb1IijnCpuDRMQ4Fe2UlVLiaXd49l44xB6bPjyO0R-zBH4vVmHVT2hBtK7EnRDV2kE0QCf-eoAlAup_ntpO9t7DTQLd12NLU0EvEqpEDd8iEQ5_i92atoTImiVajkI95zmj6Lf0bQbH6SgNnQrCJ1xgoWUAcezjXtFFL7HeDmngmCWN2sjYEW0rWt3Fu4nKySrCxJYBu_cuQGm6-Q3Pk6qyXCKiMPoDApvzjD21OFbvxkQNF0s9hEmxjlNrDs9uA_yVuHJkMIQns170UrRH1PqbTOsEZCZ8LZqszZod4dzAAKTHy5V2ylsM5NtM3Q-x2GzarOhJQgRO5EsMHZr3aqKOHzD_Q9QLxM45t68C5TCLMzvHIhPEa6EMe66fBOqFu-KX-8vqW-dIBokGNmUTC4Gv2P5nSSB1RthpbutMb253F2NHbb53xdL-bf07nBoxV_NshmUqMyU_yUPg9Lji645jK9pT5gluS9V3-til-6zjQe_xdu2MTSapmYogFFpWAXvh5kQrpaJubv2pwq2SwgdWc6rGXleXb7xDR54ukO5NvLB6b8p_YgtbHfNK78TvrpXYs90VlMwpH0nRvRAAc8QauUcibMaPKR1qbm5EUqACjJl6VG0l3E-BL-6FdWcqwZ3_xZwcvuXWs6MJsUb-A8D2ZKACVYDfA-v0JGUyG6I5Ks6OOATnXBAxks7v_FpHdQ6jPaGNivoosE1a_JuLOPCo84hEdPpQjeNdZL3GtCo03wEnKjo9rA4O7xVJSSEZrzBtMuoI6aX-gVY5XzIwxTGeiJOGGjbCFEu0guOJJtBL7v0cQES3h9CRtZYwLFTBA63ge_sVGsqr1UAgrz5W_ICE1MweU5rwFmi-AwDzbOiILGPdqycxXqfDoPEykOAaFwF0FXXmmU3iuZZfd8-zlTWbj5sYkxZi7Kgef6UN80ghg4P4GLDxQOCaXDkRzQGMo8UZ_X8nrP-aRvoBLgXcCSkGUhkgOwc9dce9ZkkjTWgkPyZTUVCJd_iQHHcmZnap8tXw3WpqDtkVQ_gtzkQKzaCzNlSYWN_vhgIATnbChCgsz9S1wMV--SV-zKRZPg0Kq2aCAW7FKO3mWPP49isFa1-ZcHJVgXRh5k5xKvmCe2HRbCjmMFrlI4qzR9dZ5M_mQIR-vbKk8KW3LhCmD0cWbicLWy8cvBZP0gRZ5XkOFrOgm19rCLV-_pzUY0qiC658EcuArrnTNhb7O77f3BDGfKg6Nz9wx6BZWzqCey8uh-1WXYl6FBOM-RZGggElNUMiVH5msILxWZnl4gRCOu5Jnt3FGOxb037IzTzpj_5MUSBgUA_4NaXDlohKvIubwfA579gbAdkTleeGit4E-l0fBCMzrGtnnyHV1yi_f_iP98cOQZBx2-vJdq1mG8C7WlUXa9tvto8HSMzkZMt7BDIMdNRM6ImpdXY2LDiE_y5-XCRSbcaa5do0B-CBB2RmjM8mlW9kGXufe7593Gi5rpPW51uyD6oLLw2TWsXfoSfh5MnA3dHcJHZ3wJOpn4RkKaCAawqdysKhkQI-syfqS89nazV-scRCyE03cz459ZwOin03eX7QGK3VmY-9mWY-42J1VkTAiB1B7y7PKLQUh0rGAhS6t0V5r6nK8NWS-s1_rMcF6YsiQZe6gLYkqZEH7i5kAMcUMo3jkkMNmnTx8166KeXumZf-aNZl1AN6-XDeNX60Xe2Zd_QYM7IrbYmZiXlcIKVKn4fUvfnrz3UTf3foazyWZjvRqklbQ0e3wwVvuamu3tdx-ZNaBZvEyUO7o4AG4N1q8njIjqbV4_M3CmrTfSSmHDZeZ_OmnmFWmaMuw07aKNlWR86-xHDPxpkdf1JOTdZS0US9RO6L4V340Ooi0c0KRTwC77CicobBHtoboV_8ZYXgt_0N31PyBCXgx9jrNAeU3LjS1_fzAzmdeYuxEDzUgt9ext9Oul6DG4nO1I-Yc-M1-OtLzxjM0VFEMa52tK0ZmZ84Kg85GsTToGSDBKC6t89SAt3prsV078mPWZx1suHGWX2lx9xPsI6DxMjASiDJDIV29bEmLdiO5VJ40e52onrb-WM9XQ8iPI2TSR9vkI6pjW9tt_hEGENhvpTjKGe0blTX4uYdWdxRDMhPBSBVsTnhj0_lrXisefutRmTNdmxMmuskkT73N5aUK-bG2Jl97kndg0W97nayD3RICV-yjMt9qevE-xqCXvXrGD_dhUYsbjVfZlFZuQKkYRitWY3dGoLg6dJzSTeVft9B68_tDGDQ1Bf6tlbU6huiH92JH1LOLt8cIzxSSxhMu0f1-dljbmjGoI_dL2dwD2RHydhWkv-jDzW5JeT3UFI5rsLVoRah4vb6qNuhoHWYScd2Pl07c_8LppjKQ5UccNnx4DpYGLst1qCRaJqaeyK0mKDjf7Jg1F2mzeZ7mpdWr03BJkQ_umi6Ao98ZoNGmT76Lx5eHo5_AJ0oU60Q8XCtTjd1GiEmhppA5tr7juQ2ryEjkZ7P2CkQsuVYKncPeadVo1FN8_zoUI3UU0QSVDzbwruEsYHr5WgD9XGA4dfMTT0BFYBBnxSbru9O3KzyQMVNMoG5bZDP2uqY1SL69HaTDxVz8GraV1CrUnn74plt1K9IJemMXBe8zossTZRNwY4tpO5ZAI1Oxps-kd78atQdxZcUgiak8MKsGRDX_5iA-t-8aaH3ytxEGjZNOqw-96pMZG4VVnIJp8c9AoHRxJO4wmEtxyYwcOEWuCP3Z0eB6EO_gIhJAmCWi4sC6ICH7PLLYTKUKg4pdy-3DYVvIXc_Bl5dUXbYiavA2D-zVzzGtvWGgJJMhvrUUshZ3a7JDpK85hVUoqknARfCU6YoOd1y8rzVRrrQv1w0BFWGZ4-i9ZDOY0SPaNeL-J_1eobP6UAUTe2G_U3nffA4aRqyiBqzxxAK3-wL9hg_Szze_zO-uYN6s9oFAuu_47EMmZykqsLOB4dXZUAJPodmv_5j98iMZKQDa9DAfrGvDef55ljE7Xh6AV4Giu6GPSrrCqFnZ0DMLnYQcgrJSdL9qFRUOqyR7fKu_gmncWNGxarJBaKLuEGR52Fzfr4Q&cid=CAASJeRozEUKXEYxTnJ1H5omgj8YdOkwImXo6cSLXy0XlN9SyhRLzjA&rfl=2%2Chttps%253A%252F%252Fnets4.com%242%2Chttps%253A%252F%252Fnets4.com%252F%240

Requested by

Host: nets4.com
URL: https://nets4.com/domain/ornatus.ru

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

bf277296ac170c43eedc859c5dde730acc1b42eeb25409b81b28871193a75a5c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://44b06eb17c5c54e89d8592603d21ef87.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 06 Apr 2022 11:11:48 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10603
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 3D2E 42 B
63 B 90ms
90ms Image
image/gif 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-DLbnpfbMBvzwxSyB5bL5A8hbb2NSLVoroF0xTzd3t0yBc7REyrhH2GDDEdIy5gj6SaCh6a9aIFUwqvJTARUuMx4yu5_3IbtiXB4H_IiM4jG3W5FvU

Requested by

Host: 44b06eb17c5c54e89d8592603d21ef87.safeframe.googlesyndication.com
URL: https://44b06eb17c5c54e89d8592603d21ef87.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://44b06eb17c5c54e89d8592603d21ef87.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 06 Apr 2022 11:11:48 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220404/r20110914/client/ Frame 3D2E 2 KB
1 KB 56ms
55ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220404/r20110914/client/window_focus_fy2019.js

Requested by

Host: 44b06eb17c5c54e89d8592603d21ef87.safeframe.googlesyndication.com
URL: https://44b06eb17c5c54e89d8592603d21ef87.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

68026f99511fbc5c2275b7068b5fac19797d638977ffb9db12c5c1523614c18f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://44b06eb17c5c54e89d8592603d21ef87.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Wed, 06 Apr 2022 10:56:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 909
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1233
x-xss-protection: 0
server: cafe
etag: 16517525077337815633
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 20 Apr 2022 10:56:39 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 3D2E 119 KB
36 KB 138ms
71ms Script
text/javascript 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 44b06eb17c5c54e89d8592603d21ef87.safeframe.googlesyndication.com
URL: https://44b06eb17c5c54e89d8592603d21ef87.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a59c05d1a0531610285fb30680c6ff8cb80b987cfd7f118a84e44ca4dd942f55

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://44b06eb17c5c54e89d8592603d21ef87.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Wed, 06 Apr 2022 11:11:48 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 36931
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1649071906742826"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Wed, 06 Apr 2022 11:11:48 GMT

GET
H3 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220404/r20110914/client/ Frame 3D2E 15 KB
6 KB 57ms
55ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220404/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: 44b06eb17c5c54e89d8592603d21ef87.safeframe.googlesyndication.com
URL: https://44b06eb17c5c54e89d8592603d21ef87.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ecc2e585ea072abb205881f3aad6f36e92d556537e7100a8a128ddbc75edb436

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://44b06eb17c5c54e89d8592603d21ef87.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Wed, 06 Apr 2022 11:00:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 677
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6407
x-xss-protection: 0
server: cafe
etag: 6055885685211612390
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 20 Apr 2022 11:00:31 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame 3D2E 0
0 65ms
63ms Image
text/html 2a00:1450:4001:800::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaS0qV61eajh84z3rSfvXkuCRcxqEhkP0HrgbWac8aC7d4vFwBCLsgUW9bXgCHR1Xs9iWiLR-swj15BNqSK43qJt37JEqQ
Requested by: Host: 44b06eb17c5c54e89d8592603d21ef87.safeframe.googlesyndication.com
URL: https://44b06eb17c5c54e89d8592603d21ef87.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:800::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://44b06eb17c5c54e89d8592603d21ef87.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

GET
H/1.1 200
OK hlbrm3vhvew1 Show response
hal9000.redintelligence.net/zone/ Frame 91AC 11 KB
4 KB 43ms
12ms Script
text/html 178.63.52.121
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal9000.redintelligence.net/zone/hlbrm3vhvew1?subid=&gdpr=-1&gdpr_consent=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCGZFjc3VNYr_RH4jD7_UP64-Q4Azr0sGhad343vTFD_AuEAEg8tO5e2CV4pCCoAfIAQmpApzIbW2TRLI-qAMBqgTjAU_QRdcxx22Xdef64H_N4BbPyjigAVRhj9gb96nIayoF_eXShBEkKgAc1J0SStt__kE5D2s5Q7-FiA4QBtqoa3-wfS3clHv4YL1-hn3ftT4pFSFDj0cQ-j0vAjhiWlmyChR_58PdPxb5NTz3ksNgBgz0BPmuQELa7_McrcalwBgIA3Co64t4bx37NLvlxmw7Ydkne1jWIsSaGif7kQxrm3SfAg5DmqRjLAayBgxBFiXN2W-UYA0hlCjE6gMQyFkmkdM5gdsbe0jIvx0Mamu1-c3ghMYCcza7ieLvaOXSnDgWecnHwAS-jurk-QPgBAOQBgGgBk2AB6yt9Z8DqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhuoB_PRG6gHltgbqAeqm7ECqAffn7EC2AcA0ggJCIjhgBAQARgdgAoDmAsByAsBgAwBsBOPtdEO0BMA2BMD2BQB0BUB-BYBgBcB%26ae%3D1%26num%3D1%26cid%3DCAASJ-RoxXWFTzELul37GAv6AGfb5sYGvjmr3OJ_rozOX3NmHfwkd1dQ3w%26sig%3DAOD64_31ZOdYVrI3cg0FRfC72y2RK2wiuw%26client%3Dca-pub-5413329544040947%26dbm_c%3DAKAmf-D84dvb0AThHjuB8YYIXav89xB4ri-Sw45Q4ycMZ3dAox3N0kkbafKWqCf40ZoVwQK_4cCrwYxQ2tzlhwBBKrSvxLT5YxYo4nCI3_fk7gQ4LGSPw2fvFChZz2jhkKktXl-u_IlpNfsMKbTLbGMnWkRZxubS8A%26cry%3D1%26dbm_d%3DAKAmf-DtgzYNeaALiTHsHXo98ZYuTDCYbo24StRvmVYPzLQr-SQV3IlBAD9aekEOcvzD0ZpBImrs7BvLeAbCRzOXwO6PK86U66Arx2CO2UbCej10H5f5Ah7pBJuf71Z5dJtzfxDk7IAvNVqo9FkdtnIjTyp87tutPbK1a5edBEmwLWjECzIjVse1RXXDx1H9duOH4i2P5yj3SE-A4UMJIMajeukZdnr_Im_vbJHZtzlxQ_BMIrGY8Qw77UzUf1lTBOvmGSSjB8JtMh8u-8E3Iro_GEzpGOGYWpYAexZmsZZXBNPcSUWRzti2LpSQNC8tgOaSGurEHzUJGHAAnSRxTU3nFrwBGB0joLOAH64m5bIC8mJV7rfeAEkcDHarcCOcp6_Ahrf2Ff1eJIZWtErfVZNtZbmdlwDu6K-hB5mHfaP92IUDBt3U9qFnuKum0dkGmowFEMK0NtbCszJW3IZGmHYNuA1DhTQjhg%26adurl%3D
Requested by: Host: ac6c1c7be8da81617cd43340af360d9f.safeframe.googlesyndication.com
URL: https://ac6c1c7be8da81617cd43340af360d9f.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 178.63.52.121 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.121.52.63.178.clients.your-server.de
Software: Apache /
Resource Hash: 3821cd40937dee0e9f12ff6b38e9ba10cf6e6b20cca9253a4fe9a92cdf6c5271

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ac6c1c7be8da81617cd43340af360d9f.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Date: Wed, 06 Apr 2022 11:11:48 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 3928
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 317D
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEF6PErmG0PFNJk8lbREOAzE&google_cver=1

43 B
1014 B

80ms
51ms

Image
image/gif

104.102.29.65
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEF6PErmG0PFNJk8lbREOAzE&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxi2hrvGATAB&v=APEucNXrW2A3zcaurhz9CikU-mCIZb4n8m8V50HvbZp4CSZqgNClp-iWjLIpCYz-aZXO3Ubt9mRbPxMTR4Hl0ghT1yESm7GtfRqYRClF_klrt9IDEFJ6npqIU6uMwkwTeoWS-IUU9xygA9CkbtSPjN_QF5IXNdYhweQf_JgjH_9n0KjrCa_JyTA
Protocol: HTTP/1.1
Server: 104.102.29.65 Milan, Italy, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a104-102-29-65.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 06 Apr 2022 11:11:48 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Wed, 06 Apr 2022 11:11:48 GMT

Redirect headers

pragma: no-cache
date: Wed, 06 Apr 2022 11:11:48 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEF6PErmG0PFNJk8lbREOAzE&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 317D
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=Yk11dEdjGAxHR9TcUSJamQAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEF6PErmG0PFNJk8lbREOAzE&google_cver=1

43 B
894 B

31ms
30ms

Image
image/gif

104.102.29.65
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEF6PErmG0PFNJk8lbREOAzE&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxi2hrvGATAB&v=APEucNXrW2A3zcaurhz9CikU-mCIZb4n8m8V50HvbZp4CSZqgNClp-iWjLIpCYz-aZXO3Ubt9mRbPxMTR4Hl0ghT1yESm7GtfRqYRClF_klrt9IDEFJ6npqIU6uMwkwTeoWS-IUU9xygA9CkbtSPjN_QF5IXNdYhweQf_JgjH_9n0KjrCa_JyTA
Protocol: HTTP/1.1
Server: 104.102.29.65 Milan, Italy, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a104-102-29-65.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 06 Apr 2022 11:11:48 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Wed, 06 Apr 2022 11:11:48 GMT

Redirect headers

pragma: no-cache
date: Wed, 06 Apr 2022 11:11:48 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEF6PErmG0PFNJk8lbREOAzE&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

setuid
ib.adnxs.com/ Frame 317D
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESEDkI3CWiAzySwOcKDfhdLyo&google_cver=1

43 B
1020 B

19ms
6ms

Image
image/gif

37.252.172.38
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/setuid?entity=101&code=CAESEDkI3CWiAzySwOcKDfhdLyo&google_cver=1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxi2hrvGATAB&v=APEucNXrW2A3zcaurhz9CikU-mCIZb4n8m8V50HvbZp4CSZqgNClp-iWjLIpCYz-aZXO3Ubt9mRbPxMTR4Hl0ghT1yESm7GtfRqYRClF_klrt9IDEFJ6npqIU6uMwkwTeoWS-IUU9xygA9CkbtSPjN_QF5IXNdYhweQf_JgjH_9n0KjrCa_JyTA

Protocol

HTTP/1.1

Server

37.252.172.38 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

690.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 06 Apr 2022 11:11:48 GMT
X-Proxy-Origin: 185.213.155.162; 185.213.155.162; 690.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
AN-X-Request-Uuid: 8efc7dd3-5a8c-4121-888a-edef2868dd8c
Server: nginx/1.21.3
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Wed, 06 Apr 2022 11:11:48 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://ib.adnxs.com/setuid?entity=101&code=CAESEDkI3CWiAzySwOcKDfhdLyo&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 290
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 317D
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=ODg3MzU5MTM4ODczNzExMzI1OA%3D%3D

170 B
188 B

96ms
50ms

Image
image/png

172.217.23.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=ODg3MzU5MTM4ODczNzExMzI1OA%3D%3D

Requested by

Protocol

Server

172.217.23.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

mil04s23-in-f98.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 06 Apr 2022 11:11:48 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Wed, 06 Apr 2022 11:11:48 GMT
X-Proxy-Origin: 185.213.155.162; 185.213.155.162; 690.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
AN-X-Request-Uuid: d5fc99ba-bef5-43a3-bb49-7fad70df16f2
Server: nginx/1.21.3
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=ODg3MzU5MTM4ODczNzExMzI1OA%3D%3D
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame B21C
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEF6PErmG0PFNJk8lbREOAzE&google_cver=1

43 B
1014 B

60ms
30ms

Image
image/gif

104.102.29.65
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEF6PErmG0PFNJk8lbREOAzE&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxj-rbvGATAB&v=APEucNURRK4QBFbcPdmZo8JOopE_HaJK99vZzVIjEYF4bDHho_OygiTehmh2JnHM_zbr8Ps5sIPukSLMybMZ2I3EnjtgEB1ldBoDziCY7_gKrFk48k2DgEQySwy_43GRQ09kihRj_8kBFyCRdHtmeu894o30IAjZDLwwmAx2NVEDiqgGKsyPDvo
Protocol: HTTP/1.1
Server: 104.102.29.65 Milan, Italy, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a104-102-29-65.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 06 Apr 2022 11:11:48 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Wed, 06 Apr 2022 11:11:48 GMT

Redirect headers

pragma: no-cache
date: Wed, 06 Apr 2022 11:11:48 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEF6PErmG0PFNJk8lbREOAzE&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame B21C
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=Yk11dEdjGAxHR9TcUSJamQAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEF6PErmG0PFNJk8lbREOAzE&google_cver=1

43 B
894 B

30ms
30ms

Image
image/gif

104.102.29.65
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEF6PErmG0PFNJk8lbREOAzE&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxj-rbvGATAB&v=APEucNURRK4QBFbcPdmZo8JOopE_HaJK99vZzVIjEYF4bDHho_OygiTehmh2JnHM_zbr8Ps5sIPukSLMybMZ2I3EnjtgEB1ldBoDziCY7_gKrFk48k2DgEQySwy_43GRQ09kihRj_8kBFyCRdHtmeu894o30IAjZDLwwmAx2NVEDiqgGKsyPDvo
Protocol: HTTP/1.1
Server: 104.102.29.65 Milan, Italy, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a104-102-29-65.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 06 Apr 2022 11:11:48 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Wed, 06 Apr 2022 11:11:48 GMT

Redirect headers

pragma: no-cache
date: Wed, 06 Apr 2022 11:11:48 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEF6PErmG0PFNJk8lbREOAzE&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

setuid
ib.adnxs.com/ Frame B21C
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESEDkI3CWiAzySwOcKDfhdLyo&google_cver=1

43 B
1020 B

8ms
7ms

Image
image/gif

37.252.172.38
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/setuid?entity=101&code=CAESEDkI3CWiAzySwOcKDfhdLyo&google_cver=1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxj-rbvGATAB&v=APEucNURRK4QBFbcPdmZo8JOopE_HaJK99vZzVIjEYF4bDHho_OygiTehmh2JnHM_zbr8Ps5sIPukSLMybMZ2I3EnjtgEB1ldBoDziCY7_gKrFk48k2DgEQySwy_43GRQ09kihRj_8kBFyCRdHtmeu894o30IAjZDLwwmAx2NVEDiqgGKsyPDvo

Protocol

HTTP/1.1

Server

37.252.172.38 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

690.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 06 Apr 2022 11:11:48 GMT
X-Proxy-Origin: 185.213.155.162; 185.213.155.162; 690.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
AN-X-Request-Uuid: 5d035c02-9fa8-4260-9382-db939314283a
Server: nginx/1.21.3
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Wed, 06 Apr 2022 11:11:48 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://ib.adnxs.com/setuid?entity=101&code=CAESEDkI3CWiAzySwOcKDfhdLyo&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 290
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame B21C
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=ODg3MzU5MTM4ODczNzExMzI1OA%3D%3D

170 B
188 B

50ms
50ms

Image
image/png

172.217.23.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=ODg3MzU5MTM4ODczNzExMzI1OA%3D%3D

Requested by

Protocol

Server

172.217.23.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

mil04s23-in-f98.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 06 Apr 2022 11:11:48 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Wed, 06 Apr 2022 11:11:48 GMT
X-Proxy-Origin: 185.213.155.162; 185.213.155.162; 690.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
AN-X-Request-Uuid: 227053d5-7c4f-40d7-9606-e55056a2d5ed
Server: nginx/1.21.3
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=ODg3MzU5MTM4ODczNzExMzI1OA%3D%3D
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 1287
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEF6PErmG0PFNJk8lbREOAzE&google_cver=1

43 B
1014 B

79ms
50ms

Image
image/gif

104.102.29.65
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEF6PErmG0PFNJk8lbREOAzE&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CMmp1wIQ19vYAhiGqrrHATAB&v=APEucNWThcXor2c1UvYRZ9fmwF-hlxak7ycmmbuePjOaHs1JNS5EJ0LM__D05hwxLFiHPH0HpRwfdCHEQ85lM4HQYAXDFOO7UrdFUklS-hSNq4XG170qp2xXep6S52nRQ0THra4NYc6e9XDXG-eNeFf8ii2fiU5__78328TMSsfrIHtSDaTfaWQ
Protocol: HTTP/1.1
Server: 104.102.29.65 Milan, Italy, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a104-102-29-65.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 06 Apr 2022 11:11:48 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Wed, 06 Apr 2022 11:11:48 GMT

Redirect headers

pragma: no-cache
date: Wed, 06 Apr 2022 11:11:48 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEF6PErmG0PFNJk8lbREOAzE&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 1287
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=Yk11dEdjGAxHR9TcUSJamQAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEF6PErmG0PFNJk8lbREOAzE&google_cver=1

43 B
894 B

31ms
30ms

Image
image/gif

104.102.29.65
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEF6PErmG0PFNJk8lbREOAzE&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CMmp1wIQ19vYAhiGqrrHATAB&v=APEucNWThcXor2c1UvYRZ9fmwF-hlxak7ycmmbuePjOaHs1JNS5EJ0LM__D05hwxLFiHPH0HpRwfdCHEQ85lM4HQYAXDFOO7UrdFUklS-hSNq4XG170qp2xXep6S52nRQ0THra4NYc6e9XDXG-eNeFf8ii2fiU5__78328TMSsfrIHtSDaTfaWQ
Protocol: HTTP/1.1
Server: 104.102.29.65 Milan, Italy, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a104-102-29-65.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 06 Apr 2022 11:11:48 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Wed, 06 Apr 2022 11:11:48 GMT

Redirect headers

pragma: no-cache
date: Wed, 06 Apr 2022 11:11:48 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEF6PErmG0PFNJk8lbREOAzE&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

setuid
ib.adnxs.com/ Frame 1287
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESEDkI3CWiAzySwOcKDfhdLyo&google_cver=1

43 B
1020 B

116ms
114ms

Image
image/gif

37.252.172.38
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/setuid?entity=101&code=CAESEDkI3CWiAzySwOcKDfhdLyo&google_cver=1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CMmp1wIQ19vYAhiGqrrHATAB&v=APEucNWThcXor2c1UvYRZ9fmwF-hlxak7ycmmbuePjOaHs1JNS5EJ0LM__D05hwxLFiHPH0HpRwfdCHEQ85lM4HQYAXDFOO7UrdFUklS-hSNq4XG170qp2xXep6S52nRQ0THra4NYc6e9XDXG-eNeFf8ii2fiU5__78328TMSsfrIHtSDaTfaWQ

Protocol

HTTP/1.1

Server

37.252.172.38 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

690.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 06 Apr 2022 11:11:48 GMT
X-Proxy-Origin: 185.213.155.162; 185.213.155.162; 690.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
AN-X-Request-Uuid: 6d27ca96-f88d-4ad2-b8ec-9f03fdb3c0ed
Server: nginx/1.21.3
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Wed, 06 Apr 2022 11:11:48 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://ib.adnxs.com/setuid?entity=101&code=CAESEDkI3CWiAzySwOcKDfhdLyo&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 290
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 1287
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=ODg3MzU5MTM4ODczNzExMzI1OA%3D%3D

170 B
188 B

98ms
51ms

Image
image/png

172.217.23.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=ODg3MzU5MTM4ODczNzExMzI1OA%3D%3D

Requested by

Protocol

Server

172.217.23.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

mil04s23-in-f98.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 06 Apr 2022 11:11:48 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Wed, 06 Apr 2022 11:11:48 GMT
X-Proxy-Origin: 185.213.155.162; 185.213.155.162; 690.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
AN-X-Request-Uuid: 33023a6e-104a-4c4c-aef4-4b4bb4833fa4
Server: nginx/1.21.3
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=ODg3MzU5MTM4ODczNzExMzI1OA%3D%3D
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame 5886 41 KB
15 KB 56ms
55ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-BXITxnywl8xj0IYQXGYNXMCWV9rePm9eUO7tT--_JH0CuHKKyW_jCWu4rMl5RA7S0pdf_i7eocwhBU-G7hFo9ZCtHvSuctDDdSSvSGGpDcWZCsRMKuMah-cm_SffKj2soPUuV6RaIncfbjZKVFgB1bpBk7mg&cry=1&dbm_d=AKAmf-Dxw3Nk3k0vaks-aksO5n_lDuKHG2eMV_HnWcccvqdFMlNIiDhOqD_QM4E8h4JPUNjTaOL2x3rmBHvBqxfYi36vn-BM_O5dmosNzqPh-UyyklwyML1pOS_PLS5HScr2mk5iW4KqH5-DBzW6llx7Rh2KyBE_fzEbDwMNkvzfJ6IXXGH7InRmy_BJ_St8Q25ikfSeMM3l0-Fp28J6WCMEZrmYfgDyW2sI1NmXYVxwXM2lNrZ0wFvVhWYODBi5Plu7rbDDzVj8alnRu8MWAxtDi8tPavgZe39vOtrf1_F865cE2a_10qsTwuB1eBsMiclSmHN3dyEtCofRNyfurQsSVF4RdMb-Ch3yCcCmxIeOoCg112S37y0CVU8VWRpC4fVLxZr-fdRhS0E0L3GFlpBSwnA567TUfp79jZU_680NFv9yyGKRamfv2eB7HgPCzc4HzzKmHuttKgcbdZmSRHLUEXDbh6kFuXRj-sgcAhRkg3ManCdq3OP2127EAltDfXuQC7KWZpDJdbtPVI_F0acgEcl5ofI2rs4hZumAHsvQe0quv35uVvnrETnRYiWwMxNuD0r0jBtp6cTs_G79jO8ZJSte98Y-WQKFdZ-lYen6vXe0HyK6AhTevcdYwTD4udncsooaJq5o2DdNCZoq_qia50onm0CqbBGqmyXWE2oNhWWHMt-d-ZtQvNcX24f0c3aecZeRkqtDRcX-lqNk4YYhIgS2cXkP00mr-bYBjE8nKa-XJjH5O5P5ugrHXIBHPlaUVIJOZCaKO69D2HnarVl-yqZl7WWuJTPRHMXq99o-ufdmyf4FIj_atAuU5iUkOCxyp5PLzbYguRoWOoKpi8vBqQ6I_4l3KgMSnJfADOL4ND8xBhFyog0KN_7HxyFl22LW4fNv1j-xMEp0wXyriNYL4OUode0U64Ul6XYgNkwkju0uqlu-1YK-IZ2fVPdEy3q5fMdnEf0nTZ7MlCSi2uoruK_rjmDF6cf0KAOYOQ1rO_cgxUYbbOLsvZ46krt8JQJXYhVzk1R7gs2SDmPfmx6LNyWS32R4XemXrzvs5sE7RJ-3PBcrpkDCti-lRLZKbrH-aJAjcn9yXiJQ8rCV8ngnrsoo88s5nCIE-nTm784k_l4yMeA7qmDIGFnVG88Xg5Yzl7z-GCCRqNYkMZUpzfSzzwqn1KyOG-Q22Qb8icfl4K0pLTqnJ3wA5ezjgSNOA52nbZwDUg2sUmqoC8PgG7IhjAzRjQReMOq1Z8TOz4A0m-sf5eKPjJoYe2-Q_2Fhv-J9FT7AGb42ePzFRJZ7v87I8fa2fV-y7wLntDW_bQaaR40t9R7MIOvNXhDV0tLLBSZvLUHIdYT1gzYwFASznXfgzhXG1ad3g5ZNqpPTYvW7cFpCpAXNG-7nxzdo_CFf3jwUwtY0kYMG9JtHmYMV3NPwqoQ59585iB332_1Wps1rQOu5caZIeYfDkPS5nQQ11EYaxTTDraj2tXxd9qo6d9BekFChcRcqG7d3utdJangheW5edRBVxTVPQ2-d7T4ERQk4nV1wVwcoxzcAWvXYlECFHRNvKqv0gGV5H-K5RyBcDmSDXsaVL2yo-IjmW9umUyfIoYcSqdfNsOR0n12kY4FZHVLvFZ1qXTw8Vr21PlhslAnNCeZJKQFkJAwNe7E5yPZ2za6rDY5GFDVTfb009EMvb_BB0tEaw5d9tPsUQ-xu2mWHIk-WbekAxQVvNDxdJqu5UrGRgRKB8ZN3ocNMWHaaXep2L3y0booLJn45p9JcDuzYb_xHha3G_jvuGXMsXuqPDCRsflgaKZZFYaO2RriJfnuWfqckPxbiqQ4TWRzeZYihTcv4CxI1V__oUDukve9uQAebzE8XWMWQCORpNmMn1gmHh9HgSE8M7_ASuGAsVCXhfiL8aXhH5Rm-ZrDTJkadrSrqoSSCpYQUo2oXzpM8JMPa9mOGOY5UUkODRgDQX--Mefkq694yuA55eZjLSzXBOqwD9WrzrmdXWmfAzmdNAinv395RlddH6K8OChgmtkXPNef8QGU2m46k3PuKMvRdq-xpelzulA9e0F55rd8ZR2e_VkWHnqRvNWVD4pZCN1-ZUsg8RjRsLs5EvH2AAcsQGbO4qDu9VsmXujKCLAGxFyRgfDZgcDtnL7MxGIN0sw75KnSWqf3OeLTqeivHf4BuO1xL21vjD7RRbQ-eJXPnVZJDlAmeQ1oXSuqVBhjUFcc20gIEojFJnhFB1b0kYtni1oIBVYzINalL6ddvJqKYKNat-RIuF0hH73JeFsSKvW3LQlPd3dAtpVmHh40J_80t-sK-oE5wMKtMu4MoksX43JkSRw8pY7PMFCSuXCekxlQ-BVV3YXniOUuk0JN8pIhb7EG0Zy8OOM69-2rovRc9XUdzNVXUdwsstm57t-aZejpIbhfRMlywJ5cv1YS2BYXjbkfSmLlp-zlLYG509UlI6xTkJaQ1SdAKW0JJtf1aab1DC-xkHU6-55xkhdbWiuML3HZsh4JmPFNc2bPGqG5HcvTVw5TN7-Vz8grcL8u1r_QgO7EOpZ0BpSnMxUJJNBXnvOrpIwlELepKrSpCWyiaQ15qImdUeNbsC9Mrx3MXMZA9WiBqfuv821hfhqEy2-_XJHJXQGppYuHAfDXDEolRCoOJRQuhjYKJi8BQFGrOWbHUhX3MUI6E09ZEZKDhazV4BiOvuH7TpjoFIQBlE5Dk1z8unf7Ov8cjHkfPQnKXsrtE_95n1aQ8eKeSU3fJ7Xu00qPGJK8aI4FjL2IrYHrCuDB0CpXYwuzhNjXpAhAFYP4bgTJWLU8Rxdo0jd0L7Rb1tOFaiBVeHiRhiNJ6XnY1K39oJBKrmB6ij3fp-EcZ-ziawqdkawQRxTOuD0xtrtv-cjwgkPwavir1rkoFNsKyrIACUEs1yIa7gqO-X2daoqEuvyqkEy2TIM4qydnqw21cQGJKHtAjDRKapV995nflwe8eH_gOuiC27kz6OgEeDSB4hE7f3QjCl5s43U928QSFNmqbweduXLPOSg5lGEz16yFKHwj1y-if7wWoM07A_a8PqN6VIMc20e0TnPGgPqhsc9422LKIM0gdVLIo70kao31REn52RwfoVwyOtMDnAKE0vGWFXi-xxjUG7wVk0CdkXlVC3yH6Cdk-ByF_jiAUrTn9PQF2RT4VdBbwdUaqH385H-eydeB-ZfiOoam7in1pNACkyiv4vPjpcHON2_6ZnEG26xUHQrXl9sPjL_LsvsCom7jXhzmPOLs__FIpvpaxANWdEPhu&cid=CAQSLgCNIrLMjgSLvxNtLs6euBYjFZCsdwcCs97R97Y8p96xexUe7MeW8L0dLsj2k9E&rfl=2%2Chttps%253A%252F%252Fnets4.com%242%2Chttps%253A%252F%252Fnets4.com%252F%240

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://dafc551e4e9c5169a7a13f3d713e9282.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 19:34:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 142646
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 04 Apr 2023 19:34:22 GMT

GET
H/1.1 200
OK g72h7lz2c4az Show response
hal9000.redintelligence.net/zone/ Frame 5886 11 KB
4 KB 35ms
12ms Script
text/html 178.63.52.121
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal9000.redintelligence.net/zone/g72h7lz2c4az?subid=&gdpr=-1&gdpr_consent=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCqHWOc3VNYvL6Hf6I9u8P6pyVwAWm5b2gaYWVnKfJD_AuEAEg8tO5e2CV4pCCoAfIAQmpAmqjHRtJQrI-qAMBqgTiAU_QqrfO8R2QjWey3xKR4YmjTNNghKxfZsSq2HBejlv5b0SFJsxlS0vb0IIlSFCfIZU2gIomMAPmUyYUL_t6MqlkzfxVoftml6AYR0L9CfGQi8lC_hsvkki6azrvtpik0XJ4wm3LIC-KSvKt3THxw4gSFQ5MJU2i1TZ6F5RCg67bNLfhJ26Ehs1ONZKiYBaLQFjpTO9XhxS25fI1MrjFygaPOmLb0QjFzEHJGcug1f3jU_rZuGuMa-n2bhPQrtPGO6hgEISLta5NV-7Dr6CsAe0_Zn2yDw07iCJnTN3JI4ijE9zABOuP_I73A-AEA5AGAaAGTYAHrK31nwOoB47OG6gHk9gbqAfulrECqAf-nrECqAeko7ECqAfVyRuoB6a-G6gH89EbqAeW2BuoB6qbsQKoB_-esQKoB9-fsQLYBwDSCAkIiOGAEBABGB2ACgOYCwHICwGADAGwE4-10Q7QEwDYEwPYFAHQFQH4FgGAFwE%26ae%3D1%26num%3D1%26cid%3DCAQSLgCNIrLMjgSLvxNtLs6euBYjFZCsdwcCs97R97Y8p96xexUe7MeW8L0dLsj2k9E%26sig%3DAOD64_0pKc0OUaZACsRUg-AQKI0ZgqY5Xw%26client%3Dca-pub-5413329544040947%26dbm_c%3DAKAmf-Da0r3TV4h5kgOvRIPnMw8lU5z3DTLKX3r1mKMf27cCn-FWNXhaSlgLZIoPX4GtBZDGDKB4ZZd1mDES71C2LAlDoYKolXhVAjPI0QZxNc33Aot7kMjuneio9QguCIK_i_jwDaoVOW0MJ0OmS3JxDWz1gqhBZQ%26cry%3D1%26dbm_d%3DAKAmf-A23UMbXabmDNy2e7ezZJHtFt04BH_COYbfV4Qlz4vlNUkNVRL8-fFaPM0w3Zx2sWxp5O7nbl5vb7XJxFvjn6jIPO2jLFPHFUZpK2juzavVC-l4Iw-hw6qo55loB0BwYbEcUV15YqPv9yRIBVtsTHMp_T3c6sOXw2oS8ibDcBR45fnCfiEYI3naMw0w66L69X7tV6bpeh67gueodKCeM4eBd8FPFC3VeAq5KavDlEudVYLqexCPU8qka1J-o7DqUeDEijaVQFjZwJWDZlqfmaP23oQvLJlBQIV9ZFSJ_KcokbNWWZftAczaToQblz7W9Td5lcYOY9t0DuAuhE3jUOeK2CxvCvEGxNgpJ3y2jDLOIpEjWXl3CgpXxtmtoUKM0k5UV75ehPAZ45EuWk4g3R6MlXR3dwxXyeqAqdlB6cnJbKVKtQ8qunsuBfjIPZWUKuyqPmzwCsZk1M5XW-onVtRZQHZsCg%26adurl%3D
Requested by: Host: dafc551e4e9c5169a7a13f3d713e9282.safeframe.googlesyndication.com
URL: https://dafc551e4e9c5169a7a13f3d713e9282.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 178.63.52.121 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.121.52.63.178.clients.your-server.de
Software: Apache /
Resource Hash: ed4ea47744da3fa10971d32c97e496e966e98660b57d5fe5a8e2ac3f566b5c77

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://dafc551e4e9c5169a7a13f3d713e9282.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Date: Wed, 06 Apr 2022 11:11:48 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 3950
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8

POST
H2 204 collect Show response
i.clarity.ms/ 0
48 B 287ms
286ms XHR
text/plain 52.167.85.21
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://i.clarity.ms/collect
Requested by: Host: i.clarity.ms
URL: https://i.clarity.ms/s/0.6.34/clarity.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 52.167.85.21 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: application/x-clarity-gzip
Referer: https://nets4.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

access-control-allow-origin: https://nets4.com
date: Wed, 06 Apr 2022 11:11:48 GMT
access-control-allow-credentials: true
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET
request-context: appId=cid-v1:593e4080-f032-4d00-a652-e17f01252a9d

GET
H2 200 banner Show response
ad13.adfarm1.adition.com/ Frame 557F 568 B
723 B 14ms
14ms Script
text/javascript 217.79.188.54
MYLOC-AS IP Backb...

General

Check archive.org

Show headers Download Go to

Full URL: https://ad13.adfarm1.adition.com/banner?sid=4285695&adjsver=3&fvers=&iframe=1&ref=https%3A//nets4.com/&ro=https%3A//ec81b50761337029cbc265e61aaf7f67.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html%3Fn%3D1&uao=Mozilla/5.0%20%28Windows%20NT%2010.0%3B%20Win64%3B%20x64%29%20AppleWebKit/537.36%20%28KHTML%2C%20like%20Gecko%29%20Chrome/100.0.4896.60%20Safari/537.36&os=17&browser=11&userid=0&kid=2954778&screen_res=6&wpt=J&clickurl=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCPNHyc3VNYvCrGaKLlQfmk62wC7WQ1%2DFokbK10vkP8C4QASDy07l7YJXikIKgB8gBCakCaqMdG0lCsj6oAwGqBOgBT9B%5FT70TkuoJKpVhv9ne9HY%5FsnL8pUrh%2DGAc9wD31iSvvRxlguJCJHIwz5lKFB7FRZbEWXy%5FUCKzeJMJwz0G8wczeuPHNcDZ8F89SwlykpJht1N8gDUs4R5QAumzYACqWu3xtj%5Ff0trNhrPwqyW5%2DwGMSJ3BMhannlbwZ3NCn2NRKjw2IuIwPaWmH6piVxCZvLwW20aXXCO3iY4fG0W%5FIyVefjfepuDhYNEnnWjhZU4QvDu7qKWESnrMUYdeyhP9ZuIO9iQwUeEKv0U6C2CKx%5FuqrH0rVft9yeuLytUsrPoNtb7WrpWhxcAE%5FOTPmNIC4AQDkAYBoAZNgAesqMu9AagHjs4bqAeT2BuoB%2D6WsQKoB%5F6esQKoB6SjsQKoB9XJG6gHpr4bqAfz0RuoB5bYG6gHqpuxAqgH%5F56xAqgH35%2DxAtgHANIICQiI4YAQEAEYHYAKA5gLAcgLAYAMAbAT3a%2DxDdATANgTA9gUAdAVAfgWAYAXAQ%26ae%3D1%26num%3D1%26cid%3DCAQSLgCNIrLMDGbgTueWJMdmEt7%2DCw5SqYD12HyfTRSSyAjWbOqlbhQe%2DR3hqVJ7J7gYAQ%26sig%3DAOD64%5F2CsszaPaEg3QxEqQMAe0cH1JDM9Q%26client%3Dca%2Dpub%2D5413329544040947%26dbm%5Fc%3DAKAmf%2DCoa0Qd%5Fl%5FGAKmeq2X%5FJuWMOb55g6OEXvETHHF3ev3GJ2N33hONvYxgEZrZR6yei0Fi0VV5g1SjFkm8akpLzwsr6ZyxgYXcxe9NzYeNCES1eFjzd25sKIEtGubgmAAxnCg0S%5Fa8CROOZYNKEyxtyT%5FgpGsE3Q%26cry%3D1%26dbm%5Fd%3DAKAmf%2DAIcYOe9fs6Rqs3c8daMMOWx8eUHKAlz2kzaC79MKdBRoWzw8%5Fxiu7DUHqpaTuiUUCG7Lz36hcwRYKUjIhm1Alj6XeEExESLmtP236UXF4J895%5FDoaoGdYLdeRcnMHkqbkxYRG%2DQBs72yUtWElFT5mlHeN9ojo8hwsWgCJJ8XdZH5xPd9MWt1HwJIeHZWLrAhoH0VCGkw4e%5FxqpLPFQ3vxmvHM44hIDiSRzTLyFSXEPz5nvuzI20O8XmjOpNhNQMBOb3NOjwAUwiOc8%2D0BpXt7aixZhOLaQAB7XTmIJjMC2ChfodRbLOQ0ZA702kJEoUuDHtygUWhzsdD00rQHZEWki01hmtJ7nCRzpAhBPyxKMN9MDUS5ASGgtj5EMxv8pu0vATp2MVC1Rl%2DWdHFEkgcLx1sQv06xWVb8Sv9HvNln8ECrINTjfdYY9TixtUy1uznfEVzDnbKzeHpOWHo7TKlLHnjvpSw%26adurl%3D
Requested by: Host: ad13.adfarm1.adition.com
URL: https://ad13.adfarm1.adition.com/js?wp_id=4285695&kid=2954778&clickurl=https://googleads.g.doubleclick.net/dbm/clk%3Fsa%3DL%26ai%3DCPNHyc3VNYvCrGaKLlQfmk62wC7WQ1-FokbK10vkP8C4QASDy07l7YJXikIKgB8gBCakCaqMdG0lCsj6oAwGqBOgBT9B_T70TkuoJKpVhv9ne9HY_snL8pUrh-GAc9wD31iSvvRxlguJCJHIwz5lKFB7FRZbEWXy_UCKzeJMJwz0G8wczeuPHNcDZ8F89SwlykpJht1N8gDUs4R5QAumzYACqWu3xtj_f0trNhrPwqyW5-wGMSJ3BMhannlbwZ3NCn2NRKjw2IuIwPaWmH6piVxCZvLwW20aXXCO3iY4fG0W_IyVefjfepuDhYNEnnWjhZU4QvDu7qKWESnrMUYdeyhP9ZuIO9iQwUeEKv0U6C2CKx_uqrH0rVft9yeuLytUsrPoNtb7WrpWhxcAE_OTPmNIC4AQDkAYBoAZNgAesqMu9AagHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4bqAfz0RuoB5bYG6gHqpuxAqgH_56xAqgH35-xAtgHANIICQiI4YAQEAEYHYAKA5gLAcgLAYAMAbAT3a-xDdATANgTA9gUAdAVAfgWAYAXAQ%26ae%3D1%26num%3D1%26cid%3DCAQSLgCNIrLMDGbgTueWJMdmEt7-Cw5SqYD12HyfTRSSyAjWbOqlbhQe-R3hqVJ7J7gYAQ%26sig%3DAOD64_2CsszaPaEg3QxEqQMAe0cH1JDM9Q%26client%3Dca-pub-5413329544040947%26dbm_c%3DAKAmf-Coa0Qd_l_GAKmeq2X_JuWMOb55g6OEXvETHHF3ev3GJ2N33hONvYxgEZrZR6yei0Fi0VV5g1SjFkm8akpLzwsr6ZyxgYXcxe9NzYeNCES1eFjzd25sKIEtGubgmAAxnCg0S_a8CROOZYNKEyxtyT_gpGsE3Q%26cry%3D1%26dbm_d%3DAKAmf-AIcYOe9fs6Rqs3c8daMMOWx8eUHKAlz2kzaC79MKdBRoWzw8_xiu7DUHqpaTuiUUCG7Lz36hcwRYKUjIhm1Alj6XeEExESLmtP236UXF4J895_DoaoGdYLdeRcnMHkqbkxYRG-QBs72yUtWElFT5mlHeN9ojo8hwsWgCJJ8XdZH5xPd9MWt1HwJIeHZWLrAhoH0VCGkw4e_xqpLPFQ3vxmvHM44hIDiSRzTLyFSXEPz5nvuzI20O8XmjOpNhNQMBOb3NOjwAUwiOc8-0BpXt7aixZhOLaQAB7XTmIJjMC2ChfodRbLOQ0ZA702kJEoUuDHtygUWhzsdD00rQHZEWki01hmtJ7nCRzpAhBPyxKMN9MDUS5ASGgtj5EMxv8pu0vATp2MVC1Rl-WdHFEkgcLx1sQv06xWVb8Sv9HvNln8ECrINTjfdYY9TixtUy1uznfEVzDnbKzeHpOWHo7TKlLHnjvpSw%26adurl%3D
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 217.79.188.54 , Germany, ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE),
Reverse DNS: aa.adfarm1.adition.com
Software: ADITIONSERVER v1.0 /
Resource Hash: a7d4139a86f5c5467ae6cb400f0ae7b95995f6ed3da681d17ce1cf8fdc6a0ca1

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ec81b50761337029cbc265e61aaf7f67.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 06 Apr 2022 13:11:48 +0200
content-encoding: gzip
server: ADITIONSERVER v1.0
p3p: policyref="https://imagesrv.adition.com/w3c/p3p-ssl.xml",CP="NON DSP ADM DEV PSD IVDo OTPi OUR IND STP PHY PRE NAV UNI"
cache-control: no-cache
content-type: text/javascript
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame 5506 22 KB
8 KB 55ms
55ms Document
text/html 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ec81b50761337029cbc265e61aaf7f67.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

accept-ranges: bytes
age: 142614
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 8395
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Mon, 04 Apr 2022 19:34:54 GMT
expires: Tue, 04 Apr 2023 19:34:54 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame CD5C 22 KB
8 KB 55ms
55ms Document
text/html 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ac6c1c7be8da81617cd43340af360d9f.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

accept-ranges: bytes
age: 142614
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 8395
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Mon, 04 Apr 2022 19:34:54 GMT
expires: Tue, 04 Apr 2023 19:34:54 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H/1.1

200
OK

request.php Show response
hal900030.redintelligence.net/ Frame 91AC
Redirect Chain

https://hal900030.redintelligence.net/request.php?zone=hlbrm3vhvew1&nw=20&renderingType=javascript&namespace=aab503079c&subid=&uid=1ddc300c1e32d356&screenSize=1600x1200&screenSizeAvail=1600x1200&cl...
https://hal900030.redintelligence.net/request.php?zone=hlbrm3vhvew1&nw=20&renderingType=javascript&namespace=aab503079c&subid=&uid=1ddc300c1e32d356&screenSize=1600x1200&screenSizeAvail=1600x1200&cl...

2 KB
1 KB

159ms
136ms

Script
application/x-javascript

136.243.149.243
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal900030.redintelligence.net/request.php?zone=hlbrm3vhvew1&nw=20&renderingType=javascript&namespace=aab503079c&subid=&uid=1ddc300c1e32d356&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=320x100&scrollPos=0x0&extData[]=&envData=&gdpr=-1&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCGZFjc3VNYr_RH4jD7_UP64-Q4Azr0sGhad343vTFD_AuEAEg8tO5e2CV4pCCoAfIAQmpApzIbW2TRLI-qAMBqgTjAU_QRdcxx22Xdef64H_N4BbPyjigAVRhj9gb96nIayoF_eXShBEkKgAc1J0SStt__kE5D2s5Q7-FiA4QBtqoa3-wfS3clHv4YL1-hn3ftT4pFSFDj0cQ-j0vAjhiWlmyChR_58PdPxb5NTz3ksNgBgz0BPmuQELa7_McrcalwBgIA3Co64t4bx37NLvlxmw7Ydkne1jWIsSaGif7kQxrm3SfAg5DmqRjLAayBgxBFiXN2W-UYA0hlCjE6gMQyFkmkdM5gdsbe0jIvx0Mamu1-c3ghMYCcza7ieLvaOXSnDgWecnHwAS-jurk-QPgBAOQBgGgBk2AB6yt9Z8DqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhuoB_PRG6gHltgbqAeqm7ECqAffn7EC2AcA0ggJCIjhgBAQARgdgAoDmAsByAsBgAwBsBOPtdEO0BMA2BMD2BQB0BUB-BYBgBcB%26ae%3D1%26num%3D1%26cid%3DCAASJ-RoxXWFTzELul37GAv6AGfb5sYGvjmr3OJ_rozOX3NmHfwkd1dQ3w%26sig%3DAOD64_31ZOdYVrI3cg0FRfC72y2RK2wiuw%26client%3Dca-pub-5413329544040947%26dbm_c%3DAKAmf-D84dvb0AThHjuB8YYIXav89xB4ri-Sw45Q4ycMZ3dAox3N0kkbafKWqCf40ZoVwQK_4cCrwYxQ2tzlhwBBKrSvxLT5YxYo4nCI3_fk7gQ4LGSPw2fvFChZz2jhkKktXl-u_IlpNfsMKbTLbGMnWkRZxubS8A%26cry%3D1%26dbm_d%3DAKAmf-DtgzYNeaALiTHsHXo98ZYuTDCYbo24StRvmVYPzLQr-SQV3IlBAD9aekEOcvzD0ZpBImrs7BvLeAbCRzOXwO6PK86U66Arx2CO2UbCej10H5f5Ah7pBJuf71Z5dJtzfxDk7IAvNVqo9FkdtnIjTyp87tutPbK1a5edBEmwLWjECzIjVse1RXXDx1H9duOH4i2P5yj3SE-A4UMJIMajeukZdnr_Im_vbJHZtzlxQ_BMIrGY8Qw77UzUf1lTBOvmGSSjB8JtMh8u-8E3Iro_GEzpGOGYWpYAexZmsZZXBNPcSUWRzti2LpSQNC8tgOaSGurEHzUJGHAAnSRxTU3nFrwBGB0joLOAH64m5bIC8mJV7rfeAEkcDHarcCOcp6_Ahrf2Ff1eJIZWtErfVZNtZbmdlwDu6K-hB5mHfaP92IUDBt3U9qFnuKum0dkGmowFEMK0NtbCszJW3IZGmHYNuA1DhTQjhg%26adurl%3D&documentReferer=https%3A%2F%2Fnets4.com%2F&ancestorOrigins=https%3A%2F%2Fnets4.com%2Chttps%3A%2F%2Fnets4.com&random=2957861810&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0&uidRedirect=1
Requested by: Host: ac6c1c7be8da81617cd43340af360d9f.safeframe.googlesyndication.com
URL: https://ac6c1c7be8da81617cd43340af360d9f.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1
Protocol: HTTP/1.1
Server: 136.243.149.243 Berlin, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.243.149.243.136.clients.your-server.de
Software: Apache /
Resource Hash: 15d3b380a77e55aa1712ee4e6aeebe960a9cc82e1dd17a247091ada7f4f93e5a

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ac6c1c7be8da81617cd43340af360d9f.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 06 Apr 2022 11:11:48 GMT
Content-Encoding: gzip
Server: Apache
Vary: Accept-Encoding
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
X-NEORY-SubId: 17772100104078704444964011921030
Connection: close
Content-Type: application/x-javascript; charset=utf-8
Content-Length: 757
Expires: Wed, 06 Apr 2022 12:11:48 +0200

Redirect headers

Pragma: no-cache
Date: Wed, 06 Apr 2022 11:11:48 GMT
Server: Apache
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Location: request.php?zone=hlbrm3vhvew1&nw=20&renderingType=javascript&namespace=aab503079c&subid=&uid=1ddc300c1e32d356&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=320x100&scrollPos=0x0&extData[]=&envData=&gdpr=-1&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCGZFjc3VNYr_RH4jD7_UP64-Q4Azr0sGhad343vTFD_AuEAEg8tO5e2CV4pCCoAfIAQmpApzIbW2TRLI-qAMBqgTjAU_QRdcxx22Xdef64H_N4BbPyjigAVRhj9gb96nIayoF_eXShBEkKgAc1J0SStt__kE5D2s5Q7-FiA4QBtqoa3-wfS3clHv4YL1-hn3ftT4pFSFDj0cQ-j0vAjhiWlmyChR_58PdPxb5NTz3ksNgBgz0BPmuQELa7_McrcalwBgIA3Co64t4bx37NLvlxmw7Ydkne1jWIsSaGif7kQxrm3SfAg5DmqRjLAayBgxBFiXN2W-UYA0hlCjE6gMQyFkmkdM5gdsbe0jIvx0Mamu1-c3ghMYCcza7ieLvaOXSnDgWecnHwAS-jurk-QPgBAOQBgGgBk2AB6yt9Z8DqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhuoB_PRG6gHltgbqAeqm7ECqAffn7EC2AcA0ggJCIjhgBAQARgdgAoDmAsByAsBgAwBsBOPtdEO0BMA2BMD2BQB0BUB-BYBgBcB%26ae%3D1%26num%3D1%26cid%3DCAASJ-RoxXWFTzELul37GAv6AGfb5sYGvjmr3OJ_rozOX3NmHfwkd1dQ3w%26sig%3DAOD64_31ZOdYVrI3cg0FRfC72y2RK2wiuw%26client%3Dca-pub-5413329544040947%26dbm_c%3DAKAmf-D84dvb0AThHjuB8YYIXav89xB4ri-Sw45Q4ycMZ3dAox3N0kkbafKWqCf40ZoVwQK_4cCrwYxQ2tzlhwBBKrSvxLT5YxYo4nCI3_fk7gQ4LGSPw2fvFChZz2jhkKktXl-u_IlpNfsMKbTLbGMnWkRZxubS8A%26cry%3D1%26dbm_d%3DAKAmf-DtgzYNeaALiTHsHXo98ZYuTDCYbo24StRvmVYPzLQr-SQV3IlBAD9aekEOcvzD0ZpBImrs7BvLeAbCRzOXwO6PK86U66Arx2CO2UbCej10H5f5Ah7pBJuf71Z5dJtzfxDk7IAvNVqo9FkdtnIjTyp87tutPbK1a5edBEmwLWjECzIjVse1RXXDx1H9duOH4i2P5yj3SE-A4UMJIMajeukZdnr_Im_vbJHZtzlxQ_BMIrGY8Qw77UzUf1lTBOvmGSSjB8JtMh8u-8E3Iro_GEzpGOGYWpYAexZmsZZXBNPcSUWRzti2LpSQNC8tgOaSGurEHzUJGHAAnSRxTU3nFrwBGB0joLOAH64m5bIC8mJV7rfeAEkcDHarcCOcp6_Ahrf2Ff1eJIZWtErfVZNtZbmdlwDu6K-hB5mHfaP92IUDBt3U9qFnuKum0dkGmowFEMK0NtbCszJW3IZGmHYNuA1DhTQjhg%26adurl%3D&documentReferer=https%3A%2F%2Fnets4.com%2F&ancestorOrigins=https%3A%2F%2Fnets4.com%2Chttps%3A%2F%2Fnets4.com&random=2957861810&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0&uidRedirect=1
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 0
Expires: Wed, 06 Apr 2022 12:11:48 +0200

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 6188
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEF6PErmG0PFNJk8lbREOAzE&google_cver=1

43 B
894 B

30ms
29ms

Image
image/gif

104.102.29.65
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEF6PErmG0PFNJk8lbREOAzE&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxjbobvGATAB&v=APEucNXg85uw-QUaB4e2n3GjCqAsjKdKtohglbpd9N9JUFCJn__3BWyrhfPpbf-199igT8WceigduCWPz1KDEFUW6EybT0YDQX3jlWVjtWlvwAkngx_1lVmD4PdiBEekIivszp2e4hpOG7T3GGHkTw_vcmCqCH5Siwl1rpwDlPR8-_guQPOrYo8
Protocol: HTTP/1.1
Server: 104.102.29.65 Milan, Italy, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a104-102-29-65.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 06 Apr 2022 11:11:48 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Wed, 06 Apr 2022 11:11:48 GMT

Redirect headers

pragma: no-cache
date: Wed, 06 Apr 2022 11:11:48 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEF6PErmG0PFNJk8lbREOAzE&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 6188
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=Yk11dEdjGAxHR9TcUSJamQAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEF6PErmG0PFNJk8lbREOAzE&google_cver=1

43 B
894 B

35ms
35ms

Image
image/gif

104.102.29.65
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEF6PErmG0PFNJk8lbREOAzE&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxjbobvGATAB&v=APEucNXg85uw-QUaB4e2n3GjCqAsjKdKtohglbpd9N9JUFCJn__3BWyrhfPpbf-199igT8WceigduCWPz1KDEFUW6EybT0YDQX3jlWVjtWlvwAkngx_1lVmD4PdiBEekIivszp2e4hpOG7T3GGHkTw_vcmCqCH5Siwl1rpwDlPR8-_guQPOrYo8
Protocol: HTTP/1.1
Server: 104.102.29.65 Milan, Italy, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a104-102-29-65.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 06 Apr 2022 11:11:48 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Wed, 06 Apr 2022 11:11:48 GMT

Redirect headers

pragma: no-cache
date: Wed, 06 Apr 2022 11:11:48 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEF6PErmG0PFNJk8lbREOAzE&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

setuid
ib.adnxs.com/ Frame 6188
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESEDkI3CWiAzySwOcKDfhdLyo&google_cver=1

43 B
1020 B

27ms
27ms

Image
image/gif

37.252.172.38
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/setuid?entity=101&code=CAESEDkI3CWiAzySwOcKDfhdLyo&google_cver=1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxjbobvGATAB&v=APEucNXg85uw-QUaB4e2n3GjCqAsjKdKtohglbpd9N9JUFCJn__3BWyrhfPpbf-199igT8WceigduCWPz1KDEFUW6EybT0YDQX3jlWVjtWlvwAkngx_1lVmD4PdiBEekIivszp2e4hpOG7T3GGHkTw_vcmCqCH5Siwl1rpwDlPR8-_guQPOrYo8

Protocol

HTTP/1.1

Server

37.252.172.38 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

690.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 06 Apr 2022 11:11:48 GMT
X-Proxy-Origin: 185.213.155.162; 185.213.155.162; 690.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
AN-X-Request-Uuid: 7287b3d8-e7f3-4595-be16-4bc260dd8d05
Server: nginx/1.21.3
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Wed, 06 Apr 2022 11:11:48 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://ib.adnxs.com/setuid?entity=101&code=CAESEDkI3CWiAzySwOcKDfhdLyo&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 290
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 6188
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=ODg3MzU5MTM4ODczNzExMzI1OA%3D%3D

170 B
188 B

49ms
48ms

Image
image/png

172.217.23.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=ODg3MzU5MTM4ODczNzExMzI1OA%3D%3D

Requested by

Protocol

Server

172.217.23.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

mil04s23-in-f98.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 06 Apr 2022 11:11:48 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Wed, 06 Apr 2022 11:11:48 GMT
X-Proxy-Origin: 185.213.155.162; 185.213.155.162; 690.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
AN-X-Request-Uuid: 0b7caa5c-35e4-4765-9235-3f83254e466b
Server: nginx/1.21.3
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=ODg3MzU5MTM4ODczNzExMzI1OA%3D%3D
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame 3D2E 41 KB
15 KB 56ms
55ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-ASuprM8FGld7cFayTLvLCrVvjTvbIe-5lKUzHcEV4RHjh67dscN-Mcft90pu59dujDL8DdzZzAK7oyg5YzmKENDSbuCOqGa0X872txx5qvkac5-BkwAYgvn_6pPy_eVRdW1HX4tgKoV4MICZu70qa2MUDR1g&cry=1&dbm_d=AKAmf-DApuTJk2SyPDgLqw6Io2-Irw4ZNfYhssXmx1jyuzKfVrhsfvSC6WXKR-_RBPpnHT2C3nCly2_iDBTsQZTXDvX2SRRAZV0EzSL6Ru94zptpqVU21u7YEa3YQt3kyt11z8gUFOfw-a7vKHs2KogozTLPMhnwKc0nMhorAMtihTascb1IijnCpuDRMQ4Fe2UlVLiaXd49l44xB6bPjyO0R-zBH4vVmHVT2hBtK7EnRDV2kE0QCf-eoAlAup_ntpO9t7DTQLd12NLU0EvEqpEDd8iEQ5_i92atoTImiVajkI95zmj6Lf0bQbH6SgNnQrCJ1xgoWUAcezjXtFFL7HeDmngmCWN2sjYEW0rWt3Fu4nKySrCxJYBu_cuQGm6-Q3Pk6qyXCKiMPoDApvzjD21OFbvxkQNF0s9hEmxjlNrDs9uA_yVuHJkMIQns170UrRH1PqbTOsEZCZ8LZqszZod4dzAAKTHy5V2ylsM5NtM3Q-x2GzarOhJQgRO5EsMHZr3aqKOHzD_Q9QLxM45t68C5TCLMzvHIhPEa6EMe66fBOqFu-KX-8vqW-dIBokGNmUTC4Gv2P5nSSB1RthpbutMb253F2NHbb53xdL-bf07nBoxV_NshmUqMyU_yUPg9Lji645jK9pT5gluS9V3-til-6zjQe_xdu2MTSapmYogFFpWAXvh5kQrpaJubv2pwq2SwgdWc6rGXleXb7xDR54ukO5NvLB6b8p_YgtbHfNK78TvrpXYs90VlMwpH0nRvRAAc8QauUcibMaPKR1qbm5EUqACjJl6VG0l3E-BL-6FdWcqwZ3_xZwcvuXWs6MJsUb-A8D2ZKACVYDfA-v0JGUyG6I5Ks6OOATnXBAxks7v_FpHdQ6jPaGNivoosE1a_JuLOPCo84hEdPpQjeNdZL3GtCo03wEnKjo9rA4O7xVJSSEZrzBtMuoI6aX-gVY5XzIwxTGeiJOGGjbCFEu0guOJJtBL7v0cQES3h9CRtZYwLFTBA63ge_sVGsqr1UAgrz5W_ICE1MweU5rwFmi-AwDzbOiILGPdqycxXqfDoPEykOAaFwF0FXXmmU3iuZZfd8-zlTWbj5sYkxZi7Kgef6UN80ghg4P4GLDxQOCaXDkRzQGMo8UZ_X8nrP-aRvoBLgXcCSkGUhkgOwc9dce9ZkkjTWgkPyZTUVCJd_iQHHcmZnap8tXw3WpqDtkVQ_gtzkQKzaCzNlSYWN_vhgIATnbChCgsz9S1wMV--SV-zKRZPg0Kq2aCAW7FKO3mWPP49isFa1-ZcHJVgXRh5k5xKvmCe2HRbCjmMFrlI4qzR9dZ5M_mQIR-vbKk8KW3LhCmD0cWbicLWy8cvBZP0gRZ5XkOFrOgm19rCLV-_pzUY0qiC658EcuArrnTNhb7O77f3BDGfKg6Nz9wx6BZWzqCey8uh-1WXYl6FBOM-RZGggElNUMiVH5msILxWZnl4gRCOu5Jnt3FGOxb037IzTzpj_5MUSBgUA_4NaXDlohKvIubwfA579gbAdkTleeGit4E-l0fBCMzrGtnnyHV1yi_f_iP98cOQZBx2-vJdq1mG8C7WlUXa9tvto8HSMzkZMt7BDIMdNRM6ImpdXY2LDiE_y5-XCRSbcaa5do0B-CBB2RmjM8mlW9kGXufe7593Gi5rpPW51uyD6oLLw2TWsXfoSfh5MnA3dHcJHZ3wJOpn4RkKaCAawqdysKhkQI-syfqS89nazV-scRCyE03cz459ZwOin03eX7QGK3VmY-9mWY-42J1VkTAiB1B7y7PKLQUh0rGAhS6t0V5r6nK8NWS-s1_rMcF6YsiQZe6gLYkqZEH7i5kAMcUMo3jkkMNmnTx8166KeXumZf-aNZl1AN6-XDeNX60Xe2Zd_QYM7IrbYmZiXlcIKVKn4fUvfnrz3UTf3foazyWZjvRqklbQ0e3wwVvuamu3tdx-ZNaBZvEyUO7o4AG4N1q8njIjqbV4_M3CmrTfSSmHDZeZ_OmnmFWmaMuw07aKNlWR86-xHDPxpkdf1JOTdZS0US9RO6L4V340Ooi0c0KRTwC77CicobBHtoboV_8ZYXgt_0N31PyBCXgx9jrNAeU3LjS1_fzAzmdeYuxEDzUgt9ext9Oul6DG4nO1I-Yc-M1-OtLzxjM0VFEMa52tK0ZmZ84Kg85GsTToGSDBKC6t89SAt3prsV078mPWZx1suHGWX2lx9xPsI6DxMjASiDJDIV29bEmLdiO5VJ40e52onrb-WM9XQ8iPI2TSR9vkI6pjW9tt_hEGENhvpTjKGe0blTX4uYdWdxRDMhPBSBVsTnhj0_lrXisefutRmTNdmxMmuskkT73N5aUK-bG2Jl97kndg0W97nayD3RICV-yjMt9qevE-xqCXvXrGD_dhUYsbjVfZlFZuQKkYRitWY3dGoLg6dJzSTeVft9B68_tDGDQ1Bf6tlbU6huiH92JH1LOLt8cIzxSSxhMu0f1-dljbmjGoI_dL2dwD2RHydhWkv-jDzW5JeT3UFI5rsLVoRah4vb6qNuhoHWYScd2Pl07c_8LppjKQ5UccNnx4DpYGLst1qCRaJqaeyK0mKDjf7Jg1F2mzeZ7mpdWr03BJkQ_umi6Ao98ZoNGmT76Lx5eHo5_AJ0oU60Q8XCtTjd1GiEmhppA5tr7juQ2ryEjkZ7P2CkQsuVYKncPeadVo1FN8_zoUI3UU0QSVDzbwruEsYHr5WgD9XGA4dfMTT0BFYBBnxSbru9O3KzyQMVNMoG5bZDP2uqY1SL69HaTDxVz8GraV1CrUnn74plt1K9IJemMXBe8zossTZRNwY4tpO5ZAI1Oxps-kd78atQdxZcUgiak8MKsGRDX_5iA-t-8aaH3ytxEGjZNOqw-96pMZG4VVnIJp8c9AoHRxJO4wmEtxyYwcOEWuCP3Z0eB6EO_gIhJAmCWi4sC6ICH7PLLYTKUKg4pdy-3DYVvIXc_Bl5dUXbYiavA2D-zVzzGtvWGgJJMhvrUUshZ3a7JDpK85hVUoqknARfCU6YoOd1y8rzVRrrQv1w0BFWGZ4-i9ZDOY0SPaNeL-J_1eobP6UAUTe2G_U3nffA4aRqyiBqzxxAK3-wL9hg_Szze_zO-uYN6s9oFAuu_47EMmZykqsLOB4dXZUAJPodmv_5j98iMZKQDa9DAfrGvDef55ljE7Xh6AV4Giu6GPSrrCqFnZ0DMLnYQcgrJSdL9qFRUOqyR7fKu_gmncWNGxarJBaKLuEGR52Fzfr4Q&cid=CAASJeRozEUKXEYxTnJ1H5omgj8YdOkwImXo6cSLXy0XlN9SyhRLzjA&rfl=2%2Chttps%253A%252F%252Fnets4.com%242%2Chttps%253A%252F%252Fnets4.com%252F%240

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://44b06eb17c5c54e89d8592603d21ef87.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 19:34:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 142646
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 04 Apr 2023 19:34:22 GMT

GET
H/1.1

200
OK

request.php Show response
hal90002.redintelligence.net/ Frame 5886
Redirect Chain

https://hal90002.redintelligence.net/request.php?zone=g72h7lz2c4az&nw=20&renderingType=javascript&namespace=b879aabd82&subid=&uid=0ac18f36c27f8108&screenSize=1600x1200&screenSizeAvail=1600x1200&cli...
https://hal90002.redintelligence.net/request.php?zone=g72h7lz2c4az&nw=20&renderingType=javascript&namespace=b879aabd82&subid=&uid=0ac18f36c27f8108&screenSize=1600x1200&screenSizeAvail=1600x1200&cli...

3 KB
2 KB

93ms
70ms

Script
application/x-javascript

46.4.10.47
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal90002.redintelligence.net/request.php?zone=g72h7lz2c4az&nw=20&renderingType=javascript&namespace=b879aabd82&subid=&uid=0ac18f36c27f8108&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=728x90&scrollPos=0x0&extData[]=&envData=&gdpr=-1&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCqHWOc3VNYvL6Hf6I9u8P6pyVwAWm5b2gaYWVnKfJD_AuEAEg8tO5e2CV4pCCoAfIAQmpAmqjHRtJQrI-qAMBqgTiAU_QqrfO8R2QjWey3xKR4YmjTNNghKxfZsSq2HBejlv5b0SFJsxlS0vb0IIlSFCfIZU2gIomMAPmUyYUL_t6MqlkzfxVoftml6AYR0L9CfGQi8lC_hsvkki6azrvtpik0XJ4wm3LIC-KSvKt3THxw4gSFQ5MJU2i1TZ6F5RCg67bNLfhJ26Ehs1ONZKiYBaLQFjpTO9XhxS25fI1MrjFygaPOmLb0QjFzEHJGcug1f3jU_rZuGuMa-n2bhPQrtPGO6hgEISLta5NV-7Dr6CsAe0_Zn2yDw07iCJnTN3JI4ijE9zABOuP_I73A-AEA5AGAaAGTYAHrK31nwOoB47OG6gHk9gbqAfulrECqAf-nrECqAeko7ECqAfVyRuoB6a-G6gH89EbqAeW2BuoB6qbsQKoB_-esQKoB9-fsQLYBwDSCAkIiOGAEBABGB2ACgOYCwHICwGADAGwE4-10Q7QEwDYEwPYFAHQFQH4FgGAFwE%26ae%3D1%26num%3D1%26cid%3DCAQSLgCNIrLMjgSLvxNtLs6euBYjFZCsdwcCs97R97Y8p96xexUe7MeW8L0dLsj2k9E%26sig%3DAOD64_0pKc0OUaZACsRUg-AQKI0ZgqY5Xw%26client%3Dca-pub-5413329544040947%26dbm_c%3DAKAmf-Da0r3TV4h5kgOvRIPnMw8lU5z3DTLKX3r1mKMf27cCn-FWNXhaSlgLZIoPX4GtBZDGDKB4ZZd1mDES71C2LAlDoYKolXhVAjPI0QZxNc33Aot7kMjuneio9QguCIK_i_jwDaoVOW0MJ0OmS3JxDWz1gqhBZQ%26cry%3D1%26dbm_d%3DAKAmf-A23UMbXabmDNy2e7ezZJHtFt04BH_COYbfV4Qlz4vlNUkNVRL8-fFaPM0w3Zx2sWxp5O7nbl5vb7XJxFvjn6jIPO2jLFPHFUZpK2juzavVC-l4Iw-hw6qo55loB0BwYbEcUV15YqPv9yRIBVtsTHMp_T3c6sOXw2oS8ibDcBR45fnCfiEYI3naMw0w66L69X7tV6bpeh67gueodKCeM4eBd8FPFC3VeAq5KavDlEudVYLqexCPU8qka1J-o7DqUeDEijaVQFjZwJWDZlqfmaP23oQvLJlBQIV9ZFSJ_KcokbNWWZftAczaToQblz7W9Td5lcYOY9t0DuAuhE3jUOeK2CxvCvEGxNgpJ3y2jDLOIpEjWXl3CgpXxtmtoUKM0k5UV75ehPAZ45EuWk4g3R6MlXR3dwxXyeqAqdlB6cnJbKVKtQ8qunsuBfjIPZWUKuyqPmzwCsZk1M5XW-onVtRZQHZsCg%26adurl%3D&documentReferer=https%3A%2F%2Fnets4.com%2F&ancestorOrigins=https%3A%2F%2Fnets4.com%2Chttps%3A%2F%2Fnets4.com&random=8617591050016&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0&uidRedirect=1
Requested by: Host: dafc551e4e9c5169a7a13f3d713e9282.safeframe.googlesyndication.com
URL: https://dafc551e4e9c5169a7a13f3d713e9282.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1
Protocol: HTTP/1.1
Server: 46.4.10.47 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.47.10.4.46.clients.your-server.de
Software: Apache /
Resource Hash: bcdaa58a8306d15e775bd8747043e1bda485ecae39c4cf4907e896e2aba034ed

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://dafc551e4e9c5169a7a13f3d713e9282.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 06 Apr 2022 11:11:48 GMT
Content-Encoding: gzip
Server: Apache
Vary: Accept-Encoding
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
X-NEORY-SubId: 83512400094733504444550011921002
Connection: close
Content-Type: application/x-javascript; charset=utf-8
Content-Length: 1043
Expires: Wed, 06 Apr 2022 12:11:48 +0200

Redirect headers

Pragma: no-cache
Date: Wed, 06 Apr 2022 11:11:48 GMT
Server: Apache
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Location: request.php?zone=g72h7lz2c4az&nw=20&renderingType=javascript&namespace=b879aabd82&subid=&uid=0ac18f36c27f8108&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=728x90&scrollPos=0x0&extData[]=&envData=&gdpr=-1&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCqHWOc3VNYvL6Hf6I9u8P6pyVwAWm5b2gaYWVnKfJD_AuEAEg8tO5e2CV4pCCoAfIAQmpAmqjHRtJQrI-qAMBqgTiAU_QqrfO8R2QjWey3xKR4YmjTNNghKxfZsSq2HBejlv5b0SFJsxlS0vb0IIlSFCfIZU2gIomMAPmUyYUL_t6MqlkzfxVoftml6AYR0L9CfGQi8lC_hsvkki6azrvtpik0XJ4wm3LIC-KSvKt3THxw4gSFQ5MJU2i1TZ6F5RCg67bNLfhJ26Ehs1ONZKiYBaLQFjpTO9XhxS25fI1MrjFygaPOmLb0QjFzEHJGcug1f3jU_rZuGuMa-n2bhPQrtPGO6hgEISLta5NV-7Dr6CsAe0_Zn2yDw07iCJnTN3JI4ijE9zABOuP_I73A-AEA5AGAaAGTYAHrK31nwOoB47OG6gHk9gbqAfulrECqAf-nrECqAeko7ECqAfVyRuoB6a-G6gH89EbqAeW2BuoB6qbsQKoB_-esQKoB9-fsQLYBwDSCAkIiOGAEBABGB2ACgOYCwHICwGADAGwE4-10Q7QEwDYEwPYFAHQFQH4FgGAFwE%26ae%3D1%26num%3D1%26cid%3DCAQSLgCNIrLMjgSLvxNtLs6euBYjFZCsdwcCs97R97Y8p96xexUe7MeW8L0dLsj2k9E%26sig%3DAOD64_0pKc0OUaZACsRUg-AQKI0ZgqY5Xw%26client%3Dca-pub-5413329544040947%26dbm_c%3DAKAmf-Da0r3TV4h5kgOvRIPnMw8lU5z3DTLKX3r1mKMf27cCn-FWNXhaSlgLZIoPX4GtBZDGDKB4ZZd1mDES71C2LAlDoYKolXhVAjPI0QZxNc33Aot7kMjuneio9QguCIK_i_jwDaoVOW0MJ0OmS3JxDWz1gqhBZQ%26cry%3D1%26dbm_d%3DAKAmf-A23UMbXabmDNy2e7ezZJHtFt04BH_COYbfV4Qlz4vlNUkNVRL8-fFaPM0w3Zx2sWxp5O7nbl5vb7XJxFvjn6jIPO2jLFPHFUZpK2juzavVC-l4Iw-hw6qo55loB0BwYbEcUV15YqPv9yRIBVtsTHMp_T3c6sOXw2oS8ibDcBR45fnCfiEYI3naMw0w66L69X7tV6bpeh67gueodKCeM4eBd8FPFC3VeAq5KavDlEudVYLqexCPU8qka1J-o7DqUeDEijaVQFjZwJWDZlqfmaP23oQvLJlBQIV9ZFSJ_KcokbNWWZftAczaToQblz7W9Td5lcYOY9t0DuAuhE3jUOeK2CxvCvEGxNgpJ3y2jDLOIpEjWXl3CgpXxtmtoUKM0k5UV75ehPAZ45EuWk4g3R6MlXR3dwxXyeqAqdlB6cnJbKVKtQ8qunsuBfjIPZWUKuyqPmzwCsZk1M5XW-onVtRZQHZsCg%26adurl%3D&documentReferer=https%3A%2F%2Fnets4.com%2F&ancestorOrigins=https%3A%2F%2Fnets4.com%2Chttps%3A%2F%2Fnets4.com&random=8617591050016&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0&uidRedirect=1
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 0
Expires: Wed, 06 Apr 2022 12:11:48 +0200

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame 1687 22 KB
8 KB 55ms
55ms Document
text/html 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://dafc551e4e9c5169a7a13f3d713e9282.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

accept-ranges: bytes
age: 142614
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 8395
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Mon, 04 Apr 2022 19:34:54 GMT
expires: Tue, 04 Apr 2023 19:34:54 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H/1.1 200
OK 0s3p1fkb96mt Show response
ad.ad-srv.net/zone/ Frame 557F 10 KB
3 KB 43ms
12ms Script
text/html 94.130.102.164
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ad.ad-srv.net/zone/0s3p1fkb96mt?subid=&redirectClick=
Requested by: Host: nets4.com
URL: https://nets4.com/domain/ornatus.ru
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 94.130.102.164 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.164.102.130.94.clients.your-server.de
Software: Apache /
Resource Hash: 9e2e30ded3c8549254bfd12159af29a967b4c91052c3b5c937ee5edde60451f2

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ec81b50761337029cbc265e61aaf7f67.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Date: Wed, 06 Apr 2022 11:11:48 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 2658
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8

GET
H/1.1 200
OK iju9wczm8trb Show response
hal9000.redintelligence.net/zone/ Frame 3D2E 11 KB
4 KB 34ms
12ms Script
text/html 178.63.52.121
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal9000.redintelligence.net/zone/iju9wczm8trb?subid=&gdpr=-1&gdpr_consent=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCBZluc3VNYoTnM_uU7_UPmOS66AWm5b2gaa2VnKfJD_AuEAEg8tO5e2CV4pCCoAfIAQmpAght91njR7I-qAMBqgTmAU_QG7Eyn6kq2Mpa-jMevLM0Kgl4tFU7qUBFdnqz2e1eXxJGxffAkA6ixrDf4gGVK97MxQfMcHK0h3WelK_kjjcGwRFUDy_X_AEm7oehBRVIDxP5zcZTqDhziZ9D3gm-QJG9emEFPw2YN-kBx6emdfgj9OPCVvpAuVMvjpWydnuhI6gyEfEq80EniUrEY55xn1B6QdJnB_PwdPTp2dDR6Orjg1apDEfOVRV2_BUpnbJhPlPH23_d9az2ZghvzghoLf5FL-3TV-tp40NXbtLR_JCXOttlvUbqdanVJSngziESqpbw0lwzwATrj_yO9wPgBAOQBgGgBk2AB6yt9Z8DqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhuoB_PRG6gHltgbqAeqm7ECqAffn7EC2AcA0ggJCIDhgBAQARgdgAoDmAsByAsBgAwBsBOPtdEO0BMA2BMD2BQB0BUB-BYBgBcB%26ae%3D1%26num%3D1%26cid%3DCAASJeRozEUKXEYxTnJ1H5omgj8YdOkwImXo6cSLXy0XlN9SyhRLzjA%26sig%3DAOD64_2f0YjRDdC4jM-2-bSEvwea63z0pw%26client%3Dca-pub-5413329544040947%26dbm_c%3DAKAmf-CUm9gLkhDDL3ngSN52fA0Ksl-JkHBehbodFAhscd6_8oU47Rh4wIK3zOmRIJgEBQK4ifPH21UnBFgSRWo-QUEFSNGcpp5OYPa_kCTpo2wMv8YmcvGHJ0SJJtoJFbahDR7VACX9lehLsiuNYhuk209qQjUBaA%26cry%3D1%26dbm_d%3DAKAmf-AJ2pM0hKZKplB4h50PsSfiB5Y3d1iT5AUNPnWyCLetXZuJbHB_4YX5C5XXvD0E4ky39p6rZ2GLM1uklYNK14kLM5UGL-Vm0GTBu__VwfQ9TXUa0dmxI3wB4LTfsDvSn3j3uMg5BAKeU4KXbup1jvcW9Ts-Q1VeS1jGAp2hEB6_qP9a_OUdRLsS8AHd9CbXjS2N_BCi6VuWBx5dUeBHB4iyOU_yxTOLiikPPIn2VM8xbNKRFB2_TlVH45Vez1v1rk9y6GrAyoFVYQahV5NvZ-A8_Ia2r50NAG8B7Onftio71p7Pg9rKah0fDF8noEjzYOSCPROzMPeC0dMnCV08U47RqD1Xk_2pTaieFW9yawozeBzkYW9_oSRTztDFkqWetjkzcgWwTMGuaO7OwXuP6Q9dmA5k0_hQ-8lO4tH-nhqNyTkZ0xTZpEFMwlrGXnFGIZxCRWFl9H_C9Q7YZMdYFzNrQSL2fg%26adurl%3D
Requested by: Host: 44b06eb17c5c54e89d8592603d21ef87.safeframe.googlesyndication.com
URL: https://44b06eb17c5c54e89d8592603d21ef87.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 178.63.52.121 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.121.52.63.178.clients.your-server.de
Software: Apache /
Resource Hash: b73a823af70329e090c0146df47a4f4f29c81e784f514b29d1f156607865a626

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://44b06eb17c5c54e89d8592603d21ef87.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Date: Wed, 06 Apr 2022 11:11:48 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 3934
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 3DBC 0
0 106ms
105ms Image
text/html 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gpt_2022040501&jk=680082383470449&rc=null
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

GET
H3 200 gjBotrajnK0yz4ntvsDRFlMTAuB3twHveDeuldaHPWQ.js Show response
pagead2.googlesyndication.com/bg/ Frame A246 35 KB
13 KB 57ms
57ms Script
text/javascript 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/gjBotrajnK0yz4ntvsDRFlMTAuB3twHveDeuldaHPWQ.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

823068b6b6a39cad32cf89edbec0d116531302e077b701ef7837ae95d6873d64

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Wed, 06 Apr 2022 06:29:56 GMT
content-encoding: br
x-content-type-options: nosniff
age: 16912
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13748
x-xss-protection: 0
last-modified: Mon, 28 Mar 2022 10:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 06 Apr 2023 06:29:56 GMT

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame 45FF 22 KB
8 KB 57ms
57ms Document
text/html 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://44b06eb17c5c54e89d8592603d21ef87.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

accept-ranges: bytes
age: 142614
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 8395
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Mon, 04 Apr 2022 19:34:54 GMT
expires: Tue, 04 Apr 2023 19:34:54 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H/1.1 200
OK request.php Show response
hal90005.redintelligence.net/ Frame 3D2E 2 KB
1 KB 152ms
112ms Script
application/x-javascript 138.201.63.165
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal90005.redintelligence.net/request.php?zone=iju9wczm8trb&nw=20&renderingType=javascript&namespace=a85933ef96&subid=&uid=e02c029adbd4d2b2&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=300x250&scrollPos=0x0&extData[]=&envData=&gdpr=-1&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCBZluc3VNYoTnM_uU7_UPmOS66AWm5b2gaa2VnKfJD_AuEAEg8tO5e2CV4pCCoAfIAQmpAght91njR7I-qAMBqgTmAU_QG7Eyn6kq2Mpa-jMevLM0Kgl4tFU7qUBFdnqz2e1eXxJGxffAkA6ixrDf4gGVK97MxQfMcHK0h3WelK_kjjcGwRFUDy_X_AEm7oehBRVIDxP5zcZTqDhziZ9D3gm-QJG9emEFPw2YN-kBx6emdfgj9OPCVvpAuVMvjpWydnuhI6gyEfEq80EniUrEY55xn1B6QdJnB_PwdPTp2dDR6Orjg1apDEfOVRV2_BUpnbJhPlPH23_d9az2ZghvzghoLf5FL-3TV-tp40NXbtLR_JCXOttlvUbqdanVJSngziESqpbw0lwzwATrj_yO9wPgBAOQBgGgBk2AB6yt9Z8DqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhuoB_PRG6gHltgbqAeqm7ECqAffn7EC2AcA0ggJCIDhgBAQARgdgAoDmAsByAsBgAwBsBOPtdEO0BMA2BMD2BQB0BUB-BYBgBcB%26ae%3D1%26num%3D1%26cid%3DCAASJeRozEUKXEYxTnJ1H5omgj8YdOkwImXo6cSLXy0XlN9SyhRLzjA%26sig%3DAOD64_2f0YjRDdC4jM-2-bSEvwea63z0pw%26client%3Dca-pub-5413329544040947%26dbm_c%3DAKAmf-CUm9gLkhDDL3ngSN52fA0Ksl-JkHBehbodFAhscd6_8oU47Rh4wIK3zOmRIJgEBQK4ifPH21UnBFgSRWo-QUEFSNGcpp5OYPa_kCTpo2wMv8YmcvGHJ0SJJtoJFbahDR7VACX9lehLsiuNYhuk209qQjUBaA%26cry%3D1%26dbm_d%3DAKAmf-AJ2pM0hKZKplB4h50PsSfiB5Y3d1iT5AUNPnWyCLetXZuJbHB_4YX5C5XXvD0E4ky39p6rZ2GLM1uklYNK14kLM5UGL-Vm0GTBu__VwfQ9TXUa0dmxI3wB4LTfsDvSn3j3uMg5BAKeU4KXbup1jvcW9Ts-Q1VeS1jGAp2hEB6_qP9a_OUdRLsS8AHd9CbXjS2N_BCi6VuWBx5dUeBHB4iyOU_yxTOLiikPPIn2VM8xbNKRFB2_TlVH45Vez1v1rk9y6GrAyoFVYQahV5NvZ-A8_Ia2r50NAG8B7Onftio71p7Pg9rKah0fDF8noEjzYOSCPROzMPeC0dMnCV08U47RqD1Xk_2pTaieFW9yawozeBzkYW9_oSRTztDFkqWetjkzcgWwTMGuaO7OwXuP6Q9dmA5k0_hQ-8lO4tH-nhqNyTkZ0xTZpEFMwlrGXnFGIZxCRWFl9H_C9Q7YZMdYFzNrQSL2fg%26adurl%3D&documentReferer=https%3A%2F%2Fnets4.com%2F&ancestorOrigins=https%3A%2F%2Fnets4.com%2Chttps%3A%2F%2Fnets4.com&random=7678760681863&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0
Requested by: Host: hal9000.redintelligence.net
URL: https://hal9000.redintelligence.net/zone/iju9wczm8trb?subid=&gdpr=-1&gdpr_consent=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCBZluc3VNYoTnM_uU7_UPmOS66AWm5b2gaa2VnKfJD_AuEAEg8tO5e2CV4pCCoAfIAQmpAght91njR7I-qAMBqgTmAU_QG7Eyn6kq2Mpa-jMevLM0Kgl4tFU7qUBFdnqz2e1eXxJGxffAkA6ixrDf4gGVK97MxQfMcHK0h3WelK_kjjcGwRFUDy_X_AEm7oehBRVIDxP5zcZTqDhziZ9D3gm-QJG9emEFPw2YN-kBx6emdfgj9OPCVvpAuVMvjpWydnuhI6gyEfEq80EniUrEY55xn1B6QdJnB_PwdPTp2dDR6Orjg1apDEfOVRV2_BUpnbJhPlPH23_d9az2ZghvzghoLf5FL-3TV-tp40NXbtLR_JCXOttlvUbqdanVJSngziESqpbw0lwzwATrj_yO9wPgBAOQBgGgBk2AB6yt9Z8DqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhuoB_PRG6gHltgbqAeqm7ECqAffn7EC2AcA0ggJCIDhgBAQARgdgAoDmAsByAsBgAwBsBOPtdEO0BMA2BMD2BQB0BUB-BYBgBcB%26ae%3D1%26num%3D1%26cid%3DCAASJeRozEUKXEYxTnJ1H5omgj8YdOkwImXo6cSLXy0XlN9SyhRLzjA%26sig%3DAOD64_2f0YjRDdC4jM-2-bSEvwea63z0pw%26client%3Dca-pub-5413329544040947%26dbm_c%3DAKAmf-CUm9gLkhDDL3ngSN52fA0Ksl-JkHBehbodFAhscd6_8oU47Rh4wIK3zOmRIJgEBQK4ifPH21UnBFgSRWo-QUEFSNGcpp5OYPa_kCTpo2wMv8YmcvGHJ0SJJtoJFbahDR7VACX9lehLsiuNYhuk209qQjUBaA%26cry%3D1%26dbm_d%3DAKAmf-AJ2pM0hKZKplB4h50PsSfiB5Y3d1iT5AUNPnWyCLetXZuJbHB_4YX5C5XXvD0E4ky39p6rZ2GLM1uklYNK14kLM5UGL-Vm0GTBu__VwfQ9TXUa0dmxI3wB4LTfsDvSn3j3uMg5BAKeU4KXbup1jvcW9Ts-Q1VeS1jGAp2hEB6_qP9a_OUdRLsS8AHd9CbXjS2N_BCi6VuWBx5dUeBHB4iyOU_yxTOLiikPPIn2VM8xbNKRFB2_TlVH45Vez1v1rk9y6GrAyoFVYQahV5NvZ-A8_Ia2r50NAG8B7Onftio71p7Pg9rKah0fDF8noEjzYOSCPROzMPeC0dMnCV08U47RqD1Xk_2pTaieFW9yawozeBzkYW9_oSRTztDFkqWetjkzcgWwTMGuaO7OwXuP6Q9dmA5k0_hQ-8lO4tH-nhqNyTkZ0xTZpEFMwlrGXnFGIZxCRWFl9H_C9Q7YZMdYFzNrQSL2fg%26adurl%3D
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.63.165 Reilingen, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.165.63.201.138.clients.your-server.de
Software: Apache /
Resource Hash: 58ba9c6598fbc4c586ef022e1b134976c4018a6c8f8df53bee54b03701c072f5

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://44b06eb17c5c54e89d8592603d21ef87.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 06 Apr 2022 11:11:48 GMT
Content-Encoding: gzip
Server: Apache
Vary: Accept-Encoding
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
X-NEORY-SubId: 52083000108516004444554011921005
Connection: close
Content-Type: application/x-javascript; charset=utf-8
Content-Length: 861
Expires: Wed, 06 Apr 2022 12:11:48 +0200

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame AFCE 0
9 B 56ms
56ms Image
text/plain 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?D2x66A
Requested by: Host: nets4.com
URL: https://nets4.com/domain/ornatus.ru
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Wed, 06 Apr 2022 11:11:48 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0

GET
H/1.1

200
OK

request.php Show response
ad3.ad-srv.net/ Frame 557F
Redirect Chain

https://ad3.ad-srv.net/request.php?zone=0s3p1fkb96mt&nw=11&renderingType=javascript&namespace=b89440fabb&subid=&uid=5462ca8861222054&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=728x90...
https://ad3.ad-srv.net/request.php?zone=0s3p1fkb96mt&nw=11&renderingType=javascript&namespace=b89440fabb&subid=&uid=5462ca8861222054&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=728x90...

3 KB
2 KB

54ms
32ms

Script
application/x-javascript

138.201.63.117
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ad3.ad-srv.net/request.php?zone=0s3p1fkb96mt&nw=11&renderingType=javascript&namespace=b89440fabb&subid=&uid=5462ca8861222054&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=728x90&scrollPos=0x0&extData[]=&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=&documentReferer=https%3A%2F%2Fnets4.com%2F&ancestorOrigins=https%3A%2F%2Fnets4.com%2Chttps%3A%2F%2Fnets4.com&random=2047792836401&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0&uidRedirect=1
Requested by: Host: ec81b50761337029cbc265e61aaf7f67.safeframe.googlesyndication.com
URL: https://ec81b50761337029cbc265e61aaf7f67.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1
Protocol: HTTP/1.1
Server: 138.201.63.117 Reilingen, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.117.63.201.138.clients.your-server.de
Software: Apache /
Resource Hash: f44b497a60f93e8791aeb7e150aeda387d88bf063521a9ae04afabc2e8d11248

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ec81b50761337029cbc265e61aaf7f67.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 06 Apr 2022 11:11:48 GMT
Content-Encoding: gzip
Server: Apache
Vary: Accept-Encoding
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
X-NEORY-SubId: 28472900099787900383828011921003
Connection: close
Content-Type: application/x-javascript; charset=utf-8
Content-Length: 1021
Expires: Wed, 06 Apr 2022 12:11:48 +0200

Redirect headers

Pragma: no-cache
Date: Wed, 06 Apr 2022 11:11:48 GMT
Server: Apache
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Location: request.php?zone=0s3p1fkb96mt&nw=11&renderingType=javascript&namespace=b89440fabb&subid=&uid=5462ca8861222054&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=728x90&scrollPos=0x0&extData[]=&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=&documentReferer=https%3A%2F%2Fnets4.com%2F&ancestorOrigins=https%3A%2F%2Fnets4.com%2Chttps%3A%2F%2Fnets4.com&random=2047792836401&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0&uidRedirect=1
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 0
Expires: Wed, 06 Apr 2022 12:11:48 +0200

GET
H3 200 gjBotrajnK0yz4ntvsDRFlMTAuB3twHveDeuldaHPWQ.js Show response
pagead2.googlesyndication.com/bg/ Frame 5506 35 KB
13 KB 57ms
57ms Script
text/javascript 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/gjBotrajnK0yz4ntvsDRFlMTAuB3twHveDeuldaHPWQ.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

823068b6b6a39cad32cf89edbec0d116531302e077b701ef7837ae95d6873d64

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Wed, 06 Apr 2022 06:29:56 GMT
content-encoding: br
x-content-type-options: nosniff
age: 16912
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13748
x-xss-protection: 0
last-modified: Mon, 28 Mar 2022 10:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 06 Apr 2023 06:29:56 GMT

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame 6EB2 0
9 B 55ms
55ms Image
text/plain 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?-YASTg
Requested by: Host: nets4.com
URL: https://nets4.com/domain/ornatus.ru
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Wed, 06 Apr 2022 11:11:48 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0

GET
H3 200 gjBotrajnK0yz4ntvsDRFlMTAuB3twHveDeuldaHPWQ.js Show response
pagead2.googlesyndication.com/bg/ Frame CD5C 35 KB
13 KB 57ms
57ms Script
text/javascript 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/gjBotrajnK0yz4ntvsDRFlMTAuB3twHveDeuldaHPWQ.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

823068b6b6a39cad32cf89edbec0d116531302e077b701ef7837ae95d6873d64

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Wed, 06 Apr 2022 06:29:56 GMT
content-encoding: br
x-content-type-options: nosniff
age: 16912
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13748
x-xss-protection: 0
last-modified: Mon, 28 Mar 2022 10:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 06 Apr 2023 06:29:56 GMT

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame 9126 0
9 B 56ms
55ms Image
text/plain 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?f9a0vg
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Wed, 06 Apr 2022 11:11:48 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0

GET
H2

200

view.aspx Show response
pb.media01.eu/ Frame 3EB9
Redirect Chain

https://pv.medialead.de/trck/epv/e99aace94e6e5873881d3400993e1e7e?subid=83512400094733504444550011921002&t=htlp
https://pb.media01.eu/view.aspx?trackid=529D4F146E3238B0FD87AE72E1190AD4&dt_subid1=52180&dt_subid2=83512400094733504444550011921002&actionid=981741&produktid=&dt_url=

0
200 B

106ms
65ms

Document
text/html

88.198.250.30
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://pb.media01.eu/view.aspx?trackid=529D4F146E3238B0FD87AE72E1190AD4&dt_subid1=52180&dt_subid2=83512400094733504444550011921002&actionid=981741&produktid=&dt_url=

Requested by

Host: hal90002.redintelligence.net
URL: https://hal90002.redintelligence.net/request.php?zone=g72h7lz2c4az&nw=20&renderingType=javascript&namespace=b879aabd82&subid=&uid=0ac18f36c27f8108&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=728x90&scrollPos=0x0&extData[]=&envData=&gdpr=-1&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCqHWOc3VNYvL6Hf6I9u8P6pyVwAWm5b2gaYWVnKfJD_AuEAEg8tO5e2CV4pCCoAfIAQmpAmqjHRtJQrI-qAMBqgTiAU_QqrfO8R2QjWey3xKR4YmjTNNghKxfZsSq2HBejlv5b0SFJsxlS0vb0IIlSFCfIZU2gIomMAPmUyYUL_t6MqlkzfxVoftml6AYR0L9CfGQi8lC_hsvkki6azrvtpik0XJ4wm3LIC-KSvKt3THxw4gSFQ5MJU2i1TZ6F5RCg67bNLfhJ26Ehs1ONZKiYBaLQFjpTO9XhxS25fI1MrjFygaPOmLb0QjFzEHJGcug1f3jU_rZuGuMa-n2bhPQrtPGO6hgEISLta5NV-7Dr6CsAe0_Zn2yDw07iCJnTN3JI4ijE9zABOuP_I73A-AEA5AGAaAGTYAHrK31nwOoB47OG6gHk9gbqAfulrECqAf-nrECqAeko7ECqAfVyRuoB6a-G6gH89EbqAeW2BuoB6qbsQKoB_-esQKoB9-fsQLYBwDSCAkIiOGAEBABGB2ACgOYCwHICwGADAGwE4-10Q7QEwDYEwPYFAHQFQH4FgGAFwE%26ae%3D1%26num%3D1%26cid%3DCAQSLgCNIrLMjgSLvxNtLs6euBYjFZCsdwcCs97R97Y8p96xexUe7MeW8L0dLsj2k9E%26sig%3DAOD64_0pKc0OUaZACsRUg-AQKI0ZgqY5Xw%26client%3Dca-pub-5413329544040947%26dbm_c%3DAKAmf-Da0r3TV4h5kgOvRIPnMw8lU5z3DTLKX3r1mKMf27cCn-FWNXhaSlgLZIoPX4GtBZDGDKB4ZZd1mDES71C2LAlDoYKolXhVAjPI0QZxNc33Aot7kMjuneio9QguCIK_i_jwDaoVOW0MJ0OmS3JxDWz1gqhBZQ%26cry%3D1%26dbm_d%3DAKAmf-A23UMbXabmDNy2e7ezZJHtFt04BH_COYbfV4Qlz4vlNUkNVRL8-fFaPM0w3Zx2sWxp5O7nbl5vb7XJxFvjn6jIPO2jLFPHFUZpK2juzavVC-l4Iw-hw6qo55loB0BwYbEcUV15YqPv9yRIBVtsTHMp_T3c6sOXw2oS8ibDcBR45fnCfiEYI3naMw0w66L69X7tV6bpeh67gueodKCeM4eBd8FPFC3VeAq5KavDlEudVYLqexCPU8qka1J-o7DqUeDEijaVQFjZwJWDZlqfmaP23oQvLJlBQIV9ZFSJ_KcokbNWWZftAczaToQblz7W9Td5lcYOY9t0DuAuhE3jUOeK2CxvCvEGxNgpJ3y2jDLOIpEjWXl3CgpXxtmtoUKM0k5UV75ehPAZ45EuWk4g3R6MlXR3dwxXyeqAqdlB6cnJbKVKtQ8qunsuBfjIPZWUKuyqPmzwCsZk1M5XW-onVtRZQHZsCg%26adurl%3D&documentReferer=https%3A%2F%2Fnets4.com%2F&ancestorOrigins=https%3A%2F%2Fnets4.com%2Chttps%3A%2F%2Fnets4.com&random=8617591050016&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

88.198.250.30 Hamburg, Germany, ASN24940 (HETZNER-AS, DE),

Reverse DNS

static.88-198-250-30.clients.your-server.de

Software

Microsoft-IIS/10.0 / ASP.NET

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://dafc551e4e9c5169a7a13f3d713e9282.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Content-Type, Content-Range, Content-Disposition, Content-Description, X-XSRF-TOKEN, X-Location
access-control-allow-methods: GET,POST
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
content-length: 0
content-type: text/html; charset=UTF-8
date: Wed, 06 Apr 2022 11:11:48 GMT
expires: Mon, 26 Jul 1997 05:00:00 GMT
last-modified: Wed, 06 Apr 2022 01:11:48 GMT
p3p: policyref="https://pb.media01.eu/pb.media01.eu/p3p.xml", CP="NOI NID PSA OUR BUS NAV STA"
pragma: no-cache
server: Microsoft-IIS/10.0
x-aspnet-version: 4.0.30319
x-powered-by: ASP.NET
x-xss-protection: 1; mode=block

Redirect headers

Content-Length: 0
Content-Type: application/javascript
Date: Wed, 06 Apr 2022 11:11:49 GMT
Host: pv.medialead.de
Keep-Alive: timeout=20
Location: https://pb.media01.eu/view.aspx?trackid=529D4F146E3238B0FD87AE72E1190AD4&dt_subid1=52180&dt_subid2=83512400094733504444550011921002&actionid=981741&produktid=&dt_url=
Proxy-Host: pv.medialead.de
Server: nginx/1.17.5
Strict-Transport-Security: max-age=15768000
X-IPLB-Instance: 40027
X-IPLB-Request-ID: B9D59BA2:C088_91EFC182:01BB_624D7574_19CC971C:F724

GET
H2

200

htlp Show response
futalis.de/ Frame C26D
Redirect Chain

https://cdn.retailads.net/tb.php?t=150337V2172132532M&subid=83512400094733504444550011921002&ra_cnt_active=1&ra_cnt=1
https://futalis.de/htlp?utm_medium=affiliate&utm_source=retailads&utm_campaign=150337&ra_id=1311527129

350 B
409 B

53ms
14ms

Document
text/html

49.12.16.151
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://futalis.de/htlp?utm_medium=affiliate&utm_source=retailads&utm_campaign=150337&ra_id=1311527129
Requested by: Host: hal90002.redintelligence.net
URL: https://hal90002.redintelligence.net/request.php?zone=g72h7lz2c4az&nw=20&renderingType=javascript&namespace=b879aabd82&subid=&uid=0ac18f36c27f8108&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=728x90&scrollPos=0x0&extData[]=&envData=&gdpr=-1&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCqHWOc3VNYvL6Hf6I9u8P6pyVwAWm5b2gaYWVnKfJD_AuEAEg8tO5e2CV4pCCoAfIAQmpAmqjHRtJQrI-qAMBqgTiAU_QqrfO8R2QjWey3xKR4YmjTNNghKxfZsSq2HBejlv5b0SFJsxlS0vb0IIlSFCfIZU2gIomMAPmUyYUL_t6MqlkzfxVoftml6AYR0L9CfGQi8lC_hsvkki6azrvtpik0XJ4wm3LIC-KSvKt3THxw4gSFQ5MJU2i1TZ6F5RCg67bNLfhJ26Ehs1ONZKiYBaLQFjpTO9XhxS25fI1MrjFygaPOmLb0QjFzEHJGcug1f3jU_rZuGuMa-n2bhPQrtPGO6hgEISLta5NV-7Dr6CsAe0_Zn2yDw07iCJnTN3JI4ijE9zABOuP_I73A-AEA5AGAaAGTYAHrK31nwOoB47OG6gHk9gbqAfulrECqAf-nrECqAeko7ECqAfVyRuoB6a-G6gH89EbqAeW2BuoB6qbsQKoB_-esQKoB9-fsQLYBwDSCAkIiOGAEBABGB2ACgOYCwHICwGADAGwE4-10Q7QEwDYEwPYFAHQFQH4FgGAFwE%26ae%3D1%26num%3D1%26cid%3DCAQSLgCNIrLMjgSLvxNtLs6euBYjFZCsdwcCs97R97Y8p96xexUe7MeW8L0dLsj2k9E%26sig%3DAOD64_0pKc0OUaZACsRUg-AQKI0ZgqY5Xw%26client%3Dca-pub-5413329544040947%26dbm_c%3DAKAmf-Da0r3TV4h5kgOvRIPnMw8lU5z3DTLKX3r1mKMf27cCn-FWNXhaSlgLZIoPX4GtBZDGDKB4ZZd1mDES71C2LAlDoYKolXhVAjPI0QZxNc33Aot7kMjuneio9QguCIK_i_jwDaoVOW0MJ0OmS3JxDWz1gqhBZQ%26cry%3D1%26dbm_d%3DAKAmf-A23UMbXabmDNy2e7ezZJHtFt04BH_COYbfV4Qlz4vlNUkNVRL8-fFaPM0w3Zx2sWxp5O7nbl5vb7XJxFvjn6jIPO2jLFPHFUZpK2juzavVC-l4Iw-hw6qo55loB0BwYbEcUV15YqPv9yRIBVtsTHMp_T3c6sOXw2oS8ibDcBR45fnCfiEYI3naMw0w66L69X7tV6bpeh67gueodKCeM4eBd8FPFC3VeAq5KavDlEudVYLqexCPU8qka1J-o7DqUeDEijaVQFjZwJWDZlqfmaP23oQvLJlBQIV9ZFSJ_KcokbNWWZftAczaToQblz7W9Td5lcYOY9t0DuAuhE3jUOeK2CxvCvEGxNgpJ3y2jDLOIpEjWXl3CgpXxtmtoUKM0k5UV75ehPAZ45EuWk4g3R6MlXR3dwxXyeqAqdlB6cnJbKVKtQ8qunsuBfjIPZWUKuyqPmzwCsZk1M5XW-onVtRZQHZsCg%26adurl%3D&documentReferer=https%3A%2F%2Fnets4.com%2F&ancestorOrigins=https%3A%2F%2Fnets4.com%2Chttps%3A%2F%2Fnets4.com&random=8617591050016&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 49.12.16.151 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: lb-1.futalis.de
Software: /
Resource Hash: 582e283baa4cce4006055beb2eb8fe257c1ec5ef573a40f173b880636089e8cd

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://dafc551e4e9c5169a7a13f3d713e9282.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

content-length: 350
content-type: text/html; charset=utf-8

Redirect headers

content-length: 0
content-type: text/html; charset=utf-8
date: Wed, 06 Apr 2022 11:11:48 GMT
location: https://futalis.de/htlp?utm_medium=affiliate&utm_source=retailads&utm_campaign=150337&ra_id=1311527129
p3p: policyref="https://www.retailads.net//w3c/p3p.xml",CP="NOI CUR OUR STP"
server: Apache

GET
H/1.1 200
OK link.html Show response
track.webgains.com/ Frame 5886 1 KB
2 KB 234ms
132ms Script
text/html 46.236.13.147
PULSANT-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://track.webgains.com/link.html?wglinkid=3392345&wgcampaignid=99582&viewref=83512400094733504444550011921002&js=1&nw=1
Requested by: Host: nets4.com
URL: https://nets4.com/domain/ornatus.ru
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_CBC
Server: 46.236.13.147 , United Kingdom, ASN12703 (PULSANT-AS, GB),
Reverse DNS: 46-236-13-147.servers.dedipower.net
Software: Apache /
Resource Hash: 2ec71a02540d62fac8eb6b80ed4989d4f84e19eecd7009ff4d951da38f56380a

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://dafc551e4e9c5169a7a13f3d713e9282.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 06 Apr 2022 11:11:49 GMT
Last-Modified: Wed, 06 Apr 2022 11:11:49 GMT
Server: Apache
P3P: policyref="http://www.webgains.com/w3c/p3p.xml", CP="NON DSP COR NID ADM DEV CURi OUR NOR COM NAV"
X-WG-cache: hit
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection: close
Content-Type: text/html;charset=utf-8
Content-Length: 1239
Expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H/1.1 200
OK request_content.php Show response
hal90002.redintelligence.net/ Frame E110 7 KB
2 KB 34ms
12ms Document
text/html 46.4.10.47
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal90002.redintelligence.net/request_content.php?s=83512400094733504444550011921002&a=d3ca1251
Requested by: Host: hal90002.redintelligence.net
URL: https://hal90002.redintelligence.net/request.php?zone=g72h7lz2c4az&nw=20&renderingType=javascript&namespace=b879aabd82&subid=&uid=0ac18f36c27f8108&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=728x90&scrollPos=0x0&extData[]=&envData=&gdpr=-1&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCqHWOc3VNYvL6Hf6I9u8P6pyVwAWm5b2gaYWVnKfJD_AuEAEg8tO5e2CV4pCCoAfIAQmpAmqjHRtJQrI-qAMBqgTiAU_QqrfO8R2QjWey3xKR4YmjTNNghKxfZsSq2HBejlv5b0SFJsxlS0vb0IIlSFCfIZU2gIomMAPmUyYUL_t6MqlkzfxVoftml6AYR0L9CfGQi8lC_hsvkki6azrvtpik0XJ4wm3LIC-KSvKt3THxw4gSFQ5MJU2i1TZ6F5RCg67bNLfhJ26Ehs1ONZKiYBaLQFjpTO9XhxS25fI1MrjFygaPOmLb0QjFzEHJGcug1f3jU_rZuGuMa-n2bhPQrtPGO6hgEISLta5NV-7Dr6CsAe0_Zn2yDw07iCJnTN3JI4ijE9zABOuP_I73A-AEA5AGAaAGTYAHrK31nwOoB47OG6gHk9gbqAfulrECqAf-nrECqAeko7ECqAfVyRuoB6a-G6gH89EbqAeW2BuoB6qbsQKoB_-esQKoB9-fsQLYBwDSCAkIiOGAEBABGB2ACgOYCwHICwGADAGwE4-10Q7QEwDYEwPYFAHQFQH4FgGAFwE%26ae%3D1%26num%3D1%26cid%3DCAQSLgCNIrLMjgSLvxNtLs6euBYjFZCsdwcCs97R97Y8p96xexUe7MeW8L0dLsj2k9E%26sig%3DAOD64_0pKc0OUaZACsRUg-AQKI0ZgqY5Xw%26client%3Dca-pub-5413329544040947%26dbm_c%3DAKAmf-Da0r3TV4h5kgOvRIPnMw8lU5z3DTLKX3r1mKMf27cCn-FWNXhaSlgLZIoPX4GtBZDGDKB4ZZd1mDES71C2LAlDoYKolXhVAjPI0QZxNc33Aot7kMjuneio9QguCIK_i_jwDaoVOW0MJ0OmS3JxDWz1gqhBZQ%26cry%3D1%26dbm_d%3DAKAmf-A23UMbXabmDNy2e7ezZJHtFt04BH_COYbfV4Qlz4vlNUkNVRL8-fFaPM0w3Zx2sWxp5O7nbl5vb7XJxFvjn6jIPO2jLFPHFUZpK2juzavVC-l4Iw-hw6qo55loB0BwYbEcUV15YqPv9yRIBVtsTHMp_T3c6sOXw2oS8ibDcBR45fnCfiEYI3naMw0w66L69X7tV6bpeh67gueodKCeM4eBd8FPFC3VeAq5KavDlEudVYLqexCPU8qka1J-o7DqUeDEijaVQFjZwJWDZlqfmaP23oQvLJlBQIV9ZFSJ_KcokbNWWZftAczaToQblz7W9Td5lcYOY9t0DuAuhE3jUOeK2CxvCvEGxNgpJ3y2jDLOIpEjWXl3CgpXxtmtoUKM0k5UV75ehPAZ45EuWk4g3R6MlXR3dwxXyeqAqdlB6cnJbKVKtQ8qunsuBfjIPZWUKuyqPmzwCsZk1M5XW-onVtRZQHZsCg%26adurl%3D&documentReferer=https%3A%2F%2Fnets4.com%2F&ancestorOrigins=https%3A%2F%2Fnets4.com%2Chttps%3A%2F%2Fnets4.com&random=8617591050016&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 46.4.10.47 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.47.10.4.46.clients.your-server.de
Software: Apache /
Resource Hash: dc1b8ee32db93a82613603876b57166be812c64eb91122b40ecf40f9651eb2a7

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://dafc551e4e9c5169a7a13f3d713e9282.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Connection: close
Content-Encoding: gzip
Content-Length: 2091
Content-Type: text/html; charset=utf-8
Date: Wed, 06 Apr 2022 11:11:48 GMT
Expires: Wed, 06 Apr 2022 12:11:48 +0200
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Pragma: no-cache
Server: Apache
Vary: Accept-Encoding

GET
H/1.1

200
OK

native.png
ad-server.eu/wm/pb/ Frame 5886
Redirect Chain

https://medialead.de/trck/eview/e99aace94e6e5873881d3400993e1e7e?subid=83512400094733504444550011921002
https://pv.medialead.de/trck/eview/e99aace94e6e5873881d3400993e1e7e?subid=83512400094733504444550011921002
https://ad-server.eu/wm/pb/native.png

68 B
312 B

153ms
29ms

Image
image/png

54.76.176.197
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ad-server.eu/wm/pb/native.png
Requested by: Host: dafc551e4e9c5169a7a13f3d713e9282.safeframe.googlesyndication.com
URL: https://dafc551e4e9c5169a7a13f3d713e9282.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1
Protocol: HTTP/1.1
Server: 54.76.176.197 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-76-176-197.eu-west-1.compute.amazonaws.com
Software: nginx/1.4.6 (Ubuntu) /
Resource Hash: 93ae7d494fad0fb30cbf3ae746a39c4bc7a0f8bbf87fbb587a3f3c01f3c5ce20

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://dafc551e4e9c5169a7a13f3d713e9282.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Date: Wed, 06 Apr 2022 11:17:12 GMT
Last-Modified: Sat, 21 Dec 2019 23:06:59 GMT
Server: nginx/1.4.6 (Ubuntu)
ETag: "5dfea593-44"
Content-Type: image/png
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 68

Redirect headers

Date: Wed, 06 Apr 2022 11:11:49 GMT
Server: nginx/1.17.5
Host: pv.medialead.de
X-IPLB-Request-ID: B9D59BA2:C088_91EFC182:01BB_624D7575_19CC972F:F724
X-IPLB-Instance: 40027
Strict-Transport-Security: max-age=15768000
Content-Type: application/go
Location: https://ad-server.eu/wm/pb/native.png
Keep-Alive: timeout=20
Content-Length: 0
Proxy-Host: pv.medialead.de

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame 6E8F 0
9 B 55ms
55ms Image
text/plain 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?KyL1sA
Requested by: Host: nets4.com
URL: https://nets4.com/domain/ornatus.ru
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Wed, 06 Apr 2022 11:11:48 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0

GET
H3 200 gjBotrajnK0yz4ntvsDRFlMTAuB3twHveDeuldaHPWQ.js Show response
pagead2.googlesyndication.com/bg/ Frame 1687 35 KB
13 KB 57ms
57ms Script
text/javascript 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/gjBotrajnK0yz4ntvsDRFlMTAuB3twHveDeuldaHPWQ.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

823068b6b6a39cad32cf89edbec0d116531302e077b701ef7837ae95d6873d64

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Wed, 06 Apr 2022 06:29:56 GMT
content-encoding: br
x-content-type-options: nosniff
age: 16913
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13748
x-xss-protection: 0
last-modified: Mon, 28 Mar 2022 10:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 06 Apr 2023 06:29:56 GMT

GET
H2

200

view.aspx Show response
pb.media01.eu/ Frame E6D1
Redirect Chain

https://pv.medialead.de/trck/epv/e99aace94e6e5873881d3400993e1e7e?subid=17772100104078704444964011921030&t=htlp
https://pb.media01.eu/view.aspx?trackid=529D4F146E3238B0FD87AE72E1190AD4&dt_subid1=52180&dt_subid2=17772100104078704444964011921030&actionid=981741&produktid=&dt_url=

0
629 B

46ms
46ms

Document
text/html

88.198.250.30
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://pb.media01.eu/view.aspx?trackid=529D4F146E3238B0FD87AE72E1190AD4&dt_subid1=52180&dt_subid2=17772100104078704444964011921030&actionid=981741&produktid=&dt_url=

Requested by

Host: hal900030.redintelligence.net
URL: https://hal900030.redintelligence.net/request.php?zone=hlbrm3vhvew1&nw=20&renderingType=javascript&namespace=aab503079c&subid=&uid=1ddc300c1e32d356&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=320x100&scrollPos=0x0&extData[]=&envData=&gdpr=-1&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCGZFjc3VNYr_RH4jD7_UP64-Q4Azr0sGhad343vTFD_AuEAEg8tO5e2CV4pCCoAfIAQmpApzIbW2TRLI-qAMBqgTjAU_QRdcxx22Xdef64H_N4BbPyjigAVRhj9gb96nIayoF_eXShBEkKgAc1J0SStt__kE5D2s5Q7-FiA4QBtqoa3-wfS3clHv4YL1-hn3ftT4pFSFDj0cQ-j0vAjhiWlmyChR_58PdPxb5NTz3ksNgBgz0BPmuQELa7_McrcalwBgIA3Co64t4bx37NLvlxmw7Ydkne1jWIsSaGif7kQxrm3SfAg5DmqRjLAayBgxBFiXN2W-UYA0hlCjE6gMQyFkmkdM5gdsbe0jIvx0Mamu1-c3ghMYCcza7ieLvaOXSnDgWecnHwAS-jurk-QPgBAOQBgGgBk2AB6yt9Z8DqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhuoB_PRG6gHltgbqAeqm7ECqAffn7EC2AcA0ggJCIjhgBAQARgdgAoDmAsByAsBgAwBsBOPtdEO0BMA2BMD2BQB0BUB-BYBgBcB%26ae%3D1%26num%3D1%26cid%3DCAASJ-RoxXWFTzELul37GAv6AGfb5sYGvjmr3OJ_rozOX3NmHfwkd1dQ3w%26sig%3DAOD64_31ZOdYVrI3cg0FRfC72y2RK2wiuw%26client%3Dca-pub-5413329544040947%26dbm_c%3DAKAmf-D84dvb0AThHjuB8YYIXav89xB4ri-Sw45Q4ycMZ3dAox3N0kkbafKWqCf40ZoVwQK_4cCrwYxQ2tzlhwBBKrSvxLT5YxYo4nCI3_fk7gQ4LGSPw2fvFChZz2jhkKktXl-u_IlpNfsMKbTLbGMnWkRZxubS8A%26cry%3D1%26dbm_d%3DAKAmf-DtgzYNeaALiTHsHXo98ZYuTDCYbo24StRvmVYPzLQr-SQV3IlBAD9aekEOcvzD0ZpBImrs7BvLeAbCRzOXwO6PK86U66Arx2CO2UbCej10H5f5Ah7pBJuf71Z5dJtzfxDk7IAvNVqo9FkdtnIjTyp87tutPbK1a5edBEmwLWjECzIjVse1RXXDx1H9duOH4i2P5yj3SE-A4UMJIMajeukZdnr_Im_vbJHZtzlxQ_BMIrGY8Qw77UzUf1lTBOvmGSSjB8JtMh8u-8E3Iro_GEzpGOGYWpYAexZmsZZXBNPcSUWRzti2LpSQNC8tgOaSGurEHzUJGHAAnSRxTU3nFrwBGB0joLOAH64m5bIC8mJV7rfeAEkcDHarcCOcp6_Ahrf2Ff1eJIZWtErfVZNtZbmdlwDu6K-hB5mHfaP92IUDBt3U9qFnuKum0dkGmowFEMK0NtbCszJW3IZGmHYNuA1DhTQjhg%26adurl%3D&documentReferer=https%3A%2F%2Fnets4.com%2F&ancestorOrigins=https%3A%2F%2Fnets4.com%2Chttps%3A%2F%2Fnets4.com&random=2957861810&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

88.198.250.30 Hamburg, Germany, ASN24940 (HETZNER-AS, DE),

Reverse DNS

static.88-198-250-30.clients.your-server.de

Software

Microsoft-IIS/10.0 / ASP.NET

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ac6c1c7be8da81617cd43340af360d9f.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Content-Type, Content-Range, Content-Disposition, Content-Description, X-XSRF-TOKEN, X-Location
access-control-allow-methods: GET,POST
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
content-length: 0
content-type: text/html; charset=UTF-8
date: Wed, 06 Apr 2022 11:11:48 GMT
expires: Mon, 26 Jul 1997 05:00:00 GMT
last-modified: Wed, 06 Apr 2022 01:11:48 GMT
p3p: policyref="https://pb.media01.eu/pb.media01.eu/p3p.xml", CP="NOI NID PSA OUR BUS NAV STA"
pragma: no-cache
server: Microsoft-IIS/10.0
x-aspnet-version: 4.0.30319
x-powered-by: ASP.NET
x-xss-protection: 1; mode=block

Redirect headers

Content-Length: 0
Content-Type: application/javascript
Date: Wed, 06 Apr 2022 11:11:49 GMT
Host: pv.medialead.de
Keep-Alive: timeout=20
Location: https://pb.media01.eu/view.aspx?trackid=529D4F146E3238B0FD87AE72E1190AD4&dt_subid1=52180&dt_subid2=17772100104078704444964011921030&actionid=981741&produktid=&dt_url=
Proxy-Host: pv.medialead.de
Server: nginx/1.17.5
Strict-Transport-Security: max-age=15768000
X-IPLB-Instance: 40027
X-IPLB-Request-ID: B9D59BA2:C09A_91EFC182:01BB_624D7575_19C5A74A:F726

GET
H/1.1 200
OK request_content.php Show response
hal900030.redintelligence.net/ Frame 60F7 6 KB
2 KB 33ms
11ms Document
text/html 136.243.149.243
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal900030.redintelligence.net/request_content.php?s=17772100104078704444964011921030&a=0da63cfe
Requested by: Host: hal900030.redintelligence.net
URL: https://hal900030.redintelligence.net/request.php?zone=hlbrm3vhvew1&nw=20&renderingType=javascript&namespace=aab503079c&subid=&uid=1ddc300c1e32d356&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=320x100&scrollPos=0x0&extData[]=&envData=&gdpr=-1&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCGZFjc3VNYr_RH4jD7_UP64-Q4Azr0sGhad343vTFD_AuEAEg8tO5e2CV4pCCoAfIAQmpApzIbW2TRLI-qAMBqgTjAU_QRdcxx22Xdef64H_N4BbPyjigAVRhj9gb96nIayoF_eXShBEkKgAc1J0SStt__kE5D2s5Q7-FiA4QBtqoa3-wfS3clHv4YL1-hn3ftT4pFSFDj0cQ-j0vAjhiWlmyChR_58PdPxb5NTz3ksNgBgz0BPmuQELa7_McrcalwBgIA3Co64t4bx37NLvlxmw7Ydkne1jWIsSaGif7kQxrm3SfAg5DmqRjLAayBgxBFiXN2W-UYA0hlCjE6gMQyFkmkdM5gdsbe0jIvx0Mamu1-c3ghMYCcza7ieLvaOXSnDgWecnHwAS-jurk-QPgBAOQBgGgBk2AB6yt9Z8DqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhuoB_PRG6gHltgbqAeqm7ECqAffn7EC2AcA0ggJCIjhgBAQARgdgAoDmAsByAsBgAwBsBOPtdEO0BMA2BMD2BQB0BUB-BYBgBcB%26ae%3D1%26num%3D1%26cid%3DCAASJ-RoxXWFTzELul37GAv6AGfb5sYGvjmr3OJ_rozOX3NmHfwkd1dQ3w%26sig%3DAOD64_31ZOdYVrI3cg0FRfC72y2RK2wiuw%26client%3Dca-pub-5413329544040947%26dbm_c%3DAKAmf-D84dvb0AThHjuB8YYIXav89xB4ri-Sw45Q4ycMZ3dAox3N0kkbafKWqCf40ZoVwQK_4cCrwYxQ2tzlhwBBKrSvxLT5YxYo4nCI3_fk7gQ4LGSPw2fvFChZz2jhkKktXl-u_IlpNfsMKbTLbGMnWkRZxubS8A%26cry%3D1%26dbm_d%3DAKAmf-DtgzYNeaALiTHsHXo98ZYuTDCYbo24StRvmVYPzLQr-SQV3IlBAD9aekEOcvzD0ZpBImrs7BvLeAbCRzOXwO6PK86U66Arx2CO2UbCej10H5f5Ah7pBJuf71Z5dJtzfxDk7IAvNVqo9FkdtnIjTyp87tutPbK1a5edBEmwLWjECzIjVse1RXXDx1H9duOH4i2P5yj3SE-A4UMJIMajeukZdnr_Im_vbJHZtzlxQ_BMIrGY8Qw77UzUf1lTBOvmGSSjB8JtMh8u-8E3Iro_GEzpGOGYWpYAexZmsZZXBNPcSUWRzti2LpSQNC8tgOaSGurEHzUJGHAAnSRxTU3nFrwBGB0joLOAH64m5bIC8mJV7rfeAEkcDHarcCOcp6_Ahrf2Ff1eJIZWtErfVZNtZbmdlwDu6K-hB5mHfaP92IUDBt3U9qFnuKum0dkGmowFEMK0NtbCszJW3IZGmHYNuA1DhTQjhg%26adurl%3D&documentReferer=https%3A%2F%2Fnets4.com%2F&ancestorOrigins=https%3A%2F%2Fnets4.com%2Chttps%3A%2F%2Fnets4.com&random=2957861810&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 136.243.149.243 Berlin, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.243.149.243.136.clients.your-server.de
Software: Apache /
Resource Hash: 66ca2e6c6e4f351cd7e9baeb1dd93b52edee2bdd3978a9aca32cb6066affd4e4

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ac6c1c7be8da81617cd43340af360d9f.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Connection: close
Content-Encoding: gzip
Content-Length: 1848
Content-Type: text/html; charset=utf-8
Date: Wed, 06 Apr 2022 11:11:49 GMT
Expires: Wed, 06 Apr 2022 12:11:49 +0200
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Pragma: no-cache
Server: Apache
Vary: Accept-Encoding

GET
H/1.1

200
OK

native.png
ad-server.eu/wm/pb/ Frame 91AC
Redirect Chain

https://medialead.de/trck/eview/e99aace94e6e5873881d3400993e1e7e?subid=17772100104078704444964011921030
https://pv.medialead.de/trck/eview/e99aace94e6e5873881d3400993e1e7e?subid=17772100104078704444964011921030
https://ad-server.eu/wm/pb/native.png

68 B
312 B

141ms
28ms

Image
image/png

54.76.176.197
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ad-server.eu/wm/pb/native.png
Requested by: Host: ac6c1c7be8da81617cd43340af360d9f.safeframe.googlesyndication.com
URL: https://ac6c1c7be8da81617cd43340af360d9f.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1
Protocol: HTTP/1.1
Server: 54.76.176.197 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-76-176-197.eu-west-1.compute.amazonaws.com
Software: nginx/1.4.6 (Ubuntu) /
Resource Hash: 93ae7d494fad0fb30cbf3ae746a39c4bc7a0f8bbf87fbb587a3f3c01f3c5ce20

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ac6c1c7be8da81617cd43340af360d9f.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Date: Wed, 06 Apr 2022 11:17:12 GMT
Last-Modified: Sat, 21 Dec 2019 23:06:59 GMT
Server: nginx/1.4.6 (Ubuntu)
ETag: "5dfea593-44"
Content-Type: image/png
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 68

Redirect headers

Date: Wed, 06 Apr 2022 11:11:49 GMT
Server: nginx/1.17.5
Host: pv.medialead.de
X-IPLB-Request-ID: B9D59BA2:C0A2_91EFC182:01BB_624D7575_19CC9734:F724
X-IPLB-Instance: 40027
Strict-Transport-Security: max-age=15768000
Content-Type: application/go
Location: https://ad-server.eu/wm/pb/native.png
Keep-Alive: timeout=20
Content-Length: 0
Proxy-Host: pv.medialead.de

GET
DATA 200
OK truncated
/ Frame 5886 215 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 709fc1959c63d58f5af7c400ddfef5d6363a2d3e0ee14c74f72fae5c2d972f04

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame 91AC 209 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: c44a09809b3901002a01f05c93c8b68a46bf01d128ce15c90b47a5ffd95780a9

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 css
fonts.googleapis.com/ Frame E110 1 KB
419 B 64ms
64ms Stylesheet
text/css 2a00:1450:4001:80f::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Titillium+Web:400,700

Requested by

Host: hal90002.redintelligence.net
URL: https://hal90002.redintelligence.net/request_content.php?s=83512400094733504444550011921002&a=d3ca1251

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

ea795a298e37c1cd48937e8d9b242162d213ebaa07c997769a6bfe4b4d8ec411

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hal90002.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Wed, 06 Apr 2022 11:06:18 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Wed, 06 Apr 2022 11:11:49 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Wed, 06 Apr 2022 11:11:49 GMT

GET
H/1.1 200
OK /
hal9000.redintelligence.net/scale/ Frame E110 9 KB
9 KB 147ms
125ms Image
image/png 178.63.52.121
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://hal9000.redintelligence.net/scale/?nw=20&mode=bb&width=62&height=62&url=https://cdn.contentspread.net/24i/advertiser/6383/creativesup/postbank_pool_privatkredit_627x627.jpg
Requested by: Host: hal90002.redintelligence.net
URL: https://hal90002.redintelligence.net/request_content.php?s=83512400094733504444550011921002&a=d3ca1251
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 178.63.52.121 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.121.52.63.178.clients.your-server.de
Software: Apache /
Resource Hash: ae4c57197a5538c53b7c786a64230a119cb8965f74b6ffdb812e8817849f28d3

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hal90002.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Date: Wed, 06 Apr 2022 11:11:49 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 9340
Vary: Accept-Encoding
Content-Type: image/png

GET
H/1.1 200
OK /
hal9000.redintelligence.net/scale/ Frame E110 10 KB
10 KB 91ms
69ms Image
image/png 178.63.52.121
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://hal9000.redintelligence.net/scale/?nw=20&mode=bb&width=62&height=62&url=https://cdn.contentspread.net/24i/advertiser/52113/creativesup/affiliate-panini-Kids-2022-banner-627x627.jpg
Requested by: Host: hal90002.redintelligence.net
URL: https://hal90002.redintelligence.net/request_content.php?s=83512400094733504444550011921002&a=d3ca1251
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 178.63.52.121 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.121.52.63.178.clients.your-server.de
Software: Apache /
Resource Hash: 7372305c63c2357434e6fd3acee61d5e7970ccb635c5b57d2d43ed31b51b5d6f

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hal90002.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Date: Wed, 06 Apr 2022 11:11:49 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 9803
Vary: Accept-Encoding
Content-Type: image/png

GET
H/1.1 200
OK /
hal9000.redintelligence.net/scale/ Frame E110 7 KB
8 KB 130ms
109ms Image
image/png 178.63.52.121
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://hal9000.redintelligence.net/scale/?nw=20&mode=bb&width=62&height=62&url=https://cdn.contentspread.net/24i/advertiser/55487/creativesup/627x627.jpg
Requested by: Host: hal90002.redintelligence.net
URL: https://hal90002.redintelligence.net/request_content.php?s=83512400094733504444550011921002&a=d3ca1251
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 178.63.52.121 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.121.52.63.178.clients.your-server.de
Software: Apache /
Resource Hash: 9dab06d9f1987d30d8d5230a73971b385c848970485c0cff1df6719e17702a25

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hal90002.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Date: Wed, 06 Apr 2022 11:11:49 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 7627
Vary: Accept-Encoding
Content-Type: image/png

GET
H2

200

view.aspx Show response
pb.media01.eu/ Frame 4636
Redirect Chain

https://pv.medialead.de/trck/epv/e99aace94e6e5873830a7df8deda4aa6?subid=52083000108516004444554011921005&t=htlp
https://pb.media01.eu/view.aspx?trackid=529D4F146E3238B0FD87AE72E1190AD4&dt_subid1=52180&dt_subid2=52083000108516004444554011921005&actionid=981741&produktid=&dt_url=

0
158 B

38ms
38ms

Document
text/html

88.198.250.30
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://pb.media01.eu/view.aspx?trackid=529D4F146E3238B0FD87AE72E1190AD4&dt_subid1=52180&dt_subid2=52083000108516004444554011921005&actionid=981741&produktid=&dt_url=

Requested by

Host: hal90005.redintelligence.net
URL: https://hal90005.redintelligence.net/request.php?zone=iju9wczm8trb&nw=20&renderingType=javascript&namespace=a85933ef96&subid=&uid=e02c029adbd4d2b2&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=300x250&scrollPos=0x0&extData[]=&envData=&gdpr=-1&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCBZluc3VNYoTnM_uU7_UPmOS66AWm5b2gaa2VnKfJD_AuEAEg8tO5e2CV4pCCoAfIAQmpAght91njR7I-qAMBqgTmAU_QG7Eyn6kq2Mpa-jMevLM0Kgl4tFU7qUBFdnqz2e1eXxJGxffAkA6ixrDf4gGVK97MxQfMcHK0h3WelK_kjjcGwRFUDy_X_AEm7oehBRVIDxP5zcZTqDhziZ9D3gm-QJG9emEFPw2YN-kBx6emdfgj9OPCVvpAuVMvjpWydnuhI6gyEfEq80EniUrEY55xn1B6QdJnB_PwdPTp2dDR6Orjg1apDEfOVRV2_BUpnbJhPlPH23_d9az2ZghvzghoLf5FL-3TV-tp40NXbtLR_JCXOttlvUbqdanVJSngziESqpbw0lwzwATrj_yO9wPgBAOQBgGgBk2AB6yt9Z8DqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhuoB_PRG6gHltgbqAeqm7ECqAffn7EC2AcA0ggJCIDhgBAQARgdgAoDmAsByAsBgAwBsBOPtdEO0BMA2BMD2BQB0BUB-BYBgBcB%26ae%3D1%26num%3D1%26cid%3DCAASJeRozEUKXEYxTnJ1H5omgj8YdOkwImXo6cSLXy0XlN9SyhRLzjA%26sig%3DAOD64_2f0YjRDdC4jM-2-bSEvwea63z0pw%26client%3Dca-pub-5413329544040947%26dbm_c%3DAKAmf-CUm9gLkhDDL3ngSN52fA0Ksl-JkHBehbodFAhscd6_8oU47Rh4wIK3zOmRIJgEBQK4ifPH21UnBFgSRWo-QUEFSNGcpp5OYPa_kCTpo2wMv8YmcvGHJ0SJJtoJFbahDR7VACX9lehLsiuNYhuk209qQjUBaA%26cry%3D1%26dbm_d%3DAKAmf-AJ2pM0hKZKplB4h50PsSfiB5Y3d1iT5AUNPnWyCLetXZuJbHB_4YX5C5XXvD0E4ky39p6rZ2GLM1uklYNK14kLM5UGL-Vm0GTBu__VwfQ9TXUa0dmxI3wB4LTfsDvSn3j3uMg5BAKeU4KXbup1jvcW9Ts-Q1VeS1jGAp2hEB6_qP9a_OUdRLsS8AHd9CbXjS2N_BCi6VuWBx5dUeBHB4iyOU_yxTOLiikPPIn2VM8xbNKRFB2_TlVH45Vez1v1rk9y6GrAyoFVYQahV5NvZ-A8_Ia2r50NAG8B7Onftio71p7Pg9rKah0fDF8noEjzYOSCPROzMPeC0dMnCV08U47RqD1Xk_2pTaieFW9yawozeBzkYW9_oSRTztDFkqWetjkzcgWwTMGuaO7OwXuP6Q9dmA5k0_hQ-8lO4tH-nhqNyTkZ0xTZpEFMwlrGXnFGIZxCRWFl9H_C9Q7YZMdYFzNrQSL2fg%26adurl%3D&documentReferer=https%3A%2F%2Fnets4.com%2F&ancestorOrigins=https%3A%2F%2Fnets4.com%2Chttps%3A%2F%2Fnets4.com&random=7678760681863&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

88.198.250.30 Hamburg, Germany, ASN24940 (HETZNER-AS, DE),

Reverse DNS

static.88-198-250-30.clients.your-server.de

Software

Microsoft-IIS/10.0 / ASP.NET

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://44b06eb17c5c54e89d8592603d21ef87.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Content-Type, Content-Range, Content-Disposition, Content-Description, X-XSRF-TOKEN, X-Location
access-control-allow-methods: GET,POST
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
content-length: 0
content-type: text/html; charset=UTF-8
date: Wed, 06 Apr 2022 11:11:48 GMT
expires: Mon, 26 Jul 1997 05:00:00 GMT
last-modified: Wed, 06 Apr 2022 01:11:49 GMT
p3p: policyref="https://pb.media01.eu/pb.media01.eu/p3p.xml", CP="NOI NID PSA OUR BUS NAV STA"
pragma: no-cache
server: Microsoft-IIS/10.0
x-aspnet-version: 4.0.30319
x-powered-by: ASP.NET
x-xss-protection: 1; mode=block

Redirect headers

Content-Length: 0
Content-Type: application/javascript
Date: Wed, 06 Apr 2022 11:11:49 GMT
Host: pv.medialead.de
Keep-Alive: timeout=20
Location: https://pb.media01.eu/view.aspx?trackid=529D4F146E3238B0FD87AE72E1190AD4&dt_subid1=52180&dt_subid2=52083000108516004444554011921005&actionid=981741&produktid=&dt_url=
Proxy-Host: pv.medialead.de
Server: nginx/1.17.5
Strict-Transport-Security: max-age=15768000
X-IPLB-Instance: 40027
X-IPLB-Request-ID: B9D59BA2:C09A_91EFC182:01BB_624D7575_19C5A753:F726

GET
H/1.1 200
OK request_content.php Show response
hal90005.redintelligence.net/ Frame 9C02 7 KB
2 KB 34ms
12ms Document
text/html 138.201.63.165
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal90005.redintelligence.net/request_content.php?s=52083000108516004444554011921005&a=13c98686
Requested by: Host: hal90005.redintelligence.net
URL: https://hal90005.redintelligence.net/request.php?zone=iju9wczm8trb&nw=20&renderingType=javascript&namespace=a85933ef96&subid=&uid=e02c029adbd4d2b2&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=300x250&scrollPos=0x0&extData[]=&envData=&gdpr=-1&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCBZluc3VNYoTnM_uU7_UPmOS66AWm5b2gaa2VnKfJD_AuEAEg8tO5e2CV4pCCoAfIAQmpAght91njR7I-qAMBqgTmAU_QG7Eyn6kq2Mpa-jMevLM0Kgl4tFU7qUBFdnqz2e1eXxJGxffAkA6ixrDf4gGVK97MxQfMcHK0h3WelK_kjjcGwRFUDy_X_AEm7oehBRVIDxP5zcZTqDhziZ9D3gm-QJG9emEFPw2YN-kBx6emdfgj9OPCVvpAuVMvjpWydnuhI6gyEfEq80EniUrEY55xn1B6QdJnB_PwdPTp2dDR6Orjg1apDEfOVRV2_BUpnbJhPlPH23_d9az2ZghvzghoLf5FL-3TV-tp40NXbtLR_JCXOttlvUbqdanVJSngziESqpbw0lwzwATrj_yO9wPgBAOQBgGgBk2AB6yt9Z8DqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhuoB_PRG6gHltgbqAeqm7ECqAffn7EC2AcA0ggJCIDhgBAQARgdgAoDmAsByAsBgAwBsBOPtdEO0BMA2BMD2BQB0BUB-BYBgBcB%26ae%3D1%26num%3D1%26cid%3DCAASJeRozEUKXEYxTnJ1H5omgj8YdOkwImXo6cSLXy0XlN9SyhRLzjA%26sig%3DAOD64_2f0YjRDdC4jM-2-bSEvwea63z0pw%26client%3Dca-pub-5413329544040947%26dbm_c%3DAKAmf-CUm9gLkhDDL3ngSN52fA0Ksl-JkHBehbodFAhscd6_8oU47Rh4wIK3zOmRIJgEBQK4ifPH21UnBFgSRWo-QUEFSNGcpp5OYPa_kCTpo2wMv8YmcvGHJ0SJJtoJFbahDR7VACX9lehLsiuNYhuk209qQjUBaA%26cry%3D1%26dbm_d%3DAKAmf-AJ2pM0hKZKplB4h50PsSfiB5Y3d1iT5AUNPnWyCLetXZuJbHB_4YX5C5XXvD0E4ky39p6rZ2GLM1uklYNK14kLM5UGL-Vm0GTBu__VwfQ9TXUa0dmxI3wB4LTfsDvSn3j3uMg5BAKeU4KXbup1jvcW9Ts-Q1VeS1jGAp2hEB6_qP9a_OUdRLsS8AHd9CbXjS2N_BCi6VuWBx5dUeBHB4iyOU_yxTOLiikPPIn2VM8xbNKRFB2_TlVH45Vez1v1rk9y6GrAyoFVYQahV5NvZ-A8_Ia2r50NAG8B7Onftio71p7Pg9rKah0fDF8noEjzYOSCPROzMPeC0dMnCV08U47RqD1Xk_2pTaieFW9yawozeBzkYW9_oSRTztDFkqWetjkzcgWwTMGuaO7OwXuP6Q9dmA5k0_hQ-8lO4tH-nhqNyTkZ0xTZpEFMwlrGXnFGIZxCRWFl9H_C9Q7YZMdYFzNrQSL2fg%26adurl%3D&documentReferer=https%3A%2F%2Fnets4.com%2F&ancestorOrigins=https%3A%2F%2Fnets4.com%2Chttps%3A%2F%2Fnets4.com&random=7678760681863&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.63.165 Reilingen, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.165.63.201.138.clients.your-server.de
Software: Apache /
Resource Hash: 991419a113507f628076c6679cea27fea956db83881e7b6ca14dfe862d42aeef

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://44b06eb17c5c54e89d8592603d21ef87.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Connection: close
Content-Encoding: gzip
Content-Length: 2050
Content-Type: text/html; charset=utf-8
Date: Wed, 06 Apr 2022 11:11:49 GMT
Expires: Wed, 06 Apr 2022 12:11:49 +0200
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Pragma: no-cache
Server: Apache
Vary: Accept-Encoding

GET
H/1.1

200
OK

native.png
ad-server.eu/wm/pb/ Frame 3D2E
Redirect Chain

https://pv.medialead.de/trck/eview/e99aace94e6e5873830a7df8deda4aa6?subid=52083000108516004444554011921005
https://ad-server.eu/wm/pb/native.png

68 B
312 B

143ms
28ms

Image
image/png

54.76.176.197
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ad-server.eu/wm/pb/native.png
Requested by: Host: 44b06eb17c5c54e89d8592603d21ef87.safeframe.googlesyndication.com
URL: https://44b06eb17c5c54e89d8592603d21ef87.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1
Protocol: HTTP/1.1
Server: 54.76.176.197 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-76-176-197.eu-west-1.compute.amazonaws.com
Software: nginx/1.4.6 (Ubuntu) /
Resource Hash: 93ae7d494fad0fb30cbf3ae746a39c4bc7a0f8bbf87fbb587a3f3c01f3c5ce20

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://44b06eb17c5c54e89d8592603d21ef87.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Date: Wed, 06 Apr 2022 11:17:12 GMT
Last-Modified: Sat, 21 Dec 2019 23:06:59 GMT
Server: nginx/1.4.6 (Ubuntu)
ETag: "5dfea593-44"
Content-Type: image/png
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 68

Redirect headers

Date: Wed, 06 Apr 2022 11:11:49 GMT
Server: nginx/1.17.5
Host: pv.medialead.de
X-IPLB-Request-ID: B9D59BA2:C088_91EFC182:01BB_624D7575_19CC973C:F724
X-IPLB-Instance: 40027
Strict-Transport-Security: max-age=15768000
Content-Type: application/go
Location: https://ad-server.eu/wm/pb/native.png
Keep-Alive: timeout=20
Content-Length: 0
Proxy-Host: pv.medialead.de

GET
H/1.1 200
OK cshow.php
www.awin1.com/ Frame 3D2E 43 B
702 B 68ms
36ms Image
image/gif 104.92.94.3
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.awin1.com/cshow.php?s=2338577&v=11830&q=357066&r=296283&pref1=52083000108516004444554011921005&pv=1

Requested by

Host: 44b06eb17c5c54e89d8592603d21ef87.safeframe.googlesyndication.com
URL: https://44b06eb17c5c54e89d8592603d21ef87.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

104.92.94.3 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-92-94-3.deploy.static.akamaitechnologies.com

Software

Resource Hash

2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://44b06eb17c5c54e89d8592603d21ef87.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 06 Apr 2022 11:11:49 GMT
Strict-Transport-Security: max-age=86400
P3P: policyref="http://www.awin1.com/w3c/p3p.xml", CP="NOI NID CURa ADMa PSAa HISa OUR IND UNI PUR COM NAV"
Cache-Control: no-store, no-cache, max-age=0, must-revalidate
Awin-Akamai-Rule-Set: default
Node: Helix
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: 0

GET
H/1.1 200
OK cshow.php
www.awin1.com/ Frame 3D2E 43 B
702 B 67ms
34ms Image
image/gif 104.92.94.3
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.awin1.com/cshow.php?s=2601051&v=18332&q=376776&r=296283&pref1=52083000108516004444554011921005&pv=1

Requested by

Host: 44b06eb17c5c54e89d8592603d21ef87.safeframe.googlesyndication.com
URL: https://44b06eb17c5c54e89d8592603d21ef87.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

104.92.94.3 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-92-94-3.deploy.static.akamaitechnologies.com

Software

Resource Hash

2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://44b06eb17c5c54e89d8592603d21ef87.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 06 Apr 2022 11:11:49 GMT
Strict-Transport-Security: max-age=86400
P3P: policyref="http://www.awin1.com/w3c/p3p.xml", CP="NOI NID CURa ADMa PSAa HISa OUR IND UNI PUR COM NAV"
Cache-Control: no-store, no-cache, max-age=0, must-revalidate
Awin-Akamai-Rule-Set: default
Node: Helix
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: 0

GET
H2

200

ztpv.php Show response
www.conrad.de/ Frame D22D
Redirect Chain

https://www.awin1.com/cshow.php?s=2470208&v=11354&q=371931&r=473322&pv=1&pref1=28472900099787900383828011921003
https://www.zenaps.com/cshow.php?pvr=5a9d44d0-b59a-11ec-ba92-2231672bdcd1&v=11354&r=473322&q=371931&s=2470208&viewref=28472900099787900383828011921003&pv=1
https://www.conrad.de/ztpv.php?awc=11354_473322_1649243509_5a9d44d0-b59a-11ec-ba92-2231672bdcd1&insert=AW

0
726 B

102ms
64ms

Document
text/html

2606:4700::6812:7f05
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.conrad.de/ztpv.php?awc=11354_473322_1649243509_5a9d44d0-b59a-11ec-ba92-2231672bdcd1&insert=AW

Requested by

Host: ad3.ad-srv.net
URL: https://ad3.ad-srv.net/request.php?zone=0s3p1fkb96mt&nw=11&renderingType=javascript&namespace=b89440fabb&subid=&uid=5462ca8861222054&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=728x90&scrollPos=0x0&extData[]=&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=&documentReferer=https%3A%2F%2Fnets4.com%2F&ancestorOrigins=https%3A%2F%2Fnets4.com%2Chttps%3A%2F%2Fnets4.com&random=2047792836401&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:7f05 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ec81b50761337029cbc265e61aaf7f67.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

age: 0
cache-control: no-cache
cf-cache-status: DYNAMIC
cf-ray: 6f7a15bceda19968-FRA
content-encoding: br
content-type: text/html; charset=UTF-8
date: Wed, 06 Apr 2022 11:11:49 GMT
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
expires: -1
p3p: policyref="http://www.conrad.de/w3c/p3p.xml", CP="NOI NID STP STA CUR OUR"
server: cloudflare
server-timing: intid;desc=eac8c6c08c18a58d
strict-transport-security: max-age=15552000
via: 1.1 varnish (Varnish/6.6)
x-varnish: 821926061

Redirect headers

Awin-Akamai-Rule-Set: default
Connection: keep-alive
Content-Length: 0
Date: Wed, 06 Apr 2022 11:11:49 GMT
Location: https://www.conrad.de/ztpv.php?awc=11354_473322_1649243509_5a9d44d0-b59a-11ec-ba92-2231672bdcd1&insert=AW
Node: Helix
P3P: policyref="http://www.awin1.com/w3c/p3p.xml", CP="NOI NID CURa ADMa PSAa HISa OUR IND UNI PUR COM NAV"
Strict-Transport-Security: max-age=86400

GET
H/1.1

200
OK

view.aspx Show response
www.media01.eu/ Frame FFA4
Redirect Chain

https://www.awin1.com/cshow.php?s=2840015&v=20646&q=409071&r=473322&pv=1&pref1=28472900099787900383828011921003
https://www.media01.eu/view.aspx?trackid=4FFE2293E3AB03641C3925C92FA06F0B&dt_subid1=&dt_subid2=affiliate&dt_keywords=&dt_freetext=&awc=20646_473322_1649243509_5a9c5a70-b59a-11ec-b304-2261978923a5&d...

0
904 B

58ms
25ms

Document
text/html

85.10.231.200
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.media01.eu/view.aspx?trackid=4FFE2293E3AB03641C3925C92FA06F0B&dt_subid1=&dt_subid2=affiliate&dt_keywords=&dt_freetext=&awc=20646_473322_1649243509_5a9c5a70-b59a-11ec-b304-2261978923a5&dt_mode=iframe&dt_url=

Requested by

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

85.10.231.200 Kassel, Germany, ASN24940 (HETZNER-AS, DE),

Reverse DNS

85-10-231-200.clients.your-server.de

Software

Microsoft-IIS/10.0 / ASP.NET

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ec81b50761337029cbc265e61aaf7f67.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Content-Type, Content-Range, Content-Disposition, Content-Description, X-XSRF-TOKEN, X-Location
access-control-allow-methods: GET,POST
access-control-allow-origin: *
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
date: Wed, 06 Apr 2022 11:11:48 GMT
expires: Mon, 26 Jul 1997 05:00:00 GMT
last-modified: Wed, 06 Apr 2022 01:11:48 GMT
p3p: policyref="http://www.media01.eu/www.media01.eu/p3p.xml", CP="NOI NID PSA OUR BUS NAV STA"
pragma: no-cache
server: Microsoft-IIS/10.0
x-aspnet-version: 4.0.30319
x-powered-by: ASP.NET
x-xss-protection: 1; mode=block

Redirect headers

Awin-Akamai-Rule-Set: default
Connection: keep-alive
Content-Length: 0
Date: Wed, 06 Apr 2022 11:11:49 GMT
Location: https://www.media01.eu/view.aspx?trackid=4FFE2293E3AB03641C3925C92FA06F0B&dt_subid1=&dt_subid2=affiliate&dt_keywords=&dt_freetext=&awc=20646_473322_1649243509_5a9c5a70-b59a-11ec-b304-2261978923a5&dt_mode=iframe&dt_url=
Node: Helix
P3P: policyref="http://www.awin1.com/w3c/p3p.xml", CP="NOI NID CURa ADMa PSAa HISa OUR IND UNI PUR COM NAV"
Strict-Transport-Security: max-age=86400

GET
H/1.1 200
OK up_loader.1.1.0.js Show response
js.adsrvr.org/ Frame 557F 4 KB
2 KB 34ms
7ms Script
application/x-javascript 65.9.65.116
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://js.adsrvr.org/up_loader.1.1.0.js
Requested by: Host: ad3.ad-srv.net
URL: https://ad3.ad-srv.net/request.php?zone=0s3p1fkb96mt&nw=11&renderingType=javascript&namespace=b89440fabb&subid=&uid=5462ca8861222054&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=728x90&scrollPos=0x0&extData[]=&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=&documentReferer=https%3A%2F%2Fnets4.com%2F&ancestorOrigins=https%3A%2F%2Fnets4.com%2Chttps%3A%2F%2Fnets4.com&random=2047792836401&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.65.116 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-65-9-65-116.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: ee3a7301fe1e0c0f6bf6acff0d7a8d107f5cb3f62a2566740c0416d8e61f00b9

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ec81b50761337029cbc265e61aaf7f67.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Date: Wed, 06 Apr 2022 07:42:18 GMT
Content-Encoding: gzip
Last-Modified: Thu, 24 Sep 2020 15:15:34 GMT
Server: AmazonS3
Age: 27994
ETag: W/"98d98b3499058b76d58073cf8ede2f10"
Vary: Accept-Encoding
X-Cache: Hit from cloudfront
Content-Type: application/x-javascript
Via: 1.1 72e8bbddfffeeec486003f867d631024.cloudfront.net (CloudFront)
Connection: keep-alive
Transfer-Encoding: chunked
X-Amz-Cf-Pop: FRA56-C1
X-Amz-Cf-Id: 3iSNNota7UwedthdKlgBE7EVmNxTsaJJV8DBuMryVSL4Zq2N5lpvMQ==

GET
H2 200 pixel_loader.js Show response
static2.creative-serving.com/ Frame 557F 527 B
667 B 93ms
19ms Script
application/javascript 151.139.128.11
STACKPATH-CDN

General

Check archive.org

Show headers Download Go to

Full URL: https://static2.creative-serving.com/pixel_loader.js
Requested by: Host: ad3.ad-srv.net
URL: https://ad3.ad-srv.net/request.php?zone=0s3p1fkb96mt&nw=11&renderingType=javascript&namespace=b89440fabb&subid=&uid=5462ca8861222054&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=728x90&scrollPos=0x0&extData[]=&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=&documentReferer=https%3A%2F%2Fnets4.com%2F&ancestorOrigins=https%3A%2F%2Fnets4.com%2Chttps%3A%2F%2Fnets4.com&random=2047792836401&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.139.128.11 , United States, ASN20446 (STACKPATH-CDN, US),
Reverse DNS
Software: UploadServer /
Resource Hash: 9bbde4e879f5cc6d8e98b1e5605898a933825190f867b66285b084bc3ee785e9

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ec81b50761337029cbc265e61aaf7f67.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Wed, 06 Apr 2022 11:11:49 GMT
content-encoding: gzip
last-modified: Wed, 29 Sep 2021 21:32:00 GMT
server: UploadServer
age: 0
etag: "68faa1738e44f8aabb6f53cba51f29d3"
x-hw: 1649243509.cds095.am5.hn,1649243509.cds314.am5.c
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=3600
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 320

GET
H2 200 ts.js Show response
cdn.retailads.net/ Frame C26D 5 KB
5 KB 10ms
10ms Script
application/javascript 2a01:4f8:d0a:2321::2
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.retailads.net/ts.js
Requested by: Host: futalis.de
URL: https://futalis.de/htlp?utm_medium=affiliate&utm_source=retailads&utm_campaign=150337&ra_id=1311527129
Protocol: H2
Security: TLS 1.3, , CHACHA20_POLY1305
Server: 2a01:4f8:d0a:2321::2 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
Software: Apache /
Resource Hash: c45a84e5e0ff6ed83afd426788be38a5cbc442dc6cce4631bfd5c22fdd1fc8df

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://futalis.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Wed, 06 Apr 2022 11:11:49 GMT
last-modified: Fri, 21 Jan 2022 14:35:51 GMT
server: Apache
accept-ranges: bytes
etag: "14aa-5d6188919baaa"
content-length: 5290
content-type: application/javascript

GET
H3 200 gjBotrajnK0yz4ntvsDRFlMTAuB3twHveDeuldaHPWQ.js Show response
pagead2.googlesyndication.com/bg/ Frame 45FF 35 KB
13 KB 58ms
57ms Script
text/javascript 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/gjBotrajnK0yz4ntvsDRFlMTAuB3twHveDeuldaHPWQ.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

823068b6b6a39cad32cf89edbec0d116531302e077b701ef7837ae95d6873d64

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Wed, 06 Apr 2022 06:29:56 GMT
content-encoding: br
x-content-type-options: nosniff
age: 16913
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13748
x-xss-protection: 0
last-modified: Mon, 28 Mar 2022 10:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 06 Apr 2023 06:29:56 GMT

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 27DF 1 KB
749 B 57ms
56ms Document
text/html 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: 44b06eb17c5c54e89d8592603d21ef87.safeframe.googlesyndication.com
URL: https://44b06eb17c5c54e89d8592603d21ef87.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://44b06eb17c5c54e89d8592603d21ef87.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

age: 78337
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=86400
content-encoding: gzip
content-length: 724
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 05 Apr 2022 13:26:12 GMT
etag: 48472445140208031
expires: Wed, 06 Apr 2022 13:26:12 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 css
fonts.googleapis.com/ Frame 60F7 4 KB
649 B 65ms
64ms Stylesheet
text/css 2a00:1450:4001:80f::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Source+Sans+Pro:400,600

Requested by

Host: hal900030.redintelligence.net
URL: https://hal900030.redintelligence.net/request_content.php?s=17772100104078704444964011921030&a=0da63cfe

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

97efeda8567c33ed3cd7eb616868f1282f50e8ca9ec1ebe3ab632b0913dbdc26

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hal900030.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Wed, 06 Apr 2022 11:11:49 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Wed, 06 Apr 2022 11:11:49 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Wed, 06 Apr 2022 11:11:49 GMT

GET
H/1.1 200
OK /
hal9000.redintelligence.net/scale/ Frame 60F7 11 KB
11 KB 37ms
15ms Image
image/png 178.63.52.121
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://hal9000.redintelligence.net/scale/?nw=20&mode=bb&width=100&height=50&url=https://cdn.contentspread.net/24i/advertiser/6383/creativesup/postbank_pool_privatkredit_1200x627.jpg
Requested by: Host: hal900030.redintelligence.net
URL: https://hal900030.redintelligence.net/request_content.php?s=17772100104078704444964011921030&a=0da63cfe
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 178.63.52.121 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.121.52.63.178.clients.your-server.de
Software: Apache /
Resource Hash: 8b42e75eb170c035b1fc5f574613270ed7392a3b182ff7f5641bfde9dc5b19ba

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hal900030.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Date: Wed, 06 Apr 2022 11:11:49 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 11573
Vary: Accept-Encoding
Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame 3D2E 217 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 39dc66b98bdee657b756c168f9b4b3fd3a775d0ef05ec49640c9340402d1da52

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Content-Type: image/png

GET
H/1.1 200
OK viewability Show response
hal90002.redintelligence.net/ Frame E110 0
150 B 34ms
12ms Script
text/html 46.4.10.47
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal90002.redintelligence.net/viewability?s=83512400094733504444550011921002&a=e23c9f87&vb=m
Requested by: Host: hal90002.redintelligence.net
URL: https://hal90002.redintelligence.net/request_content.php?s=83512400094733504444550011921002&a=d3ca1251
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 46.4.10.47 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.47.10.4.46.clients.your-server.de
Software: Apache /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hal90002.redintelligence.net/request_content.php?s=83512400094733504444550011921002&a=d3ca1251
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Date: Wed, 06 Apr 2022 11:11:49 GMT
Server: Apache
Connection: close
Content-Length: 0
Content-Type: text/html; charset=UTF-8

GET
H3 200 css
fonts.googleapis.com/ Frame 9C02 4 KB
649 B 65ms
64ms Stylesheet
text/css 2a00:1450:4001:80f::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Source+Sans+Pro:400,600

Requested by

Host: hal90005.redintelligence.net
URL: https://hal90005.redintelligence.net/request_content.php?s=52083000108516004444554011921005&a=13c98686

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

97efeda8567c33ed3cd7eb616868f1282f50e8ca9ec1ebe3ab632b0913dbdc26

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hal90005.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Wed, 06 Apr 2022 10:21:38 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Wed, 06 Apr 2022 11:11:49 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Wed, 06 Apr 2022 11:11:49 GMT

GET
H/1.1 200
OK /
hal9000.redintelligence.net/scale/ Frame 9C02 16 KB
16 KB 44ms
21ms Image
image/png 178.63.52.121
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://hal9000.redintelligence.net/scale/?nw=20&mode=bb&width=120&height=60&url=https://cdn.contentspread.net/24i/advertiser/6383/creativesup/pb_goldschmied_1200x627.jpg
Requested by: Host: hal90005.redintelligence.net
URL: https://hal90005.redintelligence.net/request_content.php?s=52083000108516004444554011921005&a=13c98686
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 178.63.52.121 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.121.52.63.178.clients.your-server.de
Software: Apache /
Resource Hash: ced592c4799c4a7e2ab6be275c2d537acaf115f0513c0db2b3f146a182b33584

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hal90005.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Date: Wed, 06 Apr 2022 11:11:49 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 16467
Vary: Accept-Encoding
Content-Type: image/png

GET
H/1.1 200
OK /
hal9000.redintelligence.net/scale/ Frame 9C02 14 KB
14 KB 35ms
13ms Image
image/png 178.63.52.121
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://hal9000.redintelligence.net/scale/?nw=20&mode=bb&width=120&height=60&url=https://cdn.contentspread.net/24i/advertiser/32783/creativesup/native_ad_globus_baumarkt_1200x627.jpg
Requested by: Host: hal90005.redintelligence.net
URL: https://hal90005.redintelligence.net/request_content.php?s=52083000108516004444554011921005&a=13c98686
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 178.63.52.121 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.121.52.63.178.clients.your-server.de
Software: Apache /
Resource Hash: 95eb03cf748bad245df727b0ec74224d07d7b36b269038f536f785e52b32cace

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hal90005.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Date: Wed, 06 Apr 2022 11:11:49 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 14128
Vary: Accept-Encoding
Content-Type: image/png

GET
H/1.1 200
OK /
hal9000.redintelligence.net/scale/ Frame 9C02 15 KB
15 KB 35ms
12ms Image
image/png 178.63.52.121
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://hal9000.redintelligence.net/scale/?nw=20&mode=bb&width=120&height=60&url=https://cdn.contentspread.net/24i/advertiser/52343/creativesup/1200x627_2.jpg
Requested by: Host: hal90005.redintelligence.net
URL: https://hal90005.redintelligence.net/request_content.php?s=52083000108516004444554011921005&a=13c98686
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 178.63.52.121 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.121.52.63.178.clients.your-server.de
Software: Apache /
Resource Hash: 2cce1d283eed5be0c7edc3c6ab83906a07d984b9d79a606e455ef67040cd0f24

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hal90005.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Date: Wed, 06 Apr 2022 11:11:49 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 15249
Vary: Accept-Encoding
Content-Type: image/png

GET
H2 200 pvClk.min.js Show response
analytics.webgains.io/ Frame 5886 51 KB
51 KB 41ms
8ms Script
application/javascript 18.66.97.9
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.webgains.io/pvClk.min.js
Requested by: Host: track.webgains.com
URL: https://track.webgains.com/link.html?wglinkid=3392345&wgcampaignid=99582&viewref=83512400094733504444550011921002&js=1&nw=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.97.9 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-97-9.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 3900c8b5b423944473f2b5735300291c473881985b2e64318b01fd3d7eefcbd2

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://dafc551e4e9c5169a7a13f3d713e9282.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

x-amz-version-id: snQAK.nud_Ry1pExcABmNeZsZtrLXsiU
via: 1.1 666eddda46892ed48d8d771b6142ac24.cloudfront.net (CloudFront)
last-modified: Wed, 23 Mar 2022 11:22:01 GMT
server: AmazonS3
age: 27337
etag: "101c8120dbcfdb729e8ebf54cc77d0cd"
x-cache: Hit from cloudfront
content-type: application/javascript
date: Wed, 06 Apr 2022 03:36:13 GMT
x-amz-cf-pop: FRA56-P2
accept-ranges: bytes
content-length: 52083
x-amz-cf-id: BNnaNyvAj6zS9jerJVHt2_qN23ifAlXyK5U7vGUhLctsw3SmSB2S9g==

GET
H/1.1 200
OK link.html
track.webgains.com/ Frame 5886 160 B
618 B 70ms
27ms Image
image/jpeg 46.236.13.147
PULSANT-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://track.webgains.com/link.html?wgcampaignid=99582&viewref=39134300097038400951425011921020&wglinkid=3392345
Requested by: Host: dafc551e4e9c5169a7a13f3d713e9282.safeframe.googlesyndication.com
URL: https://dafc551e4e9c5169a7a13f3d713e9282.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_CBC
Server: 46.236.13.147 , United Kingdom, ASN12703 (PULSANT-AS, GB),
Reverse DNS: 46-236-13-147.servers.dedipower.net
Software: Apache /
Resource Hash: 6b71d2bd27010cbb01e505314423d9c903230bf4182019eb1ca8016bd2b624a0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://dafc551e4e9c5169a7a13f3d713e9282.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 06 Apr 2022 11:11:49 GMT
Last-Modified: Wed, 06 Apr 2022 11:11:49 GMT
Server: Apache
P3P: policyref="http://www.webgains.com/w3c/p3p.xml", CP="NON DSP COR NID ADM DEV CURi OUR NOR COM NAV"
X-WG-cache: hit
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection: close
Content-Type: image/jpeg
Content-Length: 160
Expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H2 200 pixel.js Show response
static2.creative-serving.com/ Frame 557F 4 KB
2 KB 321ms
19ms Script
application/javascript 151.139.128.11
STACKPATH-CDN

General

Check archive.org

Show headers Download Go to

Full URL: https://static2.creative-serving.com/pixel.js
Requested by: Host: static2.creative-serving.com
URL: https://static2.creative-serving.com/pixel_loader.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.139.128.11 , United States, ASN20446 (STACKPATH-CDN, US),
Reverse DNS
Software: UploadServer /
Resource Hash: df16ae2f3f4c003e55aa93796b78c0ab73e0155ae32bea72cee59d1e0832f92d

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ec81b50761337029cbc265e61aaf7f67.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Wed, 06 Apr 2022 11:11:49 GMT
content-encoding: gzip
last-modified: Wed, 29 Sep 2021 21:32:00 GMT
server: UploadServer
etag: "ddebe66232ec2ff147a8664e2ecc6e4f"
x-hw: 1649243509.cds095.am5.hn,1649243509.cds241.am5.c
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=3600
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1505

GET
H/1.1 200
OK viewability Show response
hal900030.redintelligence.net/ Frame 60F7 0
150 B 34ms
12ms Script
text/html 136.243.149.243
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal900030.redintelligence.net/viewability?s=17772100104078704444964011921030&a=0177a6ab&vb=m
Requested by: Host: hal900030.redintelligence.net
URL: https://hal900030.redintelligence.net/request_content.php?s=17772100104078704444964011921030&a=0da63cfe
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 136.243.149.243 Berlin, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.243.149.243.136.clients.your-server.de
Software: Apache /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hal900030.redintelligence.net/request_content.php?s=17772100104078704444964011921030&a=0da63cfe
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Date: Wed, 06 Apr 2022 11:11:49 GMT
Server: Apache
Connection: close
Content-Length: 0
Content-Type: text/html; charset=UTF-8

GET
H/1.1 200
OK request_content.php Show response
ad3.ad-srv.net/ Frame 1360 4 KB
2 KB 34ms
12ms Document
text/html 138.201.63.117
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ad3.ad-srv.net/request_content.php?s=28472900099787900383828011921003&a=765cbec3
Requested by: Host: ec81b50761337029cbc265e61aaf7f67.safeframe.googlesyndication.com
URL: https://ec81b50761337029cbc265e61aaf7f67.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.63.117 Reilingen, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.117.63.201.138.clients.your-server.de
Software: Apache /
Resource Hash: 998f0a3b5a365a28695d56d2ee7a1a0f40e7cf1e9c06236db8ad2e21fd7d280b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ec81b50761337029cbc265e61aaf7f67.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Connection: close
Content-Encoding: gzip
Content-Length: 1467
Content-Type: text/html; charset=utf-8
Date: Wed, 06 Apr 2022 11:11:49 GMT
Expires: Wed, 06 Apr 2022 12:11:49 +0200
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Pragma: no-cache
Server: Apache
Vary: Accept-Encoding

GET
DATA 200
OK truncated
/ Frame 557F 217 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 9e819565527d55773af7f985b8ed95f40e6b456cd7a81f777cbe0a335cb07632

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame A246 0
9 B 57ms
57ms Image
text/plain 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?zY5pjg
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Wed, 06 Apr 2022 11:11:49 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0

GET
H2 204 current
dclk-match.dotomi.com/match/bounce/ Frame 27DF 0
104 B 125ms
68ms Image
text/plain 2a02:fa8:8806:12::1400
VCLK-EU-SE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dclk-match.dotomi.com/match/bounce/current?networkId=14000&version=1&google_gid=CAESELWP2I9L4LcfsifbDZTjbnE&google_cver=1&google_push=AYg5qPILPYPpywECb9rHwYM7bT-_xdx-6a0sjJFyskW2sKnAxm_S-wMZrPLO-dtyz6Ajivxor_a3SUQCLu8oamUX5JOmlm0ICY8
Requested by: Host: 44b06eb17c5c54e89d8592603d21ef87.safeframe.googlesyndication.com
URL: https://44b06eb17c5c54e89d8592603d21ef87.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2a02:fa8:8806:12::1400 , Singapore, ASN41041 (VCLK-EU-SE, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 06 Apr 2022 11:11:49 GMT
cache-control: no-cache, private, max-age=0, no-store
server: nginx
expires: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 27DF
Redirect Chain

https://pm.w55c.net/ping_match.gif?ei=GOOGLE&rurl=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3D9675309%26google_hm%3D_wfivefivec64esc_&google_gid=CAESEIHfw5UUlwTODXllegSMVwI&google_cve...
https://pm.w55c.net/ping_match.gif?scc=1&ei=GOOGLE&rurl=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3D9675309%26google_hm%3D_wfivefivec64esc_&google_gid=CAESEIHfw5UUlwTODXllegSMVwI&goog...
https://cm.g.doubleclick.net/pixel?google_nid=9675309&google_hm=VlAzZUc3MG0xTkMzekw1&google_gid=CAESEIHfw5UUlwTODXllegSMVwI&google_cver=1&google_push=AYg5qPIXzWL50aljRqeYI-qS0NkyDzHN0r0ocuU0P0iRwWr...

170 B
188 B

51ms
51ms

Image
image/png

172.217.23.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=9675309&google_hm=VlAzZUc3MG0xTkMzekw1&google_gid=CAESEIHfw5UUlwTODXllegSMVwI&google_cver=1&google_push=AYg5qPIXzWL50aljRqeYI-qS0NkyDzHN0r0ocuU0P0iRwWrlVrSPf4UfrGujxY7V-HOS_3-TfjjmssWi2e_uxH7NX_IPg25O9nKL

Requested by

Host: 44b06eb17c5c54e89d8592603d21ef87.safeframe.googlesyndication.com
URL: https://44b06eb17c5c54e89d8592603d21ef87.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Server

172.217.23.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

mil04s23-in-f98.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 06 Apr 2022 11:11:49 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Wed, 06 Apr 2022 11:11:48 GMT
Server: PingMatch/v2.0.30-713-gdae83a2#rel-ec2-master i-022b0454a7aa0bd60@eu-central-1a@dxedge-app-eu-central-1-prod-asg
Strict-Transport-Security: max-age=2592000; includeSubDomains
Location: https://cm.g.doubleclick.net/pixel?google_nid=9675309&google_hm=VlAzZUc3MG0xTkMzekw1&google_gid=CAESEIHfw5UUlwTODXllegSMVwI&google_cver=1&google_push=AYg5qPIXzWL50aljRqeYI-qS0NkyDzHN0r0ocuU0P0iRwWrlVrSPf4UfrGujxY7V-HOS_3-TfjjmssWi2e_uxH7NX_IPg25O9nKL
Cache-Control: no-cache, must-revalidate
Connection: keep-alive
Content-Length: 0
Expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

i.match
s.tribalfusion.com/z/ Frame 27DF
Redirect Chain

https://a.tribalfusion.com/i.match?p=b6&u=CAESEPSTX1podvlLhbsViWhVeRg&google_cver=1&google_push=AYg5qPJiHJu4Co9wvW-jfBgWq51GiN6tYmWi_VXva67V7l6fmCqYNXdpb7HQv6HA0AccB3GS21SfJtyleabNlRywnHF6zkjGOsIL&...
https://s.tribalfusion.com/z/i.match?p=b6&u=CAESEPSTX1podvlLhbsViWhVeRg&google_cver=1&google_push=AYg5qPJiHJu4Co9wvW-jfBgWq51GiN6tYmWi_VXva67V7l6fmCqYNXdpb7HQv6HA0AccB3GS21SfJtyleabNlRywnHF6zkjGOsI...

43 B
419 B

194ms
187ms

Image
image/gif

2606:4700::6812:c05
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s.tribalfusion.com/z/i.match?p=b6&u=CAESEPSTX1podvlLhbsViWhVeRg&google_cver=1&google_push=AYg5qPJiHJu4Co9wvW-jfBgWq51GiN6tYmWi_VXva67V7l6fmCqYNXdpb7HQv6HA0AccB3GS21SfJtyleabNlRywnHF6zkjGOsIL&redirect=https%3A//cm.g.doubleclick.net/pixel%3Fgoogle_nid%3Dexp%26google_push%3DAYg5qPJiHJu4Co9wvW-jfBgWq51GiN6tYmWi_VXva67V7l6fmCqYNXdpb7HQv6HA0AccB3GS21SfJtyleabNlRywnHF6zkjGOsIL%26google_ula%3D2786954%26google_hm%3D%24TF_USER_ID_ENC%24
Protocol: H2
Server: 2606:4700::6812:c05 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e586a84d8523747f42e510d78e141015b6424cf67d612854e892a7bcedc8ec9e

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 06 Apr 2022 11:11:49 GMT
cf-cache-status: DYNAMIC
x-function: 302
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
cf-ray: 6f7a15bfbfbf9a1e-FRA
p3p: CP="NOI DEVo TAIa OUR BUS"
cache-control: no-cache, private
content-type: image/gif; charset=utf-8
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 43
expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Wed, 06 Apr 2022 11:11:49 GMT
cf-cache-status: DYNAMIC
x-function: 206
server: cloudflare
x-reuse-index: 2
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
cf-ray: 6f7a15be8d329a1e-FRA
p3p: CP="NOI DEVo TAIa OUR BUS"
location: https://s.tribalfusion.com/z/i.match?p=b6&u=CAESEPSTX1podvlLhbsViWhVeRg&google_cver=1&google_push=AYg5qPJiHJu4Co9wvW-jfBgWq51GiN6tYmWi_VXva67V7l6fmCqYNXdpb7HQv6HA0AccB3GS21SfJtyleabNlRywnHF6zkjGOsIL&redirect=https%3A//cm.g.doubleclick.net/pixel%3Fgoogle_nid%3Dexp%26google_push%3DAYg5qPJiHJu4Co9wvW-jfBgWq51GiN6tYmWi_VXva67V7l6fmCqYNXdpb7HQv6HA0AccB3GS21SfJtyleabNlRywnHF6zkjGOsIL%26google_ula%3D2786954%26google_hm%3D%24TF_USER_ID_ENC%24
cache-control: no-cache, private
content-type: text/html
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 27DF
Redirect Chain

https://sync-tm.everesttech.net/upi/pid/5w3jqr4k?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dg8f47s39e399f3fe%26google_hm%3D%24%7BTM_USER_ID_BASE64ENC_URLENC%7D&google_gid=CAESE...
https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_hm=&google_cver=1&google_gid=CAESEM5MqKSduLRIPeM5Ne98CrY&google_push=AYg5qPJj5N2r2k4HEhuq-ZB6oHgpGK5AtIBDMSSkD_iimSR3vzREgQtqHl...

170 B
188 B

51ms
51ms

Image
image/png

172.217.23.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_hm=&google_cver=1&google_gid=CAESEM5MqKSduLRIPeM5Ne98CrY&google_push=AYg5qPJj5N2r2k4HEhuq-ZB6oHgpGK5AtIBDMSSkD_iimSR3vzREgQtqHl185UWGk4ysVK7tjVu6bD1MKR5xmuxKzYFQgS7gEXRJ

Protocol

Server

172.217.23.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

mil04s23-in-f98.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 06 Apr 2022 11:11:49 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Wed, 06 Apr 2022 11:11:49 GMT
via: 1.1 varnish
server: Jetty(9.4.35.v20201120)
x-timer: S1649243510.524682,VS0,VE93
x-served-by: cache-hhn4046-HHN
x-cache: MISS
p3p: CP="NOI DSP COR LAW PSAo PSDo IVAo IVDo OUR BUS UNI DEM"
location: https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_hm=&google_cver=1&google_gid=CAESEM5MqKSduLRIPeM5Ne98CrY&google_push=AYg5qPJj5N2r2k4HEhuq-ZB6oHgpGK5AtIBDMSSkD_iimSR3vzREgQtqHl185UWGk4ysVK7tjVu6bD1MKR5xmuxKzYFQgS7gEXRJ
cache-control: no-cache
accept-ranges: bytes
access-control-allow-origin: *
content-length: 0
x-cache-hits: 0

GET
H2 200 google
match.adsrvr.org/track/cmf/ Frame 27DF 70 B
265 B 96ms
30ms Image
image/gif 15.197.193.217
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.adsrvr.org/track/cmf/google?google_gid=CAESEBfLdEMFNj6rJxfyg9lhr3Q&google_cver=1&google_push=AYg5qPItIe7kLgasC7_md-548sOKUO6ktgl5qNmYjNE8TVuXhWlsYYeBEV8Z_SB96c7QM-Uttgby1_OfEip69bpTpnMiVSo7EzY
Requested by: Host: 44b06eb17c5c54e89d8592603d21ef87.safeframe.googlesyndication.com
URL: https://44b06eb17c5c54e89d8592603d21ef87.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 15.197.193.217 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a12b7a488abeaa9e4.awsglobalaccelerator.com
Software: /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 06 Apr 2022 11:11:49 GMT
cache-control: private,no-cache, must-revalidate
x-aspnet-version: 4.0.30319
content-type: image/gif
content-length: 70
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 27DF
Redirect Chain

https://pr-bh.ybp.yahoo.com/sync/adx?google_gid=CAESEL2IB5RiNcihETFRcg2_738&google_cver=1&google_push=AYg5qPLVkJuuxBvmiAJKAml9AHoUjgmZVxstGZZhw4izj-oAHbM2OJojhVFgvzP68hQU9WVhApYko0Rxnphb7OpKqbzFhmi...
https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=AYg5qPLVkJuuxBvmiAJKAml9AHoUjgmZVxstGZZhw4izj-oAHbM2OJojhVFgvzP68hQU9WVhApYko0Rxnphb7OpKqbzFhmiLtR3_&google_hm=MzM4MDM1NjgwNTMyODAxODc5

170 B
188 B

50ms
49ms

Image
image/png

172.217.23.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=AYg5qPLVkJuuxBvmiAJKAml9AHoUjgmZVxstGZZhw4izj-oAHbM2OJojhVFgvzP68hQU9WVhApYko0Rxnphb7OpKqbzFhmiLtR3_&google_hm=MzM4MDM1NjgwNTMyODAxODc5

Requested by

Host: 44b06eb17c5c54e89d8592603d21ef87.safeframe.googlesyndication.com
URL: https://44b06eb17c5c54e89d8592603d21ef87.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Server

172.217.23.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

mil04s23-in-f98.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 06 Apr 2022 11:11:49 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Wed, 06 Apr 2022 11:11:49 GMT
referrer-policy: strict-origin-when-cross-origin
server: ATS
age: 0
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
strict-transport-security: max-age=31536000
location: https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=AYg5qPLVkJuuxBvmiAJKAml9AHoUjgmZVxstGZZhw4izj-oAHbM2OJojhVFgvzP68hQU9WVhApYko0Rxnphb7OpKqbzFhmiLtR3_&google_hm=MzM4MDM1NjgwNTMyODAxODc5
x-xss-protection: 1; mode=block
content-length: 0
x-content-type-options: nosniff

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 27DF
Redirect Chain

https://ap.lijit.com/dsp/google/pixelmatch?google_gid=CAESEGt_BSvtjZUIxwRUqZjm0e4&google_cver=1&google_push=AYg5qPLA2ayjrvBvULnfas8AoXocVsSw3eTF9kK6-GTN_cbyrKaUEvAvjNJMhnNH1P5IbFTxqbICdINbpfluIh2Qf...
https://ap.lijit.com/dsp/google/pixelmatch?google_gid=CAESEGt_BSvtjZUIxwRUqZjm0e4&google_cver=1&google_push=AYg5qPLA2ayjrvBvULnfas8AoXocVsSw3eTF9kK6-GTN_cbyrKaUEvAvjNJMhnNH1P5IbFTxqbICdINbpfluIh2Qf...
https://cm.g.doubleclick.net/pixel?google_nid=sovrn&google_push=AYg5qPLA2ayjrvBvULnfas8AoXocVsSw3eTF9kK6-GTN_cbyrKaUEvAvjNJMhnNH1P5IbFTxqbICdINbpfluIh2QfF-X3kHDjG5E&google_hm=aa98a56f6619d14a33e48a08

170 B
188 B

49ms
49ms

Image
image/png

172.217.23.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=sovrn&google_push=AYg5qPLA2ayjrvBvULnfas8AoXocVsSw3eTF9kK6-GTN_cbyrKaUEvAvjNJMhnNH1P5IbFTxqbICdINbpfluIh2QfF-X3kHDjG5E&google_hm=aa98a56f6619d14a33e48a08

Protocol

Server

172.217.23.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

mil04s23-in-f98.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 06 Apr 2022 11:11:49 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date: Wed, 06 Apr 2022 11:11:49 GMT
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, DELETE, PUT
Location: https://cm.g.doubleclick.net/pixel?google_nid=sovrn&google_push=AYg5qPLA2ayjrvBvULnfas8AoXocVsSw3eTF9kK6-GTN_cbyrKaUEvAvjNJMhnNH1P5IbFTxqbICdINbpfluIh2QfF-X3kHDjG5E&google_hm=aa98a56f6619d14a33e48a08
Access-Control-Allow-Credentials: true
Connection: close
X-Sovrn-Pod: ad_ap5ams1
Access-Control-Allow-Headers: X-Requested-With, Content-Type

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame 27DF 0
12 B 47ms
47ms Image
text/html 172.217.23.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13ISRJoo60DbPkamC1-JMEN_DjftHmQAh9yagcTcTmbLoiHCRtduTuJsA4BFemzQbNoam91-

Requested by

Host: 44b06eb17c5c54e89d8592603d21ef87.safeframe.googlesyndication.com
URL: https://44b06eb17c5c54e89d8592603d21ef87.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.23.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

mil04s23-in-f98.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Wed, 06 Apr 2022 11:11:49 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H3 200 6xKydSBYKcSV-LCoeQqfX1RYOo3i54rwlxdu.woff2
fonts.gstatic.com/s/sourcesanspro/v19/ Frame 60F7 13 KB
13 KB 58ms
58ms Font
font/woff2 2a00:1450:4001:831::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/sourcesanspro/v19/6xKydSBYKcSV-LCoeQqfX1RYOo3i54rwlxdu.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Source+Sans+Pro:400,600

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

bc9a16cd945457ad9463cdaed95129b01c589466978dfee3d019d9c604b2171a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://hal900030.redintelligence.net
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Wed, 30 Mar 2022 18:04:09 GMT
x-content-type-options: nosniff
age: 580060
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13052
x-xss-protection: 0
last-modified: Wed, 23 Feb 2022 17:37:40 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 30 Mar 2023 18:04:09 GMT

GET
H3 200 6xK3dSBYKcSV-LCoeQqfX1RYOo3qOK7l.woff2
fonts.gstatic.com/s/sourcesanspro/v19/ Frame 60F7 13 KB
13 KB 61ms
61ms Font
font/woff2 2a00:1450:4001:831::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/sourcesanspro/v19/6xK3dSBYKcSV-LCoeQqfX1RYOo3qOK7l.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Source+Sans+Pro:400,600

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c124c88ca4fcb4336e97617647ef0d32441329371120c8eabaea0fea226560b0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://hal900030.redintelligence.net
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Wed, 30 Mar 2022 18:03:30 GMT
x-content-type-options: nosniff
age: 580099
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13036
x-xss-protection: 0
last-modified: Wed, 23 Feb 2022 17:39:39 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 30 Mar 2023 18:03:30 GMT

GET
H/1.1 200
OK viewability Show response
hal90005.redintelligence.net/ Frame 9C02 0
150 B 33ms
12ms Script
text/html 138.201.63.165
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal90005.redintelligence.net/viewability?s=52083000108516004444554011921005&a=24d266e4&vb=m
Requested by: Host: hal90005.redintelligence.net
URL: https://hal90005.redintelligence.net/request_content.php?s=52083000108516004444554011921005&a=13c98686
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.63.165 Reilingen, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.165.63.201.138.clients.your-server.de
Software: Apache /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hal90005.redintelligence.net/request_content.php?s=52083000108516004444554011921005&a=13c98686
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Date: Wed, 06 Apr 2022 11:11:49 GMT
Server: Apache
Connection: close
Content-Length: 0
Content-Type: text/html; charset=UTF-8

GET
H2

200

boschaktion_234x60
asset.conrad.com/media10/isa/160267/c1/-/de/ Frame 1360
Redirect Chain

https://www.awin1.com/cshow.php?s=2470208&v=11354&q=371931&r=473322&pref1=28472900099787900383828011921003
https://www.zenaps.com/cshow.php?pvr=5ada74e1-b59a-11ec-956f-22655f6734d7&v=11354&r=473322&q=371931&s=2470208&viewref=28472900099787900383828011921003
https://asset.conrad.com/media10/isa/160267/c1/-/de/boschaktion_234x60?format=gif

22 KB
22 KB

69ms
15ms

Image
image/gif

178.79.242.245
LLNW

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://asset.conrad.com/media10/isa/160267/c1/-/de/boschaktion_234x60?format=gif

Requested by

Host: ad3.ad-srv.net
URL: https://ad3.ad-srv.net/request_content.php?s=28472900099787900383828011921003&a=765cbec3

Protocol

Server

178.79.242.245 , United States, ASN22822 (LLNW, US),

Reverse DNS

https-178-79-242-245.fra.llnw.net

Software

Cliplister GmbH /

Resource Hash

c195a2b46a2566d4f7c6bb1baf2e94ff9414e6bf5bdd5d19842c1c5aaa619f9d

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ad3.ad-srv.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

strict-transport-security: max-age=15768000
etag: "62457b78-57d6"
last-modified: Thu, 31 Mar 2022 09:59:20 GMT
server: Cliplister GmbH
age: 4023
date: Wed, 06 Apr 2022 11:11:49 GMT
content-type: image/gif
access-control-allow-origin: *
cache-control: max-age=172800
x-server: c20
reporting: eyJjb25zdW1lcmlkIjoxNjAyNjcsIm93bmVyaWQiOjE2MDI2NywidW5pcXVlaWQiOiIxNjAyNjc1MnROaEluM3kwSThOTU9TdnQ4dUk4QVQiLCJ1dWlkIjoiMmQ2MWRmMTVmNDgxNDUxNDhkZDI4ZGU2Mjk4NzI1MTUiLCJhc3NldHR5cGUiOiJwaWN0dXJlIn0=
x-llid: c2c96f9987ac92a98396441c23d14488
content-length: 22486
accept-ranges: bytes
expires: Fri, 08 Apr 2022 10:04:46 GMT

Redirect headers

Date: Wed, 06 Apr 2022 11:11:49 GMT
Strict-Transport-Security: max-age=86400
P3P: policyref="http://www.awin1.com/w3c/p3p.xml", CP="NOI NID CURa ADMa PSAa HISa OUR IND UNI PUR COM NAV"
Location: https://asset.conrad.com/media10/isa/160267/c1/-/de/boschaktion_234x60?format=gif
Awin-Akamai-Rule-Set: default
Node: Helix
Connection: keep-alive
Content-Length: 0

GET
H/1.1 200
OK 69250fcfc588cf5d8ffbc24dca91a6f6 Show response
pv.medialead.de/trck/epv/ Frame 1360 959 B
1 KB 85ms
84ms Script
application/javascript 145.239.193.130
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://pv.medialead.de/trck/epv/69250fcfc588cf5d8ffbc24dca91a6f6?subid=28472900099787900383828011921003&ctrack=https%3A%2F%2Fad3.ad-srv.net%2Fc%2Fcspohqwlv3o3s9z%3Ftprde%3D

Requested by

Host: ad3.ad-srv.net
URL: https://ad3.ad-srv.net/request_content.php?s=28472900099787900383828011921003&a=765cbec3

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

145.239.193.130 , France, ASN16276 (OVH, FR),

Reverse DNS

Software

nginx/1.17.5 /

Resource Hash

25d5638550542896d4a56603dac8d08f4a7ee19ce3341bbe20cbf0d5ca5ed296

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ad3.ad-srv.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Date: Wed, 06 Apr 2022 11:11:49 GMT
Server: nginx/1.17.5
Host: pv.medialead.de
X-IPLB-Request-ID: B9D59BA2:C09A_91EFC182:01BB_624D7575_19C5A796:F726
X-IPLB-Instance: 40027
Strict-Transport-Security: max-age=15768000
Content-Type: application/javascript; charset=utf-8
Cache-control: private
Keep-Alive: timeout=20
Content-Length: 959
Proxy-Host: pv.medialead.de

GET
H/1.1

200
OK

STIHL-Logo-V2_234x60.png
cdn.ad-sun.de/STIHL/Werbemittel/Logo/ Frame 1360
Redirect Chain

https://www.awin1.com/cshow.php?s=2840015&v=20646&q=409071&r=473322&pref1=28472900099787900383828011921003
https://cdn.ad-sun.de/STIHL/Werbemittel/Logo/STIHL-Logo-V2_234x60.png

3 KB
3 KB

74ms
16ms

Image
image/png

164.132.182.207
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ad-sun.de/STIHL/Werbemittel/Logo/STIHL-Logo-V2_234x60.png
Requested by: Host: ad3.ad-srv.net
URL: https://ad3.ad-srv.net/request_content.php?s=28472900099787900383828011921003&a=765cbec3
Protocol: HTTP/1.1
Server: 164.132.182.207 , France, ASN16276 (OVH, FR),
Reverse DNS: ip207.ip-164-132-182.eu
Software: Apache /
Resource Hash: 010d6946daf622f2715f704530d9ca81d8b20c61f4355b34a1221e5667033c71

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ad3.ad-srv.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Date: Wed, 06 Apr 2022 11:11:49 GMT
Last-Modified: Fri, 19 Mar 2021 16:19:18 GMT
Server: Apache
ETag: "caf-5bde613fbe789"
Content-Type: image/png
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 3247

Redirect headers

Date: Wed, 06 Apr 2022 11:11:49 GMT
Strict-Transport-Security: max-age=86400
P3P: policyref="http://www.awin1.com/w3c/p3p.xml", CP="NOI NID CURa ADMa PSAa HISa OUR IND UNI PUR COM NAV"
Location: https://cdn.ad-sun.de/STIHL/Werbemittel/Logo/STIHL-Logo-V2_234x60.png
Awin-Akamai-Rule-Set: default
Node: Helix
Connection: keep-alive
Content-Length: 0

GET
H3 200 6xKydSBYKcSV-LCoeQqfX1RYOo3i54rwlxdu.woff2
fonts.gstatic.com/s/sourcesanspro/v19/ Frame 9C02 13 KB
13 KB 58ms
58ms Font
font/woff2 2a00:1450:4001:831::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/sourcesanspro/v19/6xKydSBYKcSV-LCoeQqfX1RYOo3i54rwlxdu.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Source+Sans+Pro:400,600

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

bc9a16cd945457ad9463cdaed95129b01c589466978dfee3d019d9c604b2171a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://hal90005.redintelligence.net
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Wed, 30 Mar 2022 18:04:09 GMT
x-content-type-options: nosniff
age: 580060
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13052
x-xss-protection: 0
last-modified: Wed, 23 Feb 2022 17:37:40 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 30 Mar 2023 18:04:09 GMT

GET
H3 200 6xK3dSBYKcSV-LCoeQqfX1RYOo3qOK7l.woff2
fonts.gstatic.com/s/sourcesanspro/v19/ Frame 9C02 13 KB
13 KB 71ms
70ms Font
font/woff2 2a00:1450:4001:831::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/sourcesanspro/v19/6xK3dSBYKcSV-LCoeQqfX1RYOo3qOK7l.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Source+Sans+Pro:400,600

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c124c88ca4fcb4336e97617647ef0d32441329371120c8eabaea0fea226560b0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://hal90005.redintelligence.net
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Wed, 30 Mar 2022 18:03:30 GMT
x-content-type-options: nosniff
age: 580099
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13036
x-xss-protection: 0
last-modified: Wed, 23 Feb 2022 17:39:39 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 30 Mar 2023 18:03:30 GMT

GET
H/1.1 200
OK viewability Show response
ad3.ad-srv.net/ Frame 1360 0
150 B 34ms
12ms Script
text/html 138.201.63.117
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ad3.ad-srv.net/viewability?s=28472900099787900383828011921003&a=16b2fd94&vb=m
Requested by: Host: ad3.ad-srv.net
URL: https://ad3.ad-srv.net/request_content.php?s=28472900099787900383828011921003&a=765cbec3
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.63.117 Reilingen, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.117.63.201.138.clients.your-server.de
Software: Apache /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ad3.ad-srv.net/request_content.php?s=28472900099787900383828011921003&a=765cbec3
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Date: Wed, 06 Apr 2022 11:11:49 GMT
Server: Apache
Connection: close
Content-Length: 0
Content-Type: text/html; charset=UTF-8

GET
H/1.1 200
OK triple_layout3_animiert.gif
cdn.contentspread.net/kupona/creatives/ Frame 1360 8 KB
9 KB 68ms
11ms Image
image/gif 88.99.65.215
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.contentspread.net/kupona/creatives/triple_layout3_animiert.gif
Requested by: Host: ad3.ad-srv.net
URL: https://ad3.ad-srv.net/request_content.php?s=28472900099787900383828011921003&a=765cbec3
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 88.99.65.215 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.215.65.99.88.clients.your-server.de
Software: nginx /
Resource Hash: 5d8e1362d3d67ed6e74c3104f3ab8609d179081387ea36e71940914a86350f7c

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ad3.ad-srv.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Date: Wed, 06 Apr 2022 11:11:49 GMT
Last-Modified: Fri, 27 May 2011 12:36:57 GMT
Server: nginx
ETag: "4ddf9ae9-21b3"
Content-Type: image/gif
Connection: close
Accept-Ranges: bytes
Content-Length: 8627

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame AB47 0
20 B 92ms
92ms Image
image/gif 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=225&t=2&li=gpt_2022040501&jk=119089816863529&bg=!BAelB0PNAAZku-1yRLs7ACkAdvg8WjzOBgIVkxOd-g0vc2-ER8m1m3JyG1xTwBskqg6_53UQVCD75AIAAAINUgAAAANoAQeZArB2rGmMNiYzB2Cfh4W2gzTzoP2ZhBem4_LRlkwQWwD-Cx71KIO8hk2YW02aAaMnD7aEyQyawFLGFole8sVXyH7hCom8bieuQsZW8z2TPnyET_LvovkkQc1fc2EzzdujDh6XXxSAxf2sRue8a8fqT7ErIwcuvJV_GfZtMIZ2lCwtjxgLxmNne-0c4LvhNNF_C4LdzfFzcRNIza3VF-_W0z2w17cTS7G479y1Cfu4en7KsbntROiWyin9CPZnz3-STheBlCXNze0nssXlCWzBoWn4-P3Ik8tjawm3TAQO2VEl2gbZB8moG5hpMyDGGcQfaZaJBQwl9tW3HRja8o96YqkX56D1CccxlLEaJeyU-2EQHptW2RtYBl4BkqsipLJeyGnYsOKFEhihI1D9yyFP67xfTyjYHHSw-iqEPPU5bDeeTWR547wQMdnJM6e5hob3SeuidGKf4XnWfHmtSwrx1yhNjDP6fxiIzDPZMT_kMmj2H3gCeT1i2fH3TvDl0EJ3b7Tx-OW8Ar3YzS4_vQ9OGA8mfPFxzQFLigwQhKY3UpRTZSnfyCcYVjzJMYTuSIg2jIJvPYYy1WNqLnIeQy09YlyKAnt_Jw4jHJLkYsPjZiqvz9HRTwXGFy3AypbpzpwOr3nIDZvwmW6n2V30_GD3dORLTSfylBGBM7svI34j9h_F5sWCuRuZEiPXwngyXNaFe_n9geoqOG49VS4HNwLIBN3rWF9cDqk_dpSTsdDHVNVyEQni_n-vzW5aOy1uj_UIbCwRHlguCUywH2jk_jdq-Nsodkftm_ilkDf56IwSxG23TOVKp6XyRs-k7G9dzHhLProVQcIMNISPsEN-Izhja7Daq3vk84N5GufuytEUVaVdcae5gQMaswI2Ieu1TDybdhZmB_esMYXneLRILzPPklqT

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 06 Apr 2022 11:11:49 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 5DD7 0
20 B 93ms
93ms Image
image/gif 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=225&t=2&li=gpt_2022033101&jk=702374415149123&bg=!GBulG1_NAAZku-1yRLs7ACkAdvg8WlVx3PNiC0wfoOzUxCVg6AmNcj0840vTU6UbJYDk2srus3vf-wIAAAHAUgAAAAhoAQeZAqyrmgpf8AJ5WZf4HnGB30xBFBBhtbcqD8JEeHl23PiorS0hu-GCmEVqSgx7JZLmc_Mc7JYmGpUxOAdYU-6agatiB0AZa2deBRa1jcSTry1jML8Kd7N-fZIIDVHq0Qv0ww6HWn2EfYWqBUgo9booaHrNvC1HMrMhLTTkvWs7bc0a2a3NZrO4Ify1-IZypvNurp_Lem_WQ--5Vyjekkp534xy435MWL9harv0fqeHZUcYcSMy7wbHXMsK03jtvoc6HRKahCwYeay7Eq0zJJ3xOw4zkzQjkeBYHPYm1uCuJX3upQCdMmVL9t3zdw44h_7lhh7WDG98tmXcW_gukBwzH3fEl9SPTtIPunyt3TVNyKF1ItQeXP32XW21zZYRwxq8-i9t7JweYrEFDaig58rtsrwpDmmw_LgQo4ivOQiF6oZ0IyHn7RZpEL8FhfJmoQQ9DEQpu3Vh9HWdj3SbcQ4IJdGhQtDRqAAeZ3olVhksoMheJ2lKQP8_S7NFL-8WC52XsOLUP5rCKgLIDCL6CN-AJ5tHzKamflBXbZPFgO3qavlqAMjKqhQOoX18DNwTy92PtaTyidnnObt7GhbksIhd06GaoM3iqMFwsN_7LDuDo4v2bjD8pcX22jQC3PVZZQNT7OkwrpoTvkYJhujjzNjpCcjjuxa-Wna3FVn9xRYiE7Ps0gRpOi9LxgmzKnfPlwhzgbqHoi80d5UQWN3e_BPViiZiWk_xfIoP28azV4J2eJy83aJn5mxmI4VtVUGHIyupsrpCvGEWpVucgEfal-YVzS_XXeNmlr9FEydT0L_o0zMFrXsNNIVGCmUFCAWjcXUcMFRMA6cSH_tGSNrWDYszudbX7uzz6u7SxDVTFh_7iKpc0y0A4fFhsvEMq4JYvnb3LsbYh_r3cUfcRHml5IU

Requested by

Host: nets4.com
URL: https://nets4.com/domain/ornatus.ru

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 06 Apr 2022 11:11:49 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 view.aspx Show response
pb.media01.eu/ Frame 4AF1 0
36 B 30ms
29ms Document
text/html 88.198.250.30
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://pb.media01.eu/view.aspx?trackid=529D4F146E3238B0FD87AE72E1190AD4&dt_subid1=50099&dt_subid2=28472900099787900383828011921003&actionid=981741&produktid=&dt_url=

Requested by

Host: pv.medialead.de
URL: https://pv.medialead.de/trck/epv/69250fcfc588cf5d8ffbc24dca91a6f6?subid=28472900099787900383828011921003&ctrack=https%3A%2F%2Fad3.ad-srv.net%2Fc%2Fcspohqwlv3o3s9z%3Ftprde%3D

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

88.198.250.30 Hamburg, Germany, ASN24940 (HETZNER-AS, DE),

Reverse DNS

static.88-198-250-30.clients.your-server.de

Software

Microsoft-IIS/10.0 / ASP.NET

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ad3.ad-srv.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Content-Type, Content-Range, Content-Disposition, Content-Description, X-XSRF-TOKEN, X-Location
access-control-allow-methods: GET,POST
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
content-length: 0
content-type: text/html; charset=UTF-8
date: Wed, 06 Apr 2022 11:11:48 GMT
expires: Mon, 26 Jul 1997 05:00:00 GMT
last-modified: Wed, 06 Apr 2022 01:11:49 GMT
p3p: policyref="https://pb.media01.eu/pb.media01.eu/p3p.xml", CP="NOI NID PSA OUR BUS NAV STA"
pragma: no-cache
server: Microsoft-IIS/10.0
x-aspnet-version: 4.0.30319
x-powered-by: ASP.NET
x-xss-protection: 1; mode=block

GET
H/1.1 200
OK pb_ratenkredit_234x60.gif
ad-server.eu/wm/pb/rate/aktion/ Frame 1360 12 KB
12 KB 29ms
29ms Image
image/gif 54.76.176.197
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ad-server.eu/wm/pb/rate/aktion/pb_ratenkredit_234x60.gif
Requested by: Host: ad3.ad-srv.net
URL: https://ad3.ad-srv.net/request_content.php?s=28472900099787900383828011921003&a=765cbec3
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.76.176.197 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-76-176-197.eu-west-1.compute.amazonaws.com
Software: nginx/1.4.6 (Ubuntu) /
Resource Hash: a8128a12543e5c8871a4c26ed1aec5db7c0621f30fea1d478d179c501f42daf1

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ad3.ad-srv.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Date: Wed, 06 Apr 2022 11:17:13 GMT
Last-Modified: Tue, 22 Feb 2022 10:16:30 GMT
Server: nginx/1.4.6 (Ubuntu)
ETag: "6214b7fe-2ff7"
Content-Type: image/gif
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 12279

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 8347 0
20 B 92ms
92ms Image
image/gif 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=225&t=2&li=gpt_2022033101&jk=3907680314576310&bg=!dXaldjLNAAZku-1yRLs7ACkAdvg8WiQp_Van6MBnQOXj9xMd5Qucf1WniriaoE3LwA8B5zNHoAr4UAIAAAJVUgAAAAJoAQcKAMuWxveFge7NcNHfRP5e5sWbKDN1G3v5WJaJYvI1-KWqXCb8xdRfvwZ6W_L5e6LkDL-oN9wB7jfP1RpvRETCVjiCbqJaqXQODtYEbYnsnUNaYuGcqECoXxdwMoeYbejpmFylT6G-qZOjV0YMTRC-IRgMUbCq9fr3P8-beUHIsB2cOi_8KDikWC3w_fliEbENS10OI5qjJr5e0KpXlNGyDnQtcCe_v_RWUqeuQEss88c2PBC4oaUu-XtxGsmQd50T8z3uXIYeJ689WJRShJkCpw9-nQp1oicdhD5mq15_ywr9zXzlaHELA8xqkbegcSQoRwbAQc_Vz4ktK_rF1OodFa5_kojinuxVyLnj8Ijvx5SnYmM6bhWQfUwc-bIzvsT4HfetXBw-Gjfhx-OTN9TwjOn7ephi5dTssWhNamLFLcek6Z61SrzEI7woK2SHaGB_GHu3h4eCuqkW80PAtxAMGwUWfhqQr40ZoF1zHNyqxi1xiC9VcS_a0GkmOucvP4HGDlVnE_8gRAOgudN8QWEW3mMlQYsZ1HaPUGUoLVrMHxL9YJJeHUtNWccRusyV7VH-uszav8ZIhKatjIWLFbcSjR_X1CrYOnNz8_RxuTXZWlhTXr7K7zL3uWkJxH3dbeBX3iiIYudoTw0bmNZPpo379cwusGhQ091PNjeMiG3v6v0MJFqnQnQr5JnSMhsTI2YiPaluL7T6EeNFTU_uCWvyYqr68DqyVUoGW3db2eyGYft3D3uXP3iB4CZEoH4ZdOzkW14AjEcF_AMEQjEKYqp9a4KdtTnTqPWHSX_oowkR2OcQCR32C_Xp4xdaggzN8IP6N92IibgJElX8atzKDMasfyCmzauDYBxlCOs3_C7GYxT9lCHjP3cKediiYzEkuQO-Queme7LTHPPIqXSQ0zZPlnz6syjZmhLULnPQexErPTjGm0bpqkqyNJ6dx78MN4aYysQ6IHz5PGZbK9iovJhOQPzsNX13EZKi5qMTrTjh_ttRSGwkW5YaJBkJgIw9wCXSpQiiDHa46dOh5HW6ZqLmXjz75TYSGauTD-fM4RP_YmDY9WckTqIwuT9N-V1KUslKirYzzqeQ3V0IR1v_PBc7HjGUwtPu9XRxgguMeRNzmDtQ0msqnUyQ-SWBvb11BfAuDXywL-XK92nCqpGIhGLAnPUUnGrcS6Q

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 06 Apr 2022 11:11:49 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame CD5C 0
20 B 92ms
92ms Image
image/gif 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BsyzXdHVNYsG8DoWNx_APv9ezwAoAAAAAOAHgBAI&bg=!Z2SlZCDNAAZku-1yRLs7ACkAdvg8WrlMU_8WP2Lt1c_1iC_wC48TJ-G5aaCnwGxnXoylt7-3ZZhDsAIAAAIjUgAAAAdoAQeZAvmYWl-kQjEG1RGOx00MCRkG-Djh3oCY8zBxtflwpJpG2zZOGDfKkSYUi2Kh0TK7Muc2-UbUcuga3uupmye6Mf9s5I9CTsGl1HmWt19bFqNgOZM49ncrykgoaT5jA7HAl-pZpII5POaAJZ1gSJ8ydB9_GpEXTyRAN2gDcpALH80mJoSJ_0BSkyT8LwLklcITcxa_cAnTYmy_6c2UbQxQ79HgfOcXnp9CILHW-X70im08k7zQKfhFsarw59QoaYdiJOL2uZ9GrjeRfRFFaAbJxV8Ut3axl8JJRHLy0zIy81PHUWfpXK2kW-hmYqJD8XO8Z1w81fIVu0L_YDhzQ41pV2kekp-dmVtMfMLl0ktwnCeTUwhnokVFpI9jeqta4XGgJQ4ZjvJjv0cI_1Y3ZWf3CTQIMUy4IPITPY2UkZcX1RFYKOYAcm1-3fBf9SHPGGf8nX2sHWNCej0q0934QatDM1O0Fxol4IeHXzdgIZ0wd-2TQzgxM_L3gk-ixYc5qFDKdeNc1zW0w5jh0WXa0kEn1wZeicJ_RKYG94oj-zSn8gF73IMkgrDbJCsInH09H6dfm37AIICD2b2UeSiSe5HtILJuxo6zo_vJXrjxBFGBIEHBMK0I1HUrXX7HfTXCLg9bTdZ7GqFqCJHDOaVmHQ-zkOvkr4-ElBEJXRNa59QDbxcQAy2e__CsxnJgbgTNnN1sRrHc6iWEklawJ5RWYQOvWo6p-_iAmAwkLWz_v1oID5XcymbZAO8LNeeZ4NpKrhi0C1QOQEhhn0s6qAKogJNpgamI-kT54fV13VmJyYHtvlVfYAhY2HHepiXBBSS8u_zqkBc1_vk2_TyFWQddEjppX9Bt0VtUiffzqv7jbJxF1UTuIo7FLkkZkRKIU4IItmG4zMGFkxcx99SlzMo3Ug0qFPecvLy1Vt7GwJBX_gJpMtJgSF6pdK7F6VLQd8Ay8yPvlUlO9xitK4ER6buzH5C12vsmm39MQCDJMv5nTu3z9CQSlQbz3cjTSF8Qzg

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 06 Apr 2022 11:11:49 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 40D2 0
20 B 93ms
92ms Image
image/gif 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=225&t=2&li=gpt_2022033101&jk=1185533996339920&bg=!8vGl8bXNAAZku-1yRLs7ACkAdvg8WqH-vjFRFgWmGhuah4hUkSXhZNJACXUAUAnngdHIHfr9py6mKQIAAAIQUgAAAAFoAQcKAATNth8PmQKyGbtEWbGuumIHiSEPv0miRQP2cMvDk8dsUvg8K76q7EJAffvnSNkK81Pgd_5vWAhY08yRLstuCa1kmilNs04qE58E8YfPb3TSE4vodPuVtv1002sOysJzjB8t9yp2fwmpuU9eerq1rPEdZE_mRXWKb7KP126u5xjkpy-2P_-_P5066JXeSfrBopfUtYLsHxzzZcOeE0TicWAEcig3UrZjQY4-UNVp_Bbr1ArgyOG5VoYE4AXLbS18CUSe-Pp6V4zBE2yuL6C50_rFolbigZ7nbFcS7e7vW7vND0VKTHwkVPlorPnTsGsm-17dbQSzX5naiJFGSkieGM4yvtop0lqme1xei56uCevyQQkNSl267fBdEyLev1IJNiM9U3aLI-xPK4lES4SJ1NjVDIPi-9rtgp9uuLRCpnkPU0aKSf2Kx-VBYJcTbT82_cscFiI_aJcOZknm3t6dvL6BeOJrJfkQrw7I2zied17X4OsI2Mhd1ftT3n6x08DQUoLB6mRoMpAXpveds4w7hVlsE7vBlrd57EA9_nQ5cyz-YluD-wd0C_-PaFU66IOA1FWNyIPyCeLFyRv66gT7NPnS-SSMPjmsRs9hda7XrOB0StZCvxubruwP_aVlylNTVEnSDe8DlI_TsKCXsBXHLCCta9iKXPlP7RsqeltBozP-pixZk60_y6C7GRzDUXHTFJPAu_3JHMZjsjtpbLMLrhXItQWs2oTSd6FnyoVfUYbkZJqJ10QEGLDh320oCLXEHNvaQDDi74EtTIKmDNAdoNLL2lvg9a5VIge3TtfOyKj2JYbfbtv0UQZ51bSDkTb-au8LqeCbS-gUTDdMCyAQkzQ4cxucEYvpjM3-VBsug6-NIAAV8JXvJxl00hXJ26I6MdfnLeQVyJaNu05mZpViWynFJuFMjHfrGBJd

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 06 Apr 2022 11:11:49 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 5506 0
20 B 92ms
91ms Image
image/gif 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BaeN6dHVNYqm8Dp6W3gPfmZuIDQAAAAA4AeAEAg&bg=!a2ilaCzNAAZku-1yRLs7ACkAdvg8WstsCNKixdo_RAgRyEtGVZ73TnexM3SR9qajsN5133M9N9e1cgIAAAJJUgAAAAJoAQeZAvhnGaRcmYI16e3LAt6VqAZEvDOCqQHVsVkr7w-AkGqgkcn9bQR9ITmXHj6OjgnwV7JEB4fESfgvWjBhLuWZYp3v6SYFj87UHLodfqrK029bW1ZIGVYYJFN2QRS9-xxEf3CRdYqqRwoYJ1d9uCv2_dt7ceTdcNRZM2xMHp-M4upvNASAAUtbZCPp1Mmjp_OmNMr-gj_XqnR5SNhvVi-IhxQSPR8-OCl7St_5yoNHSg85gPiwz4tpBc-nWiZIz7SoY3Je4HjaQvgYV57mYEh69hr39AIq4cd-j68AVuFgsWbNhgv_DujfdT-lH7gJF6jzREvPCL5uJTJITzUlqJieP96ZUUMNWD_ReF9a8SBe2IvhwPN9IXGADgQQ6JqrCy1Occ5PuGw3NfHQPWHu-4lTEN8JyXh3CT9FW2j7xUK14W7gW2Y55KLvgCjuNInSBkyMxrobOr4ZOiwZHM33o2M0loeS6qe8EVjhrqdw4Of-c4BycgbtqaVMmhi3ZDHSQ9UJnfCEgZc69jLXfOTmwZajCqo2EOVGuwdpeUuFPzdPtrbcB7-aunOoPMVeASN8LEqgOxfwP0tHdUdqFxBsVAY56kziflIW9B9Ig0_kHBBTn48GPpydonyxebUh7_Oqnn3uKPt5t7Zzhaitx5SS6uAFmWWwhdWqD8uXp6Lp8PH_C-3EG2C9XdqkioZ8G_fHNsFrOdWIzrgqs3bo7m4a50KGtN-NaENjW4a4YX75SUSpSrlL4rYo59sIycTCu3Uvjc_noQTJc4qAwhwhlnRVcLGs2w6fyKrSHAxBgxPCALloT10of_GXDk4UVsLLRjIqzKibydknU73RXUk8pCrCYcd4ldM0FHhku4H49UnEPidldmgcoLB0c5atsnoi5fdrvQJfPDM2xsEzBVvExQQgFF4gJbenWmduup6zTN9CBS8_gP6wJUpLMaPpoBefJV9T9mVZmYnei2MM3k_MqbKyJvmjLtoMcb_GMSk1dRVKHMYWkGz3sCfy7FbjPefm

Requested by

Host: ec81b50761337029cbc265e61aaf7f67.safeframe.googlesyndication.com
URL: https://ec81b50761337029cbc265e61aaf7f67.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 06 Apr 2022 11:11:49 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

/ Show response
match.adsrvr.org/track/upb/ Frame E2B1
Redirect Chain

https://insight.adsrvr.org/track/up?adv=4qqx4oo&ref=https%3A%2F%2Fnets4.com%2F&upid=t9831l4&upv=1.1.0
https://match.adsrvr.org/track/upb/?adv=4qqx4oo&ref=https%3A%2F%2Fnets4.com%2F&upid=t9831l4&upv=1.1.0

0
181 B

30ms
30ms

Document
text/html

15.197.193.217
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://match.adsrvr.org/track/upb/?adv=4qqx4oo&ref=https%3A%2F%2Fnets4.com%2F&upid=t9831l4&upv=1.1.0
Requested by: Host: js.adsrvr.org
URL: https://js.adsrvr.org/up_loader.1.1.0.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 15.197.193.217 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a12b7a488abeaa9e4.awsglobalaccelerator.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ec81b50761337029cbc265e61aaf7f67.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

cache-control: private,no-cache, must-revalidate
content-type: text/html
date: Wed, 06 Apr 2022 11:11:49 GMT
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
pragma: no-cache
x-aspnet-version: 4.0.30319

Redirect headers

cache-control: private,no-cache, must-revalidate
content-type: text/html; charset=utf-8
date: Wed, 06 Apr 2022 11:11:49 GMT
location: https://match.adsrvr.org/track/upb/?adv=4qqx4oo&ref=https%3A%2F%2Fnets4.com%2F&upid=t9831l4&upv=1.1.0
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
pragma: no-cache
x-aspnet-version: 4.0.30319

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 1687 0
20 B 92ms
92ms Image
image/gif 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=B5hDydHVNYqbXEbuJ9u8P2LiRgA4AAAAAOAHgBAI&bg=!j4yljMjNAAZku-1yRLs7ACkAdvg8WjGLbuObn-f5Prau9jtaVE6SPF-JbE8_LWYA9yYlkRusxz4I8QIAAAH_UgAAAAxoAQeZAvicnUqcY-hAgbuUv_F2dqPRArv2Mb052qqxkYaJa7CK2nNLvZNDL6dQe_fGgJrzfR-seorYYAi_FvC1eRzUPf-h5JIWLQsQOPt-3fSf7CFpyL228I4jDYh7q-kSFZ4K2Ko1Sdh9Mzc1jFAeD1e-RM-Q3LJQJAnNfcrEszNJLlo5z9kFsoENwRax7oxZYG2wZg7P5q8YFqS9MtOUlhHj55cJpuTCKkDMiJvwq4kPyYZpzkPzMq4KAVT9DJpi6293lcH9v4yNw1LLvMPIEhp4OWLeKHh7gQRfpsTKtIsf_VH4WHc_7XYTOenF5jHB0fr0516WtGTNZxYFYxO6Argiyw9Pzxq2NU3dkthjssrLdX5w1ed4Gq_0TEiGRNyfuhNoy8uV_yJOu83TJHaoyh6T-7ntZJnb1ej83_m_Z0bH9hdzsJYyFpm5KJ5zVXfXQpkXhWAT0d5KAtXFCXy6UH74xJ8i5c-OeA0bxy4AG7Y12cRFe7FOA1tlTgIyCcqfeiE0TRk5fTBMx1bCqv14JqBZuG663CNVjTznS7m_J_np63PM64Pcz3roIFkYCEzchuU8T3wd8qb27orVHW01NQPP529p4K77vN1LNFZkZwPLXy5yWWtXh-QxgllK5aZqCohm4u6YRQNnFtxPG1UEkFEZvN3BnpUutwi-J9NSvZvwWAYx82QiKsnwj5E0bwmH12LwgOdJe4pD2nxyybCIzV_LLRxY9jaDV1IvIsd_Q4zFlpyu_2uxuCRAmkvk_zVLFme3PPh-ICHxCAtlFj76wunLaXRApk-TcSC_P5sYLsCFf2uq9PtdrWVIXXOpGHYvbGFLDlp3n3X3QybXz2n51DFkEq6a-ruWpUH8mts89DipFrIK7HZlhP8S_6Dhat1SGceK1PbVqOOFvgNYAnIZMI-l2Gx0XD1ZPmekjb6i4X8fQkHe_97_ERpgm3ie8MV3TlqzfLC1zcN2fCi7eWpFH0OD04CmLfflwYv1bq6UibsBe8wc9_Lhk3PL6X7m

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 06 Apr 2022 11:11:49 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 45FF 0
20 B 95ms
94ms Image
image/gif 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=Bp_3IdHVNYpO2HZSNjuwP_M-YyA0AAAAAOAHgBAI&bg=!ExClEFTNAAZku-1yRLs7ACkAdvg8WsNCasyFCJ3z9zSWjjNQQWNlwQ5rI8wQ_IQ0P5-JFHWKjeAE7gIAAAGoUgAAAAJoAQcKAD7RaGuviGZz7ir10qf1N2nVNRSqmplXJcbdQcayLZY3uu0LSSrYSSvNqdgvgwZgNND-B_rKgxQhJAToVk8HzZkDDZlnLQKGwNtATylBrJqRUg3dY2hFTNB6usZShWuKso-M4zv1HMVek0AWGvf9hSm-CR4rWX7jhIuEfJDhs_tRfRdIry4Lo_8U_isTZTDevXG2xt7NXSm-Si295mzUPsd8pwMCE4oi7NvyxTU3QQpFFT183iPaOUzYzKQYgxCwbOyzHZwgl7p7xto-5mGn-wzJOiPlyf4midA12AeZ3O8c4gIx-1ANCaoWZhkRerdkmuQX4YjYpUuHosUVlNb9qRuwVVKE5FZrf_sXZ1DfJxjoiyBATLh93FH5y1cZCWM5_l7YxSg42y-aVpIhbUwT2RJbWXfqp3LEdIt1QFJBZnxeyeykF9d9aMN-1DXyAmNzHYVPvex3CuXwO7Pi4_IyKVoxWktZXlZTgcjnSsbTCVrNvTxKin6F7CRUQhbWL-xL5DXPUw3-2EgI0mil_nBGvgMGL_Zjz_0VEs86W55mHUt0ccx1fZI50hnymberlvm1zS0T39pyNxYzPSkf1rVWvb_HHqoDdBKSu3HQC5f4MMyYjzmZca1AoV1WQfMWP1tOdy0XMuvZSdNSr3kkh4TDwDxsWH47EcNYgvmfVs4QrpGf0cwdHegWhxE28CK3L65m8PQtWPe77kv6R9BlidDWAB4aiKqzPZE0ifp8vl_gWhvcrXXiWY2_wdcHqAfzGqkE9QVnaMAjbEPqZFblOfI1Ys8HdXClWCaIw-P5M55YeT9kh1E5c_XRxylEwCA8N24oFIUcG58wUUl-d8jMjqsk3fq-9ak3uVqcNqRzrHwWqYQK0iHKn-SB7WRaBTdT3mobFA2UEWBWFD_7Y2CHTgQPRFH_piPJRfQ7YqEXS7zjLzuqo0Ek-Aac-2Vzq6lOqYNpvVYxvwcsE2F4xLfuYwGArec69GjpRVrKJik4N8b-XESkrE1L20OcQUCyHydt6gEMDoSmZthOZzAyzyCpk5WchsL5sIhV3t0Of1BgI5zRZbyoEUfSUFUAZ1z2mMBtuFvp2TxTiBkfw6-3sdmTTtroCB0CLAcHjT3400RgWn4vXZI

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 06 Apr 2022 11:11:49 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 3D2E 42 B
64 B 93ms
92ms Fetch
image/gif 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsv5zu6dUrFz2L2TRXR_iReMzam9kNiSt0ESqKQX4qbyAOgzWpLbyLXcZEA3R_HXVnE-gC2JcNMnoQdVKj6E9yDXXzfbage6bsSCQ46i&sai=AMfl-YROh7kE-o7IN7QFERYTaXIh9rZl3NlI0FRjmMuNujwc57KOsWzSrtmEbfrOCE4e-Vs_TLarSYzL11iJKbN-Hl7BRw109iS6wq1sO9OSSkb0ddJBgNc0CtGkcUSM&sig=Cg0ArKJSzIHeKLp5omOJEAE&cid=CAASJeRozEUKXEYxTnJ1H5omgj8YdOkwImXo6cSLXy0XlN9SyhRLzjA&id=lidar2&mcvt=1087&p=939,1289,1189,1589&mtos=1087,1087,1087,1087,1087&tos=1087,0,0,0,0&v=20220404&bin=7&avms=nio&bs=0,0&mc=1&if=1&app=0&itpl=20&adk=882885121&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0%3D&vs=4&r=v&rst=1649243507556&rpt=941&isd=0&lsd=0&met=mue&wmsd=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://44b06eb17c5c54e89d8592603d21ef87.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 06 Apr 2022 11:11:50 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 0E1B 0
20 B 93ms
92ms Image
image/gif 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=225&t=2&li=gpt_2022040501&jk=680082383470449&bg=!cXKlcjbNAAZku-1yRLs7ACkAdvg8Wk09KQWsHNL-2Be8Y_FVWwTw3Oeko-klhvmEefbbonQYmqbg5AIAAAJ7UgAAAAFoAQcKAOlF5V0OYzJHP6YXnirik2ia-hKyeVSqJe0GuxqdnXqMHp7Ws9A9rHr0B9o6NlotFbIBmbTOTlmFPwfde3nseFwJvtK0tZg51Hus3eg8LWuTxidFalsVUtUdEgOSynWVGI4mevAS0BqiEaED-TnxRh83c-vFJsGyWnqCuszpXOC56ofe6GrP86dgtig59F5pfzvpp32OC0MYZjybXG04YPThSPfPAg7vV6uvRPXaURSjkQg5-Cl9YYiISKqcbTGvWupA2YVZ2KTm-2c1pDj2vwR5_u5DfH1JrtnLHJYjSdoAFv2LclSqhymfaZkCoG3Jzdi9nJZjUdP3QzlT6G6K2lpCiYiaIwtHAa1Ngyjy1liCu27JSYULuauxXsOiH3hO5fziZH2oLYS3sDPJHif3mZRiM5P0WTncMsaw6FwHnksG5st1hJUM4CDPETU8on043wPCNeN8ELio6bIKD0L0hnSw3yRj3Yk6LH-a5Ju0hjvQs24C58v_V5ADzaYk9GV53sEHSaCGFLCaM8X5_29Fv5FKi25MFk674UjQOKMaekdDKcZPmlJ2qp6d77iSWkvWpg1c_vgyNOszQEg1JDXUw5k9yBjF5lm-k1yKKsV2L5DNXvYEFKv4QTSSN8cnGaJU5o-TtF0M5XgBGAZIofkYQ-1Eu0DR7sLijWwC1HHycwA592xstq-beap5AU23eF3q-rMgAxJTprpzHU1uXKwxP6gwta8A9JlDiJ-to91vepfn2dGjX3sFfBtF-OvMh-EKDLCEM8cxyiyYHuM-EMgnfY3irbNVEuREMIfvYKfPEDJXwpnClOjuaU8k1d4jQrDYESEsEZnygAjsYb2JDAluyp2Q086iTVINtdN9q7ckWIx4t9GYrNkGdtUJLMhDQB46Kubq_aXnxwGhvtWdP2WkjSe-mzE5FXrJoh9-SVdRuZGB7efEUqrFLoMck6PdyFAgUPmxPThgyHNf0-ly-BcdhonOT0th10EINqPbqQjZtT1ThHtnXCCXRCUGIylGXgykTrdpnghf9wog5GMUBemelh9HTpWGo9rHpzXSxgC7FjGDrfeR0CS8_lqir9K6E3dNnjYeD1IzlehVTJhjh0eo6LbwF224F9UwPQl-AbsxMUgFRWlOYceoChn35XEhwlW8srv90tQrPdXWrgg8jIi_Ci4-h8km5QKWTZdiXE0B3DWQJAn4ThULDlQQ44JSHQ

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 06 Apr 2022 11:11:50 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 tracking-event Show response
api.webgains.io/ Frame 5886 16 B
232 B 87ms
86ms Fetch
application/json 54.76.212.160
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://api.webgains.io/tracking-event

Requested by

Host: analytics.webgains.io
URL: https://analytics.webgains.io/pvClk.min.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.76.212.160 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-54-76-212-160.eu-west-1.compute.amazonaws.com

Software

nginx / PHP/7.4.26

Resource Hash

c955e57777ec0d73639dca6748560d00aa5eb8e12f13ebb2ed9656add3908f97

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://dafc551e4e9c5169a7a13f3d713e9282.safeframe.googlesyndication.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36
Content-Type: application/json

Response headers

date: Wed, 06 Apr 2022 11:11:50 GMT
x-content-type-options: nosniff
server: nginx
x-powered-by: PHP/7.4.26
x-frame-options: SAMEORIGIN
content-type: application/json
access-control-allow-origin: *
cache-control: no-cache, private
x-xss-protection: 1; mode=block

OPTIONS
H2 204 tracking-event
api.webgains.io/ Frame 0
0 425ms
30ms Preflight 54.76.212.160
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://api.webgains.io/tracking-event
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.76.212.160 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-76-212-160.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://dafc551e4e9c5169a7a13f3d713e9282.safeframe.googlesyndication.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

access-control-allow-headers: Content-Type
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS
access-control-allow-origin: *
date: Wed, 06 Apr 2022 11:11:50 GMT
server: nginx

GET
H/1.1 200
OK viewability Show response
hal90005.redintelligence.net/ Frame 9C02 0
150 B 34ms
12ms Script
text/html 138.201.63.165
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal90005.redintelligence.net/viewability?s=52083000108516004444554011921005&a=24d266e4&vb=v
Requested by: Host: hal90005.redintelligence.net
URL: https://hal90005.redintelligence.net/request_content.php?s=52083000108516004444554011921005&a=13c98686
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.63.165 Reilingen, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.165.63.201.138.clients.your-server.de
Software: Apache /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hal90005.redintelligence.net/request_content.php?s=52083000108516004444554011921005&a=13c98686
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Date: Wed, 06 Apr 2022 11:11:50 GMT
Server: Apache
Connection: close
Content-Length: 0
Content-Type: text/html; charset=UTF-8

GET
H2 200 id5-api-2.js Show response
static2.creative-serving.com/ Frame 557F 33 KB
10 KB 327ms
26ms Script
application/javascript 151.139.128.11
STACKPATH-CDN

General

Check archive.org

Show headers Download Go to

Full URL: https://static2.creative-serving.com/id5-api-2.js
Requested by: Host: static2.creative-serving.com
URL: https://static2.creative-serving.com/pixel.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.139.128.11 , United States, ASN20446 (STACKPATH-CDN, US),
Reverse DNS
Software: UploadServer /
Resource Hash: b9f590b71a56c0601f7977e5fb4a4126964a8324cae426e43d454ee92978f8eb

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ec81b50761337029cbc265e61aaf7f67.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Wed, 06 Apr 2022 11:11:51 GMT
content-encoding: gzip
last-modified: Wed, 29 Sep 2021 19:23:14 GMT
server: UploadServer
age: 2740
etag: "43e554f8c9787fa63a85955c07ba1918"
x-hw: 1649243511.cds095.am5.hn,1649243511.cds283.am5.c
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=3600
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9982

POST
H/1.1 200 101.json Show response
id5-sync.com/g/v2/ Frame 557F 213 B
582 B 34ms
8ms XHR
application/json 51.195.5.232
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://id5-sync.com/g/v2/101.json

Requested by

Host: static2.creative-serving.com
URL: https://static2.creative-serving.com/id5-api-2.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

51.195.5.232 , France, ASN16276 (OVH, FR),

Reverse DNS

p15.id5-sync.com

Software

Resource Hash

fbfe86f8eb192dd05db7c79caac0c307f3aa8a0d6ca10b36aefc5c1f8a3b0b55

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

Referer: https://ec81b50761337029cbc265e61aaf7f67.safeframe.googlesyndication.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36
Content-Type: text/plain

Response headers

Access-Control-Allow-Origin: https://ec81b50761337029cbc265e61aaf7f67.safeframe.googlesyndication.com
Date: Wed, 06 Apr 2022 11:11:50 GMT
Access-Control-Allow-Credentials: true
Vary: Origin
Transfer-Encoding: chunked
Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
Content-Type: application/json;charset=UTF-8

GET
H/1.1

200
OK

pixel Show response
ads.creative-serving.com/ul_cb/ Frame 557F
Redirect Chain

https://ads.creative-serving.com/pixel?id=3156564&id5id=0&type=jsonp&cb=syncResponse
https://ads.creative-serving.com/ul_cb/pixel?id=3156564&id5id=0&type=jsonp&cb=syncResponse

801 B
1 KB

10ms
10ms

Script
text/javascript

3.122.214.5
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.creative-serving.com/ul_cb/pixel?id=3156564&id5id=0&type=jsonp&cb=syncResponse
Protocol: HTTP/1.1
Server: 3.122.214.5 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-122-214-5.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: cf6379edd6f2737120c697fbda46f2e52cc14b96943e222eb1bc1d3ad841cdf7

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ec81b50761337029cbc265e61aaf7f67.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Date: Wed, 06 Apr 2022 11:11:51 GMT
Cache-Control: no-cache, no-store, must-revalidate
Connection: keep-alive
Content-Length: 801
Content-Type: text/javascript

Redirect headers

Location: https://ads.creative-serving.com/ul_cb/pixel?id=3156564&id5id=0&type=jsonp&cb=syncResponse
Date: Wed, 06 Apr 2022 11:11:51 GMT
Cache-Control: no-cache, no-store, must-revalidate
Connection: keep-alive
Content-Length: 0

POST
H2 204 collect Show response
i.clarity.ms/ 0
48 B 199ms
198ms XHR
text/plain 52.167.85.21
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://i.clarity.ms/collect
Requested by: Host: i.clarity.ms
URL: https://i.clarity.ms/s/0.6.34/clarity.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 52.167.85.21 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: application/x-clarity-gzip
Referer: https://nets4.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

access-control-allow-origin: https://nets4.com
date: Wed, 06 Apr 2022 11:11:51 GMT
access-control-allow-credentials: true
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET
request-context: appId=cid-v1:593e4080-f032-4d00-a652-e17f01252a9d

GET
H/1.1

200
OK

google_sync_status
x.bidswitch.net/ Frame 557F
Redirect Chain

https://x.bidswitch.net/sync?dsp_id=4&user_id=1a9273fe-1d6b-4765-b064-0b82d284b098&ssp=&expires=5&user_group=4&cb=696
https://x.bidswitch.net/ul_cb/sync?dsp_id=4&user_id=1a9273fe-1d6b-4765-b064-0b82d284b098&ssp=&expires=5&user_group=4&cb=696
https://cm.g.doubleclick.net/pixel?google_nid=bdsw&google_cm=1&google_hm=_68aJq-5TDCLSZu9g5rVdA==
https://x.bidswitch.net/google_sync_status?ssp_name=google&google_gid=CAESEOboLpV8auVFcq0PMUsrTW0&google_cver=1

43 B
220 B

9ms
9ms

Image
image/gif

3.122.93.90
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://x.bidswitch.net/google_sync_status?ssp_name=google&google_gid=CAESEOboLpV8auVFcq0PMUsrTW0&google_cver=1
Protocol: HTTP/1.1
Server: 3.122.93.90 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-122-93-90.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ec81b50761337029cbc265e61aaf7f67.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Date: Wed, 06 Apr 2022 11:11:51 GMT
Cache-Control: no-cache, no-store, must-revalidate
Connection: keep-alive
Content-Length: 43
Content-Type: image/gif

Redirect headers

pragma: no-cache
date: Wed, 06 Apr 2022 11:11:51 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://x.bidswitch.net/google_sync_status?ssp_name=google&google_gid=CAESEOboLpV8auVFcq0PMUsrTW0&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 316
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

google_sync_status
x.bidswitch.net/ Frame 557F
Redirect Chain

https://x.bidswitch.net/sync?dsp_id=4&user_id=1a9273fe-1d6b-4765-b064-0b82d284b098&ssp=&expires=5&user_group=4&cb=172
https://x.bidswitch.net/ul_cb/sync?dsp_id=4&user_id=1a9273fe-1d6b-4765-b064-0b82d284b098&ssp=&expires=5&user_group=4&cb=172
https://cm.g.doubleclick.net/pixel?google_nid=bdsw&google_cm=1&google_hm=_68aJq-5TDCLSZu9g5rVdA==
https://x.bidswitch.net/google_sync_status?ssp_name=google&google_gid=CAESEOboLpV8auVFcq0PMUsrTW0&google_cver=1

43 B
220 B

9ms
9ms

Image
image/gif

3.122.93.90
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://x.bidswitch.net/google_sync_status?ssp_name=google&google_gid=CAESEOboLpV8auVFcq0PMUsrTW0&google_cver=1
Protocol: HTTP/1.1
Server: 3.122.93.90 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-122-93-90.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ec81b50761337029cbc265e61aaf7f67.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Date: Wed, 06 Apr 2022 11:11:51 GMT
Cache-Control: no-cache, no-store, must-revalidate
Connection: keep-alive
Content-Length: 43
Content-Type: image/gif

Redirect headers

pragma: no-cache
date: Wed, 06 Apr 2022 11:11:51 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://x.bidswitch.net/google_sync_status?ssp_name=google&google_gid=CAESEOboLpV8auVFcq0PMUsrTW0&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 316
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

usersync
rtb.gumgum.com/ Frame 557F
Redirect Chain

https://x.bidswitch.net/sync?dsp_id=4&user_id=1a9273fe-1d6b-4765-b064-0b82d284b098&ssp=&expires=5&user_group=4&cb=75
https://x.bidswitch.net/ul_cb/sync?dsp_id=4&user_id=1a9273fe-1d6b-4765-b064-0b82d284b098&ssp=&expires=5&user_group=4&cb=75
https://rtb.gumgum.com/usersync?b=bsw&i=fbdf528b-ce79-4879-af70-59f92a092804

35 B
209 B

100ms
30ms

Image
image/gif

18.200.96.173
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb.gumgum.com/usersync?b=bsw&i=fbdf528b-ce79-4879-af70-59f92a092804
Protocol: H2
Server: 18.200.96.173 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-200-96-173.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ec81b50761337029cbc265e61aaf7f67.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 06 Apr 2022 11:11:51 GMT
server: nginx
content-type: image/gif;charset=UTF-8
cache-control: private, no-store, must-revalidate, max-age=0
timing-allow-origin: *
content-length: 35
expires: 0

Redirect headers

Location: //rtb.gumgum.com/usersync?b=bsw&i=fbdf528b-ce79-4879-af70-59f92a092804
Date: Wed, 06 Apr 2022 11:11:51 GMT
Cache-Control: no-cache, no-store, must-revalidate
Connection: keep-alive
Content-Length: 0

GET
H/1.1 200 1.gif
id5-sync.com/s/101/1a9273fe-1d6b-4765-b064-0b82d284b098/ Frame 557F 43 B
1009 B 9ms
8ms Image
image/gif 51.195.5.232
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://id5-sync.com/s/101/1a9273fe-1d6b-4765-b064-0b82d284b098/1.gif

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

51.195.5.232 , France, ASN16276 (OVH, FR),

Reverse DNS

p15.id5-sync.com

Software

Resource Hash

a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ec81b50761337029cbc265e61aaf7f67.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Date: Wed, 06 Apr 2022 11:11:50 GMT
Transfer-Encoding: chunked
Content-Type: image/gif;charset=UTF-8
Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
P3P: CP="CAO PSA OUR"

GET
H/1.1

200
OK

demconf.jpg
dpm.demdex.net/ Frame 557F
Redirect Chain

https://dpm.demdex.net/ibs:dpid=393426&dpuuid=1a9273fe-1d6b-4765-b064-0b82d284b098
https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=393426&dpuuid=1a9273fe-1d6b-4765-b064-0b82d284b098

42 B
943 B

30ms
30ms

Image
image/gif

52.16.70.86
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=393426&dpuuid=1a9273fe-1d6b-4765-b064-0b82d284b098

Protocol

HTTP/1.1

Server

52.16.70.86 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-16-70-86.eu-west-1.compute.amazonaws.com

Software

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ec81b50761337029cbc265e61aaf7f67.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

DCS: dcs-prod-irl1-2-v030-0065f0200.edge-irl1.demdex.com UNKNOWN
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
content-encoding: gzip
X-Content-Type-Options: nosniff
X-TID: 3ZivuhNkRV4=
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Type: image/gif
Content-Length: 59
Expires: Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

DCS: dcs-prod-irl1-2-v030-0ef62c210.edge-irl1.demdex.com UNKNOWN
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-TID: soysDLU/SqQ=
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Location: https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=393426&dpuuid=1a9273fe-1d6b-4765-b064-0b82d284b098
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Length: 0
Expires: Thu, 01 Jan 1970 00:00:00 UTC

GET
H2 200 p161
match.justpremium.com/match/ Frame 557F 43 B
325 B 33ms
7ms Image
image/gif 18.158.99.238
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.justpremium.com/match/p161?ex_uid=1a9273fe-1d6b-4765-b064-0b82d284b098
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.158.99.238 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-158-99-238.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: aa03dc59bdca72631d2301e4297cfa030bd31b907dc138e7b973d12311c90a22

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ec81b50761337029cbc265e61aaf7f67.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Wed, 06 Apr 2022 11:11:51 GMT
content-length: 43
content-type: image/gif

GET
H/1.1

200
OK

gcm
ads.creative-serving.com/ Frame 557F
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=platform161_direct_new&google_cm&google_sc
https://ads.creative-serving.com/gcm?google_gid=CAESEKzpXG3FAHFBthtkrmZQZ_U&google_cver=1

43 B
220 B

23ms
23ms

Image
image/gif

3.122.214.5
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ads.creative-serving.com/gcm?google_gid=CAESEKzpXG3FAHFBthtkrmZQZ_U&google_cver=1
Protocol: HTTP/1.1
Server: 3.122.214.5 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-122-214-5.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ec81b50761337029cbc265e61aaf7f67.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Date: Wed, 06 Apr 2022 11:11:51 GMT
Cache-Control: no-cache, no-store, must-revalidate
Connection: keep-alive
Content-Length: 43
Content-Type: image/gif

Redirect headers

pragma: no-cache
date: Wed, 06 Apr 2022 11:11:51 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://ads.creative-serving.com/gcm?google_gid=CAESEKzpXG3FAHFBthtkrmZQZ_U&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 290
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Verdicts & Comments Add Verdict or Comment

69 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

63 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.nets4.com/	1970-01-20 19:38:35	Name: _ga Value: GA1.2.1196927865.1649243505
.nets4.com/	1970-01-20 02:08:49	Name: _gid Value: GA1.2.1661632077.1649243505
.nets4.com/	1970-01-20 02:07:23	Name: _gat Value: 1
www.clarity.ms/	1970-01-20 10:52:59	Name: CLID Value: 8ca6594da96244a0ac5a7bf6abbb759b.20220406.20230406
.nets4.com/	1970-01-20 10:52:59	Name: _clck Value: naka4p\|1\|f0e\|0
.nets4.com/	1970-01-20 02:08:49	Name: _clsk Value: 1xb7lik\|1649243505892\|1\|1\|i.clarity.ms/collect
.c.bing.com/	1970-01-20 11:28:59	Name: SRM_B Value: 3E5B7A5264856DC928A76B2C65EE6C5B
.c.clarity.ms/	1969-12-31 23:59:59	Name: SM Value: C
.clarity.ms/	1970-01-20 11:28:59	Name: MUID Value: 3E5B7A5264856DC928A76B2C65EE6C5B
.c.clarity.ms/	1970-01-20 02:07:24	Name: ANONCHK Value: 0
.mgid.com/	1970-01-20 02:07:25	Name: __cf_bm Value: MhzY3yErifjQGwItCo8vlBUiNXg4RxaHRsHpDx3vBoo-1649243507-0-AdVtKFgmioR7/S3Cv45CJfpsW0aHBJJAmaBXZ1y7n8dOLXzlVb/rJBwPt8R5QJa/Qyeqd5sTt0sPmK8fktqh/tw=
.nets4.com/	1970-01-20 02:07:25	Name: __cf_bm Value: w6rLUDRrzOPcaI6T5QkxB8gCm7bknnKt9Ub80FnUOjA-1649243507-0-AQ3T0PSZHSgOSzEKM4y2w83Ft1Y+GDA+c+hr1eQSyD1lMTZU0fc9b2XKfYRA3LdHr3T2cAjbxKXjZgw2PrRaivSg8l4LN5tEAEBw/eYPULL8lqkUSINp4CVyXoGAJG00+g==
.adfarm1.adition.com/	1970-01-20 04:16:59	Name: UserID1 Value: 7083446930002019557
.doubleclick.net/	1970-01-20 11:28:59	Name: IDE Value: AHWqTUmyKfi5N8ro9FDnxubouDZiTA47-pc0xgnYf4IcEOoWP4PyFLKBseWZePNK7Y0
.nets4.com/	1970-01-20 11:28:59	Name: __gads Value: ID=dd1aa7d4dde8054e:T=1649243507:S=ALNI_MbVbMm9uPPNPp-B7_1dmzL5dT38vg
.adnxs.com/	1970-01-20 04:16:59	Name: uuid2 Value: 8873591388737113258
.casalemedia.com/	1970-01-20 04:16:59	Name: CMPS Value: 3267
.casalemedia.com/	1970-01-20 10:52:59	Name: CMID Value: Yk11dEdjGAxHR9TcUSJamQAA
.doubleclick.net/	1970-01-20 02:07:27	Name: DSID Value: NO_DATA
.adnxs.com/	1970-01-20 04:16:59	Name: anj Value: dTM7k!M41.D>6NRF']wIg2In3qObe^!]tbPl1M>e)ZlrFUfJ+tGXxo7`auFSKh#yREX853_J@N4:_)zUc?0*>B>9`M3If)y3KL9D3I?+x)KrsT
.casalemedia.com/	1970-01-20 04:16:59	Name: CMPRO Value: 1115
.casalemedia.com/	1970-01-20 02:08:49	Name: CMST Value: Yk11dGJNdXQA
.redintelligence.net/	1970-01-20 04:16:59	Name: 8lcfmzhxc8d6_uid Value: b487100062642be0
.casalemedia.com/	1970-01-20 10:52:59	Name: CMRUM3 Value: 2d624d75742760CAESEF6PErmG0PFNJk8lbREOAzE
.ad-srv.net/	1970-01-20 04:16:59	Name: pwzdy6wsn8n7_uid Value: 3115a5ce2a2aff0c
.retailads.net/	1970-01-20 02:50:35	Name: ppb2172 Value: 1311527129
pb.media01.eu/	1969-12-31 23:59:59	Name: ASP.NET_SessionId Value: ycxsmisuh4lgv3sid0q5wvek
pb.media01.eu/	1970-01-20 19:40:01	Name: DTU Value: 18E93AD2B298ACC42113CA0C3896C3A4
.awin1.com/	1970-01-20 02:10:16	Name: awpv18332 Value: 296283\|1649243509\|5a9e2f31-b59a-11ec-ba92-2231672bdcd1
.awin1.com/	1970-01-20 02:10:16	Name: awpv11830 Value: 296283\|1649243509\|5a9e0821-b59a-11ec-956f-22655f6734d7
www.media01.eu/	1970-01-20 19:40:01	Name: DTU Value: ACBE6E4BC072A8B77C1351C6A1B725BF
.zenaps.com/	1969-12-31 23:59:59	Name: AWSESS Value: 377134:2470208
.futalis.de/	1970-01-20 03:33:47	Name: raSIDb Value: 1311527129
www.conrad.de/	1970-01-20 02:14:35	Name: HTLP_timestamp Value: 1649243509
www.conrad.de/	1970-01-20 02:14:35	Name: CEAffHA Value: YD
.www.conrad.de/	1970-01-20 02:07:25	Name: __cf_bm Value: kZVnv.vKVap3_ISTesdQvUoegZl6nQIBmej8LN78Ghk-1649243509-0-AahfR4J3e1Apnhvx0lCrKJK1qjg3SLGcZDmP4dyvcI7pjHE/RIr7E1gPJSzMe15gDd0idMQc7XKJmmnQyrsTwZM=
.w55c.net/	1970-01-20 11:36:11	Name: wfivefivec Value: VP3eG70m1NC3zL5
.awin1.com/	1970-01-20 02:11:42	Name: awpv11354 Value: 473322\|1649243509\|5ada74e1-b59a-11ec-956f-22655f6734d7
.lijit.com/	1970-01-20 10:52:59	Name: ljt_reader Value: aa98a56f6619d14a33e48a08
.awin1.com/	1970-01-20 02:11:42	Name: awpv20646 Value: 473322\|1649243509\|5adebaa2-b59a-11ec-956f-22655f6734d7
.awin1.com/	1969-12-31 23:59:59	Name: AWSESS Value: 409071:2840015
.yahoo.com/	1970-01-20 10:53:21	Name: A3 Value: d=AQABBHV1TWICEHdhOGnY2PRFnA8EZHczY9gFEgEBAQHGTmJXYgAAAAAA_eMAAA&S=AQAAAsnVDa5-9aWJ-yTzXSETx2M
.w55c.net/	1970-01-20 02:50:35	Name: matchgoogle Value: 5
.everesttech.net/	1970-01-20 10:52:59	Name: everest_g_v2 Value: g_surferid~Yk11dQAGZSD8cwA-
.zenaps.com/	1970-01-20 02:11:42	Name: awpv11354 Value: 473322\|1649243509\|5ada74e1-b59a-11ec-956f-22655f6734d7
.adsrvr.org/	1970-01-20 10:52:59	Name: TDID Value: 0823586d-e283-4f0e-9591-f9f866ac9e07
.tribalfusion.com/	1970-01-20 04:16:59	Name: ANON_ID Value: aEnseFRZdySaAIUMnYFhwAMbb3lra7CYYi91TjrTpVeoKbZbydrEDtoxwMA0Mij6VC6bQii1U0ZdLTDJKZcUUZc5Zd
.creative-serving.com/	1970-01-20 11:28:59	Name: tuuid Value: 1a9273fe-1d6b-4765-b064-0b82d284b098
.creative-serving.com/	1970-01-20 11:28:59	Name: c Value: 1649243511
.creative-serving.com/	1970-01-20 11:28:59	Name: tuuid_lu Value: 1649243511
.id5-sync.com/	1970-01-20 02:07:23	Name: cf Value:
.id5-sync.com/	1970-01-20 02:07:23	Name: cip Value:
.id5-sync.com/	1970-01-20 02:07:23	Name: cnac Value:
.id5-sync.com/	1970-01-20 02:07:23	Name: car Value:
.id5-sync.com/	1970-01-20 02:07:23	Name: gdpr Value:
.id5-sync.com/	1970-01-20 02:07:23	Name: callback Value:
.justpremium.com/	1970-01-20 02:52:01	Name: jpxumaster Value: um-f2d8b9f2-b436-4cbb-93b9-0f6ebfe7dc24-1649243511
.justpremium.com/	1970-01-20 02:07:34	Name: jpxumatched Value: p161
.bidswitch.net/	1970-01-20 10:52:59	Name: c Value: 1649243511
.bidswitch.net/	1970-01-20 10:52:59	Name: tuuid_lu Value: 1649243511
.bidswitch.net/	1970-01-20 10:52:59	Name: tuuid Value: fbdf528b-ce79-4879-af70-59f92a092804
.demdex.net/	1970-01-20 06:26:35	Name: demdex Value: 69963995434734227280226160464210016653
.dpm.demdex.net/	1970-01-20 06:26:35	Name: dpm Value: 69963995434734227280226160464210016653

9 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
javascript	warning	URL: https://nets4.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://cdnjs.cloudflare.com/ajax/libs/jquery/3.6.0/jquery.min.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript	warning	URL: https://nets4.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://cdnjs.cloudflare.com/ajax/libs/jquery/3.6.0/jquery.min.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript	warning	URL: https://nets4.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://cdnjs.cloudflare.com/ajax/libs/popper.js/2.10.0/umd/popper.min.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript	warning	URL: https://nets4.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://cdnjs.cloudflare.com/ajax/libs/popper.js/2.10.0/umd/popper.min.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript	warning	URL: https://nets4.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://cdnjs.cloudflare.com/ajax/libs/bootstrap/4.5.3/js/bootstrap.min.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript	warning	URL: https://nets4.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://cdnjs.cloudflare.com/ajax/libs/bootstrap/4.5.3/js/bootstrap.min.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript	warning	URL: https://nets4.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://cdn.purpleads.io/load.js?publisherId=344ad2e45bc351c4ada152793585a015:8aed5d81ec539e8e6c45776fc6ee38d0aa92f5aeb356bf9114996f6476591916247996f56f76a9fe14770cd4806b54edb29d6938615ba1769d3b435fb1fcd83b, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript	warning	URL: https://nets4.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://cdn.purpleads.io/load.js?publisherId=344ad2e45bc351c4ada152793585a015:8aed5d81ec539e8e6c45776fc6ee38d0aa92f5aeb356bf9114996f6476591916247996f56f76a9fe14770cd4806b54edb29d6938615ba1769d3b435fb1fcd83b, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
other	warning	URL: https://cdn.ampproject.org/rtv/012203150226000/v0/amp-ad-exit-0.1.mjs(Line 1) Message: Unrecognized feature: 'attribution-reporting'.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

44b06eb17c5c54e89d8592603d21ef87.safeframe.googlesyndication.com
4e1be5275b477400f210f1089b7df493.safeframe.googlesyndication.com
a.tile.openstreetmap.org
a.tribalfusion.com
ac6c1c7be8da81617cd43340af360d9f.safeframe.googlesyndication.com
ad-server.eu
ad.ad-srv.net
ad13.adfarm1.adition.com
ad3.ad-srv.net
ads.creative-serving.com
adservice.google.com
adservice.google.de
analytics.webgains.io
ap.lijit.com
api.purpleads.io
api.webgains.io
asset.conrad.com
b.tile.openstreetmap.org
c.bing.com
c.clarity.ms
c.mgid.com
c.tile.openstreetmap.org
cdn.ad-sun.de
cdn.ampproject.org
cdn.contentspread.net
cdn.purpleads.io
cdn.retailads.net
cdnjs.cloudflare.com
cloudflareinsights.com
cm.g.doubleclick.net
dafc551e4e9c5169a7a13f3d713e9282.safeframe.googlesyndication.com
dclk-match.dotomi.com
dpm.demdex.net
dsum-sec.casalemedia.com
ec81b50761337029cbc265e61aaf7f67.safeframe.googlesyndication.com
fonts.googleapis.com
fonts.gstatic.com
futalis.de
googleads.g.doubleclick.net
hal9000.redintelligence.net
hal90002.redintelligence.net
hal900030.redintelligence.net
hal90005.redintelligence.net
i.clarity.ms
ib.adnxs.com
id5-sync.com
imagesrv.adition.com
img.nets4.com
insight.adsrvr.org
js.adsrvr.org
match.adsrvr.org
match.justpremium.com
medialead.de
nets4.com
pagead2.googlesyndication.com
pb.media01.eu
pm.w55c.net
pr-bh.ybp.yahoo.com
pv.medialead.de
rtb.gumgum.com
s-img.mgid.com
s.tribalfusion.com
s0.nets4.com
securepubads.g.doubleclick.net
static.addtoany.com
static.cloudflareinsights.com
static2.creative-serving.com
sync-tm.everesttech.net
tpc.googlesyndication.com
track.webgains.com
www.awin1.com
www.clarity.ms
www.conrad.de
www.google-analytics.com
www.google.com
www.googletagservices.com
www.gstatic.com
www.media01.eu
www.zenaps.com
x.bidswitch.net
104.102.29.65
104.19.135.78
104.92.94.3
136.243.149.243
138.201.63.117
138.201.63.165
142.250.186.66
145.239.193.130
15.197.193.217
151.101.194.49
151.139.128.11
164.132.182.207
172.217.23.98
178.63.52.121
178.79.242.245
18.158.99.238
18.200.96.173
18.66.97.9
216.52.2.48
217.79.188.54
217.79.188.59
23.23.7.90
2606:4700:10::ac43:2794
2606:4700:440e::6812:2fe6
2606:4700::6811:190e
2606:4700::6812:7f05
2606:4700::6812:c05
2620:1ec:27::cafe:1799
2620:1ec:c11::200
2a00:1450:4001:800::2004
2a00:1450:4001:803::2002
2a00:1450:4001:808::2002
2a00:1450:4001:80e::200e
2a00:1450:4001:80f::2002
2a00:1450:4001:80f::200a
2a00:1450:4001:813::2003
2a00:1450:4001:827::2002
2a00:1450:4001:829::2001
2a00:1450:4001:829::2002
2a00:1450:4001:82a::2001
2a00:1450:4001:82f::2001
2a00:1450:4001:831::2003
2a01:4f8:d0a:2321::2
2a02:fa8:8806:12::1400
2a04:4e42:400::649
2a05:d018:d29:3602:7d0f:60be:20fc:1243
2a06:98c1:3121::7
3.122.214.5
3.122.93.90
3.123.52.20
37.252.172.38
46.236.13.147
46.4.10.47
49.12.16.151
51.195.5.232
52.142.114.2
52.16.70.86
52.167.85.21
54.76.176.197
54.76.212.160
65.9.65.116
85.10.231.200
88.198.250.30
88.99.65.215
94.130.102.164
94.23.99.218
99.86.4.120
010d6946daf622f2715f704530d9ca81d8b20c61f4355b34a1221e5667033c71
02314cb7a74a60fc1c6b4aab803e9c1ae4201102ed4004b441b0f2fae21def03
0b2c9b60c8382e0008dff754724cdaf620d7b7cc18908b6de3f9d69eaceb3f19
0b43999f77e447254a78e068f55a6cc9075071b252277337b901e095e607e474
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0c097a6ea3574402b7bf7402d93496f158783a822d18351b3fee7a7a80434741
0d6c3894b0d09a611896147410168fee78895e65f445fefb7a109d8056ea676f
10ffd3ea4639f3a477eafbba53bf08c9aa464623a5414f7ec6845090eb1a898f
127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b
1475e0a2e33aae77763234c10544414357996b7223e2e8869d219fbeff78f700
159112235a160206d91fdd8b857233a34d2ca01d372e7806949a97757ea22bf1
15d3b380a77e55aa1712ee4e6aeebe960a9cc82e1dd17a247091ada7f4f93e5a
16cef97823982975a9034a00b686571421daff884d1c1e14b1b6ed52c58c7829
17a97981604a1fe56f8804e77655010e70cbfbbac2c66e03a303e876dfd72640
19d07ce311c19a2138905ffa3efdee1e3c52141bf05942af482e8a6f5abbc671
1be3f8db7331dbe20847830fe8f0cd134175676ccd9d3db4ae6a00e21b7fb541
1e85ec81b9800b4c443d39caca0d0926089a3ac201120db1ceb45b93789480b8
213738a8de7a1e55874dcbc92825c84599256579b64f60f19c2514e61844e6bb
21af66f64bb18b1159ee363a933d5630e27419c83915d4d5ef42d8154f3921da
2255ec4c3254a41b448889224b2cc5c32f8d6f8a6165d3c58aa6523f86c0957c
230f27646f2460a7e13106d06ec50cb822acf254ae08fba4058aa06ca57b9dab
23cc8f32949c8b6960b1a4ca216ccaff2db4b769f6565bef2ee1fa954e072029
25d5638550542896d4a56603dac8d08f4a7ee19ce3341bbe20cbf0d5ca5ed296
264f5c640339f042dd729062cfc04c17f8ea0f29882b538e3848ed8f10edb4da
2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df
26c7426e89318f3467f80ab4d4b765569689298ac9f1f4ffa7e1420db10acff4
2849d8d2183da5372df2c04733260f2aa258e634e02d6a9f76c27feb0612eb89
28a4e7f6ae4805000c80fa6f1c395a8c82a56fbf9366ec1dfc1a296ba872723b
2b3152a59a1a3eef47ef93f33e672b3638284172ebca34d0f4d9bf27732d9779
2cce1d283eed5be0c7edc3c6ab83906a07d984b9d79a606e455ef67040cd0f24
2cd44768f593bf50da4fef0e9b6871187ae76f0f0259b3e103b9d5ea1fb99459
2d33a89869cac41936e1e97087b4e5539b1c9990f77b91d24f90d108034a7db1
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363
2eb2a641ec9143273f4f5ba4f1526364fd4b1a040b628b4be54b77dbe362690f
2ec71a02540d62fac8eb6b80ed4989d4f84e19eecd7009ff4d951da38f56380a
2fc1b2d9aba57e8f207c9272af85d95eacbaa7ed664abb4fdcfe3c9fda7c1f66
320745faf87da68643f10c633f265988291fce9163c7bf448f9bd9f88bfade27
3399f219e42f1f3fb9db276a5d29a4bb4de8b6d56d12e2f361d991a7eecaba5e
36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1
3616a3c591db6aa0640850fa19e1c61db2b7e8775619183d299cf0ed2a236d26
3821cd40937dee0e9f12ff6b38e9ba10cf6e6b20cca9253a4fe9a92cdf6c5271
3900c8b5b423944473f2b5735300291c473881985b2e64318b01fd3d7eefcbd2
39dc66b98bdee657b756c168f9b4b3fd3a775d0ef05ec49640c9340402d1da52
3a663467e111fd2237a1bc5255e8d702b099f29cb553ecab24efe98cbf898b5d
3d1ac181488f95d8e42cdf1c11b4dd3f41aa099de812b634f297832b5b8361d6
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
4f05b5ed2b178f7c38f1a3f0af73f71316ce04680485eaf0a67e9c4ba887e34c
4fef239ebd936e96f316dee1aca599952e7adaaba26fab72b45328871855ac4b
5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f
51540e98209e949f0a7f01c1332f6bf5dfe526adeaabe2705f42184d721f90b1
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
574c3a5cca85f4114085b6841596d62f00d7c892c7b03f28cbfa301deb1dc437
574e92357a18e7ed3289bf990a58c75bbba557dce33dd8f593871aa481971432
582e283baa4cce4006055beb2eb8fe257c1ec5ef573a40f173b880636089e8cd
587259314084a04755f0dfb2d0f0e9f07bdf03a575352e366e308d2e19cfc70a
58ba9c6598fbc4c586ef022e1b134976c4018a6c8f8df53bee54b03701c072f5
5cab1a7dec602bb81ebd24664ecd0b0d3e2ca0940ba5324b7a191dfc079610ad
5d8e1362d3d67ed6e74c3104f3ab8609d179081387ea36e71940914a86350f7c
5de9370fd2e10b4780e3c82d6aa229929a10c475cd2b043410545aafd5646706
5fefbf977a8d40467ac761025f18a0f2f39b28482b3d13d4a238ea3922896168
619a04c246a9a1865e88e72522bd253ddf9eb3bf1db374b38abf693558cac6a1
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
66ca2e6c6e4f351cd7e9baeb1dd93b52edee2bdd3978a9aca32cb6066affd4e4
68026f99511fbc5c2275b7068b5fac19797d638977ffb9db12c5c1523614c18f
691d4bd7b9b31f9ab1b1837e7d956e0e3041ef63c1ee0edee8ca6208a4234efd
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
6aedd28f95f9a2694ebb36535b969f1b4fa6bd75ed11833a223db42e43a0e99e
6b71d2bd27010cbb01e505314423d9c903230bf4182019eb1ca8016bd2b624a0
704f6f54ae77cd5ea0a0bf47ebb70727a9bd76a311d7e54788ad3dc79b366739
709fc1959c63d58f5af7c400ddfef5d6363a2d3e0ee14c74f72fae5c2d972f04
70e0a3b2c82384039a2e4b31c305c9ef1f72a59b585acad421c54a6101a25237
722c5b95144aaf980dafacd36b1df0a3a0cff78962e8eee8f56e40c423f00b6f
7372305c63c2357434e6fd3acee61d5e7970ccb635c5b57d2d43ed31b51b5d6f
76b8cf8962bf0f785a1f593b2f052306324200c82512c5f73db5f8f72fe1eb75
7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b
823068b6b6a39cad32cf89edbec0d116531302e077b701ef7837ae95d6873d64
8317c7c6e472750c43071ebc9b3eb21bae4da754165b559d49e315d29e03e83f
85ed1de661855ab0d4c63f6f66c6c14397e178abff7a4edd412fc5a7e7954f46
86da3c1df1dce7393141008d26503c0e4980928c7274786fafeb84aa2d3fecec
89507290fc857e541bb690c370096afce43424a5a9aca6c5c4c8be26d1232970
8b42e75eb170c035b1fc5f574613270ed7392a3b182ff7f5641bfde9dc5b19ba
8c553687a3a7325fe5225887b98af00b0ba87c43440e7f8f4116c277fb947e04
8d426dcde2b7e01ae4013742cf7b8f121955a66395dd67486cef84515638e149
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0
8f52ae059ebd18fcb45ca5d2f81ab410ade2b54e096aa1284fd4b2b97bf3ddc9
918b7dc3e2e2d015c16ce08b57bcb64d2253bafc1707658f361e72865498e537
93ae7d494fad0fb30cbf3ae746a39c4bc7a0f8bbf87fbb587a3f3c01f3c5ce20
95eb03cf748bad245df727b0ec74224d07d7b36b269038f536f785e52b32cace
9681c0a0a13d8581f202bfaf62e53563ea6d0d6bd8e542b35b6d7c09b0e7b41b
97efeda8567c33ed3cd7eb616868f1282f50e8ca9ec1ebe3ab632b0913dbdc26
991419a113507f628076c6679cea27fea956db83881e7b6ca14dfe862d42aeef
99464ceb71bc9bbdcc72275faefe44f98eb5cbb6b5d8ee665b87b35376f1a96e
998f0a3b5a365a28695d56d2ee7a1a0f40e7cf1e9c06236db8ad2e21fd7d280b
99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12
9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062
9bbde4e879f5cc6d8e98b1e5605898a933825190f867b66285b084bc3ee785e9
9dab06d9f1987d30d8d5230a73971b385c848970485c0cff1df6719e17702a25
9e2e30ded3c8549254bfd12159af29a967b4c91052c3b5c937ee5edde60451f2
9e819565527d55773af7f985b8ed95f40e6b456cd7a81f777cbe0a335cb07632
9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120
a048e640908046be06e00eab37742b5d5ff80964af58cfd22f7cb2de4dfe375f
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7
a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a58d46d853c21c8e11eb057aba26dbeeb32041b51a61d4e2c3adc86c09c08704
a59c05d1a0531610285fb30680c6ff8cb80b987cfd7f118a84e44ca4dd942f55
a67d07f733785876b3192826e76f537e2b9dc0be172ce52c773d30d65f712a07
a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb
a7d4139a86f5c5467ae6cb400f0ae7b95995f6ed3da681d17ce1cf8fdc6a0ca1
a8128a12543e5c8871a4c26ed1aec5db7c0621f30fea1d478d179c501f42daf1
a83ecbc0d9026bab9558734a5038c8b10e4cfe56bab870bf954c01946f92396f
aa03dc59bdca72631d2301e4297cfa030bd31b907dc138e7b973d12311c90a22
ae4c57197a5538c53b7c786a64230a119cb8965f74b6ffdb812e8817849f28d3
aec5ee5147fdc283bcb601dc6231c234d9bec077d32756aef2a75eeedf78038f
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b6c1dcfde57de4ef2ac2a4e85d4e539f7bba953e52028adefd895d75dde3e6a7
b73a823af70329e090c0146df47a4f4f29c81e784f514b29d1f156607865a626
b79a19ec1a1788fc55c0c46f51480e21ebef1cb08abcd89d995ae88c0aee67b9
b9385f6255100579484319d100f6d0facda9efd0a55bea1907679f6ae85b4376
b94ed570e00f5bba0eaed65da67bf6f2fc5e107446a682eb045f20dbd12ab0e8
b9f590b71a56c0601f7977e5fb4a4126964a8324cae426e43d454ee92978f8eb
bbbd0d76b4eb1b3faa278c9737e75817c677a64e1651881d2f1686e26fe27279
bc9a16cd945457ad9463cdaed95129b01c589466978dfee3d019d9c604b2171a
bcdaa58a8306d15e775bd8747043e1bda485ecae39c4cf4907e896e2aba034ed
bf277296ac170c43eedc859c5dde730acc1b42eeb25409b81b28871193a75a5c
bf4130221b52940cd13bbac1be2e2fc863aa4f16626be404724f0598c3c50681
c124c88ca4fcb4336e97617647ef0d32441329371120c8eabaea0fea226560b0
c195a2b46a2566d4f7c6bb1baf2e94ff9414e6bf5bdd5d19842c1c5aaa619f9d
c237b6558cae79ac9abac3f4f7a2bf9eb345254442eda28521a0d01f74ece616
c2a9dee7037bc0b8a27838018d37bfce2d5340dce3c33bcb7e3ef65092abc7ad
c44a09809b3901002a01f05c93c8b68a46bf01d128ce15c90b47a5ffd95780a9
c45a84e5e0ff6ed83afd426788be38a5cbc442dc6cce4631bfd5c22fdd1fc8df
c4c936e763c459b86bcaf792f34793f14f68b0d2d159bf5948d4fc0fff64604c
c5e29a638775df9e7257ce07f1dc1c1c0d50d9ced6082956c7b4976e80316788
c837347a297c1a35852aa375392cc74950a2b868214e8b1909c4637b8b63ee24
c955e57777ec0d73639dca6748560d00aa5eb8e12f13ebb2ed9656add3908f97
ca63193ce799e4e00c9106349365981dc6e26cb77632ebf5df23dffba2aaccfa
ccf00d1923b0131a10e0c6d26f95e5dee6ebf8621a27e83c5a2f68a2e0093142
cd19ddf2050ec063fd0ae53bf3a43ef1009c232e94099c82a6bbad13ff3da956
ced592c4799c4a7e2ab6be275c2d537acaf115f0513c0db2b3f146a182b33584
cf6161e5fa3be7823574c6e50cded4a8122e5f4e36f9b9438e3e0dc50f30a3e9
cf6379edd6f2737120c697fbda46f2e52cc14b96943e222eb1bc1d3ad841cdf7
d24ef6d9e49add68a3dcf18db8c140195c1686fc2ec2a9a24e0fa57ce8562768
d4648625a5fae7230decf8abcad29c8ebee03c7a1b2a96a855b59afa3d79c72f
d46bcd63be2ada9ac7dd28a10f03b0581c4d068ed229d6b0bb2c61ed6a0457be
d81da1c2333ea18b9649d21dd0dbb2a09141d43d18ef3e2eea1157f3e56d6277
d8968086f7509df34c3278563dab87399da4f9dcdfb419818e3a309eedc70b88
d9b43ddd50aaf42ec00d71a4dea71e5125ceb5af70bd85952712b0d559139f65
dc1b8ee32db93a82613603876b57166be812c64eb91122b40ecf40f9651eb2a7
df16ae2f3f4c003e55aa93796b78c0ab73e0155ae32bea72cee59d1e0832f92d
dff2681d8f5f16b61b464b599d7c62f61efe496b54a77044145495bc8cad36d0
e0adc349e413c4a6dd0e43237ac42891a0b6b4bb36b9f18a247a2f256de60b80
e1afac4f639ccfd2a3176184d598ee162e4c2f66e56900e5897e9d821553f169
e30f848c353b8ab801c18d2109527cb32a27f145262dccb3cd4db9f309cc53bb
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e586a84d8523747f42e510d78e141015b6424cf67d612854e892a7bcedc8ec9e
e5dc577d94f9f87f94a797846949133a3184e78e0832261a841188d3d65966b0
e8a56b7248517b052849b0d606b0c402c9a147d231cfba361af5dfb5794a3766
ea4905c24de147d6f1bc3c4b8d52f83031b343f96bfe737d61ce8feeabd7a373
ea795a298e37c1cd48937e8d9b242162d213ebaa07c997769a6bfe4b4d8ec411
eb78b3891acbc3d14761e44de1b0453edf65f0a5e03a4bacb8328afff743327c
ecc2e585ea072abb205881f3aad6f36e92d556537e7100a8a128ddbc75edb436
ed4ea47744da3fa10971d32c97e496e966e98660b57d5fe5a8e2ac3f566b5c77
ee3a7301fe1e0c0f6bf6acff0d7a8d107f5cb3f62a2566740c0416d8e61f00b9
eef64f7a397e400b8f553622d72e44cfcfb2630f74b958fb561f0392a13ba48d
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f0f382f3320ade05dd14f969ff7dd9d894c6a6571165ab6d7fcdade2f4836dfc
f3f30f98fb696b7b54369ba11203f339b26a75ad472f9b663afa2a33b9dab9ad
f4073adb41241b4c3c306e68f84ce76d36c2ce59ff6c4e2e10bcacec6793296e
f44b497a60f93e8791aeb7e150aeda387d88bf063521a9ae04afabc2e8d11248
f6d032132eed5aa1a417456f07864c51fe631858b190224cf7d1a50116d15f48
f6d0fb9990196571b14faca069dd24dfacde70bd9b2f243c1ff4e511584a816b
f70751d4b3f5d5c9f208ea16e8cbcac3c6abf1bda80357da3fcd21dde4333449
f77c0d1739b618edc4a01ca3f6b2990b01a3009030af49ee8cf68e83052df194
fad24fba2fe04bb12ddc32c058288d856c7b4e64b33d4fb63ca27afb0e5ca944
fbfe86f8eb192dd05db7c79caac0c307f3aa8a0d6ca10b36aefc5c1f8a3b0b55
fc3d7a62b564bfbf77c7ef8e33bb91751adf8bea9df9f1330726e57e7378f22f
fd0a1ac929c11b08e819fe4b0a18c5574012c44f09de8987c6be99a0f055a505
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e

nets4.com Open in urlscan Pro 2a06:98c1:3121::7 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

329 Requests

88 %HTTPS

37 %IPv6

49 Domains

80 Subdomains

62 IPs

8 Countries

3105 kBTransfer

7371 kBSize

63 Cookies

15 Outgoing links

Redirected requests

329 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 7 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

nets4.com Open in urlscan Pro
2a06:98c1:3121::7 Public Scan

Screenshot
Live screenshot

Full Image

329
Requests

88 %
HTTPS

37 %
IPv6

49
Domains

80
Subdomains

62
IPs

8
Countries

3105 kB
Transfer

7371 kB
Size

63
Cookies

329 HTTP transactions
7 data transactions