epicenter.bg Open in urlscan Pro
164.138.220.34 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://epicenter.bg/
Submission: On August 30 via api (August 30th 2023, 1:54:28 pm UTC) from US — Scanned from DE

Summary HTTP 641 Redirects Links 8 Behaviour Indicators

Summary

This website contacted 45 IPs in 8 countries across 26 domains to perform 641 HTTP transactions. The main IP is 164.138.220.34, located in Bulgaria and belongs to SUPERHOSTING_AS, BG. The main domain is epicenter.bg.
TLS certificate: Issued by RapidSSL Global TLS RSA4096 SHA256 20... on December 24th 2022. Valid for: a year.

This is the only time epicenter.bg was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
115	164.138.220.34 164.138.220.34	201200 (SUPERHOST...) (SUPERHOSTING_AS)
13	2a00:1450:400... 2a00:1450:4001:800::2002	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:80b::200e	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:82a::200e	15169 (GOOGLE) (GOOGLE)
2	2a03:2880:f08... 2a03:2880:f083:9:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
2	2a00:1450:400... 2a00:1450:400c:c0c::9c	15169 (GOOGLE) (GOOGLE)
25	2a00:1450:400... 2a00:1450:4001:81c::2008	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:806::2002	15169 (GOOGLE) (GOOGLE)
1	2a03:2880:f17... 2a03:2880:f176:84:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
1	2001:4860:480... 2001:4860:4802:34::36	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:831::2003	15169 (GOOGLE) (GOOGLE)
13	2a00:1450:400... 2a00:1450:4001:82b::2001	15169 (GOOGLE) (GOOGLE)
1	2606:4700::68... 2606:4700::6811:180e	13335 (CLOUDFLAR...) (CLOUDFLARENET)
101	2a00:1450:400... 2a00:1450:4001:801::2002	15169 (GOOGLE) (GOOGLE)
51	2a00:1450:400... 2a00:1450:4001:830::2001	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:812::2004	15169 (GOOGLE) (GOOGLE)
36	2a00:1450:400... 2a00:1450:4001:80b::2002	15169 (GOOGLE) (GOOGLE)
30 38	216.58.206.34 216.58.206.34	15169 (GOOGLE) (GOOGLE)
11 27	185.80.39.216 185.80.39.216	27381 (CASALE-MEDIA) (CASALE-MEDIA)
24 32	37.252.173.215 37.252.173.215	29990 (ASN-APPNEX) (ASN-APPNEX)
6	35.244.159.8 35.244.159.8	15169 (GOOGLE) (GOOGLE)
6	23.35.237.56 23.35.237.56	16625 (AKAMAI-AS) (AKAMAI-AS)
1	3.75.62.37 3.75.62.37	16509 (AMAZON-02) (AMAZON-02)
51	138.201.84.244 138.201.84.244	24940 (HETZNER-AS) (HETZNER-AS)
1 4	94.130.102.164 94.130.102.164	24940 (HETZNER-AS) (HETZNER-AS)
1 4	144.76.91.199 144.76.91.199	24940 (HETZNER-AS) (HETZNER-AS)
1 5	138.201.63.145 138.201.63.145	24940 (HETZNER-AS) (HETZNER-AS)
1 7	159.69.70.9 159.69.70.9	24940 (HETZNER-AS) (HETZNER-AS)
1 4	138.201.63.157 138.201.63.157	24940 (HETZNER-AS) (HETZNER-AS)
1 4	138.201.63.117 138.201.63.117	24940 (HETZNER-AS) (HETZNER-AS)
3	138.201.135.164 138.201.135.164	24940 (HETZNER-AS) (HETZNER-AS)
3	138.201.63.165 138.201.63.165	24940 (HETZNER-AS) (HETZNER-AS)
3	78.46.90.238 78.46.90.238	24940 (HETZNER-AS) (HETZNER-AS)
3	78.46.23.46 78.46.23.46	24940 (HETZNER-AS) (HETZNER-AS)
29	145.239.193.130 145.239.193.130	16276 (OVH) (OVH)
12	2a0b:4d07:102::1 2a0b:4d07:102::1	44239 (PROINITY ...) (PROINITY PROINITY)
12	23.218.170.194 23.218.170.194	16625 (AKAMAI-AS) (AKAMAI-AS)
12	3.9.22.61 3.9.22.61	16509 (AMAZON-02) (AMAZON-02)
12 24	172.217.16.134 172.217.16.134	15169 (GOOGLE) (GOOGLE)
7 7	94.23.99.218 94.23.99.218	16276 (OVH) (OVH)
12	2a00:1450:400... 2a00:1450:4001:808::200a	15169 (GOOGLE) (GOOGLE)
12	18.66.147.120 18.66.147.120	16509 (AMAZON-02) (AMAZON-02)
12	99.86.4.36 99.86.4.36	16509 (AMAZON-02) (AMAZON-02)
4	2a00:1450:400... 2a00:1450:4001:802::2003	15169 (GOOGLE) (GOOGLE)
24	35.179.59.129 35.179.59.129	() ()
641	45

115 164.138.220.34 (Bulgaria)

ASN201200 (SUPERHOSTING_AS, BG)
PTR: epicente.superdnsserver.net

epicenter.bg	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

13 2a00:1450:4001:800::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:80b::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

apis.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:82a::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f083:9:face:b00c:0:3 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:400c:c0c::9c (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

25 2a00:1450:4001:81c::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:806::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a03:2880:f176:84:face:b00c:0:25de (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:4860:4802:34::36 (United States)

ASN15169 (GOOGLE, US)

region1.analytics.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:831::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

13 2a00:1450:4001:82b::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:180e (United States)

ASN13335 (CLOUDFLARENET, US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

101 2a00:1450:4001:801::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

51 2a00:1450:4001:830::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:812::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

36 2a00:1450:4001:80b::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

38 216.58.206.34 (United States) 30 redirects

ASN15169 (GOOGLE, US)
PTR: lcfraa-aa-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

27 185.80.39.216 (Canada) 11 redirects

ASN27381 (CASALE-MEDIA, CA)

dsum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

32 37.252.173.215 (Frankfurt am Main, Germany) 24 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 867.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 35.244.159.8 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 8.159.244.35.bc.googleusercontent.com

us-u.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 23.35.237.56 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a23-35-237-56.deploy.static.akamaitechnologies.com

sync.teads.tv	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 3.75.62.37 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-75-62-37.eu-central-1.compute.amazonaws.com

ups.analytics.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

51 138.201.84.244 (Germany)

ASN24940 (HETZNER-AS, DE)
PTR: static.244.84.201.138.clients.your-server.de

hal9000.redintelligence.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
hal900026.redintelligence.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 94.130.102.164 (Germany) 1 redirects

ASN24940 (HETZNER-AS, DE)
PTR: static.164.102.130.94.clients.your-server.de

hal900012.redintelligence.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 144.76.91.199 (Germany) 1 redirects

ASN24940 (HETZNER-AS, DE)
PTR: static.199.91.76.144.clients.your-server.de

hal900018.redintelligence.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 138.201.63.145 (Germany) 1 redirects

ASN24940 (HETZNER-AS, DE)
PTR: static.145.63.201.138.clients.your-server.de

hal900010.redintelligence.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 159.69.70.9 (Nuremberg, Germany) 1 redirects

ASN24940 (HETZNER-AS, DE)
PTR: static.9.70.69.159.clients.your-server.de

hal900017.redintelligence.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 138.201.63.157 (Germany) 1 redirects

ASN24940 (HETZNER-AS, DE)
PTR: static.157.63.201.138.clients.your-server.de

hal90007.redintelligence.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 138.201.63.117 (Germany) 1 redirects

ASN24940 (HETZNER-AS, DE)
PTR: static.117.63.201.138.clients.your-server.de

hal90003.redintelligence.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 138.201.135.164 (St. Ingbert, Germany)

ASN24940 (HETZNER-AS, DE)
PTR: static.164.135.201.138.clients.your-server.de

hal900015.redintelligence.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 138.201.63.165 (Germany)

ASN24940 (HETZNER-AS, DE)
PTR: static.165.63.201.138.clients.your-server.de

hal90005.redintelligence.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 78.46.90.238 (Germany)

ASN24940 (HETZNER-AS, DE)
PTR: static.238.90.46.78.clients.your-server.de

hal900019.redintelligence.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 78.46.23.46 (Germany)

ASN24940 (HETZNER-AS, DE)
PTR: static.46.23.46.78.clients.your-server.de

hal900023.redintelligence.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

29 145.239.193.130 (France)

ASN16276 (OVH, FR)

pv.medialead.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 2a0b:4d07:102::1 (Switzerland)

ASN44239 (PROINITY PROINITY, CH)

adv.office-partner.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 23.218.170.194 (Munich, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a23-218-170-194.deploy.static.akamaitechnologies.com

www.awin1.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 3.9.22.61 (London, United Kingdom)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-9-22-61.eu-west-2.compute.amazonaws.com

track.webgains.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

24 172.217.16.134 (United States) 12 redirects

ASN15169 (GOOGLE, US)
PTR: zrh04s06-in-f134.1e100.net

8019191.fls.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
5994599.fls.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 94.23.99.218 (France) 7 redirects

ASN16276 (OVH, FR)
PTR: ip218.ip-94-23-99.eu

medialead.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 2a00:1450:4001:808::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 18.66.147.120 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-66-147-120.fra60.r.cloudfront.net

analytics.webgains.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 99.86.4.36 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-99-86-4-36.fra6.r.cloudfront.net

cdn.track.production.webgains.team	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:802::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

24 35.179.59.129 (None, )

ASN- ()

api.webgains.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
165	googlesyndication.com 10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com pagead2.googlesyndication.com — Cisco Umbrella Rank: 107 tpc.googlesyndication.com — Cisco Umbrella Rank: 150	973 KB
115	epicenter.bg epicenter.bg	3 MB
91	redintelligence.net 6 redirects hal9000.redintelligence.net — Cisco Umbrella Rank: 37964 hal900012.redintelligence.net — Cisco Umbrella Rank: 211690 hal900018.redintelligence.net — Cisco Umbrella Rank: 243830 hal900010.redintelligence.net — Cisco Umbrella Rank: 213495 hal900017.redintelligence.net — Cisco Umbrella Rank: 290888 hal90007.redintelligence.net — Cisco Umbrella Rank: 237322 hal90003.redintelligence.net — Cisco Umbrella Rank: 250103 hal900015.redintelligence.net — Cisco Umbrella Rank: 227118 hal90005.redintelligence.net — Cisco Umbrella Rank: 207480 hal900019.redintelligence.net — Cisco Umbrella Rank: 300415 hal900026.redintelligence.net — Cisco Umbrella Rank: 217239 hal900023.redintelligence.net — Cisco Umbrella Rank: 214940	715 KB
90	doubleclick.net 42 redirects stats.g.doubleclick.net — Cisco Umbrella Rank: 87 securepubads.g.doubleclick.net — Cisco Umbrella Rank: 203 googleads.g.doubleclick.net — Cisco Umbrella Rank: 40 cm.g.doubleclick.net — Cisco Umbrella Rank: 237 8019191.fls.doubleclick.net — Cisco Umbrella Rank: 308098 5994599.fls.doubleclick.net — Cisco Umbrella Rank: 148426	345 KB
36	webgains.io analytics.webgains.io — Cisco Umbrella Rank: 30936 api.webgains.io	220 KB
36	medialead.de 7 redirects pv.medialead.de — Cisco Umbrella Rank: 47866 medialead.de — Cisco Umbrella Rank: 47553	14 KB
32	adnxs.com 24 redirects ib.adnxs.com — Cisco Umbrella Rank: 239	24 KB
27	casalemedia.com 11 redirects dsum-sec.casalemedia.com — Cisco Umbrella Rank: 590	19 KB
25	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 47	2 MB
15	google.com apis.google.com — Cisco Umbrella Rank: 120 region1.analytics.google.com — Cisco Umbrella Rank: 3238 www.google.com — Cisco Umbrella Rank: 2 adservice.google.com — Cisco Umbrella Rank: 105	25 KB
13	googletagservices.com www.googletagservices.com — Cisco Umbrella Rank: 214	707 KB
12	webgains.team cdn.track.production.webgains.team — Cisco Umbrella Rank: 92540	24 KB
12	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 41	6 KB
12	webgains.com track.webgains.com — Cisco Umbrella Rank: 49150	22 KB
12	awin1.com www.awin1.com — Cisco Umbrella Rank: 18330	8 KB
12	office-partner.de adv.office-partner.de — Cisco Umbrella Rank: 186211	11 KB
6	teads.tv sync.teads.tv — Cisco Umbrella Rank: 1326	978 B
6	openx.net us-u.openx.net — Cisco Umbrella Rank: 478	870 B
4	gstatic.com fonts.gstatic.com	59 KB
2	facebook.net connect.facebook.net — Cisco Umbrella Rank: 169	89 KB
2	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 35	21 KB
1	yahoo.com ups.analytics.yahoo.com — Cisco Umbrella Rank: 326	125 B
1	cloudflare.com cdnjs.cloudflare.com — Cisco Umbrella Rank: 220	1 KB
1	google.de www.google.de — Cisco Umbrella Rank: 6457	408 B
1	facebook.com www.facebook.com — Cisco Umbrella Rank: 109
0	spotxchange.com Failed sync.search.spotxchange.com Failed
641	26

	Domain	Requested by
115	epicenter.bg	epicenter.bg
101	pagead2.googlesyndication.com	securepubads.g.doubleclick.net tpc.googlesyndication.com 10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com pagead2.googlesyndication.com www.googletagservices.com
51	tpc.googlesyndication.com	securepubads.g.doubleclick.net tpc.googlesyndication.com 10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com googleads.g.doubleclick.net
48	hal9000.redintelligence.net	10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com hal900015.redintelligence.net hal900012.redintelligence.net hal900018.redintelligence.net hal900019.redintelligence.net hal900017.redintelligence.net hal900010.redintelligence.net hal90003.redintelligence.net hal900026.redintelligence.net hal90005.redintelligence.net hal900023.redintelligence.net hal90007.redintelligence.net
38	cm.g.doubleclick.net	30 redirects googleads.g.doubleclick.net
32	ib.adnxs.com	24 redirects googleads.g.doubleclick.net
29	pv.medialead.de	hal900017.redintelligence.net hal900015.redintelligence.net 10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com hal900012.redintelligence.net hal900018.redintelligence.net hal900019.redintelligence.net hal900026.redintelligence.net hal900023.redintelligence.net hal90007.redintelligence.net hal900010.redintelligence.net hal90005.redintelligence.net hal90003.redintelligence.net
27	dsum-sec.casalemedia.com	11 redirects googleads.g.doubleclick.net
25	www.googletagmanager.com	www.google-analytics.com adv.office-partner.de www.googletagmanager.com
24	api.webgains.io	analytics.webgains.io
24	googleads.g.doubleclick.net	10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com pagead2.googlesyndication.com
22	8019191.fls.doubleclick.net	11 redirects epicenter.bg 10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com
13	10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
13	www.googletagservices.com	epicenter.bg 10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com
12	cdn.track.production.webgains.team	10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com track.webgains.com
12	analytics.webgains.io	track.webgains.com
12	adservice.google.com	8019191.fls.doubleclick.net 5994599.fls.doubleclick.net
12	fonts.googleapis.com	hal900015.redintelligence.net hal900012.redintelligence.net hal900018.redintelligence.net hal900019.redintelligence.net hal900017.redintelligence.net hal900010.redintelligence.net hal90003.redintelligence.net hal900026.redintelligence.net hal90005.redintelligence.net hal900023.redintelligence.net hal90007.redintelligence.net
12	track.webgains.com	epicenter.bg 10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com
12	www.awin1.com	hal900017.redintelligence.net 10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com hal900026.redintelligence.net hal900023.redintelligence.net hal90007.redintelligence.net hal90005.redintelligence.net
12	adv.office-partner.de	hal900017.redintelligence.net hal900015.redintelligence.net hal900012.redintelligence.net hal900018.redintelligence.net hal900019.redintelligence.net hal900026.redintelligence.net hal900023.redintelligence.net hal90007.redintelligence.net hal900010.redintelligence.net hal90005.redintelligence.net hal90003.redintelligence.net
7	medialead.de	7 redirects
7	hal900017.redintelligence.net	1 redirects 10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com hal9000.redintelligence.net hal900017.redintelligence.net
6	sync.teads.tv	googleads.g.doubleclick.net
6	us-u.openx.net	googleads.g.doubleclick.net
5	hal900010.redintelligence.net	1 redirects 10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com hal900010.redintelligence.net
4	fonts.gstatic.com	fonts.googleapis.com
4	hal90003.redintelligence.net	1 redirects 10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com hal90003.redintelligence.net
4	hal90007.redintelligence.net	1 redirects 10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com hal90007.redintelligence.net
4	hal900018.redintelligence.net	1 redirects 10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com hal900018.redintelligence.net
4	hal900012.redintelligence.net	1 redirects 10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com hal900012.redintelligence.net
3	hal900023.redintelligence.net	hal9000.redintelligence.net 10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com hal900023.redintelligence.net
3	hal900026.redintelligence.net	hal9000.redintelligence.net 10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com hal900026.redintelligence.net
3	hal900019.redintelligence.net	hal9000.redintelligence.net hal900019.redintelligence.net
3	hal90005.redintelligence.net	hal9000.redintelligence.net 10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com hal90005.redintelligence.net
3	hal900015.redintelligence.net	hal9000.redintelligence.net hal900015.redintelligence.net
2	5994599.fls.doubleclick.net	1 redirects 10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com
2	securepubads.g.doubleclick.net	www.googletagservices.com securepubads.g.doubleclick.net
2	stats.g.doubleclick.net	www.google-analytics.com www.googletagmanager.com
2	connect.facebook.net	epicenter.bg connect.facebook.net
2	www.google-analytics.com	epicenter.bg www.google-analytics.com
1	ups.analytics.yahoo.com	googleads.g.doubleclick.net
1	www.google.com	tpc.googlesyndication.com
1	cdnjs.cloudflare.com	epicenter.bg
1	www.google.de	epicenter.bg
1	region1.analytics.google.com	www.googletagmanager.com
1	www.facebook.com	connect.facebook.net
1	apis.google.com	epicenter.bg
0	sync.search.spotxchange.com Failed	googleads.g.doubleclick.net
641	49

This site contains links to these domains. Also see Links.

Domain
silktide.com
tibiel.com
preonow.com
qalistic.com
www.ecb.europa.eu
www.wunderground.com
www.facebook.com
www.youtube.com

Subject Issuer	Validity	Valid
epicenter.bg RapidSSL Global TLS RSA4096 SHA256 2022 CA1	`2022-12-24` - `2024-01-17`	a year	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2023-08-07` - `2023-10-30`	3 months	crt.sh
*.apis.google.com GTS CA 1C3	`2023-08-07` - `2023-10-30`	3 months	crt.sh
*.google-analytics.com GTS CA 1C3	`2023-08-07` - `2023-10-30`	3 months	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2023-06-08` - `2023-09-06`	3 months	crt.sh
www.google.de GTS CA 1C3	`2023-08-07` - `2023-10-30`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2023-07-03` - `2024-07-02`	a year	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2023-08-07` - `2023-10-30`	3 months	crt.sh
www.google.com GTS CA 1C3	`2023-08-07` - `2023-10-30`	3 months	crt.sh
*.openx.net RapidSSL TLS RSA CA G1	`2023-08-18` - `2024-08-18`	a year	crt.sh
teads.tv R3	`2023-06-26` - `2023-09-24`	3 months	crt.sh
ups.analytics.yahoo.com DigiCert SHA2 High Assurance Server CA	`2023-08-03` - `2024-01-24`	6 months	crt.sh
redintelligence.net R3	`2023-08-11` - `2023-11-09`	3 months	crt.sh
pv.medialead.de R3	`2023-08-13` - `2023-11-11`	3 months	crt.sh
adv.office-partner.de R3	`2023-08-29` - `2023-11-27`	3 months	crt.sh
www.awin1.com DigiCert TLS RSA SHA256 2020 CA1	`2023-03-10` - `2024-03-09`	a year	crt.sh
*.webgains.com Amazon RSA 2048 M01	`2023-05-15` - `2024-06-13`	a year	crt.sh
*.doubleclick.net GTS CA 1C3	`2023-08-07` - `2023-10-30`	3 months	crt.sh
upload.video.google.com GTS CA 1C3	`2023-08-07` - `2023-10-30`	3 months	crt.sh
*.google.com GTS CA 1C3	`2023-08-07` - `2023-10-30`	3 months	crt.sh
*.webgains.io Amazon RSA 2048 M01	`2023-07-24` - `2024-08-22`	a year	crt.sh
cdn.track.production.webgains.team Amazon RSA 2048 M03	`2023-08-30` - `2024-09-27`	a year	crt.sh
*.gstatic.com GTS CA 1C3	`2023-08-07` - `2023-10-30`	3 months	crt.sh

This page contains 88 frames:

Primary Page: https://epicenter.bg/
Frame ID: 0D87F576FBE3193072D362FA3E9ACF39
Requests: 133 HTTP requests in this frame

Frame: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: D1EFD9872ECF86BB83881E1E362F0981
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 810E731BA4C1EFB01B4476B66B038D98
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 8E27BE2B0EBA68C259EF59C8945AF15A
Requests: 2 HTTP requests in this frame

Frame: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: 9E9FD6F8F540C0B085A2E097D6430AA3
Requests: 21 HTTP requests in this frame

Frame: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: 2F464CAB83F48C129D587AA4E3E579DE
Requests: 22 HTTP requests in this frame

Frame: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: BD875105DBA90F856C42744291919E4A
Requests: 22 HTTP requests in this frame

Frame: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: 22A00388CED329392351301D0DA5C1B4
Requests: 21 HTTP requests in this frame

Frame: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: 05AB0C668FA99F4F392F5670DE241DFE
Requests: 21 HTTP requests in this frame

Frame: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: 2BC1E1AB38058A1A766B876139707037
Requests: 21 HTTP requests in this frame

Frame: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: EAC886B5960FEB324ACB11800A90BE35
Requests: 22 HTTP requests in this frame

Frame: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: 1425BD3BB17EA5B1E92C0F8F9DACF0FD
Requests: 21 HTTP requests in this frame

Frame: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: A54EB169AD070D8C280462B29A42E2A1
Requests: 22 HTTP requests in this frame

Frame: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: AE73EAF2875A2DAB76CAD8F6543EE7D8
Requests: 22 HTTP requests in this frame

Frame: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: 9E07543EDCE55D5DB27029F7FE1FBB85
Requests: 22 HTTP requests in this frame

Frame: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: 556473A47C850F3199107E5D157BE841
Requests: 21 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxia77vGATAB&v=APEucNUoSZE7h5gIxIto9_p9XHdQiQSIt9pE0ntcsnOmGPIk55E0GUrDjxbd6q73HsfXrAumEa7aMDUQ6xmc6EIkgY1gs3zq9hXpOEOtQgYq5YspDWSwv95u5O9cZHxt0TjAAYUPHHsWdr94mD6lORlaMOFrKTLjjqrCfN6esbzZptwe-a66p4w
Frame ID: 2150DBB2C48C7540B5F588ABD3B25491
Requests: 5 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxjbobvGATAB&v=APEucNVvNXephjybtEpoTyvC1qeAJpx2KlByuZ9oWMot6gGVSGBErlpTAFUnSOcAXDjkzAyXRJhrW4RXrmokE-S78xKeS2SKfw_bfhpmfb2jWmH1kTNN73xa_zQqZ2wpHo9Du9HOE7ImLA7EY8x5TPvIA2n9mUSe2kbsbvzGzNGI7JNrTehchVs
Frame ID: 0207342CE950FDAF0C61D298DD643333
Requests: 5 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxj-rbvGATAB&v=APEucNXSMkhJzPzJ5TyCLk7yCiwJw8orOSD5Iw0LaTGN_JfxavRDdge0gM0htyUBgW16_rbZg9tkxj8vi3Hr81AWO1mKlt_ANJOIGx7MFZXUdtZFJfWaVFYSnk0FHBm6_lJY2qWyJTX9k08BWRxElW6A4nlVaB-myzJZ75bpPDZVg1BhoPwjrCk
Frame ID: C32CAA2BF7DEAEC15F0C33E7D77519FB
Requests: 5 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxj-rbvGATAB&v=APEucNWsAb1HSW1pi3AZEmQC4va5em9SHS50HQkPk4ZN4XGPo9dSRGfkbaLRgXhYGbYS8YbmZ2yhSJUOa1QHzln9XBKHXIHWwl8SeJ9KIXeTwzvfQyvqJ6gR9HCZVEeHYf1XZv-MLVZqjSOFDrXShR1dfeOUMvwv7Vk8K4JmA0XR0PxBfcRc07c
Frame ID: DDDEA132CC17E3940468F25093C8237E
Requests: 5 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxj-rbvGATAB&v=APEucNUD4KvDljg-MbnVGIBT12-wyqgRhJFafW7fzRgQFMgbulrTf30BplCi_MOkwUWOZM8GHQA3_EKeRQ8Ky00gSN4xOiLgKUS1Sq5NzjPa7_YfKPuS8EmPQrEx1pI24iYVLOmXy4q7B1guBszrUcnFclBaj2ED39YGkMhu2giQl1CyFjoY5Ow
Frame ID: 9DC1E46FEE8786F046AED6E60D6A9550
Requests: 5 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxj-rbvGATAB&v=APEucNUmk9K-8OcHr31DmhCcjUlhZAjQwoNsXBkR_Men2HUa6NLJ1QIH1VwA-V_Xy6YevV2q3dM_FcK-UR-35ivFpMmdpizgjYPWv6_bvI8jOnNig7zqsxtaElrEDz5eXFVuup7vkldRPxuBqHrago0g6YvvWVqGdQE3HKRe2sPxPOb-a50sgAI
Frame ID: 9B98EF54833894EA84EBC8156C1788EE
Requests: 5 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxj-rbvGATAB&v=APEucNVYtsfApdx5VJ3SYKWm1iYT1NbRxpUi7aDIU9btFnxDbFuvIm3tpgyV5w0mjVJ8bvH9mcCpAWQ6YJrogaXi4ty0dB4oFiYAuqQBTBWoLa4_GuQS2T8r-BU6Wg6cNObo-z_sDQI5lBIlC50G3xsl3f1SLzJps3VeNBmTMS8E5nIo7VX-GFo
Frame ID: 84F8E5D7C63761EF1777837CC41E9ACA
Requests: 5 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxj-rbvGATAB&v=APEucNVvbfaUge5KcC3XLndKjkhBUDyl7ukEjSLGvl6ncM54MRzB_2DE1E6eU5RfDm2bwGCnJKa0v-fEE806nDhrYMRaNRAAQ1kuaEXEa4ilow0Eny9de5AtoWVnTkKm24OMTWvmtXh-ISF95XZpxt2moJrcEqNUwfHu9ABUEtEDa1xMoi-Azyk
Frame ID: CC366D222F1075650F012D59E459962D
Requests: 5 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxj-rbvGATAB&v=APEucNU2E9ePQP2XAzMUk6ES1kodmMkfr9YAWbt8-5GCEDpISVOzgAkS_eEMQAYyE0IW79r-Ly0lrUp67f1S0RX1TBPQqtI_2BBTgo4Utt79HHZCtGSp49ddAdSwjjIpeKPeTQrrRmvY62-FiuJZk_HsecmeZNi1-Vj4yTsZkxalfIIM6RoMgy8
Frame ID: 6C858A42FAF397BB1C02721FC4C3A49B
Requests: 5 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxj-rbvGATAB&v=APEucNX1M9iUszwHFq80N_HEwreI-Fd83JYHWBwg0xt4MM_X0bO1FdVMYcQYSAS6fLR9lKn9DksryLzLf83mXLJv3yqT2oVBz3TypcIMW75pQzreI3dD80iVxMqXZVmAo-bEF8X8_PrvuJwycIjuU28rYCKrLHQc4PWzLskJA0fSQuzYYOavEKs
Frame ID: 0FF310DDD599D99A319518B90102ED2E
Requests: 5 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxj-rbvGATAB&v=APEucNVn0_MmF8mtgAfqmhHeaTJG4-7d-iRb-nm9_o0FY-HVuQTqkg3uUACVGjPMYtMScm3zYmLYPHfCZc52zucV_n8DccgsE3MqnTUcW5J6pe0YhsT9_hwI-31GdBUczqt-9ajVq5yBfCaqIHSQ-U_dQGTLUmzeLZUx26KQSw7q0U5kW1bpbG0
Frame ID: 498DE4B5D41A79DCE00691F8E28CC8FE
Requests: 5 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxj-rbvGATAB&v=APEucNVroQzBk6w9dv15oy2AsS02dcP3wJb5P_-B3w3H0pUzTt7gH9skfDG45-mtfgwWkGcFzMJFIuHfZ4bI-asZz80-un4naaKnN9o-iq47hSDPNlPQGzb7O-_GLC13DDaGMkckykuEy6wQ2qkNOpDS7ge7Xq7_TgNsyvk6na5cOn0yJ_sQRwk
Frame ID: CBBB2435ADF3F08A1C755BD34BA3D07B
Requests: 4 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 966385A5D1035D24B2C6654E3D3A685D
Requests: 3 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 91829A35D10F8412EA8DFE519CD8DBD8
Requests: 3 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 69502CA3603161D28A642FFF564EF6A3
Requests: 3 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: CD9AB3E5BF77F196A62822BCE3DC339D
Requests: 3 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: FC68E0C8402A7A88D01D4EDEF068A025
Requests: 3 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: F0C99C926E4C664E480F9B54FC0F7482
Requests: 3 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 878B8CECBFF01CDA82F7EF285BC4EFB9
Requests: 3 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: C11EF1A7551EDFEF22D0F3D3E0A5655F
Requests: 3 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: A38AD17D64FB443D86BEEE660E5CD3B4
Requests: 3 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 0CCFF5406FD5DAF746CF8BBFE2C67A0C
Requests: 3 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: CF0081FF3BB59EF0486D25E3CB71DA89
Requests: 3 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 6488630768DA00403AD49F4F30DDCC8C
Requests: 3 HTTP requests in this frame

Frame: https://pv.medialead.de/trck/epv/e99aace94e6e58733936cdd965d03e75?subid=84913800085385704444550012432017&t=htlp&gdpr=1&consent=1&gdpr_consent=
Frame ID: 13863425343A27DAA1C712FE9BFDE0C7
Requests: 1 HTTP requests in this frame

Frame: https://adv.office-partner.de/?utm_source=webgains&utm_campaign=webgains
Frame ID: 61AF233A06C60A1E8B95523E8B8A80A5
Requests: 3 HTTP requests in this frame

Frame: https://pv.medialead.de/trck/epv/e99aace94e6e5873881d3400993e1e7e?subid=25105600103854104444550012432015&t=htlp&gdpr=1&consent=1&gdpr_consent=
Frame ID: 52776A2FAC71961F26293FA7FFBB3D98
Requests: 1 HTTP requests in this frame

Frame: https://adv.office-partner.de/?utm_source=webgains&utm_campaign=webgains
Frame ID: 07C6497CB1EFE7E48B0CBFAFBAA4BA65
Requests: 3 HTTP requests in this frame

Frame: https://8019191.fls.doubleclick.net/activityi;dc_pre=CIWInJ7EhIEDFfwJaAgdfn0E8Q;src=8019191;type=invmedia;cat=1up4h04i;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=4239880568996.5435
Frame ID: 187CEA7F4EEFB74471E4F7C2B1E9B947
Requests: 2 HTTP requests in this frame

Frame: https://hal900015.redintelligence.net/request_content.php?s=25105600103854104444550012432015&a=a8e83eb0
Frame ID: E94A40B4798D617F58244EB5EADC08BA
Requests: 6 HTTP requests in this frame

Frame: https://adv.office-partner.de/?utm_source=webgains&utm_campaign=webgains
Frame ID: AA567845CF36A1E8FC9B14034B0C6350
Requests: 3 HTTP requests in this frame

Frame: https://pv.medialead.de/trck/epv/e99aace94e6e5873881d3400993e1e7e?subid=62711200102690604444978012432012&t=htlp&gdpr=1&consent=1&gdpr_consent=
Frame ID: 050455CB73B5F6D5A03895B60AE92F63
Requests: 1 HTTP requests in this frame

Frame: https://8019191.fls.doubleclick.net/activityi;dc_pre=CNyPnJ7EhIEDFYRPDQodXzQHXQ;src=8019191;type=invmedia;cat=1up4h04i;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=537275684660.37213
Frame ID: 94E70F5995C68159D517C0919DECA4E8
Requests: 2 HTTP requests in this frame

Frame: https://hal900012.redintelligence.net/request_content.php?s=62711200102690604444978012432012&a=0bb20247
Frame ID: 0ADBB82DC786E7F794D95E3BE269946A
Requests: 8 HTTP requests in this frame

Frame: https://pv.medialead.de/trck/epv/e99aace94e6e5873881d3400993e1e7e?subid=95833400106828604444550012432018&t=htlp&gdpr=1&consent=1&gdpr_consent=
Frame ID: D80043D6EE75402DA4C2FD0E41D60C68
Requests: 1 HTTP requests in this frame

Frame: https://adv.office-partner.de/?utm_source=webgains&utm_campaign=webgains
Frame ID: AC1ADEA4949F3B8766D21546EB90FC82
Requests: 3 HTTP requests in this frame

Frame: https://8019191.fls.doubleclick.net/activityi;dc_pre=CKScnJ7EhIEDFQ9mDAodUCMIew;src=8019191;type=invmedia;cat=1up4h04i;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=1814603991219.4478
Frame ID: 40CF6160AD028EA62FB30EB07B40CE2E
Requests: 2 HTTP requests in this frame

Frame: https://hal900018.redintelligence.net/request_content.php?s=95833400106828604444550012432018&a=76c15134
Frame ID: BA548F08560F1D15CA3F84B90E729187
Requests: 6 HTTP requests in this frame

Frame: https://pv.medialead.de/trck/epv/e99aace94e6e5873881d3400993e1e7e?subid=18486700079872604444550012432019&t=htlp&gdpr=1&consent=1&gdpr_consent=
Frame ID: AFE94F459DDE56E64A9AC850F3D83CD6
Requests: 1 HTTP requests in this frame

Frame: https://adv.office-partner.de/?utm_source=webgains&utm_campaign=webgains
Frame ID: 930F46FBA5D783E72082D90B3E2BFDEC
Requests: 3 HTTP requests in this frame

Frame: https://8019191.fls.doubleclick.net/activityi;dc_pre=CL-VnJ7EhIEDFRKlnwodm6cHdw;src=8019191;type=invmedia;cat=1up4h04i;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=2101836711718.803
Frame ID: D9F6CFAF8396E6B799E8FB7A258C4797
Requests: 2 HTTP requests in this frame

Frame: https://hal900019.redintelligence.net/request_content.php?s=18486700079872604444550012432019&a=eab017a0
Frame ID: 5C3A3062D8FFE3741F437D1C58495AAB
Requests: 6 HTTP requests in this frame

Frame: https://pv.medialead.de/trck/epv/e99aace94e6e58733936cdd965d03e75?subid=45250500104519004444550012432026&t=htlp&gdpr=1&consent=1&gdpr_consent=
Frame ID: CFBADBCE0D66F4EE6F2BF0A83F9AA93B
Requests: 1 HTTP requests in this frame

Frame: https://adv.office-partner.de/?utm_source=webgains&utm_campaign=webgains
Frame ID: 31E1FE9456E8B3E5803DDC04D93CB54E
Requests: 3 HTTP requests in this frame

Frame: https://pv.medialead.de/trck/epv/e99aace94e6e58733936cdd965d03e75?subid=32045500103064804444550012432023&t=htlp&gdpr=1&consent=1&gdpr_consent=
Frame ID: EAE182E42AFE32829DA9AFB68192185A
Requests: 1 HTTP requests in this frame

Frame: https://adv.office-partner.de/?utm_source=webgains&utm_campaign=webgains
Frame ID: 686C59B28C836F9E485583AF5AA01D7F
Requests: 3 HTTP requests in this frame

Frame: https://pv.medialead.de/trck/epv/e99aace94e6e58733936cdd965d03e75?subid=24992600080970204444554012432007&t=htlp&gdpr=1&consent=1&gdpr_consent=
Frame ID: D914C4E7B015469BBACBEA61B2D2F39B
Requests: 1 HTTP requests in this frame

Frame: https://adv.office-partner.de/?utm_source=webgains&utm_campaign=webgains
Frame ID: E37B6487E478981676DB62C45194E5BF
Requests: 3 HTTP requests in this frame

Frame: https://pv.medialead.de/trck/epv/e99aace94e6e5873881d3400993e1e7e?subid=79536100085385804444550012432017&t=htlp&gdpr=1&consent=1&gdpr_consent=
Frame ID: 92C3394EF5F2F12F4A49BB9D45FE3E26
Requests: 1 HTTP requests in this frame

Frame: https://adv.office-partner.de/?utm_source=webgains&utm_campaign=webgains
Frame ID: 03F195BDD1BFCD549CC15AA1225CB824
Requests: 3 HTTP requests in this frame

Frame: https://8019191.fls.doubleclick.net/activityi;dc_pre=COCSnJ7EhIEDFU4MaAgdWUgHeA;src=8019191;type=invmedia;cat=1up4h04i;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=8405961735339.038
Frame ID: 4D47462816B94B7BD68E126D19D943AE
Requests: 2 HTTP requests in this frame

Frame: https://hal900017.redintelligence.net/request_content.php?s=79536100085385804444550012432017&a=a09ca89a
Frame ID: 3C87C7D447DA69942016335647E4BB7C
Requests: 6 HTTP requests in this frame

Frame: https://pv.medialead.de/trck/epv/e99aace94e6e5873881d3400993e1e7e?subid=25812900085264604444550012432010&t=htlp&gdpr=1&consent=1&gdpr_consent=
Frame ID: 10060369A970F0AA8A67182FA740FB53
Requests: 1 HTTP requests in this frame

Frame: https://adv.office-partner.de/?utm_source=webgains&utm_campaign=webgains
Frame ID: 0D11AC6636283EAF1C004C374CD94F5F
Requests: 3 HTTP requests in this frame

Frame: https://8019191.fls.doubleclick.net/activityi;dc_pre=CKChnJ7EhIEDFUdbDQodKlgEiQ;src=8019191;type=invmedia;cat=1up4h04i;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=3650034360841.283
Frame ID: 62B68C2BA14EA9A5ED01AF7962C6896C
Requests: 2 HTTP requests in this frame

Frame: https://hal900010.redintelligence.net/request_content.php?s=25812900085264604444550012432010&a=8d2217ed
Frame ID: 34E328C6E2C36690CE8FB450B0A253E3
Requests: 7 HTTP requests in this frame

Frame: https://pv.medialead.de/trck/epv/e99aace94e6e58733936cdd965d03e75?subid=36807600106472204444550012432005&t=htlp&gdpr=1&consent=1&gdpr_consent=
Frame ID: E0D87E6832F2C702AF5FAAC9AF86EF10
Requests: 1 HTTP requests in this frame

Frame: https://adv.office-partner.de/?utm_source=webgains&utm_campaign=webgains
Frame ID: D60A83335546BFD85C363C9676B83F5C
Requests: 3 HTTP requests in this frame

Frame: https://pv.medialead.de/trck/epv/e99aace94e6e5873881d3400993e1e7e?subid=82333400087538704444550012432003&t=htlp&gdpr=1&consent=1&gdpr_consent=
Frame ID: 8AB7A9395C89705BA29502FA828A7CBF
Requests: 1 HTTP requests in this frame

Frame: https://adv.office-partner.de/?utm_source=webgains&utm_campaign=webgains
Frame ID: F2DE2E5108DA21D6AAEF1B75A3337067
Requests: 3 HTTP requests in this frame

Frame: https://8019191.fls.doubleclick.net/activityi;dc_pre=CLTJnJ7EhIEDFdQKaAgd4q0BaA;src=8019191;type=invmedia;cat=1up4h04i;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=2868261829524.401
Frame ID: BE1059CC5EF3E046436BD069878EF815
Requests: 2 HTTP requests in this frame

Frame: https://hal90003.redintelligence.net/request_content.php?s=82333400087538704444550012432003&a=287550bf
Frame ID: DC4BA77A8792DB8F605F2A328649B2BE
Requests: 6 HTTP requests in this frame

Frame: https://8019191.fls.doubleclick.net/activityi;dc_pre=CL3rzZ7EhIEDFWwNaAgd-6oHew;src=8019191;type=invmedia;cat=1up4h04i;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=7876159110773.76
Frame ID: 44CEB8E849DF4FF3A6A42829933AF453
Requests: 2 HTTP requests in this frame

Frame: https://hal900026.redintelligence.net/request_content.php?s=45250500104519004444550012432026&a=d9ce2777
Frame ID: 691C3666BEC178398140F4A1771D2F86
Requests: 6 HTTP requests in this frame

Frame: https://8019191.fls.doubleclick.net/activityi;dc_pre=CLzkz57EhIEDFd1LDQodESsCbg;src=8019191;type=invmedia;cat=1up4h04i;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=1805085479447.9521
Frame ID: 27D9B27E3AB5E95198D7937D182D4E55
Requests: 2 HTTP requests in this frame

Frame: https://hal90005.redintelligence.net/request_content.php?s=36807600106472204444550012432005&a=0cf021ba
Frame ID: 7A73CDA6F4728F1C0F0D5A38BE793101
Requests: 6 HTTP requests in this frame

Frame: https://8019191.fls.doubleclick.net/activityi;dc_pre=CKDI0Z7EhIEDFchaDQod5UIAkg;src=8019191;type=invmedia;cat=1up4h04i;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=1363772885949.044
Frame ID: 279A0B68ADEA8619F69C745C74212049
Requests: 2 HTTP requests in this frame

Frame: https://hal900017.redintelligence.net/request_content.php?s=84913800085385704444550012432017&a=4cb107eb
Frame ID: 6233C0778B087101F21BAA2B7C163E34
Requests: 6 HTTP requests in this frame

Frame: https://8019191.fls.doubleclick.net/activityi;dc_pre=CJr11J7EhIEDFQ9DDQodClUFww;src=8019191;type=invmedia;cat=1up4h04i;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=4986261450805.827
Frame ID: 11AC9E642885240B25FBCA08B2932C28
Requests: 2 HTTP requests in this frame

Frame: https://hal900023.redintelligence.net/request_content.php?s=32045500103064804444550012432023&a=ef562229
Frame ID: 1788F2C7E5E12CD33BD1DC69545F863D
Requests: 6 HTTP requests in this frame

Frame: https://5994599.fls.doubleclick.net/activityi;dc_pre=COnt2Z7EhIEDFYSKnwodfbUL3g;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=3166139025700.3296
Frame ID: BA4A4B8E0863EAA20C3B21106EF8DDC2
Requests: 2 HTTP requests in this frame

Frame: https://hal90007.redintelligence.net/request_content.php?s=24992600080970204444554012432007&a=5c2079eb
Frame ID: 9FFAD7525EE90E2236A489ABB95E107D
Requests: 8 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Новини, Анализи, Интервюта Коментари - Епицентър

Detected technologies

Google Sign-in (Social logins) Expand

Overall confidence: 100%
Detected patterns

apis\.google\.com/js/platform\.js

AppNexus (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.(?:net|com)

DoubleClick for Publishers (DFP) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googletagservices\.com/tag/js/gpt(?:_mobile)?\.js

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

//connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Plus (Widgets) Expand

Overall confidence: 100%
Detected patterns

apis\.google\.com/js/[a-z]*\.js

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js
googletagmanager\.com/gtag/js

OpenX (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.openx\.net

Osano (Cookie compliance) Expand

Overall confidence: 100%
Detected patterns

cookieconsent\.min\.js

Webgains (Affiliate programs) Expand

Overall confidence: 100%
Detected patterns

analytics\.webgains\.io

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

641
Requests

92 %
HTTPS

42 %
IPv6

26
Domains

49
Subdomains

45
IPs

8
Countries

8302 kB
Transfer

16420 kB
Size

18
Cookies

8 Outgoing links

These are links going to different origins than the main page.

URL: http://silktide.com/cookieconsent
Title: Cookie Consent plugin for the EU cookie law

Search URL Search Domain Scan URL

URL: http://tibiel.com/

Search URL Search Domain Scan URL

URL: https://preonow.com/

Search URL Search Domain Scan URL

URL: http://qalistic.com/
Title: Уеб дизайн, цялостно графично оформление, без лого и слоган, както и софтуерна разработкa от QALISTIC

Search URL Search Domain Scan URL

URL: https://www.ecb.europa.eu/home/html/index.en.html
Title: Валутните курсове са предоставени от ЕЦБ

Search URL Search Domain Scan URL

URL: http://www.wunderground.com/?apiref=bf6fc852dab7de56
Title: Прогнозата за времето е любезно предоставена от

Search URL Search Domain Scan URL

URL: https://www.facebook.com/epicenterbg

Search URL Search Domain Scan URL

URL: https://www.youtube.com/channel/UCtt5ZL4THtpP1aWsEsgIhzQ?guided_help_flow=3

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 233

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESELbYBlKDpxz9-scpnptoND4&google_cver=1

Request Chain 234

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZO9KDd-4imj.QXiIdBLSCAAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEDRhRMyOZxQAIMvnrPshAFs&google_cver=1&google_hm=2

Request Chain 235

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESEJVOGmf84xH3wbO0jJTufVk&google_cver=1 HTTP 307
https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESEJVOGmf84xH3wbO0jJTufVk%26google_cver%3D1

Request Chain 236

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 307
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MjkwNDQ2MjM4NDE3OTU2MDE5Mg%3D%3D

Request Chain 237

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESELbYBlKDpxz9-scpnptoND4&google_cver=1

Request Chain 238

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZO9KDd-4imj.QXiIdBLSCAAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEDRhRMyOZxQAIMvnrPshAFs&google_cver=1&google_hm=2

Request Chain 239

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESEJVOGmf84xH3wbO0jJTufVk&google_cver=1 HTTP 307
https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESEJVOGmf84xH3wbO0jJTufVk%26google_cver%3D1

Request Chain 240

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 307
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MjkwNDQ2MjM4NDE3OTU2MDE5Mg%3D%3D

Request Chain 241

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEDRhRMyOZxQAIMvnrPshAFs&google_cver=1

Request Chain 242

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZO9KDd-4imj.QXiIdBLSCAAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEDRhRMyOZxQAIMvnrPshAFs&google_cver=1&google_hm=2

Request Chain 243

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESEJVOGmf84xH3wbO0jJTufVk&google_cver=1 HTTP 307
https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESEJVOGmf84xH3wbO0jJTufVk%26google_cver%3D1

Request Chain 244

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 307
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MTEyOTAwMTkyMjc2MDUzNDg4

Request Chain 248

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEDRhRMyOZxQAIMvnrPshAFs&google_cver=1

Request Chain 249

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZO9KDd-4imj.QXiIdBLSCAAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEDRhRMyOZxQAIMvnrPshAFs&google_cver=1&google_hm=2

Request Chain 250

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESEJVOGmf84xH3wbO0jJTufVk&google_cver=1 HTTP 307
https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESEJVOGmf84xH3wbO0jJTufVk%26google_cver%3D1

Request Chain 251

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 307
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NDEzMjExMjg2ODEwNTA5NjcwMA%3D%3D

Request Chain 252

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEDRhRMyOZxQAIMvnrPshAFs&google_cver=1

Request Chain 253

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZO9KDd-4imj.QXiIdBLSCAAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEDRhRMyOZxQAIMvnrPshAFs&google_cver=1&google_hm=2

Request Chain 254

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESEJVOGmf84xH3wbO0jJTufVk&google_cver=1 HTTP 307
https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESEJVOGmf84xH3wbO0jJTufVk%26google_cver%3D1

Request Chain 255

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 307
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MzExNjcxOTQwMzYxMzkyMjIzMQ%3D%3D

Request Chain 256

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEDRhRMyOZxQAIMvnrPshAFs&google_cver=1

Request Chain 257

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZO9KDd-4imj.QXiIdBLSCAAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEDRhRMyOZxQAIMvnrPshAFs&google_cver=1&google_hm=2

Request Chain 258

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESEJVOGmf84xH3wbO0jJTufVk&google_cver=1 HTTP 307
https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESEJVOGmf84xH3wbO0jJTufVk%26google_cver%3D1

Request Chain 259

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 307
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MTEyOTAwMTkyMjc2MDUzNDg4

Request Chain 260

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEDRhRMyOZxQAIMvnrPshAFs&google_cver=1

Request Chain 261

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZO9KDd-4imj.QXiIdBLSCAAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEDRhRMyOZxQAIMvnrPshAFs&google_cver=1&google_hm=2

Request Chain 262

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESEJVOGmf84xH3wbO0jJTufVk&google_cver=1 HTTP 307
https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESEJVOGmf84xH3wbO0jJTufVk%26google_cver%3D1

Request Chain 263

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 307
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MjkwNDQ2MjM4NDE3OTU2MDE5Mg%3D%3D

Request Chain 264

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEDRhRMyOZxQAIMvnrPshAFs&google_cver=1

Request Chain 265

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZO9KDd-4imj.QXiIdBLSCAAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEDRhRMyOZxQAIMvnrPshAFs&google_cver=1&google_hm=2

Request Chain 266

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESEJVOGmf84xH3wbO0jJTufVk&google_cver=1 HTTP 307
https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESEJVOGmf84xH3wbO0jJTufVk%26google_cver%3D1

Request Chain 267

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 307
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MjkwNDQ2MjM4NDE3OTU2MDE5Mg%3D%3D

Request Chain 268

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_dbm HTTP 302
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESENBLQ06rTvouKKWrYLYxPm8&google_cver=1

Request Chain 270

https://cm.g.doubleclick.net/pixel?google_nid=teadstv_dbm&google_cm&google_dbm HTTP 302
https://sync.teads.tv/um?eid=3&uid=CAESEGMxowaR2ryII3ia37h3znc&google_cver=1

Request Chain 272

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_dbm HTTP 302
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESENBLQ06rTvouKKWrYLYxPm8&google_cver=1

Request Chain 274

https://cm.g.doubleclick.net/pixel?google_nid=teadstv_dbm&google_cm&google_dbm HTTP 302
https://sync.teads.tv/um?eid=3&uid=CAESEGMxowaR2ryII3ia37h3znc&google_cver=1

Request Chain 276

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_dbm HTTP 302
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESENBLQ06rTvouKKWrYLYxPm8&google_cver=1

Request Chain 278

https://cm.g.doubleclick.net/pixel?google_nid=teadstv_dbm&google_cm&google_dbm HTTP 302
https://sync.teads.tv/um?eid=3&uid=CAESEGMxowaR2ryII3ia37h3znc&google_cver=1

Request Chain 280

https://cm.g.doubleclick.net/pixel?google_nid=spotxchange_dbm&google_cm&google_dbm HTTP 302
https://sync.search.spotxchange.com/partner?adv_id=7025&uid=CAESEEw65sDJqqI19FsR0faER_o&google_cver=1

Request Chain 353

https://hal900012.redintelligence.net/request.php?zone=jf2y0amzcvu0&nw=20&renderingType=javascript&namespace=9c910844d3&subid=&uid=5212bf25e8e84852&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=300x600&scrollPos=0x0&extData[]=&extVar[]=DV360_SSP%3A1&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCgEnvDErvZNmeDtKWgAffzr3gC6blvaBpvZicp8kP8C4QASCglrcuYJWK-4GUB8gBCakCAHcZnNREsj6oAwHIA5sEqgThAU_Qj3UX1REfgZDDgNFqLL341ujw02yDXUNLAyYPLA1Y5FXR8ZYL-ayNRQxE3KmsXaSkAmPRR7FyIwm5wMOldWzqGDzq7R7_jjfh5ByAU5TWKOgltfMbrQLdf40-LftMIjDp3UqpBsYUIXUzO0gpe53b4n-S4B1V8jZwgpY2spE9lthtrh_vUdwOfx19ME7i4uvSs3y6kFQ7bnT9JHHjmxPz2F952UKvR37ped2DtgX_JrjuKAu2JcVVdNAjeNXpU6XIwbIbY3WWBsIlYpkyucbNoq_j0Zv7pqrg65UN3JwD4cAE64_8jvcD4AQDiAXvr5aIPpAGAaAGTYAHrK31nwOoB9m2sQKoB47OG6gHk9gbqAfulrECqAf-nrECqAeko7ECqAfVyRuoB6a-G6gHmgaoB_PRG6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggWCIDhgBAQARgdMgKqAjoCgEBIvf3BOoAKAZgLAcgLAYAMAaoNAkRFyA0BsBPMnNkS0BMA2BMDiBQB2BQB0BUB-BYBgBcB%26ae%3D1%26gclid%3DEAIaIQobChMI2dSEncSEgQMVUgvgCh1fZw-8EAEYASAAEgIyDvD_BwE%26num%3D1%26cid%3DCAQSTABpAlJWjiLC6cN0y6Af-KVXk8DBkmSzEAbYcieNmu4lAVz1VLLZ_paAOVfDx0eYlW3te2SyfTWQ_evKRIWjp9kxnT6cOhSshvccfd0YAQ%26sig%3DAOD64_1dSeSYzc5Q-cHiuMow1imZ-mmL5A%26client%3Dca-pub-8786690744144524%26dbm_c%3DAKAmf-BclZsSCanrx5fdkjSVgq8_vXmWk8RVPhkIw0SsDgKATYRVTDKfNfhQJ2daFqzVU2xO-wq14PvzYEaUks7VUZndFXxraA729mtBdXGnX-6YLuRDGmJZO6hiVs4K6tGQ8fdvqCm465err4j6av0KM6-OwdYmqxSfReo8TmbWi3t4Fy5tUtc%26cry%3D1%26dbm_d%3DAKAmf-CX_5CfTTarLSqMLrvPHXtndf2X2KbIDGukP67pzwWdzLDxN8x1tHC5Kg62poyD4-821zFLZP8P4tEmqaVVXDoJQ58IJkhvLZQlf-LzMmdgiSV-d3T8rhmM7sVi0qKhRMl0slw5V9X1AfXdagPQiy5lQEy2Cygt3W10qry1NCdYFSIlzICG_rm7DPV_yIthmGkLBRjDGvmO46MEB-3sMHC3k2JPtER0yf2w7ogysiu5aMd73z3X_JSoQzhPS3VrEEkO1fP08HUKXNwjjHjDSrFFpyjLScKAMGh7BeeZCws8u0IsIxFClCerakQ3IWTLGaq5ZD4zAZQ_mQVLivTYvOibaWaBaermUJQgJTomHjWtFXZyMBR9fyKd05Mi6ZZzCOiQHINssH9_6HRthzUk_hShM-PqqUViCPHXZS0yRYdJxEaIXABXO0TDmRhTccpFPRqxuiMxaXCGKhnE2jKaooJf3o2FyPmxUFx8qyu4LZJfeUAqUUxlTWPFS7ljrVZrNyApdUeH%26adurl%3D&documentReferer=https%3A%2F%2Fepicenter.bg%2F&ancestorOrigins=https%3A%2F%2Fepicenter.bg&random=7418472492515&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0 HTTP 302
https://hal900012.redintelligence.net/request.php?zone=jf2y0amzcvu0&nw=20&renderingType=javascript&namespace=9c910844d3&subid=&uid=5212bf25e8e84852&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=300x600&scrollPos=0x0&extData[]=&extVar[]=DV360_SSP%3A1&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCgEnvDErvZNmeDtKWgAffzr3gC6blvaBpvZicp8kP8C4QASCglrcuYJWK-4GUB8gBCakCAHcZnNREsj6oAwHIA5sEqgThAU_Qj3UX1REfgZDDgNFqLL341ujw02yDXUNLAyYPLA1Y5FXR8ZYL-ayNRQxE3KmsXaSkAmPRR7FyIwm5wMOldWzqGDzq7R7_jjfh5ByAU5TWKOgltfMbrQLdf40-LftMIjDp3UqpBsYUIXUzO0gpe53b4n-S4B1V8jZwgpY2spE9lthtrh_vUdwOfx19ME7i4uvSs3y6kFQ7bnT9JHHjmxPz2F952UKvR37ped2DtgX_JrjuKAu2JcVVdNAjeNXpU6XIwbIbY3WWBsIlYpkyucbNoq_j0Zv7pqrg65UN3JwD4cAE64_8jvcD4AQDiAXvr5aIPpAGAaAGTYAHrK31nwOoB9m2sQKoB47OG6gHk9gbqAfulrECqAf-nrECqAeko7ECqAfVyRuoB6a-G6gHmgaoB_PRG6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggWCIDhgBAQARgdMgKqAjoCgEBIvf3BOoAKAZgLAcgLAYAMAaoNAkRFyA0BsBPMnNkS0BMA2BMDiBQB2BQB0BUB-BYBgBcB%26ae%3D1%26gclid%3DEAIaIQobChMI2dSEncSEgQMVUgvgCh1fZw-8EAEYASAAEgIyDvD_BwE%26num%3D1%26cid%3DCAQSTABpAlJWjiLC6cN0y6Af-KVXk8DBkmSzEAbYcieNmu4lAVz1VLLZ_paAOVfDx0eYlW3te2SyfTWQ_evKRIWjp9kxnT6cOhSshvccfd0YAQ%26sig%3DAOD64_1dSeSYzc5Q-cHiuMow1imZ-mmL5A%26client%3Dca-pub-8786690744144524%26dbm_c%3DAKAmf-BclZsSCanrx5fdkjSVgq8_vXmWk8RVPhkIw0SsDgKATYRVTDKfNfhQJ2daFqzVU2xO-wq14PvzYEaUks7VUZndFXxraA729mtBdXGnX-6YLuRDGmJZO6hiVs4K6tGQ8fdvqCm465err4j6av0KM6-OwdYmqxSfReo8TmbWi3t4Fy5tUtc%26cry%3D1%26dbm_d%3DAKAmf-CX_5CfTTarLSqMLrvPHXtndf2X2KbIDGukP67pzwWdzLDxN8x1tHC5Kg62poyD4-821zFLZP8P4tEmqaVVXDoJQ58IJkhvLZQlf-LzMmdgiSV-d3T8rhmM7sVi0qKhRMl0slw5V9X1AfXdagPQiy5lQEy2Cygt3W10qry1NCdYFSIlzICG_rm7DPV_yIthmGkLBRjDGvmO46MEB-3sMHC3k2JPtER0yf2w7ogysiu5aMd73z3X_JSoQzhPS3VrEEkO1fP08HUKXNwjjHjDSrFFpyjLScKAMGh7BeeZCws8u0IsIxFClCerakQ3IWTLGaq5ZD4zAZQ_mQVLivTYvOibaWaBaermUJQgJTomHjWtFXZyMBR9fyKd05Mi6ZZzCOiQHINssH9_6HRthzUk_hShM-PqqUViCPHXZS0yRYdJxEaIXABXO0TDmRhTccpFPRqxuiMxaXCGKhnE2jKaooJf3o2FyPmxUFx8qyu4LZJfeUAqUUxlTWPFS7ljrVZrNyApdUeH%26adurl%3D&documentReferer=https%3A%2F%2Fepicenter.bg%2F&ancestorOrigins=https%3A%2F%2Fepicenter.bg&random=7418472492515&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0&uidRedirect=1

Request Chain 354

https://hal900018.redintelligence.net/request.php?zone=g72h7lz2c4az&nw=20&renderingType=javascript&namespace=e0dcb1bc8c&subid=&uid=090456174a56a46e&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=728x90&scrollPos=0x0&extData[]=&extVar[]=DV360_SSP%3A1&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCjZb9DErvZNyeDtKWgAffzr3gC6blvaBphZWcp8kP8C4QASCglrcuYJWK-4GUB8gBCakCAHcZnNREsj6oAwHIA5sEqgTjAU_Qmh9bBCPyIP8kWY36IsJzdewCN-EYWcgx_HxmMB1woY3EmRZAY5CY40WXUEF8xlCfYMalKGgnKu4sPXnDjQ6r6XxuuJyavuBCoSrAx5CrbcmgeYU91XDgYo4PR5sOSKlFu1MxiiBpnA33lIqP0nwd2C4LhaK436DHlTyzEEViS66ou-hV-c39SWDEqUWb27ORQJX_Z1PWyQb4dXSwZOw9cEGmW0jfSrkhtBjDfiTZzC3NhcoExics2aFJ1C7QVJ-zOzqsiAPUl_cIF0aATWasLWh0QUHSSV9z3HlptfqpU8oUwATrj_yO9wPgBAOIBe-vlog-kAYBoAZNgAesrfWfA6gH2baxAqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4bqAeaBqgH89EbqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCBYIgOGAEBABGB0yAqoCOgKAQEi9_cE6gAoBmAsByAsBgAwBqg0CREXIDQGwE8yc2RLQEwDYEwOIFAHYFAHQFQH4FgGAFwE%26ae%3D1%26gclid%3DEAIaIQobChMI3NSEncSEgQMVUgvgCh1fZw-8EAEYASAAEgJAhPD_BwE%26num%3D1%26cid%3DCAQSTABpAlJWjiLC6cN0y6Af-KVXk8DBkmSzEAbYcieNmu4lAVz1VLLZ_paAOVfDx0eYlW3te2SyfTWQ_evKRIWjp9kxnT6cOhSshvccfd0YAQ%26sig%3DAOD64_0Xub5oH70KO5PqjfX9bs3B1gutFw%26client%3Dca-pub-8786690744144524%26dbm_c%3DAKAmf-D0CJZisbT7xp7HGBdetBoHZk8aPsd0qPwixy1U51oT0Ywdc7u5sgLuiZCNBiWf94knWWkvSCvswjD-nlSFORD5xAKHrqtco-7U6ca4f3TeXj1tbP2mRd7lbymhHqFYeU5iCoiSefDSpC5EoRGrdvzlVtuboEEb5i4gPb9YSk8hzdfCBds%26cry%3D1%26dbm_d%3DAKAmf-Bw-qs-vM048qcIQNoFt5DPA9BX0ISU4h050Bju4hHRjnWU8HmBD1d1TEVsxi96CzXV6nO1t9HoQnG_vVP42WgxdJEoCNu_mZMdabFZdVva4C1tLZxmgL-74qb98amI7WKSVkSfHp--s4am7h484qbDupoq8jISMA8gbO_2C5hhyEOtD1S78jmYN62Rje0LG67gbKI2oMaoUQzeT7pGlJHBjQ5t2ubOEzI4lswyPQb9vqGAobaqdCfd1_zdxh92v3i_F6mLgf9j1ZqKzlHoKEQT9YbOtJNUm9FOFGFVbEl1C6E32e1RaAamQp8bSu_RFS_IXk3_qUW5MzL47wRe6ssJL7Gw7OOk6G4HfrDOuyxNP6Qpf79jbxEU9xtMqqivlMgQtUiv3VK5Vsr2nqvKK6-UvxzuBTrave-06mScbDD-UXWFSQYvPVsw-wsyiH90lMdB120aGcoSWOfKQQ3r3tLeAAQCLZzehgjEVWl18ojZ53fbV6xX0FOiSJD21hJ1XsyOFIqi%26adurl%3D&documentReferer=https%3A%2F%2Fepicenter.bg%2F&ancestorOrigins=https%3A%2F%2Fepicenter.bg&random=6696828773976&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0 HTTP 302
https://hal900018.redintelligence.net/request.php?zone=g72h7lz2c4az&nw=20&renderingType=javascript&namespace=e0dcb1bc8c&subid=&uid=090456174a56a46e&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=728x90&scrollPos=0x0&extData[]=&extVar[]=DV360_SSP%3A1&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCjZb9DErvZNyeDtKWgAffzr3gC6blvaBphZWcp8kP8C4QASCglrcuYJWK-4GUB8gBCakCAHcZnNREsj6oAwHIA5sEqgTjAU_Qmh9bBCPyIP8kWY36IsJzdewCN-EYWcgx_HxmMB1woY3EmRZAY5CY40WXUEF8xlCfYMalKGgnKu4sPXnDjQ6r6XxuuJyavuBCoSrAx5CrbcmgeYU91XDgYo4PR5sOSKlFu1MxiiBpnA33lIqP0nwd2C4LhaK436DHlTyzEEViS66ou-hV-c39SWDEqUWb27ORQJX_Z1PWyQb4dXSwZOw9cEGmW0jfSrkhtBjDfiTZzC3NhcoExics2aFJ1C7QVJ-zOzqsiAPUl_cIF0aATWasLWh0QUHSSV9z3HlptfqpU8oUwATrj_yO9wPgBAOIBe-vlog-kAYBoAZNgAesrfWfA6gH2baxAqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4bqAeaBqgH89EbqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCBYIgOGAEBABGB0yAqoCOgKAQEi9_cE6gAoBmAsByAsBgAwBqg0CREXIDQGwE8yc2RLQEwDYEwOIFAHYFAHQFQH4FgGAFwE%26ae%3D1%26gclid%3DEAIaIQobChMI3NSEncSEgQMVUgvgCh1fZw-8EAEYASAAEgJAhPD_BwE%26num%3D1%26cid%3DCAQSTABpAlJWjiLC6cN0y6Af-KVXk8DBkmSzEAbYcieNmu4lAVz1VLLZ_paAOVfDx0eYlW3te2SyfTWQ_evKRIWjp9kxnT6cOhSshvccfd0YAQ%26sig%3DAOD64_0Xub5oH70KO5PqjfX9bs3B1gutFw%26client%3Dca-pub-8786690744144524%26dbm_c%3DAKAmf-D0CJZisbT7xp7HGBdetBoHZk8aPsd0qPwixy1U51oT0Ywdc7u5sgLuiZCNBiWf94knWWkvSCvswjD-nlSFORD5xAKHrqtco-7U6ca4f3TeXj1tbP2mRd7lbymhHqFYeU5iCoiSefDSpC5EoRGrdvzlVtuboEEb5i4gPb9YSk8hzdfCBds%26cry%3D1%26dbm_d%3DAKAmf-Bw-qs-vM048qcIQNoFt5DPA9BX0ISU4h050Bju4hHRjnWU8HmBD1d1TEVsxi96CzXV6nO1t9HoQnG_vVP42WgxdJEoCNu_mZMdabFZdVva4C1tLZxmgL-74qb98amI7WKSVkSfHp--s4am7h484qbDupoq8jISMA8gbO_2C5hhyEOtD1S78jmYN62Rje0LG67gbKI2oMaoUQzeT7pGlJHBjQ5t2ubOEzI4lswyPQb9vqGAobaqdCfd1_zdxh92v3i_F6mLgf9j1ZqKzlHoKEQT9YbOtJNUm9FOFGFVbEl1C6E32e1RaAamQp8bSu_RFS_IXk3_qUW5MzL47wRe6ssJL7Gw7OOk6G4HfrDOuyxNP6Qpf79jbxEU9xtMqqivlMgQtUiv3VK5Vsr2nqvKK6-UvxzuBTrave-06mScbDD-UXWFSQYvPVsw-wsyiH90lMdB120aGcoSWOfKQQ3r3tLeAAQCLZzehgjEVWl18ojZ53fbV6xX0FOiSJD21hJ1XsyOFIqi%26adurl%3D&documentReferer=https%3A%2F%2Fepicenter.bg%2F&ancestorOrigins=https%3A%2F%2Fepicenter.bg&random=6696828773976&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0&uidRedirect=1

Request Chain 355

https://hal900010.redintelligence.net/request.php?zone=g72h7lz2c4az&nw=20&renderingType=javascript&namespace=d35d966b62&subid=&uid=f187d17bbc334c70&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=728x90&scrollPos=0x0&extData[]=&extVar[]=DV360_SSP%3A1&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCPsDODErvZNueDtKWgAffzr3gC6blvaBphZWcp8kP8C4QASCglrcuYJWK-4GUB8gBCakCAHcZnNREsj6oAwHIA5sEqgTjAU_QvOms8IisSeCve-__4gSEnvAzlgesxogxBpHvMhCA8_sJQlycGZVc0MuXlykKSkNnEw1gyY--F2zuL7-mmOJJeCPYjPLs_J_ujPukxD20KrgWcGs8c_pB2vfzLKcTdnccgiHPYTg4Tjt-s8VcEg8W3fo4n9JuF9QzcAQmBj1rep_j03KnpELJq2GFNv6tYw0Hcf3-8XTXeaUZ7GEgRmQ1XD5V48lw-F6CvEdYUXi-rqQX83kqsd5dv0GSd4X5CFkGyFvY2NBxRKHCz2sjurWh73aSkVTRg1JUHaU04x5BuIYqwATrj_yO9wPgBAOIBe-vlog-kAYBoAZNgAesrfWfA6gH2baxAqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4bqAeaBqgH89EbqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCBYIgOGAEBABGB0yAqoCOgKAQEi9_cE6gAoBmAsByAsBgAwBqg0CREXIDQGwE8yc2RLQEwDYEwOIFAHYFAHQFQH4FgGAFwE%26ae%3D1%26gclid%3DEAIaIQobChMI29SEncSEgQMVUgvgCh1fZw-8EAEYASAAEgKZavD_BwE%26num%3D1%26cid%3DCAQSTABpAlJWjiLC6cN0y6Af-KVXk8DBkmSzEAbYcieNmu4lAVz1VLLZ_paAOVfDx0eYlW3te2SyfTWQ_evKRIWjp9kxnT6cOhSshvccfd0YAQ%26sig%3DAOD64_31UEvVHYKrXrBo5mT4EbNlyduduQ%26client%3Dca-pub-8786690744144524%26dbm_c%3DAKAmf-Czolb8RHcrCnoHqUEYCU2p3iPn8sy75wqVFhF-SNutxQ6dAjQjGrrOALFNV75dLhBskM2nxMR5zpcCdIU1XblvKisZo4mxN0G8rH_v05vymgmE3RMMHZEelbzoZlag4fsum0lVXhTT1GdL3BoPgaQwEnFPxMOh3qpuxpMYgZTAdMh0QgA%26cry%3D1%26dbm_d%3DAKAmf-CS0gdS9VSlOB3rHFSA0iitUBBx24gRHAEl0rWEjz6fLlQL90uZf-8YPeOKcD070KVIh9NAB7bweNDO7FgcYksvES5xFZ1Up8D55xZ_hXZqYeqDG6wDzYeByWDef3b96cPz0cuPiC2MUOenGmEOHuLknMxV_d1xDpqJ47Y2pJwNl_zPDrzW54wSFm9NRRfMcTGToKOWYJuJgpynKyHXtJyfy642xfw4M6XGYqkrU-jiobi8bQT_WORSdl7FqmkAom0itQheC7zuqvQjzQDJibJAxFHxdsmKFwRev0mWvrsspj41vEJ2RXm4a8KApvCVUiiKt2gmXjDAm448q-vA6WUuR-lNRKMgnAJi5Sk0TNta0CJ9bTCCi7CVUT0aw9ZH8-ea0mPSX_06-pm3TyIlD889LGu0TzSHsi4OWwfNciVlse9HmPJ8QFL--0A7lzZ6p-mzGmNdEdLtrPUTyxlzJGEzsAJBjw4vSkz1HEBzh_p9B4MpamdjueVsAmOTMiFHtHtEnwVR%26adurl%3D&documentReferer=https%3A%2F%2Fepicenter.bg%2F&ancestorOrigins=https%3A%2F%2Fepicenter.bg&random=2926690851918&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0 HTTP 302
https://hal900010.redintelligence.net/request.php?zone=g72h7lz2c4az&nw=20&renderingType=javascript&namespace=d35d966b62&subid=&uid=f187d17bbc334c70&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=728x90&scrollPos=0x0&extData[]=&extVar[]=DV360_SSP%3A1&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCPsDODErvZNueDtKWgAffzr3gC6blvaBphZWcp8kP8C4QASCglrcuYJWK-4GUB8gBCakCAHcZnNREsj6oAwHIA5sEqgTjAU_QvOms8IisSeCve-__4gSEnvAzlgesxogxBpHvMhCA8_sJQlycGZVc0MuXlykKSkNnEw1gyY--F2zuL7-mmOJJeCPYjPLs_J_ujPukxD20KrgWcGs8c_pB2vfzLKcTdnccgiHPYTg4Tjt-s8VcEg8W3fo4n9JuF9QzcAQmBj1rep_j03KnpELJq2GFNv6tYw0Hcf3-8XTXeaUZ7GEgRmQ1XD5V48lw-F6CvEdYUXi-rqQX83kqsd5dv0GSd4X5CFkGyFvY2NBxRKHCz2sjurWh73aSkVTRg1JUHaU04x5BuIYqwATrj_yO9wPgBAOIBe-vlog-kAYBoAZNgAesrfWfA6gH2baxAqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4bqAeaBqgH89EbqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCBYIgOGAEBABGB0yAqoCOgKAQEi9_cE6gAoBmAsByAsBgAwBqg0CREXIDQGwE8yc2RLQEwDYEwOIFAHYFAHQFQH4FgGAFwE%26ae%3D1%26gclid%3DEAIaIQobChMI29SEncSEgQMVUgvgCh1fZw-8EAEYASAAEgKZavD_BwE%26num%3D1%26cid%3DCAQSTABpAlJWjiLC6cN0y6Af-KVXk8DBkmSzEAbYcieNmu4lAVz1VLLZ_paAOVfDx0eYlW3te2SyfTWQ_evKRIWjp9kxnT6cOhSshvccfd0YAQ%26sig%3DAOD64_31UEvVHYKrXrBo5mT4EbNlyduduQ%26client%3Dca-pub-8786690744144524%26dbm_c%3DAKAmf-Czolb8RHcrCnoHqUEYCU2p3iPn8sy75wqVFhF-SNutxQ6dAjQjGrrOALFNV75dLhBskM2nxMR5zpcCdIU1XblvKisZo4mxN0G8rH_v05vymgmE3RMMHZEelbzoZlag4fsum0lVXhTT1GdL3BoPgaQwEnFPxMOh3qpuxpMYgZTAdMh0QgA%26cry%3D1%26dbm_d%3DAKAmf-CS0gdS9VSlOB3rHFSA0iitUBBx24gRHAEl0rWEjz6fLlQL90uZf-8YPeOKcD070KVIh9NAB7bweNDO7FgcYksvES5xFZ1Up8D55xZ_hXZqYeqDG6wDzYeByWDef3b96cPz0cuPiC2MUOenGmEOHuLknMxV_d1xDpqJ47Y2pJwNl_zPDrzW54wSFm9NRRfMcTGToKOWYJuJgpynKyHXtJyfy642xfw4M6XGYqkrU-jiobi8bQT_WORSdl7FqmkAom0itQheC7zuqvQjzQDJibJAxFHxdsmKFwRev0mWvrsspj41vEJ2RXm4a8KApvCVUiiKt2gmXjDAm448q-vA6WUuR-lNRKMgnAJi5Sk0TNta0CJ9bTCCi7CVUT0aw9ZH8-ea0mPSX_06-pm3TyIlD889LGu0TzSHsi4OWwfNciVlse9HmPJ8QFL--0A7lzZ6p-mzGmNdEdLtrPUTyxlzJGEzsAJBjw4vSkz1HEBzh_p9B4MpamdjueVsAmOTMiFHtHtEnwVR%26adurl%3D&documentReferer=https%3A%2F%2Fepicenter.bg%2F&ancestorOrigins=https%3A%2F%2Fepicenter.bg&random=2926690851918&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0&uidRedirect=1

Request Chain 356

https://hal900017.redintelligence.net/request.php?zone=g72h7lz2c4az&nw=20&renderingType=javascript&namespace=03e92d79e8&subid=&uid=5803dbedce46688e&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=728x90&scrollPos=0x0&extData[]=&extVar[]=DV360_SSP%3A1&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCqkRbDErvZOCeDtKWgAffzr3gC6blvaBphZWcp8kP8C4QASCglrcuYJWK-4GUB8gBCakCAHcZnNREsj6oAwHIA5sEqgTjAU_QwNxbqvHJyv9nknu14ztYQEuwKKSApdTG4bn-FZNkuiMEzo4mZTKVS0vC8rwhmEnXIoT0zkMo_5fSgt8QzpHLmbnHKI0MYx5tD7e2vpAIwS7t62--3av-KOLJTGNRuhvEoZ3Hu-LOgjh5GSarwWC6Yijfc7qm3lEU386FWCDKk00Y-GDMcu67SqORC6Y2fN6W9SfdItki-pPq_sU4Xi_DUZ45MVLmpWhyg7zs73ikDtUgppDVGXUGJz9MJV-ELjn0UXcNLOtsf3Cn07icXhguqF-5uwCWUE-eyOrXkEn5-j6xwATrj_yO9wPgBAOIBe-vlog-kAYBoAZNgAesrfWfA6gH2baxAqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4bqAeaBqgH89EbqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCBYIgOGAEBABGB0yAqoCOgKAQEi9_cE6gAoBmAsByAsBgAwBqg0CREXIDQGwE8yc2RLQEwDYEwOIFAHYFAHQFQH4FgGAFwE%26ae%3D1%26gclid%3DEAIaIQobChMI4NSEncSEgQMVUgvgCh1fZw-8EAEYASAAEgJ51vD_BwE%26num%3D1%26cid%3DCAQSTABpAlJWjiLC6cN0y6Af-KVXk8DBkmSzEAbYcieNmu4lAVz1VLLZ_paAOVfDx0eYlW3te2SyfTWQ_evKRIWjp9kxnT6cOhSshvccfd0YAQ%26sig%3DAOD64_2TP0CDPJ9UTCEyFdHT8KKcf61GBQ%26client%3Dca-pub-8786690744144524%26dbm_c%3DAKAmf-DsQ_EVf7mlm6e04YSFM4booo0DBvDCJ2MtbIoGBlZZjrcKjdEuJ9QdBAM4mriUi0BM1btTwh6ejCXjTzSVyHl4MSqEA1QwxPiL6EbzRaOpI2GoLeJ3oU5IFLQrt2qfEvVg_kaenLvJGgFO1XoRFcrwjzzMpNgb21LTTcNeNlFNILb4pp4%26cry%3D1%26dbm_d%3DAKAmf-BGdpAi27nxU2ohuIDehv-F_ARBz8CepSQDdaJg5w8e5VBNUvO2Wk7GbSXRdRAxqdqGhH9EtwSNkw9alkhfCk7q_owm3lRMKduEKK1DThQMVj1dd1x5aXLFq2J3__AW_OjZOpmQAVm3YNr2kwMj7ROqG62ll0lqkTj1VVxMW4-Yp2d3JH2NA7se1N5t8KuPn0E37k4mnIwX6wYLnghtQQH1eIhyvopSvRPiLeXze9I5WO4tsihtOOB5ySc08shZUs-vzeT5ntOFl8NdvqYwB1_s1hHDfLzAmvzrzrK-A-26mIgu0g4L1u516S3o64GRTpZrQK-8IpdWEra0Zq5V9rM3UMBsc_wyW0hMTDCOuSfb6pRiYALOkMtVsZpWNsSYod6VTmAru53V7Z5OhpnOO5I9-52DE2j0SGvBVmrxwDQlvE9T86lr1HZ9ANyD6cRZ6IJlCJt0mbGfTCygDiEVm62EQKSP8pfWEs3hzaHWOywm_TRc1OvE5r4bGSgFGw717r8gy86o%26adurl%3D&documentReferer=https%3A%2F%2Fepicenter.bg%2F&ancestorOrigins=https%3A%2F%2Fepicenter.bg&random=6486257054918&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0 HTTP 302
https://hal900017.redintelligence.net/request.php?zone=g72h7lz2c4az&nw=20&renderingType=javascript&namespace=03e92d79e8&subid=&uid=5803dbedce46688e&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=728x90&scrollPos=0x0&extData[]=&extVar[]=DV360_SSP%3A1&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCqkRbDErvZOCeDtKWgAffzr3gC6blvaBphZWcp8kP8C4QASCglrcuYJWK-4GUB8gBCakCAHcZnNREsj6oAwHIA5sEqgTjAU_QwNxbqvHJyv9nknu14ztYQEuwKKSApdTG4bn-FZNkuiMEzo4mZTKVS0vC8rwhmEnXIoT0zkMo_5fSgt8QzpHLmbnHKI0MYx5tD7e2vpAIwS7t62--3av-KOLJTGNRuhvEoZ3Hu-LOgjh5GSarwWC6Yijfc7qm3lEU386FWCDKk00Y-GDMcu67SqORC6Y2fN6W9SfdItki-pPq_sU4Xi_DUZ45MVLmpWhyg7zs73ikDtUgppDVGXUGJz9MJV-ELjn0UXcNLOtsf3Cn07icXhguqF-5uwCWUE-eyOrXkEn5-j6xwATrj_yO9wPgBAOIBe-vlog-kAYBoAZNgAesrfWfA6gH2baxAqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4bqAeaBqgH89EbqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCBYIgOGAEBABGB0yAqoCOgKAQEi9_cE6gAoBmAsByAsBgAwBqg0CREXIDQGwE8yc2RLQEwDYEwOIFAHYFAHQFQH4FgGAFwE%26ae%3D1%26gclid%3DEAIaIQobChMI4NSEncSEgQMVUgvgCh1fZw-8EAEYASAAEgJ51vD_BwE%26num%3D1%26cid%3DCAQSTABpAlJWjiLC6cN0y6Af-KVXk8DBkmSzEAbYcieNmu4lAVz1VLLZ_paAOVfDx0eYlW3te2SyfTWQ_evKRIWjp9kxnT6cOhSshvccfd0YAQ%26sig%3DAOD64_2TP0CDPJ9UTCEyFdHT8KKcf61GBQ%26client%3Dca-pub-8786690744144524%26dbm_c%3DAKAmf-DsQ_EVf7mlm6e04YSFM4booo0DBvDCJ2MtbIoGBlZZjrcKjdEuJ9QdBAM4mriUi0BM1btTwh6ejCXjTzSVyHl4MSqEA1QwxPiL6EbzRaOpI2GoLeJ3oU5IFLQrt2qfEvVg_kaenLvJGgFO1XoRFcrwjzzMpNgb21LTTcNeNlFNILb4pp4%26cry%3D1%26dbm_d%3DAKAmf-BGdpAi27nxU2ohuIDehv-F_ARBz8CepSQDdaJg5w8e5VBNUvO2Wk7GbSXRdRAxqdqGhH9EtwSNkw9alkhfCk7q_owm3lRMKduEKK1DThQMVj1dd1x5aXLFq2J3__AW_OjZOpmQAVm3YNr2kwMj7ROqG62ll0lqkTj1VVxMW4-Yp2d3JH2NA7se1N5t8KuPn0E37k4mnIwX6wYLnghtQQH1eIhyvopSvRPiLeXze9I5WO4tsihtOOB5ySc08shZUs-vzeT5ntOFl8NdvqYwB1_s1hHDfLzAmvzrzrK-A-26mIgu0g4L1u516S3o64GRTpZrQK-8IpdWEra0Zq5V9rM3UMBsc_wyW0hMTDCOuSfb6pRiYALOkMtVsZpWNsSYod6VTmAru53V7Z5OhpnOO5I9-52DE2j0SGvBVmrxwDQlvE9T86lr1HZ9ANyD6cRZ6IJlCJt0mbGfTCygDiEVm62EQKSP8pfWEs3hzaHWOywm_TRc1OvE5r4bGSgFGw717r8gy86o%26adurl%3D&documentReferer=https%3A%2F%2Fepicenter.bg%2F&ancestorOrigins=https%3A%2F%2Fepicenter.bg&random=6486257054918&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0&uidRedirect=1

Request Chain 357

https://hal90007.redintelligence.net/request.php?zone=iju9wczm8trb&nw=20&renderingType=javascript&namespace=f305f2f53d&subid=&uid=be685c864a12fd7a&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=300x250&scrollPos=0x0&extData[]=&extVar[]=DV360_SSP%3A1&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCezr4DErvZNqeDtKWgAffzr3gC6blvaBprZWcp8kP8C4QASCglrcuYJWK-4GUB8gBCakCAHcZnNREsj6oAwHIA5sEqgTnAU_QkdHp1M4c3fOvzHQQySPbZbmSXNxwXrdpdDOz5YVQtUzjYUXDkbZA1i200ETqESmDYeSK_ldmk0CqNtBuruOulPwXpOS8tJxqkryJ8bC1Lz0NSo1d5rEMamLR72EL7M6M3_cy_1E5OzHLM-AO4F13MXV9YmZkFIsx37yMmAq4xCsx4gbIMDA2Epf1r13SzVk2TeD-w4Id4Y7I0o7GClRFS579R6n9R0LVMckpdpjjEGnD6XvJ4s1_vTvAp1ASLuaf-_x418bFvDLZR4DVV8RLbc11qgpbyeJnPiH4R2IXl-2EBGWtkcAE64_8jvcD4AQDiAXvr5aIPpAGAaAGTYAHrK31nwOoB9m2sQKoB47OG6gHk9gbqAfulrECqAf-nrECqAeko7ECqAfVyRuoB6a-G6gHmgaoB_PRG6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggWCIDhgBAQARgdMgKqAjoCgEBIvf3BOoAKAZgLAcgLAYAMAaoNAkRFyA0BsBPMnNkS0BMA2BMDiBQB2BQB0BUB-BYBgBcB%26ae%3D1%26gclid%3DEAIaIQobChMI2tSEncSEgQMVUgvgCh1fZw-8EAEYASAAEgLFRfD_BwE%26num%3D1%26cid%3DCAQSTABpAlJWjiLC6cN0y6Af-KVXk8DBkmSzEAbYcieNmu4lAVz1VLLZ_paAOVfDx0eYlW3te2SyfTWQ_evKRIWjp9kxnT6cOhSshvccfd0YAQ%26sig%3DAOD64_0lQRz0i9QvMW_r9FBdk8WuhiBsNg%26client%3Dca-pub-8786690744144524%26dbm_c%3DAKAmf-CtgoUckJmMNe_KcBhilP0I-HI-wa91kV92X7ndm6ONanqWd2Sf7-z-3wiF2HaBOWYyZl1jhBL40--2JMarzLKbbTpeiS2KzjmeN6cTi6IZzFU36uAol8u5Vu9L3ZtxRNzuu0T9H2zhfnGvw-0WFGnp-xk-I5TouUUz8ZhmZqlvnaNbMvg%26cry%3D1%26dbm_d%3DAKAmf-C8CwT9EclNpTA712891HeasXNIBNzPgeJCL17I6X1Wz3UYwJQ5e7C6R3hE5Ykd_QNn6MNM4BLc0ArvYxZUVVwk6S-t-ixp1hXrDOIDTXAaA4e1gfeqSf7_ztxBrB-0_BrFd-u-povDGRwVyloz06-HSHmNWOdljN5PIKyNfrCYHX3KRl3wmFaf_ncgWBjgL41-wJIgJoctNT6NYlJvwsGHXn6rXDZkBL5S9m6UymVVjzbSfmA02e0KtuurtrPGignfgKvmGT0V_137BZF2A9Z7ytxTyz0Efi3CYgHk6ril4MygYcRQamV6uwGi2LKXxVuqIwYf9rKqN9uZezrWcloWnbU30BzlwLFHHcLyn8_HA29zR8aBB3ZP8bDNrSEmbV27E9RExZ8TZV_IG8XT5elZEJNr3bslShmkHl1LdfISFm-_X_W7AXtt0in4YX-BebvxQ8ji7Jz_tUeWmnk82g26JIx1QMFv5xSQ4ZgGcbr_TZl0cJhFD0S6dLYMXaUwE2txm_L9%26adurl%3D&documentReferer=https%3A%2F%2Fepicenter.bg%2F&ancestorOrigins=https%3A%2F%2Fepicenter.bg&random=9292062750335&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0 HTTP 302
https://hal90007.redintelligence.net/request.php?zone=iju9wczm8trb&nw=20&renderingType=javascript&namespace=f305f2f53d&subid=&uid=be685c864a12fd7a&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=300x250&scrollPos=0x0&extData[]=&extVar[]=DV360_SSP%3A1&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCezr4DErvZNqeDtKWgAffzr3gC6blvaBprZWcp8kP8C4QASCglrcuYJWK-4GUB8gBCakCAHcZnNREsj6oAwHIA5sEqgTnAU_QkdHp1M4c3fOvzHQQySPbZbmSXNxwXrdpdDOz5YVQtUzjYUXDkbZA1i200ETqESmDYeSK_ldmk0CqNtBuruOulPwXpOS8tJxqkryJ8bC1Lz0NSo1d5rEMamLR72EL7M6M3_cy_1E5OzHLM-AO4F13MXV9YmZkFIsx37yMmAq4xCsx4gbIMDA2Epf1r13SzVk2TeD-w4Id4Y7I0o7GClRFS579R6n9R0LVMckpdpjjEGnD6XvJ4s1_vTvAp1ASLuaf-_x418bFvDLZR4DVV8RLbc11qgpbyeJnPiH4R2IXl-2EBGWtkcAE64_8jvcD4AQDiAXvr5aIPpAGAaAGTYAHrK31nwOoB9m2sQKoB47OG6gHk9gbqAfulrECqAf-nrECqAeko7ECqAfVyRuoB6a-G6gHmgaoB_PRG6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggWCIDhgBAQARgdMgKqAjoCgEBIvf3BOoAKAZgLAcgLAYAMAaoNAkRFyA0BsBPMnNkS0BMA2BMDiBQB2BQB0BUB-BYBgBcB%26ae%3D1%26gclid%3DEAIaIQobChMI2tSEncSEgQMVUgvgCh1fZw-8EAEYASAAEgLFRfD_BwE%26num%3D1%26cid%3DCAQSTABpAlJWjiLC6cN0y6Af-KVXk8DBkmSzEAbYcieNmu4lAVz1VLLZ_paAOVfDx0eYlW3te2SyfTWQ_evKRIWjp9kxnT6cOhSshvccfd0YAQ%26sig%3DAOD64_0lQRz0i9QvMW_r9FBdk8WuhiBsNg%26client%3Dca-pub-8786690744144524%26dbm_c%3DAKAmf-CtgoUckJmMNe_KcBhilP0I-HI-wa91kV92X7ndm6ONanqWd2Sf7-z-3wiF2HaBOWYyZl1jhBL40--2JMarzLKbbTpeiS2KzjmeN6cTi6IZzFU36uAol8u5Vu9L3ZtxRNzuu0T9H2zhfnGvw-0WFGnp-xk-I5TouUUz8ZhmZqlvnaNbMvg%26cry%3D1%26dbm_d%3DAKAmf-C8CwT9EclNpTA712891HeasXNIBNzPgeJCL17I6X1Wz3UYwJQ5e7C6R3hE5Ykd_QNn6MNM4BLc0ArvYxZUVVwk6S-t-ixp1hXrDOIDTXAaA4e1gfeqSf7_ztxBrB-0_BrFd-u-povDGRwVyloz06-HSHmNWOdljN5PIKyNfrCYHX3KRl3wmFaf_ncgWBjgL41-wJIgJoctNT6NYlJvwsGHXn6rXDZkBL5S9m6UymVVjzbSfmA02e0KtuurtrPGignfgKvmGT0V_137BZF2A9Z7ytxTyz0Efi3CYgHk6ril4MygYcRQamV6uwGi2LKXxVuqIwYf9rKqN9uZezrWcloWnbU30BzlwLFHHcLyn8_HA29zR8aBB3ZP8bDNrSEmbV27E9RExZ8TZV_IG8XT5elZEJNr3bslShmkHl1LdfISFm-_X_W7AXtt0in4YX-BebvxQ8ji7Jz_tUeWmnk82g26JIx1QMFv5xSQ4ZgGcbr_TZl0cJhFD0S6dLYMXaUwE2txm_L9%26adurl%3D&documentReferer=https%3A%2F%2Fepicenter.bg%2F&ancestorOrigins=https%3A%2F%2Fepicenter.bg&random=9292062750335&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0&uidRedirect=1

Request Chain 358

https://hal90003.redintelligence.net/request.php?zone=g72h7lz2c4az&nw=20&renderingType=javascript&namespace=a42144d2b5&subid=&uid=62e2d4bc5bcaf556&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=728x90&scrollPos=0x0&extData[]=&extVar[]=DV360_SSP%3A1&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCT-lmDErvZN6eDtKWgAffzr3gC6blvaBphZWcp8kP8C4QASCglrcuYJWK-4GUB8gBCakCAHcZnNREsj6oAwHIA5sEqgTjAU_QZmJoj1sU8VLDfUui8EzRkrEPG3PIVmK8kX6P7t_hrmWKkxVxZ32BOXkFsXwOOY8WlAggDYYjrIIV65FgmL8ufqbHg_YBBLzv3FS6p5W6ojU-32DsJbvoWcVsTt_5G30YzPuCC7TaR8G3n4V8jl2dosqldu0rCaxm4KymlKKuyDMaqr839HmqCgE6uq-8IGCQJ-H9IKi0D-2SgQFhvgvJQ-6cg9gAETihvbkWHu98iYTTVrccq2CZkYmDQ5Gb_ovaYGHLvxAdtAVWOGbml2Q2QK_Y817LIL06oQv5Xjgu43F7wATrj_yO9wPgBAOIBe-vlog-kAYBoAZNgAesrfWfA6gH2baxAqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4bqAeaBqgH89EbqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCBYIgOGAEBABGB0yAqoCOgKAQEi9_cE6gAoBmAsByAsBgAwBqg0CREXIDQGwE8yc2RLQEwDYEwOIFAHYFAHQFQH4FgGAFwE%26ae%3D1%26gclid%3DEAIaIQobChMI3tSEncSEgQMVUgvgCh1fZw-8EAEYASAAEgJRx_D_BwE%26num%3D1%26cid%3DCAQSTABpAlJWjiLC6cN0y6Af-KVXk8DBkmSzEAbYcieNmu4lAVz1VLLZ_paAOVfDx0eYlW3te2SyfTWQ_evKRIWjp9kxnT6cOhSshvccfd0YAQ%26sig%3DAOD64_29tMNVW_mjPCR-yBSO_VweqH0CiA%26client%3Dca-pub-8786690744144524%26dbm_c%3DAKAmf-DWHSGISQvTQKGCmY_XYv41qxjzH0FQ-7XppZ7oTJRHuAHpq_eVuDbyyIlRlZi5WU5eoCugfBUGaMWZea_5dAN4QPF6grEOM2onQkI9P6G2xoXecYEJeuEr6lzajPIsKZMYAsE_fh3rBV8I_zY35Ht0AQMwRyGx_Wzy4N3alb2n4cr5zXs%26cry%3D1%26dbm_d%3DAKAmf-Dd0BI2lrjhpH3e5IZPWwzCldIgJfImWdzwAaKzAb9kJzd4bgrOHyXL6NRI_QPNvizawvyZmpT2U5fLDE_efQvW1_hS8fQa-TSQbUil-0HpC6oRLWPvvYaLmqP7klg-HXGSIPA1tHV2tLcpGAvvN4hFzPxRjekJuWw_bvBVFNqjIW5HcofxAG-CyRBtxszIBIqofrDzSKvo5Hx8IBjNgKIrhhWzfI94E27u8oNlx7IP3J42-X_NNAAvnyI8td-SuTyXGpEaxHqMk9po6dJIrrvrZEiIbaB2GcVolhsMiCbwtZz-L9i25fNmoeayIi_tOd-ZRUpidt1OxTs3azQj_5Ve7N8gjpVScD8NpjDg32TFODbxmlDjRzKgYKoxG8fyRcho955shk0O_R9W_Evrc-mTuIy7Y8FHLuCRXfgTKUTFUVXUgvdJH6L2enHS-Kwavhcqss7QWmWS2B51r7Iw8hkcNWt2n9tYnu9E-a-_PUN05Gs8Yh-faN_ZPuYnNpXTnjVMZay2%26adurl%3D&documentReferer=https%3A%2F%2Fepicenter.bg%2F&ancestorOrigins=https%3A%2F%2Fepicenter.bg&random=2484091572668&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0 HTTP 302
https://hal90003.redintelligence.net/request.php?zone=g72h7lz2c4az&nw=20&renderingType=javascript&namespace=a42144d2b5&subid=&uid=62e2d4bc5bcaf556&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=728x90&scrollPos=0x0&extData[]=&extVar[]=DV360_SSP%3A1&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCT-lmDErvZN6eDtKWgAffzr3gC6blvaBphZWcp8kP8C4QASCglrcuYJWK-4GUB8gBCakCAHcZnNREsj6oAwHIA5sEqgTjAU_QZmJoj1sU8VLDfUui8EzRkrEPG3PIVmK8kX6P7t_hrmWKkxVxZ32BOXkFsXwOOY8WlAggDYYjrIIV65FgmL8ufqbHg_YBBLzv3FS6p5W6ojU-32DsJbvoWcVsTt_5G30YzPuCC7TaR8G3n4V8jl2dosqldu0rCaxm4KymlKKuyDMaqr839HmqCgE6uq-8IGCQJ-H9IKi0D-2SgQFhvgvJQ-6cg9gAETihvbkWHu98iYTTVrccq2CZkYmDQ5Gb_ovaYGHLvxAdtAVWOGbml2Q2QK_Y817LIL06oQv5Xjgu43F7wATrj_yO9wPgBAOIBe-vlog-kAYBoAZNgAesrfWfA6gH2baxAqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4bqAeaBqgH89EbqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCBYIgOGAEBABGB0yAqoCOgKAQEi9_cE6gAoBmAsByAsBgAwBqg0CREXIDQGwE8yc2RLQEwDYEwOIFAHYFAHQFQH4FgGAFwE%26ae%3D1%26gclid%3DEAIaIQobChMI3tSEncSEgQMVUgvgCh1fZw-8EAEYASAAEgJRx_D_BwE%26num%3D1%26cid%3DCAQSTABpAlJWjiLC6cN0y6Af-KVXk8DBkmSzEAbYcieNmu4lAVz1VLLZ_paAOVfDx0eYlW3te2SyfTWQ_evKRIWjp9kxnT6cOhSshvccfd0YAQ%26sig%3DAOD64_29tMNVW_mjPCR-yBSO_VweqH0CiA%26client%3Dca-pub-8786690744144524%26dbm_c%3DAKAmf-DWHSGISQvTQKGCmY_XYv41qxjzH0FQ-7XppZ7oTJRHuAHpq_eVuDbyyIlRlZi5WU5eoCugfBUGaMWZea_5dAN4QPF6grEOM2onQkI9P6G2xoXecYEJeuEr6lzajPIsKZMYAsE_fh3rBV8I_zY35Ht0AQMwRyGx_Wzy4N3alb2n4cr5zXs%26cry%3D1%26dbm_d%3DAKAmf-Dd0BI2lrjhpH3e5IZPWwzCldIgJfImWdzwAaKzAb9kJzd4bgrOHyXL6NRI_QPNvizawvyZmpT2U5fLDE_efQvW1_hS8fQa-TSQbUil-0HpC6oRLWPvvYaLmqP7klg-HXGSIPA1tHV2tLcpGAvvN4hFzPxRjekJuWw_bvBVFNqjIW5HcofxAG-CyRBtxszIBIqofrDzSKvo5Hx8IBjNgKIrhhWzfI94E27u8oNlx7IP3J42-X_NNAAvnyI8td-SuTyXGpEaxHqMk9po6dJIrrvrZEiIbaB2GcVolhsMiCbwtZz-L9i25fNmoeayIi_tOd-ZRUpidt1OxTs3azQj_5Ve7N8gjpVScD8NpjDg32TFODbxmlDjRzKgYKoxG8fyRcho955shk0O_R9W_Evrc-mTuIy7Y8FHLuCRXfgTKUTFUVXUgvdJH6L2enHS-Kwavhcqss7QWmWS2B51r7Iw8hkcNWt2n9tYnu9E-a-_PUN05Gs8Yh-faN_ZPuYnNpXTnjVMZay2%26adurl%3D&documentReferer=https%3A%2F%2Fepicenter.bg%2F&ancestorOrigins=https%3A%2F%2Fepicenter.bg&random=2484091572668&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0&uidRedirect=1

Request Chain 385

https://8019191.fls.doubleclick.net/activityi;src=8019191;type=invmedia;cat=1up4h04i;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=4239880568996.5435 HTTP 302
https://8019191.fls.doubleclick.net/activityi;dc_pre=CIWInJ7EhIEDFfwJaAgdfn0E8Q;src=8019191;type=invmedia;cat=1up4h04i;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=4239880568996.5435

Request Chain 387

https://medialead.de/trck/eview/e99aace94e6e5873881d3400993e1e7e?subid=25105600103854104444550012432015&t=htlp&gdpr=1&consent=1&gdpr_consent= HTTP 302
https://pv.medialead.de/trck/eview/e99aace94e6e5873881d3400993e1e7e?subid=25105600103854104444550012432015&t=htlp&gdpr=1&consent=1&gdpr_consent=

Request Chain 392

https://8019191.fls.doubleclick.net/activityi;src=8019191;type=invmedia;cat=1up4h04i;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=537275684660.37213 HTTP 302
https://8019191.fls.doubleclick.net/activityi;dc_pre=CNyPnJ7EhIEDFYRPDQodXzQHXQ;src=8019191;type=invmedia;cat=1up4h04i;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=537275684660.37213

Request Chain 394

https://medialead.de/trck/eview/e99aace94e6e5873881d3400993e1e7e?subid=62711200102690604444978012432012&t=htlp&gdpr=1&consent=1&gdpr_consent= HTTP 302
https://pv.medialead.de/trck/eview/e99aace94e6e5873881d3400993e1e7e?subid=62711200102690604444978012432012&t=htlp&gdpr=1&consent=1&gdpr_consent=

Request Chain 399

https://8019191.fls.doubleclick.net/activityi;src=8019191;type=invmedia;cat=1up4h04i;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=1814603991219.4478 HTTP 302
https://8019191.fls.doubleclick.net/activityi;dc_pre=CKScnJ7EhIEDFQ9mDAodUCMIew;src=8019191;type=invmedia;cat=1up4h04i;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=1814603991219.4478

Request Chain 401

https://medialead.de/trck/eview/e99aace94e6e5873881d3400993e1e7e?subid=95833400106828604444550012432018&t=htlp&gdpr=1&consent=1&gdpr_consent= HTTP 302
https://pv.medialead.de/trck/eview/e99aace94e6e5873881d3400993e1e7e?subid=95833400106828604444550012432018&t=htlp&gdpr=1&consent=1&gdpr_consent=

Request Chain 406

https://8019191.fls.doubleclick.net/activityi;src=8019191;type=invmedia;cat=1up4h04i;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=2101836711718.803 HTTP 302
https://8019191.fls.doubleclick.net/activityi;dc_pre=CL-VnJ7EhIEDFRKlnwodm6cHdw;src=8019191;type=invmedia;cat=1up4h04i;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=2101836711718.803

Request Chain 408

https://medialead.de/trck/eview/e99aace94e6e5873881d3400993e1e7e?subid=18486700079872604444550012432019&t=htlp&gdpr=1&consent=1&gdpr_consent= HTTP 302
https://pv.medialead.de/trck/eview/e99aace94e6e5873881d3400993e1e7e?subid=18486700079872604444550012432019&t=htlp&gdpr=1&consent=1&gdpr_consent=

Request Chain 428

https://8019191.fls.doubleclick.net/activityi;src=8019191;type=invmedia;cat=1up4h04i;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=8405961735339.038 HTTP 302
https://8019191.fls.doubleclick.net/activityi;dc_pre=COCSnJ7EhIEDFU4MaAgdWUgHeA;src=8019191;type=invmedia;cat=1up4h04i;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=8405961735339.038

Request Chain 430

https://medialead.de/trck/eview/e99aace94e6e5873881d3400993e1e7e?subid=79536100085385804444550012432017&t=htlp&gdpr=1&consent=1&gdpr_consent= HTTP 302
https://pv.medialead.de/trck/eview/e99aace94e6e5873881d3400993e1e7e?subid=79536100085385804444550012432017&t=htlp&gdpr=1&consent=1&gdpr_consent=

Request Chain 435

https://8019191.fls.doubleclick.net/activityi;src=8019191;type=invmedia;cat=1up4h04i;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=3650034360841.283 HTTP 302
https://8019191.fls.doubleclick.net/activityi;dc_pre=CKChnJ7EhIEDFUdbDQodKlgEiQ;src=8019191;type=invmedia;cat=1up4h04i;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=3650034360841.283

Request Chain 437

https://medialead.de/trck/eview/e99aace94e6e5873881d3400993e1e7e?subid=25812900085264604444550012432010&t=htlp&gdpr=1&consent=1&gdpr_consent= HTTP 302
https://pv.medialead.de/trck/eview/e99aace94e6e5873881d3400993e1e7e?subid=25812900085264604444550012432010&t=htlp&gdpr=1&consent=1&gdpr_consent=

Request Chain 447

https://8019191.fls.doubleclick.net/activityi;src=8019191;type=invmedia;cat=1up4h04i;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=2868261829524.401 HTTP 302
https://8019191.fls.doubleclick.net/activityi;dc_pre=CLTJnJ7EhIEDFdQKaAgd4q0BaA;src=8019191;type=invmedia;cat=1up4h04i;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=2868261829524.401

Request Chain 449

https://medialead.de/trck/eview/e99aace94e6e5873881d3400993e1e7e?subid=82333400087538704444550012432003&t=htlp&gdpr=1&consent=1&gdpr_consent= HTTP 302
https://pv.medialead.de/trck/eview/e99aace94e6e5873881d3400993e1e7e?subid=82333400087538704444550012432003&t=htlp&gdpr=1&consent=1&gdpr_consent=

Request Chain 526

https://8019191.fls.doubleclick.net/activityi;src=8019191;type=invmedia;cat=1up4h04i;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=7876159110773.76 HTTP 302
https://8019191.fls.doubleclick.net/activityi;dc_pre=CL3rzZ7EhIEDFWwNaAgd-6oHew;src=8019191;type=invmedia;cat=1up4h04i;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=7876159110773.76

Request Chain 530

https://8019191.fls.doubleclick.net/activityi;src=8019191;type=invmedia;cat=1up4h04i;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=1805085479447.9521 HTTP 302
https://8019191.fls.doubleclick.net/activityi;dc_pre=CLzkz57EhIEDFd1LDQodESsCbg;src=8019191;type=invmedia;cat=1up4h04i;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=1805085479447.9521

Request Chain 534

https://8019191.fls.doubleclick.net/activityi;src=8019191;type=invmedia;cat=1up4h04i;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=1363772885949.044 HTTP 302
https://8019191.fls.doubleclick.net/activityi;dc_pre=CKDI0Z7EhIEDFchaDQod5UIAkg;src=8019191;type=invmedia;cat=1up4h04i;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=1363772885949.044

Request Chain 539

https://8019191.fls.doubleclick.net/activityi;src=8019191;type=invmedia;cat=1up4h04i;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=4986261450805.827 HTTP 302
https://8019191.fls.doubleclick.net/activityi;dc_pre=CJr11J7EhIEDFQ9DDQodClUFww;src=8019191;type=invmedia;cat=1up4h04i;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=4986261450805.827

Request Chain 543

https://5994599.fls.doubleclick.net/activityi;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=3166139025700.3296 HTTP 302
https://5994599.fls.doubleclick.net/activityi;dc_pre=COnt2Z7EhIEDFYSKnwodfbUL3g;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=3166139025700.3296

641 HTTP transactions
12 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request / Show response
epicenter.bg/ 189 KB
38 KB 299ms
141ms Document
text/html 164.138.220.34
SUPERHOSTING_AS

General

Check archive.org

Show headers Download Go to

Full URL: https://epicenter.bg/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 164.138.220.34 , Bulgaria, ASN201200 (SUPERHOSTING_AS, BG),
Reverse DNS: epicente.superdnsserver.net
Software: Apache /
Resource Hash: 7e92ad431981f21ae65a73e392fd13871de2d103a74f03cf3b2a7bf2ad47387c

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
content-encoding: gzip
content-length: 38477
content-type: text/html
date: Wed, 30 Aug 2023 13:54:18 GMT
expires: Thu, 19 Nov 1981 08:52:00 GMT
pragma: no-cache
server: Apache
vary: Accept-Encoding,User-Agent

GET
H2 200 style_new_v2.php
epicenter.bg/ 64 KB
8 KB 79ms
78ms Stylesheet
text/css 164.138.220.34
SUPERHOSTING_AS

General

Check archive.org

Show headers Download Go to

Full URL: https://epicenter.bg/style_new_v2.php?p=&cat_id=
Requested by: Host: epicenter.bg
URL: https://epicenter.bg/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 164.138.220.34 , Bulgaria, ASN201200 (SUPERHOSTING_AS, BG),
Reverse DNS: epicente.superdnsserver.net
Software: Apache /
Resource Hash: e1a858ac4d9f4fa52889b7abadc43f0cc1dd134db7cee21f702d66548fe64862

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://epicenter.bg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Wed, 30 Aug 2023 13:54:19 GMT
content-encoding: gzip
server: Apache
content-length: 8376
vary: Accept-Encoding,User-Agent
content-type: text/css; charset: UTF-8

GET
H2 200 mosaic.css
epicenter.bg/css/ 509 B
369 B 75ms
74ms Stylesheet
text/css 164.138.220.34
SUPERHOSTING_AS

General

Check archive.org

Show headers Download Go to

Full URL: https://epicenter.bg/css/mosaic.css
Requested by: Host: epicenter.bg
URL: https://epicenter.bg/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 164.138.220.34 , Bulgaria, ASN201200 (SUPERHOSTING_AS, BG),
Reverse DNS: epicente.superdnsserver.net
Software: Apache /
Resource Hash: 1a264bf0d4bbde19fdcec748219dfb73e41c71eb2a32b74a80c28aa1c7d92344

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://epicenter.bg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Wed, 30 Aug 2023 13:54:19 GMT
content-encoding: gzip
last-modified: Sun, 14 Dec 2014 15:30:05 GMT
server: Apache
vary: Accept-Encoding,User-Agent
content-type: text/css
accept-ranges: bytes
content-length: 280

GET
H2 200 jquery.fancybox.css
epicenter.bg/ 5 KB
1 KB 76ms
75ms Stylesheet
text/css 164.138.220.34
SUPERHOSTING_AS

General

Check archive.org

Show headers Download Go to

Full URL: https://epicenter.bg/jquery.fancybox.css
Requested by: Host: epicenter.bg
URL: https://epicenter.bg/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 164.138.220.34 , Bulgaria, ASN201200 (SUPERHOSTING_AS, BG),
Reverse DNS: epicente.superdnsserver.net
Software: Apache /
Resource Hash: 25bad2ab358500891778111c8fd9c6ffbb9beae21f0cbb111115258ea9bfb4b4

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://epicenter.bg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Wed, 30 Aug 2023 13:54:19 GMT
content-encoding: gzip
last-modified: Sat, 05 Sep 2015 18:36:34 GMT
server: Apache
vary: Accept-Encoding,User-Agent
content-type: text/css
accept-ranges: bytes
content-length: 1465

GET
H2 200 jquery.bxslider.css
epicenter.bg/ 4 KB
1 KB 78ms
77ms Stylesheet
text/css 164.138.220.34
SUPERHOSTING_AS

General

Check archive.org

Show headers Download Go to

Full URL: https://epicenter.bg/jquery.bxslider.css
Requested by: Host: epicenter.bg
URL: https://epicenter.bg/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 164.138.220.34 , Bulgaria, ASN201200 (SUPERHOSTING_AS, BG),
Reverse DNS: epicente.superdnsserver.net
Software: Apache /
Resource Hash: c3b9943ce253052a5f45e5db24819b8659c221f2a3bc2505f5869ab9295f58a4

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://epicenter.bg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Wed, 30 Aug 2023 13:54:19 GMT
content-encoding: gzip
last-modified: Thu, 01 Sep 2016 22:09:16 GMT
server: Apache
vary: Accept-Encoding,User-Agent
content-type: text/css
accept-ranges: bytes
content-length: 1314

GET
H2 200 mosaic.css
epicenter.bg/ 538 B
351 B 77ms
76ms Stylesheet
text/css 164.138.220.34
SUPERHOSTING_AS

General

Check archive.org

Show headers Download Go to

Full URL: https://epicenter.bg/mosaic.css
Requested by: Host: epicenter.bg
URL: https://epicenter.bg/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 164.138.220.34 , Bulgaria, ASN201200 (SUPERHOSTING_AS, BG),
Reverse DNS: epicente.superdnsserver.net
Software: Apache /
Resource Hash: a44407142af2a1826cd0b14730134eeadc622d604ca569a1b8739731765ba980

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://epicenter.bg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Wed, 30 Aug 2023 13:54:19 GMT
content-encoding: gzip
last-modified: Sun, 11 Jan 2015 13:09:19 GMT
server: Apache
vary: Accept-Encoding,User-Agent
content-type: text/css
accept-ranges: bytes
content-length: 296

GET
H2 200 jquery-1.7.2.min.js Show response
epicenter.bg/ 93 KB
33 KB 93ms
92ms Script
application/javascript 164.138.220.34
SUPERHOSTING_AS

General

Check archive.org

Show headers Download Go to

Full URL: https://epicenter.bg/jquery-1.7.2.min.js
Requested by: Host: epicenter.bg
URL: https://epicenter.bg/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 164.138.220.34 , Bulgaria, ASN201200 (SUPERHOSTING_AS, BG),
Reverse DNS: epicente.superdnsserver.net
Software: Apache /
Resource Hash: 47b68dce8cb6805ad5b3ea4d27af92a241f4e29a5c12a274c852e4346a0500b4

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://epicenter.bg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Wed, 30 Aug 2023 13:54:19 GMT
content-encoding: gzip
last-modified: Sun, 14 Dec 2014 15:30:04 GMT
server: Apache
vary: Accept-Encoding,User-Agent
content-type: application/javascript
accept-ranges: bytes
content-length: 33622

GET
H2 200 gpt.js Show response
www.googletagservices.com/tag/js/ 99 KB
29 KB 180ms
114ms Script
text/javascript 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/tag/js/gpt.js

Requested by

Host: epicenter.bg
URL: https://epicenter.bg/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f6679ea7e994d0a7efdec0dfcd7c402a67b372a2c594b5db8c6d25826650189c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://epicenter.bg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Wed, 30 Aug 2023 13:54:19 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 28893
x-xss-protection: 0
server: cafe
etag: 35 / 19599 / m202308240101 / config-hash: 3287751012361123362
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
expires: Wed, 30 Aug 2023 13:54:19 GMT

GET
H2 200 xsml_Takar-Karlsan_1677160802.jpg
epicenter.bg/images/news/22023/thumbs/ 3 KB
3 KB 95ms
79ms Image
image/jpeg 164.138.220.34
SUPERHOSTING_AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://epicenter.bg/images/news/22023/thumbs/xsml_Takar-Karlsan_1677160802.jpg
Requested by: Host: epicenter.bg
URL: https://epicenter.bg/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 164.138.220.34 , Bulgaria, ASN201200 (SUPERHOSTING_AS, BG),
Reverse DNS: epicente.superdnsserver.net
Software: Apache /
Resource Hash: 144607a68ae9036490b885ac1ebd46dd7d81cc56d2b7ff1a414ccbe54f88599a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://epicenter.bg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Wed, 30 Aug 2023 13:54:19 GMT
last-modified: Thu, 23 Feb 2023 14:00:05 GMT
server: Apache
accept-ranges: bytes
content-length: 3411
vary: User-Agent
content-type: image/jpeg

GET
H2 200 xsml_Dzhordzh-Soros--_1693396316.jpg
epicenter.bg/images/news/82023/thumbs/ 3 KB
3 KB 100ms
84ms Image
image/jpeg 164.138.220.34
SUPERHOSTING_AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://epicenter.bg/images/news/82023/thumbs/xsml_Dzhordzh-Soros--_1693396316.jpg
Requested by: Host: epicenter.bg
URL: https://epicenter.bg/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 164.138.220.34 , Bulgaria, ASN201200 (SUPERHOSTING_AS, BG),
Reverse DNS: epicente.superdnsserver.net
Software: Apache /
Resource Hash: 47bb0cff4cc5e5c753bc9d630dcc09d9fe202a133cceec2d64e9632b51f06f8e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://epicenter.bg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Wed, 30 Aug 2023 13:54:19 GMT
last-modified: Wed, 30 Aug 2023 11:51:57 GMT
server: Apache
accept-ranges: bytes
content-length: 3072
vary: User-Agent
content-type: image/jpeg

GET
H2 200 blank_search.gif
epicenter.bg/images/pics/ 1 KB
1 KB 166ms
150ms Image
image/gif 164.138.220.34
SUPERHOSTING_AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://epicenter.bg/images/pics/blank_search.gif
Requested by: Host: epicenter.bg
URL: https://epicenter.bg/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 164.138.220.34 , Bulgaria, ASN201200 (SUPERHOSTING_AS, BG),
Reverse DNS: epicente.superdnsserver.net
Software: Apache /
Resource Hash: 9c8ccdd7107470d9069bc19eb993c76102622170a1b461a910fc878a0a155e8a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://epicenter.bg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Wed, 30 Aug 2023 13:54:19 GMT
last-modified: Mon, 05 Jan 2015 20:38:46 GMT
server: Apache
accept-ranges: bytes
content-length: 1121
vary: User-Agent
content-type: image/gif

GET
H2 200 sml_Dramatichno-sastoyanie-na-finansite-na-darzhavata---70-mlrd-leva-stava-dalgat-v-kraya-na-2025-g-_1682088951.jpg
epicenter.bg/images/news/42023/thumbs/ 11 KB
11 KB 110ms
94ms Image
image/jpeg 164.138.220.34
SUPERHOSTING_AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://epicenter.bg/images/news/42023/thumbs/sml_Dramatichno-sastoyanie-na-finansite-na-darzhavata---70-mlrd-leva-stava-dalgat-v-kraya-na-2025-g-_1682088951.jpg
Requested by: Host: epicenter.bg
URL: https://epicenter.bg/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 164.138.220.34 , Bulgaria, ASN201200 (SUPERHOSTING_AS, BG),
Reverse DNS: epicente.superdnsserver.net
Software: Apache /
Resource Hash: 1d331622923139591db4e2ad40a9a52e63a0d8e6f5fc98cf65ccbce27054906e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://epicenter.bg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Wed, 30 Aug 2023 13:54:19 GMT
last-modified: Fri, 21 Apr 2023 14:55:51 GMT
server: Apache
accept-ranges: bytes
content-length: 11127
vary: User-Agent
content-type: image/jpeg

GET
H2 200 sml_Vanya-Grigorova--Nyakoi-partiyni-i-lichni-ambitsii-tryabva-da-se-pooberat_1693373772.jpg
epicenter.bg/images/news/82023/thumbs/ 6 KB
6 KB 111ms
96ms Image
image/jpeg 164.138.220.34
SUPERHOSTING_AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://epicenter.bg/images/news/82023/thumbs/sml_Vanya-Grigorova--Nyakoi-partiyni-i-lichni-ambitsii-tryabva-da-se-pooberat_1693373772.jpg
Requested by: Host: epicenter.bg
URL: https://epicenter.bg/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 164.138.220.34 , Bulgaria, ASN201200 (SUPERHOSTING_AS, BG),
Reverse DNS: epicente.superdnsserver.net
Software: Apache /
Resource Hash: 9a402b07c3abdb24d89dbe1812bb258e0dbc914f42b697b2ef74e5ccf02f4c08

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://epicenter.bg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Wed, 30 Aug 2023 13:54:19 GMT
last-modified: Wed, 30 Aug 2023 05:36:12 GMT
server: Apache
accept-ranges: bytes
content-length: 6338
vary: User-Agent
content-type: image/jpeg

GET
H2 200 portrait_-Tezhki-dni--za-glavniya-sekretar-na-MVR-Petar-Todorov-prognozira-vatreshniyat-ministar-Kalin-Stoyanov_1693398423.jpg
epicenter.bg/images/news/82023/thumbs/ 22 KB
22 KB 169ms
154ms Image
image/jpeg 164.138.220.34
SUPERHOSTING_AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://epicenter.bg/images/news/82023/thumbs/portrait_-Tezhki-dni--za-glavniya-sekretar-na-MVR-Petar-Todorov-prognozira-vatreshniyat-ministar-Kalin-Stoyanov_1693398423.jpg
Requested by: Host: epicenter.bg
URL: https://epicenter.bg/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 164.138.220.34 , Bulgaria, ASN201200 (SUPERHOSTING_AS, BG),
Reverse DNS: epicente.superdnsserver.net
Software: Apache /
Resource Hash: 0556bb3caff5a221b2a58d2a6d10e0e3b725f568b504d40396fec6f8fa3d2c82

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://epicenter.bg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Wed, 30 Aug 2023 13:54:19 GMT
last-modified: Wed, 30 Aug 2023 12:27:04 GMT
server: Apache
accept-ranges: bytes
content-length: 22263
vary: User-Agent
content-type: image/jpeg

GET
H2 200 sml_Totalen-proval--V-27-uchilishta-sredniyat-uspeh-na-maturata-po-BEL-e-slab-2--v-307---e-pod-sreden-3_1662962101.jpg
epicenter.bg/images/news/92022/thumbs/ 10 KB
10 KB 111ms
96ms Image
image/jpeg 164.138.220.34
SUPERHOSTING_AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://epicenter.bg/images/news/92022/thumbs/sml_Totalen-proval--V-27-uchilishta-sredniyat-uspeh-na-maturata-po-BEL-e-slab-2--v-307---e-pod-sreden-3_1662962101.jpg
Requested by: Host: epicenter.bg
URL: https://epicenter.bg/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 164.138.220.34 , Bulgaria, ASN201200 (SUPERHOSTING_AS, BG),
Reverse DNS: epicente.superdnsserver.net
Software: Apache /
Resource Hash: 9643a65a01685464a7c9f06e2bc5851996213f49cb18da977f2b9b62251983ce

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://epicenter.bg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Wed, 30 Aug 2023 13:54:19 GMT
last-modified: Mon, 12 Sep 2022 05:55:01 GMT
server: Apache
accept-ranges: bytes
content-length: 10355
vary: User-Agent
content-type: image/jpeg

GET
H2 200 sml_-Vazrazhdane--za-deystviyata-okolo-Pametnika-na-Savetskata-armiya---Podmolni--i-na--raba-na-zakona-Snimka-BTA_1693386149.jpg
epicenter.bg/images/news/82023/thumbs/ 8 KB
8 KB 98ms
83ms Image
image/jpeg 164.138.220.34
SUPERHOSTING_AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://epicenter.bg/images/news/82023/thumbs/sml_-Vazrazhdane--za-deystviyata-okolo-Pametnika-na-Savetskata-armiya---Podmolni--i-na--raba-na-zakona-Snimka-BTA_1693386149.jpg
Requested by: Host: epicenter.bg
URL: https://epicenter.bg/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 164.138.220.34 , Bulgaria, ASN201200 (SUPERHOSTING_AS, BG),
Reverse DNS: epicente.superdnsserver.net
Software: Apache /
Resource Hash: 6fae4df8509881d4229e3472eb3fbe937338a61331ba5f79d2a0543173951cf1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://epicenter.bg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Wed, 30 Aug 2023 13:54:19 GMT
last-modified: Wed, 30 Aug 2023 09:02:29 GMT
server: Apache
accept-ranges: bytes
content-length: 8024
vary: User-Agent
content-type: image/jpeg

GET
H2 200 sml_Sadat--Bozhkov-opital-da-iznasili-shefka-na-Darzhavnata-komisiya-po-hazarta--otkazala-mu-podkup_1693067531.jpg
epicenter.bg/images/news/82023/thumbs/ 9 KB
9 KB 172ms
157ms Image
image/jpeg 164.138.220.34
SUPERHOSTING_AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://epicenter.bg/images/news/82023/thumbs/sml_Sadat--Bozhkov-opital-da-iznasili-shefka-na-Darzhavnata-komisiya-po-hazarta--otkazala-mu-podkup_1693067531.jpg
Requested by: Host: epicenter.bg
URL: https://epicenter.bg/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 164.138.220.34 , Bulgaria, ASN201200 (SUPERHOSTING_AS, BG),
Reverse DNS: epicente.superdnsserver.net
Software: Apache /
Resource Hash: fc842e87738ff25f16170a4041e783caf7432236abb68e28b38a8e4e2c436fb4

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://epicenter.bg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Wed, 30 Aug 2023 13:54:19 GMT
last-modified: Sat, 26 Aug 2023 16:32:11 GMT
server: Apache
accept-ranges: bytes
content-length: 9045
vary: User-Agent
content-type: image/jpeg

GET
H2 200 portrait_Fondatsiya--Sport-v-Balgariya--obyavi-dalgosrochna-podkrepa-za-Nurgyul-Salimova_1693401389.jpg
epicenter.bg/images/news/82023/thumbs/ 32 KB
32 KB 113ms
98ms Image
image/jpeg 164.138.220.34
SUPERHOSTING_AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://epicenter.bg/images/news/82023/thumbs/portrait_Fondatsiya--Sport-v-Balgariya--obyavi-dalgosrochna-podkrepa-za-Nurgyul-Salimova_1693401389.jpg
Requested by: Host: epicenter.bg
URL: https://epicenter.bg/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 164.138.220.34 , Bulgaria, ASN201200 (SUPERHOSTING_AS, BG),
Reverse DNS: epicente.superdnsserver.net
Software: Apache /
Resource Hash: c496d5308ce3f7be1462ac8bad06bcaaeb1c026a46b387bb25e1db64c3fb9ddd

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://epicenter.bg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Wed, 30 Aug 2023 13:54:19 GMT
last-modified: Wed, 30 Aug 2023 13:16:29 GMT
server: Apache
accept-ranges: bytes
content-length: 32610
vary: User-Agent
content-type: image/jpeg

GET
H2 200 sml_Orban-pred-Takar-Karlsan--Ideite-za-otnemane-na-Krim-ot-Rusiya-sa-nerealistichni_1693378867.jpg
epicenter.bg/images/news/82023/thumbs/ 8 KB
8 KB 99ms
84ms Image
image/jpeg 164.138.220.34
SUPERHOSTING_AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://epicenter.bg/images/news/82023/thumbs/sml_Orban-pred-Takar-Karlsan--Ideite-za-otnemane-na-Krim-ot-Rusiya-sa-nerealistichni_1693378867.jpg
Requested by: Host: epicenter.bg
URL: https://epicenter.bg/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 164.138.220.34 , Bulgaria, ASN201200 (SUPERHOSTING_AS, BG),
Reverse DNS: epicente.superdnsserver.net
Software: Apache /
Resource Hash: f11fb8c35dc0d3bb0bdcc09e98376266e4c2fb0fb59287aa985d99dbfd165aa4

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://epicenter.bg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Wed, 30 Aug 2023 13:54:19 GMT
last-modified: Wed, 30 Aug 2023 07:01:07 GMT
server: Apache
accept-ranges: bytes
content-length: 7938
vary: User-Agent
content-type: image/jpeg

GET
H2 200 sml_Dvama-premieri-navarshvat-vazrast-za-pensiya_1693401762.jpg
epicenter.bg/images/news/82023/thumbs/ 9 KB
9 KB 176ms
162ms Image
image/jpeg 164.138.220.34
SUPERHOSTING_AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://epicenter.bg/images/news/82023/thumbs/sml_Dvama-premieri-navarshvat-vazrast-za-pensiya_1693401762.jpg
Requested by: Host: epicenter.bg
URL: https://epicenter.bg/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 164.138.220.34 , Bulgaria, ASN201200 (SUPERHOSTING_AS, BG),
Reverse DNS: epicente.superdnsserver.net
Software: Apache /
Resource Hash: b02c42ad0a364ca7a5f1bde5d3a5f56e0a7b67c5be5bd481f4dbbe525c2fc7dd

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://epicenter.bg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Wed, 30 Aug 2023 13:54:19 GMT
last-modified: Wed, 30 Aug 2023 13:22:43 GMT
server: Apache
accept-ranges: bytes
content-length: 8962
vary: User-Agent
content-type: image/jpeg

GET
H2 200 sml_Stoyan-Baumayer--advokat-na-Vasil-Bozhkov_1693375085.jpg
epicenter.bg/images/news/82023/thumbs/ 6 KB
6 KB 177ms
163ms Image
image/jpeg 164.138.220.34
SUPERHOSTING_AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://epicenter.bg/images/news/82023/thumbs/sml_Stoyan-Baumayer--advokat-na-Vasil-Bozhkov_1693375085.jpg
Requested by: Host: epicenter.bg
URL: https://epicenter.bg/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 164.138.220.34 , Bulgaria, ASN201200 (SUPERHOSTING_AS, BG),
Reverse DNS: epicente.superdnsserver.net
Software: Apache /
Resource Hash: 9f30b0d0ab21f4fecd438b0d6fd06812e7e55ee819f4169d4a59ed10df9ea134

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://epicenter.bg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Wed, 30 Aug 2023 13:54:19 GMT
last-modified: Wed, 30 Aug 2023 05:58:05 GMT
server: Apache
accept-ranges: bytes
content-length: 6322
vary: User-Agent
content-type: image/jpeg

GET
H2 200 sml_Yordanka-Fandakova--kmet-na-Sofiya-Snimka-BTA_1692954663.jpg
epicenter.bg/images/news/82023/thumbs/ 7 KB
7 KB 176ms
162ms Image
image/jpeg 164.138.220.34
SUPERHOSTING_AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://epicenter.bg/images/news/82023/thumbs/sml_Yordanka-Fandakova--kmet-na-Sofiya-Snimka-BTA_1692954663.jpg
Requested by: Host: epicenter.bg
URL: https://epicenter.bg/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 164.138.220.34 , Bulgaria, ASN201200 (SUPERHOSTING_AS, BG),
Reverse DNS: epicente.superdnsserver.net
Software: Apache /
Resource Hash: ab93e2630d12aa917be41e647cd2747bc28561a898dba31412c03893fbcca619

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://epicenter.bg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Wed, 30 Aug 2023 13:54:19 GMT
last-modified: Fri, 25 Aug 2023 09:11:04 GMT
server: Apache
accept-ranges: bytes
content-length: 7350
vary: User-Agent
content-type: image/jpeg

GET
H2 200 sml_Politsiyata-v-Plovdiv-razkri-shema-za-iztochvane-na-NZOK--Zadarzhani-sa-petima-lekari_1693391032.png
epicenter.bg/images/news/82023/thumbs/ 160 KB
160 KB 176ms
162ms Image
image/png 164.138.220.34
SUPERHOSTING_AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://epicenter.bg/images/news/82023/thumbs/sml_Politsiyata-v-Plovdiv-razkri-shema-za-iztochvane-na-NZOK--Zadarzhani-sa-petima-lekari_1693391032.png
Requested by: Host: epicenter.bg
URL: https://epicenter.bg/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 164.138.220.34 , Bulgaria, ASN201200 (SUPERHOSTING_AS, BG),
Reverse DNS: epicente.superdnsserver.net
Software: Apache /
Resource Hash: caaf5afbe7516b5c7249cf2a7d285e16850d89b377be4b52490c5bb2569e1e8a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://epicenter.bg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Wed, 30 Aug 2023 13:54:19 GMT
last-modified: Wed, 30 Aug 2023 10:23:52 GMT
server: Apache
accept-ranges: bytes
content-length: 164178
vary: User-Agent
content-type: image/png

GET
H2 200 sml_1629615441.jpg
epicenter.bg/images/news/82021/thumbs/ 11 KB
11 KB 173ms
159ms Image
image/jpeg 164.138.220.34
SUPERHOSTING_AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://epicenter.bg/images/news/82021/thumbs/sml_1629615441.jpg
Requested by: Host: epicenter.bg
URL: https://epicenter.bg/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 164.138.220.34 , Bulgaria, ASN201200 (SUPERHOSTING_AS, BG),
Reverse DNS: epicente.superdnsserver.net
Software: Apache /
Resource Hash: bf5daedb21854eff5c85e0f47c41648fa2546c8792751654a6fdd07e21058181

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://epicenter.bg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Wed, 30 Aug 2023 13:54:19 GMT
last-modified: Sun, 22 Aug 2021 06:57:21 GMT
server: Apache
accept-ranges: bytes
content-length: 11516
vary: User-Agent
content-type: image/jpeg

GET
H2 200 sml_Kolektsiyata-na-Bozhkov-e-pod-24-chasova-ohrana-ot-Zhandarmeriyata-v-NIM_1693395450.png
epicenter.bg/images/news/82023/thumbs/ 160 KB
160 KB 174ms
160ms Image
image/png 164.138.220.34
SUPERHOSTING_AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://epicenter.bg/images/news/82023/thumbs/sml_Kolektsiyata-na-Bozhkov-e-pod-24-chasova-ohrana-ot-Zhandarmeriyata-v-NIM_1693395450.png
Requested by: Host: epicenter.bg
URL: https://epicenter.bg/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 164.138.220.34 , Bulgaria, ASN201200 (SUPERHOSTING_AS, BG),
Reverse DNS: epicente.superdnsserver.net
Software: Apache /
Resource Hash: caf3c6e1c977e0ed1ef12708c31210e8ce36b6ec1bdba5f7d1b42867d1829e2e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://epicenter.bg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Wed, 30 Aug 2023 13:54:19 GMT
last-modified: Wed, 30 Aug 2023 11:37:30 GMT
server: Apache
accept-ranges: bytes
content-length: 164178
vary: User-Agent
content-type: image/png

GET
H2 200 sml_1642487159.png
epicenter.bg/images/news/12022/thumbs/ 160 KB
160 KB 173ms
160ms Image
image/png 164.138.220.34
SUPERHOSTING_AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://epicenter.bg/images/news/12022/thumbs/sml_1642487159.png
Requested by: Host: epicenter.bg
URL: https://epicenter.bg/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 164.138.220.34 , Bulgaria, ASN201200 (SUPERHOSTING_AS, BG),
Reverse DNS: epicente.superdnsserver.net
Software: Apache /
Resource Hash: 2d47afe234a4b2c9b6a47f5abc0890dc73923b43b950fa2322b895979bc32ddb

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://epicenter.bg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Wed, 30 Aug 2023 13:54:19 GMT
last-modified: Tue, 18 Jan 2022 06:25:59 GMT
server: Apache
accept-ranges: bytes
content-length: 164178
vary: User-Agent
content-type: image/png

GET
H2 200 sml_1656682585.png
epicenter.bg/images/news/72022/thumbs/ 160 KB
160 KB 174ms
161ms Image
image/png 164.138.220.34
SUPERHOSTING_AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://epicenter.bg/images/news/72022/thumbs/sml_1656682585.png
Requested by: Host: epicenter.bg
URL: https://epicenter.bg/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 164.138.220.34 , Bulgaria, ASN201200 (SUPERHOSTING_AS, BG),
Reverse DNS: epicente.superdnsserver.net
Software: Apache /
Resource Hash: 66f34c3de87643cf772454fbbb483e6dfe1fc4c3e8f6207bf4fdc3fce2047623

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://epicenter.bg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Wed, 30 Aug 2023 13:54:19 GMT
last-modified: Fri, 01 Jul 2022 13:36:25 GMT
server: Apache
accept-ranges: bytes
content-length: 164178
vary: User-Agent
content-type: image/png

GET
H2 200 sml_Sadat--Bozhkov-opital-da-iznasili-shefka-na-Darzhavnata-komisiya-po-hazarta--otkazala-mu-podkup_1693063952.jpg
epicenter.bg/images/news/82023/thumbs/ 8 KB
8 KB 174ms
160ms Image
image/jpeg 164.138.220.34
SUPERHOSTING_AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://epicenter.bg/images/news/82023/thumbs/sml_Sadat--Bozhkov-opital-da-iznasili-shefka-na-Darzhavnata-komisiya-po-hazarta--otkazala-mu-podkup_1693063952.jpg
Requested by: Host: epicenter.bg
URL: https://epicenter.bg/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 164.138.220.34 , Bulgaria, ASN201200 (SUPERHOSTING_AS, BG),
Reverse DNS: epicente.superdnsserver.net
Software: Apache /
Resource Hash: a3cfdc27937a9365618b5710ba9dc78128e032d3ca54768d9266ddc97dba4646

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://epicenter.bg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Wed, 30 Aug 2023 13:54:19 GMT
last-modified: Sat, 26 Aug 2023 15:32:32 GMT
server: Apache
accept-ranges: bytes
content-length: 8410
vary: User-Agent
content-type: image/jpeg

GET
H2 200 sml_Eleonora-Mitrofanova-Kadar--TASS_1693325080.jpg
epicenter.bg/images/news/82023/thumbs/ 10 KB
10 KB 388ms
374ms Image
image/jpeg 164.138.220.34
SUPERHOSTING_AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://epicenter.bg/images/news/82023/thumbs/sml_Eleonora-Mitrofanova-Kadar--TASS_1693325080.jpg
Requested by: Host: epicenter.bg
URL: https://epicenter.bg/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 164.138.220.34 , Bulgaria, ASN201200 (SUPERHOSTING_AS, BG),
Reverse DNS: epicente.superdnsserver.net
Software: Apache /
Resource Hash: 4d437ad06939240f63f5ee411e934f53f8c8b5a895db5dbd9dd324df567c9352

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://epicenter.bg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Wed, 30 Aug 2023 13:54:19 GMT
last-modified: Tue, 29 Aug 2023 16:04:41 GMT
server: Apache
accept-ranges: bytes
content-length: 9810
vary: User-Agent
content-type: image/jpeg

GET
H2 200 video.png
epicenter.bg/images/pics/ 1 KB
1 KB 174ms
161ms Image
image/png 164.138.220.34
SUPERHOSTING_AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://epicenter.bg/images/pics/video.png
Requested by: Host: epicenter.bg
URL: https://epicenter.bg/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 164.138.220.34 , Bulgaria, ASN201200 (SUPERHOSTING_AS, BG),
Reverse DNS: epicente.superdnsserver.net
Software: Apache /
Resource Hash: da93912ae1584f8d99cb18bd27ccb5ef85737be24fa4db191860ec56cdccf6b6

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://epicenter.bg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Wed, 30 Aug 2023 13:54:19 GMT
last-modified: Fri, 04 Sep 2015 10:39:43 GMT
server: Apache
accept-ranges: bytes
content-length: 1174
vary: User-Agent
content-type: image/png

GET
H2 200 sml_Prof--Lyob-spodelya--che-vse-oshte-ne-znae--dali-obektat-e-s-estestven-ili-izkustven-proizhod_1693394430.jpg
epicenter.bg/images/news/82023/thumbs/ 10 KB
11 KB 388ms
376ms Image
image/jpeg 164.138.220.34
SUPERHOSTING_AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://epicenter.bg/images/news/82023/thumbs/sml_Prof--Lyob-spodelya--che-vse-oshte-ne-znae--dali-obektat-e-s-estestven-ili-izkustven-proizhod_1693394430.jpg
Requested by: Host: epicenter.bg
URL: https://epicenter.bg/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 164.138.220.34 , Bulgaria, ASN201200 (SUPERHOSTING_AS, BG),
Reverse DNS: epicente.superdnsserver.net
Software: Apache /
Resource Hash: 8ef5dd8d2d8ffe33cc0cb1749270caabdbd6931611a3717132296f44341149af

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://epicenter.bg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Wed, 30 Aug 2023 13:54:19 GMT
last-modified: Wed, 30 Aug 2023 11:20:30 GMT
server: Apache
accept-ranges: bytes
content-length: 10710
vary: User-Agent
content-type: image/jpeg

GET
H2 200 sml_Ninova--Hora--sabudete-se--Sglobkata--narechena-pravitelstvo--ni-obezbalgaryava_1693373275.jpg
epicenter.bg/images/news/82023/thumbs/ 8 KB
8 KB 388ms
375ms Image
image/jpeg 164.138.220.34
SUPERHOSTING_AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://epicenter.bg/images/news/82023/thumbs/sml_Ninova--Hora--sabudete-se--Sglobkata--narechena-pravitelstvo--ni-obezbalgaryava_1693373275.jpg
Requested by: Host: epicenter.bg
URL: https://epicenter.bg/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 164.138.220.34 , Bulgaria, ASN201200 (SUPERHOSTING_AS, BG),
Reverse DNS: epicente.superdnsserver.net
Software: Apache /
Resource Hash: 15556d3de35493783f09592bef1d0529771a0ceb55706774a49e953422200c25

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://epicenter.bg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Wed, 30 Aug 2023 13:54:19 GMT
last-modified: Wed, 30 Aug 2023 05:27:55 GMT
server: Apache
accept-ranges: bytes
content-length: 8583
vary: User-Agent
content-type: image/jpeg

GET
H2 200 sml_1626505442.png
epicenter.bg/images/news/72021/thumbs/ 160 KB
160 KB 176ms
163ms Image
image/png 164.138.220.34
SUPERHOSTING_AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://epicenter.bg/images/news/72021/thumbs/sml_1626505442.png
Requested by: Host: epicenter.bg
URL: https://epicenter.bg/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 164.138.220.34 , Bulgaria, ASN201200 (SUPERHOSTING_AS, BG),
Reverse DNS: epicente.superdnsserver.net
Software: Apache /
Resource Hash: be8c20f8f23a4d1a7b71207f80a96b6650d08eafba94e5fe9c6ac1a147a20a50

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://epicenter.bg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Wed, 30 Aug 2023 13:54:19 GMT
last-modified: Sat, 17 Jul 2021 07:04:02 GMT
server: Apache
accept-ranges: bytes
content-length: 164178
vary: User-Agent
content-type: image/png

GET
H2 200 xsml_Dragomir-Draganov-pokazva-nay-tsennite-eksponati-ot-lichniya-si-muzey-v-dve-izlozhbi-za-tsirka_1692553957.jpg
epicenter.bg/images/news/82023/thumbs/ 4 KB
5 KB 547ms
84ms Image
image/jpeg 164.138.220.34
SUPERHOSTING_AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://epicenter.bg/images/news/82023/thumbs/xsml_Dragomir-Draganov-pokazva-nay-tsennite-eksponati-ot-lichniya-si-muzey-v-dve-izlozhbi-za-tsirka_1692553957.jpg
Requested by: Host: epicenter.bg
URL: https://epicenter.bg/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 164.138.220.34 , Bulgaria, ASN201200 (SUPERHOSTING_AS, BG),
Reverse DNS: epicente.superdnsserver.net
Software: Apache /
Resource Hash: 7c95ca72e92cc5150a67da2913a092c3e41d33a7fb8f7733d75a19e6ec513c97

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://epicenter.bg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Wed, 30 Aug 2023 13:54:19 GMT
last-modified: Sun, 20 Aug 2023 17:52:37 GMT
server: Apache
accept-ranges: bytes
content-length: 4570
vary: User-Agent
content-type: image/jpeg

GET
H2 200 xsml_-Rodni-kardiolozi-preglezhdat-bezplatno-v-rayoni-s-balgarsko-naselenie-v-Albaniya-_1692449775.jpg
epicenter.bg/images/news/82023/thumbs/ 5 KB
5 KB 390ms
276ms Image
image/jpeg 164.138.220.34
SUPERHOSTING_AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://epicenter.bg/images/news/82023/thumbs/xsml_-Rodni-kardiolozi-preglezhdat-bezplatno-v-rayoni-s-balgarsko-naselenie-v-Albaniya-_1692449775.jpg
Requested by: Host: epicenter.bg
URL: https://epicenter.bg/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 164.138.220.34 , Bulgaria, ASN201200 (SUPERHOSTING_AS, BG),
Reverse DNS: epicente.superdnsserver.net
Software: Apache /
Resource Hash: bb51b2c88c7b5788e05ff89937d198be02434f8e6f725603418b15cc92dd3e78

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://epicenter.bg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Wed, 30 Aug 2023 13:54:19 GMT
last-modified: Sat, 19 Aug 2023 12:56:15 GMT
server: Apache
accept-ranges: bytes
content-length: 5095
vary: User-Agent
content-type: image/jpeg

GET
H2 200 xsml_Grandiozen-final-na-Summer-Fashion-Weekend-2023_1692046407.jpg
epicenter.bg/images/news/82023/thumbs/ 4 KB
4 KB 398ms
284ms Image
image/jpeg 164.138.220.34
SUPERHOSTING_AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://epicenter.bg/images/news/82023/thumbs/xsml_Grandiozen-final-na-Summer-Fashion-Weekend-2023_1692046407.jpg
Requested by: Host: epicenter.bg
URL: https://epicenter.bg/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 164.138.220.34 , Bulgaria, ASN201200 (SUPERHOSTING_AS, BG),
Reverse DNS: epicente.superdnsserver.net
Software: Apache /
Resource Hash: c8dde2372406b232b047fe2e154ccc97926ded213257eb271a345ef9e5bfe16e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://epicenter.bg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Wed, 30 Aug 2023 13:54:19 GMT
last-modified: Mon, 14 Aug 2023 20:53:27 GMT
server: Apache
accept-ranges: bytes
content-length: 4121
vary: User-Agent
content-type: image/jpeg

GET
H2 200 xsml_Ot-malkiya-frizyorski-salon-v-Livan-do-nad-16-miliona-posledovateli-v-sotsialnite-mrezhi_1692005735.jpg
epicenter.bg/images/news/82023/thumbs/ 4 KB
4 KB 397ms
283ms Image
image/jpeg 164.138.220.34
SUPERHOSTING_AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://epicenter.bg/images/news/82023/thumbs/xsml_Ot-malkiya-frizyorski-salon-v-Livan-do-nad-16-miliona-posledovateli-v-sotsialnite-mrezhi_1692005735.jpg
Requested by: Host: epicenter.bg
URL: https://epicenter.bg/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 164.138.220.34 , Bulgaria, ASN201200 (SUPERHOSTING_AS, BG),
Reverse DNS: epicente.superdnsserver.net
Software: Apache /
Resource Hash: b27d7634ffd144fb5ac753e6b2aff374522dc7650e288c368d108a4c088ea757

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://epicenter.bg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Wed, 30 Aug 2023 13:54:19 GMT
last-modified: Mon, 14 Aug 2023 09:35:36 GMT
server: Apache
accept-ranges: bytes
content-length: 4238
vary: User-Agent
content-type: image/jpeg

GET
H2 200 xsml_Petar-Todorov-obyavyava-ostavkata-si-Kadar--Nova-tv_1693402712.jpg
epicenter.bg/images/news/82023/thumbs/ 5 KB
5 KB 398ms
284ms Image
image/jpeg 164.138.220.34
SUPERHOSTING_AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://epicenter.bg/images/news/82023/thumbs/xsml_Petar-Todorov-obyavyava-ostavkata-si-Kadar--Nova-tv_1693402712.jpg
Requested by: Host: epicenter.bg
URL: https://epicenter.bg/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 164.138.220.34 , Bulgaria, ASN201200 (SUPERHOSTING_AS, BG),
Reverse DNS: epicente.superdnsserver.net
Software: Apache /
Resource Hash: 3301af88827f9551e92c89029312b90313ff03843a1264f47a23e4cfef2b2c34

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://epicenter.bg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Wed, 30 Aug 2023 13:54:19 GMT
last-modified: Wed, 30 Aug 2023 13:38:32 GMT
server: Apache
accept-ranges: bytes
content-length: 5034
vary: User-Agent
content-type: image/jpeg

GET
H2 200 xsml_Kadar--Nova-tv_1693381271.jpg
epicenter.bg/images/news/82023/thumbs/ 4 KB
4 KB 554ms
92ms Image
image/jpeg 164.138.220.34
SUPERHOSTING_AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://epicenter.bg/images/news/82023/thumbs/xsml_Kadar--Nova-tv_1693381271.jpg
Requested by: Host: epicenter.bg
URL: https://epicenter.bg/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 164.138.220.34 , Bulgaria, ASN201200 (SUPERHOSTING_AS, BG),
Reverse DNS: epicente.superdnsserver.net
Software: Apache /
Resource Hash: 40cc36785f951201bfaa8850eaad6db5fae23f433a7175b52653134a5ba1edab

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://epicenter.bg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Wed, 30 Aug 2023 13:54:19 GMT
last-modified: Wed, 30 Aug 2023 07:41:11 GMT
server: Apache
accept-ranges: bytes
content-length: 4183
vary: User-Agent
content-type: image/jpeg

GET
H2 200 xsml_Eleonora-Mitrofanova-Kadar--TASS_1693325080.jpg
epicenter.bg/images/news/82023/thumbs/ 4 KB
4 KB 552ms
89ms Image
image/jpeg 164.138.220.34
SUPERHOSTING_AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://epicenter.bg/images/news/82023/thumbs/xsml_Eleonora-Mitrofanova-Kadar--TASS_1693325080.jpg
Requested by: Host: epicenter.bg
URL: https://epicenter.bg/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 164.138.220.34 , Bulgaria, ASN201200 (SUPERHOSTING_AS, BG),
Reverse DNS: epicente.superdnsserver.net
Software: Apache /
Resource Hash: 5489696245946bda9389c1331d7fbc5bc8dfd348b045fc2c72dec68ce36c6695

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://epicenter.bg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Wed, 30 Aug 2023 13:54:19 GMT
last-modified: Tue, 29 Aug 2023 16:04:41 GMT
server: Apache
accept-ranges: bytes
content-length: 4036
vary: User-Agent
content-type: image/jpeg

GET
H2 200 xsml_Potarpevshiyat-Yordan-Danchev-Kadar--Nova-tv_1693322273.jpg
epicenter.bg/images/news/82023/thumbs/ 4 KB
4 KB 631ms
73ms Image
image/jpeg 164.138.220.34
SUPERHOSTING_AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://epicenter.bg/images/news/82023/thumbs/xsml_Potarpevshiyat-Yordan-Danchev-Kadar--Nova-tv_1693322273.jpg
Requested by: Host: epicenter.bg
URL: https://epicenter.bg/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 164.138.220.34 , Bulgaria, ASN201200 (SUPERHOSTING_AS, BG),
Reverse DNS: epicente.superdnsserver.net
Software: Apache /
Resource Hash: 4bc6901d4d986a6fd88a30aa87b6fbf9e7904ef8231f7aa65dc69e2f2366be73

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://epicenter.bg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Wed, 30 Aug 2023 13:54:19 GMT
last-modified: Tue, 29 Aug 2023 15:17:53 GMT
server: Apache
accept-ranges: bytes
content-length: 4466
vary: User-Agent
content-type: image/jpeg

GET
H2 200 epicenter_baner_risk_n06.jpg
epicenter.bg/images/pics/ 50 KB
50 KB 632ms
74ms Image
image/jpeg 164.138.220.34
SUPERHOSTING_AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://epicenter.bg/images/pics/epicenter_baner_risk_n06.jpg
Requested by: Host: epicenter.bg
URL: https://epicenter.bg/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 164.138.220.34 , Bulgaria, ASN201200 (SUPERHOSTING_AS, BG),
Reverse DNS: epicente.superdnsserver.net
Software: Apache /
Resource Hash: 2a1c50c951785cdd9b692e728aaa16eb998f5eaec6675effdc7520db77c42ff6

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://epicenter.bg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Wed, 30 Aug 2023 13:54:19 GMT
last-modified: Fri, 09 Dec 2022 08:13:56 GMT
server: Apache
accept-ranges: bytes
content-length: 51039
vary: User-Agent
content-type: image/jpeg

GET
H2 200 zora2402.JPG
epicenter.bg/images/pics/ 16 KB
16 KB 714ms
147ms Image
image/jpeg 164.138.220.34
SUPERHOSTING_AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://epicenter.bg/images/pics/zora2402.JPG
Requested by: Host: epicenter.bg
URL: https://epicenter.bg/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 164.138.220.34 , Bulgaria, ASN201200 (SUPERHOSTING_AS, BG),
Reverse DNS: epicente.superdnsserver.net
Software: Apache /
Resource Hash: 500d85c61079ee4896c729cc79cecca49dae28c4ccc3cd5d9634d5086066b002

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://epicenter.bg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Wed, 30 Aug 2023 13:54:19 GMT
last-modified: Fri, 24 Feb 2023 10:00:47 GMT
server: Apache
accept-ranges: bytes
content-length: 16356
vary: User-Agent
content-type: image/jpeg

GET
H2 200 kamara.jpg
epicenter.bg/images/pics/ 34 KB
34 KB 618ms
71ms Image
image/jpeg 164.138.220.34
SUPERHOSTING_AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://epicenter.bg/images/pics/kamara.jpg
Requested by: Host: epicenter.bg
URL: https://epicenter.bg/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 164.138.220.34 , Bulgaria, ASN201200 (SUPERHOSTING_AS, BG),
Reverse DNS: epicente.superdnsserver.net
Software: Apache /
Resource Hash: b3382041ef609c814118453726035a24eded3a32369edbaa6854733d77b4e3ab

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://epicenter.bg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Wed, 30 Aug 2023 13:54:19 GMT
last-modified: Tue, 12 Oct 2021 20:03:22 GMT
server: Apache
accept-ranges: bytes
content-length: 34996
vary: User-Agent
content-type: image/jpeg

GET
H2 200 tb.jpg
epicenter.bg/images/pics/ 152 KB
153 KB 396ms
282ms Image
image/jpeg 164.138.220.34
SUPERHOSTING_AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://epicenter.bg/images/pics/tb.jpg
Requested by: Host: epicenter.bg
URL: https://epicenter.bg/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 164.138.220.34 , Bulgaria, ASN201200 (SUPERHOSTING_AS, BG),
Reverse DNS: epicente.superdnsserver.net
Software: Apache /
Resource Hash: 0766b9b89ed9a55da4d615837f3ce8e5a60f2120b94ceebf66e8779e902c973f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://epicenter.bg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Wed, 30 Aug 2023 13:54:19 GMT
last-modified: Thu, 08 Jul 2021 19:44:25 GMT
server: Apache
accept-ranges: bytes
content-length: 156107
vary: User-Agent
content-type: image/jpeg

GET
H2 200 preonow.jpg
epicenter.bg/images/pics/ 20 KB
20 KB 396ms
283ms Image
image/jpeg 164.138.220.34
SUPERHOSTING_AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://epicenter.bg/images/pics/preonow.jpg
Requested by: Host: epicenter.bg
URL: https://epicenter.bg/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 164.138.220.34 , Bulgaria, ASN201200 (SUPERHOSTING_AS, BG),
Reverse DNS: epicente.superdnsserver.net
Software: Apache /
Resource Hash: 3e30f57028496d7fe5c3e963f81e24fb326b254ac000593dd4bed3c5690d7bd4

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://epicenter.bg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Wed, 30 Aug 2023 13:54:19 GMT
last-modified: Wed, 11 Jan 2023 14:43:17 GMT
server: Apache
accept-ranges: bytes
content-length: 20585
vary: User-Agent
content-type: image/jpeg

GET
H2 200 poll.gif
epicenter.bg/images/pics/ 1 KB
1 KB 451ms
338ms Image
image/gif 164.138.220.34
SUPERHOSTING_AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://epicenter.bg/images/pics/poll.gif
Requested by: Host: epicenter.bg
URL: https://epicenter.bg/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 164.138.220.34 , Bulgaria, ASN201200 (SUPERHOSTING_AS, BG),
Reverse DNS: epicente.superdnsserver.net
Software: Apache /
Resource Hash: 86de7d796f12d635c9852102b5860e5d5d6819029281c351d60d1451850ac7d5

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://epicenter.bg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Wed, 30 Aug 2023 13:54:19 GMT
last-modified: Tue, 05 Jan 2016 21:44:48 GMT
server: Apache
accept-ranges: bytes
content-length: 1097
vary: User-Agent
content-type: image/gif

GET
H2 200 xsml_Boyan-Chukov--Tova--koeto-stava-v-Ukrayna--e-chast-ot-gigantskata-bitka--koyato-se-vodi-na-mnogo-daski_1682054982.jpg
epicenter.bg/images/news/42023/thumbs/ 3 KB
3 KB 397ms
284ms Image
image/jpeg 164.138.220.34
SUPERHOSTING_AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://epicenter.bg/images/news/42023/thumbs/xsml_Boyan-Chukov--Tova--koeto-stava-v-Ukrayna--e-chast-ot-gigantskata-bitka--koyato-se-vodi-na-mnogo-daski_1682054982.jpg
Requested by: Host: epicenter.bg
URL: https://epicenter.bg/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 164.138.220.34 , Bulgaria, ASN201200 (SUPERHOSTING_AS, BG),
Reverse DNS: epicente.superdnsserver.net
Software: Apache /
Resource Hash: d7fb526955ef7382c3bccb9c5df150583bf6dea44ab8c327723ce2b4ccdb5028

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://epicenter.bg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Wed, 30 Aug 2023 13:54:19 GMT
last-modified: Fri, 21 Apr 2023 05:29:42 GMT
server: Apache
accept-ranges: bytes
content-length: 3170
vary: User-Agent
content-type: image/jpeg

GET
H2 200 xsml_Germaniya-otkaza-da-prashta-na-Ukrayna-tankove-Leopard-2_1673314684.jpg
epicenter.bg/images/news/12023/thumbs/ 4 KB
4 KB 616ms
70ms Image
image/jpeg 164.138.220.34
SUPERHOSTING_AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://epicenter.bg/images/news/12023/thumbs/xsml_Germaniya-otkaza-da-prashta-na-Ukrayna-tankove-Leopard-2_1673314684.jpg
Requested by: Host: epicenter.bg
URL: https://epicenter.bg/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 164.138.220.34 , Bulgaria, ASN201200 (SUPERHOSTING_AS, BG),
Reverse DNS: epicente.superdnsserver.net
Software: Apache /
Resource Hash: c5826580fa305fb4de0b01a02bfbd273c5b73a537500c771a4fd4d84ec80b59f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://epicenter.bg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Wed, 30 Aug 2023 13:54:19 GMT
last-modified: Tue, 10 Jan 2023 01:38:04 GMT
server: Apache
accept-ranges: bytes
content-length: 4411
vary: User-Agent
content-type: image/jpeg

GET
H2 200 xsml_Doycho-Vele--Severna-Makedoniya-ima-problem-s-Evropa--I-s-Balgariya_1693341146.png
epicenter.bg/images/news/82023/thumbs/ 46 KB
47 KB 618ms
72ms Image
image/png 164.138.220.34
SUPERHOSTING_AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://epicenter.bg/images/news/82023/thumbs/xsml_Doycho-Vele--Severna-Makedoniya-ima-problem-s-Evropa--I-s-Balgariya_1693341146.png
Requested by: Host: epicenter.bg
URL: https://epicenter.bg/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 164.138.220.34 , Bulgaria, ASN201200 (SUPERHOSTING_AS, BG),
Reverse DNS: epicente.superdnsserver.net
Software: Apache /
Resource Hash: dafbd0e91848043a138f00a944ef29296d0ba654858b4412e884121e665fe35c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://epicenter.bg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Wed, 30 Aug 2023 13:54:19 GMT
last-modified: Tue, 29 Aug 2023 20:32:26 GMT
server: Apache
accept-ranges: bytes
content-length: 47570
vary: User-Agent
content-type: image/png

GET
H2 200 xsml_Daglas-Makgregar--Sastoyanieto-v-Ukrayna-e-mezhdu-ogromen-proval-i-katastrofa_1692705211.png
epicenter.bg/images/news/82023/thumbs/ 46 KB
47 KB 551ms
85ms Image
image/png 164.138.220.34
SUPERHOSTING_AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://epicenter.bg/images/news/82023/thumbs/xsml_Daglas-Makgregar--Sastoyanieto-v-Ukrayna-e-mezhdu-ogromen-proval-i-katastrofa_1692705211.png
Requested by: Host: epicenter.bg
URL: https://epicenter.bg/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 164.138.220.34 , Bulgaria, ASN201200 (SUPERHOSTING_AS, BG),
Reverse DNS: epicente.superdnsserver.net
Software: Apache /
Resource Hash: 5602a342a6a7fca41659868011aa330c75bcd277032184db5188625d26fb5317

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://epicenter.bg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Wed, 30 Aug 2023 13:54:19 GMT
last-modified: Tue, 22 Aug 2023 11:53:32 GMT
server: Apache
accept-ranges: bytes
content-length: 47570
vary: User-Agent
content-type: image/png

GET
H2 200 xsml_Pomoshtnik-darzhavniyat-sekretar-na-SASht-Viktoriya-Nyuland-i-poslanikat-na-SASht-Dzhefri-Payat-se-razhozhdat-v-lagera-na-opozitsiyata-na-ploshtad--Nezavisimost--v-Kiev-10-dekemvri-2013-g-_169...
epicenter.bg/images/news/82023/thumbs/ 46 KB
47 KB 555ms
89ms Image
image/png 164.138.220.34
SUPERHOSTING_AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://epicenter.bg/images/news/82023/thumbs/xsml_Pomoshtnik-darzhavniyat-sekretar-na-SASht-Viktoriya-Nyuland-i-poslanikat-na-SASht-Dzhefri-Payat-se-razhozhdat-v-lagera-na-opozitsiyata-na-ploshtad--Nezavisimost--v-Kiev-10-dekemvri-2013-g-_1693306023.png
Requested by: Host: epicenter.bg
URL: https://epicenter.bg/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 164.138.220.34 , Bulgaria, ASN201200 (SUPERHOSTING_AS, BG),
Reverse DNS: epicente.superdnsserver.net
Software: Apache /
Resource Hash: a2b0280239e833e0314d5dd4fe096c2a3937838ab0d55863735f4989dd068451

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://epicenter.bg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Wed, 30 Aug 2023 13:54:19 GMT
last-modified: Tue, 29 Aug 2023 10:47:03 GMT
server: Apache
accept-ranges: bytes
content-length: 47570
vary: User-Agent
content-type: image/png

GET
H2 200 xsml_1583162350.jpg
epicenter.bg/images/news/32020/thumbs/ 4 KB
4 KB 562ms
96ms Image
image/jpeg 164.138.220.34
SUPERHOSTING_AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://epicenter.bg/images/news/32020/thumbs/xsml_1583162350.jpg
Requested by: Host: epicenter.bg
URL: https://epicenter.bg/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 164.138.220.34 , Bulgaria, ASN201200 (SUPERHOSTING_AS, BG),
Reverse DNS: epicente.superdnsserver.net
Software: Apache /
Resource Hash: 23b1ccd76efb5b2ba4c994d4efcd276b939a5f99496820c7e12de238b99a89ab

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://epicenter.bg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Wed, 30 Aug 2023 13:54:19 GMT
last-modified: Mon, 02 Mar 2020 15:19:10 GMT
server: Apache
accept-ranges: bytes
content-length: 4177
vary: User-Agent
content-type: image/jpeg

GET
H2 200 xsml_1538412856.jpg
epicenter.bg/images/news/102018/thumbs/ 3 KB
3 KB 619ms
74ms Image
image/jpeg 164.138.220.34
SUPERHOSTING_AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://epicenter.bg/images/news/102018/thumbs/xsml_1538412856.jpg
Requested by: Host: epicenter.bg
URL: https://epicenter.bg/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 164.138.220.34 , Bulgaria, ASN201200 (SUPERHOSTING_AS, BG),
Reverse DNS: epicente.superdnsserver.net
Software: Apache /
Resource Hash: 59aae596fbe710cd7d787ea7983496a9a26c8f8eb94c8a0d72cd040a92c65f9a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://epicenter.bg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Wed, 30 Aug 2023 13:54:19 GMT
last-modified: Mon, 01 Oct 2018 16:54:16 GMT
server: Apache
accept-ranges: bytes
content-length: 3098
vary: User-Agent
content-type: image/jpeg

GET
H2 200 xsml_Prof--Plamen-Pavlov--Kultat-kam-svetite-bratya-e-sazdaden-v-Balgariya_1692266156.jpg
epicenter.bg/images/news/82023/thumbs/ 4 KB
4 KB 396ms
234ms Image
image/jpeg 164.138.220.34
SUPERHOSTING_AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://epicenter.bg/images/news/82023/thumbs/xsml_Prof--Plamen-Pavlov--Kultat-kam-svetite-bratya-e-sazdaden-v-Balgariya_1692266156.jpg
Requested by: Host: epicenter.bg
URL: https://epicenter.bg/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 164.138.220.34 , Bulgaria, ASN201200 (SUPERHOSTING_AS, BG),
Reverse DNS: epicente.superdnsserver.net
Software: Apache /
Resource Hash: 6e87a7ceffb754d773490ff26881dfeca2b0756ed6efa737a0ea1b6ab5e4a540

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://epicenter.bg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Wed, 30 Aug 2023 13:54:19 GMT
last-modified: Thu, 17 Aug 2023 09:55:56 GMT
server: Apache
accept-ranges: bytes
content-length: 4256
vary: User-Agent
content-type: image/jpeg

GET
H2 200 xsml_1645546026.png
epicenter.bg/images/news/22022/thumbs/ 46 KB
47 KB 397ms
235ms Image
image/png 164.138.220.34
SUPERHOSTING_AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://epicenter.bg/images/news/22022/thumbs/xsml_1645546026.png
Requested by: Host: epicenter.bg
URL: https://epicenter.bg/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 164.138.220.34 , Bulgaria, ASN201200 (SUPERHOSTING_AS, BG),
Reverse DNS: epicente.superdnsserver.net
Software: Apache /
Resource Hash: 2425e58d353358d8587f676f5a62d38a8c696c191990a2f0c2a93e4300fdafdc

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://epicenter.bg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Wed, 30 Aug 2023 13:54:19 GMT
last-modified: Tue, 22 Feb 2022 16:07:06 GMT
server: Apache
accept-ranges: bytes
content-length: 47570
vary: User-Agent
content-type: image/png

GET
H2 200 xsml_1632141396.jpg
epicenter.bg/images/news/92021/thumbs/ 4 KB
4 KB 631ms
74ms Image
image/jpeg 164.138.220.34
SUPERHOSTING_AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://epicenter.bg/images/news/92021/thumbs/xsml_1632141396.jpg
Requested by: Host: epicenter.bg
URL: https://epicenter.bg/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 164.138.220.34 , Bulgaria, ASN201200 (SUPERHOSTING_AS, BG),
Reverse DNS: epicente.superdnsserver.net
Software: Apache /
Resource Hash: 28b32d77626de1ab394e74a1439a1eb5e2c8ced17e795ee83a277817eb7d9389

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://epicenter.bg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Wed, 30 Aug 2023 13:54:19 GMT
last-modified: Mon, 20 Sep 2021 12:36:36 GMT
server: Apache
accept-ranges: bytes
content-length: 4429
vary: User-Agent
content-type: image/jpeg

GET
H2 200 xsml_1647085852.jpg
epicenter.bg/images/news/32022/thumbs/ 4 KB
4 KB 451ms
274ms Image
image/jpeg 164.138.220.34
SUPERHOSTING_AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://epicenter.bg/images/news/32022/thumbs/xsml_1647085852.jpg
Requested by: Host: epicenter.bg
URL: https://epicenter.bg/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 164.138.220.34 , Bulgaria, ASN201200 (SUPERHOSTING_AS, BG),
Reverse DNS: epicente.superdnsserver.net
Software: Apache /
Resource Hash: 5b127c0960ce0bb0343246d06447e82eac8da397ce037a5cac5795c3a770b882

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://epicenter.bg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Wed, 30 Aug 2023 13:54:19 GMT
last-modified: Sat, 12 Mar 2022 11:50:52 GMT
server: Apache
accept-ranges: bytes
content-length: 3927
vary: User-Agent
content-type: image/jpeg

GET
H2 200 kevorkian.jpg
epicenter.bg/images/pics/ 21 KB
21 KB 452ms
275ms Image
image/jpeg 164.138.220.34
SUPERHOSTING_AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://epicenter.bg/images/pics/kevorkian.jpg
Requested by: Host: epicenter.bg
URL: https://epicenter.bg/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 164.138.220.34 , Bulgaria, ASN201200 (SUPERHOSTING_AS, BG),
Reverse DNS: epicente.superdnsserver.net
Software: Apache /
Resource Hash: 98760b1f86d07c142da6c2516dafe1481046f8cf304b71cf0a379f9174ed3d63

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://epicenter.bg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Wed, 30 Aug 2023 13:54:19 GMT
last-modified: Mon, 18 Apr 2016 20:36:03 GMT
server: Apache
accept-ranges: bytes
content-length: 21336
vary: User-Agent
content-type: image/jpeg

GET
H2 200 xsml_Aleksey-Petrov-e-bil-na-prehod-na-Vitosha-bez-ohranata-si--Zhenata-s-nego-ne-e-saprugata-mu_1692185356.jpg
epicenter.bg/images/news/82023/thumbs/ 4 KB
4 KB 453ms
277ms Image
image/jpeg 164.138.220.34
SUPERHOSTING_AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://epicenter.bg/images/news/82023/thumbs/xsml_Aleksey-Petrov-e-bil-na-prehod-na-Vitosha-bez-ohranata-si--Zhenata-s-nego-ne-e-saprugata-mu_1692185356.jpg
Requested by: Host: epicenter.bg
URL: https://epicenter.bg/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 164.138.220.34 , Bulgaria, ASN201200 (SUPERHOSTING_AS, BG),
Reverse DNS: epicente.superdnsserver.net
Software: Apache /
Resource Hash: 0fe03863d065a826de62f1aab58994056602e3f09b9065e3f4e7faa034102292

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://epicenter.bg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Wed, 30 Aug 2023 13:54:19 GMT
last-modified: Wed, 16 Aug 2023 11:29:16 GMT
server: Apache
accept-ranges: bytes
content-length: 4015
vary: User-Agent
content-type: image/jpeg

GET
H2 200 xsml_1568320806.jpg
epicenter.bg/images/news/92019/thumbs/ 3 KB
4 KB 632ms
75ms Image
image/jpeg 164.138.220.34
SUPERHOSTING_AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://epicenter.bg/images/news/92019/thumbs/xsml_1568320806.jpg
Requested by: Host: epicenter.bg
URL: https://epicenter.bg/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 164.138.220.34 , Bulgaria, ASN201200 (SUPERHOSTING_AS, BG),
Reverse DNS: epicente.superdnsserver.net
Software: Apache /
Resource Hash: 4d2d8c52faf4702f1c4eebf033f78083e15fe831f6cd9a9c02939b29dc5bc870

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://epicenter.bg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Wed, 30 Aug 2023 13:54:19 GMT
last-modified: Thu, 12 Sep 2019 20:40:06 GMT
server: Apache
accept-ranges: bytes
content-length: 3542
vary: User-Agent
content-type: image/jpeg

GET
H2 200 xsml_Kevork-Kevorkyan_1669805378.jpg
epicenter.bg/images/news/112022/thumbs/ 3 KB
3 KB 554ms
89ms Image
image/jpeg 164.138.220.34
SUPERHOSTING_AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://epicenter.bg/images/news/112022/thumbs/xsml_Kevork-Kevorkyan_1669805378.jpg
Requested by: Host: epicenter.bg
URL: https://epicenter.bg/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 164.138.220.34 , Bulgaria, ASN201200 (SUPERHOSTING_AS, BG),
Reverse DNS: epicente.superdnsserver.net
Software: Apache /
Resource Hash: 0ee5555d4c2a1f38918963cca11b3020b3beeaaf53050d3060d07bd32a9bcd70

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://epicenter.bg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Wed, 30 Aug 2023 13:54:19 GMT
last-modified: Wed, 30 Nov 2022 10:49:38 GMT
server: Apache
accept-ranges: bytes
content-length: 3483
vary: User-Agent
content-type: image/jpeg

GET
H2 200 xsml_Asen-Vasilev--Shefove-na-darzhavni-bolnitsi-vzimat-po-80-000-na-mesets--shte-gi-osvetim-_1691232130.jpg
epicenter.bg/images/news/82023/thumbs/ 3 KB
4 KB 555ms
89ms Image
image/jpeg 164.138.220.34
SUPERHOSTING_AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://epicenter.bg/images/news/82023/thumbs/xsml_Asen-Vasilev--Shefove-na-darzhavni-bolnitsi-vzimat-po-80-000-na-mesets--shte-gi-osvetim-_1691232130.jpg
Requested by: Host: epicenter.bg
URL: https://epicenter.bg/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 164.138.220.34 , Bulgaria, ASN201200 (SUPERHOSTING_AS, BG),
Reverse DNS: epicente.superdnsserver.net
Software: Apache /
Resource Hash: 7e4f38582dae952aba008e48b8372ecb0f2f2a11dc31f5d02a272ca2059c1c53

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://epicenter.bg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Wed, 30 Aug 2023 13:54:19 GMT
last-modified: Sat, 05 Aug 2023 10:42:10 GMT
server: Apache
accept-ranges: bytes
content-length: 3582
vary: User-Agent
content-type: image/jpeg

GET
H2 200 xsml_Galabova-izrigna-sreshtu-Bachvarova--Alouuuu--dashte-komunisticheska--shto-ne-se-otkazhesh-ot-bashtinoto-ime-_1690899156.jpg
epicenter.bg/images/news/82023/thumbs/ 4 KB
4 KB 454ms
278ms Image
image/jpeg 164.138.220.34
SUPERHOSTING_AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://epicenter.bg/images/news/82023/thumbs/xsml_Galabova-izrigna-sreshtu-Bachvarova--Alouuuu--dashte-komunisticheska--shto-ne-se-otkazhesh-ot-bashtinoto-ime-_1690899156.jpg
Requested by: Host: epicenter.bg
URL: https://epicenter.bg/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 164.138.220.34 , Bulgaria, ASN201200 (SUPERHOSTING_AS, BG),
Reverse DNS: epicente.superdnsserver.net
Software: Apache /
Resource Hash: a5f95c68b9b6d469f7a66b38ad0e092b3005df8ab71b7f813f31ecd981580161

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://epicenter.bg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Wed, 30 Aug 2023 13:54:19 GMT
last-modified: Tue, 01 Aug 2023 14:12:36 GMT
server: Apache
accept-ranges: bytes
content-length: 4469
vary: User-Agent
content-type: image/jpeg

GET
H2 200 xsml_Snimka--Telegram_1691594106.jpg
epicenter.bg/images/news/82023/thumbs/ 2 KB
3 KB 456ms
279ms Image
image/jpeg 164.138.220.34
SUPERHOSTING_AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://epicenter.bg/images/news/82023/thumbs/xsml_Snimka--Telegram_1691594106.jpg
Requested by: Host: epicenter.bg
URL: https://epicenter.bg/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 164.138.220.34 , Bulgaria, ASN201200 (SUPERHOSTING_AS, BG),
Reverse DNS: epicente.superdnsserver.net
Software: Apache /
Resource Hash: 0af1e3ad5f721ab91946ce697ce2efae9d08dcdf6c6f10c141572858525011c0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://epicenter.bg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Wed, 30 Aug 2023 13:54:19 GMT
last-modified: Wed, 09 Aug 2023 15:15:07 GMT
server: Apache
accept-ranges: bytes
content-length: 2515
vary: User-Agent
content-type: image/jpeg

GET
H2 200 xsml_Radev-ne-priema-ostavkata-na-glavniya-sekretar-na-MVR-Petar-Todorov_1669307279.jpg
epicenter.bg/images/news/112022/thumbs/ 3 KB
3 KB 457ms
280ms Image
image/jpeg 164.138.220.34
SUPERHOSTING_AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://epicenter.bg/images/news/112022/thumbs/xsml_Radev-ne-priema-ostavkata-na-glavniya-sekretar-na-MVR-Petar-Todorov_1669307279.jpg
Requested by: Host: epicenter.bg
URL: https://epicenter.bg/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 164.138.220.34 , Bulgaria, ASN201200 (SUPERHOSTING_AS, BG),
Reverse DNS: epicente.superdnsserver.net
Software: Apache /
Resource Hash: b367927f6f386d4bcb157662e422dc19aa72803f4b4c1ac1400cd1aeacb3f946

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://epicenter.bg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Wed, 30 Aug 2023 13:54:19 GMT
last-modified: Thu, 24 Nov 2022 16:28:00 GMT
server: Apache
accept-ranges: bytes
content-length: 3432
vary: User-Agent
content-type: image/jpeg

GET
H2 200 xsml_Totalen-proval--V-27-uchilishta-sredniyat-uspeh-na-maturata-po-BEL-e-slab-2--v-307---e-pod-sreden-3_1662962101.jpg
epicenter.bg/images/news/92022/thumbs/ 4 KB
4 KB 555ms
89ms Image
image/jpeg 164.138.220.34
SUPERHOSTING_AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://epicenter.bg/images/news/92022/thumbs/xsml_Totalen-proval--V-27-uchilishta-sredniyat-uspeh-na-maturata-po-BEL-e-slab-2--v-307---e-pod-sreden-3_1662962101.jpg
Requested by: Host: epicenter.bg
URL: https://epicenter.bg/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 164.138.220.34 , Bulgaria, ASN201200 (SUPERHOSTING_AS, BG),
Reverse DNS: epicente.superdnsserver.net
Software: Apache /
Resource Hash: a72454bece17a210dd46ab81014c4b9389606ca392f40547c7729381f1becf35

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://epicenter.bg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Wed, 30 Aug 2023 13:54:19 GMT
last-modified: Mon, 12 Sep 2022 05:55:01 GMT
server: Apache
accept-ranges: bytes
content-length: 4444
vary: User-Agent
content-type: image/jpeg

GET
H2 200 xsml_1601235273.jpg
epicenter.bg/images/news/92020/thumbs/ 4 KB
4 KB 557ms
92ms Image
image/jpeg 164.138.220.34
SUPERHOSTING_AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://epicenter.bg/images/news/92020/thumbs/xsml_1601235273.jpg
Requested by: Host: epicenter.bg
URL: https://epicenter.bg/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 164.138.220.34 , Bulgaria, ASN201200 (SUPERHOSTING_AS, BG),
Reverse DNS: epicente.superdnsserver.net
Software: Apache /
Resource Hash: 3ffbcd6104aef277786281dc2d9e81d2f0ae70a9c6f945a0548b8de612bca9b1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://epicenter.bg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Wed, 30 Aug 2023 13:54:19 GMT
last-modified: Sun, 27 Sep 2020 19:34:33 GMT
server: Apache
accept-ranges: bytes
content-length: 3609
vary: User-Agent
content-type: image/jpeg

GET
H2 200 xsml_Goresht-septemvri--Nay-visokite-temperaturi-shte-badat-mezhdu-30-i-35_1693400531.jpg
epicenter.bg/images/news/82023/thumbs/ 5 KB
6 KB 563ms
98ms Image
image/jpeg 164.138.220.34
SUPERHOSTING_AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://epicenter.bg/images/news/82023/thumbs/xsml_Goresht-septemvri--Nay-visokite-temperaturi-shte-badat-mezhdu-30-i-35_1693400531.jpg
Requested by: Host: epicenter.bg
URL: https://epicenter.bg/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 164.138.220.34 , Bulgaria, ASN201200 (SUPERHOSTING_AS, BG),
Reverse DNS: epicente.superdnsserver.net
Software: Apache /
Resource Hash: 14484484f67f5f23795a4bbd2dc62c05aeaf24a71bd74833fb22bb4813d9da6a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://epicenter.bg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Wed, 30 Aug 2023 13:54:19 GMT
last-modified: Wed, 30 Aug 2023 13:02:11 GMT
server: Apache
accept-ranges: bytes
content-length: 5608
vary: User-Agent
content-type: image/jpeg

GET
H2 200 xsml_Pravitelstvot-osiguri-161-miliona-za-uvelichenie-s-10--na-zaplatite-na-politsaite-i-nadziratelite_1693399334.jpg
epicenter.bg/images/news/82023/thumbs/ 4 KB
4 KB 458ms
228ms Image
image/jpeg 164.138.220.34
SUPERHOSTING_AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://epicenter.bg/images/news/82023/thumbs/xsml_Pravitelstvot-osiguri-161-miliona-za-uvelichenie-s-10--na-zaplatite-na-politsaite-i-nadziratelite_1693399334.jpg
Requested by: Host: epicenter.bg
URL: https://epicenter.bg/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 164.138.220.34 , Bulgaria, ASN201200 (SUPERHOSTING_AS, BG),
Reverse DNS: epicente.superdnsserver.net
Software: Apache /
Resource Hash: 597376019e2b74afda434f9e227ddd59d97b9cb1a0b19a5ca3cc5a22c99f077d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://epicenter.bg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Wed, 30 Aug 2023 13:54:19 GMT
last-modified: Wed, 30 Aug 2023 12:42:14 GMT
server: Apache
accept-ranges: bytes
content-length: 3775
vary: User-Agent
content-type: image/jpeg

GET
H2 200 xsml_1637047313.jpg
epicenter.bg/images/news/112021/thumbs/ 3 KB
3 KB 458ms
226ms Image
image/jpeg 164.138.220.34
SUPERHOSTING_AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://epicenter.bg/images/news/112021/thumbs/xsml_1637047313.jpg
Requested by: Host: epicenter.bg
URL: https://epicenter.bg/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 164.138.220.34 , Bulgaria, ASN201200 (SUPERHOSTING_AS, BG),
Reverse DNS: epicente.superdnsserver.net
Software: Apache /
Resource Hash: e57eb62b9440a6e28162f7cb08352c025b418b4e24199bfc14b630eeb8965f51

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://epicenter.bg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Wed, 30 Aug 2023 13:54:19 GMT
last-modified: Tue, 16 Nov 2021 07:21:53 GMT
server: Apache
accept-ranges: bytes
content-length: 3464
vary: User-Agent
content-type: image/jpeg

GET
H2 200 xsml_Vanya-Grigorova--Nyakoi-partiyni-i-lichni-ambitsii-tryabva-da-se-pooberat_1693373772.jpg
epicenter.bg/images/news/82023/thumbs/ 3 KB
3 KB 460ms
222ms Image
image/jpeg 164.138.220.34
SUPERHOSTING_AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://epicenter.bg/images/news/82023/thumbs/xsml_Vanya-Grigorova--Nyakoi-partiyni-i-lichni-ambitsii-tryabva-da-se-pooberat_1693373772.jpg
Requested by: Host: epicenter.bg
URL: https://epicenter.bg/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 164.138.220.34 , Bulgaria, ASN201200 (SUPERHOSTING_AS, BG),
Reverse DNS: epicente.superdnsserver.net
Software: Apache /
Resource Hash: df185a4fd5ce91dd7607f01980b83b5ba9be5d8a41b6ca64735e5f9d8968f5f5

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://epicenter.bg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Wed, 30 Aug 2023 13:54:19 GMT
last-modified: Wed, 30 Aug 2023 05:36:12 GMT
server: Apache
accept-ranges: bytes
content-length: 2947
vary: User-Agent
content-type: image/jpeg

GET
H2 200 xsml_Nikolay-Denkov--NATO-e-nasheto-bomboubezhishte_1691404513.jpg
epicenter.bg/images/news/82023/thumbs/ 3 KB
3 KB 461ms
160ms Image
image/jpeg 164.138.220.34
SUPERHOSTING_AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://epicenter.bg/images/news/82023/thumbs/xsml_Nikolay-Denkov--NATO-e-nasheto-bomboubezhishte_1691404513.jpg
Requested by: Host: epicenter.bg
URL: https://epicenter.bg/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 164.138.220.34 , Bulgaria, ASN201200 (SUPERHOSTING_AS, BG),
Reverse DNS: epicente.superdnsserver.net
Software: Apache /
Resource Hash: aa201b4f1458e5003ca6348860727bf6bc3f8f6c69db61fd89f4cc822f828efa

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://epicenter.bg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Wed, 30 Aug 2023 13:54:19 GMT
last-modified: Mon, 07 Aug 2023 10:35:14 GMT
server: Apache
accept-ranges: bytes
content-length: 3041
vary: User-Agent
content-type: image/jpeg

GET
H2 200 xsml_Vladimir-Panev-i-Borislav-Sandov_1693205371.jpg
epicenter.bg/images/news/82023/thumbs/ 5 KB
5 KB 534ms
228ms Image
image/jpeg 164.138.220.34
SUPERHOSTING_AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://epicenter.bg/images/news/82023/thumbs/xsml_Vladimir-Panev-i-Borislav-Sandov_1693205371.jpg
Requested by: Host: epicenter.bg
URL: https://epicenter.bg/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 164.138.220.34 , Bulgaria, ASN201200 (SUPERHOSTING_AS, BG),
Reverse DNS: epicente.superdnsserver.net
Software: Apache /
Resource Hash: c9177e977a177a0851a15c88ff988c8d065740253eddb44981482b4ed272230e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://epicenter.bg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Wed, 30 Aug 2023 13:54:19 GMT
last-modified: Mon, 28 Aug 2023 06:49:31 GMT
server: Apache
accept-ranges: bytes
content-length: 4753
vary: User-Agent
content-type: image/jpeg

GET
H2 200 LuboStoykov1.jpg
epicenter.bg/images/pics/ 24 KB
24 KB 535ms
229ms Image
image/jpeg 164.138.220.34
SUPERHOSTING_AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://epicenter.bg/images/pics/LuboStoykov1.jpg
Requested by: Host: epicenter.bg
URL: https://epicenter.bg/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 164.138.220.34 , Bulgaria, ASN201200 (SUPERHOSTING_AS, BG),
Reverse DNS: epicente.superdnsserver.net
Software: Apache /
Resource Hash: 7fd41fff1616eb9cd23a9c45ca67214937aa9fffadbd42ce6dee7ab139f71454

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://epicenter.bg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Wed, 30 Aug 2023 13:54:19 GMT
last-modified: Thu, 07 Oct 2021 08:08:52 GMT
server: Apache
accept-ranges: bytes
content-length: 24544
vary: User-Agent
content-type: image/jpeg

GET
H2 200 mobile.png
epicenter.bg/images/pics/ 1 KB
1 KB 539ms
233ms Image
image/png 164.138.220.34
SUPERHOSTING_AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://epicenter.bg/images/pics/mobile.png
Requested by: Host: epicenter.bg
URL: https://epicenter.bg/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 164.138.220.34 , Bulgaria, ASN201200 (SUPERHOSTING_AS, BG),
Reverse DNS: epicente.superdnsserver.net
Software: Apache /
Resource Hash: c7a783467492f519b2645799ebb83ce6ca8dff61402c2909d5f6ee10154576f2

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://epicenter.bg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Wed, 30 Aug 2023 13:54:19 GMT
last-modified: Tue, 24 Nov 2015 11:50:54 GMT
server: Apache
accept-ranges: bytes
content-length: 1365
vary: User-Agent
content-type: image/png

GET
H2 200 rss.png
epicenter.bg/images/pics/ 3 KB
3 KB 631ms
73ms Image
image/png 164.138.220.34
SUPERHOSTING_AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://epicenter.bg/images/pics/rss.png
Requested by: Host: epicenter.bg
URL: https://epicenter.bg/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 164.138.220.34 , Bulgaria, ASN201200 (SUPERHOSTING_AS, BG),
Reverse DNS: epicente.superdnsserver.net
Software: Apache /
Resource Hash: 2df70e50acd55e5c43473e10fe965570290791c4d8aaafeb82c6d33c11c6e8c0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://epicenter.bg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Wed, 30 Aug 2023 13:54:19 GMT
last-modified: Sun, 24 Jul 2016 10:19:17 GMT
server: Apache
accept-ranges: bytes
content-length: 3176
vary: User-Agent
content-type: image/png

GET
H2 200 ecb_logo.png
epicenter.bg/images/pics/ 2 KB
3 KB 633ms
75ms Image
image/png 164.138.220.34
SUPERHOSTING_AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://epicenter.bg/images/pics/ecb_logo.png
Requested by: Host: epicenter.bg
URL: https://epicenter.bg/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 164.138.220.34 , Bulgaria, ASN201200 (SUPERHOSTING_AS, BG),
Reverse DNS: epicente.superdnsserver.net
Software: Apache /
Resource Hash: dd1ed64ffd1462f48130a7ad13018ee8f7cccede02ee4b4e1c904cee3fc54c71

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://epicenter.bg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Wed, 30 Aug 2023 13:54:19 GMT
last-modified: Sat, 03 Jan 2015 23:02:54 GMT
server: Apache
accept-ranges: bytes
content-length: 2550
vary: User-Agent
content-type: image/png

GET
H2 200 wundergroundLogo_4c_rev_horz.png
epicenter.bg/images/pics/ 6 KB
6 KB 618ms
74ms Image
image/png 164.138.220.34
SUPERHOSTING_AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://epicenter.bg/images/pics/wundergroundLogo_4c_rev_horz.png
Requested by: Host: epicenter.bg
URL: https://epicenter.bg/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 164.138.220.34 , Bulgaria, ASN201200 (SUPERHOSTING_AS, BG),
Reverse DNS: epicente.superdnsserver.net
Software: Apache /
Resource Hash: 986454a5c49a1fa0060a598a96a371dab3f83de4b44decdd21726bf5425b9410

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://epicenter.bg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Wed, 30 Aug 2023 13:54:19 GMT
last-modified: Thu, 03 Sep 2015 05:12:30 GMT
server: Apache
accept-ranges: bytes
content-length: 5689
vary: User-Agent
content-type: image/png

GET
H2 200 f.jpg
epicenter.bg/images/pics/ 2 KB
2 KB 535ms
149ms Image
image/jpeg 164.138.220.34
SUPERHOSTING_AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://epicenter.bg/images/pics/f.jpg
Requested by: Host: epicenter.bg
URL: https://epicenter.bg/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 164.138.220.34 , Bulgaria, ASN201200 (SUPERHOSTING_AS, BG),
Reverse DNS: epicente.superdnsserver.net
Software: Apache /
Resource Hash: 4192104ece7528a36131dc1a08fcb1de0b8217f94bebbfc00e7c770c7b9b1ed9

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://epicenter.bg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Wed, 30 Aug 2023 13:54:19 GMT
last-modified: Sun, 14 Dec 2014 15:30:22 GMT
server: Apache
accept-ranges: bytes
content-length: 1846
vary: User-Agent
content-type: image/jpeg

GET
H2 200 y.jpg
epicenter.bg/images/pics/ 2 KB
2 KB 535ms
149ms Image
image/jpeg 164.138.220.34
SUPERHOSTING_AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://epicenter.bg/images/pics/y.jpg
Requested by: Host: epicenter.bg
URL: https://epicenter.bg/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 164.138.220.34 , Bulgaria, ASN201200 (SUPERHOSTING_AS, BG),
Reverse DNS: epicente.superdnsserver.net
Software: Apache /
Resource Hash: 689bc2c7bd3803e1a2f7699c0eedf4da1a4bd431b3f2595dcc867d6fa4474f15

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://epicenter.bg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Wed, 30 Aug 2023 13:54:19 GMT
last-modified: Sun, 14 Dec 2014 15:30:22 GMT
server: Apache
accept-ranges: bytes
content-length: 2117
vary: User-Agent
content-type: image/jpeg

GET
H2 200 jquery.bxslider.min.js Show response
epicenter.bg/ 19 KB
5 KB 75ms
75ms Script
application/javascript 164.138.220.34
SUPERHOSTING_AS

General

Check archive.org

Show headers Download Go to

Full URL: https://epicenter.bg/jquery.bxslider.min.js
Requested by: Host: epicenter.bg
URL: https://epicenter.bg/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 164.138.220.34 , Bulgaria, ASN201200 (SUPERHOSTING_AS, BG),
Reverse DNS: epicente.superdnsserver.net
Software: Apache /
Resource Hash: bb1734d88f563d8e156449f8dcc6f906b53baae1b8503bf458ee5e170b25794b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://epicenter.bg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Wed, 30 Aug 2023 13:54:19 GMT
content-encoding: gzip
last-modified: Sun, 14 Dec 2014 15:30:05 GMT
server: Apache
vary: Accept-Encoding,User-Agent
content-type: application/javascript
accept-ranges: bytes
content-length: 5128

GET
H2 200 jqfloat.min.js Show response
epicenter.bg/ 2 KB
722 B 73ms
73ms Script
application/javascript 164.138.220.34
SUPERHOSTING_AS

General

Check archive.org

Show headers Download Go to

Full URL: https://epicenter.bg/jqfloat.min.js
Requested by: Host: epicenter.bg
URL: https://epicenter.bg/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 164.138.220.34 , Bulgaria, ASN201200 (SUPERHOSTING_AS, BG),
Reverse DNS: epicente.superdnsserver.net
Software: Apache /
Resource Hash: f3af78da1d928290657e104eb70027dd60dc212fdbfd4c3a90e2310a4f1819c6

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://epicenter.bg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Wed, 30 Aug 2023 13:54:19 GMT
content-encoding: gzip
last-modified: Sun, 14 Dec 2014 15:30:04 GMT
server: Apache
vary: Accept-Encoding,User-Agent
content-type: application/javascript
accept-ranges: bytes
content-length: 690

GET
H2 200 mosaic.1.0.1.min.js Show response
epicenter.bg/ 2 KB
805 B 97ms
83ms Script
application/javascript 164.138.220.34
SUPERHOSTING_AS

General

Check archive.org

Show headers Download Go to

Full URL: https://epicenter.bg/mosaic.1.0.1.min.js
Requested by: Host: epicenter.bg
URL: https://epicenter.bg/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 164.138.220.34 , Bulgaria, ASN201200 (SUPERHOSTING_AS, BG),
Reverse DNS: epicente.superdnsserver.net
Software: Apache /
Resource Hash: b6691cf3a7e284d739d3ec756396020c7c3a0d482ce79b7faa08ea03058850c3

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://epicenter.bg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Wed, 30 Aug 2023 13:54:19 GMT
content-encoding: gzip
last-modified: Sun, 11 Jan 2015 12:48:55 GMT
server: Apache
vary: Accept-Encoding,User-Agent
content-type: application/javascript
accept-ranges: bytes
content-length: 750

GET
H2 200 jquery.form.js Show response
epicenter.bg/js/ 26 KB
9 KB 104ms
87ms Script
application/javascript 164.138.220.34
SUPERHOSTING_AS

General

Check archive.org

Show headers Download Go to

Full URL: https://epicenter.bg/js/jquery.form.js
Requested by: Host: epicenter.bg
URL: https://epicenter.bg/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 164.138.220.34 , Bulgaria, ASN201200 (SUPERHOSTING_AS, BG),
Reverse DNS: epicente.superdnsserver.net
Software: Apache /
Resource Hash: 8e38fdcbca5270e830913208c33d6468816dc9632de9996b36a00e7e5f0b696b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://epicenter.bg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Wed, 30 Aug 2023 13:54:19 GMT
content-encoding: gzip
last-modified: Sun, 14 Dec 2014 15:30:05 GMT
server: Apache
vary: Accept-Encoding,User-Agent
content-type: application/javascript
accept-ranges: bytes
content-length: 9108

GET
H2 200 jquery.fancybox.js Show response
epicenter.bg/js/ 48 KB
14 KB 101ms
85ms Script
application/javascript 164.138.220.34
SUPERHOSTING_AS

General

Check archive.org

Show headers Download Go to

Full URL: https://epicenter.bg/js/jquery.fancybox.js
Requested by: Host: epicenter.bg
URL: https://epicenter.bg/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 164.138.220.34 , Bulgaria, ASN201200 (SUPERHOSTING_AS, BG),
Reverse DNS: epicente.superdnsserver.net
Software: Apache /
Resource Hash: 71a6892ef2f97d06bb1da892a5a2870e58bc36ac00b0c932d9e8c23f124d3f76

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://epicenter.bg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Wed, 30 Aug 2023 13:54:19 GMT
content-encoding: gzip
last-modified: Sun, 14 Dec 2014 15:30:05 GMT
server: Apache
vary: Accept-Encoding,User-Agent
content-type: application/javascript
accept-ranges: bytes
content-length: 13923

GET
H2 200 platform.js Show response
apis.google.com/js/ 57 KB
22 KB 97ms
40ms Script
text/javascript 2a00:1450:4001:80b::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://apis.google.com/js/platform.js

Requested by

Host: epicenter.bg
URL: https://epicenter.bg/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e98e1802d6c84b348969c428c14b5eef73dbe33744477d92b7700b7c9777ce62

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/gapi-team
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://epicenter.bg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

content-security-policy: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/gapi-team
content-encoding: gzip
x-content-type-options: nosniff
date: Wed, 30 Aug 2023 13:54:19 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 22284
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="gapi-team"
etag: "6cfc15e737d447ba"
vary: Accept-Encoding
report-to: {"group":"gapi-team","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gapi-team"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: private, max-age=1800, stale-while-revalidate=1800
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 30 Aug 2023 13:54:19 GMT

GET
H2 200 cookieconsent.min.js Show response
epicenter.bg/js/ 4 KB
2 KB 172ms
156ms Script
application/javascript 164.138.220.34
SUPERHOSTING_AS

General

Check archive.org

Show headers Download Go to

Full URL: https://epicenter.bg/js/cookieconsent.min.js
Requested by: Host: epicenter.bg
URL: https://epicenter.bg/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 164.138.220.34 , Bulgaria, ASN201200 (SUPERHOSTING_AS, BG),
Reverse DNS: epicente.superdnsserver.net
Software: Apache /
Resource Hash: 190fc02d8e8f1dd5acc40f48d0d6203e6115eb31e3f47f55db0c3f07797d68f0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://epicenter.bg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Wed, 30 Aug 2023 13:54:19 GMT
content-encoding: gzip
last-modified: Wed, 20 Jan 2021 08:25:14 GMT
server: Apache
vary: Accept-Encoding,User-Agent
content-type: application/javascript
accept-ranges: bytes
content-length: 1946

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 52 KB
21 KB 77ms
20ms Script
text/javascript 2a00:1450:4001:82a::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: epicenter.bg
URL: https://epicenter.bg/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://epicenter.bg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
date: Wed, 30 Aug 2023 13:49:43 GMT
last-modified: Mon, 12 Jun 2023 18:23:07 GMT
server: Golfe2
age: 276
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20994
expires: Wed, 30 Aug 2023 15:49:43 GMT

GET
H2 200 main_Petar-Todorov-obyavyava-ostavkata-si-Kadar--Nova-tv_1693402712.jpg
epicenter.bg/images/news/82023/thumbs/ 42 KB
42 KB 540ms
155ms Image
image/jpeg 164.138.220.34
SUPERHOSTING_AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://epicenter.bg/images/news/82023/thumbs/main_Petar-Todorov-obyavyava-ostavkata-si-Kadar--Nova-tv_1693402712.jpg
Requested by: Host: epicenter.bg
URL: https://epicenter.bg/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 164.138.220.34 , Bulgaria, ASN201200 (SUPERHOSTING_AS, BG),
Reverse DNS: epicente.superdnsserver.net
Software: Apache /
Resource Hash: 0eadcbd7a0c1d5a1accdf273d00dea97f33b83f3a4a7c0c33a62bfe00c12968f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://epicenter.bg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Wed, 30 Aug 2023 13:54:19 GMT
last-modified: Wed, 30 Aug 2023 13:38:32 GMT
server: Apache
accept-ranges: bytes
content-length: 42586
vary: User-Agent
content-type: image/jpeg

GET
H2 200 main_Bozhkov-v-sada_1693064267.jpg
epicenter.bg/images/news/82023/thumbs/ 33 KB
33 KB 534ms
149ms Image
image/jpeg 164.138.220.34
SUPERHOSTING_AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://epicenter.bg/images/news/82023/thumbs/main_Bozhkov-v-sada_1693064267.jpg
Requested by: Host: epicenter.bg
URL: https://epicenter.bg/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 164.138.220.34 , Bulgaria, ASN201200 (SUPERHOSTING_AS, BG),
Reverse DNS: epicente.superdnsserver.net
Software: Apache /
Resource Hash: 40d5731232bcec855d3b848443dea745d22799eddb3101e0af9f949a5e634717

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://epicenter.bg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Wed, 30 Aug 2023 13:54:19 GMT
last-modified: Sat, 26 Aug 2023 15:37:48 GMT
server: Apache
accept-ranges: bytes
content-length: 33331
vary: User-Agent
content-type: image/jpeg

GET
H2 200 main_Radev-ne-priema-ostavkata-na-glavniya-sekretar-na-MVR-Petar-Todorov_1669307279.jpg
epicenter.bg/images/news/112022/thumbs/ 20 KB
20 KB 616ms
73ms Image
image/jpeg 164.138.220.34
SUPERHOSTING_AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://epicenter.bg/images/news/112022/thumbs/main_Radev-ne-priema-ostavkata-na-glavniya-sekretar-na-MVR-Petar-Todorov_1669307279.jpg
Requested by: Host: epicenter.bg
URL: https://epicenter.bg/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 164.138.220.34 , Bulgaria, ASN201200 (SUPERHOSTING_AS, BG),
Reverse DNS: epicente.superdnsserver.net
Software: Apache /
Resource Hash: 354fe5bec457ff5f56e486faeb6921c465ce96a20f49f1bfe49a214f39429daa

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://epicenter.bg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Wed, 30 Aug 2023 13:54:19 GMT
last-modified: Thu, 24 Nov 2022 16:28:00 GMT
server: Apache
accept-ranges: bytes
content-length: 20651
vary: User-Agent
content-type: image/jpeg

GET
H2 200 main_Denkov--Nyama-da-ima-povishenie-na-tsenata-na-toka-_1693379600.png
epicenter.bg/images/news/82023/thumbs/ 788 KB
789 KB 631ms
76ms Image
image/png 164.138.220.34
SUPERHOSTING_AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://epicenter.bg/images/news/82023/thumbs/main_Denkov--Nyama-da-ima-povishenie-na-tsenata-na-toka-_1693379600.png
Requested by: Host: epicenter.bg
URL: https://epicenter.bg/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 164.138.220.34 , Bulgaria, ASN201200 (SUPERHOSTING_AS, BG),
Reverse DNS: epicente.superdnsserver.net
Software: Apache /
Resource Hash: 140ea75986ac0c2de018a883db71d8df32c62d1aa58e2c84ef09a4cef31dc0e0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://epicenter.bg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Wed, 30 Aug 2023 13:54:19 GMT
last-modified: Wed, 30 Aug 2023 07:13:21 GMT
server: Apache
accept-ranges: bytes
content-length: 806930
vary: User-Agent
content-type: image/png

GET
H2 200 main_Energiyniyat-ministar--Napalno-e-vazmozhno-otnovo-da-imame-nestabilnost-v-energiyniya-pazar_1693398819.jpg
epicenter.bg/images/news/82023/thumbs/ 33 KB
33 KB 617ms
74ms Image
image/jpeg 164.138.220.34
SUPERHOSTING_AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://epicenter.bg/images/news/82023/thumbs/main_Energiyniyat-ministar--Napalno-e-vazmozhno-otnovo-da-imame-nestabilnost-v-energiyniya-pazar_1693398819.jpg
Requested by: Host: epicenter.bg
URL: https://epicenter.bg/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 164.138.220.34 , Bulgaria, ASN201200 (SUPERHOSTING_AS, BG),
Reverse DNS: epicente.superdnsserver.net
Software: Apache /
Resource Hash: c870ab904be1212a5c0fdf9a21aaff1270675858dc9b8426fdd6b96928e54640

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://epicenter.bg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Wed, 30 Aug 2023 13:54:19 GMT
last-modified: Wed, 30 Aug 2023 12:33:39 GMT
server: Apache
accept-ranges: bytes
content-length: 34046
vary: User-Agent
content-type: image/jpeg

GET
H2 200 main_1530438289.jpg
epicenter.bg/images/news/72018/thumbs/ 23 KB
23 KB 622ms
79ms Image
image/jpeg 164.138.220.34
SUPERHOSTING_AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://epicenter.bg/images/news/72018/thumbs/main_1530438289.jpg
Requested by: Host: epicenter.bg
URL: https://epicenter.bg/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 164.138.220.34 , Bulgaria, ASN201200 (SUPERHOSTING_AS, BG),
Reverse DNS: epicente.superdnsserver.net
Software: Apache /
Resource Hash: c1fc7f8a5978b9bbbb24483d993b36b04b7c8fa37e761a998d4021ad76d4f6f0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://epicenter.bg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Wed, 30 Aug 2023 13:54:19 GMT
last-modified: Sun, 01 Jul 2018 09:44:49 GMT
server: Apache
accept-ranges: bytes
content-length: 23355
vary: User-Agent
content-type: image/jpeg

GET
H2 200 sml_Karbovski--Shte-smenyate-imeto-na-bolnitsa--Pirogov--Vazroditelen-protses--po-Kiro-i-Asen-_1693395846.jpg
epicenter.bg/images/news/82023/thumbs/ 10 KB
10 KB 617ms
74ms Image
image/jpeg 164.138.220.34
SUPERHOSTING_AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://epicenter.bg/images/news/82023/thumbs/sml_Karbovski--Shte-smenyate-imeto-na-bolnitsa--Pirogov--Vazroditelen-protses--po-Kiro-i-Asen-_1693395846.jpg
Requested by: Host: epicenter.bg
URL: https://epicenter.bg/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 164.138.220.34 , Bulgaria, ASN201200 (SUPERHOSTING_AS, BG),
Reverse DNS: epicente.superdnsserver.net
Software: Apache /
Resource Hash: eed1e62701bf81360e0a5a018ae93465bd69c001f939b2d6d66ac49d6079adb7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://epicenter.bg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Wed, 30 Aug 2023 13:54:19 GMT
last-modified: Wed, 30 Aug 2023 11:44:07 GMT
server: Apache
accept-ranges: bytes
content-length: 10328
vary: User-Agent
content-type: image/jpeg

GET
H2 200 sml_Darzhava-i-medii-se-opitaha-da-sertifitsirat-ekstradatsiyata-na-Bozhkov-kato-dobrovolno-zavrashtane_1693395661.jpg
epicenter.bg/images/news/82023/thumbs/ 8 KB
8 KB 622ms
78ms Image
image/jpeg 164.138.220.34
SUPERHOSTING_AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://epicenter.bg/images/news/82023/thumbs/sml_Darzhava-i-medii-se-opitaha-da-sertifitsirat-ekstradatsiyata-na-Bozhkov-kato-dobrovolno-zavrashtane_1693395661.jpg
Requested by: Host: epicenter.bg
URL: https://epicenter.bg/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 164.138.220.34 , Bulgaria, ASN201200 (SUPERHOSTING_AS, BG),
Reverse DNS: epicente.superdnsserver.net
Software: Apache /
Resource Hash: ae0a668461b4d5577b9d30e01b9694d774eb59b187af3e54e57e680b1cebfac1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://epicenter.bg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Wed, 30 Aug 2023 13:54:19 GMT
last-modified: Wed, 30 Aug 2023 11:41:01 GMT
server: Apache
accept-ranges: bytes
content-length: 8362
vary: User-Agent
content-type: image/jpeg

GET
H2 200 sml_Georgi-Markov_1679054335.jpg
epicenter.bg/images/news/32023/thumbs/ 7 KB
7 KB 539ms
156ms Image
image/jpeg 164.138.220.34
SUPERHOSTING_AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://epicenter.bg/images/news/32023/thumbs/sml_Georgi-Markov_1679054335.jpg
Requested by: Host: epicenter.bg
URL: https://epicenter.bg/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 164.138.220.34 , Bulgaria, ASN201200 (SUPERHOSTING_AS, BG),
Reverse DNS: epicente.superdnsserver.net
Software: Apache /
Resource Hash: 42194a6bc721fed9ad007cb5569c1fcc4fe0a7ebaa4c6a487b6ebb5d8110194f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://epicenter.bg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Wed, 30 Aug 2023 13:54:19 GMT
last-modified: Fri, 17 Mar 2023 11:58:55 GMT
server: Apache
accept-ranges: bytes
content-length: 7529
vary: User-Agent
content-type: image/jpeg

GET
H2 200 Promoanata3.jpg
epicenter.bg/images/pics/ 27 KB
27 KB 536ms
140ms Image
image/jpeg 164.138.220.34
SUPERHOSTING_AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://epicenter.bg/images/pics/Promoanata3.jpg
Requested by: Host: epicenter.bg
URL: https://epicenter.bg/style_new_v2.php?p=&cat_id=
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 164.138.220.34 , Bulgaria, ASN201200 (SUPERHOSTING_AS, BG),
Reverse DNS: epicente.superdnsserver.net
Software: Apache /
Resource Hash: 9099d4c157d9d1f0c6e23d3b7facfc99224a5a80d0ad65e27fbb42c18726f0d0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://epicenter.bg/style_new_v2.php?p=&cat_id=
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Wed, 30 Aug 2023 13:54:19 GMT
last-modified: Fri, 15 Nov 2019 07:57:47 GMT
server: Apache
accept-ranges: bytes
content-length: 27977
vary: User-Agent
content-type: image/jpeg

GET
H2 200 robotocondensed-light-webfont.woff2
epicenter.bg/fonts/ 46 KB
46 KB 384ms
361ms Font
font/woff2 164.138.220.34
SUPERHOSTING_AS

General

Check archive.org

Show headers Download Go to

Full URL: https://epicenter.bg/fonts/robotocondensed-light-webfont.woff2
Requested by: Host: epicenter.bg
URL: https://epicenter.bg/style_new_v2.php?p=&cat_id=
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 164.138.220.34 , Bulgaria, ASN201200 (SUPERHOSTING_AS, BG),
Reverse DNS: epicente.superdnsserver.net
Software: Apache /
Resource Hash: 515ab025e0d19c7c52b8db7c3491a157b2e292a2e94d0b7f72d4bfa0b6713683

Request headers

Referer: https://epicenter.bg/style_new_v2.php?p=&cat_id=
Origin: https://epicenter.bg
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Wed, 30 Aug 2023 13:54:19 GMT
content-encoding: gzip
last-modified: Tue, 01 Sep 2015 15:33:35 GMT
server: Apache
vary: Accept-Encoding,User-Agent
content-type: font/woff2
accept-ranges: bytes
content-length: 47348

GET
H2 200 search.svg
epicenter.bg/images/pics/ 934 B
663 B 542ms
152ms Image
image/svg+xml 164.138.220.34
SUPERHOSTING_AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://epicenter.bg/images/pics/search.svg
Requested by: Host: epicenter.bg
URL: https://epicenter.bg/style_new_v2.php?p=&cat_id=
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 164.138.220.34 , Bulgaria, ASN201200 (SUPERHOSTING_AS, BG),
Reverse DNS: epicente.superdnsserver.net
Software: Apache /
Resource Hash: 6a3cef6f3cc8537d78fd5719c36fa3d4fc3b4323ffe84fc5a50a6aa532efc9ee

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://epicenter.bg/style_new_v2.php?p=&cat_id=
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Wed, 30 Aug 2023 13:54:19 GMT
content-encoding: gzip
last-modified: Wed, 02 Sep 2015 07:55:17 GMT
server: Apache
vary: Accept-Encoding,User-Agent
content-type: image/svg+xml
accept-ranges: bytes
content-length: 572

GET
H2 200 sml_Myastoto-na-Vasil-Terziev-ostana-prazno_1693321800.jpg
epicenter.bg/images/news/82023/thumbs/ 12 KB
12 KB 531ms
142ms Image
image/jpeg 164.138.220.34
SUPERHOSTING_AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://epicenter.bg/images/news/82023/thumbs/sml_Myastoto-na-Vasil-Terziev-ostana-prazno_1693321800.jpg
Requested by: Host: epicenter.bg
URL: https://epicenter.bg/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 164.138.220.34 , Bulgaria, ASN201200 (SUPERHOSTING_AS, BG),
Reverse DNS: epicente.superdnsserver.net
Software: Apache /
Resource Hash: ec0c5a18f6c1f41910379e8d87d82ca6bfda07dc0c974a8c36076e6799ce3dfc

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://epicenter.bg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Wed, 30 Aug 2023 13:54:19 GMT
last-modified: Tue, 29 Aug 2023 15:10:00 GMT
server: Apache
accept-ranges: bytes
content-length: 12703
vary: User-Agent
content-type: image/jpeg

GET
H2 200 sml_Ministarat-na-ikonomikata--Smyanata-na-rakovodstvoto-na-DKK-beshe-neobhodima_1693290014.jpg
epicenter.bg/images/news/82023/thumbs/ 9 KB
9 KB 539ms
151ms Image
image/jpeg 164.138.220.34
SUPERHOSTING_AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://epicenter.bg/images/news/82023/thumbs/sml_Ministarat-na-ikonomikata--Smyanata-na-rakovodstvoto-na-DKK-beshe-neobhodima_1693290014.jpg
Requested by: Host: epicenter.bg
URL: https://epicenter.bg/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 164.138.220.34 , Bulgaria, ASN201200 (SUPERHOSTING_AS, BG),
Reverse DNS: epicente.superdnsserver.net
Software: Apache /
Resource Hash: 2a2fa44e7e53d06372596991a94cbd0480a9f2f8cf3f057e08a8c8ca0ff9306a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://epicenter.bg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Wed, 30 Aug 2023 13:54:19 GMT
last-modified: Tue, 29 Aug 2023 06:20:14 GMT
server: Apache
accept-ranges: bytes
content-length: 9067
vary: User-Agent
content-type: image/jpeg

GET
H2 200 robotocondensed-bold-webfont.woff2
epicenter.bg/fonts/ 47 KB
47 KB 382ms
307ms Font
font/woff2 164.138.220.34
SUPERHOSTING_AS

General

Check archive.org

Show headers Download Go to

Full URL: https://epicenter.bg/fonts/robotocondensed-bold-webfont.woff2
Requested by: Host: epicenter.bg
URL: https://epicenter.bg/style_new_v2.php?p=&cat_id=
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 164.138.220.34 , Bulgaria, ASN201200 (SUPERHOSTING_AS, BG),
Reverse DNS: epicente.superdnsserver.net
Software: Apache /
Resource Hash: 90f19c3cd95066179ee0ca324b39df8e3914408da2a825cee9fab1b9bd2abab9

Request headers

Referer: https://epicenter.bg/style_new_v2.php?p=&cat_id=
Origin: https://epicenter.bg
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Wed, 30 Aug 2023 13:54:19 GMT
content-encoding: gzip
last-modified: Tue, 01 Sep 2015 15:33:35 GMT
server: Apache
vary: Accept-Encoding,User-Agent
content-type: font/woff2
accept-ranges: bytes
content-length: 47844

GET
H2 200 clearsans-regular-webfont.woff2
epicenter.bg/fonts/ 29 KB
29 KB 379ms
304ms Font
font/woff2 164.138.220.34
SUPERHOSTING_AS

General

Check archive.org

Show headers Download Go to

Full URL: https://epicenter.bg/fonts/clearsans-regular-webfont.woff2
Requested by: Host: epicenter.bg
URL: https://epicenter.bg/style_new_v2.php?p=&cat_id=
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 164.138.220.34 , Bulgaria, ASN201200 (SUPERHOSTING_AS, BG),
Reverse DNS: epicente.superdnsserver.net
Software: Apache /
Resource Hash: a0578ad0242b9cb0ed6dc45cb72ed6e6bbbcc86a4c15bf9b956032573391e50e

Request headers

Referer: https://epicenter.bg/style_new_v2.php?p=&cat_id=
Origin: https://epicenter.bg
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Wed, 30 Aug 2023 13:54:19 GMT
content-encoding: gzip
last-modified: Wed, 15 Feb 2017 22:11:50 GMT
server: Apache
vary: Accept-Encoding,User-Agent
content-type: font/woff2
accept-ranges: bytes
content-length: 29383

GET
H2 200 mostlycloudy.png
epicenter.bg/images/weather_icons/ 19 KB
19 KB 662ms
146ms Image
image/png 164.138.220.34
SUPERHOSTING_AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://epicenter.bg/images/weather_icons/mostlycloudy.png
Requested by: Host: epicenter.bg
URL: https://epicenter.bg/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 164.138.220.34 , Bulgaria, ASN201200 (SUPERHOSTING_AS, BG),
Reverse DNS: epicente.superdnsserver.net
Software: Apache /
Resource Hash: 5aa1b5e97a52a8bdc4a369307ecdb143c0823e76f5bdef79dd2a73afe3002d88

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://epicenter.bg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Wed, 30 Aug 2023 13:54:19 GMT
last-modified: Thu, 08 Jan 2015 08:25:17 GMT
server: Apache
accept-ranges: bytes
content-length: 19845
vary: User-Agent
content-type: image/png

GET
H2 200 partlycloudy.png
epicenter.bg/images/weather_icons/ 27 KB
27 KB 662ms
146ms Image
image/png 164.138.220.34
SUPERHOSTING_AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://epicenter.bg/images/weather_icons/partlycloudy.png
Requested by: Host: epicenter.bg
URL: https://epicenter.bg/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 164.138.220.34 , Bulgaria, ASN201200 (SUPERHOSTING_AS, BG),
Reverse DNS: epicente.superdnsserver.net
Software: Apache /
Resource Hash: 6947faf4d8aff56964bd3a3b095297a749f1ccdb6bd80e21d5e28bd19ce6578d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://epicenter.bg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Wed, 30 Aug 2023 13:54:19 GMT
last-modified: Tue, 06 Jan 2015 22:10:33 GMT
server: Apache
accept-ranges: bytes
content-length: 27674
vary: User-Agent
content-type: image/png

GET
H2 200 all.js Show response
connect.facebook.net/bg_BG/ 3 KB
2 KB 84ms
22ms Script
application/x-javascript 2a03:2880:f083:9:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/bg_BG/all.js

Requested by

Host: epicenter.bg
URL: https://epicenter.bg/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f083:9:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

5b48ba80c1d2d47c475ddc48c5d701e4c0fa211a38fe3cfc029acf2379658d1a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://epicenter.bg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
date: Wed, 30 Aug 2023 13:54:19 GMT
content-md5: vEzvCz1GxUiDbpWiCr4TlQ==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 1685
x-fb-debug: If9YQTOFxI9tIkrPbpiyLJFZ4Gnt1bChgKGbly+VtLEUsd9BaN44yJOOh1MAlhY8faBASJfaKUg9uJ0/uABblw==
x-fb-content-md5: 497415ff666a0aa17057ee3d375fe95a
cross-origin-opener-policy: same-origin-allow-popups
etag: "e5ba2416896bc6d2ad94d982a5bab517"
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
origin-agent-cluster: ?0
access-control-expose-headers: X-FB-Content-MD5
cache-control: public,max-age=1200,stale-while-revalidate=3600
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
timing-allow-origin: *
expires: Wed, 30 Aug 2023 14:03:50 GMT

GET
H2 200 main_Dragomir-Draganov-pokazva-nay-tsennite-eksponati-ot-lichniya-si-muzey-v-dve-izlozhbi-za-tsirka_1692553957.jpg
epicenter.bg/images/news/82023/thumbs/ 35 KB
35 KB 663ms
150ms Image
image/jpeg 164.138.220.34
SUPERHOSTING_AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://epicenter.bg/images/news/82023/thumbs/main_Dragomir-Draganov-pokazva-nay-tsennite-eksponati-ot-lichniya-si-muzey-v-dve-izlozhbi-za-tsirka_1692553957.jpg
Requested by: Host: epicenter.bg
URL: https://epicenter.bg/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 164.138.220.34 , Bulgaria, ASN201200 (SUPERHOSTING_AS, BG),
Reverse DNS: epicente.superdnsserver.net
Software: Apache /
Resource Hash: 664fe56291c39c9907c3b6ea1ba76fd7f0172febe8c052807208a0275347065e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://epicenter.bg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Wed, 30 Aug 2023 13:54:19 GMT
last-modified: Sun, 20 Aug 2023 17:52:37 GMT
server: Apache
accept-ranges: bytes
content-length: 36139
vary: User-Agent
content-type: image/jpeg

GET
H2 200 main_Ognyan-Atanasov-preduprezhdava--Ot-1-yanuari-2024-g--smetkite-za-tok-na-grazhdanite-shte-stanat-dvoyni_1693377397.jpg
epicenter.bg/images/news/82023/thumbs/ 28 KB
28 KB 576ms
77ms Image
image/jpeg 164.138.220.34
SUPERHOSTING_AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://epicenter.bg/images/news/82023/thumbs/main_Ognyan-Atanasov-preduprezhdava--Ot-1-yanuari-2024-g--smetkite-za-tok-na-grazhdanite-shte-stanat-dvoyni_1693377397.jpg
Requested by: Host: epicenter.bg
URL: https://epicenter.bg/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 164.138.220.34 , Bulgaria, ASN201200 (SUPERHOSTING_AS, BG),
Reverse DNS: epicente.superdnsserver.net
Software: Apache /
Resource Hash: 740614f9425a4bbc83c53848eb0b26735ac503b5714c49e427b8bf58202139f8

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://epicenter.bg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Wed, 30 Aug 2023 13:54:19 GMT
last-modified: Wed, 30 Aug 2023 06:36:38 GMT
server: Apache
accept-ranges: bytes
content-length: 28747
vary: User-Agent
content-type: image/jpeg

GET
H2 200 main_Karbovski--Shte-smenyate-imeto-na-bolnitsa--Pirogov--Vazroditelen-protses--po-Kiro-i-Asen-_1693395846.jpg
epicenter.bg/images/news/82023/thumbs/ 32 KB
32 KB 506ms
93ms Image
image/jpeg 164.138.220.34
SUPERHOSTING_AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://epicenter.bg/images/news/82023/thumbs/main_Karbovski--Shte-smenyate-imeto-na-bolnitsa--Pirogov--Vazroditelen-protses--po-Kiro-i-Asen-_1693395846.jpg
Requested by: Host: epicenter.bg
URL: https://epicenter.bg/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 164.138.220.34 , Bulgaria, ASN201200 (SUPERHOSTING_AS, BG),
Reverse DNS: epicente.superdnsserver.net
Software: Apache /
Resource Hash: 91405eb5dd272df2cef9ad263658096654b7b0a435b8e3883eb7993ab16a5735

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://epicenter.bg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Wed, 30 Aug 2023 13:54:19 GMT
last-modified: Wed, 30 Aug 2023 11:44:07 GMT
server: Apache
accept-ranges: bytes
content-length: 33174
vary: User-Agent
content-type: image/jpeg

GET
H2 200 main_Filmoviyat-rezhisyor-Kira-Gardnar--chlen-na-SAG-AFTRA--protestira-zaedno-hora-ot-neynata-gildiya-pred-studioto-na--Netfliks--v-Holivud--14-08-2023-g--Snimka--BTA-AP_1693151704.jpg
epicenter.bg/images/news/82023/thumbs/ 40 KB
40 KB 510ms
97ms Image
image/jpeg 164.138.220.34
SUPERHOSTING_AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://epicenter.bg/images/news/82023/thumbs/main_Filmoviyat-rezhisyor-Kira-Gardnar--chlen-na-SAG-AFTRA--protestira-zaedno-hora-ot-neynata-gildiya-pred-studioto-na--Netfliks--v-Holivud--14-08-2023-g--Snimka--BTA-AP_1693151704.jpg
Requested by: Host: epicenter.bg
URL: https://epicenter.bg/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 164.138.220.34 , Bulgaria, ASN201200 (SUPERHOSTING_AS, BG),
Reverse DNS: epicente.superdnsserver.net
Software: Apache /
Resource Hash: 0f1c2fb7eb8559ea84436c8f9ceb5614091b62ca8f684645826a66d73b941786

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://epicenter.bg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Wed, 30 Aug 2023 13:54:19 GMT
last-modified: Sun, 27 Aug 2023 15:55:04 GMT
server: Apache
accept-ranges: bytes
content-length: 41205
vary: User-Agent
content-type: image/jpeg

GET
H2 200 main_Vladimir-Solovyov---Da-unishtozhim-shi-anata-Pribaltika-_1693391374.jpg
epicenter.bg/images/news/82023/thumbs/ 30 KB
30 KB 490ms
140ms Image
image/jpeg 164.138.220.34
SUPERHOSTING_AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://epicenter.bg/images/news/82023/thumbs/main_Vladimir-Solovyov---Da-unishtozhim-shi-anata-Pribaltika-_1693391374.jpg
Requested by: Host: epicenter.bg
URL: https://epicenter.bg/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 164.138.220.34 , Bulgaria, ASN201200 (SUPERHOSTING_AS, BG),
Reverse DNS: epicente.superdnsserver.net
Software: Apache /
Resource Hash: 2af72f792c5989fd70288459bf9c1230619f1fce8693c109d1be6995aac9b7ac

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://epicenter.bg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Wed, 30 Aug 2023 13:54:19 GMT
last-modified: Wed, 30 Aug 2023 10:29:34 GMT
server: Apache
accept-ranges: bytes
content-length: 30609
vary: User-Agent
content-type: image/jpeg

GET
H2 200 main_Nurgyul-Salimova-s-parva-preskonferentsiya-sled-uspeshnoto-si-predstavyane-na-Svetovnata-kupa-v-Baku_1693302132.jpg
epicenter.bg/images/news/82023/thumbs/ 25 KB
25 KB 491ms
141ms Image
image/jpeg 164.138.220.34
SUPERHOSTING_AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://epicenter.bg/images/news/82023/thumbs/main_Nurgyul-Salimova-s-parva-preskonferentsiya-sled-uspeshnoto-si-predstavyane-na-Svetovnata-kupa-v-Baku_1693302132.jpg
Requested by: Host: epicenter.bg
URL: https://epicenter.bg/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 164.138.220.34 , Bulgaria, ASN201200 (SUPERHOSTING_AS, BG),
Reverse DNS: epicente.superdnsserver.net
Software: Apache /
Resource Hash: 05c45bff87b6e095281cfcfc97e2a376aedc8deaac6d9fa336d4044ee4832120

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://epicenter.bg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Wed, 30 Aug 2023 13:54:19 GMT
last-modified: Tue, 29 Aug 2023 09:42:13 GMT
server: Apache
accept-ranges: bytes
content-length: 25441
vary: User-Agent
content-type: image/jpeg

GET
H2 200 main_1563788541.jpg
epicenter.bg/images/news/72019/thumbs/ 33 KB
33 KB 508ms
95ms Image
image/jpeg 164.138.220.34
SUPERHOSTING_AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://epicenter.bg/images/news/72019/thumbs/main_1563788541.jpg
Requested by: Host: epicenter.bg
URL: https://epicenter.bg/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 164.138.220.34 , Bulgaria, ASN201200 (SUPERHOSTING_AS, BG),
Reverse DNS: epicente.superdnsserver.net
Software: Apache /
Resource Hash: 96a181b447e874ab33059737aedb39d87ebfc5790776b8a1f09ea1a56d9e47e4

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://epicenter.bg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Wed, 30 Aug 2023 13:54:19 GMT
last-modified: Mon, 22 Jul 2019 09:42:21 GMT
server: Apache
accept-ranges: bytes
content-length: 33766
vary: User-Agent
content-type: image/jpeg

GET
H2 200 main_1483697687.jpg
epicenter.bg/images/news/12017/thumbs/ 36 KB
36 KB 494ms
88ms Image
image/jpeg 164.138.220.34
SUPERHOSTING_AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://epicenter.bg/images/news/12017/thumbs/main_1483697687.jpg
Requested by: Host: epicenter.bg
URL: https://epicenter.bg/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 164.138.220.34 , Bulgaria, ASN201200 (SUPERHOSTING_AS, BG),
Reverse DNS: epicente.superdnsserver.net
Software: Apache /
Resource Hash: aa5569bd7f8bcc2f9e92fd956db75b4b5eeda9d23adfaa2796944c14ce55e4e6

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://epicenter.bg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Wed, 30 Aug 2023 13:54:19 GMT
last-modified: Fri, 06 Jan 2017 10:14:47 GMT
server: Apache
accept-ranges: bytes
content-length: 37276
vary: User-Agent
content-type: image/jpeg

POST
H2 200 collect Show response
www.google-analytics.com/j/ 16 B
219 B 30ms
29ms XHR
text/plain 2a00:1450:4001:82a::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j101&a=1894434946&t=pageview&_s=1&dl=https%3A%2F%2Fepicenter.bg%2F&ul=en-us&de=UTF-8&dt=%D0%9D%D0%BE%D0%B2%D0%B8%D0%BD%D0%B8%2C%20%D0%90%D0%BD%D0%B0%D0%BB%D0%B8%D0%B7%D0%B8%2C%20%D0%98%D0%BD%D1%82%D0%B5%D1%80%D0%B2%D1%8E%D1%82%D0%B0%20%D0%9A%D0%BE%D0%BC%D0%B5%D0%BD%D1%82%D0%B0%D1%80%D0%B8%20-%20%D0%95%D0%BF%D0%B8%D1%86%D0%B5%D0%BD%D1%82%D1%8A%D1%80&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=IEBAAEABAAAAACAAI~&jid=1079836904&gjid=876302089&cid=2035867739.1693403659&tid=UA-20843231-28&_gid=1216982177.1693403659&_r=1&_slc=1&z=663247877

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

ee31890ceb03021432ed1ec2cf366cfed693658cbe3e2959d82eb421b6ade7ec

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://epicenter.bg/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Wed, 30 Aug 2023 13:54:19 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://epicenter.bg
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 16
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 all.js Show response
connect.facebook.net/bg_BG/ 309 KB
87 KB 45ms
23ms Script
application/x-javascript 2a03:2880:f083:9:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/bg_BG/all.js?hash=7d0c2cfe87cf6a8dcfdac6d8d7a60df9

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/bg_BG/all.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f083:9:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

632d6a19390fca4822340ef4e9096ca38455e9920a43c0ac2e8cbc1bc699ef02

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://epicenter.bg/
Origin: https://epicenter.bg
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
date: Wed, 30 Aug 2023 13:54:19 GMT
content-md5: OzC4LvfOhvIuuEPfraOv2A==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 88821
x-fb-debug: woTC9aov052rww2qfc7cfrWPMgKGUNHy9K1GalAXV7iz2QVvNOyJxCEXhy83Yj3RQ78Q8jLyttwRsBH8JDGfMQ==
x-fb-content-md5: 062da0ea1be50eb71d65be6bf6a6aaec
cross-origin-opener-policy: same-origin-allow-popups
etag: "999cded49531543c664c4ddc5e004d6a"
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: X-FB-Content-MD5
cache-control: public,max-age=31536000,stale-while-revalidate=3600,immutable
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
timing-allow-origin: *
priority: u=3,i
expires: Thu, 29 Aug 2024 13:23:48 GMT

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 1 B
343 B 96ms
28ms XHR
text/plain 2a00:1450:400c:c0c::9c
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j101&tid=UA-20843231-28&cid=2035867739.1693403659&jid=1079836904&gjid=876302089&_gid=1216982177.1693403659&_u=IEBAAEAAAAAAACAAI~&z=1911512842

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c0c::9c Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://epicenter.bg/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Wed, 30 Aug 2023 13:54:19 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://epicenter.bg
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 222 KB
79 KB 90ms
37ms Script
application/javascript 2a00:1450:4001:81c::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-K328L3FRYH&cx=c&_slc=1

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

24b4acf06c060c547c11502d93077b5ecf7aa61256a46475c357e4c62086320b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://epicenter.bg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Wed, 30 Aug 2023 13:54:19 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 80800
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Wed, 30 Aug 2023 13:54:19 GMT

GET
H2 404 bx_loader.gif
epicenter.bg/images/ 189 KB
189 KB 367ms
105ms Image
text/html 164.138.220.34
SUPERHOSTING_AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://epicenter.bg/images/bx_loader.gif
Requested by: Host: epicenter.bg
URL: https://epicenter.bg/jquery.bxslider.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 164.138.220.34 , Bulgaria, ASN201200 (SUPERHOSTING_AS, BG),
Reverse DNS: epicente.superdnsserver.net
Software: Apache /
Resource Hash: ddebc8568fb90d7fcc7965594dbddee3edd66c7d81a22eaee5f4161c7eda5cbd

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://epicenter.bg/jquery.bxslider.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 30 Aug 2023 13:54:19 GMT
content-encoding: gzip
server: Apache
vary: Accept-Encoding,User-Agent
content-type: text/html
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
content-length: 38431
expires: Thu, 19 Nov 1981 08:52:00 GMT

GET
H2 200 controls.png
epicenter.bg/images/ 3 KB
3 KB 504ms
152ms Image
image/png 164.138.220.34
SUPERHOSTING_AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://epicenter.bg/images/controls.png
Requested by: Host: epicenter.bg
URL: https://epicenter.bg/jquery.bxslider.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 164.138.220.34 , Bulgaria, ASN201200 (SUPERHOSTING_AS, BG),
Reverse DNS: epicente.superdnsserver.net
Software: Apache /
Resource Hash: 257206c4fd6bcee36927eb0ef2ba087b5dfc6c9a18df7f8553878bf847616226

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://epicenter.bg/jquery.bxslider.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Wed, 30 Aug 2023 13:54:19 GMT
last-modified: Sat, 05 Sep 2015 18:54:04 GMT
server: Apache
accept-ranges: bytes
content-length: 2806
vary: User-Agent
content-type: image/png

GET
H2 200 controls_slider.png
epicenter.bg/images/ 2 KB
2 KB 414ms
74ms Image
image/png 164.138.220.34
SUPERHOSTING_AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://epicenter.bg/images/controls_slider.png
Requested by: Host: epicenter.bg
URL: https://epicenter.bg/jquery.bxslider.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 164.138.220.34 , Bulgaria, ASN201200 (SUPERHOSTING_AS, BG),
Reverse DNS: epicente.superdnsserver.net
Software: Apache /
Resource Hash: 9c1feb879bfcdf6cf59957c246b61335141d867756c5fb8dfb573472f0ce441c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://epicenter.bg/jquery.bxslider.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Wed, 30 Aug 2023 13:54:19 GMT
last-modified: Wed, 29 Jun 2016 05:56:15 GMT
server: Apache
accept-ranges: bytes
content-length: 1618
vary: User-Agent
content-type: image/png

GET
H2 200 pubads_impl.js Show response
securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202308240101/ 404 KB
127 KB 313ms
22ms Script
text/javascript 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202308240101/pubads_impl.js

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9dfe1f819bb2abd9663550cec9005dc0ed81151f85f2efa7a8a9b1b33aa64f40

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://epicenter.bg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Tue, 29 Aug 2023 17:24:16 GMT
content-encoding: br
x-content-type-options: nosniff
age: 73803
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 129934
x-xss-protection: 0
server: cafe
etag: 17007686020673988365
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, immutable, max-age=31536000
timing-allow-origin: *
expires: Wed, 28 Aug 2024 17:24:16 GMT

GET
H2 200 status
www.facebook.com/x/oauth/ 0
0 91ms
42ms Fetch
text/plain 2a03:2880:f176:84:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/x/oauth/status?client_id=369291243233604&input_token&origin=1&redirect_uri=https%3A%2F%2Fepicenter.bg%2F&sdk=joey&wants_cookie_data=false

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/bg_BG/all.js?hash=7d0c2cfe87cf6a8dcfdac6d8d7a60df9

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f176:84:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://epicenter.bg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

strict-transport-security: max-age=15552000; preload
date: Wed, 30 Aug 2023 13:54:19 GMT
x-content-type-options: nosniff
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 0
pragma: no-cache
x-fb-debug: d0y1pDg5dcaJc+dx/9zqVgLv1Ff65h0ST4+CV6GltxkQ8dvU69gqPAm7e6aJrGzF0g0qSbPvncvHpN3AhG0/VA==
fb-s: unknown
report-to: {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://epicenter.bg
origin-agent-cluster: ?0
access-control-expose-headers: fb-s
cache-control: private, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(self), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(self), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
expires: Sat, 01 Jan 2000 00:00:00 GMT

POST
H2 204 collect
region1.analytics.google.com/g/ 0
251 B 85ms
29ms Ping
text/plain 2001:4860:4802:34::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.analytics.google.com/g/collect?v=2&tid=G-K328L3FRYH&gtm=45je38s0&_p=1894434946&_gaz=1&ul=en-us&sr=1600x1200&cid=2035867739.1693403659&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_eu=ABAI&_s=1&dl=https%3A%2F%2Fepicenter.bg%2F&dt=%D0%9D%D0%BE%D0%B2%D0%B8%D0%BD%D0%B8%2C%20%D0%90%D0%BD%D0%B0%D0%BB%D0%B8%D0%B7%D0%B8%2C%20%D0%98%D0%BD%D1%82%D0%B5%D1%80%D0%B2%D1%8E%D1%82%D0%B0%20%D0%9A%D0%BE%D0%BC%D0%B5%D0%BD%D1%82%D0%B0%D1%80%D0%B8%20-%20%D0%95%D0%BF%D0%B8%D1%86%D0%B5%D0%BD%D1%82%D1%8A%D1%80&sid=1693403659&sct=1&seg=0&en=page_view&_fv=1&_ss=1&_ee=1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-K328L3FRYH&cx=c&_slc=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://epicenter.bg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 30 Aug 2023 13:54:19 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://epicenter.bg
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 collect
stats.g.doubleclick.net/g/ 0
56 B 29ms
28ms Ping
text/plain 2a00:1450:400c:c0c::9c
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://stats.g.doubleclick.net/g/collect?v=2&tid=G-K328L3FRYH&cid=2035867739.1693403659&gtm=45je38s0&aip=1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-K328L3FRYH&cx=c&_slc=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:400c:c0c::9c Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://epicenter.bg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 30 Aug 2023 13:54:19 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://epicenter.bg
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.de/ads/ 42 B
408 B 113ms
60ms Image
image/gif 2a00:1450:4001:831::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-K328L3FRYH&cid=2035867739.1693403659&gtm=45je38s0&aip=1&z=1281350536

Requested by

Host: epicenter.bg
URL: https://epicenter.bg/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://epicenter.bg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 30 Aug 2023 13:54:19 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 292 KB
65 KB 476ms
475ms Fetch
text/plain 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=1449107995011064&correlator=1442372090927376&eid=31077418&output=ldjh&gdfp_req=1&vrg=202308240101&ptt=17&impl=fifs&iu_parts=40805600%2Cep_home_300x(600x250)%2Cep_home_300x250%2Cep_home_728x90%2Cep_home_728x90(10)%2Cep_home_728x90(2)%2Cep_home_728x90(3)%2Cep_home_728x90(4)%2Cep_home_728x90(5)%2Cep_home_728x90(6)%2Cep_home_728x90(7)%2Cep_home_728x90(8)%2Cep_home_728x90(9)%2Cep_home_left_300x(1050%D1%85600x250)%2Cep_home_right_300x(1050%D1%85600x250)%2Cep_home_wallpaper&enc_prev_ius=%2F0%2F1%2C%2F0%2F2%2C%2F0%2F3%2C%2F0%2F4%2C%2F0%2F5%2C%2F0%2F6%2C%2F0%2F7%2C%2F0%2F8%2C%2F0%2F9%2C%2F0%2F10%2C%2F0%2F11%2C%2F0%2F12%2C%2F0%2F13%2C%2F0%2F14%2C%2F0%2F15&prev_iu_szs=300x600%7C300x250%2C300x250%2C728x90%2C728x90%2C728x90%2C728x90%2C728x90%2C728x90%2C728x90%2C728x90%2C728x90%2C728x90%2C300x1050%7C300x600%7C300x250%2C300x1050%7C300x600%7C300x250%2C1x1&ifi=1&sfv=1-0-40&ists=1&sc=1&cookie_enabled=1&abxe=1&dt=1693403660112&lmt=1693396460&adxs=1175%2C1175%2C125%2C125%2C125%2C125%2C125%2C125%2C125%2C125%2C125%2C125%2C125%2C-9%2C-12245933&adys=1722%2C4283%2C860%2C4409%2C4919%2C5443%2C5967%2C6491%2C7015%2C7539%2C8063%2C8587%2C9111%2C-9%2C-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=1%7C2%7C0%7C3%7C4%7C5%7C6%7C7%7C8%7C9%7C10%7C11%7C12%7C-1%7C-1&ucis=1%7C2%7C3%7C4%7C5%7C6%7C7%7C8%7C9%7Ca%7Cb%7Cc%7Cd%7Ce%7Cf&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&u_tz=120&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&nvt=1&url=https%3A%2F%2Fepicenter.bg%2F&vis=1&psz=320x0%7C320x250%7C1030x100%7C970x100%7C970x94%7C970x94%7C970x94%7C970x94%7C970x94%7C970x94%7C970x94%7C970x94%7C970x94%7C0x-1%7C0x0&msz=320x0%7C300x-1%7C728x-1%7C728x-1%7C728x-1%7C728x-1%7C728x-1%7C728x-1%7C728x-1%7C728x-1%7C728x-1%7C728x-1%7C728x-1%7C0x-1%7C0x0&fws=0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C2%2C128&ohw=0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0&ga_vid=2035867739.1693403659&ga_sid=1693403660&ga_hid=1894434946&ga_fc=true&dlt=1693403659150&idt=901&adks=3136120019%2C3450244965%2C2440402088%2C1229952148%2C1723682716%2C2907637184%2C3270259570%2C4073132554%2C3995872811%2C2699268628%2C829495444%2C2065237444%2C1869241598%2C230683782%2C704556567&frm=20

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202308240101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e1d987a655aa95fe73998fde8f00bdef7002115a7a95d849c6d05c1472f0699b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://epicenter.bg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Wed, 30 Aug 2023 13:54:20 GMT
content-encoding: br
x-content-type-options: nosniff
observe-browsing-topics: ?1
google-mediationgroup-id: -2,-2,-2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 65930
x-xss-protection: 0
google-lineitem-id: -1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-2,-2,-2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-2,-2,-2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://epicenter.bg
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html Show response
10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame D1EF 6 KB
3 KB 107ms
29ms Document
text/html 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202308240101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://epicenter.bg/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Wed, 30 Aug 2023 13:54:20 GMT
expires: Thu, 29 Aug 2024 13:54:20 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 light-bottom.css
cdnjs.cloudflare.com/ajax/libs/cookieconsent2/1.0.9/ 3 KB
1 KB 77ms
29ms Stylesheet
text/css 2606:4700::6811:180e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/cookieconsent2/1.0.9/light-bottom.css

Requested by

Host: epicenter.bg
URL: https://epicenter.bg/js/cookieconsent.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:180e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ad0b4b022794192f02d6ae172b4477d1c69d2b8efa979df025b2d7fef16b74c6

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://epicenter.bg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Wed, 30 Aug 2023 13:54:20 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
age: 4193476
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 713
last-modified: Mon, 04 May 2020 16:09:17 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb03e2d-c3d"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=s3tSIXgg8knRpDX3t140hWnU4Smf0cvChBZrh7BC8Tk%2Ftv0ZnOWrG%2BSYXlNcXqHzpCpjSi5blXpu02oT942vr0UMCPMwfbLmW8ZgMQ7u%2BG9Bjbg4hmXTqVhLVXZejEhr3clCYUZA2HTCcYPH3HRTEsOZ"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 7fed866d0c0a4d68-FRA
expires: Mon, 19 Aug 2024 13:54:20 GMT

GET
H2 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 15 KB
12 KB 119ms
70ms XHR
application/json 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=m202308240101&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202308240101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c4d621fc6cf5ab78902f71a7b616ed71de59c239f21027f0abf98c15b0bd0ee2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://epicenter.bg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Wed, 30 Aug 2023 13:54:20 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11736
x-xss-protection: 0

GET
H2 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
7 KB 114ms
65ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202308240101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://epicenter.bg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Wed, 30 Aug 2023 13:54:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Wed, 30 Aug 2023 13:54:20 GMT

GET
H2 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 810E 13 KB
5 KB 22ms
20ms Document
text/html 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://epicenter.bg/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 4108
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Wed, 30 Aug 2023 12:45:52 GMT
expires: Thu, 29 Aug 2024 12:45:52 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 8E27 829 B
1 KB 88ms
32ms Document
text/html 2a00:1450:4001:812::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

6f87db7846cefed9612c3cd6da1bff0745b94a101a72c1265a7d081e475dc6f6

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-1XYuGQmPNK7EcuSbI3pTHw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://epicenter.bg/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=300
content-encoding: gzip
content-length: 536
content-security-policy: script-src 'report-sample' 'nonce-1XYuGQmPNK7EcuSbI3pTHw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Wed, 30 Aug 2023 13:54:20 GMT
expires: Wed, 30 Aug 2023 13:54:20 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H3 200 PkiGnUWInYwTcBYaxbSZywLcc8a-vvuMSHFzAQqrt4s.js Show response
pagead2.googlesyndication.com/bg/ Frame 810E 37 KB
14 KB 65ms
22ms Script
text/javascript 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/PkiGnUWInYwTcBYaxbSZywLcc8a-vvuMSHFzAQqrt4s.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3e48869d45889d8c1370161ac5b499cb02dc73c6bebefb8c487173010aabb78b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Wed, 30 Aug 2023 13:43:49 GMT
content-encoding: br
x-content-type-options: nosniff
age: 631
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14710
x-xss-protection: 0
last-modified: Tue, 22 Aug 2023 10:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 29 Aug 2024 13:43:49 GMT

GET
H2 200 container.html Show response
10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 9E9F 6 KB
3 KB 22ms
21ms Document
text/html 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202308240101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://epicenter.bg/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Wed, 30 Aug 2023 13:54:20 GMT
expires: Thu, 29 Aug 2024 13:54:20 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 container.html Show response
10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 2F46 6 KB
3 KB 21ms
20ms Document
text/html 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202308240101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://epicenter.bg/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Wed, 30 Aug 2023 13:54:20 GMT
expires: Thu, 29 Aug 2024 13:54:20 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 container.html Show response
10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame BD87 6 KB
3 KB 21ms
20ms Document
text/html 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202308240101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://epicenter.bg/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Wed, 30 Aug 2023 13:54:20 GMT
expires: Thu, 29 Aug 2024 13:54:20 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 container.html Show response
10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 22A0 6 KB
3 KB 50ms
28ms Document
text/html 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202308240101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://epicenter.bg/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Wed, 30 Aug 2023 13:54:20 GMT
expires: Thu, 29 Aug 2024 13:54:20 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 container.html Show response
10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 05AB 6 KB
3 KB 52ms
30ms Document
text/html 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202308240101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://epicenter.bg/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Wed, 30 Aug 2023 13:54:20 GMT
expires: Thu, 29 Aug 2024 13:54:20 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 container.html Show response
10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 2BC1 6 KB
3 KB 54ms
34ms Document
text/html 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202308240101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://epicenter.bg/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Wed, 30 Aug 2023 13:54:20 GMT
expires: Thu, 29 Aug 2024 13:54:20 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 container.html Show response
10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame EAC8 6 KB
3 KB 51ms
36ms Document
text/html 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202308240101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://epicenter.bg/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Wed, 30 Aug 2023 13:54:20 GMT
expires: Thu, 29 Aug 2024 13:54:20 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 container.html Show response
10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 1425 6 KB
3 KB 52ms
38ms Document
text/html 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202308240101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://epicenter.bg/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Wed, 30 Aug 2023 13:54:20 GMT
expires: Thu, 29 Aug 2024 13:54:20 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 container.html Show response
10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame A54E 6 KB
3 KB 51ms
38ms Document
text/html 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202308240101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://epicenter.bg/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Wed, 30 Aug 2023 13:54:20 GMT
expires: Thu, 29 Aug 2024 13:54:20 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 container.html Show response
10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame AE73 6 KB
3 KB 70ms
58ms Document
text/html 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202308240101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://epicenter.bg/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Wed, 30 Aug 2023 13:54:20 GMT
expires: Thu, 29 Aug 2024 13:54:20 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 container.html Show response
10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 9E07 6 KB
3 KB 50ms
39ms Document
text/html 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202308240101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://epicenter.bg/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Wed, 30 Aug 2023 13:54:20 GMT
expires: Thu, 29 Aug 2024 13:54:20 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 container.html Show response
10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 5564 6 KB
3 KB 49ms
39ms Document
text/html 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202308240101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://epicenter.bg/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Wed, 30 Aug 2023 13:54:20 GMT
expires: Thu, 29 Aug 2024 13:54:20 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 8E27 0
0 121ms
120ms Image
text/html 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gpt_m202308240101&jk=1449107995011064&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

GET
H2 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 2150 624 B
826 B 116ms
63ms Document
text/html 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxia77vGATAB&v=APEucNUoSZE7h5gIxIto9_p9XHdQiQSIt9pE0ntcsnOmGPIk55E0GUrDjxbd6q73HsfXrAumEa7aMDUQ6xmc6EIkgY1gs3zq9hXpOEOtQgYq5YspDWSwv95u5O9cZHxt0TjAAYUPHHsWdr94mD6lORlaMOFrKTLjjqrCfN6esbzZptwe-a66p4w

Requested by

Host: 10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com
URL: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 222
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 30 Aug 2023 13:54:20 GMT
expires: Wed, 30 Aug 2023 13:54:20 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 dv3.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame 9E9F 86 KB
29 KB 94ms
93ms Script
text/javascript 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/dv3.js

Requested by

Host: 10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com
URL: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

09309ddb733a7c98fba0d2d5a245e3eea11f6eedae44ca55f08027659a614d14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Wed, 30 Aug 2023 13:54:20 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 30167
x-xss-protection: 0
server: cafe
etag: 12949109546734229676
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=600
timing-allow-origin: *
expires: Wed, 30 Aug 2023 13:54:20 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 9E9F 42 B
63 B 121ms
120ms Image
image/gif 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-DMDhPAKT13OBQcM-F9npR1fKL1E18kwQ9bDb-bywKML3W6TGJ90SEHb90LYn-OagOARqau3YV0kMchxA-DeLqoZ4o9vj-cJ2pECmYv0GQnNwDS74Q

Requested by

Host: 10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com
URL: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 30 Aug 2023 13:54:20 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 9E9F 0
20 B 121ms
120ms Image
image/gif 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=fetch&cor=15115443121410339558&x=1&ct=77

Requested by

Host: 10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com
URL: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 30 Aug 2023 13:54:20 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230828/r20110914/client/ Frame 9E9F 3 KB
1 KB 23ms
22ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230828/r20110914/client/window_focus_fy2021.js

Requested by

Host: 10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com
URL: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Wed, 30 Aug 2023 08:51:48 GMT
content-encoding: br
x-content-type-options: nosniff
age: 18152
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 13 Sep 2023 08:51:48 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230828/r20110914/client/ Frame 9E9F 20 KB
8 KB 24ms
23ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230828/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: 10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com
URL: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b1fe6456a4e2d8871862a70a1d1ad7dee8887643ee994ad850ee0a30072cfbd2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Tue, 29 Aug 2023 13:56:07 GMT
content-encoding: br
x-content-type-options: nosniff
age: 86293
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8273
x-xss-protection: 0
server: cafe
etag: 16365778639179992903
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 12 Sep 2023 13:56:07 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 9E9F 181 KB
57 KB 398ms
396ms Script
text/javascript 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com
URL: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

508ecc51e1ebdc0798b41ab754e78fcfb51c0f573fd1a72195fee5020785841b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Wed, 30 Aug 2023 13:54:21 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 57780
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1693222425768293"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 30 Aug 2023 13:54:21 GMT

GET
H2 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 0207 624 B
505 B 107ms
65ms Document
text/html 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxjbobvGATAB&v=APEucNVvNXephjybtEpoTyvC1qeAJpx2KlByuZ9oWMot6gGVSGBErlpTAFUnSOcAXDjkzAyXRJhrW4RXrmokE-S78xKeS2SKfw_bfhpmfb2jWmH1kTNN73xa_zQqZ2wpHo9Du9HOE7ImLA7EY8x5TPvIA2n9mUSe2kbsbvzGzNGI7JNrTehchVs

Requested by

Host: 10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com
URL: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 222
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 30 Aug 2023 13:54:20 GMT
expires: Wed, 30 Aug 2023 13:54:20 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 dv3.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame 2F46 86 KB
29 KB 201ms
187ms Script
text/javascript 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/dv3.js

Requested by

Host: 10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com
URL: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

09309ddb733a7c98fba0d2d5a245e3eea11f6eedae44ca55f08027659a614d14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Wed, 30 Aug 2023 13:54:21 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 30167
x-xss-protection: 0
server: cafe
etag: 12949109546734229676
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=600
timing-allow-origin: *
expires: Wed, 30 Aug 2023 13:54:21 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 2F46 42 B
63 B 134ms
120ms Image
image/gif 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-CL99TMepGlzmp7B33yU87Xp8gyQNUTJiNdk5tnz9qoOxWySj0QFVheSMsZwPYJOFyjOFWH2wSSURgQKpaFS8hu3jmGRJDZOqnFdx2ACrFeZ9OJtqY

Requested by

Host: 10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com
URL: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 30 Aug 2023 13:54:20 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 2F46 0
20 B 134ms
120ms Image
image/gif 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=fetch&cor=13609989718639352568&x=1&ct=77

Requested by

Host: 10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com
URL: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 30 Aug 2023 13:54:20 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230828/r20110914/client/ Frame 2F46 3 KB
1 KB 34ms
20ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230828/r20110914/client/window_focus_fy2021.js

Requested by

Host: 10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com
URL: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Wed, 30 Aug 2023 08:51:48 GMT
content-encoding: br
x-content-type-options: nosniff
age: 18152
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 13 Sep 2023 08:51:48 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230828/r20110914/client/ Frame 2F46 20 KB
8 KB 35ms
21ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230828/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: 10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com
URL: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b1fe6456a4e2d8871862a70a1d1ad7dee8887643ee994ad850ee0a30072cfbd2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Tue, 29 Aug 2023 13:56:07 GMT
content-encoding: br
x-content-type-options: nosniff
age: 86293
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8273
x-xss-protection: 0
server: cafe
etag: 16365778639179992903
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 12 Sep 2023 13:56:07 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 2F46 181 KB
57 KB 372ms
354ms Script
text/javascript 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com
URL: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

508ecc51e1ebdc0798b41ab754e78fcfb51c0f573fd1a72195fee5020785841b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Wed, 30 Aug 2023 13:54:21 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 57780
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1693222425768293"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 30 Aug 2023 13:54:21 GMT

GET
H2 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame C32C 624 B
505 B 103ms
64ms Document
text/html 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxj-rbvGATAB&v=APEucNXSMkhJzPzJ5TyCLk7yCiwJw8orOSD5Iw0LaTGN_JfxavRDdge0gM0htyUBgW16_rbZg9tkxj8vi3Hr81AWO1mKlt_ANJOIGx7MFZXUdtZFJfWaVFYSnk0FHBm6_lJY2qWyJTX9k08BWRxElW6A4nlVaB-myzJZ75bpPDZVg1BhoPwjrCk

Requested by

Host: 10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com
URL: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 222
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 30 Aug 2023 13:54:20 GMT
expires: Wed, 30 Aug 2023 13:54:20 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 dv3.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame BD87 86 KB
29 KB 213ms
202ms Script
text/javascript 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/dv3.js

Requested by

Host: 10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com
URL: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

09309ddb733a7c98fba0d2d5a245e3eea11f6eedae44ca55f08027659a614d14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Wed, 30 Aug 2023 13:54:21 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 30167
x-xss-protection: 0
server: cafe
etag: 12949109546734229676
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=600
timing-allow-origin: *
expires: Wed, 30 Aug 2023 13:54:21 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame BD87 42 B
63 B 130ms
120ms Image
image/gif 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-Bo5oZWu2frI1tkRVWvHwvM2TGQNwhSjQ_eTdqplgM3K7wXxNYBaJegR1U02mDqmGi-HSMBy-NT1f10aIbm31EaNFsLJr3CNxw0Fk0rYx3nbX6lKJg

Requested by

Host: 10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com
URL: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 30 Aug 2023 13:54:20 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame BD87 0
20 B 129ms
119ms Image
image/gif 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=fetch&cor=13207843948640830219&x=1&ct=77

Requested by

Host: 10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com
URL: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 30 Aug 2023 13:54:20 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230828/r20110914/client/ Frame BD87 3 KB
1 KB 38ms
28ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230828/r20110914/client/window_focus_fy2021.js

Requested by

Host: 10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com
URL: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Wed, 30 Aug 2023 08:51:48 GMT
content-encoding: br
x-content-type-options: nosniff
age: 18152
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 13 Sep 2023 08:51:48 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230828/r20110914/client/ Frame BD87 20 KB
8 KB 36ms
26ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230828/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: 10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com
URL: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b1fe6456a4e2d8871862a70a1d1ad7dee8887643ee994ad850ee0a30072cfbd2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Tue, 29 Aug 2023 13:56:07 GMT
content-encoding: br
x-content-type-options: nosniff
age: 86293
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8273
x-xss-protection: 0
server: cafe
etag: 16365778639179992903
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 12 Sep 2023 13:56:07 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame BD87 181 KB
57 KB 365ms
352ms Script
text/javascript 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com
URL: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

508ecc51e1ebdc0798b41ab754e78fcfb51c0f573fd1a72195fee5020785841b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Wed, 30 Aug 2023 13:54:21 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 57780
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1693222425768293"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 30 Aug 2023 13:54:21 GMT

GET
H2 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame DDDE 624 B
527 B 90ms
88ms Document
text/html 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxj-rbvGATAB&v=APEucNWsAb1HSW1pi3AZEmQC4va5em9SHS50HQkPk4ZN4XGPo9dSRGfkbaLRgXhYGbYS8YbmZ2yhSJUOa1QHzln9XBKHXIHWwl8SeJ9KIXeTwzvfQyvqJ6gR9HCZVEeHYf1XZv-MLVZqjSOFDrXShR1dfeOUMvwv7Vk8K4JmA0XR0PxBfcRc07c

Requested by

Host: 10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com
URL: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 222
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 30 Aug 2023 13:54:21 GMT
expires: Wed, 30 Aug 2023 13:54:21 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 dv3.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame 22A0 86 KB
29 KB 127ms
127ms Script
text/javascript 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/dv3.js

Requested by

Host: 10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com
URL: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

09309ddb733a7c98fba0d2d5a245e3eea11f6eedae44ca55f08027659a614d14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Wed, 30 Aug 2023 13:54:21 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 30167
x-xss-protection: 0
server: cafe
etag: 12949109546734229676
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=600
timing-allow-origin: *
expires: Wed, 30 Aug 2023 13:54:21 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 22A0 42 B
63 B 155ms
153ms Image
image/gif 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-A0b4QmNOcavMyFMRCUd7Ys0BblZURJnmeYNiLQQnHOwJGb-Cx2Tf12fmBVII9OAKvAx1aolvjj722JcTVecdXHNVo-uKY-XWZhtPEjHOuW15tYnjE

Requested by

Host: 10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com
URL: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 30 Aug 2023 13:54:21 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 22A0 0
20 B 154ms
152ms Image
image/gif 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=fetch&cor=3755509232437121216&x=1&ct=77

Requested by

Host: 10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com
URL: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 30 Aug 2023 13:54:21 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230828/r20110914/client/ Frame 22A0 3 KB
1 KB 26ms
24ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230828/r20110914/client/window_focus_fy2021.js

Requested by

Host: 10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com
URL: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Wed, 30 Aug 2023 08:51:48 GMT
content-encoding: br
x-content-type-options: nosniff
age: 18152
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 13 Sep 2023 08:51:48 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230828/r20110914/client/ Frame 22A0 20 KB
8 KB 27ms
25ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230828/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: 10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com
URL: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b1fe6456a4e2d8871862a70a1d1ad7dee8887643ee994ad850ee0a30072cfbd2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Tue, 29 Aug 2023 13:56:07 GMT
content-encoding: br
x-content-type-options: nosniff
age: 86293
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8273
x-xss-protection: 0
server: cafe
etag: 16365778639179992903
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 12 Sep 2023 13:56:07 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 22A0 181 KB
56 KB 182ms
180ms Script
text/javascript 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com
URL: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

508ecc51e1ebdc0798b41ab754e78fcfb51c0f573fd1a72195fee5020785841b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Wed, 30 Aug 2023 13:54:21 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 57780
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1693222425768293"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 30 Aug 2023 13:54:21 GMT

GET
H2 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 9DC1 624 B
506 B 83ms
82ms Document
text/html 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxj-rbvGATAB&v=APEucNUD4KvDljg-MbnVGIBT12-wyqgRhJFafW7fzRgQFMgbulrTf30BplCi_MOkwUWOZM8GHQA3_EKeRQ8Ky00gSN4xOiLgKUS1Sq5NzjPa7_YfKPuS8EmPQrEx1pI24iYVLOmXy4q7B1guBszrUcnFclBaj2ED39YGkMhu2giQl1CyFjoY5Ow

Requested by

Host: 10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com
URL: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 222
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 30 Aug 2023 13:54:21 GMT
expires: Wed, 30 Aug 2023 13:54:21 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 dv3.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame 05AB 86 KB
29 KB 187ms
186ms Script
text/javascript 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/dv3.js

Requested by

Host: 10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com
URL: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

09309ddb733a7c98fba0d2d5a245e3eea11f6eedae44ca55f08027659a614d14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Wed, 30 Aug 2023 13:54:21 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 30167
x-xss-protection: 0
server: cafe
etag: 12949109546734229676
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=600
timing-allow-origin: *
expires: Wed, 30 Aug 2023 13:54:21 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 05AB 42 B
63 B 142ms
141ms Image
image/gif 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-Cm3y0bM8Hh7zpLTIwKfuKzzANmUsHDjgZl1AbyQt_rcu7U3kK2YrjVncWrt9QNj4rJ1AKnx7dreVD6BU1HE5QRXz4wf5GY2NqT0ndiPfu0zRncWDc

Requested by

Host: 10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com
URL: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 30 Aug 2023 13:54:21 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 05AB 0
20 B 143ms
142ms Image
image/gif 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=fetch&cor=10817292458346823848&x=1&ct=77

Requested by

Host: 10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com
URL: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 30 Aug 2023 13:54:21 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230828/r20110914/client/ Frame 05AB 3 KB
1 KB 30ms
29ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230828/r20110914/client/window_focus_fy2021.js

Requested by

Host: 10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com
URL: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Wed, 30 Aug 2023 08:51:48 GMT
content-encoding: br
x-content-type-options: nosniff
age: 18153
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 13 Sep 2023 08:51:48 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230828/r20110914/client/ Frame 05AB 20 KB
8 KB 31ms
30ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230828/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: 10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com
URL: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b1fe6456a4e2d8871862a70a1d1ad7dee8887643ee994ad850ee0a30072cfbd2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Tue, 29 Aug 2023 13:56:07 GMT
content-encoding: br
x-content-type-options: nosniff
age: 86294
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8273
x-xss-protection: 0
server: cafe
etag: 16365778639179992903
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 12 Sep 2023 13:56:07 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 05AB 181 KB
56 KB 235ms
234ms Script
text/javascript 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com
URL: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

508ecc51e1ebdc0798b41ab754e78fcfb51c0f573fd1a72195fee5020785841b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Wed, 30 Aug 2023 13:54:21 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 57780
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1693222425768293"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 30 Aug 2023 13:54:21 GMT

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame 810E 0
10 B 25ms
25ms Image
text/plain 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?8MRN1w
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Wed, 30 Aug 2023 13:54:21 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H2 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 9B98 624 B
285 B 74ms
64ms Document
text/html 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxj-rbvGATAB&v=APEucNUmk9K-8OcHr31DmhCcjUlhZAjQwoNsXBkR_Men2HUa6NLJ1QIH1VwA-V_Xy6YevV2q3dM_FcK-UR-35ivFpMmdpizgjYPWv6_bvI8jOnNig7zqsxtaElrEDz5eXFVuup7vkldRPxuBqHrago0g6YvvWVqGdQE3HKRe2sPxPOb-a50sgAI

Requested by

Host: 10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com
URL: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: br
content-length: 222
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 30 Aug 2023 13:54:21 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 dv3.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame 2BC1 86 KB
29 KB 171ms
163ms Script
text/javascript 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/dv3.js

Requested by

Host: 10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com
URL: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

09309ddb733a7c98fba0d2d5a245e3eea11f6eedae44ca55f08027659a614d14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Wed, 30 Aug 2023 13:54:21 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 30167
x-xss-protection: 0
server: cafe
etag: 12949109546734229676
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=600
timing-allow-origin: *
expires: Wed, 30 Aug 2023 13:54:21 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 2BC1 42 B
63 B 127ms
119ms Image
image/gif 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-D0jFffGspcUbJ6J8RTuc7lD3oObgeytf6PjitwhRyY2yuie8fEhFu-3QrEIWiZYSGK5vzLSxUoMlTjV6h30JCg-2OeaNFFKIgUxWJeI9COLjiVGYs

Requested by

Host: 10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com
URL: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 30 Aug 2023 13:54:21 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 2BC1 0
20 B 127ms
119ms Image
image/gif 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=fetch&cor=1310444133649392459&x=1&ct=77

Requested by

Host: 10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com
URL: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 30 Aug 2023 13:54:21 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230828/r20110914/client/ Frame 2BC1 3 KB
1 KB 28ms
20ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230828/r20110914/client/window_focus_fy2021.js

Requested by

Host: 10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com
URL: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Wed, 30 Aug 2023 08:51:48 GMT
content-encoding: br
x-content-type-options: nosniff
age: 18153
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 13 Sep 2023 08:51:48 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230828/r20110914/client/ Frame 2BC1 20 KB
8 KB 30ms
22ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230828/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: 10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com
URL: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b1fe6456a4e2d8871862a70a1d1ad7dee8887643ee994ad850ee0a30072cfbd2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Tue, 29 Aug 2023 13:56:07 GMT
content-encoding: br
x-content-type-options: nosniff
age: 86294
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8273
x-xss-protection: 0
server: cafe
etag: 16365778639179992903
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 12 Sep 2023 13:56:07 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 2BC1 181 KB
56 KB 201ms
193ms Script
text/javascript 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com
URL: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

508ecc51e1ebdc0798b41ab754e78fcfb51c0f573fd1a72195fee5020785841b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Wed, 30 Aug 2023 13:54:21 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 57780
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1693222425768293"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 30 Aug 2023 13:54:21 GMT

GET
H2 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 84F8 624 B
285 B 74ms
64ms Document
text/html 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxj-rbvGATAB&v=APEucNVYtsfApdx5VJ3SYKWm1iYT1NbRxpUi7aDIU9btFnxDbFuvIm3tpgyV5w0mjVJ8bvH9mcCpAWQ6YJrogaXi4ty0dB4oFiYAuqQBTBWoLa4_GuQS2T8r-BU6Wg6cNObo-z_sDQI5lBIlC50G3xsl3f1SLzJps3VeNBmTMS8E5nIo7VX-GFo

Requested by

Host: 10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com
URL: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: br
content-length: 222
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 30 Aug 2023 13:54:21 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 dv3.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame EAC8 86 KB
29 KB 182ms
175ms Script
text/javascript 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/dv3.js

Requested by

Host: 10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com
URL: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

09309ddb733a7c98fba0d2d5a245e3eea11f6eedae44ca55f08027659a614d14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Wed, 30 Aug 2023 13:54:21 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 30167
x-xss-protection: 0
server: cafe
etag: 12949109546734229676
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=600
timing-allow-origin: *
expires: Wed, 30 Aug 2023 13:54:21 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame EAC8 42 B
63 B 127ms
120ms Image
image/gif 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-Db-BiCZeIErMg_QapPnkqitNecUGELg32riZo66x9tyZD0e7iziQEOcNo-atYIk7t_PMQou-jBPRFnWXv2qkCzyQNqP5QUeFuG8PsOOHmqyqAi2sU

Requested by

Host: 10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com
URL: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 30 Aug 2023 13:54:21 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame EAC8 0
20 B 126ms
119ms Image
image/gif 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=fetch&cor=3826551579037500484&x=1&ct=77

Requested by

Host: 10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com
URL: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 30 Aug 2023 13:54:21 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230828/r20110914/client/ Frame EAC8 3 KB
1 KB 32ms
25ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230828/r20110914/client/window_focus_fy2021.js

Requested by

Host: 10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com
URL: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Wed, 30 Aug 2023 08:51:48 GMT
content-encoding: br
x-content-type-options: nosniff
age: 18153
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 13 Sep 2023 08:51:48 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230828/r20110914/client/ Frame EAC8 20 KB
8 KB 33ms
26ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230828/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: 10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com
URL: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b1fe6456a4e2d8871862a70a1d1ad7dee8887643ee994ad850ee0a30072cfbd2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Tue, 29 Aug 2023 13:56:07 GMT
content-encoding: br
x-content-type-options: nosniff
age: 86294
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8273
x-xss-protection: 0
server: cafe
etag: 16365778639179992903
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 12 Sep 2023 13:56:07 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame EAC8 181 KB
56 KB 223ms
216ms Script
text/javascript 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com
URL: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

508ecc51e1ebdc0798b41ab754e78fcfb51c0f573fd1a72195fee5020785841b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Wed, 30 Aug 2023 13:54:21 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 57780
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1693222425768293"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 30 Aug 2023 13:54:21 GMT

GET
H2 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame CC36 624 B
285 B 73ms
66ms Document
text/html 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxj-rbvGATAB&v=APEucNVvbfaUge5KcC3XLndKjkhBUDyl7ukEjSLGvl6ncM54MRzB_2DE1E6eU5RfDm2bwGCnJKa0v-fEE806nDhrYMRaNRAAQ1kuaEXEa4ilow0Eny9de5AtoWVnTkKm24OMTWvmtXh-ISF95XZpxt2moJrcEqNUwfHu9ABUEtEDa1xMoi-Azyk

Requested by

Host: 10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com
URL: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: br
content-length: 222
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 30 Aug 2023 13:54:21 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 dv3.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame 1425 86 KB
29 KB 155ms
149ms Script
text/javascript 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/dv3.js

Requested by

Host: 10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com
URL: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

09309ddb733a7c98fba0d2d5a245e3eea11f6eedae44ca55f08027659a614d14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Wed, 30 Aug 2023 13:54:21 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 30167
x-xss-protection: 0
server: cafe
etag: 12949109546734229676
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=600
timing-allow-origin: *
expires: Wed, 30 Aug 2023 13:54:21 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 1425 42 B
63 B 127ms
121ms Image
image/gif 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-B4EtRMv8X8oHUVc1Jxz8gKFS2grnVy3TFjUMt5CWxPNMirxyNj3qYd_6lP3ljNwZ_SO_tSOonsOCIg5yU3dDUQFvWvsvVbmR_ZiR4DjScZ0BpRi8k

Requested by

Host: 10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com
URL: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 30 Aug 2023 13:54:21 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 1425 0
20 B 128ms
122ms Image
image/gif 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=fetch&cor=15613628907982101793&x=1&ct=77

Requested by

Host: 10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com
URL: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 30 Aug 2023 13:54:21 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230828/r20110914/client/ Frame 1425 3 KB
1 KB 34ms
28ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230828/r20110914/client/window_focus_fy2021.js

Requested by

Host: 10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com
URL: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Wed, 30 Aug 2023 08:51:48 GMT
content-encoding: br
x-content-type-options: nosniff
age: 18153
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 13 Sep 2023 08:51:48 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230828/r20110914/client/ Frame 1425 20 KB
8 KB 32ms
26ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230828/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: 10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com
URL: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b1fe6456a4e2d8871862a70a1d1ad7dee8887643ee994ad850ee0a30072cfbd2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Tue, 29 Aug 2023 13:56:07 GMT
content-encoding: br
x-content-type-options: nosniff
age: 86294
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8273
x-xss-protection: 0
server: cafe
etag: 16365778639179992903
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 12 Sep 2023 13:56:07 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 1425 181 KB
56 KB 199ms
193ms Script
text/javascript 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com
URL: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

508ecc51e1ebdc0798b41ab754e78fcfb51c0f573fd1a72195fee5020785841b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Wed, 30 Aug 2023 13:54:21 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 57780
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1693222425768293"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 30 Aug 2023 13:54:21 GMT

GET
H2 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 6C85 640 B
308 B 62ms
60ms Document
text/html 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxj-rbvGATAB&v=APEucNU2E9ePQP2XAzMUk6ES1kodmMkfr9YAWbt8-5GCEDpISVOzgAkS_eEMQAYyE0IW79r-Ly0lrUp67f1S0RX1TBPQqtI_2BBTgo4Utt79HHZCtGSp49ddAdSwjjIpeKPeTQrrRmvY62-FiuJZk_HsecmeZNi1-Vj4yTsZkxalfIIM6RoMgy8

Requested by

Host: 10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com
URL: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d0e8821e889280c3b745b859e6b3971924723a4562bac65ba8aa0fe44bfc83b2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: br
content-length: 242
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 30 Aug 2023 13:54:21 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 dv3.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame A54E 86 KB
29 KB 155ms
155ms Script
text/javascript 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/dv3.js

Requested by

Host: 10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com
URL: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

09309ddb733a7c98fba0d2d5a245e3eea11f6eedae44ca55f08027659a614d14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Wed, 30 Aug 2023 13:54:21 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 30167
x-xss-protection: 0
server: cafe
etag: 12949109546734229676
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=600
timing-allow-origin: *
expires: Wed, 30 Aug 2023 13:54:21 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame A54E 42 B
63 B 119ms
118ms Image
image/gif 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-ChMj8W5CxdO59DOfGAqNbhNVngjXiwTTMTG8i-Oe8LA5yeuQTgtu6DUDM-nmghd1z7MLMvglwZ_njW28YKkRS5o8WWYurko_VfO1GzOhN6N8z6TF8

Requested by

Host: 10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com
URL: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 30 Aug 2023 13:54:21 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame A54E 0
20 B 120ms
119ms Image
image/gif 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=fetch&cor=5985497211662202610&x=1&ct=77

Requested by

Host: 10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com
URL: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 30 Aug 2023 13:54:21 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230828/r20110914/client/ Frame A54E 3 KB
1 KB 21ms
21ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230828/r20110914/client/window_focus_fy2021.js

Requested by

Host: 10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com
URL: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Wed, 30 Aug 2023 08:51:48 GMT
content-encoding: br
x-content-type-options: nosniff
age: 18153
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 13 Sep 2023 08:51:48 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230828/r20110914/client/ Frame A54E 20 KB
8 KB 22ms
21ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230828/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: 10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com
URL: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b1fe6456a4e2d8871862a70a1d1ad7dee8887643ee994ad850ee0a30072cfbd2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Tue, 29 Aug 2023 13:56:07 GMT
content-encoding: br
x-content-type-options: nosniff
age: 86294
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8273
x-xss-protection: 0
server: cafe
etag: 16365778639179992903
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 12 Sep 2023 13:56:07 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame A54E 181 KB
56 KB 203ms
203ms Script
text/javascript 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com
URL: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

508ecc51e1ebdc0798b41ab754e78fcfb51c0f573fd1a72195fee5020785841b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Wed, 30 Aug 2023 13:54:21 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 57780
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1693222425768293"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 30 Aug 2023 13:54:21 GMT

GET
H2 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 0FF3 640 B
305 B 66ms
64ms Document
text/html 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxj-rbvGATAB&v=APEucNX1M9iUszwHFq80N_HEwreI-Fd83JYHWBwg0xt4MM_X0bO1FdVMYcQYSAS6fLR9lKn9DksryLzLf83mXLJv3yqT2oVBz3TypcIMW75pQzreI3dD80iVxMqXZVmAo-bEF8X8_PrvuJwycIjuU28rYCKrLHQc4PWzLskJA0fSQuzYYOavEKs

Requested by

Host: 10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com
URL: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d0e8821e889280c3b745b859e6b3971924723a4562bac65ba8aa0fe44bfc83b2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: br
content-length: 242
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 30 Aug 2023 13:54:21 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 dv3.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame 9E07 86 KB
29 KB 166ms
166ms Script
text/javascript 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/dv3.js

Requested by

Host: 10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com
URL: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

09309ddb733a7c98fba0d2d5a245e3eea11f6eedae44ca55f08027659a614d14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Wed, 30 Aug 2023 13:54:21 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 30167
x-xss-protection: 0
server: cafe
etag: 12949109546734229676
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=600
timing-allow-origin: *
expires: Wed, 30 Aug 2023 13:54:21 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 9E07 42 B
63 B 120ms
119ms Image
image/gif 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-ASNU6XxadT2eVGzwz9r643OYbS5tOEjOTHGtj1gCYKPHONnHcdr6JBcr2zOf0vfF7wZaZtraWHLSHRI2JySali1wYAW6B-64RtkiC-WeveP4vPGMw

Requested by

Host: 10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com
URL: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 30 Aug 2023 13:54:21 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 9E07 0
20 B 121ms
120ms Image
image/gif 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=fetch&cor=5322491079958602667&x=1&ct=77

Requested by

Host: 10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com
URL: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 30 Aug 2023 13:54:21 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230828/r20110914/client/ Frame 9E07 3 KB
1 KB 20ms
19ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230828/r20110914/client/window_focus_fy2021.js

Requested by

Host: 10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com
URL: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Wed, 30 Aug 2023 08:51:48 GMT
content-encoding: br
x-content-type-options: nosniff
age: 18153
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 13 Sep 2023 08:51:48 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230828/r20110914/client/ Frame 9E07 20 KB
8 KB 21ms
20ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230828/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: 10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com
URL: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b1fe6456a4e2d8871862a70a1d1ad7dee8887643ee994ad850ee0a30072cfbd2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Tue, 29 Aug 2023 13:56:07 GMT
content-encoding: br
x-content-type-options: nosniff
age: 86294
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8273
x-xss-protection: 0
server: cafe
etag: 16365778639179992903
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 12 Sep 2023 13:56:07 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 9E07 181 KB
56 KB 193ms
192ms Script
text/javascript 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com
URL: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

508ecc51e1ebdc0798b41ab754e78fcfb51c0f573fd1a72195fee5020785841b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Wed, 30 Aug 2023 13:54:21 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 57780
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1693222425768293"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 30 Aug 2023 13:54:21 GMT

GET
H2 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 498D 640 B
305 B 64ms
62ms Document
text/html 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxj-rbvGATAB&v=APEucNVn0_MmF8mtgAfqmhHeaTJG4-7d-iRb-nm9_o0FY-HVuQTqkg3uUACVGjPMYtMScm3zYmLYPHfCZc52zucV_n8DccgsE3MqnTUcW5J6pe0YhsT9_hwI-31GdBUczqt-9ajVq5yBfCaqIHSQ-U_dQGTLUmzeLZUx26KQSw7q0U5kW1bpbG0

Requested by

Host: 10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com
URL: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d0e8821e889280c3b745b859e6b3971924723a4562bac65ba8aa0fe44bfc83b2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: br
content-length: 242
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 30 Aug 2023 13:54:21 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 dv3.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame 5564 86 KB
29 KB 147ms
146ms Script
text/javascript 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/dv3.js

Requested by

Host: 10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com
URL: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

09309ddb733a7c98fba0d2d5a245e3eea11f6eedae44ca55f08027659a614d14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Wed, 30 Aug 2023 13:54:21 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 30167
x-xss-protection: 0
server: cafe
etag: 12949109546734229676
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=600
timing-allow-origin: *
expires: Wed, 30 Aug 2023 13:54:21 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 5564 42 B
63 B 120ms
119ms Image
image/gif 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-CNIXn_J6Bz1qmdQIWHbqPF9QMernwz9vP1iOgq2v__tG3uA5ZhC_OSRLZfO5BtoyrlrShV77H3GQXSLMBfI_BcI5jrMl5gAS8Gxf1h5f9NQxmbJWA

Requested by

Host: 10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com
URL: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 30 Aug 2023 13:54:21 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 5564 0
20 B 120ms
119ms Image
image/gif 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=fetch&cor=2903381711510893200&x=1&ct=77

Requested by

Host: 10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com
URL: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 30 Aug 2023 13:54:21 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230828/r20110914/client/ Frame 5564 3 KB
1 KB 26ms
25ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230828/r20110914/client/window_focus_fy2021.js

Requested by

Host: 10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com
URL: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Wed, 30 Aug 2023 08:51:48 GMT
content-encoding: br
x-content-type-options: nosniff
age: 18153
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 13 Sep 2023 08:51:48 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230828/r20110914/client/ Frame 5564 20 KB
8 KB 26ms
25ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230828/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: 10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com
URL: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b1fe6456a4e2d8871862a70a1d1ad7dee8887643ee994ad850ee0a30072cfbd2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Tue, 29 Aug 2023 13:56:07 GMT
content-encoding: br
x-content-type-options: nosniff
age: 86294
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8273
x-xss-protection: 0
server: cafe
etag: 16365778639179992903
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 12 Sep 2023 13:56:07 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 5564 181 KB
56 KB 211ms
210ms Script
text/javascript 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com
URL: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

508ecc51e1ebdc0798b41ab754e78fcfb51c0f573fd1a72195fee5020785841b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Wed, 30 Aug 2023 13:54:21 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 57780
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1693222425768293"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 30 Aug 2023 13:54:21 GMT

GET
H2 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame CBBB 466 B
281 B 69ms
61ms Document
text/html 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxj-rbvGATAB&v=APEucNVroQzBk6w9dv15oy2AsS02dcP3wJb5P_-B3w3H0pUzTt7gH9skfDG45-mtfgwWkGcFzMJFIuHfZ4bI-asZz80-un4naaKnN9o-iq47hSDPNlPQGzb7O-_GLC13DDaGMkckykuEy6wQ2qkNOpDS7ge7Xq7_TgNsyvk6na5cOn0yJ_sQRwk

Requested by

Host: 10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com
URL: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

37ab5c060ae53ccda75b8bd212d874a17650f7954b11c4e31f568990ab40196b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: br
content-length: 215
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 30 Aug 2023 13:54:21 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 dv3.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame AE73 86 KB
29 KB 161ms
154ms Script
text/javascript 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/dv3.js

Requested by

Host: 10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com
URL: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

09309ddb733a7c98fba0d2d5a245e3eea11f6eedae44ca55f08027659a614d14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Wed, 30 Aug 2023 13:54:21 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 30167
x-xss-protection: 0
server: cafe
etag: 12949109546734229676
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=600
timing-allow-origin: *
expires: Wed, 30 Aug 2023 13:54:21 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame AE73 42 B
63 B 125ms
118ms Image
image/gif 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-BuEhj8EUris7PIM_kVnfltFTWrwbQT96MwRydVoH9r1XzEtEIjmv036r8cWn4VPBMy5kmdKL878LJLOgZE5LhWyaX1X6MDeN9ziY0AjrD_fCL8Mww

Requested by

Host: 10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com
URL: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 30 Aug 2023 13:54:21 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame AE73 0
20 B 125ms
120ms Image
image/gif 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=fetch&cor=2669107400472454951&x=1&ct=77

Requested by

Host: 10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com
URL: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 30 Aug 2023 13:54:21 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230828/r20110914/client/ Frame AE73 3 KB
1 KB 28ms
22ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230828/r20110914/client/window_focus_fy2021.js

Requested by

Host: 10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com
URL: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Wed, 30 Aug 2023 08:51:48 GMT
content-encoding: br
x-content-type-options: nosniff
age: 18153
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 13 Sep 2023 08:51:48 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230828/r20110914/client/ Frame AE73 20 KB
8 KB 29ms
23ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230828/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: 10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com
URL: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b1fe6456a4e2d8871862a70a1d1ad7dee8887643ee994ad850ee0a30072cfbd2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Tue, 29 Aug 2023 13:56:07 GMT
content-encoding: br
x-content-type-options: nosniff
age: 86294
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8273
x-xss-protection: 0
server: cafe
etag: 16365778639179992903
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 12 Sep 2023 13:56:07 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame AE73 181 KB
56 KB 195ms
190ms Script
text/javascript 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com
URL: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

508ecc51e1ebdc0798b41ab754e78fcfb51c0f573fd1a72195fee5020785841b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Wed, 30 Aug 2023 13:54:21 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 57780
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1693222425768293"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 30 Aug 2023 13:54:21 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 2150
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESELbYBlKDpxz9-scpnptoND4&google_cver=1

43 B
632 B

21ms
20ms

Image
image/gif

185.80.39.216
CASALE-MEDIA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESELbYBlKDpxz9-scpnptoND4&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxia77vGATAB&v=APEucNUoSZE7h5gIxIto9_p9XHdQiQSIt9pE0ntcsnOmGPIk55E0GUrDjxbd6q73HsfXrAumEa7aMDUQ6xmc6EIkgY1gs3zq9hXpOEOtQgYq5YspDWSwv95u5O9cZHxt0TjAAYUPHHsWdr94mD6lORlaMOFrKTLjjqrCfN6esbzZptwe-a66p4w
Protocol: HTTP/1.1
Server: 185.80.39.216 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 30 Aug 2023 13:54:21 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: image/gif
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=498
Content-Length: 43
Expires: 0

Redirect headers

pragma: no-cache
date: Wed, 30 Aug 2023 13:54:21 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESELbYBlKDpxz9-scpnptoND4&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 2150
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZO9KDd-4imj.QXiIdBLSCAAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEDRhRMyOZxQAIMvnrPshAFs&google_cver=1&google_hm=2

43 B
632 B

20ms
20ms

Image
image/gif

185.80.39.216
CASALE-MEDIA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEDRhRMyOZxQAIMvnrPshAFs&google_cver=1&google_hm=2
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxia77vGATAB&v=APEucNUoSZE7h5gIxIto9_p9XHdQiQSIt9pE0ntcsnOmGPIk55E0GUrDjxbd6q73HsfXrAumEa7aMDUQ6xmc6EIkgY1gs3zq9hXpOEOtQgYq5YspDWSwv95u5O9cZHxt0TjAAYUPHHsWdr94mD6lORlaMOFrKTLjjqrCfN6esbzZptwe-a66p4w
Protocol: HTTP/1.1
Server: 185.80.39.216 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 30 Aug 2023 13:54:21 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: image/gif
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=493
Content-Length: 43
Expires: 0

Redirect headers

pragma: no-cache
date: Wed, 30 Aug 2023 13:54:21 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEDRhRMyOZxQAIMvnrPshAFs&google_cver=1&google_hm=2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 329
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

bounce
ib.adnxs.com/ Frame 2150
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESEJVOGmf84xH3wbO0jJTufVk&google_cver=1
https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESEJVOGmf84xH3wbO0jJTufVk%26google_cver%3D1

43 B
893 B

36ms
29ms

Image
image/gif

37.252.173.215
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESEJVOGmf84xH3wbO0jJTufVk%26google_cver%3D1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxia77vGATAB&v=APEucNUoSZE7h5gIxIto9_p9XHdQiQSIt9pE0ntcsnOmGPIk55E0GUrDjxbd6q73HsfXrAumEa7aMDUQ6xmc6EIkgY1gs3zq9hXpOEOtQgYq5YspDWSwv95u5O9cZHxt0TjAAYUPHHsWdr94mD6lORlaMOFrKTLjjqrCfN6esbzZptwe-a66p4w

Protocol

Server

37.252.173.215 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

867.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 30 Aug 2023 13:54:22 GMT
an-x-request-uuid: eeb3f594-0664-4f62-b4d6-205cc2998ad4
server: nginx/1.21.3
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: image/gif
access-control-allow-origin: *
cache-control: no-store, no-cache, private
access-control-allow-credentials: true
x-proxy-origin: 84.19.175.184; 84.19.175.184; 867.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
content-length: 43
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Wed, 30 Aug 2023 13:54:21 GMT
an-x-request-uuid: 3b46b909-da1e-406f-95fb-481673e8872c
server: nginx/1.21.3
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: text/html; charset=utf-8
location: https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESEJVOGmf84xH3wbO0jJTufVk%26google_cver%3D1
cache-control: no-store, no-cache, private
x-proxy-origin: 84.19.175.184; 84.19.175.184; 867.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
content-length: 0
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 2150
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MjkwNDQ2MjM4NDE3OTU2MDE5Mg%3D%3D

170 B
188 B

31ms
31ms

Image
image/png

216.58.206.34
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MjkwNDQ2MjM4NDE3OTU2MDE5Mg%3D%3D

Requested by

Protocol

Server

216.58.206.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lcfraa-aa-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 30 Aug 2023 13:54:22 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Wed, 30 Aug 2023 13:54:22 GMT
an-x-request-uuid: 78eb0a49-6cd5-426c-ac30-80a9dcb963d9
server: nginx/1.21.3
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: text/html; charset=utf-8
access-control-allow-origin: *
cache-control: no-store, no-cache, private
access-control-allow-credentials: true
location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MjkwNDQ2MjM4NDE3OTU2MDE5Mg%3D%3D
x-proxy-origin: 84.19.175.184; 84.19.175.184; 867.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
content-length: 0
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame C32C
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESELbYBlKDpxz9-scpnptoND4&google_cver=1

43 B
632 B

22ms
21ms

Image
image/gif

185.80.39.216
CASALE-MEDIA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESELbYBlKDpxz9-scpnptoND4&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxj-rbvGATAB&v=APEucNXSMkhJzPzJ5TyCLk7yCiwJw8orOSD5Iw0LaTGN_JfxavRDdge0gM0htyUBgW16_rbZg9tkxj8vi3Hr81AWO1mKlt_ANJOIGx7MFZXUdtZFJfWaVFYSnk0FHBm6_lJY2qWyJTX9k08BWRxElW6A4nlVaB-myzJZ75bpPDZVg1BhoPwjrCk
Protocol: HTTP/1.1
Server: 185.80.39.216 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 30 Aug 2023 13:54:21 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: image/gif
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=497
Content-Length: 43
Expires: 0

Redirect headers

pragma: no-cache
date: Wed, 30 Aug 2023 13:54:21 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESELbYBlKDpxz9-scpnptoND4&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame C32C
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZO9KDd-4imj.QXiIdBLSCAAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEDRhRMyOZxQAIMvnrPshAFs&google_cver=1&google_hm=2

43 B
632 B

23ms
23ms

Image
image/gif

185.80.39.216
CASALE-MEDIA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEDRhRMyOZxQAIMvnrPshAFs&google_cver=1&google_hm=2
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxj-rbvGATAB&v=APEucNXSMkhJzPzJ5TyCLk7yCiwJw8orOSD5Iw0LaTGN_JfxavRDdge0gM0htyUBgW16_rbZg9tkxj8vi3Hr81AWO1mKlt_ANJOIGx7MFZXUdtZFJfWaVFYSnk0FHBm6_lJY2qWyJTX9k08BWRxElW6A4nlVaB-myzJZ75bpPDZVg1BhoPwjrCk
Protocol: HTTP/1.1
Server: 185.80.39.216 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 30 Aug 2023 13:54:21 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: image/gif
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=498
Content-Length: 43
Expires: 0

Redirect headers

pragma: no-cache
date: Wed, 30 Aug 2023 13:54:21 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEDRhRMyOZxQAIMvnrPshAFs&google_cver=1&google_hm=2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 329
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

bounce
ib.adnxs.com/ Frame C32C
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESEJVOGmf84xH3wbO0jJTufVk&google_cver=1
https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESEJVOGmf84xH3wbO0jJTufVk%26google_cver%3D1

43 B
892 B

47ms
33ms

Image
image/gif

37.252.173.215
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESEJVOGmf84xH3wbO0jJTufVk%26google_cver%3D1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxj-rbvGATAB&v=APEucNXSMkhJzPzJ5TyCLk7yCiwJw8orOSD5Iw0LaTGN_JfxavRDdge0gM0htyUBgW16_rbZg9tkxj8vi3Hr81AWO1mKlt_ANJOIGx7MFZXUdtZFJfWaVFYSnk0FHBm6_lJY2qWyJTX9k08BWRxElW6A4nlVaB-myzJZ75bpPDZVg1BhoPwjrCk

Protocol

Server

37.252.173.215 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

867.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 30 Aug 2023 13:54:22 GMT
an-x-request-uuid: 59c7027d-9de1-4a97-84fc-5202107475e2
server: nginx/1.21.3
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: image/gif
access-control-allow-origin: *
cache-control: no-store, no-cache, private
access-control-allow-credentials: true
x-proxy-origin: 84.19.175.184; 84.19.175.184; 867.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
content-length: 43
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Wed, 30 Aug 2023 13:54:21 GMT
an-x-request-uuid: b8611eff-9535-4eb3-a9fd-006666cc96b4
server: nginx/1.21.3
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: text/html; charset=utf-8
location: https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESEJVOGmf84xH3wbO0jJTufVk%26google_cver%3D1
cache-control: no-store, no-cache, private
x-proxy-origin: 84.19.175.184; 84.19.175.184; 867.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
content-length: 0
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame C32C
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MjkwNDQ2MjM4NDE3OTU2MDE5Mg%3D%3D

170 B
188 B

33ms
33ms

Image
image/png

216.58.206.34
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MjkwNDQ2MjM4NDE3OTU2MDE5Mg%3D%3D

Requested by

Protocol

Server

216.58.206.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lcfraa-aa-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 30 Aug 2023 13:54:22 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Wed, 30 Aug 2023 13:54:22 GMT
an-x-request-uuid: 9394b2d5-1460-439f-b8f6-cf33b9ab565d
server: nginx/1.21.3
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: text/html; charset=utf-8
access-control-allow-origin: *
cache-control: no-store, no-cache, private
access-control-allow-credentials: true
location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MjkwNDQ2MjM4NDE3OTU2MDE5Mg%3D%3D
x-proxy-origin: 84.19.175.184; 84.19.175.184; 867.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
content-length: 0
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 0207
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEDRhRMyOZxQAIMvnrPshAFs&google_cver=1

43 B
766 B

23ms
22ms

Image
image/gif

185.80.39.216
CASALE-MEDIA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEDRhRMyOZxQAIMvnrPshAFs&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxjbobvGATAB&v=APEucNVvNXephjybtEpoTyvC1qeAJpx2KlByuZ9oWMot6gGVSGBErlpTAFUnSOcAXDjkzAyXRJhrW4RXrmokE-S78xKeS2SKfw_bfhpmfb2jWmH1kTNN73xa_zQqZ2wpHo9Du9HOE7ImLA7EY8x5TPvIA2n9mUSe2kbsbvzGzNGI7JNrTehchVs
Protocol: HTTP/1.1
Server: 185.80.39.216 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 30 Aug 2023 13:54:21 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: image/gif
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=497
Content-Length: 43
Expires: 0

Redirect headers

pragma: no-cache
date: Wed, 30 Aug 2023 13:54:21 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEDRhRMyOZxQAIMvnrPshAFs&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 0207
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZO9KDd-4imj.QXiIdBLSCAAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEDRhRMyOZxQAIMvnrPshAFs&google_cver=1&google_hm=2

43 B
632 B

22ms
22ms

Image
image/gif

185.80.39.216
CASALE-MEDIA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEDRhRMyOZxQAIMvnrPshAFs&google_cver=1&google_hm=2
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxjbobvGATAB&v=APEucNVvNXephjybtEpoTyvC1qeAJpx2KlByuZ9oWMot6gGVSGBErlpTAFUnSOcAXDjkzAyXRJhrW4RXrmokE-S78xKeS2SKfw_bfhpmfb2jWmH1kTNN73xa_zQqZ2wpHo9Du9HOE7ImLA7EY8x5TPvIA2n9mUSe2kbsbvzGzNGI7JNrTehchVs
Protocol: HTTP/1.1
Server: 185.80.39.216 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 30 Aug 2023 13:54:21 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: image/gif
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=498
Content-Length: 43
Expires: 0

Redirect headers

pragma: no-cache
date: Wed, 30 Aug 2023 13:54:21 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEDRhRMyOZxQAIMvnrPshAFs&google_cver=1&google_hm=2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 329
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

bounce
ib.adnxs.com/ Frame 0207
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESEJVOGmf84xH3wbO0jJTufVk&google_cver=1
https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESEJVOGmf84xH3wbO0jJTufVk%26google_cver%3D1

43 B
893 B

37ms
31ms

Image
image/gif

37.252.173.215
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESEJVOGmf84xH3wbO0jJTufVk%26google_cver%3D1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxjbobvGATAB&v=APEucNVvNXephjybtEpoTyvC1qeAJpx2KlByuZ9oWMot6gGVSGBErlpTAFUnSOcAXDjkzAyXRJhrW4RXrmokE-S78xKeS2SKfw_bfhpmfb2jWmH1kTNN73xa_zQqZ2wpHo9Du9HOE7ImLA7EY8x5TPvIA2n9mUSe2kbsbvzGzNGI7JNrTehchVs

Protocol

Server

37.252.173.215 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

867.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 30 Aug 2023 13:54:22 GMT
an-x-request-uuid: 21cd1744-9fa6-433a-93cb-df78c16425d4
server: nginx/1.21.3
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: image/gif
access-control-allow-origin: *
cache-control: no-store, no-cache, private
access-control-allow-credentials: true
x-proxy-origin: 84.19.175.184; 84.19.175.184; 867.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
content-length: 43
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Wed, 30 Aug 2023 13:54:21 GMT
an-x-request-uuid: b68eeab5-8afd-4a34-b4a8-7c4bab80fd57
server: nginx/1.21.3
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: text/html; charset=utf-8
location: https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESEJVOGmf84xH3wbO0jJTufVk%26google_cver%3D1
cache-control: no-store, no-cache, private
x-proxy-origin: 84.19.175.184; 84.19.175.184; 867.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
content-length: 0
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 0207
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MTEyOTAwMTkyMjc2MDUzNDg4

170 B
188 B

32ms
32ms

Image
image/png

216.58.206.34
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MTEyOTAwMTkyMjc2MDUzNDg4

Requested by

Protocol

Server

216.58.206.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lcfraa-aa-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 30 Aug 2023 13:54:22 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Wed, 30 Aug 2023 13:54:22 GMT
an-x-request-uuid: 47a8f77f-b17f-4165-aa53-060b5e2aaf97
server: nginx/1.21.3
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: text/html; charset=utf-8
access-control-allow-origin: *
cache-control: no-store, no-cache, private
access-control-allow-credentials: true
location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MTEyOTAwMTkyMjc2MDUzNDg4
x-proxy-origin: 84.19.175.184; 84.19.175.184; 867.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
content-length: 0
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 9E9F 0
20 B 137ms
136ms Ping
image/gif 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=running&ord=5993571271243&version=m202307240101

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 30 Aug 2023 13:54:21 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 9E9F 0
20 B 133ms
133ms Ping
image/gif 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tlbr&ord=5993571271243&version=m202307240101&ct=77&x=1&cor=15115443121410339000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 30 Aug 2023 13:54:21 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 9E9F 15 KB
12 KB 67ms
62ms Script
text/javascript 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-BEG-Cvf-OOCFjjr4RfQE72IQsvvzpPdZHxr_KnavjlK8lF129l0qUO24PLTBWKZSbnnCs9cY8UzNpwAEoRTqgWeM7dXPbGmAcR25-MQSBkrDvYnl7eXap8dSsh5wrCw08nq7KuWtglt1eJ_G12AxmrIfOTqn_hTpUCthVAm7L9fyOIkzg&cry=1&dbm_d=AKAmf-Bj_IQG75-5RfMVXi0EjXmf4RO_TLom_njT_s0bz4ob1PpmlrrGqiYoO6o1O5ZAzN-DIGkI4yEJR9pNWKyvmOoBb8_ENbp16uInqLe0VlOiiZO8yTnFwJI6CeElnCNTdI-_8T7KWRw2q1ZszmxC7h4KW2YiljemUQppc08bRxsZEuKEShC5VIfEF3dnqI0OWoE99MUHB9DogApuvnX4K2kgh541c1kbz2C4W_B4zaIDjuLd9DN7_tj_AsNWzUkJ2ctV-O-xdjHd9UyzoCIV7W-_blSoDJi8s2F9sHQH1m72BqX2YZjbCd9Q-o1HmB0Ns3VUrG0pA-oryZCNyUz3RODL8LZwUTYj7MS9o0gHIkeExtABXotvayvkdNSpF7DoAOGp2_yXVhMB16w9bJEl6cFxHEDBVARnP6bW2hbIlr2WR38L-5QboVuTsEW64Z2D38fcseCLzxYW9vmvIZHC7CwU-S-IVIC2binuqMswLl1agB9ldNAgr_MKbDI52ItFk4MYgmNJEEQEghCrp0t9g-CDhGjbwYHO9b1NcYuuR6Tos16pv1rgL7cMFzFjgS_NNZKl48nRP71tdBQGW4RaBjVKJaxH-RA7deiSyHHJtktyxOkffCYlk9wyi5nRy9YxNisvIJPZxQISS19iEHxflZjdujJS5Jv7mNEo05iXW3X7jrNLfAJDEkaDsY94pw69GEpctYSL-yy-gpxwwqijFRo9A2FlBZGIEl7ufPg5Di-FFyOTdm9OD2OJpBHWsRh6iQ7RanhOqc7yGRITuqeK5crS6r7bg69L7MYBjxI7-DcovmlscPbtJyJIfSGclVe0slU1P87MXN1Hb-Lr1_unwfnveh59ELRRDAdZ_nhAC6ZBHD7BO3XXWL-IsaQyWoZPv_8ebZ9JQ-lG_2y0jafUtnMLNUgcOyPHJDtPR21dDRfkuvzK0-OvTnpgsC04nUEjwonX9b89p0-SA8jmAYVq8jdbtGTTsFfTsNhDDEFJNIGCPqWFIfq4JWiQf0L53ZBV0m4QGdCzJNZYDnhAqY4SAfpDO6Xb2b_zp5yu8aQhfJQ7A7ssSTPzEjmbgY1GeOnsT3leN3m86RwWSj3be2J7YLWuJd8SNtOIWFbcJ-4XSV7JBS58lPgt6KRrnbBKdaDrbpEBYYqePAZ9DZkQ5CaUziTG23reu9_ZspX0hwQRR_rZTcxD4IUt_KOcpqqzs4plm-9sZQSYSYaZ7XLvsKo0b6TPTJqRc54l7wTBerLFIhFHB_04c-QPUtGjrdbgDZUxuv3GPO6i-9JmIG3Eq91b7_Z0OfB7yngPd_VPb6btPufYM2M9d3ud_euBm1f4IUVcRkvVoGeDgtUI1j0Sz-9PM5AmLNqtMijnn2-rgBhTjcPowycn_tp90Mua_OyF5NWlVFWMiydfH19EIIKo2Ijtm4UQpfdmyt6OQsQgLSVbYNqEEb46nxxeWCx2XZ4M5ahVp_whC798em5uzr1Y-mLeDWhfuOw7bPWkAgWNkYZWa455zWL-OqWHneDTLN5aEfPP9U9iFZSr54JA0AY_8_y8O3oW7ytfaY50vs9NMaoJhQZB8rAFPrMR16Ao82eeI9JIywWEpwHfIxljGxKxg-O3Slq9qoF1NLnmgGIAXGa2Uicg2ixXc_yfg27WsaFRewFwRCrv5JLUdlsnQen5Qs9hAjy3AlZrXpubLfx7QhhWRgZNvouFnsjngibBMtAzfu9zDAdvr1Mn0RuBSLDA8RbeWFKO83GCqx-Z4FtfViduVNyfNp2moWHOMLVRF0v00l3D96L1h6ML413WQSs4gc4U0UoSeBzG1C0gTiB_d11dRXsNgnK4UGLuRfmIsOWRTxSVHWahQvmfR7XSOOjXGHX0aYad_0zms3Qmga6Oq3q5JUG0jS5xRNShX-AaKefJCOyGydCcNINc2OpwLvoeo8YJur_Fn0DkoN9jsUe77T484icNKVrt5e0ncHUQvH4hoTIGzPsSYztcsWDsZg4M9OjzpZVml5d0u6fc3WLY3fmYFszA8jI4FrHdXStrJJOM4h_Dke5XTmQZ4lhZHco5KakOmDRnaKbVbCBKFSa0tBF1n7uExBG9Sfu9h_rGq25ePtpiM-4YbQneFmmlj6iZ5ok4gnD3tw09jTI1P_6mbfbkr26JcM7xzwpA7MhuP7CftFUKYh8dDjEEVHqpHrAQ4cNZr6bhLc-GRRZsGC1VpJ_aSsw9VhJf5AipgtclVGnAa3Hs_y4XykxLBnS-QSFVDB0l5dlCWTbJA2DSALU1mLuNGwtryN1UzoH1007rizSQiomQmKAc-FTU4j2h1p5479B7LJw28SKBnb6CGXZTov3V-fRpK1FHNU8U_vz41HV2sAZibkJMDCXWApr5kqpH8UI25YSB43sSBLv8OPgMAq6HcrVpyK23NzphV-K82m6IMSns1JpU-8eTGRDpAagOhieZzdnEJa2apufhUqKTq9RDbKKr5alCOEHlS1C4y-rfFbkw8kLFuTddCLkioYwvg9bT_y-wyP9jvc8rKqQn17ce5m5WPfyDq4udqRxRPobF3MboGGnzaGK4oH1ndbDh9mbFeFsCrGHcvTPMLfSPNfXI_Oni_bld23vHjKN6j05q9OMrKmeCPlEyoV9AcAaiDVudyuo2Fpst0YXyC9RV1ATwaPan775TeaieNWH-NmAhwGd_Z1mj1nFra0EP3QW1G0gOzbFKBrL3dIvHdFLhT2WAd9AkCHGaTwlGedVCWmQgLJfATGZHXdDuB0o47RnW10QGTHM7De2Y0D27eXYbz9zOW3N7lbL3vVb1ZxMGEEmHTf6e2y7uUk0J9GkSdvmbwSbyOetwrna2c84TMAi9PSIYtFUVEsLWNymS0JD0rG1MJtmmiP3HxmZoDNdxTeP_0QXx-cirhZS_tCCWHgsfE6Srwj7a1rNMDGcrBlfe3QaUxd-5udMSP8BmAUcxxooT9Y-O_TzQv8jBQ4s8sd_w1DhpiYo4ovIBjreXJa92ZQDi4us8vn3B6S3qkJHvm8BaNLuIQfBeLtxfvkOmcFInQU_oNPXW6OlBpYOiVp14YnKxp4-Z6nF1I3oZisDQigMmET0XUgcX2dnFXJe9PBFNNT6xrxLja8g5s9nVgFNIktnDDnJBZl6gFrxZNunSWFHMQ8ML8ocoPP29uKRDgbfv2DEe9Qx4S6g6H3yHDF6QjdQc_aa_PVzxWVCtRqTU7Ms_Y2OKGgRfRWs0hXRUn9T49ks3ACv8yCP75WbW8TsaT_gtKTbVWz-9XS8ywLrulyTjl4N_-KL3hOidS4n28PHyofm4VXKaEWTjx80gyyNTAUpy7HqHKFoDFsYf5YTJEe4_HQXD-8vZ8_wGfk2oaRPPnfvI8K2CXtpCkSKP4-IO3mFBW4k3TBKGqID8lVCWqf3ghYM9ZzgIpnbxR5SLDntb1LDn0SzAjl41vxOsFf0Cgm4rFDNfHxJjbSaBRLSgKxuUA60cYqbOjEYormNDxsGn_yNS4OVPu0oQZycWuNYRylkZsNfnwFpErjv_Bi27mwbUJwf2N9YuBxw2nxKY4V2LPg4pCaAjlIydWG3iMmlw1LqEmBzDWKmewrHfbNfrlFFFjMOl2C6OOZGd56QzoennGiaRv_0NcW_EqcT6FpgzsoYJU3PvRSTxmsijjzOBxSF6MknrZFsF53KeBnwo5vNVqbB1uWfOZwCWrvTmA54w1zIk5l8r1Lh3AyOZYQbg1WX2Jj2VdanjvLcBnx7GMI1CjJikuV4-02FImrTRzeOujLbp7ElY9wGM5z7tYtlEAANT2M3mz46LHJQViMIAkMCJ7RS6PCffKVHOVaaBYJ0kgJlrWuu64buvMIodhWTC7SjKxIcCvpbl5yUxvvAM6Hm30l8aBYvgIU962C5QcOYqLHz2ok0uCx-Niy9zaaKmgT6FlprbBNMVXhlY5jXeRvSPiqozMJnqQ1ezzOYXQz40bT7Sj1kfP7thhdEmnRVwrdB9R7mZmrqL5Ndqmg&cid=CAQSTABpAlJWjiLC6cN0y6Af-KVXk8DBkmSzEAbYcieNmu4lAVz1VLLZ_paAOVfDx0eYlW3te2SyfTWQ_evKRIWjp9kxnT6cOhSshvccfd0YAQ&dv3_ver=m202307240101&rfl=https%3A%2F%2Fepicenter.bg%2F&ds=l&xdt=1&iif=1&cor=15115443121410339000&adk=250412560&idt=140&cac=0&dtd=91

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

4d2352778795bb4ffd0b0e312d2e8d2049a4a2479442922c051d829b9b6b0225

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 30 Aug 2023 13:54:21 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11752
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame DDDE
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEDRhRMyOZxQAIMvnrPshAFs&google_cver=1

43 B
632 B

34ms
22ms

Image
image/gif

185.80.39.216
CASALE-MEDIA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEDRhRMyOZxQAIMvnrPshAFs&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxj-rbvGATAB&v=APEucNWsAb1HSW1pi3AZEmQC4va5em9SHS50HQkPk4ZN4XGPo9dSRGfkbaLRgXhYGbYS8YbmZ2yhSJUOa1QHzln9XBKHXIHWwl8SeJ9KIXeTwzvfQyvqJ6gR9HCZVEeHYf1XZv-MLVZqjSOFDrXShR1dfeOUMvwv7Vk8K4JmA0XR0PxBfcRc07c
Protocol: HTTP/1.1
Server: 185.80.39.216 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 30 Aug 2023 13:54:21 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: image/gif
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=500
Content-Length: 43
Expires: 0

Redirect headers

pragma: no-cache
date: Wed, 30 Aug 2023 13:54:21 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEDRhRMyOZxQAIMvnrPshAFs&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame DDDE
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZO9KDd-4imj.QXiIdBLSCAAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEDRhRMyOZxQAIMvnrPshAFs&google_cver=1&google_hm=2

43 B
766 B

22ms
22ms

Image
image/gif

185.80.39.216
CASALE-MEDIA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEDRhRMyOZxQAIMvnrPshAFs&google_cver=1&google_hm=2
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxj-rbvGATAB&v=APEucNWsAb1HSW1pi3AZEmQC4va5em9SHS50HQkPk4ZN4XGPo9dSRGfkbaLRgXhYGbYS8YbmZ2yhSJUOa1QHzln9XBKHXIHWwl8SeJ9KIXeTwzvfQyvqJ6gR9HCZVEeHYf1XZv-MLVZqjSOFDrXShR1dfeOUMvwv7Vk8K4JmA0XR0PxBfcRc07c
Protocol: HTTP/1.1
Server: 185.80.39.216 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 30 Aug 2023 13:54:21 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: image/gif
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=494
Content-Length: 43
Expires: 0

Redirect headers

pragma: no-cache
date: Wed, 30 Aug 2023 13:54:21 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEDRhRMyOZxQAIMvnrPshAFs&google_cver=1&google_hm=2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 329
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

bounce
ib.adnxs.com/ Frame DDDE
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESEJVOGmf84xH3wbO0jJTufVk&google_cver=1
https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESEJVOGmf84xH3wbO0jJTufVk%26google_cver%3D1

43 B
893 B

32ms
31ms

Image
image/gif

37.252.173.215
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESEJVOGmf84xH3wbO0jJTufVk%26google_cver%3D1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxj-rbvGATAB&v=APEucNWsAb1HSW1pi3AZEmQC4va5em9SHS50HQkPk4ZN4XGPo9dSRGfkbaLRgXhYGbYS8YbmZ2yhSJUOa1QHzln9XBKHXIHWwl8SeJ9KIXeTwzvfQyvqJ6gR9HCZVEeHYf1XZv-MLVZqjSOFDrXShR1dfeOUMvwv7Vk8K4JmA0XR0PxBfcRc07c

Protocol

Server

37.252.173.215 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

867.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 30 Aug 2023 13:54:22 GMT
an-x-request-uuid: 9ddbb7ce-3a22-4769-9cf4-fed6f0f79165
server: nginx/1.21.3
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: image/gif
access-control-allow-origin: *
cache-control: no-store, no-cache, private
access-control-allow-credentials: true
x-proxy-origin: 84.19.175.184; 84.19.175.184; 867.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
content-length: 43
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Wed, 30 Aug 2023 13:54:21 GMT
an-x-request-uuid: 506435ff-30ab-4808-9944-7d6de3ce2a63
server: nginx/1.21.3
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: text/html; charset=utf-8
location: https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESEJVOGmf84xH3wbO0jJTufVk%26google_cver%3D1
cache-control: no-store, no-cache, private
x-proxy-origin: 84.19.175.184; 84.19.175.184; 867.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
content-length: 0
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame DDDE
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NDEzMjExMjg2ODEwNTA5NjcwMA%3D%3D

170 B
188 B

33ms
32ms

Image
image/png

216.58.206.34
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NDEzMjExMjg2ODEwNTA5NjcwMA%3D%3D

Requested by

Protocol

Server

216.58.206.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lcfraa-aa-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 30 Aug 2023 13:54:22 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Wed, 30 Aug 2023 13:54:22 GMT
an-x-request-uuid: 075527c9-7d6e-440a-a88e-d50c1ae1c1c5
server: nginx/1.21.3
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: text/html; charset=utf-8
access-control-allow-origin: *
cache-control: no-store, no-cache, private
access-control-allow-credentials: true
location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NDEzMjExMjg2ODEwNTA5NjcwMA%3D%3D
x-proxy-origin: 84.19.175.184; 84.19.175.184; 867.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
content-length: 0
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 9DC1
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEDRhRMyOZxQAIMvnrPshAFs&google_cver=1

43 B
632 B

42ms
24ms

Image
image/gif

185.80.39.216
CASALE-MEDIA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEDRhRMyOZxQAIMvnrPshAFs&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxj-rbvGATAB&v=APEucNUD4KvDljg-MbnVGIBT12-wyqgRhJFafW7fzRgQFMgbulrTf30BplCi_MOkwUWOZM8GHQA3_EKeRQ8Ky00gSN4xOiLgKUS1Sq5NzjPa7_YfKPuS8EmPQrEx1pI24iYVLOmXy4q7B1guBszrUcnFclBaj2ED39YGkMhu2giQl1CyFjoY5Ow
Protocol: HTTP/1.1
Server: 185.80.39.216 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 30 Aug 2023 13:54:21 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: image/gif
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=500
Content-Length: 43
Expires: 0

Redirect headers

pragma: no-cache
date: Wed, 30 Aug 2023 13:54:21 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEDRhRMyOZxQAIMvnrPshAFs&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 9DC1
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZO9KDd-4imj.QXiIdBLSCAAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEDRhRMyOZxQAIMvnrPshAFs&google_cver=1&google_hm=2

43 B
632 B

21ms
20ms

Image
image/gif

185.80.39.216
CASALE-MEDIA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEDRhRMyOZxQAIMvnrPshAFs&google_cver=1&google_hm=2
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxj-rbvGATAB&v=APEucNUD4KvDljg-MbnVGIBT12-wyqgRhJFafW7fzRgQFMgbulrTf30BplCi_MOkwUWOZM8GHQA3_EKeRQ8Ky00gSN4xOiLgKUS1Sq5NzjPa7_YfKPuS8EmPQrEx1pI24iYVLOmXy4q7B1guBszrUcnFclBaj2ED39YGkMhu2giQl1CyFjoY5Ow
Protocol: HTTP/1.1
Server: 185.80.39.216 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 30 Aug 2023 13:54:21 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: image/gif
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=494
Content-Length: 43
Expires: 0

Redirect headers

pragma: no-cache
date: Wed, 30 Aug 2023 13:54:21 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEDRhRMyOZxQAIMvnrPshAFs&google_cver=1&google_hm=2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 329
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

bounce
ib.adnxs.com/ Frame 9DC1
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESEJVOGmf84xH3wbO0jJTufVk&google_cver=1
https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESEJVOGmf84xH3wbO0jJTufVk%26google_cver%3D1

43 B
893 B

39ms
32ms

Image
image/gif

37.252.173.215
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESEJVOGmf84xH3wbO0jJTufVk%26google_cver%3D1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxj-rbvGATAB&v=APEucNUD4KvDljg-MbnVGIBT12-wyqgRhJFafW7fzRgQFMgbulrTf30BplCi_MOkwUWOZM8GHQA3_EKeRQ8Ky00gSN4xOiLgKUS1Sq5NzjPa7_YfKPuS8EmPQrEx1pI24iYVLOmXy4q7B1guBszrUcnFclBaj2ED39YGkMhu2giQl1CyFjoY5Ow

Protocol

Server

37.252.173.215 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

867.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 30 Aug 2023 13:54:22 GMT
an-x-request-uuid: 1a8bfb3b-e743-4fc6-a572-c3d1e6989fc3
server: nginx/1.21.3
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: image/gif
access-control-allow-origin: *
cache-control: no-store, no-cache, private
access-control-allow-credentials: true
x-proxy-origin: 84.19.175.184; 84.19.175.184; 867.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
content-length: 43
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Wed, 30 Aug 2023 13:54:21 GMT
an-x-request-uuid: 577adbff-22b7-46a9-9110-fcd38fc201d5
server: nginx/1.21.3
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: text/html; charset=utf-8
location: https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESEJVOGmf84xH3wbO0jJTufVk%26google_cver%3D1
cache-control: no-store, no-cache, private
x-proxy-origin: 84.19.175.184; 84.19.175.184; 867.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
content-length: 0
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 9DC1
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MzExNjcxOTQwMzYxMzkyMjIzMQ%3D%3D

170 B
188 B

31ms
30ms

Image
image/png

216.58.206.34
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MzExNjcxOTQwMzYxMzkyMjIzMQ%3D%3D

Requested by

Protocol

Server

216.58.206.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lcfraa-aa-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 30 Aug 2023 13:54:22 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Wed, 30 Aug 2023 13:54:22 GMT
an-x-request-uuid: 2171e6ad-10cf-4194-973a-029b98ba6306
server: nginx/1.21.3
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: text/html; charset=utf-8
access-control-allow-origin: *
cache-control: no-store, no-cache, private
access-control-allow-credentials: true
location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MzExNjcxOTQwMzYxMzkyMjIzMQ%3D%3D
x-proxy-origin: 84.19.175.184; 84.19.175.184; 867.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
content-length: 0
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 9B98
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEDRhRMyOZxQAIMvnrPshAFs&google_cver=1

43 B
632 B

43ms
21ms

Image
image/gif

185.80.39.216
CASALE-MEDIA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEDRhRMyOZxQAIMvnrPshAFs&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxj-rbvGATAB&v=APEucNUmk9K-8OcHr31DmhCcjUlhZAjQwoNsXBkR_Men2HUa6NLJ1QIH1VwA-V_Xy6YevV2q3dM_FcK-UR-35ivFpMmdpizgjYPWv6_bvI8jOnNig7zqsxtaElrEDz5eXFVuup7vkldRPxuBqHrago0g6YvvWVqGdQE3HKRe2sPxPOb-a50sgAI
Protocol: HTTP/1.1
Server: 185.80.39.216 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 30 Aug 2023 13:54:21 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: image/gif
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=495
Content-Length: 43
Expires: 0

Redirect headers

pragma: no-cache
date: Wed, 30 Aug 2023 13:54:21 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEDRhRMyOZxQAIMvnrPshAFs&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 9B98
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZO9KDd-4imj.QXiIdBLSCAAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEDRhRMyOZxQAIMvnrPshAFs&google_cver=1&google_hm=2

43 B
632 B

21ms
20ms

Image
image/gif

185.80.39.216
CASALE-MEDIA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEDRhRMyOZxQAIMvnrPshAFs&google_cver=1&google_hm=2
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxj-rbvGATAB&v=APEucNUmk9K-8OcHr31DmhCcjUlhZAjQwoNsXBkR_Men2HUa6NLJ1QIH1VwA-V_Xy6YevV2q3dM_FcK-UR-35ivFpMmdpizgjYPWv6_bvI8jOnNig7zqsxtaElrEDz5eXFVuup7vkldRPxuBqHrago0g6YvvWVqGdQE3HKRe2sPxPOb-a50sgAI
Protocol: HTTP/1.1
Server: 185.80.39.216 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 30 Aug 2023 13:54:21 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: image/gif
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=495
Content-Length: 43
Expires: 0

Redirect headers

pragma: no-cache
date: Wed, 30 Aug 2023 13:54:21 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEDRhRMyOZxQAIMvnrPshAFs&google_cver=1&google_hm=2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 329
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

bounce
ib.adnxs.com/ Frame 9B98
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESEJVOGmf84xH3wbO0jJTufVk&google_cver=1
https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESEJVOGmf84xH3wbO0jJTufVk%26google_cver%3D1

43 B
894 B

36ms
30ms

Image
image/gif

37.252.173.215
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESEJVOGmf84xH3wbO0jJTufVk%26google_cver%3D1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxj-rbvGATAB&v=APEucNUmk9K-8OcHr31DmhCcjUlhZAjQwoNsXBkR_Men2HUa6NLJ1QIH1VwA-V_Xy6YevV2q3dM_FcK-UR-35ivFpMmdpizgjYPWv6_bvI8jOnNig7zqsxtaElrEDz5eXFVuup7vkldRPxuBqHrago0g6YvvWVqGdQE3HKRe2sPxPOb-a50sgAI

Protocol

Server

37.252.173.215 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

867.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 30 Aug 2023 13:54:22 GMT
an-x-request-uuid: 632f7f57-a798-4ab5-a786-7bb184cb8f8b
server: nginx/1.21.3
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: image/gif
access-control-allow-origin: *
cache-control: no-store, no-cache, private
access-control-allow-credentials: true
x-proxy-origin: 84.19.175.184; 84.19.175.184; 867.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
content-length: 43
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Wed, 30 Aug 2023 13:54:21 GMT
an-x-request-uuid: 085f429b-ac49-4860-9a74-de70879b60fa
server: nginx/1.21.3
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: text/html; charset=utf-8
location: https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESEJVOGmf84xH3wbO0jJTufVk%26google_cver%3D1
cache-control: no-store, no-cache, private
x-proxy-origin: 84.19.175.184; 84.19.175.184; 867.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
content-length: 0
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 9B98
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MTEyOTAwMTkyMjc2MDUzNDg4

170 B
188 B

32ms
32ms

Image
image/png

216.58.206.34
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MTEyOTAwMTkyMjc2MDUzNDg4

Requested by

Protocol

Server

216.58.206.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lcfraa-aa-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 30 Aug 2023 13:54:22 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Wed, 30 Aug 2023 13:54:22 GMT
an-x-request-uuid: 93238279-731b-4adf-8d22-627783cad356
server: nginx/1.21.3
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: text/html; charset=utf-8
access-control-allow-origin: *
cache-control: no-store, no-cache, private
access-control-allow-credentials: true
location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MTEyOTAwMTkyMjc2MDUzNDg4
x-proxy-origin: 84.19.175.184; 84.19.175.184; 867.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
content-length: 0
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 84F8
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEDRhRMyOZxQAIMvnrPshAFs&google_cver=1

43 B
632 B

38ms
22ms

Image
image/gif

185.80.39.216
CASALE-MEDIA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEDRhRMyOZxQAIMvnrPshAFs&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxj-rbvGATAB&v=APEucNVYtsfApdx5VJ3SYKWm1iYT1NbRxpUi7aDIU9btFnxDbFuvIm3tpgyV5w0mjVJ8bvH9mcCpAWQ6YJrogaXi4ty0dB4oFiYAuqQBTBWoLa4_GuQS2T8r-BU6Wg6cNObo-z_sDQI5lBIlC50G3xsl3f1SLzJps3VeNBmTMS8E5nIo7VX-GFo
Protocol: HTTP/1.1
Server: 185.80.39.216 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 30 Aug 2023 13:54:21 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: image/gif
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=496
Content-Length: 43
Expires: 0

Redirect headers

pragma: no-cache
date: Wed, 30 Aug 2023 13:54:21 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEDRhRMyOZxQAIMvnrPshAFs&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 84F8
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZO9KDd-4imj.QXiIdBLSCAAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEDRhRMyOZxQAIMvnrPshAFs&google_cver=1&google_hm=2

43 B
632 B

23ms
22ms

Image
image/gif

185.80.39.216
CASALE-MEDIA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEDRhRMyOZxQAIMvnrPshAFs&google_cver=1&google_hm=2
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxj-rbvGATAB&v=APEucNVYtsfApdx5VJ3SYKWm1iYT1NbRxpUi7aDIU9btFnxDbFuvIm3tpgyV5w0mjVJ8bvH9mcCpAWQ6YJrogaXi4ty0dB4oFiYAuqQBTBWoLa4_GuQS2T8r-BU6Wg6cNObo-z_sDQI5lBIlC50G3xsl3f1SLzJps3VeNBmTMS8E5nIo7VX-GFo
Protocol: HTTP/1.1
Server: 185.80.39.216 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 30 Aug 2023 13:54:21 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: image/gif
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=499
Content-Length: 43
Expires: 0

Redirect headers

pragma: no-cache
date: Wed, 30 Aug 2023 13:54:21 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEDRhRMyOZxQAIMvnrPshAFs&google_cver=1&google_hm=2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 329
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

bounce
ib.adnxs.com/ Frame 84F8
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESEJVOGmf84xH3wbO0jJTufVk&google_cver=1
https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESEJVOGmf84xH3wbO0jJTufVk%26google_cver%3D1

43 B
893 B

39ms
28ms

Image
image/gif

37.252.173.215
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESEJVOGmf84xH3wbO0jJTufVk%26google_cver%3D1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxj-rbvGATAB&v=APEucNVYtsfApdx5VJ3SYKWm1iYT1NbRxpUi7aDIU9btFnxDbFuvIm3tpgyV5w0mjVJ8bvH9mcCpAWQ6YJrogaXi4ty0dB4oFiYAuqQBTBWoLa4_GuQS2T8r-BU6Wg6cNObo-z_sDQI5lBIlC50G3xsl3f1SLzJps3VeNBmTMS8E5nIo7VX-GFo

Protocol

Server

37.252.173.215 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

867.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 30 Aug 2023 13:54:22 GMT
an-x-request-uuid: e3cd9da9-eb3b-4c9e-84fe-dd3297efbf07
server: nginx/1.21.3
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: image/gif
access-control-allow-origin: *
cache-control: no-store, no-cache, private
access-control-allow-credentials: true
x-proxy-origin: 84.19.175.184; 84.19.175.184; 867.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
content-length: 43
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Wed, 30 Aug 2023 13:54:21 GMT
an-x-request-uuid: cfc9b8b4-e403-4624-b29e-b466141b53e6
server: nginx/1.21.3
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: text/html; charset=utf-8
location: https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESEJVOGmf84xH3wbO0jJTufVk%26google_cver%3D1
cache-control: no-store, no-cache, private
x-proxy-origin: 84.19.175.184; 84.19.175.184; 867.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
content-length: 0
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 84F8
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MjkwNDQ2MjM4NDE3OTU2MDE5Mg%3D%3D

170 B
188 B

31ms
31ms

Image
image/png

216.58.206.34
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MjkwNDQ2MjM4NDE3OTU2MDE5Mg%3D%3D

Requested by

Protocol

Server

216.58.206.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lcfraa-aa-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 30 Aug 2023 13:54:22 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Wed, 30 Aug 2023 13:54:22 GMT
an-x-request-uuid: 41a72b69-4950-40b9-82fb-75a1b92e901c
server: nginx/1.21.3
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: text/html; charset=utf-8
access-control-allow-origin: *
cache-control: no-store, no-cache, private
access-control-allow-credentials: true
location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MjkwNDQ2MjM4NDE3OTU2MDE5Mg%3D%3D
x-proxy-origin: 84.19.175.184; 84.19.175.184; 867.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
content-length: 0
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame CC36
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEDRhRMyOZxQAIMvnrPshAFs&google_cver=1

43 B
766 B

33ms
23ms

Image
image/gif

185.80.39.216
CASALE-MEDIA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEDRhRMyOZxQAIMvnrPshAFs&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxj-rbvGATAB&v=APEucNVvbfaUge5KcC3XLndKjkhBUDyl7ukEjSLGvl6ncM54MRzB_2DE1E6eU5RfDm2bwGCnJKa0v-fEE806nDhrYMRaNRAAQ1kuaEXEa4ilow0Eny9de5AtoWVnTkKm24OMTWvmtXh-ISF95XZpxt2moJrcEqNUwfHu9ABUEtEDa1xMoi-Azyk
Protocol: HTTP/1.1
Server: 185.80.39.216 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 30 Aug 2023 13:54:21 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: image/gif
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=495
Content-Length: 43
Expires: 0

Redirect headers

pragma: no-cache
date: Wed, 30 Aug 2023 13:54:21 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEDRhRMyOZxQAIMvnrPshAFs&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame CC36
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZO9KDd-4imj.QXiIdBLSCAAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEDRhRMyOZxQAIMvnrPshAFs&google_cver=1&google_hm=2

43 B
632 B

22ms
22ms

Image
image/gif

185.80.39.216
CASALE-MEDIA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEDRhRMyOZxQAIMvnrPshAFs&google_cver=1&google_hm=2
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxj-rbvGATAB&v=APEucNVvbfaUge5KcC3XLndKjkhBUDyl7ukEjSLGvl6ncM54MRzB_2DE1E6eU5RfDm2bwGCnJKa0v-fEE806nDhrYMRaNRAAQ1kuaEXEa4ilow0Eny9de5AtoWVnTkKm24OMTWvmtXh-ISF95XZpxt2moJrcEqNUwfHu9ABUEtEDa1xMoi-Azyk
Protocol: HTTP/1.1
Server: 185.80.39.216 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 30 Aug 2023 13:54:21 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: image/gif
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=499
Content-Length: 43
Expires: 0

Redirect headers

pragma: no-cache
date: Wed, 30 Aug 2023 13:54:21 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEDRhRMyOZxQAIMvnrPshAFs&google_cver=1&google_hm=2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 329
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

bounce
ib.adnxs.com/ Frame CC36
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESEJVOGmf84xH3wbO0jJTufVk&google_cver=1
https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESEJVOGmf84xH3wbO0jJTufVk%26google_cver%3D1

43 B
894 B

37ms
30ms

Image
image/gif

37.252.173.215
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESEJVOGmf84xH3wbO0jJTufVk%26google_cver%3D1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxj-rbvGATAB&v=APEucNVvbfaUge5KcC3XLndKjkhBUDyl7ukEjSLGvl6ncM54MRzB_2DE1E6eU5RfDm2bwGCnJKa0v-fEE806nDhrYMRaNRAAQ1kuaEXEa4ilow0Eny9de5AtoWVnTkKm24OMTWvmtXh-ISF95XZpxt2moJrcEqNUwfHu9ABUEtEDa1xMoi-Azyk

Protocol

Server

37.252.173.215 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

867.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 30 Aug 2023 13:54:22 GMT
an-x-request-uuid: 6efd9384-7047-48ab-8a9b-4dc3fc63644b
server: nginx/1.21.3
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: image/gif
access-control-allow-origin: *
cache-control: no-store, no-cache, private
access-control-allow-credentials: true
x-proxy-origin: 84.19.175.184; 84.19.175.184; 867.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
content-length: 43
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Wed, 30 Aug 2023 13:54:21 GMT
an-x-request-uuid: 0044dd2d-a4f2-4b33-b8ff-ee5bed347dd9
server: nginx/1.21.3
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: text/html; charset=utf-8
location: https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESEJVOGmf84xH3wbO0jJTufVk%26google_cver%3D1
cache-control: no-store, no-cache, private
x-proxy-origin: 84.19.175.184; 84.19.175.184; 867.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
content-length: 0
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame CC36
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MjkwNDQ2MjM4NDE3OTU2MDE5Mg%3D%3D

170 B
188 B

33ms
32ms

Image
image/png

216.58.206.34
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MjkwNDQ2MjM4NDE3OTU2MDE5Mg%3D%3D

Requested by

Protocol

Server

216.58.206.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lcfraa-aa-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 30 Aug 2023 13:54:22 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Wed, 30 Aug 2023 13:54:22 GMT
an-x-request-uuid: ef387563-20ba-47ff-a6ce-93c114438aa9
server: nginx/1.21.3
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: text/html; charset=utf-8
access-control-allow-origin: *
cache-control: no-store, no-cache, private
access-control-allow-credentials: true
location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MjkwNDQ2MjM4NDE3OTU2MDE5Mg%3D%3D
x-proxy-origin: 84.19.175.184; 84.19.175.184; 867.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
content-length: 0
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2

200

sd
us-u.openx.net/w/1.0/ Frame 6C85
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_dbm
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESENBLQ06rTvouKKWrYLYxPm8&google_cver=1

43 B
114 B

608ms
32ms

Image
image/gif

35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESENBLQ06rTvouKKWrYLYxPm8&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxj-rbvGATAB&v=APEucNU2E9ePQP2XAzMUk6ES1kodmMkfr9YAWbt8-5GCEDpISVOzgAkS_eEMQAYyE0IW79r-Ly0lrUp67f1S0RX1TBPQqtI_2BBTgo4Utt79HHZCtGSp49ddAdSwjjIpeKPeTQrrRmvY62-FiuJZk_HsecmeZNi1-Vj4yTsZkxalfIIM6RoMgy8
Protocol: H2
Server: 35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/0.0.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 30 Aug 2023 13:54:21 GMT
via: 1.1 google
server: OXGW/0.0.0
vary: Accept
content-type: image/gif
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma: no-cache
date: Wed, 30 Aug 2023 13:54:21 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESENBLQ06rTvouKKWrYLYxPm8&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 295
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 cm
us-u.openx.net/w/1.0/ Frame 6C85 43 B
304 B 705ms
30ms Image
image/gif 35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://us-u.openx.net/w/1.0/cm?id=9ca165a9-d9fe-2ff6-d83d-d145a80b0d37&r=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dopenx%26google_hm%3D%7Bopenx_uuid_base64%7D
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxj-rbvGATAB&v=APEucNU2E9ePQP2XAzMUk6ES1kodmMkfr9YAWbt8-5GCEDpISVOzgAkS_eEMQAYyE0IW79r-Ly0lrUp67f1S0RX1TBPQqtI_2BBTgo4Utt79HHZCtGSp49ddAdSwjjIpeKPeTQrrRmvY62-FiuJZk_HsecmeZNi1-Vj4yTsZkxalfIIM6RoMgy8
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/0.0.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 30 Aug 2023 13:54:21 GMT
content-encoding: gzip
via: 1.1 google
server: OXGW/0.0.0
vary: Accept, Accept-Encoding
content-type: image/gif
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 56
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H2

200

um
sync.teads.tv/ Frame 6C85
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=teadstv_dbm&google_cm&google_dbm
https://sync.teads.tv/um?eid=3&uid=CAESEGMxowaR2ryII3ia37h3znc&google_cver=1

23 B
163 B

539ms
43ms

Image
image/gif

23.35.237.56
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.teads.tv/um?eid=3&uid=CAESEGMxowaR2ryII3ia37h3znc&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxj-rbvGATAB&v=APEucNU2E9ePQP2XAzMUk6ES1kodmMkfr9YAWbt8-5GCEDpISVOzgAkS_eEMQAYyE0IW79r-Ly0lrUp67f1S0RX1TBPQqtI_2BBTgo4Utt79HHZCtGSp49ddAdSwjjIpeKPeTQrrRmvY62-FiuJZk_HsecmeZNi1-Vj4yTsZkxalfIIM6RoMgy8
Protocol: H2
Server: 23.35.237.56 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-35-237-56.deploy.static.akamaitechnologies.com
Software: akka-http/10.2.10 /
Resource Hash: 328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

expires: Wed, 30 Aug 2023 13:54:21 GMT
pragma: no-cache
date: Wed, 30 Aug 2023 13:54:21 GMT
cache-control: max-age=0, no-cache, no-store
server: akka-http/10.2.10
content-length: 23
content-type: image/gif

Redirect headers

pragma: no-cache
date: Wed, 30 Aug 2023 13:54:21 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://sync.teads.tv/um?eid=3&uid=CAESEGMxowaR2ryII3ia37h3znc&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 281
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 um
sync.teads.tv/ Frame 6C85 23 B
163 B 646ms
44ms Image
image/gif 23.35.237.56
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.teads.tv/um?eid=3&uid=&fb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dteadstv_dbm%26google_hm%3D%5BVID_B64%5D
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxj-rbvGATAB&v=APEucNU2E9ePQP2XAzMUk6ES1kodmMkfr9YAWbt8-5GCEDpISVOzgAkS_eEMQAYyE0IW79r-Ly0lrUp67f1S0RX1TBPQqtI_2BBTgo4Utt79HHZCtGSp49ddAdSwjjIpeKPeTQrrRmvY62-FiuJZk_HsecmeZNi1-Vj4yTsZkxalfIIM6RoMgy8
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.35.237.56 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-35-237-56.deploy.static.akamaitechnologies.com
Software: akka-http/10.2.10 /
Resource Hash: 328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

expires: Wed, 30 Aug 2023 13:54:21 GMT
pragma: no-cache
date: Wed, 30 Aug 2023 13:54:21 GMT
cache-control: max-age=0, no-cache, no-store
server: akka-http/10.2.10
content-length: 23
content-type: image/gif

GET
H2

200

sd
us-u.openx.net/w/1.0/ Frame 0FF3
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_dbm
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESENBLQ06rTvouKKWrYLYxPm8&google_cver=1

43 B
106 B

608ms
34ms

Image
image/gif

35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESENBLQ06rTvouKKWrYLYxPm8&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxj-rbvGATAB&v=APEucNX1M9iUszwHFq80N_HEwreI-Fd83JYHWBwg0xt4MM_X0bO1FdVMYcQYSAS6fLR9lKn9DksryLzLf83mXLJv3yqT2oVBz3TypcIMW75pQzreI3dD80iVxMqXZVmAo-bEF8X8_PrvuJwycIjuU28rYCKrLHQc4PWzLskJA0fSQuzYYOavEKs
Protocol: H2
Server: 35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/0.0.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 30 Aug 2023 13:54:21 GMT
via: 1.1 google
server: OXGW/0.0.0
vary: Accept
content-type: image/gif
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma: no-cache
date: Wed, 30 Aug 2023 13:54:21 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESENBLQ06rTvouKKWrYLYxPm8&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 295
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 cm
us-u.openx.net/w/1.0/ Frame 0FF3 43 B
120 B 698ms
31ms Image
image/gif 35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://us-u.openx.net/w/1.0/cm?id=9ca165a9-d9fe-2ff6-d83d-d145a80b0d37&r=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dopenx%26google_hm%3D%7Bopenx_uuid_base64%7D
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxj-rbvGATAB&v=APEucNX1M9iUszwHFq80N_HEwreI-Fd83JYHWBwg0xt4MM_X0bO1FdVMYcQYSAS6fLR9lKn9DksryLzLf83mXLJv3yqT2oVBz3TypcIMW75pQzreI3dD80iVxMqXZVmAo-bEF8X8_PrvuJwycIjuU28rYCKrLHQc4PWzLskJA0fSQuzYYOavEKs
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/0.0.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 30 Aug 2023 13:54:21 GMT
content-encoding: gzip
via: 1.1 google
server: OXGW/0.0.0
vary: Accept, Accept-Encoding
content-type: image/gif
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 56
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H2

200

um
sync.teads.tv/ Frame 0FF3
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=teadstv_dbm&google_cm&google_dbm
https://sync.teads.tv/um?eid=3&uid=CAESEGMxowaR2ryII3ia37h3znc&google_cver=1

23 B
163 B

587ms
91ms

Image
image/gif

23.35.237.56
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.teads.tv/um?eid=3&uid=CAESEGMxowaR2ryII3ia37h3znc&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxj-rbvGATAB&v=APEucNX1M9iUszwHFq80N_HEwreI-Fd83JYHWBwg0xt4MM_X0bO1FdVMYcQYSAS6fLR9lKn9DksryLzLf83mXLJv3yqT2oVBz3TypcIMW75pQzreI3dD80iVxMqXZVmAo-bEF8X8_PrvuJwycIjuU28rYCKrLHQc4PWzLskJA0fSQuzYYOavEKs
Protocol: H2
Server: 23.35.237.56 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-35-237-56.deploy.static.akamaitechnologies.com
Software: akka-http/10.2.10 /
Resource Hash: 328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

expires: Wed, 30 Aug 2023 13:54:21 GMT
pragma: no-cache
date: Wed, 30 Aug 2023 13:54:21 GMT
cache-control: max-age=0, no-cache, no-store
server: akka-http/10.2.10
content-length: 23
content-type: image/gif

Redirect headers

pragma: no-cache
date: Wed, 30 Aug 2023 13:54:21 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://sync.teads.tv/um?eid=3&uid=CAESEGMxowaR2ryII3ia37h3znc&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 281
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 um
sync.teads.tv/ Frame 0FF3 23 B
163 B 653ms
50ms Image
image/gif 23.35.237.56
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.teads.tv/um?eid=3&uid=&fb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dteadstv_dbm%26google_hm%3D%5BVID_B64%5D
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxj-rbvGATAB&v=APEucNX1M9iUszwHFq80N_HEwreI-Fd83JYHWBwg0xt4MM_X0bO1FdVMYcQYSAS6fLR9lKn9DksryLzLf83mXLJv3yqT2oVBz3TypcIMW75pQzreI3dD80iVxMqXZVmAo-bEF8X8_PrvuJwycIjuU28rYCKrLHQc4PWzLskJA0fSQuzYYOavEKs
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.35.237.56 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-35-237-56.deploy.static.akamaitechnologies.com
Software: akka-http/10.2.10 /
Resource Hash: 328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

expires: Wed, 30 Aug 2023 13:54:21 GMT
pragma: no-cache
date: Wed, 30 Aug 2023 13:54:21 GMT
cache-control: max-age=0, no-cache, no-store
server: akka-http/10.2.10
content-length: 23
content-type: image/gif

GET
H2

200

sd
us-u.openx.net/w/1.0/ Frame 498D
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_dbm
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESENBLQ06rTvouKKWrYLYxPm8&google_cver=1

43 B
106 B

537ms
33ms

Image
image/gif

35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESENBLQ06rTvouKKWrYLYxPm8&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxj-rbvGATAB&v=APEucNVn0_MmF8mtgAfqmhHeaTJG4-7d-iRb-nm9_o0FY-HVuQTqkg3uUACVGjPMYtMScm3zYmLYPHfCZc52zucV_n8DccgsE3MqnTUcW5J6pe0YhsT9_hwI-31GdBUczqt-9ajVq5yBfCaqIHSQ-U_dQGTLUmzeLZUx26KQSw7q0U5kW1bpbG0
Protocol: H2
Server: 35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/0.0.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 30 Aug 2023 13:54:21 GMT
via: 1.1 google
server: OXGW/0.0.0
vary: Accept
content-type: image/gif
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma: no-cache
date: Wed, 30 Aug 2023 13:54:21 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESENBLQ06rTvouKKWrYLYxPm8&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 295
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 cm
us-u.openx.net/w/1.0/ Frame 498D 43 B
120 B 687ms
33ms Image
image/gif 35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://us-u.openx.net/w/1.0/cm?id=9ca165a9-d9fe-2ff6-d83d-d145a80b0d37&r=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dopenx%26google_hm%3D%7Bopenx_uuid_base64%7D
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxj-rbvGATAB&v=APEucNVn0_MmF8mtgAfqmhHeaTJG4-7d-iRb-nm9_o0FY-HVuQTqkg3uUACVGjPMYtMScm3zYmLYPHfCZc52zucV_n8DccgsE3MqnTUcW5J6pe0YhsT9_hwI-31GdBUczqt-9ajVq5yBfCaqIHSQ-U_dQGTLUmzeLZUx26KQSw7q0U5kW1bpbG0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/0.0.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 30 Aug 2023 13:54:21 GMT
content-encoding: gzip
via: 1.1 google
server: OXGW/0.0.0
vary: Accept, Accept-Encoding
content-type: image/gif
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 56
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H2

200

um
sync.teads.tv/ Frame 498D
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=teadstv_dbm&google_cm&google_dbm
https://sync.teads.tv/um?eid=3&uid=CAESEGMxowaR2ryII3ia37h3znc&google_cver=1

23 B
163 B

537ms
42ms

Image
image/gif

23.35.237.56
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.teads.tv/um?eid=3&uid=CAESEGMxowaR2ryII3ia37h3znc&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxj-rbvGATAB&v=APEucNVn0_MmF8mtgAfqmhHeaTJG4-7d-iRb-nm9_o0FY-HVuQTqkg3uUACVGjPMYtMScm3zYmLYPHfCZc52zucV_n8DccgsE3MqnTUcW5J6pe0YhsT9_hwI-31GdBUczqt-9ajVq5yBfCaqIHSQ-U_dQGTLUmzeLZUx26KQSw7q0U5kW1bpbG0
Protocol: H2
Server: 23.35.237.56 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-35-237-56.deploy.static.akamaitechnologies.com
Software: akka-http/10.2.10 /
Resource Hash: 328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

expires: Wed, 30 Aug 2023 13:54:21 GMT
pragma: no-cache
date: Wed, 30 Aug 2023 13:54:21 GMT
cache-control: max-age=0, no-cache, no-store
server: akka-http/10.2.10
content-length: 23
content-type: image/gif

Redirect headers

pragma: no-cache
date: Wed, 30 Aug 2023 13:54:21 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://sync.teads.tv/um?eid=3&uid=CAESEGMxowaR2ryII3ia37h3znc&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 281
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 um
sync.teads.tv/ Frame 498D 23 B
163 B 651ms
49ms Image
image/gif 23.35.237.56
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.teads.tv/um?eid=3&uid=&fb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dteadstv_dbm%26google_hm%3D%5BVID_B64%5D
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxj-rbvGATAB&v=APEucNVn0_MmF8mtgAfqmhHeaTJG4-7d-iRb-nm9_o0FY-HVuQTqkg3uUACVGjPMYtMScm3zYmLYPHfCZc52zucV_n8DccgsE3MqnTUcW5J6pe0YhsT9_hwI-31GdBUczqt-9ajVq5yBfCaqIHSQ-U_dQGTLUmzeLZUx26KQSw7q0U5kW1bpbG0
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.35.237.56 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-35-237-56.deploy.static.akamaitechnologies.com
Software: akka-http/10.2.10 /
Resource Hash: 328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

expires: Wed, 30 Aug 2023 13:54:21 GMT
pragma: no-cache
date: Wed, 30 Aug 2023 13:54:21 GMT
cache-control: max-age=0, no-cache, no-store
server: akka-http/10.2.10
content-length: 23
content-type: image/gif

GET

partner
sync.search.spotxchange.com/ Frame CBBB
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=spotxchange_dbm&google_cm&google_dbm
https://sync.search.spotxchange.com/partner?adv_id=7025&uid=CAESEEw65sDJqqI19FsR0faER_o&google_cver=1

0
0

GET partner
sync.search.spotxchange.com/ Frame CBBB 0
0

GET
H2 204 sync
ups.analytics.yahoo.com/ups/58269/ Frame CBBB 0
125 B 596ms
19ms Image
text/plain 3.75.62.37
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ups.analytics.yahoo.com/ups/58269/sync?_origin=1&redir=true

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxj-rbvGATAB&v=APEucNVroQzBk6w9dv15oy2AsS02dcP3wJb5P_-B3w3H0pUzTt7gH9skfDG45-mtfgwWkGcFzMJFIuHfZ4bI-asZz80-un4naaKnN9o-iq47hSDPNlPQGzb7O-_GLC13DDaGMkckykuEy6wQ2qkNOpDS7ge7Xq7_TgNsyvk6na5cOn0yJ_sQRwk

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

3.75.62.37 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-75-62-37.eu-central-1.compute.amazonaws.com

Software

ATS/9.1.10.75 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Wed, 30 Aug 2023 13:54:21 GMT
strict-transport-security: max-age=31536000
server: ATS/9.1.10.75
age: 0
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 2F46 0
20 B 122ms
118ms Ping
image/gif 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=running&ord=6762053275475&version=m202307240101

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 30 Aug 2023 13:54:21 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 2F46 0
20 B 130ms
126ms Ping
image/gif 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tlbr&ord=6762053275475&version=m202307240101&ct=77&x=1&cor=13609989718639352000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 30 Aug 2023 13:54:21 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 2F46 15 KB
12 KB 74ms
69ms Script
text/javascript 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-Dlpi2mr0CYV6crNoW-12SVRZ1Ls9_Npk_sP9lBbbxHtE65MDCd2bFJpqHApn2K3tlPWCJ34zszpWWO-fjPqbCVuI02VsHjCcGrIYHKaE9897ZwOlDiRZrmlQT5puUiUwQYVHYhdhh_Conuib9qNgDMLcStE_USR5tGUkngl14fHacqgL0&cry=1&dbm_d=AKAmf-ArJkqn7iZkXkoDQbYZiKSeBx79GeMSc-zlc8FR2JzyR6R72_5wbnQpzbghVz0y-DqXuQfDSjKWUE1pBAgH_5BjY1NAqFZSmcVAXYV81rULGnkyH3H0oxXyh2PZ8hxjbvHh0oXi3L4xCwMhFw2uGBP-l2tHhTz6bZNUKs2mmD4iWEY678XBPhHRzYTZU5-WWctzZSFN1CCKhLMgVAVpjb4IFPFWuBK4GFX4-9eomzFHJvHgDX12PS40zkOh_ouMf-BS_o8GlcbTwo1V3_8SdACIS6dGWDGMjvPnkmLJScVVuCBonmy4rqCRSTNphGC79U2RlFiK3Tf2-ibkdrMYAW_3fJRe67BWB-qks1a5DxV42Qe1B2ZsDsMxskp9P9ise6yxw0FPcJitqtKxZNdKKvkQOP9yxK83ZzSTbp9Qm1ZCG4680QemYJljOrSAI5t3THPsiysKt33i30c3yGF0Oig89QOnu2B9r8LLSL4OOYMI-jJ4UjomK7v7KoTjcVKxxKRfOHITiL75v3wweln7w4dSMmDN-lKKrfB1KvSOxLQ0x4TqYDHoWRHFpAE4kiKLyupakA6BoWul8Qbhtt4JfoqVaiUjMeuiPQ9ysJhci7ouhI1MyJCZZBmW9AhLkLZkoQrcKf63hg6icHPqklbRm4E0lXqGdyXsqX1hYEQ_UF0DCwifhC_tv_pkfsF1h33VcJ2ciSqk2RdfLGSvk3G9cQBy3Xsvka4eBiErCe4muFJSofXLfNOBvbuW3-WIsMenCtk7N92ROKl3S-WB-sDljkbiII3vILgRijBY1bilRL7bRlqiFzBpFV_AKdaOXvBpWw2ugt670KXx8CgbpChIt8tg3mKGsz_VlPDXF_cTlbCsuUpOlTxdzCaxC8o14CjeZD9BcdaH0q2NhMwQub7dveZYeS2d_V6RWHIPQdjjqVwZfPtZWmT6mIJfL33QaH55a8Q4M9Kv4Wa1c0umVbXo8xVKdddZspXjQ9JbCwBjDwuGVUUw2gtTqgc0pmx0a8ES9GSEpiYi51XgaE-MDuUEHXngojWgLDg6TJEArTjabiEdzFiMvn8w-l_cJeR18QhcxWi7E6np5X9jjEGgTQBK59zdonXNk4ksbLpAkbtIMaKqFQD1LjA4c_4bHElVDNBJZbphNfB1YZK5VipI2Xbrxx5R6Z5kIV1NIIa_WpDPq9GDFSIHwaMXJYS_bn46Pizxd0kI6SoOm2EsfOYcUO5v9YG3sUts-KvPuNcaXobeVGqNKGW58123C1fRoBu6yW8Kd7hIurlnbnuP2TRljzL41gKFfJV-n2Ggo_AsFc2Bh2MpYMK5klRD4nx43dLx_fKFAsS5zBIMOzD5sQQ3NQ7oGeW5mmn79bClqk1TLa9zZt31y2Vo_qEWoz5KFp7WECkDrQRnbTW1ZkwNHh-y0Ips3oQkY2JfIEBpTPl66JE1E9CtyVWhimT65LLyjeNyzc2rYWDfxj6weWT1NA-bzHColHAOe-XhU02ONpzoz7gvo3VBl35mOapgy1RcTerspG6CelqV6VxIdwpZxZm3sTsKqVkI3h23jDvVmis6GwcULrflxRJ8LZNXarSrUSoPCQwj6r_8sWRJ03xJQOkqKPr28HLQz8LYSf6_bJpYq5oFQZSsDgIkPnxXUH51CenoT5a3rJbuP08HxX_sXra9CzWyksgZBPSNP2bdU7BPWxp9IHp2x5MxBHTqeqoXQ9d5wJAhJHQXcaodIlCYHglAWzqqKKUItwcbYULAbNV5n8cGHLrj8zAi8OodmvyIsdYT_K4kC-qN-DnLDMW5CiKD72VD8hl2U6o2oNNtHzc50Q6f1xTfxxIIAkRc7GLBKpSFM6KAr3slIEBvW96iFQdW-JcZuYFosZwjSMUiNN2zzcAyvEga5sDpWOGZ-X8_REfyCA5xmhYuiTS9AIbQb5OhNu9zKPYtTVW0_ppUG8Tr3xy6x0aUwFfhNsGiEEnPZXR6VvXtd0K6cz8Wx4MHoYqNGKFE1Hy2IavUDny_RuHc2xXtct2h-NqgQZ3A4PnLl5KOHkfN5rmB8de_cHxSEc8GS2eXb1-fEC1XvBQQeR8ToAQf4Ww2Edkd9iYhNodw-6cpRv5jn4HWQu6nBbaIGe-rOIyGRF4eNTt9-K-yRhniFOlVjQZaDX5suW1Bck_hPKOhthRpU5i4gXc_AlqMWFkHBtVDh-7BLlkLqBujDyL2-6zuuwt2F08nKt3HN3Luo6bZ1kPvbw3A9wtqeotaAteWUbYr6qkOm18NW8kTAWRBxUL7P5CnWN5Qp9e6XknXeunSGMEP6oU1cbrG12sQWul4qj3ISMI73NHnP9ZjzlEj7l-BKID-LT1SjgEHmsnHl09u9VzYJ4lmhjPKkWx4o6sGHxqdMFzbhoTH3SijVExC-CAefhC6-Y6m2ROLDFiBYwSJto2UVSPSQ6l9J2zK7AMiDoBpuXgORAXSUEIW5PUQYZNHMAsUvA3bhOyXzdLxyVgzdP-1kAgp58YsC1CRZ1wWE_9lg9gIoJXUKN0oFYF3BrLtHcbTwQmdkLclkNQuLgpmRCy-SCiQOgYw8RVdpmX_oGf_sGb3jdKfKlcUL7OryvdW93TB9rzVlpHovfuSLkRQmXi6wtAoEn6PgJM-JUxnBFABKK61bP3INaMU3Q70-d_eQ7tVsImE1CCRG6ZI9i4mj4GdByP9KLzgqh5T7vv3cXp4TNiIy86lswdl2ALNEqvHYDOOn6WR0mC5l205IAhTOTOYLDgdQFrhaeN3kUYG3QqhT75dw9W2mA81FcMj7fMBEUOuNHANIpCQi4vBwNioUSgRtHkc0fuiYmxl70MuERvOlUtLeRXIYHhbsl7umG2cpsP__W8Ixrq-dD19BdL6-DGOYXuILakpD3smmdRNlBhwii2-J80MuzWRXICfpPPIww2-JrOoC5joMqxQuQlF7HhjV2ZQhr2vd6q_0hV_ToNy2FArvqU4fa1S5lzBXAQl5JTn3XWzE7kc8dF7Fc0eg6oGDjtE13iA6L0HrvJG2ab4FF2k_mJm-3yfs_mWCBPa5yyuYnzBWucj5ryz6vVdU-wMtq6LChBjAQmkQEh0s_qEVt-XqlDphVb9P7yZ0nJWo4KlKXVU-97aJ1IqsEv9Gy7aObqLnfzmDcXKJ3lhA9lEjXM8VGx277T6uTAC4lcRgf3gNTMQzAj3wmLx84Jn03Bx5vvSQF0MvhiHGukLqK2K9mywoqD2moj0lM29XkVYNFV9gb6itUk3qQ0LWP5H3ZEUKDh6iymE217v2tT_zKuxWzTY_EoFu9EF3Uuo3psRVwvi-Oipmq-CjM5TDRgdov8P0cRy-YpYfQkvnNaUduQKr-3i9STMmCMbaxCVH58RpnaU4p6TfiDGo_2ub-ubjY8Od8po0p4UDftViqATrExHlYnSrR15qoJI40yKmgtp5V0fkS-Ml1iMGtBaffgKxNYJ2VysGKgVMLmjA73JrZPAOhM9eT1F6JZhV9Se2pN4QEflORFHtuBBTuExor4mrNgkEGTncUgR0tlhwRf3tdUW7Sww-7Q4VUJkHWTr24oQEe9KRJdLPwsnRTM8shqWSHFRZq9-xRZrCa7rhD7uJhvncGz9dTV3feXVVwovtCwb2hAhBw4iKs-YfXEJtYEjG8qWN-uHk63pT2pPBq78dJqedJbngZExrXJOcAPlOWsp3RR_-MaJitvGy0R724lL6oSqbZgtXMjQnr36mcAshb9_EHlnccarY1vTfXAXLhjwrulIYP9U0LV5XUUAA2z4TEgx2a0J_F_lj5wrMqrcWbiJ8qoInlvcgzB7KqSy0MofnOoFU04wXBYo2RePigAPCbvvPk4RNwz4mszM08RaU16BM_wj65l7YZDLR6Rdt-5_X3RqD-Fqfee6_8WgMeMB5JVjS_fzunxpS6OyB4nAI4nTNASZjXAWCzshgVoASXwGBv_NQTCb5i1KXuXWS2e_cDO57irpeOkGfaO_h3-Ls6553IrIRXU8gl5I0-PkJpFYukOyKVj95mg&cid=CAQSTABpAlJWjiLC6cN0y6Af-KVXk8DBkmSzEAbYcieNmu4lAVz1VLLZ_paAOVfDx0eYlW3te2SyfTWQ_evKRIWjp9kxnT6cOhSshvccfd0YAQ&dv3_ver=m202307240101&rfl=https%3A%2F%2Fepicenter.bg%2F&ds=l&xdt=1&iif=1&cor=13609989718639352000&adk=1964084972&idt=230&cac=0&dtd=4

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ec58e38498f5cb5a8dc11ccc0c43324db9791c84ebb1508c30882f72a0ed22a6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 30 Aug 2023 13:54:21 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11799
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 22A0 0
20 B 127ms
125ms Ping
image/gif 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=running&ord=165583989185&version=m202307240101

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 30 Aug 2023 13:54:21 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 22A0 0
20 B 125ms
124ms Ping
image/gif 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tlbr&ord=165583989185&version=m202307240101&ct=77&x=1&cor=3755509232437121000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 30 Aug 2023 13:54:21 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 22A0 16 KB
12 KB 60ms
59ms Script
text/javascript 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-BjdVYxnPEUbkGDJXs_GFa0mfxpm1lZFJpcbWGYkFL6DXkkQZ7PvIOOYxg8LS9dTZDViY1OLVE-J65iy3HPcREg3KQaOFO61uQZD4J-2mYF1g8M8DhXkjorGLY8_L56zzzdYgrqgLNISiIAGmTS-DulFV3vfdjPJ28ra19WtrN6VuMJWnM&cry=1&dbm_d=AKAmf-CMzk8xq90v1WjV33vVYWiFwwXu5dwSKeYJP9vwjghxN7EUgzaQg4T12sqM9Z_GA-3lMCv3ZE__1VE_s9bNyUN2BVZBbLGs1YorlkLHQroclWHfVmaDwayKHjgRucAVjvtlHEvPCprLjp7_X5laCN35mPdFA3J_qdHFJSd9_ZaSm57nAGQ90bqAv02I8D7JH6O93gTUgP4kKkW9RshBamK8WI8prYQ2sP4morasbF4mPRIcZD0WKFE8Or2ln29hoUJRpQeGAlmxrSJ8-eMl4gnF8ZSz5R8et_8mMUu92ddkuF2S1LVZLYM-U-RYgKtg-aQhragPAXxvritP8Chvz-XuBnw5sjKymGd3f3rSxf45bQTXx-sb85T_xVW6M7vY8JZGs4usPs3iOdl_wdKTVelEhI5NbOCz-UsG0-qDw7RXhEFb0hAld_tv3H1vRL7Z8QLzKKOWHYxtgpb2JiK_6S2w6eMAdEhSmY3k3yMxmjjkRvh8P4iO1IYSGWts7BRPrMQH1I3SCZnF5hcLtpcnWaqC5gIS2Nz3_3o_xUU--B_d_kiIPhnAh8BTQpanoC_nMe0q72x6q50SDGcOH_q8GxxXJVsEa9w_09P2Cog50tqHgfuEw5I_xfirfCNl8UeLj6dyx5oegS6YOPFJJUuR3nUhuMhvWN8o7R1XmbiCLykVbX7g5qh-aI56uGGZ5jikD5AvlOSmVBkq7qplVNvZgpk4wdEosS-puy6It6JgdMRhADPoSBASvaP1_E5xX2uuvO2sj8auqYNyGWKgLVcYWGXLZOU3P3otlsOjVt_lr1STk8Lq_9ZnLxSwmIY9IOVm3Q3W79wVDDPV7oYsPTT-HxXTzyUJVs0mrbGM5eljLoFEkDs6YelrmxYua8FZEzHeP0mVTU0bF2ADg_vLL5y3mslgp7JZFDy6viz7gy9z-KYFy3f-Ky3kQONrkEk5J333aMk92-MBdxgGaWcI4e3ImcxSlTOM98xWfLsoLde3EhBlW9HkoOz4WF7DDYY0-UgeA8Eua8OgW7bvGSW7vsR5noVdoVqdl-nJk_-R_FXbetVvfiruWYnb_ubgbvvhWLy5C7KsqWRpb2hJS3qlU7Uc6NKjy6bXyx6pbbc820Yna0yeC6HfYZI7axq1ljm_VhsVHRZxET2V3anfb3Vzwn6PilY8k1RUpoRq-gBYuZgzjG0UPHgsUzxhzBBPUJ-3kb5_WMT1M4JUGKVYskTRYeb4GfNQthTM_3UjfTsppGgNPiWuedef4WQQ3ksDN_sCgfPna_NH8hyPfYVc_NJsc6UNH1zipPmYM2nsCzY6Pay5Injfoi_qgQioxzYsONC6xCDK7kSKgzwllZo_uQDVpxDitVdWYmBigWTB5zOYNitweSdi3Oo_7Aa_X9iTF8--6it1onVJ_KzRLzIOs9yp-xSuHmdLzxNXFAoVm-WOcPYwWn16E1I8CTIb1iUbfrKOjMKd4mJYhL1L6ZZQeBMPe0RAhVZJhUcn0RMKpLr_-L8VSOCQ7vzI6-gb-PdIXrAIuH8GKWfChZP71bOW-edKui2DRa5GopsKJFZPYnIPRqd-qye6reaiV-qZckq4re2u0XJWyHqV_ZiamUwnDTzlrdbTJuvP87AzbWCPIkGqz0gAiDtSyjTx80HleX-zKLyYxjuIUwfTBKvzztMLUvVV6MQOoVPs9M7QjawrlKPuAqCb7PGmO9swipBUiyv6qb606QNF7wW4Abd_-D0NwX2jFw22HYGk3T2IqPWCc6jigcV_3acso33ystszsNoQQ-11HZhmgsiHy6CXbRU0-Jbvr1qFS0PU9YQaSLDEdNgYIL7EeQhvAAXt82MdQDoUeyn33MuC2bqrNzzzyeQWB7jUT-Z11kVUlAjI0Pz-1vbNj9v_DJBGUTApuKf0SSC50GfkqMLiVBVlCSdehqORbzeM0H8IbVUiA2R3MIzKkcbTcMiwpWi7CRuL4KwSqcLPgnVea22Bnm0o7R5IzV-mu0BsGBLW8m2yVMjsCGBLcbBZNr4XKx5BZro1rYHTwbYUSqSBZm-pDdnA5tkdh6Rh6j3Wmcy7Vmc6JWnUttpWGXwUCeq0kxQ8WdAO71Z8Ipg1gTkJnAXSJzQLICseGRNhmvATvRZ8jvA7n0xiaIOHxzvC33S6ltyw1Pgm0Xf-OPO3C82CHUMB16VDtSJSnEEM2JpZRKaFhtESom80Af-nebIEMMIzZRttPztyrdGlxuX93uZ8NsWk0blXEW1wr4kJvD2avHGsHl0vwgKhYsvq4JFpOwJawvwHEAaqd6qcgqDwZmAi0DbpGpRYbGDpin0cQXmuYHwmo0-l6YNc1nhet7cdQe4T5VFkbBifkYIg-dcv8ibNcAIM0Q7Uq7HfoBEdw53klUXoVK1y6qBF4YUCFkX3J8ZLNJImn4PPTq5niOXxkI2XEg4KRlBdATkMKEUfAUx6SrIONNjrLtB877e1HAnsELRLy_3XvrB4dCL0A7-JtQJBlsb91lcctF223Vpc-Gnc3KGh78KMr6-4tmA5OUV9-YzIwC-4fVn-CogXSxK5Ih4pArazOOQky8tdjZQod0Q18NKdqlmsNvS443vuj4CnMvTAz8uJo0cshyWfUuTCQl4lReXXhYaSrPyTU7iXfO1iwz98JqiJ2MlTCvfcCr7TIvLjVBm-1OwoHyX6mptS4mwvV9bteArihpDelvDaVJRZd2pT_vNDrNkBd86Muy81vGHQazyX_IyP-JZ5xm-n8ua3BDK20i3sErSd_fKLwPhh1HcFmtWocniuQOzhxr6FoxrR39U6QDSwiD9A6Dm6pwBcEGC9sRhc0kpSwAIUwomi7VFl5HpP79HienwNHHkhAPU8LSI5nX2OxyQ7JWt6dSBJ7HKt9_88mFGku4OSY_q8ge_vJljPjCbXp0M4kKdC8sPzZgm7aaeyyR_77ObvLpzpcpnLcS-Pv9wph6dhdvb1l_ozPZ0rUGwaENomBxd9BhMRXotAVdG-LfkQ2EJ3iDMTAkkh8iUwYx8S12QVL4RM4vcVjkrLHzDqq4mWLwdCIIq2Vk8ehlG96fvSCgSJ_InZx38Uk9HJtjfOt_sFmilkggO65M4dCtfN9keUSg5momhngaF1v350rzhprrVvx9Zo800fd8ccOLeCECGzICzyhu8JwJD6L17QqxILBcmjFVVTrqGBGlrCoLD5TBbO4AbjlD3q_5Z0M34ztayB8Xy7WrJtm90ecKQ7mzizD5Jm1MKRDGi2oZ4Kb0uyt5GwkYofFnEKFMeuN80a3IG1smGKaGng_Jv_t-nFbOR8JBpzTXjG3CdkktwROtRB4rLUCig-xdabYcDtkVAjcMuKpbzYuGgAN92yN74tf7Kl6whHNjjVSRCSjDGfFD5O3umutoL1Qrj8DRJodV7bsUF_p9AA1ryfiB_ZgXYq-_3PuPA1AZBTVtgtzbht9zqh9jsQ0VXhCiRabkUceB_-PUi4fMFxLxsCT50NzKtzNrh5AUpPUDKI14dYRIBdbzoXWwbtvPL3Rb-ReC2I9N9M_bOJixcBPhVEFBmHJG4iIvtCPlWbV0vwIBXI_ReK2THDeSht-nokODObcU050tLXwPOX4SDflK4FicH8dISeoT8tz2MSxURTD3mcb2EnCxh4SHu1r-DqB_CGy1TvE86sJex50EQzdqXRHs5x7flw7GpF8iWfk3Nnek3tRkbsQKxapEHG9F8diQW6oTzHWXTGGKLjUrH5jau1vD1w4w1RM8zS4fTLV9tISTY5xn8t2JJIZVH5rCFADktJVI_hRFIoDQwZu9WTpGQYFvjWAcHiHzb4z1VLvJ28GV2MpYWlVKlp-liCuzdHuHsLipPGhN25JBCOlmHZe0DnU12lGTQZ9l6-LHGFfSrxP5YqG17pLMNCpqsvqZ3FSEi17zfO9AoVEjGsRZjRELWtsjNEfi_2r7gZakmY5f66RXcCTwiSR0E6u81EZEPZZYVcwoYj2tHb8C2HwvV8ryiVlyzxHgA8H6RLOxg9kgf8b22QheilnuQ&cid=CAQSTABpAlJWjiLC6cN0y6Af-KVXk8DBkmSzEAbYcieNmu4lAVz1VLLZ_paAOVfDx0eYlW3te2SyfTWQ_evKRIWjp9kxnT6cOhSshvccfd0YAQ&dv3_ver=m202307240101&rfl=https%3A%2F%2Fepicenter.bg%2F&ds=l&xdt=1&iif=1&cor=3755509232437121000&adk=3047537735&idt=150&cac=0&dtd=4

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b644c1a4b915c4379b0f9f3ae426c4211286c346b0ad97d4f6191a64b830c204

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 30 Aug 2023 13:54:21 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11870
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame BD87 0
20 B 118ms
118ms Ping
image/gif 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=running&ord=569521148968&version=m202307240101

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 30 Aug 2023 13:54:21 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame BD87 0
20 B 118ms
118ms Ping
image/gif 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tlbr&ord=569521148968&version=m202307240101&ct=77&x=1&cor=13207843948640830000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 30 Aug 2023 13:54:21 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame BD87 16 KB
12 KB 94ms
94ms Script
text/javascript 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-DBnWQWn6glC6WcOzTxl7bEbLhXIgzqBKbcWu64KG0EZkZxyrESiS3yV9j_ny1lq51pA5obj7K7ONjHFQkq2Po3b8X5e3hXgSKirEFg_zdowCPmCq4qfv6NB7YX03eM2NRMs0As78Y3smKO63BhEUPN0K-pacHCN6KpuIfv_maMohPo3_U&cry=1&dbm_d=AKAmf-DbfK3NVXjmZD3pgNGF2HgVl8hDOoRyrQPEypAp1hZMZu3hBdwZDgkh25nKwnzg0CoVpKot3EbYK8AWf2YA2R8MpGd2OOICWu0TJQ5kx92Tz2YvrzE1KibYg6YW8ZoXO5ItsqPNFaUYmHRN4MNys4ixbIW3M0ojy7Mt6xTnyW_0G_0fUZHHyb7En-2KyDXqbaV1_BMWsj-me9gdrKoVIHiedqPDdbnjb2xWteBqoE1MdWoLXviwpJCw6FXqJhBX1cPgARksTvPXD1yOGHCALpuOtV8XQNO2AK3GAApfeeFdJ8NTmAgFXSDBZy2_MaGPrzXzE7DGoXiM2H4mrLzOoja-04980dcpGzi0BRNr03I0_7bXa_rV6Gt_brmFnaXpOV3tV_fMYmtFBdP3PgFqlAQsglkZMH366lZ900kieu-i2Y9a5E_D-orUufv_-EOHZoj8tphOy7pe2Cbdcf3o7_ClGkCpGMOOfuY_xinLkQd93I4S0IkOnK89WSbu_I2mYVZAdRv6dPrCcz9w2ZTHk6yZO0_l5y5VgFSdv5B23WZIJrgDxzjzIxWhd8ZQTpGS0NP-H8KbfaXnca_VtS_C1n63p4UAEHwuGyfJwsRI7AkHWtwhwee2y2eYUJJNdg_yOZp4ueR3u3M6rUSyz81ZNWNqT3JSy0jDYyhc0YtWhfxniBsS0W8V0Yb8-lnqkKjFMd_5yXd02NgDtwAkVIzo0GG8E3TkEmKRFNv9AOB6HSPfzHt38tZn0KCRM9TGg636MUY2dAv05qEZKwA353PkwDRRwlO15SZ9JVcVL3lW0LkKVwg-sLmCtsv_9oc6tcEOBsXHFijR2GjwbWTTMLpTRNp_Ge4B11WqPQHil8dV-kkkYT6D13GuQgUhtbKlxIWl2VNUQgGQvj-MZTJZYBrjE_cG3XiSmgDyK_jTiu7kDo8P155w-0xx6Y5wIv1SFnRvwvPLl8EJW1fHVaBvfdI3qqy0fEcnOqQ-oi0bN35ppYnQh0h-MFE6k9ry3EMUoFdWRGjrfP6dicuBfeD-XrIE4w5ikg6DwoOj8QdgbO5QQY16ehFe5FrM1F9OmB4sF3FNFDgzaDdYcUUl1eSUqK7l2KhaKQR8kZl4q7XHa72oAPkrjtohoT1X0ThCDRGV8N3pkkZtaSYBaKpmKQFdvWlRo8CY3zo3CBTfvKdsXdOe6YSeW_5NZT34oNdADvsP2EmF_G1-pJ0xNmGIEIkf37ZI9MLn1E0NQxErPQPcn9xuy81pE0QVkep5bI2sfktvZV3CzRcRaDsqeJskjznUlCnLKQTxOlQRZvf6x9DnXuttTQMf_7GFFbV-pRA4GdTv_-GVztX3z87m1jGyC4Sj-v5ErhL1TKx9g2qMQheplJUQ_ctKFOQdCPJ-GqYMRoOnp3EhezpougiKnHef-UYyHEFXSwa4DzjrBlXAKEsEHzUdyZM-RmazPeNHnQY5oaZaAxuHLJB_Jj1Di73Ox2DeUv8ywT4IgutS4niOtvgKzqHRhwzjz3mrGOv2Dbcy6i4W-e0C-kD45_oX5lURLQhS4OEr5182tUIFk-sXtDJcxtdmpk7pZV1W3KxBALwwcH3_1FDHS6HhcAE2uqjgdQnK8Kg6-QuLluh7REYu8-cB6r1RdP_0OBS-pQikHSEJw_6EY7HZkT5YcmhnQzqETaomiohcNXGyw4_QCJeLSOZLcnOA4l-hoWMJSO25yrDnNBsEue_KYaw_U6NU14O6VTDewp3fpfF3VVGdpKsDvAEwYqUV5pAsalOuFUaGHvuPrjH813HmxPqY6g9tkrtoafj_O2QjRBbyGvqyMM4hOuEmZJB_aq35wd3Hv1NMrxDthbPmdn-p5z6Gx7tmjShin5itED_3yiDH-TgNEMWi5n2VUbOQxudJh2lA_m3Kg7OwHyFk6BB3VaHQfVLvwnYUD4dRiZg2Ak2hS_ec7JPopHSH416mOg6k5UGpC9Uy9I8_297Zz5ehwwZTNytvWuJ3IUYAzrnnSezKUo0aoMt2BzoT1Ta12PCoxEoSPtNFk0ppuuR8ldTBv_AJnTsfvi43Bg-4o_o7vinuE9P2dOqU8ztmP2FoxGC8cp4yN0dIaJ0jGuKtWPaqxKIfB8K9e6xcVs2Uv1910wNTmnzrMSbadhFmgddCMIucRv2D3x_OQsxhNahwwNZNLUR8U3UbvEYnCQcp0Nij-Yq7PrlIXVLKRS9kCOJxfhUQFsyG9N__nq-lxeeM9duvsyNIm8kVGgWJhxm8Z4UG2ARALoxN4XCrv-PNeqiNBkwyK70VkHPScILr4AK1GoT9Q-wbTpk67KjrTMeS-wGUu0T9hpJHrpS9RLrjImpWtfHxZSuflW12hBY99nLxJ2p8_MpsDRyGDkzh0G2fOtiig04jFklgcjIBQzbZAZQK-OH8c_gEV1DIMdjB5gI0Dk4Xr5ESpmL691LQy-vF5vv9XOoa8Pxa1mtp1HdSd7ZNWxT0F6N5ppqzbSUuvfgX1tjAz3QJcXkNxIecCgnXa-eBhBor3FH57TZkp39wGyj2i3tnDttRpGAU2fmPuNldEH3D82g3o556xd33Ls5MoTv_McqiDOV8bjPV_QRmdlDiR8LV21tCwiPitly20oeGvKRlytEDEs5MMAtoIgaxugvVixHXfHiie0dQlSgL3laSIOeyrtJYl6EBZUmyq4j7y5k-hUlGtLavEHQ4Do3XJmYXoi5077hfAj5V78mrRYCTLgEW1Qwdp1YzAyJJiQeF15vjo0Adwm3RVC0GHlYAvnHTrY4Tyx3jb-7-0Zpmlct_qJHemg022DxVOmYG4gTyZFhfi4lb8m3vhiiEqKB0itROXin-kpk-t49EAExzhrtyxquzJYIZi2kH2weju2QRxnY7inqD5_weHsqh5ss5LY1o5DkEBdbyJrK8IASg7y8d-qcRhbXK3853q_CERSpJuSM2CT7XtwsCr5rtTk_3tBilVGixgvmt1rxkqbwOvOi4a67-lad5kR12VaEUZJumpVJUieMyJU0JU-ittNCowmM2nhkRUAxa6GKzwdtXVScDq8WNnupSUUliuXtONixiuMIF8zsIPAsSWQ5ZKL0ZkXCy-b6VybAfbE_giPjrekoBKcSbdQv52tu6uObnY8-T9m5J2NFLLdVnxSeoX-S3i28SKwOcEyILd6PI3eVOZIpGWVgHmad0ArPvkkath-2N-uZxpjbzNVn-_jqySjeBX1O4tYQynUx1l5_VZFvGPK2GV24T1_KaXhZlZenfY3fbhd_rqwPBOhxa6JVpspK193bl1_er_ohdpgDfoBs_SJV_St_WRilyeSI717W7iNU5GHqfdwJC498ILrukSiZ9C7bEdAthwBf-Zwf_aruBhVNSCJARgmJLLR5kAlHW9XS14Dico9mfe9O_o17kwp1ecHSjnXg5iKT9lyYOqsBHX6CSrHQW9KiQebA5nX9ak5rCzj8KvRKYxJ32tZDPSRHnYiLDXfKt76qskX76gyh9Fbtq7YSmVw5Qsmxgs7r5nnDhNgGB3LpALupOAFyrRyjh0EbaAa44OWpUpJnM33FMtDOpqaW1mZnVaX7h9dKoN_yQxo_UORBDWiZzOwdixlWLMBD_q_lw1X_tdkTKV5_HnGeIZZCr9DRXAx7kuY4LCcBMkHfN2aOk1LT9B40hYYbggaeNu2F0nTHokiDC1oC4LnKzV_ZPf10UhvGny12zV3JhshBnMhQXtondw8NGXyHMYxPvxzkQcHtq-K_7d9Q20lxV7aWNGtYtClMeCgQA-4qHlw_PKmHpfst0URPyssDcvm7KQMj3hxsGvTiqHoxA6RTGY1m2WrIdDV3xw7_uuRu70xwTXvG9bkmghZZH3P1ctBM__4XAINmaqGYY67x278T-vEe9UUsppEED2JaUchcnEcn6srRr1CQOHubTLj5pjKGLNHRQ1VoGzHfdmno9B-C4mW0I7NNMoKEJpIZtcd7FBtKm1n5BCfZywQ0Jp867ljMFG2qnaN2K-T8upUFU8wEfHAvj7yaq2j0&cid=CAQSTABpAlJWjiLC6cN0y6Af-KVXk8DBkmSzEAbYcieNmu4lAVz1VLLZ_paAOVfDx0eYlW3te2SyfTWQ_evKRIWjp9kxnT6cOhSshvccfd0YAQ&dv3_ver=m202307240101&rfl=https%3A%2F%2Fepicenter.bg%2F&ds=l&xdt=1&iif=1&cor=13207843948640830000&adk=2228999115&idt=235&cac=0&dtd=3

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7bb90a0cc160da966097c8d7011dc629c9a47c8525483a9b9815f9e12c60629f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 30 Aug 2023 13:54:21 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11911
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 1425 0
20 B 120ms
118ms Ping
image/gif 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=running&ord=5252623320728&version=m202307240101

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 30 Aug 2023 13:54:21 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 1425 0
20 B 119ms
118ms Ping
image/gif 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tlbr&ord=5252623320728&version=m202307240101&ct=77&x=1&cor=15613628907982103000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 30 Aug 2023 13:54:21 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 1425 16 KB
12 KB 59ms
58ms Script
text/javascript 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-AV2FqTlyyXHgctGpjXjoedux3vSwE6MmEJWFci5jFOfr-5RsotQU2K6AbQNQZnAdg9Fv2FWzUGLIa2oySYUgnWjvM81ja3kktTZFALkShgJ94EMEAfV3TcFUjlZ9SDfWy2QYwS5V5G_LUqtstu2ud_ne8y0e2Otm-zB1nLLfXuw9AdF_Q&cry=1&dbm_d=AKAmf-DKx1OHP5m82MzjdEpii3EMpTUdnclsvEW3aJzN_wiibLDUYvB2A5Lp8INbpwvt_1PWf621V-7DkESTAIcPgLHI0-wUcWdgSmHldCn47d3XgnkjGPdjSlqurce8A0tUNyhtvyYGyvlOaAT1tJRNjWmPNS5IFeJ_YtyK78nJziP91lEZ7heJcZAGSv_ZRJThSY5O_TFWztcDtq-Im1e2GiuB7ZXcAHACRmD5d_49t1J0LTmmxK3YPhGdB4Fcjihdh2i8EGbjaqWw9TSJek7o8rWJX5XPiPM-MTBRT9aHXAHkOvs7MkyLeFJ8G0Jk7A4GjrQ9zTnoS-eEdlR1w4klxqbid83wGjrMXqhUGCQCe29mAlJ0DA5oXNVQU7EYomopaSefj_qR78E1_Leu-Dg2pqHhADAyxl2-HT0vHwvMROvuQywmdhPVdf-unPm5BsmQjormOVvarEuZtoNL-cgxpPwOXduBxee4PVCWKRtidI-8Ea-oW0q7ceVo4AePdS7Ryrshl_y5cSNxaELyyyFAc3IZN19UcNxC8N22G2eulGkrt2fRnBPZANMcW89sAMR7ooqjGs9MkXV03liurN3vzDzEIppR5lkHCclH29JWM3C1O8ATIIE0ldiFeYhqaic-0b16w-FMzkToEzrVXhWXHKoluQ7QRpgWbfaeQVgHfD5t8MJ9OTQOUWjJIUkNfyR9VXYOD0vpuf64DOkcTpBEy4qHdydfSGg-Eodrj52ketPULyEBmXenJYIU3pzpS3F-4ly8Q29a4wYpga4_YzjkonuHmSZ9AI4nHl7BorZbsjZpvPGcDPqyRv5m_qvuyhXObLz8uhUnskUd6aOLG9Y5V37h2h-VNDmotxp--rZf8b21RxefKnZW3kDisLHO9o4tRLByuzXUOOmr27HjZxQNnIIcaMHn1_kLo7IIe1BcMLBwAB-UP98_5_NOZeuGvds9X7el_DQDv8iAr8dEyCOKLWzTCny2RSDy44NWo5UDfNml4NWM5s6O_BVNKjez-T9nm8klZF7k00ebExtadPYDqcYrAtVGP9IRDzku5XtXp8S9MM7Fgow-Yqoh8L9HXEnunLNBRuxRma9zOuzYg-Vjk9BInBtzSNX0HN2NmTj6SGlTvsLL8TXH6iScYakkL1bZr3dip9Or09-Qn3WTTZ6fmq3rzN1_IbU7yEBRFkyo6LOUqWuch0n2u-MlQK69_r4bP29eEcOGgpwXKHJy7F1uOBhyEn1twORHpqsyb5XqrYhVN5hCUzVjK4QHvlC2umtsMBmjJCyefy9BEUFhPb1GLQUjfoktAc_CjoyQhnbdaOpycnLJ_s74wjA_R32XxQ2d0cSeNoAvmnp-oCJdMyfjnxEKP-r8CW_ZYMMF1e1Ykj9eUaAgAsskkA72RPKrvSKa_ZCDehXCVlPAQz1kIJvm3LG6mPpb6M7XijkKK4BVPyaGHHbUc5NH5r064xPVyFjsf9Zwwo0TWBXc8sqZh32Sw3QA5tXwMaxtDGOZ0Xdux3hUXYszCEPwO-UVAsbG34yV0TM5e90xlyLffSWqMYylEZ8VunOoqQEMhIQVweRf7UDFp9HdW_4O40Qn81h6j0ZEI3I2WsUoglPYPOcvpcgy9jeY75qvHXhLFgJsYsJYuoUT1OgjPJ2cxmaLmTsxecXK1e9KC71QGGeybHCfkpEUrgHQASa6WgHrpg0xiKi8lz_21T70Dy0f9uBE0d2XByz2bmokeChCcRz7zp0xenmf07DSphMEp5ozWxF_o8BEpeBRbkgg5LtnyaPbwnaN01MNxubZsHZ2Fm-V_Zd4-BUm0AmDmiXffncZ6Z3yTRXjcNNSJ3BRMcunICqxYv9cr3mJYMK443hlOhIfvUdJYHy9LLK7BF16OuudNSUQRzFkHsKJjcx4u3clDRaVCt3IcTk-RVru-8DKuAnEHPabDHfMtXDOtQXo0y6xDg7eitKaeHuoGvA4lR4pD2Hu8qFF_PqoYrkzugX-O3AD8FuqHjWLxCYLonTjdpVZFKjj7MjYurTnZmbNO5ikh-5Z8BJ5cmxWeUjJcZdGNfRbrUtYDfVZtHhcw686kqr6MPey6991rY6crZvDIrXOiPXv93WApgivoE-4o1XCgjTCap07mD18HSO_whRCoWf4z7YS0ED_jFKMrDmIi9a7WvuTnoKomdiheupjmYM9vTVyRRlMa2r8qyesqyjf7TtWSTGBLG8upYgZgVcTe-SkRZN1vTN51vyo0e77xFSYDngQMkl93KuNHSDSlfyc6rnqJVQeduYeP_uMGGbHYzy2vkDKjMw50J8fQdj0fcMH3wl4lFuMJ2Zjxix1CK6eMMAt9wPjuhdqje1jPb__DYOfl0WzzH0ZIwoAe0FpU5UQ2go0RiOs2T1sQuMM-0RwOZL-1FYETULZn7mU3kSJKBtjzf4m48qxY71P-dPnhZunFIdcLK2OSFrjEHwyNHVFVwhgEXe0vCrYIA_ultLJkg96a8YXtJn08lhJPZHy-uFwr7wQcaYvcj9ZqxCT9ZgVws5M2n6SEDGIWFq1kX8mTC0HaJ6Yn-lKdykwitA2KUxH2tWT7yfMm5KobrM5r4V6QIFHiT-DhS6q24WjoHYuhHMKrioEkkMuxHwpm5JFiAYICo8Ch6zLsUf9AMti3KyYplWifrpLjx5r90xU91lL_UU_59EituQ-G7du5Y71_1yW2fQck1XcObwT_QCTdvDOTbYir0SvrTWbKkh68biIkd1oCfd5aQXVOFssk5AtAVOKBperdDTPCq1KLNuPls8CjCD9bR9fWHvBWmVaWRALuJ1-jg_NJp-24qX9vDhlCAATF7oCf0Yg3ay7FgN5Z78qQVKv6OSO3hNyelTTsCLo95S16bNuihkOVNx6kx_pIWyO-2ETl-epBUPcwex3TAhqRiWfecGKRb4WvN4-FgUeT4TDxtkuHIcRXaqpG86uQlZdtxyhdJJR2FPa53ZD3or7_-J3psV4vgjlZUO_q7pDS1rNOx-tEfKlsA-tdIpOnOFLFKy7XSKz9n8PmVhCaf7NN9Ymav02avt8Ds65ckqYiwudz1eKyzYyeWZKk9xMqjLSK4xa61QQdmveqM5k5dMmoZkVXk1OvG6bAa3j1rlxExvZC-c6LeA8c6QJt2BPtlcMIcRpBacy-mb1GX3ldHY7IljrNZTKzyNqk6uNd9JZ7H_qrT8kusWtqJXnXDvCzIdSTW8iLeUecEfNcnYEI9Y5pi1SHIE83LSzAbEIR0xKrfGTjwjWiZuTR1Wnrr9z75-YN1s3TBucLLmNOBYCasSgxcLyluvWF_nTVOiz7UxgNLLQXQPudVwJ2gthKtmShcnajywVeUeehAvJEphtw-XcqdMFiS55KuwRXkojfX1Hdj37IQ4c0D8uv8Ubu1wLZ5tP6BjaoEGN9k29he84bKjdMIPP9S5SqLRwO1XT0JUJmETBoPvbmpFqULkY9NjYVEd22gn6WaJfPJg1_3yNbV7gduP8B9suAhc9YJ8Y9qlbNIXpYDGXISwXBr4KSF_vKEKz9Lqo0T7HaiGfh6Nwb9j31AYb1nZhftTVYQwPl15XpTrlsoeD8BfswCcmUpXywW70R8XFU6IhpbFXCl6A9sDrKfNScALAPeewuOgp5Ulm5lZjYP-765nXfHbGB_oqipxqmGxK3a4CLrffxvilZ-GZu7B7Lk62Lj9loz8I7v1EquNgAfyLAOTm8fi-u6gF7hybpVgLpPeR_RTn1f699p-1qIqrV3dk8yXxiBl_wJ4lbzbhV0fpKxAGoMO4E-Q2LVxql2Pk19tWU05TDOhyKzH5OPfhy76dxJW3FFAPezHOo3J-zbiv9pozP1Jie78HPlWLv_Os0zZfki_81QOuG6CgOSPlXhsKEMPJgUJG2-w88hiaHZ1t7Ues9JMMAiyiwh82ILWdgcGF_avkBBkoHMAvoxPdCeP4vvnxVnXMn8hUzQB5EpP8bEmO4-X7vo7jMWik993Pb0FxBNuJG_NTZVnhPoYmeC9rAYbqlEDjoZDRyxk&cid=CAQSTABpAlJWjiLC6cN0y6Af-KVXk8DBkmSzEAbYcieNmu4lAVz1VLLZ_paAOVfDx0eYlW3te2SyfTWQ_evKRIWjp9kxnT6cOhSshvccfd0YAQ&dv3_ver=m202307240101&rfl=https%3A%2F%2Fepicenter.bg%2F&ds=l&xdt=1&iif=1&cor=15613628907982103000&adk=943508955&idt=167&cac=0&dtd=4

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

1795bb8c27b77188889229c4c3fe7e830fd967082721b8f8f5a475044c97f0f6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 30 Aug 2023 13:54:21 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 12003
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 2BC1 0
20 B 122ms
119ms Ping
image/gif 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=running&ord=5072247250250&version=m202307240101

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 30 Aug 2023 13:54:21 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 2BC1 0
20 B 122ms
119ms Ping
image/gif 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tlbr&ord=5072247250250&version=m202307240101&ct=77&x=1&cor=1310444133649392400

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 30 Aug 2023 13:54:21 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 2BC1 16 KB
12 KB 74ms
71ms Script
text/javascript 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-CSzgWrPbTGiaxJHF11HPdTlE17HZh0e2wXcGeqF-6yesBbsyyto_MVIQkJWHO_F70NHkthkwHBWDL7pKA0QP1xs3AS25xMsyH75uZrJevE0Kzo04wfaLhEA15OupnIejuyNe_80uOBU-oqj3EimJQ9FwRfGIilb2_6tlGJA2JEi-PiSdg&cry=1&dbm_d=AKAmf-CVWiCmLazQ5tPp-tgRp0bgEgN8TZWmD20lYKiRpOaNynIYaQ40eCZVNQQkM9iwuIdd5CfP1_GyOkuCARFZ6x0Dh0KtdNa9IM4xqfLXSdzLFZrjxm0pc1b0ci19jrlG72U40XfZJD3oyMFHfwab7Pvf4XoSUS8ZLh1LivRkctNyglLrgzUY2LlblPC39oWc2uRpeAFK9Vg8z20rhaiveU85VLGdnZMH5cZYqFE1mhQVcZ9z1mrGJQwkmvel9tXJ5cTBxyqtja23Xf9MbvsR8Ot5_se3e1uzXbOsDAK0jN6jQ0PDpx8kYunAyz_71EONLK0TgJX7KJAQF_BlGn1gq24L0OjA-vB3HN4fjdXAOckoF3sc7P-Rcv7MZl8959WE1opS4VGpoiFy2ANz8W8B2hFuf1xbRiiTAnkky4Ml5hcOuQ5ceSki2WstPSenBheUexkvRuxe6drXFNGyFgqRBRIN0GEKbJKaHMqOSvmyVtOR6rsuIrX_VQ8trPst3Ue2HiSmlPIpzjSsrc8OwLY60BReANfR6iCYXQhAeB37h9eT8VKCt_NjF6ANg3Naenh6rS8fB5xqzejLVIwDdY5HKIIZrwfWoIqrY8j7W0vjQl79Opu5teGfNMFYZeYqCOap5assk_Vr4-4Jb9CcFMtLkaEwm_H2eXTtIBSyg71--WmahoECCgfdEtKb5qRe5VfJHc4TCjzNFVUXnNcJZ5HePbr459eGw53v0L6kxe4LogYdvXcRomi2CAmrr5yd_BBh1FWLdRcGeubgcCf8860F_Bl9hjiTNXmS7nN7FOwZmZC-KfXBRiT1AiXUmPjoN8e5HtzkW3NcxPbYHN72xjVjI8EWasXdBknNT4iA1yHlY2g_oYWjqjt2N-bU7PrXGgMA-PuoL1bH2GDlSpGUlJG7cWZjJhSXOaY-4Ls6aHFhWcY39AwEJEC8KVESDi9AOQr5B2JGkqe4rZfwSFKcr1am2YKCWwk1ptsossbAlaaI_0nMbRu4SSv1UVkE6dtPMwzP5P1O69okomq9SQoQAw7cZJHHx2577-sd5cWkP5DygvB1xIIoi4kfuXQ8yJZ5quzvSL1VyFIdLKWfZQhLREkASlMZ3qQqPa27Fw9zps47QVeZsCPhQHjEmI3B4Q9LXjCbUItCPV0bsqGBI8A65Wvawta5_y92bR5vLe13hNw-1Dr_xouXoZMxl2_0lBMcrw75DFDJR6DRGt5NQHKTLhee8c4ADg-QWkn3Nnkd614jL3htRlYyg52jQYf6JeYjLWiHUEEaI8crlMQBOE3sgd1CIXRY692Bu5iH-RM6DEm0i07YsQ69_Mfr-43Z1YU2bzg8iDnwn6KUKA4FXVOaPPTKtYIVSCMD7ZI2hXXOwKJ0e8BIQNP_HoqmGxWtKUTvkYQ_i0Zvqja0JZN6j7kJJjHITz-7591RcbJk0UnChy4Fbe5Ry_r4fTAoG_Bfl7eyiT58iKcKjzmlRgRiniu9TyBWJbeXFwlOdUCvHb4ZTuoOn7uTRPkfavghhBZySKQ-TDFTLd7o9Nh7Lzfbf2N5N1rAW_l5YsEDnzIsF5MvB6dgDG1n9nwV2DnBmwyYchNvx1dP43VlsPk6h2_pIuGbqTlmnkSPWqWblYNVGL71rPTsLGXwHPTapXLLNQftQMzbzxhYMIsDegl4Xu3YXZH-5l_gxagL57A_gde5_zvXc3dhFZYeE8-J9zR9k56sK29KorXTzJn5ZW6j3RPGSn_GCJEZws--d2Dv5So61KouYdYOY5ZbI3wSoXNtxiYgArpR5liPAF9EdYEEhNTLYAuVNIzRtuMQFGsFiUEr1Av7-eye87L9jh2JX4dtI8GML6iKWgKkZBDYUvtgVqS0EEE1HF-x89gqzl553YkZ4EvDXwYrzmC17zdtQiHNEbc2UGRGJQVUoT7xoMW9ff-V9v1TRH5RFIfPulCc2-YLa5bmDf4jKkEIf-azucHPXdoShh9Y4T-dNzaXuPNzVjO0GgBwh86gP-ppK0pRdhQHyhNldyLqbI-4VsnuKr8d8BhVWTUxPLmJd8XtW1D8MGd9RpTjhEQMimM5bNx6CACaKXHkpJTSUHzEx1zBVpvx5Z0eHxAlcgOm2dC5gRjsBnrshOG2087-JpsMZTguYFYU9N79Li78fCLTamcVpTabdvKI94INLzTLDNylwRqdea64SeNuprsSBMyrgxzt9VNpHbJzUn9zujQK_9yMwGolA8hHaPvsD9C_xz-sKV0VykLLKlVLyL1-NMS4V6Fn2hXwQvCcgwrXoxY-WffMu7__81FR_aJetez-OpwIg6-lXJOuqbkbwqbvyzWVPxZtU_i238_72vU-PTYlyCiO16urooUJXXxs620hJIywGgpPnlhDQyp2QjYf6fCN-ygWpHXwMDwUa7J3zv6jKbbF1yqXB-AvKCcA-z_jrLUPbwYUnsPsumYlSzoyMKZpJA5duLTchbZhDjKOEYxj5gz6qz5MdxIrYopkLxxM1nnglpR2IeDKtNvHvXtqnbwNdnWc2yygBJHsdGYaWrwRcdma5626JDsLaJeq_0g7neI6GJRHBJlBO_grtQ-kZeL5J2ndTlkLt5PMZEXY3C6e-PxKXVEatvYao3HS0vT3OXBpfUBlPaT-ojsar5FBFHbCsE4AuPUmtEIfZMLoNih0bRbz514lxGVQ42EJOPE5_4UKZSjdDt0_UvuQka_wOVx3z_NPLk06YZtG1RQ88CMwcJ0fjeVQGr6p2qFXQhhZX6uwMTpI1pDRuRf4MIomAvafvBZq_H03-pyd7LTfOs4ZIhpl22RcqJEhdut0dlU2Z_W6QyhfYHJ2O8JCc8h5InWeVrpDaGX1rvxaRwCm4WhlPBtp9BVnIDyqu5_d6CFDkX-iIXqzcDdgwqBeU4DHzn36AewvPYQozQrY6ebiTrGuVphTk9y2tuPIsOHEhgAgC0xh1Ul7zzuM2xvKOuS3SbnAC9uHbVNXhnNGMvzuqbhVc-oWWPE82ZhvSI46q04ranYBn9q3BeNMwq_1hjwqdHntzHgmZVJTI3CpVpFid_xlY-twT9knjg_ilBY3cSLDcPZpNH2QynBA8SaEin6TN3217QXK4c9soKRete-kINQv5uGbGQ-TS7AcO6QsygqC1XPEI9FJEGLiBTPUgPjxkjfJxNa7yBKixDE6rRErlAbxNHLp8G4KoV8pZaS6WrHTE8SVUb7JpIhGnRrI8S18bWE5HTqdLv6-Y1RILWn1IJRU6a88JU6gsidQyoqQdAEFzYcFCP9x1k8pGw3mRXc06LAiDtem5I3XsOdZUl-05jx-cV4yUdmMbgpj6P7zq9WAPalyZs-FujHcnpczTdMDY0-loyzO61Zrobwa99TykEvRGJUXyk07912u-VXSmslxRhK8MFnJmKY1UlyjKkchez7qqsXm2DuIVxMQbvtB47E4zEEnu8ma3CqBRY9UB3BoH3osJXidglbXAMDqhik0Mama-IRvh9oKsmBM1STWdRq4iWK75_bT0F1uSLvm6yEqpBCFHhsH9Pj2itPBfky70mb5D5V2wua4Mk6lNgdNYC2EbfoERzhM-meGSjy3FPo58v2zLPQlCn4pRXi7PB9rifbpCWx_vf0xlKnRyjKootGuFRHxj4kOHtcPoibkUIaSJGGTphrso4Tz2R876GOh-qJlGy_fn5KhBmRxhUIivoax_DPB3Mmg6scArWJJNiSZ-T-_deQUo2UnQhPsrhhuKs93tQocLZtKJNwbFFF9ehwFQtqO_xOfe9hHf0I3of7c4x-mjMfsDkwoM5-ZXOLmOtezfj61Hvgm-bOxHPa_9Ynqtp_U9MgU13Uuybl8IfzrWVMoqpLaUdUKOHUE62k924a7uVgm831GQQGTr2iPDvabwZFrw0SCSfyFkH7VivWoOMoDSzam-yYzBBVNjRu_r5tdS7ISxIIfKKWL3a7z4x0xML9o3tw2IPccW0bdYBwwCq0pjQcPasxH2V7-JooXf-nlNFZuYfMATC8A1jddQsNQ4w6Wi9w&cid=CAQSTABpAlJWjiLC6cN0y6Af-KVXk8DBkmSzEAbYcieNmu4lAVz1VLLZ_paAOVfDx0eYlW3te2SyfTWQ_evKRIWjp9kxnT6cOhSshvccfd0YAQ&dv3_ver=m202307240101&rfl=https%3A%2F%2Fepicenter.bg%2F&ds=l&xdt=1&iif=1&cor=1310444133649392400&adk=2086295851&idt=197&cac=0&dtd=3

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

2823bf86a5bca2c20c28c227e9ed59739ade0918d4c76c343162b4c4d109d594

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 30 Aug 2023 13:54:21 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11942
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 5564 0
20 B 121ms
118ms Ping
image/gif 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=running&ord=2987989658751&version=m202307240101

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 30 Aug 2023 13:54:21 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 5564 0
20 B 119ms
118ms Ping
image/gif 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tlbr&ord=2987989658751&version=m202307240101&ct=77&x=1&cor=2903381711510893000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 30 Aug 2023 13:54:21 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 5564 16 KB
12 KB 55ms
55ms Script
text/javascript 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-C3QktHDPurO3fxVqwUdOHac5cnCObcb6WaiC-j_Nx95xU0r6aRcd9MUuE-J7haNVNBsoYt5hoZOJPIyJDUjaxgEL1zZx8HIM6KiPDYMlaRVNZM8E4mK3-yH4Lklyu0OmUvX9JRFgEzXLWcLQ0TIUscgQzsYqlhoZj6S4nsl0Wm9Ltj1FY&cry=1&dbm_d=AKAmf-BFoeR875eBUpOW425i2W2xNaCxo2bGhnW-n99iTLOUcDxvDq5ITwdIvEcylnAurorlYlPEfJov4qMDr1lIpXW3_syupvGp60Vvs6ZkIAU5AxlPmoZoJsFYOOMDN75TVC1ZD4FBFL1Qy8ZWTYusd66cvLOwuTsJ97NsqIbfyWDel0b5xCqk8l2MfTclkonCS4zNSqXWj11CyPD5hPG7pYYVHw1HVqL1Qku0Ndvw0DEfUITPB5GGd0S8I2DXFsXmslPqqLOrifW2ngesMNQaqwT2WhUEf0sXmg0D7Mh3zUTzQFkcWjM39PJk7J_U7PcwFvrAC_cJW5d_8DP1xmR1olWiLfMZbAdTm_GLkNnfpymh85-3OJlXlOGpHN24VpqyzmddpuKL-bSO5jewe0aZvIU1tV5AR-HWxzKlnNnCMNiQFtSiSYjkmpTiwT9XxvO6BBfUgKt7J0do3bzgb71NsD3NO6i2qWasUrcW48jS-4kb7Am9lGV7I1YqFV6hK7mkKnU2eyED1pHkmCBa2vlWP2nSCHTA8Eh-ckfFvVvMOXR9PeD14pGo-Tdj2poplXNZBMyvP88LqGOrdhzEZZ3MXvJBLVmeRVqtSL9E7tUCfKLeAvt_4c3dxzIwyidXpGeNJ0t7egI5TG22AZwmfBjcqZUdlYZyLmegLuNeIXCwD4ynxKYY68HhP9-IklIFe7eOeNvmMAZctw0u5sr-5E9YYjyiB14tl8vgY1Ee1HeSubqKotHsKYFB4SLdNUjVhloMXCpdof8d7vP7IB_-eer1gte9q3LU0cIjMjUOUI_tsZ0vjvzKVoCxqQGb9-pmo6LliSvysjQTyEvYZSyX6pHdrRM3dhq93JUP1LGEhScFVtf16Rwdm8ZcmD0ji07WQOLruFP4oB1JhZPK2OlLDsJawtmdBXfzSqVu-BgHdkxcxeX1f8HnrSF2nPCokxRYhdNntJbgPDssCwaER3AmOjljQkbXNygbOMW9-0ndJv-hJI-cFCYbxPeWpD_fxK96tkTpmUBLr-iQwGhNDfGiubc0kWOeQfw0N7bZNTgQJ4x3g-bY7AaP-rkuzoZV7oRMJhFIk7hoDPeMYIDaYuRY2E8dhN6efL67UPAe5QRUF7XtUP55tLIj49hZZtZnIHUMHIgexPujhdd2Lle47zRiXGar5LIE1ymmkaN8Zh431HwBNxkEXK9bGehNyPcl6VgFA0NZ8YylTkS5FruMgSP0D-_Gj_kwziyS8QJRVIdv8luHeBTRSrsh7b_p7yX6AyrpJRmaX9Akjswbmfvriq2xgzYQ9Zy_yuhxDA405zbLP34TVSbT3oiPrQRaJ9VayQYsVXHQDsiXfFn59xmfF2OGx9KObWUzYL4YrtwOnlu_WFxs7UieLZhaeJTkoippgwEvzcnoWqEQejqH5wTdXZwGTn9i3y7UBUiTjC5r90Zk-y0I8VuF1OU7H71DPIR12PEUuUP_Upzikcp6vpcpaGFaZefB2rUH68afAWIUaQuRR6wiob91mclkSYTdA6zf6-OWydK5JltkhjFaiddTT7C1wC_SM2rrQbdSptvcvWR5-sHj_6g25ZqE4JtE0JtLc6WS_px-iPqHBfj_LZ7by-Ti9UhntRs42DyVCP7tUpVZsoMcsuY2V7gPZQCJbUC5UgbnmjHfTs7v6biAMzCsiubKk9H6Z_G-wYQvClUaIhGHl23wGD2Vbh-p3YOXDvqRpvLhV7kwuYKl9mz0FEgLtGc0Y3UPZOGjR8bg-W-AQFO2MmaPz2tMOWW4en2tnVUkj-Mg6xXCcwSmQha9dCPJJimQwTfE9rPbSBtPvNAWa7unu8A26_riaZrUZWALdB21QWkuARANfIcEvzrbWHIhbv27HSDk8TQLBRXSyXpN3fYJLtyxoq4mW5FueVsP-vQPKMzkAdf3U1ONPc5O71-3mMb0DoBQ1bkS0NztIlRYM80Ke0NBgj5meJcPvTCst-Sp9kTXYVLUV0o1kli3H-XL3UiFIs85GBraVA0OYE68dEpLOzJa0AmEAjAkJY1ALkO24-zSrFFr0QSrY3JQXFNWu0YQjkP6txkI-nozXT-8wv8Qq2TlANufYlSIrlG_ubxseNM5ywDXSHrLSD0FeadLkGLXxjCK6GmL3jYJG4Dmiz3ojONmzFDSd5RBYdUbDIzruqlViu-9n9flKS37KyCuxi8KHqsTkGKqoaegDGk0-oqg3TvGCfvQnTyKmgHOCk-3kPFLX-_dRFP__Wy7UbgoPkCQio5Qr-pq-6t2ldsfQiOk-XbMH09ijVOgTqgjGVXyc1lYYWy1SJFL_vJaqpb48Y5_xd21C3PYZhtWHPxPTLqz12fxVXQoie5scUTh00hOWBqCC_4UjuUzc6JAG-9JEAEaJYijuLSKchw0aVv0sXlp7_YlVO85k2X0YHlmGtX4wOSo4_3Vl-Ja9X3ekbnI0qvh6lDgwNrorsbvXfLqXOLtTPS-EtqsBZ3whZRF2GfL5hTYstgtkAw2NAF4oB--EgGIjQ5XE2qGmqqYpu9rSml6M9_MqPRs3OHCfjvPllllKDH8In2F5tu5VivUeRSIzMBoYG6Om3OxnfUEcu7RI0io_T0ukTipekYyz1OpjKGjrJDUM1z3YvaGXXzo1SXBpipS1-Q2t4S-a3pTLgbmWsfMvHf5L7aEy8cDPKg3YKd9ye6x2kYcoRBaWnZr5jHiJRjeCO13kDKdagZ9VDjKN_sHNdYLSFHaPmwJhgB21smHiZauhvvS5C6xGig2NgyFhVxV3vvOEL5j18AmDVzPxCuT2cSNbc-bVn_AD-hoYdGsNlP9mw5GBDBu4fHjF-zYx1699ZddaxM2paZk0bpsr4kRDGwa6AfRz_0UbR411NZr-9h9OQt6SVUu_bf3TF9nLfL4WZ-M46YeD1GY-kDtb7QoSe_kYbOi2Sdy_CqG7p9mLeLfVHr7CDZ3ujRH-wFhtjcC-ovl5VOQ8kUYKnzEUZhY7dmK5oicA3tGtlpkqk4QX25D6zJnuWjFbuSIbmOg77Wo1Ut-zgJXLMPxgqD1sTAiYT7_-GThf1dIQKHXFaW_7ZPuyjRqUy_uQjsRbox2oPxs6i39XMs-_aRxOHUXIy0rSJl6PeUl9UjVF2E8WUVKeS04B309uRG_jgFQG0zwtZKgBV0l-6Vthk6Mk179rTiHxZn_pywHbvR9areYiR38cYkxT-mCeLz1navXnGdzDOc0Ua2k9rH-Hyiy2Wqqf6HHEyt7zroV-Qd0GzWWkzgYtp_dyhM3tZOkRWB2jEk0TzorrnljnCpXQ6kvDD2shaOoXLuJ3vsBQYzKyvReH-VsSWvahOb1W4M76KYITlqwlsnU9hL1WU5nutNyOehV5R7Drd0iRoeDSx8Fi233fOCTRJjQPC6dqb-2OMzF0Qhd2Hr4xJuyU91FI5TdBeqx7U11EvvPd0hHJOPZKsMkZKoabo-K63sWMNYwE0fYTYPBCol7akLH_-ZY8F5A6eimRp75qDuplg6ueh4NXSEFl8zbJQUyeV8iArXgfrJOe5POoEjn2pRPGp6sz1oZT_RvsnOHEFBiq0U1DuZqJ7_AxewlO_6ukUJeoVcbqWiuO6t4JlHWdSHwpBADJOaXXRtUhq-MUpKg5n1e1YZirAlQzuRXQQiFBGZpNTeGww302tXwiGMqs9Id-3KoW4bkEL1Cwtb5zDrv0XscbVIOJeQi9NqgP4f_MCyTlpiY6wNlR9PTua0riCqZg8zCmxfhwlLd8cckDZ_oWTf7aKUwidatLV2q07eMrjosOMEYktE8_Ek2nuTWIgj4C-i1jNnWLG740e8EwVpUFPDDh0gAMNZWnFXf-Qk00rehlr6sXDUcgRt9q3PfYZkmrb7kccUU-siEg9fdhg6MmcSPVNNs6hn7nRC-dbV753UsXtqSU2RIJvu1FORxyvH-cLZKCK3Mfj4iPd7bzKlt5o1nO5E1QUHeayfDjpOpi4eFf-byzv6GwLj3kk0Ot_fOynixEEvKFnVSjL0EES_lr0CtSWRiTcE&cid=CAQSTABpAlJWjiLC6cN0y6Af-KVXk8DBkmSzEAbYcieNmu4lAVz1VLLZ_paAOVfDx0eYlW3te2SyfTWQ_evKRIWjp9kxnT6cOhSshvccfd0YAQ&dv3_ver=m202307240101&rfl=https%3A%2F%2Fepicenter.bg%2F&ds=l&xdt=1&iif=1&cor=2903381711510893000&adk=3037181500&idt=167&cac=0&dtd=3

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

efdfe88b7b0800e9267f59fec7f7b10481d7d52967316df2aa32f12b0403afeb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 30 Aug 2023 13:54:21 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11908
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame A54E 0
20 B 118ms
118ms Ping
image/gif 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=running&ord=9002081185234&version=m202307240101

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 30 Aug 2023 13:54:21 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame A54E 0
20 B 119ms
119ms Ping
image/gif 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tlbr&ord=9002081185234&version=m202307240101&ct=77&x=1&cor=5985497211662203000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 30 Aug 2023 13:54:21 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame A54E 15 KB
11 KB 55ms
54ms Script
text/javascript 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-BYCNgm0wuBDeao07xgLNWe6A3H1G2nYlj3uk5H2Nd_4zPugeBzpMaHBYDrREHC4LVlSndyJXfO8uc9wTYdqmJmuSU21TiQCv1tyWL5esqSrU9ujNSB4c5zO6PQc051F-lKUKslgc4elQTnXcmfu9JGmBAozpuRXPD3FDza7PWrIICQM90&cry=1&dbm_d=AKAmf-CqqrzsYMdrT-4muYm5ozFjnMroeXi0g_f49Lx9ezR24155rQUPEDnc0l9iYLqY_H5cCMMZ-AA8408vufJlcA9TsHU4ZGRJ-LzmoSd_3mSn8gUWUfRooGcWh7MjPindUioqxus5n8ArltM-PUm4q5C4Du8XWmGd7gCTYz4Y0-2TV4vJmD9f7H537vTlBTYBVBqaXs60rm79VshVah0Pxhx55wM8gJ1ZtEXxnXO5B6-IsYWl9thj_hYSB-xwCkYKjYV8jqtx3_WGQQD1CoRtba0PVvqdK9H4IdOEXBqHae3hQP2PoJjKiGNs2fpO2hWKmN-dJNS-qDJRAtVe61r_-wIDwiwnW2Y5V3ha1cpKe2NqBgUXCwHzGmSOXEeVoCD1Jw5qIW09OphV1E4eIVgYhGA3XRBP3a9d1GBI90U80CNM7qnggS_GVWY-GAPvH4hDPhkdDjqgDAxyIjja5iC-SdusclyCT2GwKbu7tFg9f2UNMtEOPbLUjxKD1g9zr1bAc_kGbBiKo8RmkkBt80zXLREMQyou5UcXHec4FLF2ziusSsnTvYnExUf1llUKTiBRpwFy7ZahqfdJSxrLLtly-kmNpdKy0BGuwOSwmZXWyEA9YTEhY0ByFxdYLRbq62gM-30AD4NubVXsiRcGGpwMkoWGKz99-XNJhdXPaa_GyBU1n4NlXlEIurnEf7HnFI6W9W2md3VcsKcZ5cFXuwlETGbm3JvKW3ylseUPJSitAfl9IPmucnUg7ybmssaAgv7sRhBVsyhMIO1V2K00Nt57KC21VIxrBxUSIxyI7PdWb5W196oXjRAqK7rgbOaiSIaZGET_HZv3_pNLYfxGPERcRygG3qSXS49SuhQyaJ5ChlGrlokldsEMr1Glik0erv1rQDtOufORyEbcsjyxt8eiwdrjwPLTxEjk7sd6jCgfBEi_OFgbin9iMT48Uy5hS6vq1d0Gl_8hc7bvyJDKboTE7JxZsDmmdxcoDgYep0EJhNFYknGN77odXsLCZi1QJMkGtgPQPScFCxEeWkGM5r2Z6Ir_dizrO6EjS3eR_77hhMZrGaIGutsdqiXltqFEA3RMK1Rs7fKF0LKlE5SEfPlRoUGwk52Nzko0Wy7IwDJBvrfKmzh85PzHobUyD1zndoA6dVHUAnKWtHFY0zfsHS2ZqmWkZc99H3UZOPx4UtGWmL5NKCsqTuV9p96LH8t11qCQ7xUCWq5ZVkK_8BL2l4SDOUudDOyHWh-f5o5t-gTJN0wuB0U1NFpsQylmOmrjT1NKlAM-zRUeZfEVzBYlh0lHZK8kJJUThSSdBzdbHx22WEwAKhH1H2YV9ytNPciwpjf2vu-rkod1CeS3qvSERjsVOn4TmZZTM3wti8CMCZlu-ekJV_1M_1j_IdxgdItauyxJWR-BOsjg-g4g50CqH_fIgu9didRM6ijHAXtnMITMb87PIM7xNPsNYjOEVcbD_WOWVND-ZKg_KdisIR7l-LqcwGb8Ce38vltaEwuLB1RmNdAguP3-xix_bZPd_kG7oIGZiKXBmeTAkAuBUH6y5wIkRcO2Ps4-RX9hvOxSXEVDNBWlzmWPhUNvJjhogrQFlIgfEoOb75C5d5JHbB5KSgrT9lRtakS3JIf5J_x_DOOvFu8jkutAGwvUo1XyqgfwA5E3LfPoqgdYxEe0c_qGykqDjGmHadm-fNc9EylaLgFqBJwedkjSkyMkXV4191HC6Vo6TIF32rNW1_AcA1ZXCGnWgOljF6XCmBWX6vutm23_pjDiCTCV-rddhRwzmJshC5tmvsOMXeCWFlP6ruCE-um18ufiFgtLTfIYn6aLnEBTLyNikolD5bxp3fAy5JyyB3I3Vz0k9vlgbrigjFXBXgDYi9LRlBX6JFguNaMJhv-MDjH-mx8kDxcW0gzxYs5DQsphcQBTt9DE_ELTk2isp_H_qE3PXGBqYXS1RcBT5GxAVSDLceLGhJY_aYAoJcd07dLgTsAKBBJpcPxFX2mJTtCSLVMjR5sQKUEXy4CvSZ8pSWJoCPT_uplmZNkHtLl6SZJQZkLnZW8i7X_V5yYGPCd6VUDT8PFOUn2I1hJKRFuDGD6v63ollxWtmlGdwtIMN9FemxmnUoeTMAB0a0HWQby1DdqDw0Qw8b5jGpSOz568SMditjEzlcjyt3FtEJmkKVB8CQZcF6T3HDcV1MtaXHxFRTzb6vtnzeWYHHVbTwvU2cncj2ttFC99v3eLQGZ85U7ZMMHMIs6PEkNo8p5INf5haXwqXNYuXjje75qJ7_S5QjigJht7Uni4UXclfKtR6N9WfL89L21pV-fEkEFSYhjLs5sN4MF9j8ZKTGjOKjHzH7ZYKbHkMN7U1Tn3jGXDuG4sP87ucdH-Bsa11XKK5qWBxHH5pamWvY88A7UBuBhxAp1WDb5ltZCONB1MD3WkQsnNhCzt-Fkg_AJqrZghybePUdC7qqUT_s2akNkjk2MN0wHYmoRNN92AmBgwgYB1il4F2ovNJSzEZqw6SY40EZvDKGHdmDfqqEUR8uLTLvA6QRaJnkbMDvLtfFxrrOcKQYdGu0FpcoufAtU4YEKKH2-YS7BlQ4oCCAhgn8Zg81QRIvmBj3VXNZAOk1iyf1yXs2jKYY41n01swk3MUZA6rrMAfTYeEiHqQsQr1Ydx9pOkL3-ugUNxfGtdEcHDpR8qODzW0Cnh8psJjKdLPUGb2RiXfL83Omn743bQ66iQk0T7IxLAOSZLxBeIk6R22Qiv38sL09xYbBVeA1UT4doY2GROY9Mj2WP2XFIxo85tgHshL74mdK8O7meH_nCVhQ522g8nkNXQpSJ_GtGV-DGdtRHxpct8Q60xIe8S9Y99W6truPAT5C6ZPgKp9sWcPGaLFz_fY96ZhvlqucbtYChLeBlPGeuTQ60pU4EWWpcZqPGEZLMVCt7Jo_zbXmwCJFX-WUlJDKvjHr-Zv1-6_U9eyJpn1oPh1QokoVpbPnZGwnEA9tTIMQ6CQTvZCDiTj7gljCVL7OxazUmkzFcdMSVooT2vALAIcocBQi2UfJ4qsp_yTgBQy5mvs7upsRwqE5v7-YUu2yPHtd3swetlA8ipABOtgnWZZnnVmi2YSe2hbN4kRmL8PpFtOC24vlNaMRbSDdOFA2W_6W1NVXlakEu7_aYEtB2cHTecVMUzkfg0cJvvbsU-3Z4R2PmhLvF2hgKaycTFYYluveHDv36w3LsYl64LQBePzrnA7BJLsqnIn_M4gznvdzLn9zXnKu0WBXZxD2f3aAQp0928Hc1Nm4fNgU-hTi7f5REQnO_VhlPj4dMv4Dswjq6asDiScy9AZXauHUl17hxVXoh61z54LbttCoJsB0rAb4HiFW0B3_wHiYQ4-hdmD1_HXuGZsoqMXyFt7Snb8icEoZ1gi-xzA_eB188fHAUx9P5N2LKw9tHxO5KpzHYaWTC2rce3Aa16Gkq1oJM7-e0q66MhhsP-_ZTboh8RQNwSPX1xQEAbpIoK0yKgTrz3H9ybKY3kimAehiqXS-RvIehqqm2d9QNYqA6sxA5q7wxLBMKnX40NJbMnA4-dYH1b6Gu9rPKU-5D1j_sXf_dC63c5ykohI7MwBLPDA5byT-L6aGUaHaK0GMTcCJrz8sere1vJ_23CUVUdosE0famiSsAYCHVi7iYfB9syGy9yL3E0MJDt9Wri1peGhuluwhIMQY6NbFexFEITmwPqIpD_SMOIjLII5Rtj5Ir_5tQX3Ahlz_47Fmo_glQYgtzEZNRwReXbc_-AR-G2ECecfxy3DJKSpq3cVZIXRaeyBJjZuHh1A_TL-k3Q3ZDRPyobakPVwDWG_ls4RpWJ3GzYI6BtHyRWgiJoQj0ceGCMvHhAKUC82SNbdIO9U3D4-7Z3DtHIJBlXXXNQJwS54K9OMv6gV60KTbujA7E82DCR-GvevHTX4By-DnAh3ZItQsdwiXjeV6n346p5yW0HNtn11Y6qOwTUBVIz0MGPjBQ0WYezbh3Le20KhtYMy8lMEx7UouF6xeSy2jk&cid=CAQSTABpAlJWjiLC6cN0y6Af-KVXk8DBkmSzEAbYcieNmu4lAVz1VLLZ_paAOVfDx0eYlW3te2SyfTWQ_evKRIWjp9kxnT6cOhSshvccfd0YAQ&dv3_ver=m202307240101&rfl=https%3A%2F%2Fepicenter.bg%2F&ds=l&xdt=1&iif=1&cor=5985497211662203000&adk=3690638929&idt=178&cac=0&dtd=3

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0a9327fdebcd4d96d2be40c59dcd4d6e925339da8d8a56d87146936fb8702a25

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 30 Aug 2023 13:54:21 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11748
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame EAC8 0
20 B 124ms
124ms Ping
image/gif 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=running&ord=3846498016862&version=m202307240101

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 30 Aug 2023 13:54:21 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame EAC8 0
20 B 123ms
121ms Ping
image/gif 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tlbr&ord=3846498016862&version=m202307240101&ct=77&x=1&cor=3826551579037500400

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 30 Aug 2023 13:54:21 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame EAC8 16 KB
12 KB 64ms
62ms Script
text/javascript 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-BWciKSSr-2mp4tTJozJ_AM6KfGX1iM5wtAJEPSnZo4ChIzc9tJBBTZlect5MUuUwX1J6239tLSciGEs1l_w_dIZSC6xJESI-QOZcUNE0gpBEjYuxIt8LHpD3LXpyhEmbTxXVjKxxcaE5HdqwiVFZZOZtUxKzdR9puLSdfwmIPwCJDa1ZU&cry=1&dbm_d=AKAmf-CAP6mqtKH_JFKrb90mAdbD-RbM90GlSN4QdNRv8bi07JPM4B4H48dT64Di04tq_NjZlHJl8bBsrO7gA7NrCKvE-ZSDUELVyUZPvLvFA4-ht7rrmR-NeyD5Q6wA_tpax2HoVgDiZOgbM534jINeRDFtCZzrQJOuqy8LBVdNvFivUGaUlKBhfg_u0R1cKFPRJQuHNcfMumBr6EYJNR2p1EYFscL6coltvrI1M4jdQzg5IS3Uc60tM6ZME298CR9ErsclDTVliXNJmTI724yVq573JVOCYd-keWKkV0-QwoyESIzhdClZdorSIg9waC4fbU1-WQec4R7uldI3D0YRBWxSvpTdAy8g25M7STPZiVb6aq3-VgnCLoj9IffdBSRWmLzQiIacBjcZPKXqc3awh_Wqghc_gN-_JFb8touwEHYUpEmf1VR4spnf4AM-Xf3Y-m7A6GFF8T9fBkF9EZTBj8MRQU6LTdzRB91QC-F24fajAAtA_EL4mKrVFfDu8cdYK5S8jsMMqXL9Tb4PDmuPJ3cFcskIga-X4VhBD-a_4Xnk8sVq8YUAWSYbSh5CWs4TnvtwVY2kROFVveuBx0wXso1WVXo72nJsXj5VSzUdi-g-UML6G7ZAZxMUJwR0s2AGkentAp4sJcilZgRVbCW2ezK3czxhS8DUyeji3Yc2PimpELSVB4b0fliMUcTP3bDLuIyYISmq_APHPueCKU4UkHlbLjP3KnxU31vrMzJZ6ZjMXXu_kKEBxTbqtI-E_SH6nCrW_yRkOggdZ0MXpOjbYpFuemb7y7QOeBhVfe4g9GGdUO4MDHKhvTqlQFvxnk6pmdPsZ_EgyStReoRuzxhUYT7mFtuibQct8EKYU_A6zNcU7UHks-lV8POJB9UytVkyvPh5h-5qv3A2VODXyHKQQ_XweWQRVyUQUHXY-o9K5ZZvkqJdUHE9vIrQ5vAMaAnrF2qJp4zyQvmYXof_0B4lXbnQh4ogKG6OmwZ3CNPCYVSj0rb5p3UqUFOd095vN2ccTwo1I734MBmL-QbmGG9wESKlRK0JRomh5aCyqCOtA4go7wnK6bXpB36ls8wQfPMsWKmm8IB8QnYaJT-ZutwGdLbOK6rdj7eh70fXIRq-tML1WUwgzeFfU_0JqQo1ZRRBppGlA439FzfVwzZj8lDds3lmOypYlgCZ50ZOUQ9C5uU6LMTd-TRuvZvva9wzbdSdghnvV-6a7MZWwRSC0EtmwqoXe14IN_P7GvcnAnqS7mv61FnJUX29btEh60xg_ccJ9jNeAbdxVjWqkHlHGIn9EG0nIAHHs0qv9LorvjHsJ4hJyYqqNYnlXFEg2XOEVgYRUOYYD0zagWHpWYRgNiBGuHzNlGObHvqsVa__5ewI-ZPaYhITthxUQUXJYphhW7otBvpQINd0U382QolwT40rMFuQP3sfitPITSD5imyZH2z7pO_w7jV60Xhf2CLZdmuP5MSSOaMhZDMKtqdqxMfHYlzrCisr-HcyiUHJyv_0ocNWeLsdJyxlm7WIQb7k8XyWBTXC6bD5-JKjXzOvz4U-JzPLuX5F5az5SP_iyPEj8MZDAQjHm1pYnSDTfr-ut3BrnfuPSPp7xr7wM-UYoeeZQYtjXaapAELgmL0bJAJyxt0tM0Vr0rMAgRvOBm36_rueZ5ogttkXQMr4-UOg64ckyNlW2hzx-BGzpn52_JgElTmStV6-TGOpjIWhz99wSuWtfT5V3JvVhkMPYYNnFO8vBKjlZpugdeSP03XbPxDUAKYjesrw5Jnajshi-EzgaSCFJNeoUIcV-7v5ZIHZSdAtBrKEFa9Lw_Ua0NHUuIJBluSn5ksYMz4ndVgDlorLuYKjMOsN-2nN9lejh9WnRLzPmN1Gc_lk5MM03-7maaHDJf-dTn6V_BR6PmhZuZkrI1Oed41uagKDiTA5BZIqCDSw64dscVf4dFbm4jwtHtfnvzbcHj3dH3qT75OPqrrcTCJicFcFvuibbd5O05mNBb858gLxS6yi3CUqKppxlKVSlR7WtoVqLdQm_moj23-vuY7J8OpQZtuUYBWozMAM1VIEhfJ4LU3cirzJQ0lAIIm9Fa9AEFBeVHnznI0wsUoir84E6Tmz56lmIUfUaNd6Z_BFsBfxBVSU-Z9qH7hAPzv41ww9IkgIfjlnIZMHjSdDkBedisY0CibkKOE_d4rmzbw3IcNOnT_ayFrie4jTOjoMT3VAUKQBdOVx03QuZiV8zHsL_Amazu4k_AozngY2aF9MacHLA8nENL0ZzzFg7C886o2eqe-fA3cbZixB0WPQ8n9qr9wBIAY6EeC45GI-KVaev8K4eHhtDyOF9nBXPTkIWmTJEEGoqnOARjRggL2CzJNuPSjB412R35LwlcCxBUlY0FNWhtW0oEYQ441BtPBRAvKbUtVXa4K4SSHin2EgiTg82ev1xmfhtsC-DiZZrWfAgoy5BfG3ImJvWf1uXipAzpPKorsIHzLPjQ_1Ju4Y0r0c-s0qgOySIIuIFBcVLKMYxMPoQ8REFOVJo3MQUw9HKjT8CIOYFFw_DMgE4J16XK5dj_AuxYPJdTo7uX3KnWisey0RpjpmP6Bc58I3XrVhf__io98wNYmFw8iGbgCYQNN4uYg7zqs_TKyZNjBPgzro3DP4Vs5c-pnz8DgxOqoJME0n11QN-ZdsJ3cq6Bf2sYmdzxQECDut907OxdbWmxvEhXT5slw5RUWONav5ShdOgoXohwBKGRPbBbA0dXwL-GX4bsjZtJ6f0n3XM03X4pOOytvJ9CkaXFh7x1vg_d2u4nUGN2xpfsIZXmNKhL1ryrXzYpAA1u4oIAe1ygcTKe07NI9I6-045Dw7NY5364yleLak0GdWQbmjeuCjz6KIVujF4WFjAdy4E4xkfoA6pGiyTH4b_Qd4LhP8Sk5Vi810vimAMB7Nl0z6MO2m6uKVoIiT6bTaNvVVBgYdwlGcd2_Argq7M63Pb6Nisi1Qyl3sV-q9bb8aKRBuTrDE0nusqw_f0MZHG49CkP7_M3zYjzS6qJ-QV-BJck3OA-ZDaDlN6X4CpkW7eCkCDhJ4rgGYMZPSuhGktvNkv-d6TuuS_MKkMdB6l2_8YfebFwgbZmVr2LM1PaOQlA2g63GoPq4CO0YMcAsbfn-ThwrFkZHnMG6KLRsU_oR7HJ1lFYALUPA71ENBWLrEm10difg-GRhI_PwcUOWOGTsBJBs1gls3oeWMYBnXApZjRtVkhB-qsuuIiL209ckgOU6dLWrPBxuzWkU-F1z5HBTsGQcJo7uGajxzOIoJJFRZ98dmEQtSwCDQmg8Qg7lP_6_cmDWKZLdM6CSvn4MAzw69jHUB8tKOlAWkOJoAzom1puklc1q0mHqgiIJ0cZ9CQppX5OGgwa3tHvIt8DTh6bmjletmOM1tUrFZgqPWENrSrFf0mnPUwgl4XkE1aEmQ1C9OTkrVVxUDB9gqteLq_SMWZ0DcYYb5x3EMguKbbKIf9dKu8xuMBr5umorRK7__ZZFJ7wEKni_oFhvSIKFTMyUn2M1d2hjde73vw0vWxPfcsdV93K2jHDqPlHUnHy_PwoBcICL3JRHjrvQfA0-3EAts1oZvlY6nQVBSWtqR1e5xBBO9L5GuUUyLfmv5l72HZMxP18-kCm4B7QXuiUXdwHTaF1Tb1pKgU5XAzA76sUiWRwT5xNm1Gs2HZm-y1v1vlXmNMxJpfIAuOme84Gkv6qRGD-aS1fY-t4x_m6PuzLAc3zIcX0azMc0vBP9U1yfk1yNTbGpNF16jdlxNsWx7c5FgH_l9AeswaOyAiT_i0bfglPBD4gHZCspPR7t980fFZ8pSyjnUfRkvaOFMXuojr9wMz1tRXD8qWCe4CgrYt5_6fQdOKt-VApofAsdEreeosHF16oazQmoThIHnC3OrVWxSWMutNIfy7jdx_yaBXNM0E0roo-2KdrhFOxXtz9RoEMALpyTI5b1ejbUE2uIJCCRIOxPHcdlyggOoYlL2XGwMp4epZunodXNo_DV9uHoiZbM&cid=CAQSTABpAlJWjiLC6cN0y6Af-KVXk8DBkmSzEAbYcieNmu4lAVz1VLLZ_paAOVfDx0eYlW3te2SyfTWQ_evKRIWjp9kxnT6cOhSshvccfd0YAQ&dv3_ver=m202307240101&rfl=https%3A%2F%2Fepicenter.bg%2F&ds=l&xdt=1&iif=1&cor=3826551579037500400&adk=3944675600&idt=198&cac=0&dtd=4

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c274c9b4144c012cb9201eec2802ff19c9eead2511699aea87a5107097897818

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 30 Aug 2023 13:54:21 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11825
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 05AB 0
20 B 119ms
119ms Ping
image/gif 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=running&ord=3979311007278&version=m202307240101

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 30 Aug 2023 13:54:21 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 05AB 0
20 B 120ms
120ms Ping
image/gif 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tlbr&ord=3979311007278&version=m202307240101&ct=77&x=1&cor=10817292458346824000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 30 Aug 2023 13:54:21 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 05AB 16 KB
12 KB 60ms
59ms Script
text/javascript 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-AFCt_Hs_EHqRpUftzhzdRJE3DGPV9Egl2inxaDr3cc0yXAgwzB7957j5GaCt3y1XjoEQ5gzF44Og9FHU02OFwYJiQS2J1WSQMIBQMwHfdb3Kn220DcvH4oPT2xXO8kBgasHLbc9mxabgKfvGF_QP1RPV_DbA8af-DjTm3a99cEkntIDhY&cry=1&dbm_d=AKAmf-ByQVsvHhEy-McmULChF4jyN8s7o7nD7MZ6fgFzs1J8yMBALuV41Wz_Erg7KLTCQg_Cgleo-59rTp5Abzlb5Wn1CLvH9zHXPxT2p02KMKKaWn7UGM2gFO3lwTRsEAfNsEfo2a4Dvw-HyfghcrwICwlPuYVLh11yMx772RtI2CiTHUNwuxS3P6V8UaA6in0Wdk84jWE0bbsFpzqTLYkgN9iL92RKzkNS0HO6wLoW_-1kSFfLcgq61s1hd81-rRjfq5GhIQWrXC-8afytxSAre8bRBBekVk8CeRXTiQW-WQnG52wpeb0CqHeVNiOOfqk2E_OYyoO0QjSObxUWgtBbVlGgvSvtSgkbrsnzMXfkr2EaKxu_rnpnNDGcJgi7fAG27445nHGTpvYnM7ihWs5WPPHe5YlPqcbxP8qUS6GqJUab4-gnh6zLiXVTbG4nPXmVopJH9cRgvmhtSHljcAMDbEkb9zE9GQF-eC0AdsfiCjdG1v_PoMo6f2A9rWqVtYXLSz4AMEx7JgNkZfdmwc5lDh61aqKltKynYmcGQwzYM-ZaL6AlQ2oXA25kkNUn_6jPoZLGNIyK9gcfuCaZEp84Y1z8CKRpzC-TZKZ5jx902OvPdFP-wOPd5xYq0Xltlxjb5P6KlUDLXNJAVBeTmNG_of6vsp9VB5M3JRE9sMSHwmO4W6xPTEO4RajiDzohLk2gRs1MMR71L7TTfTxCCcK0qI7Y1r31vy-w2nzrMQ-gBKBGUNVsOpN7SyZIYdhSt9sGCeZx3bptNMR799hrTqwvsKRpEvAI6BtM6MUgGAKStm4-NNiTorFEPmkyBpdOUWw5YTYQMJASYCg9WSaeNvwot6o1qaqGUQn_weItPiSIhQR7IFBnN4lhe6V4M8kpyp9JGpVzP0UBbcI_RGNlgskF-tZDAbyY0GOYSSpTWtBVcHBM9_hJskJc8OFMaFpxWlu6w3NNT5Vz-NWvgvLL_zTxkaSELUilTAbMQTlhAmePyzKyl8DEueAYBecq4Liyxel6zIn2AKvLyqUi7ofDDR6mooXu9snRqvLbifDniRzGjDkszw9BrwSwxJH3AlHetL_BvPUS7UrJWBB1_6ieaWnqtymoIN8PKQBT362cq4f-NZAPDmj-hr5QYBzttlv-rGCwKRBCbwl2xJcFR9poSwtHUCRBoNkXYLcPffWDY2hqEJ3ujB0YtMQZsCsEh3XGAkJlN2Al3cUYMAaOR3sHNxHSBZhbu2fguDLjMwnP9kPcduHwnQjYcvJO-1TeQO3KrOlgiL3XHLRM7cE1Zfh06yfVzvKa7kTqooI3913tXBME-YaX9yAVkwYJlAbPpsktPCfXzk3oEIkR03rrJPZ7qbLXWX6u_xe3P99zrnMdQYIkv5EZvX7HoegSmTlrQmuGiZ5eoTGrBi3lZk8lP1gfGayS-054T5Qgh-4kg00L4QN8hjggedvc1IMZBI0SEOXOxp-b-lRu5H3zaDDiWCKew8Ng4-nylT7XUeLGoqNy5f2QmEUY6Ak8aYrc2e3Pbn7GPccqG7LxWKX6yA2AXgSVghwsk6IWCKfCfASW4D1JbY6NVLaaq6Nx9pfGBNzSTrVg57YQPsoSeCd5GFHIDcmhAuYRDZy70KGguPDGXUAze9Niv2xQ0HSKo5DYoGzoK1XS2grJ8mUA0knSyB-53tKNmgNokjSivw15LW201CWUBmQJRIXq9Bmyz1RkBn_IVmD-7wSK9UowLcsO85rgjeXXXuceupfqBX9i7YH8Og6FDjxPviQu0TDE-OxkS5bX4sNDj6M0Hkhm-Q1CRj_nh95brtxU0V5VxttSI1RzDOKqZL0erTTa4loz1Tkos8e-KH2fwBcl-DSBgpY6Z9SVJSAl3sQrjbcyLypeSeg91qb1WLia0bA_u0UvVKvq2eaus9Mijfaiz0SRE5bnYjgRnO-Z4P4qx7EHScJHVjIvORqApldEdNuSol6uO9O9XmwWaFgTqkk0bEKxCfTp_G4cID2yNgHyy00no4N8m19AuRJPsdzPCLBDpM5dmw4NaYkl5gjuh5onnd7onaw2deprhrQVEGJmDJyRf5ZokdNMLBlygMlVTkVxOHKW_tbwRGqcZbeTXZ5qo80BHqktdSRPESYulzHDgjD_dpVbezcyEd7riWcgfL7ELYXsD4-hGeysJrwc7x_uDJ4nBQ4lW1ThNcCi094SFcEOFnqZ4eixCoFZjVrprAS4oBjBO-bzxO4yvxaOH0BWXBrLz1OX51qQnt4yuF-qvoS2ZUvoK6sPJSlSKYi2b4ulSiivFHz13UuOjiMxDbaFb_M4bKT0vWfd6WQ_fQnTmxthPdlYH1U4UdKaoX1r8B4SeEI8QtlLnNcyFRrqj785rvUYOvSgo8e3M0xUW93jzz3yrtOsF_uqqG1zlvksM3bo2y3P3A8ibcNVGUxilp5b8tiXnnu5xHnBu1h9gf9py5bc6mHaq_TfZjWv0InayFsO8EtpHWPqyuibfxfr9zcU8E6gA5kUBED-b_nnbRTJ_bcarlPyC4lAyq9dn_Al7coKNk6Q4kn0ePwSjPpL0U_Ulzod_KhWGFWoNGS431lHGHpngIOTxYqlTKsMPHmJC-kspqPeDN28RIItg0cFHINyIGymHe9mcEkzzZwgoY9g65UsSYrpZD-oshGs7Qi8P3Qp5FctjnrX35OeqlMnvIbXcGFcPB6PuQQXI4pZEMBCkEJ0uQ-EUVTFHOjplPwB_s0Yh3pBTgyYRaMtQU-WYOulRhMNkAJKQIHGT4Q8bwol90KAvft43FFnVlGVeJ_k6czKmlzGEapy0o07TPxyg2eOwjJi6bxrabzzM84elPlsbYRuoN7jD-BqGRQsms3oQk62kb21TwwniLSl1ydxegldZuBDp6ixfSOrWy-Y8doJC1-yI65zPgePWD2zBIcQmYwQHVez4FPLJKETYz27udYL8lSk1jWOCSy9U2Wenvb1cO7xNNoSV_2Y2t1kCWk6K2soIxnUnWCbU8D56D1LkdaqLF5CPSRh-aWN-4fLcnfU2qa_52WAXOfVufzU9vURz-uVFHlqYaEfgoADPnnFnGEhB41h_d-yfPjyUrthe1BtFGhHIQ5opv5gIudggZIdaAhpTJ6yZSuHdk_yyxeX4-imPGlqvx-GVRWNX_CGo0lQpBi7uCBdHQtzMRrSU8XBi7iPa74TiYVfGHr6GwGm3v1VDF8HjiUUbJItBVIRofFdLl21k1L0gTONgkDe23wiSMRUaoBbicaxzRw4_ZRqmCfjaZsb13PSn2pStknppokYvTmnTr1m7dpanBUnegKcn4_aEWRuMRDRfHRFEwnG4PGDb9Ni3RJZKvB_2m2_akyJORWF7FJq5mPO9pbYw1pbEr7oXeGygBb2Ao94lOo7d0m5Zb1fP3yv_sWq-7TVE7qjFdidYJwWQ-E6hYRBdUEXDYraelJWcp3XCPlJHUG3x3cfdIItEEWb0XFhzpDXqt9_Yhwlii8l_gPCYrVXEG3BF067SNl-gEZdlCzCPoaahrIWqad5s5HlwXF-VEVeIAl48G2_F3BBrP-enEyxn7iwgd93pUgOXqTZFY5VExLMqUrOw19YbXLVTD8Wu1ZbY7gEzzoMhYIQ0sZHCO3MQ1ex36KTGXiq9chBWHVHW1UWYnXRf1Eo-XQh2t1lRPlQ7_T50WRVRFxg9zdocC0_wIOpu-mGxwzRNfWF2IQz1e64dl2RlKGh_frKp2SemzH5Jn9Znz-pUuIrvzqLNbq2JOiqaaAYEN7MigajTWlrDoT-4uxMgLhgBmc8B3x2CNUWfOLnvlckAMkhomePNwj28xer1QEWjexgvIAobeM_GbiU5MyhJRofoAvp-OonLS3672LaRaChv1CVQGAS-jqpSc9DLwblU_H7Hg6KujQD_2AnTpijoO4Fg0sY1YVzMs9_x_zjKcz0qzbclThPN8WQM4S4CUfaTZ0tRczgzDKXBT3VZZ9tJZJJ3rwbOjjI8Pe6Iyzv-JeDXd46kQaVWHsDU-WLErw9zu4rf6o&cid=CAQSTABpAlJWjiLC6cN0y6Af-KVXk8DBkmSzEAbYcieNmu4lAVz1VLLZ_paAOVfDx0eYlW3te2SyfTWQ_evKRIWjp9kxnT6cOhSshvccfd0YAQ&dv3_ver=m202307240101&rfl=https%3A%2F%2Fepicenter.bg%2F&ds=l&xdt=1&iif=1&cor=10817292458346824000&adk=2857193498&idt=231&cac=0&dtd=27

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

148b946c3c39e33522973a57e142448ee24b0ad585df4cf6ffb0085c76a18bfd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 30 Aug 2023 13:54:21 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11898
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 9E07 0
20 B 120ms
120ms Ping
image/gif 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=running&ord=8472837299605&version=m202307240101

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 30 Aug 2023 13:54:21 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 9E07 0
20 B 119ms
118ms Ping
image/gif 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tlbr&ord=8472837299605&version=m202307240101&ct=77&x=1&cor=5322491079958603000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 30 Aug 2023 13:54:21 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 9E07 16 KB
12 KB 57ms
57ms Script
text/javascript 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-D04E4tvE3ssWP2NVLJHn6kLpypCDp403p1ypjEdaYI8qJhyfEDOaQi7nVy8RIL7teqHQATwhlS0gPsXotUnQn11se6KlNZAE53gHK24dEcI_AHFOZhfN2BdPrT0LGic9EPSoSIMm4Skf-tZwYHXrTNY-WigRYgJOSMH-rP2GwHvtQO5p0&cry=1&dbm_d=AKAmf-DTwNqpAL_jmNSTe9GIkdAL-4dUQYY7wE3V6CKLs7_2ymuRe-Hogkq8Tef_q3caTqdwwvYOWgKEvZeJrgvlQ3-98FllQy8YkHsLXB9TGwVQpwTmcLXrssjUXqcA9JcpxXsvZJ0KjwhnQ7oqjL7JcltY73m86jP2ZHqAAJ8nArGr7hQpZ9zfueKVo509NitgoScyScpo9y0tgJK7-HCljU0HWWtv42pWAjv3y-yS9TqcCL1f4cPs7fHWrZky2JfVMOKB-LANe2ixZ6hx-XF7jiWkftk03nuTxPbvzjDJJHUQIrzA1C0FZQol_HpQCTmPnqW6pk5OOwmFRrelqgV_cdEtI3XqROLqOMG7mwF1X8CxSu2bORuuLFvVhgAbnwSB9SGabqcGbYeqPs8sD60E5C7KlfU18JORf0nQOL5krnr9_Q6UyzSUEcjHVokXjxNcOraZK3aDliqpDxiQuENLhG62W5_IPl1B_zvEQqA-HwbGXZ48QgtxsVsbLYk9crDWPyRS_ESzhfHf3McC-FumiTI0xEerXxeXBzxNneshxz7H9ev4oGKBiF7vmsmk0DfliqiTAU_qewTvJtkntIbeHjr-TIkOOGaHYE8GQGF6QXnYygf0dIuCyXThVgNGDtqC78yP7gYvTSqVelWFCFGWpZCW90uSHi8VXXaHVQ6IpPE_nKIZsieoQZ25Eqf8jMixQVF0iLl0mlTJ59JtchXURyXqMFqbnlOWDHQQ99liPegYSLw4qjJIfP6dZEBJjx6Di3L6xx-U5VQ96V3EokIsFVoRiFV-PmNg4Wqoy17T2EMjfo4b_wSQlIcggOV5sG_olQLUCWkguRH2JZMKl80GyMCgOvYEfGswIzm5vQVldUz11egWlq_FijpPw2GcR-3S0z8rQQNWg1Lw326SU1Cpx0O8VQ2-OrJhOA5L0S_QwAI7yXD6D0ei56Btl19RCVj0_N_RO58w7QWEp5AMhX1DtOuLWftfRpdrsz1Y0GYosxq7-n-66oP0YQr6XKg2FXVU4S7B5blayH4nOPDAmZooRm8vVkTS5rhg-SVN4znqbe4W27kB0s5CpFwfe3kTRRpmTSF4E834gG_EZ3oECJ-a2V5y9TpIGcVox0CCH3YwCCSnx86hZLIwTfy3zZAmdjPNWWVCel2DOoRmdNSK_D8FJkK_gRhZB2k8YSNV-gdLdRNmJDxnfxBuE-CkyOv7rJB1HzTyMyhzdT3u7OsEmtbZkqFrt2BZ8g9EOkYLzKyS3McvmO1C3eWNZLKFvThbZ8XfWKBk-lEzzSzQ8ESgGwqPIklXxkc7hULY258Iv89kOQvK0ftxZOwx9I8YLzM--0PJqzF4pNJyyPCRc2QpgdPRCB2L1maG4udRiJFqm4Yr4UdCkrxWq3anv-9KCqzJnICC7KL02hR_318moQvq1JRUYtIFbbR4ZVz3IBBzobP3tJhV_9svEg8v2_G87tptXyn9Nw5iybw2I3Y4D69YIcSJDriGZZ7K8lc3aDjQF9zHhtY5VKXsgzCcy9bci-7ifDWgd7snNEa-L9juskLriAIs20RS7mGfeJLzGcXkQFxn4z4gtckzDg--xWep0VxyKxFEYrmvTNGWCmj9inVtEyti91RPVPB9U-u_4pYDeOHERYpCTFeUlE3WArd6FApwIl5-heK3MFuH3w_0sHjrtBK5U-XdOmfMJjtQl-DDUPANiF8cS_LpIT1xoHFQ2oQ6HtFe1xype5SSSGd8LwStMs8DcsCLYaDVrwHsyrjMVRD8pQ00kyQsTcrQ8g0KRjK6ocvIWHB5g117sDoXfNqY-1vV0GUkNDocJ5PEUwR2kcfTGaLqoPx3FVenGyYKLtg0trn00fkhBIHdMIan0d0_v_830Q470wP7G8vAPHChgHKTtW25gD-TBlyN-oj7zIX3dU7J9pi903-DZzDmRDX3lsASymdVG2TUQjpvWs4PQjF544fzWE-ebsFu0XlOdPnBqxEdj4YxIJXncn3c2nON7ugkXqBggMrxiy0dFLoshTy2pvhDWyIgKLtyhM7-QQFBeGiMSMAbFBNC6Ov1bj4P9hGxQmrm305HQdMzt-2VWQiiIoOyvYbl-B7iIMjCdweV5Y3-M8A3QGjJDge_zQ9Y-cwPLtbKkWoApGRKqV2lms3UP331ON8y8kB0k-zhSU7zb5iU-p4IAkYZgmsIbRUaEQ075C8uMaYO8t6ARE-z0g67WkMF2kX-Bsssgi88wVQI2AMbC3Rm3-18ojcqNQdmb7GJvRQ7KtwWw8WwoUTahpJMth_DEoq0JAuTSzZkfOk7igGaLKEYKojRU1Q9T5_XHgCnUzrCX6uon2Lmskus8se0vnN5nPzFt0DAWX55TiD5gmGxOM9UTLIdGfwpZzjzKqIXMZw57s7P-eR3m7i8hBFtoi6XOuMsXyRW3J_tm_5gMf1JEZh61lYrY-GZoS9ZRBVP0j2JqVpwOApCKt2Y8yRf5g8hkgtOR-EYR-vkckrHBWD22DjhE10JoB5ZV-zijFOPF2CQ2sdwRasddW1yZPlnjM5ibksXUz6q6sX2fDP5SbsAuJdsxzrI3qeLR-UKd4BCYdIdCHikibF4cvkMQERCr808k8q7hFuKuScedfxTlwKbFsic7j7CNbp2EDplTuhVmEErqitCvM1RZjGWesg6H6cmbh5wcmPrBZJdcNHyB1Cw4haqdblwIMNOvuZp-K3EkzCvWsY5vyEvSyYeL97r6s2rt2lFnJShp5UoF4--UuM34tAIH0fnyWibWOFqiSujPkQXl6hG1hIFRAXK1yI4g4uTDw4MaAKlELEinPOkBqMVOWONq431sQnvJBBa8V4MaKnwf_eWLUpFhBG2fsrqYwRtxXw7lHCxAmZivKbPDRR8GssleJ_oQgjWrSE1r2I6lbgHauyrsZp2Z6prCLKtdTdR47TxR5kVk1mOoV5mOuztaaqjZbDltJIM2r5FuWsXNV5_uCEnJnRwqYNC4vD3TopEV3SYaPCTv2Nt_HP3kYmaSW628pN2CcdINSMQONGjapRdX-e_NdcrRLR8gJRG6NTvRC7qbWe2K_pUFJuB_--bpj-I1glImni_WWGgElLtwB8TvV7bY2HM3ehfq592WGeoAhbmCNnbmbe-WuJ_aGYhiPyJr6yGOa6g-GGmLho1eazHeHjFlT_dUvFi3walFDgpe8UPwqk61nXvZMnUPOvt7RmJHhoUeFaTdVKpZmiIsULkSt_lknVUNeZO0famb56T_8VS9eTv0se6eWB8McLMsxTQ7V0JCe5KJzhxm48nDbD-n87a2n_M3XdpCwpsynx6DbvSIbk_pxGxhfVSQL3mmM5pjuyAJt12RICqTEHpDZHZH7-1pMBalD36iBoGAl9F2dhWKiMGbcF2h2oZiztw-Wt6jXtLcfhYBTgI2aW-IWUClXcPbuOOEhqnhwYOV-hi6-JDw6o4ihikQRdXcZE9EY85TjsaQsMDmy4NoDXW6IbYxjGICVxvdPyTQf71l9CakbaHaWZwn4VLu3giPPzclpx1o9_WB4XIBNugIqN0OO78O671Alj4HAqlWp-Fs6x1FsQ3wV6BxeGIIWbNElm0kKuUmH8V9qdxWVsTcOJ6rd_-mwfLroiAPrzyTpiIE2UFj2SE4Qo_85JQntsq4-D3l3cMyZ0ssowjGnqb50dP6DzCBiSQCxyHNYvj_vOu1GNShoYQpxC6BXf98ceYLvMQDJg79NuohEP9ABbRPqIlWSKUYxNSIzZwhumA7OvpPII9tAubCZqkvzmCb6hNgZFTs-npdpt-CR2RhRSChPKlgXj_Z7FMvjbKO52YRhCrty--a0PYPjhvpWBjdqD-3LSdH2_0LA916fWnont2r2WN3MzSHX4D0EWmwHw-aMuq1tRxSMxHZlAIdTimlAGTiF8x9Fb3zkj_MEXNr2066khiq-dtem12x4EP1d4xMwoTopBgMcFTZYy6vn65D28h8Io9_tfETj2rgPbPh-3T8K0xAaRzlMwIO7OBA6NHAV1foVeGWBgzY68&cid=CAQSTABpAlJWjiLC6cN0y6Af-KVXk8DBkmSzEAbYcieNmu4lAVz1VLLZ_paAOVfDx0eYlW3te2SyfTWQ_evKRIWjp9kxnT6cOhSshvccfd0YAQ&dv3_ver=m202307240101&rfl=https%3A%2F%2Fepicenter.bg%2F&ds=l&xdt=1&iif=1&cor=5322491079958603000&adk=4188270525&idt=178&cac=0&dtd=3

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c2d4492b082d66f4601ec1f4b1b1dd730422fc6d7c7605e8a90a252ab1bb2ab9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 30 Aug 2023 13:54:21 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11874
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame AE73 0
20 B 119ms
119ms Ping
image/gif 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=running&ord=761978886903&version=m202307240101

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 30 Aug 2023 13:54:21 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame AE73 0
20 B 218ms
218ms Ping
image/gif 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tlbr&ord=761978886903&version=m202307240101&ct=77&x=1&cor=2669107400472455000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 30 Aug 2023 13:54:21 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame AE73 16 KB
12 KB 60ms
60ms Script
text/javascript 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-Bz9QrzEgvJ5TBL17lIr32XSZtar84U_zfu7vy7D5UPW3KTRLUskLOSP4f9qvPnGqnD7p-G6vev82vIMWVTt4WBzUELO84o8w-iVk5LRqG9F26pY9ZzDuGt3bBKM6i-vp2k97PiUZupN7kfswxNBKzKjpwPQRcYzNb3eOpXT0jsIVTZ44U&cry=1&dbm_d=AKAmf-AULH3p4gAQCyV1SyFf2UE6EB42IkpvfF8OQz--xW1-Xy7m9NFrCmxYphInbX4UgB_9-sDp1gDzFU_7xxWn5P9NblyhSdAHM8GKIhWCUXCd-5BHk_FGUXArzAcN1sz8ZrqMmaN1ysmsSc_cWftmRl7CKnFOm6SbikW4PVMFbh77BxpILSMQDqVof2zXciQDTC7JtPX48peYw7k2PT04EznJo3rYk1AeEflY-onXsCZJAD2wjsqjOFsbGFs54X83MwPApQcXlGLjrTl_FnnEcgjjKADrOHVTiTQWRG11_UiegMPvqOUUboh9GZ8IEqW9ViKAGudo04nIwoFhrkY4gZLkjb2EwDlbTZ3WVzrXZfmN2obQ5gZOvuApT3lGvVKgowflRFSX5AD2FudpKFfTM8GY33PUkVBpKZlT7cVAI65zDyoTQC6q_X3dd1cwmhbgIW_sYKHK_FkhM45qWSPDDV45ZsMV-_IKIqFwFH3-ZhtkMaaFMiiJ53tlGqpGlaqMNrUaREEIy01cNL1yH_D2tfB9z9Wtmqm3LQhSUT8TU6S-MtFSxZi77D106vQA8tAKqe6U8hpB35-rZF8dRVMcTemZPOzkIm3Ch9ItTlgMp65WMbCKdUf-qJ3YIAlBZ8H3GQJ8B7Ww0FADuIv17G0maT5ePOEu0KMBZJjlWzyacka_jskTLbJTrWe569IR7MXEwtEyA5Iex2x0XvCnY_NpIT4s6_Ajk7qsUv-WNCk4-QgDA0DCnOrSQWW9k4E33SgOl1E-KFGGjalLvurgl4RjFejDQZ8EosU5ji5QH_JrrfHdkuQjThUMoXjQ3sHDqhjRD5cf2j9OS4vB1P5M8arnErXxWN2EIFUaivEHTbD3Q8Wm4gQB9oCMEttPfipHgOhI4_620HMO7rzgQE0xBCuqn2HVE7le6G8YuMef6QeJY5gwuSwR33DXwsgJ3LUtRLPbqoMv3pdBxnO3mkL0m8Rz4cV5yam55E2q_sq3ld96zMMrzyAn6208_IWH83662blSns3mniGprWzIxD3HjeFdPuzOBJYZI9bfvCLflSEaH1ZbUH8l4XmEcAZrb7DxFUG4WCIELnQ1VoDSeUJwW5QfvnnnIsXuOTJ6jvdthgoPPAwISMmnX-H4guqIO2jgElwv934Z711H-FXR1ypeoFV9HIVDnm6eQpag-0Dbex-FSeNVYc12cmYSNGs_yYzRuvjNyTYvoIu7irLFi9bAHccDa2l4WVBQCiQ1Ml5k_PIr-mfP1CoJKaANL8N5P5NqDWG_VTifMLOJrT66xXL2DBw9Z1M4fT_9wxQlToLD1tRmro1sLIw0nJHYadTb9lRgZ8kmnxHr_mRtV1YFT7F4rLl-tvlCqI_cygqg7k3cCrqjV8Ci-x9c-7jSv9kaVcvF_8c4vsfmmwn3ixRVeFCDNbFEp1TU8UwauBnX0V5vY-BwD6bcobabFVdAMvgwShHggNwY9RCCT9E9GwRDxOqj0ijSpGDqovGq_bHnl80MvmmrOUaSQC0aD32Jp-nzSLs1vcy5Rbl-h2sedDZXpVkQHZPswoOhO2bQQw9EIveV3cyec56RjA9_c7woqJoUdnY0S_qd9h4buBd1FvkaeuyEb8kDRufCtjQJyuP34ld6GMUIiki9DM8fuo7CpuPH-fbDRMZv2y7JvwWytgQzqActnkx3i-3khKRgKpLRDpq3_ePJ0DdDZeGk-uvNFF5jsEhklcx6sNEBiVPYoLDxpYfELBAG9Y9-1MhbwDUycK5Fif2X_sibncs8VGW6RxnURhWWx2UhGlk8Klwu58F578qrbiiLc37bCiNpVjC24-o-XqEYeH24gZV11Sbw9pFOu9rQ-_5wE2YMB0b6Ia0M7567lhluRpz0puKHqrFRA8ecjieHHJpPKffFYtyiGB2iYtJvdqdMEnWYu5MAAiQPHu02L5_0r7nPYT_LBZ76hJM-R5kmuYX5KlJ5JJCrEb8NVJKBjlwM7-5SY9L5NpVQO-bdFKFB5lhw7BjuyR6ujbA2gSKRHwVt7EoDThtnOOZkx6rA5ubnP77ZaX7jlB-4SjbBOGfRKO3rlH1lktW1LpTmJiaC0xyE7SpEKG_N-5pT3XBJt9T78kWGhlv2l4LejOE10cQmJLQfmy6KCaAf1udB2LLa7I33S8YyRyvwwFzDH-jtblebSu-4d9AxwYXFPusM-WElytHHhERoBvOC7Z1BuMuvAwInYCvZEJWSp7gkcUdxY2bJ5nUdrYLOV3beOTxbluI632EW86Hq2GkKY_hAx-GmYAAdqo4jtG7LvKUFZk8CGIZAFBQBOzrizb04BvRzIGxBnWzuRRCqVXbzUdFDgYRMUqD_gLbOphkaP9KHaspO4Ff21ojtqS0wqdrYZb_vhtjL23d8flH5pBCLxfIAoa-2CM16mK3wPmoolA3kzZGO5Cw0mQ-cJhI5u4hA1ErYSCoXZkksPEICnFXiLs1tu1jYtNwRs8__I0zv9mQVpkJvrwlonM-fqVx1RacI64aTASn5HuCszIuNdqShDbqD7Hrt-htOGRlLZq9wSKMcZPDYMNEKxBhcnne6Z2Q66uuGlcN-3VziGv5BM8EFUysC_a82UXHyBl-zt0vIyevO-4cR-D3Gj7tMZtOC4sWgWk156vFGcHqIPz78K79rQVmxqBT76ndmB-EzSjzoMdZhjFVz1mSWBBiUicZlnzmBPXNR6OvLmK8w2XhtInu-EpkI-6FTcwZp7PZjwwO9mZlx5V3-iu8oRt7YhB_8N8OUEElqbYCmn1hyCT2iHBr4DVuyKKEGOJ4PQLfgcv1CTAyf8sWY1amXg6SQ3KAAtpC7mQtdoit0ZjVy0V2dfUCYn9cIk5cpAVGQZEl9g5vTJkVQ14PX2WB0m820hjP9Ur_-MWRsn5knQRvAtOnNx9xmkJgb2d9YDXBo0q9vdpqEQtWVgTwT6zObQlNsDpTmT3BhjzGbzh8PjN6OrgvO-Z-Y-y7b0-qBv5ZMkUETCQnlCF3vUdgU8PsRjRd8UI9wcpNrIOmymXvPDte-7qX3DVNJ_2904CW7XscWKsCx-QGzted69FSCqs8-zCUy7Clax40k2w--WlfqgW4XbtkpJzvxGQTpVtW734LELJ_kNHH__6Aj-hDG-cTLOsbx9uXdzUo6nAmeoYKXqUirBgkVeW_fX_dXwQIl_mc9Kn5SieMUgM2gdnuH2Vc9QC56oqJYMJN6Zw63D53ftloDyIcWPjurbr0OK8I3PBSeDdvxjbUXWsRMHDqEp20V95HvOOmUzPyjAEZ8qkvgCYIEk_a9HxEemA92He9lCTy-HXcp-LcraWXynOc_7MikXq1g6YqsZt2iz4NobFE7dqb1051y22okiUDEDll_4I55sqtyb62tM708toQafHNj08T6Dq0HQrliE6LYYF1KdadZ5LKPtrl0gtlk-EUTdGsYjdv6vAtf7CjivLTMnKIIJwPBa2dScaJMOy3LDo0kVOnCv6ZBt_HjicuTBS5EwFdUwavKW7UI4x24wleKoE67C-aPeR-Jt3Ov16NCp0KiEGy4NvkFHVgJw-0O44qx47byKE89MNVFpFPFkepfI5sbybEn8ePzcP6HEi_m9U2iQLa5GWC01bgh10byxA6UVRkMf7VrXN9I_7fB38NrJhzcj6szvY7m9xuZ8A1xA-I90P2Hz3Ylr18QFI2FKtWOAdknZmj9X64G1h5A__F3uV_Cf-CG8awwnmEN76Whk10XmFw3STmDjmD4xLQDfcCjkbUPgIOILojvqENIeeFyi2vEuO7qqe9u4szK6gtmdyhpr1ZkjE2t5QvokwuzMWTeovOmturR-DjODAVyaCybWYWwEKp7mt_ujAJiuHm77fSCHrNP8qUs0y8LigRKpjSJHXbfLvQ_VJOocBTDekowvX7lpAdQJHgiL57huWzkJnskIJzTxK1WdwT3dfPSTjY6E4DfGNhiqIvb7h2S5LhbjgyorpP0lqBgW6MuZIyYDezD9KPqqmk0c7iJ160qchBrmvlcqakLdhk&cid=CAQSTABpAlJWjiLC6cN0y6Af-KVXk8DBkmSzEAbYcieNmu4lAVz1VLLZ_paAOVfDx0eYlW3te2SyfTWQ_evKRIWjp9kxnT6cOhSshvccfd0YAQ&dv3_ver=m202307240101&rfl=https%3A%2F%2Fepicenter.bg%2F&ds=l&xdt=1&iif=1&cor=2669107400472455000&adk=1033480531&idt=177&cac=0&dtd=2

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

887867b4521ea4df2571536f917e9a53ea3bed0f1655a926fec86c31637ad271

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 30 Aug 2023 13:54:21 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 12054
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ 0
0 131ms
131ms Image
text/html 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gpt_m202308240101&jk=1449107995011064&bg=!jo2ljcLNAAYkVgHwBFY7ADQBe5WfONxTL00M7aoi6AaHn7F1TSgSugd6JX8E4k3Torla5qtY-xawr9OpPzRJHVW4F1l8AgAAAZFSAAAAB2gBBwoAH17CMYF-zMpe4lun9GqLo3En-N2kvyl7nsezrfSJ6rOZAq8Z24do6aSSJ1e05NIeYArQCjaTwP1gfIUpKl_BCml_gOL1h-2Pqu92sMfvvIY1th_SNOb-8YVSrxWzlhbdGtVhob3TccDcqtf9PoIkyIzSwxuVVXTWXZ9BWGQdGQctqe6skdY_aDJO2xkLobrz0ym8aC2CJmTXCbPT6g0-ABrKaR4TnCZZILXEmMCGkiXeScE4UECh3DuP0RVbD-SupSf66VAfes1xzqXniXONbfMmUqCes6uesQppzhOCIUtyKEGAEezMfx7bZpFS5liaJbs2esxp8sM6_DV6DnzpEs2uNQEZK_62NR-uQ7JyOfGc8Ky9sFE7OVtw8vtDHiGzN30MSf971nDgIyXpB6qdA1T87v0Xth1OtzfacptlBzLdg8IYJQT4n8GSE8NelD60lEzKnQHyYbWuP53BGo5vNJVuJNLrlKjGKdyKnq6SPuAifeS2H-I3zGYFRU2K-FQAYavUORoFLfksB3WlEVjut3bzZoxL_v_AhjiB4cdPHChjA4LNzyBzuY2pAYRAbpIX3TVPi_y8uAiQF-9mc7vVkh9p1dupAPm1iUCd7kywbo-sptAHbD3IE5TTfTQXWelmdVqH8cOCM2hsQiZ6Axl8bf8UQpv_uqC7rgBMoufK-IifCLAbSxh7qAwauZUlKNzsjQySMGoa56oBWJ-hd3lzR6yWfzoLm5OnZ7V7eZjWfigftpgvwfjkadOIz6b9qOWeAE8jpeUwDJQ2JvfY-v5tOZO_KaSR87rLDoi7KojNxMurH6u4rZl9u9TTLD13Ha1h1bis8k75Q4gbIKuMoceuGussOWYJzjkTfkhDLhfoqKNknqWMoiSNGC5r9xwGqtQl0zMS6I1PisNIGGTxzAscYxyOw4EyYR19_9HBtDusFYyHF7NAVX9HCbC7wW8Rk_BpP1o
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://epicenter.bg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame 9E9F 41 KB
13 KB 20ms
20ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-BEG-Cvf-OOCFjjr4RfQE72IQsvvzpPdZHxr_KnavjlK8lF129l0qUO24PLTBWKZSbnnCs9cY8UzNpwAEoRTqgWeM7dXPbGmAcR25-MQSBkrDvYnl7eXap8dSsh5wrCw08nq7KuWtglt1eJ_G12AxmrIfOTqn_hTpUCthVAm7L9fyOIkzg&cry=1&dbm_d=AKAmf-Bj_IQG75-5RfMVXi0EjXmf4RO_TLom_njT_s0bz4ob1PpmlrrGqiYoO6o1O5ZAzN-DIGkI4yEJR9pNWKyvmOoBb8_ENbp16uInqLe0VlOiiZO8yTnFwJI6CeElnCNTdI-_8T7KWRw2q1ZszmxC7h4KW2YiljemUQppc08bRxsZEuKEShC5VIfEF3dnqI0OWoE99MUHB9DogApuvnX4K2kgh541c1kbz2C4W_B4zaIDjuLd9DN7_tj_AsNWzUkJ2ctV-O-xdjHd9UyzoCIV7W-_blSoDJi8s2F9sHQH1m72BqX2YZjbCd9Q-o1HmB0Ns3VUrG0pA-oryZCNyUz3RODL8LZwUTYj7MS9o0gHIkeExtABXotvayvkdNSpF7DoAOGp2_yXVhMB16w9bJEl6cFxHEDBVARnP6bW2hbIlr2WR38L-5QboVuTsEW64Z2D38fcseCLzxYW9vmvIZHC7CwU-S-IVIC2binuqMswLl1agB9ldNAgr_MKbDI52ItFk4MYgmNJEEQEghCrp0t9g-CDhGjbwYHO9b1NcYuuR6Tos16pv1rgL7cMFzFjgS_NNZKl48nRP71tdBQGW4RaBjVKJaxH-RA7deiSyHHJtktyxOkffCYlk9wyi5nRy9YxNisvIJPZxQISS19iEHxflZjdujJS5Jv7mNEo05iXW3X7jrNLfAJDEkaDsY94pw69GEpctYSL-yy-gpxwwqijFRo9A2FlBZGIEl7ufPg5Di-FFyOTdm9OD2OJpBHWsRh6iQ7RanhOqc7yGRITuqeK5crS6r7bg69L7MYBjxI7-DcovmlscPbtJyJIfSGclVe0slU1P87MXN1Hb-Lr1_unwfnveh59ELRRDAdZ_nhAC6ZBHD7BO3XXWL-IsaQyWoZPv_8ebZ9JQ-lG_2y0jafUtnMLNUgcOyPHJDtPR21dDRfkuvzK0-OvTnpgsC04nUEjwonX9b89p0-SA8jmAYVq8jdbtGTTsFfTsNhDDEFJNIGCPqWFIfq4JWiQf0L53ZBV0m4QGdCzJNZYDnhAqY4SAfpDO6Xb2b_zp5yu8aQhfJQ7A7ssSTPzEjmbgY1GeOnsT3leN3m86RwWSj3be2J7YLWuJd8SNtOIWFbcJ-4XSV7JBS58lPgt6KRrnbBKdaDrbpEBYYqePAZ9DZkQ5CaUziTG23reu9_ZspX0hwQRR_rZTcxD4IUt_KOcpqqzs4plm-9sZQSYSYaZ7XLvsKo0b6TPTJqRc54l7wTBerLFIhFHB_04c-QPUtGjrdbgDZUxuv3GPO6i-9JmIG3Eq91b7_Z0OfB7yngPd_VPb6btPufYM2M9d3ud_euBm1f4IUVcRkvVoGeDgtUI1j0Sz-9PM5AmLNqtMijnn2-rgBhTjcPowycn_tp90Mua_OyF5NWlVFWMiydfH19EIIKo2Ijtm4UQpfdmyt6OQsQgLSVbYNqEEb46nxxeWCx2XZ4M5ahVp_whC798em5uzr1Y-mLeDWhfuOw7bPWkAgWNkYZWa455zWL-OqWHneDTLN5aEfPP9U9iFZSr54JA0AY_8_y8O3oW7ytfaY50vs9NMaoJhQZB8rAFPrMR16Ao82eeI9JIywWEpwHfIxljGxKxg-O3Slq9qoF1NLnmgGIAXGa2Uicg2ixXc_yfg27WsaFRewFwRCrv5JLUdlsnQen5Qs9hAjy3AlZrXpubLfx7QhhWRgZNvouFnsjngibBMtAzfu9zDAdvr1Mn0RuBSLDA8RbeWFKO83GCqx-Z4FtfViduVNyfNp2moWHOMLVRF0v00l3D96L1h6ML413WQSs4gc4U0UoSeBzG1C0gTiB_d11dRXsNgnK4UGLuRfmIsOWRTxSVHWahQvmfR7XSOOjXGHX0aYad_0zms3Qmga6Oq3q5JUG0jS5xRNShX-AaKefJCOyGydCcNINc2OpwLvoeo8YJur_Fn0DkoN9jsUe77T484icNKVrt5e0ncHUQvH4hoTIGzPsSYztcsWDsZg4M9OjzpZVml5d0u6fc3WLY3fmYFszA8jI4FrHdXStrJJOM4h_Dke5XTmQZ4lhZHco5KakOmDRnaKbVbCBKFSa0tBF1n7uExBG9Sfu9h_rGq25ePtpiM-4YbQneFmmlj6iZ5ok4gnD3tw09jTI1P_6mbfbkr26JcM7xzwpA7MhuP7CftFUKYh8dDjEEVHqpHrAQ4cNZr6bhLc-GRRZsGC1VpJ_aSsw9VhJf5AipgtclVGnAa3Hs_y4XykxLBnS-QSFVDB0l5dlCWTbJA2DSALU1mLuNGwtryN1UzoH1007rizSQiomQmKAc-FTU4j2h1p5479B7LJw28SKBnb6CGXZTov3V-fRpK1FHNU8U_vz41HV2sAZibkJMDCXWApr5kqpH8UI25YSB43sSBLv8OPgMAq6HcrVpyK23NzphV-K82m6IMSns1JpU-8eTGRDpAagOhieZzdnEJa2apufhUqKTq9RDbKKr5alCOEHlS1C4y-rfFbkw8kLFuTddCLkioYwvg9bT_y-wyP9jvc8rKqQn17ce5m5WPfyDq4udqRxRPobF3MboGGnzaGK4oH1ndbDh9mbFeFsCrGHcvTPMLfSPNfXI_Oni_bld23vHjKN6j05q9OMrKmeCPlEyoV9AcAaiDVudyuo2Fpst0YXyC9RV1ATwaPan775TeaieNWH-NmAhwGd_Z1mj1nFra0EP3QW1G0gOzbFKBrL3dIvHdFLhT2WAd9AkCHGaTwlGedVCWmQgLJfATGZHXdDuB0o47RnW10QGTHM7De2Y0D27eXYbz9zOW3N7lbL3vVb1ZxMGEEmHTf6e2y7uUk0J9GkSdvmbwSbyOetwrna2c84TMAi9PSIYtFUVEsLWNymS0JD0rG1MJtmmiP3HxmZoDNdxTeP_0QXx-cirhZS_tCCWHgsfE6Srwj7a1rNMDGcrBlfe3QaUxd-5udMSP8BmAUcxxooT9Y-O_TzQv8jBQ4s8sd_w1DhpiYo4ovIBjreXJa92ZQDi4us8vn3B6S3qkJHvm8BaNLuIQfBeLtxfvkOmcFInQU_oNPXW6OlBpYOiVp14YnKxp4-Z6nF1I3oZisDQigMmET0XUgcX2dnFXJe9PBFNNT6xrxLja8g5s9nVgFNIktnDDnJBZl6gFrxZNunSWFHMQ8ML8ocoPP29uKRDgbfv2DEe9Qx4S6g6H3yHDF6QjdQc_aa_PVzxWVCtRqTU7Ms_Y2OKGgRfRWs0hXRUn9T49ks3ACv8yCP75WbW8TsaT_gtKTbVWz-9XS8ywLrulyTjl4N_-KL3hOidS4n28PHyofm4VXKaEWTjx80gyyNTAUpy7HqHKFoDFsYf5YTJEe4_HQXD-8vZ8_wGfk2oaRPPnfvI8K2CXtpCkSKP4-IO3mFBW4k3TBKGqID8lVCWqf3ghYM9ZzgIpnbxR5SLDntb1LDn0SzAjl41vxOsFf0Cgm4rFDNfHxJjbSaBRLSgKxuUA60cYqbOjEYormNDxsGn_yNS4OVPu0oQZycWuNYRylkZsNfnwFpErjv_Bi27mwbUJwf2N9YuBxw2nxKY4V2LPg4pCaAjlIydWG3iMmlw1LqEmBzDWKmewrHfbNfrlFFFjMOl2C6OOZGd56QzoennGiaRv_0NcW_EqcT6FpgzsoYJU3PvRSTxmsijjzOBxSF6MknrZFsF53KeBnwo5vNVqbB1uWfOZwCWrvTmA54w1zIk5l8r1Lh3AyOZYQbg1WX2Jj2VdanjvLcBnx7GMI1CjJikuV4-02FImrTRzeOujLbp7ElY9wGM5z7tYtlEAANT2M3mz46LHJQViMIAkMCJ7RS6PCffKVHOVaaBYJ0kgJlrWuu64buvMIodhWTC7SjKxIcCvpbl5yUxvvAM6Hm30l8aBYvgIU962C5QcOYqLHz2ok0uCx-Niy9zaaKmgT6FlprbBNMVXhlY5jXeRvSPiqozMJnqQ1ezzOYXQz40bT7Sj1kfP7thhdEmnRVwrdB9R7mZmrqL5Ndqmg&cid=CAQSTABpAlJWjiLC6cN0y6Af-KVXk8DBkmSzEAbYcieNmu4lAVz1VLLZ_paAOVfDx0eYlW3te2SyfTWQ_evKRIWjp9kxnT6cOhSshvccfd0YAQ&dv3_ver=m202307240101&rfl=https%3A%2F%2Fepicenter.bg%2F&ds=l&xdt=1&iif=1&cor=15115443121410339000&adk=250412560&idt=140&cac=0&dtd=91

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Sat, 26 Aug 2023 03:41:15 GMT
content-encoding: br
x-content-type-options: nosniff
age: 382386
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13692
x-xss-protection: 0
last-modified: Sun, 25 Jun 2023 02:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 25 Aug 2024 03:41:15 GMT

GET
H/1.1 200
OK jf2y0amzcvu0 Show response
hal9000.redintelligence.net/zone/ Frame 9E9F 11 KB
4 KB 96ms
29ms Script
text/html 138.201.84.244
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal9000.redintelligence.net/zone/jf2y0amzcvu0?subid=&gdpr=&gdpr_consent=&rnd=1693403660233305&extVar[]=DV360_SSP:1&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCgEnvDErvZNmeDtKWgAffzr3gC6blvaBpvZicp8kP8C4QASCglrcuYJWK-4GUB8gBCakCAHcZnNREsj6oAwHIA5sEqgThAU_Qj3UX1REfgZDDgNFqLL341ujw02yDXUNLAyYPLA1Y5FXR8ZYL-ayNRQxE3KmsXaSkAmPRR7FyIwm5wMOldWzqGDzq7R7_jjfh5ByAU5TWKOgltfMbrQLdf40-LftMIjDp3UqpBsYUIXUzO0gpe53b4n-S4B1V8jZwgpY2spE9lthtrh_vUdwOfx19ME7i4uvSs3y6kFQ7bnT9JHHjmxPz2F952UKvR37ped2DtgX_JrjuKAu2JcVVdNAjeNXpU6XIwbIbY3WWBsIlYpkyucbNoq_j0Zv7pqrg65UN3JwD4cAE64_8jvcD4AQDiAXvr5aIPpAGAaAGTYAHrK31nwOoB9m2sQKoB47OG6gHk9gbqAfulrECqAf-nrECqAeko7ECqAfVyRuoB6a-G6gHmgaoB_PRG6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggWCIDhgBAQARgdMgKqAjoCgEBIvf3BOoAKAZgLAcgLAYAMAaoNAkRFyA0BsBPMnNkS0BMA2BMDiBQB2BQB0BUB-BYBgBcB%26ae%3D1%26gclid%3DEAIaIQobChMI2dSEncSEgQMVUgvgCh1fZw-8EAEYASAAEgIyDvD_BwE%26num%3D1%26cid%3DCAQSTABpAlJWjiLC6cN0y6Af-KVXk8DBkmSzEAbYcieNmu4lAVz1VLLZ_paAOVfDx0eYlW3te2SyfTWQ_evKRIWjp9kxnT6cOhSshvccfd0YAQ%26sig%3DAOD64_1dSeSYzc5Q-cHiuMow1imZ-mmL5A%26client%3Dca-pub-8786690744144524%26dbm_c%3DAKAmf-BclZsSCanrx5fdkjSVgq8_vXmWk8RVPhkIw0SsDgKATYRVTDKfNfhQJ2daFqzVU2xO-wq14PvzYEaUks7VUZndFXxraA729mtBdXGnX-6YLuRDGmJZO6hiVs4K6tGQ8fdvqCm465err4j6av0KM6-OwdYmqxSfReo8TmbWi3t4Fy5tUtc%26cry%3D1%26dbm_d%3DAKAmf-CX_5CfTTarLSqMLrvPHXtndf2X2KbIDGukP67pzwWdzLDxN8x1tHC5Kg62poyD4-821zFLZP8P4tEmqaVVXDoJQ58IJkhvLZQlf-LzMmdgiSV-d3T8rhmM7sVi0qKhRMl0slw5V9X1AfXdagPQiy5lQEy2Cygt3W10qry1NCdYFSIlzICG_rm7DPV_yIthmGkLBRjDGvmO46MEB-3sMHC3k2JPtER0yf2w7ogysiu5aMd73z3X_JSoQzhPS3VrEEkO1fP08HUKXNwjjHjDSrFFpyjLScKAMGh7BeeZCws8u0IsIxFClCerakQ3IWTLGaq5ZD4zAZQ_mQVLivTYvOibaWaBaermUJQgJTomHjWtFXZyMBR9fyKd05Mi6ZZzCOiQHINssH9_6HRthzUk_hShM-PqqUViCPHXZS0yRYdJxEaIXABXO0TDmRhTccpFPRqxuiMxaXCGKhnE2jKaooJf3o2FyPmxUFx8qyu4LZJfeUAqUUxlTWPFS7ljrVZrNyApdUeH%26adurl%3D
Requested by: Host: 10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com
URL: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.84.244 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.244.84.201.138.clients.your-server.de
Software: Apache /
Resource Hash: 2f4a71bf1ae269240ff889dcad44f96a7ad6503b86c2ec6cbfea971aeea1cafd

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

Date: Wed, 30 Aug 2023 13:54:21 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 4147
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame 2F46 41 KB
13 KB 30ms
24ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-Dlpi2mr0CYV6crNoW-12SVRZ1Ls9_Npk_sP9lBbbxHtE65MDCd2bFJpqHApn2K3tlPWCJ34zszpWWO-fjPqbCVuI02VsHjCcGrIYHKaE9897ZwOlDiRZrmlQT5puUiUwQYVHYhdhh_Conuib9qNgDMLcStE_USR5tGUkngl14fHacqgL0&cry=1&dbm_d=AKAmf-ArJkqn7iZkXkoDQbYZiKSeBx79GeMSc-zlc8FR2JzyR6R72_5wbnQpzbghVz0y-DqXuQfDSjKWUE1pBAgH_5BjY1NAqFZSmcVAXYV81rULGnkyH3H0oxXyh2PZ8hxjbvHh0oXi3L4xCwMhFw2uGBP-l2tHhTz6bZNUKs2mmD4iWEY678XBPhHRzYTZU5-WWctzZSFN1CCKhLMgVAVpjb4IFPFWuBK4GFX4-9eomzFHJvHgDX12PS40zkOh_ouMf-BS_o8GlcbTwo1V3_8SdACIS6dGWDGMjvPnkmLJScVVuCBonmy4rqCRSTNphGC79U2RlFiK3Tf2-ibkdrMYAW_3fJRe67BWB-qks1a5DxV42Qe1B2ZsDsMxskp9P9ise6yxw0FPcJitqtKxZNdKKvkQOP9yxK83ZzSTbp9Qm1ZCG4680QemYJljOrSAI5t3THPsiysKt33i30c3yGF0Oig89QOnu2B9r8LLSL4OOYMI-jJ4UjomK7v7KoTjcVKxxKRfOHITiL75v3wweln7w4dSMmDN-lKKrfB1KvSOxLQ0x4TqYDHoWRHFpAE4kiKLyupakA6BoWul8Qbhtt4JfoqVaiUjMeuiPQ9ysJhci7ouhI1MyJCZZBmW9AhLkLZkoQrcKf63hg6icHPqklbRm4E0lXqGdyXsqX1hYEQ_UF0DCwifhC_tv_pkfsF1h33VcJ2ciSqk2RdfLGSvk3G9cQBy3Xsvka4eBiErCe4muFJSofXLfNOBvbuW3-WIsMenCtk7N92ROKl3S-WB-sDljkbiII3vILgRijBY1bilRL7bRlqiFzBpFV_AKdaOXvBpWw2ugt670KXx8CgbpChIt8tg3mKGsz_VlPDXF_cTlbCsuUpOlTxdzCaxC8o14CjeZD9BcdaH0q2NhMwQub7dveZYeS2d_V6RWHIPQdjjqVwZfPtZWmT6mIJfL33QaH55a8Q4M9Kv4Wa1c0umVbXo8xVKdddZspXjQ9JbCwBjDwuGVUUw2gtTqgc0pmx0a8ES9GSEpiYi51XgaE-MDuUEHXngojWgLDg6TJEArTjabiEdzFiMvn8w-l_cJeR18QhcxWi7E6np5X9jjEGgTQBK59zdonXNk4ksbLpAkbtIMaKqFQD1LjA4c_4bHElVDNBJZbphNfB1YZK5VipI2Xbrxx5R6Z5kIV1NIIa_WpDPq9GDFSIHwaMXJYS_bn46Pizxd0kI6SoOm2EsfOYcUO5v9YG3sUts-KvPuNcaXobeVGqNKGW58123C1fRoBu6yW8Kd7hIurlnbnuP2TRljzL41gKFfJV-n2Ggo_AsFc2Bh2MpYMK5klRD4nx43dLx_fKFAsS5zBIMOzD5sQQ3NQ7oGeW5mmn79bClqk1TLa9zZt31y2Vo_qEWoz5KFp7WECkDrQRnbTW1ZkwNHh-y0Ips3oQkY2JfIEBpTPl66JE1E9CtyVWhimT65LLyjeNyzc2rYWDfxj6weWT1NA-bzHColHAOe-XhU02ONpzoz7gvo3VBl35mOapgy1RcTerspG6CelqV6VxIdwpZxZm3sTsKqVkI3h23jDvVmis6GwcULrflxRJ8LZNXarSrUSoPCQwj6r_8sWRJ03xJQOkqKPr28HLQz8LYSf6_bJpYq5oFQZSsDgIkPnxXUH51CenoT5a3rJbuP08HxX_sXra9CzWyksgZBPSNP2bdU7BPWxp9IHp2x5MxBHTqeqoXQ9d5wJAhJHQXcaodIlCYHglAWzqqKKUItwcbYULAbNV5n8cGHLrj8zAi8OodmvyIsdYT_K4kC-qN-DnLDMW5CiKD72VD8hl2U6o2oNNtHzc50Q6f1xTfxxIIAkRc7GLBKpSFM6KAr3slIEBvW96iFQdW-JcZuYFosZwjSMUiNN2zzcAyvEga5sDpWOGZ-X8_REfyCA5xmhYuiTS9AIbQb5OhNu9zKPYtTVW0_ppUG8Tr3xy6x0aUwFfhNsGiEEnPZXR6VvXtd0K6cz8Wx4MHoYqNGKFE1Hy2IavUDny_RuHc2xXtct2h-NqgQZ3A4PnLl5KOHkfN5rmB8de_cHxSEc8GS2eXb1-fEC1XvBQQeR8ToAQf4Ww2Edkd9iYhNodw-6cpRv5jn4HWQu6nBbaIGe-rOIyGRF4eNTt9-K-yRhniFOlVjQZaDX5suW1Bck_hPKOhthRpU5i4gXc_AlqMWFkHBtVDh-7BLlkLqBujDyL2-6zuuwt2F08nKt3HN3Luo6bZ1kPvbw3A9wtqeotaAteWUbYr6qkOm18NW8kTAWRBxUL7P5CnWN5Qp9e6XknXeunSGMEP6oU1cbrG12sQWul4qj3ISMI73NHnP9ZjzlEj7l-BKID-LT1SjgEHmsnHl09u9VzYJ4lmhjPKkWx4o6sGHxqdMFzbhoTH3SijVExC-CAefhC6-Y6m2ROLDFiBYwSJto2UVSPSQ6l9J2zK7AMiDoBpuXgORAXSUEIW5PUQYZNHMAsUvA3bhOyXzdLxyVgzdP-1kAgp58YsC1CRZ1wWE_9lg9gIoJXUKN0oFYF3BrLtHcbTwQmdkLclkNQuLgpmRCy-SCiQOgYw8RVdpmX_oGf_sGb3jdKfKlcUL7OryvdW93TB9rzVlpHovfuSLkRQmXi6wtAoEn6PgJM-JUxnBFABKK61bP3INaMU3Q70-d_eQ7tVsImE1CCRG6ZI9i4mj4GdByP9KLzgqh5T7vv3cXp4TNiIy86lswdl2ALNEqvHYDOOn6WR0mC5l205IAhTOTOYLDgdQFrhaeN3kUYG3QqhT75dw9W2mA81FcMj7fMBEUOuNHANIpCQi4vBwNioUSgRtHkc0fuiYmxl70MuERvOlUtLeRXIYHhbsl7umG2cpsP__W8Ixrq-dD19BdL6-DGOYXuILakpD3smmdRNlBhwii2-J80MuzWRXICfpPPIww2-JrOoC5joMqxQuQlF7HhjV2ZQhr2vd6q_0hV_ToNy2FArvqU4fa1S5lzBXAQl5JTn3XWzE7kc8dF7Fc0eg6oGDjtE13iA6L0HrvJG2ab4FF2k_mJm-3yfs_mWCBPa5yyuYnzBWucj5ryz6vVdU-wMtq6LChBjAQmkQEh0s_qEVt-XqlDphVb9P7yZ0nJWo4KlKXVU-97aJ1IqsEv9Gy7aObqLnfzmDcXKJ3lhA9lEjXM8VGx277T6uTAC4lcRgf3gNTMQzAj3wmLx84Jn03Bx5vvSQF0MvhiHGukLqK2K9mywoqD2moj0lM29XkVYNFV9gb6itUk3qQ0LWP5H3ZEUKDh6iymE217v2tT_zKuxWzTY_EoFu9EF3Uuo3psRVwvi-Oipmq-CjM5TDRgdov8P0cRy-YpYfQkvnNaUduQKr-3i9STMmCMbaxCVH58RpnaU4p6TfiDGo_2ub-ubjY8Od8po0p4UDftViqATrExHlYnSrR15qoJI40yKmgtp5V0fkS-Ml1iMGtBaffgKxNYJ2VysGKgVMLmjA73JrZPAOhM9eT1F6JZhV9Se2pN4QEflORFHtuBBTuExor4mrNgkEGTncUgR0tlhwRf3tdUW7Sww-7Q4VUJkHWTr24oQEe9KRJdLPwsnRTM8shqWSHFRZq9-xRZrCa7rhD7uJhvncGz9dTV3feXVVwovtCwb2hAhBw4iKs-YfXEJtYEjG8qWN-uHk63pT2pPBq78dJqedJbngZExrXJOcAPlOWsp3RR_-MaJitvGy0R724lL6oSqbZgtXMjQnr36mcAshb9_EHlnccarY1vTfXAXLhjwrulIYP9U0LV5XUUAA2z4TEgx2a0J_F_lj5wrMqrcWbiJ8qoInlvcgzB7KqSy0MofnOoFU04wXBYo2RePigAPCbvvPk4RNwz4mszM08RaU16BM_wj65l7YZDLR6Rdt-5_X3RqD-Fqfee6_8WgMeMB5JVjS_fzunxpS6OyB4nAI4nTNASZjXAWCzshgVoASXwGBv_NQTCb5i1KXuXWS2e_cDO57irpeOkGfaO_h3-Ls6553IrIRXU8gl5I0-PkJpFYukOyKVj95mg&cid=CAQSTABpAlJWjiLC6cN0y6Af-KVXk8DBkmSzEAbYcieNmu4lAVz1VLLZ_paAOVfDx0eYlW3te2SyfTWQ_evKRIWjp9kxnT6cOhSshvccfd0YAQ&dv3_ver=m202307240101&rfl=https%3A%2F%2Fepicenter.bg%2F&ds=l&xdt=1&iif=1&cor=13609989718639352000&adk=1964084972&idt=230&cac=0&dtd=4

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Sat, 26 Aug 2023 03:41:15 GMT
content-encoding: br
x-content-type-options: nosniff
age: 382386
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13692
x-xss-protection: 0
last-modified: Sun, 25 Jun 2023 02:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 25 Aug 2024 03:41:15 GMT

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame 22A0 41 KB
13 KB 27ms
26ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-BjdVYxnPEUbkGDJXs_GFa0mfxpm1lZFJpcbWGYkFL6DXkkQZ7PvIOOYxg8LS9dTZDViY1OLVE-J65iy3HPcREg3KQaOFO61uQZD4J-2mYF1g8M8DhXkjorGLY8_L56zzzdYgrqgLNISiIAGmTS-DulFV3vfdjPJ28ra19WtrN6VuMJWnM&cry=1&dbm_d=AKAmf-CMzk8xq90v1WjV33vVYWiFwwXu5dwSKeYJP9vwjghxN7EUgzaQg4T12sqM9Z_GA-3lMCv3ZE__1VE_s9bNyUN2BVZBbLGs1YorlkLHQroclWHfVmaDwayKHjgRucAVjvtlHEvPCprLjp7_X5laCN35mPdFA3J_qdHFJSd9_ZaSm57nAGQ90bqAv02I8D7JH6O93gTUgP4kKkW9RshBamK8WI8prYQ2sP4morasbF4mPRIcZD0WKFE8Or2ln29hoUJRpQeGAlmxrSJ8-eMl4gnF8ZSz5R8et_8mMUu92ddkuF2S1LVZLYM-U-RYgKtg-aQhragPAXxvritP8Chvz-XuBnw5sjKymGd3f3rSxf45bQTXx-sb85T_xVW6M7vY8JZGs4usPs3iOdl_wdKTVelEhI5NbOCz-UsG0-qDw7RXhEFb0hAld_tv3H1vRL7Z8QLzKKOWHYxtgpb2JiK_6S2w6eMAdEhSmY3k3yMxmjjkRvh8P4iO1IYSGWts7BRPrMQH1I3SCZnF5hcLtpcnWaqC5gIS2Nz3_3o_xUU--B_d_kiIPhnAh8BTQpanoC_nMe0q72x6q50SDGcOH_q8GxxXJVsEa9w_09P2Cog50tqHgfuEw5I_xfirfCNl8UeLj6dyx5oegS6YOPFJJUuR3nUhuMhvWN8o7R1XmbiCLykVbX7g5qh-aI56uGGZ5jikD5AvlOSmVBkq7qplVNvZgpk4wdEosS-puy6It6JgdMRhADPoSBASvaP1_E5xX2uuvO2sj8auqYNyGWKgLVcYWGXLZOU3P3otlsOjVt_lr1STk8Lq_9ZnLxSwmIY9IOVm3Q3W79wVDDPV7oYsPTT-HxXTzyUJVs0mrbGM5eljLoFEkDs6YelrmxYua8FZEzHeP0mVTU0bF2ADg_vLL5y3mslgp7JZFDy6viz7gy9z-KYFy3f-Ky3kQONrkEk5J333aMk92-MBdxgGaWcI4e3ImcxSlTOM98xWfLsoLde3EhBlW9HkoOz4WF7DDYY0-UgeA8Eua8OgW7bvGSW7vsR5noVdoVqdl-nJk_-R_FXbetVvfiruWYnb_ubgbvvhWLy5C7KsqWRpb2hJS3qlU7Uc6NKjy6bXyx6pbbc820Yna0yeC6HfYZI7axq1ljm_VhsVHRZxET2V3anfb3Vzwn6PilY8k1RUpoRq-gBYuZgzjG0UPHgsUzxhzBBPUJ-3kb5_WMT1M4JUGKVYskTRYeb4GfNQthTM_3UjfTsppGgNPiWuedef4WQQ3ksDN_sCgfPna_NH8hyPfYVc_NJsc6UNH1zipPmYM2nsCzY6Pay5Injfoi_qgQioxzYsONC6xCDK7kSKgzwllZo_uQDVpxDitVdWYmBigWTB5zOYNitweSdi3Oo_7Aa_X9iTF8--6it1onVJ_KzRLzIOs9yp-xSuHmdLzxNXFAoVm-WOcPYwWn16E1I8CTIb1iUbfrKOjMKd4mJYhL1L6ZZQeBMPe0RAhVZJhUcn0RMKpLr_-L8VSOCQ7vzI6-gb-PdIXrAIuH8GKWfChZP71bOW-edKui2DRa5GopsKJFZPYnIPRqd-qye6reaiV-qZckq4re2u0XJWyHqV_ZiamUwnDTzlrdbTJuvP87AzbWCPIkGqz0gAiDtSyjTx80HleX-zKLyYxjuIUwfTBKvzztMLUvVV6MQOoVPs9M7QjawrlKPuAqCb7PGmO9swipBUiyv6qb606QNF7wW4Abd_-D0NwX2jFw22HYGk3T2IqPWCc6jigcV_3acso33ystszsNoQQ-11HZhmgsiHy6CXbRU0-Jbvr1qFS0PU9YQaSLDEdNgYIL7EeQhvAAXt82MdQDoUeyn33MuC2bqrNzzzyeQWB7jUT-Z11kVUlAjI0Pz-1vbNj9v_DJBGUTApuKf0SSC50GfkqMLiVBVlCSdehqORbzeM0H8IbVUiA2R3MIzKkcbTcMiwpWi7CRuL4KwSqcLPgnVea22Bnm0o7R5IzV-mu0BsGBLW8m2yVMjsCGBLcbBZNr4XKx5BZro1rYHTwbYUSqSBZm-pDdnA5tkdh6Rh6j3Wmcy7Vmc6JWnUttpWGXwUCeq0kxQ8WdAO71Z8Ipg1gTkJnAXSJzQLICseGRNhmvATvRZ8jvA7n0xiaIOHxzvC33S6ltyw1Pgm0Xf-OPO3C82CHUMB16VDtSJSnEEM2JpZRKaFhtESom80Af-nebIEMMIzZRttPztyrdGlxuX93uZ8NsWk0blXEW1wr4kJvD2avHGsHl0vwgKhYsvq4JFpOwJawvwHEAaqd6qcgqDwZmAi0DbpGpRYbGDpin0cQXmuYHwmo0-l6YNc1nhet7cdQe4T5VFkbBifkYIg-dcv8ibNcAIM0Q7Uq7HfoBEdw53klUXoVK1y6qBF4YUCFkX3J8ZLNJImn4PPTq5niOXxkI2XEg4KRlBdATkMKEUfAUx6SrIONNjrLtB877e1HAnsELRLy_3XvrB4dCL0A7-JtQJBlsb91lcctF223Vpc-Gnc3KGh78KMr6-4tmA5OUV9-YzIwC-4fVn-CogXSxK5Ih4pArazOOQky8tdjZQod0Q18NKdqlmsNvS443vuj4CnMvTAz8uJo0cshyWfUuTCQl4lReXXhYaSrPyTU7iXfO1iwz98JqiJ2MlTCvfcCr7TIvLjVBm-1OwoHyX6mptS4mwvV9bteArihpDelvDaVJRZd2pT_vNDrNkBd86Muy81vGHQazyX_IyP-JZ5xm-n8ua3BDK20i3sErSd_fKLwPhh1HcFmtWocniuQOzhxr6FoxrR39U6QDSwiD9A6Dm6pwBcEGC9sRhc0kpSwAIUwomi7VFl5HpP79HienwNHHkhAPU8LSI5nX2OxyQ7JWt6dSBJ7HKt9_88mFGku4OSY_q8ge_vJljPjCbXp0M4kKdC8sPzZgm7aaeyyR_77ObvLpzpcpnLcS-Pv9wph6dhdvb1l_ozPZ0rUGwaENomBxd9BhMRXotAVdG-LfkQ2EJ3iDMTAkkh8iUwYx8S12QVL4RM4vcVjkrLHzDqq4mWLwdCIIq2Vk8ehlG96fvSCgSJ_InZx38Uk9HJtjfOt_sFmilkggO65M4dCtfN9keUSg5momhngaF1v350rzhprrVvx9Zo800fd8ccOLeCECGzICzyhu8JwJD6L17QqxILBcmjFVVTrqGBGlrCoLD5TBbO4AbjlD3q_5Z0M34ztayB8Xy7WrJtm90ecKQ7mzizD5Jm1MKRDGi2oZ4Kb0uyt5GwkYofFnEKFMeuN80a3IG1smGKaGng_Jv_t-nFbOR8JBpzTXjG3CdkktwROtRB4rLUCig-xdabYcDtkVAjcMuKpbzYuGgAN92yN74tf7Kl6whHNjjVSRCSjDGfFD5O3umutoL1Qrj8DRJodV7bsUF_p9AA1ryfiB_ZgXYq-_3PuPA1AZBTVtgtzbht9zqh9jsQ0VXhCiRabkUceB_-PUi4fMFxLxsCT50NzKtzNrh5AUpPUDKI14dYRIBdbzoXWwbtvPL3Rb-ReC2I9N9M_bOJixcBPhVEFBmHJG4iIvtCPlWbV0vwIBXI_ReK2THDeSht-nokODObcU050tLXwPOX4SDflK4FicH8dISeoT8tz2MSxURTD3mcb2EnCxh4SHu1r-DqB_CGy1TvE86sJex50EQzdqXRHs5x7flw7GpF8iWfk3Nnek3tRkbsQKxapEHG9F8diQW6oTzHWXTGGKLjUrH5jau1vD1w4w1RM8zS4fTLV9tISTY5xn8t2JJIZVH5rCFADktJVI_hRFIoDQwZu9WTpGQYFvjWAcHiHzb4z1VLvJ28GV2MpYWlVKlp-liCuzdHuHsLipPGhN25JBCOlmHZe0DnU12lGTQZ9l6-LHGFfSrxP5YqG17pLMNCpqsvqZ3FSEi17zfO9AoVEjGsRZjRELWtsjNEfi_2r7gZakmY5f66RXcCTwiSR0E6u81EZEPZZYVcwoYj2tHb8C2HwvV8ryiVlyzxHgA8H6RLOxg9kgf8b22QheilnuQ&cid=CAQSTABpAlJWjiLC6cN0y6Af-KVXk8DBkmSzEAbYcieNmu4lAVz1VLLZ_paAOVfDx0eYlW3te2SyfTWQ_evKRIWjp9kxnT6cOhSshvccfd0YAQ&dv3_ver=m202307240101&rfl=https%3A%2F%2Fepicenter.bg%2F&ds=l&xdt=1&iif=1&cor=3755509232437121000&adk=3047537735&idt=150&cac=0&dtd=4

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Sat, 26 Aug 2023 03:41:15 GMT
content-encoding: br
x-content-type-options: nosniff
age: 382386
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13692
x-xss-protection: 0
last-modified: Sun, 25 Jun 2023 02:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 25 Aug 2024 03:41:15 GMT

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame BD87 41 KB
13 KB 30ms
29ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-DBnWQWn6glC6WcOzTxl7bEbLhXIgzqBKbcWu64KG0EZkZxyrESiS3yV9j_ny1lq51pA5obj7K7ONjHFQkq2Po3b8X5e3hXgSKirEFg_zdowCPmCq4qfv6NB7YX03eM2NRMs0As78Y3smKO63BhEUPN0K-pacHCN6KpuIfv_maMohPo3_U&cry=1&dbm_d=AKAmf-DbfK3NVXjmZD3pgNGF2HgVl8hDOoRyrQPEypAp1hZMZu3hBdwZDgkh25nKwnzg0CoVpKot3EbYK8AWf2YA2R8MpGd2OOICWu0TJQ5kx92Tz2YvrzE1KibYg6YW8ZoXO5ItsqPNFaUYmHRN4MNys4ixbIW3M0ojy7Mt6xTnyW_0G_0fUZHHyb7En-2KyDXqbaV1_BMWsj-me9gdrKoVIHiedqPDdbnjb2xWteBqoE1MdWoLXviwpJCw6FXqJhBX1cPgARksTvPXD1yOGHCALpuOtV8XQNO2AK3GAApfeeFdJ8NTmAgFXSDBZy2_MaGPrzXzE7DGoXiM2H4mrLzOoja-04980dcpGzi0BRNr03I0_7bXa_rV6Gt_brmFnaXpOV3tV_fMYmtFBdP3PgFqlAQsglkZMH366lZ900kieu-i2Y9a5E_D-orUufv_-EOHZoj8tphOy7pe2Cbdcf3o7_ClGkCpGMOOfuY_xinLkQd93I4S0IkOnK89WSbu_I2mYVZAdRv6dPrCcz9w2ZTHk6yZO0_l5y5VgFSdv5B23WZIJrgDxzjzIxWhd8ZQTpGS0NP-H8KbfaXnca_VtS_C1n63p4UAEHwuGyfJwsRI7AkHWtwhwee2y2eYUJJNdg_yOZp4ueR3u3M6rUSyz81ZNWNqT3JSy0jDYyhc0YtWhfxniBsS0W8V0Yb8-lnqkKjFMd_5yXd02NgDtwAkVIzo0GG8E3TkEmKRFNv9AOB6HSPfzHt38tZn0KCRM9TGg636MUY2dAv05qEZKwA353PkwDRRwlO15SZ9JVcVL3lW0LkKVwg-sLmCtsv_9oc6tcEOBsXHFijR2GjwbWTTMLpTRNp_Ge4B11WqPQHil8dV-kkkYT6D13GuQgUhtbKlxIWl2VNUQgGQvj-MZTJZYBrjE_cG3XiSmgDyK_jTiu7kDo8P155w-0xx6Y5wIv1SFnRvwvPLl8EJW1fHVaBvfdI3qqy0fEcnOqQ-oi0bN35ppYnQh0h-MFE6k9ry3EMUoFdWRGjrfP6dicuBfeD-XrIE4w5ikg6DwoOj8QdgbO5QQY16ehFe5FrM1F9OmB4sF3FNFDgzaDdYcUUl1eSUqK7l2KhaKQR8kZl4q7XHa72oAPkrjtohoT1X0ThCDRGV8N3pkkZtaSYBaKpmKQFdvWlRo8CY3zo3CBTfvKdsXdOe6YSeW_5NZT34oNdADvsP2EmF_G1-pJ0xNmGIEIkf37ZI9MLn1E0NQxErPQPcn9xuy81pE0QVkep5bI2sfktvZV3CzRcRaDsqeJskjznUlCnLKQTxOlQRZvf6x9DnXuttTQMf_7GFFbV-pRA4GdTv_-GVztX3z87m1jGyC4Sj-v5ErhL1TKx9g2qMQheplJUQ_ctKFOQdCPJ-GqYMRoOnp3EhezpougiKnHef-UYyHEFXSwa4DzjrBlXAKEsEHzUdyZM-RmazPeNHnQY5oaZaAxuHLJB_Jj1Di73Ox2DeUv8ywT4IgutS4niOtvgKzqHRhwzjz3mrGOv2Dbcy6i4W-e0C-kD45_oX5lURLQhS4OEr5182tUIFk-sXtDJcxtdmpk7pZV1W3KxBALwwcH3_1FDHS6HhcAE2uqjgdQnK8Kg6-QuLluh7REYu8-cB6r1RdP_0OBS-pQikHSEJw_6EY7HZkT5YcmhnQzqETaomiohcNXGyw4_QCJeLSOZLcnOA4l-hoWMJSO25yrDnNBsEue_KYaw_U6NU14O6VTDewp3fpfF3VVGdpKsDvAEwYqUV5pAsalOuFUaGHvuPrjH813HmxPqY6g9tkrtoafj_O2QjRBbyGvqyMM4hOuEmZJB_aq35wd3Hv1NMrxDthbPmdn-p5z6Gx7tmjShin5itED_3yiDH-TgNEMWi5n2VUbOQxudJh2lA_m3Kg7OwHyFk6BB3VaHQfVLvwnYUD4dRiZg2Ak2hS_ec7JPopHSH416mOg6k5UGpC9Uy9I8_297Zz5ehwwZTNytvWuJ3IUYAzrnnSezKUo0aoMt2BzoT1Ta12PCoxEoSPtNFk0ppuuR8ldTBv_AJnTsfvi43Bg-4o_o7vinuE9P2dOqU8ztmP2FoxGC8cp4yN0dIaJ0jGuKtWPaqxKIfB8K9e6xcVs2Uv1910wNTmnzrMSbadhFmgddCMIucRv2D3x_OQsxhNahwwNZNLUR8U3UbvEYnCQcp0Nij-Yq7PrlIXVLKRS9kCOJxfhUQFsyG9N__nq-lxeeM9duvsyNIm8kVGgWJhxm8Z4UG2ARALoxN4XCrv-PNeqiNBkwyK70VkHPScILr4AK1GoT9Q-wbTpk67KjrTMeS-wGUu0T9hpJHrpS9RLrjImpWtfHxZSuflW12hBY99nLxJ2p8_MpsDRyGDkzh0G2fOtiig04jFklgcjIBQzbZAZQK-OH8c_gEV1DIMdjB5gI0Dk4Xr5ESpmL691LQy-vF5vv9XOoa8Pxa1mtp1HdSd7ZNWxT0F6N5ppqzbSUuvfgX1tjAz3QJcXkNxIecCgnXa-eBhBor3FH57TZkp39wGyj2i3tnDttRpGAU2fmPuNldEH3D82g3o556xd33Ls5MoTv_McqiDOV8bjPV_QRmdlDiR8LV21tCwiPitly20oeGvKRlytEDEs5MMAtoIgaxugvVixHXfHiie0dQlSgL3laSIOeyrtJYl6EBZUmyq4j7y5k-hUlGtLavEHQ4Do3XJmYXoi5077hfAj5V78mrRYCTLgEW1Qwdp1YzAyJJiQeF15vjo0Adwm3RVC0GHlYAvnHTrY4Tyx3jb-7-0Zpmlct_qJHemg022DxVOmYG4gTyZFhfi4lb8m3vhiiEqKB0itROXin-kpk-t49EAExzhrtyxquzJYIZi2kH2weju2QRxnY7inqD5_weHsqh5ss5LY1o5DkEBdbyJrK8IASg7y8d-qcRhbXK3853q_CERSpJuSM2CT7XtwsCr5rtTk_3tBilVGixgvmt1rxkqbwOvOi4a67-lad5kR12VaEUZJumpVJUieMyJU0JU-ittNCowmM2nhkRUAxa6GKzwdtXVScDq8WNnupSUUliuXtONixiuMIF8zsIPAsSWQ5ZKL0ZkXCy-b6VybAfbE_giPjrekoBKcSbdQv52tu6uObnY8-T9m5J2NFLLdVnxSeoX-S3i28SKwOcEyILd6PI3eVOZIpGWVgHmad0ArPvkkath-2N-uZxpjbzNVn-_jqySjeBX1O4tYQynUx1l5_VZFvGPK2GV24T1_KaXhZlZenfY3fbhd_rqwPBOhxa6JVpspK193bl1_er_ohdpgDfoBs_SJV_St_WRilyeSI717W7iNU5GHqfdwJC498ILrukSiZ9C7bEdAthwBf-Zwf_aruBhVNSCJARgmJLLR5kAlHW9XS14Dico9mfe9O_o17kwp1ecHSjnXg5iKT9lyYOqsBHX6CSrHQW9KiQebA5nX9ak5rCzj8KvRKYxJ32tZDPSRHnYiLDXfKt76qskX76gyh9Fbtq7YSmVw5Qsmxgs7r5nnDhNgGB3LpALupOAFyrRyjh0EbaAa44OWpUpJnM33FMtDOpqaW1mZnVaX7h9dKoN_yQxo_UORBDWiZzOwdixlWLMBD_q_lw1X_tdkTKV5_HnGeIZZCr9DRXAx7kuY4LCcBMkHfN2aOk1LT9B40hYYbggaeNu2F0nTHokiDC1oC4LnKzV_ZPf10UhvGny12zV3JhshBnMhQXtondw8NGXyHMYxPvxzkQcHtq-K_7d9Q20lxV7aWNGtYtClMeCgQA-4qHlw_PKmHpfst0URPyssDcvm7KQMj3hxsGvTiqHoxA6RTGY1m2WrIdDV3xw7_uuRu70xwTXvG9bkmghZZH3P1ctBM__4XAINmaqGYY67x278T-vEe9UUsppEED2JaUchcnEcn6srRr1CQOHubTLj5pjKGLNHRQ1VoGzHfdmno9B-C4mW0I7NNMoKEJpIZtcd7FBtKm1n5BCfZywQ0Jp867ljMFG2qnaN2K-T8upUFU8wEfHAvj7yaq2j0&cid=CAQSTABpAlJWjiLC6cN0y6Af-KVXk8DBkmSzEAbYcieNmu4lAVz1VLLZ_paAOVfDx0eYlW3te2SyfTWQ_evKRIWjp9kxnT6cOhSshvccfd0YAQ&dv3_ver=m202307240101&rfl=https%3A%2F%2Fepicenter.bg%2F&ds=l&xdt=1&iif=1&cor=13207843948640830000&adk=2228999115&idt=235&cac=0&dtd=3

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Sat, 26 Aug 2023 03:41:15 GMT
content-encoding: br
x-content-type-options: nosniff
age: 382386
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13692
x-xss-protection: 0
last-modified: Sun, 25 Jun 2023 02:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 25 Aug 2024 03:41:15 GMT

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame 1425 41 KB
13 KB 33ms
31ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-AV2FqTlyyXHgctGpjXjoedux3vSwE6MmEJWFci5jFOfr-5RsotQU2K6AbQNQZnAdg9Fv2FWzUGLIa2oySYUgnWjvM81ja3kktTZFALkShgJ94EMEAfV3TcFUjlZ9SDfWy2QYwS5V5G_LUqtstu2ud_ne8y0e2Otm-zB1nLLfXuw9AdF_Q&cry=1&dbm_d=AKAmf-DKx1OHP5m82MzjdEpii3EMpTUdnclsvEW3aJzN_wiibLDUYvB2A5Lp8INbpwvt_1PWf621V-7DkESTAIcPgLHI0-wUcWdgSmHldCn47d3XgnkjGPdjSlqurce8A0tUNyhtvyYGyvlOaAT1tJRNjWmPNS5IFeJ_YtyK78nJziP91lEZ7heJcZAGSv_ZRJThSY5O_TFWztcDtq-Im1e2GiuB7ZXcAHACRmD5d_49t1J0LTmmxK3YPhGdB4Fcjihdh2i8EGbjaqWw9TSJek7o8rWJX5XPiPM-MTBRT9aHXAHkOvs7MkyLeFJ8G0Jk7A4GjrQ9zTnoS-eEdlR1w4klxqbid83wGjrMXqhUGCQCe29mAlJ0DA5oXNVQU7EYomopaSefj_qR78E1_Leu-Dg2pqHhADAyxl2-HT0vHwvMROvuQywmdhPVdf-unPm5BsmQjormOVvarEuZtoNL-cgxpPwOXduBxee4PVCWKRtidI-8Ea-oW0q7ceVo4AePdS7Ryrshl_y5cSNxaELyyyFAc3IZN19UcNxC8N22G2eulGkrt2fRnBPZANMcW89sAMR7ooqjGs9MkXV03liurN3vzDzEIppR5lkHCclH29JWM3C1O8ATIIE0ldiFeYhqaic-0b16w-FMzkToEzrVXhWXHKoluQ7QRpgWbfaeQVgHfD5t8MJ9OTQOUWjJIUkNfyR9VXYOD0vpuf64DOkcTpBEy4qHdydfSGg-Eodrj52ketPULyEBmXenJYIU3pzpS3F-4ly8Q29a4wYpga4_YzjkonuHmSZ9AI4nHl7BorZbsjZpvPGcDPqyRv5m_qvuyhXObLz8uhUnskUd6aOLG9Y5V37h2h-VNDmotxp--rZf8b21RxefKnZW3kDisLHO9o4tRLByuzXUOOmr27HjZxQNnIIcaMHn1_kLo7IIe1BcMLBwAB-UP98_5_NOZeuGvds9X7el_DQDv8iAr8dEyCOKLWzTCny2RSDy44NWo5UDfNml4NWM5s6O_BVNKjez-T9nm8klZF7k00ebExtadPYDqcYrAtVGP9IRDzku5XtXp8S9MM7Fgow-Yqoh8L9HXEnunLNBRuxRma9zOuzYg-Vjk9BInBtzSNX0HN2NmTj6SGlTvsLL8TXH6iScYakkL1bZr3dip9Or09-Qn3WTTZ6fmq3rzN1_IbU7yEBRFkyo6LOUqWuch0n2u-MlQK69_r4bP29eEcOGgpwXKHJy7F1uOBhyEn1twORHpqsyb5XqrYhVN5hCUzVjK4QHvlC2umtsMBmjJCyefy9BEUFhPb1GLQUjfoktAc_CjoyQhnbdaOpycnLJ_s74wjA_R32XxQ2d0cSeNoAvmnp-oCJdMyfjnxEKP-r8CW_ZYMMF1e1Ykj9eUaAgAsskkA72RPKrvSKa_ZCDehXCVlPAQz1kIJvm3LG6mPpb6M7XijkKK4BVPyaGHHbUc5NH5r064xPVyFjsf9Zwwo0TWBXc8sqZh32Sw3QA5tXwMaxtDGOZ0Xdux3hUXYszCEPwO-UVAsbG34yV0TM5e90xlyLffSWqMYylEZ8VunOoqQEMhIQVweRf7UDFp9HdW_4O40Qn81h6j0ZEI3I2WsUoglPYPOcvpcgy9jeY75qvHXhLFgJsYsJYuoUT1OgjPJ2cxmaLmTsxecXK1e9KC71QGGeybHCfkpEUrgHQASa6WgHrpg0xiKi8lz_21T70Dy0f9uBE0d2XByz2bmokeChCcRz7zp0xenmf07DSphMEp5ozWxF_o8BEpeBRbkgg5LtnyaPbwnaN01MNxubZsHZ2Fm-V_Zd4-BUm0AmDmiXffncZ6Z3yTRXjcNNSJ3BRMcunICqxYv9cr3mJYMK443hlOhIfvUdJYHy9LLK7BF16OuudNSUQRzFkHsKJjcx4u3clDRaVCt3IcTk-RVru-8DKuAnEHPabDHfMtXDOtQXo0y6xDg7eitKaeHuoGvA4lR4pD2Hu8qFF_PqoYrkzugX-O3AD8FuqHjWLxCYLonTjdpVZFKjj7MjYurTnZmbNO5ikh-5Z8BJ5cmxWeUjJcZdGNfRbrUtYDfVZtHhcw686kqr6MPey6991rY6crZvDIrXOiPXv93WApgivoE-4o1XCgjTCap07mD18HSO_whRCoWf4z7YS0ED_jFKMrDmIi9a7WvuTnoKomdiheupjmYM9vTVyRRlMa2r8qyesqyjf7TtWSTGBLG8upYgZgVcTe-SkRZN1vTN51vyo0e77xFSYDngQMkl93KuNHSDSlfyc6rnqJVQeduYeP_uMGGbHYzy2vkDKjMw50J8fQdj0fcMH3wl4lFuMJ2Zjxix1CK6eMMAt9wPjuhdqje1jPb__DYOfl0WzzH0ZIwoAe0FpU5UQ2go0RiOs2T1sQuMM-0RwOZL-1FYETULZn7mU3kSJKBtjzf4m48qxY71P-dPnhZunFIdcLK2OSFrjEHwyNHVFVwhgEXe0vCrYIA_ultLJkg96a8YXtJn08lhJPZHy-uFwr7wQcaYvcj9ZqxCT9ZgVws5M2n6SEDGIWFq1kX8mTC0HaJ6Yn-lKdykwitA2KUxH2tWT7yfMm5KobrM5r4V6QIFHiT-DhS6q24WjoHYuhHMKrioEkkMuxHwpm5JFiAYICo8Ch6zLsUf9AMti3KyYplWifrpLjx5r90xU91lL_UU_59EituQ-G7du5Y71_1yW2fQck1XcObwT_QCTdvDOTbYir0SvrTWbKkh68biIkd1oCfd5aQXVOFssk5AtAVOKBperdDTPCq1KLNuPls8CjCD9bR9fWHvBWmVaWRALuJ1-jg_NJp-24qX9vDhlCAATF7oCf0Yg3ay7FgN5Z78qQVKv6OSO3hNyelTTsCLo95S16bNuihkOVNx6kx_pIWyO-2ETl-epBUPcwex3TAhqRiWfecGKRb4WvN4-FgUeT4TDxtkuHIcRXaqpG86uQlZdtxyhdJJR2FPa53ZD3or7_-J3psV4vgjlZUO_q7pDS1rNOx-tEfKlsA-tdIpOnOFLFKy7XSKz9n8PmVhCaf7NN9Ymav02avt8Ds65ckqYiwudz1eKyzYyeWZKk9xMqjLSK4xa61QQdmveqM5k5dMmoZkVXk1OvG6bAa3j1rlxExvZC-c6LeA8c6QJt2BPtlcMIcRpBacy-mb1GX3ldHY7IljrNZTKzyNqk6uNd9JZ7H_qrT8kusWtqJXnXDvCzIdSTW8iLeUecEfNcnYEI9Y5pi1SHIE83LSzAbEIR0xKrfGTjwjWiZuTR1Wnrr9z75-YN1s3TBucLLmNOBYCasSgxcLyluvWF_nTVOiz7UxgNLLQXQPudVwJ2gthKtmShcnajywVeUeehAvJEphtw-XcqdMFiS55KuwRXkojfX1Hdj37IQ4c0D8uv8Ubu1wLZ5tP6BjaoEGN9k29he84bKjdMIPP9S5SqLRwO1XT0JUJmETBoPvbmpFqULkY9NjYVEd22gn6WaJfPJg1_3yNbV7gduP8B9suAhc9YJ8Y9qlbNIXpYDGXISwXBr4KSF_vKEKz9Lqo0T7HaiGfh6Nwb9j31AYb1nZhftTVYQwPl15XpTrlsoeD8BfswCcmUpXywW70R8XFU6IhpbFXCl6A9sDrKfNScALAPeewuOgp5Ulm5lZjYP-765nXfHbGB_oqipxqmGxK3a4CLrffxvilZ-GZu7B7Lk62Lj9loz8I7v1EquNgAfyLAOTm8fi-u6gF7hybpVgLpPeR_RTn1f699p-1qIqrV3dk8yXxiBl_wJ4lbzbhV0fpKxAGoMO4E-Q2LVxql2Pk19tWU05TDOhyKzH5OPfhy76dxJW3FFAPezHOo3J-zbiv9pozP1Jie78HPlWLv_Os0zZfki_81QOuG6CgOSPlXhsKEMPJgUJG2-w88hiaHZ1t7Ues9JMMAiyiwh82ILWdgcGF_avkBBkoHMAvoxPdCeP4vvnxVnXMn8hUzQB5EpP8bEmO4-X7vo7jMWik993Pb0FxBNuJG_NTZVnhPoYmeC9rAYbqlEDjoZDRyxk&cid=CAQSTABpAlJWjiLC6cN0y6Af-KVXk8DBkmSzEAbYcieNmu4lAVz1VLLZ_paAOVfDx0eYlW3te2SyfTWQ_evKRIWjp9kxnT6cOhSshvccfd0YAQ&dv3_ver=m202307240101&rfl=https%3A%2F%2Fepicenter.bg%2F&ds=l&xdt=1&iif=1&cor=15613628907982103000&adk=943508955&idt=167&cac=0&dtd=4

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Sat, 26 Aug 2023 03:41:15 GMT
content-encoding: br
x-content-type-options: nosniff
age: 382386
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13692
x-xss-protection: 0
last-modified: Sun, 25 Jun 2023 02:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 25 Aug 2024 03:41:15 GMT

GET
H/1.1 200
OK iju9wczm8trb Show response
hal9000.redintelligence.net/zone/ Frame 2F46 11 KB
4 KB 91ms
31ms Script
text/html 138.201.84.244
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal9000.redintelligence.net/zone/iju9wczm8trb?subid=&gdpr=&gdpr_consent=&rnd=1693403660233306&extVar[]=DV360_SSP:1&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCezr4DErvZNqeDtKWgAffzr3gC6blvaBprZWcp8kP8C4QASCglrcuYJWK-4GUB8gBCakCAHcZnNREsj6oAwHIA5sEqgTnAU_QkdHp1M4c3fOvzHQQySPbZbmSXNxwXrdpdDOz5YVQtUzjYUXDkbZA1i200ETqESmDYeSK_ldmk0CqNtBuruOulPwXpOS8tJxqkryJ8bC1Lz0NSo1d5rEMamLR72EL7M6M3_cy_1E5OzHLM-AO4F13MXV9YmZkFIsx37yMmAq4xCsx4gbIMDA2Epf1r13SzVk2TeD-w4Id4Y7I0o7GClRFS579R6n9R0LVMckpdpjjEGnD6XvJ4s1_vTvAp1ASLuaf-_x418bFvDLZR4DVV8RLbc11qgpbyeJnPiH4R2IXl-2EBGWtkcAE64_8jvcD4AQDiAXvr5aIPpAGAaAGTYAHrK31nwOoB9m2sQKoB47OG6gHk9gbqAfulrECqAf-nrECqAeko7ECqAfVyRuoB6a-G6gHmgaoB_PRG6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggWCIDhgBAQARgdMgKqAjoCgEBIvf3BOoAKAZgLAcgLAYAMAaoNAkRFyA0BsBPMnNkS0BMA2BMDiBQB2BQB0BUB-BYBgBcB%26ae%3D1%26gclid%3DEAIaIQobChMI2tSEncSEgQMVUgvgCh1fZw-8EAEYASAAEgLFRfD_BwE%26num%3D1%26cid%3DCAQSTABpAlJWjiLC6cN0y6Af-KVXk8DBkmSzEAbYcieNmu4lAVz1VLLZ_paAOVfDx0eYlW3te2SyfTWQ_evKRIWjp9kxnT6cOhSshvccfd0YAQ%26sig%3DAOD64_0lQRz0i9QvMW_r9FBdk8WuhiBsNg%26client%3Dca-pub-8786690744144524%26dbm_c%3DAKAmf-CtgoUckJmMNe_KcBhilP0I-HI-wa91kV92X7ndm6ONanqWd2Sf7-z-3wiF2HaBOWYyZl1jhBL40--2JMarzLKbbTpeiS2KzjmeN6cTi6IZzFU36uAol8u5Vu9L3ZtxRNzuu0T9H2zhfnGvw-0WFGnp-xk-I5TouUUz8ZhmZqlvnaNbMvg%26cry%3D1%26dbm_d%3DAKAmf-C8CwT9EclNpTA712891HeasXNIBNzPgeJCL17I6X1Wz3UYwJQ5e7C6R3hE5Ykd_QNn6MNM4BLc0ArvYxZUVVwk6S-t-ixp1hXrDOIDTXAaA4e1gfeqSf7_ztxBrB-0_BrFd-u-povDGRwVyloz06-HSHmNWOdljN5PIKyNfrCYHX3KRl3wmFaf_ncgWBjgL41-wJIgJoctNT6NYlJvwsGHXn6rXDZkBL5S9m6UymVVjzbSfmA02e0KtuurtrPGignfgKvmGT0V_137BZF2A9Z7ytxTyz0Efi3CYgHk6ril4MygYcRQamV6uwGi2LKXxVuqIwYf9rKqN9uZezrWcloWnbU30BzlwLFHHcLyn8_HA29zR8aBB3ZP8bDNrSEmbV27E9RExZ8TZV_IG8XT5elZEJNr3bslShmkHl1LdfISFm-_X_W7AXtt0in4YX-BebvxQ8ji7Jz_tUeWmnk82g26JIx1QMFv5xSQ4ZgGcbr_TZl0cJhFD0S6dLYMXaUwE2txm_L9%26adurl%3D
Requested by: Host: 10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com
URL: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.84.244 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.244.84.201.138.clients.your-server.de
Software: Apache /
Resource Hash: 4de67c3e9f8631b62b9ebe04f11b54d54aac73d0372a08297490357672d70c50

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

Date: Wed, 30 Aug 2023 13:54:21 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 4152
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8

GET
H/1.1 200
OK g72h7lz2c4az Show response
hal9000.redintelligence.net/zone/ Frame 22A0 11 KB
4 KB 87ms
28ms Script
text/html 138.201.84.244
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal9000.redintelligence.net/zone/g72h7lz2c4az?subid=&gdpr=&gdpr_consent=&rnd=1693403660233308&extVar[]=DV360_SSP:1&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCjZb9DErvZNyeDtKWgAffzr3gC6blvaBphZWcp8kP8C4QASCglrcuYJWK-4GUB8gBCakCAHcZnNREsj6oAwHIA5sEqgTjAU_Qmh9bBCPyIP8kWY36IsJzdewCN-EYWcgx_HxmMB1woY3EmRZAY5CY40WXUEF8xlCfYMalKGgnKu4sPXnDjQ6r6XxuuJyavuBCoSrAx5CrbcmgeYU91XDgYo4PR5sOSKlFu1MxiiBpnA33lIqP0nwd2C4LhaK436DHlTyzEEViS66ou-hV-c39SWDEqUWb27ORQJX_Z1PWyQb4dXSwZOw9cEGmW0jfSrkhtBjDfiTZzC3NhcoExics2aFJ1C7QVJ-zOzqsiAPUl_cIF0aATWasLWh0QUHSSV9z3HlptfqpU8oUwATrj_yO9wPgBAOIBe-vlog-kAYBoAZNgAesrfWfA6gH2baxAqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4bqAeaBqgH89EbqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCBYIgOGAEBABGB0yAqoCOgKAQEi9_cE6gAoBmAsByAsBgAwBqg0CREXIDQGwE8yc2RLQEwDYEwOIFAHYFAHQFQH4FgGAFwE%26ae%3D1%26gclid%3DEAIaIQobChMI3NSEncSEgQMVUgvgCh1fZw-8EAEYASAAEgJAhPD_BwE%26num%3D1%26cid%3DCAQSTABpAlJWjiLC6cN0y6Af-KVXk8DBkmSzEAbYcieNmu4lAVz1VLLZ_paAOVfDx0eYlW3te2SyfTWQ_evKRIWjp9kxnT6cOhSshvccfd0YAQ%26sig%3DAOD64_0Xub5oH70KO5PqjfX9bs3B1gutFw%26client%3Dca-pub-8786690744144524%26dbm_c%3DAKAmf-D0CJZisbT7xp7HGBdetBoHZk8aPsd0qPwixy1U51oT0Ywdc7u5sgLuiZCNBiWf94knWWkvSCvswjD-nlSFORD5xAKHrqtco-7U6ca4f3TeXj1tbP2mRd7lbymhHqFYeU5iCoiSefDSpC5EoRGrdvzlVtuboEEb5i4gPb9YSk8hzdfCBds%26cry%3D1%26dbm_d%3DAKAmf-Bw-qs-vM048qcIQNoFt5DPA9BX0ISU4h050Bju4hHRjnWU8HmBD1d1TEVsxi96CzXV6nO1t9HoQnG_vVP42WgxdJEoCNu_mZMdabFZdVva4C1tLZxmgL-74qb98amI7WKSVkSfHp--s4am7h484qbDupoq8jISMA8gbO_2C5hhyEOtD1S78jmYN62Rje0LG67gbKI2oMaoUQzeT7pGlJHBjQ5t2ubOEzI4lswyPQb9vqGAobaqdCfd1_zdxh92v3i_F6mLgf9j1ZqKzlHoKEQT9YbOtJNUm9FOFGFVbEl1C6E32e1RaAamQp8bSu_RFS_IXk3_qUW5MzL47wRe6ssJL7Gw7OOk6G4HfrDOuyxNP6Qpf79jbxEU9xtMqqivlMgQtUiv3VK5Vsr2nqvKK6-UvxzuBTrave-06mScbDD-UXWFSQYvPVsw-wsyiH90lMdB120aGcoSWOfKQQ3r3tLeAAQCLZzehgjEVWl18ojZ53fbV6xX0FOiSJD21hJ1XsyOFIqi%26adurl%3D
Requested by: Host: 10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com
URL: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.84.244 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.244.84.201.138.clients.your-server.de
Software: Apache /
Resource Hash: da5d4de3e6663568bd35186f211ea55dde2d442ce2c7ae619203ac587b46da88

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

Date: Wed, 30 Aug 2023 13:54:21 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 4148
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8

GET
H/1.1 200
OK g72h7lz2c4az Show response
hal9000.redintelligence.net/zone/ Frame BD87 11 KB
4 KB 87ms
28ms Script
text/html 138.201.84.244
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal9000.redintelligence.net/zone/g72h7lz2c4az?subid=&gdpr=&gdpr_consent=&rnd=1693403660233307&extVar[]=DV360_SSP:1&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCPsDODErvZNueDtKWgAffzr3gC6blvaBphZWcp8kP8C4QASCglrcuYJWK-4GUB8gBCakCAHcZnNREsj6oAwHIA5sEqgTjAU_QvOms8IisSeCve-__4gSEnvAzlgesxogxBpHvMhCA8_sJQlycGZVc0MuXlykKSkNnEw1gyY--F2zuL7-mmOJJeCPYjPLs_J_ujPukxD20KrgWcGs8c_pB2vfzLKcTdnccgiHPYTg4Tjt-s8VcEg8W3fo4n9JuF9QzcAQmBj1rep_j03KnpELJq2GFNv6tYw0Hcf3-8XTXeaUZ7GEgRmQ1XD5V48lw-F6CvEdYUXi-rqQX83kqsd5dv0GSd4X5CFkGyFvY2NBxRKHCz2sjurWh73aSkVTRg1JUHaU04x5BuIYqwATrj_yO9wPgBAOIBe-vlog-kAYBoAZNgAesrfWfA6gH2baxAqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4bqAeaBqgH89EbqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCBYIgOGAEBABGB0yAqoCOgKAQEi9_cE6gAoBmAsByAsBgAwBqg0CREXIDQGwE8yc2RLQEwDYEwOIFAHYFAHQFQH4FgGAFwE%26ae%3D1%26gclid%3DEAIaIQobChMI29SEncSEgQMVUgvgCh1fZw-8EAEYASAAEgKZavD_BwE%26num%3D1%26cid%3DCAQSTABpAlJWjiLC6cN0y6Af-KVXk8DBkmSzEAbYcieNmu4lAVz1VLLZ_paAOVfDx0eYlW3te2SyfTWQ_evKRIWjp9kxnT6cOhSshvccfd0YAQ%26sig%3DAOD64_31UEvVHYKrXrBo5mT4EbNlyduduQ%26client%3Dca-pub-8786690744144524%26dbm_c%3DAKAmf-Czolb8RHcrCnoHqUEYCU2p3iPn8sy75wqVFhF-SNutxQ6dAjQjGrrOALFNV75dLhBskM2nxMR5zpcCdIU1XblvKisZo4mxN0G8rH_v05vymgmE3RMMHZEelbzoZlag4fsum0lVXhTT1GdL3BoPgaQwEnFPxMOh3qpuxpMYgZTAdMh0QgA%26cry%3D1%26dbm_d%3DAKAmf-CS0gdS9VSlOB3rHFSA0iitUBBx24gRHAEl0rWEjz6fLlQL90uZf-8YPeOKcD070KVIh9NAB7bweNDO7FgcYksvES5xFZ1Up8D55xZ_hXZqYeqDG6wDzYeByWDef3b96cPz0cuPiC2MUOenGmEOHuLknMxV_d1xDpqJ47Y2pJwNl_zPDrzW54wSFm9NRRfMcTGToKOWYJuJgpynKyHXtJyfy642xfw4M6XGYqkrU-jiobi8bQT_WORSdl7FqmkAom0itQheC7zuqvQjzQDJibJAxFHxdsmKFwRev0mWvrsspj41vEJ2RXm4a8KApvCVUiiKt2gmXjDAm448q-vA6WUuR-lNRKMgnAJi5Sk0TNta0CJ9bTCCi7CVUT0aw9ZH8-ea0mPSX_06-pm3TyIlD889LGu0TzSHsi4OWwfNciVlse9HmPJ8QFL--0A7lzZ6p-mzGmNdEdLtrPUTyxlzJGEzsAJBjw4vSkz1HEBzh_p9B4MpamdjueVsAmOTMiFHtHtEnwVR%26adurl%3D
Requested by: Host: 10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com
URL: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.84.244 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.244.84.201.138.clients.your-server.de
Software: Apache /
Resource Hash: 3c86f1180bc1f0411600032f0e5a94036a42ee28e4245fbf2c95c62ce99b9cb4

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

Date: Wed, 30 Aug 2023 13:54:21 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 4148
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame 2BC1 41 KB
13 KB 32ms
32ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-CSzgWrPbTGiaxJHF11HPdTlE17HZh0e2wXcGeqF-6yesBbsyyto_MVIQkJWHO_F70NHkthkwHBWDL7pKA0QP1xs3AS25xMsyH75uZrJevE0Kzo04wfaLhEA15OupnIejuyNe_80uOBU-oqj3EimJQ9FwRfGIilb2_6tlGJA2JEi-PiSdg&cry=1&dbm_d=AKAmf-CVWiCmLazQ5tPp-tgRp0bgEgN8TZWmD20lYKiRpOaNynIYaQ40eCZVNQQkM9iwuIdd5CfP1_GyOkuCARFZ6x0Dh0KtdNa9IM4xqfLXSdzLFZrjxm0pc1b0ci19jrlG72U40XfZJD3oyMFHfwab7Pvf4XoSUS8ZLh1LivRkctNyglLrgzUY2LlblPC39oWc2uRpeAFK9Vg8z20rhaiveU85VLGdnZMH5cZYqFE1mhQVcZ9z1mrGJQwkmvel9tXJ5cTBxyqtja23Xf9MbvsR8Ot5_se3e1uzXbOsDAK0jN6jQ0PDpx8kYunAyz_71EONLK0TgJX7KJAQF_BlGn1gq24L0OjA-vB3HN4fjdXAOckoF3sc7P-Rcv7MZl8959WE1opS4VGpoiFy2ANz8W8B2hFuf1xbRiiTAnkky4Ml5hcOuQ5ceSki2WstPSenBheUexkvRuxe6drXFNGyFgqRBRIN0GEKbJKaHMqOSvmyVtOR6rsuIrX_VQ8trPst3Ue2HiSmlPIpzjSsrc8OwLY60BReANfR6iCYXQhAeB37h9eT8VKCt_NjF6ANg3Naenh6rS8fB5xqzejLVIwDdY5HKIIZrwfWoIqrY8j7W0vjQl79Opu5teGfNMFYZeYqCOap5assk_Vr4-4Jb9CcFMtLkaEwm_H2eXTtIBSyg71--WmahoECCgfdEtKb5qRe5VfJHc4TCjzNFVUXnNcJZ5HePbr459eGw53v0L6kxe4LogYdvXcRomi2CAmrr5yd_BBh1FWLdRcGeubgcCf8860F_Bl9hjiTNXmS7nN7FOwZmZC-KfXBRiT1AiXUmPjoN8e5HtzkW3NcxPbYHN72xjVjI8EWasXdBknNT4iA1yHlY2g_oYWjqjt2N-bU7PrXGgMA-PuoL1bH2GDlSpGUlJG7cWZjJhSXOaY-4Ls6aHFhWcY39AwEJEC8KVESDi9AOQr5B2JGkqe4rZfwSFKcr1am2YKCWwk1ptsossbAlaaI_0nMbRu4SSv1UVkE6dtPMwzP5P1O69okomq9SQoQAw7cZJHHx2577-sd5cWkP5DygvB1xIIoi4kfuXQ8yJZ5quzvSL1VyFIdLKWfZQhLREkASlMZ3qQqPa27Fw9zps47QVeZsCPhQHjEmI3B4Q9LXjCbUItCPV0bsqGBI8A65Wvawta5_y92bR5vLe13hNw-1Dr_xouXoZMxl2_0lBMcrw75DFDJR6DRGt5NQHKTLhee8c4ADg-QWkn3Nnkd614jL3htRlYyg52jQYf6JeYjLWiHUEEaI8crlMQBOE3sgd1CIXRY692Bu5iH-RM6DEm0i07YsQ69_Mfr-43Z1YU2bzg8iDnwn6KUKA4FXVOaPPTKtYIVSCMD7ZI2hXXOwKJ0e8BIQNP_HoqmGxWtKUTvkYQ_i0Zvqja0JZN6j7kJJjHITz-7591RcbJk0UnChy4Fbe5Ry_r4fTAoG_Bfl7eyiT58iKcKjzmlRgRiniu9TyBWJbeXFwlOdUCvHb4ZTuoOn7uTRPkfavghhBZySKQ-TDFTLd7o9Nh7Lzfbf2N5N1rAW_l5YsEDnzIsF5MvB6dgDG1n9nwV2DnBmwyYchNvx1dP43VlsPk6h2_pIuGbqTlmnkSPWqWblYNVGL71rPTsLGXwHPTapXLLNQftQMzbzxhYMIsDegl4Xu3YXZH-5l_gxagL57A_gde5_zvXc3dhFZYeE8-J9zR9k56sK29KorXTzJn5ZW6j3RPGSn_GCJEZws--d2Dv5So61KouYdYOY5ZbI3wSoXNtxiYgArpR5liPAF9EdYEEhNTLYAuVNIzRtuMQFGsFiUEr1Av7-eye87L9jh2JX4dtI8GML6iKWgKkZBDYUvtgVqS0EEE1HF-x89gqzl553YkZ4EvDXwYrzmC17zdtQiHNEbc2UGRGJQVUoT7xoMW9ff-V9v1TRH5RFIfPulCc2-YLa5bmDf4jKkEIf-azucHPXdoShh9Y4T-dNzaXuPNzVjO0GgBwh86gP-ppK0pRdhQHyhNldyLqbI-4VsnuKr8d8BhVWTUxPLmJd8XtW1D8MGd9RpTjhEQMimM5bNx6CACaKXHkpJTSUHzEx1zBVpvx5Z0eHxAlcgOm2dC5gRjsBnrshOG2087-JpsMZTguYFYU9N79Li78fCLTamcVpTabdvKI94INLzTLDNylwRqdea64SeNuprsSBMyrgxzt9VNpHbJzUn9zujQK_9yMwGolA8hHaPvsD9C_xz-sKV0VykLLKlVLyL1-NMS4V6Fn2hXwQvCcgwrXoxY-WffMu7__81FR_aJetez-OpwIg6-lXJOuqbkbwqbvyzWVPxZtU_i238_72vU-PTYlyCiO16urooUJXXxs620hJIywGgpPnlhDQyp2QjYf6fCN-ygWpHXwMDwUa7J3zv6jKbbF1yqXB-AvKCcA-z_jrLUPbwYUnsPsumYlSzoyMKZpJA5duLTchbZhDjKOEYxj5gz6qz5MdxIrYopkLxxM1nnglpR2IeDKtNvHvXtqnbwNdnWc2yygBJHsdGYaWrwRcdma5626JDsLaJeq_0g7neI6GJRHBJlBO_grtQ-kZeL5J2ndTlkLt5PMZEXY3C6e-PxKXVEatvYao3HS0vT3OXBpfUBlPaT-ojsar5FBFHbCsE4AuPUmtEIfZMLoNih0bRbz514lxGVQ42EJOPE5_4UKZSjdDt0_UvuQka_wOVx3z_NPLk06YZtG1RQ88CMwcJ0fjeVQGr6p2qFXQhhZX6uwMTpI1pDRuRf4MIomAvafvBZq_H03-pyd7LTfOs4ZIhpl22RcqJEhdut0dlU2Z_W6QyhfYHJ2O8JCc8h5InWeVrpDaGX1rvxaRwCm4WhlPBtp9BVnIDyqu5_d6CFDkX-iIXqzcDdgwqBeU4DHzn36AewvPYQozQrY6ebiTrGuVphTk9y2tuPIsOHEhgAgC0xh1Ul7zzuM2xvKOuS3SbnAC9uHbVNXhnNGMvzuqbhVc-oWWPE82ZhvSI46q04ranYBn9q3BeNMwq_1hjwqdHntzHgmZVJTI3CpVpFid_xlY-twT9knjg_ilBY3cSLDcPZpNH2QynBA8SaEin6TN3217QXK4c9soKRete-kINQv5uGbGQ-TS7AcO6QsygqC1XPEI9FJEGLiBTPUgPjxkjfJxNa7yBKixDE6rRErlAbxNHLp8G4KoV8pZaS6WrHTE8SVUb7JpIhGnRrI8S18bWE5HTqdLv6-Y1RILWn1IJRU6a88JU6gsidQyoqQdAEFzYcFCP9x1k8pGw3mRXc06LAiDtem5I3XsOdZUl-05jx-cV4yUdmMbgpj6P7zq9WAPalyZs-FujHcnpczTdMDY0-loyzO61Zrobwa99TykEvRGJUXyk07912u-VXSmslxRhK8MFnJmKY1UlyjKkchez7qqsXm2DuIVxMQbvtB47E4zEEnu8ma3CqBRY9UB3BoH3osJXidglbXAMDqhik0Mama-IRvh9oKsmBM1STWdRq4iWK75_bT0F1uSLvm6yEqpBCFHhsH9Pj2itPBfky70mb5D5V2wua4Mk6lNgdNYC2EbfoERzhM-meGSjy3FPo58v2zLPQlCn4pRXi7PB9rifbpCWx_vf0xlKnRyjKootGuFRHxj4kOHtcPoibkUIaSJGGTphrso4Tz2R876GOh-qJlGy_fn5KhBmRxhUIivoax_DPB3Mmg6scArWJJNiSZ-T-_deQUo2UnQhPsrhhuKs93tQocLZtKJNwbFFF9ehwFQtqO_xOfe9hHf0I3of7c4x-mjMfsDkwoM5-ZXOLmOtezfj61Hvgm-bOxHPa_9Ynqtp_U9MgU13Uuybl8IfzrWVMoqpLaUdUKOHUE62k924a7uVgm831GQQGTr2iPDvabwZFrw0SCSfyFkH7VivWoOMoDSzam-yYzBBVNjRu_r5tdS7ISxIIfKKWL3a7z4x0xML9o3tw2IPccW0bdYBwwCq0pjQcPasxH2V7-JooXf-nlNFZuYfMATC8A1jddQsNQ4w6Wi9w&cid=CAQSTABpAlJWjiLC6cN0y6Af-KVXk8DBkmSzEAbYcieNmu4lAVz1VLLZ_paAOVfDx0eYlW3te2SyfTWQ_evKRIWjp9kxnT6cOhSshvccfd0YAQ&dv3_ver=m202307240101&rfl=https%3A%2F%2Fepicenter.bg%2F&ds=l&xdt=1&iif=1&cor=1310444133649392400&adk=2086295851&idt=197&cac=0&dtd=3

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Sat, 26 Aug 2023 03:41:15 GMT
content-encoding: br
x-content-type-options: nosniff
age: 382386
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13692
x-xss-protection: 0
last-modified: Sun, 25 Jun 2023 02:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 25 Aug 2024 03:41:15 GMT

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame 5564 41 KB
13 KB 33ms
32ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-C3QktHDPurO3fxVqwUdOHac5cnCObcb6WaiC-j_Nx95xU0r6aRcd9MUuE-J7haNVNBsoYt5hoZOJPIyJDUjaxgEL1zZx8HIM6KiPDYMlaRVNZM8E4mK3-yH4Lklyu0OmUvX9JRFgEzXLWcLQ0TIUscgQzsYqlhoZj6S4nsl0Wm9Ltj1FY&cry=1&dbm_d=AKAmf-BFoeR875eBUpOW425i2W2xNaCxo2bGhnW-n99iTLOUcDxvDq5ITwdIvEcylnAurorlYlPEfJov4qMDr1lIpXW3_syupvGp60Vvs6ZkIAU5AxlPmoZoJsFYOOMDN75TVC1ZD4FBFL1Qy8ZWTYusd66cvLOwuTsJ97NsqIbfyWDel0b5xCqk8l2MfTclkonCS4zNSqXWj11CyPD5hPG7pYYVHw1HVqL1Qku0Ndvw0DEfUITPB5GGd0S8I2DXFsXmslPqqLOrifW2ngesMNQaqwT2WhUEf0sXmg0D7Mh3zUTzQFkcWjM39PJk7J_U7PcwFvrAC_cJW5d_8DP1xmR1olWiLfMZbAdTm_GLkNnfpymh85-3OJlXlOGpHN24VpqyzmddpuKL-bSO5jewe0aZvIU1tV5AR-HWxzKlnNnCMNiQFtSiSYjkmpTiwT9XxvO6BBfUgKt7J0do3bzgb71NsD3NO6i2qWasUrcW48jS-4kb7Am9lGV7I1YqFV6hK7mkKnU2eyED1pHkmCBa2vlWP2nSCHTA8Eh-ckfFvVvMOXR9PeD14pGo-Tdj2poplXNZBMyvP88LqGOrdhzEZZ3MXvJBLVmeRVqtSL9E7tUCfKLeAvt_4c3dxzIwyidXpGeNJ0t7egI5TG22AZwmfBjcqZUdlYZyLmegLuNeIXCwD4ynxKYY68HhP9-IklIFe7eOeNvmMAZctw0u5sr-5E9YYjyiB14tl8vgY1Ee1HeSubqKotHsKYFB4SLdNUjVhloMXCpdof8d7vP7IB_-eer1gte9q3LU0cIjMjUOUI_tsZ0vjvzKVoCxqQGb9-pmo6LliSvysjQTyEvYZSyX6pHdrRM3dhq93JUP1LGEhScFVtf16Rwdm8ZcmD0ji07WQOLruFP4oB1JhZPK2OlLDsJawtmdBXfzSqVu-BgHdkxcxeX1f8HnrSF2nPCokxRYhdNntJbgPDssCwaER3AmOjljQkbXNygbOMW9-0ndJv-hJI-cFCYbxPeWpD_fxK96tkTpmUBLr-iQwGhNDfGiubc0kWOeQfw0N7bZNTgQJ4x3g-bY7AaP-rkuzoZV7oRMJhFIk7hoDPeMYIDaYuRY2E8dhN6efL67UPAe5QRUF7XtUP55tLIj49hZZtZnIHUMHIgexPujhdd2Lle47zRiXGar5LIE1ymmkaN8Zh431HwBNxkEXK9bGehNyPcl6VgFA0NZ8YylTkS5FruMgSP0D-_Gj_kwziyS8QJRVIdv8luHeBTRSrsh7b_p7yX6AyrpJRmaX9Akjswbmfvriq2xgzYQ9Zy_yuhxDA405zbLP34TVSbT3oiPrQRaJ9VayQYsVXHQDsiXfFn59xmfF2OGx9KObWUzYL4YrtwOnlu_WFxs7UieLZhaeJTkoippgwEvzcnoWqEQejqH5wTdXZwGTn9i3y7UBUiTjC5r90Zk-y0I8VuF1OU7H71DPIR12PEUuUP_Upzikcp6vpcpaGFaZefB2rUH68afAWIUaQuRR6wiob91mclkSYTdA6zf6-OWydK5JltkhjFaiddTT7C1wC_SM2rrQbdSptvcvWR5-sHj_6g25ZqE4JtE0JtLc6WS_px-iPqHBfj_LZ7by-Ti9UhntRs42DyVCP7tUpVZsoMcsuY2V7gPZQCJbUC5UgbnmjHfTs7v6biAMzCsiubKk9H6Z_G-wYQvClUaIhGHl23wGD2Vbh-p3YOXDvqRpvLhV7kwuYKl9mz0FEgLtGc0Y3UPZOGjR8bg-W-AQFO2MmaPz2tMOWW4en2tnVUkj-Mg6xXCcwSmQha9dCPJJimQwTfE9rPbSBtPvNAWa7unu8A26_riaZrUZWALdB21QWkuARANfIcEvzrbWHIhbv27HSDk8TQLBRXSyXpN3fYJLtyxoq4mW5FueVsP-vQPKMzkAdf3U1ONPc5O71-3mMb0DoBQ1bkS0NztIlRYM80Ke0NBgj5meJcPvTCst-Sp9kTXYVLUV0o1kli3H-XL3UiFIs85GBraVA0OYE68dEpLOzJa0AmEAjAkJY1ALkO24-zSrFFr0QSrY3JQXFNWu0YQjkP6txkI-nozXT-8wv8Qq2TlANufYlSIrlG_ubxseNM5ywDXSHrLSD0FeadLkGLXxjCK6GmL3jYJG4Dmiz3ojONmzFDSd5RBYdUbDIzruqlViu-9n9flKS37KyCuxi8KHqsTkGKqoaegDGk0-oqg3TvGCfvQnTyKmgHOCk-3kPFLX-_dRFP__Wy7UbgoPkCQio5Qr-pq-6t2ldsfQiOk-XbMH09ijVOgTqgjGVXyc1lYYWy1SJFL_vJaqpb48Y5_xd21C3PYZhtWHPxPTLqz12fxVXQoie5scUTh00hOWBqCC_4UjuUzc6JAG-9JEAEaJYijuLSKchw0aVv0sXlp7_YlVO85k2X0YHlmGtX4wOSo4_3Vl-Ja9X3ekbnI0qvh6lDgwNrorsbvXfLqXOLtTPS-EtqsBZ3whZRF2GfL5hTYstgtkAw2NAF4oB--EgGIjQ5XE2qGmqqYpu9rSml6M9_MqPRs3OHCfjvPllllKDH8In2F5tu5VivUeRSIzMBoYG6Om3OxnfUEcu7RI0io_T0ukTipekYyz1OpjKGjrJDUM1z3YvaGXXzo1SXBpipS1-Q2t4S-a3pTLgbmWsfMvHf5L7aEy8cDPKg3YKd9ye6x2kYcoRBaWnZr5jHiJRjeCO13kDKdagZ9VDjKN_sHNdYLSFHaPmwJhgB21smHiZauhvvS5C6xGig2NgyFhVxV3vvOEL5j18AmDVzPxCuT2cSNbc-bVn_AD-hoYdGsNlP9mw5GBDBu4fHjF-zYx1699ZddaxM2paZk0bpsr4kRDGwa6AfRz_0UbR411NZr-9h9OQt6SVUu_bf3TF9nLfL4WZ-M46YeD1GY-kDtb7QoSe_kYbOi2Sdy_CqG7p9mLeLfVHr7CDZ3ujRH-wFhtjcC-ovl5VOQ8kUYKnzEUZhY7dmK5oicA3tGtlpkqk4QX25D6zJnuWjFbuSIbmOg77Wo1Ut-zgJXLMPxgqD1sTAiYT7_-GThf1dIQKHXFaW_7ZPuyjRqUy_uQjsRbox2oPxs6i39XMs-_aRxOHUXIy0rSJl6PeUl9UjVF2E8WUVKeS04B309uRG_jgFQG0zwtZKgBV0l-6Vthk6Mk179rTiHxZn_pywHbvR9areYiR38cYkxT-mCeLz1navXnGdzDOc0Ua2k9rH-Hyiy2Wqqf6HHEyt7zroV-Qd0GzWWkzgYtp_dyhM3tZOkRWB2jEk0TzorrnljnCpXQ6kvDD2shaOoXLuJ3vsBQYzKyvReH-VsSWvahOb1W4M76KYITlqwlsnU9hL1WU5nutNyOehV5R7Drd0iRoeDSx8Fi233fOCTRJjQPC6dqb-2OMzF0Qhd2Hr4xJuyU91FI5TdBeqx7U11EvvPd0hHJOPZKsMkZKoabo-K63sWMNYwE0fYTYPBCol7akLH_-ZY8F5A6eimRp75qDuplg6ueh4NXSEFl8zbJQUyeV8iArXgfrJOe5POoEjn2pRPGp6sz1oZT_RvsnOHEFBiq0U1DuZqJ7_AxewlO_6ukUJeoVcbqWiuO6t4JlHWdSHwpBADJOaXXRtUhq-MUpKg5n1e1YZirAlQzuRXQQiFBGZpNTeGww302tXwiGMqs9Id-3KoW4bkEL1Cwtb5zDrv0XscbVIOJeQi9NqgP4f_MCyTlpiY6wNlR9PTua0riCqZg8zCmxfhwlLd8cckDZ_oWTf7aKUwidatLV2q07eMrjosOMEYktE8_Ek2nuTWIgj4C-i1jNnWLG740e8EwVpUFPDDh0gAMNZWnFXf-Qk00rehlr6sXDUcgRt9q3PfYZkmrb7kccUU-siEg9fdhg6MmcSPVNNs6hn7nRC-dbV753UsXtqSU2RIJvu1FORxyvH-cLZKCK3Mfj4iPd7bzKlt5o1nO5E1QUHeayfDjpOpi4eFf-byzv6GwLj3kk0Ot_fOynixEEvKFnVSjL0EES_lr0CtSWRiTcE&cid=CAQSTABpAlJWjiLC6cN0y6Af-KVXk8DBkmSzEAbYcieNmu4lAVz1VLLZ_paAOVfDx0eYlW3te2SyfTWQ_evKRIWjp9kxnT6cOhSshvccfd0YAQ&dv3_ver=m202307240101&rfl=https%3A%2F%2Fepicenter.bg%2F&ds=l&xdt=1&iif=1&cor=2903381711510893000&adk=3037181500&idt=167&cac=0&dtd=3

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Sat, 26 Aug 2023 03:41:15 GMT
content-encoding: br
x-content-type-options: nosniff
age: 382386
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13692
x-xss-protection: 0
last-modified: Sun, 25 Jun 2023 02:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 25 Aug 2024 03:41:15 GMT

GET
H/1.1 200
OK g72h7lz2c4az Show response
hal9000.redintelligence.net/zone/ Frame 1425 11 KB
4 KB 86ms
29ms Script
text/html 138.201.84.244
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal9000.redintelligence.net/zone/g72h7lz2c4az?subid=&gdpr=&gdpr_consent=&rnd=1693403660233312&extVar[]=DV360_SSP:1&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCqkRbDErvZOCeDtKWgAffzr3gC6blvaBphZWcp8kP8C4QASCglrcuYJWK-4GUB8gBCakCAHcZnNREsj6oAwHIA5sEqgTjAU_QwNxbqvHJyv9nknu14ztYQEuwKKSApdTG4bn-FZNkuiMEzo4mZTKVS0vC8rwhmEnXIoT0zkMo_5fSgt8QzpHLmbnHKI0MYx5tD7e2vpAIwS7t62--3av-KOLJTGNRuhvEoZ3Hu-LOgjh5GSarwWC6Yijfc7qm3lEU386FWCDKk00Y-GDMcu67SqORC6Y2fN6W9SfdItki-pPq_sU4Xi_DUZ45MVLmpWhyg7zs73ikDtUgppDVGXUGJz9MJV-ELjn0UXcNLOtsf3Cn07icXhguqF-5uwCWUE-eyOrXkEn5-j6xwATrj_yO9wPgBAOIBe-vlog-kAYBoAZNgAesrfWfA6gH2baxAqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4bqAeaBqgH89EbqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCBYIgOGAEBABGB0yAqoCOgKAQEi9_cE6gAoBmAsByAsBgAwBqg0CREXIDQGwE8yc2RLQEwDYEwOIFAHYFAHQFQH4FgGAFwE%26ae%3D1%26gclid%3DEAIaIQobChMI4NSEncSEgQMVUgvgCh1fZw-8EAEYASAAEgJ51vD_BwE%26num%3D1%26cid%3DCAQSTABpAlJWjiLC6cN0y6Af-KVXk8DBkmSzEAbYcieNmu4lAVz1VLLZ_paAOVfDx0eYlW3te2SyfTWQ_evKRIWjp9kxnT6cOhSshvccfd0YAQ%26sig%3DAOD64_2TP0CDPJ9UTCEyFdHT8KKcf61GBQ%26client%3Dca-pub-8786690744144524%26dbm_c%3DAKAmf-DsQ_EVf7mlm6e04YSFM4booo0DBvDCJ2MtbIoGBlZZjrcKjdEuJ9QdBAM4mriUi0BM1btTwh6ejCXjTzSVyHl4MSqEA1QwxPiL6EbzRaOpI2GoLeJ3oU5IFLQrt2qfEvVg_kaenLvJGgFO1XoRFcrwjzzMpNgb21LTTcNeNlFNILb4pp4%26cry%3D1%26dbm_d%3DAKAmf-BGdpAi27nxU2ohuIDehv-F_ARBz8CepSQDdaJg5w8e5VBNUvO2Wk7GbSXRdRAxqdqGhH9EtwSNkw9alkhfCk7q_owm3lRMKduEKK1DThQMVj1dd1x5aXLFq2J3__AW_OjZOpmQAVm3YNr2kwMj7ROqG62ll0lqkTj1VVxMW4-Yp2d3JH2NA7se1N5t8KuPn0E37k4mnIwX6wYLnghtQQH1eIhyvopSvRPiLeXze9I5WO4tsihtOOB5ySc08shZUs-vzeT5ntOFl8NdvqYwB1_s1hHDfLzAmvzrzrK-A-26mIgu0g4L1u516S3o64GRTpZrQK-8IpdWEra0Zq5V9rM3UMBsc_wyW0hMTDCOuSfb6pRiYALOkMtVsZpWNsSYod6VTmAru53V7Z5OhpnOO5I9-52DE2j0SGvBVmrxwDQlvE9T86lr1HZ9ANyD6cRZ6IJlCJt0mbGfTCygDiEVm62EQKSP8pfWEs3hzaHWOywm_TRc1OvE5r4bGSgFGw717r8gy86o%26adurl%3D
Requested by: Host: 10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com
URL: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.84.244 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.244.84.201.138.clients.your-server.de
Software: Apache /
Resource Hash: f8072c45fee6c4a0cc36d41f5fd532f39dcbf6bb78db6d801cac62b6a4fae207

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

Date: Wed, 30 Aug 2023 13:54:21 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 4151
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame EAC8 41 KB
13 KB 35ms
35ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-BWciKSSr-2mp4tTJozJ_AM6KfGX1iM5wtAJEPSnZo4ChIzc9tJBBTZlect5MUuUwX1J6239tLSciGEs1l_w_dIZSC6xJESI-QOZcUNE0gpBEjYuxIt8LHpD3LXpyhEmbTxXVjKxxcaE5HdqwiVFZZOZtUxKzdR9puLSdfwmIPwCJDa1ZU&cry=1&dbm_d=AKAmf-CAP6mqtKH_JFKrb90mAdbD-RbM90GlSN4QdNRv8bi07JPM4B4H48dT64Di04tq_NjZlHJl8bBsrO7gA7NrCKvE-ZSDUELVyUZPvLvFA4-ht7rrmR-NeyD5Q6wA_tpax2HoVgDiZOgbM534jINeRDFtCZzrQJOuqy8LBVdNvFivUGaUlKBhfg_u0R1cKFPRJQuHNcfMumBr6EYJNR2p1EYFscL6coltvrI1M4jdQzg5IS3Uc60tM6ZME298CR9ErsclDTVliXNJmTI724yVq573JVOCYd-keWKkV0-QwoyESIzhdClZdorSIg9waC4fbU1-WQec4R7uldI3D0YRBWxSvpTdAy8g25M7STPZiVb6aq3-VgnCLoj9IffdBSRWmLzQiIacBjcZPKXqc3awh_Wqghc_gN-_JFb8touwEHYUpEmf1VR4spnf4AM-Xf3Y-m7A6GFF8T9fBkF9EZTBj8MRQU6LTdzRB91QC-F24fajAAtA_EL4mKrVFfDu8cdYK5S8jsMMqXL9Tb4PDmuPJ3cFcskIga-X4VhBD-a_4Xnk8sVq8YUAWSYbSh5CWs4TnvtwVY2kROFVveuBx0wXso1WVXo72nJsXj5VSzUdi-g-UML6G7ZAZxMUJwR0s2AGkentAp4sJcilZgRVbCW2ezK3czxhS8DUyeji3Yc2PimpELSVB4b0fliMUcTP3bDLuIyYISmq_APHPueCKU4UkHlbLjP3KnxU31vrMzJZ6ZjMXXu_kKEBxTbqtI-E_SH6nCrW_yRkOggdZ0MXpOjbYpFuemb7y7QOeBhVfe4g9GGdUO4MDHKhvTqlQFvxnk6pmdPsZ_EgyStReoRuzxhUYT7mFtuibQct8EKYU_A6zNcU7UHks-lV8POJB9UytVkyvPh5h-5qv3A2VODXyHKQQ_XweWQRVyUQUHXY-o9K5ZZvkqJdUHE9vIrQ5vAMaAnrF2qJp4zyQvmYXof_0B4lXbnQh4ogKG6OmwZ3CNPCYVSj0rb5p3UqUFOd095vN2ccTwo1I734MBmL-QbmGG9wESKlRK0JRomh5aCyqCOtA4go7wnK6bXpB36ls8wQfPMsWKmm8IB8QnYaJT-ZutwGdLbOK6rdj7eh70fXIRq-tML1WUwgzeFfU_0JqQo1ZRRBppGlA439FzfVwzZj8lDds3lmOypYlgCZ50ZOUQ9C5uU6LMTd-TRuvZvva9wzbdSdghnvV-6a7MZWwRSC0EtmwqoXe14IN_P7GvcnAnqS7mv61FnJUX29btEh60xg_ccJ9jNeAbdxVjWqkHlHGIn9EG0nIAHHs0qv9LorvjHsJ4hJyYqqNYnlXFEg2XOEVgYRUOYYD0zagWHpWYRgNiBGuHzNlGObHvqsVa__5ewI-ZPaYhITthxUQUXJYphhW7otBvpQINd0U382QolwT40rMFuQP3sfitPITSD5imyZH2z7pO_w7jV60Xhf2CLZdmuP5MSSOaMhZDMKtqdqxMfHYlzrCisr-HcyiUHJyv_0ocNWeLsdJyxlm7WIQb7k8XyWBTXC6bD5-JKjXzOvz4U-JzPLuX5F5az5SP_iyPEj8MZDAQjHm1pYnSDTfr-ut3BrnfuPSPp7xr7wM-UYoeeZQYtjXaapAELgmL0bJAJyxt0tM0Vr0rMAgRvOBm36_rueZ5ogttkXQMr4-UOg64ckyNlW2hzx-BGzpn52_JgElTmStV6-TGOpjIWhz99wSuWtfT5V3JvVhkMPYYNnFO8vBKjlZpugdeSP03XbPxDUAKYjesrw5Jnajshi-EzgaSCFJNeoUIcV-7v5ZIHZSdAtBrKEFa9Lw_Ua0NHUuIJBluSn5ksYMz4ndVgDlorLuYKjMOsN-2nN9lejh9WnRLzPmN1Gc_lk5MM03-7maaHDJf-dTn6V_BR6PmhZuZkrI1Oed41uagKDiTA5BZIqCDSw64dscVf4dFbm4jwtHtfnvzbcHj3dH3qT75OPqrrcTCJicFcFvuibbd5O05mNBb858gLxS6yi3CUqKppxlKVSlR7WtoVqLdQm_moj23-vuY7J8OpQZtuUYBWozMAM1VIEhfJ4LU3cirzJQ0lAIIm9Fa9AEFBeVHnznI0wsUoir84E6Tmz56lmIUfUaNd6Z_BFsBfxBVSU-Z9qH7hAPzv41ww9IkgIfjlnIZMHjSdDkBedisY0CibkKOE_d4rmzbw3IcNOnT_ayFrie4jTOjoMT3VAUKQBdOVx03QuZiV8zHsL_Amazu4k_AozngY2aF9MacHLA8nENL0ZzzFg7C886o2eqe-fA3cbZixB0WPQ8n9qr9wBIAY6EeC45GI-KVaev8K4eHhtDyOF9nBXPTkIWmTJEEGoqnOARjRggL2CzJNuPSjB412R35LwlcCxBUlY0FNWhtW0oEYQ441BtPBRAvKbUtVXa4K4SSHin2EgiTg82ev1xmfhtsC-DiZZrWfAgoy5BfG3ImJvWf1uXipAzpPKorsIHzLPjQ_1Ju4Y0r0c-s0qgOySIIuIFBcVLKMYxMPoQ8REFOVJo3MQUw9HKjT8CIOYFFw_DMgE4J16XK5dj_AuxYPJdTo7uX3KnWisey0RpjpmP6Bc58I3XrVhf__io98wNYmFw8iGbgCYQNN4uYg7zqs_TKyZNjBPgzro3DP4Vs5c-pnz8DgxOqoJME0n11QN-ZdsJ3cq6Bf2sYmdzxQECDut907OxdbWmxvEhXT5slw5RUWONav5ShdOgoXohwBKGRPbBbA0dXwL-GX4bsjZtJ6f0n3XM03X4pOOytvJ9CkaXFh7x1vg_d2u4nUGN2xpfsIZXmNKhL1ryrXzYpAA1u4oIAe1ygcTKe07NI9I6-045Dw7NY5364yleLak0GdWQbmjeuCjz6KIVujF4WFjAdy4E4xkfoA6pGiyTH4b_Qd4LhP8Sk5Vi810vimAMB7Nl0z6MO2m6uKVoIiT6bTaNvVVBgYdwlGcd2_Argq7M63Pb6Nisi1Qyl3sV-q9bb8aKRBuTrDE0nusqw_f0MZHG49CkP7_M3zYjzS6qJ-QV-BJck3OA-ZDaDlN6X4CpkW7eCkCDhJ4rgGYMZPSuhGktvNkv-d6TuuS_MKkMdB6l2_8YfebFwgbZmVr2LM1PaOQlA2g63GoPq4CO0YMcAsbfn-ThwrFkZHnMG6KLRsU_oR7HJ1lFYALUPA71ENBWLrEm10difg-GRhI_PwcUOWOGTsBJBs1gls3oeWMYBnXApZjRtVkhB-qsuuIiL209ckgOU6dLWrPBxuzWkU-F1z5HBTsGQcJo7uGajxzOIoJJFRZ98dmEQtSwCDQmg8Qg7lP_6_cmDWKZLdM6CSvn4MAzw69jHUB8tKOlAWkOJoAzom1puklc1q0mHqgiIJ0cZ9CQppX5OGgwa3tHvIt8DTh6bmjletmOM1tUrFZgqPWENrSrFf0mnPUwgl4XkE1aEmQ1C9OTkrVVxUDB9gqteLq_SMWZ0DcYYb5x3EMguKbbKIf9dKu8xuMBr5umorRK7__ZZFJ7wEKni_oFhvSIKFTMyUn2M1d2hjde73vw0vWxPfcsdV93K2jHDqPlHUnHy_PwoBcICL3JRHjrvQfA0-3EAts1oZvlY6nQVBSWtqR1e5xBBO9L5GuUUyLfmv5l72HZMxP18-kCm4B7QXuiUXdwHTaF1Tb1pKgU5XAzA76sUiWRwT5xNm1Gs2HZm-y1v1vlXmNMxJpfIAuOme84Gkv6qRGD-aS1fY-t4x_m6PuzLAc3zIcX0azMc0vBP9U1yfk1yNTbGpNF16jdlxNsWx7c5FgH_l9AeswaOyAiT_i0bfglPBD4gHZCspPR7t980fFZ8pSyjnUfRkvaOFMXuojr9wMz1tRXD8qWCe4CgrYt5_6fQdOKt-VApofAsdEreeosHF16oazQmoThIHnC3OrVWxSWMutNIfy7jdx_yaBXNM0E0roo-2KdrhFOxXtz9RoEMALpyTI5b1ejbUE2uIJCCRIOxPHcdlyggOoYlL2XGwMp4epZunodXNo_DV9uHoiZbM&cid=CAQSTABpAlJWjiLC6cN0y6Af-KVXk8DBkmSzEAbYcieNmu4lAVz1VLLZ_paAOVfDx0eYlW3te2SyfTWQ_evKRIWjp9kxnT6cOhSshvccfd0YAQ&dv3_ver=m202307240101&rfl=https%3A%2F%2Fepicenter.bg%2F&ds=l&xdt=1&iif=1&cor=3826551579037500400&adk=3944675600&idt=198&cac=0&dtd=4

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Sat, 26 Aug 2023 03:41:15 GMT
content-encoding: br
x-content-type-options: nosniff
age: 382386
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13692
x-xss-protection: 0
last-modified: Sun, 25 Jun 2023 02:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 25 Aug 2024 03:41:15 GMT

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame A54E 41 KB
13 KB 37ms
37ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-BYCNgm0wuBDeao07xgLNWe6A3H1G2nYlj3uk5H2Nd_4zPugeBzpMaHBYDrREHC4LVlSndyJXfO8uc9wTYdqmJmuSU21TiQCv1tyWL5esqSrU9ujNSB4c5zO6PQc051F-lKUKslgc4elQTnXcmfu9JGmBAozpuRXPD3FDza7PWrIICQM90&cry=1&dbm_d=AKAmf-CqqrzsYMdrT-4muYm5ozFjnMroeXi0g_f49Lx9ezR24155rQUPEDnc0l9iYLqY_H5cCMMZ-AA8408vufJlcA9TsHU4ZGRJ-LzmoSd_3mSn8gUWUfRooGcWh7MjPindUioqxus5n8ArltM-PUm4q5C4Du8XWmGd7gCTYz4Y0-2TV4vJmD9f7H537vTlBTYBVBqaXs60rm79VshVah0Pxhx55wM8gJ1ZtEXxnXO5B6-IsYWl9thj_hYSB-xwCkYKjYV8jqtx3_WGQQD1CoRtba0PVvqdK9H4IdOEXBqHae3hQP2PoJjKiGNs2fpO2hWKmN-dJNS-qDJRAtVe61r_-wIDwiwnW2Y5V3ha1cpKe2NqBgUXCwHzGmSOXEeVoCD1Jw5qIW09OphV1E4eIVgYhGA3XRBP3a9d1GBI90U80CNM7qnggS_GVWY-GAPvH4hDPhkdDjqgDAxyIjja5iC-SdusclyCT2GwKbu7tFg9f2UNMtEOPbLUjxKD1g9zr1bAc_kGbBiKo8RmkkBt80zXLREMQyou5UcXHec4FLF2ziusSsnTvYnExUf1llUKTiBRpwFy7ZahqfdJSxrLLtly-kmNpdKy0BGuwOSwmZXWyEA9YTEhY0ByFxdYLRbq62gM-30AD4NubVXsiRcGGpwMkoWGKz99-XNJhdXPaa_GyBU1n4NlXlEIurnEf7HnFI6W9W2md3VcsKcZ5cFXuwlETGbm3JvKW3ylseUPJSitAfl9IPmucnUg7ybmssaAgv7sRhBVsyhMIO1V2K00Nt57KC21VIxrBxUSIxyI7PdWb5W196oXjRAqK7rgbOaiSIaZGET_HZv3_pNLYfxGPERcRygG3qSXS49SuhQyaJ5ChlGrlokldsEMr1Glik0erv1rQDtOufORyEbcsjyxt8eiwdrjwPLTxEjk7sd6jCgfBEi_OFgbin9iMT48Uy5hS6vq1d0Gl_8hc7bvyJDKboTE7JxZsDmmdxcoDgYep0EJhNFYknGN77odXsLCZi1QJMkGtgPQPScFCxEeWkGM5r2Z6Ir_dizrO6EjS3eR_77hhMZrGaIGutsdqiXltqFEA3RMK1Rs7fKF0LKlE5SEfPlRoUGwk52Nzko0Wy7IwDJBvrfKmzh85PzHobUyD1zndoA6dVHUAnKWtHFY0zfsHS2ZqmWkZc99H3UZOPx4UtGWmL5NKCsqTuV9p96LH8t11qCQ7xUCWq5ZVkK_8BL2l4SDOUudDOyHWh-f5o5t-gTJN0wuB0U1NFpsQylmOmrjT1NKlAM-zRUeZfEVzBYlh0lHZK8kJJUThSSdBzdbHx22WEwAKhH1H2YV9ytNPciwpjf2vu-rkod1CeS3qvSERjsVOn4TmZZTM3wti8CMCZlu-ekJV_1M_1j_IdxgdItauyxJWR-BOsjg-g4g50CqH_fIgu9didRM6ijHAXtnMITMb87PIM7xNPsNYjOEVcbD_WOWVND-ZKg_KdisIR7l-LqcwGb8Ce38vltaEwuLB1RmNdAguP3-xix_bZPd_kG7oIGZiKXBmeTAkAuBUH6y5wIkRcO2Ps4-RX9hvOxSXEVDNBWlzmWPhUNvJjhogrQFlIgfEoOb75C5d5JHbB5KSgrT9lRtakS3JIf5J_x_DOOvFu8jkutAGwvUo1XyqgfwA5E3LfPoqgdYxEe0c_qGykqDjGmHadm-fNc9EylaLgFqBJwedkjSkyMkXV4191HC6Vo6TIF32rNW1_AcA1ZXCGnWgOljF6XCmBWX6vutm23_pjDiCTCV-rddhRwzmJshC5tmvsOMXeCWFlP6ruCE-um18ufiFgtLTfIYn6aLnEBTLyNikolD5bxp3fAy5JyyB3I3Vz0k9vlgbrigjFXBXgDYi9LRlBX6JFguNaMJhv-MDjH-mx8kDxcW0gzxYs5DQsphcQBTt9DE_ELTk2isp_H_qE3PXGBqYXS1RcBT5GxAVSDLceLGhJY_aYAoJcd07dLgTsAKBBJpcPxFX2mJTtCSLVMjR5sQKUEXy4CvSZ8pSWJoCPT_uplmZNkHtLl6SZJQZkLnZW8i7X_V5yYGPCd6VUDT8PFOUn2I1hJKRFuDGD6v63ollxWtmlGdwtIMN9FemxmnUoeTMAB0a0HWQby1DdqDw0Qw8b5jGpSOz568SMditjEzlcjyt3FtEJmkKVB8CQZcF6T3HDcV1MtaXHxFRTzb6vtnzeWYHHVbTwvU2cncj2ttFC99v3eLQGZ85U7ZMMHMIs6PEkNo8p5INf5haXwqXNYuXjje75qJ7_S5QjigJht7Uni4UXclfKtR6N9WfL89L21pV-fEkEFSYhjLs5sN4MF9j8ZKTGjOKjHzH7ZYKbHkMN7U1Tn3jGXDuG4sP87ucdH-Bsa11XKK5qWBxHH5pamWvY88A7UBuBhxAp1WDb5ltZCONB1MD3WkQsnNhCzt-Fkg_AJqrZghybePUdC7qqUT_s2akNkjk2MN0wHYmoRNN92AmBgwgYB1il4F2ovNJSzEZqw6SY40EZvDKGHdmDfqqEUR8uLTLvA6QRaJnkbMDvLtfFxrrOcKQYdGu0FpcoufAtU4YEKKH2-YS7BlQ4oCCAhgn8Zg81QRIvmBj3VXNZAOk1iyf1yXs2jKYY41n01swk3MUZA6rrMAfTYeEiHqQsQr1Ydx9pOkL3-ugUNxfGtdEcHDpR8qODzW0Cnh8psJjKdLPUGb2RiXfL83Omn743bQ66iQk0T7IxLAOSZLxBeIk6R22Qiv38sL09xYbBVeA1UT4doY2GROY9Mj2WP2XFIxo85tgHshL74mdK8O7meH_nCVhQ522g8nkNXQpSJ_GtGV-DGdtRHxpct8Q60xIe8S9Y99W6truPAT5C6ZPgKp9sWcPGaLFz_fY96ZhvlqucbtYChLeBlPGeuTQ60pU4EWWpcZqPGEZLMVCt7Jo_zbXmwCJFX-WUlJDKvjHr-Zv1-6_U9eyJpn1oPh1QokoVpbPnZGwnEA9tTIMQ6CQTvZCDiTj7gljCVL7OxazUmkzFcdMSVooT2vALAIcocBQi2UfJ4qsp_yTgBQy5mvs7upsRwqE5v7-YUu2yPHtd3swetlA8ipABOtgnWZZnnVmi2YSe2hbN4kRmL8PpFtOC24vlNaMRbSDdOFA2W_6W1NVXlakEu7_aYEtB2cHTecVMUzkfg0cJvvbsU-3Z4R2PmhLvF2hgKaycTFYYluveHDv36w3LsYl64LQBePzrnA7BJLsqnIn_M4gznvdzLn9zXnKu0WBXZxD2f3aAQp0928Hc1Nm4fNgU-hTi7f5REQnO_VhlPj4dMv4Dswjq6asDiScy9AZXauHUl17hxVXoh61z54LbttCoJsB0rAb4HiFW0B3_wHiYQ4-hdmD1_HXuGZsoqMXyFt7Snb8icEoZ1gi-xzA_eB188fHAUx9P5N2LKw9tHxO5KpzHYaWTC2rce3Aa16Gkq1oJM7-e0q66MhhsP-_ZTboh8RQNwSPX1xQEAbpIoK0yKgTrz3H9ybKY3kimAehiqXS-RvIehqqm2d9QNYqA6sxA5q7wxLBMKnX40NJbMnA4-dYH1b6Gu9rPKU-5D1j_sXf_dC63c5ykohI7MwBLPDA5byT-L6aGUaHaK0GMTcCJrz8sere1vJ_23CUVUdosE0famiSsAYCHVi7iYfB9syGy9yL3E0MJDt9Wri1peGhuluwhIMQY6NbFexFEITmwPqIpD_SMOIjLII5Rtj5Ir_5tQX3Ahlz_47Fmo_glQYgtzEZNRwReXbc_-AR-G2ECecfxy3DJKSpq3cVZIXRaeyBJjZuHh1A_TL-k3Q3ZDRPyobakPVwDWG_ls4RpWJ3GzYI6BtHyRWgiJoQj0ceGCMvHhAKUC82SNbdIO9U3D4-7Z3DtHIJBlXXXNQJwS54K9OMv6gV60KTbujA7E82DCR-GvevHTX4By-DnAh3ZItQsdwiXjeV6n346p5yW0HNtn11Y6qOwTUBVIz0MGPjBQ0WYezbh3Le20KhtYMy8lMEx7UouF6xeSy2jk&cid=CAQSTABpAlJWjiLC6cN0y6Af-KVXk8DBkmSzEAbYcieNmu4lAVz1VLLZ_paAOVfDx0eYlW3te2SyfTWQ_evKRIWjp9kxnT6cOhSshvccfd0YAQ&dv3_ver=m202307240101&rfl=https%3A%2F%2Fepicenter.bg%2F&ds=l&xdt=1&iif=1&cor=5985497211662203000&adk=3690638929&idt=178&cac=0&dtd=3

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Sat, 26 Aug 2023 03:41:15 GMT
content-encoding: br
x-content-type-options: nosniff
age: 382386
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13692
x-xss-protection: 0
last-modified: Sun, 25 Jun 2023 02:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 25 Aug 2024 03:41:15 GMT

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame 05AB 41 KB
13 KB 36ms
35ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-AFCt_Hs_EHqRpUftzhzdRJE3DGPV9Egl2inxaDr3cc0yXAgwzB7957j5GaCt3y1XjoEQ5gzF44Og9FHU02OFwYJiQS2J1WSQMIBQMwHfdb3Kn220DcvH4oPT2xXO8kBgasHLbc9mxabgKfvGF_QP1RPV_DbA8af-DjTm3a99cEkntIDhY&cry=1&dbm_d=AKAmf-ByQVsvHhEy-McmULChF4jyN8s7o7nD7MZ6fgFzs1J8yMBALuV41Wz_Erg7KLTCQg_Cgleo-59rTp5Abzlb5Wn1CLvH9zHXPxT2p02KMKKaWn7UGM2gFO3lwTRsEAfNsEfo2a4Dvw-HyfghcrwICwlPuYVLh11yMx772RtI2CiTHUNwuxS3P6V8UaA6in0Wdk84jWE0bbsFpzqTLYkgN9iL92RKzkNS0HO6wLoW_-1kSFfLcgq61s1hd81-rRjfq5GhIQWrXC-8afytxSAre8bRBBekVk8CeRXTiQW-WQnG52wpeb0CqHeVNiOOfqk2E_OYyoO0QjSObxUWgtBbVlGgvSvtSgkbrsnzMXfkr2EaKxu_rnpnNDGcJgi7fAG27445nHGTpvYnM7ihWs5WPPHe5YlPqcbxP8qUS6GqJUab4-gnh6zLiXVTbG4nPXmVopJH9cRgvmhtSHljcAMDbEkb9zE9GQF-eC0AdsfiCjdG1v_PoMo6f2A9rWqVtYXLSz4AMEx7JgNkZfdmwc5lDh61aqKltKynYmcGQwzYM-ZaL6AlQ2oXA25kkNUn_6jPoZLGNIyK9gcfuCaZEp84Y1z8CKRpzC-TZKZ5jx902OvPdFP-wOPd5xYq0Xltlxjb5P6KlUDLXNJAVBeTmNG_of6vsp9VB5M3JRE9sMSHwmO4W6xPTEO4RajiDzohLk2gRs1MMR71L7TTfTxCCcK0qI7Y1r31vy-w2nzrMQ-gBKBGUNVsOpN7SyZIYdhSt9sGCeZx3bptNMR799hrTqwvsKRpEvAI6BtM6MUgGAKStm4-NNiTorFEPmkyBpdOUWw5YTYQMJASYCg9WSaeNvwot6o1qaqGUQn_weItPiSIhQR7IFBnN4lhe6V4M8kpyp9JGpVzP0UBbcI_RGNlgskF-tZDAbyY0GOYSSpTWtBVcHBM9_hJskJc8OFMaFpxWlu6w3NNT5Vz-NWvgvLL_zTxkaSELUilTAbMQTlhAmePyzKyl8DEueAYBecq4Liyxel6zIn2AKvLyqUi7ofDDR6mooXu9snRqvLbifDniRzGjDkszw9BrwSwxJH3AlHetL_BvPUS7UrJWBB1_6ieaWnqtymoIN8PKQBT362cq4f-NZAPDmj-hr5QYBzttlv-rGCwKRBCbwl2xJcFR9poSwtHUCRBoNkXYLcPffWDY2hqEJ3ujB0YtMQZsCsEh3XGAkJlN2Al3cUYMAaOR3sHNxHSBZhbu2fguDLjMwnP9kPcduHwnQjYcvJO-1TeQO3KrOlgiL3XHLRM7cE1Zfh06yfVzvKa7kTqooI3913tXBME-YaX9yAVkwYJlAbPpsktPCfXzk3oEIkR03rrJPZ7qbLXWX6u_xe3P99zrnMdQYIkv5EZvX7HoegSmTlrQmuGiZ5eoTGrBi3lZk8lP1gfGayS-054T5Qgh-4kg00L4QN8hjggedvc1IMZBI0SEOXOxp-b-lRu5H3zaDDiWCKew8Ng4-nylT7XUeLGoqNy5f2QmEUY6Ak8aYrc2e3Pbn7GPccqG7LxWKX6yA2AXgSVghwsk6IWCKfCfASW4D1JbY6NVLaaq6Nx9pfGBNzSTrVg57YQPsoSeCd5GFHIDcmhAuYRDZy70KGguPDGXUAze9Niv2xQ0HSKo5DYoGzoK1XS2grJ8mUA0knSyB-53tKNmgNokjSivw15LW201CWUBmQJRIXq9Bmyz1RkBn_IVmD-7wSK9UowLcsO85rgjeXXXuceupfqBX9i7YH8Og6FDjxPviQu0TDE-OxkS5bX4sNDj6M0Hkhm-Q1CRj_nh95brtxU0V5VxttSI1RzDOKqZL0erTTa4loz1Tkos8e-KH2fwBcl-DSBgpY6Z9SVJSAl3sQrjbcyLypeSeg91qb1WLia0bA_u0UvVKvq2eaus9Mijfaiz0SRE5bnYjgRnO-Z4P4qx7EHScJHVjIvORqApldEdNuSol6uO9O9XmwWaFgTqkk0bEKxCfTp_G4cID2yNgHyy00no4N8m19AuRJPsdzPCLBDpM5dmw4NaYkl5gjuh5onnd7onaw2deprhrQVEGJmDJyRf5ZokdNMLBlygMlVTkVxOHKW_tbwRGqcZbeTXZ5qo80BHqktdSRPESYulzHDgjD_dpVbezcyEd7riWcgfL7ELYXsD4-hGeysJrwc7x_uDJ4nBQ4lW1ThNcCi094SFcEOFnqZ4eixCoFZjVrprAS4oBjBO-bzxO4yvxaOH0BWXBrLz1OX51qQnt4yuF-qvoS2ZUvoK6sPJSlSKYi2b4ulSiivFHz13UuOjiMxDbaFb_M4bKT0vWfd6WQ_fQnTmxthPdlYH1U4UdKaoX1r8B4SeEI8QtlLnNcyFRrqj785rvUYOvSgo8e3M0xUW93jzz3yrtOsF_uqqG1zlvksM3bo2y3P3A8ibcNVGUxilp5b8tiXnnu5xHnBu1h9gf9py5bc6mHaq_TfZjWv0InayFsO8EtpHWPqyuibfxfr9zcU8E6gA5kUBED-b_nnbRTJ_bcarlPyC4lAyq9dn_Al7coKNk6Q4kn0ePwSjPpL0U_Ulzod_KhWGFWoNGS431lHGHpngIOTxYqlTKsMPHmJC-kspqPeDN28RIItg0cFHINyIGymHe9mcEkzzZwgoY9g65UsSYrpZD-oshGs7Qi8P3Qp5FctjnrX35OeqlMnvIbXcGFcPB6PuQQXI4pZEMBCkEJ0uQ-EUVTFHOjplPwB_s0Yh3pBTgyYRaMtQU-WYOulRhMNkAJKQIHGT4Q8bwol90KAvft43FFnVlGVeJ_k6czKmlzGEapy0o07TPxyg2eOwjJi6bxrabzzM84elPlsbYRuoN7jD-BqGRQsms3oQk62kb21TwwniLSl1ydxegldZuBDp6ixfSOrWy-Y8doJC1-yI65zPgePWD2zBIcQmYwQHVez4FPLJKETYz27udYL8lSk1jWOCSy9U2Wenvb1cO7xNNoSV_2Y2t1kCWk6K2soIxnUnWCbU8D56D1LkdaqLF5CPSRh-aWN-4fLcnfU2qa_52WAXOfVufzU9vURz-uVFHlqYaEfgoADPnnFnGEhB41h_d-yfPjyUrthe1BtFGhHIQ5opv5gIudggZIdaAhpTJ6yZSuHdk_yyxeX4-imPGlqvx-GVRWNX_CGo0lQpBi7uCBdHQtzMRrSU8XBi7iPa74TiYVfGHr6GwGm3v1VDF8HjiUUbJItBVIRofFdLl21k1L0gTONgkDe23wiSMRUaoBbicaxzRw4_ZRqmCfjaZsb13PSn2pStknppokYvTmnTr1m7dpanBUnegKcn4_aEWRuMRDRfHRFEwnG4PGDb9Ni3RJZKvB_2m2_akyJORWF7FJq5mPO9pbYw1pbEr7oXeGygBb2Ao94lOo7d0m5Zb1fP3yv_sWq-7TVE7qjFdidYJwWQ-E6hYRBdUEXDYraelJWcp3XCPlJHUG3x3cfdIItEEWb0XFhzpDXqt9_Yhwlii8l_gPCYrVXEG3BF067SNl-gEZdlCzCPoaahrIWqad5s5HlwXF-VEVeIAl48G2_F3BBrP-enEyxn7iwgd93pUgOXqTZFY5VExLMqUrOw19YbXLVTD8Wu1ZbY7gEzzoMhYIQ0sZHCO3MQ1ex36KTGXiq9chBWHVHW1UWYnXRf1Eo-XQh2t1lRPlQ7_T50WRVRFxg9zdocC0_wIOpu-mGxwzRNfWF2IQz1e64dl2RlKGh_frKp2SemzH5Jn9Znz-pUuIrvzqLNbq2JOiqaaAYEN7MigajTWlrDoT-4uxMgLhgBmc8B3x2CNUWfOLnvlckAMkhomePNwj28xer1QEWjexgvIAobeM_GbiU5MyhJRofoAvp-OonLS3672LaRaChv1CVQGAS-jqpSc9DLwblU_H7Hg6KujQD_2AnTpijoO4Fg0sY1YVzMs9_x_zjKcz0qzbclThPN8WQM4S4CUfaTZ0tRczgzDKXBT3VZZ9tJZJJ3rwbOjjI8Pe6Iyzv-JeDXd46kQaVWHsDU-WLErw9zu4rf6o&cid=CAQSTABpAlJWjiLC6cN0y6Af-KVXk8DBkmSzEAbYcieNmu4lAVz1VLLZ_paAOVfDx0eYlW3te2SyfTWQ_evKRIWjp9kxnT6cOhSshvccfd0YAQ&dv3_ver=m202307240101&rfl=https%3A%2F%2Fepicenter.bg%2F&ds=l&xdt=1&iif=1&cor=10817292458346824000&adk=2857193498&idt=231&cac=0&dtd=27

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Sat, 26 Aug 2023 03:41:15 GMT
content-encoding: br
x-content-type-options: nosniff
age: 382386
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13692
x-xss-protection: 0
last-modified: Sun, 25 Jun 2023 02:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 25 Aug 2024 03:41:15 GMT

GET
H/1.1 200
OK g72h7lz2c4az Show response
hal9000.redintelligence.net/zone/ Frame 2BC1 11 KB
4 KB 118ms
29ms Script
text/html 138.201.84.244
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal9000.redintelligence.net/zone/g72h7lz2c4az?subid=&gdpr=&gdpr_consent=&rnd=1693403660233310&extVar[]=DV360_SSP:1&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCT-lmDErvZN6eDtKWgAffzr3gC6blvaBphZWcp8kP8C4QASCglrcuYJWK-4GUB8gBCakCAHcZnNREsj6oAwHIA5sEqgTjAU_QZmJoj1sU8VLDfUui8EzRkrEPG3PIVmK8kX6P7t_hrmWKkxVxZ32BOXkFsXwOOY8WlAggDYYjrIIV65FgmL8ufqbHg_YBBLzv3FS6p5W6ojU-32DsJbvoWcVsTt_5G30YzPuCC7TaR8G3n4V8jl2dosqldu0rCaxm4KymlKKuyDMaqr839HmqCgE6uq-8IGCQJ-H9IKi0D-2SgQFhvgvJQ-6cg9gAETihvbkWHu98iYTTVrccq2CZkYmDQ5Gb_ovaYGHLvxAdtAVWOGbml2Q2QK_Y817LIL06oQv5Xjgu43F7wATrj_yO9wPgBAOIBe-vlog-kAYBoAZNgAesrfWfA6gH2baxAqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4bqAeaBqgH89EbqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCBYIgOGAEBABGB0yAqoCOgKAQEi9_cE6gAoBmAsByAsBgAwBqg0CREXIDQGwE8yc2RLQEwDYEwOIFAHYFAHQFQH4FgGAFwE%26ae%3D1%26gclid%3DEAIaIQobChMI3tSEncSEgQMVUgvgCh1fZw-8EAEYASAAEgJRx_D_BwE%26num%3D1%26cid%3DCAQSTABpAlJWjiLC6cN0y6Af-KVXk8DBkmSzEAbYcieNmu4lAVz1VLLZ_paAOVfDx0eYlW3te2SyfTWQ_evKRIWjp9kxnT6cOhSshvccfd0YAQ%26sig%3DAOD64_29tMNVW_mjPCR-yBSO_VweqH0CiA%26client%3Dca-pub-8786690744144524%26dbm_c%3DAKAmf-DWHSGISQvTQKGCmY_XYv41qxjzH0FQ-7XppZ7oTJRHuAHpq_eVuDbyyIlRlZi5WU5eoCugfBUGaMWZea_5dAN4QPF6grEOM2onQkI9P6G2xoXecYEJeuEr6lzajPIsKZMYAsE_fh3rBV8I_zY35Ht0AQMwRyGx_Wzy4N3alb2n4cr5zXs%26cry%3D1%26dbm_d%3DAKAmf-Dd0BI2lrjhpH3e5IZPWwzCldIgJfImWdzwAaKzAb9kJzd4bgrOHyXL6NRI_QPNvizawvyZmpT2U5fLDE_efQvW1_hS8fQa-TSQbUil-0HpC6oRLWPvvYaLmqP7klg-HXGSIPA1tHV2tLcpGAvvN4hFzPxRjekJuWw_bvBVFNqjIW5HcofxAG-CyRBtxszIBIqofrDzSKvo5Hx8IBjNgKIrhhWzfI94E27u8oNlx7IP3J42-X_NNAAvnyI8td-SuTyXGpEaxHqMk9po6dJIrrvrZEiIbaB2GcVolhsMiCbwtZz-L9i25fNmoeayIi_tOd-ZRUpidt1OxTs3azQj_5Ve7N8gjpVScD8NpjDg32TFODbxmlDjRzKgYKoxG8fyRcho955shk0O_R9W_Evrc-mTuIy7Y8FHLuCRXfgTKUTFUVXUgvdJH6L2enHS-Kwavhcqss7QWmWS2B51r7Iw8hkcNWt2n9tYnu9E-a-_PUN05Gs8Yh-faN_ZPuYnNpXTnjVMZay2%26adurl%3D
Requested by: Host: 10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com
URL: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.84.244 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.244.84.201.138.clients.your-server.de
Software: Apache /
Resource Hash: 21adc10ab1507e83597c87447ff7bc62f3e21b5be38fccfd50f215241ee68d55

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

Date: Wed, 30 Aug 2023 13:54:21 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 4150
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8

GET
H/1.1 200
OK g72h7lz2c4az Show response
hal9000.redintelligence.net/zone/ Frame 5564 11 KB
4 KB 172ms
27ms Script
text/html 138.201.84.244
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal9000.redintelligence.net/zone/g72h7lz2c4az?subid=&gdpr=&gdpr_consent=&rnd=1693403660233316&extVar[]=DV360_SSP:1&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DChiDQDErvZOSeDtKWgAffzr3gC6blvaBphZWcp8kP8C4QASCglrcuYJWK-4GUB8gBCakCAHcZnNREsj6oAwHIA5sEqgTjAU_Q3SXlBOMuWg7gXtxGAgd8f-6AT2AcO7bQuYj_PIVl42myDjQ9OiiYyxT7mvWVybgtT8qGm9y1q512yiqRcI_v4VM86BRtFuJ2rF5b3zqwdJagqPR9pRTj6-mfCwJIW9m3VFnFXcur_yU30PMAO8XizhwVAGv8GlNu-IsPz5mqtu8hXMxU72QTAfy_mzYS55WgCRgJnwtLs-fDPcyXbHZknmWblsBgLWPq_C9SNtJa1ZJg6HmCzJ3UvzAlixTMN0314zb2RrtVMnp2wzLkgNGWXNcgQ40fgedn4tnJ1yZnCWSvwATrj_yO9wPgBAOIBe-vlog-kAYBoAZNgAesrfWfA6gH2baxAqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4bqAeaBqgH89EbqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCBYIgOGAEBABGB0yAqoCOgKAQEi9_cE6gAoBmAsByAsBgAwBqg0CREXIDQGwE8yc2RLQEwDYEwOIFAHYFAHQFQH4FgGAFwE%26ae%3D1%26gclid%3DEAIaIQobChMI5NSEncSEgQMVUgvgCh1fZw-8EAEYASAAEgJHUfD_BwE%26num%3D1%26cid%3DCAQSTABpAlJWjiLC6cN0y6Af-KVXk8DBkmSzEAbYcieNmu4lAVz1VLLZ_paAOVfDx0eYlW3te2SyfTWQ_evKRIWjp9kxnT6cOhSshvccfd0YAQ%26sig%3DAOD64_2HPNSqLgWfvmUQgSjKWn6cpf3j0w%26client%3Dca-pub-8786690744144524%26dbm_c%3DAKAmf-CG4jdg3eeF0lYqC_a8VAg2Sz-XNQDNQKtBnpt3zwUN_FDH6HViDlefQyMQ2er6ICOgUm4aqcnXRoAqAyWxGSOeBYuwRpl0_O6NpX49WWlOWqfWC80apdm68jPXVviQeHZFBir4W0UfVV02PDVL5qq0egJphRNAyQkkErTl0BNe-aB_d28%26cry%3D1%26dbm_d%3DAKAmf-CV3Am7KvFTIg3W1eoieVLEko7YeAXWOKXtdQ8EPtSJxihhSsYciKfatkFE-RKrDmnM3IYOQCVE9hCwHvQLV_OeWcP-gT4NOaP95cwIz29ojYEtn4gjLNv5woC2QDYPz4Gp3zvEa-DFIkMGCG_cgXeRQ43G0bE4HlYE_ikoFQj1jDiYlP19F0Kgmm7aXrnNP_LZszpsmaZtjN4RTLPgAs85FD-0kXqAKKz26a9NEBvbeOKYKmaOuMyzZAblpoY1DCG1Fi8ZQ5U8lYd6e2md-oDMpMUfVWdYPGk0pb2GcSsFpCXuE6AcQYoHN9aNZc2FYqmujUlrA4slnrEam_lBVKC_TJRTbwXHA4tzBOgQFzIkZ1OaCuUif5FgJcPFH_30DIogtKK3VWjwz7hIcL9x_3UihX68u-eS03tBJs27Zax7Xa1NGUHL5N9zqUjz1PNr3AakjNliEKT7fC0zHoDHC3ojjqg9e8gXqeSFL5mWfgQYmsWNbglNlf7oXGBNmRhoM9wLRPGe%26adurl%3D
Requested by: Host: 10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com
URL: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.84.244 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.244.84.201.138.clients.your-server.de
Software: Apache /
Resource Hash: 28b563207c4915110ad0378f0d4cb995427808ec14e1b53399c3c52b4ec346d7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

Date: Wed, 30 Aug 2023 13:54:22 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 4149
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8

GET
H/1.1 200
OK g72h7lz2c4az Show response
hal9000.redintelligence.net/zone/ Frame EAC8 11 KB
4 KB 174ms
28ms Script
text/html 138.201.84.244
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal9000.redintelligence.net/zone/g72h7lz2c4az?subid=&gdpr=&gdpr_consent=&rnd=1693403660233311&extVar[]=DV360_SSP:1&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCDNQ6DErvZN-eDtKWgAffzr3gC6blvaBphZWcp8kP8C4QASCglrcuYJWK-4GUB8gBCakCAHcZnNREsj6oAwHIA5sEqgTjAU_QCBkAGxhgMqF8PTu3JH3odzkG29RdzjyB8S87wFr5geC08_gwaPxcYy13O1BvJlqODKVDYt55K76iZ4Ps9vOY8OqR7zvmn-pAKqaPwHNAnyoIGI80YSXFHnR5imI2gyv_r8pVdNCfkMrRZuJUKSziPO5rAqvtgP7RlwlTnnEbXANvEs7b3U7Qf1lKJfxjZfSwsizlfO9XRnf1OHrNG8WQHsgIAxTZ3JsE7cYkbL3kxusf8ljO2KTQ4T0Tn43JRTeqcl2xY4FSEWNuDeLgPKcVJihoA6obiyrEeSUuz6741MWhwATrj_yO9wPgBAOIBe-vlog-kAYBoAZNgAesrfWfA6gH2baxAqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4bqAeaBqgH89EbqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCBYIgOGAEBABGB0yAqoCOgKAQEi9_cE6gAoBmAsByAsBgAwBqg0CREXIDQGwE8yc2RLQEwDYEwOIFAHYFAHQFQH4FgGAFwE%26ae%3D1%26gclid%3DEAIaIQobChMI39SEncSEgQMVUgvgCh1fZw-8EAEYASAAEgLOZ_D_BwE%26num%3D1%26cid%3DCAQSTABpAlJWjiLC6cN0y6Af-KVXk8DBkmSzEAbYcieNmu4lAVz1VLLZ_paAOVfDx0eYlW3te2SyfTWQ_evKRIWjp9kxnT6cOhSshvccfd0YAQ%26sig%3DAOD64_2MUVl66XzeNnBNNYOHaF5tw6u_nQ%26client%3Dca-pub-8786690744144524%26dbm_c%3DAKAmf-CIVwPkJQuqyT-0tJCDpm509oG6GbQFu3uWmqbsiOuN3OlO7E6sgvcnWoO7M4kihwDDc_-EMgLHZoQ84AQJ8R6Mo65euBftr-92Gl75iXSJBRTJZaguqLDzQbSDRjdXVP0ch3ie8RmWs4FbeMzPm_amiFiVeeIWi-ui5b01FLaZTtNJPbk%26cry%3D1%26dbm_d%3DAKAmf-AeuMVkuf2276zGRNn7kbbZTtPS4reTE0501p5xBdKRvuO2jj6NnU8qgA276KMXoDyU8ePNgHx8KXH5iWAP-hjWPGC81EMrKSiFtXOgf2lSGaBfIVhYDDW1gn3qZB6-aO5gjoHSbgEZ2MVCpZE-f9leWI3VMLPBEde844A-Fzpg449jctF6fXh8A13pMy6bCDdgG1Ekma__nAi-2E48W5Hjr52paaW3uiYE8_LZCBT2yZZOCEzF1H_bZ1wuZFn4adzxxxDqpTxizWUaAmaoBtl9EdJzmB0TpnF8_Yrbzib6oUHQUbZaBhV-prNH2bSs8hgSItRcRhJA4zGoEs0IbWcjBgtQkZee0rTf4X7b-HpYwbx6UXrbcl7KVV27CnbqrudGiPqmxQ9P9jqTnEP3JnY-xZfr1L-ncjQ2XXVMwkqF3NFZuLnfZox5KhtQLkego1RsyKstbXXApmUgV4mLoBPIANKDJb7tnhCekgW1DCPWdSUt1q9kgosoycOGkxJt9gE_X0u4%26adurl%3D
Requested by: Host: 10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com
URL: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.84.244 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.244.84.201.138.clients.your-server.de
Software: Apache /
Resource Hash: bfc27ab86c5b5d230ff0dcac514c4b302e72c20fde6237ed12ad179ac0009200

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

Date: Wed, 30 Aug 2023 13:54:22 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 4145
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8

GET
H/1.1 200
OK g72h7lz2c4az Show response
hal9000.redintelligence.net/zone/ Frame A54E 11 KB
4 KB 175ms
28ms Script
text/html 138.201.84.244
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal9000.redintelligence.net/zone/g72h7lz2c4az?subid=&gdpr=&gdpr_consent=&rnd=1693403660233313&extVar[]=DV360_SSP:1&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCJ32bDErvZOGeDtKWgAffzr3gC6blvaBphZWcp8kP8C4QASCglrcuYJWK-4GUB8gBCakCAHcZnNREsj6oAwHIA5sEqgTjAU_QBMRQhgF1ApBHFajiPwFzIxzvshSKd8aJhrtbME3Av39SOXKqIwC85t2xhN58vWBLUzwy0PDiTtC78c1Rrsv7gRL5hOmnNGm7Lt-ABFqs9UFfsOBiGQnZY7zXQyT304wYF0zobyTlaf5ywFuQhIe3Np4piAa9qhmeuFWnjlrtGAryp83TtHefa0XDhhhdI0BKODzj8tvd7xUj6nCCxw-v0JgOKvxOzgNUfxcnYbODYgWdGHDdJF8mIBJeTvIehQLE4x4eReSWM6Zq5sHvBjhH_eYr1MVo9oaJrGtgaeRIkbYUwATrj_yO9wPgBAOIBe-vlog-kAYBoAZNgAesrfWfA6gH2baxAqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4bqAeaBqgH89EbqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCBYIgOGAEBABGB0yAqoCOgKAQEi9_cE6gAoBmAsByAsBgAwBqg0CREXIDQGwE8yc2RLQEwDYEwOIFAHYFAHQFQH4FgGAFwE%26ae%3D1%26gclid%3DEAIaIQobChMI4dSEncSEgQMVUgvgCh1fZw-8EAEYASAAEgLhBfD_BwE%26num%3D1%26cid%3DCAQSTABpAlJWjiLC6cN0y6Af-KVXk8DBkmSzEAbYcieNmu4lAVz1VLLZ_paAOVfDx0eYlW3te2SyfTWQ_evKRIWjp9kxnT6cOhSshvccfd0YAQ%26sig%3DAOD64_3jGmJ_S61TE65XViYTsUJ6s2Yc-w%26client%3Dca-pub-8786690744144524%26dbm_c%3DAKAmf-BlclV8MXi4DxrK5fd_oTUlPOR_qspBv2OdO_0fznf4jiBeyuy-J-JbccSbTyzCgw1JtLWU0HpOUMKBM57r-CzTSk8Ms9jrfXc7KaX4np4Rt8mPxR1IjwJPudW6Jw8uqOWPgfNgrIVAdW58rles1DRckZnE0pdluoa3fcX7Nu8-5lxk99A%26cry%3D1%26dbm_d%3DAKAmf-CtK6NbOK07-JNdXEG3VYTvA1WX7OrXyMZWQhcRLxD3tY486N4r0YJZnphQbWU4qhUx6vny_5RbHvKrlLFBtxL5yIzz7Ig96rii6-1dJv9E3ZWYYiSMHZOX1BD3PgmPxCiQDnbpSIblSx-DmgmO2VLpDKs6X39-ZWnAQbBVfqfAS4WgsTKsfaCBhkUSxuSioofgM8TCYS6kfZiokxVy-b_6bVxIynhvxF25Y-srgOzndK2h31GbCSgKUsA2w9UQcCb1VMaRTriwgZFhQ1i2YFwSZ6y2ebVzpGieT-7RHNWfoBbd7WFFhL-DO1JTWy4wMQ5usVg8cO2PLoNL43kohQDvLkZlMRS1EH-qa_AyGsBjfFhQZmN9wNW_sXnFBvzZPwVanqHjNBfj4u4RrPWNbsG-dMRAgsqszMeRpqFdNVWnOBUV1rgg1l961bZM3CR-KIGNCMuBfqPwoDZ2RG0ZjjlJt1cs2Qpe2rUvkY2e6uY1H4F2_NJ-zk9AcaRKUrVUwiqiQigf%26adurl%3D
Requested by: Host: 10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com
URL: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.84.244 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.244.84.201.138.clients.your-server.de
Software: Apache /
Resource Hash: 29ad3ec7146da573d5ec9a83ca185390837fe29e64b9903d4f53f159cf4f0cd4

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

Date: Wed, 30 Aug 2023 13:54:22 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 4148
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8

GET
H/1.1 200
OK g72h7lz2c4az Show response
hal9000.redintelligence.net/zone/ Frame 05AB 11 KB
4 KB 175ms
29ms Script
text/html 138.201.84.244
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal9000.redintelligence.net/zone/g72h7lz2c4az?subid=&gdpr=&gdpr_consent=&rnd=1693403660233309&extVar[]=DV360_SSP:1&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCW1wvDErvZN2eDtKWgAffzr3gC6blvaBphZWcp8kP8C4QASCglrcuYJWK-4GUB8gBCakCAHcZnNREsj6oAwHIA5sEqgTjAU_QDmPH2bvNoOxZvnP35VanT6HDXiWT7gqM7GbccQRJpD8Uu2EYk0_O7ViNaSu0jPFnmnU3-iFm9yZwhzr1sqwmYUS5hw1agivJeaFvmvHoHt5kxVahfnYipdmaCF3Lyvy5p1VYCLbpKkXD5UQ-moxal8NuKC2UTZCuqnnalpgdg4u26uf9jUyGqaR3T99sG-PlhsflK80tFnW6cuJFLAIzhD2PDn3vToUFYKRcVwBSoRoDFVcFgDxnOimYiuOVWo6dbwaTLlIvVWrYuFtwrbG7UWpLCry5f4Ws644W1sccD-1zwATrj_yO9wPgBAOIBe-vlog-kAYBoAZNgAesrfWfA6gH2baxAqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4bqAeaBqgH89EbqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCBYIgOGAEBABGB0yAqoCOgKAQEi9_cE6gAoBmAsByAsBgAwBqg0CREXIDQGwE8yc2RLQEwDYEwOIFAHYFAHQFQH4FgGAFwE%26ae%3D1%26gclid%3DEAIaIQobChMI3dSEncSEgQMVUgvgCh1fZw-8EAEYASAAEgLfFfD_BwE%26num%3D1%26cid%3DCAQSTABpAlJWjiLC6cN0y6Af-KVXk8DBkmSzEAbYcieNmu4lAVz1VLLZ_paAOVfDx0eYlW3te2SyfTWQ_evKRIWjp9kxnT6cOhSshvccfd0YAQ%26sig%3DAOD64_39T1rGdxMFLF9ujBjy3TE0PK4GMw%26client%3Dca-pub-8786690744144524%26dbm_c%3DAKAmf-BZSAfbRFRZSf5ZCSl7HEch4I75OY-tPsR51lry0OJcoY1mNAvTZcfxFEHXwttErxka0f7HIL-w5uMGPhBwG61KVKX64eAqZBnNcKp9xavEPv2OIHZNcaW2lOH_OagDz0hyCIzY3Wui_4Nr0RbWlUkz4ayzwN52QcjT2Z7rDt6M7JxPbXM%26cry%3D1%26dbm_d%3DAKAmf-Bc3K2FKQ7wGytng40LUv74k7KUkhHkCkj1dqtFFxOMrrZ2MtvuIQAz1DFtISShGlHuODc-uuSavVrLRDfdj1z4cDCwjnoAaq64NAHwlPJK5Ku1yV0xSGSRFS-zjaLj3CaTU5tGAHQaA3z5y0fvENdsaY7p-BBYk02yg2tsCjuIcEzN9o5k1X0NtAyOHaEoUbFgd5RDAANcrkayZz8k8VWBiemMCRYuF7m01e7lYeJAjq6TZYGiCmMHTtiEKSHJxwhfd0cvG2QtCE6_pG3dMrY7kPD-Zuof6LtVGdGr1LZw_CCElU3KP74TA9_8d1ndrga7vohqWCJglQCrvLA6AyBRzN9d3Z4A5P9YDCkFb_vZ90Fl422BgiRZhGnY91lPQ88FJqNPhX_j9frqeyUr3Q2oEKU_jYvlVKLrS8rnPaNZr5Nd9MXI4j5gfLjljHAWjXvh1Bp2qc_imARiBcMKK1rx6ELcbvPeHHuR6SSAbJ3wra7tPpHQC1sAD3gR5O-qlO7KWZ9j%26adurl%3D
Requested by: Host: 10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com
URL: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.84.244 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.244.84.201.138.clients.your-server.de
Software: Apache /
Resource Hash: d2033d613715ff5666b48dd3256af22ad5bcc592c2615e836c442a7381e9ff12

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

Date: Wed, 30 Aug 2023 13:54:22 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 4145
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame 9E07 41 KB
13 KB 32ms
20ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-D04E4tvE3ssWP2NVLJHn6kLpypCDp403p1ypjEdaYI8qJhyfEDOaQi7nVy8RIL7teqHQATwhlS0gPsXotUnQn11se6KlNZAE53gHK24dEcI_AHFOZhfN2BdPrT0LGic9EPSoSIMm4Skf-tZwYHXrTNY-WigRYgJOSMH-rP2GwHvtQO5p0&cry=1&dbm_d=AKAmf-DTwNqpAL_jmNSTe9GIkdAL-4dUQYY7wE3V6CKLs7_2ymuRe-Hogkq8Tef_q3caTqdwwvYOWgKEvZeJrgvlQ3-98FllQy8YkHsLXB9TGwVQpwTmcLXrssjUXqcA9JcpxXsvZJ0KjwhnQ7oqjL7JcltY73m86jP2ZHqAAJ8nArGr7hQpZ9zfueKVo509NitgoScyScpo9y0tgJK7-HCljU0HWWtv42pWAjv3y-yS9TqcCL1f4cPs7fHWrZky2JfVMOKB-LANe2ixZ6hx-XF7jiWkftk03nuTxPbvzjDJJHUQIrzA1C0FZQol_HpQCTmPnqW6pk5OOwmFRrelqgV_cdEtI3XqROLqOMG7mwF1X8CxSu2bORuuLFvVhgAbnwSB9SGabqcGbYeqPs8sD60E5C7KlfU18JORf0nQOL5krnr9_Q6UyzSUEcjHVokXjxNcOraZK3aDliqpDxiQuENLhG62W5_IPl1B_zvEQqA-HwbGXZ48QgtxsVsbLYk9crDWPyRS_ESzhfHf3McC-FumiTI0xEerXxeXBzxNneshxz7H9ev4oGKBiF7vmsmk0DfliqiTAU_qewTvJtkntIbeHjr-TIkOOGaHYE8GQGF6QXnYygf0dIuCyXThVgNGDtqC78yP7gYvTSqVelWFCFGWpZCW90uSHi8VXXaHVQ6IpPE_nKIZsieoQZ25Eqf8jMixQVF0iLl0mlTJ59JtchXURyXqMFqbnlOWDHQQ99liPegYSLw4qjJIfP6dZEBJjx6Di3L6xx-U5VQ96V3EokIsFVoRiFV-PmNg4Wqoy17T2EMjfo4b_wSQlIcggOV5sG_olQLUCWkguRH2JZMKl80GyMCgOvYEfGswIzm5vQVldUz11egWlq_FijpPw2GcR-3S0z8rQQNWg1Lw326SU1Cpx0O8VQ2-OrJhOA5L0S_QwAI7yXD6D0ei56Btl19RCVj0_N_RO58w7QWEp5AMhX1DtOuLWftfRpdrsz1Y0GYosxq7-n-66oP0YQr6XKg2FXVU4S7B5blayH4nOPDAmZooRm8vVkTS5rhg-SVN4znqbe4W27kB0s5CpFwfe3kTRRpmTSF4E834gG_EZ3oECJ-a2V5y9TpIGcVox0CCH3YwCCSnx86hZLIwTfy3zZAmdjPNWWVCel2DOoRmdNSK_D8FJkK_gRhZB2k8YSNV-gdLdRNmJDxnfxBuE-CkyOv7rJB1HzTyMyhzdT3u7OsEmtbZkqFrt2BZ8g9EOkYLzKyS3McvmO1C3eWNZLKFvThbZ8XfWKBk-lEzzSzQ8ESgGwqPIklXxkc7hULY258Iv89kOQvK0ftxZOwx9I8YLzM--0PJqzF4pNJyyPCRc2QpgdPRCB2L1maG4udRiJFqm4Yr4UdCkrxWq3anv-9KCqzJnICC7KL02hR_318moQvq1JRUYtIFbbR4ZVz3IBBzobP3tJhV_9svEg8v2_G87tptXyn9Nw5iybw2I3Y4D69YIcSJDriGZZ7K8lc3aDjQF9zHhtY5VKXsgzCcy9bci-7ifDWgd7snNEa-L9juskLriAIs20RS7mGfeJLzGcXkQFxn4z4gtckzDg--xWep0VxyKxFEYrmvTNGWCmj9inVtEyti91RPVPB9U-u_4pYDeOHERYpCTFeUlE3WArd6FApwIl5-heK3MFuH3w_0sHjrtBK5U-XdOmfMJjtQl-DDUPANiF8cS_LpIT1xoHFQ2oQ6HtFe1xype5SSSGd8LwStMs8DcsCLYaDVrwHsyrjMVRD8pQ00kyQsTcrQ8g0KRjK6ocvIWHB5g117sDoXfNqY-1vV0GUkNDocJ5PEUwR2kcfTGaLqoPx3FVenGyYKLtg0trn00fkhBIHdMIan0d0_v_830Q470wP7G8vAPHChgHKTtW25gD-TBlyN-oj7zIX3dU7J9pi903-DZzDmRDX3lsASymdVG2TUQjpvWs4PQjF544fzWE-ebsFu0XlOdPnBqxEdj4YxIJXncn3c2nON7ugkXqBggMrxiy0dFLoshTy2pvhDWyIgKLtyhM7-QQFBeGiMSMAbFBNC6Ov1bj4P9hGxQmrm305HQdMzt-2VWQiiIoOyvYbl-B7iIMjCdweV5Y3-M8A3QGjJDge_zQ9Y-cwPLtbKkWoApGRKqV2lms3UP331ON8y8kB0k-zhSU7zb5iU-p4IAkYZgmsIbRUaEQ075C8uMaYO8t6ARE-z0g67WkMF2kX-Bsssgi88wVQI2AMbC3Rm3-18ojcqNQdmb7GJvRQ7KtwWw8WwoUTahpJMth_DEoq0JAuTSzZkfOk7igGaLKEYKojRU1Q9T5_XHgCnUzrCX6uon2Lmskus8se0vnN5nPzFt0DAWX55TiD5gmGxOM9UTLIdGfwpZzjzKqIXMZw57s7P-eR3m7i8hBFtoi6XOuMsXyRW3J_tm_5gMf1JEZh61lYrY-GZoS9ZRBVP0j2JqVpwOApCKt2Y8yRf5g8hkgtOR-EYR-vkckrHBWD22DjhE10JoB5ZV-zijFOPF2CQ2sdwRasddW1yZPlnjM5ibksXUz6q6sX2fDP5SbsAuJdsxzrI3qeLR-UKd4BCYdIdCHikibF4cvkMQERCr808k8q7hFuKuScedfxTlwKbFsic7j7CNbp2EDplTuhVmEErqitCvM1RZjGWesg6H6cmbh5wcmPrBZJdcNHyB1Cw4haqdblwIMNOvuZp-K3EkzCvWsY5vyEvSyYeL97r6s2rt2lFnJShp5UoF4--UuM34tAIH0fnyWibWOFqiSujPkQXl6hG1hIFRAXK1yI4g4uTDw4MaAKlELEinPOkBqMVOWONq431sQnvJBBa8V4MaKnwf_eWLUpFhBG2fsrqYwRtxXw7lHCxAmZivKbPDRR8GssleJ_oQgjWrSE1r2I6lbgHauyrsZp2Z6prCLKtdTdR47TxR5kVk1mOoV5mOuztaaqjZbDltJIM2r5FuWsXNV5_uCEnJnRwqYNC4vD3TopEV3SYaPCTv2Nt_HP3kYmaSW628pN2CcdINSMQONGjapRdX-e_NdcrRLR8gJRG6NTvRC7qbWe2K_pUFJuB_--bpj-I1glImni_WWGgElLtwB8TvV7bY2HM3ehfq592WGeoAhbmCNnbmbe-WuJ_aGYhiPyJr6yGOa6g-GGmLho1eazHeHjFlT_dUvFi3walFDgpe8UPwqk61nXvZMnUPOvt7RmJHhoUeFaTdVKpZmiIsULkSt_lknVUNeZO0famb56T_8VS9eTv0se6eWB8McLMsxTQ7V0JCe5KJzhxm48nDbD-n87a2n_M3XdpCwpsynx6DbvSIbk_pxGxhfVSQL3mmM5pjuyAJt12RICqTEHpDZHZH7-1pMBalD36iBoGAl9F2dhWKiMGbcF2h2oZiztw-Wt6jXtLcfhYBTgI2aW-IWUClXcPbuOOEhqnhwYOV-hi6-JDw6o4ihikQRdXcZE9EY85TjsaQsMDmy4NoDXW6IbYxjGICVxvdPyTQf71l9CakbaHaWZwn4VLu3giPPzclpx1o9_WB4XIBNugIqN0OO78O671Alj4HAqlWp-Fs6x1FsQ3wV6BxeGIIWbNElm0kKuUmH8V9qdxWVsTcOJ6rd_-mwfLroiAPrzyTpiIE2UFj2SE4Qo_85JQntsq4-D3l3cMyZ0ssowjGnqb50dP6DzCBiSQCxyHNYvj_vOu1GNShoYQpxC6BXf98ceYLvMQDJg79NuohEP9ABbRPqIlWSKUYxNSIzZwhumA7OvpPII9tAubCZqkvzmCb6hNgZFTs-npdpt-CR2RhRSChPKlgXj_Z7FMvjbKO52YRhCrty--a0PYPjhvpWBjdqD-3LSdH2_0LA916fWnont2r2WN3MzSHX4D0EWmwHw-aMuq1tRxSMxHZlAIdTimlAGTiF8x9Fb3zkj_MEXNr2066khiq-dtem12x4EP1d4xMwoTopBgMcFTZYy6vn65D28h8Io9_tfETj2rgPbPh-3T8K0xAaRzlMwIO7OBA6NHAV1foVeGWBgzY68&cid=CAQSTABpAlJWjiLC6cN0y6Af-KVXk8DBkmSzEAbYcieNmu4lAVz1VLLZ_paAOVfDx0eYlW3te2SyfTWQ_evKRIWjp9kxnT6cOhSshvccfd0YAQ&dv3_ver=m202307240101&rfl=https%3A%2F%2Fepicenter.bg%2F&ds=l&xdt=1&iif=1&cor=5322491079958603000&adk=4188270525&idt=178&cac=0&dtd=3

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Sat, 26 Aug 2023 03:41:15 GMT
content-encoding: br
x-content-type-options: nosniff
age: 382386
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13692
x-xss-protection: 0
last-modified: Sun, 25 Jun 2023 02:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 25 Aug 2024 03:41:15 GMT

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame AE73 41 KB
13 KB 35ms
24ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-Bz9QrzEgvJ5TBL17lIr32XSZtar84U_zfu7vy7D5UPW3KTRLUskLOSP4f9qvPnGqnD7p-G6vev82vIMWVTt4WBzUELO84o8w-iVk5LRqG9F26pY9ZzDuGt3bBKM6i-vp2k97PiUZupN7kfswxNBKzKjpwPQRcYzNb3eOpXT0jsIVTZ44U&cry=1&dbm_d=AKAmf-AULH3p4gAQCyV1SyFf2UE6EB42IkpvfF8OQz--xW1-Xy7m9NFrCmxYphInbX4UgB_9-sDp1gDzFU_7xxWn5P9NblyhSdAHM8GKIhWCUXCd-5BHk_FGUXArzAcN1sz8ZrqMmaN1ysmsSc_cWftmRl7CKnFOm6SbikW4PVMFbh77BxpILSMQDqVof2zXciQDTC7JtPX48peYw7k2PT04EznJo3rYk1AeEflY-onXsCZJAD2wjsqjOFsbGFs54X83MwPApQcXlGLjrTl_FnnEcgjjKADrOHVTiTQWRG11_UiegMPvqOUUboh9GZ8IEqW9ViKAGudo04nIwoFhrkY4gZLkjb2EwDlbTZ3WVzrXZfmN2obQ5gZOvuApT3lGvVKgowflRFSX5AD2FudpKFfTM8GY33PUkVBpKZlT7cVAI65zDyoTQC6q_X3dd1cwmhbgIW_sYKHK_FkhM45qWSPDDV45ZsMV-_IKIqFwFH3-ZhtkMaaFMiiJ53tlGqpGlaqMNrUaREEIy01cNL1yH_D2tfB9z9Wtmqm3LQhSUT8TU6S-MtFSxZi77D106vQA8tAKqe6U8hpB35-rZF8dRVMcTemZPOzkIm3Ch9ItTlgMp65WMbCKdUf-qJ3YIAlBZ8H3GQJ8B7Ww0FADuIv17G0maT5ePOEu0KMBZJjlWzyacka_jskTLbJTrWe569IR7MXEwtEyA5Iex2x0XvCnY_NpIT4s6_Ajk7qsUv-WNCk4-QgDA0DCnOrSQWW9k4E33SgOl1E-KFGGjalLvurgl4RjFejDQZ8EosU5ji5QH_JrrfHdkuQjThUMoXjQ3sHDqhjRD5cf2j9OS4vB1P5M8arnErXxWN2EIFUaivEHTbD3Q8Wm4gQB9oCMEttPfipHgOhI4_620HMO7rzgQE0xBCuqn2HVE7le6G8YuMef6QeJY5gwuSwR33DXwsgJ3LUtRLPbqoMv3pdBxnO3mkL0m8Rz4cV5yam55E2q_sq3ld96zMMrzyAn6208_IWH83662blSns3mniGprWzIxD3HjeFdPuzOBJYZI9bfvCLflSEaH1ZbUH8l4XmEcAZrb7DxFUG4WCIELnQ1VoDSeUJwW5QfvnnnIsXuOTJ6jvdthgoPPAwISMmnX-H4guqIO2jgElwv934Z711H-FXR1ypeoFV9HIVDnm6eQpag-0Dbex-FSeNVYc12cmYSNGs_yYzRuvjNyTYvoIu7irLFi9bAHccDa2l4WVBQCiQ1Ml5k_PIr-mfP1CoJKaANL8N5P5NqDWG_VTifMLOJrT66xXL2DBw9Z1M4fT_9wxQlToLD1tRmro1sLIw0nJHYadTb9lRgZ8kmnxHr_mRtV1YFT7F4rLl-tvlCqI_cygqg7k3cCrqjV8Ci-x9c-7jSv9kaVcvF_8c4vsfmmwn3ixRVeFCDNbFEp1TU8UwauBnX0V5vY-BwD6bcobabFVdAMvgwShHggNwY9RCCT9E9GwRDxOqj0ijSpGDqovGq_bHnl80MvmmrOUaSQC0aD32Jp-nzSLs1vcy5Rbl-h2sedDZXpVkQHZPswoOhO2bQQw9EIveV3cyec56RjA9_c7woqJoUdnY0S_qd9h4buBd1FvkaeuyEb8kDRufCtjQJyuP34ld6GMUIiki9DM8fuo7CpuPH-fbDRMZv2y7JvwWytgQzqActnkx3i-3khKRgKpLRDpq3_ePJ0DdDZeGk-uvNFF5jsEhklcx6sNEBiVPYoLDxpYfELBAG9Y9-1MhbwDUycK5Fif2X_sibncs8VGW6RxnURhWWx2UhGlk8Klwu58F578qrbiiLc37bCiNpVjC24-o-XqEYeH24gZV11Sbw9pFOu9rQ-_5wE2YMB0b6Ia0M7567lhluRpz0puKHqrFRA8ecjieHHJpPKffFYtyiGB2iYtJvdqdMEnWYu5MAAiQPHu02L5_0r7nPYT_LBZ76hJM-R5kmuYX5KlJ5JJCrEb8NVJKBjlwM7-5SY9L5NpVQO-bdFKFB5lhw7BjuyR6ujbA2gSKRHwVt7EoDThtnOOZkx6rA5ubnP77ZaX7jlB-4SjbBOGfRKO3rlH1lktW1LpTmJiaC0xyE7SpEKG_N-5pT3XBJt9T78kWGhlv2l4LejOE10cQmJLQfmy6KCaAf1udB2LLa7I33S8YyRyvwwFzDH-jtblebSu-4d9AxwYXFPusM-WElytHHhERoBvOC7Z1BuMuvAwInYCvZEJWSp7gkcUdxY2bJ5nUdrYLOV3beOTxbluI632EW86Hq2GkKY_hAx-GmYAAdqo4jtG7LvKUFZk8CGIZAFBQBOzrizb04BvRzIGxBnWzuRRCqVXbzUdFDgYRMUqD_gLbOphkaP9KHaspO4Ff21ojtqS0wqdrYZb_vhtjL23d8flH5pBCLxfIAoa-2CM16mK3wPmoolA3kzZGO5Cw0mQ-cJhI5u4hA1ErYSCoXZkksPEICnFXiLs1tu1jYtNwRs8__I0zv9mQVpkJvrwlonM-fqVx1RacI64aTASn5HuCszIuNdqShDbqD7Hrt-htOGRlLZq9wSKMcZPDYMNEKxBhcnne6Z2Q66uuGlcN-3VziGv5BM8EFUysC_a82UXHyBl-zt0vIyevO-4cR-D3Gj7tMZtOC4sWgWk156vFGcHqIPz78K79rQVmxqBT76ndmB-EzSjzoMdZhjFVz1mSWBBiUicZlnzmBPXNR6OvLmK8w2XhtInu-EpkI-6FTcwZp7PZjwwO9mZlx5V3-iu8oRt7YhB_8N8OUEElqbYCmn1hyCT2iHBr4DVuyKKEGOJ4PQLfgcv1CTAyf8sWY1amXg6SQ3KAAtpC7mQtdoit0ZjVy0V2dfUCYn9cIk5cpAVGQZEl9g5vTJkVQ14PX2WB0m820hjP9Ur_-MWRsn5knQRvAtOnNx9xmkJgb2d9YDXBo0q9vdpqEQtWVgTwT6zObQlNsDpTmT3BhjzGbzh8PjN6OrgvO-Z-Y-y7b0-qBv5ZMkUETCQnlCF3vUdgU8PsRjRd8UI9wcpNrIOmymXvPDte-7qX3DVNJ_2904CW7XscWKsCx-QGzted69FSCqs8-zCUy7Clax40k2w--WlfqgW4XbtkpJzvxGQTpVtW734LELJ_kNHH__6Aj-hDG-cTLOsbx9uXdzUo6nAmeoYKXqUirBgkVeW_fX_dXwQIl_mc9Kn5SieMUgM2gdnuH2Vc9QC56oqJYMJN6Zw63D53ftloDyIcWPjurbr0OK8I3PBSeDdvxjbUXWsRMHDqEp20V95HvOOmUzPyjAEZ8qkvgCYIEk_a9HxEemA92He9lCTy-HXcp-LcraWXynOc_7MikXq1g6YqsZt2iz4NobFE7dqb1051y22okiUDEDll_4I55sqtyb62tM708toQafHNj08T6Dq0HQrliE6LYYF1KdadZ5LKPtrl0gtlk-EUTdGsYjdv6vAtf7CjivLTMnKIIJwPBa2dScaJMOy3LDo0kVOnCv6ZBt_HjicuTBS5EwFdUwavKW7UI4x24wleKoE67C-aPeR-Jt3Ov16NCp0KiEGy4NvkFHVgJw-0O44qx47byKE89MNVFpFPFkepfI5sbybEn8ePzcP6HEi_m9U2iQLa5GWC01bgh10byxA6UVRkMf7VrXN9I_7fB38NrJhzcj6szvY7m9xuZ8A1xA-I90P2Hz3Ylr18QFI2FKtWOAdknZmj9X64G1h5A__F3uV_Cf-CG8awwnmEN76Whk10XmFw3STmDjmD4xLQDfcCjkbUPgIOILojvqENIeeFyi2vEuO7qqe9u4szK6gtmdyhpr1ZkjE2t5QvokwuzMWTeovOmturR-DjODAVyaCybWYWwEKp7mt_ujAJiuHm77fSCHrNP8qUs0y8LigRKpjSJHXbfLvQ_VJOocBTDekowvX7lpAdQJHgiL57huWzkJnskIJzTxK1WdwT3dfPSTjY6E4DfGNhiqIvb7h2S5LhbjgyorpP0lqBgW6MuZIyYDezD9KPqqmk0c7iJ160qchBrmvlcqakLdhk&cid=CAQSTABpAlJWjiLC6cN0y6Af-KVXk8DBkmSzEAbYcieNmu4lAVz1VLLZ_paAOVfDx0eYlW3te2SyfTWQ_evKRIWjp9kxnT6cOhSshvccfd0YAQ&dv3_ver=m202307240101&rfl=https%3A%2F%2Fepicenter.bg%2F&ds=l&xdt=1&iif=1&cor=2669107400472455000&adk=1033480531&idt=177&cac=0&dtd=2

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Sat, 26 Aug 2023 03:41:15 GMT
content-encoding: br
x-content-type-options: nosniff
age: 382386
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13692
x-xss-protection: 0
last-modified: Sun, 25 Jun 2023 02:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 25 Aug 2024 03:41:15 GMT

GET
H/1.1 200
OK g72h7lz2c4az Show response
hal9000.redintelligence.net/zone/ Frame 9E07 11 KB
4 KB 172ms
29ms Script
text/html 138.201.84.244
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal9000.redintelligence.net/zone/g72h7lz2c4az?subid=&gdpr=&gdpr_consent=&rnd=1693403660233315&extVar[]=DV360_SSP:1&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCJrZaDErvZOOeDtKWgAffzr3gC6blvaBphZWcp8kP8C4QASCglrcuYJWK-4GUB8gBCakCAHcZnNREsj6oAwHIA5sEqgTjAU_QqKKEMHDGmN4UZjtbX0eY2SAQfBVKrQpP7tJ1B3Mi81sl4NNQvOcLFBSmqy89rW-eExTLuWKgBfh2cOmzcmg9tstNVeF4nW2PvWrgBt5adq_idkVvZG6aZvfudWrqLYpESosnmDHKqrYOlPZ6DR7mO6d_WaSBJ8yZmIYihT_iEO3Esbc37mb1yEO2WKMhXlUZAKBmfqzE4kjhcd2kEdDjt6Kpk-_YPRM8w8lR6fiZoQM9KZy3ideGMpmX16CKO7N2rszGlhR1kv85mJPqb7ULYvrOflpySIPRDOxCHkIXi2VWwATrj_yO9wPgBAOIBe-vlog-kAYBoAZNgAesrfWfA6gH2baxAqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4bqAeaBqgH89EbqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCBYIgOGAEBABGB0yAqoCOgKAQEi9_cE6gAoBmAsByAsBgAwBqg0CREXIDQGwE8yc2RLQEwDYEwOIFAHYFAHQFQH4FgGAFwE%26ae%3D1%26gclid%3DEAIaIQobChMI49SEncSEgQMVUgvgCh1fZw-8EAEYASAAEgI7W_D_BwE%26num%3D1%26cid%3DCAQSTABpAlJWjiLC6cN0y6Af-KVXk8DBkmSzEAbYcieNmu4lAVz1VLLZ_paAOVfDx0eYlW3te2SyfTWQ_evKRIWjp9kxnT6cOhSshvccfd0YAQ%26sig%3DAOD64_122bBQjhloF8WAH1sxuJLyG4pz_w%26client%3Dca-pub-8786690744144524%26dbm_c%3DAKAmf-AkPGdnblfVa1pf-WMKQNTevkJkkmSKb5zoSlmAlDP_EFBTogYZr7_i9wyCySeNExEjTVOGvMML2PzkfNiJ7iQm_ZVUlzKX-_Qx3Itld8uRf03K6biGuAlfwhHPo-ZEztHtBuaCxDr7YcQ5NNToTNGNeLyZz_a_yyg0oLgG-xU5_h63dlI%26cry%3D1%26dbm_d%3DAKAmf-Ba7Nf1xypMkNACg4iFslqxp39940B5s2FxVZqxPrGtiTzMkcH4bZHoS9rMBNiGe8STNo_4gIs6o3KCJDUHCNk5Mj03KFCkxOiLP5sdx-rjhxmmnWa0XfGK9T2hxrxGItuKmKisCHGT0G0-28issGnTET843s_HWr33IsQVUnIlrsvMQn1Dq5lW_SUy6LV9rauNwZ6-pV2de8LNTeHAwtSY3JXV2qouDcl-f5PCRkn-c2XZ9POsjTXeTW0ck3XMFAP-SWXLkpLfFzygZ1Upn61nT6MRdh7rsGVHwACGRmto9RAS7g_oEuA7fourhw282Pl6zCNYi_a5LPbjfGU3oZuBhhHV4GZKSOU1EpckCvjuUPgDlO0ZldZmdxy4_JATYeXqv1isVFI5w89krq-AxDSk49f5HlQd9I-V1x6TiRCvGhpEVFqiBH-El0i-YDtZ-8D-VMte2Kk6molpwRKk6B7MCcVdaXUW0ajGydQyvJgRyFVDWdruwhXXcoKZcioy2xtpKGc9%26adurl%3D
Requested by: Host: 10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com
URL: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.84.244 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.244.84.201.138.clients.your-server.de
Software: Apache /
Resource Hash: 46469113dad716ebe5b0498a909269e3bd7abf7371d536c5c40a4e410711c9b7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

Date: Wed, 30 Aug 2023 13:54:22 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 4146
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8

GET
H/1.1 200
OK g72h7lz2c4az Show response
hal9000.redintelligence.net/zone/ Frame AE73 11 KB
4 KB 215ms
29ms Script
text/html 138.201.84.244
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal9000.redintelligence.net/zone/g72h7lz2c4az?subid=&gdpr=&gdpr_consent=&rnd=1693403660233314&extVar[]=DV360_SSP:1&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DC2MnuDErvZOKeDtKWgAffzr3gC6blvaBphZWcp8kP8C4QASCglrcuYJWK-4GUB8gBCakCAHcZnNREsj6oAwHIA5sEqgTjAU_QIOiduovaRIYoJFrjYlaHkk1svkVqnwRVPdZm9vnDBn5afAqoj9TvECRd6ZvhKHNMDFU9_0kvps690TLSOLGQUoO7BU8Rw8F_s9VgpVDVRT2jBUVN3oyMJwEdzAJY93kFUZ5kJzjM3cZoUU0g5PaLOpOsOC2bIrpjj8hI10SuSdNYW1UQkfoObBc6cZ12viCKTt6buxCYL0o_-oAVpr6TZLkKwvgBG16-45khbA1THj75sWm2TBtRRsBjjXdenXIqrCvfmXt7kqlVf1Y9FidIliWVRGLK_H_oZ-ZZ160vFL4wwATrj_yO9wPgBAOIBe-vlog-kAYBoAZNgAesrfWfA6gH2baxAqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4bqAeaBqgH89EbqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCBYIgOGAEBABGB0yAqoCOgKAQEi9_cE6gAoBmAsByAsBgAwBqg0CREXIDQGwE8yc2RLQEwDYEwOIFAHYFAHQFQH4FgGAFwE%26ae%3D1%26gclid%3DEAIaIQobChMI4tSEncSEgQMVUgvgCh1fZw-8EAEYASAAEgK4nPD_BwE%26num%3D1%26cid%3DCAQSTABpAlJWjiLC6cN0y6Af-KVXk8DBkmSzEAbYcieNmu4lAVz1VLLZ_paAOVfDx0eYlW3te2SyfTWQ_evKRIWjp9kxnT6cOhSshvccfd0YAQ%26sig%3DAOD64_2aPQ6A8rtXgU2LjLNeuU2qlGbUlA%26client%3Dca-pub-8786690744144524%26dbm_c%3DAKAmf-ACkzZPs_lwSsVkeLLR_VsfuTKl2fpjgY0HHCh4ff5PCxqmE4DrKqwwkMoHPNetccjzGaC-lNXhRGfCVCHQ7DXXvCeSRp0xDlvxIgaVFCIv8vDUCVsf6h1blJSqY5rTfxQuNBKd1FaJJOW7bterDLiKkkFd-1DaJ31QQ8eHwvan29zwYvQ%26cry%3D1%26dbm_d%3DAKAmf-AVcMMRXiF-zVlJ66BEhAtH1LwpO0EnXwG6uMnPlP_ZnKK-T9Efc2C91TSfLQ89M5ZFWJ3pSbIrfk4boCPzuRpSi3fX1hPEyaGyrKFyc1ChyGH3vYUvvnuhQtR5NULXQzybRk4dQwZP6xjbjUHszMEP9HHzPOjLjGuOU5N3RKM_Xh8is89vBZ4Iv_j36NN9NARoOjH_JWNHOgJN0N2lhoLebbeIJqnVCPLys2w_aR2iXkc-TxwK2HMhWqc0bCw3booOLwjXcvAyUYMZzQk_JvxHO-cFPRfy8QugTYFwiIIau0kIw7i-JAeYTzW8EmZDGCArfHz3Vah6tXB-8tAse6dVmcXLLze9xD4U_YHpNSlJNbpBJ4oB0fX12ReJ0ySUSdxaRJWJXhMvq7v3jb-iQepQJnu64YqBX1P0tWMCf1nJEchC-cb4Hk1JuKdRRly_4CtbFCs9LSQwXlNUy5AMbPsYPtYqzrHTt3MLc3C1cQS5k6hkP4igHlY8SXFvcIccdISYxRzi%26adurl%3D
Requested by: Host: 10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com
URL: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.84.244 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.244.84.201.138.clients.your-server.de
Software: Apache /
Resource Hash: f29c6b6dbbea8fcc3983d943a2a5959eebe58f730f31660cf1b31b2b88b116c3

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

Date: Wed, 30 Aug 2023 13:54:22 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 4148
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame 9663 22 KB
8 KB 60ms
48ms Document
text/html 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 285756
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 8395
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Sun, 27 Aug 2023 06:31:45 GMT
expires: Mon, 26 Aug 2024 06:31:45 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame 9182 22 KB
8 KB 48ms
46ms Document
text/html 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 285756
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 8395
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Sun, 27 Aug 2023 06:31:45 GMT
expires: Mon, 26 Aug 2024 06:31:45 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame 6950 22 KB
8 KB 46ms
42ms Document
text/html 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 285756
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 8395
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Sun, 27 Aug 2023 06:31:45 GMT
expires: Mon, 26 Aug 2024 06:31:45 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame CD9A 22 KB
8 KB 44ms
38ms Document
text/html 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 285756
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 8395
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Sun, 27 Aug 2023 06:31:45 GMT
expires: Mon, 26 Aug 2024 06:31:45 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame FC68 22 KB
8 KB 61ms
20ms Document
text/html 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 285756
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 8395
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Sun, 27 Aug 2023 06:31:45 GMT
expires: Mon, 26 Aug 2024 06:31:45 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame F0C9 22 KB
8 KB 55ms
20ms Document
text/html 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 285757
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 8395
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Sun, 27 Aug 2023 06:31:45 GMT
expires: Mon, 26 Aug 2024 06:31:45 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame 878B 22 KB
8 KB 57ms
22ms Document
text/html 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 285757
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 8395
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Sun, 27 Aug 2023 06:31:45 GMT
expires: Mon, 26 Aug 2024 06:31:45 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame C11E 22 KB
8 KB 63ms
29ms Document
text/html 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 285757
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 8395
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Sun, 27 Aug 2023 06:31:45 GMT
expires: Mon, 26 Aug 2024 06:31:45 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame A38A 22 KB
8 KB 64ms
36ms Document
text/html 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 285757
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 8395
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Sun, 27 Aug 2023 06:31:45 GMT
expires: Mon, 26 Aug 2024 06:31:45 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame 0CCF 22 KB
8 KB 52ms
35ms Document
text/html 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 285757
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 8395
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Sun, 27 Aug 2023 06:31:45 GMT
expires: Mon, 26 Aug 2024 06:31:45 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame CF00 22 KB
8 KB 52ms
36ms Document
text/html 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 285757
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 8395
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Sun, 27 Aug 2023 06:31:45 GMT
expires: Mon, 26 Aug 2024 06:31:45 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame 6488 22 KB
8 KB 44ms
35ms Document
text/html 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 285757
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 8395
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Sun, 27 Aug 2023 06:31:45 GMT
expires: Mon, 26 Aug 2024 06:31:45 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H/1.1

200
OK

request.php Show response
hal900012.redintelligence.net/ Frame 9E9F
Redirect Chain

https://hal900012.redintelligence.net/request.php?zone=jf2y0amzcvu0&nw=20&renderingType=javascript&namespace=9c910844d3&subid=&uid=5212bf25e8e84852&screenSize=1600x1200&screenSizeAvail=1600x1200&cl...
https://hal900012.redintelligence.net/request.php?zone=jf2y0amzcvu0&nw=20&renderingType=javascript&namespace=9c910844d3&subid=&uid=5212bf25e8e84852&screenSize=1600x1200&screenSizeAvail=1600x1200&cl...

4 KB
2 KB

159ms
101ms

Script
application/x-javascript

94.130.102.164
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal900012.redintelligence.net/request.php?zone=jf2y0amzcvu0&nw=20&renderingType=javascript&namespace=9c910844d3&subid=&uid=5212bf25e8e84852&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=300x600&scrollPos=0x0&extData[]=&extVar[]=DV360_SSP%3A1&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCgEnvDErvZNmeDtKWgAffzr3gC6blvaBpvZicp8kP8C4QASCglrcuYJWK-4GUB8gBCakCAHcZnNREsj6oAwHIA5sEqgThAU_Qj3UX1REfgZDDgNFqLL341ujw02yDXUNLAyYPLA1Y5FXR8ZYL-ayNRQxE3KmsXaSkAmPRR7FyIwm5wMOldWzqGDzq7R7_jjfh5ByAU5TWKOgltfMbrQLdf40-LftMIjDp3UqpBsYUIXUzO0gpe53b4n-S4B1V8jZwgpY2spE9lthtrh_vUdwOfx19ME7i4uvSs3y6kFQ7bnT9JHHjmxPz2F952UKvR37ped2DtgX_JrjuKAu2JcVVdNAjeNXpU6XIwbIbY3WWBsIlYpkyucbNoq_j0Zv7pqrg65UN3JwD4cAE64_8jvcD4AQDiAXvr5aIPpAGAaAGTYAHrK31nwOoB9m2sQKoB47OG6gHk9gbqAfulrECqAf-nrECqAeko7ECqAfVyRuoB6a-G6gHmgaoB_PRG6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggWCIDhgBAQARgdMgKqAjoCgEBIvf3BOoAKAZgLAcgLAYAMAaoNAkRFyA0BsBPMnNkS0BMA2BMDiBQB2BQB0BUB-BYBgBcB%26ae%3D1%26gclid%3DEAIaIQobChMI2dSEncSEgQMVUgvgCh1fZw-8EAEYASAAEgIyDvD_BwE%26num%3D1%26cid%3DCAQSTABpAlJWjiLC6cN0y6Af-KVXk8DBkmSzEAbYcieNmu4lAVz1VLLZ_paAOVfDx0eYlW3te2SyfTWQ_evKRIWjp9kxnT6cOhSshvccfd0YAQ%26sig%3DAOD64_1dSeSYzc5Q-cHiuMow1imZ-mmL5A%26client%3Dca-pub-8786690744144524%26dbm_c%3DAKAmf-BclZsSCanrx5fdkjSVgq8_vXmWk8RVPhkIw0SsDgKATYRVTDKfNfhQJ2daFqzVU2xO-wq14PvzYEaUks7VUZndFXxraA729mtBdXGnX-6YLuRDGmJZO6hiVs4K6tGQ8fdvqCm465err4j6av0KM6-OwdYmqxSfReo8TmbWi3t4Fy5tUtc%26cry%3D1%26dbm_d%3DAKAmf-CX_5CfTTarLSqMLrvPHXtndf2X2KbIDGukP67pzwWdzLDxN8x1tHC5Kg62poyD4-821zFLZP8P4tEmqaVVXDoJQ58IJkhvLZQlf-LzMmdgiSV-d3T8rhmM7sVi0qKhRMl0slw5V9X1AfXdagPQiy5lQEy2Cygt3W10qry1NCdYFSIlzICG_rm7DPV_yIthmGkLBRjDGvmO46MEB-3sMHC3k2JPtER0yf2w7ogysiu5aMd73z3X_JSoQzhPS3VrEEkO1fP08HUKXNwjjHjDSrFFpyjLScKAMGh7BeeZCws8u0IsIxFClCerakQ3IWTLGaq5ZD4zAZQ_mQVLivTYvOibaWaBaermUJQgJTomHjWtFXZyMBR9fyKd05Mi6ZZzCOiQHINssH9_6HRthzUk_hShM-PqqUViCPHXZS0yRYdJxEaIXABXO0TDmRhTccpFPRqxuiMxaXCGKhnE2jKaooJf3o2FyPmxUFx8qyu4LZJfeUAqUUxlTWPFS7ljrVZrNyApdUeH%26adurl%3D&documentReferer=https%3A%2F%2Fepicenter.bg%2F&ancestorOrigins=https%3A%2F%2Fepicenter.bg&random=7418472492515&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0&uidRedirect=1
Requested by: Host: 10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com
URL: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: HTTP/1.1
Server: 94.130.102.164 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.164.102.130.94.clients.your-server.de
Software: Apache /
Resource Hash: ef58847fd85fe56ee6efa22250f8c9d1c6f00688ef1c83cc06c2db2a059cec5e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 30 Aug 2023 13:54:22 GMT
Content-Encoding: gzip
Server: Apache
Vary: Accept-Encoding
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: application/x-javascript; charset=utf-8
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
X-NEORY-SubId: 62711200102690604444978012432012
Connection: close
Content-Length: 1329
Expires: Wed, 30 Aug 2023 14:54:22 +0200

Redirect headers

Pragma: no-cache
Date: Wed, 30 Aug 2023 13:54:22 GMT
Server: Apache
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Location: request.php?zone=jf2y0amzcvu0&nw=20&renderingType=javascript&namespace=9c910844d3&subid=&uid=5212bf25e8e84852&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=300x600&scrollPos=0x0&extData[]=&extVar[]=DV360_SSP%3A1&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCgEnvDErvZNmeDtKWgAffzr3gC6blvaBpvZicp8kP8C4QASCglrcuYJWK-4GUB8gBCakCAHcZnNREsj6oAwHIA5sEqgThAU_Qj3UX1REfgZDDgNFqLL341ujw02yDXUNLAyYPLA1Y5FXR8ZYL-ayNRQxE3KmsXaSkAmPRR7FyIwm5wMOldWzqGDzq7R7_jjfh5ByAU5TWKOgltfMbrQLdf40-LftMIjDp3UqpBsYUIXUzO0gpe53b4n-S4B1V8jZwgpY2spE9lthtrh_vUdwOfx19ME7i4uvSs3y6kFQ7bnT9JHHjmxPz2F952UKvR37ped2DtgX_JrjuKAu2JcVVdNAjeNXpU6XIwbIbY3WWBsIlYpkyucbNoq_j0Zv7pqrg65UN3JwD4cAE64_8jvcD4AQDiAXvr5aIPpAGAaAGTYAHrK31nwOoB9m2sQKoB47OG6gHk9gbqAfulrECqAf-nrECqAeko7ECqAfVyRuoB6a-G6gHmgaoB_PRG6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggWCIDhgBAQARgdMgKqAjoCgEBIvf3BOoAKAZgLAcgLAYAMAaoNAkRFyA0BsBPMnNkS0BMA2BMDiBQB2BQB0BUB-BYBgBcB%26ae%3D1%26gclid%3DEAIaIQobChMI2dSEncSEgQMVUgvgCh1fZw-8EAEYASAAEgIyDvD_BwE%26num%3D1%26cid%3DCAQSTABpAlJWjiLC6cN0y6Af-KVXk8DBkmSzEAbYcieNmu4lAVz1VLLZ_paAOVfDx0eYlW3te2SyfTWQ_evKRIWjp9kxnT6cOhSshvccfd0YAQ%26sig%3DAOD64_1dSeSYzc5Q-cHiuMow1imZ-mmL5A%26client%3Dca-pub-8786690744144524%26dbm_c%3DAKAmf-BclZsSCanrx5fdkjSVgq8_vXmWk8RVPhkIw0SsDgKATYRVTDKfNfhQJ2daFqzVU2xO-wq14PvzYEaUks7VUZndFXxraA729mtBdXGnX-6YLuRDGmJZO6hiVs4K6tGQ8fdvqCm465err4j6av0KM6-OwdYmqxSfReo8TmbWi3t4Fy5tUtc%26cry%3D1%26dbm_d%3DAKAmf-CX_5CfTTarLSqMLrvPHXtndf2X2KbIDGukP67pzwWdzLDxN8x1tHC5Kg62poyD4-821zFLZP8P4tEmqaVVXDoJQ58IJkhvLZQlf-LzMmdgiSV-d3T8rhmM7sVi0qKhRMl0slw5V9X1AfXdagPQiy5lQEy2Cygt3W10qry1NCdYFSIlzICG_rm7DPV_yIthmGkLBRjDGvmO46MEB-3sMHC3k2JPtER0yf2w7ogysiu5aMd73z3X_JSoQzhPS3VrEEkO1fP08HUKXNwjjHjDSrFFpyjLScKAMGh7BeeZCws8u0IsIxFClCerakQ3IWTLGaq5ZD4zAZQ_mQVLivTYvOibaWaBaermUJQgJTomHjWtFXZyMBR9fyKd05Mi6ZZzCOiQHINssH9_6HRthzUk_hShM-PqqUViCPHXZS0yRYdJxEaIXABXO0TDmRhTccpFPRqxuiMxaXCGKhnE2jKaooJf3o2FyPmxUFx8qyu4LZJfeUAqUUxlTWPFS7ljrVZrNyApdUeH%26adurl%3D&documentReferer=https%3A%2F%2Fepicenter.bg%2F&ancestorOrigins=https%3A%2F%2Fepicenter.bg&random=7418472492515&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0&uidRedirect=1
Content-Type: text/html; charset=UTF-8
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Connection: close
Content-Length: 0
Expires: Wed, 30 Aug 2023 14:54:22 +0200

GET
H/1.1

200
OK

request.php Show response
hal900018.redintelligence.net/ Frame 22A0
Redirect Chain

https://hal900018.redintelligence.net/request.php?zone=g72h7lz2c4az&nw=20&renderingType=javascript&namespace=e0dcb1bc8c&subid=&uid=090456174a56a46e&screenSize=1600x1200&screenSizeAvail=1600x1200&cl...
https://hal900018.redintelligence.net/request.php?zone=g72h7lz2c4az&nw=20&renderingType=javascript&namespace=e0dcb1bc8c&subid=&uid=090456174a56a46e&screenSize=1600x1200&screenSizeAvail=1600x1200&cl...

4 KB
2 KB

166ms
114ms

Script
application/x-javascript

144.76.91.199
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal900018.redintelligence.net/request.php?zone=g72h7lz2c4az&nw=20&renderingType=javascript&namespace=e0dcb1bc8c&subid=&uid=090456174a56a46e&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=728x90&scrollPos=0x0&extData[]=&extVar[]=DV360_SSP%3A1&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCjZb9DErvZNyeDtKWgAffzr3gC6blvaBphZWcp8kP8C4QASCglrcuYJWK-4GUB8gBCakCAHcZnNREsj6oAwHIA5sEqgTjAU_Qmh9bBCPyIP8kWY36IsJzdewCN-EYWcgx_HxmMB1woY3EmRZAY5CY40WXUEF8xlCfYMalKGgnKu4sPXnDjQ6r6XxuuJyavuBCoSrAx5CrbcmgeYU91XDgYo4PR5sOSKlFu1MxiiBpnA33lIqP0nwd2C4LhaK436DHlTyzEEViS66ou-hV-c39SWDEqUWb27ORQJX_Z1PWyQb4dXSwZOw9cEGmW0jfSrkhtBjDfiTZzC3NhcoExics2aFJ1C7QVJ-zOzqsiAPUl_cIF0aATWasLWh0QUHSSV9z3HlptfqpU8oUwATrj_yO9wPgBAOIBe-vlog-kAYBoAZNgAesrfWfA6gH2baxAqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4bqAeaBqgH89EbqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCBYIgOGAEBABGB0yAqoCOgKAQEi9_cE6gAoBmAsByAsBgAwBqg0CREXIDQGwE8yc2RLQEwDYEwOIFAHYFAHQFQH4FgGAFwE%26ae%3D1%26gclid%3DEAIaIQobChMI3NSEncSEgQMVUgvgCh1fZw-8EAEYASAAEgJAhPD_BwE%26num%3D1%26cid%3DCAQSTABpAlJWjiLC6cN0y6Af-KVXk8DBkmSzEAbYcieNmu4lAVz1VLLZ_paAOVfDx0eYlW3te2SyfTWQ_evKRIWjp9kxnT6cOhSshvccfd0YAQ%26sig%3DAOD64_0Xub5oH70KO5PqjfX9bs3B1gutFw%26client%3Dca-pub-8786690744144524%26dbm_c%3DAKAmf-D0CJZisbT7xp7HGBdetBoHZk8aPsd0qPwixy1U51oT0Ywdc7u5sgLuiZCNBiWf94knWWkvSCvswjD-nlSFORD5xAKHrqtco-7U6ca4f3TeXj1tbP2mRd7lbymhHqFYeU5iCoiSefDSpC5EoRGrdvzlVtuboEEb5i4gPb9YSk8hzdfCBds%26cry%3D1%26dbm_d%3DAKAmf-Bw-qs-vM048qcIQNoFt5DPA9BX0ISU4h050Bju4hHRjnWU8HmBD1d1TEVsxi96CzXV6nO1t9HoQnG_vVP42WgxdJEoCNu_mZMdabFZdVva4C1tLZxmgL-74qb98amI7WKSVkSfHp--s4am7h484qbDupoq8jISMA8gbO_2C5hhyEOtD1S78jmYN62Rje0LG67gbKI2oMaoUQzeT7pGlJHBjQ5t2ubOEzI4lswyPQb9vqGAobaqdCfd1_zdxh92v3i_F6mLgf9j1ZqKzlHoKEQT9YbOtJNUm9FOFGFVbEl1C6E32e1RaAamQp8bSu_RFS_IXk3_qUW5MzL47wRe6ssJL7Gw7OOk6G4HfrDOuyxNP6Qpf79jbxEU9xtMqqivlMgQtUiv3VK5Vsr2nqvKK6-UvxzuBTrave-06mScbDD-UXWFSQYvPVsw-wsyiH90lMdB120aGcoSWOfKQQ3r3tLeAAQCLZzehgjEVWl18ojZ53fbV6xX0FOiSJD21hJ1XsyOFIqi%26adurl%3D&documentReferer=https%3A%2F%2Fepicenter.bg%2F&ancestorOrigins=https%3A%2F%2Fepicenter.bg&random=6696828773976&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0&uidRedirect=1
Requested by: Host: 10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com
URL: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: HTTP/1.1
Server: 144.76.91.199 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.199.91.76.144.clients.your-server.de
Software: Apache /
Resource Hash: 3ac12cf0b189c32a43be98b17088c98faea53bea40d2d2a08d025aa0a1b8df84

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 30 Aug 2023 13:54:22 GMT
Content-Encoding: gzip
Server: Apache
Vary: Accept-Encoding
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: application/x-javascript; charset=utf-8
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
X-NEORY-SubId: 95833400106828604444550012432018
Connection: close
Content-Length: 1325
Expires: Wed, 30 Aug 2023 14:54:22 +0200

Redirect headers

Pragma: no-cache
Date: Wed, 30 Aug 2023 13:54:22 GMT
Server: Apache
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Location: request.php?zone=g72h7lz2c4az&nw=20&renderingType=javascript&namespace=e0dcb1bc8c&subid=&uid=090456174a56a46e&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=728x90&scrollPos=0x0&extData[]=&extVar[]=DV360_SSP%3A1&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCjZb9DErvZNyeDtKWgAffzr3gC6blvaBphZWcp8kP8C4QASCglrcuYJWK-4GUB8gBCakCAHcZnNREsj6oAwHIA5sEqgTjAU_Qmh9bBCPyIP8kWY36IsJzdewCN-EYWcgx_HxmMB1woY3EmRZAY5CY40WXUEF8xlCfYMalKGgnKu4sPXnDjQ6r6XxuuJyavuBCoSrAx5CrbcmgeYU91XDgYo4PR5sOSKlFu1MxiiBpnA33lIqP0nwd2C4LhaK436DHlTyzEEViS66ou-hV-c39SWDEqUWb27ORQJX_Z1PWyQb4dXSwZOw9cEGmW0jfSrkhtBjDfiTZzC3NhcoExics2aFJ1C7QVJ-zOzqsiAPUl_cIF0aATWasLWh0QUHSSV9z3HlptfqpU8oUwATrj_yO9wPgBAOIBe-vlog-kAYBoAZNgAesrfWfA6gH2baxAqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4bqAeaBqgH89EbqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCBYIgOGAEBABGB0yAqoCOgKAQEi9_cE6gAoBmAsByAsBgAwBqg0CREXIDQGwE8yc2RLQEwDYEwOIFAHYFAHQFQH4FgGAFwE%26ae%3D1%26gclid%3DEAIaIQobChMI3NSEncSEgQMVUgvgCh1fZw-8EAEYASAAEgJAhPD_BwE%26num%3D1%26cid%3DCAQSTABpAlJWjiLC6cN0y6Af-KVXk8DBkmSzEAbYcieNmu4lAVz1VLLZ_paAOVfDx0eYlW3te2SyfTWQ_evKRIWjp9kxnT6cOhSshvccfd0YAQ%26sig%3DAOD64_0Xub5oH70KO5PqjfX9bs3B1gutFw%26client%3Dca-pub-8786690744144524%26dbm_c%3DAKAmf-D0CJZisbT7xp7HGBdetBoHZk8aPsd0qPwixy1U51oT0Ywdc7u5sgLuiZCNBiWf94knWWkvSCvswjD-nlSFORD5xAKHrqtco-7U6ca4f3TeXj1tbP2mRd7lbymhHqFYeU5iCoiSefDSpC5EoRGrdvzlVtuboEEb5i4gPb9YSk8hzdfCBds%26cry%3D1%26dbm_d%3DAKAmf-Bw-qs-vM048qcIQNoFt5DPA9BX0ISU4h050Bju4hHRjnWU8HmBD1d1TEVsxi96CzXV6nO1t9HoQnG_vVP42WgxdJEoCNu_mZMdabFZdVva4C1tLZxmgL-74qb98amI7WKSVkSfHp--s4am7h484qbDupoq8jISMA8gbO_2C5hhyEOtD1S78jmYN62Rje0LG67gbKI2oMaoUQzeT7pGlJHBjQ5t2ubOEzI4lswyPQb9vqGAobaqdCfd1_zdxh92v3i_F6mLgf9j1ZqKzlHoKEQT9YbOtJNUm9FOFGFVbEl1C6E32e1RaAamQp8bSu_RFS_IXk3_qUW5MzL47wRe6ssJL7Gw7OOk6G4HfrDOuyxNP6Qpf79jbxEU9xtMqqivlMgQtUiv3VK5Vsr2nqvKK6-UvxzuBTrave-06mScbDD-UXWFSQYvPVsw-wsyiH90lMdB120aGcoSWOfKQQ3r3tLeAAQCLZzehgjEVWl18ojZ53fbV6xX0FOiSJD21hJ1XsyOFIqi%26adurl%3D&documentReferer=https%3A%2F%2Fepicenter.bg%2F&ancestorOrigins=https%3A%2F%2Fepicenter.bg&random=6696828773976&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0&uidRedirect=1
Content-Type: text/html; charset=UTF-8
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Connection: close
Content-Length: 0
Expires: Wed, 30 Aug 2023 14:54:22 +0200

GET
H/1.1

200
OK

request.php Show response
hal900010.redintelligence.net/ Frame BD87
Redirect Chain

https://hal900010.redintelligence.net/request.php?zone=g72h7lz2c4az&nw=20&renderingType=javascript&namespace=d35d966b62&subid=&uid=f187d17bbc334c70&screenSize=1600x1200&screenSizeAvail=1600x1200&cl...
https://hal900010.redintelligence.net/request.php?zone=g72h7lz2c4az&nw=20&renderingType=javascript&namespace=d35d966b62&subid=&uid=f187d17bbc334c70&screenSize=1600x1200&screenSizeAvail=1600x1200&cl...

4 KB
2 KB

187ms
133ms

Script
application/x-javascript

138.201.63.145
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal900010.redintelligence.net/request.php?zone=g72h7lz2c4az&nw=20&renderingType=javascript&namespace=d35d966b62&subid=&uid=f187d17bbc334c70&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=728x90&scrollPos=0x0&extData[]=&extVar[]=DV360_SSP%3A1&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCPsDODErvZNueDtKWgAffzr3gC6blvaBphZWcp8kP8C4QASCglrcuYJWK-4GUB8gBCakCAHcZnNREsj6oAwHIA5sEqgTjAU_QvOms8IisSeCve-__4gSEnvAzlgesxogxBpHvMhCA8_sJQlycGZVc0MuXlykKSkNnEw1gyY--F2zuL7-mmOJJeCPYjPLs_J_ujPukxD20KrgWcGs8c_pB2vfzLKcTdnccgiHPYTg4Tjt-s8VcEg8W3fo4n9JuF9QzcAQmBj1rep_j03KnpELJq2GFNv6tYw0Hcf3-8XTXeaUZ7GEgRmQ1XD5V48lw-F6CvEdYUXi-rqQX83kqsd5dv0GSd4X5CFkGyFvY2NBxRKHCz2sjurWh73aSkVTRg1JUHaU04x5BuIYqwATrj_yO9wPgBAOIBe-vlog-kAYBoAZNgAesrfWfA6gH2baxAqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4bqAeaBqgH89EbqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCBYIgOGAEBABGB0yAqoCOgKAQEi9_cE6gAoBmAsByAsBgAwBqg0CREXIDQGwE8yc2RLQEwDYEwOIFAHYFAHQFQH4FgGAFwE%26ae%3D1%26gclid%3DEAIaIQobChMI29SEncSEgQMVUgvgCh1fZw-8EAEYASAAEgKZavD_BwE%26num%3D1%26cid%3DCAQSTABpAlJWjiLC6cN0y6Af-KVXk8DBkmSzEAbYcieNmu4lAVz1VLLZ_paAOVfDx0eYlW3te2SyfTWQ_evKRIWjp9kxnT6cOhSshvccfd0YAQ%26sig%3DAOD64_31UEvVHYKrXrBo5mT4EbNlyduduQ%26client%3Dca-pub-8786690744144524%26dbm_c%3DAKAmf-Czolb8RHcrCnoHqUEYCU2p3iPn8sy75wqVFhF-SNutxQ6dAjQjGrrOALFNV75dLhBskM2nxMR5zpcCdIU1XblvKisZo4mxN0G8rH_v05vymgmE3RMMHZEelbzoZlag4fsum0lVXhTT1GdL3BoPgaQwEnFPxMOh3qpuxpMYgZTAdMh0QgA%26cry%3D1%26dbm_d%3DAKAmf-CS0gdS9VSlOB3rHFSA0iitUBBx24gRHAEl0rWEjz6fLlQL90uZf-8YPeOKcD070KVIh9NAB7bweNDO7FgcYksvES5xFZ1Up8D55xZ_hXZqYeqDG6wDzYeByWDef3b96cPz0cuPiC2MUOenGmEOHuLknMxV_d1xDpqJ47Y2pJwNl_zPDrzW54wSFm9NRRfMcTGToKOWYJuJgpynKyHXtJyfy642xfw4M6XGYqkrU-jiobi8bQT_WORSdl7FqmkAom0itQheC7zuqvQjzQDJibJAxFHxdsmKFwRev0mWvrsspj41vEJ2RXm4a8KApvCVUiiKt2gmXjDAm448q-vA6WUuR-lNRKMgnAJi5Sk0TNta0CJ9bTCCi7CVUT0aw9ZH8-ea0mPSX_06-pm3TyIlD889LGu0TzSHsi4OWwfNciVlse9HmPJ8QFL--0A7lzZ6p-mzGmNdEdLtrPUTyxlzJGEzsAJBjw4vSkz1HEBzh_p9B4MpamdjueVsAmOTMiFHtHtEnwVR%26adurl%3D&documentReferer=https%3A%2F%2Fepicenter.bg%2F&ancestorOrigins=https%3A%2F%2Fepicenter.bg&random=2926690851918&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0&uidRedirect=1
Requested by: Host: 10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com
URL: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: HTTP/1.1
Server: 138.201.63.145 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.145.63.201.138.clients.your-server.de
Software: Apache /
Resource Hash: 371064d578ab360cede3dc307168fcb45dcbd5460938eb683963c6c945ba03ce

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 30 Aug 2023 13:54:22 GMT
Content-Encoding: gzip
Server: Apache
Vary: Accept-Encoding
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: application/x-javascript; charset=utf-8
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
X-NEORY-SubId: 25812900085264604444550012432010
Connection: close
Content-Length: 1326
Expires: Wed, 30 Aug 2023 14:54:22 +0200

Redirect headers

Pragma: no-cache
Date: Wed, 30 Aug 2023 13:54:22 GMT
Server: Apache
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Location: request.php?zone=g72h7lz2c4az&nw=20&renderingType=javascript&namespace=d35d966b62&subid=&uid=f187d17bbc334c70&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=728x90&scrollPos=0x0&extData[]=&extVar[]=DV360_SSP%3A1&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCPsDODErvZNueDtKWgAffzr3gC6blvaBphZWcp8kP8C4QASCglrcuYJWK-4GUB8gBCakCAHcZnNREsj6oAwHIA5sEqgTjAU_QvOms8IisSeCve-__4gSEnvAzlgesxogxBpHvMhCA8_sJQlycGZVc0MuXlykKSkNnEw1gyY--F2zuL7-mmOJJeCPYjPLs_J_ujPukxD20KrgWcGs8c_pB2vfzLKcTdnccgiHPYTg4Tjt-s8VcEg8W3fo4n9JuF9QzcAQmBj1rep_j03KnpELJq2GFNv6tYw0Hcf3-8XTXeaUZ7GEgRmQ1XD5V48lw-F6CvEdYUXi-rqQX83kqsd5dv0GSd4X5CFkGyFvY2NBxRKHCz2sjurWh73aSkVTRg1JUHaU04x5BuIYqwATrj_yO9wPgBAOIBe-vlog-kAYBoAZNgAesrfWfA6gH2baxAqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4bqAeaBqgH89EbqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCBYIgOGAEBABGB0yAqoCOgKAQEi9_cE6gAoBmAsByAsBgAwBqg0CREXIDQGwE8yc2RLQEwDYEwOIFAHYFAHQFQH4FgGAFwE%26ae%3D1%26gclid%3DEAIaIQobChMI29SEncSEgQMVUgvgCh1fZw-8EAEYASAAEgKZavD_BwE%26num%3D1%26cid%3DCAQSTABpAlJWjiLC6cN0y6Af-KVXk8DBkmSzEAbYcieNmu4lAVz1VLLZ_paAOVfDx0eYlW3te2SyfTWQ_evKRIWjp9kxnT6cOhSshvccfd0YAQ%26sig%3DAOD64_31UEvVHYKrXrBo5mT4EbNlyduduQ%26client%3Dca-pub-8786690744144524%26dbm_c%3DAKAmf-Czolb8RHcrCnoHqUEYCU2p3iPn8sy75wqVFhF-SNutxQ6dAjQjGrrOALFNV75dLhBskM2nxMR5zpcCdIU1XblvKisZo4mxN0G8rH_v05vymgmE3RMMHZEelbzoZlag4fsum0lVXhTT1GdL3BoPgaQwEnFPxMOh3qpuxpMYgZTAdMh0QgA%26cry%3D1%26dbm_d%3DAKAmf-CS0gdS9VSlOB3rHFSA0iitUBBx24gRHAEl0rWEjz6fLlQL90uZf-8YPeOKcD070KVIh9NAB7bweNDO7FgcYksvES5xFZ1Up8D55xZ_hXZqYeqDG6wDzYeByWDef3b96cPz0cuPiC2MUOenGmEOHuLknMxV_d1xDpqJ47Y2pJwNl_zPDrzW54wSFm9NRRfMcTGToKOWYJuJgpynKyHXtJyfy642xfw4M6XGYqkrU-jiobi8bQT_WORSdl7FqmkAom0itQheC7zuqvQjzQDJibJAxFHxdsmKFwRev0mWvrsspj41vEJ2RXm4a8KApvCVUiiKt2gmXjDAm448q-vA6WUuR-lNRKMgnAJi5Sk0TNta0CJ9bTCCi7CVUT0aw9ZH8-ea0mPSX_06-pm3TyIlD889LGu0TzSHsi4OWwfNciVlse9HmPJ8QFL--0A7lzZ6p-mzGmNdEdLtrPUTyxlzJGEzsAJBjw4vSkz1HEBzh_p9B4MpamdjueVsAmOTMiFHtHtEnwVR%26adurl%3D&documentReferer=https%3A%2F%2Fepicenter.bg%2F&ancestorOrigins=https%3A%2F%2Fepicenter.bg&random=2926690851918&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0&uidRedirect=1
Content-Type: text/html; charset=UTF-8
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Connection: close
Content-Length: 0
Expires: Wed, 30 Aug 2023 14:54:22 +0200

GET
H/1.1

200
OK

request.php Show response
hal900017.redintelligence.net/ Frame 1425
Redirect Chain

https://hal900017.redintelligence.net/request.php?zone=g72h7lz2c4az&nw=20&renderingType=javascript&namespace=03e92d79e8&subid=&uid=5803dbedce46688e&screenSize=1600x1200&screenSizeAvail=1600x1200&cl...
https://hal900017.redintelligence.net/request.php?zone=g72h7lz2c4az&nw=20&renderingType=javascript&namespace=03e92d79e8&subid=&uid=5803dbedce46688e&screenSize=1600x1200&screenSizeAvail=1600x1200&cl...

4 KB
2 KB

150ms
97ms

Script
application/x-javascript

159.69.70.9
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal900017.redintelligence.net/request.php?zone=g72h7lz2c4az&nw=20&renderingType=javascript&namespace=03e92d79e8&subid=&uid=5803dbedce46688e&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=728x90&scrollPos=0x0&extData[]=&extVar[]=DV360_SSP%3A1&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCqkRbDErvZOCeDtKWgAffzr3gC6blvaBphZWcp8kP8C4QASCglrcuYJWK-4GUB8gBCakCAHcZnNREsj6oAwHIA5sEqgTjAU_QwNxbqvHJyv9nknu14ztYQEuwKKSApdTG4bn-FZNkuiMEzo4mZTKVS0vC8rwhmEnXIoT0zkMo_5fSgt8QzpHLmbnHKI0MYx5tD7e2vpAIwS7t62--3av-KOLJTGNRuhvEoZ3Hu-LOgjh5GSarwWC6Yijfc7qm3lEU386FWCDKk00Y-GDMcu67SqORC6Y2fN6W9SfdItki-pPq_sU4Xi_DUZ45MVLmpWhyg7zs73ikDtUgppDVGXUGJz9MJV-ELjn0UXcNLOtsf3Cn07icXhguqF-5uwCWUE-eyOrXkEn5-j6xwATrj_yO9wPgBAOIBe-vlog-kAYBoAZNgAesrfWfA6gH2baxAqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4bqAeaBqgH89EbqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCBYIgOGAEBABGB0yAqoCOgKAQEi9_cE6gAoBmAsByAsBgAwBqg0CREXIDQGwE8yc2RLQEwDYEwOIFAHYFAHQFQH4FgGAFwE%26ae%3D1%26gclid%3DEAIaIQobChMI4NSEncSEgQMVUgvgCh1fZw-8EAEYASAAEgJ51vD_BwE%26num%3D1%26cid%3DCAQSTABpAlJWjiLC6cN0y6Af-KVXk8DBkmSzEAbYcieNmu4lAVz1VLLZ_paAOVfDx0eYlW3te2SyfTWQ_evKRIWjp9kxnT6cOhSshvccfd0YAQ%26sig%3DAOD64_2TP0CDPJ9UTCEyFdHT8KKcf61GBQ%26client%3Dca-pub-8786690744144524%26dbm_c%3DAKAmf-DsQ_EVf7mlm6e04YSFM4booo0DBvDCJ2MtbIoGBlZZjrcKjdEuJ9QdBAM4mriUi0BM1btTwh6ejCXjTzSVyHl4MSqEA1QwxPiL6EbzRaOpI2GoLeJ3oU5IFLQrt2qfEvVg_kaenLvJGgFO1XoRFcrwjzzMpNgb21LTTcNeNlFNILb4pp4%26cry%3D1%26dbm_d%3DAKAmf-BGdpAi27nxU2ohuIDehv-F_ARBz8CepSQDdaJg5w8e5VBNUvO2Wk7GbSXRdRAxqdqGhH9EtwSNkw9alkhfCk7q_owm3lRMKduEKK1DThQMVj1dd1x5aXLFq2J3__AW_OjZOpmQAVm3YNr2kwMj7ROqG62ll0lqkTj1VVxMW4-Yp2d3JH2NA7se1N5t8KuPn0E37k4mnIwX6wYLnghtQQH1eIhyvopSvRPiLeXze9I5WO4tsihtOOB5ySc08shZUs-vzeT5ntOFl8NdvqYwB1_s1hHDfLzAmvzrzrK-A-26mIgu0g4L1u516S3o64GRTpZrQK-8IpdWEra0Zq5V9rM3UMBsc_wyW0hMTDCOuSfb6pRiYALOkMtVsZpWNsSYod6VTmAru53V7Z5OhpnOO5I9-52DE2j0SGvBVmrxwDQlvE9T86lr1HZ9ANyD6cRZ6IJlCJt0mbGfTCygDiEVm62EQKSP8pfWEs3hzaHWOywm_TRc1OvE5r4bGSgFGw717r8gy86o%26adurl%3D&documentReferer=https%3A%2F%2Fepicenter.bg%2F&ancestorOrigins=https%3A%2F%2Fepicenter.bg&random=6486257054918&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0&uidRedirect=1
Requested by: Host: 10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com
URL: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: HTTP/1.1
Server: 159.69.70.9 Nuremberg, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.9.70.69.159.clients.your-server.de
Software: Apache /
Resource Hash: 2c3afca047713f38486016bb526bde4b25173b88df824a3cd7d7237aeda79e9d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 30 Aug 2023 13:54:22 GMT
Content-Encoding: gzip
Server: Apache
Vary: Accept-Encoding
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: application/x-javascript; charset=utf-8
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
X-NEORY-SubId: 79536100085385804444550012432017
Connection: close
Content-Length: 1331
Expires: Wed, 30 Aug 2023 14:54:22 +0200

Redirect headers

Pragma: no-cache
Date: Wed, 30 Aug 2023 13:54:22 GMT
Server: Apache
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Location: request.php?zone=g72h7lz2c4az&nw=20&renderingType=javascript&namespace=03e92d79e8&subid=&uid=5803dbedce46688e&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=728x90&scrollPos=0x0&extData[]=&extVar[]=DV360_SSP%3A1&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCqkRbDErvZOCeDtKWgAffzr3gC6blvaBphZWcp8kP8C4QASCglrcuYJWK-4GUB8gBCakCAHcZnNREsj6oAwHIA5sEqgTjAU_QwNxbqvHJyv9nknu14ztYQEuwKKSApdTG4bn-FZNkuiMEzo4mZTKVS0vC8rwhmEnXIoT0zkMo_5fSgt8QzpHLmbnHKI0MYx5tD7e2vpAIwS7t62--3av-KOLJTGNRuhvEoZ3Hu-LOgjh5GSarwWC6Yijfc7qm3lEU386FWCDKk00Y-GDMcu67SqORC6Y2fN6W9SfdItki-pPq_sU4Xi_DUZ45MVLmpWhyg7zs73ikDtUgppDVGXUGJz9MJV-ELjn0UXcNLOtsf3Cn07icXhguqF-5uwCWUE-eyOrXkEn5-j6xwATrj_yO9wPgBAOIBe-vlog-kAYBoAZNgAesrfWfA6gH2baxAqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4bqAeaBqgH89EbqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCBYIgOGAEBABGB0yAqoCOgKAQEi9_cE6gAoBmAsByAsBgAwBqg0CREXIDQGwE8yc2RLQEwDYEwOIFAHYFAHQFQH4FgGAFwE%26ae%3D1%26gclid%3DEAIaIQobChMI4NSEncSEgQMVUgvgCh1fZw-8EAEYASAAEgJ51vD_BwE%26num%3D1%26cid%3DCAQSTABpAlJWjiLC6cN0y6Af-KVXk8DBkmSzEAbYcieNmu4lAVz1VLLZ_paAOVfDx0eYlW3te2SyfTWQ_evKRIWjp9kxnT6cOhSshvccfd0YAQ%26sig%3DAOD64_2TP0CDPJ9UTCEyFdHT8KKcf61GBQ%26client%3Dca-pub-8786690744144524%26dbm_c%3DAKAmf-DsQ_EVf7mlm6e04YSFM4booo0DBvDCJ2MtbIoGBlZZjrcKjdEuJ9QdBAM4mriUi0BM1btTwh6ejCXjTzSVyHl4MSqEA1QwxPiL6EbzRaOpI2GoLeJ3oU5IFLQrt2qfEvVg_kaenLvJGgFO1XoRFcrwjzzMpNgb21LTTcNeNlFNILb4pp4%26cry%3D1%26dbm_d%3DAKAmf-BGdpAi27nxU2ohuIDehv-F_ARBz8CepSQDdaJg5w8e5VBNUvO2Wk7GbSXRdRAxqdqGhH9EtwSNkw9alkhfCk7q_owm3lRMKduEKK1DThQMVj1dd1x5aXLFq2J3__AW_OjZOpmQAVm3YNr2kwMj7ROqG62ll0lqkTj1VVxMW4-Yp2d3JH2NA7se1N5t8KuPn0E37k4mnIwX6wYLnghtQQH1eIhyvopSvRPiLeXze9I5WO4tsihtOOB5ySc08shZUs-vzeT5ntOFl8NdvqYwB1_s1hHDfLzAmvzrzrK-A-26mIgu0g4L1u516S3o64GRTpZrQK-8IpdWEra0Zq5V9rM3UMBsc_wyW0hMTDCOuSfb6pRiYALOkMtVsZpWNsSYod6VTmAru53V7Z5OhpnOO5I9-52DE2j0SGvBVmrxwDQlvE9T86lr1HZ9ANyD6cRZ6IJlCJt0mbGfTCygDiEVm62EQKSP8pfWEs3hzaHWOywm_TRc1OvE5r4bGSgFGw717r8gy86o%26adurl%3D&documentReferer=https%3A%2F%2Fepicenter.bg%2F&ancestorOrigins=https%3A%2F%2Fepicenter.bg&random=6486257054918&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0&uidRedirect=1
Content-Type: text/html; charset=UTF-8
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Connection: close
Content-Length: 0
Expires: Wed, 30 Aug 2023 14:54:22 +0200

GET
H/1.1

200
OK

request.php Show response
hal90007.redintelligence.net/ Frame 2F46
Redirect Chain

https://hal90007.redintelligence.net/request.php?zone=iju9wczm8trb&nw=20&renderingType=javascript&namespace=f305f2f53d&subid=&uid=be685c864a12fd7a&screenSize=1600x1200&screenSizeAvail=1600x1200&cli...
https://hal90007.redintelligence.net/request.php?zone=iju9wczm8trb&nw=20&renderingType=javascript&namespace=f305f2f53d&subid=&uid=be685c864a12fd7a&screenSize=1600x1200&screenSizeAvail=1600x1200&cli...

4 KB
2 KB

149ms
96ms

Script
application/x-javascript

138.201.63.157
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal90007.redintelligence.net/request.php?zone=iju9wczm8trb&nw=20&renderingType=javascript&namespace=f305f2f53d&subid=&uid=be685c864a12fd7a&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=300x250&scrollPos=0x0&extData[]=&extVar[]=DV360_SSP%3A1&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCezr4DErvZNqeDtKWgAffzr3gC6blvaBprZWcp8kP8C4QASCglrcuYJWK-4GUB8gBCakCAHcZnNREsj6oAwHIA5sEqgTnAU_QkdHp1M4c3fOvzHQQySPbZbmSXNxwXrdpdDOz5YVQtUzjYUXDkbZA1i200ETqESmDYeSK_ldmk0CqNtBuruOulPwXpOS8tJxqkryJ8bC1Lz0NSo1d5rEMamLR72EL7M6M3_cy_1E5OzHLM-AO4F13MXV9YmZkFIsx37yMmAq4xCsx4gbIMDA2Epf1r13SzVk2TeD-w4Id4Y7I0o7GClRFS579R6n9R0LVMckpdpjjEGnD6XvJ4s1_vTvAp1ASLuaf-_x418bFvDLZR4DVV8RLbc11qgpbyeJnPiH4R2IXl-2EBGWtkcAE64_8jvcD4AQDiAXvr5aIPpAGAaAGTYAHrK31nwOoB9m2sQKoB47OG6gHk9gbqAfulrECqAf-nrECqAeko7ECqAfVyRuoB6a-G6gHmgaoB_PRG6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggWCIDhgBAQARgdMgKqAjoCgEBIvf3BOoAKAZgLAcgLAYAMAaoNAkRFyA0BsBPMnNkS0BMA2BMDiBQB2BQB0BUB-BYBgBcB%26ae%3D1%26gclid%3DEAIaIQobChMI2tSEncSEgQMVUgvgCh1fZw-8EAEYASAAEgLFRfD_BwE%26num%3D1%26cid%3DCAQSTABpAlJWjiLC6cN0y6Af-KVXk8DBkmSzEAbYcieNmu4lAVz1VLLZ_paAOVfDx0eYlW3te2SyfTWQ_evKRIWjp9kxnT6cOhSshvccfd0YAQ%26sig%3DAOD64_0lQRz0i9QvMW_r9FBdk8WuhiBsNg%26client%3Dca-pub-8786690744144524%26dbm_c%3DAKAmf-CtgoUckJmMNe_KcBhilP0I-HI-wa91kV92X7ndm6ONanqWd2Sf7-z-3wiF2HaBOWYyZl1jhBL40--2JMarzLKbbTpeiS2KzjmeN6cTi6IZzFU36uAol8u5Vu9L3ZtxRNzuu0T9H2zhfnGvw-0WFGnp-xk-I5TouUUz8ZhmZqlvnaNbMvg%26cry%3D1%26dbm_d%3DAKAmf-C8CwT9EclNpTA712891HeasXNIBNzPgeJCL17I6X1Wz3UYwJQ5e7C6R3hE5Ykd_QNn6MNM4BLc0ArvYxZUVVwk6S-t-ixp1hXrDOIDTXAaA4e1gfeqSf7_ztxBrB-0_BrFd-u-povDGRwVyloz06-HSHmNWOdljN5PIKyNfrCYHX3KRl3wmFaf_ncgWBjgL41-wJIgJoctNT6NYlJvwsGHXn6rXDZkBL5S9m6UymVVjzbSfmA02e0KtuurtrPGignfgKvmGT0V_137BZF2A9Z7ytxTyz0Efi3CYgHk6ril4MygYcRQamV6uwGi2LKXxVuqIwYf9rKqN9uZezrWcloWnbU30BzlwLFHHcLyn8_HA29zR8aBB3ZP8bDNrSEmbV27E9RExZ8TZV_IG8XT5elZEJNr3bslShmkHl1LdfISFm-_X_W7AXtt0in4YX-BebvxQ8ji7Jz_tUeWmnk82g26JIx1QMFv5xSQ4ZgGcbr_TZl0cJhFD0S6dLYMXaUwE2txm_L9%26adurl%3D&documentReferer=https%3A%2F%2Fepicenter.bg%2F&ancestorOrigins=https%3A%2F%2Fepicenter.bg&random=9292062750335&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0&uidRedirect=1
Requested by: Host: 10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com
URL: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: HTTP/1.1
Server: 138.201.63.157 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.157.63.201.138.clients.your-server.de
Software: Apache /
Resource Hash: b2708a31dfa822407d6f490bf76ae1bbe65d015ac2ad71cee19f7c64e164fee0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 30 Aug 2023 13:54:22 GMT
Content-Encoding: gzip
Server: Apache
Vary: Accept-Encoding
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: application/x-javascript; charset=utf-8
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
X-NEORY-SubId: 24992600080970204444554012432007
Connection: close
Content-Length: 1353
Expires: Wed, 30 Aug 2023 14:54:22 +0200

Redirect headers

Pragma: no-cache
Date: Wed, 30 Aug 2023 13:54:22 GMT
Server: Apache
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Location: request.php?zone=iju9wczm8trb&nw=20&renderingType=javascript&namespace=f305f2f53d&subid=&uid=be685c864a12fd7a&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=300x250&scrollPos=0x0&extData[]=&extVar[]=DV360_SSP%3A1&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCezr4DErvZNqeDtKWgAffzr3gC6blvaBprZWcp8kP8C4QASCglrcuYJWK-4GUB8gBCakCAHcZnNREsj6oAwHIA5sEqgTnAU_QkdHp1M4c3fOvzHQQySPbZbmSXNxwXrdpdDOz5YVQtUzjYUXDkbZA1i200ETqESmDYeSK_ldmk0CqNtBuruOulPwXpOS8tJxqkryJ8bC1Lz0NSo1d5rEMamLR72EL7M6M3_cy_1E5OzHLM-AO4F13MXV9YmZkFIsx37yMmAq4xCsx4gbIMDA2Epf1r13SzVk2TeD-w4Id4Y7I0o7GClRFS579R6n9R0LVMckpdpjjEGnD6XvJ4s1_vTvAp1ASLuaf-_x418bFvDLZR4DVV8RLbc11qgpbyeJnPiH4R2IXl-2EBGWtkcAE64_8jvcD4AQDiAXvr5aIPpAGAaAGTYAHrK31nwOoB9m2sQKoB47OG6gHk9gbqAfulrECqAf-nrECqAeko7ECqAfVyRuoB6a-G6gHmgaoB_PRG6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggWCIDhgBAQARgdMgKqAjoCgEBIvf3BOoAKAZgLAcgLAYAMAaoNAkRFyA0BsBPMnNkS0BMA2BMDiBQB2BQB0BUB-BYBgBcB%26ae%3D1%26gclid%3DEAIaIQobChMI2tSEncSEgQMVUgvgCh1fZw-8EAEYASAAEgLFRfD_BwE%26num%3D1%26cid%3DCAQSTABpAlJWjiLC6cN0y6Af-KVXk8DBkmSzEAbYcieNmu4lAVz1VLLZ_paAOVfDx0eYlW3te2SyfTWQ_evKRIWjp9kxnT6cOhSshvccfd0YAQ%26sig%3DAOD64_0lQRz0i9QvMW_r9FBdk8WuhiBsNg%26client%3Dca-pub-8786690744144524%26dbm_c%3DAKAmf-CtgoUckJmMNe_KcBhilP0I-HI-wa91kV92X7ndm6ONanqWd2Sf7-z-3wiF2HaBOWYyZl1jhBL40--2JMarzLKbbTpeiS2KzjmeN6cTi6IZzFU36uAol8u5Vu9L3ZtxRNzuu0T9H2zhfnGvw-0WFGnp-xk-I5TouUUz8ZhmZqlvnaNbMvg%26cry%3D1%26dbm_d%3DAKAmf-C8CwT9EclNpTA712891HeasXNIBNzPgeJCL17I6X1Wz3UYwJQ5e7C6R3hE5Ykd_QNn6MNM4BLc0ArvYxZUVVwk6S-t-ixp1hXrDOIDTXAaA4e1gfeqSf7_ztxBrB-0_BrFd-u-povDGRwVyloz06-HSHmNWOdljN5PIKyNfrCYHX3KRl3wmFaf_ncgWBjgL41-wJIgJoctNT6NYlJvwsGHXn6rXDZkBL5S9m6UymVVjzbSfmA02e0KtuurtrPGignfgKvmGT0V_137BZF2A9Z7ytxTyz0Efi3CYgHk6ril4MygYcRQamV6uwGi2LKXxVuqIwYf9rKqN9uZezrWcloWnbU30BzlwLFHHcLyn8_HA29zR8aBB3ZP8bDNrSEmbV27E9RExZ8TZV_IG8XT5elZEJNr3bslShmkHl1LdfISFm-_X_W7AXtt0in4YX-BebvxQ8ji7Jz_tUeWmnk82g26JIx1QMFv5xSQ4ZgGcbr_TZl0cJhFD0S6dLYMXaUwE2txm_L9%26adurl%3D&documentReferer=https%3A%2F%2Fepicenter.bg%2F&ancestorOrigins=https%3A%2F%2Fepicenter.bg&random=9292062750335&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0&uidRedirect=1
Content-Type: text/html; charset=UTF-8
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Connection: close
Content-Length: 0
Expires: Wed, 30 Aug 2023 14:54:22 +0200

GET
H/1.1

200
OK

request.php Show response
hal90003.redintelligence.net/ Frame 2BC1
Redirect Chain

https://hal90003.redintelligence.net/request.php?zone=g72h7lz2c4az&nw=20&renderingType=javascript&namespace=a42144d2b5&subid=&uid=62e2d4bc5bcaf556&screenSize=1600x1200&screenSizeAvail=1600x1200&cli...
https://hal90003.redintelligence.net/request.php?zone=g72h7lz2c4az&nw=20&renderingType=javascript&namespace=a42144d2b5&subid=&uid=62e2d4bc5bcaf556&screenSize=1600x1200&screenSizeAvail=1600x1200&cli...

4 KB
2 KB

151ms
99ms

Script
application/x-javascript

138.201.63.117
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal90003.redintelligence.net/request.php?zone=g72h7lz2c4az&nw=20&renderingType=javascript&namespace=a42144d2b5&subid=&uid=62e2d4bc5bcaf556&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=728x90&scrollPos=0x0&extData[]=&extVar[]=DV360_SSP%3A1&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCT-lmDErvZN6eDtKWgAffzr3gC6blvaBphZWcp8kP8C4QASCglrcuYJWK-4GUB8gBCakCAHcZnNREsj6oAwHIA5sEqgTjAU_QZmJoj1sU8VLDfUui8EzRkrEPG3PIVmK8kX6P7t_hrmWKkxVxZ32BOXkFsXwOOY8WlAggDYYjrIIV65FgmL8ufqbHg_YBBLzv3FS6p5W6ojU-32DsJbvoWcVsTt_5G30YzPuCC7TaR8G3n4V8jl2dosqldu0rCaxm4KymlKKuyDMaqr839HmqCgE6uq-8IGCQJ-H9IKi0D-2SgQFhvgvJQ-6cg9gAETihvbkWHu98iYTTVrccq2CZkYmDQ5Gb_ovaYGHLvxAdtAVWOGbml2Q2QK_Y817LIL06oQv5Xjgu43F7wATrj_yO9wPgBAOIBe-vlog-kAYBoAZNgAesrfWfA6gH2baxAqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4bqAeaBqgH89EbqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCBYIgOGAEBABGB0yAqoCOgKAQEi9_cE6gAoBmAsByAsBgAwBqg0CREXIDQGwE8yc2RLQEwDYEwOIFAHYFAHQFQH4FgGAFwE%26ae%3D1%26gclid%3DEAIaIQobChMI3tSEncSEgQMVUgvgCh1fZw-8EAEYASAAEgJRx_D_BwE%26num%3D1%26cid%3DCAQSTABpAlJWjiLC6cN0y6Af-KVXk8DBkmSzEAbYcieNmu4lAVz1VLLZ_paAOVfDx0eYlW3te2SyfTWQ_evKRIWjp9kxnT6cOhSshvccfd0YAQ%26sig%3DAOD64_29tMNVW_mjPCR-yBSO_VweqH0CiA%26client%3Dca-pub-8786690744144524%26dbm_c%3DAKAmf-DWHSGISQvTQKGCmY_XYv41qxjzH0FQ-7XppZ7oTJRHuAHpq_eVuDbyyIlRlZi5WU5eoCugfBUGaMWZea_5dAN4QPF6grEOM2onQkI9P6G2xoXecYEJeuEr6lzajPIsKZMYAsE_fh3rBV8I_zY35Ht0AQMwRyGx_Wzy4N3alb2n4cr5zXs%26cry%3D1%26dbm_d%3DAKAmf-Dd0BI2lrjhpH3e5IZPWwzCldIgJfImWdzwAaKzAb9kJzd4bgrOHyXL6NRI_QPNvizawvyZmpT2U5fLDE_efQvW1_hS8fQa-TSQbUil-0HpC6oRLWPvvYaLmqP7klg-HXGSIPA1tHV2tLcpGAvvN4hFzPxRjekJuWw_bvBVFNqjIW5HcofxAG-CyRBtxszIBIqofrDzSKvo5Hx8IBjNgKIrhhWzfI94E27u8oNlx7IP3J42-X_NNAAvnyI8td-SuTyXGpEaxHqMk9po6dJIrrvrZEiIbaB2GcVolhsMiCbwtZz-L9i25fNmoeayIi_tOd-ZRUpidt1OxTs3azQj_5Ve7N8gjpVScD8NpjDg32TFODbxmlDjRzKgYKoxG8fyRcho955shk0O_R9W_Evrc-mTuIy7Y8FHLuCRXfgTKUTFUVXUgvdJH6L2enHS-Kwavhcqss7QWmWS2B51r7Iw8hkcNWt2n9tYnu9E-a-_PUN05Gs8Yh-faN_ZPuYnNpXTnjVMZay2%26adurl%3D&documentReferer=https%3A%2F%2Fepicenter.bg%2F&ancestorOrigins=https%3A%2F%2Fepicenter.bg&random=2484091572668&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0&uidRedirect=1
Requested by: Host: 10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com
URL: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: HTTP/1.1
Server: 138.201.63.117 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.117.63.201.138.clients.your-server.de
Software: Apache /
Resource Hash: 1e6c8e421ba75c8d2a485390f737f97653ccea040d7e4e39996ce1432d7539c8

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 30 Aug 2023 13:54:22 GMT
Content-Encoding: gzip
Server: Apache
Vary: Accept-Encoding
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: application/x-javascript; charset=utf-8
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
X-NEORY-SubId: 82333400087538704444550012432003
Connection: close
Content-Length: 1325
Expires: Wed, 30 Aug 2023 14:54:22 +0200

Redirect headers

Pragma: no-cache
Date: Wed, 30 Aug 2023 13:54:22 GMT
Server: Apache
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Location: request.php?zone=g72h7lz2c4az&nw=20&renderingType=javascript&namespace=a42144d2b5&subid=&uid=62e2d4bc5bcaf556&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=728x90&scrollPos=0x0&extData[]=&extVar[]=DV360_SSP%3A1&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCT-lmDErvZN6eDtKWgAffzr3gC6blvaBphZWcp8kP8C4QASCglrcuYJWK-4GUB8gBCakCAHcZnNREsj6oAwHIA5sEqgTjAU_QZmJoj1sU8VLDfUui8EzRkrEPG3PIVmK8kX6P7t_hrmWKkxVxZ32BOXkFsXwOOY8WlAggDYYjrIIV65FgmL8ufqbHg_YBBLzv3FS6p5W6ojU-32DsJbvoWcVsTt_5G30YzPuCC7TaR8G3n4V8jl2dosqldu0rCaxm4KymlKKuyDMaqr839HmqCgE6uq-8IGCQJ-H9IKi0D-2SgQFhvgvJQ-6cg9gAETihvbkWHu98iYTTVrccq2CZkYmDQ5Gb_ovaYGHLvxAdtAVWOGbml2Q2QK_Y817LIL06oQv5Xjgu43F7wATrj_yO9wPgBAOIBe-vlog-kAYBoAZNgAesrfWfA6gH2baxAqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4bqAeaBqgH89EbqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCBYIgOGAEBABGB0yAqoCOgKAQEi9_cE6gAoBmAsByAsBgAwBqg0CREXIDQGwE8yc2RLQEwDYEwOIFAHYFAHQFQH4FgGAFwE%26ae%3D1%26gclid%3DEAIaIQobChMI3tSEncSEgQMVUgvgCh1fZw-8EAEYASAAEgJRx_D_BwE%26num%3D1%26cid%3DCAQSTABpAlJWjiLC6cN0y6Af-KVXk8DBkmSzEAbYcieNmu4lAVz1VLLZ_paAOVfDx0eYlW3te2SyfTWQ_evKRIWjp9kxnT6cOhSshvccfd0YAQ%26sig%3DAOD64_29tMNVW_mjPCR-yBSO_VweqH0CiA%26client%3Dca-pub-8786690744144524%26dbm_c%3DAKAmf-DWHSGISQvTQKGCmY_XYv41qxjzH0FQ-7XppZ7oTJRHuAHpq_eVuDbyyIlRlZi5WU5eoCugfBUGaMWZea_5dAN4QPF6grEOM2onQkI9P6G2xoXecYEJeuEr6lzajPIsKZMYAsE_fh3rBV8I_zY35Ht0AQMwRyGx_Wzy4N3alb2n4cr5zXs%26cry%3D1%26dbm_d%3DAKAmf-Dd0BI2lrjhpH3e5IZPWwzCldIgJfImWdzwAaKzAb9kJzd4bgrOHyXL6NRI_QPNvizawvyZmpT2U5fLDE_efQvW1_hS8fQa-TSQbUil-0HpC6oRLWPvvYaLmqP7klg-HXGSIPA1tHV2tLcpGAvvN4hFzPxRjekJuWw_bvBVFNqjIW5HcofxAG-CyRBtxszIBIqofrDzSKvo5Hx8IBjNgKIrhhWzfI94E27u8oNlx7IP3J42-X_NNAAvnyI8td-SuTyXGpEaxHqMk9po6dJIrrvrZEiIbaB2GcVolhsMiCbwtZz-L9i25fNmoeayIi_tOd-ZRUpidt1OxTs3azQj_5Ve7N8gjpVScD8NpjDg32TFODbxmlDjRzKgYKoxG8fyRcho955shk0O_R9W_Evrc-mTuIy7Y8FHLuCRXfgTKUTFUVXUgvdJH6L2enHS-Kwavhcqss7QWmWS2B51r7Iw8hkcNWt2n9tYnu9E-a-_PUN05Gs8Yh-faN_ZPuYnNpXTnjVMZay2%26adurl%3D&documentReferer=https%3A%2F%2Fepicenter.bg%2F&ancestorOrigins=https%3A%2F%2Fepicenter.bg&random=2484091572668&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0&uidRedirect=1
Content-Type: text/html; charset=UTF-8
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Connection: close
Content-Length: 0
Expires: Wed, 30 Aug 2023 14:54:22 +0200

GET
H3 200 M-HeFlSCME_k5Ph7lXtMc9K-bQ1dlElVsMlNN0Ru4uM.js Show response
pagead2.googlesyndication.com/bg/ Frame 9663 38 KB
14 KB 22ms
21ms Script
text/javascript 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/M-HeFlSCME_k5Ph7lXtMc9K-bQ1dlElVsMlNN0Ru4uM.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

33e1de165482304fe4e4f87b957b4c73d2be6d0d5d944955b0c94d37446ee2e3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Wed, 23 Aug 2023 16:57:12 GMT
content-encoding: br
x-content-type-options: nosniff
age: 593830
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14677
x-xss-protection: 0
last-modified: Tue, 22 Aug 2023 10:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 22 Aug 2024 16:57:12 GMT

GET
H3 200 PkiGnUWInYwTcBYaxbSZywLcc8a-vvuMSHFzAQqrt4s.js Show response
pagead2.googlesyndication.com/bg/ Frame 9182 37 KB
14 KB 20ms
20ms Script
text/javascript 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/PkiGnUWInYwTcBYaxbSZywLcc8a-vvuMSHFzAQqrt4s.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3e48869d45889d8c1370161ac5b499cb02dc73c6bebefb8c487173010aabb78b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Wed, 30 Aug 2023 13:43:49 GMT
content-encoding: br
x-content-type-options: nosniff
age: 633
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14710
x-xss-protection: 0
last-modified: Tue, 22 Aug 2023 10:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 29 Aug 2024 13:43:49 GMT

GET
H3 200 PkiGnUWInYwTcBYaxbSZywLcc8a-vvuMSHFzAQqrt4s.js Show response
pagead2.googlesyndication.com/bg/ Frame 6950 37 KB
14 KB 22ms
22ms Script
text/javascript 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/PkiGnUWInYwTcBYaxbSZywLcc8a-vvuMSHFzAQqrt4s.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3e48869d45889d8c1370161ac5b499cb02dc73c6bebefb8c487173010aabb78b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Wed, 30 Aug 2023 13:43:49 GMT
content-encoding: br
x-content-type-options: nosniff
age: 633
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14710
x-xss-protection: 0
last-modified: Tue, 22 Aug 2023 10:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 29 Aug 2024 13:43:49 GMT

GET
H3 200 PkiGnUWInYwTcBYaxbSZywLcc8a-vvuMSHFzAQqrt4s.js Show response
pagead2.googlesyndication.com/bg/ Frame CD9A 37 KB
14 KB 24ms
24ms Script
text/javascript 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/PkiGnUWInYwTcBYaxbSZywLcc8a-vvuMSHFzAQqrt4s.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3e48869d45889d8c1370161ac5b499cb02dc73c6bebefb8c487173010aabb78b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Wed, 30 Aug 2023 13:43:49 GMT
content-encoding: br
x-content-type-options: nosniff
age: 633
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14710
x-xss-protection: 0
last-modified: Tue, 22 Aug 2023 10:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 29 Aug 2024 13:43:49 GMT

GET
H/1.1 200
OK request.php Show response
hal900015.redintelligence.net/ Frame 5564 4 KB
2 KB 151ms
95ms Script
application/x-javascript 138.201.135.164
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal900015.redintelligence.net/request.php?zone=g72h7lz2c4az&nw=20&renderingType=javascript&namespace=a213e9746e&subid=&uid=f133b10c9beaa602&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=728x90&scrollPos=0x0&extData[]=&extVar[]=DV360_SSP%3A1&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DChiDQDErvZOSeDtKWgAffzr3gC6blvaBphZWcp8kP8C4QASCglrcuYJWK-4GUB8gBCakCAHcZnNREsj6oAwHIA5sEqgTjAU_Q3SXlBOMuWg7gXtxGAgd8f-6AT2AcO7bQuYj_PIVl42myDjQ9OiiYyxT7mvWVybgtT8qGm9y1q512yiqRcI_v4VM86BRtFuJ2rF5b3zqwdJagqPR9pRTj6-mfCwJIW9m3VFnFXcur_yU30PMAO8XizhwVAGv8GlNu-IsPz5mqtu8hXMxU72QTAfy_mzYS55WgCRgJnwtLs-fDPcyXbHZknmWblsBgLWPq_C9SNtJa1ZJg6HmCzJ3UvzAlixTMN0314zb2RrtVMnp2wzLkgNGWXNcgQ40fgedn4tnJ1yZnCWSvwATrj_yO9wPgBAOIBe-vlog-kAYBoAZNgAesrfWfA6gH2baxAqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4bqAeaBqgH89EbqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCBYIgOGAEBABGB0yAqoCOgKAQEi9_cE6gAoBmAsByAsBgAwBqg0CREXIDQGwE8yc2RLQEwDYEwOIFAHYFAHQFQH4FgGAFwE%26ae%3D1%26gclid%3DEAIaIQobChMI5NSEncSEgQMVUgvgCh1fZw-8EAEYASAAEgJHUfD_BwE%26num%3D1%26cid%3DCAQSTABpAlJWjiLC6cN0y6Af-KVXk8DBkmSzEAbYcieNmu4lAVz1VLLZ_paAOVfDx0eYlW3te2SyfTWQ_evKRIWjp9kxnT6cOhSshvccfd0YAQ%26sig%3DAOD64_2HPNSqLgWfvmUQgSjKWn6cpf3j0w%26client%3Dca-pub-8786690744144524%26dbm_c%3DAKAmf-CG4jdg3eeF0lYqC_a8VAg2Sz-XNQDNQKtBnpt3zwUN_FDH6HViDlefQyMQ2er6ICOgUm4aqcnXRoAqAyWxGSOeBYuwRpl0_O6NpX49WWlOWqfWC80apdm68jPXVviQeHZFBir4W0UfVV02PDVL5qq0egJphRNAyQkkErTl0BNe-aB_d28%26cry%3D1%26dbm_d%3DAKAmf-CV3Am7KvFTIg3W1eoieVLEko7YeAXWOKXtdQ8EPtSJxihhSsYciKfatkFE-RKrDmnM3IYOQCVE9hCwHvQLV_OeWcP-gT4NOaP95cwIz29ojYEtn4gjLNv5woC2QDYPz4Gp3zvEa-DFIkMGCG_cgXeRQ43G0bE4HlYE_ikoFQj1jDiYlP19F0Kgmm7aXrnNP_LZszpsmaZtjN4RTLPgAs85FD-0kXqAKKz26a9NEBvbeOKYKmaOuMyzZAblpoY1DCG1Fi8ZQ5U8lYd6e2md-oDMpMUfVWdYPGk0pb2GcSsFpCXuE6AcQYoHN9aNZc2FYqmujUlrA4slnrEam_lBVKC_TJRTbwXHA4tzBOgQFzIkZ1OaCuUif5FgJcPFH_30DIogtKK3VWjwz7hIcL9x_3UihX68u-eS03tBJs27Zax7Xa1NGUHL5N9zqUjz1PNr3AakjNliEKT7fC0zHoDHC3ojjqg9e8gXqeSFL5mWfgQYmsWNbglNlf7oXGBNmRhoM9wLRPGe%26adurl%3D&documentReferer=https%3A%2F%2Fepicenter.bg%2F&ancestorOrigins=https%3A%2F%2Fepicenter.bg&random=2013262624462&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0
Requested by: Host: hal9000.redintelligence.net
URL: https://hal9000.redintelligence.net/zone/g72h7lz2c4az?subid=&gdpr=&gdpr_consent=&rnd=1693403660233316&extVar[]=DV360_SSP:1&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DChiDQDErvZOSeDtKWgAffzr3gC6blvaBphZWcp8kP8C4QASCglrcuYJWK-4GUB8gBCakCAHcZnNREsj6oAwHIA5sEqgTjAU_Q3SXlBOMuWg7gXtxGAgd8f-6AT2AcO7bQuYj_PIVl42myDjQ9OiiYyxT7mvWVybgtT8qGm9y1q512yiqRcI_v4VM86BRtFuJ2rF5b3zqwdJagqPR9pRTj6-mfCwJIW9m3VFnFXcur_yU30PMAO8XizhwVAGv8GlNu-IsPz5mqtu8hXMxU72QTAfy_mzYS55WgCRgJnwtLs-fDPcyXbHZknmWblsBgLWPq_C9SNtJa1ZJg6HmCzJ3UvzAlixTMN0314zb2RrtVMnp2wzLkgNGWXNcgQ40fgedn4tnJ1yZnCWSvwATrj_yO9wPgBAOIBe-vlog-kAYBoAZNgAesrfWfA6gH2baxAqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4bqAeaBqgH89EbqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCBYIgOGAEBABGB0yAqoCOgKAQEi9_cE6gAoBmAsByAsBgAwBqg0CREXIDQGwE8yc2RLQEwDYEwOIFAHYFAHQFQH4FgGAFwE%26ae%3D1%26gclid%3DEAIaIQobChMI5NSEncSEgQMVUgvgCh1fZw-8EAEYASAAEgJHUfD_BwE%26num%3D1%26cid%3DCAQSTABpAlJWjiLC6cN0y6Af-KVXk8DBkmSzEAbYcieNmu4lAVz1VLLZ_paAOVfDx0eYlW3te2SyfTWQ_evKRIWjp9kxnT6cOhSshvccfd0YAQ%26sig%3DAOD64_2HPNSqLgWfvmUQgSjKWn6cpf3j0w%26client%3Dca-pub-8786690744144524%26dbm_c%3DAKAmf-CG4jdg3eeF0lYqC_a8VAg2Sz-XNQDNQKtBnpt3zwUN_FDH6HViDlefQyMQ2er6ICOgUm4aqcnXRoAqAyWxGSOeBYuwRpl0_O6NpX49WWlOWqfWC80apdm68jPXVviQeHZFBir4W0UfVV02PDVL5qq0egJphRNAyQkkErTl0BNe-aB_d28%26cry%3D1%26dbm_d%3DAKAmf-CV3Am7KvFTIg3W1eoieVLEko7YeAXWOKXtdQ8EPtSJxihhSsYciKfatkFE-RKrDmnM3IYOQCVE9hCwHvQLV_OeWcP-gT4NOaP95cwIz29ojYEtn4gjLNv5woC2QDYPz4Gp3zvEa-DFIkMGCG_cgXeRQ43G0bE4HlYE_ikoFQj1jDiYlP19F0Kgmm7aXrnNP_LZszpsmaZtjN4RTLPgAs85FD-0kXqAKKz26a9NEBvbeOKYKmaOuMyzZAblpoY1DCG1Fi8ZQ5U8lYd6e2md-oDMpMUfVWdYPGk0pb2GcSsFpCXuE6AcQYoHN9aNZc2FYqmujUlrA4slnrEam_lBVKC_TJRTbwXHA4tzBOgQFzIkZ1OaCuUif5FgJcPFH_30DIogtKK3VWjwz7hIcL9x_3UihX68u-eS03tBJs27Zax7Xa1NGUHL5N9zqUjz1PNr3AakjNliEKT7fC0zHoDHC3ojjqg9e8gXqeSFL5mWfgQYmsWNbglNlf7oXGBNmRhoM9wLRPGe%26adurl%3D
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.135.164 St. Ingbert, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.164.135.201.138.clients.your-server.de
Software: Apache /
Resource Hash: 5bc90c831249bb95d00f4791aa5eff2756f2f10e4e4d0dd04c7d0677a907e406

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 30 Aug 2023 13:54:22 GMT
Content-Encoding: gzip
Server: Apache
Vary: Accept-Encoding
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: application/x-javascript; charset=utf-8
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
X-NEORY-SubId: 25105600103854104444550012432015
Connection: close
Content-Length: 1327
Expires: Wed, 30 Aug 2023 14:54:22 +0200

GET
H3 200 PkiGnUWInYwTcBYaxbSZywLcc8a-vvuMSHFzAQqrt4s.js Show response
pagead2.googlesyndication.com/bg/ Frame FC68 37 KB
14 KB 21ms
20ms Script
text/javascript 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/PkiGnUWInYwTcBYaxbSZywLcc8a-vvuMSHFzAQqrt4s.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3e48869d45889d8c1370161ac5b499cb02dc73c6bebefb8c487173010aabb78b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Wed, 30 Aug 2023 13:43:49 GMT
content-encoding: br
x-content-type-options: nosniff
age: 633
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14710
x-xss-protection: 0
last-modified: Tue, 22 Aug 2023 10:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 29 Aug 2024 13:43:49 GMT

GET
H/1.1 200
OK request.php Show response
hal90005.redintelligence.net/ Frame EAC8 4 KB
2 KB 186ms
121ms Script
application/x-javascript 138.201.63.165
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal90005.redintelligence.net/request.php?zone=g72h7lz2c4az&nw=20&renderingType=javascript&namespace=1bb356345a&subid=&uid=e4e4f3c25a1e82bf&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=728x90&scrollPos=0x0&extData[]=&extVar[]=DV360_SSP%3A1&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCDNQ6DErvZN-eDtKWgAffzr3gC6blvaBphZWcp8kP8C4QASCglrcuYJWK-4GUB8gBCakCAHcZnNREsj6oAwHIA5sEqgTjAU_QCBkAGxhgMqF8PTu3JH3odzkG29RdzjyB8S87wFr5geC08_gwaPxcYy13O1BvJlqODKVDYt55K76iZ4Ps9vOY8OqR7zvmn-pAKqaPwHNAnyoIGI80YSXFHnR5imI2gyv_r8pVdNCfkMrRZuJUKSziPO5rAqvtgP7RlwlTnnEbXANvEs7b3U7Qf1lKJfxjZfSwsizlfO9XRnf1OHrNG8WQHsgIAxTZ3JsE7cYkbL3kxusf8ljO2KTQ4T0Tn43JRTeqcl2xY4FSEWNuDeLgPKcVJihoA6obiyrEeSUuz6741MWhwATrj_yO9wPgBAOIBe-vlog-kAYBoAZNgAesrfWfA6gH2baxAqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4bqAeaBqgH89EbqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCBYIgOGAEBABGB0yAqoCOgKAQEi9_cE6gAoBmAsByAsBgAwBqg0CREXIDQGwE8yc2RLQEwDYEwOIFAHYFAHQFQH4FgGAFwE%26ae%3D1%26gclid%3DEAIaIQobChMI39SEncSEgQMVUgvgCh1fZw-8EAEYASAAEgLOZ_D_BwE%26num%3D1%26cid%3DCAQSTABpAlJWjiLC6cN0y6Af-KVXk8DBkmSzEAbYcieNmu4lAVz1VLLZ_paAOVfDx0eYlW3te2SyfTWQ_evKRIWjp9kxnT6cOhSshvccfd0YAQ%26sig%3DAOD64_2MUVl66XzeNnBNNYOHaF5tw6u_nQ%26client%3Dca-pub-8786690744144524%26dbm_c%3DAKAmf-CIVwPkJQuqyT-0tJCDpm509oG6GbQFu3uWmqbsiOuN3OlO7E6sgvcnWoO7M4kihwDDc_-EMgLHZoQ84AQJ8R6Mo65euBftr-92Gl75iXSJBRTJZaguqLDzQbSDRjdXVP0ch3ie8RmWs4FbeMzPm_amiFiVeeIWi-ui5b01FLaZTtNJPbk%26cry%3D1%26dbm_d%3DAKAmf-AeuMVkuf2276zGRNn7kbbZTtPS4reTE0501p5xBdKRvuO2jj6NnU8qgA276KMXoDyU8ePNgHx8KXH5iWAP-hjWPGC81EMrKSiFtXOgf2lSGaBfIVhYDDW1gn3qZB6-aO5gjoHSbgEZ2MVCpZE-f9leWI3VMLPBEde844A-Fzpg449jctF6fXh8A13pMy6bCDdgG1Ekma__nAi-2E48W5Hjr52paaW3uiYE8_LZCBT2yZZOCEzF1H_bZ1wuZFn4adzxxxDqpTxizWUaAmaoBtl9EdJzmB0TpnF8_Yrbzib6oUHQUbZaBhV-prNH2bSs8hgSItRcRhJA4zGoEs0IbWcjBgtQkZee0rTf4X7b-HpYwbx6UXrbcl7KVV27CnbqrudGiPqmxQ9P9jqTnEP3JnY-xZfr1L-ncjQ2XXVMwkqF3NFZuLnfZox5KhtQLkego1RsyKstbXXApmUgV4mLoBPIANKDJb7tnhCekgW1DCPWdSUt1q9kgosoycOGkxJt9gE_X0u4%26adurl%3D&documentReferer=https%3A%2F%2Fepicenter.bg%2F&ancestorOrigins=https%3A%2F%2Fepicenter.bg&random=4977180001158&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0
Requested by: Host: hal9000.redintelligence.net
URL: https://hal9000.redintelligence.net/zone/g72h7lz2c4az?subid=&gdpr=&gdpr_consent=&rnd=1693403660233311&extVar[]=DV360_SSP:1&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCDNQ6DErvZN-eDtKWgAffzr3gC6blvaBphZWcp8kP8C4QASCglrcuYJWK-4GUB8gBCakCAHcZnNREsj6oAwHIA5sEqgTjAU_QCBkAGxhgMqF8PTu3JH3odzkG29RdzjyB8S87wFr5geC08_gwaPxcYy13O1BvJlqODKVDYt55K76iZ4Ps9vOY8OqR7zvmn-pAKqaPwHNAnyoIGI80YSXFHnR5imI2gyv_r8pVdNCfkMrRZuJUKSziPO5rAqvtgP7RlwlTnnEbXANvEs7b3U7Qf1lKJfxjZfSwsizlfO9XRnf1OHrNG8WQHsgIAxTZ3JsE7cYkbL3kxusf8ljO2KTQ4T0Tn43JRTeqcl2xY4FSEWNuDeLgPKcVJihoA6obiyrEeSUuz6741MWhwATrj_yO9wPgBAOIBe-vlog-kAYBoAZNgAesrfWfA6gH2baxAqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4bqAeaBqgH89EbqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCBYIgOGAEBABGB0yAqoCOgKAQEi9_cE6gAoBmAsByAsBgAwBqg0CREXIDQGwE8yc2RLQEwDYEwOIFAHYFAHQFQH4FgGAFwE%26ae%3D1%26gclid%3DEAIaIQobChMI39SEncSEgQMVUgvgCh1fZw-8EAEYASAAEgLOZ_D_BwE%26num%3D1%26cid%3DCAQSTABpAlJWjiLC6cN0y6Af-KVXk8DBkmSzEAbYcieNmu4lAVz1VLLZ_paAOVfDx0eYlW3te2SyfTWQ_evKRIWjp9kxnT6cOhSshvccfd0YAQ%26sig%3DAOD64_2MUVl66XzeNnBNNYOHaF5tw6u_nQ%26client%3Dca-pub-8786690744144524%26dbm_c%3DAKAmf-CIVwPkJQuqyT-0tJCDpm509oG6GbQFu3uWmqbsiOuN3OlO7E6sgvcnWoO7M4kihwDDc_-EMgLHZoQ84AQJ8R6Mo65euBftr-92Gl75iXSJBRTJZaguqLDzQbSDRjdXVP0ch3ie8RmWs4FbeMzPm_amiFiVeeIWi-ui5b01FLaZTtNJPbk%26cry%3D1%26dbm_d%3DAKAmf-AeuMVkuf2276zGRNn7kbbZTtPS4reTE0501p5xBdKRvuO2jj6NnU8qgA276KMXoDyU8ePNgHx8KXH5iWAP-hjWPGC81EMrKSiFtXOgf2lSGaBfIVhYDDW1gn3qZB6-aO5gjoHSbgEZ2MVCpZE-f9leWI3VMLPBEde844A-Fzpg449jctF6fXh8A13pMy6bCDdgG1Ekma__nAi-2E48W5Hjr52paaW3uiYE8_LZCBT2yZZOCEzF1H_bZ1wuZFn4adzxxxDqpTxizWUaAmaoBtl9EdJzmB0TpnF8_Yrbzib6oUHQUbZaBhV-prNH2bSs8hgSItRcRhJA4zGoEs0IbWcjBgtQkZee0rTf4X7b-HpYwbx6UXrbcl7KVV27CnbqrudGiPqmxQ9P9jqTnEP3JnY-xZfr1L-ncjQ2XXVMwkqF3NFZuLnfZox5KhtQLkego1RsyKstbXXApmUgV4mLoBPIANKDJb7tnhCekgW1DCPWdSUt1q9kgosoycOGkxJt9gE_X0u4%26adurl%3D
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.63.165 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.165.63.201.138.clients.your-server.de
Software: Apache /
Resource Hash: a328c75083a23880928c6ca01d34b5628a40d7db39a95fa8dfdd6d812d739450

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 30 Aug 2023 13:54:22 GMT
Content-Encoding: gzip
Server: Apache
Vary: Accept-Encoding
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: application/x-javascript; charset=utf-8
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
X-NEORY-SubId: 36807600106472204444550012432005
Connection: close
Content-Length: 1352
Expires: Wed, 30 Aug 2023 14:54:22 +0200

GET
H/1.1 200
OK request.php Show response
hal900017.redintelligence.net/ Frame A54E 4 KB
2 KB 145ms
94ms Script
application/x-javascript 159.69.70.9
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal900017.redintelligence.net/request.php?zone=g72h7lz2c4az&nw=20&renderingType=javascript&namespace=96406a8214&subid=&uid=50c16bb9a69fdda1&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=728x90&scrollPos=0x0&extData[]=&extVar[]=DV360_SSP%3A1&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCJ32bDErvZOGeDtKWgAffzr3gC6blvaBphZWcp8kP8C4QASCglrcuYJWK-4GUB8gBCakCAHcZnNREsj6oAwHIA5sEqgTjAU_QBMRQhgF1ApBHFajiPwFzIxzvshSKd8aJhrtbME3Av39SOXKqIwC85t2xhN58vWBLUzwy0PDiTtC78c1Rrsv7gRL5hOmnNGm7Lt-ABFqs9UFfsOBiGQnZY7zXQyT304wYF0zobyTlaf5ywFuQhIe3Np4piAa9qhmeuFWnjlrtGAryp83TtHefa0XDhhhdI0BKODzj8tvd7xUj6nCCxw-v0JgOKvxOzgNUfxcnYbODYgWdGHDdJF8mIBJeTvIehQLE4x4eReSWM6Zq5sHvBjhH_eYr1MVo9oaJrGtgaeRIkbYUwATrj_yO9wPgBAOIBe-vlog-kAYBoAZNgAesrfWfA6gH2baxAqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4bqAeaBqgH89EbqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCBYIgOGAEBABGB0yAqoCOgKAQEi9_cE6gAoBmAsByAsBgAwBqg0CREXIDQGwE8yc2RLQEwDYEwOIFAHYFAHQFQH4FgGAFwE%26ae%3D1%26gclid%3DEAIaIQobChMI4dSEncSEgQMVUgvgCh1fZw-8EAEYASAAEgLhBfD_BwE%26num%3D1%26cid%3DCAQSTABpAlJWjiLC6cN0y6Af-KVXk8DBkmSzEAbYcieNmu4lAVz1VLLZ_paAOVfDx0eYlW3te2SyfTWQ_evKRIWjp9kxnT6cOhSshvccfd0YAQ%26sig%3DAOD64_3jGmJ_S61TE65XViYTsUJ6s2Yc-w%26client%3Dca-pub-8786690744144524%26dbm_c%3DAKAmf-BlclV8MXi4DxrK5fd_oTUlPOR_qspBv2OdO_0fznf4jiBeyuy-J-JbccSbTyzCgw1JtLWU0HpOUMKBM57r-CzTSk8Ms9jrfXc7KaX4np4Rt8mPxR1IjwJPudW6Jw8uqOWPgfNgrIVAdW58rles1DRckZnE0pdluoa3fcX7Nu8-5lxk99A%26cry%3D1%26dbm_d%3DAKAmf-CtK6NbOK07-JNdXEG3VYTvA1WX7OrXyMZWQhcRLxD3tY486N4r0YJZnphQbWU4qhUx6vny_5RbHvKrlLFBtxL5yIzz7Ig96rii6-1dJv9E3ZWYYiSMHZOX1BD3PgmPxCiQDnbpSIblSx-DmgmO2VLpDKs6X39-ZWnAQbBVfqfAS4WgsTKsfaCBhkUSxuSioofgM8TCYS6kfZiokxVy-b_6bVxIynhvxF25Y-srgOzndK2h31GbCSgKUsA2w9UQcCb1VMaRTriwgZFhQ1i2YFwSZ6y2ebVzpGieT-7RHNWfoBbd7WFFhL-DO1JTWy4wMQ5usVg8cO2PLoNL43kohQDvLkZlMRS1EH-qa_AyGsBjfFhQZmN9wNW_sXnFBvzZPwVanqHjNBfj4u4RrPWNbsG-dMRAgsqszMeRpqFdNVWnOBUV1rgg1l961bZM3CR-KIGNCMuBfqPwoDZ2RG0ZjjlJt1cs2Qpe2rUvkY2e6uY1H4F2_NJ-zk9AcaRKUrVUwiqiQigf%26adurl%3D&documentReferer=https%3A%2F%2Fepicenter.bg%2F&ancestorOrigins=https%3A%2F%2Fepicenter.bg&random=9104717212698&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0
Requested by: Host: hal9000.redintelligence.net
URL: https://hal9000.redintelligence.net/zone/g72h7lz2c4az?subid=&gdpr=&gdpr_consent=&rnd=1693403660233313&extVar[]=DV360_SSP:1&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCJ32bDErvZOGeDtKWgAffzr3gC6blvaBphZWcp8kP8C4QASCglrcuYJWK-4GUB8gBCakCAHcZnNREsj6oAwHIA5sEqgTjAU_QBMRQhgF1ApBHFajiPwFzIxzvshSKd8aJhrtbME3Av39SOXKqIwC85t2xhN58vWBLUzwy0PDiTtC78c1Rrsv7gRL5hOmnNGm7Lt-ABFqs9UFfsOBiGQnZY7zXQyT304wYF0zobyTlaf5ywFuQhIe3Np4piAa9qhmeuFWnjlrtGAryp83TtHefa0XDhhhdI0BKODzj8tvd7xUj6nCCxw-v0JgOKvxOzgNUfxcnYbODYgWdGHDdJF8mIBJeTvIehQLE4x4eReSWM6Zq5sHvBjhH_eYr1MVo9oaJrGtgaeRIkbYUwATrj_yO9wPgBAOIBe-vlog-kAYBoAZNgAesrfWfA6gH2baxAqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4bqAeaBqgH89EbqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCBYIgOGAEBABGB0yAqoCOgKAQEi9_cE6gAoBmAsByAsBgAwBqg0CREXIDQGwE8yc2RLQEwDYEwOIFAHYFAHQFQH4FgGAFwE%26ae%3D1%26gclid%3DEAIaIQobChMI4dSEncSEgQMVUgvgCh1fZw-8EAEYASAAEgLhBfD_BwE%26num%3D1%26cid%3DCAQSTABpAlJWjiLC6cN0y6Af-KVXk8DBkmSzEAbYcieNmu4lAVz1VLLZ_paAOVfDx0eYlW3te2SyfTWQ_evKRIWjp9kxnT6cOhSshvccfd0YAQ%26sig%3DAOD64_3jGmJ_S61TE65XViYTsUJ6s2Yc-w%26client%3Dca-pub-8786690744144524%26dbm_c%3DAKAmf-BlclV8MXi4DxrK5fd_oTUlPOR_qspBv2OdO_0fznf4jiBeyuy-J-JbccSbTyzCgw1JtLWU0HpOUMKBM57r-CzTSk8Ms9jrfXc7KaX4np4Rt8mPxR1IjwJPudW6Jw8uqOWPgfNgrIVAdW58rles1DRckZnE0pdluoa3fcX7Nu8-5lxk99A%26cry%3D1%26dbm_d%3DAKAmf-CtK6NbOK07-JNdXEG3VYTvA1WX7OrXyMZWQhcRLxD3tY486N4r0YJZnphQbWU4qhUx6vny_5RbHvKrlLFBtxL5yIzz7Ig96rii6-1dJv9E3ZWYYiSMHZOX1BD3PgmPxCiQDnbpSIblSx-DmgmO2VLpDKs6X39-ZWnAQbBVfqfAS4WgsTKsfaCBhkUSxuSioofgM8TCYS6kfZiokxVy-b_6bVxIynhvxF25Y-srgOzndK2h31GbCSgKUsA2w9UQcCb1VMaRTriwgZFhQ1i2YFwSZ6y2ebVzpGieT-7RHNWfoBbd7WFFhL-DO1JTWy4wMQ5usVg8cO2PLoNL43kohQDvLkZlMRS1EH-qa_AyGsBjfFhQZmN9wNW_sXnFBvzZPwVanqHjNBfj4u4RrPWNbsG-dMRAgsqszMeRpqFdNVWnOBUV1rgg1l961bZM3CR-KIGNCMuBfqPwoDZ2RG0ZjjlJt1cs2Qpe2rUvkY2e6uY1H4F2_NJ-zk9AcaRKUrVUwiqiQigf%26adurl%3D
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 159.69.70.9 Nuremberg, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.9.70.69.159.clients.your-server.de
Software: Apache /
Resource Hash: 6889708c66668b730402abf7493e6acd8e12c28befef25ee1ece9f3e88e2ee12

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 30 Aug 2023 13:54:22 GMT
Content-Encoding: gzip
Server: Apache
Vary: Accept-Encoding
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: application/x-javascript; charset=utf-8
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
X-NEORY-SubId: 84913800085385704444550012432017
Connection: close
Content-Length: 1354
Expires: Wed, 30 Aug 2023 14:54:22 +0200

GET
H/1.1 200
OK request.php Show response
hal900019.redintelligence.net/ Frame 05AB 4 KB
2 KB 156ms
94ms Script
application/x-javascript 78.46.90.238
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal900019.redintelligence.net/request.php?zone=g72h7lz2c4az&nw=20&renderingType=javascript&namespace=d4807e34a7&subid=&uid=eb7beb94111237a9&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=728x90&scrollPos=0x0&extData[]=&extVar[]=DV360_SSP%3A1&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCW1wvDErvZN2eDtKWgAffzr3gC6blvaBphZWcp8kP8C4QASCglrcuYJWK-4GUB8gBCakCAHcZnNREsj6oAwHIA5sEqgTjAU_QDmPH2bvNoOxZvnP35VanT6HDXiWT7gqM7GbccQRJpD8Uu2EYk0_O7ViNaSu0jPFnmnU3-iFm9yZwhzr1sqwmYUS5hw1agivJeaFvmvHoHt5kxVahfnYipdmaCF3Lyvy5p1VYCLbpKkXD5UQ-moxal8NuKC2UTZCuqnnalpgdg4u26uf9jUyGqaR3T99sG-PlhsflK80tFnW6cuJFLAIzhD2PDn3vToUFYKRcVwBSoRoDFVcFgDxnOimYiuOVWo6dbwaTLlIvVWrYuFtwrbG7UWpLCry5f4Ws644W1sccD-1zwATrj_yO9wPgBAOIBe-vlog-kAYBoAZNgAesrfWfA6gH2baxAqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4bqAeaBqgH89EbqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCBYIgOGAEBABGB0yAqoCOgKAQEi9_cE6gAoBmAsByAsBgAwBqg0CREXIDQGwE8yc2RLQEwDYEwOIFAHYFAHQFQH4FgGAFwE%26ae%3D1%26gclid%3DEAIaIQobChMI3dSEncSEgQMVUgvgCh1fZw-8EAEYASAAEgLfFfD_BwE%26num%3D1%26cid%3DCAQSTABpAlJWjiLC6cN0y6Af-KVXk8DBkmSzEAbYcieNmu4lAVz1VLLZ_paAOVfDx0eYlW3te2SyfTWQ_evKRIWjp9kxnT6cOhSshvccfd0YAQ%26sig%3DAOD64_39T1rGdxMFLF9ujBjy3TE0PK4GMw%26client%3Dca-pub-8786690744144524%26dbm_c%3DAKAmf-BZSAfbRFRZSf5ZCSl7HEch4I75OY-tPsR51lry0OJcoY1mNAvTZcfxFEHXwttErxka0f7HIL-w5uMGPhBwG61KVKX64eAqZBnNcKp9xavEPv2OIHZNcaW2lOH_OagDz0hyCIzY3Wui_4Nr0RbWlUkz4ayzwN52QcjT2Z7rDt6M7JxPbXM%26cry%3D1%26dbm_d%3DAKAmf-Bc3K2FKQ7wGytng40LUv74k7KUkhHkCkj1dqtFFxOMrrZ2MtvuIQAz1DFtISShGlHuODc-uuSavVrLRDfdj1z4cDCwjnoAaq64NAHwlPJK5Ku1yV0xSGSRFS-zjaLj3CaTU5tGAHQaA3z5y0fvENdsaY7p-BBYk02yg2tsCjuIcEzN9o5k1X0NtAyOHaEoUbFgd5RDAANcrkayZz8k8VWBiemMCRYuF7m01e7lYeJAjq6TZYGiCmMHTtiEKSHJxwhfd0cvG2QtCE6_pG3dMrY7kPD-Zuof6LtVGdGr1LZw_CCElU3KP74TA9_8d1ndrga7vohqWCJglQCrvLA6AyBRzN9d3Z4A5P9YDCkFb_vZ90Fl422BgiRZhGnY91lPQ88FJqNPhX_j9frqeyUr3Q2oEKU_jYvlVKLrS8rnPaNZr5Nd9MXI4j5gfLjljHAWjXvh1Bp2qc_imARiBcMKK1rx6ELcbvPeHHuR6SSAbJ3wra7tPpHQC1sAD3gR5O-qlO7KWZ9j%26adurl%3D&documentReferer=https%3A%2F%2Fepicenter.bg%2F&ancestorOrigins=https%3A%2F%2Fepicenter.bg&random=8625728964463&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0
Requested by: Host: hal9000.redintelligence.net
URL: https://hal9000.redintelligence.net/zone/g72h7lz2c4az?subid=&gdpr=&gdpr_consent=&rnd=1693403660233309&extVar[]=DV360_SSP:1&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCW1wvDErvZN2eDtKWgAffzr3gC6blvaBphZWcp8kP8C4QASCglrcuYJWK-4GUB8gBCakCAHcZnNREsj6oAwHIA5sEqgTjAU_QDmPH2bvNoOxZvnP35VanT6HDXiWT7gqM7GbccQRJpD8Uu2EYk0_O7ViNaSu0jPFnmnU3-iFm9yZwhzr1sqwmYUS5hw1agivJeaFvmvHoHt5kxVahfnYipdmaCF3Lyvy5p1VYCLbpKkXD5UQ-moxal8NuKC2UTZCuqnnalpgdg4u26uf9jUyGqaR3T99sG-PlhsflK80tFnW6cuJFLAIzhD2PDn3vToUFYKRcVwBSoRoDFVcFgDxnOimYiuOVWo6dbwaTLlIvVWrYuFtwrbG7UWpLCry5f4Ws644W1sccD-1zwATrj_yO9wPgBAOIBe-vlog-kAYBoAZNgAesrfWfA6gH2baxAqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4bqAeaBqgH89EbqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCBYIgOGAEBABGB0yAqoCOgKAQEi9_cE6gAoBmAsByAsBgAwBqg0CREXIDQGwE8yc2RLQEwDYEwOIFAHYFAHQFQH4FgGAFwE%26ae%3D1%26gclid%3DEAIaIQobChMI3dSEncSEgQMVUgvgCh1fZw-8EAEYASAAEgLfFfD_BwE%26num%3D1%26cid%3DCAQSTABpAlJWjiLC6cN0y6Af-KVXk8DBkmSzEAbYcieNmu4lAVz1VLLZ_paAOVfDx0eYlW3te2SyfTWQ_evKRIWjp9kxnT6cOhSshvccfd0YAQ%26sig%3DAOD64_39T1rGdxMFLF9ujBjy3TE0PK4GMw%26client%3Dca-pub-8786690744144524%26dbm_c%3DAKAmf-BZSAfbRFRZSf5ZCSl7HEch4I75OY-tPsR51lry0OJcoY1mNAvTZcfxFEHXwttErxka0f7HIL-w5uMGPhBwG61KVKX64eAqZBnNcKp9xavEPv2OIHZNcaW2lOH_OagDz0hyCIzY3Wui_4Nr0RbWlUkz4ayzwN52QcjT2Z7rDt6M7JxPbXM%26cry%3D1%26dbm_d%3DAKAmf-Bc3K2FKQ7wGytng40LUv74k7KUkhHkCkj1dqtFFxOMrrZ2MtvuIQAz1DFtISShGlHuODc-uuSavVrLRDfdj1z4cDCwjnoAaq64NAHwlPJK5Ku1yV0xSGSRFS-zjaLj3CaTU5tGAHQaA3z5y0fvENdsaY7p-BBYk02yg2tsCjuIcEzN9o5k1X0NtAyOHaEoUbFgd5RDAANcrkayZz8k8VWBiemMCRYuF7m01e7lYeJAjq6TZYGiCmMHTtiEKSHJxwhfd0cvG2QtCE6_pG3dMrY7kPD-Zuof6LtVGdGr1LZw_CCElU3KP74TA9_8d1ndrga7vohqWCJglQCrvLA6AyBRzN9d3Z4A5P9YDCkFb_vZ90Fl422BgiRZhGnY91lPQ88FJqNPhX_j9frqeyUr3Q2oEKU_jYvlVKLrS8rnPaNZr5Nd9MXI4j5gfLjljHAWjXvh1Bp2qc_imARiBcMKK1rx6ELcbvPeHHuR6SSAbJ3wra7tPpHQC1sAD3gR5O-qlO7KWZ9j%26adurl%3D
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 78.46.90.238 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.238.90.46.78.clients.your-server.de
Software: Apache /
Resource Hash: db21b6d58c1a20945833319a90fac5a8c7fbcd97349f85a803a7ba259f5bd3c1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 30 Aug 2023 13:54:22 GMT
Content-Encoding: gzip
Server: Apache
Vary: Accept-Encoding
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: application/x-javascript; charset=utf-8
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
X-NEORY-SubId: 18486700079872604444550012432019
Connection: close
Content-Length: 1326
Expires: Wed, 30 Aug 2023 14:54:22 +0200

GET
H/1.1 200
OK request.php Show response
hal900026.redintelligence.net/ Frame 9E07 4 KB
2 KB 158ms
93ms Script
application/x-javascript 138.201.84.244
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal900026.redintelligence.net/request.php?zone=g72h7lz2c4az&nw=20&renderingType=javascript&namespace=2721d38d3a&subid=&uid=24040568a3734145&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=728x90&scrollPos=0x0&extData[]=&extVar[]=DV360_SSP%3A1&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCJrZaDErvZOOeDtKWgAffzr3gC6blvaBphZWcp8kP8C4QASCglrcuYJWK-4GUB8gBCakCAHcZnNREsj6oAwHIA5sEqgTjAU_QqKKEMHDGmN4UZjtbX0eY2SAQfBVKrQpP7tJ1B3Mi81sl4NNQvOcLFBSmqy89rW-eExTLuWKgBfh2cOmzcmg9tstNVeF4nW2PvWrgBt5adq_idkVvZG6aZvfudWrqLYpESosnmDHKqrYOlPZ6DR7mO6d_WaSBJ8yZmIYihT_iEO3Esbc37mb1yEO2WKMhXlUZAKBmfqzE4kjhcd2kEdDjt6Kpk-_YPRM8w8lR6fiZoQM9KZy3ideGMpmX16CKO7N2rszGlhR1kv85mJPqb7ULYvrOflpySIPRDOxCHkIXi2VWwATrj_yO9wPgBAOIBe-vlog-kAYBoAZNgAesrfWfA6gH2baxAqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4bqAeaBqgH89EbqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCBYIgOGAEBABGB0yAqoCOgKAQEi9_cE6gAoBmAsByAsBgAwBqg0CREXIDQGwE8yc2RLQEwDYEwOIFAHYFAHQFQH4FgGAFwE%26ae%3D1%26gclid%3DEAIaIQobChMI49SEncSEgQMVUgvgCh1fZw-8EAEYASAAEgI7W_D_BwE%26num%3D1%26cid%3DCAQSTABpAlJWjiLC6cN0y6Af-KVXk8DBkmSzEAbYcieNmu4lAVz1VLLZ_paAOVfDx0eYlW3te2SyfTWQ_evKRIWjp9kxnT6cOhSshvccfd0YAQ%26sig%3DAOD64_122bBQjhloF8WAH1sxuJLyG4pz_w%26client%3Dca-pub-8786690744144524%26dbm_c%3DAKAmf-AkPGdnblfVa1pf-WMKQNTevkJkkmSKb5zoSlmAlDP_EFBTogYZr7_i9wyCySeNExEjTVOGvMML2PzkfNiJ7iQm_ZVUlzKX-_Qx3Itld8uRf03K6biGuAlfwhHPo-ZEztHtBuaCxDr7YcQ5NNToTNGNeLyZz_a_yyg0oLgG-xU5_h63dlI%26cry%3D1%26dbm_d%3DAKAmf-Ba7Nf1xypMkNACg4iFslqxp39940B5s2FxVZqxPrGtiTzMkcH4bZHoS9rMBNiGe8STNo_4gIs6o3KCJDUHCNk5Mj03KFCkxOiLP5sdx-rjhxmmnWa0XfGK9T2hxrxGItuKmKisCHGT0G0-28issGnTET843s_HWr33IsQVUnIlrsvMQn1Dq5lW_SUy6LV9rauNwZ6-pV2de8LNTeHAwtSY3JXV2qouDcl-f5PCRkn-c2XZ9POsjTXeTW0ck3XMFAP-SWXLkpLfFzygZ1Upn61nT6MRdh7rsGVHwACGRmto9RAS7g_oEuA7fourhw282Pl6zCNYi_a5LPbjfGU3oZuBhhHV4GZKSOU1EpckCvjuUPgDlO0ZldZmdxy4_JATYeXqv1isVFI5w89krq-AxDSk49f5HlQd9I-V1x6TiRCvGhpEVFqiBH-El0i-YDtZ-8D-VMte2Kk6molpwRKk6B7MCcVdaXUW0ajGydQyvJgRyFVDWdruwhXXcoKZcioy2xtpKGc9%26adurl%3D&documentReferer=https%3A%2F%2Fepicenter.bg%2F&ancestorOrigins=https%3A%2F%2Fepicenter.bg&random=702538563419&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0
Requested by: Host: hal9000.redintelligence.net
URL: https://hal9000.redintelligence.net/zone/g72h7lz2c4az?subid=&gdpr=&gdpr_consent=&rnd=1693403660233315&extVar[]=DV360_SSP:1&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCJrZaDErvZOOeDtKWgAffzr3gC6blvaBphZWcp8kP8C4QASCglrcuYJWK-4GUB8gBCakCAHcZnNREsj6oAwHIA5sEqgTjAU_QqKKEMHDGmN4UZjtbX0eY2SAQfBVKrQpP7tJ1B3Mi81sl4NNQvOcLFBSmqy89rW-eExTLuWKgBfh2cOmzcmg9tstNVeF4nW2PvWrgBt5adq_idkVvZG6aZvfudWrqLYpESosnmDHKqrYOlPZ6DR7mO6d_WaSBJ8yZmIYihT_iEO3Esbc37mb1yEO2WKMhXlUZAKBmfqzE4kjhcd2kEdDjt6Kpk-_YPRM8w8lR6fiZoQM9KZy3ideGMpmX16CKO7N2rszGlhR1kv85mJPqb7ULYvrOflpySIPRDOxCHkIXi2VWwATrj_yO9wPgBAOIBe-vlog-kAYBoAZNgAesrfWfA6gH2baxAqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4bqAeaBqgH89EbqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCBYIgOGAEBABGB0yAqoCOgKAQEi9_cE6gAoBmAsByAsBgAwBqg0CREXIDQGwE8yc2RLQEwDYEwOIFAHYFAHQFQH4FgGAFwE%26ae%3D1%26gclid%3DEAIaIQobChMI49SEncSEgQMVUgvgCh1fZw-8EAEYASAAEgI7W_D_BwE%26num%3D1%26cid%3DCAQSTABpAlJWjiLC6cN0y6Af-KVXk8DBkmSzEAbYcieNmu4lAVz1VLLZ_paAOVfDx0eYlW3te2SyfTWQ_evKRIWjp9kxnT6cOhSshvccfd0YAQ%26sig%3DAOD64_122bBQjhloF8WAH1sxuJLyG4pz_w%26client%3Dca-pub-8786690744144524%26dbm_c%3DAKAmf-AkPGdnblfVa1pf-WMKQNTevkJkkmSKb5zoSlmAlDP_EFBTogYZr7_i9wyCySeNExEjTVOGvMML2PzkfNiJ7iQm_ZVUlzKX-_Qx3Itld8uRf03K6biGuAlfwhHPo-ZEztHtBuaCxDr7YcQ5NNToTNGNeLyZz_a_yyg0oLgG-xU5_h63dlI%26cry%3D1%26dbm_d%3DAKAmf-Ba7Nf1xypMkNACg4iFslqxp39940B5s2FxVZqxPrGtiTzMkcH4bZHoS9rMBNiGe8STNo_4gIs6o3KCJDUHCNk5Mj03KFCkxOiLP5sdx-rjhxmmnWa0XfGK9T2hxrxGItuKmKisCHGT0G0-28issGnTET843s_HWr33IsQVUnIlrsvMQn1Dq5lW_SUy6LV9rauNwZ6-pV2de8LNTeHAwtSY3JXV2qouDcl-f5PCRkn-c2XZ9POsjTXeTW0ck3XMFAP-SWXLkpLfFzygZ1Upn61nT6MRdh7rsGVHwACGRmto9RAS7g_oEuA7fourhw282Pl6zCNYi_a5LPbjfGU3oZuBhhHV4GZKSOU1EpckCvjuUPgDlO0ZldZmdxy4_JATYeXqv1isVFI5w89krq-AxDSk49f5HlQd9I-V1x6TiRCvGhpEVFqiBH-El0i-YDtZ-8D-VMte2Kk6molpwRKk6B7MCcVdaXUW0ajGydQyvJgRyFVDWdruwhXXcoKZcioy2xtpKGc9%26adurl%3D
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.84.244 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.244.84.201.138.clients.your-server.de
Software: Apache /
Resource Hash: 79c1045012152e819305ac27c918d165d37afb02633e19de06dece1eaaf2c330

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 30 Aug 2023 13:54:22 GMT
Content-Encoding: gzip
Server: Apache
Vary: Accept-Encoding
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: application/x-javascript; charset=utf-8
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
X-NEORY-SubId: 45250500104519004444550012432026
Connection: close
Content-Length: 1350
Expires: Wed, 30 Aug 2023 14:54:22 +0200

GET
H3 200 PkiGnUWInYwTcBYaxbSZywLcc8a-vvuMSHFzAQqrt4s.js Show response
pagead2.googlesyndication.com/bg/ Frame F0C9 37 KB
14 KB 25ms
20ms Script
text/javascript 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/PkiGnUWInYwTcBYaxbSZywLcc8a-vvuMSHFzAQqrt4s.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3e48869d45889d8c1370161ac5b499cb02dc73c6bebefb8c487173010aabb78b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Wed, 30 Aug 2023 13:43:49 GMT
content-encoding: br
x-content-type-options: nosniff
age: 633
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14710
x-xss-protection: 0
last-modified: Tue, 22 Aug 2023 10:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 29 Aug 2024 13:43:49 GMT

GET
H3 200 PkiGnUWInYwTcBYaxbSZywLcc8a-vvuMSHFzAQqrt4s.js Show response
pagead2.googlesyndication.com/bg/ Frame 878B 37 KB
14 KB 27ms
22ms Script
text/javascript 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/PkiGnUWInYwTcBYaxbSZywLcc8a-vvuMSHFzAQqrt4s.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3e48869d45889d8c1370161ac5b499cb02dc73c6bebefb8c487173010aabb78b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Wed, 30 Aug 2023 13:43:49 GMT
content-encoding: br
x-content-type-options: nosniff
age: 633
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14710
x-xss-protection: 0
last-modified: Tue, 22 Aug 2023 10:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 29 Aug 2024 13:43:49 GMT

GET
H3 200 PkiGnUWInYwTcBYaxbSZywLcc8a-vvuMSHFzAQqrt4s.js Show response
pagead2.googlesyndication.com/bg/ Frame C11E 37 KB
14 KB 28ms
25ms Script
text/javascript 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/PkiGnUWInYwTcBYaxbSZywLcc8a-vvuMSHFzAQqrt4s.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3e48869d45889d8c1370161ac5b499cb02dc73c6bebefb8c487173010aabb78b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Wed, 30 Aug 2023 13:43:49 GMT
content-encoding: br
x-content-type-options: nosniff
age: 633
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14710
x-xss-protection: 0
last-modified: Tue, 22 Aug 2023 10:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 29 Aug 2024 13:43:49 GMT

GET
H3 200 PkiGnUWInYwTcBYaxbSZywLcc8a-vvuMSHFzAQqrt4s.js Show response
pagead2.googlesyndication.com/bg/ Frame A38A 37 KB
14 KB 29ms
26ms Script
text/javascript 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/PkiGnUWInYwTcBYaxbSZywLcc8a-vvuMSHFzAQqrt4s.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3e48869d45889d8c1370161ac5b499cb02dc73c6bebefb8c487173010aabb78b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Wed, 30 Aug 2023 13:43:49 GMT
content-encoding: br
x-content-type-options: nosniff
age: 633
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14710
x-xss-protection: 0
last-modified: Tue, 22 Aug 2023 10:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 29 Aug 2024 13:43:49 GMT

GET
H3 200 PkiGnUWInYwTcBYaxbSZywLcc8a-vvuMSHFzAQqrt4s.js Show response
pagead2.googlesyndication.com/bg/ Frame 0CCF 37 KB
14 KB 32ms
29ms Script
text/javascript 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/PkiGnUWInYwTcBYaxbSZywLcc8a-vvuMSHFzAQqrt4s.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3e48869d45889d8c1370161ac5b499cb02dc73c6bebefb8c487173010aabb78b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Wed, 30 Aug 2023 13:43:49 GMT
content-encoding: br
x-content-type-options: nosniff
age: 633
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14710
x-xss-protection: 0
last-modified: Tue, 22 Aug 2023 10:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 29 Aug 2024 13:43:49 GMT

GET
H3 200 PkiGnUWInYwTcBYaxbSZywLcc8a-vvuMSHFzAQqrt4s.js Show response
pagead2.googlesyndication.com/bg/ Frame CF00 37 KB
14 KB 32ms
30ms Script
text/javascript 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/PkiGnUWInYwTcBYaxbSZywLcc8a-vvuMSHFzAQqrt4s.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3e48869d45889d8c1370161ac5b499cb02dc73c6bebefb8c487173010aabb78b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Wed, 30 Aug 2023 13:43:49 GMT
content-encoding: br
x-content-type-options: nosniff
age: 633
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14710
x-xss-protection: 0
last-modified: Tue, 22 Aug 2023 10:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 29 Aug 2024 13:43:49 GMT

GET
H/1.1 200
OK request.php Show response
hal900023.redintelligence.net/ Frame AE73 4 KB
2 KB 148ms
85ms Script
application/x-javascript 78.46.23.46
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal900023.redintelligence.net/request.php?zone=g72h7lz2c4az&nw=20&renderingType=javascript&namespace=518e66827a&subid=&uid=33c350b8f4a0ba90&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=728x90&scrollPos=0x0&extData[]=&extVar[]=DV360_SSP%3A1&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DC2MnuDErvZOKeDtKWgAffzr3gC6blvaBphZWcp8kP8C4QASCglrcuYJWK-4GUB8gBCakCAHcZnNREsj6oAwHIA5sEqgTjAU_QIOiduovaRIYoJFrjYlaHkk1svkVqnwRVPdZm9vnDBn5afAqoj9TvECRd6ZvhKHNMDFU9_0kvps690TLSOLGQUoO7BU8Rw8F_s9VgpVDVRT2jBUVN3oyMJwEdzAJY93kFUZ5kJzjM3cZoUU0g5PaLOpOsOC2bIrpjj8hI10SuSdNYW1UQkfoObBc6cZ12viCKTt6buxCYL0o_-oAVpr6TZLkKwvgBG16-45khbA1THj75sWm2TBtRRsBjjXdenXIqrCvfmXt7kqlVf1Y9FidIliWVRGLK_H_oZ-ZZ160vFL4wwATrj_yO9wPgBAOIBe-vlog-kAYBoAZNgAesrfWfA6gH2baxAqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4bqAeaBqgH89EbqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCBYIgOGAEBABGB0yAqoCOgKAQEi9_cE6gAoBmAsByAsBgAwBqg0CREXIDQGwE8yc2RLQEwDYEwOIFAHYFAHQFQH4FgGAFwE%26ae%3D1%26gclid%3DEAIaIQobChMI4tSEncSEgQMVUgvgCh1fZw-8EAEYASAAEgK4nPD_BwE%26num%3D1%26cid%3DCAQSTABpAlJWjiLC6cN0y6Af-KVXk8DBkmSzEAbYcieNmu4lAVz1VLLZ_paAOVfDx0eYlW3te2SyfTWQ_evKRIWjp9kxnT6cOhSshvccfd0YAQ%26sig%3DAOD64_2aPQ6A8rtXgU2LjLNeuU2qlGbUlA%26client%3Dca-pub-8786690744144524%26dbm_c%3DAKAmf-ACkzZPs_lwSsVkeLLR_VsfuTKl2fpjgY0HHCh4ff5PCxqmE4DrKqwwkMoHPNetccjzGaC-lNXhRGfCVCHQ7DXXvCeSRp0xDlvxIgaVFCIv8vDUCVsf6h1blJSqY5rTfxQuNBKd1FaJJOW7bterDLiKkkFd-1DaJ31QQ8eHwvan29zwYvQ%26cry%3D1%26dbm_d%3DAKAmf-AVcMMRXiF-zVlJ66BEhAtH1LwpO0EnXwG6uMnPlP_ZnKK-T9Efc2C91TSfLQ89M5ZFWJ3pSbIrfk4boCPzuRpSi3fX1hPEyaGyrKFyc1ChyGH3vYUvvnuhQtR5NULXQzybRk4dQwZP6xjbjUHszMEP9HHzPOjLjGuOU5N3RKM_Xh8is89vBZ4Iv_j36NN9NARoOjH_JWNHOgJN0N2lhoLebbeIJqnVCPLys2w_aR2iXkc-TxwK2HMhWqc0bCw3booOLwjXcvAyUYMZzQk_JvxHO-cFPRfy8QugTYFwiIIau0kIw7i-JAeYTzW8EmZDGCArfHz3Vah6tXB-8tAse6dVmcXLLze9xD4U_YHpNSlJNbpBJ4oB0fX12ReJ0ySUSdxaRJWJXhMvq7v3jb-iQepQJnu64YqBX1P0tWMCf1nJEchC-cb4Hk1JuKdRRly_4CtbFCs9LSQwXlNUy5AMbPsYPtYqzrHTt3MLc3C1cQS5k6hkP4igHlY8SXFvcIccdISYxRzi%26adurl%3D&documentReferer=https%3A%2F%2Fepicenter.bg%2F&ancestorOrigins=https%3A%2F%2Fepicenter.bg&random=3699855567671&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0
Requested by: Host: hal9000.redintelligence.net
URL: https://hal9000.redintelligence.net/zone/g72h7lz2c4az?subid=&gdpr=&gdpr_consent=&rnd=1693403660233314&extVar[]=DV360_SSP:1&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DC2MnuDErvZOKeDtKWgAffzr3gC6blvaBphZWcp8kP8C4QASCglrcuYJWK-4GUB8gBCakCAHcZnNREsj6oAwHIA5sEqgTjAU_QIOiduovaRIYoJFrjYlaHkk1svkVqnwRVPdZm9vnDBn5afAqoj9TvECRd6ZvhKHNMDFU9_0kvps690TLSOLGQUoO7BU8Rw8F_s9VgpVDVRT2jBUVN3oyMJwEdzAJY93kFUZ5kJzjM3cZoUU0g5PaLOpOsOC2bIrpjj8hI10SuSdNYW1UQkfoObBc6cZ12viCKTt6buxCYL0o_-oAVpr6TZLkKwvgBG16-45khbA1THj75sWm2TBtRRsBjjXdenXIqrCvfmXt7kqlVf1Y9FidIliWVRGLK_H_oZ-ZZ160vFL4wwATrj_yO9wPgBAOIBe-vlog-kAYBoAZNgAesrfWfA6gH2baxAqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4bqAeaBqgH89EbqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCBYIgOGAEBABGB0yAqoCOgKAQEi9_cE6gAoBmAsByAsBgAwBqg0CREXIDQGwE8yc2RLQEwDYEwOIFAHYFAHQFQH4FgGAFwE%26ae%3D1%26gclid%3DEAIaIQobChMI4tSEncSEgQMVUgvgCh1fZw-8EAEYASAAEgK4nPD_BwE%26num%3D1%26cid%3DCAQSTABpAlJWjiLC6cN0y6Af-KVXk8DBkmSzEAbYcieNmu4lAVz1VLLZ_paAOVfDx0eYlW3te2SyfTWQ_evKRIWjp9kxnT6cOhSshvccfd0YAQ%26sig%3DAOD64_2aPQ6A8rtXgU2LjLNeuU2qlGbUlA%26client%3Dca-pub-8786690744144524%26dbm_c%3DAKAmf-ACkzZPs_lwSsVkeLLR_VsfuTKl2fpjgY0HHCh4ff5PCxqmE4DrKqwwkMoHPNetccjzGaC-lNXhRGfCVCHQ7DXXvCeSRp0xDlvxIgaVFCIv8vDUCVsf6h1blJSqY5rTfxQuNBKd1FaJJOW7bterDLiKkkFd-1DaJ31QQ8eHwvan29zwYvQ%26cry%3D1%26dbm_d%3DAKAmf-AVcMMRXiF-zVlJ66BEhAtH1LwpO0EnXwG6uMnPlP_ZnKK-T9Efc2C91TSfLQ89M5ZFWJ3pSbIrfk4boCPzuRpSi3fX1hPEyaGyrKFyc1ChyGH3vYUvvnuhQtR5NULXQzybRk4dQwZP6xjbjUHszMEP9HHzPOjLjGuOU5N3RKM_Xh8is89vBZ4Iv_j36NN9NARoOjH_JWNHOgJN0N2lhoLebbeIJqnVCPLys2w_aR2iXkc-TxwK2HMhWqc0bCw3booOLwjXcvAyUYMZzQk_JvxHO-cFPRfy8QugTYFwiIIau0kIw7i-JAeYTzW8EmZDGCArfHz3Vah6tXB-8tAse6dVmcXLLze9xD4U_YHpNSlJNbpBJ4oB0fX12ReJ0ySUSdxaRJWJXhMvq7v3jb-iQepQJnu64YqBX1P0tWMCf1nJEchC-cb4Hk1JuKdRRly_4CtbFCs9LSQwXlNUy5AMbPsYPtYqzrHTt3MLc3C1cQS5k6hkP4igHlY8SXFvcIccdISYxRzi%26adurl%3D
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 78.46.23.46 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.46.23.46.78.clients.your-server.de
Software: Apache /
Resource Hash: adb8c6f4563a53800a59acde11f4d4ab22da6349db0c55761f63c8d563f29e36

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 30 Aug 2023 13:54:22 GMT
Content-Encoding: gzip
Server: Apache
Vary: Accept-Encoding
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: application/x-javascript; charset=utf-8
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
X-NEORY-SubId: 32045500103064804444550012432023
Connection: close
Content-Length: 1350
Expires: Wed, 30 Aug 2023 14:54:22 +0200

GET
H3 200 PkiGnUWInYwTcBYaxbSZywLcc8a-vvuMSHFzAQqrt4s.js Show response
pagead2.googlesyndication.com/bg/ Frame 6488 37 KB
14 KB 24ms
23ms Script
text/javascript 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/PkiGnUWInYwTcBYaxbSZywLcc8a-vvuMSHFzAQqrt4s.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3e48869d45889d8c1370161ac5b499cb02dc73c6bebefb8c487173010aabb78b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Wed, 30 Aug 2023 13:43:49 GMT
content-encoding: br
x-content-type-options: nosniff
age: 633
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14710
x-xss-protection: 0
last-modified: Tue, 22 Aug 2023 10:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 29 Aug 2024 13:43:49 GMT

GET
H/1.1 200
OK e99aace94e6e58733936cdd965d03e75 Show response
pv.medialead.de/trck/epv/ Frame 1386 0
466 B 157ms
66ms Document
application/javascript 145.239.193.130
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://pv.medialead.de/trck/epv/e99aace94e6e58733936cdd965d03e75?subid=84913800085385704444550012432017&t=htlp&gdpr=1&consent=1&gdpr_consent=

Requested by

Host: hal900017.redintelligence.net
URL: https://hal900017.redintelligence.net/request.php?zone=g72h7lz2c4az&nw=20&renderingType=javascript&namespace=96406a8214&subid=&uid=50c16bb9a69fdda1&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=728x90&scrollPos=0x0&extData[]=&extVar[]=DV360_SSP%3A1&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCJ32bDErvZOGeDtKWgAffzr3gC6blvaBphZWcp8kP8C4QASCglrcuYJWK-4GUB8gBCakCAHcZnNREsj6oAwHIA5sEqgTjAU_QBMRQhgF1ApBHFajiPwFzIxzvshSKd8aJhrtbME3Av39SOXKqIwC85t2xhN58vWBLUzwy0PDiTtC78c1Rrsv7gRL5hOmnNGm7Lt-ABFqs9UFfsOBiGQnZY7zXQyT304wYF0zobyTlaf5ywFuQhIe3Np4piAa9qhmeuFWnjlrtGAryp83TtHefa0XDhhhdI0BKODzj8tvd7xUj6nCCxw-v0JgOKvxOzgNUfxcnYbODYgWdGHDdJF8mIBJeTvIehQLE4x4eReSWM6Zq5sHvBjhH_eYr1MVo9oaJrGtgaeRIkbYUwATrj_yO9wPgBAOIBe-vlog-kAYBoAZNgAesrfWfA6gH2baxAqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4bqAeaBqgH89EbqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCBYIgOGAEBABGB0yAqoCOgKAQEi9_cE6gAoBmAsByAsBgAwBqg0CREXIDQGwE8yc2RLQEwDYEwOIFAHYFAHQFQH4FgGAFwE%26ae%3D1%26gclid%3DEAIaIQobChMI4dSEncSEgQMVUgvgCh1fZw-8EAEYASAAEgLhBfD_BwE%26num%3D1%26cid%3DCAQSTABpAlJWjiLC6cN0y6Af-KVXk8DBkmSzEAbYcieNmu4lAVz1VLLZ_paAOVfDx0eYlW3te2SyfTWQ_evKRIWjp9kxnT6cOhSshvccfd0YAQ%26sig%3DAOD64_3jGmJ_S61TE65XViYTsUJ6s2Yc-w%26client%3Dca-pub-8786690744144524%26dbm_c%3DAKAmf-BlclV8MXi4DxrK5fd_oTUlPOR_qspBv2OdO_0fznf4jiBeyuy-J-JbccSbTyzCgw1JtLWU0HpOUMKBM57r-CzTSk8Ms9jrfXc7KaX4np4Rt8mPxR1IjwJPudW6Jw8uqOWPgfNgrIVAdW58rles1DRckZnE0pdluoa3fcX7Nu8-5lxk99A%26cry%3D1%26dbm_d%3DAKAmf-CtK6NbOK07-JNdXEG3VYTvA1WX7OrXyMZWQhcRLxD3tY486N4r0YJZnphQbWU4qhUx6vny_5RbHvKrlLFBtxL5yIzz7Ig96rii6-1dJv9E3ZWYYiSMHZOX1BD3PgmPxCiQDnbpSIblSx-DmgmO2VLpDKs6X39-ZWnAQbBVfqfAS4WgsTKsfaCBhkUSxuSioofgM8TCYS6kfZiokxVy-b_6bVxIynhvxF25Y-srgOzndK2h31GbCSgKUsA2w9UQcCb1VMaRTriwgZFhQ1i2YFwSZ6y2ebVzpGieT-7RHNWfoBbd7WFFhL-DO1JTWy4wMQ5usVg8cO2PLoNL43kohQDvLkZlMRS1EH-qa_AyGsBjfFhQZmN9wNW_sXnFBvzZPwVanqHjNBfj4u4RrPWNbsG-dMRAgsqszMeRpqFdNVWnOBUV1rgg1l961bZM3CR-KIGNCMuBfqPwoDZ2RG0ZjjlJt1cs2Qpe2rUvkY2e6uY1H4F2_NJ-zk9AcaRKUrVUwiqiQigf%26adurl%3D&documentReferer=https%3A%2F%2Fepicenter.bg%2F&ancestorOrigins=https%3A%2F%2Fepicenter.bg&random=9104717212698&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

145.239.193.130 , France, ASN16276 (OVH, FR),

Reverse DNS

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000

Request headers

Referer: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: X-Request-ID
Content-Length: 0
Content-Type: application/javascript; charset=utf-8
Date: Wed, 30 Aug 2023 13:54:22 GMT
Host: pv.medialead.de
Proxy-Host: pv.medialead.de
Server: nginx
Strict-Transport-Security: max-age=15768000
Vary: Origin
X-IPLB-Instance: 40027
X-IPLB-Request-ID: 5413AFB8:94D6_91EFC182:01BB_64EF4A0E_968B9C8:22021

GET
H2 200 / Show response
adv.office-partner.de/ Frame 61AF 930 B
931 B 112ms
27ms Document
text/html 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to

Full URL: https://adv.office-partner.de/?utm_source=webgains&utm_campaign=webgains
Requested by: Host: hal900017.redintelligence.net
URL: https://hal900017.redintelligence.net/request.php?zone=g72h7lz2c4az&nw=20&renderingType=javascript&namespace=96406a8214&subid=&uid=50c16bb9a69fdda1&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=728x90&scrollPos=0x0&extData[]=&extVar[]=DV360_SSP%3A1&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCJ32bDErvZOGeDtKWgAffzr3gC6blvaBphZWcp8kP8C4QASCglrcuYJWK-4GUB8gBCakCAHcZnNREsj6oAwHIA5sEqgTjAU_QBMRQhgF1ApBHFajiPwFzIxzvshSKd8aJhrtbME3Av39SOXKqIwC85t2xhN58vWBLUzwy0PDiTtC78c1Rrsv7gRL5hOmnNGm7Lt-ABFqs9UFfsOBiGQnZY7zXQyT304wYF0zobyTlaf5ywFuQhIe3Np4piAa9qhmeuFWnjlrtGAryp83TtHefa0XDhhhdI0BKODzj8tvd7xUj6nCCxw-v0JgOKvxOzgNUfxcnYbODYgWdGHDdJF8mIBJeTvIehQLE4x4eReSWM6Zq5sHvBjhH_eYr1MVo9oaJrGtgaeRIkbYUwATrj_yO9wPgBAOIBe-vlog-kAYBoAZNgAesrfWfA6gH2baxAqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4bqAeaBqgH89EbqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCBYIgOGAEBABGB0yAqoCOgKAQEi9_cE6gAoBmAsByAsBgAwBqg0CREXIDQGwE8yc2RLQEwDYEwOIFAHYFAHQFQH4FgGAFwE%26ae%3D1%26gclid%3DEAIaIQobChMI4dSEncSEgQMVUgvgCh1fZw-8EAEYASAAEgLhBfD_BwE%26num%3D1%26cid%3DCAQSTABpAlJWjiLC6cN0y6Af-KVXk8DBkmSzEAbYcieNmu4lAVz1VLLZ_paAOVfDx0eYlW3te2SyfTWQ_evKRIWjp9kxnT6cOhSshvccfd0YAQ%26sig%3DAOD64_3jGmJ_S61TE65XViYTsUJ6s2Yc-w%26client%3Dca-pub-8786690744144524%26dbm_c%3DAKAmf-BlclV8MXi4DxrK5fd_oTUlPOR_qspBv2OdO_0fznf4jiBeyuy-J-JbccSbTyzCgw1JtLWU0HpOUMKBM57r-CzTSk8Ms9jrfXc7KaX4np4Rt8mPxR1IjwJPudW6Jw8uqOWPgfNgrIVAdW58rles1DRckZnE0pdluoa3fcX7Nu8-5lxk99A%26cry%3D1%26dbm_d%3DAKAmf-CtK6NbOK07-JNdXEG3VYTvA1WX7OrXyMZWQhcRLxD3tY486N4r0YJZnphQbWU4qhUx6vny_5RbHvKrlLFBtxL5yIzz7Ig96rii6-1dJv9E3ZWYYiSMHZOX1BD3PgmPxCiQDnbpSIblSx-DmgmO2VLpDKs6X39-ZWnAQbBVfqfAS4WgsTKsfaCBhkUSxuSioofgM8TCYS6kfZiokxVy-b_6bVxIynhvxF25Y-srgOzndK2h31GbCSgKUsA2w9UQcCb1VMaRTriwgZFhQ1i2YFwSZ6y2ebVzpGieT-7RHNWfoBbd7WFFhL-DO1JTWy4wMQ5usVg8cO2PLoNL43kohQDvLkZlMRS1EH-qa_AyGsBjfFhQZmN9wNW_sXnFBvzZPwVanqHjNBfj4u4RrPWNbsG-dMRAgsqszMeRpqFdNVWnOBUV1rgg1l961bZM3CR-KIGNCMuBfqPwoDZ2RG0ZjjlJt1cs2Qpe2rUvkY2e6uY1H4F2_NJ-zk9AcaRKUrVUwiqiQigf%26adurl%3D&documentReferer=https%3A%2F%2Fepicenter.bg%2F&ancestorOrigins=https%3A%2F%2Fepicenter.bg&random=9104717212698&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),
Reverse DNS
Software: keycdn-engine /
Resource Hash: 384179ee8fb1fd393558e28ea811532ea776e8cd69f9e94f379ddefb78948bd7

Request headers

Referer: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
cache-control: max-age=604800
content-encoding: gzip
content-length: 552
content-type: text/html
date: Wed, 30 Aug 2023 13:54:22 GMT
etag: "3a2-5c1ab16b3be00-gzip"
expires: Wed, 06 Sep 2023 13:54:22 GMT
last-modified: Thu, 06 May 2021 15:37:28 GMT
link: <https://adv-srv.office-partner.de/?utm_source=webgains&utm_campaign=webgains>; rel="canonical"
server: keycdn-engine
vary: Accept-Encoding
x-accel-version: 0.01
x-cache: HIT
x-edge-location: defr

GET
H/1.1 200
OK e99aace94e6e58733936cdd965d03e75 Show response
pv.medialead.de/trck/epv/ Frame A54E 0
465 B 330ms
112ms Script
application/javascript 145.239.193.130
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://pv.medialead.de/trck/epv/e99aace94e6e58733936cdd965d03e75?subid=84913800085385704444550012432017&t=htlp&gdpr=1&consent=1&gdpr_consent=

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

145.239.193.130 , France, ASN16276 (OVH, FR),

Reverse DNS

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

Date: Wed, 30 Aug 2023 13:54:22 GMT
Strict-Transport-Security: max-age=15768000
Server: nginx
Host: pv.medialead.de
X-IPLB-Request-ID: 5413AFB8:94DA_91EFC182:01BB_64EF4A0E_9735DF8:B82C
X-IPLB-Instance: 40028
Vary: Origin
Content-Type: application/javascript; charset=utf-8
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: X-Request-ID
Access-Control-Allow-Credentials: true
Content-Length: 0
Proxy-Host: pv.medialead.de

GET
H/1.1 200
OK e99aace94e6e58733936cdd965d03e75
pv.medialead.de/trck/eview/ Frame A54E 43 B
482 B 421ms
169ms Image
image/gif 145.239.193.130
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pv.medialead.de/trck/eview/e99aace94e6e58733936cdd965d03e75?subid=84913800085385704444550012432017&t=htlp&gdpr=1&consent=1&gdpr_consent=

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

145.239.193.130 , France, ASN16276 (OVH, FR),

Reverse DNS

Software

nginx /

Resource Hash

548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

Date: Wed, 30 Aug 2023 13:54:22 GMT
Strict-Transport-Security: max-age=15768000
Server: nginx
Host: pv.medialead.de
X-IPLB-Request-ID: 5413AFB8:94D6_91EFC182:01BB_64EF4A0E_968B9EB:22021
X-IPLB-Instance: 40027
Vary: Origin
Content-Type: image/gif
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: X-Request-ID
Access-Control-Allow-Credentials: true
Content-Length: 43
Proxy-Host: pv.medialead.de

GET
H/1.1 200
OK cshow.php
www.awin1.com/ Frame A54E 43 B
705 B 170ms
86ms Image
image/gif 23.218.170.194
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.awin1.com/cshow.php?s=3266505&v=11601&q=357526&r=113440&pref1=84913800085385704444550012432017&pv=1

Requested by

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

23.218.170.194 Munich, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-218-170-194.deploy.static.akamaitechnologies.com

Software

Resource Hash

2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 30 Aug 2023 13:54:22 GMT
Strict-Transport-Security: max-age=86400
Node: Helix
Content-Type: image/gif
P3P: policyref="http://www.awin1.com/w3c/p3p.xml", CP="NOI NID CURa ADMa PSAa HISa OUR IND UNI PUR COM NAV"
Cache-Control: no-store, no-cache, max-age=0, must-revalidate
Awin-Akamai-Rule-Set: default
Connection: keep-alive
Content-Length: 43
Expires: 0

GET
H/1.1 200
OK e99aace94e6e5873881d3400993e1e7e Show response
pv.medialead.de/trck/epv/ Frame 5277 0
465 B 149ms
64ms Document
application/javascript 145.239.193.130
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://pv.medialead.de/trck/epv/e99aace94e6e5873881d3400993e1e7e?subid=25105600103854104444550012432015&t=htlp&gdpr=1&consent=1&gdpr_consent=

Requested by

Host: hal900015.redintelligence.net
URL: https://hal900015.redintelligence.net/request.php?zone=g72h7lz2c4az&nw=20&renderingType=javascript&namespace=a213e9746e&subid=&uid=f133b10c9beaa602&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=728x90&scrollPos=0x0&extData[]=&extVar[]=DV360_SSP%3A1&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DChiDQDErvZOSeDtKWgAffzr3gC6blvaBphZWcp8kP8C4QASCglrcuYJWK-4GUB8gBCakCAHcZnNREsj6oAwHIA5sEqgTjAU_Q3SXlBOMuWg7gXtxGAgd8f-6AT2AcO7bQuYj_PIVl42myDjQ9OiiYyxT7mvWVybgtT8qGm9y1q512yiqRcI_v4VM86BRtFuJ2rF5b3zqwdJagqPR9pRTj6-mfCwJIW9m3VFnFXcur_yU30PMAO8XizhwVAGv8GlNu-IsPz5mqtu8hXMxU72QTAfy_mzYS55WgCRgJnwtLs-fDPcyXbHZknmWblsBgLWPq_C9SNtJa1ZJg6HmCzJ3UvzAlixTMN0314zb2RrtVMnp2wzLkgNGWXNcgQ40fgedn4tnJ1yZnCWSvwATrj_yO9wPgBAOIBe-vlog-kAYBoAZNgAesrfWfA6gH2baxAqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4bqAeaBqgH89EbqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCBYIgOGAEBABGB0yAqoCOgKAQEi9_cE6gAoBmAsByAsBgAwBqg0CREXIDQGwE8yc2RLQEwDYEwOIFAHYFAHQFQH4FgGAFwE%26ae%3D1%26gclid%3DEAIaIQobChMI5NSEncSEgQMVUgvgCh1fZw-8EAEYASAAEgJHUfD_BwE%26num%3D1%26cid%3DCAQSTABpAlJWjiLC6cN0y6Af-KVXk8DBkmSzEAbYcieNmu4lAVz1VLLZ_paAOVfDx0eYlW3te2SyfTWQ_evKRIWjp9kxnT6cOhSshvccfd0YAQ%26sig%3DAOD64_2HPNSqLgWfvmUQgSjKWn6cpf3j0w%26client%3Dca-pub-8786690744144524%26dbm_c%3DAKAmf-CG4jdg3eeF0lYqC_a8VAg2Sz-XNQDNQKtBnpt3zwUN_FDH6HViDlefQyMQ2er6ICOgUm4aqcnXRoAqAyWxGSOeBYuwRpl0_O6NpX49WWlOWqfWC80apdm68jPXVviQeHZFBir4W0UfVV02PDVL5qq0egJphRNAyQkkErTl0BNe-aB_d28%26cry%3D1%26dbm_d%3DAKAmf-CV3Am7KvFTIg3W1eoieVLEko7YeAXWOKXtdQ8EPtSJxihhSsYciKfatkFE-RKrDmnM3IYOQCVE9hCwHvQLV_OeWcP-gT4NOaP95cwIz29ojYEtn4gjLNv5woC2QDYPz4Gp3zvEa-DFIkMGCG_cgXeRQ43G0bE4HlYE_ikoFQj1jDiYlP19F0Kgmm7aXrnNP_LZszpsmaZtjN4RTLPgAs85FD-0kXqAKKz26a9NEBvbeOKYKmaOuMyzZAblpoY1DCG1Fi8ZQ5U8lYd6e2md-oDMpMUfVWdYPGk0pb2GcSsFpCXuE6AcQYoHN9aNZc2FYqmujUlrA4slnrEam_lBVKC_TJRTbwXHA4tzBOgQFzIkZ1OaCuUif5FgJcPFH_30DIogtKK3VWjwz7hIcL9x_3UihX68u-eS03tBJs27Zax7Xa1NGUHL5N9zqUjz1PNr3AakjNliEKT7fC0zHoDHC3ojjqg9e8gXqeSFL5mWfgQYmsWNbglNlf7oXGBNmRhoM9wLRPGe%26adurl%3D&documentReferer=https%3A%2F%2Fepicenter.bg%2F&ancestorOrigins=https%3A%2F%2Fepicenter.bg&random=2013262624462&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

145.239.193.130 , France, ASN16276 (OVH, FR),

Reverse DNS

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000

Request headers

Referer: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: X-Request-ID
Content-Length: 0
Content-Type: application/javascript; charset=utf-8
Date: Wed, 30 Aug 2023 13:54:22 GMT
Host: pv.medialead.de
Proxy-Host: pv.medialead.de
Server: nginx
Strict-Transport-Security: max-age=15768000
Vary: Origin
X-IPLB-Instance: 40028
X-IPLB-Request-ID: 5413AFB8:94DA_91EFC182:01BB_64EF4A0E_9735DE7:B82C

GET
H2 200 / Show response
adv.office-partner.de/ Frame 07C6 930 B
930 B 107ms
28ms Document
text/html 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to

Full URL: https://adv.office-partner.de/?utm_source=webgains&utm_campaign=webgains
Requested by: Host: hal900015.redintelligence.net
URL: https://hal900015.redintelligence.net/request.php?zone=g72h7lz2c4az&nw=20&renderingType=javascript&namespace=a213e9746e&subid=&uid=f133b10c9beaa602&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=728x90&scrollPos=0x0&extData[]=&extVar[]=DV360_SSP%3A1&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DChiDQDErvZOSeDtKWgAffzr3gC6blvaBphZWcp8kP8C4QASCglrcuYJWK-4GUB8gBCakCAHcZnNREsj6oAwHIA5sEqgTjAU_Q3SXlBOMuWg7gXtxGAgd8f-6AT2AcO7bQuYj_PIVl42myDjQ9OiiYyxT7mvWVybgtT8qGm9y1q512yiqRcI_v4VM86BRtFuJ2rF5b3zqwdJagqPR9pRTj6-mfCwJIW9m3VFnFXcur_yU30PMAO8XizhwVAGv8GlNu-IsPz5mqtu8hXMxU72QTAfy_mzYS55WgCRgJnwtLs-fDPcyXbHZknmWblsBgLWPq_C9SNtJa1ZJg6HmCzJ3UvzAlixTMN0314zb2RrtVMnp2wzLkgNGWXNcgQ40fgedn4tnJ1yZnCWSvwATrj_yO9wPgBAOIBe-vlog-kAYBoAZNgAesrfWfA6gH2baxAqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4bqAeaBqgH89EbqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCBYIgOGAEBABGB0yAqoCOgKAQEi9_cE6gAoBmAsByAsBgAwBqg0CREXIDQGwE8yc2RLQEwDYEwOIFAHYFAHQFQH4FgGAFwE%26ae%3D1%26gclid%3DEAIaIQobChMI5NSEncSEgQMVUgvgCh1fZw-8EAEYASAAEgJHUfD_BwE%26num%3D1%26cid%3DCAQSTABpAlJWjiLC6cN0y6Af-KVXk8DBkmSzEAbYcieNmu4lAVz1VLLZ_paAOVfDx0eYlW3te2SyfTWQ_evKRIWjp9kxnT6cOhSshvccfd0YAQ%26sig%3DAOD64_2HPNSqLgWfvmUQgSjKWn6cpf3j0w%26client%3Dca-pub-8786690744144524%26dbm_c%3DAKAmf-CG4jdg3eeF0lYqC_a8VAg2Sz-XNQDNQKtBnpt3zwUN_FDH6HViDlefQyMQ2er6ICOgUm4aqcnXRoAqAyWxGSOeBYuwRpl0_O6NpX49WWlOWqfWC80apdm68jPXVviQeHZFBir4W0UfVV02PDVL5qq0egJphRNAyQkkErTl0BNe-aB_d28%26cry%3D1%26dbm_d%3DAKAmf-CV3Am7KvFTIg3W1eoieVLEko7YeAXWOKXtdQ8EPtSJxihhSsYciKfatkFE-RKrDmnM3IYOQCVE9hCwHvQLV_OeWcP-gT4NOaP95cwIz29ojYEtn4gjLNv5woC2QDYPz4Gp3zvEa-DFIkMGCG_cgXeRQ43G0bE4HlYE_ikoFQj1jDiYlP19F0Kgmm7aXrnNP_LZszpsmaZtjN4RTLPgAs85FD-0kXqAKKz26a9NEBvbeOKYKmaOuMyzZAblpoY1DCG1Fi8ZQ5U8lYd6e2md-oDMpMUfVWdYPGk0pb2GcSsFpCXuE6AcQYoHN9aNZc2FYqmujUlrA4slnrEam_lBVKC_TJRTbwXHA4tzBOgQFzIkZ1OaCuUif5FgJcPFH_30DIogtKK3VWjwz7hIcL9x_3UihX68u-eS03tBJs27Zax7Xa1NGUHL5N9zqUjz1PNr3AakjNliEKT7fC0zHoDHC3ojjqg9e8gXqeSFL5mWfgQYmsWNbglNlf7oXGBNmRhoM9wLRPGe%26adurl%3D&documentReferer=https%3A%2F%2Fepicenter.bg%2F&ancestorOrigins=https%3A%2F%2Fepicenter.bg&random=2013262624462&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),
Reverse DNS
Software: keycdn-engine /
Resource Hash: 384179ee8fb1fd393558e28ea811532ea776e8cd69f9e94f379ddefb78948bd7

Request headers

Referer: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
cache-control: max-age=604800
content-encoding: gzip
content-length: 552
content-type: text/html
date: Wed, 30 Aug 2023 13:54:22 GMT
etag: "3a2-5c1ab16b3be00-gzip"
expires: Wed, 06 Sep 2023 13:54:22 GMT
last-modified: Thu, 06 May 2021 15:37:28 GMT
link: <https://adv-srv.office-partner.de/?utm_source=webgains&utm_campaign=webgains>; rel="canonical"
server: keycdn-engine
vary: Accept-Encoding
x-accel-version: 0.01
x-cache: HIT
x-edge-location: defr

GET
H2 200 link.html Show response
track.webgains.com/ Frame 5564 2 KB
2 KB 172ms
80ms Script
text/html 3.9.22.61
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://track.webgains.com/link.html?wglinkid=2513135&wgcampaignid=99582&js=1&viewref=25105600103854104444550012432015&nw=1
Requested by: Host: epicenter.bg
URL: https://epicenter.bg/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.9.22.61 London, United Kingdom, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-9-22-61.eu-west-2.compute.amazonaws.com
Software: nginx / PHP/7.4.26
Resource Hash: aa95ca6c9676932bc1ea0e9613a7d7a4a407ae7d3acaa69eafad033ab3a164c1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Wed, 30 Aug 2023 13:54:22 GMT
last-modified: Wed, 30 Aug 2023 13:54:22 GMT
server: nginx
x-powered-by: PHP/7.4.26
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=60
access-control-allow-headers: Authorization
expires: Wed, 30 Aug 2023 13:55:22 GMT

GET
H2

200

activityi;dc_pre=CIWInJ7EhIEDFfwJaAgdfn0E8Q;src=8019191;type=invmedia;cat=1up4h04i;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=4239880568996.5435 Show response
8019191.fls.doubleclick.net/ Frame 187C
Redirect Chain

https://8019191.fls.doubleclick.net/activityi;src=8019191;type=invmedia;cat=1up4h04i;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=4239880568996.5435?
https://8019191.fls.doubleclick.net/activityi;dc_pre=CIWInJ7EhIEDFfwJaAgdfn0E8Q;src=8019191;type=invmedia;cat=1up4h04i;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=4239880568996.5435?

392 B
285 B

145ms
138ms

Document
text/html

172.217.16.134
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://8019191.fls.doubleclick.net/activityi;dc_pre=CIWInJ7EhIEDFfwJaAgdfn0E8Q;src=8019191;type=invmedia;cat=1up4h04i;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=4239880568996.5435?

Requested by

Host: epicenter.bg
URL: https://epicenter.bg/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.16.134 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

zrh04s06-in-f134.1e100.net

Software

cafe /

Resource Hash

221d20e98d7a43170a8d2a43726c2792661d232992541bae5a9f05999cefbadf

Security Headers

Name	Value
Strict-Transport-Security	max-age=21600
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=0
content-encoding: br
content-length: 216
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 30 Aug 2023 13:54:22 GMT
expires: Wed, 30 Aug 2023 13:54:22 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
strict-transport-security: max-age=21600
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, must-revalidate
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 30 Aug 2023 13:54:22 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
follow-only-when-prerender-shown: 1
location: https://8019191.fls.doubleclick.net/activityi;dc_pre=CIWInJ7EhIEDFfwJaAgdfn0E8Q;src=8019191;type=invmedia;cat=1up4h04i;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=4239880568996.5435?
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma: no-cache
server: cafe
strict-transport-security: max-age=21600
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H/1.1 200
OK request_content.php Show response
hal900015.redintelligence.net/ Frame E94A 7 KB
2 KB 77ms
26ms Document
text/html 138.201.135.164
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal900015.redintelligence.net/request_content.php?s=25105600103854104444550012432015&a=a8e83eb0
Requested by: Host: hal900015.redintelligence.net
URL: https://hal900015.redintelligence.net/request.php?zone=g72h7lz2c4az&nw=20&renderingType=javascript&namespace=a213e9746e&subid=&uid=f133b10c9beaa602&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=728x90&scrollPos=0x0&extData[]=&extVar[]=DV360_SSP%3A1&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DChiDQDErvZOSeDtKWgAffzr3gC6blvaBphZWcp8kP8C4QASCglrcuYJWK-4GUB8gBCakCAHcZnNREsj6oAwHIA5sEqgTjAU_Q3SXlBOMuWg7gXtxGAgd8f-6AT2AcO7bQuYj_PIVl42myDjQ9OiiYyxT7mvWVybgtT8qGm9y1q512yiqRcI_v4VM86BRtFuJ2rF5b3zqwdJagqPR9pRTj6-mfCwJIW9m3VFnFXcur_yU30PMAO8XizhwVAGv8GlNu-IsPz5mqtu8hXMxU72QTAfy_mzYS55WgCRgJnwtLs-fDPcyXbHZknmWblsBgLWPq_C9SNtJa1ZJg6HmCzJ3UvzAlixTMN0314zb2RrtVMnp2wzLkgNGWXNcgQ40fgedn4tnJ1yZnCWSvwATrj_yO9wPgBAOIBe-vlog-kAYBoAZNgAesrfWfA6gH2baxAqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4bqAeaBqgH89EbqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCBYIgOGAEBABGB0yAqoCOgKAQEi9_cE6gAoBmAsByAsBgAwBqg0CREXIDQGwE8yc2RLQEwDYEwOIFAHYFAHQFQH4FgGAFwE%26ae%3D1%26gclid%3DEAIaIQobChMI5NSEncSEgQMVUgvgCh1fZw-8EAEYASAAEgJHUfD_BwE%26num%3D1%26cid%3DCAQSTABpAlJWjiLC6cN0y6Af-KVXk8DBkmSzEAbYcieNmu4lAVz1VLLZ_paAOVfDx0eYlW3te2SyfTWQ_evKRIWjp9kxnT6cOhSshvccfd0YAQ%26sig%3DAOD64_2HPNSqLgWfvmUQgSjKWn6cpf3j0w%26client%3Dca-pub-8786690744144524%26dbm_c%3DAKAmf-CG4jdg3eeF0lYqC_a8VAg2Sz-XNQDNQKtBnpt3zwUN_FDH6HViDlefQyMQ2er6ICOgUm4aqcnXRoAqAyWxGSOeBYuwRpl0_O6NpX49WWlOWqfWC80apdm68jPXVviQeHZFBir4W0UfVV02PDVL5qq0egJphRNAyQkkErTl0BNe-aB_d28%26cry%3D1%26dbm_d%3DAKAmf-CV3Am7KvFTIg3W1eoieVLEko7YeAXWOKXtdQ8EPtSJxihhSsYciKfatkFE-RKrDmnM3IYOQCVE9hCwHvQLV_OeWcP-gT4NOaP95cwIz29ojYEtn4gjLNv5woC2QDYPz4Gp3zvEa-DFIkMGCG_cgXeRQ43G0bE4HlYE_ikoFQj1jDiYlP19F0Kgmm7aXrnNP_LZszpsmaZtjN4RTLPgAs85FD-0kXqAKKz26a9NEBvbeOKYKmaOuMyzZAblpoY1DCG1Fi8ZQ5U8lYd6e2md-oDMpMUfVWdYPGk0pb2GcSsFpCXuE6AcQYoHN9aNZc2FYqmujUlrA4slnrEam_lBVKC_TJRTbwXHA4tzBOgQFzIkZ1OaCuUif5FgJcPFH_30DIogtKK3VWjwz7hIcL9x_3UihX68u-eS03tBJs27Zax7Xa1NGUHL5N9zqUjz1PNr3AakjNliEKT7fC0zHoDHC3ojjqg9e8gXqeSFL5mWfgQYmsWNbglNlf7oXGBNmRhoM9wLRPGe%26adurl%3D&documentReferer=https%3A%2F%2Fepicenter.bg%2F&ancestorOrigins=https%3A%2F%2Fepicenter.bg&random=2013262624462&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.135.164 St. Ingbert, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.164.135.201.138.clients.your-server.de
Software: Apache /
Resource Hash: 07ebd33d6259bd8106581c6ecc8e4b0abde63541f99664f71e8f2dedf819126b

Request headers

Referer: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Connection: close
Content-Encoding: gzip
Content-Length: 2066
Content-Type: text/html; charset=utf-8
Date: Wed, 30 Aug 2023 13:54:22 GMT
Expires: Wed, 30 Aug 2023 14:54:22 +0200
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Pragma: no-cache
Server: Apache
Vary: Accept-Encoding

GET
H/1.1

200
OK

e99aace94e6e5873881d3400993e1e7e
pv.medialead.de/trck/eview/ Frame 5564
Redirect Chain

https://medialead.de/trck/eview/e99aace94e6e5873881d3400993e1e7e?subid=25105600103854104444550012432015&t=htlp&gdpr=1&consent=1&gdpr_consent=
https://pv.medialead.de/trck/eview/e99aace94e6e5873881d3400993e1e7e?subid=25105600103854104444550012432015&t=htlp&gdpr=1&consent=1&gdpr_consent=

43 B
482 B

144ms
143ms

Image
image/gif

145.239.193.130
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pv.medialead.de/trck/eview/e99aace94e6e5873881d3400993e1e7e?subid=25105600103854104444550012432015&t=htlp&gdpr=1&consent=1&gdpr_consent=

Requested by

Host: 10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com
URL: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

HTTP/1.1

Server

145.239.193.130 , France, ASN16276 (OVH, FR),

Reverse DNS

Software

nginx /

Resource Hash

548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

Date: Wed, 30 Aug 2023 13:54:23 GMT
Strict-Transport-Security: max-age=15768000
Server: nginx
Host: pv.medialead.de
X-IPLB-Request-ID: 5413AFB8:94DE_91EFC182:01BB_64EF4A0F_9686C16:22022
X-IPLB-Instance: 40027
Vary: Origin
Content-Type: image/gif
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: X-Request-ID
Access-Control-Allow-Credentials: true
Content-Length: 43
Proxy-Host: pv.medialead.de

Redirect headers

location: https://pv.medialead.de/trck/eview/e99aace94e6e5873881d3400993e1e7e?subid=25105600103854104444550012432015&t=htlp&gdpr=1&consent=1&gdpr_consent=
date: Wed, 30 Aug 2023 13:54:22 GMT
server: nginx
content-length: 154
content-type: text/html

GET
H/1.1 200
OK cshow.php
www.awin1.com/ Frame 5564 43 B
705 B 178ms
103ms Image
image/gif 23.218.170.194
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.awin1.com/cshow.php?s=3266505&v=11601&q=357526&r=113440&pref1=25105600103854104444550012432015&pv=1

Requested by

Host: 10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com
URL: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

23.218.170.194 Munich, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-218-170-194.deploy.static.akamaitechnologies.com

Software

Resource Hash

2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 30 Aug 2023 13:54:22 GMT
Strict-Transport-Security: max-age=86400
Node: Helix
Content-Type: image/gif
P3P: policyref="http://www.awin1.com/w3c/p3p.xml", CP="NOI NID CURa ADMa PSAa HISa OUR IND UNI PUR COM NAV"
Cache-Control: no-store, no-cache, max-age=0, must-revalidate
Awin-Akamai-Rule-Set: default
Connection: keep-alive
Content-Length: 43
Expires: 0

GET
H2 200 / Show response
adv.office-partner.de/ Frame AA56 930 B
930 B 102ms
28ms Document
text/html 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to

Full URL: https://adv.office-partner.de/?utm_source=webgains&utm_campaign=webgains
Requested by: Host: hal900012.redintelligence.net
URL: https://hal900012.redintelligence.net/request.php?zone=jf2y0amzcvu0&nw=20&renderingType=javascript&namespace=9c910844d3&subid=&uid=5212bf25e8e84852&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=300x600&scrollPos=0x0&extData[]=&extVar[]=DV360_SSP%3A1&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCgEnvDErvZNmeDtKWgAffzr3gC6blvaBpvZicp8kP8C4QASCglrcuYJWK-4GUB8gBCakCAHcZnNREsj6oAwHIA5sEqgThAU_Qj3UX1REfgZDDgNFqLL341ujw02yDXUNLAyYPLA1Y5FXR8ZYL-ayNRQxE3KmsXaSkAmPRR7FyIwm5wMOldWzqGDzq7R7_jjfh5ByAU5TWKOgltfMbrQLdf40-LftMIjDp3UqpBsYUIXUzO0gpe53b4n-S4B1V8jZwgpY2spE9lthtrh_vUdwOfx19ME7i4uvSs3y6kFQ7bnT9JHHjmxPz2F952UKvR37ped2DtgX_JrjuKAu2JcVVdNAjeNXpU6XIwbIbY3WWBsIlYpkyucbNoq_j0Zv7pqrg65UN3JwD4cAE64_8jvcD4AQDiAXvr5aIPpAGAaAGTYAHrK31nwOoB9m2sQKoB47OG6gHk9gbqAfulrECqAf-nrECqAeko7ECqAfVyRuoB6a-G6gHmgaoB_PRG6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggWCIDhgBAQARgdMgKqAjoCgEBIvf3BOoAKAZgLAcgLAYAMAaoNAkRFyA0BsBPMnNkS0BMA2BMDiBQB2BQB0BUB-BYBgBcB%26ae%3D1%26gclid%3DEAIaIQobChMI2dSEncSEgQMVUgvgCh1fZw-8EAEYASAAEgIyDvD_BwE%26num%3D1%26cid%3DCAQSTABpAlJWjiLC6cN0y6Af-KVXk8DBkmSzEAbYcieNmu4lAVz1VLLZ_paAOVfDx0eYlW3te2SyfTWQ_evKRIWjp9kxnT6cOhSshvccfd0YAQ%26sig%3DAOD64_1dSeSYzc5Q-cHiuMow1imZ-mmL5A%26client%3Dca-pub-8786690744144524%26dbm_c%3DAKAmf-BclZsSCanrx5fdkjSVgq8_vXmWk8RVPhkIw0SsDgKATYRVTDKfNfhQJ2daFqzVU2xO-wq14PvzYEaUks7VUZndFXxraA729mtBdXGnX-6YLuRDGmJZO6hiVs4K6tGQ8fdvqCm465err4j6av0KM6-OwdYmqxSfReo8TmbWi3t4Fy5tUtc%26cry%3D1%26dbm_d%3DAKAmf-CX_5CfTTarLSqMLrvPHXtndf2X2KbIDGukP67pzwWdzLDxN8x1tHC5Kg62poyD4-821zFLZP8P4tEmqaVVXDoJQ58IJkhvLZQlf-LzMmdgiSV-d3T8rhmM7sVi0qKhRMl0slw5V9X1AfXdagPQiy5lQEy2Cygt3W10qry1NCdYFSIlzICG_rm7DPV_yIthmGkLBRjDGvmO46MEB-3sMHC3k2JPtER0yf2w7ogysiu5aMd73z3X_JSoQzhPS3VrEEkO1fP08HUKXNwjjHjDSrFFpyjLScKAMGh7BeeZCws8u0IsIxFClCerakQ3IWTLGaq5ZD4zAZQ_mQVLivTYvOibaWaBaermUJQgJTomHjWtFXZyMBR9fyKd05Mi6ZZzCOiQHINssH9_6HRthzUk_hShM-PqqUViCPHXZS0yRYdJxEaIXABXO0TDmRhTccpFPRqxuiMxaXCGKhnE2jKaooJf3o2FyPmxUFx8qyu4LZJfeUAqUUxlTWPFS7ljrVZrNyApdUeH%26adurl%3D&documentReferer=https%3A%2F%2Fepicenter.bg%2F&ancestorOrigins=https%3A%2F%2Fepicenter.bg&random=7418472492515&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),
Reverse DNS
Software: keycdn-engine /
Resource Hash: 384179ee8fb1fd393558e28ea811532ea776e8cd69f9e94f379ddefb78948bd7

Request headers

Referer: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
cache-control: max-age=604800
content-encoding: gzip
content-length: 552
content-type: text/html
date: Wed, 30 Aug 2023 13:54:22 GMT
etag: "3a2-5c1ab16b3be00-gzip"
expires: Wed, 06 Sep 2023 13:54:22 GMT
last-modified: Thu, 06 May 2021 15:37:28 GMT
link: <https://adv-srv.office-partner.de/?utm_source=webgains&utm_campaign=webgains>; rel="canonical"
server: keycdn-engine
vary: Accept-Encoding
x-accel-version: 0.01
x-cache: HIT
x-edge-location: defr

GET
H/1.1 200
OK e99aace94e6e5873881d3400993e1e7e Show response
pv.medialead.de/trck/epv/ Frame 0504 0
466 B 158ms
67ms Document
application/javascript 145.239.193.130
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://pv.medialead.de/trck/epv/e99aace94e6e5873881d3400993e1e7e?subid=62711200102690604444978012432012&t=htlp&gdpr=1&consent=1&gdpr_consent=

Requested by

Host: hal900012.redintelligence.net
URL: https://hal900012.redintelligence.net/request.php?zone=jf2y0amzcvu0&nw=20&renderingType=javascript&namespace=9c910844d3&subid=&uid=5212bf25e8e84852&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=300x600&scrollPos=0x0&extData[]=&extVar[]=DV360_SSP%3A1&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCgEnvDErvZNmeDtKWgAffzr3gC6blvaBpvZicp8kP8C4QASCglrcuYJWK-4GUB8gBCakCAHcZnNREsj6oAwHIA5sEqgThAU_Qj3UX1REfgZDDgNFqLL341ujw02yDXUNLAyYPLA1Y5FXR8ZYL-ayNRQxE3KmsXaSkAmPRR7FyIwm5wMOldWzqGDzq7R7_jjfh5ByAU5TWKOgltfMbrQLdf40-LftMIjDp3UqpBsYUIXUzO0gpe53b4n-S4B1V8jZwgpY2spE9lthtrh_vUdwOfx19ME7i4uvSs3y6kFQ7bnT9JHHjmxPz2F952UKvR37ped2DtgX_JrjuKAu2JcVVdNAjeNXpU6XIwbIbY3WWBsIlYpkyucbNoq_j0Zv7pqrg65UN3JwD4cAE64_8jvcD4AQDiAXvr5aIPpAGAaAGTYAHrK31nwOoB9m2sQKoB47OG6gHk9gbqAfulrECqAf-nrECqAeko7ECqAfVyRuoB6a-G6gHmgaoB_PRG6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggWCIDhgBAQARgdMgKqAjoCgEBIvf3BOoAKAZgLAcgLAYAMAaoNAkRFyA0BsBPMnNkS0BMA2BMDiBQB2BQB0BUB-BYBgBcB%26ae%3D1%26gclid%3DEAIaIQobChMI2dSEncSEgQMVUgvgCh1fZw-8EAEYASAAEgIyDvD_BwE%26num%3D1%26cid%3DCAQSTABpAlJWjiLC6cN0y6Af-KVXk8DBkmSzEAbYcieNmu4lAVz1VLLZ_paAOVfDx0eYlW3te2SyfTWQ_evKRIWjp9kxnT6cOhSshvccfd0YAQ%26sig%3DAOD64_1dSeSYzc5Q-cHiuMow1imZ-mmL5A%26client%3Dca-pub-8786690744144524%26dbm_c%3DAKAmf-BclZsSCanrx5fdkjSVgq8_vXmWk8RVPhkIw0SsDgKATYRVTDKfNfhQJ2daFqzVU2xO-wq14PvzYEaUks7VUZndFXxraA729mtBdXGnX-6YLuRDGmJZO6hiVs4K6tGQ8fdvqCm465err4j6av0KM6-OwdYmqxSfReo8TmbWi3t4Fy5tUtc%26cry%3D1%26dbm_d%3DAKAmf-CX_5CfTTarLSqMLrvPHXtndf2X2KbIDGukP67pzwWdzLDxN8x1tHC5Kg62poyD4-821zFLZP8P4tEmqaVVXDoJQ58IJkhvLZQlf-LzMmdgiSV-d3T8rhmM7sVi0qKhRMl0slw5V9X1AfXdagPQiy5lQEy2Cygt3W10qry1NCdYFSIlzICG_rm7DPV_yIthmGkLBRjDGvmO46MEB-3sMHC3k2JPtER0yf2w7ogysiu5aMd73z3X_JSoQzhPS3VrEEkO1fP08HUKXNwjjHjDSrFFpyjLScKAMGh7BeeZCws8u0IsIxFClCerakQ3IWTLGaq5ZD4zAZQ_mQVLivTYvOibaWaBaermUJQgJTomHjWtFXZyMBR9fyKd05Mi6ZZzCOiQHINssH9_6HRthzUk_hShM-PqqUViCPHXZS0yRYdJxEaIXABXO0TDmRhTccpFPRqxuiMxaXCGKhnE2jKaooJf3o2FyPmxUFx8qyu4LZJfeUAqUUxlTWPFS7ljrVZrNyApdUeH%26adurl%3D&documentReferer=https%3A%2F%2Fepicenter.bg%2F&ancestorOrigins=https%3A%2F%2Fepicenter.bg&random=7418472492515&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

145.239.193.130 , France, ASN16276 (OVH, FR),

Reverse DNS

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000

Request headers

Referer: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: X-Request-ID
Content-Length: 0
Content-Type: application/javascript; charset=utf-8
Date: Wed, 30 Aug 2023 13:54:22 GMT
Host: pv.medialead.de
Proxy-Host: pv.medialead.de
Server: nginx
Strict-Transport-Security: max-age=15768000
Vary: Origin
X-IPLB-Instance: 40027
X-IPLB-Request-ID: 5413AFB8:94D8_91EFC182:01BB_64EF4A0E_9686BDB:22022

GET
H2 200 link.html Show response
track.webgains.com/ Frame 9E9F 2 KB
2 KB 200ms
115ms Script
text/html 3.9.22.61
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://track.webgains.com/link.html?wglinkid=2513145&wgcampaignid=99582&js=1&viewref=62711200102690604444978012432012&nw=1
Requested by: Host: epicenter.bg
URL: https://epicenter.bg/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.9.22.61 London, United Kingdom, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-9-22-61.eu-west-2.compute.amazonaws.com
Software: nginx / PHP/7.4.26
Resource Hash: 11477df5ca7a427a67e039861f76f49041a0044320fcb92e966e3592a334a1b5

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Wed, 30 Aug 2023 13:54:22 GMT
last-modified: Wed, 30 Aug 2023 13:54:22 GMT
server: nginx
x-powered-by: PHP/7.4.26
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=60
access-control-allow-headers: Authorization
expires: Wed, 30 Aug 2023 13:55:22 GMT

GET
H2

200

activityi;dc_pre=CNyPnJ7EhIEDFYRPDQodXzQHXQ;src=8019191;type=invmedia;cat=1up4h04i;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=537275684660.37213 Show response
8019191.fls.doubleclick.net/ Frame 94E7
Redirect Chain

https://8019191.fls.doubleclick.net/activityi;src=8019191;type=invmedia;cat=1up4h04i;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=537275684660.37213?
https://8019191.fls.doubleclick.net/activityi;dc_pre=CNyPnJ7EhIEDFYRPDQodXzQHXQ;src=8019191;type=invmedia;cat=1up4h04i;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=537275684660.37213?

392 B
288 B

142ms
138ms

Document
text/html

172.217.16.134
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://8019191.fls.doubleclick.net/activityi;dc_pre=CNyPnJ7EhIEDFYRPDQodXzQHXQ;src=8019191;type=invmedia;cat=1up4h04i;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=537275684660.37213?

Requested by

Host: epicenter.bg
URL: https://epicenter.bg/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.16.134 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

zrh04s06-in-f134.1e100.net

Software

cafe /

Resource Hash

408108837819404f83384f16736290bcf47726b4970f9c1b80dd6967cc307c92

Security Headers

Name	Value
Strict-Transport-Security	max-age=21600
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=0
content-encoding: br
content-length: 219
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 30 Aug 2023 13:54:22 GMT
expires: Wed, 30 Aug 2023 13:54:22 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
strict-transport-security: max-age=21600
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, must-revalidate
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 30 Aug 2023 13:54:22 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
follow-only-when-prerender-shown: 1
location: https://8019191.fls.doubleclick.net/activityi;dc_pre=CNyPnJ7EhIEDFYRPDQodXzQHXQ;src=8019191;type=invmedia;cat=1up4h04i;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=537275684660.37213?
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma: no-cache
server: cafe
strict-transport-security: max-age=21600
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H/1.1 200
OK request_content.php Show response
hal900012.redintelligence.net/ Frame 0ADB 7 KB
2 KB 77ms
26ms Document
text/html 94.130.102.164
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal900012.redintelligence.net/request_content.php?s=62711200102690604444978012432012&a=0bb20247
Requested by: Host: hal900012.redintelligence.net
URL: https://hal900012.redintelligence.net/request.php?zone=jf2y0amzcvu0&nw=20&renderingType=javascript&namespace=9c910844d3&subid=&uid=5212bf25e8e84852&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=300x600&scrollPos=0x0&extData[]=&extVar[]=DV360_SSP%3A1&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCgEnvDErvZNmeDtKWgAffzr3gC6blvaBpvZicp8kP8C4QASCglrcuYJWK-4GUB8gBCakCAHcZnNREsj6oAwHIA5sEqgThAU_Qj3UX1REfgZDDgNFqLL341ujw02yDXUNLAyYPLA1Y5FXR8ZYL-ayNRQxE3KmsXaSkAmPRR7FyIwm5wMOldWzqGDzq7R7_jjfh5ByAU5TWKOgltfMbrQLdf40-LftMIjDp3UqpBsYUIXUzO0gpe53b4n-S4B1V8jZwgpY2spE9lthtrh_vUdwOfx19ME7i4uvSs3y6kFQ7bnT9JHHjmxPz2F952UKvR37ped2DtgX_JrjuKAu2JcVVdNAjeNXpU6XIwbIbY3WWBsIlYpkyucbNoq_j0Zv7pqrg65UN3JwD4cAE64_8jvcD4AQDiAXvr5aIPpAGAaAGTYAHrK31nwOoB9m2sQKoB47OG6gHk9gbqAfulrECqAf-nrECqAeko7ECqAfVyRuoB6a-G6gHmgaoB_PRG6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggWCIDhgBAQARgdMgKqAjoCgEBIvf3BOoAKAZgLAcgLAYAMAaoNAkRFyA0BsBPMnNkS0BMA2BMDiBQB2BQB0BUB-BYBgBcB%26ae%3D1%26gclid%3DEAIaIQobChMI2dSEncSEgQMVUgvgCh1fZw-8EAEYASAAEgIyDvD_BwE%26num%3D1%26cid%3DCAQSTABpAlJWjiLC6cN0y6Af-KVXk8DBkmSzEAbYcieNmu4lAVz1VLLZ_paAOVfDx0eYlW3te2SyfTWQ_evKRIWjp9kxnT6cOhSshvccfd0YAQ%26sig%3DAOD64_1dSeSYzc5Q-cHiuMow1imZ-mmL5A%26client%3Dca-pub-8786690744144524%26dbm_c%3DAKAmf-BclZsSCanrx5fdkjSVgq8_vXmWk8RVPhkIw0SsDgKATYRVTDKfNfhQJ2daFqzVU2xO-wq14PvzYEaUks7VUZndFXxraA729mtBdXGnX-6YLuRDGmJZO6hiVs4K6tGQ8fdvqCm465err4j6av0KM6-OwdYmqxSfReo8TmbWi3t4Fy5tUtc%26cry%3D1%26dbm_d%3DAKAmf-CX_5CfTTarLSqMLrvPHXtndf2X2KbIDGukP67pzwWdzLDxN8x1tHC5Kg62poyD4-821zFLZP8P4tEmqaVVXDoJQ58IJkhvLZQlf-LzMmdgiSV-d3T8rhmM7sVi0qKhRMl0slw5V9X1AfXdagPQiy5lQEy2Cygt3W10qry1NCdYFSIlzICG_rm7DPV_yIthmGkLBRjDGvmO46MEB-3sMHC3k2JPtER0yf2w7ogysiu5aMd73z3X_JSoQzhPS3VrEEkO1fP08HUKXNwjjHjDSrFFpyjLScKAMGh7BeeZCws8u0IsIxFClCerakQ3IWTLGaq5ZD4zAZQ_mQVLivTYvOibaWaBaermUJQgJTomHjWtFXZyMBR9fyKd05Mi6ZZzCOiQHINssH9_6HRthzUk_hShM-PqqUViCPHXZS0yRYdJxEaIXABXO0TDmRhTccpFPRqxuiMxaXCGKhnE2jKaooJf3o2FyPmxUFx8qyu4LZJfeUAqUUxlTWPFS7ljrVZrNyApdUeH%26adurl%3D&documentReferer=https%3A%2F%2Fepicenter.bg%2F&ancestorOrigins=https%3A%2F%2Fepicenter.bg&random=7418472492515&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 94.130.102.164 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.164.102.130.94.clients.your-server.de
Software: Apache /
Resource Hash: 7ae381300329dab93885157930978c1d54febdb68d23dab435b9cd78fca951ca

Request headers

Referer: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Connection: close
Content-Encoding: gzip
Content-Length: 2032
Content-Type: text/html; charset=utf-8
Date: Wed, 30 Aug 2023 13:54:22 GMT
Expires: Wed, 30 Aug 2023 14:54:22 +0200
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Pragma: no-cache
Server: Apache
Vary: Accept-Encoding

GET
H/1.1

200
OK

e99aace94e6e5873881d3400993e1e7e
pv.medialead.de/trck/eview/ Frame 9E9F
Redirect Chain

https://medialead.de/trck/eview/e99aace94e6e5873881d3400993e1e7e?subid=62711200102690604444978012432012&t=htlp&gdpr=1&consent=1&gdpr_consent=
https://pv.medialead.de/trck/eview/e99aace94e6e5873881d3400993e1e7e?subid=62711200102690604444978012432012&t=htlp&gdpr=1&consent=1&gdpr_consent=

43 B
482 B

736ms
736ms

Image
image/gif

145.239.193.130
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pv.medialead.de/trck/eview/e99aace94e6e5873881d3400993e1e7e?subid=62711200102690604444978012432012&t=htlp&gdpr=1&consent=1&gdpr_consent=

Requested by

Host: 10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com
URL: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

HTTP/1.1

Server

145.239.193.130 , France, ASN16276 (OVH, FR),

Reverse DNS

Software

nginx /

Resource Hash

548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

Date: Wed, 30 Aug 2023 13:54:23 GMT
Strict-Transport-Security: max-age=15768000
Server: nginx
Host: pv.medialead.de
X-IPLB-Request-ID: 5413AFB8:94D6_91EFC182:01BB_64EF4A0F_968B9FB:22021
X-IPLB-Instance: 40027
Vary: Origin
Content-Type: image/gif
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: X-Request-ID
Access-Control-Allow-Credentials: true
Content-Length: 43
Proxy-Host: pv.medialead.de

Redirect headers

location: https://pv.medialead.de/trck/eview/e99aace94e6e5873881d3400993e1e7e?subid=62711200102690604444978012432012&t=htlp&gdpr=1&consent=1&gdpr_consent=
date: Wed, 30 Aug 2023 13:54:22 GMT
server: nginx
content-length: 154
content-type: text/html

GET
H/1.1 200
OK cshow.php
www.awin1.com/ Frame 9E9F 43 B
705 B 153ms
84ms Image
image/gif 23.218.170.194
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.awin1.com/cshow.php?s=3266505&v=11601&q=357526&r=113440&pref1=62711200102690604444978012432012&pv=1

Requested by

Host: 10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com
URL: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

23.218.170.194 Munich, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-218-170-194.deploy.static.akamaitechnologies.com

Software

Resource Hash

2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 30 Aug 2023 13:54:22 GMT
Strict-Transport-Security: max-age=86400
Node: Helix
Content-Type: image/gif
P3P: policyref="http://www.awin1.com/w3c/p3p.xml", CP="NOI NID CURa ADMa PSAa HISa OUR IND UNI PUR COM NAV"
Cache-Control: no-store, no-cache, max-age=0, must-revalidate
Awin-Akamai-Rule-Set: default
Connection: keep-alive
Content-Length: 43
Expires: 0

GET
H/1.1 200
OK e99aace94e6e5873881d3400993e1e7e Show response
pv.medialead.de/trck/epv/ Frame D800 0
465 B 141ms
55ms Document
application/javascript 145.239.193.130
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://pv.medialead.de/trck/epv/e99aace94e6e5873881d3400993e1e7e?subid=95833400106828604444550012432018&t=htlp&gdpr=1&consent=1&gdpr_consent=

Requested by

Host: hal900018.redintelligence.net
URL: https://hal900018.redintelligence.net/request.php?zone=g72h7lz2c4az&nw=20&renderingType=javascript&namespace=e0dcb1bc8c&subid=&uid=090456174a56a46e&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=728x90&scrollPos=0x0&extData[]=&extVar[]=DV360_SSP%3A1&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCjZb9DErvZNyeDtKWgAffzr3gC6blvaBphZWcp8kP8C4QASCglrcuYJWK-4GUB8gBCakCAHcZnNREsj6oAwHIA5sEqgTjAU_Qmh9bBCPyIP8kWY36IsJzdewCN-EYWcgx_HxmMB1woY3EmRZAY5CY40WXUEF8xlCfYMalKGgnKu4sPXnDjQ6r6XxuuJyavuBCoSrAx5CrbcmgeYU91XDgYo4PR5sOSKlFu1MxiiBpnA33lIqP0nwd2C4LhaK436DHlTyzEEViS66ou-hV-c39SWDEqUWb27ORQJX_Z1PWyQb4dXSwZOw9cEGmW0jfSrkhtBjDfiTZzC3NhcoExics2aFJ1C7QVJ-zOzqsiAPUl_cIF0aATWasLWh0QUHSSV9z3HlptfqpU8oUwATrj_yO9wPgBAOIBe-vlog-kAYBoAZNgAesrfWfA6gH2baxAqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4bqAeaBqgH89EbqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCBYIgOGAEBABGB0yAqoCOgKAQEi9_cE6gAoBmAsByAsBgAwBqg0CREXIDQGwE8yc2RLQEwDYEwOIFAHYFAHQFQH4FgGAFwE%26ae%3D1%26gclid%3DEAIaIQobChMI3NSEncSEgQMVUgvgCh1fZw-8EAEYASAAEgJAhPD_BwE%26num%3D1%26cid%3DCAQSTABpAlJWjiLC6cN0y6Af-KVXk8DBkmSzEAbYcieNmu4lAVz1VLLZ_paAOVfDx0eYlW3te2SyfTWQ_evKRIWjp9kxnT6cOhSshvccfd0YAQ%26sig%3DAOD64_0Xub5oH70KO5PqjfX9bs3B1gutFw%26client%3Dca-pub-8786690744144524%26dbm_c%3DAKAmf-D0CJZisbT7xp7HGBdetBoHZk8aPsd0qPwixy1U51oT0Ywdc7u5sgLuiZCNBiWf94knWWkvSCvswjD-nlSFORD5xAKHrqtco-7U6ca4f3TeXj1tbP2mRd7lbymhHqFYeU5iCoiSefDSpC5EoRGrdvzlVtuboEEb5i4gPb9YSk8hzdfCBds%26cry%3D1%26dbm_d%3DAKAmf-Bw-qs-vM048qcIQNoFt5DPA9BX0ISU4h050Bju4hHRjnWU8HmBD1d1TEVsxi96CzXV6nO1t9HoQnG_vVP42WgxdJEoCNu_mZMdabFZdVva4C1tLZxmgL-74qb98amI7WKSVkSfHp--s4am7h484qbDupoq8jISMA8gbO_2C5hhyEOtD1S78jmYN62Rje0LG67gbKI2oMaoUQzeT7pGlJHBjQ5t2ubOEzI4lswyPQb9vqGAobaqdCfd1_zdxh92v3i_F6mLgf9j1ZqKzlHoKEQT9YbOtJNUm9FOFGFVbEl1C6E32e1RaAamQp8bSu_RFS_IXk3_qUW5MzL47wRe6ssJL7Gw7OOk6G4HfrDOuyxNP6Qpf79jbxEU9xtMqqivlMgQtUiv3VK5Vsr2nqvKK6-UvxzuBTrave-06mScbDD-UXWFSQYvPVsw-wsyiH90lMdB120aGcoSWOfKQQ3r3tLeAAQCLZzehgjEVWl18ojZ53fbV6xX0FOiSJD21hJ1XsyOFIqi%26adurl%3D&documentReferer=https%3A%2F%2Fepicenter.bg%2F&ancestorOrigins=https%3A%2F%2Fepicenter.bg&random=6696828773976&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

145.239.193.130 , France, ASN16276 (OVH, FR),

Reverse DNS

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000

Request headers

Referer: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: X-Request-ID
Content-Length: 0
Content-Type: application/javascript; charset=utf-8
Date: Wed, 30 Aug 2023 13:54:22 GMT
Host: pv.medialead.de
Proxy-Host: pv.medialead.de
Server: nginx
Strict-Transport-Security: max-age=15768000
Vary: Origin
X-IPLB-Instance: 40028
X-IPLB-Request-ID: 5413AFB8:94DC_91EFC182:01BB_64EF4A0E_9742B1D:B82B

GET
H2 200 / Show response
adv.office-partner.de/ Frame AC1A 930 B
930 B 94ms
29ms Document
text/html 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to

Full URL: https://adv.office-partner.de/?utm_source=webgains&utm_campaign=webgains
Requested by: Host: hal900018.redintelligence.net
URL: https://hal900018.redintelligence.net/request.php?zone=g72h7lz2c4az&nw=20&renderingType=javascript&namespace=e0dcb1bc8c&subid=&uid=090456174a56a46e&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=728x90&scrollPos=0x0&extData[]=&extVar[]=DV360_SSP%3A1&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCjZb9DErvZNyeDtKWgAffzr3gC6blvaBphZWcp8kP8C4QASCglrcuYJWK-4GUB8gBCakCAHcZnNREsj6oAwHIA5sEqgTjAU_Qmh9bBCPyIP8kWY36IsJzdewCN-EYWcgx_HxmMB1woY3EmRZAY5CY40WXUEF8xlCfYMalKGgnKu4sPXnDjQ6r6XxuuJyavuBCoSrAx5CrbcmgeYU91XDgYo4PR5sOSKlFu1MxiiBpnA33lIqP0nwd2C4LhaK436DHlTyzEEViS66ou-hV-c39SWDEqUWb27ORQJX_Z1PWyQb4dXSwZOw9cEGmW0jfSrkhtBjDfiTZzC3NhcoExics2aFJ1C7QVJ-zOzqsiAPUl_cIF0aATWasLWh0QUHSSV9z3HlptfqpU8oUwATrj_yO9wPgBAOIBe-vlog-kAYBoAZNgAesrfWfA6gH2baxAqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4bqAeaBqgH89EbqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCBYIgOGAEBABGB0yAqoCOgKAQEi9_cE6gAoBmAsByAsBgAwBqg0CREXIDQGwE8yc2RLQEwDYEwOIFAHYFAHQFQH4FgGAFwE%26ae%3D1%26gclid%3DEAIaIQobChMI3NSEncSEgQMVUgvgCh1fZw-8EAEYASAAEgJAhPD_BwE%26num%3D1%26cid%3DCAQSTABpAlJWjiLC6cN0y6Af-KVXk8DBkmSzEAbYcieNmu4lAVz1VLLZ_paAOVfDx0eYlW3te2SyfTWQ_evKRIWjp9kxnT6cOhSshvccfd0YAQ%26sig%3DAOD64_0Xub5oH70KO5PqjfX9bs3B1gutFw%26client%3Dca-pub-8786690744144524%26dbm_c%3DAKAmf-D0CJZisbT7xp7HGBdetBoHZk8aPsd0qPwixy1U51oT0Ywdc7u5sgLuiZCNBiWf94knWWkvSCvswjD-nlSFORD5xAKHrqtco-7U6ca4f3TeXj1tbP2mRd7lbymhHqFYeU5iCoiSefDSpC5EoRGrdvzlVtuboEEb5i4gPb9YSk8hzdfCBds%26cry%3D1%26dbm_d%3DAKAmf-Bw-qs-vM048qcIQNoFt5DPA9BX0ISU4h050Bju4hHRjnWU8HmBD1d1TEVsxi96CzXV6nO1t9HoQnG_vVP42WgxdJEoCNu_mZMdabFZdVva4C1tLZxmgL-74qb98amI7WKSVkSfHp--s4am7h484qbDupoq8jISMA8gbO_2C5hhyEOtD1S78jmYN62Rje0LG67gbKI2oMaoUQzeT7pGlJHBjQ5t2ubOEzI4lswyPQb9vqGAobaqdCfd1_zdxh92v3i_F6mLgf9j1ZqKzlHoKEQT9YbOtJNUm9FOFGFVbEl1C6E32e1RaAamQp8bSu_RFS_IXk3_qUW5MzL47wRe6ssJL7Gw7OOk6G4HfrDOuyxNP6Qpf79jbxEU9xtMqqivlMgQtUiv3VK5Vsr2nqvKK6-UvxzuBTrave-06mScbDD-UXWFSQYvPVsw-wsyiH90lMdB120aGcoSWOfKQQ3r3tLeAAQCLZzehgjEVWl18ojZ53fbV6xX0FOiSJD21hJ1XsyOFIqi%26adurl%3D&documentReferer=https%3A%2F%2Fepicenter.bg%2F&ancestorOrigins=https%3A%2F%2Fepicenter.bg&random=6696828773976&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),
Reverse DNS
Software: keycdn-engine /
Resource Hash: 384179ee8fb1fd393558e28ea811532ea776e8cd69f9e94f379ddefb78948bd7

Request headers

Referer: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
cache-control: max-age=604800
content-encoding: gzip
content-length: 552
content-type: text/html
date: Wed, 30 Aug 2023 13:54:22 GMT
etag: "3a2-5c1ab16b3be00-gzip"
expires: Wed, 06 Sep 2023 13:54:22 GMT
last-modified: Thu, 06 May 2021 15:37:28 GMT
link: <https://adv-srv.office-partner.de/?utm_source=webgains&utm_campaign=webgains>; rel="canonical"
server: keycdn-engine
vary: Accept-Encoding
x-accel-version: 0.01
x-cache: HIT
x-edge-location: defr

GET
H2 200 link.html Show response
track.webgains.com/ Frame 22A0 2 KB
2 KB 196ms
115ms Script
text/html 3.9.22.61
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://track.webgains.com/link.html?wglinkid=2513135&wgcampaignid=99582&js=1&viewref=95833400106828604444550012432018&nw=1
Requested by: Host: epicenter.bg
URL: https://epicenter.bg/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.9.22.61 London, United Kingdom, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-9-22-61.eu-west-2.compute.amazonaws.com
Software: nginx / PHP/7.4.26
Resource Hash: 91f50f416c6fde8cd286cee1dde3de45c8b9d1a7e5f3074b35d45e3088b2578a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Wed, 30 Aug 2023 13:54:22 GMT
last-modified: Wed, 30 Aug 2023 13:54:22 GMT
server: nginx
x-powered-by: PHP/7.4.26
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=60
access-control-allow-headers: Authorization
expires: Wed, 30 Aug 2023 13:55:22 GMT

GET
H2

200

activityi;dc_pre=CKScnJ7EhIEDFQ9mDAodUCMIew;src=8019191;type=invmedia;cat=1up4h04i;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=1814603991219.4478 Show response
8019191.fls.doubleclick.net/ Frame 40CF
Redirect Chain

https://8019191.fls.doubleclick.net/activityi;src=8019191;type=invmedia;cat=1up4h04i;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=1814603991219.4478?
https://8019191.fls.doubleclick.net/activityi;dc_pre=CKScnJ7EhIEDFQ9mDAodUCMIew;src=8019191;type=invmedia;cat=1up4h04i;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=1814603991219.4478?

392 B
285 B

140ms
136ms

Document
text/html

172.217.16.134
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://8019191.fls.doubleclick.net/activityi;dc_pre=CKScnJ7EhIEDFQ9mDAodUCMIew;src=8019191;type=invmedia;cat=1up4h04i;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=1814603991219.4478?

Requested by

Host: epicenter.bg
URL: https://epicenter.bg/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.16.134 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

zrh04s06-in-f134.1e100.net

Software

cafe /

Resource Hash

71e5547ac3993db6323354f736950c88f936099ab70e115264e28ac1d038328f

Security Headers

Name	Value
Strict-Transport-Security	max-age=21600
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=0
content-encoding: br
content-length: 219
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 30 Aug 2023 13:54:22 GMT
expires: Wed, 30 Aug 2023 13:54:22 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
strict-transport-security: max-age=21600
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, must-revalidate
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 30 Aug 2023 13:54:22 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
follow-only-when-prerender-shown: 1
location: https://8019191.fls.doubleclick.net/activityi;dc_pre=CKScnJ7EhIEDFQ9mDAodUCMIew;src=8019191;type=invmedia;cat=1up4h04i;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=1814603991219.4478?
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma: no-cache
server: cafe
strict-transport-security: max-age=21600
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H/1.1 200
OK request_content.php Show response
hal900018.redintelligence.net/ Frame BA54 7 KB
2 KB 75ms
25ms Document
text/html 144.76.91.199
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal900018.redintelligence.net/request_content.php?s=95833400106828604444550012432018&a=76c15134
Requested by: Host: hal900018.redintelligence.net
URL: https://hal900018.redintelligence.net/request.php?zone=g72h7lz2c4az&nw=20&renderingType=javascript&namespace=e0dcb1bc8c&subid=&uid=090456174a56a46e&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=728x90&scrollPos=0x0&extData[]=&extVar[]=DV360_SSP%3A1&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCjZb9DErvZNyeDtKWgAffzr3gC6blvaBphZWcp8kP8C4QASCglrcuYJWK-4GUB8gBCakCAHcZnNREsj6oAwHIA5sEqgTjAU_Qmh9bBCPyIP8kWY36IsJzdewCN-EYWcgx_HxmMB1woY3EmRZAY5CY40WXUEF8xlCfYMalKGgnKu4sPXnDjQ6r6XxuuJyavuBCoSrAx5CrbcmgeYU91XDgYo4PR5sOSKlFu1MxiiBpnA33lIqP0nwd2C4LhaK436DHlTyzEEViS66ou-hV-c39SWDEqUWb27ORQJX_Z1PWyQb4dXSwZOw9cEGmW0jfSrkhtBjDfiTZzC3NhcoExics2aFJ1C7QVJ-zOzqsiAPUl_cIF0aATWasLWh0QUHSSV9z3HlptfqpU8oUwATrj_yO9wPgBAOIBe-vlog-kAYBoAZNgAesrfWfA6gH2baxAqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4bqAeaBqgH89EbqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCBYIgOGAEBABGB0yAqoCOgKAQEi9_cE6gAoBmAsByAsBgAwBqg0CREXIDQGwE8yc2RLQEwDYEwOIFAHYFAHQFQH4FgGAFwE%26ae%3D1%26gclid%3DEAIaIQobChMI3NSEncSEgQMVUgvgCh1fZw-8EAEYASAAEgJAhPD_BwE%26num%3D1%26cid%3DCAQSTABpAlJWjiLC6cN0y6Af-KVXk8DBkmSzEAbYcieNmu4lAVz1VLLZ_paAOVfDx0eYlW3te2SyfTWQ_evKRIWjp9kxnT6cOhSshvccfd0YAQ%26sig%3DAOD64_0Xub5oH70KO5PqjfX9bs3B1gutFw%26client%3Dca-pub-8786690744144524%26dbm_c%3DAKAmf-D0CJZisbT7xp7HGBdetBoHZk8aPsd0qPwixy1U51oT0Ywdc7u5sgLuiZCNBiWf94knWWkvSCvswjD-nlSFORD5xAKHrqtco-7U6ca4f3TeXj1tbP2mRd7lbymhHqFYeU5iCoiSefDSpC5EoRGrdvzlVtuboEEb5i4gPb9YSk8hzdfCBds%26cry%3D1%26dbm_d%3DAKAmf-Bw-qs-vM048qcIQNoFt5DPA9BX0ISU4h050Bju4hHRjnWU8HmBD1d1TEVsxi96CzXV6nO1t9HoQnG_vVP42WgxdJEoCNu_mZMdabFZdVva4C1tLZxmgL-74qb98amI7WKSVkSfHp--s4am7h484qbDupoq8jISMA8gbO_2C5hhyEOtD1S78jmYN62Rje0LG67gbKI2oMaoUQzeT7pGlJHBjQ5t2ubOEzI4lswyPQb9vqGAobaqdCfd1_zdxh92v3i_F6mLgf9j1ZqKzlHoKEQT9YbOtJNUm9FOFGFVbEl1C6E32e1RaAamQp8bSu_RFS_IXk3_qUW5MzL47wRe6ssJL7Gw7OOk6G4HfrDOuyxNP6Qpf79jbxEU9xtMqqivlMgQtUiv3VK5Vsr2nqvKK6-UvxzuBTrave-06mScbDD-UXWFSQYvPVsw-wsyiH90lMdB120aGcoSWOfKQQ3r3tLeAAQCLZzehgjEVWl18ojZ53fbV6xX0FOiSJD21hJ1XsyOFIqi%26adurl%3D&documentReferer=https%3A%2F%2Fepicenter.bg%2F&ancestorOrigins=https%3A%2F%2Fepicenter.bg&random=6696828773976&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 144.76.91.199 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.199.91.76.144.clients.your-server.de
Software: Apache /
Resource Hash: 0e27a7b85567e28d5cef05d21fa70b553e864598ba2cb3559caad6725d3e96a1

Request headers

Referer: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Connection: close
Content-Encoding: gzip
Content-Length: 2069
Content-Type: text/html; charset=utf-8
Date: Wed, 30 Aug 2023 13:54:22 GMT
Expires: Wed, 30 Aug 2023 14:54:22 +0200
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Pragma: no-cache
Server: Apache
Vary: Accept-Encoding

GET
H/1.1

200
OK

e99aace94e6e5873881d3400993e1e7e
pv.medialead.de/trck/eview/ Frame 22A0
Redirect Chain

https://medialead.de/trck/eview/e99aace94e6e5873881d3400993e1e7e?subid=95833400106828604444550012432018&t=htlp&gdpr=1&consent=1&gdpr_consent=
https://pv.medialead.de/trck/eview/e99aace94e6e5873881d3400993e1e7e?subid=95833400106828604444550012432018&t=htlp&gdpr=1&consent=1&gdpr_consent=

43 B
482 B

734ms
734ms

Image
image/gif

145.239.193.130
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pv.medialead.de/trck/eview/e99aace94e6e5873881d3400993e1e7e?subid=95833400106828604444550012432018&t=htlp&gdpr=1&consent=1&gdpr_consent=

Requested by

Host: 10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com
URL: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

HTTP/1.1

Server

145.239.193.130 , France, ASN16276 (OVH, FR),

Reverse DNS

Software

nginx /

Resource Hash

548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

Date: Wed, 30 Aug 2023 13:54:23 GMT
Strict-Transport-Security: max-age=15768000
Server: nginx
Host: pv.medialead.de
X-IPLB-Request-ID: 5413AFB8:94EC_91EFC182:01BB_64EF4A0F_9685D10:22024
X-IPLB-Instance: 40027
Vary: Origin
Content-Type: image/gif
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: X-Request-ID
Access-Control-Allow-Credentials: true
Content-Length: 43
Proxy-Host: pv.medialead.de

Redirect headers

location: https://pv.medialead.de/trck/eview/e99aace94e6e5873881d3400993e1e7e?subid=95833400106828604444550012432018&t=htlp&gdpr=1&consent=1&gdpr_consent=
date: Wed, 30 Aug 2023 13:54:22 GMT
server: nginx
content-length: 154
content-type: text/html

GET
H/1.1 200
OK cshow.php
www.awin1.com/ Frame 22A0 43 B
705 B 118ms
57ms Image
image/gif 23.218.170.194
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.awin1.com/cshow.php?s=3266505&v=11601&q=357526&r=113440&pref1=95833400106828604444550012432018&pv=1

Requested by

Host: 10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com
URL: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

23.218.170.194 Munich, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-218-170-194.deploy.static.akamaitechnologies.com

Software

Resource Hash

2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 30 Aug 2023 13:54:22 GMT
Strict-Transport-Security: max-age=86400
Node: Helix
Content-Type: image/gif
P3P: policyref="http://www.awin1.com/w3c/p3p.xml", CP="NOI NID CURa ADMa PSAa HISa OUR IND UNI PUR COM NAV"
Cache-Control: no-store, no-cache, max-age=0, must-revalidate
Awin-Akamai-Rule-Set: default
Connection: keep-alive
Content-Length: 43
Expires: 0

GET
H/1.1 200
OK e99aace94e6e5873881d3400993e1e7e Show response
pv.medialead.de/trck/epv/ Frame AFE9 0
466 B 146ms
67ms Document
application/javascript 145.239.193.130
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://pv.medialead.de/trck/epv/e99aace94e6e5873881d3400993e1e7e?subid=18486700079872604444550012432019&t=htlp&gdpr=1&consent=1&gdpr_consent=

Requested by

Host: hal900019.redintelligence.net
URL: https://hal900019.redintelligence.net/request.php?zone=g72h7lz2c4az&nw=20&renderingType=javascript&namespace=d4807e34a7&subid=&uid=eb7beb94111237a9&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=728x90&scrollPos=0x0&extData[]=&extVar[]=DV360_SSP%3A1&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCW1wvDErvZN2eDtKWgAffzr3gC6blvaBphZWcp8kP8C4QASCglrcuYJWK-4GUB8gBCakCAHcZnNREsj6oAwHIA5sEqgTjAU_QDmPH2bvNoOxZvnP35VanT6HDXiWT7gqM7GbccQRJpD8Uu2EYk0_O7ViNaSu0jPFnmnU3-iFm9yZwhzr1sqwmYUS5hw1agivJeaFvmvHoHt5kxVahfnYipdmaCF3Lyvy5p1VYCLbpKkXD5UQ-moxal8NuKC2UTZCuqnnalpgdg4u26uf9jUyGqaR3T99sG-PlhsflK80tFnW6cuJFLAIzhD2PDn3vToUFYKRcVwBSoRoDFVcFgDxnOimYiuOVWo6dbwaTLlIvVWrYuFtwrbG7UWpLCry5f4Ws644W1sccD-1zwATrj_yO9wPgBAOIBe-vlog-kAYBoAZNgAesrfWfA6gH2baxAqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4bqAeaBqgH89EbqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCBYIgOGAEBABGB0yAqoCOgKAQEi9_cE6gAoBmAsByAsBgAwBqg0CREXIDQGwE8yc2RLQEwDYEwOIFAHYFAHQFQH4FgGAFwE%26ae%3D1%26gclid%3DEAIaIQobChMI3dSEncSEgQMVUgvgCh1fZw-8EAEYASAAEgLfFfD_BwE%26num%3D1%26cid%3DCAQSTABpAlJWjiLC6cN0y6Af-KVXk8DBkmSzEAbYcieNmu4lAVz1VLLZ_paAOVfDx0eYlW3te2SyfTWQ_evKRIWjp9kxnT6cOhSshvccfd0YAQ%26sig%3DAOD64_39T1rGdxMFLF9ujBjy3TE0PK4GMw%26client%3Dca-pub-8786690744144524%26dbm_c%3DAKAmf-BZSAfbRFRZSf5ZCSl7HEch4I75OY-tPsR51lry0OJcoY1mNAvTZcfxFEHXwttErxka0f7HIL-w5uMGPhBwG61KVKX64eAqZBnNcKp9xavEPv2OIHZNcaW2lOH_OagDz0hyCIzY3Wui_4Nr0RbWlUkz4ayzwN52QcjT2Z7rDt6M7JxPbXM%26cry%3D1%26dbm_d%3DAKAmf-Bc3K2FKQ7wGytng40LUv74k7KUkhHkCkj1dqtFFxOMrrZ2MtvuIQAz1DFtISShGlHuODc-uuSavVrLRDfdj1z4cDCwjnoAaq64NAHwlPJK5Ku1yV0xSGSRFS-zjaLj3CaTU5tGAHQaA3z5y0fvENdsaY7p-BBYk02yg2tsCjuIcEzN9o5k1X0NtAyOHaEoUbFgd5RDAANcrkayZz8k8VWBiemMCRYuF7m01e7lYeJAjq6TZYGiCmMHTtiEKSHJxwhfd0cvG2QtCE6_pG3dMrY7kPD-Zuof6LtVGdGr1LZw_CCElU3KP74TA9_8d1ndrga7vohqWCJglQCrvLA6AyBRzN9d3Z4A5P9YDCkFb_vZ90Fl422BgiRZhGnY91lPQ88FJqNPhX_j9frqeyUr3Q2oEKU_jYvlVKLrS8rnPaNZr5Nd9MXI4j5gfLjljHAWjXvh1Bp2qc_imARiBcMKK1rx6ELcbvPeHHuR6SSAbJ3wra7tPpHQC1sAD3gR5O-qlO7KWZ9j%26adurl%3D&documentReferer=https%3A%2F%2Fepicenter.bg%2F&ancestorOrigins=https%3A%2F%2Fepicenter.bg&random=8625728964463&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

145.239.193.130 , France, ASN16276 (OVH, FR),

Reverse DNS

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000

Request headers

Referer: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: X-Request-ID
Content-Length: 0
Content-Type: application/javascript; charset=utf-8
Date: Wed, 30 Aug 2023 13:54:22 GMT
Host: pv.medialead.de
Proxy-Host: pv.medialead.de
Server: nginx
Strict-Transport-Security: max-age=15768000
Vary: Origin
X-IPLB-Instance: 40027
X-IPLB-Request-ID: 5413AFB8:94DE_91EFC182:01BB_64EF4A0E_9686BE2:22022

GET
H2 200 / Show response
adv.office-partner.de/ Frame 930F 930 B
930 B 87ms
30ms Document
text/html 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to

Full URL: https://adv.office-partner.de/?utm_source=webgains&utm_campaign=webgains
Requested by: Host: hal900019.redintelligence.net
URL: https://hal900019.redintelligence.net/request.php?zone=g72h7lz2c4az&nw=20&renderingType=javascript&namespace=d4807e34a7&subid=&uid=eb7beb94111237a9&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=728x90&scrollPos=0x0&extData[]=&extVar[]=DV360_SSP%3A1&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCW1wvDErvZN2eDtKWgAffzr3gC6blvaBphZWcp8kP8C4QASCglrcuYJWK-4GUB8gBCakCAHcZnNREsj6oAwHIA5sEqgTjAU_QDmPH2bvNoOxZvnP35VanT6HDXiWT7gqM7GbccQRJpD8Uu2EYk0_O7ViNaSu0jPFnmnU3-iFm9yZwhzr1sqwmYUS5hw1agivJeaFvmvHoHt5kxVahfnYipdmaCF3Lyvy5p1VYCLbpKkXD5UQ-moxal8NuKC2UTZCuqnnalpgdg4u26uf9jUyGqaR3T99sG-PlhsflK80tFnW6cuJFLAIzhD2PDn3vToUFYKRcVwBSoRoDFVcFgDxnOimYiuOVWo6dbwaTLlIvVWrYuFtwrbG7UWpLCry5f4Ws644W1sccD-1zwATrj_yO9wPgBAOIBe-vlog-kAYBoAZNgAesrfWfA6gH2baxAqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4bqAeaBqgH89EbqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCBYIgOGAEBABGB0yAqoCOgKAQEi9_cE6gAoBmAsByAsBgAwBqg0CREXIDQGwE8yc2RLQEwDYEwOIFAHYFAHQFQH4FgGAFwE%26ae%3D1%26gclid%3DEAIaIQobChMI3dSEncSEgQMVUgvgCh1fZw-8EAEYASAAEgLfFfD_BwE%26num%3D1%26cid%3DCAQSTABpAlJWjiLC6cN0y6Af-KVXk8DBkmSzEAbYcieNmu4lAVz1VLLZ_paAOVfDx0eYlW3te2SyfTWQ_evKRIWjp9kxnT6cOhSshvccfd0YAQ%26sig%3DAOD64_39T1rGdxMFLF9ujBjy3TE0PK4GMw%26client%3Dca-pub-8786690744144524%26dbm_c%3DAKAmf-BZSAfbRFRZSf5ZCSl7HEch4I75OY-tPsR51lry0OJcoY1mNAvTZcfxFEHXwttErxka0f7HIL-w5uMGPhBwG61KVKX64eAqZBnNcKp9xavEPv2OIHZNcaW2lOH_OagDz0hyCIzY3Wui_4Nr0RbWlUkz4ayzwN52QcjT2Z7rDt6M7JxPbXM%26cry%3D1%26dbm_d%3DAKAmf-Bc3K2FKQ7wGytng40LUv74k7KUkhHkCkj1dqtFFxOMrrZ2MtvuIQAz1DFtISShGlHuODc-uuSavVrLRDfdj1z4cDCwjnoAaq64NAHwlPJK5Ku1yV0xSGSRFS-zjaLj3CaTU5tGAHQaA3z5y0fvENdsaY7p-BBYk02yg2tsCjuIcEzN9o5k1X0NtAyOHaEoUbFgd5RDAANcrkayZz8k8VWBiemMCRYuF7m01e7lYeJAjq6TZYGiCmMHTtiEKSHJxwhfd0cvG2QtCE6_pG3dMrY7kPD-Zuof6LtVGdGr1LZw_CCElU3KP74TA9_8d1ndrga7vohqWCJglQCrvLA6AyBRzN9d3Z4A5P9YDCkFb_vZ90Fl422BgiRZhGnY91lPQ88FJqNPhX_j9frqeyUr3Q2oEKU_jYvlVKLrS8rnPaNZr5Nd9MXI4j5gfLjljHAWjXvh1Bp2qc_imARiBcMKK1rx6ELcbvPeHHuR6SSAbJ3wra7tPpHQC1sAD3gR5O-qlO7KWZ9j%26adurl%3D&documentReferer=https%3A%2F%2Fepicenter.bg%2F&ancestorOrigins=https%3A%2F%2Fepicenter.bg&random=8625728964463&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),
Reverse DNS
Software: keycdn-engine /
Resource Hash: 384179ee8fb1fd393558e28ea811532ea776e8cd69f9e94f379ddefb78948bd7

Request headers

Referer: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
cache-control: max-age=604800
content-encoding: gzip
content-length: 552
content-type: text/html
date: Wed, 30 Aug 2023 13:54:22 GMT
etag: "3a2-5c1ab16b3be00-gzip"
expires: Wed, 06 Sep 2023 13:54:22 GMT
last-modified: Thu, 06 May 2021 15:37:28 GMT
link: <https://adv-srv.office-partner.de/?utm_source=webgains&utm_campaign=webgains>; rel="canonical"
server: keycdn-engine
vary: Accept-Encoding
x-accel-version: 0.01
x-cache: HIT
x-edge-location: defr

GET
H2 200 link.html Show response
track.webgains.com/ Frame 05AB 2 KB
2 KB 157ms
85ms Script
text/html 3.9.22.61
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://track.webgains.com/link.html?wglinkid=498343&wgcampaignid=99582&js=1&viewref=18486700079872604444550012432019&nw=1
Requested by: Host: epicenter.bg
URL: https://epicenter.bg/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.9.22.61 London, United Kingdom, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-9-22-61.eu-west-2.compute.amazonaws.com
Software: nginx / PHP/7.4.26
Resource Hash: 455c103213cdc3c03bb5d8541affbc6a6c8c08dbbb39fc92a0ee17b853277759

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Wed, 30 Aug 2023 13:54:22 GMT
last-modified: Wed, 30 Aug 2023 13:54:22 GMT
server: nginx
x-powered-by: PHP/7.4.26
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=60
access-control-allow-headers: Authorization
expires: Wed, 30 Aug 2023 13:55:22 GMT

GET
H2

200

activityi;dc_pre=CL-VnJ7EhIEDFRKlnwodm6cHdw;src=8019191;type=invmedia;cat=1up4h04i;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=2101836711718.803 Show response
8019191.fls.doubleclick.net/ Frame D9F6
Redirect Chain

https://8019191.fls.doubleclick.net/activityi;src=8019191;type=invmedia;cat=1up4h04i;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=2101836711718.803?
https://8019191.fls.doubleclick.net/activityi;dc_pre=CL-VnJ7EhIEDFRKlnwodm6cHdw;src=8019191;type=invmedia;cat=1up4h04i;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=2101836711718.803?

391 B
286 B

243ms
240ms

Document
text/html

172.217.16.134
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://8019191.fls.doubleclick.net/activityi;dc_pre=CL-VnJ7EhIEDFRKlnwodm6cHdw;src=8019191;type=invmedia;cat=1up4h04i;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=2101836711718.803?

Requested by

Host: epicenter.bg
URL: https://epicenter.bg/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.16.134 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

zrh04s06-in-f134.1e100.net

Software

cafe /

Resource Hash

502bd792873e9a919b23722971f07cfe324eb856d83063b9ea5d4c5addbacb53

Security Headers

Name	Value
Strict-Transport-Security	max-age=21600
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=0
content-encoding: br
content-length: 217
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 30 Aug 2023 13:54:22 GMT
expires: Wed, 30 Aug 2023 13:54:22 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
strict-transport-security: max-age=21600
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, must-revalidate
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 30 Aug 2023 13:54:22 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
follow-only-when-prerender-shown: 1
location: https://8019191.fls.doubleclick.net/activityi;dc_pre=CL-VnJ7EhIEDFRKlnwodm6cHdw;src=8019191;type=invmedia;cat=1up4h04i;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=2101836711718.803?
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma: no-cache
server: cafe
strict-transport-security: max-age=21600
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H/1.1 200
OK request_content.php Show response
hal900019.redintelligence.net/ Frame 5C3A 7 KB
2 KB 77ms
24ms Document
text/html 78.46.90.238
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal900019.redintelligence.net/request_content.php?s=18486700079872604444550012432019&a=eab017a0
Requested by: Host: hal900019.redintelligence.net
URL: https://hal900019.redintelligence.net/request.php?zone=g72h7lz2c4az&nw=20&renderingType=javascript&namespace=d4807e34a7&subid=&uid=eb7beb94111237a9&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=728x90&scrollPos=0x0&extData[]=&extVar[]=DV360_SSP%3A1&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCW1wvDErvZN2eDtKWgAffzr3gC6blvaBphZWcp8kP8C4QASCglrcuYJWK-4GUB8gBCakCAHcZnNREsj6oAwHIA5sEqgTjAU_QDmPH2bvNoOxZvnP35VanT6HDXiWT7gqM7GbccQRJpD8Uu2EYk0_O7ViNaSu0jPFnmnU3-iFm9yZwhzr1sqwmYUS5hw1agivJeaFvmvHoHt5kxVahfnYipdmaCF3Lyvy5p1VYCLbpKkXD5UQ-moxal8NuKC2UTZCuqnnalpgdg4u26uf9jUyGqaR3T99sG-PlhsflK80tFnW6cuJFLAIzhD2PDn3vToUFYKRcVwBSoRoDFVcFgDxnOimYiuOVWo6dbwaTLlIvVWrYuFtwrbG7UWpLCry5f4Ws644W1sccD-1zwATrj_yO9wPgBAOIBe-vlog-kAYBoAZNgAesrfWfA6gH2baxAqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4bqAeaBqgH89EbqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCBYIgOGAEBABGB0yAqoCOgKAQEi9_cE6gAoBmAsByAsBgAwBqg0CREXIDQGwE8yc2RLQEwDYEwOIFAHYFAHQFQH4FgGAFwE%26ae%3D1%26gclid%3DEAIaIQobChMI3dSEncSEgQMVUgvgCh1fZw-8EAEYASAAEgLfFfD_BwE%26num%3D1%26cid%3DCAQSTABpAlJWjiLC6cN0y6Af-KVXk8DBkmSzEAbYcieNmu4lAVz1VLLZ_paAOVfDx0eYlW3te2SyfTWQ_evKRIWjp9kxnT6cOhSshvccfd0YAQ%26sig%3DAOD64_39T1rGdxMFLF9ujBjy3TE0PK4GMw%26client%3Dca-pub-8786690744144524%26dbm_c%3DAKAmf-BZSAfbRFRZSf5ZCSl7HEch4I75OY-tPsR51lry0OJcoY1mNAvTZcfxFEHXwttErxka0f7HIL-w5uMGPhBwG61KVKX64eAqZBnNcKp9xavEPv2OIHZNcaW2lOH_OagDz0hyCIzY3Wui_4Nr0RbWlUkz4ayzwN52QcjT2Z7rDt6M7JxPbXM%26cry%3D1%26dbm_d%3DAKAmf-Bc3K2FKQ7wGytng40LUv74k7KUkhHkCkj1dqtFFxOMrrZ2MtvuIQAz1DFtISShGlHuODc-uuSavVrLRDfdj1z4cDCwjnoAaq64NAHwlPJK5Ku1yV0xSGSRFS-zjaLj3CaTU5tGAHQaA3z5y0fvENdsaY7p-BBYk02yg2tsCjuIcEzN9o5k1X0NtAyOHaEoUbFgd5RDAANcrkayZz8k8VWBiemMCRYuF7m01e7lYeJAjq6TZYGiCmMHTtiEKSHJxwhfd0cvG2QtCE6_pG3dMrY7kPD-Zuof6LtVGdGr1LZw_CCElU3KP74TA9_8d1ndrga7vohqWCJglQCrvLA6AyBRzN9d3Z4A5P9YDCkFb_vZ90Fl422BgiRZhGnY91lPQ88FJqNPhX_j9frqeyUr3Q2oEKU_jYvlVKLrS8rnPaNZr5Nd9MXI4j5gfLjljHAWjXvh1Bp2qc_imARiBcMKK1rx6ELcbvPeHHuR6SSAbJ3wra7tPpHQC1sAD3gR5O-qlO7KWZ9j%26adurl%3D&documentReferer=https%3A%2F%2Fepicenter.bg%2F&ancestorOrigins=https%3A%2F%2Fepicenter.bg&random=8625728964463&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 78.46.90.238 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.238.90.46.78.clients.your-server.de
Software: Apache /
Resource Hash: 81d505d448bf9012e2f8dd4bdfc6e8fa25f60ee9128b859d8047ff26ee777feb

Request headers

Referer: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Connection: close
Content-Encoding: gzip
Content-Length: 2085
Content-Type: text/html; charset=utf-8
Date: Wed, 30 Aug 2023 13:54:22 GMT
Expires: Wed, 30 Aug 2023 14:54:22 +0200
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Pragma: no-cache
Server: Apache
Vary: Accept-Encoding

GET
H/1.1

200
OK

e99aace94e6e5873881d3400993e1e7e
pv.medialead.de/trck/eview/ Frame 05AB
Redirect Chain

https://medialead.de/trck/eview/e99aace94e6e5873881d3400993e1e7e?subid=18486700079872604444550012432019&t=htlp&gdpr=1&consent=1&gdpr_consent=
https://pv.medialead.de/trck/eview/e99aace94e6e5873881d3400993e1e7e?subid=18486700079872604444550012432019&t=htlp&gdpr=1&consent=1&gdpr_consent=

43 B
481 B

1013ms
762ms

Image
image/gif

145.239.193.130
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pv.medialead.de/trck/eview/e99aace94e6e5873881d3400993e1e7e?subid=18486700079872604444550012432019&t=htlp&gdpr=1&consent=1&gdpr_consent=

Requested by

Host: 10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com
URL: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

HTTP/1.1

Server

145.239.193.130 , France, ASN16276 (OVH, FR),

Reverse DNS

Software

nginx /

Resource Hash

548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

Date: Wed, 30 Aug 2023 13:54:24 GMT
Strict-Transport-Security: max-age=15768000
Server: nginx
Host: pv.medialead.de
X-IPLB-Request-ID: 5413AFB8:94DA_91EFC182:01BB_64EF4A0F_9735E2F:B82C
X-IPLB-Instance: 40028
Vary: Origin
Content-Type: image/gif
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: X-Request-ID
Access-Control-Allow-Credentials: true
Content-Length: 43
Proxy-Host: pv.medialead.de

Redirect headers

location: https://pv.medialead.de/trck/eview/e99aace94e6e5873881d3400993e1e7e?subid=18486700079872604444550012432019&t=htlp&gdpr=1&consent=1&gdpr_consent=
date: Wed, 30 Aug 2023 13:54:22 GMT
server: nginx
content-length: 154
content-type: text/html

GET
H/1.1 200
OK cshow.php
www.awin1.com/ Frame 05AB 43 B
705 B 136ms
80ms Image
image/gif 23.218.170.194
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.awin1.com/cshow.php?s=3266505&v=11601&q=357526&r=113440&pref1=18486700079872604444550012432019&pv=1

Requested by

Host: 10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com
URL: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

23.218.170.194 Munich, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-218-170-194.deploy.static.akamaitechnologies.com

Software

Resource Hash

2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 30 Aug 2023 13:54:22 GMT
Strict-Transport-Security: max-age=86400
Node: Helix
Content-Type: image/gif
P3P: policyref="http://www.awin1.com/w3c/p3p.xml", CP="NOI NID CURa ADMa PSAa HISa OUR IND UNI PUR COM NAV"
Cache-Control: no-store, no-cache, max-age=0, must-revalidate
Awin-Akamai-Rule-Set: default
Connection: keep-alive
Content-Length: 43
Expires: 0

GET
H/1.1 200
OK e99aace94e6e58733936cdd965d03e75 Show response
pv.medialead.de/trck/epv/ Frame CFBA 0
466 B 134ms
60ms Document
application/javascript 145.239.193.130
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://pv.medialead.de/trck/epv/e99aace94e6e58733936cdd965d03e75?subid=45250500104519004444550012432026&t=htlp&gdpr=1&consent=1&gdpr_consent=

Requested by

Host: hal900026.redintelligence.net
URL: https://hal900026.redintelligence.net/request.php?zone=g72h7lz2c4az&nw=20&renderingType=javascript&namespace=2721d38d3a&subid=&uid=24040568a3734145&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=728x90&scrollPos=0x0&extData[]=&extVar[]=DV360_SSP%3A1&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCJrZaDErvZOOeDtKWgAffzr3gC6blvaBphZWcp8kP8C4QASCglrcuYJWK-4GUB8gBCakCAHcZnNREsj6oAwHIA5sEqgTjAU_QqKKEMHDGmN4UZjtbX0eY2SAQfBVKrQpP7tJ1B3Mi81sl4NNQvOcLFBSmqy89rW-eExTLuWKgBfh2cOmzcmg9tstNVeF4nW2PvWrgBt5adq_idkVvZG6aZvfudWrqLYpESosnmDHKqrYOlPZ6DR7mO6d_WaSBJ8yZmIYihT_iEO3Esbc37mb1yEO2WKMhXlUZAKBmfqzE4kjhcd2kEdDjt6Kpk-_YPRM8w8lR6fiZoQM9KZy3ideGMpmX16CKO7N2rszGlhR1kv85mJPqb7ULYvrOflpySIPRDOxCHkIXi2VWwATrj_yO9wPgBAOIBe-vlog-kAYBoAZNgAesrfWfA6gH2baxAqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4bqAeaBqgH89EbqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCBYIgOGAEBABGB0yAqoCOgKAQEi9_cE6gAoBmAsByAsBgAwBqg0CREXIDQGwE8yc2RLQEwDYEwOIFAHYFAHQFQH4FgGAFwE%26ae%3D1%26gclid%3DEAIaIQobChMI49SEncSEgQMVUgvgCh1fZw-8EAEYASAAEgI7W_D_BwE%26num%3D1%26cid%3DCAQSTABpAlJWjiLC6cN0y6Af-KVXk8DBkmSzEAbYcieNmu4lAVz1VLLZ_paAOVfDx0eYlW3te2SyfTWQ_evKRIWjp9kxnT6cOhSshvccfd0YAQ%26sig%3DAOD64_122bBQjhloF8WAH1sxuJLyG4pz_w%26client%3Dca-pub-8786690744144524%26dbm_c%3DAKAmf-AkPGdnblfVa1pf-WMKQNTevkJkkmSKb5zoSlmAlDP_EFBTogYZr7_i9wyCySeNExEjTVOGvMML2PzkfNiJ7iQm_ZVUlzKX-_Qx3Itld8uRf03K6biGuAlfwhHPo-ZEztHtBuaCxDr7YcQ5NNToTNGNeLyZz_a_yyg0oLgG-xU5_h63dlI%26cry%3D1%26dbm_d%3DAKAmf-Ba7Nf1xypMkNACg4iFslqxp39940B5s2FxVZqxPrGtiTzMkcH4bZHoS9rMBNiGe8STNo_4gIs6o3KCJDUHCNk5Mj03KFCkxOiLP5sdx-rjhxmmnWa0XfGK9T2hxrxGItuKmKisCHGT0G0-28issGnTET843s_HWr33IsQVUnIlrsvMQn1Dq5lW_SUy6LV9rauNwZ6-pV2de8LNTeHAwtSY3JXV2qouDcl-f5PCRkn-c2XZ9POsjTXeTW0ck3XMFAP-SWXLkpLfFzygZ1Upn61nT6MRdh7rsGVHwACGRmto9RAS7g_oEuA7fourhw282Pl6zCNYi_a5LPbjfGU3oZuBhhHV4GZKSOU1EpckCvjuUPgDlO0ZldZmdxy4_JATYeXqv1isVFI5w89krq-AxDSk49f5HlQd9I-V1x6TiRCvGhpEVFqiBH-El0i-YDtZ-8D-VMte2Kk6molpwRKk6B7MCcVdaXUW0ajGydQyvJgRyFVDWdruwhXXcoKZcioy2xtpKGc9%26adurl%3D&documentReferer=https%3A%2F%2Fepicenter.bg%2F&ancestorOrigins=https%3A%2F%2Fepicenter.bg&random=702538563419&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

145.239.193.130 , France, ASN16276 (OVH, FR),

Reverse DNS

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000

Request headers

Referer: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: X-Request-ID
Content-Length: 0
Content-Type: application/javascript; charset=utf-8
Date: Wed, 30 Aug 2023 13:54:22 GMT
Host: pv.medialead.de
Proxy-Host: pv.medialead.de
Server: nginx
Strict-Transport-Security: max-age=15768000
Vary: Origin
X-IPLB-Instance: 40027
X-IPLB-Request-ID: 5413AFB8:94EC_91EFC182:01BB_64EF4A0E_9685CC1:22024

GET
H2 200 / Show response
adv.office-partner.de/ Frame 31E1 930 B
930 B 104ms
52ms Document
text/html 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to

Full URL: https://adv.office-partner.de/?utm_source=webgains&utm_campaign=webgains
Requested by: Host: hal900026.redintelligence.net
URL: https://hal900026.redintelligence.net/request.php?zone=g72h7lz2c4az&nw=20&renderingType=javascript&namespace=2721d38d3a&subid=&uid=24040568a3734145&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=728x90&scrollPos=0x0&extData[]=&extVar[]=DV360_SSP%3A1&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCJrZaDErvZOOeDtKWgAffzr3gC6blvaBphZWcp8kP8C4QASCglrcuYJWK-4GUB8gBCakCAHcZnNREsj6oAwHIA5sEqgTjAU_QqKKEMHDGmN4UZjtbX0eY2SAQfBVKrQpP7tJ1B3Mi81sl4NNQvOcLFBSmqy89rW-eExTLuWKgBfh2cOmzcmg9tstNVeF4nW2PvWrgBt5adq_idkVvZG6aZvfudWrqLYpESosnmDHKqrYOlPZ6DR7mO6d_WaSBJ8yZmIYihT_iEO3Esbc37mb1yEO2WKMhXlUZAKBmfqzE4kjhcd2kEdDjt6Kpk-_YPRM8w8lR6fiZoQM9KZy3ideGMpmX16CKO7N2rszGlhR1kv85mJPqb7ULYvrOflpySIPRDOxCHkIXi2VWwATrj_yO9wPgBAOIBe-vlog-kAYBoAZNgAesrfWfA6gH2baxAqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4bqAeaBqgH89EbqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCBYIgOGAEBABGB0yAqoCOgKAQEi9_cE6gAoBmAsByAsBgAwBqg0CREXIDQGwE8yc2RLQEwDYEwOIFAHYFAHQFQH4FgGAFwE%26ae%3D1%26gclid%3DEAIaIQobChMI49SEncSEgQMVUgvgCh1fZw-8EAEYASAAEgI7W_D_BwE%26num%3D1%26cid%3DCAQSTABpAlJWjiLC6cN0y6Af-KVXk8DBkmSzEAbYcieNmu4lAVz1VLLZ_paAOVfDx0eYlW3te2SyfTWQ_evKRIWjp9kxnT6cOhSshvccfd0YAQ%26sig%3DAOD64_122bBQjhloF8WAH1sxuJLyG4pz_w%26client%3Dca-pub-8786690744144524%26dbm_c%3DAKAmf-AkPGdnblfVa1pf-WMKQNTevkJkkmSKb5zoSlmAlDP_EFBTogYZr7_i9wyCySeNExEjTVOGvMML2PzkfNiJ7iQm_ZVUlzKX-_Qx3Itld8uRf03K6biGuAlfwhHPo-ZEztHtBuaCxDr7YcQ5NNToTNGNeLyZz_a_yyg0oLgG-xU5_h63dlI%26cry%3D1%26dbm_d%3DAKAmf-Ba7Nf1xypMkNACg4iFslqxp39940B5s2FxVZqxPrGtiTzMkcH4bZHoS9rMBNiGe8STNo_4gIs6o3KCJDUHCNk5Mj03KFCkxOiLP5sdx-rjhxmmnWa0XfGK9T2hxrxGItuKmKisCHGT0G0-28issGnTET843s_HWr33IsQVUnIlrsvMQn1Dq5lW_SUy6LV9rauNwZ6-pV2de8LNTeHAwtSY3JXV2qouDcl-f5PCRkn-c2XZ9POsjTXeTW0ck3XMFAP-SWXLkpLfFzygZ1Upn61nT6MRdh7rsGVHwACGRmto9RAS7g_oEuA7fourhw282Pl6zCNYi_a5LPbjfGU3oZuBhhHV4GZKSOU1EpckCvjuUPgDlO0ZldZmdxy4_JATYeXqv1isVFI5w89krq-AxDSk49f5HlQd9I-V1x6TiRCvGhpEVFqiBH-El0i-YDtZ-8D-VMte2Kk6molpwRKk6B7MCcVdaXUW0ajGydQyvJgRyFVDWdruwhXXcoKZcioy2xtpKGc9%26adurl%3D&documentReferer=https%3A%2F%2Fepicenter.bg%2F&ancestorOrigins=https%3A%2F%2Fepicenter.bg&random=702538563419&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),
Reverse DNS
Software: keycdn-engine /
Resource Hash: 384179ee8fb1fd393558e28ea811532ea776e8cd69f9e94f379ddefb78948bd7

Request headers

Referer: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
cache-control: max-age=604800
content-encoding: gzip
content-length: 552
content-type: text/html
date: Wed, 30 Aug 2023 13:54:22 GMT
etag: "3a2-5c1ab16b3be00-gzip"
expires: Wed, 06 Sep 2023 13:54:22 GMT
last-modified: Thu, 06 May 2021 15:37:28 GMT
link: <https://adv-srv.office-partner.de/?utm_source=webgains&utm_campaign=webgains>; rel="canonical"
server: keycdn-engine
vary: Accept-Encoding
x-accel-version: 0.01
x-cache: HIT
x-edge-location: defr

GET
H/1.1 200
OK e99aace94e6e58733936cdd965d03e75 Show response
pv.medialead.de/trck/epv/ Frame 9E07 0
466 B 220ms
34ms Script
application/javascript 145.239.193.130
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://pv.medialead.de/trck/epv/e99aace94e6e58733936cdd965d03e75?subid=45250500104519004444550012432026&t=htlp&gdpr=1&consent=1&gdpr_consent=

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

145.239.193.130 , France, ASN16276 (OVH, FR),

Reverse DNS

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

Date: Wed, 30 Aug 2023 13:54:22 GMT
Strict-Transport-Security: max-age=15768000
Server: nginx
Host: pv.medialead.de
X-IPLB-Request-ID: 5413AFB8:94D6_91EFC182:01BB_64EF4A0E_968B9E8:22021
X-IPLB-Instance: 40027
Vary: Origin
Content-Type: application/javascript; charset=utf-8
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: X-Request-ID
Access-Control-Allow-Credentials: true
Content-Length: 0
Proxy-Host: pv.medialead.de

GET
H/1.1 200
OK e99aace94e6e58733936cdd965d03e75
pv.medialead.de/trck/eview/ Frame 9E07 43 B
482 B 378ms
150ms Image
image/gif 145.239.193.130
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pv.medialead.de/trck/eview/e99aace94e6e58733936cdd965d03e75?subid=45250500104519004444550012432026&t=htlp&gdpr=1&consent=1&gdpr_consent=

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

145.239.193.130 , France, ASN16276 (OVH, FR),

Reverse DNS

Software

nginx /

Resource Hash

548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

Date: Wed, 30 Aug 2023 13:54:22 GMT
Strict-Transport-Security: max-age=15768000
Server: nginx
Host: pv.medialead.de
X-IPLB-Request-ID: 5413AFB8:94EC_91EFC182:01BB_64EF4A0E_9685CEF:22024
X-IPLB-Instance: 40027
Vary: Origin
Content-Type: image/gif
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: X-Request-ID
Access-Control-Allow-Credentials: true
Content-Length: 43
Proxy-Host: pv.medialead.de

GET
H/1.1 200
OK cshow.php
www.awin1.com/ Frame 9E07 43 B
705 B 153ms
98ms Image
image/gif 23.218.170.194
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.awin1.com/cshow.php?s=3266505&v=11601&q=357526&r=113440&pref1=45250500104519004444550012432026&pv=1

Requested by

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

23.218.170.194 Munich, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-218-170-194.deploy.static.akamaitechnologies.com

Software

Resource Hash

2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 30 Aug 2023 13:54:22 GMT
Strict-Transport-Security: max-age=86400
Node: Helix
Content-Type: image/gif
P3P: policyref="http://www.awin1.com/w3c/p3p.xml", CP="NOI NID CURa ADMa PSAa HISa OUR IND UNI PUR COM NAV"
Cache-Control: no-store, no-cache, max-age=0, must-revalidate
Awin-Akamai-Rule-Set: default
Connection: keep-alive
Content-Length: 43
Expires: 0

GET
H/1.1 200
OK e99aace94e6e58733936cdd965d03e75 Show response
pv.medialead.de/trck/epv/ Frame EAE1 0
465 B 177ms
60ms Document
application/javascript 145.239.193.130
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://pv.medialead.de/trck/epv/e99aace94e6e58733936cdd965d03e75?subid=32045500103064804444550012432023&t=htlp&gdpr=1&consent=1&gdpr_consent=

Requested by

Host: hal900023.redintelligence.net
URL: https://hal900023.redintelligence.net/request.php?zone=g72h7lz2c4az&nw=20&renderingType=javascript&namespace=518e66827a&subid=&uid=33c350b8f4a0ba90&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=728x90&scrollPos=0x0&extData[]=&extVar[]=DV360_SSP%3A1&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DC2MnuDErvZOKeDtKWgAffzr3gC6blvaBphZWcp8kP8C4QASCglrcuYJWK-4GUB8gBCakCAHcZnNREsj6oAwHIA5sEqgTjAU_QIOiduovaRIYoJFrjYlaHkk1svkVqnwRVPdZm9vnDBn5afAqoj9TvECRd6ZvhKHNMDFU9_0kvps690TLSOLGQUoO7BU8Rw8F_s9VgpVDVRT2jBUVN3oyMJwEdzAJY93kFUZ5kJzjM3cZoUU0g5PaLOpOsOC2bIrpjj8hI10SuSdNYW1UQkfoObBc6cZ12viCKTt6buxCYL0o_-oAVpr6TZLkKwvgBG16-45khbA1THj75sWm2TBtRRsBjjXdenXIqrCvfmXt7kqlVf1Y9FidIliWVRGLK_H_oZ-ZZ160vFL4wwATrj_yO9wPgBAOIBe-vlog-kAYBoAZNgAesrfWfA6gH2baxAqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4bqAeaBqgH89EbqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCBYIgOGAEBABGB0yAqoCOgKAQEi9_cE6gAoBmAsByAsBgAwBqg0CREXIDQGwE8yc2RLQEwDYEwOIFAHYFAHQFQH4FgGAFwE%26ae%3D1%26gclid%3DEAIaIQobChMI4tSEncSEgQMVUgvgCh1fZw-8EAEYASAAEgK4nPD_BwE%26num%3D1%26cid%3DCAQSTABpAlJWjiLC6cN0y6Af-KVXk8DBkmSzEAbYcieNmu4lAVz1VLLZ_paAOVfDx0eYlW3te2SyfTWQ_evKRIWjp9kxnT6cOhSshvccfd0YAQ%26sig%3DAOD64_2aPQ6A8rtXgU2LjLNeuU2qlGbUlA%26client%3Dca-pub-8786690744144524%26dbm_c%3DAKAmf-ACkzZPs_lwSsVkeLLR_VsfuTKl2fpjgY0HHCh4ff5PCxqmE4DrKqwwkMoHPNetccjzGaC-lNXhRGfCVCHQ7DXXvCeSRp0xDlvxIgaVFCIv8vDUCVsf6h1blJSqY5rTfxQuNBKd1FaJJOW7bterDLiKkkFd-1DaJ31QQ8eHwvan29zwYvQ%26cry%3D1%26dbm_d%3DAKAmf-AVcMMRXiF-zVlJ66BEhAtH1LwpO0EnXwG6uMnPlP_ZnKK-T9Efc2C91TSfLQ89M5ZFWJ3pSbIrfk4boCPzuRpSi3fX1hPEyaGyrKFyc1ChyGH3vYUvvnuhQtR5NULXQzybRk4dQwZP6xjbjUHszMEP9HHzPOjLjGuOU5N3RKM_Xh8is89vBZ4Iv_j36NN9NARoOjH_JWNHOgJN0N2lhoLebbeIJqnVCPLys2w_aR2iXkc-TxwK2HMhWqc0bCw3booOLwjXcvAyUYMZzQk_JvxHO-cFPRfy8QugTYFwiIIau0kIw7i-JAeYTzW8EmZDGCArfHz3Vah6tXB-8tAse6dVmcXLLze9xD4U_YHpNSlJNbpBJ4oB0fX12ReJ0ySUSdxaRJWJXhMvq7v3jb-iQepQJnu64YqBX1P0tWMCf1nJEchC-cb4Hk1JuKdRRly_4CtbFCs9LSQwXlNUy5AMbPsYPtYqzrHTt3MLc3C1cQS5k6hkP4igHlY8SXFvcIccdISYxRzi%26adurl%3D&documentReferer=https%3A%2F%2Fepicenter.bg%2F&ancestorOrigins=https%3A%2F%2Fepicenter.bg&random=3699855567671&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

145.239.193.130 , France, ASN16276 (OVH, FR),

Reverse DNS

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000

Request headers

Referer: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: X-Request-ID
Content-Length: 0
Content-Type: application/javascript; charset=utf-8
Date: Wed, 30 Aug 2023 13:54:22 GMT
Host: pv.medialead.de
Proxy-Host: pv.medialead.de
Server: nginx
Strict-Transport-Security: max-age=15768000
Vary: Origin
X-IPLB-Instance: 40028
X-IPLB-Request-ID: 5413AFB8:94DA_91EFC182:01BB_64EF4A0E_9735DF1:B82C

GET
H2 200 / Show response
adv.office-partner.de/ Frame 686C 930 B
930 B 97ms
49ms Document
text/html 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to

Full URL: https://adv.office-partner.de/?utm_source=webgains&utm_campaign=webgains
Requested by: Host: hal900023.redintelligence.net
URL: https://hal900023.redintelligence.net/request.php?zone=g72h7lz2c4az&nw=20&renderingType=javascript&namespace=518e66827a&subid=&uid=33c350b8f4a0ba90&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=728x90&scrollPos=0x0&extData[]=&extVar[]=DV360_SSP%3A1&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DC2MnuDErvZOKeDtKWgAffzr3gC6blvaBphZWcp8kP8C4QASCglrcuYJWK-4GUB8gBCakCAHcZnNREsj6oAwHIA5sEqgTjAU_QIOiduovaRIYoJFrjYlaHkk1svkVqnwRVPdZm9vnDBn5afAqoj9TvECRd6ZvhKHNMDFU9_0kvps690TLSOLGQUoO7BU8Rw8F_s9VgpVDVRT2jBUVN3oyMJwEdzAJY93kFUZ5kJzjM3cZoUU0g5PaLOpOsOC2bIrpjj8hI10SuSdNYW1UQkfoObBc6cZ12viCKTt6buxCYL0o_-oAVpr6TZLkKwvgBG16-45khbA1THj75sWm2TBtRRsBjjXdenXIqrCvfmXt7kqlVf1Y9FidIliWVRGLK_H_oZ-ZZ160vFL4wwATrj_yO9wPgBAOIBe-vlog-kAYBoAZNgAesrfWfA6gH2baxAqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4bqAeaBqgH89EbqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCBYIgOGAEBABGB0yAqoCOgKAQEi9_cE6gAoBmAsByAsBgAwBqg0CREXIDQGwE8yc2RLQEwDYEwOIFAHYFAHQFQH4FgGAFwE%26ae%3D1%26gclid%3DEAIaIQobChMI4tSEncSEgQMVUgvgCh1fZw-8EAEYASAAEgK4nPD_BwE%26num%3D1%26cid%3DCAQSTABpAlJWjiLC6cN0y6Af-KVXk8DBkmSzEAbYcieNmu4lAVz1VLLZ_paAOVfDx0eYlW3te2SyfTWQ_evKRIWjp9kxnT6cOhSshvccfd0YAQ%26sig%3DAOD64_2aPQ6A8rtXgU2LjLNeuU2qlGbUlA%26client%3Dca-pub-8786690744144524%26dbm_c%3DAKAmf-ACkzZPs_lwSsVkeLLR_VsfuTKl2fpjgY0HHCh4ff5PCxqmE4DrKqwwkMoHPNetccjzGaC-lNXhRGfCVCHQ7DXXvCeSRp0xDlvxIgaVFCIv8vDUCVsf6h1blJSqY5rTfxQuNBKd1FaJJOW7bterDLiKkkFd-1DaJ31QQ8eHwvan29zwYvQ%26cry%3D1%26dbm_d%3DAKAmf-AVcMMRXiF-zVlJ66BEhAtH1LwpO0EnXwG6uMnPlP_ZnKK-T9Efc2C91TSfLQ89M5ZFWJ3pSbIrfk4boCPzuRpSi3fX1hPEyaGyrKFyc1ChyGH3vYUvvnuhQtR5NULXQzybRk4dQwZP6xjbjUHszMEP9HHzPOjLjGuOU5N3RKM_Xh8is89vBZ4Iv_j36NN9NARoOjH_JWNHOgJN0N2lhoLebbeIJqnVCPLys2w_aR2iXkc-TxwK2HMhWqc0bCw3booOLwjXcvAyUYMZzQk_JvxHO-cFPRfy8QugTYFwiIIau0kIw7i-JAeYTzW8EmZDGCArfHz3Vah6tXB-8tAse6dVmcXLLze9xD4U_YHpNSlJNbpBJ4oB0fX12ReJ0ySUSdxaRJWJXhMvq7v3jb-iQepQJnu64YqBX1P0tWMCf1nJEchC-cb4Hk1JuKdRRly_4CtbFCs9LSQwXlNUy5AMbPsYPtYqzrHTt3MLc3C1cQS5k6hkP4igHlY8SXFvcIccdISYxRzi%26adurl%3D&documentReferer=https%3A%2F%2Fepicenter.bg%2F&ancestorOrigins=https%3A%2F%2Fepicenter.bg&random=3699855567671&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),
Reverse DNS
Software: keycdn-engine /
Resource Hash: 384179ee8fb1fd393558e28ea811532ea776e8cd69f9e94f379ddefb78948bd7

Request headers

Referer: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
cache-control: max-age=604800
content-encoding: gzip
content-length: 552
content-type: text/html
date: Wed, 30 Aug 2023 13:54:22 GMT
etag: "3a2-5c1ab16b3be00-gzip"
expires: Wed, 06 Sep 2023 13:54:22 GMT
last-modified: Thu, 06 May 2021 15:37:28 GMT
link: <https://adv-srv.office-partner.de/?utm_source=webgains&utm_campaign=webgains>; rel="canonical"
server: keycdn-engine
vary: Accept-Encoding
x-accel-version: 0.01
x-cache: HIT
x-edge-location: defr

GET
H/1.1 200
OK e99aace94e6e58733936cdd965d03e75 Show response
pv.medialead.de/trck/epv/ Frame AE73 0
465 B 303ms
119ms Script
application/javascript 145.239.193.130
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://pv.medialead.de/trck/epv/e99aace94e6e58733936cdd965d03e75?subid=32045500103064804444550012432023&t=htlp&gdpr=1&consent=1&gdpr_consent=

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

145.239.193.130 , France, ASN16276 (OVH, FR),

Reverse DNS

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

Date: Wed, 30 Aug 2023 13:54:22 GMT
Strict-Transport-Security: max-age=15768000
Server: nginx
Host: pv.medialead.de
X-IPLB-Request-ID: 5413AFB8:94DC_91EFC182:01BB_64EF4A0E_9742B48:B82B
X-IPLB-Instance: 40028
Vary: Origin
Content-Type: application/javascript; charset=utf-8
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: X-Request-ID
Access-Control-Allow-Credentials: true
Content-Length: 0
Proxy-Host: pv.medialead.de

GET
H/1.1 200
OK e99aace94e6e58733936cdd965d03e75
pv.medialead.de/trck/eview/ Frame AE73 43 B
482 B 372ms
122ms Image
image/gif 145.239.193.130
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pv.medialead.de/trck/eview/e99aace94e6e58733936cdd965d03e75?subid=32045500103064804444550012432023&t=htlp&gdpr=1&consent=1&gdpr_consent=

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

145.239.193.130 , France, ASN16276 (OVH, FR),

Reverse DNS

Software

nginx /

Resource Hash

548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

Date: Wed, 30 Aug 2023 13:54:22 GMT
Strict-Transport-Security: max-age=15768000
Server: nginx
Host: pv.medialead.de
X-IPLB-Request-ID: 5413AFB8:94D8_91EFC182:01BB_64EF4A0E_9686C02:22022
X-IPLB-Instance: 40027
Vary: Origin
Content-Type: image/gif
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: X-Request-ID
Access-Control-Allow-Credentials: true
Content-Length: 43
Proxy-Host: pv.medialead.de

GET
H/1.1 200
OK cshow.php
www.awin1.com/ Frame AE73 43 B
705 B 193ms
84ms Image
image/gif 23.218.170.194
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.awin1.com/cshow.php?s=3266505&v=11601&q=357526&r=113440&pref1=32045500103064804444550012432023&pv=1

Requested by

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

23.218.170.194 Munich, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-218-170-194.deploy.static.akamaitechnologies.com

Software

Resource Hash

2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 30 Aug 2023 13:54:22 GMT
Strict-Transport-Security: max-age=86400
Node: Helix
Content-Type: image/gif
P3P: policyref="http://www.awin1.com/w3c/p3p.xml", CP="NOI NID CURa ADMa PSAa HISa OUR IND UNI PUR COM NAV"
Cache-Control: no-store, no-cache, max-age=0, must-revalidate
Awin-Akamai-Rule-Set: default
Connection: keep-alive
Content-Length: 43
Expires: 0

GET
H/1.1 200
OK e99aace94e6e58733936cdd965d03e75 Show response
pv.medialead.de/trck/epv/ Frame D914 0
466 B 175ms
59ms Document
application/javascript 145.239.193.130
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://pv.medialead.de/trck/epv/e99aace94e6e58733936cdd965d03e75?subid=24992600080970204444554012432007&t=htlp&gdpr=1&consent=1&gdpr_consent=

Requested by

Host: hal90007.redintelligence.net
URL: https://hal90007.redintelligence.net/request.php?zone=iju9wczm8trb&nw=20&renderingType=javascript&namespace=f305f2f53d&subid=&uid=be685c864a12fd7a&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=300x250&scrollPos=0x0&extData[]=&extVar[]=DV360_SSP%3A1&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCezr4DErvZNqeDtKWgAffzr3gC6blvaBprZWcp8kP8C4QASCglrcuYJWK-4GUB8gBCakCAHcZnNREsj6oAwHIA5sEqgTnAU_QkdHp1M4c3fOvzHQQySPbZbmSXNxwXrdpdDOz5YVQtUzjYUXDkbZA1i200ETqESmDYeSK_ldmk0CqNtBuruOulPwXpOS8tJxqkryJ8bC1Lz0NSo1d5rEMamLR72EL7M6M3_cy_1E5OzHLM-AO4F13MXV9YmZkFIsx37yMmAq4xCsx4gbIMDA2Epf1r13SzVk2TeD-w4Id4Y7I0o7GClRFS579R6n9R0LVMckpdpjjEGnD6XvJ4s1_vTvAp1ASLuaf-_x418bFvDLZR4DVV8RLbc11qgpbyeJnPiH4R2IXl-2EBGWtkcAE64_8jvcD4AQDiAXvr5aIPpAGAaAGTYAHrK31nwOoB9m2sQKoB47OG6gHk9gbqAfulrECqAf-nrECqAeko7ECqAfVyRuoB6a-G6gHmgaoB_PRG6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggWCIDhgBAQARgdMgKqAjoCgEBIvf3BOoAKAZgLAcgLAYAMAaoNAkRFyA0BsBPMnNkS0BMA2BMDiBQB2BQB0BUB-BYBgBcB%26ae%3D1%26gclid%3DEAIaIQobChMI2tSEncSEgQMVUgvgCh1fZw-8EAEYASAAEgLFRfD_BwE%26num%3D1%26cid%3DCAQSTABpAlJWjiLC6cN0y6Af-KVXk8DBkmSzEAbYcieNmu4lAVz1VLLZ_paAOVfDx0eYlW3te2SyfTWQ_evKRIWjp9kxnT6cOhSshvccfd0YAQ%26sig%3DAOD64_0lQRz0i9QvMW_r9FBdk8WuhiBsNg%26client%3Dca-pub-8786690744144524%26dbm_c%3DAKAmf-CtgoUckJmMNe_KcBhilP0I-HI-wa91kV92X7ndm6ONanqWd2Sf7-z-3wiF2HaBOWYyZl1jhBL40--2JMarzLKbbTpeiS2KzjmeN6cTi6IZzFU36uAol8u5Vu9L3ZtxRNzuu0T9H2zhfnGvw-0WFGnp-xk-I5TouUUz8ZhmZqlvnaNbMvg%26cry%3D1%26dbm_d%3DAKAmf-C8CwT9EclNpTA712891HeasXNIBNzPgeJCL17I6X1Wz3UYwJQ5e7C6R3hE5Ykd_QNn6MNM4BLc0ArvYxZUVVwk6S-t-ixp1hXrDOIDTXAaA4e1gfeqSf7_ztxBrB-0_BrFd-u-povDGRwVyloz06-HSHmNWOdljN5PIKyNfrCYHX3KRl3wmFaf_ncgWBjgL41-wJIgJoctNT6NYlJvwsGHXn6rXDZkBL5S9m6UymVVjzbSfmA02e0KtuurtrPGignfgKvmGT0V_137BZF2A9Z7ytxTyz0Efi3CYgHk6ril4MygYcRQamV6uwGi2LKXxVuqIwYf9rKqN9uZezrWcloWnbU30BzlwLFHHcLyn8_HA29zR8aBB3ZP8bDNrSEmbV27E9RExZ8TZV_IG8XT5elZEJNr3bslShmkHl1LdfISFm-_X_W7AXtt0in4YX-BebvxQ8ji7Jz_tUeWmnk82g26JIx1QMFv5xSQ4ZgGcbr_TZl0cJhFD0S6dLYMXaUwE2txm_L9%26adurl%3D&documentReferer=https%3A%2F%2Fepicenter.bg%2F&ancestorOrigins=https%3A%2F%2Fepicenter.bg&random=9292062750335&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

145.239.193.130 , France, ASN16276 (OVH, FR),

Reverse DNS

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000

Request headers

Referer: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: X-Request-ID
Content-Length: 0
Content-Type: application/javascript; charset=utf-8
Date: Wed, 30 Aug 2023 13:54:22 GMT
Host: pv.medialead.de
Proxy-Host: pv.medialead.de
Server: nginx
Strict-Transport-Security: max-age=15768000
Vary: Origin
X-IPLB-Instance: 40027
X-IPLB-Request-ID: 5413AFB8:94D6_91EFC182:01BB_64EF4A0E_968B9DD:22021

GET
H2 200 / Show response
adv.office-partner.de/ Frame E37B 930 B
930 B 75ms
31ms Document
text/html 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to

Full URL: https://adv.office-partner.de/?utm_source=webgains&utm_campaign=webgains
Requested by: Host: hal90007.redintelligence.net
URL: https://hal90007.redintelligence.net/request.php?zone=iju9wczm8trb&nw=20&renderingType=javascript&namespace=f305f2f53d&subid=&uid=be685c864a12fd7a&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=300x250&scrollPos=0x0&extData[]=&extVar[]=DV360_SSP%3A1&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCezr4DErvZNqeDtKWgAffzr3gC6blvaBprZWcp8kP8C4QASCglrcuYJWK-4GUB8gBCakCAHcZnNREsj6oAwHIA5sEqgTnAU_QkdHp1M4c3fOvzHQQySPbZbmSXNxwXrdpdDOz5YVQtUzjYUXDkbZA1i200ETqESmDYeSK_ldmk0CqNtBuruOulPwXpOS8tJxqkryJ8bC1Lz0NSo1d5rEMamLR72EL7M6M3_cy_1E5OzHLM-AO4F13MXV9YmZkFIsx37yMmAq4xCsx4gbIMDA2Epf1r13SzVk2TeD-w4Id4Y7I0o7GClRFS579R6n9R0LVMckpdpjjEGnD6XvJ4s1_vTvAp1ASLuaf-_x418bFvDLZR4DVV8RLbc11qgpbyeJnPiH4R2IXl-2EBGWtkcAE64_8jvcD4AQDiAXvr5aIPpAGAaAGTYAHrK31nwOoB9m2sQKoB47OG6gHk9gbqAfulrECqAf-nrECqAeko7ECqAfVyRuoB6a-G6gHmgaoB_PRG6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggWCIDhgBAQARgdMgKqAjoCgEBIvf3BOoAKAZgLAcgLAYAMAaoNAkRFyA0BsBPMnNkS0BMA2BMDiBQB2BQB0BUB-BYBgBcB%26ae%3D1%26gclid%3DEAIaIQobChMI2tSEncSEgQMVUgvgCh1fZw-8EAEYASAAEgLFRfD_BwE%26num%3D1%26cid%3DCAQSTABpAlJWjiLC6cN0y6Af-KVXk8DBkmSzEAbYcieNmu4lAVz1VLLZ_paAOVfDx0eYlW3te2SyfTWQ_evKRIWjp9kxnT6cOhSshvccfd0YAQ%26sig%3DAOD64_0lQRz0i9QvMW_r9FBdk8WuhiBsNg%26client%3Dca-pub-8786690744144524%26dbm_c%3DAKAmf-CtgoUckJmMNe_KcBhilP0I-HI-wa91kV92X7ndm6ONanqWd2Sf7-z-3wiF2HaBOWYyZl1jhBL40--2JMarzLKbbTpeiS2KzjmeN6cTi6IZzFU36uAol8u5Vu9L3ZtxRNzuu0T9H2zhfnGvw-0WFGnp-xk-I5TouUUz8ZhmZqlvnaNbMvg%26cry%3D1%26dbm_d%3DAKAmf-C8CwT9EclNpTA712891HeasXNIBNzPgeJCL17I6X1Wz3UYwJQ5e7C6R3hE5Ykd_QNn6MNM4BLc0ArvYxZUVVwk6S-t-ixp1hXrDOIDTXAaA4e1gfeqSf7_ztxBrB-0_BrFd-u-povDGRwVyloz06-HSHmNWOdljN5PIKyNfrCYHX3KRl3wmFaf_ncgWBjgL41-wJIgJoctNT6NYlJvwsGHXn6rXDZkBL5S9m6UymVVjzbSfmA02e0KtuurtrPGignfgKvmGT0V_137BZF2A9Z7ytxTyz0Efi3CYgHk6ril4MygYcRQamV6uwGi2LKXxVuqIwYf9rKqN9uZezrWcloWnbU30BzlwLFHHcLyn8_HA29zR8aBB3ZP8bDNrSEmbV27E9RExZ8TZV_IG8XT5elZEJNr3bslShmkHl1LdfISFm-_X_W7AXtt0in4YX-BebvxQ8ji7Jz_tUeWmnk82g26JIx1QMFv5xSQ4ZgGcbr_TZl0cJhFD0S6dLYMXaUwE2txm_L9%26adurl%3D&documentReferer=https%3A%2F%2Fepicenter.bg%2F&ancestorOrigins=https%3A%2F%2Fepicenter.bg&random=9292062750335&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),
Reverse DNS
Software: keycdn-engine /
Resource Hash: 384179ee8fb1fd393558e28ea811532ea776e8cd69f9e94f379ddefb78948bd7

Request headers

Referer: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
cache-control: max-age=604800
content-encoding: gzip
content-length: 552
content-type: text/html
date: Wed, 30 Aug 2023 13:54:22 GMT
etag: "3a2-5c1ab16b3be00-gzip"
expires: Wed, 06 Sep 2023 13:54:22 GMT
last-modified: Thu, 06 May 2021 15:37:28 GMT
link: <https://adv-srv.office-partner.de/?utm_source=webgains&utm_campaign=webgains>; rel="canonical"
server: keycdn-engine
vary: Accept-Encoding
x-accel-version: 0.01
x-cache: HIT
x-edge-location: defr

GET
H/1.1 200
OK e99aace94e6e58733936cdd965d03e75 Show response
pv.medialead.de/trck/epv/ Frame 2F46 0
466 B 388ms
191ms Script
application/javascript 145.239.193.130
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://pv.medialead.de/trck/epv/e99aace94e6e58733936cdd965d03e75?subid=24992600080970204444554012432007&t=htlp&gdpr=1&consent=1&gdpr_consent=

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

145.239.193.130 , France, ASN16276 (OVH, FR),

Reverse DNS

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

Date: Wed, 30 Aug 2023 13:54:22 GMT
Strict-Transport-Security: max-age=15768000
Server: nginx
Host: pv.medialead.de
X-IPLB-Request-ID: 5413AFB8:94DE_91EFC182:01BB_64EF4A0E_9686BF9:22022
X-IPLB-Instance: 40027
Vary: Origin
Content-Type: application/javascript; charset=utf-8
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: X-Request-ID
Access-Control-Allow-Credentials: true
Content-Length: 0
Proxy-Host: pv.medialead.de

GET
H/1.1 200
OK e99aace94e6e58733936cdd965d03e75
pv.medialead.de/trck/eview/ Frame 2F46 43 B
481 B 682ms
389ms Image
image/gif 145.239.193.130
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pv.medialead.de/trck/eview/e99aace94e6e58733936cdd965d03e75?subid=24992600080970204444554012432007&t=htlp&gdpr=1&consent=1&gdpr_consent=

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

145.239.193.130 , France, ASN16276 (OVH, FR),

Reverse DNS

Software

nginx /

Resource Hash

548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

Date: Wed, 30 Aug 2023 13:54:23 GMT
Strict-Transport-Security: max-age=15768000
Server: nginx
Host: pv.medialead.de
X-IPLB-Request-ID: 5413AFB8:94DA_91EFC182:01BB_64EF4A0E_9735E07:B82C
X-IPLB-Instance: 40028
Vary: Origin
Content-Type: image/gif
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: X-Request-ID
Access-Control-Allow-Credentials: true
Content-Length: 43
Proxy-Host: pv.medialead.de

GET
H/1.1 200
OK cshow.php
www.awin1.com/ Frame 2F46 43 B
705 B 189ms
61ms Image
image/gif 23.218.170.194
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.awin1.com/cshow.php?s=3266505&v=11601&q=357526&r=113440&pref1=24992600080970204444554012432007&pv=1

Requested by

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

23.218.170.194 Munich, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-218-170-194.deploy.static.akamaitechnologies.com

Software

Resource Hash

2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 30 Aug 2023 13:54:22 GMT
Strict-Transport-Security: max-age=86400
Node: Helix
Content-Type: image/gif
P3P: policyref="http://www.awin1.com/w3c/p3p.xml", CP="NOI NID CURa ADMa PSAa HISa OUR IND UNI PUR COM NAV"
Cache-Control: no-store, no-cache, max-age=0, must-revalidate
Awin-Akamai-Rule-Set: default
Connection: keep-alive
Content-Length: 43
Expires: 0

GET
H/1.1 200
OK e99aace94e6e5873881d3400993e1e7e Show response
pv.medialead.de/trck/epv/ Frame 92C3 0
465 B 173ms
56ms Document
application/javascript 145.239.193.130
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://pv.medialead.de/trck/epv/e99aace94e6e5873881d3400993e1e7e?subid=79536100085385804444550012432017&t=htlp&gdpr=1&consent=1&gdpr_consent=

Requested by

Host: hal900017.redintelligence.net
URL: https://hal900017.redintelligence.net/request.php?zone=g72h7lz2c4az&nw=20&renderingType=javascript&namespace=03e92d79e8&subid=&uid=5803dbedce46688e&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=728x90&scrollPos=0x0&extData[]=&extVar[]=DV360_SSP%3A1&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCqkRbDErvZOCeDtKWgAffzr3gC6blvaBphZWcp8kP8C4QASCglrcuYJWK-4GUB8gBCakCAHcZnNREsj6oAwHIA5sEqgTjAU_QwNxbqvHJyv9nknu14ztYQEuwKKSApdTG4bn-FZNkuiMEzo4mZTKVS0vC8rwhmEnXIoT0zkMo_5fSgt8QzpHLmbnHKI0MYx5tD7e2vpAIwS7t62--3av-KOLJTGNRuhvEoZ3Hu-LOgjh5GSarwWC6Yijfc7qm3lEU386FWCDKk00Y-GDMcu67SqORC6Y2fN6W9SfdItki-pPq_sU4Xi_DUZ45MVLmpWhyg7zs73ikDtUgppDVGXUGJz9MJV-ELjn0UXcNLOtsf3Cn07icXhguqF-5uwCWUE-eyOrXkEn5-j6xwATrj_yO9wPgBAOIBe-vlog-kAYBoAZNgAesrfWfA6gH2baxAqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4bqAeaBqgH89EbqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCBYIgOGAEBABGB0yAqoCOgKAQEi9_cE6gAoBmAsByAsBgAwBqg0CREXIDQGwE8yc2RLQEwDYEwOIFAHYFAHQFQH4FgGAFwE%26ae%3D1%26gclid%3DEAIaIQobChMI4NSEncSEgQMVUgvgCh1fZw-8EAEYASAAEgJ51vD_BwE%26num%3D1%26cid%3DCAQSTABpAlJWjiLC6cN0y6Af-KVXk8DBkmSzEAbYcieNmu4lAVz1VLLZ_paAOVfDx0eYlW3te2SyfTWQ_evKRIWjp9kxnT6cOhSshvccfd0YAQ%26sig%3DAOD64_2TP0CDPJ9UTCEyFdHT8KKcf61GBQ%26client%3Dca-pub-8786690744144524%26dbm_c%3DAKAmf-DsQ_EVf7mlm6e04YSFM4booo0DBvDCJ2MtbIoGBlZZjrcKjdEuJ9QdBAM4mriUi0BM1btTwh6ejCXjTzSVyHl4MSqEA1QwxPiL6EbzRaOpI2GoLeJ3oU5IFLQrt2qfEvVg_kaenLvJGgFO1XoRFcrwjzzMpNgb21LTTcNeNlFNILb4pp4%26cry%3D1%26dbm_d%3DAKAmf-BGdpAi27nxU2ohuIDehv-F_ARBz8CepSQDdaJg5w8e5VBNUvO2Wk7GbSXRdRAxqdqGhH9EtwSNkw9alkhfCk7q_owm3lRMKduEKK1DThQMVj1dd1x5aXLFq2J3__AW_OjZOpmQAVm3YNr2kwMj7ROqG62ll0lqkTj1VVxMW4-Yp2d3JH2NA7se1N5t8KuPn0E37k4mnIwX6wYLnghtQQH1eIhyvopSvRPiLeXze9I5WO4tsihtOOB5ySc08shZUs-vzeT5ntOFl8NdvqYwB1_s1hHDfLzAmvzrzrK-A-26mIgu0g4L1u516S3o64GRTpZrQK-8IpdWEra0Zq5V9rM3UMBsc_wyW0hMTDCOuSfb6pRiYALOkMtVsZpWNsSYod6VTmAru53V7Z5OhpnOO5I9-52DE2j0SGvBVmrxwDQlvE9T86lr1HZ9ANyD6cRZ6IJlCJt0mbGfTCygDiEVm62EQKSP8pfWEs3hzaHWOywm_TRc1OvE5r4bGSgFGw717r8gy86o%26adurl%3D&documentReferer=https%3A%2F%2Fepicenter.bg%2F&ancestorOrigins=https%3A%2F%2Fepicenter.bg&random=6486257054918&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

145.239.193.130 , France, ASN16276 (OVH, FR),

Reverse DNS

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000

Request headers

Referer: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: X-Request-ID
Content-Length: 0
Content-Type: application/javascript; charset=utf-8
Date: Wed, 30 Aug 2023 13:54:22 GMT
Host: pv.medialead.de
Proxy-Host: pv.medialead.de
Server: nginx
Strict-Transport-Security: max-age=15768000
Vary: Origin
X-IPLB-Instance: 40028
X-IPLB-Request-ID: 5413AFB8:94DC_91EFC182:01BB_64EF4A0E_9742B3C:B82B

GET
H2 200 / Show response
adv.office-partner.de/ Frame 03F1 930 B
930 B 72ms
30ms Document
text/html 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to

Full URL: https://adv.office-partner.de/?utm_source=webgains&utm_campaign=webgains
Requested by: Host: hal900017.redintelligence.net
URL: https://hal900017.redintelligence.net/request.php?zone=g72h7lz2c4az&nw=20&renderingType=javascript&namespace=03e92d79e8&subid=&uid=5803dbedce46688e&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=728x90&scrollPos=0x0&extData[]=&extVar[]=DV360_SSP%3A1&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCqkRbDErvZOCeDtKWgAffzr3gC6blvaBphZWcp8kP8C4QASCglrcuYJWK-4GUB8gBCakCAHcZnNREsj6oAwHIA5sEqgTjAU_QwNxbqvHJyv9nknu14ztYQEuwKKSApdTG4bn-FZNkuiMEzo4mZTKVS0vC8rwhmEnXIoT0zkMo_5fSgt8QzpHLmbnHKI0MYx5tD7e2vpAIwS7t62--3av-KOLJTGNRuhvEoZ3Hu-LOgjh5GSarwWC6Yijfc7qm3lEU386FWCDKk00Y-GDMcu67SqORC6Y2fN6W9SfdItki-pPq_sU4Xi_DUZ45MVLmpWhyg7zs73ikDtUgppDVGXUGJz9MJV-ELjn0UXcNLOtsf3Cn07icXhguqF-5uwCWUE-eyOrXkEn5-j6xwATrj_yO9wPgBAOIBe-vlog-kAYBoAZNgAesrfWfA6gH2baxAqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4bqAeaBqgH89EbqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCBYIgOGAEBABGB0yAqoCOgKAQEi9_cE6gAoBmAsByAsBgAwBqg0CREXIDQGwE8yc2RLQEwDYEwOIFAHYFAHQFQH4FgGAFwE%26ae%3D1%26gclid%3DEAIaIQobChMI4NSEncSEgQMVUgvgCh1fZw-8EAEYASAAEgJ51vD_BwE%26num%3D1%26cid%3DCAQSTABpAlJWjiLC6cN0y6Af-KVXk8DBkmSzEAbYcieNmu4lAVz1VLLZ_paAOVfDx0eYlW3te2SyfTWQ_evKRIWjp9kxnT6cOhSshvccfd0YAQ%26sig%3DAOD64_2TP0CDPJ9UTCEyFdHT8KKcf61GBQ%26client%3Dca-pub-8786690744144524%26dbm_c%3DAKAmf-DsQ_EVf7mlm6e04YSFM4booo0DBvDCJ2MtbIoGBlZZjrcKjdEuJ9QdBAM4mriUi0BM1btTwh6ejCXjTzSVyHl4MSqEA1QwxPiL6EbzRaOpI2GoLeJ3oU5IFLQrt2qfEvVg_kaenLvJGgFO1XoRFcrwjzzMpNgb21LTTcNeNlFNILb4pp4%26cry%3D1%26dbm_d%3DAKAmf-BGdpAi27nxU2ohuIDehv-F_ARBz8CepSQDdaJg5w8e5VBNUvO2Wk7GbSXRdRAxqdqGhH9EtwSNkw9alkhfCk7q_owm3lRMKduEKK1DThQMVj1dd1x5aXLFq2J3__AW_OjZOpmQAVm3YNr2kwMj7ROqG62ll0lqkTj1VVxMW4-Yp2d3JH2NA7se1N5t8KuPn0E37k4mnIwX6wYLnghtQQH1eIhyvopSvRPiLeXze9I5WO4tsihtOOB5ySc08shZUs-vzeT5ntOFl8NdvqYwB1_s1hHDfLzAmvzrzrK-A-26mIgu0g4L1u516S3o64GRTpZrQK-8IpdWEra0Zq5V9rM3UMBsc_wyW0hMTDCOuSfb6pRiYALOkMtVsZpWNsSYod6VTmAru53V7Z5OhpnOO5I9-52DE2j0SGvBVmrxwDQlvE9T86lr1HZ9ANyD6cRZ6IJlCJt0mbGfTCygDiEVm62EQKSP8pfWEs3hzaHWOywm_TRc1OvE5r4bGSgFGw717r8gy86o%26adurl%3D&documentReferer=https%3A%2F%2Fepicenter.bg%2F&ancestorOrigins=https%3A%2F%2Fepicenter.bg&random=6486257054918&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),
Reverse DNS
Software: keycdn-engine /
Resource Hash: 384179ee8fb1fd393558e28ea811532ea776e8cd69f9e94f379ddefb78948bd7

Request headers

Referer: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
cache-control: max-age=604800
content-encoding: gzip
content-length: 552
content-type: text/html
date: Wed, 30 Aug 2023 13:54:22 GMT
etag: "3a2-5c1ab16b3be00-gzip"
expires: Wed, 06 Sep 2023 13:54:22 GMT
last-modified: Thu, 06 May 2021 15:37:28 GMT
link: <https://adv-srv.office-partner.de/?utm_source=webgains&utm_campaign=webgains>; rel="canonical"
server: keycdn-engine
vary: Accept-Encoding
x-accel-version: 0.01
x-cache: HIT
x-edge-location: defr

GET
H2 200 link.html Show response
track.webgains.com/ Frame 1425 2 KB
2 KB 141ms
84ms Script
text/html 3.9.22.61
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://track.webgains.com/link.html?wglinkid=2513145&wgcampaignid=99582&js=1&viewref=79536100085385804444550012432017&nw=1
Requested by: Host: epicenter.bg
URL: https://epicenter.bg/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.9.22.61 London, United Kingdom, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-9-22-61.eu-west-2.compute.amazonaws.com
Software: nginx / PHP/7.4.26
Resource Hash: 1a1139cb261fd4c7786ca1ac97bc96bdc99936a48fcdd5a4e0f78be6c266c95f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Wed, 30 Aug 2023 13:54:22 GMT
last-modified: Wed, 30 Aug 2023 13:54:22 GMT
server: nginx
x-powered-by: PHP/7.4.26
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=60
access-control-allow-headers: Authorization
expires: Wed, 30 Aug 2023 13:55:22 GMT

GET
H2

200

activityi;dc_pre=COCSnJ7EhIEDFU4MaAgdWUgHeA;src=8019191;type=invmedia;cat=1up4h04i;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=8405961735339.038 Show response
8019191.fls.doubleclick.net/ Frame 4D47
Redirect Chain

https://8019191.fls.doubleclick.net/activityi;src=8019191;type=invmedia;cat=1up4h04i;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=8405961735339.038?
https://8019191.fls.doubleclick.net/activityi;dc_pre=COCSnJ7EhIEDFU4MaAgdWUgHeA;src=8019191;type=invmedia;cat=1up4h04i;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=8405961735339.038?

391 B
327 B

139ms
134ms

Document
text/html

172.217.16.134
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://8019191.fls.doubleclick.net/activityi;dc_pre=COCSnJ7EhIEDFU4MaAgdWUgHeA;src=8019191;type=invmedia;cat=1up4h04i;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=8405961735339.038?

Requested by

Host: epicenter.bg
URL: https://epicenter.bg/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.16.134 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

zrh04s06-in-f134.1e100.net

Software

cafe /

Resource Hash

7eb98bff359f5293dfb2c4338ae77b8db487c98a054cb175357035b498b15837

Security Headers

Name	Value
Strict-Transport-Security	max-age=21600
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=0
content-encoding: br
content-length: 218
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 30 Aug 2023 13:54:22 GMT
expires: Wed, 30 Aug 2023 13:54:22 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
strict-transport-security: max-age=21600
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, must-revalidate
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 30 Aug 2023 13:54:22 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
follow-only-when-prerender-shown: 1
location: https://8019191.fls.doubleclick.net/activityi;dc_pre=COCSnJ7EhIEDFU4MaAgdWUgHeA;src=8019191;type=invmedia;cat=1up4h04i;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=8405961735339.038?
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma: no-cache
server: cafe
strict-transport-security: max-age=21600
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H/1.1 200
OK request_content.php Show response
hal900017.redintelligence.net/ Frame 3C87 7 KB
2 KB 78ms
27ms Document
text/html 159.69.70.9
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal900017.redintelligence.net/request_content.php?s=79536100085385804444550012432017&a=a09ca89a
Requested by: Host: hal900017.redintelligence.net
URL: https://hal900017.redintelligence.net/request.php?zone=g72h7lz2c4az&nw=20&renderingType=javascript&namespace=03e92d79e8&subid=&uid=5803dbedce46688e&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=728x90&scrollPos=0x0&extData[]=&extVar[]=DV360_SSP%3A1&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCqkRbDErvZOCeDtKWgAffzr3gC6blvaBphZWcp8kP8C4QASCglrcuYJWK-4GUB8gBCakCAHcZnNREsj6oAwHIA5sEqgTjAU_QwNxbqvHJyv9nknu14ztYQEuwKKSApdTG4bn-FZNkuiMEzo4mZTKVS0vC8rwhmEnXIoT0zkMo_5fSgt8QzpHLmbnHKI0MYx5tD7e2vpAIwS7t62--3av-KOLJTGNRuhvEoZ3Hu-LOgjh5GSarwWC6Yijfc7qm3lEU386FWCDKk00Y-GDMcu67SqORC6Y2fN6W9SfdItki-pPq_sU4Xi_DUZ45MVLmpWhyg7zs73ikDtUgppDVGXUGJz9MJV-ELjn0UXcNLOtsf3Cn07icXhguqF-5uwCWUE-eyOrXkEn5-j6xwATrj_yO9wPgBAOIBe-vlog-kAYBoAZNgAesrfWfA6gH2baxAqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4bqAeaBqgH89EbqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCBYIgOGAEBABGB0yAqoCOgKAQEi9_cE6gAoBmAsByAsBgAwBqg0CREXIDQGwE8yc2RLQEwDYEwOIFAHYFAHQFQH4FgGAFwE%26ae%3D1%26gclid%3DEAIaIQobChMI4NSEncSEgQMVUgvgCh1fZw-8EAEYASAAEgJ51vD_BwE%26num%3D1%26cid%3DCAQSTABpAlJWjiLC6cN0y6Af-KVXk8DBkmSzEAbYcieNmu4lAVz1VLLZ_paAOVfDx0eYlW3te2SyfTWQ_evKRIWjp9kxnT6cOhSshvccfd0YAQ%26sig%3DAOD64_2TP0CDPJ9UTCEyFdHT8KKcf61GBQ%26client%3Dca-pub-8786690744144524%26dbm_c%3DAKAmf-DsQ_EVf7mlm6e04YSFM4booo0DBvDCJ2MtbIoGBlZZjrcKjdEuJ9QdBAM4mriUi0BM1btTwh6ejCXjTzSVyHl4MSqEA1QwxPiL6EbzRaOpI2GoLeJ3oU5IFLQrt2qfEvVg_kaenLvJGgFO1XoRFcrwjzzMpNgb21LTTcNeNlFNILb4pp4%26cry%3D1%26dbm_d%3DAKAmf-BGdpAi27nxU2ohuIDehv-F_ARBz8CepSQDdaJg5w8e5VBNUvO2Wk7GbSXRdRAxqdqGhH9EtwSNkw9alkhfCk7q_owm3lRMKduEKK1DThQMVj1dd1x5aXLFq2J3__AW_OjZOpmQAVm3YNr2kwMj7ROqG62ll0lqkTj1VVxMW4-Yp2d3JH2NA7se1N5t8KuPn0E37k4mnIwX6wYLnghtQQH1eIhyvopSvRPiLeXze9I5WO4tsihtOOB5ySc08shZUs-vzeT5ntOFl8NdvqYwB1_s1hHDfLzAmvzrzrK-A-26mIgu0g4L1u516S3o64GRTpZrQK-8IpdWEra0Zq5V9rM3UMBsc_wyW0hMTDCOuSfb6pRiYALOkMtVsZpWNsSYod6VTmAru53V7Z5OhpnOO5I9-52DE2j0SGvBVmrxwDQlvE9T86lr1HZ9ANyD6cRZ6IJlCJt0mbGfTCygDiEVm62EQKSP8pfWEs3hzaHWOywm_TRc1OvE5r4bGSgFGw717r8gy86o%26adurl%3D&documentReferer=https%3A%2F%2Fepicenter.bg%2F&ancestorOrigins=https%3A%2F%2Fepicenter.bg&random=6486257054918&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 159.69.70.9 Nuremberg, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.9.70.69.159.clients.your-server.de
Software: Apache /
Resource Hash: ae1e021add30c1a6595dcbf8eca884b6ce234884181af6cb4956ee412912ecd0

Request headers

Referer: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Connection: close
Content-Encoding: gzip
Content-Length: 2085
Content-Type: text/html; charset=utf-8
Date: Wed, 30 Aug 2023 13:54:22 GMT
Expires: Wed, 30 Aug 2023 14:54:22 +0200
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Pragma: no-cache
Server: Apache
Vary: Accept-Encoding

GET
H/1.1

200
OK

e99aace94e6e5873881d3400993e1e7e
pv.medialead.de/trck/eview/ Frame 1425
Redirect Chain

https://medialead.de/trck/eview/e99aace94e6e5873881d3400993e1e7e?subid=79536100085385804444550012432017&t=htlp&gdpr=1&consent=1&gdpr_consent=
https://pv.medialead.de/trck/eview/e99aace94e6e5873881d3400993e1e7e?subid=79536100085385804444550012432017&t=htlp&gdpr=1&consent=1&gdpr_consent=

43 B
482 B

742ms
742ms

Image
image/gif

145.239.193.130
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pv.medialead.de/trck/eview/e99aace94e6e5873881d3400993e1e7e?subid=79536100085385804444550012432017&t=htlp&gdpr=1&consent=1&gdpr_consent=

Requested by

Host: 10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com
URL: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

HTTP/1.1

Server

145.239.193.130 , France, ASN16276 (OVH, FR),

Reverse DNS

Software

nginx /

Resource Hash

548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

Date: Wed, 30 Aug 2023 13:54:23 GMT
Strict-Transport-Security: max-age=15768000
Server: nginx
Host: pv.medialead.de
X-IPLB-Request-ID: 5413AFB8:94D8_91EFC182:01BB_64EF4A0F_9686C15:22022
X-IPLB-Instance: 40027
Vary: Origin
Content-Type: image/gif
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: X-Request-ID
Access-Control-Allow-Credentials: true
Content-Length: 43
Proxy-Host: pv.medialead.de

Redirect headers

location: https://pv.medialead.de/trck/eview/e99aace94e6e5873881d3400993e1e7e?subid=79536100085385804444550012432017&t=htlp&gdpr=1&consent=1&gdpr_consent=
date: Wed, 30 Aug 2023 13:54:22 GMT
server: nginx
content-length: 154
content-type: text/html

GET
H/1.1 200
OK cshow.php
www.awin1.com/ Frame 1425 43 B
705 B 224ms
98ms Image
image/gif 23.218.170.194
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.awin1.com/cshow.php?s=3266505&v=11601&q=357526&r=113440&pref1=79536100085385804444550012432017&pv=1

Requested by

Host: 10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com
URL: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

23.218.170.194 Munich, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-218-170-194.deploy.static.akamaitechnologies.com

Software

Resource Hash

2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 30 Aug 2023 13:54:22 GMT
Strict-Transport-Security: max-age=86400
Node: Helix
Content-Type: image/gif
P3P: policyref="http://www.awin1.com/w3c/p3p.xml", CP="NOI NID CURa ADMa PSAa HISa OUR IND UNI PUR COM NAV"
Cache-Control: no-store, no-cache, max-age=0, must-revalidate
Awin-Akamai-Rule-Set: default
Connection: keep-alive
Content-Length: 43
Expires: 0

GET
H/1.1 200
OK e99aace94e6e5873881d3400993e1e7e Show response
pv.medialead.de/trck/epv/ Frame 1006 0
466 B 209ms
90ms Document
application/javascript 145.239.193.130
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://pv.medialead.de/trck/epv/e99aace94e6e5873881d3400993e1e7e?subid=25812900085264604444550012432010&t=htlp&gdpr=1&consent=1&gdpr_consent=

Requested by

Host: hal900010.redintelligence.net
URL: https://hal900010.redintelligence.net/request.php?zone=g72h7lz2c4az&nw=20&renderingType=javascript&namespace=d35d966b62&subid=&uid=f187d17bbc334c70&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=728x90&scrollPos=0x0&extData[]=&extVar[]=DV360_SSP%3A1&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCPsDODErvZNueDtKWgAffzr3gC6blvaBphZWcp8kP8C4QASCglrcuYJWK-4GUB8gBCakCAHcZnNREsj6oAwHIA5sEqgTjAU_QvOms8IisSeCve-__4gSEnvAzlgesxogxBpHvMhCA8_sJQlycGZVc0MuXlykKSkNnEw1gyY--F2zuL7-mmOJJeCPYjPLs_J_ujPukxD20KrgWcGs8c_pB2vfzLKcTdnccgiHPYTg4Tjt-s8VcEg8W3fo4n9JuF9QzcAQmBj1rep_j03KnpELJq2GFNv6tYw0Hcf3-8XTXeaUZ7GEgRmQ1XD5V48lw-F6CvEdYUXi-rqQX83kqsd5dv0GSd4X5CFkGyFvY2NBxRKHCz2sjurWh73aSkVTRg1JUHaU04x5BuIYqwATrj_yO9wPgBAOIBe-vlog-kAYBoAZNgAesrfWfA6gH2baxAqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4bqAeaBqgH89EbqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCBYIgOGAEBABGB0yAqoCOgKAQEi9_cE6gAoBmAsByAsBgAwBqg0CREXIDQGwE8yc2RLQEwDYEwOIFAHYFAHQFQH4FgGAFwE%26ae%3D1%26gclid%3DEAIaIQobChMI29SEncSEgQMVUgvgCh1fZw-8EAEYASAAEgKZavD_BwE%26num%3D1%26cid%3DCAQSTABpAlJWjiLC6cN0y6Af-KVXk8DBkmSzEAbYcieNmu4lAVz1VLLZ_paAOVfDx0eYlW3te2SyfTWQ_evKRIWjp9kxnT6cOhSshvccfd0YAQ%26sig%3DAOD64_31UEvVHYKrXrBo5mT4EbNlyduduQ%26client%3Dca-pub-8786690744144524%26dbm_c%3DAKAmf-Czolb8RHcrCnoHqUEYCU2p3iPn8sy75wqVFhF-SNutxQ6dAjQjGrrOALFNV75dLhBskM2nxMR5zpcCdIU1XblvKisZo4mxN0G8rH_v05vymgmE3RMMHZEelbzoZlag4fsum0lVXhTT1GdL3BoPgaQwEnFPxMOh3qpuxpMYgZTAdMh0QgA%26cry%3D1%26dbm_d%3DAKAmf-CS0gdS9VSlOB3rHFSA0iitUBBx24gRHAEl0rWEjz6fLlQL90uZf-8YPeOKcD070KVIh9NAB7bweNDO7FgcYksvES5xFZ1Up8D55xZ_hXZqYeqDG6wDzYeByWDef3b96cPz0cuPiC2MUOenGmEOHuLknMxV_d1xDpqJ47Y2pJwNl_zPDrzW54wSFm9NRRfMcTGToKOWYJuJgpynKyHXtJyfy642xfw4M6XGYqkrU-jiobi8bQT_WORSdl7FqmkAom0itQheC7zuqvQjzQDJibJAxFHxdsmKFwRev0mWvrsspj41vEJ2RXm4a8KApvCVUiiKt2gmXjDAm448q-vA6WUuR-lNRKMgnAJi5Sk0TNta0CJ9bTCCi7CVUT0aw9ZH8-ea0mPSX_06-pm3TyIlD889LGu0TzSHsi4OWwfNciVlse9HmPJ8QFL--0A7lzZ6p-mzGmNdEdLtrPUTyxlzJGEzsAJBjw4vSkz1HEBzh_p9B4MpamdjueVsAmOTMiFHtHtEnwVR%26adurl%3D&documentReferer=https%3A%2F%2Fepicenter.bg%2F&ancestorOrigins=https%3A%2F%2Fepicenter.bg&random=2926690851918&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

145.239.193.130 , France, ASN16276 (OVH, FR),

Reverse DNS

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000

Request headers

Referer: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: X-Request-ID
Content-Length: 0
Content-Type: application/javascript; charset=utf-8
Date: Wed, 30 Aug 2023 13:54:22 GMT
Host: pv.medialead.de
Proxy-Host: pv.medialead.de
Server: nginx
Strict-Transport-Security: max-age=15768000
Vary: Origin
X-IPLB-Instance: 40027
X-IPLB-Request-ID: 5413AFB8:94EC_91EFC182:01BB_64EF4A0E_9685CDB:22024

GET
H2 200 / Show response
adv.office-partner.de/ Frame 0D11 930 B
930 B 86ms
51ms Document
text/html 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to

Full URL: https://adv.office-partner.de/?utm_source=webgains&utm_campaign=webgains
Requested by: Host: hal900010.redintelligence.net
URL: https://hal900010.redintelligence.net/request.php?zone=g72h7lz2c4az&nw=20&renderingType=javascript&namespace=d35d966b62&subid=&uid=f187d17bbc334c70&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=728x90&scrollPos=0x0&extData[]=&extVar[]=DV360_SSP%3A1&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCPsDODErvZNueDtKWgAffzr3gC6blvaBphZWcp8kP8C4QASCglrcuYJWK-4GUB8gBCakCAHcZnNREsj6oAwHIA5sEqgTjAU_QvOms8IisSeCve-__4gSEnvAzlgesxogxBpHvMhCA8_sJQlycGZVc0MuXlykKSkNnEw1gyY--F2zuL7-mmOJJeCPYjPLs_J_ujPukxD20KrgWcGs8c_pB2vfzLKcTdnccgiHPYTg4Tjt-s8VcEg8W3fo4n9JuF9QzcAQmBj1rep_j03KnpELJq2GFNv6tYw0Hcf3-8XTXeaUZ7GEgRmQ1XD5V48lw-F6CvEdYUXi-rqQX83kqsd5dv0GSd4X5CFkGyFvY2NBxRKHCz2sjurWh73aSkVTRg1JUHaU04x5BuIYqwATrj_yO9wPgBAOIBe-vlog-kAYBoAZNgAesrfWfA6gH2baxAqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4bqAeaBqgH89EbqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCBYIgOGAEBABGB0yAqoCOgKAQEi9_cE6gAoBmAsByAsBgAwBqg0CREXIDQGwE8yc2RLQEwDYEwOIFAHYFAHQFQH4FgGAFwE%26ae%3D1%26gclid%3DEAIaIQobChMI29SEncSEgQMVUgvgCh1fZw-8EAEYASAAEgKZavD_BwE%26num%3D1%26cid%3DCAQSTABpAlJWjiLC6cN0y6Af-KVXk8DBkmSzEAbYcieNmu4lAVz1VLLZ_paAOVfDx0eYlW3te2SyfTWQ_evKRIWjp9kxnT6cOhSshvccfd0YAQ%26sig%3DAOD64_31UEvVHYKrXrBo5mT4EbNlyduduQ%26client%3Dca-pub-8786690744144524%26dbm_c%3DAKAmf-Czolb8RHcrCnoHqUEYCU2p3iPn8sy75wqVFhF-SNutxQ6dAjQjGrrOALFNV75dLhBskM2nxMR5zpcCdIU1XblvKisZo4mxN0G8rH_v05vymgmE3RMMHZEelbzoZlag4fsum0lVXhTT1GdL3BoPgaQwEnFPxMOh3qpuxpMYgZTAdMh0QgA%26cry%3D1%26dbm_d%3DAKAmf-CS0gdS9VSlOB3rHFSA0iitUBBx24gRHAEl0rWEjz6fLlQL90uZf-8YPeOKcD070KVIh9NAB7bweNDO7FgcYksvES5xFZ1Up8D55xZ_hXZqYeqDG6wDzYeByWDef3b96cPz0cuPiC2MUOenGmEOHuLknMxV_d1xDpqJ47Y2pJwNl_zPDrzW54wSFm9NRRfMcTGToKOWYJuJgpynKyHXtJyfy642xfw4M6XGYqkrU-jiobi8bQT_WORSdl7FqmkAom0itQheC7zuqvQjzQDJibJAxFHxdsmKFwRev0mWvrsspj41vEJ2RXm4a8KApvCVUiiKt2gmXjDAm448q-vA6WUuR-lNRKMgnAJi5Sk0TNta0CJ9bTCCi7CVUT0aw9ZH8-ea0mPSX_06-pm3TyIlD889LGu0TzSHsi4OWwfNciVlse9HmPJ8QFL--0A7lzZ6p-mzGmNdEdLtrPUTyxlzJGEzsAJBjw4vSkz1HEBzh_p9B4MpamdjueVsAmOTMiFHtHtEnwVR%26adurl%3D&documentReferer=https%3A%2F%2Fepicenter.bg%2F&ancestorOrigins=https%3A%2F%2Fepicenter.bg&random=2926690851918&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),
Reverse DNS
Software: keycdn-engine /
Resource Hash: 384179ee8fb1fd393558e28ea811532ea776e8cd69f9e94f379ddefb78948bd7

Request headers

Referer: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
cache-control: max-age=604800
content-encoding: gzip
content-length: 552
content-type: text/html
date: Wed, 30 Aug 2023 13:54:22 GMT
etag: "3a2-5c1ab16b3be00-gzip"
expires: Wed, 06 Sep 2023 13:54:22 GMT
last-modified: Thu, 06 May 2021 15:37:28 GMT
link: <https://adv-srv.office-partner.de/?utm_source=webgains&utm_campaign=webgains>; rel="canonical"
server: keycdn-engine
vary: Accept-Encoding
x-accel-version: 0.01
x-cache: HIT
x-edge-location: defr

GET
H2 200 link.html Show response
track.webgains.com/ Frame BD87 2 KB
2 KB 166ms
114ms Script
text/html 3.9.22.61
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://track.webgains.com/link.html?wglinkid=498343&wgcampaignid=99582&js=1&viewref=25812900085264604444550012432010&nw=1
Requested by: Host: epicenter.bg
URL: https://epicenter.bg/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.9.22.61 London, United Kingdom, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-9-22-61.eu-west-2.compute.amazonaws.com
Software: nginx / PHP/7.4.26
Resource Hash: 9f1a44132469c279691116ccff2cf1160c14a4ad6abcf00d7ddc00c8bbc06c90

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Wed, 30 Aug 2023 13:54:22 GMT
last-modified: Wed, 30 Aug 2023 13:54:22 GMT
server: nginx
x-powered-by: PHP/7.4.26
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=60
access-control-allow-headers: Authorization
expires: Wed, 30 Aug 2023 13:55:22 GMT

GET
H2

200

activityi;dc_pre=CKChnJ7EhIEDFUdbDQodKlgEiQ;src=8019191;type=invmedia;cat=1up4h04i;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=3650034360841.283 Show response
8019191.fls.doubleclick.net/ Frame 62B6
Redirect Chain

https://8019191.fls.doubleclick.net/activityi;src=8019191;type=invmedia;cat=1up4h04i;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=3650034360841.283?
https://8019191.fls.doubleclick.net/activityi;dc_pre=CKChnJ7EhIEDFUdbDQodKlgEiQ;src=8019191;type=invmedia;cat=1up4h04i;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=3650034360841.283?

391 B
282 B

139ms
136ms

Document
text/html

172.217.16.134
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://8019191.fls.doubleclick.net/activityi;dc_pre=CKChnJ7EhIEDFUdbDQodKlgEiQ;src=8019191;type=invmedia;cat=1up4h04i;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=3650034360841.283?

Requested by

Host: epicenter.bg
URL: https://epicenter.bg/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.16.134 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

zrh04s06-in-f134.1e100.net

Software

cafe /

Resource Hash

f0eede80b33487d627cf31f43e1f353240d67c478f0f2d00d9333b4237d3f2cf

Security Headers

Name	Value
Strict-Transport-Security	max-age=21600
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=0
content-encoding: br
content-length: 216
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 30 Aug 2023 13:54:22 GMT
expires: Wed, 30 Aug 2023 13:54:22 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
strict-transport-security: max-age=21600
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, must-revalidate
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 30 Aug 2023 13:54:22 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
follow-only-when-prerender-shown: 1
location: https://8019191.fls.doubleclick.net/activityi;dc_pre=CKChnJ7EhIEDFUdbDQodKlgEiQ;src=8019191;type=invmedia;cat=1up4h04i;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=3650034360841.283?
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma: no-cache
server: cafe
strict-transport-security: max-age=21600
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H/1.1 200
OK request_content.php Show response
hal900010.redintelligence.net/ Frame 34E3 7 KB
2 KB 86ms
31ms Document
text/html 138.201.63.145
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal900010.redintelligence.net/request_content.php?s=25812900085264604444550012432010&a=8d2217ed
Requested by: Host: hal900010.redintelligence.net
URL: https://hal900010.redintelligence.net/request.php?zone=g72h7lz2c4az&nw=20&renderingType=javascript&namespace=d35d966b62&subid=&uid=f187d17bbc334c70&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=728x90&scrollPos=0x0&extData[]=&extVar[]=DV360_SSP%3A1&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCPsDODErvZNueDtKWgAffzr3gC6blvaBphZWcp8kP8C4QASCglrcuYJWK-4GUB8gBCakCAHcZnNREsj6oAwHIA5sEqgTjAU_QvOms8IisSeCve-__4gSEnvAzlgesxogxBpHvMhCA8_sJQlycGZVc0MuXlykKSkNnEw1gyY--F2zuL7-mmOJJeCPYjPLs_J_ujPukxD20KrgWcGs8c_pB2vfzLKcTdnccgiHPYTg4Tjt-s8VcEg8W3fo4n9JuF9QzcAQmBj1rep_j03KnpELJq2GFNv6tYw0Hcf3-8XTXeaUZ7GEgRmQ1XD5V48lw-F6CvEdYUXi-rqQX83kqsd5dv0GSd4X5CFkGyFvY2NBxRKHCz2sjurWh73aSkVTRg1JUHaU04x5BuIYqwATrj_yO9wPgBAOIBe-vlog-kAYBoAZNgAesrfWfA6gH2baxAqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4bqAeaBqgH89EbqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCBYIgOGAEBABGB0yAqoCOgKAQEi9_cE6gAoBmAsByAsBgAwBqg0CREXIDQGwE8yc2RLQEwDYEwOIFAHYFAHQFQH4FgGAFwE%26ae%3D1%26gclid%3DEAIaIQobChMI29SEncSEgQMVUgvgCh1fZw-8EAEYASAAEgKZavD_BwE%26num%3D1%26cid%3DCAQSTABpAlJWjiLC6cN0y6Af-KVXk8DBkmSzEAbYcieNmu4lAVz1VLLZ_paAOVfDx0eYlW3te2SyfTWQ_evKRIWjp9kxnT6cOhSshvccfd0YAQ%26sig%3DAOD64_31UEvVHYKrXrBo5mT4EbNlyduduQ%26client%3Dca-pub-8786690744144524%26dbm_c%3DAKAmf-Czolb8RHcrCnoHqUEYCU2p3iPn8sy75wqVFhF-SNutxQ6dAjQjGrrOALFNV75dLhBskM2nxMR5zpcCdIU1XblvKisZo4mxN0G8rH_v05vymgmE3RMMHZEelbzoZlag4fsum0lVXhTT1GdL3BoPgaQwEnFPxMOh3qpuxpMYgZTAdMh0QgA%26cry%3D1%26dbm_d%3DAKAmf-CS0gdS9VSlOB3rHFSA0iitUBBx24gRHAEl0rWEjz6fLlQL90uZf-8YPeOKcD070KVIh9NAB7bweNDO7FgcYksvES5xFZ1Up8D55xZ_hXZqYeqDG6wDzYeByWDef3b96cPz0cuPiC2MUOenGmEOHuLknMxV_d1xDpqJ47Y2pJwNl_zPDrzW54wSFm9NRRfMcTGToKOWYJuJgpynKyHXtJyfy642xfw4M6XGYqkrU-jiobi8bQT_WORSdl7FqmkAom0itQheC7zuqvQjzQDJibJAxFHxdsmKFwRev0mWvrsspj41vEJ2RXm4a8KApvCVUiiKt2gmXjDAm448q-vA6WUuR-lNRKMgnAJi5Sk0TNta0CJ9bTCCi7CVUT0aw9ZH8-ea0mPSX_06-pm3TyIlD889LGu0TzSHsi4OWwfNciVlse9HmPJ8QFL--0A7lzZ6p-mzGmNdEdLtrPUTyxlzJGEzsAJBjw4vSkz1HEBzh_p9B4MpamdjueVsAmOTMiFHtHtEnwVR%26adurl%3D&documentReferer=https%3A%2F%2Fepicenter.bg%2F&ancestorOrigins=https%3A%2F%2Fepicenter.bg&random=2926690851918&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.63.145 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.145.63.201.138.clients.your-server.de
Software: Apache /
Resource Hash: 38c5d0db4327ca7d0485887b5cfc1a34be351f118363d5c70ca9ee3184d1232a

Request headers

Referer: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Connection: close
Content-Encoding: gzip
Content-Length: 2081
Content-Type: text/html; charset=utf-8
Date: Wed, 30 Aug 2023 13:54:22 GMT
Expires: Wed, 30 Aug 2023 14:54:22 +0200
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Pragma: no-cache
Server: Apache
Vary: Accept-Encoding

GET
H/1.1

200
OK

e99aace94e6e5873881d3400993e1e7e
pv.medialead.de/trck/eview/ Frame BD87
Redirect Chain

https://medialead.de/trck/eview/e99aace94e6e5873881d3400993e1e7e?subid=25812900085264604444550012432010&t=htlp&gdpr=1&consent=1&gdpr_consent=
https://pv.medialead.de/trck/eview/e99aace94e6e5873881d3400993e1e7e?subid=25812900085264604444550012432010&t=htlp&gdpr=1&consent=1&gdpr_consent=

43 B
482 B

261ms
117ms

Image
image/gif

145.239.193.130
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pv.medialead.de/trck/eview/e99aace94e6e5873881d3400993e1e7e?subid=25812900085264604444550012432010&t=htlp&gdpr=1&consent=1&gdpr_consent=

Requested by

Host: 10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com
URL: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

HTTP/1.1

Server

145.239.193.130 , France, ASN16276 (OVH, FR),

Reverse DNS

Software

nginx /

Resource Hash

548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

Date: Wed, 30 Aug 2023 13:54:23 GMT
Strict-Transport-Security: max-age=15768000
Server: nginx
Host: pv.medialead.de
X-IPLB-Request-ID: 5413AFB8:94DE_91EFC182:01BB_64EF4A0F_9686C25:22022
X-IPLB-Instance: 40027
Vary: Origin
Content-Type: image/gif
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: X-Request-ID
Access-Control-Allow-Credentials: true
Content-Length: 43
Proxy-Host: pv.medialead.de

Redirect headers

location: https://pv.medialead.de/trck/eview/e99aace94e6e5873881d3400993e1e7e?subid=25812900085264604444550012432010&t=htlp&gdpr=1&consent=1&gdpr_consent=
date: Wed, 30 Aug 2023 13:54:22 GMT
server: nginx
content-length: 154
content-type: text/html

GET
H/1.1 200
OK cshow.php
www.awin1.com/ Frame BD87 43 B
705 B 209ms
83ms Image
image/gif 23.218.170.194
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.awin1.com/cshow.php?s=3266505&v=11601&q=357526&r=113440&pref1=25812900085264604444550012432010&pv=1

Requested by

Host: 10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com
URL: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

23.218.170.194 Munich, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-218-170-194.deploy.static.akamaitechnologies.com

Software

Resource Hash

2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 30 Aug 2023 13:54:22 GMT
Strict-Transport-Security: max-age=86400
Node: Helix
Content-Type: image/gif
P3P: policyref="http://www.awin1.com/w3c/p3p.xml", CP="NOI NID CURa ADMa PSAa HISa OUR IND UNI PUR COM NAV"
Cache-Control: no-store, no-cache, max-age=0, must-revalidate
Awin-Akamai-Rule-Set: default
Connection: keep-alive
Content-Length: 43
Expires: 0

GET
H/1.1 200
OK e99aace94e6e58733936cdd965d03e75 Show response
pv.medialead.de/trck/epv/ Frame E0D8 0
466 B 177ms
60ms Document
application/javascript 145.239.193.130
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://pv.medialead.de/trck/epv/e99aace94e6e58733936cdd965d03e75?subid=36807600106472204444550012432005&t=htlp&gdpr=1&consent=1&gdpr_consent=

Requested by

Host: hal90005.redintelligence.net
URL: https://hal90005.redintelligence.net/request.php?zone=g72h7lz2c4az&nw=20&renderingType=javascript&namespace=1bb356345a&subid=&uid=e4e4f3c25a1e82bf&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=728x90&scrollPos=0x0&extData[]=&extVar[]=DV360_SSP%3A1&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCDNQ6DErvZN-eDtKWgAffzr3gC6blvaBphZWcp8kP8C4QASCglrcuYJWK-4GUB8gBCakCAHcZnNREsj6oAwHIA5sEqgTjAU_QCBkAGxhgMqF8PTu3JH3odzkG29RdzjyB8S87wFr5geC08_gwaPxcYy13O1BvJlqODKVDYt55K76iZ4Ps9vOY8OqR7zvmn-pAKqaPwHNAnyoIGI80YSXFHnR5imI2gyv_r8pVdNCfkMrRZuJUKSziPO5rAqvtgP7RlwlTnnEbXANvEs7b3U7Qf1lKJfxjZfSwsizlfO9XRnf1OHrNG8WQHsgIAxTZ3JsE7cYkbL3kxusf8ljO2KTQ4T0Tn43JRTeqcl2xY4FSEWNuDeLgPKcVJihoA6obiyrEeSUuz6741MWhwATrj_yO9wPgBAOIBe-vlog-kAYBoAZNgAesrfWfA6gH2baxAqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4bqAeaBqgH89EbqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCBYIgOGAEBABGB0yAqoCOgKAQEi9_cE6gAoBmAsByAsBgAwBqg0CREXIDQGwE8yc2RLQEwDYEwOIFAHYFAHQFQH4FgGAFwE%26ae%3D1%26gclid%3DEAIaIQobChMI39SEncSEgQMVUgvgCh1fZw-8EAEYASAAEgLOZ_D_BwE%26num%3D1%26cid%3DCAQSTABpAlJWjiLC6cN0y6Af-KVXk8DBkmSzEAbYcieNmu4lAVz1VLLZ_paAOVfDx0eYlW3te2SyfTWQ_evKRIWjp9kxnT6cOhSshvccfd0YAQ%26sig%3DAOD64_2MUVl66XzeNnBNNYOHaF5tw6u_nQ%26client%3Dca-pub-8786690744144524%26dbm_c%3DAKAmf-CIVwPkJQuqyT-0tJCDpm509oG6GbQFu3uWmqbsiOuN3OlO7E6sgvcnWoO7M4kihwDDc_-EMgLHZoQ84AQJ8R6Mo65euBftr-92Gl75iXSJBRTJZaguqLDzQbSDRjdXVP0ch3ie8RmWs4FbeMzPm_amiFiVeeIWi-ui5b01FLaZTtNJPbk%26cry%3D1%26dbm_d%3DAKAmf-AeuMVkuf2276zGRNn7kbbZTtPS4reTE0501p5xBdKRvuO2jj6NnU8qgA276KMXoDyU8ePNgHx8KXH5iWAP-hjWPGC81EMrKSiFtXOgf2lSGaBfIVhYDDW1gn3qZB6-aO5gjoHSbgEZ2MVCpZE-f9leWI3VMLPBEde844A-Fzpg449jctF6fXh8A13pMy6bCDdgG1Ekma__nAi-2E48W5Hjr52paaW3uiYE8_LZCBT2yZZOCEzF1H_bZ1wuZFn4adzxxxDqpTxizWUaAmaoBtl9EdJzmB0TpnF8_Yrbzib6oUHQUbZaBhV-prNH2bSs8hgSItRcRhJA4zGoEs0IbWcjBgtQkZee0rTf4X7b-HpYwbx6UXrbcl7KVV27CnbqrudGiPqmxQ9P9jqTnEP3JnY-xZfr1L-ncjQ2XXVMwkqF3NFZuLnfZox5KhtQLkego1RsyKstbXXApmUgV4mLoBPIANKDJb7tnhCekgW1DCPWdSUt1q9kgosoycOGkxJt9gE_X0u4%26adurl%3D&documentReferer=https%3A%2F%2Fepicenter.bg%2F&ancestorOrigins=https%3A%2F%2Fepicenter.bg&random=4977180001158&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

145.239.193.130 , France, ASN16276 (OVH, FR),

Reverse DNS

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000

Request headers

Referer: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: X-Request-ID
Content-Length: 0
Content-Type: application/javascript; charset=utf-8
Date: Wed, 30 Aug 2023 13:54:22 GMT
Host: pv.medialead.de
Proxy-Host: pv.medialead.de
Server: nginx
Strict-Transport-Security: max-age=15768000
Vary: Origin
X-IPLB-Instance: 40027
X-IPLB-Request-ID: 5413AFB8:94D8_91EFC182:01BB_64EF4A0E_9686BF5:22022

GET
H2 200 / Show response
adv.office-partner.de/ Frame D60A 930 B
930 B 80ms
51ms Document
text/html 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to

Full URL: https://adv.office-partner.de/?utm_source=webgains&utm_campaign=webgains
Requested by: Host: hal90005.redintelligence.net
URL: https://hal90005.redintelligence.net/request.php?zone=g72h7lz2c4az&nw=20&renderingType=javascript&namespace=1bb356345a&subid=&uid=e4e4f3c25a1e82bf&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=728x90&scrollPos=0x0&extData[]=&extVar[]=DV360_SSP%3A1&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCDNQ6DErvZN-eDtKWgAffzr3gC6blvaBphZWcp8kP8C4QASCglrcuYJWK-4GUB8gBCakCAHcZnNREsj6oAwHIA5sEqgTjAU_QCBkAGxhgMqF8PTu3JH3odzkG29RdzjyB8S87wFr5geC08_gwaPxcYy13O1BvJlqODKVDYt55K76iZ4Ps9vOY8OqR7zvmn-pAKqaPwHNAnyoIGI80YSXFHnR5imI2gyv_r8pVdNCfkMrRZuJUKSziPO5rAqvtgP7RlwlTnnEbXANvEs7b3U7Qf1lKJfxjZfSwsizlfO9XRnf1OHrNG8WQHsgIAxTZ3JsE7cYkbL3kxusf8ljO2KTQ4T0Tn43JRTeqcl2xY4FSEWNuDeLgPKcVJihoA6obiyrEeSUuz6741MWhwATrj_yO9wPgBAOIBe-vlog-kAYBoAZNgAesrfWfA6gH2baxAqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4bqAeaBqgH89EbqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCBYIgOGAEBABGB0yAqoCOgKAQEi9_cE6gAoBmAsByAsBgAwBqg0CREXIDQGwE8yc2RLQEwDYEwOIFAHYFAHQFQH4FgGAFwE%26ae%3D1%26gclid%3DEAIaIQobChMI39SEncSEgQMVUgvgCh1fZw-8EAEYASAAEgLOZ_D_BwE%26num%3D1%26cid%3DCAQSTABpAlJWjiLC6cN0y6Af-KVXk8DBkmSzEAbYcieNmu4lAVz1VLLZ_paAOVfDx0eYlW3te2SyfTWQ_evKRIWjp9kxnT6cOhSshvccfd0YAQ%26sig%3DAOD64_2MUVl66XzeNnBNNYOHaF5tw6u_nQ%26client%3Dca-pub-8786690744144524%26dbm_c%3DAKAmf-CIVwPkJQuqyT-0tJCDpm509oG6GbQFu3uWmqbsiOuN3OlO7E6sgvcnWoO7M4kihwDDc_-EMgLHZoQ84AQJ8R6Mo65euBftr-92Gl75iXSJBRTJZaguqLDzQbSDRjdXVP0ch3ie8RmWs4FbeMzPm_amiFiVeeIWi-ui5b01FLaZTtNJPbk%26cry%3D1%26dbm_d%3DAKAmf-AeuMVkuf2276zGRNn7kbbZTtPS4reTE0501p5xBdKRvuO2jj6NnU8qgA276KMXoDyU8ePNgHx8KXH5iWAP-hjWPGC81EMrKSiFtXOgf2lSGaBfIVhYDDW1gn3qZB6-aO5gjoHSbgEZ2MVCpZE-f9leWI3VMLPBEde844A-Fzpg449jctF6fXh8A13pMy6bCDdgG1Ekma__nAi-2E48W5Hjr52paaW3uiYE8_LZCBT2yZZOCEzF1H_bZ1wuZFn4adzxxxDqpTxizWUaAmaoBtl9EdJzmB0TpnF8_Yrbzib6oUHQUbZaBhV-prNH2bSs8hgSItRcRhJA4zGoEs0IbWcjBgtQkZee0rTf4X7b-HpYwbx6UXrbcl7KVV27CnbqrudGiPqmxQ9P9jqTnEP3JnY-xZfr1L-ncjQ2XXVMwkqF3NFZuLnfZox5KhtQLkego1RsyKstbXXApmUgV4mLoBPIANKDJb7tnhCekgW1DCPWdSUt1q9kgosoycOGkxJt9gE_X0u4%26adurl%3D&documentReferer=https%3A%2F%2Fepicenter.bg%2F&ancestorOrigins=https%3A%2F%2Fepicenter.bg&random=4977180001158&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),
Reverse DNS
Software: keycdn-engine /
Resource Hash: 384179ee8fb1fd393558e28ea811532ea776e8cd69f9e94f379ddefb78948bd7

Request headers

Referer: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
cache-control: max-age=604800
content-encoding: gzip
content-length: 552
content-type: text/html
date: Wed, 30 Aug 2023 13:54:22 GMT
etag: "3a2-5c1ab16b3be00-gzip"
expires: Wed, 06 Sep 2023 13:54:22 GMT
last-modified: Thu, 06 May 2021 15:37:28 GMT
link: <https://adv-srv.office-partner.de/?utm_source=webgains&utm_campaign=webgains>; rel="canonical"
server: keycdn-engine
vary: Accept-Encoding
x-accel-version: 0.01
x-cache: HIT
x-edge-location: defr

GET
H/1.1 200
OK e99aace94e6e58733936cdd965d03e75 Show response
pv.medialead.de/trck/epv/ Frame EAC8 0
466 B 233ms
48ms Script
application/javascript 145.239.193.130
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://pv.medialead.de/trck/epv/e99aace94e6e58733936cdd965d03e75?subid=36807600106472204444550012432005&t=htlp&gdpr=1&consent=1&gdpr_consent=

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

145.239.193.130 , France, ASN16276 (OVH, FR),

Reverse DNS

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

Date: Wed, 30 Aug 2023 13:54:22 GMT
Strict-Transport-Security: max-age=15768000
Server: nginx
Host: pv.medialead.de
X-IPLB-Request-ID: 5413AFB8:94D8_91EFC182:01BB_64EF4A0E_9686BF8:22022
X-IPLB-Instance: 40027
Vary: Origin
Content-Type: application/javascript; charset=utf-8
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: X-Request-ID
Access-Control-Allow-Credentials: true
Content-Length: 0
Proxy-Host: pv.medialead.de

GET
H/1.1 200
OK e99aace94e6e58733936cdd965d03e75
pv.medialead.de/trck/eview/ Frame EAC8 43 B
481 B 678ms
391ms Image
image/gif 145.239.193.130
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pv.medialead.de/trck/eview/e99aace94e6e58733936cdd965d03e75?subid=36807600106472204444550012432005&t=htlp&gdpr=1&consent=1&gdpr_consent=

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

145.239.193.130 , France, ASN16276 (OVH, FR),

Reverse DNS

Software

nginx /

Resource Hash

548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

Date: Wed, 30 Aug 2023 13:54:23 GMT
Strict-Transport-Security: max-age=15768000
Server: nginx
Host: pv.medialead.de
X-IPLB-Request-ID: 5413AFB8:94DC_91EFC182:01BB_64EF4A0E_9742B56:B82B
X-IPLB-Instance: 40028
Vary: Origin
Content-Type: image/gif
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: X-Request-ID
Access-Control-Allow-Credentials: true
Content-Length: 43
Proxy-Host: pv.medialead.de

GET
H/1.1 200
OK cshow.php
www.awin1.com/ Frame EAC8 43 B
705 B 214ms
80ms Image
image/gif 23.218.170.194
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.awin1.com/cshow.php?s=3266505&v=11601&q=357526&r=113440&pref1=36807600106472204444550012432005&pv=1

Requested by

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

23.218.170.194 Munich, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-218-170-194.deploy.static.akamaitechnologies.com

Software

Resource Hash

2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 30 Aug 2023 13:54:22 GMT
Strict-Transport-Security: max-age=86400
Node: Helix
Content-Type: image/gif
P3P: policyref="http://www.awin1.com/w3c/p3p.xml", CP="NOI NID CURa ADMa PSAa HISa OUR IND UNI PUR COM NAV"
Cache-Control: no-store, no-cache, max-age=0, must-revalidate
Awin-Akamai-Rule-Set: default
Connection: keep-alive
Content-Length: 43
Expires: 0

GET
H/1.1 200
OK e99aace94e6e5873881d3400993e1e7e Show response
pv.medialead.de/trck/epv/ Frame 8AB7 0
466 B 139ms
58ms Document
application/javascript 145.239.193.130
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://pv.medialead.de/trck/epv/e99aace94e6e5873881d3400993e1e7e?subid=82333400087538704444550012432003&t=htlp&gdpr=1&consent=1&gdpr_consent=

Requested by

Host: hal90003.redintelligence.net
URL: https://hal90003.redintelligence.net/request.php?zone=g72h7lz2c4az&nw=20&renderingType=javascript&namespace=a42144d2b5&subid=&uid=62e2d4bc5bcaf556&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=728x90&scrollPos=0x0&extData[]=&extVar[]=DV360_SSP%3A1&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCT-lmDErvZN6eDtKWgAffzr3gC6blvaBphZWcp8kP8C4QASCglrcuYJWK-4GUB8gBCakCAHcZnNREsj6oAwHIA5sEqgTjAU_QZmJoj1sU8VLDfUui8EzRkrEPG3PIVmK8kX6P7t_hrmWKkxVxZ32BOXkFsXwOOY8WlAggDYYjrIIV65FgmL8ufqbHg_YBBLzv3FS6p5W6ojU-32DsJbvoWcVsTt_5G30YzPuCC7TaR8G3n4V8jl2dosqldu0rCaxm4KymlKKuyDMaqr839HmqCgE6uq-8IGCQJ-H9IKi0D-2SgQFhvgvJQ-6cg9gAETihvbkWHu98iYTTVrccq2CZkYmDQ5Gb_ovaYGHLvxAdtAVWOGbml2Q2QK_Y817LIL06oQv5Xjgu43F7wATrj_yO9wPgBAOIBe-vlog-kAYBoAZNgAesrfWfA6gH2baxAqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4bqAeaBqgH89EbqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCBYIgOGAEBABGB0yAqoCOgKAQEi9_cE6gAoBmAsByAsBgAwBqg0CREXIDQGwE8yc2RLQEwDYEwOIFAHYFAHQFQH4FgGAFwE%26ae%3D1%26gclid%3DEAIaIQobChMI3tSEncSEgQMVUgvgCh1fZw-8EAEYASAAEgJRx_D_BwE%26num%3D1%26cid%3DCAQSTABpAlJWjiLC6cN0y6Af-KVXk8DBkmSzEAbYcieNmu4lAVz1VLLZ_paAOVfDx0eYlW3te2SyfTWQ_evKRIWjp9kxnT6cOhSshvccfd0YAQ%26sig%3DAOD64_29tMNVW_mjPCR-yBSO_VweqH0CiA%26client%3Dca-pub-8786690744144524%26dbm_c%3DAKAmf-DWHSGISQvTQKGCmY_XYv41qxjzH0FQ-7XppZ7oTJRHuAHpq_eVuDbyyIlRlZi5WU5eoCugfBUGaMWZea_5dAN4QPF6grEOM2onQkI9P6G2xoXecYEJeuEr6lzajPIsKZMYAsE_fh3rBV8I_zY35Ht0AQMwRyGx_Wzy4N3alb2n4cr5zXs%26cry%3D1%26dbm_d%3DAKAmf-Dd0BI2lrjhpH3e5IZPWwzCldIgJfImWdzwAaKzAb9kJzd4bgrOHyXL6NRI_QPNvizawvyZmpT2U5fLDE_efQvW1_hS8fQa-TSQbUil-0HpC6oRLWPvvYaLmqP7klg-HXGSIPA1tHV2tLcpGAvvN4hFzPxRjekJuWw_bvBVFNqjIW5HcofxAG-CyRBtxszIBIqofrDzSKvo5Hx8IBjNgKIrhhWzfI94E27u8oNlx7IP3J42-X_NNAAvnyI8td-SuTyXGpEaxHqMk9po6dJIrrvrZEiIbaB2GcVolhsMiCbwtZz-L9i25fNmoeayIi_tOd-ZRUpidt1OxTs3azQj_5Ve7N8gjpVScD8NpjDg32TFODbxmlDjRzKgYKoxG8fyRcho955shk0O_R9W_Evrc-mTuIy7Y8FHLuCRXfgTKUTFUVXUgvdJH6L2enHS-Kwavhcqss7QWmWS2B51r7Iw8hkcNWt2n9tYnu9E-a-_PUN05Gs8Yh-faN_ZPuYnNpXTnjVMZay2%26adurl%3D&documentReferer=https%3A%2F%2Fepicenter.bg%2F&ancestorOrigins=https%3A%2F%2Fepicenter.bg&random=2484091572668&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

145.239.193.130 , France, ASN16276 (OVH, FR),

Reverse DNS

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000

Request headers

Referer: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: X-Request-ID
Content-Length: 0
Content-Type: application/javascript; charset=utf-8
Date: Wed, 30 Aug 2023 13:54:22 GMT
Host: pv.medialead.de
Proxy-Host: pv.medialead.de
Server: nginx
Strict-Transport-Security: max-age=15768000
Vary: Origin
X-IPLB-Instance: 40027
X-IPLB-Request-ID: 5413AFB8:94DE_91EFC182:01BB_64EF4A0E_9686BF6:22022

GET
H2 200 / Show response
adv.office-partner.de/ Frame F2DE 930 B
930 B 43ms
41ms Document
text/html 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to

Full URL: https://adv.office-partner.de/?utm_source=webgains&utm_campaign=webgains
Requested by: Host: hal90003.redintelligence.net
URL: https://hal90003.redintelligence.net/request.php?zone=g72h7lz2c4az&nw=20&renderingType=javascript&namespace=a42144d2b5&subid=&uid=62e2d4bc5bcaf556&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=728x90&scrollPos=0x0&extData[]=&extVar[]=DV360_SSP%3A1&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCT-lmDErvZN6eDtKWgAffzr3gC6blvaBphZWcp8kP8C4QASCglrcuYJWK-4GUB8gBCakCAHcZnNREsj6oAwHIA5sEqgTjAU_QZmJoj1sU8VLDfUui8EzRkrEPG3PIVmK8kX6P7t_hrmWKkxVxZ32BOXkFsXwOOY8WlAggDYYjrIIV65FgmL8ufqbHg_YBBLzv3FS6p5W6ojU-32DsJbvoWcVsTt_5G30YzPuCC7TaR8G3n4V8jl2dosqldu0rCaxm4KymlKKuyDMaqr839HmqCgE6uq-8IGCQJ-H9IKi0D-2SgQFhvgvJQ-6cg9gAETihvbkWHu98iYTTVrccq2CZkYmDQ5Gb_ovaYGHLvxAdtAVWOGbml2Q2QK_Y817LIL06oQv5Xjgu43F7wATrj_yO9wPgBAOIBe-vlog-kAYBoAZNgAesrfWfA6gH2baxAqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4bqAeaBqgH89EbqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCBYIgOGAEBABGB0yAqoCOgKAQEi9_cE6gAoBmAsByAsBgAwBqg0CREXIDQGwE8yc2RLQEwDYEwOIFAHYFAHQFQH4FgGAFwE%26ae%3D1%26gclid%3DEAIaIQobChMI3tSEncSEgQMVUgvgCh1fZw-8EAEYASAAEgJRx_D_BwE%26num%3D1%26cid%3DCAQSTABpAlJWjiLC6cN0y6Af-KVXk8DBkmSzEAbYcieNmu4lAVz1VLLZ_paAOVfDx0eYlW3te2SyfTWQ_evKRIWjp9kxnT6cOhSshvccfd0YAQ%26sig%3DAOD64_29tMNVW_mjPCR-yBSO_VweqH0CiA%26client%3Dca-pub-8786690744144524%26dbm_c%3DAKAmf-DWHSGISQvTQKGCmY_XYv41qxjzH0FQ-7XppZ7oTJRHuAHpq_eVuDbyyIlRlZi5WU5eoCugfBUGaMWZea_5dAN4QPF6grEOM2onQkI9P6G2xoXecYEJeuEr6lzajPIsKZMYAsE_fh3rBV8I_zY35Ht0AQMwRyGx_Wzy4N3alb2n4cr5zXs%26cry%3D1%26dbm_d%3DAKAmf-Dd0BI2lrjhpH3e5IZPWwzCldIgJfImWdzwAaKzAb9kJzd4bgrOHyXL6NRI_QPNvizawvyZmpT2U5fLDE_efQvW1_hS8fQa-TSQbUil-0HpC6oRLWPvvYaLmqP7klg-HXGSIPA1tHV2tLcpGAvvN4hFzPxRjekJuWw_bvBVFNqjIW5HcofxAG-CyRBtxszIBIqofrDzSKvo5Hx8IBjNgKIrhhWzfI94E27u8oNlx7IP3J42-X_NNAAvnyI8td-SuTyXGpEaxHqMk9po6dJIrrvrZEiIbaB2GcVolhsMiCbwtZz-L9i25fNmoeayIi_tOd-ZRUpidt1OxTs3azQj_5Ve7N8gjpVScD8NpjDg32TFODbxmlDjRzKgYKoxG8fyRcho955shk0O_R9W_Evrc-mTuIy7Y8FHLuCRXfgTKUTFUVXUgvdJH6L2enHS-Kwavhcqss7QWmWS2B51r7Iw8hkcNWt2n9tYnu9E-a-_PUN05Gs8Yh-faN_ZPuYnNpXTnjVMZay2%26adurl%3D&documentReferer=https%3A%2F%2Fepicenter.bg%2F&ancestorOrigins=https%3A%2F%2Fepicenter.bg&random=2484091572668&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),
Reverse DNS
Software: keycdn-engine /
Resource Hash: 384179ee8fb1fd393558e28ea811532ea776e8cd69f9e94f379ddefb78948bd7

Request headers

Referer: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
cache-control: max-age=604800
content-encoding: gzip
content-length: 552
content-type: text/html
date: Wed, 30 Aug 2023 13:54:22 GMT
etag: "3a2-5c1ab16b3be00-gzip"
expires: Wed, 06 Sep 2023 13:54:22 GMT
last-modified: Thu, 06 May 2021 15:37:28 GMT
link: <https://adv-srv.office-partner.de/?utm_source=webgains&utm_campaign=webgains>; rel="canonical"
server: keycdn-engine
vary: Accept-Encoding
x-accel-version: 0.01
x-cache: HIT
x-edge-location: defr

GET
H2 200 link.html Show response
track.webgains.com/ Frame 2BC1 2 KB
2 KB 117ms
113ms Script
text/html 3.9.22.61
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://track.webgains.com/link.html?wglinkid=498343&wgcampaignid=99582&js=1&viewref=82333400087538704444550012432003&nw=1
Requested by: Host: epicenter.bg
URL: https://epicenter.bg/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.9.22.61 London, United Kingdom, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-9-22-61.eu-west-2.compute.amazonaws.com
Software: nginx / PHP/7.4.26
Resource Hash: 6fc4c567224207d5fa73d0cb00dd0ed2115df95d5f0e3a35be1518d36ce37bbe

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Wed, 30 Aug 2023 13:54:22 GMT
last-modified: Wed, 30 Aug 2023 13:54:22 GMT
server: nginx
x-powered-by: PHP/7.4.26
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=60
access-control-allow-headers: Authorization
expires: Wed, 30 Aug 2023 13:55:22 GMT

GET
H2

200

activityi;dc_pre=CLTJnJ7EhIEDFdQKaAgd4q0BaA;src=8019191;type=invmedia;cat=1up4h04i;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=2868261829524.401 Show response
8019191.fls.doubleclick.net/ Frame BE10
Redirect Chain

https://8019191.fls.doubleclick.net/activityi;src=8019191;type=invmedia;cat=1up4h04i;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=2868261829524.401?
https://8019191.fls.doubleclick.net/activityi;dc_pre=CLTJnJ7EhIEDFdQKaAgd4q0BaA;src=8019191;type=invmedia;cat=1up4h04i;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=2868261829524.401?

391 B
284 B

177ms
175ms

Document
text/html

172.217.16.134
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://8019191.fls.doubleclick.net/activityi;dc_pre=CLTJnJ7EhIEDFdQKaAgd4q0BaA;src=8019191;type=invmedia;cat=1up4h04i;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=2868261829524.401?

Requested by

Host: epicenter.bg
URL: https://epicenter.bg/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.16.134 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

zrh04s06-in-f134.1e100.net

Software

cafe /

Resource Hash

cfd72b8639b5f016ebf1309543947bc99d03804d2fd4439e64dabcbefe103cd4

Security Headers

Name	Value
Strict-Transport-Security	max-age=21600
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=0
content-encoding: br
content-length: 218
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 30 Aug 2023 13:54:22 GMT
expires: Wed, 30 Aug 2023 13:54:22 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
strict-transport-security: max-age=21600
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, must-revalidate
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 30 Aug 2023 13:54:22 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
follow-only-when-prerender-shown: 1
location: https://8019191.fls.doubleclick.net/activityi;dc_pre=CLTJnJ7EhIEDFdQKaAgd4q0BaA;src=8019191;type=invmedia;cat=1up4h04i;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=2868261829524.401?
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma: no-cache
server: cafe
strict-transport-security: max-age=21600
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H/1.1 200
OK request_content.php Show response
hal90003.redintelligence.net/ Frame DC4B 7 KB
2 KB 74ms
26ms Document
text/html 138.201.63.117
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal90003.redintelligence.net/request_content.php?s=82333400087538704444550012432003&a=287550bf
Requested by: Host: hal90003.redintelligence.net
URL: https://hal90003.redintelligence.net/request.php?zone=g72h7lz2c4az&nw=20&renderingType=javascript&namespace=a42144d2b5&subid=&uid=62e2d4bc5bcaf556&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=728x90&scrollPos=0x0&extData[]=&extVar[]=DV360_SSP%3A1&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCT-lmDErvZN6eDtKWgAffzr3gC6blvaBphZWcp8kP8C4QASCglrcuYJWK-4GUB8gBCakCAHcZnNREsj6oAwHIA5sEqgTjAU_QZmJoj1sU8VLDfUui8EzRkrEPG3PIVmK8kX6P7t_hrmWKkxVxZ32BOXkFsXwOOY8WlAggDYYjrIIV65FgmL8ufqbHg_YBBLzv3FS6p5W6ojU-32DsJbvoWcVsTt_5G30YzPuCC7TaR8G3n4V8jl2dosqldu0rCaxm4KymlKKuyDMaqr839HmqCgE6uq-8IGCQJ-H9IKi0D-2SgQFhvgvJQ-6cg9gAETihvbkWHu98iYTTVrccq2CZkYmDQ5Gb_ovaYGHLvxAdtAVWOGbml2Q2QK_Y817LIL06oQv5Xjgu43F7wATrj_yO9wPgBAOIBe-vlog-kAYBoAZNgAesrfWfA6gH2baxAqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4bqAeaBqgH89EbqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCBYIgOGAEBABGB0yAqoCOgKAQEi9_cE6gAoBmAsByAsBgAwBqg0CREXIDQGwE8yc2RLQEwDYEwOIFAHYFAHQFQH4FgGAFwE%26ae%3D1%26gclid%3DEAIaIQobChMI3tSEncSEgQMVUgvgCh1fZw-8EAEYASAAEgJRx_D_BwE%26num%3D1%26cid%3DCAQSTABpAlJWjiLC6cN0y6Af-KVXk8DBkmSzEAbYcieNmu4lAVz1VLLZ_paAOVfDx0eYlW3te2SyfTWQ_evKRIWjp9kxnT6cOhSshvccfd0YAQ%26sig%3DAOD64_29tMNVW_mjPCR-yBSO_VweqH0CiA%26client%3Dca-pub-8786690744144524%26dbm_c%3DAKAmf-DWHSGISQvTQKGCmY_XYv41qxjzH0FQ-7XppZ7oTJRHuAHpq_eVuDbyyIlRlZi5WU5eoCugfBUGaMWZea_5dAN4QPF6grEOM2onQkI9P6G2xoXecYEJeuEr6lzajPIsKZMYAsE_fh3rBV8I_zY35Ht0AQMwRyGx_Wzy4N3alb2n4cr5zXs%26cry%3D1%26dbm_d%3DAKAmf-Dd0BI2lrjhpH3e5IZPWwzCldIgJfImWdzwAaKzAb9kJzd4bgrOHyXL6NRI_QPNvizawvyZmpT2U5fLDE_efQvW1_hS8fQa-TSQbUil-0HpC6oRLWPvvYaLmqP7klg-HXGSIPA1tHV2tLcpGAvvN4hFzPxRjekJuWw_bvBVFNqjIW5HcofxAG-CyRBtxszIBIqofrDzSKvo5Hx8IBjNgKIrhhWzfI94E27u8oNlx7IP3J42-X_NNAAvnyI8td-SuTyXGpEaxHqMk9po6dJIrrvrZEiIbaB2GcVolhsMiCbwtZz-L9i25fNmoeayIi_tOd-ZRUpidt1OxTs3azQj_5Ve7N8gjpVScD8NpjDg32TFODbxmlDjRzKgYKoxG8fyRcho955shk0O_R9W_Evrc-mTuIy7Y8FHLuCRXfgTKUTFUVXUgvdJH6L2enHS-Kwavhcqss7QWmWS2B51r7Iw8hkcNWt2n9tYnu9E-a-_PUN05Gs8Yh-faN_ZPuYnNpXTnjVMZay2%26adurl%3D&documentReferer=https%3A%2F%2Fepicenter.bg%2F&ancestorOrigins=https%3A%2F%2Fepicenter.bg&random=2484091572668&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.63.117 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.117.63.201.138.clients.your-server.de
Software: Apache /
Resource Hash: 870e283f2e9d4e72693cb1fbf1ae243d29cc1758533577a7a99645e547e4e333

Request headers

Referer: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Connection: close
Content-Encoding: gzip
Content-Length: 2082
Content-Type: text/html; charset=utf-8
Date: Wed, 30 Aug 2023 13:54:22 GMT
Expires: Wed, 30 Aug 2023 14:54:22 +0200
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Pragma: no-cache
Server: Apache
Vary: Accept-Encoding

GET
H/1.1

200
OK

e99aace94e6e5873881d3400993e1e7e
pv.medialead.de/trck/eview/ Frame 2BC1
Redirect Chain

https://medialead.de/trck/eview/e99aace94e6e5873881d3400993e1e7e?subid=82333400087538704444550012432003&t=htlp&gdpr=1&consent=1&gdpr_consent=
https://pv.medialead.de/trck/eview/e99aace94e6e5873881d3400993e1e7e?subid=82333400087538704444550012432003&t=htlp&gdpr=1&consent=1&gdpr_consent=

43 B
481 B

979ms
742ms

Image
image/gif

145.239.193.130
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pv.medialead.de/trck/eview/e99aace94e6e5873881d3400993e1e7e?subid=82333400087538704444550012432003&t=htlp&gdpr=1&consent=1&gdpr_consent=

Requested by

Host: 10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com
URL: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

HTTP/1.1

Server

145.239.193.130 , France, ASN16276 (OVH, FR),

Reverse DNS

Software

nginx /

Resource Hash

548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

Date: Wed, 30 Aug 2023 13:54:24 GMT
Strict-Transport-Security: max-age=15768000
Server: nginx
Host: pv.medialead.de
X-IPLB-Request-ID: 5413AFB8:94DC_91EFC182:01BB_64EF4A0F_9742B84:B82B
X-IPLB-Instance: 40028
Vary: Origin
Content-Type: image/gif
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: X-Request-ID
Access-Control-Allow-Credentials: true
Content-Length: 43
Proxy-Host: pv.medialead.de

Redirect headers

location: https://pv.medialead.de/trck/eview/e99aace94e6e5873881d3400993e1e7e?subid=82333400087538704444550012432003&t=htlp&gdpr=1&consent=1&gdpr_consent=
date: Wed, 30 Aug 2023 13:54:22 GMT
server: nginx
content-length: 154
content-type: text/html

GET
H/1.1 200
OK cshow.php
www.awin1.com/ Frame 2BC1 43 B
705 B 157ms
65ms Image
image/gif 23.218.170.194
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.awin1.com/cshow.php?s=3266505&v=11601&q=357526&r=113440&pref1=82333400087538704444550012432003&pv=1

Requested by

Host: 10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com
URL: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

23.218.170.194 Munich, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-218-170-194.deploy.static.akamaitechnologies.com

Software

Resource Hash

2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 30 Aug 2023 13:54:22 GMT
Strict-Transport-Security: max-age=86400
Node: Helix
Content-Type: image/gif
P3P: policyref="http://www.awin1.com/w3c/p3p.xml", CP="NOI NID CURa ADMa PSAa HISa OUR IND UNI PUR COM NAV"
Cache-Control: no-store, no-cache, max-age=0, must-revalidate
Awin-Akamai-Rule-Set: default
Connection: keep-alive
Content-Length: 43
Expires: 0

GET
DATA 200
OK truncated
/ Frame 5564 216 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 37a9adcc7f3af711bbf2ca41134dbf6cc35a713fddfdacdaeb9df091ba8269b5

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame 9E9F 212 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 6f3ff8d0676f4db13cdfc4edaea1c38c48bafed4ff5e8b48ef714778c924ba5a

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame 22A0 214 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 354155ec58de6856b53fcb551f483d65785c05f145170b30b8881c8aa478b42e

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame 05AB 212 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: f9e653d3d069cdda6237b8b16d302c3a032d231cfa6289359fb0f940e4f3d139

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame 1425 209 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 8c487ade441799a3ad1c340a453356a95249a2ac7fb59d7b67ed05ef781cd3fb

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame BD87 219 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: cb06d80355f192e3ef7e0f21801bff82d9e7524167f4d818d8c2e530f5a843a1

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 css
fonts.googleapis.com/ Frame E94A 2 KB
843 B 85ms
34ms Stylesheet
text/css 2a00:1450:4001:808::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Titillium+Web:400,700

Requested by

Host: hal900015.redintelligence.net
URL: https://hal900015.redintelligence.net/request_content.php?s=25105600103854104444550012432015&a=a8e83eb0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

bf5b911ce6645add415b3dbf40d50dc8cda426f38f5300525bf4793c4131b2c2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal900015.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Wed, 30 Aug 2023 13:54:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Wed, 30 Aug 2023 13:45:07 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Wed, 30 Aug 2023 13:54:23 GMT

GET
H/1.1 200
OK /
hal9000.redintelligence.net/scale/ Frame E94A 10 KB
10 KB 82ms
28ms Image
image/png 138.201.84.244
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://hal9000.redintelligence.net/scale/?nw=20&mode=bb&width=62&height=62&url=https://cdn.contentspread.net/24i/advertiser/6383/creativesup/produkte-kredite-privatkredit-mann-auf-pferd-teaser-logout-627x627.jpg
Requested by: Host: hal900015.redintelligence.net
URL: https://hal900015.redintelligence.net/request_content.php?s=25105600103854104444550012432015&a=a8e83eb0
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.84.244 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.244.84.201.138.clients.your-server.de
Software: Apache /
Resource Hash: 68e41157dc1b5c39374f93783086784a275989fb108e1d5654d17f2da0227c25

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal900015.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

Date: Wed, 30 Aug 2023 13:54:23 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 9890
Vary: Accept-Encoding
Content-Type: image/png

GET
H/1.1 200
OK /
hal9000.redintelligence.net/scale/ Frame E94A 9 KB
9 KB 130ms
72ms Image
image/png 138.201.84.244
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://hal9000.redintelligence.net/scale/?nw=20&mode=bb&width=62&height=62&url=https://cdn.contentspread.net/24i/advertiser/30229/creativesup/627x627_Office-Partner.jpg
Requested by: Host: hal900015.redintelligence.net
URL: https://hal900015.redintelligence.net/request_content.php?s=25105600103854104444550012432015&a=a8e83eb0
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.84.244 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.244.84.201.138.clients.your-server.de
Software: Apache /
Resource Hash: 91d8a0b52f9987088a7e6de15316384a5134955ae08f67c7b4d7fd12812ad36c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal900015.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

Date: Wed, 30 Aug 2023 13:54:23 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 9249
Vary: Accept-Encoding
Content-Type: image/png

GET
H/1.1 200
OK /
hal9000.redintelligence.net/scale/ Frame E94A 7 KB
7 KB 210ms
152ms Image
image/png 138.201.84.244
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://hal9000.redintelligence.net/scale/?nw=20&mode=bb&width=62&height=62&url=https://cdn.contentspread.net/24i/advertiser/36340/creativesup/native4.png
Requested by: Host: hal900015.redintelligence.net
URL: https://hal900015.redintelligence.net/request_content.php?s=25105600103854104444550012432015&a=a8e83eb0
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.84.244 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.244.84.201.138.clients.your-server.de
Software: Apache /
Resource Hash: cb7c14648d1fe914145976bcc9127aaf13672bc3c5440c65add4c7f69e1a8f63

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal900015.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

Date: Wed, 30 Aug 2023 13:54:23 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 7116
Vary: Accept-Encoding
Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame 2BC1 216 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: eb89c14d08d0d6959dd6082f77a7e4c3110a39fb339ce50446375be75896b511

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 css
fonts.googleapis.com/ Frame 0ADB 5 KB
755 B 40ms
35ms Stylesheet
text/css 2a00:1450:4001:808::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Source+Sans+Pro:400,600

Requested by

Host: hal900012.redintelligence.net
URL: https://hal900012.redintelligence.net/request_content.php?s=62711200102690604444978012432012&a=0bb20247

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

e334ca19f092778f57815a534078daf8e3fce269e56f7ea374ab3a117eee92ad

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal900012.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Wed, 30 Aug 2023 13:54:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Wed, 30 Aug 2023 13:45:22 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Wed, 30 Aug 2023 13:54:23 GMT

GET
H/1.1 200
OK /
hal9000.redintelligence.net/scale/ Frame 0ADB 81 KB
81 KB 86ms
34ms Image
image/png 138.201.84.244
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://hal9000.redintelligence.net/scale/?nw=20&mode=bb&width=300&height=200&url=https://cdn.contentspread.net/24i/advertiser/30229/creativesup/1200x627_Office-Partner.jpg
Requested by: Host: hal900012.redintelligence.net
URL: https://hal900012.redintelligence.net/request_content.php?s=62711200102690604444978012432012&a=0bb20247
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.84.244 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.244.84.201.138.clients.your-server.de
Software: Apache /
Resource Hash: d834b14025300320cdcf296f38e980740bfc0411d1198bf8351bd96251cf4ba6

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal900012.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

Date: Wed, 30 Aug 2023 13:54:23 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Vary: Accept-Encoding
Transfer-Encoding: chunked
Content-Type: image/png

GET
H/1.1 200
OK /
hal9000.redintelligence.net/scale/ Frame 0ADB 95 KB
95 KB 80ms
27ms Image
image/png 138.201.84.244
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://hal9000.redintelligence.net/scale/?nw=20&mode=bb&width=300&height=200&url=https://cdn.contentspread.net/24i/advertiser/6383/creativesup/produkte-kredite-privatkredit-mann-auf-pferd-teaser-logout-1200x627.jpg
Requested by: Host: hal900012.redintelligence.net
URL: https://hal900012.redintelligence.net/request_content.php?s=62711200102690604444978012432012&a=0bb20247
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.84.244 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.244.84.201.138.clients.your-server.de
Software: Apache /
Resource Hash: de434a12bc8eb3fc70b4ed53b0e4633e0e31a7e94735eb6a714f00b9f3bcf015

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal900012.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

Date: Wed, 30 Aug 2023 13:54:23 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Vary: Accept-Encoding
Transfer-Encoding: chunked
Content-Type: image/png

GET
H/1.1 200
OK /
hal9000.redintelligence.net/scale/ Frame 0ADB 54 KB
54 KB 84ms
28ms Image
image/png 138.201.84.244
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://hal9000.redintelligence.net/scale/?nw=20&mode=bb&width=300&height=200&url=https://cdn.contentspread.net/24i/advertiser/36340/creativesup/native2.png
Requested by: Host: hal900012.redintelligence.net
URL: https://hal900012.redintelligence.net/request_content.php?s=62711200102690604444978012432012&a=0bb20247
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.84.244 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.244.84.201.138.clients.your-server.de
Software: Apache /
Resource Hash: c845722a217eadf2457ada3d5108f2086023ba7fc59670bd3d9071ff8f456973

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal900012.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

Date: Wed, 30 Aug 2023 13:54:23 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 55241
Vary: Accept-Encoding
Content-Type: image/png

GET
H2 200 css
fonts.googleapis.com/ Frame BA54 2 KB
507 B 32ms
31ms Stylesheet
text/css 2a00:1450:4001:808::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Titillium+Web:400,700

Requested by

Host: hal900018.redintelligence.net
URL: https://hal900018.redintelligence.net/request_content.php?s=95833400106828604444550012432018&a=76c15134

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

bf5b911ce6645add415b3dbf40d50dc8cda426f38f5300525bf4793c4131b2c2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal900018.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Wed, 30 Aug 2023 13:54:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Wed, 30 Aug 2023 12:08:53 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Wed, 30 Aug 2023 13:54:23 GMT

GET
H/1.1 200
OK /
hal9000.redintelligence.net/scale/ Frame BA54 10 KB
10 KB 89ms
36ms Image
image/png 138.201.84.244
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://hal9000.redintelligence.net/scale/?nw=20&mode=bb&width=62&height=62&url=https://cdn.contentspread.net/24i/advertiser/6383/creativesup/produkte-kredite-privatkredit-mann-auf-pferd-teaser-logout-627x627.jpg
Requested by: Host: hal900018.redintelligence.net
URL: https://hal900018.redintelligence.net/request_content.php?s=95833400106828604444550012432018&a=76c15134
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.84.244 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.244.84.201.138.clients.your-server.de
Software: Apache /
Resource Hash: 68e41157dc1b5c39374f93783086784a275989fb108e1d5654d17f2da0227c25

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal900018.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

Date: Wed, 30 Aug 2023 13:54:23 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 9890
Vary: Accept-Encoding
Content-Type: image/png

GET
H/1.1 200
OK /
hal9000.redintelligence.net/scale/ Frame BA54 9 KB
9 KB 77ms
26ms Image
image/png 138.201.84.244
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://hal9000.redintelligence.net/scale/?nw=20&mode=bb&width=62&height=62&url=https://cdn.contentspread.net/24i/advertiser/30229/creativesup/627x627_Office-Partner.jpg
Requested by: Host: hal900018.redintelligence.net
URL: https://hal900018.redintelligence.net/request_content.php?s=95833400106828604444550012432018&a=76c15134
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.84.244 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.244.84.201.138.clients.your-server.de
Software: Apache /
Resource Hash: 91d8a0b52f9987088a7e6de15316384a5134955ae08f67c7b4d7fd12812ad36c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal900018.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

Date: Wed, 30 Aug 2023 13:54:23 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 9249
Vary: Accept-Encoding
Content-Type: image/png

GET
H/1.1 200
OK /
hal9000.redintelligence.net/scale/ Frame BA54 7 KB
7 KB 211ms
145ms Image
image/png 138.201.84.244
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://hal9000.redintelligence.net/scale/?nw=20&mode=bb&width=62&height=62&url=https://cdn.contentspread.net/24i/advertiser/36340/creativesup/native4.png
Requested by: Host: hal900018.redintelligence.net
URL: https://hal900018.redintelligence.net/request_content.php?s=95833400106828604444550012432018&a=76c15134
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.84.244 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.244.84.201.138.clients.your-server.de
Software: Apache /
Resource Hash: cb7c14648d1fe914145976bcc9127aaf13672bc3c5440c65add4c7f69e1a8f63

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal900018.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

Date: Wed, 30 Aug 2023 13:54:23 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 7116
Vary: Accept-Encoding
Content-Type: image/png

GET
H2 200 css
fonts.googleapis.com/ Frame 5C3A 2 KB
507 B 33ms
32ms Stylesheet
text/css 2a00:1450:4001:808::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Titillium+Web:400,700

Requested by

Host: hal900019.redintelligence.net
URL: https://hal900019.redintelligence.net/request_content.php?s=18486700079872604444550012432019&a=eab017a0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

bf5b911ce6645add415b3dbf40d50dc8cda426f38f5300525bf4793c4131b2c2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal900019.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Wed, 30 Aug 2023 13:54:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Wed, 30 Aug 2023 13:10:44 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Wed, 30 Aug 2023 13:54:23 GMT

GET
H/1.1 200
OK /
hal9000.redintelligence.net/scale/ Frame 5C3A 10 KB
10 KB 90ms
33ms Image
image/png 138.201.84.244
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://hal9000.redintelligence.net/scale/?nw=20&mode=bb&width=62&height=62&url=https://cdn.contentspread.net/24i/advertiser/6383/creativesup/produkte-kredite-privatkredit-mann-auf-pferd-teaser-logout-627x627.jpg
Requested by: Host: hal900019.redintelligence.net
URL: https://hal900019.redintelligence.net/request_content.php?s=18486700079872604444550012432019&a=eab017a0
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.84.244 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.244.84.201.138.clients.your-server.de
Software: Apache /
Resource Hash: 68e41157dc1b5c39374f93783086784a275989fb108e1d5654d17f2da0227c25

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal900019.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

Date: Wed, 30 Aug 2023 13:54:23 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 9890
Vary: Accept-Encoding
Content-Type: image/png

GET
H/1.1 200
OK /
hal9000.redintelligence.net/scale/ Frame 5C3A 9 KB
9 KB 145ms
27ms Image
image/png 138.201.84.244
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://hal9000.redintelligence.net/scale/?nw=20&mode=bb&width=62&height=62&url=https://cdn.contentspread.net/24i/advertiser/30229/creativesup/627x627_Office-Partner.jpg
Requested by: Host: hal900019.redintelligence.net
URL: https://hal900019.redintelligence.net/request_content.php?s=18486700079872604444550012432019&a=eab017a0
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.84.244 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.244.84.201.138.clients.your-server.de
Software: Apache /
Resource Hash: 91d8a0b52f9987088a7e6de15316384a5134955ae08f67c7b4d7fd12812ad36c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal900019.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

Date: Wed, 30 Aug 2023 13:54:23 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 9249
Vary: Accept-Encoding
Content-Type: image/png

GET
H/1.1 200
OK /
hal9000.redintelligence.net/scale/ Frame 5C3A 7 KB
7 KB 150ms
26ms Image
image/png 138.201.84.244
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://hal9000.redintelligence.net/scale/?nw=20&mode=bb&width=62&height=62&url=https://cdn.contentspread.net/24i/advertiser/36340/creativesup/native4.png
Requested by: Host: hal900019.redintelligence.net
URL: https://hal900019.redintelligence.net/request_content.php?s=18486700079872604444550012432019&a=eab017a0
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.84.244 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.244.84.201.138.clients.your-server.de
Software: Apache /
Resource Hash: cb7c14648d1fe914145976bcc9127aaf13672bc3c5440c65add4c7f69e1a8f63

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal900019.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

Date: Wed, 30 Aug 2023 13:54:23 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 7116
Vary: Accept-Encoding
Content-Type: image/png

GET
H2 200 css
fonts.googleapis.com/ Frame 3C87 2 KB
507 B 31ms
29ms Stylesheet
text/css 2a00:1450:4001:808::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Titillium+Web:400,700

Requested by

Host: hal900017.redintelligence.net
URL: https://hal900017.redintelligence.net/request_content.php?s=79536100085385804444550012432017&a=a09ca89a

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

bf5b911ce6645add415b3dbf40d50dc8cda426f38f5300525bf4793c4131b2c2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal900017.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Wed, 30 Aug 2023 13:54:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Wed, 30 Aug 2023 12:28:15 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Wed, 30 Aug 2023 13:54:23 GMT

GET
H/1.1 200
OK /
hal9000.redintelligence.net/scale/ Frame 3C87 10 KB
10 KB 85ms
28ms Image
image/png 138.201.84.244
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://hal9000.redintelligence.net/scale/?nw=20&mode=bb&width=62&height=62&url=https://cdn.contentspread.net/24i/advertiser/6383/creativesup/produkte-kredite-privatkredit-mann-auf-pferd-teaser-logout-627x627.jpg
Requested by: Host: hal900017.redintelligence.net
URL: https://hal900017.redintelligence.net/request_content.php?s=79536100085385804444550012432017&a=a09ca89a
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.84.244 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.244.84.201.138.clients.your-server.de
Software: Apache /
Resource Hash: 68e41157dc1b5c39374f93783086784a275989fb108e1d5654d17f2da0227c25

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal900017.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

Date: Wed, 30 Aug 2023 13:54:23 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 9890
Vary: Accept-Encoding
Content-Type: image/png

GET
H/1.1 200
OK /
hal9000.redintelligence.net/scale/ Frame 3C87 9 KB
9 KB 126ms
26ms Image
image/png 138.201.84.244
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://hal9000.redintelligence.net/scale/?nw=20&mode=bb&width=62&height=62&url=https://cdn.contentspread.net/24i/advertiser/30229/creativesup/627x627_Office-Partner.jpg
Requested by: Host: hal900017.redintelligence.net
URL: https://hal900017.redintelligence.net/request_content.php?s=79536100085385804444550012432017&a=a09ca89a
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.84.244 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.244.84.201.138.clients.your-server.de
Software: Apache /
Resource Hash: 91d8a0b52f9987088a7e6de15316384a5134955ae08f67c7b4d7fd12812ad36c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal900017.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

Date: Wed, 30 Aug 2023 13:54:23 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 9249
Vary: Accept-Encoding
Content-Type: image/png

GET
H/1.1 200
OK /
hal9000.redintelligence.net/scale/ Frame 3C87 7 KB
7 KB 144ms
27ms Image
image/png 138.201.84.244
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://hal9000.redintelligence.net/scale/?nw=20&mode=bb&width=62&height=62&url=https://cdn.contentspread.net/24i/advertiser/36340/creativesup/native4.png
Requested by: Host: hal900017.redintelligence.net
URL: https://hal900017.redintelligence.net/request_content.php?s=79536100085385804444550012432017&a=a09ca89a
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.84.244 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.244.84.201.138.clients.your-server.de
Software: Apache /
Resource Hash: cb7c14648d1fe914145976bcc9127aaf13672bc3c5440c65add4c7f69e1a8f63

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal900017.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

Date: Wed, 30 Aug 2023 13:54:23 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 7116
Vary: Accept-Encoding
Content-Type: image/png

GET
H2 200 css
fonts.googleapis.com/ Frame 34E3 2 KB
507 B 36ms
34ms Stylesheet
text/css 2a00:1450:4001:808::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Titillium+Web:400,700

Requested by

Host: hal900010.redintelligence.net
URL: https://hal900010.redintelligence.net/request_content.php?s=25812900085264604444550012432010&a=8d2217ed

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

bf5b911ce6645add415b3dbf40d50dc8cda426f38f5300525bf4793c4131b2c2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal900010.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Wed, 30 Aug 2023 13:54:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Wed, 30 Aug 2023 12:40:22 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Wed, 30 Aug 2023 13:54:23 GMT

GET
H/1.1 200
OK /
hal9000.redintelligence.net/scale/ Frame 34E3 17 KB
17 KB 88ms
29ms Image
image/png 138.201.84.244
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://hal9000.redintelligence.net/scale/?nw=20&mode=bb&width=120&height=60&url=https://cdn.contentspread.net/24i/advertiser/6383/creativesup/produkte-kredite-privatkredit-mann-auf-pferd-teaser-logout-1200x627.jpg
Requested by: Host: hal900010.redintelligence.net
URL: https://hal900010.redintelligence.net/request_content.php?s=25812900085264604444550012432010&a=8d2217ed
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.84.244 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.244.84.201.138.clients.your-server.de
Software: Apache /
Resource Hash: 7c37f22bbc0acb8e210ca5319d10c0c4280e29496544b4e9cc3a0d241a438b94

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal900010.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

Date: Wed, 30 Aug 2023 13:54:23 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 16984
Vary: Accept-Encoding
Content-Type: image/png

GET
H/1.1 200
OK /
hal9000.redintelligence.net/scale/ Frame 34E3 16 KB
16 KB 99ms
26ms Image
image/png 138.201.84.244
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://hal9000.redintelligence.net/scale/?nw=20&mode=bb&width=120&height=60&url=https://cdn.contentspread.net/24i/advertiser/30229/creativesup/1200x627_Office-Partner.jpg
Requested by: Host: hal900010.redintelligence.net
URL: https://hal900010.redintelligence.net/request_content.php?s=25812900085264604444550012432010&a=8d2217ed
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.84.244 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.244.84.201.138.clients.your-server.de
Software: Apache /
Resource Hash: 88a5290ca788e5166561ab0d792426426353614ff7d28d97caa99caf06069b77

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal900010.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

Date: Wed, 30 Aug 2023 13:54:23 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 16513
Vary: Accept-Encoding
Content-Type: image/png

GET
H/1.1 200
OK /
hal9000.redintelligence.net/scale/ Frame 34E3 11 KB
11 KB 102ms
27ms Image
image/png 138.201.84.244
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://hal9000.redintelligence.net/scale/?nw=20&mode=bb&width=120&height=60&url=https://cdn.contentspread.net/24i/advertiser/36340/creativesup/native2.png
Requested by: Host: hal900010.redintelligence.net
URL: https://hal900010.redintelligence.net/request_content.php?s=25812900085264604444550012432010&a=8d2217ed
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.84.244 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.244.84.201.138.clients.your-server.de
Software: Apache /
Resource Hash: f906bcaf8ba478e4606cf734534611cac9765e61f67d80b5aa5cb667121abfcf

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal900010.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

Date: Wed, 30 Aug 2023 13:54:23 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 10939
Vary: Accept-Encoding
Content-Type: image/png

GET
H2 200 css
fonts.googleapis.com/ Frame DC4B 2 KB
507 B 34ms
32ms Stylesheet
text/css 2a00:1450:4001:808::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Titillium+Web:400,700

Requested by

Host: hal90003.redintelligence.net
URL: https://hal90003.redintelligence.net/request_content.php?s=82333400087538704444550012432003&a=287550bf

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

bf5b911ce6645add415b3dbf40d50dc8cda426f38f5300525bf4793c4131b2c2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal90003.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Wed, 30 Aug 2023 13:54:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Wed, 30 Aug 2023 12:24:34 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Wed, 30 Aug 2023 13:54:23 GMT

GET
H/1.1 200
OK /
hal9000.redintelligence.net/scale/ Frame DC4B 17 KB
17 KB 100ms
34ms Image
image/png 138.201.84.244
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://hal9000.redintelligence.net/scale/?nw=20&mode=bb&width=120&height=60&url=https://cdn.contentspread.net/24i/advertiser/6383/creativesup/produkte-kredite-privatkredit-mann-auf-pferd-teaser-logout-1200x627.jpg
Requested by: Host: hal90003.redintelligence.net
URL: https://hal90003.redintelligence.net/request_content.php?s=82333400087538704444550012432003&a=287550bf
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.84.244 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.244.84.201.138.clients.your-server.de
Software: Apache /
Resource Hash: 7c37f22bbc0acb8e210ca5319d10c0c4280e29496544b4e9cc3a0d241a438b94

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal90003.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

Date: Wed, 30 Aug 2023 13:54:23 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 16984
Vary: Accept-Encoding
Content-Type: image/png

GET
H/1.1 200
OK /
hal9000.redintelligence.net/scale/ Frame DC4B 16 KB
16 KB 97ms
26ms Image
image/png 138.201.84.244
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://hal9000.redintelligence.net/scale/?nw=20&mode=bb&width=120&height=60&url=https://cdn.contentspread.net/24i/advertiser/30229/creativesup/1200x627_Office-Partner.jpg
Requested by: Host: hal90003.redintelligence.net
URL: https://hal90003.redintelligence.net/request_content.php?s=82333400087538704444550012432003&a=287550bf
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.84.244 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.244.84.201.138.clients.your-server.de
Software: Apache /
Resource Hash: 88a5290ca788e5166561ab0d792426426353614ff7d28d97caa99caf06069b77

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal90003.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

Date: Wed, 30 Aug 2023 13:54:23 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 16513
Vary: Accept-Encoding
Content-Type: image/png

GET
H/1.1 200
OK /
hal9000.redintelligence.net/scale/ Frame DC4B 11 KB
11 KB 153ms
27ms Image
image/png 138.201.84.244
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://hal9000.redintelligence.net/scale/?nw=20&mode=bb&width=120&height=60&url=https://cdn.contentspread.net/24i/advertiser/36340/creativesup/native2.png
Requested by: Host: hal90003.redintelligence.net
URL: https://hal90003.redintelligence.net/request_content.php?s=82333400087538704444550012432003&a=287550bf
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.84.244 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.244.84.201.138.clients.your-server.de
Software: Apache /
Resource Hash: f906bcaf8ba478e4606cf734534611cac9765e61f67d80b5aa5cb667121abfcf

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal90003.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

Date: Wed, 30 Aug 2023 13:54:23 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 10939
Vary: Accept-Encoding
Content-Type: image/png

GET
H2 200 dc_pre=COCSnJ7EhIEDFU4MaAgdWUgHeA;src=8019191;type=invmedia;cat=1up4h04i;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=8405961735339.038
adservice.google.com/ddm/fls/z/ Frame 4D47 42 B
401 B 192ms
125ms Image
image/gif 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://adservice.google.com/ddm/fls/z/dc_pre=COCSnJ7EhIEDFU4MaAgdWUgHeA;src=8019191;type=invmedia;cat=1up4h04i;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=8405961735339.038

Requested by

Host: 8019191.fls.doubleclick.net
URL: https://8019191.fls.doubleclick.net/activityi;dc_pre=COCSnJ7EhIEDFU4MaAgdWUgHeA;src=8019191;type=invmedia;cat=1up4h04i;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=8405961735339.038?

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8019191.fls.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 30 Aug 2023 13:54:23 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 dc_pre=CIWInJ7EhIEDFfwJaAgdfn0E8Q;src=8019191;type=invmedia;cat=1up4h04i;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=4239880568996.5435
adservice.google.com/ddm/fls/z/ Frame 187C 42 B
107 B 192ms
126ms Image
image/gif 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://adservice.google.com/ddm/fls/z/dc_pre=CIWInJ7EhIEDFfwJaAgdfn0E8Q;src=8019191;type=invmedia;cat=1up4h04i;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=4239880568996.5435

Requested by

Host: 8019191.fls.doubleclick.net
URL: https://8019191.fls.doubleclick.net/activityi;dc_pre=CIWInJ7EhIEDFfwJaAgdfn0E8Q;src=8019191;type=invmedia;cat=1up4h04i;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=4239880568996.5435?

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8019191.fls.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 30 Aug 2023 13:54:23 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 dc_pre=CNyPnJ7EhIEDFYRPDQodXzQHXQ;src=8019191;type=invmedia;cat=1up4h04i;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=537275684660.37213
adservice.google.com/ddm/fls/z/ Frame 94E7 42 B
107 B 190ms
125ms Image
image/gif 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://adservice.google.com/ddm/fls/z/dc_pre=CNyPnJ7EhIEDFYRPDQodXzQHXQ;src=8019191;type=invmedia;cat=1up4h04i;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=537275684660.37213

Requested by

Host: 8019191.fls.doubleclick.net
URL: https://8019191.fls.doubleclick.net/activityi;dc_pre=CNyPnJ7EhIEDFYRPDQodXzQHXQ;src=8019191;type=invmedia;cat=1up4h04i;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=537275684660.37213?

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8019191.fls.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 30 Aug 2023 13:54:23 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 dc_pre=CKScnJ7EhIEDFQ9mDAodUCMIew;src=8019191;type=invmedia;cat=1up4h04i;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=1814603991219.4478
adservice.google.com/ddm/fls/z/ Frame 40CF 42 B
107 B 188ms
125ms Image
image/gif 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://adservice.google.com/ddm/fls/z/dc_pre=CKScnJ7EhIEDFQ9mDAodUCMIew;src=8019191;type=invmedia;cat=1up4h04i;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=1814603991219.4478

Requested by

Host: 8019191.fls.doubleclick.net
URL: https://8019191.fls.doubleclick.net/activityi;dc_pre=CKScnJ7EhIEDFQ9mDAodUCMIew;src=8019191;type=invmedia;cat=1up4h04i;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=1814603991219.4478?

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8019191.fls.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 30 Aug 2023 13:54:23 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 dc_pre=CKChnJ7EhIEDFUdbDQodKlgEiQ;src=8019191;type=invmedia;cat=1up4h04i;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=3650034360841.283
adservice.google.com/ddm/fls/z/ Frame 62B6 42 B
107 B 186ms
126ms Image
image/gif 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://adservice.google.com/ddm/fls/z/dc_pre=CKChnJ7EhIEDFUdbDQodKlgEiQ;src=8019191;type=invmedia;cat=1up4h04i;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=3650034360841.283

Requested by

Host: 8019191.fls.doubleclick.net
URL: https://8019191.fls.doubleclick.net/activityi;dc_pre=CKChnJ7EhIEDFUdbDQodKlgEiQ;src=8019191;type=invmedia;cat=1up4h04i;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=3650034360841.283?

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8019191.fls.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 30 Aug 2023 13:54:23 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 dc_pre=CLTJnJ7EhIEDFdQKaAgd4q0BaA;src=8019191;type=invmedia;cat=1up4h04i;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=2868261829524.401
adservice.google.com/ddm/fls/z/ Frame BE10 42 B
107 B 152ms
126ms Image
image/gif 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://adservice.google.com/ddm/fls/z/dc_pre=CLTJnJ7EhIEDFdQKaAgd4q0BaA;src=8019191;type=invmedia;cat=1up4h04i;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=2868261829524.401

Requested by

Host: 8019191.fls.doubleclick.net
URL: https://8019191.fls.doubleclick.net/activityi;dc_pre=CLTJnJ7EhIEDFdQKaAgd4q0BaA;src=8019191;type=invmedia;cat=1up4h04i;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=2868261829524.401?

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8019191.fls.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 30 Aug 2023 13:54:23 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 dc_pre=CL-VnJ7EhIEDFRKlnwodm6cHdw;src=8019191;type=invmedia;cat=1up4h04i;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=2101836711718.803
adservice.google.com/ddm/fls/z/ Frame D9F6 42 B
107 B 131ms
130ms Image
image/gif 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://adservice.google.com/ddm/fls/z/dc_pre=CL-VnJ7EhIEDFRKlnwodm6cHdw;src=8019191;type=invmedia;cat=1up4h04i;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=2101836711718.803

Requested by

Host: 8019191.fls.doubleclick.net
URL: https://8019191.fls.doubleclick.net/activityi;dc_pre=CL-VnJ7EhIEDFRKlnwodm6cHdw;src=8019191;type=invmedia;cat=1up4h04i;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=2101836711718.803?

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8019191.fls.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 30 Aug 2023 13:54:23 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ Frame 61AF 119 KB
45 KB 29ms
28ms Script
application/javascript 2a00:1450:4001:81c::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-TBMT2SF

Requested by

Host: adv.office-partner.de
URL: https://adv.office-partner.de/?utm_source=webgains&utm_campaign=webgains

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

f0f5468f9b124b880ef8d34024c289ce4594c1d9b20eabede57d709e7390a6bd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://adv.office-partner.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Wed, 30 Aug 2023 13:54:23 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 46246
x-xss-protection: 0
last-modified: Wed, 30 Aug 2023 12:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Wed, 30 Aug 2023 13:54:23 GMT

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ Frame 07C6 119 KB
45 KB 33ms
32ms Script
application/javascript 2a00:1450:4001:81c::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-TBMT2SF

Requested by

Host: adv.office-partner.de
URL: https://adv.office-partner.de/?utm_source=webgains&utm_campaign=webgains

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

4495611d44f774078042240d72cfbe7fe69e3fed3cca1ada8815e44df13f8bd6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://adv.office-partner.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Wed, 30 Aug 2023 13:54:23 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 46249
x-xss-protection: 0
last-modified: Wed, 30 Aug 2023 12:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Wed, 30 Aug 2023 13:54:23 GMT

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ Frame AA56 119 KB
45 KB 29ms
29ms Script
application/javascript 2a00:1450:4001:81c::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-TBMT2SF

Requested by

Host: adv.office-partner.de
URL: https://adv.office-partner.de/?utm_source=webgains&utm_campaign=webgains

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

4495611d44f774078042240d72cfbe7fe69e3fed3cca1ada8815e44df13f8bd6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://adv.office-partner.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Wed, 30 Aug 2023 13:54:23 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 46249
x-xss-protection: 0
last-modified: Wed, 30 Aug 2023 12:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Wed, 30 Aug 2023 13:54:23 GMT

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ Frame AC1A 119 KB
45 KB 29ms
28ms Script
application/javascript 2a00:1450:4001:81c::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-TBMT2SF

Requested by

Host: adv.office-partner.de
URL: https://adv.office-partner.de/?utm_source=webgains&utm_campaign=webgains

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

f0f5468f9b124b880ef8d34024c289ce4594c1d9b20eabede57d709e7390a6bd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://adv.office-partner.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Wed, 30 Aug 2023 13:54:23 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 46246
x-xss-protection: 0
last-modified: Wed, 30 Aug 2023 12:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Wed, 30 Aug 2023 13:54:23 GMT

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ Frame 930F 119 KB
45 KB 32ms
29ms Script
application/javascript 2a00:1450:4001:81c::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-TBMT2SF

Requested by

Host: adv.office-partner.de
URL: https://adv.office-partner.de/?utm_source=webgains&utm_campaign=webgains

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

4495611d44f774078042240d72cfbe7fe69e3fed3cca1ada8815e44df13f8bd6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://adv.office-partner.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Wed, 30 Aug 2023 13:54:23 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 46249
x-xss-protection: 0
last-modified: Wed, 30 Aug 2023 12:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Wed, 30 Aug 2023 13:54:23 GMT

GET
H3 200 gtm.js Show response
www.googletagmanager.com/ Frame 03F1 119 KB
45 KB 34ms
32ms Script
application/javascript 2a00:1450:4001:81c::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-TBMT2SF

Requested by

Host: adv.office-partner.de
URL: https://adv.office-partner.de/?utm_source=webgains&utm_campaign=webgains

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

765811024b5b81ccbe600b082ac763e82a33fb6472768673f165c0fe31ac9832

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://adv.office-partner.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Wed, 30 Aug 2023 13:54:23 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 46248
x-xss-protection: 0
last-modified: Wed, 30 Aug 2023 12:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Wed, 30 Aug 2023 13:54:23 GMT

GET
H3 200 gtm.js Show response
www.googletagmanager.com/ Frame E37B 119 KB
45 KB 44ms
44ms Script
application/javascript 2a00:1450:4001:81c::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-TBMT2SF

Requested by

Host: adv.office-partner.de
URL: https://adv.office-partner.de/?utm_source=webgains&utm_campaign=webgains

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

765811024b5b81ccbe600b082ac763e82a33fb6472768673f165c0fe31ac9832

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://adv.office-partner.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Wed, 30 Aug 2023 13:54:23 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 46248
x-xss-protection: 0
last-modified: Wed, 30 Aug 2023 12:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Wed, 30 Aug 2023 13:54:23 GMT

GET
H3 200 gtm.js Show response
www.googletagmanager.com/ Frame 686C 119 KB
45 KB 53ms
53ms Script
application/javascript 2a00:1450:4001:81c::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-TBMT2SF

Requested by

Host: adv.office-partner.de
URL: https://adv.office-partner.de/?utm_source=webgains&utm_campaign=webgains

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

4495611d44f774078042240d72cfbe7fe69e3fed3cca1ada8815e44df13f8bd6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://adv.office-partner.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Wed, 30 Aug 2023 13:54:23 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 46249
x-xss-protection: 0
last-modified: Wed, 30 Aug 2023 12:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Wed, 30 Aug 2023 13:54:23 GMT

GET
H3 200 gtm.js Show response
www.googletagmanager.com/ Frame 0D11 119 KB
45 KB 61ms
61ms Script
application/javascript 2a00:1450:4001:81c::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-TBMT2SF

Requested by

Host: adv.office-partner.de
URL: https://adv.office-partner.de/?utm_source=webgains&utm_campaign=webgains

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

4495611d44f774078042240d72cfbe7fe69e3fed3cca1ada8815e44df13f8bd6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://adv.office-partner.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Wed, 30 Aug 2023 13:54:23 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 46249
x-xss-protection: 0
last-modified: Wed, 30 Aug 2023 12:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Wed, 30 Aug 2023 13:54:23 GMT

GET
H3 200 gtm.js Show response
www.googletagmanager.com/ Frame D60A 119 KB
45 KB 55ms
54ms Script
application/javascript 2a00:1450:4001:81c::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-TBMT2SF

Requested by

Host: adv.office-partner.de
URL: https://adv.office-partner.de/?utm_source=webgains&utm_campaign=webgains

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

4495611d44f774078042240d72cfbe7fe69e3fed3cca1ada8815e44df13f8bd6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://adv.office-partner.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Wed, 30 Aug 2023 13:54:23 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 46249
x-xss-protection: 0
last-modified: Wed, 30 Aug 2023 12:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Wed, 30 Aug 2023 13:54:23 GMT

GET
H3 200 gtm.js Show response
www.googletagmanager.com/ Frame 31E1 119 KB
45 KB 64ms
64ms Script
application/javascript 2a00:1450:4001:81c::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-TBMT2SF

Requested by

Host: adv.office-partner.de
URL: https://adv.office-partner.de/?utm_source=webgains&utm_campaign=webgains

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

765811024b5b81ccbe600b082ac763e82a33fb6472768673f165c0fe31ac9832

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://adv.office-partner.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Wed, 30 Aug 2023 13:54:23 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 46248
x-xss-protection: 0
last-modified: Wed, 30 Aug 2023 12:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Wed, 30 Aug 2023 13:54:23 GMT

GET
H3 200 gtm.js Show response
www.googletagmanager.com/ Frame F2DE 119 KB
45 KB 68ms
67ms Script
application/javascript 2a00:1450:4001:81c::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-TBMT2SF

Requested by

Host: adv.office-partner.de
URL: https://adv.office-partner.de/?utm_source=webgains&utm_campaign=webgains

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

f0f5468f9b124b880ef8d34024c289ce4594c1d9b20eabede57d709e7390a6bd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://adv.office-partner.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Wed, 30 Aug 2023 13:54:23 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 46246
x-xss-protection: 0
last-modified: Wed, 30 Aug 2023 12:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Wed, 30 Aug 2023 13:54:23 GMT

GET
H/1.1 200
OK viewability Show response
hal900015.redintelligence.net/ Frame E94A 0
150 B 73ms
25ms Script
text/html 138.201.135.164
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal900015.redintelligence.net/viewability?s=25105600103854104444550012432015&a=dfe0d225&vb=m
Requested by: Host: hal900015.redintelligence.net
URL: https://hal900015.redintelligence.net/request_content.php?s=25105600103854104444550012432015&a=a8e83eb0
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.135.164 St. Ingbert, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.164.135.201.138.clients.your-server.de
Software: Apache /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal900015.redintelligence.net/request_content.php?s=25105600103854104444550012432015&a=a8e83eb0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

Date: Wed, 30 Aug 2023 13:54:23 GMT
Server: Apache
Connection: close
Content-Length: 0
Content-Type: text/html; charset=UTF-8

GET
H/1.1 200
OK viewability Show response
hal900012.redintelligence.net/ Frame 0ADB 0
150 B 81ms
27ms Script
text/html 94.130.102.164
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal900012.redintelligence.net/viewability?s=62711200102690604444978012432012&a=d684f751&vb=m
Requested by: Host: hal900012.redintelligence.net
URL: https://hal900012.redintelligence.net/request_content.php?s=62711200102690604444978012432012&a=0bb20247
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 94.130.102.164 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.164.102.130.94.clients.your-server.de
Software: Apache /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal900012.redintelligence.net/request_content.php?s=62711200102690604444978012432012&a=0bb20247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

Date: Wed, 30 Aug 2023 13:54:23 GMT
Server: Apache
Connection: close
Content-Length: 0
Content-Type: text/html; charset=UTF-8

GET
H/1.1 200
OK viewability Show response
hal900018.redintelligence.net/ Frame BA54 0
150 B 76ms
26ms Script
text/html 144.76.91.199
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal900018.redintelligence.net/viewability?s=95833400106828604444550012432018&a=c1e71cc6&vb=m
Requested by: Host: hal900018.redintelligence.net
URL: https://hal900018.redintelligence.net/request_content.php?s=95833400106828604444550012432018&a=76c15134
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 144.76.91.199 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.199.91.76.144.clients.your-server.de
Software: Apache /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal900018.redintelligence.net/request_content.php?s=95833400106828604444550012432018&a=76c15134
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

Date: Wed, 30 Aug 2023 13:54:23 GMT
Server: Apache
Connection: close
Content-Length: 0
Content-Type: text/html; charset=UTF-8

GET
H/1.1 200
OK viewability Show response
hal900019.redintelligence.net/ Frame 5C3A 0
150 B 74ms
25ms Script
text/html 78.46.90.238
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal900019.redintelligence.net/viewability?s=18486700079872604444550012432019&a=d960f734&vb=m
Requested by: Host: hal900019.redintelligence.net
URL: https://hal900019.redintelligence.net/request_content.php?s=18486700079872604444550012432019&a=eab017a0
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 78.46.90.238 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.238.90.46.78.clients.your-server.de
Software: Apache /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal900019.redintelligence.net/request_content.php?s=18486700079872604444550012432019&a=eab017a0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

Date: Wed, 30 Aug 2023 13:54:23 GMT
Server: Apache
Connection: close
Content-Length: 0
Content-Type: text/html; charset=UTF-8

GET
H/1.1 200
OK viewability Show response
hal900017.redintelligence.net/ Frame 3C87 0
150 B 86ms
31ms Script
text/html 159.69.70.9
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal900017.redintelligence.net/viewability?s=79536100085385804444550012432017&a=02a813f6&vb=m
Requested by: Host: hal900017.redintelligence.net
URL: https://hal900017.redintelligence.net/request_content.php?s=79536100085385804444550012432017&a=a09ca89a
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 159.69.70.9 Nuremberg, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.9.70.69.159.clients.your-server.de
Software: Apache /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal900017.redintelligence.net/request_content.php?s=79536100085385804444550012432017&a=a09ca89a
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

Date: Wed, 30 Aug 2023 13:54:23 GMT
Server: Apache
Connection: close
Content-Length: 0
Content-Type: text/html; charset=UTF-8

GET
H2 200 pvClk.min.js Show response
analytics.webgains.io/ Frame 5564 51 KB
18 KB 91ms
25ms Script
text/javascript 18.66.147.120
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.webgains.io/pvClk.min.js
Requested by: Host: track.webgains.com
URL: https://track.webgains.com/link.html?wglinkid=2513135&wgcampaignid=99582&js=1&viewref=25105600103854104444550012432015&nw=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.147.120 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-147-120.fra60.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 43c969dd91796954ee5b0d995fddf5dc9b008844db541a4103c1d95b28ef2f74

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Tue, 29 Aug 2023 16:40:54 GMT
content-encoding: gzip
via: 1.1 a962efd99fafcdb81ca24e0e8140a67c.cloudfront.net (CloudFront)
last-modified: Mon, 07 Aug 2023 14:11:27 GMT
server: AmazonS3
x-amz-cf-pop: FRA60-P4
age: 76410
etag: W/"cb7accb6a6fc086cd831549a78a2fe42"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/javascript
x-amz-cf-id: LLVTtl_OPT5rOOuUkqutp7vkjX5yQSzQKKlwm_BqcJC66pNstSFO7A==

GET
H2 200 1x1.png
cdn.track.production.webgains.team/7121/ Frame 5564 3 KB
3 KB 80ms
23ms Image
image/png 99.86.4.36
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.track.production.webgains.team/7121/1x1.png?Expires=1693403962&Signature=B1oZfD793IIulQ15TK~ncqXkoIm~Dsonel7KC2OZ5zApddRxVuu1uajuwYkY3J2jgk9U2ph7Tl~QpVc0mnLMHvIOVd-fjydQuuGwf1MFyaHJLuKZ9ZV1ZSHrM1vJtvopr06bXzcdd6DldcM-8XkymspE8HeSgZVIljJmA1vOdMEzpXou9huRvnBC213ZiOs0l3n7JAQwT9AqPDYRw2nvsTxycri5coMSOtiTAuAl26B-WAtZPxjC~a6Y1Gpr80xKuOwEKsHQ4za2lJP--EBe8NKInDtPYgWcrMsrMYjvhR7~AMzAIDEDqb6a~r95vURIY~plE2GAdhQlUUDTMVA4IA__&Key-Pair-Id=K28VXAGA7VWE0O
Requested by: Host: 10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com
URL: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.86.4.36 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-86-4-36.fra6.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 232d3fbf590a584138bb563319747dbef0c9e41db91f19ff45d41e785a5f4f98

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

x-amz-version-id: null
date: Tue, 29 Aug 2023 19:39:01 GMT
via: 1.1 1b412557b82dda96e078541f9ee8dfb2.cloudfront.net (CloudFront)
last-modified: Fri, 06 May 2022 11:40:06 GMT
server: AmazonS3
x-amz-cf-pop: FRA6-C1
age: 65723
etag: "4e57de0506fbdb487ffcd53b450caee1"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: image/png
accept-ranges: bytes
content-length: 2808
x-amz-cf-id: vCrEOLqzcnOEMqgOqeCuE6W9zGgJN751xgpfXkeZ-ma10WqENIm19g==

GET
H2 200 pvClk.min.js Show response
analytics.webgains.io/ Frame 1425 51 KB
18 KB 94ms
29ms Script
text/javascript 18.66.147.120
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.webgains.io/pvClk.min.js
Requested by: Host: track.webgains.com
URL: https://track.webgains.com/link.html?wglinkid=2513145&wgcampaignid=99582&js=1&viewref=79536100085385804444550012432017&nw=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.147.120 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-147-120.fra60.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 43c969dd91796954ee5b0d995fddf5dc9b008844db541a4103c1d95b28ef2f74

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Tue, 29 Aug 2023 16:40:54 GMT
content-encoding: gzip
via: 1.1 a962efd99fafcdb81ca24e0e8140a67c.cloudfront.net (CloudFront)
last-modified: Mon, 07 Aug 2023 14:11:27 GMT
server: AmazonS3
x-amz-cf-pop: FRA60-P4
age: 76410
etag: W/"cb7accb6a6fc086cd831549a78a2fe42"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/javascript
x-amz-cf-id: EaakfVJfmG5wLKsurikgrMbrp5Q3590FxB4hTb6gHnvSIJTWXKvkBA==

GET
H2 200 1x1_0.png
cdn.track.production.webgains.team/7121/ Frame 1425 3 KB
3 KB 80ms
24ms Image
image/png 99.86.4.36
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.track.production.webgains.team/7121/1x1_0.png?Expires=1693403962&Signature=MFnIpI8JIHI45C7BbyaFL8lWycQwYoAl2GnDeQciDpn0ilyNcPzNtCYxBlFc6Yh0lPBc8jc0ANMt2yOLvb3fWLr4Cnxn72llnlkmHEjJJu5lN1Uc3v2kEYYtS4o73V7tpvyAjzWhAxFrpcfqDuGEqCBkPSoVQ8itxZxAFJzmG~BTJxVFxL-K3B2wicaDzLZ20oYPWvUZmuMz445vbqYg8dBOdAasRomQE-HffbFqVFQ0JwtDB4dvt~dhY6YQ9XPHNp-reV0cWJr41vYG4FUdLIlhluq8kHNaiGFctMFEn6Ux6AL09PEEEzooOlabjf11vkWaMRES~HzbolmS7MTiEA__&Key-Pair-Id=K28VXAGA7VWE0O
Requested by: Host: 10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com
URL: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.86.4.36 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-86-4-36.fra6.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 232d3fbf590a584138bb563319747dbef0c9e41db91f19ff45d41e785a5f4f98

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

x-amz-version-id: null
date: Tue, 29 Aug 2023 23:01:12 GMT
via: 1.1 1b412557b82dda96e078541f9ee8dfb2.cloudfront.net (CloudFront)
last-modified: Fri, 06 May 2022 11:40:06 GMT
server: AmazonS3
x-amz-cf-pop: FRA6-C1
age: 53592
etag: "4e57de0506fbdb487ffcd53b450caee1"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: image/png
accept-ranges: bytes
content-length: 2808
x-amz-cf-id: ZVMiNaIcKNH1dReZhjlZQrUg1Hry9-E_bZldsU02pPn0rnXDT2t2Dg==

GET
H2 200 pvClk.min.js Show response
analytics.webgains.io/ Frame 05AB 51 KB
18 KB 108ms
44ms Script
text/javascript 18.66.147.120
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.webgains.io/pvClk.min.js
Requested by: Host: track.webgains.com
URL: https://track.webgains.com/link.html?wglinkid=498343&wgcampaignid=99582&js=1&viewref=18486700079872604444550012432019&nw=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.147.120 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-147-120.fra60.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 43c969dd91796954ee5b0d995fddf5dc9b008844db541a4103c1d95b28ef2f74

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Tue, 29 Aug 2023 16:40:54 GMT
content-encoding: gzip
via: 1.1 a962efd99fafcdb81ca24e0e8140a67c.cloudfront.net (CloudFront)
last-modified: Mon, 07 Aug 2023 14:11:27 GMT
server: AmazonS3
x-amz-cf-pop: FRA60-P4
age: 76410
etag: W/"cb7accb6a6fc086cd831549a78a2fe42"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/javascript
x-amz-cf-id: NSlU2Aia7Rt4s1LnA-MBQidgsSTFLyb5HsIOk8xSiE_4qeN6xy5qIA==

GET
H2 200 1x1.gif
cdn.track.production.webgains.team/7121/ Frame 05AB 85 B
436 B 80ms
24ms Image
image/gif 99.86.4.36
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.track.production.webgains.team/7121/1x1.gif?Expires=1693403962&Signature=Y~nCEcu3-z-5qvdrwkWn4UVqtPhhLtymEHuWwtbeWpJ4~rqnZVrlSmGhLu-h2S~MNsfGx8hLcsWZfKlke4lzhd~q-eLzLw1PPcfBMtkeb0SuuPcheYN-Dyl3QAGSuneGWpmXJooIx-4mvs37tMdvuuOU-oiFOBr0do9N4kxaECVCP5prg5SLjI~Q1isdRSJWiZdn93bVxi6tQUwi77EGPvtWYZUeB60LkBicCGpCGAfgC7OkTOo06onjDB-Rcvl3jxK2~6Ol81zTd6gHkOZiQF93t8vhVZBOljfSXGcXt08qfOOA4xKo9Oo-sfFfeNFIzITxv8HDbAUvyiMM16VGjA__&Key-Pair-Id=K28VXAGA7VWE0O
Requested by: Host: 10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com
URL: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.86.4.36 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-86-4-36.fra6.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 08409d08d8d118c6c6d1c375e079bfce656ac367ff4d1dd9551fff110033c185

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

x-amz-version-id: null
date: Wed, 30 Aug 2023 02:23:07 GMT
via: 1.1 1b412557b82dda96e078541f9ee8dfb2.cloudfront.net (CloudFront)
last-modified: Fri, 06 May 2022 11:40:06 GMT
server: AmazonS3
x-amz-cf-pop: FRA6-C1
age: 41477
etag: "70af33d70b6810475aae19743c8c435b"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: image/gif
accept-ranges: bytes
content-length: 85
x-amz-cf-id: DTzjFuVZdC0pjUUxD1Cc4BbL_g-pRoqVBc3MdXu73beiTKa7a9ruNQ==

GET
H2 200 pvClk.min.js Show response
analytics.webgains.io/ Frame 2BC1 51 KB
18 KB 123ms
60ms Script
text/javascript 18.66.147.120
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.webgains.io/pvClk.min.js
Requested by: Host: track.webgains.com
URL: https://track.webgains.com/link.html?wglinkid=498343&wgcampaignid=99582&js=1&viewref=82333400087538704444550012432003&nw=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.147.120 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-147-120.fra60.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 43c969dd91796954ee5b0d995fddf5dc9b008844db541a4103c1d95b28ef2f74

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Tue, 29 Aug 2023 16:40:54 GMT
content-encoding: gzip
via: 1.1 a962efd99fafcdb81ca24e0e8140a67c.cloudfront.net (CloudFront)
last-modified: Mon, 07 Aug 2023 14:11:27 GMT
server: AmazonS3
x-amz-cf-pop: FRA60-P4
age: 76410
etag: W/"cb7accb6a6fc086cd831549a78a2fe42"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/javascript
x-amz-cf-id: 9iDlZkTRaf2ruGQidKcwocuMy66eDoqDFDWkstZamGn4by-ME26yNA==

GET
H2 200 1x1.gif
cdn.track.production.webgains.team/7121/ Frame 2BC1 85 B
436 B 80ms
26ms Image
image/gif 99.86.4.36
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.track.production.webgains.team/7121/1x1.gif?Expires=1693403962&Signature=Y~nCEcu3-z-5qvdrwkWn4UVqtPhhLtymEHuWwtbeWpJ4~rqnZVrlSmGhLu-h2S~MNsfGx8hLcsWZfKlke4lzhd~q-eLzLw1PPcfBMtkeb0SuuPcheYN-Dyl3QAGSuneGWpmXJooIx-4mvs37tMdvuuOU-oiFOBr0do9N4kxaECVCP5prg5SLjI~Q1isdRSJWiZdn93bVxi6tQUwi77EGPvtWYZUeB60LkBicCGpCGAfgC7OkTOo06onjDB-Rcvl3jxK2~6Ol81zTd6gHkOZiQF93t8vhVZBOljfSXGcXt08qfOOA4xKo9Oo-sfFfeNFIzITxv8HDbAUvyiMM16VGjA__&Key-Pair-Id=K28VXAGA7VWE0O
Requested by: Host: track.webgains.com
URL: https://track.webgains.com/link.html?wglinkid=498343&wgcampaignid=99582&js=1&viewref=82333400087538704444550012432003&nw=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.86.4.36 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-86-4-36.fra6.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 08409d08d8d118c6c6d1c375e079bfce656ac367ff4d1dd9551fff110033c185

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

x-amz-version-id: null
date: Wed, 30 Aug 2023 02:23:07 GMT
via: 1.1 1b412557b82dda96e078541f9ee8dfb2.cloudfront.net (CloudFront)
last-modified: Fri, 06 May 2022 11:40:06 GMT
server: AmazonS3
x-amz-cf-pop: FRA6-C1
age: 41477
etag: "70af33d70b6810475aae19743c8c435b"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: image/gif
accept-ranges: bytes
content-length: 85
x-amz-cf-id: ABxXTq5s7e-MxjZns9t2b1GfK-tcRIBRVd61PR5jtQqSkAuQNCH8Uw==

GET
H2 200 pvClk.min.js Show response
analytics.webgains.io/ Frame BD87 51 KB
18 KB 129ms
67ms Script
text/javascript 18.66.147.120
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.webgains.io/pvClk.min.js
Requested by: Host: track.webgains.com
URL: https://track.webgains.com/link.html?wglinkid=498343&wgcampaignid=99582&js=1&viewref=25812900085264604444550012432010&nw=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.147.120 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-147-120.fra60.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 43c969dd91796954ee5b0d995fddf5dc9b008844db541a4103c1d95b28ef2f74

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Tue, 29 Aug 2023 16:40:54 GMT
content-encoding: gzip
via: 1.1 a962efd99fafcdb81ca24e0e8140a67c.cloudfront.net (CloudFront)
last-modified: Mon, 07 Aug 2023 14:11:27 GMT
server: AmazonS3
x-amz-cf-pop: FRA60-P4
age: 76410
etag: W/"cb7accb6a6fc086cd831549a78a2fe42"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/javascript
x-amz-cf-id: l1eGeiuD5o1ztZqs6o4QBBIppM1xJEb-X2eY-c3fEy-NljFcIIwfXw==

GET
H2 200 1x1.gif
cdn.track.production.webgains.team/7121/ Frame BD87 85 B
436 B 80ms
27ms Image
image/gif 99.86.4.36
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.track.production.webgains.team/7121/1x1.gif?Expires=1693403962&Signature=Y~nCEcu3-z-5qvdrwkWn4UVqtPhhLtymEHuWwtbeWpJ4~rqnZVrlSmGhLu-h2S~MNsfGx8hLcsWZfKlke4lzhd~q-eLzLw1PPcfBMtkeb0SuuPcheYN-Dyl3QAGSuneGWpmXJooIx-4mvs37tMdvuuOU-oiFOBr0do9N4kxaECVCP5prg5SLjI~Q1isdRSJWiZdn93bVxi6tQUwi77EGPvtWYZUeB60LkBicCGpCGAfgC7OkTOo06onjDB-Rcvl3jxK2~6Ol81zTd6gHkOZiQF93t8vhVZBOljfSXGcXt08qfOOA4xKo9Oo-sfFfeNFIzITxv8HDbAUvyiMM16VGjA__&Key-Pair-Id=K28VXAGA7VWE0O
Requested by: Host: track.webgains.com
URL: https://track.webgains.com/link.html?wglinkid=498343&wgcampaignid=99582&js=1&viewref=25812900085264604444550012432010&nw=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.86.4.36 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-86-4-36.fra6.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 08409d08d8d118c6c6d1c375e079bfce656ac367ff4d1dd9551fff110033c185

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

x-amz-version-id: null
date: Wed, 30 Aug 2023 02:23:07 GMT
via: 1.1 1b412557b82dda96e078541f9ee8dfb2.cloudfront.net (CloudFront)
last-modified: Fri, 06 May 2022 11:40:06 GMT
server: AmazonS3
x-amz-cf-pop: FRA6-C1
age: 41477
etag: "70af33d70b6810475aae19743c8c435b"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: image/gif
accept-ranges: bytes
content-length: 85
x-amz-cf-id: ZZ8H_Egb62_yZr4JkmOEnAbZ-g-MeftOgge8SINnMYlxpx3imeLKvQ==

GET
H2 200 pvClk.min.js Show response
analytics.webgains.io/ Frame 9E9F 51 KB
18 KB 129ms
68ms Script
text/javascript 18.66.147.120
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.webgains.io/pvClk.min.js
Requested by: Host: track.webgains.com
URL: https://track.webgains.com/link.html?wglinkid=2513145&wgcampaignid=99582&js=1&viewref=62711200102690604444978012432012&nw=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.147.120 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-147-120.fra60.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 43c969dd91796954ee5b0d995fddf5dc9b008844db541a4103c1d95b28ef2f74

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Tue, 29 Aug 2023 16:40:54 GMT
content-encoding: gzip
via: 1.1 a962efd99fafcdb81ca24e0e8140a67c.cloudfront.net (CloudFront)
last-modified: Mon, 07 Aug 2023 14:11:27 GMT
server: AmazonS3
x-amz-cf-pop: FRA60-P4
age: 76410
etag: W/"cb7accb6a6fc086cd831549a78a2fe42"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/javascript
x-amz-cf-id: 9RGkfv7k9y5_7bGBuY3ZO2awjrkRoLJF_-GNaODflBXpMRO_VkBD_g==

GET
H2 200 1x1_0.png
cdn.track.production.webgains.team/7121/ Frame 9E9F 3 KB
3 KB 80ms
27ms Image
image/png 99.86.4.36
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.track.production.webgains.team/7121/1x1_0.png?Expires=1693403962&Signature=MFnIpI8JIHI45C7BbyaFL8lWycQwYoAl2GnDeQciDpn0ilyNcPzNtCYxBlFc6Yh0lPBc8jc0ANMt2yOLvb3fWLr4Cnxn72llnlkmHEjJJu5lN1Uc3v2kEYYtS4o73V7tpvyAjzWhAxFrpcfqDuGEqCBkPSoVQ8itxZxAFJzmG~BTJxVFxL-K3B2wicaDzLZ20oYPWvUZmuMz445vbqYg8dBOdAasRomQE-HffbFqVFQ0JwtDB4dvt~dhY6YQ9XPHNp-reV0cWJr41vYG4FUdLIlhluq8kHNaiGFctMFEn6Ux6AL09PEEEzooOlabjf11vkWaMRES~HzbolmS7MTiEA__&Key-Pair-Id=K28VXAGA7VWE0O
Requested by: Host: track.webgains.com
URL: https://track.webgains.com/link.html?wglinkid=2513145&wgcampaignid=99582&js=1&viewref=62711200102690604444978012432012&nw=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.86.4.36 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-86-4-36.fra6.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 232d3fbf590a584138bb563319747dbef0c9e41db91f19ff45d41e785a5f4f98

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

x-amz-version-id: null
date: Tue, 29 Aug 2023 23:01:12 GMT
via: 1.1 1b412557b82dda96e078541f9ee8dfb2.cloudfront.net (CloudFront)
last-modified: Fri, 06 May 2022 11:40:06 GMT
server: AmazonS3
x-amz-cf-pop: FRA6-C1
age: 53592
etag: "4e57de0506fbdb487ffcd53b450caee1"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: image/png
accept-ranges: bytes
content-length: 2808
x-amz-cf-id: BS2GzQS3yEkcZVUfyJ3IlfWPQ_0FxCAzdbTSorT5fgSp2bUvj3UY3Q==

GET
H2 200 pvClk.min.js Show response
analytics.webgains.io/ Frame 22A0 51 KB
18 KB 119ms
58ms Script
text/javascript 18.66.147.120
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.webgains.io/pvClk.min.js
Requested by: Host: track.webgains.com
URL: https://track.webgains.com/link.html?wglinkid=2513135&wgcampaignid=99582&js=1&viewref=95833400106828604444550012432018&nw=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.147.120 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-147-120.fra60.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 43c969dd91796954ee5b0d995fddf5dc9b008844db541a4103c1d95b28ef2f74

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Tue, 29 Aug 2023 16:40:54 GMT
content-encoding: gzip
via: 1.1 a962efd99fafcdb81ca24e0e8140a67c.cloudfront.net (CloudFront)
last-modified: Mon, 07 Aug 2023 14:11:27 GMT
server: AmazonS3
x-amz-cf-pop: FRA60-P4
age: 76410
etag: W/"cb7accb6a6fc086cd831549a78a2fe42"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/javascript
x-amz-cf-id: 5SXTsSJ-lJEehiZCEeOuVEdcOwOwYp4de8n2mE0N1fj4jU-almFabA==

GET
H2 200 1x1.png
cdn.track.production.webgains.team/7121/ Frame 22A0 3 KB
3 KB 78ms
25ms Image
image/png 99.86.4.36
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.track.production.webgains.team/7121/1x1.png?Expires=1693403962&Signature=B1oZfD793IIulQ15TK~ncqXkoIm~Dsonel7KC2OZ5zApddRxVuu1uajuwYkY3J2jgk9U2ph7Tl~QpVc0mnLMHvIOVd-fjydQuuGwf1MFyaHJLuKZ9ZV1ZSHrM1vJtvopr06bXzcdd6DldcM-8XkymspE8HeSgZVIljJmA1vOdMEzpXou9huRvnBC213ZiOs0l3n7JAQwT9AqPDYRw2nvsTxycri5coMSOtiTAuAl26B-WAtZPxjC~a6Y1Gpr80xKuOwEKsHQ4za2lJP--EBe8NKInDtPYgWcrMsrMYjvhR7~AMzAIDEDqb6a~r95vURIY~plE2GAdhQlUUDTMVA4IA__&Key-Pair-Id=K28VXAGA7VWE0O
Requested by: Host: track.webgains.com
URL: https://track.webgains.com/link.html?wglinkid=2513135&wgcampaignid=99582&js=1&viewref=95833400106828604444550012432018&nw=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.86.4.36 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-86-4-36.fra6.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 232d3fbf590a584138bb563319747dbef0c9e41db91f19ff45d41e785a5f4f98

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

x-amz-version-id: null
date: Tue, 29 Aug 2023 19:39:01 GMT
via: 1.1 1b412557b82dda96e078541f9ee8dfb2.cloudfront.net (CloudFront)
last-modified: Fri, 06 May 2022 11:40:06 GMT
server: AmazonS3
x-amz-cf-pop: FRA6-C1
age: 65723
etag: "4e57de0506fbdb487ffcd53b450caee1"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: image/png
accept-ranges: bytes
content-length: 2808
x-amz-cf-id: 2EhDTVi-bFcwLxLY7XyJcDIpykYHeKANIcF55GEOQ1Wc8RdvF6hNiA==

GET
H/1.1 200
OK viewability Show response
hal900010.redintelligence.net/ Frame 34E3 0
150 B 81ms
30ms Script
text/html 138.201.63.145
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal900010.redintelligence.net/viewability?s=25812900085264604444550012432010&a=c9a135ac&vb=m
Requested by: Host: hal900010.redintelligence.net
URL: https://hal900010.redintelligence.net/request_content.php?s=25812900085264604444550012432010&a=8d2217ed
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.63.145 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.145.63.201.138.clients.your-server.de
Software: Apache /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal900010.redintelligence.net/request_content.php?s=25812900085264604444550012432010&a=8d2217ed
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

Date: Wed, 30 Aug 2023 13:54:23 GMT
Server: Apache
Connection: close
Content-Length: 0
Content-Type: text/html; charset=UTF-8

GET
H2 200 link.html Show response
track.webgains.com/ Frame 9E07 2 KB
2 KB 87ms
87ms Script
text/html 3.9.22.61
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://track.webgains.com/link.html?wglinkid=2513145&wgcampaignid=99582&js=1&viewref=45250500104519004444550012432026&nw=1
Requested by: Host: 10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com
URL: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.9.22.61 London, United Kingdom, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-9-22-61.eu-west-2.compute.amazonaws.com
Software: nginx / PHP/7.4.26
Resource Hash: ce5d5141ab8fd9e59fec58bef77b8d8c194a4c61a8472c186007574c9463ace5

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Wed, 30 Aug 2023 13:54:23 GMT
last-modified: Wed, 30 Aug 2023 13:54:23 GMT
server: nginx
x-powered-by: PHP/7.4.26
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=60
access-control-allow-headers: Authorization
expires: Wed, 30 Aug 2023 13:55:23 GMT

GET
H3

200

activityi;dc_pre=CL3rzZ7EhIEDFWwNaAgd-6oHew;src=8019191;type=invmedia;cat=1up4h04i;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=7876159110773.76 Show response
8019191.fls.doubleclick.net/ Frame 44CE
Redirect Chain

https://8019191.fls.doubleclick.net/activityi;src=8019191;type=invmedia;cat=1up4h04i;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=7876159110773.76?
https://8019191.fls.doubleclick.net/activityi;dc_pre=CL3rzZ7EhIEDFWwNaAgd-6oHew;src=8019191;type=invmedia;cat=1up4h04i;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=7876159110773.76?

390 B
243 B

137ms
137ms

Document
text/html

172.217.16.134
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://8019191.fls.doubleclick.net/activityi;dc_pre=CL3rzZ7EhIEDFWwNaAgd-6oHew;src=8019191;type=invmedia;cat=1up4h04i;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=7876159110773.76?

Requested by

Host: 10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com
URL: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.16.134 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

zrh04s06-in-f134.1e100.net

Software

cafe /

Resource Hash

60802872ad53d0edadca50013544ed8a224fe7c3fe30d2ed6fa3ff090af6fa2a

Security Headers

Name	Value
Strict-Transport-Security	max-age=21600
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=0
content-encoding: br
content-length: 220
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 30 Aug 2023 13:54:23 GMT
expires: Wed, 30 Aug 2023 13:54:23 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
strict-transport-security: max-age=21600
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, must-revalidate
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 30 Aug 2023 13:54:23 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
follow-only-when-prerender-shown: 1
location: https://8019191.fls.doubleclick.net/activityi;dc_pre=CL3rzZ7EhIEDFWwNaAgd-6oHew;src=8019191;type=invmedia;cat=1up4h04i;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=7876159110773.76?
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma: no-cache
server: cafe
strict-transport-security: max-age=21600
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H/1.1 200
OK request_content.php Show response
hal900026.redintelligence.net/ Frame 691C 7 KB
2 KB 78ms
27ms Document
text/html 138.201.84.244
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal900026.redintelligence.net/request_content.php?s=45250500104519004444550012432026&a=d9ce2777
Requested by: Host: 10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com
URL: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.84.244 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.244.84.201.138.clients.your-server.de
Software: Apache /
Resource Hash: b381a9d08dc62dee3c7bc742c47bc117048f95bd400b31650ac9435268bac454

Request headers

Referer: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Connection: close
Content-Encoding: gzip
Content-Length: 2079
Content-Type: text/html; charset=utf-8
Date: Wed, 30 Aug 2023 13:54:23 GMT
Expires: Wed, 30 Aug 2023 14:54:23 +0200
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Pragma: no-cache
Server: Apache
Vary: Accept-Encoding

GET
DATA 200
OK truncated
/ Frame 9E07 212 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: fc00b9625d90f37225039ccbe84ab2d837e89c09a73651bb5a18201158b5200a

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 link.html Show response
track.webgains.com/ Frame EAC8 2 KB
2 KB 90ms
90ms Script
text/html 3.9.22.61
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://track.webgains.com/link.html?wglinkid=498343&wgcampaignid=99582&js=1&viewref=36807600106472204444550012432005&nw=1
Requested by: Host: 10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com
URL: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.9.22.61 London, United Kingdom, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-9-22-61.eu-west-2.compute.amazonaws.com
Software: nginx / PHP/7.4.26
Resource Hash: c981dcb044c5ab904f06fb48a0ea7f37f958d29af8fad2609c19e37be0602996

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Wed, 30 Aug 2023 13:54:23 GMT
last-modified: Wed, 30 Aug 2023 13:54:23 GMT
server: nginx
x-powered-by: PHP/7.4.26
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=60
access-control-allow-headers: Authorization
expires: Wed, 30 Aug 2023 13:55:23 GMT

GET
H3

200

activityi;dc_pre=CLzkz57EhIEDFd1LDQodESsCbg;src=8019191;type=invmedia;cat=1up4h04i;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=1805085479447.9521 Show response
8019191.fls.doubleclick.net/ Frame 27D9
Redirect Chain

https://8019191.fls.doubleclick.net/activityi;src=8019191;type=invmedia;cat=1up4h04i;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=1805085479447.9521?
https://8019191.fls.doubleclick.net/activityi;dc_pre=CLzkz57EhIEDFd1LDQodESsCbg;src=8019191;type=invmedia;cat=1up4h04i;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=1805085479447.9521?

392 B
242 B

139ms
138ms

Document
text/html

172.217.16.134
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://8019191.fls.doubleclick.net/activityi;dc_pre=CLzkz57EhIEDFd1LDQodESsCbg;src=8019191;type=invmedia;cat=1up4h04i;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=1805085479447.9521?

Requested by

Host: 10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com
URL: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.16.134 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

zrh04s06-in-f134.1e100.net

Software

cafe /

Resource Hash

735d3f010e0dab5b61e102b3b7997fb44073f916aabce5d24b2ee87c8480e5a8

Security Headers

Name	Value
Strict-Transport-Security	max-age=21600
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=0
content-encoding: br
content-length: 219
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 30 Aug 2023 13:54:23 GMT
expires: Wed, 30 Aug 2023 13:54:23 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
strict-transport-security: max-age=21600
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, must-revalidate
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 30 Aug 2023 13:54:23 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
follow-only-when-prerender-shown: 1
location: https://8019191.fls.doubleclick.net/activityi;dc_pre=CLzkz57EhIEDFd1LDQodESsCbg;src=8019191;type=invmedia;cat=1up4h04i;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=1805085479447.9521?
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma: no-cache
server: cafe
strict-transport-security: max-age=21600
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H/1.1 200
OK request_content.php Show response
hal90005.redintelligence.net/ Frame 7A73 7 KB
2 KB 79ms
29ms Document
text/html 138.201.63.165
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal90005.redintelligence.net/request_content.php?s=36807600106472204444550012432005&a=0cf021ba
Requested by: Host: 10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com
URL: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.63.165 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.165.63.201.138.clients.your-server.de
Software: Apache /
Resource Hash: b309510c5ee4a22d74dc29eb5a2beee7134d738058b383d7af61cf57f9f87e7d

Request headers

Referer: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Connection: close
Content-Encoding: gzip
Content-Length: 2082
Content-Type: text/html; charset=utf-8
Date: Wed, 30 Aug 2023 13:54:23 GMT
Expires: Wed, 30 Aug 2023 14:54:23 +0200
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Pragma: no-cache
Server: Apache
Vary: Accept-Encoding

GET
DATA 200
OK truncated
/ Frame EAC8 210 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 1dc8d07161e876e47c0776b8a181e18c4c36a76563a5227b2c6fc617cf4e80aa

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 link.html Show response
track.webgains.com/ Frame A54E 2 KB
2 KB 68ms
67ms Script
text/html 3.9.22.61
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://track.webgains.com/link.html?wglinkid=498343&wgcampaignid=99582&js=1&viewref=84913800085385704444550012432017&nw=1
Requested by: Host: 10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com
URL: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.9.22.61 London, United Kingdom, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-9-22-61.eu-west-2.compute.amazonaws.com
Software: nginx / PHP/7.4.26
Resource Hash: 4efd78f59416dbafee49c85a8e3a7579a3e86a69276434fcb98aee7d4c166b42

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Wed, 30 Aug 2023 13:54:23 GMT
last-modified: Wed, 30 Aug 2023 13:54:23 GMT
server: nginx
x-powered-by: PHP/7.4.26
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=60
access-control-allow-headers: Authorization
expires: Wed, 30 Aug 2023 13:55:23 GMT

GET
H3

200

activityi;dc_pre=CKDI0Z7EhIEDFchaDQod5UIAkg;src=8019191;type=invmedia;cat=1up4h04i;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=1363772885949.044 Show response
8019191.fls.doubleclick.net/ Frame 279A
Redirect Chain

https://8019191.fls.doubleclick.net/activityi;src=8019191;type=invmedia;cat=1up4h04i;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=1363772885949.044?
https://8019191.fls.doubleclick.net/activityi;dc_pre=CKDI0Z7EhIEDFchaDQod5UIAkg;src=8019191;type=invmedia;cat=1up4h04i;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=1363772885949.044?

391 B
243 B

135ms
135ms

Document
text/html

172.217.16.134
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://8019191.fls.doubleclick.net/activityi;dc_pre=CKDI0Z7EhIEDFchaDQod5UIAkg;src=8019191;type=invmedia;cat=1up4h04i;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=1363772885949.044?

Requested by

Host: 10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com
URL: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.16.134 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

zrh04s06-in-f134.1e100.net

Software

cafe /

Resource Hash

e6a2c195a844f45d8e47c3f9219967c93b4440f8d090826b60da74e85c421e48

Security Headers

Name	Value
Strict-Transport-Security	max-age=21600
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=0
content-encoding: br
content-length: 220
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 30 Aug 2023 13:54:23 GMT
expires: Wed, 30 Aug 2023 13:54:23 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
strict-transport-security: max-age=21600
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, must-revalidate
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 30 Aug 2023 13:54:23 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
follow-only-when-prerender-shown: 1
location: https://8019191.fls.doubleclick.net/activityi;dc_pre=CKDI0Z7EhIEDFchaDQod5UIAkg;src=8019191;type=invmedia;cat=1up4h04i;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=1363772885949.044?
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma: no-cache
server: cafe
strict-transport-security: max-age=21600
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H/1.1 200
OK request_content.php Show response
hal900017.redintelligence.net/ Frame 6233 7 KB
2 KB 84ms
26ms Document
text/html 159.69.70.9
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal900017.redintelligence.net/request_content.php?s=84913800085385704444550012432017&a=4cb107eb
Requested by: Host: 10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com
URL: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 159.69.70.9 Nuremberg, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.9.70.69.159.clients.your-server.de
Software: Apache /
Resource Hash: 169beeeb664277a045c0c8a272987ad6766f883261d159520ea107792bb0a34b

Request headers

Referer: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Connection: close
Content-Encoding: gzip
Content-Length: 2081
Content-Type: text/html; charset=utf-8
Date: Wed, 30 Aug 2023 13:54:23 GMT
Expires: Wed, 30 Aug 2023 14:54:23 +0200
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Pragma: no-cache
Server: Apache
Vary: Accept-Encoding

GET
DATA 200
OK truncated
/ Frame A54E 213 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 429962f6ef313d719f37947835c051d904f27f944b7fbe7b59df1ccaf8ecc500

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

Content-Type: image/png

GET
H/1.1 200
OK viewability Show response
hal90003.redintelligence.net/ Frame DC4B 0
150 B 86ms
28ms Script
text/html 138.201.63.117
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal90003.redintelligence.net/viewability?s=82333400087538704444550012432003&a=51d19264&vb=m
Requested by: Host: hal90003.redintelligence.net
URL: https://hal90003.redintelligence.net/request_content.php?s=82333400087538704444550012432003&a=287550bf
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.63.117 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.117.63.201.138.clients.your-server.de
Software: Apache /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal90003.redintelligence.net/request_content.php?s=82333400087538704444550012432003&a=287550bf
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

Date: Wed, 30 Aug 2023 13:54:23 GMT
Server: Apache
Connection: close
Content-Length: 0
Content-Type: text/html; charset=UTF-8

GET
H2 200 link.html Show response
track.webgains.com/ Frame AE73 2 KB
2 KB 94ms
93ms Script
text/html 3.9.22.61
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://track.webgains.com/link.html?wglinkid=2513135&wgcampaignid=99582&js=1&viewref=32045500103064804444550012432023&nw=1
Requested by: Host: 10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com
URL: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.9.22.61 London, United Kingdom, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-9-22-61.eu-west-2.compute.amazonaws.com
Software: nginx / PHP/7.4.26
Resource Hash: d6dae77160e57381a44c5048e94e3df0b0c8e3903010f8b6e8a5edcbe2cdb5db

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Wed, 30 Aug 2023 13:54:23 GMT
last-modified: Wed, 30 Aug 2023 13:54:23 GMT
server: nginx
x-powered-by: PHP/7.4.26
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=60
access-control-allow-headers: Authorization
expires: Wed, 30 Aug 2023 13:55:23 GMT

GET
H3

200

activityi;dc_pre=CJr11J7EhIEDFQ9DDQodClUFww;src=8019191;type=invmedia;cat=1up4h04i;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=4986261450805.827 Show response
8019191.fls.doubleclick.net/ Frame 11AC
Redirect Chain

https://8019191.fls.doubleclick.net/activityi;src=8019191;type=invmedia;cat=1up4h04i;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=4986261450805.827?
https://8019191.fls.doubleclick.net/activityi;dc_pre=CJr11J7EhIEDFQ9DDQodClUFww;src=8019191;type=invmedia;cat=1up4h04i;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=4986261450805.827?

391 B
239 B

136ms
135ms

Document
text/html

172.217.16.134
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://8019191.fls.doubleclick.net/activityi;dc_pre=CJr11J7EhIEDFQ9DDQodClUFww;src=8019191;type=invmedia;cat=1up4h04i;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=4986261450805.827?

Requested by

Host: 10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com
URL: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.16.134 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

zrh04s06-in-f134.1e100.net

Software

cafe /

Resource Hash

dedec9068f8da4f1539c95d04c10afc815e74e1360bf7b8508972e8d32557b69

Security Headers

Name	Value
Strict-Transport-Security	max-age=21600
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=0
content-encoding: br
content-length: 216
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 30 Aug 2023 13:54:23 GMT
expires: Wed, 30 Aug 2023 13:54:23 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
strict-transport-security: max-age=21600
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, must-revalidate
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 30 Aug 2023 13:54:23 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
follow-only-when-prerender-shown: 1
location: https://8019191.fls.doubleclick.net/activityi;dc_pre=CJr11J7EhIEDFQ9DDQodClUFww;src=8019191;type=invmedia;cat=1up4h04i;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=4986261450805.827?
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma: no-cache
server: cafe
strict-transport-security: max-age=21600
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H/1.1 200
OK request_content.php Show response
hal900023.redintelligence.net/ Frame 1788 7 KB
2 KB 82ms
27ms Document
text/html 78.46.23.46
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal900023.redintelligence.net/request_content.php?s=32045500103064804444550012432023&a=ef562229
Requested by: Host: 10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com
URL: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 78.46.23.46 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.46.23.46.78.clients.your-server.de
Software: Apache /
Resource Hash: 1af515016722a1ec9968057f97fd98d41e85e76fb7ab648aade1c6fa769fc5c8

Request headers

Referer: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Connection: close
Content-Encoding: gzip
Content-Length: 2063
Content-Type: text/html; charset=utf-8
Date: Wed, 30 Aug 2023 13:54:23 GMT
Expires: Wed, 30 Aug 2023 14:54:23 +0200
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Pragma: no-cache
Server: Apache
Vary: Accept-Encoding

GET
DATA 200
OK truncated
/ Frame AE73 213 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 45094627fb3f83a906abcf319ad45b20125ce40c639fce84057ced86b821ea88

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 link.html Show response
track.webgains.com/ Frame 2F46 2 KB
2 KB 88ms
88ms Script
text/html 3.9.22.61
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://track.webgains.com/link.html?wglinkid=2513145&wgcampaignid=99582&js=1&viewref=24992600080970204444554012432007&nw=1
Requested by: Host: 10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com
URL: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.9.22.61 London, United Kingdom, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-9-22-61.eu-west-2.compute.amazonaws.com
Software: nginx / PHP/7.4.26
Resource Hash: e67f5e78f2c8bb80c13b567bfad2a8c0a3d14c80619d8a12034266db3a1add67

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Wed, 30 Aug 2023 13:54:23 GMT
last-modified: Wed, 30 Aug 2023 13:54:23 GMT
server: nginx
x-powered-by: PHP/7.4.26
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=60
access-control-allow-headers: Authorization
expires: Wed, 30 Aug 2023 13:55:23 GMT

GET
H3

200

activityi;dc_pre=COnt2Z7EhIEDFYSKnwodfbUL3g;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=3166139025700.3296 Show response
5994599.fls.doubleclick.net/ Frame BA4A
Redirect Chain

https://5994599.fls.doubleclick.net/activityi;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=3166139025700.3296?
https://5994599.fls.doubleclick.net/activityi;dc_pre=COnt2Z7EhIEDFYSKnwodfbUL3g;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=3166139025700.3296?

392 B
243 B

138ms
137ms

Document
text/html

172.217.16.134
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://5994599.fls.doubleclick.net/activityi;dc_pre=COnt2Z7EhIEDFYSKnwodfbUL3g;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=3166139025700.3296?

Requested by

Host: 10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com
URL: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.16.134 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

zrh04s06-in-f134.1e100.net

Software

cafe /

Resource Hash

7d6b9e826375a61c3bc4421bec97243bfc0fce3a7a2ce0612624e0f9983517d8

Security Headers

Name	Value
Strict-Transport-Security	max-age=21600
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=0
content-encoding: br
content-length: 220
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 30 Aug 2023 13:54:23 GMT
expires: Wed, 30 Aug 2023 13:54:23 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
strict-transport-security: max-age=21600
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, must-revalidate
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 30 Aug 2023 13:54:23 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
follow-only-when-prerender-shown: 1
location: https://5994599.fls.doubleclick.net/activityi;dc_pre=COnt2Z7EhIEDFYSKnwodfbUL3g;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=3166139025700.3296?
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma: no-cache
server: cafe
strict-transport-security: max-age=21600
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H/1.1 200
OK request_content.php Show response
hal90007.redintelligence.net/ Frame 9FFA 7 KB
2 KB 98ms
28ms Document
text/html 138.201.63.157
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal90007.redintelligence.net/request_content.php?s=24992600080970204444554012432007&a=5c2079eb
Requested by: Host: 10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com
URL: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.63.157 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.157.63.201.138.clients.your-server.de
Software: Apache /
Resource Hash: b0474d8930cd24a17cd492edb031906f15b8cba084e916c3c577fee0910f8eea

Request headers

Referer: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Connection: close
Content-Encoding: gzip
Content-Length: 2053
Content-Type: text/html; charset=utf-8
Date: Wed, 30 Aug 2023 13:54:23 GMT
Expires: Wed, 30 Aug 2023 14:54:23 +0200
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Pragma: no-cache
Server: Apache
Vary: Accept-Encoding

GET
DATA 200
OK truncated
/ Frame 2F46 216 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 9732d82adcb0918d270b160fb468d160d38c2be862bb91305de26a5bdc8b7c9f

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 css
fonts.googleapis.com/ Frame 691C 2 KB
434 B 35ms
34ms Stylesheet
text/css 2a00:1450:4001:808::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Titillium+Web:400,700

Requested by

Host: hal900026.redintelligence.net
URL: https://hal900026.redintelligence.net/request_content.php?s=45250500104519004444550012432026&a=d9ce2777

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

bf5b911ce6645add415b3dbf40d50dc8cda426f38f5300525bf4793c4131b2c2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal900026.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Wed, 30 Aug 2023 13:54:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Wed, 30 Aug 2023 12:36:40 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Wed, 30 Aug 2023 13:54:23 GMT

GET
H/1.1 200
OK /
hal9000.redintelligence.net/scale/ Frame 691C 17 KB
17 KB 86ms
32ms Image
image/png 138.201.84.244
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://hal9000.redintelligence.net/scale/?nw=20&mode=bb&width=120&height=60&url=https://cdn.contentspread.net/24i/advertiser/6383/creativesup/produkte-kredite-privatkredit-mann-auf-pferd-teaser-logout-1200x627.jpg
Requested by: Host: hal900026.redintelligence.net
URL: https://hal900026.redintelligence.net/request_content.php?s=45250500104519004444550012432026&a=d9ce2777
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.84.244 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.244.84.201.138.clients.your-server.de
Software: Apache /
Resource Hash: 7c37f22bbc0acb8e210ca5319d10c0c4280e29496544b4e9cc3a0d241a438b94

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal900026.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

Date: Wed, 30 Aug 2023 13:54:23 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 16984
Vary: Accept-Encoding
Content-Type: image/png

GET
H/1.1 200
OK /
hal9000.redintelligence.net/scale/ Frame 691C 16 KB
16 KB 82ms
29ms Image
image/png 138.201.84.244
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://hal9000.redintelligence.net/scale/?nw=20&mode=bb&width=120&height=60&url=https://cdn.contentspread.net/24i/advertiser/30229/creativesup/1200x627_Office-Partner.jpg
Requested by: Host: hal900026.redintelligence.net
URL: https://hal900026.redintelligence.net/request_content.php?s=45250500104519004444550012432026&a=d9ce2777
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.84.244 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.244.84.201.138.clients.your-server.de
Software: Apache /
Resource Hash: 88a5290ca788e5166561ab0d792426426353614ff7d28d97caa99caf06069b77

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal900026.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

Date: Wed, 30 Aug 2023 13:54:24 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 16513
Vary: Accept-Encoding
Content-Type: image/png

GET
H/1.1 200
OK /
hal9000.redintelligence.net/scale/ Frame 691C 11 KB
11 KB 81ms
28ms Image
image/png 138.201.84.244
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://hal9000.redintelligence.net/scale/?nw=20&mode=bb&width=120&height=60&url=https://cdn.contentspread.net/24i/advertiser/36340/creativesup/native2.png
Requested by: Host: hal900026.redintelligence.net
URL: https://hal900026.redintelligence.net/request_content.php?s=45250500104519004444550012432026&a=d9ce2777
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.84.244 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.244.84.201.138.clients.your-server.de
Software: Apache /
Resource Hash: f906bcaf8ba478e4606cf734534611cac9765e61f67d80b5aa5cb667121abfcf

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal900026.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

Date: Wed, 30 Aug 2023 13:54:24 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 10939
Vary: Accept-Encoding
Content-Type: image/png

GET
H3 200 css
fonts.googleapis.com/ Frame 7A73 2 KB
434 B 32ms
32ms Stylesheet
text/css 2a00:1450:4001:808::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Titillium+Web:400,700

Requested by

Host: hal90005.redintelligence.net
URL: https://hal90005.redintelligence.net/request_content.php?s=36807600106472204444550012432005&a=0cf021ba

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

bf5b911ce6645add415b3dbf40d50dc8cda426f38f5300525bf4793c4131b2c2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal90005.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Wed, 30 Aug 2023 13:54:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Wed, 30 Aug 2023 12:53:23 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Wed, 30 Aug 2023 13:54:23 GMT

GET
H/1.1 200
OK /
hal9000.redintelligence.net/scale/ Frame 7A73 10 KB
10 KB 83ms
28ms Image
image/png 138.201.84.244
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://hal9000.redintelligence.net/scale/?nw=20&mode=bb&width=62&height=62&url=https://cdn.contentspread.net/24i/advertiser/6383/creativesup/produkte-kredite-privatkredit-mann-auf-pferd-teaser-logout-627x627.jpg
Requested by: Host: hal90005.redintelligence.net
URL: https://hal90005.redintelligence.net/request_content.php?s=36807600106472204444550012432005&a=0cf021ba
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.84.244 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.244.84.201.138.clients.your-server.de
Software: Apache /
Resource Hash: 68e41157dc1b5c39374f93783086784a275989fb108e1d5654d17f2da0227c25

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal90005.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

Date: Wed, 30 Aug 2023 13:54:23 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 9890
Vary: Accept-Encoding
Content-Type: image/png

GET
H/1.1 200
OK /
hal9000.redintelligence.net/scale/ Frame 7A73 9 KB
9 KB 79ms
27ms Image
image/png 138.201.84.244
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://hal9000.redintelligence.net/scale/?nw=20&mode=bb&width=62&height=62&url=https://cdn.contentspread.net/24i/advertiser/30229/creativesup/627x627_Office-Partner.jpg
Requested by: Host: hal90005.redintelligence.net
URL: https://hal90005.redintelligence.net/request_content.php?s=36807600106472204444550012432005&a=0cf021ba
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.84.244 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.244.84.201.138.clients.your-server.de
Software: Apache /
Resource Hash: 91d8a0b52f9987088a7e6de15316384a5134955ae08f67c7b4d7fd12812ad36c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal90005.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

Date: Wed, 30 Aug 2023 13:54:24 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 9249
Vary: Accept-Encoding
Content-Type: image/png

GET
H/1.1 200
OK /
hal9000.redintelligence.net/scale/ Frame 7A73 7 KB
7 KB 78ms
26ms Image
image/png 138.201.84.244
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://hal9000.redintelligence.net/scale/?nw=20&mode=bb&width=62&height=62&url=https://cdn.contentspread.net/24i/advertiser/36340/creativesup/native4.png
Requested by: Host: hal90005.redintelligence.net
URL: https://hal90005.redintelligence.net/request_content.php?s=36807600106472204444550012432005&a=0cf021ba
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.84.244 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.244.84.201.138.clients.your-server.de
Software: Apache /
Resource Hash: cb7c14648d1fe914145976bcc9127aaf13672bc3c5440c65add4c7f69e1a8f63

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal90005.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

Date: Wed, 30 Aug 2023 13:54:24 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 7116
Vary: Accept-Encoding
Content-Type: image/png

GET
H3 200 css
fonts.googleapis.com/ Frame 6233 2 KB
434 B 31ms
30ms Stylesheet
text/css 2a00:1450:4001:808::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Titillium+Web:400,700

Requested by

Host: hal900017.redintelligence.net
URL: https://hal900017.redintelligence.net/request_content.php?s=84913800085385704444550012432017&a=4cb107eb

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

bf5b911ce6645add415b3dbf40d50dc8cda426f38f5300525bf4793c4131b2c2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal900017.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Wed, 30 Aug 2023 13:54:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Wed, 30 Aug 2023 12:55:24 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Wed, 30 Aug 2023 13:54:23 GMT

GET
H/1.1 200
OK /
hal9000.redintelligence.net/scale/ Frame 6233 17 KB
17 KB 78ms
27ms Image
image/png 138.201.84.244
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://hal9000.redintelligence.net/scale/?nw=20&mode=bb&width=120&height=60&url=https://cdn.contentspread.net/24i/advertiser/6383/creativesup/produkte-kredite-privatkredit-mann-auf-pferd-teaser-logout-1200x627.jpg
Requested by: Host: hal900017.redintelligence.net
URL: https://hal900017.redintelligence.net/request_content.php?s=84913800085385704444550012432017&a=4cb107eb
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.84.244 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.244.84.201.138.clients.your-server.de
Software: Apache /
Resource Hash: 7c37f22bbc0acb8e210ca5319d10c0c4280e29496544b4e9cc3a0d241a438b94

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal900017.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

Date: Wed, 30 Aug 2023 13:54:23 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 16984
Vary: Accept-Encoding
Content-Type: image/png

GET
H/1.1 200
OK /
hal9000.redintelligence.net/scale/ Frame 6233 16 KB
16 KB 91ms
28ms Image
image/png 138.201.84.244
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://hal9000.redintelligence.net/scale/?nw=20&mode=bb&width=120&height=60&url=https://cdn.contentspread.net/24i/advertiser/30229/creativesup/1200x627_Office-Partner.jpg
Requested by: Host: hal900017.redintelligence.net
URL: https://hal900017.redintelligence.net/request_content.php?s=84913800085385704444550012432017&a=4cb107eb
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.84.244 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.244.84.201.138.clients.your-server.de
Software: Apache /
Resource Hash: 88a5290ca788e5166561ab0d792426426353614ff7d28d97caa99caf06069b77

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal900017.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

Date: Wed, 30 Aug 2023 13:54:24 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 16513
Vary: Accept-Encoding
Content-Type: image/png

GET
H/1.1 200
OK /
hal9000.redintelligence.net/scale/ Frame 6233 11 KB
11 KB 103ms
27ms Image
image/png 138.201.84.244
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://hal9000.redintelligence.net/scale/?nw=20&mode=bb&width=120&height=60&url=https://cdn.contentspread.net/24i/advertiser/36340/creativesup/native2.png
Requested by: Host: hal900017.redintelligence.net
URL: https://hal900017.redintelligence.net/request_content.php?s=84913800085385704444550012432017&a=4cb107eb
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.84.244 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.244.84.201.138.clients.your-server.de
Software: Apache /
Resource Hash: f906bcaf8ba478e4606cf734534611cac9765e61f67d80b5aa5cb667121abfcf

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal900017.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

Date: Wed, 30 Aug 2023 13:54:24 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 10939
Vary: Accept-Encoding
Content-Type: image/png

GET
H3 200 css
fonts.googleapis.com/ Frame 1788 2 KB
434 B 32ms
31ms Stylesheet
text/css 2a00:1450:4001:808::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Titillium+Web:400,700

Requested by

Host: hal900023.redintelligence.net
URL: https://hal900023.redintelligence.net/request_content.php?s=32045500103064804444550012432023&a=ef562229

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

bf5b911ce6645add415b3dbf40d50dc8cda426f38f5300525bf4793c4131b2c2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal900023.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Wed, 30 Aug 2023 13:54:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Wed, 30 Aug 2023 13:48:38 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Wed, 30 Aug 2023 13:54:23 GMT

GET
H/1.1 200
OK /
hal9000.redintelligence.net/scale/ Frame 1788 10 KB
10 KB 83ms
29ms Image
image/png 138.201.84.244
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://hal9000.redintelligence.net/scale/?nw=20&mode=bb&width=62&height=62&url=https://cdn.contentspread.net/24i/advertiser/6383/creativesup/produkte-kredite-privatkredit-mann-auf-pferd-teaser-logout-627x627.jpg
Requested by: Host: hal900023.redintelligence.net
URL: https://hal900023.redintelligence.net/request_content.php?s=32045500103064804444550012432023&a=ef562229
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.84.244 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.244.84.201.138.clients.your-server.de
Software: Apache /
Resource Hash: 68e41157dc1b5c39374f93783086784a275989fb108e1d5654d17f2da0227c25

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal900023.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

Date: Wed, 30 Aug 2023 13:54:23 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 9890
Vary: Accept-Encoding
Content-Type: image/png

GET
H/1.1 200
OK /
hal9000.redintelligence.net/scale/ Frame 1788 9 KB
9 KB 149ms
28ms Image
image/png 138.201.84.244
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://hal9000.redintelligence.net/scale/?nw=20&mode=bb&width=62&height=62&url=https://cdn.contentspread.net/24i/advertiser/30229/creativesup/627x627_Office-Partner.jpg
Requested by: Host: hal900023.redintelligence.net
URL: https://hal900023.redintelligence.net/request_content.php?s=32045500103064804444550012432023&a=ef562229
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.84.244 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.244.84.201.138.clients.your-server.de
Software: Apache /
Resource Hash: 91d8a0b52f9987088a7e6de15316384a5134955ae08f67c7b4d7fd12812ad36c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal900023.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

Date: Wed, 30 Aug 2023 13:54:24 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 9249
Vary: Accept-Encoding
Content-Type: image/png

GET
H/1.1 200
OK /
hal9000.redintelligence.net/scale/ Frame 1788 7 KB
7 KB 149ms
27ms Image
image/png 138.201.84.244
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://hal9000.redintelligence.net/scale/?nw=20&mode=bb&width=62&height=62&url=https://cdn.contentspread.net/24i/advertiser/36340/creativesup/native4.png
Requested by: Host: hal900023.redintelligence.net
URL: https://hal900023.redintelligence.net/request_content.php?s=32045500103064804444550012432023&a=ef562229
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.84.244 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.244.84.201.138.clients.your-server.de
Software: Apache /
Resource Hash: cb7c14648d1fe914145976bcc9127aaf13672bc3c5440c65add4c7f69e1a8f63

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal900023.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

Date: Wed, 30 Aug 2023 13:54:24 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 7116
Vary: Accept-Encoding
Content-Type: image/png

GET
H2 200 6xKydSBYKcSV-LCoeQqfX1RYOo3i54rwlxdu.woff2
fonts.gstatic.com/s/sourcesanspro/v22/ Frame 0ADB 14 KB
15 KB 74ms
22ms Font
font/woff2 2a00:1450:4001:802::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/sourcesanspro/v22/6xKydSBYKcSV-LCoeQqfX1RYOo3i54rwlxdu.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Source+Sans+Pro:400,600

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ca57b79a870bbf54700730858603a70d79743779c1b059922ec401bfddc5adc9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://hal900012.redintelligence.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Thu, 24 Aug 2023 21:33:46 GMT
x-content-type-options: nosniff
age: 490837
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14824
x-xss-protection: 0
last-modified: Thu, 01 Jun 2023 22:52:55 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 23 Aug 2024 21:33:46 GMT

GET
H2 200 6xK3dSBYKcSV-LCoeQqfX1RYOo3qOK7l.woff2
fonts.gstatic.com/s/sourcesanspro/v22/ Frame 0ADB 15 KB
15 KB 78ms
27ms Font
font/woff2 2a00:1450:4001:802::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/sourcesanspro/v22/6xK3dSBYKcSV-LCoeQqfX1RYOo3qOK7l.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Source+Sans+Pro:400,600

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7b348b30ea1fe43857e68fc462c29e5c6e63c97666af75135c4396a272e54762

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://hal900012.redintelligence.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Fri, 25 Aug 2023 09:02:57 GMT
x-content-type-options: nosniff
age: 449486
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14892
x-xss-protection: 0
last-modified: Thu, 01 Jun 2023 22:52:56 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 24 Aug 2024 09:02:57 GMT

GET
H2 200 dc_pre=CL3rzZ7EhIEDFWwNaAgd-6oHew;src=8019191;type=invmedia;cat=1up4h04i;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=7876159110773.76
adservice.google.com/ddm/fls/z/ Frame 44CE 42 B
107 B 127ms
126ms Image
image/gif 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://adservice.google.com/ddm/fls/z/dc_pre=CL3rzZ7EhIEDFWwNaAgd-6oHew;src=8019191;type=invmedia;cat=1up4h04i;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=7876159110773.76

Requested by

Host: 8019191.fls.doubleclick.net
URL: https://8019191.fls.doubleclick.net/activityi;dc_pre=CL3rzZ7EhIEDFWwNaAgd-6oHew;src=8019191;type=invmedia;cat=1up4h04i;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=7876159110773.76?

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8019191.fls.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 30 Aug 2023 13:54:23 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 css
fonts.googleapis.com/ Frame 9FFA 5 KB
682 B 31ms
31ms Stylesheet
text/css 2a00:1450:4001:808::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Source+Sans+Pro:400,600

Requested by

Host: hal90007.redintelligence.net
URL: https://hal90007.redintelligence.net/request_content.php?s=24992600080970204444554012432007&a=5c2079eb

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

e334ca19f092778f57815a534078daf8e3fce269e56f7ea374ab3a117eee92ad

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal90007.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Wed, 30 Aug 2023 13:54:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Wed, 30 Aug 2023 12:30:19 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Wed, 30 Aug 2023 13:54:23 GMT

GET
H/1.1 200
OK /
hal9000.redintelligence.net/scale/ Frame 9FFA 12 KB
12 KB 79ms
26ms Image
image/png 138.201.84.244
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://hal9000.redintelligence.net/scale/?nw=20&mode=bb&width=100&height=50&url=https://cdn.contentspread.net/24i/advertiser/6383/creativesup/produkte-kredite-privatkredit-mann-auf-pferd-teaser-logout-1200x627.jpg
Requested by: Host: hal90007.redintelligence.net
URL: https://hal90007.redintelligence.net/request_content.php?s=24992600080970204444554012432007&a=5c2079eb
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.84.244 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.244.84.201.138.clients.your-server.de
Software: Apache /
Resource Hash: a738702ca0c04d2ca0505ceb1063bdd830bc09193bc77fc3d1f2378fc9265fc3

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal90007.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

Date: Wed, 30 Aug 2023 13:54:24 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 12180
Vary: Accept-Encoding
Content-Type: image/png

GET
H/1.1 200
OK /
hal9000.redintelligence.net/scale/ Frame 9FFA 12 KB
12 KB 82ms
27ms Image
image/png 138.201.84.244
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://hal9000.redintelligence.net/scale/?nw=20&mode=bb&width=100&height=50&url=https://cdn.contentspread.net/24i/advertiser/30229/creativesup/1200x627_Office-Partner.jpg
Requested by: Host: hal90007.redintelligence.net
URL: https://hal90007.redintelligence.net/request_content.php?s=24992600080970204444554012432007&a=5c2079eb
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.84.244 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.244.84.201.138.clients.your-server.de
Software: Apache /
Resource Hash: a7de66422675310c3ae05841632e4a25952cba73a67253dcba0a3892868df64a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal90007.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

Date: Wed, 30 Aug 2023 13:54:24 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 12071
Vary: Accept-Encoding
Content-Type: image/png

GET
H/1.1 200
OK /
hal9000.redintelligence.net/scale/ Frame 9FFA 8 KB
8 KB 84ms
28ms Image
image/png 138.201.84.244
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://hal9000.redintelligence.net/scale/?nw=20&mode=bb&width=100&height=50&url=https://cdn.contentspread.net/24i/advertiser/36340/creativesup/native2.png
Requested by: Host: hal90007.redintelligence.net
URL: https://hal90007.redintelligence.net/request_content.php?s=24992600080970204444554012432007&a=5c2079eb
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.84.244 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.244.84.201.138.clients.your-server.de
Software: Apache /
Resource Hash: c49cc4251bdd9e6804f64dcedc35731446350f5cf953ced77246697d434fe3a0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal90007.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

Date: Wed, 30 Aug 2023 13:54:24 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 8150
Vary: Accept-Encoding
Content-Type: image/png

GET
H3 200 dc_pre=CLzkz57EhIEDFd1LDQodESsCbg;src=8019191;type=invmedia;cat=1up4h04i;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=1805085479447.9521
adservice.google.com/ddm/fls/z/ Frame 27D9 42 B
63 B 122ms
122ms Image
image/gif 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://adservice.google.com/ddm/fls/z/dc_pre=CLzkz57EhIEDFd1LDQodESsCbg;src=8019191;type=invmedia;cat=1up4h04i;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=1805085479447.9521

Requested by

Host: 8019191.fls.doubleclick.net
URL: https://8019191.fls.doubleclick.net/activityi;dc_pre=CLzkz57EhIEDFd1LDQodESsCbg;src=8019191;type=invmedia;cat=1up4h04i;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=1805085479447.9521?

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8019191.fls.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 30 Aug 2023 13:54:24 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 dc_pre=CKDI0Z7EhIEDFchaDQod5UIAkg;src=8019191;type=invmedia;cat=1up4h04i;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=1363772885949.044
adservice.google.com/ddm/fls/z/ Frame 279A 42 B
63 B 121ms
121ms Image
image/gif 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://adservice.google.com/ddm/fls/z/dc_pre=CKDI0Z7EhIEDFchaDQod5UIAkg;src=8019191;type=invmedia;cat=1up4h04i;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=1363772885949.044

Requested by

Host: 8019191.fls.doubleclick.net
URL: https://8019191.fls.doubleclick.net/activityi;dc_pre=CKDI0Z7EhIEDFchaDQod5UIAkg;src=8019191;type=invmedia;cat=1up4h04i;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=1363772885949.044?

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8019191.fls.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 30 Aug 2023 13:54:24 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 dc_pre=CJr11J7EhIEDFQ9DDQodClUFww;src=8019191;type=invmedia;cat=1up4h04i;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=4986261450805.827
adservice.google.com/ddm/fls/z/ Frame 11AC 42 B
63 B 122ms
121ms Image
image/gif 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://adservice.google.com/ddm/fls/z/dc_pre=CJr11J7EhIEDFQ9DDQodClUFww;src=8019191;type=invmedia;cat=1up4h04i;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=4986261450805.827

Requested by

Host: 8019191.fls.doubleclick.net
URL: https://8019191.fls.doubleclick.net/activityi;dc_pre=CJr11J7EhIEDFQ9DDQodClUFww;src=8019191;type=invmedia;cat=1up4h04i;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=4986261450805.827?

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8019191.fls.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 30 Aug 2023 13:54:24 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ Frame 61AF 266 KB
89 KB 31ms
31ms Script
application/javascript 2a00:1450:4001:81c::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-Q7C756EV6G&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-TBMT2SF

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

8f8ee8f6c73a5a8fa0a274d8609c03f59db49fc8eb2407e0599f07f665555daf

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://adv.office-partner.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Wed, 30 Aug 2023 13:54:24 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 90624
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Wed, 30 Aug 2023 13:54:24 GMT

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ Frame 07C6 266 KB
89 KB 31ms
31ms Script
application/javascript 2a00:1450:4001:81c::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-Q7C756EV6G&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-TBMT2SF

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

9a1e3c8ee5451648f4d3f42900be8841b00e598502ef81b9d0b8d3e81e6f1984

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://adv.office-partner.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Wed, 30 Aug 2023 13:54:24 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 90624
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Wed, 30 Aug 2023 13:54:24 GMT

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ Frame AA56 266 KB
88 KB 35ms
35ms Script
application/javascript 2a00:1450:4001:81c::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-Q7C756EV6G&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-TBMT2SF

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

0fffd4a4670502f0633fa5c91c09f60c780d7d7588960a4bf33929a88f77705a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://adv.office-partner.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Wed, 30 Aug 2023 13:54:24 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 90565
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Wed, 30 Aug 2023 13:54:24 GMT

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ Frame AC1A 266 KB
88 KB 46ms
45ms Script
application/javascript 2a00:1450:4001:81c::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-Q7C756EV6G&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-TBMT2SF

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

f6d74940de5cc282f554cbdfdf8151c9cb17490ac871d5251c0771a22a8b0993

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://adv.office-partner.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Wed, 30 Aug 2023 13:54:24 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 90563
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Wed, 30 Aug 2023 13:54:24 GMT

GET
H3 200 dc_pre=COnt2Z7EhIEDFYSKnwodfbUL3g;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=3166139025700.3296
adservice.google.com/ddm/fls/z/ Frame BA4A 42 B
63 B 123ms
123ms Image
image/gif 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://adservice.google.com/ddm/fls/z/dc_pre=COnt2Z7EhIEDFYSKnwodfbUL3g;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=3166139025700.3296

Requested by

Host: 5994599.fls.doubleclick.net
URL: https://5994599.fls.doubleclick.net/activityi;dc_pre=COnt2Z7EhIEDFYSKnwodfbUL3g;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=3166139025700.3296?

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://5994599.fls.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 30 Aug 2023 13:54:24 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ Frame 930F 266 KB
89 KB 48ms
47ms Script
application/javascript 2a00:1450:4001:81c::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-Q7C756EV6G&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-TBMT2SF

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

8f8ee8f6c73a5a8fa0a274d8609c03f59db49fc8eb2407e0599f07f665555daf

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://adv.office-partner.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Wed, 30 Aug 2023 13:54:24 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 90624
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Wed, 30 Aug 2023 13:54:24 GMT

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ Frame 03F1 266 KB
89 KB 49ms
48ms Script
application/javascript 2a00:1450:4001:81c::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-Q7C756EV6G&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-TBMT2SF

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

9a1e3c8ee5451648f4d3f42900be8841b00e598502ef81b9d0b8d3e81e6f1984

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://adv.office-partner.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Wed, 30 Aug 2023 13:54:24 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 90624
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Wed, 30 Aug 2023 13:54:24 GMT

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ Frame E37B 266 KB
89 KB 44ms
43ms Script
application/javascript 2a00:1450:4001:81c::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-Q7C756EV6G&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-TBMT2SF

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

9a1e3c8ee5451648f4d3f42900be8841b00e598502ef81b9d0b8d3e81e6f1984

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://adv.office-partner.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Wed, 30 Aug 2023 13:54:24 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 90624
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Wed, 30 Aug 2023 13:54:24 GMT

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ Frame 686C 266 KB
89 KB 43ms
42ms Script
application/javascript 2a00:1450:4001:81c::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-Q7C756EV6G&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-TBMT2SF

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

8f8ee8f6c73a5a8fa0a274d8609c03f59db49fc8eb2407e0599f07f665555daf

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://adv.office-partner.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Wed, 30 Aug 2023 13:54:24 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 90624
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Wed, 30 Aug 2023 13:54:24 GMT

GET
H2 200 pvClk.min.js Show response
analytics.webgains.io/ Frame 9E07 51 KB
18 KB 24ms
22ms Script
text/javascript 18.66.147.120
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.webgains.io/pvClk.min.js
Requested by: Host: track.webgains.com
URL: https://track.webgains.com/link.html?wglinkid=2513145&wgcampaignid=99582&js=1&viewref=45250500104519004444550012432026&nw=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.147.120 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-147-120.fra60.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 43c969dd91796954ee5b0d995fddf5dc9b008844db541a4103c1d95b28ef2f74

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Tue, 29 Aug 2023 16:40:54 GMT
content-encoding: gzip
via: 1.1 a962efd99fafcdb81ca24e0e8140a67c.cloudfront.net (CloudFront)
last-modified: Mon, 07 Aug 2023 14:11:27 GMT
server: AmazonS3
x-amz-cf-pop: FRA60-P4
age: 76411
etag: W/"cb7accb6a6fc086cd831549a78a2fe42"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/javascript
x-amz-cf-id: Q2mNuAuJ_QLPP9pcy7QDHIdln629HCJUbnOWkj1FywuXjEOvo6mdEA==

GET
H2 200 1x1_0.png
cdn.track.production.webgains.team/7121/ Frame 9E07 3 KB
3 KB 22ms
21ms Image
image/png 99.86.4.36
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.track.production.webgains.team/7121/1x1_0.png?Expires=1693403963&Signature=J6b3HIZo4ujA0kGmZ4BVt6Lev8chZ3XAH~Fo5YR-yUUjbM7DRyyh~MIySGmb5gCIJ8RtFwdQcMx1UKDSuovVzO-2japhpgzlW8jHdPIlmrLqaSbDVrbRqcf-AIuBZbX6zJBFhQVfqkn2cr76h8t8vuT85EpHu9zQtfHmfLNJ0Ru6jfYOybYrC~3bCmz0SaATRjJ5rGbkIeGQl9qUNWyEVKpkQuMtWPeoi5Ie4vCjj4TGLC3PREPo8gQkxqMjD1lUo0k5g-6Yt8f2D5CXDnvKreBVoBzYUJhGJCESVR7kHARDBQxd3vU1EYVHvXQGhbXWxlBAxZGswmEjzLMY~ec9Qw__&Key-Pair-Id=K28VXAGA7VWE0O
Requested by: Host: 10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com
URL: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.86.4.36 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-86-4-36.fra6.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 232d3fbf590a584138bb563319747dbef0c9e41db91f19ff45d41e785a5f4f98

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

x-amz-version-id: null
date: Tue, 29 Aug 2023 23:01:12 GMT
via: 1.1 1b412557b82dda96e078541f9ee8dfb2.cloudfront.net (CloudFront)
last-modified: Fri, 06 May 2022 11:40:06 GMT
server: AmazonS3
x-amz-cf-pop: FRA6-C1
age: 53593
etag: "4e57de0506fbdb487ffcd53b450caee1"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: image/png
accept-ranges: bytes
content-length: 2808
x-amz-cf-id: xAzYv5ORoHkghDWaR4pJSPjhZ3bmmdFHAX5-KHIiy3rxtMRBmJGbUg==

GET
H2 200 pvClk.min.js Show response
analytics.webgains.io/ Frame EAC8 51 KB
18 KB 25ms
23ms Script
text/javascript 18.66.147.120
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.webgains.io/pvClk.min.js
Requested by: Host: track.webgains.com
URL: https://track.webgains.com/link.html?wglinkid=498343&wgcampaignid=99582&js=1&viewref=36807600106472204444550012432005&nw=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.147.120 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-147-120.fra60.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 43c969dd91796954ee5b0d995fddf5dc9b008844db541a4103c1d95b28ef2f74

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Tue, 29 Aug 2023 16:40:54 GMT
content-encoding: gzip
via: 1.1 a962efd99fafcdb81ca24e0e8140a67c.cloudfront.net (CloudFront)
last-modified: Mon, 07 Aug 2023 14:11:27 GMT
server: AmazonS3
x-amz-cf-pop: FRA60-P4
age: 76411
etag: W/"cb7accb6a6fc086cd831549a78a2fe42"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/javascript
x-amz-cf-id: q23rbeLNPG4MAFqBAC_BPAoX8sdi1vjPk1O3u2u4UuzIMZHgKkYO3w==

GET
H2 200 1x1.gif
cdn.track.production.webgains.team/7121/ Frame EAC8 85 B
436 B 24ms
22ms Image
image/gif 99.86.4.36
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.track.production.webgains.team/7121/1x1.gif?Expires=1693403963&Signature=c~w01jCT6iQC86i80QuXwtVFAPSGOsEHoAp9F1A~gb2~4BxXZkXpXm8NPMpoLOVr8yZfoygA00yg4-4HCo18SSOJQSKsNXaOP3RH1FEGp6mwA6CkqgZjj7hopR3I8ksEfQ2yUCmeLK5P4g5ppO6HYmik3HVpb0OqXYlBeQs0AXeMZ0cbBJ~EXcvTBiuxctN6PEcKIB7GpoTeIZbbV7GvbwUMRUrFqB-WBKGjTGlvzbTjPE525bE2GZCcKB7H5EW2wKVZsRQEVGxIL0DPB6FsPkEy~7rIV3hX-9Hjlb2jO0MBdwG3lL531l3TuVxFSBYKhIlRKvuCZCHXPdXyYqSmZA__&Key-Pair-Id=K28VXAGA7VWE0O
Requested by: Host: 10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com
URL: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.86.4.36 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-86-4-36.fra6.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 08409d08d8d118c6c6d1c375e079bfce656ac367ff4d1dd9551fff110033c185

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

x-amz-version-id: null
date: Wed, 30 Aug 2023 02:23:07 GMT
via: 1.1 1b412557b82dda96e078541f9ee8dfb2.cloudfront.net (CloudFront)
last-modified: Fri, 06 May 2022 11:40:06 GMT
server: AmazonS3
x-amz-cf-pop: FRA6-C1
age: 41478
etag: "70af33d70b6810475aae19743c8c435b"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: image/gif
accept-ranges: bytes
content-length: 85
x-amz-cf-id: Lyk16-pvfsYqo0oIQUGz2UDkaicrcQtsoCM0OkMG4qTZOaHZexXhHA==

GET
H2 200 pvClk.min.js Show response
analytics.webgains.io/ Frame A54E 51 KB
18 KB 25ms
22ms Script
text/javascript 18.66.147.120
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.webgains.io/pvClk.min.js
Requested by: Host: track.webgains.com
URL: https://track.webgains.com/link.html?wglinkid=498343&wgcampaignid=99582&js=1&viewref=84913800085385704444550012432017&nw=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.147.120 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-147-120.fra60.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 43c969dd91796954ee5b0d995fddf5dc9b008844db541a4103c1d95b28ef2f74

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Tue, 29 Aug 2023 16:40:54 GMT
content-encoding: gzip
via: 1.1 a962efd99fafcdb81ca24e0e8140a67c.cloudfront.net (CloudFront)
last-modified: Mon, 07 Aug 2023 14:11:27 GMT
server: AmazonS3
x-amz-cf-pop: FRA60-P4
age: 76411
etag: W/"cb7accb6a6fc086cd831549a78a2fe42"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/javascript
x-amz-cf-id: d3gDtILKzSrlqesepbEIMSZCujeYrc386psM6VacRoK4Z7i2-mf1Wg==

GET
H2 200 1x1.gif
cdn.track.production.webgains.team/7121/ Frame A54E 85 B
434 B 23ms
21ms Image
image/gif 99.86.4.36
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.track.production.webgains.team/7121/1x1.gif?Expires=1693403963&Signature=c~w01jCT6iQC86i80QuXwtVFAPSGOsEHoAp9F1A~gb2~4BxXZkXpXm8NPMpoLOVr8yZfoygA00yg4-4HCo18SSOJQSKsNXaOP3RH1FEGp6mwA6CkqgZjj7hopR3I8ksEfQ2yUCmeLK5P4g5ppO6HYmik3HVpb0OqXYlBeQs0AXeMZ0cbBJ~EXcvTBiuxctN6PEcKIB7GpoTeIZbbV7GvbwUMRUrFqB-WBKGjTGlvzbTjPE525bE2GZCcKB7H5EW2wKVZsRQEVGxIL0DPB6FsPkEy~7rIV3hX-9Hjlb2jO0MBdwG3lL531l3TuVxFSBYKhIlRKvuCZCHXPdXyYqSmZA__&Key-Pair-Id=K28VXAGA7VWE0O
Requested by: Host: track.webgains.com
URL: https://track.webgains.com/link.html?wglinkid=498343&wgcampaignid=99582&js=1&viewref=84913800085385704444550012432017&nw=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.86.4.36 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-86-4-36.fra6.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 08409d08d8d118c6c6d1c375e079bfce656ac367ff4d1dd9551fff110033c185

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

x-amz-version-id: null
date: Wed, 30 Aug 2023 02:23:07 GMT
via: 1.1 1b412557b82dda96e078541f9ee8dfb2.cloudfront.net (CloudFront)
last-modified: Fri, 06 May 2022 11:40:06 GMT
server: AmazonS3
x-amz-cf-pop: FRA6-C1
age: 41478
etag: "70af33d70b6810475aae19743c8c435b"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: image/gif
accept-ranges: bytes
content-length: 85
x-amz-cf-id: 5YiU3IHto-rIi00YI74jSq5_dWonsrrefA-f9Q_nwoLg1s7DdfwmqA==

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ Frame 0D11 266 KB
88 KB 32ms
30ms Script
application/javascript 2a00:1450:4001:81c::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-Q7C756EV6G&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-TBMT2SF

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

0fffd4a4670502f0633fa5c91c09f60c780d7d7588960a4bf33929a88f77705a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://adv.office-partner.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Wed, 30 Aug 2023 13:54:24 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 90565
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Wed, 30 Aug 2023 13:54:24 GMT

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ Frame D60A 266 KB
89 KB 39ms
37ms Script
application/javascript 2a00:1450:4001:81c::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-Q7C756EV6G&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-TBMT2SF

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

93b7f72e6b7a98aaf5d4c086f943f145f254db974c72810a5d5f1e63abedd83e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://adv.office-partner.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Wed, 30 Aug 2023 13:54:24 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 90623
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Wed, 30 Aug 2023 13:54:24 GMT

GET
H2 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame BD87 42 B
174 B 127ms
124ms Fetch
image/gif 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsvgaG58XROsV99eVy7gusOB76HalHg-7tL9S9MIITSEstVhNuTJDD81qCNBLzLYF5lK6mieJyWnLTtbdS9DKytyeV6Xlhs1noof_QuHUqX1iyvq15Fyeb0ReEZTcjgn87k&sai=AMfl-YT7PY5G4Khotse7RsdzG0KZbdjpmhwXFsiyMIlGcSmmG3Oaqur2YkxsFInwqIsG6-yQXFCEFF-eYk1_z6N6qlNacydVR3WaWBCSBq9nGeL4pALdnLRxZzRbTjqDMkx4Z1TqyIRZh4zAqHB_5g&sig=Cg0ArKJSzOqchHE_7pqhEAE&cid=CAQSTABpAlJWjiLC6cN0y6Af-KVXk8DBkmSzEAbYcieNmu4lAVz1VLLZ_paAOVfDx0eYlW3te2SyfTWQ_evKRIWjp9kxnT6cOhSshvccfd0YAQ&id=lidar2&mcvt=1204&p=860,125,950,853&mtos=1204,1204,1204,1204,1204&tos=1204,0,0,0,0&v=20230828&bin=7&avms=nio&bs=0,0&mc=1&if=1&app=0&itpl=20&adk=2440402088&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ%3D%3D&vs=4&r=v&rst=1693403660666&rpt=2265&isd=0&lsd=0&met=ie&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0&io2=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 30 Aug 2023 13:54:24 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 pvClk.min.js Show response
analytics.webgains.io/ Frame AE73 51 KB
18 KB 25ms
22ms Script
text/javascript 18.66.147.120
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.webgains.io/pvClk.min.js
Requested by: Host: track.webgains.com
URL: https://track.webgains.com/link.html?wglinkid=2513135&wgcampaignid=99582&js=1&viewref=32045500103064804444550012432023&nw=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.147.120 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-147-120.fra60.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 43c969dd91796954ee5b0d995fddf5dc9b008844db541a4103c1d95b28ef2f74

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Tue, 29 Aug 2023 16:40:54 GMT
content-encoding: gzip
via: 1.1 a962efd99fafcdb81ca24e0e8140a67c.cloudfront.net (CloudFront)
last-modified: Mon, 07 Aug 2023 14:11:27 GMT
server: AmazonS3
x-amz-cf-pop: FRA60-P4
age: 76411
etag: W/"cb7accb6a6fc086cd831549a78a2fe42"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/javascript
x-amz-cf-id: hShGBeVq3q_9SvvIvYFcRw2_vwgrZKxcY_kqP1LvD6mZtziivBmyHQ==

GET
H2 200 1x1.png
cdn.track.production.webgains.team/7121/ Frame AE73 3 KB
3 KB 23ms
21ms Image
image/png 99.86.4.36
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.track.production.webgains.team/7121/1x1.png?Expires=1693403963&Signature=MK9EtGWJ5QdZprO~f5wF8fbOxE0JfwKz4OR64JPU9KCyi8PUIhvB6F~WdhMJAN4O8Ru2NY9PFJWAecST4e8peM81Q8QlEimZPjVRJBFpXQEPwwooaarCJTLapFRa4r05nCO2NxttKyxmDkFA3gmz8uujUSvGMYP-nbIlUsHYiFVpwlaJaYqhf1hBT57STUtf5GKOJXXYfgbKV6gjwxlFtVRx8PE1-pyDMn-y6jun2bPqbZU9~nCajUmbAgGLhNtw~VkYve696suNx9c59w123wajE3IV5-0X04L-849C7J1iGKgd3JRSrDGfve2CAjkWI5t8OyvUTQ~9tFDXxIhTvA__&Key-Pair-Id=K28VXAGA7VWE0O
Requested by: Host: 10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com
URL: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.86.4.36 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-86-4-36.fra6.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 232d3fbf590a584138bb563319747dbef0c9e41db91f19ff45d41e785a5f4f98

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

x-amz-version-id: null
date: Tue, 29 Aug 2023 19:39:01 GMT
via: 1.1 1b412557b82dda96e078541f9ee8dfb2.cloudfront.net (CloudFront)
last-modified: Fri, 06 May 2022 11:40:06 GMT
server: AmazonS3
x-amz-cf-pop: FRA6-C1
age: 65724
etag: "4e57de0506fbdb487ffcd53b450caee1"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: image/png
accept-ranges: bytes
content-length: 2808
x-amz-cf-id: JmwNs3dIRJkSZnIjnfMbHUfZ6tuBIT4PnC0O4D6Ju9wpxqLd5sONiA==

GET
H/1.1 200
OK viewability Show response
hal900026.redintelligence.net/ Frame 691C 0
150 B 81ms
28ms Script
text/html 138.201.84.244
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal900026.redintelligence.net/viewability?s=45250500104519004444550012432026&a=ca18bc5a&vb=m
Requested by: Host: hal900026.redintelligence.net
URL: https://hal900026.redintelligence.net/request_content.php?s=45250500104519004444550012432026&a=d9ce2777
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.84.244 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.244.84.201.138.clients.your-server.de
Software: Apache /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal900026.redintelligence.net/request_content.php?s=45250500104519004444550012432026&a=d9ce2777
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

Date: Wed, 30 Aug 2023 13:54:24 GMT
Server: Apache
Connection: close
Content-Length: 0
Content-Type: text/html; charset=UTF-8

GET
H/1.1 200
OK viewability Show response
hal90005.redintelligence.net/ Frame 7A73 0
150 B 75ms
26ms Script
text/html 138.201.63.165
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal90005.redintelligence.net/viewability?s=36807600106472204444550012432005&a=84b75f9c&vb=m
Requested by: Host: hal90005.redintelligence.net
URL: https://hal90005.redintelligence.net/request_content.php?s=36807600106472204444550012432005&a=0cf021ba
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.63.165 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.165.63.201.138.clients.your-server.de
Software: Apache /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal90005.redintelligence.net/request_content.php?s=36807600106472204444550012432005&a=0cf021ba
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

Date: Wed, 30 Aug 2023 13:54:24 GMT
Server: Apache
Connection: close
Content-Length: 0
Content-Type: text/html; charset=UTF-8

GET
H/1.1 200
OK viewability Show response
hal900017.redintelligence.net/ Frame 6233 0
150 B 83ms
27ms Script
text/html 159.69.70.9
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal900017.redintelligence.net/viewability?s=84913800085385704444550012432017&a=99e7ad02&vb=m
Requested by: Host: hal900017.redintelligence.net
URL: https://hal900017.redintelligence.net/request_content.php?s=84913800085385704444550012432017&a=4cb107eb
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 159.69.70.9 Nuremberg, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.9.70.69.159.clients.your-server.de
Software: Apache /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal900017.redintelligence.net/request_content.php?s=84913800085385704444550012432017&a=4cb107eb
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

Date: Wed, 30 Aug 2023 13:54:24 GMT
Server: Apache
Connection: close
Content-Length: 0
Content-Type: text/html; charset=UTF-8

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 9182 0
20 B 125ms
124ms Image
image/gif 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BejtmDUrvZPj3FdyfjuwP0OSGqAoAAAAAOAHgBAI&bg=!DwylDEPNAAYkVgHwBFY7ADQBe5WfOBFsM2hE90fek6zzxtHAwqF2l3QRVUCszrllQebt3EA55zsKj3nraiORIE5unrgqAgAABmlSAAAABmgBBwoALbUPtxW1KLlLJwJlocz-5Xjx-QIadZPkIjkhcmTpCDEWXFW5YpF_92kW750W85kC-yWvgk42qyfoCpO4dI3LOJqffao7sEw0uGvXp64cdfp7y-J-M5LWS--SnYVO-236X87FJqzcum6PPyFI-P48Wbq3xKItR4Z00ItnS7YpKweJtx1ukiOfwGTMs243lgTY4ZrYoaL0neE_VB0SylorvZnUNnKgLGmMiF1ncCufq4uDpQ8irFpRJzsq_iDOyKdeRthRdov45pGAzYP-LPEwspS5NG9F3PdGu4gsz9Ek1ndoomMKkFbpnxZHSiRJy3vlgDu-UYZpqXU5YyZPeiJwMXj85I4hP8qgHXTJfRW26tVSDQuhD9bx9TG91TzFdZA---8QbOo28-hI3u5T6mxGVyyB1KywsdN1-5O1fbwRePqGTeIomiCeiCn_w3qs2PTwvYt8TJpUcRbl_1vU6zA7cBlDGN7g3jpa_iz1Bohe84rSQztJ42bmwBNoBjc84NlXsBebtPG2JJLlkrye879dH0hPU9AsQVGFqDrFkj4PyDh9o47hsxpBb5HSg-bilIFZBjgRIjQIqWgo34XWKW5-pW2GvSMolimfKX0DcNeL05RgRZuMockxk5dhhg3ku6qGJfvm888WBC_3NAFtfYUXnhb7bvjCS59rM1j6esVfDkncBZA6bWujOWQfhzptiOcAMfD3WPDtFXljDunB2DQYo67gfh0aH1lLZ_12SWRscok6WdjmM3SGi650ffO5EgWpRORKcbcz8RZctnBExQ2_M7J9qOePnsmjiUNDPRSSa6_188EHgUdlLa7s0uhyWP3Z0vn7qAoTA1JeD2iovl4QUPIZBz5Z7qCeFOHVOy8K5HXwJc3bjwitmxAj5w0RnrDoKl8FYj-f5JDL7DPjwDFDf1d6V0o-FFPfgfRBEB4LD1sLY1biHXJtOTzS46r77L9P17OxGVXXNGXiS5_OPChOTHpfdBoX-YORr4bZhD3aOWDKvoxELDxaXQ16dol1Rmh5_rUqQfWifz5D2yQfzl9jkazHdT6GbRdkw-4Rt_oTYAA5A6UPK7PeFr7rSOQ

Requested by

Host: 10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com
URL: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 30 Aug 2023 13:54:24 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 6950 0
20 B 124ms
124ms Image
image/gif 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=Bl6YEDUrvZJz9FZGrgQe496lwAAAAADgB4AQC&bg=!UVKlUh3NAAYkVgHwBFY7ADQBe5WfOPWLiZBcgkaAXFQ_ORF5ASoTQN3DSPzfeqFANPl8I1R638W1lxhaQURwQTUWvN7OAgAABnBSAAAABmgBB5kC-RTLn2IuD1viVIc74ho-u1FTTSPTE6lFcnJQ7GdfDG11EXH6jqeVkryWgp8ON5cQQtK_KLhCJbuVvBenPnGOobEjUtrsbZdKE5L-gIO02khmGEvrdDkV1UUuEP_29t-z_8LaERkmN6MRa2kBfDzZNnetQtBNa8UG-X_Nnv2Bf1XOsTHhNHUeTOOkz93XoKQMGFPPIgv-8KYnfFYrdpiSqyLu4-CLijp95CVHYrqbqEaH8g0efVHceR_6Uy_Eh57UwULVbP-MM238guCVflcqOTXU5SR3-oPKheyZabZ3jkOVq3to5o8d9zSHtACOWMcnROSKazD916XFuizBIUUV9z6Ly4hG7ns1jxn-EzbmpWJ62xM6uH46aFkYm2wx2C1nkJPxeKWwdSnNAVEWpff8aLU98mFztRG0ndT1gOXLK4bJcKaAwO6lsBCDnrGJhqTFLFho82Yn_QTMjse4QUgVM-bs8BYyXSEAMvHm8i3891f325Ysl4Cdh3L2AKOoxGgwSwdVPAnLSmYkgwNymYTQG-tpM0ZtIyk-sXajl8DK9FJF8VQHZDmjNJOzBfBJ-zqKlC0ycfdibjYJXubokIn8FvHLCjx1LHdtrU-TAyud2CS9Wxe9GeiqAwYiWzLdJyG7msTInB84B1C4Y9u73xpj68GcggDvrFj149Cf5WCnvRBLgr8YEdrtHrvCiFQL6eqU8XihUTrG4Gekdem1HjJiSH-cDyBk63hZF0ino2BEvH8f9wHK0mGe22KdjFMuxr0R7_FvXqGKeojFNdogR22n2xvVensgUFKeaQJcMphP59U3J5LR-biu8Ah1bKG_L-5pmQUYhAbHmBwjau4P8IHxk2ahxcM-I7R1sJuj8rOjKzKBijP9xJmGJHL_woGuLTgKrFHrWejFkhXHjYJnqZWdXNBXHiQUxB3-bZr7sBJ9BXEeiptaJAkLCAFJjm_JUt59PIl3a1J13QnOHDEWNKhR-SBof_AEOgRe08x5cD21I5XsVcPTaZWJS0KD

Requested by

Host: 10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com
URL: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 30 Aug 2023 13:54:24 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ Frame 31E1 266 KB
89 KB 34ms
31ms Script
application/javascript 2a00:1450:4001:81c::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-Q7C756EV6G&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-TBMT2SF

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

9a1e3c8ee5451648f4d3f42900be8841b00e598502ef81b9d0b8d3e81e6f1984

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://adv.office-partner.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Wed, 30 Aug 2023 13:54:24 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 90624
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Wed, 30 Aug 2023 13:54:24 GMT

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ Frame F2DE 266 KB
89 KB 31ms
31ms Script
application/javascript 2a00:1450:4001:81c::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-Q7C756EV6G&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-TBMT2SF

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

9a1e3c8ee5451648f4d3f42900be8841b00e598502ef81b9d0b8d3e81e6f1984

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://adv.office-partner.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Wed, 30 Aug 2023 13:54:24 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 90624
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Wed, 30 Aug 2023 13:54:24 GMT

GET
H/1.1 200
OK viewability Show response
hal900023.redintelligence.net/ Frame 1788 0
150 B 84ms
28ms Script
text/html 78.46.23.46
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal900023.redintelligence.net/viewability?s=32045500103064804444550012432023&a=d42d203f&vb=m
Requested by: Host: hal900023.redintelligence.net
URL: https://hal900023.redintelligence.net/request_content.php?s=32045500103064804444550012432023&a=ef562229
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 78.46.23.46 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.46.23.46.78.clients.your-server.de
Software: Apache /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal900023.redintelligence.net/request_content.php?s=32045500103064804444550012432023&a=ef562229
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

Date: Wed, 30 Aug 2023 13:54:24 GMT
Server: Apache
Connection: close
Content-Length: 0
Content-Type: text/html; charset=UTF-8

GET
H2 200 pvClk.min.js Show response
analytics.webgains.io/ Frame 2F46 51 KB
18 KB 25ms
23ms Script
text/javascript 18.66.147.120
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.webgains.io/pvClk.min.js
Requested by: Host: track.webgains.com
URL: https://track.webgains.com/link.html?wglinkid=2513145&wgcampaignid=99582&js=1&viewref=24992600080970204444554012432007&nw=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.147.120 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-147-120.fra60.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 43c969dd91796954ee5b0d995fddf5dc9b008844db541a4103c1d95b28ef2f74

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Tue, 29 Aug 2023 16:40:54 GMT
content-encoding: gzip
via: 1.1 a962efd99fafcdb81ca24e0e8140a67c.cloudfront.net (CloudFront)
last-modified: Mon, 07 Aug 2023 14:11:27 GMT
server: AmazonS3
x-amz-cf-pop: FRA60-P4
age: 76411
etag: W/"cb7accb6a6fc086cd831549a78a2fe42"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/javascript
x-amz-cf-id: L1HGaTFRLZlHm-XbF7bKUY5LOCTDcMgDdQna3yXaltgxyxfzIQ9A-g==

GET
H2 200 1x1_0.png
cdn.track.production.webgains.team/7121/ Frame 2F46 3 KB
3 KB 23ms
22ms Image
image/png 99.86.4.36
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.track.production.webgains.team/7121/1x1_0.png?Expires=1693403963&Signature=J6b3HIZo4ujA0kGmZ4BVt6Lev8chZ3XAH~Fo5YR-yUUjbM7DRyyh~MIySGmb5gCIJ8RtFwdQcMx1UKDSuovVzO-2japhpgzlW8jHdPIlmrLqaSbDVrbRqcf-AIuBZbX6zJBFhQVfqkn2cr76h8t8vuT85EpHu9zQtfHmfLNJ0Ru6jfYOybYrC~3bCmz0SaATRjJ5rGbkIeGQl9qUNWyEVKpkQuMtWPeoi5Ie4vCjj4TGLC3PREPo8gQkxqMjD1lUo0k5g-6Yt8f2D5CXDnvKreBVoBzYUJhGJCESVR7kHARDBQxd3vU1EYVHvXQGhbXWxlBAxZGswmEjzLMY~ec9Qw__&Key-Pair-Id=K28VXAGA7VWE0O
Requested by: Host: track.webgains.com
URL: https://track.webgains.com/link.html?wglinkid=2513145&wgcampaignid=99582&js=1&viewref=24992600080970204444554012432007&nw=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.86.4.36 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-86-4-36.fra6.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 232d3fbf590a584138bb563319747dbef0c9e41db91f19ff45d41e785a5f4f98

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

x-amz-version-id: null
date: Tue, 29 Aug 2023 23:01:12 GMT
via: 1.1 1b412557b82dda96e078541f9ee8dfb2.cloudfront.net (CloudFront)
last-modified: Fri, 06 May 2022 11:40:06 GMT
server: AmazonS3
x-amz-cf-pop: FRA6-C1
age: 53593
etag: "4e57de0506fbdb487ffcd53b450caee1"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: image/png
accept-ranges: bytes
content-length: 2808
x-amz-cf-id: W8F87olgtCkXGLQDCdEPcv5gviE9WyoJod4yiY8HkPGoMkwvPCq8xg==

GET
H/1.1 200
OK viewability Show response
hal90007.redintelligence.net/ Frame 9FFA 0
150 B 83ms
27ms Script
text/html 138.201.63.157
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal90007.redintelligence.net/viewability?s=24992600080970204444554012432007&a=98c2907d&vb=m
Requested by: Host: hal90007.redintelligence.net
URL: https://hal90007.redintelligence.net/request_content.php?s=24992600080970204444554012432007&a=5c2079eb
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.63.157 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.157.63.201.138.clients.your-server.de
Software: Apache /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal90007.redintelligence.net/request_content.php?s=24992600080970204444554012432007&a=5c2079eb
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

Date: Wed, 30 Aug 2023 13:54:24 GMT
Server: Apache
Connection: close
Content-Length: 0
Content-Type: text/html; charset=UTF-8

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 9663 0
20 B 125ms
124ms Image
image/gif 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BrU3LDUrvZJaqDdX1gAfrwaTwDAAAAAA4AeAEAg&bg=!7u2l7aLNAAbGwlhq5sI7ADQBe5WfOEQiWQ-MBasg0W-NB4Rt1IfA0FxvJR-ys3dcvlAB1WUm9887sc02r0wzSXq7ViwlAgAAByFSAAAACGgBB5kDBm-I4PyRK-DH8PtF0LqxED4NKfFOnvFpympq0xJSF7yp6J64BOS4iqwE6xT2tRY9KjXElEZi_RwX-FXPt9uydWt1UfTaqwZaV4hQ3XHoqwiyxqfxA-xdM0FN9GiBU7wCaANqzw7s6DWJVQhX7kKhEHA1pcDvI2L1pUCe-AjgM1aFSN9fyQ58GqskZNbM2C5RxFROIl_TpbR5pHWEVD970Olp4b8JvGWJv4fQ1piSPUE2kRhgXXpdmg-pwKRLPhqmcJBW3obOgSGd81ds1FkURpVn_3hCE6cELIMZS4JNX7QYV6g0adQrPSmlbZgVsGN5CdH3hnfQ4bM_PFs0XhmH5t0q3b3q7g6PwMcUyXtZCOR43tgNNekb7vkuZ5NXrkGi1JdBnbhS1Vj5LenOp9rc0L-R39zeghd5TE_a2ZUGtKB7n0_gAb14BSJe-16JV07Wwgk2rxlWR7Vxuel6S55odURlr1aJ_ckcg9z17RySqjomRwdxheyES5V3tDtsEQgsAwS3WXV4r2h3UeafVF7lySS8ttS2R534h3vZfxbM4UGSspXxflZWq0snEjkplLLlol5GZ3AAoAhDxpT3-7Gzssq4hVcBSZ3hmaSBBdWRrX7fKhd5f9ICPCdhQ1s6VB7qsUPr7arU3H42hXsicgN5qpWZjqv0nGQ9-ExOrdMM14zQEfHrrdKthH8x-xNjsYMxSRNSREreMsuB8hzmJWUZhKoXOxfXToJb9-JrijhAM_P0_bU1wPS8-ATM-OhVUN5TCFCi6x7Hd8TyP50sxi-VuW-TYAXN7qgPaoNhtvZJXgiGWXylFMSti3sRxnC1DKyXakZzIdtm__m2PU0zASgo7hiB97oe9VnAXuqGfBsEWWj8U2UvXi62k0xi76bGKz5E9Dx_H8denWaIYAS2jWTF3zgzE3LTTY5ZAlX1FSJLnQQaE9nhuv7iWcNrk0x6ZZk_p3qR7XbSUh7p1PmSa5OGjwFTcehkH0-l_GWrehG6zH6EwrUgS5qPcXc9UMnLFgy7cMYF-DBxDQ

Requested by

Host: 10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com
URL: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 30 Aug 2023 13:54:24 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame CD9A 0
20 B 125ms
124ms Image
image/gif 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BtOw0DUrvZNrCFobQ3gPljpzoBwAAAAA4AeAEAg&bg=!7-yl7KPNAAYkVgHwBFY7ADQBe5WfOG8k620lyX3PhUm_n1xzfIts_vyGLSWT25jAKuPLJIcp8tDRI-5jPDDaGM5ehtAfAgAAB5xSAAAABmgBB5kDEWxxacXIHtE9X6bXMebLuRyW0tFjUrpouO4lk5p0lIrsi0UKuV5apQeMEDiGhOHP-yn7c-1l9y_cKmCKc1GEofKF1a5_K2gu8l_SaBlIqjGmiv7BvHycqBppz10Lq4yAgZIcgypA-HJVqyByvvpB8k4q1LFoHFPf_2E9qxx8dG7FnSNvnN72ARs-c5kxqA8BNEc9xk9rh6AHnRMUSLB8dqYQ3KQKwn61NLz81PPqLxAtMEgiWlZRugASka_89TPC6CQtq4Z5QtqgMLYlBV-ldXSJ8v5P4190lUvvu1BvOKHN_o5_iwqk4w-XXLFto67QCx-zckTJui8Nuo895joTKMD7ikuL_2Kvx8Jrqa7ahk-DguFpgQHduRPOhSYYfDJgBaEF5TyKmhsvxHDyR0mqZuE9sPBKJZ97AlzXeNbxjgl_iWBX9pL7mN6Qn-TenTvwCy8_5r4I0XNbfg2oTsnZDP_VB5gE4Jxv0g2JQ656rkOFv2u1dD4vklwFusQhjpco1j9Fb_mGX08GgdRVEDZEmxGt0A6Ac16i3KRiMKUkQO_IWplT4Ub4rlPKp9xE3ZoeYZsO9fCfK5Z3fE-KsUVVFv98mGo8VX-TVAQAFZOGVUkZNXqBDOai1Pzg7nAdA3KUCmikwn0Ifw17Zpz_LibS8_NpskWsnL4KjeppwbIPYWzQBDftdaZ5iAZYyRIZ58ar6QQDaBsbvOVR0fMqmA9jRONv0z__PoradhEmtRex9ZQmMokVQGfR4zDtpfNK_0Z-2yH54Q_0md0icxywCYT7qzZsKL4N1J8N038bKZROW4TDG1gfnqhaJ8SSz1sQmIUOWROkPYyhFP7iKxswhhFM192vxYjbv42YoILFxw7lww3DfI8QVpug_OlBxXLLIC4njjBjQ0DxuHFPe6Y_y6sY3qxXS0E5PmzF4Ld1iINDaClBKpsSYCA-9FZKz5u1-afxOReekozZNElrb4qN7Cxf7OK4T-zFsnyOXa59mKcUlPp6MDa8H_Ohg2QprHOmPy--F72SvrqgBqT5nxLJzuVaYgpz

Requested by

Host: 10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com
URL: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 30 Aug 2023 13:54:24 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame FC68 0
20 B 124ms
124ms Image
image/gif 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BWRDkDUrvZJ3GF5GTjuwPjcmm6A4AAAAAOAHgBAI&bg=!JySlJGvNAAYkVgHwBFY7ADQBe5WfOHWuPWqlv_cWOkQcSMPnoGYWzgBuzZ3uaGMssZTXf-dm477VJlWGhL97Yq5W7LOYAgAAB5RSAAAACGgBB5kDFc2uWIroDgdLaFg4TtY1PzTYPCVnHuNnTxz4gBKUepqci9dHQaGiOmMnV8Jk13GmOIEroX0vfrm9D8KdO8LP-TEvxJWuP9RZ1_XZjMiKAJy9KhH4d2kvmncA8hZeJ3LBiZAe05vixi-sC4shjf5HthjVh-Vyx6Gr3L0D_paTrldUDzC1kN3MwoNGyxmuQC0LnSbLSY4VpkaaFqjfptXFVWsfg_wcESVKZTE8BV8z3U41WXqg-FqoPyb-liN4wVinLJhcX8gbb4O6T9Cdz5f9SIP8BzB1jF-tWaunYR3_q-ou1rd8o6J0tc0bGBWKUlPuIs_OLYvmXBKQii_kOqMNevhntehiC7Dqt0GL4VVrkmwAha9-AXMJA561qU6BNIiFJiwdmk5nVg4oTZNTnOujoMTkviCyWjUIMrsMa6pJKG7CK_D49CIiiRsfjr_u-4kZP337p4ztApeiQqmit3xLPvFk8EiKmfnhfaahKGsIbMhc0Mi5khSOwn2A2SL_zSr7EfP1tYdV7xhMb-mQtTkyGMlr_EGbX9P-EVHYsYplM_9-VahllKgsm2msj4y8MMakWEvR782iiDILDJ6pPTNWVMHtk43GxUbC16iUnUhpibwf0M26YbcVp5bwOy3yKwcnrNfm0P8OzcfiplyMCUKv8jJkbRWVcTWqGgvPS2KnZ7ZYn9mlVVZTU7g-PiH7QpOn9TyNpes-RLzJIrP3ByA4Wz5HqcsD-58O2SkyuetbnTglnUoRw6rAjoJ81q1OgPQuI3R2TqJpDG1-0_ik3A7XsNjvfzI1RZIk-qZ6vd999aS9S10-NE23kVN5qmoU9Ip9HxxSOHWpYtKsU4bCTIog3OddScUSt5qozVrgo56ZqYXjJrMencja1xMkuixKSjZy206cYQHdJCn_uHqgAo-W56Uq1tns9CMSm3wLamhD_t6WkNjSZk0RfTnBksamKOmk064bS0UGSAvMNf2bPf9MbpnBwT6moHCaUb5At8mBE9UphMWgyfbWIrCj6QMhTGfBgswLCL4AErg7XwC2a2BaPBTNs5TteQ

Requested by

Host: 10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com
URL: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 30 Aug 2023 13:54:24 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame F0C9 0
20 B 133ms
133ms Image
image/gif 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=ByeBgDUrvZJ-aGKKP1PIP2c6fyA8AAAAAOAHgBAI&bg=!4eKl4q3NAAYkVgHwBFY7ADQBe5WfONqLRyLDYS24tDXSES6cwdiDaKWfs1eRN6W-y8rRiJcTy6nhht0wj4YKdVzRwhsJAgAAB4pSAAAAB2gBB5kDArutAowGoyzpPqxKOR8uzjPgLp8VnR5JsTxm0omNvdauI8sCReG5wCQtO9MhttHfGGR1oKRcgiPIVWRLreToxKUKB4UEZMVNWbWatIpENEsVl3ATk0iUDROjO3RgHg-ZaBepNDO8T_uRb62JwLE3NaGvxmZfznzryWF3_K43toWClxsTVTJV0PvcWU88TOOEIQ6jSBd4XJd-ojfyCAvDy25Yw3l3-3xiL2B-t5v7ir6LTGtAsECTVFP7gV23WLPL7qoiXX_hBR4WBs1W7Id1si3J8xsXmehRwta55mYF-v1fOILL31OvfNtBpvkg92Pq_KO6Gm2N4kTT8ZHmlxalDG5GTHNK2lNdPk7qmwJR2QONlgz0qFz-sqCXD3ZN78uCrtGnm-ZwLzW_hZfEkoyTH-aHEtt-tx5r3WgGgk_oPKt-SyyiU4QlfRUDoNVOrALmtzBkql0E8tz0x827f3lnGO0HLPmwvdNKR7piwBdo_xN1X97uvaxjAIsjVrNeruSRAMIvY6yCei25VJHjkz4uX947BHeeaL0a4HNkWSWREl5AZ32tOllgffbAuO7BYFubs-sFOOhvLpTC_T443mHjerch5y-qEzkuNlfvpnT5DHTF6BNmRDxxwHC5mHbKWiENJu6cM9-EZlgdTv7L2Gf5ZYtUbxFLhZre8I7Gy9r_uFBzX_k6-Zcjs2J7EdXHny2TG0RwxjB0w96Va3944d3mPgZ_hMdluMmy_BgNcrpmKzkIVYSqtL9wAaaNECrJKmFUh-ag8sogjRWXBYBlnw5EewV_SusciLQLRR7Vjh3iHGJxlG8pyWbHuLz6ystYCdh72LuFfI7OCzMEt9U8OibALcIMIMTw1L1iwiFhqjLoy56ToMk1nny7p6dDd9U9CDtAwJOyTX7dyPbMhqQwYE566gOWuBz6FJeopE96mKl7vTLoo5xCrkMzuU4NnmMs2PSbQgSkbVXXybxwUFrsMBVCzPNgoEIz2QwBX7QEAknMW8uDnbMITf8FvwkhPdpzjPRjXINK

Requested by

Host: 10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com
URL: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 30 Aug 2023 13:54:24 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 6488 0
20 B 133ms
132ms Image
image/gif 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=Bk7gJDUrvZMqpG5bd7_UPwtmBqA8AAAAAOAHgBAI&bg=!VlWlVRrNAAYkVgHwBFY7ADQBe5WfODLaZ4UahWMMsszg82KUGFYJWIZ1I-n1aQcqDfab2fWU2DRwIV0wKSfUY5kGw1phAgAABvFSAAAACGgBB5kDBY67P8Ytrnb-Ao3-91uOT-XsTwpjDejzrBqH5caoGeobtchpXuuhOrX8AFlKu_sStSv0BXcePC-lZ8IUJ6cWV4fzpwdhNHpZihPvoWLfmTGSc5SU3W9Gl9RiM88bOKyesbgJcY-gMF-vJPesAdFOmv1P7-GAkZ9i4pXxtW2nMmJ-pZM1Edes45orJ7SKVPH-Fb9zGAYx4FSx8Uxz7PzWqxTNWT-tHkIoLdLJLOxTUrmCDTIApEuEORmnnulLb7sf_HqDSOd-yZXX7K9gqkPADeLMOIP7U4rnGWsNEcljs0fBDtZBGinJGvJchHJZulFnURkjdz_wVA3jNzipJWE-7mN8lojid68mTpmbZFnL-7cYED9zyZwFF1JVqF2giV-5OeAG272BRSSt_iRRXW19rjahbEaLSsLA0OtBoIqA2Mi0xRBENHpm2CKtCa7FFj6Jmms9Mp-T-MLs9diXhpIIxm--RXkGKxc8bShPnAvAAdxyoCvX36fE4y6ajqY1fk8KBz1L9X7S5zP6K7LI-ssTWCCSfbqqFB9kVCD1de8VJql07ubYYSZbbjEmKx-eIdTVw6O87OaL4KhdojppWEBUzs90ow3LnQqTkhiywTN_b8urbEp-OcLZyPI4hvO5V2YFz5hrCChVXqOYCAHJyaiK2Dab3bkGDGa-r8bBRyRcyJju48Nzxa8fC2OnWYwSA5jABnXMx57kc2J-vTVzjDADbcfENfjeqkzzHmhkyzvzjSmyzQ45yGrUxmFzph4LDhDUw8Vd3oxWOOtEIkKSZReZ1vzqgdBZnCoi4U2CwTdi6kUwL2fx7S77XZGyu9E_aXEha0TFghw-83Sf-WjxD2ELOBMnfzPBdcIEXbT70GOatFVaSBESQA2bkbqUKJqN49Vv1E_xWcrZBBEj1iKnFCc2uT5c_cZvaDhYuBojug22KcLdbscFbHA64DlrYhQuwMX1Q1SF2kM6421QDTdY8-GAAZ1KZqJ2qRTllEJEYQTr466XfHGo-JJPX6xUIe9a8uBK9aE6gTzZ

Requested by

Host: 10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com
URL: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 30 Aug 2023 13:54:24 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 878B 0
20 B 125ms
124ms Image
image/gif 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BVZc3DUrvZKfbGIOlrASxq5-wCwAAAAA4AeAEAg&bg=!JySlJGvNAAYkVgHwBFY7ADQBe5WfODeU02iCaG1uziGNs7Nqn0gSPRYh3XRSNair6CzzDkGQhprK3hUX6v1yC6aTUqDCAgAAB4dSAAAACGgBB5kC_mgteriPjYEombg-Cm1ODi-9WqfzXz3LyEdZawlIEtShYe21ACsTg4EIWlyW2u-mjeFqLtop3xTkBFPFRiu6WyUQ2LZ-BNWz0pASJANSHlkUBWR2fqcqXDWKPftCWz9ckUi5Cfmx4uafcLFo1Q6kZ5ECghYocC6BJN9HBj7MctnYPFehpqsJTaYaQjXFHO1NYecUYKIRIzlkyLk7BCtp3a4M_PulpdbC7fpm57KXZSC5wlw1X3XI4Kc46EYJW8nBszVi1foTBYny1bMxt4Ay-D5skXCa0lpzOhrpaAfNnAFJU1pJvC5TopkvACwjEyYT6Wz8qUvA0sRzd2Mleyh_QMVoYAtF6_JNUQ5mFPyMgHqeBV8fV08nXL3URxWQOfkVyRYZ2nrsKKE0a_Zs4R91mulOXTEFQa3PdFLDaD9JWtwtBCm5rG-ZhBhtv4BJnQFqXwbsNO0aimxvi9qUxIcJpWRfBndApARVWNj9W_UZvzagyqjI01JecL3EnEFCAocRfzWmbjb88d6HG4Bl1BA5NSIGAOncNsYDP2WHwqE0mvw2XpcxzkSLyF9EzEzQTwUSHbkDJIp2DP1_bPgaPPRelzzUZdJoIbPxpLoumo2KewDjArlH3zxTSPM17X24TCRdyE_E7IiPmyt1g8Ytdwf_gkYHuSFpipn--TNjkBdQ178WHG1Xn5wj8ovwMNUDpSXY6vq242fKtVmftEwZAJtm3rcWhsQXVhpgGU1CtRBX0-7pN6jD7ju39Jp5ucGzl_sWnRjYacQ0vi9f0NfmMQo49qUv3A1cR92KpYhl2BE2OJtPRNjGQPOZjjErNl-gUhC9e_gTavgQX5MHVif59tU-WMUI2Q4_uF0ZxeoBezW2Mej3sxp1J9vLqrEOeNVa5sW1NDIqZcXP5z6FIfe4Ba5S5Y_xqOfLyXwx7tpFaUNlNyqCU7k_YO-etfo__-fLGQJh_-LO-f-X_8YmtLL5Wfo3R9jTQhGyV6BKYNs4o7zuJ-8Qoo9pGV81v9mPpx_6LrU

Requested by

Host: 10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com
URL: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 30 Aug 2023 13:54:24 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 6xKydSBYKcSV-LCoeQqfX1RYOo3i54rwlxdu.woff2
fonts.gstatic.com/s/sourcesanspro/v22/ Frame 9FFA 14 KB
15 KB 21ms
20ms Font
font/woff2 2a00:1450:4001:802::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/sourcesanspro/v22/6xKydSBYKcSV-LCoeQqfX1RYOo3i54rwlxdu.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Source+Sans+Pro:400,600

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ca57b79a870bbf54700730858603a70d79743779c1b059922ec401bfddc5adc9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://hal90007.redintelligence.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Thu, 24 Aug 2023 21:33:46 GMT
x-content-type-options: nosniff
age: 490838
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14824
x-xss-protection: 0
last-modified: Thu, 01 Jun 2023 22:52:55 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 23 Aug 2024 21:33:46 GMT

GET
H2 200 6xK3dSBYKcSV-LCoeQqfX1RYOo3qOK7l.woff2
fonts.gstatic.com/s/sourcesanspro/v22/ Frame 9FFA 15 KB
15 KB 24ms
23ms Font
font/woff2 2a00:1450:4001:802::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/sourcesanspro/v22/6xK3dSBYKcSV-LCoeQqfX1RYOo3qOK7l.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Source+Sans+Pro:400,600

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7b348b30ea1fe43857e68fc462c29e5c6e63c97666af75135c4396a272e54762

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://hal90007.redintelligence.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Fri, 25 Aug 2023 09:02:57 GMT
x-content-type-options: nosniff
age: 449487
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14892
x-xss-protection: 0
last-modified: Thu, 01 Jun 2023 22:52:56 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 24 Aug 2024 09:02:57 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame C11E 0
20 B 133ms
132ms Image
image/gif 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=B4ZydDUrvZJKPGaunjuwP6Z-H4AcAAAAAOAHgBAI&bg=!w8ClwI_NAAYkVgHwBFY7ADQBe5WfOFuq6o5NGtf3qnjYvbp7alUjJSCpBb0R98Y_toLO1P7qk0NIW0WT2kfs3z2Coeh0AgAAB4VSAAAACGgBBwoAXfh1rJ9_n7EEupORm60sHyQGbEbJTHIVN6p3EG1-yveelsxfj05Ua8tVH3QGvHZvaPmttaH-r5I_C7Crqo5UIufXg2OR989GzsuOdNZenrkvvO4PW5AjbkMFfG9hvJkC_Bz1RMQXhyivlrzpSiuW9CGXoNvcXC7H4KnLUsCsIfSiZ4z8snqbb-Y1M0qPykf7gGj5zmnc-Mm7XF8wsDDzegMMdZ1dLZdinmXMpx4joAkSIsY1ILxYU8XXGLYea6VPzToVzPwiTzakg4Jhua8IaLujfcG06cjMtKVxk4MmLvwYEdl8jJFXOhcw8wxyS0nj7_Asz1uz790NFPg0ye1F31Y-WxTDnbjBsnd8mA-T5DZmcvdTQTrY1bn5Z2BL2-JAgI083ZBxnrqMgqJIHA26Tnj2Sz-Wv-Q5mPakUMKsFjrXhYNRZhhHqHhxtkBc_cNWgJDJbW8Vafq1a86duGe6a9Y1VCuGKEar7AdZXL0aJkmmMwkIc71YEkRKW1N8D3JjPawtooOfjYctof-zZn3X1m9334Q1u-8FnyGwgDj6fuLAxi-b9PE9pLoY6h1AU3ot2A8Fq9Y_-CzFTzC2tsvSU8Q97dpUYcGG451CwssgmBuc7eUpHE2kEowlTJhctc7yDuYCD0Vj99jFhVVJjXbaBy9fFjEGNhc03PfNmTpC6uP83aUK49w-Jv5Sjoz5VFScldLDf4ix2GAfF_7SZtu5xIEbkk0SCtCZz0elqUUo2j1n7sACW_ATiEbTldkARq9G8_-wopdKqdzcVGj5VcQUtHQEhZRtb3PWLC_l6ZrsGgNAZvX-Gt2FDZYDTNkr38u-u2AcHTJW3RhaGgrvDBG6yPEblLPuuNVAXcNv2WJieDnFtPwZgW6x9XIPb0NJCJcOCtGzIfwxBv72sA58Z7UCWKrs-8d3aeiZkUcm_P9lEgr4xBoo8AfGXozZB7s5Cj2h3mvrtwBTnT2ceH4wVifibSse499ozi3bDay-T4oa9uM0hfvV8NVFaxnNHJ7LTl-O8DvPmhpMBpmjAhjl3h9-UIfpU0vzhQwrQbxjvBorEEgzZ-OUPiMhlx5UxZDAM6ipm1W0wW2bG8aC65m045xf8aa-10ds-X-CqrbzXu-PVMI7ekMVvyaJBlwhq75x

Requested by

Host: 10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com
URL: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 30 Aug 2023 13:54:24 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame CF00 0
20 B 125ms
124ms Image
image/gif 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BO9ulDUrvZOuIG6OejuwP8Iue4AcAAAAAOAHgBAI&bg=!zc6lzoHNAAYkVgHwBFY7ADQBe5WfOL2RzJmxmbbhjPLoh3nTAwYonMiMEaZeWAAqNtA57_3GkUOxx2zO7-0-TxHUabXLAgAAB3BSAAAACWgBBwoAGKddcgXdsssTlhkElCA5znC3CtxA3w7SjJkDDAOAgflNAcKtDLIi99RpWgp_f0NPg_3RyouvZKsYVyYm-y5WaStSKOkAoGnPc9hSajjk3F2Ef8YKnW1bzhCYkXWYdiCErLfkB-ymj6pdb1La_RKhGaysO1kVJ_kAmmh6nLhrk0paNSteo71n5wk9AJbf3P1Wl4LdnZklhEcEFDjOr6g5qvUov05MTGomd-QH3rrZV5u5m2fSTGPSjWqGvY6R83uzcAIlLs-6G_8GLHGjLeIonY5dZFJ2VsynZw04sc9C8GzbhDdFxF5S_DIooEDGXsfwhQ0Qz-Nk9pqkRByq4MStOXWYTjU1FamvpbY53VKY3-q_v1n_Xk9YlUcuvvlnPTeO8AzXNVz-4ep1NhyGGQidD0slersFROzwHEdJODgFIKDypmDCkcduwXfHry5R_2sTUqFN2wNXEiZyjc6Y97SV-Wuj3s2EeyPAVGROvf8t14RHZj1ZKwVBwE6yziWaurUiBLevkfMewaHrC9BWzdkYDK_LuZrlK0lndwzvKfNuBaLLqbwJPnwnUXGD9ODnVPTD4GzHqgdQjj3ySE3cDL-AwBmn8P9Hx_MtNW3NzIG93VYvn7YERDGlaGnMk_YRgq0DOwVqZ7dOUt-noAQwWzEdJSuVXjumPqyC0pnyUMekHEmUm-iA9saNRLeS2gnXi216nGrXWWMk1TUNX1RoxLwUz2sE2MtmmxzqiPcgXhCPCEpuuwU20F0Wm9cLXW7UfhvjUN67bT-lkOBhoYiWdP4RGidccC7De0HXkq9khefLDZoZzteHXyCGVFgi3QQMq49_UDbifM06CgZsOWeeMQcqC1kuszVqjM-5yGKCw9WI8TNRowinLcruCyO2SXUFJSn3FZgu6Op08wRcyRfLiuwbqEDOI0V7i_DmmYCaTbtZKIK7bdtiYM2znsOJAD47HLOSu9AmInBiNWIZwvw6k8vzpyMJjakDm4MAt392XGKj4JbYt5lih_zl0dp5goJpzN49Ke7xRvlELhPFwyCBESFUUTzPfeb3rIknW1pmZOTPabDkjmWTNzWckw

Requested by

Host: 10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com
URL: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 30 Aug 2023 13:54:24 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK viewability Show response
hal900010.redintelligence.net/ Frame 34E3 0
150 B 85ms
30ms Script
text/html 138.201.63.145
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal900010.redintelligence.net/viewability?s=25812900085264604444550012432010&a=c9a135ac&vb=v
Requested by: Host: hal900010.redintelligence.net
URL: https://hal900010.redintelligence.net/request_content.php?s=25812900085264604444550012432010&a=8d2217ed
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.63.145 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.145.63.201.138.clients.your-server.de
Software: Apache /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal900010.redintelligence.net/request_content.php?s=25812900085264604444550012432010&a=8d2217ed
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

Date: Wed, 30 Aug 2023 13:54:24 GMT
Server: Apache
Connection: close
Content-Length: 0
Content-Type: text/html; charset=UTF-8

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame A38A 0
20 B 124ms
124ms Image
image/gif 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=B28ReDUrvZPO_GJWOjuwPodi1oAgAAAAAOAHgBAI&bg=!-vml-bbNAAYkVgHwBFY7ADQBe5WfOIXvAm5CDCAv_VPh_asK9ZUxJZqtHkfou785VeeuPXypvZcmDrLxrCStp_SPwZmgAgAAB-9SAAAAB2gBBwoAa-8leFBfJ7NU-kGRmMhtKWgPIQWMrlq_RUoJKL_CrSVNlrZAKA_6wuYIt4FLlDi-y3V4nn7fsC4fyympyUDmgsp8GBwhGtx9r2rZRxXP-nGy-VV3MW3O9_DQfjUqzE2LEKy2XWsb55l-QEwLmQMCfh6bURWi0Ej-9bMeUgsNcx0hruzRsHMgEXi_9XY_Bs3WpKRUuOenQYWVfrx16hxNEoebIz0uPJbKYQr18A4aV0gKI_e2BZY66F0mIoRhGmkj63vEN5aXmwhWDsqKu9g_sSEE-TtcCs-t5A0kSKFLRI3zT3ObKsVs23Hu68Y1por9NjHQ7iJTiRLXegVDnzxoqkw72-21L-b_x245EaRxMnxB09kBzT_rTLW2E2tt7vilGJ29Vg3iIhoIxOuOklOmyDS8m5JmFQM8BT6ZFlycQ6EGc5ZgdYQ-jbRqLcNrj9z-6RtEfq4zWGBu-X5FKncmpI3OMK-LX4e5ma33sSukyHdo0H2EHYX5FYNNKWbdLsi_7YoLccq-ui5asFKN8cgHNiHxdX9hUBTmhiS_5-DzqVKSLTMlLuvIpd-Hd1YtiCuBlb3UfVQApKcXe7Z3uKRn-EK1e2_3rS2RoltpP8F6nYXeBmnZFrUFv083RoH_lMz8nO5l3VGDN7846-AfSoOATgQ3x1c6gfE44Ct4-tWZVyGolXnN83gbLebgDkL5m8jOhnbGzptObBdaEDO3k5XgjrbD6n_OJo6tvYnD8eM9R-XJjcGZ_5V8mkegLAX7WNFHWnIg742gHlSksjYIxOf2_okOqRszAjr8C8rO-IcwiE1NHO4-jSm6uFeBBMOXjfNmxS3y8p_1haa5czTFz0MJoU6EezU9Ml15HnWOA86cfUh8LZQbTAdYtV5T6W4uCKiMgUgklnrRb4cy_ZNdnEnEiqufAzia23WVKb4O0YErHwEywempbCvlA2LWRfTujCPto_VsADGh-xDccdp29xnMgyRiBQaKL85vax4uXhESQi5nPzJ238GZ4uZi3ewlblFmjlk-NNlEmYGZ2bvbmab8ZK_dnrRloo94pCYzAXvFbn2NX7tGJtbfRlViAoQYmH8jIUaY0aJ1SLx_b4lxedUhjgBB23CeXWit2wF2tMwoRgvgEVy1_iU97UtXgRkBqvXzLqLnXPHGw-EkdobPltVyeW0

Requested by

Host: 10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com
URL: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 30 Aug 2023 13:54:24 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 0CCF 0
20 B 124ms
124ms Image
image/gif 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BQ-iQDUrvZObvGsjSgQfCw6ugBAAAAAA4AeAEAg&bg=!WlmlWRbNAAYkVgHwBFY7ADQBe5WfOFdRPjLpACet-AFXcIyvTufYBRBJ4J5zO4iqd0oRacO2_Lrhr5hWXWKTp6vfwL7aAgAAB9dSAAAABmgBB5kDAWBbbDi_93LMzC1jYID2n1b_GNaPqHJzImj5FCEQteGrF92IM0qJEjizXJv9xiGAXCtfS-TMP1pmeKNJ54avhNRrlFZlcTCuk9SSHlJCS-yHAmHkqdeMoaSI7lqLrzGZXXieqg3m6G45K80WIXA1jwJxEvnOa3nm00vql-nB1b5UTz5tNklRRZ8OO2OoGNwYjhSQFLUgp_n2DPMtQAkwV3nquymgnXcKrgbjVCunnDnotY9H_qQ4TiqhYYTTaZAxTbrfudVEGet1v_BH1S1RheU_ig6fEv8Vkd4SemdNvnyk02_85Vq1fb3KRYByZfJy-4rMImJzOtkpKGGLB2JQz8tSxH7SyH0XnEogIFekEm1fzm4mdKbC7OHcTXyMZ1_srw_YC8bVZduwGSBnwWRn88_L0wIUJ_uSxyABlA3uGnEakH4ou6rLAVRNNll2CiGuXG_7tjLGfSj5K1eQCQlUuzRYnn-yVe-VYxzHB1uRkydVfDRedueHVxqMA0mBpMdI__L0Avw0SmUymqo9VOjbeIlc6IxVmlxF1By3jr7J5oLa99yYRaLKlQtjlc2sdATQvOaZCtZDPn6sawDV7hjKiRSwiFVK45zXTOYtSdWWtM7m1_8fJjAoifCz1P-AqUMTtiIAYyrolJgtWi_kQeX-L1WxW9IhecIC4B41tj36BRgY8T8ZfHqbNg5pvzgZRAYO-cac_U1bEEokfXas2WASpmUtSiugsimhfeGUW6XQyRpIl8NiJn97SAIl3H1bs4lNcPLnX2h1ua32iBW4JRsvDMhGK_nGT93sKQTGnH20rz7UDcPU9NVmQOEKBdwD2w65vGQ9YonO7RrITh6ZEuSCb11LKS-LiDBJC3UjakoGN408VrCBXHm2iLbhv81Q7pXIj6ro0Wb1PyDvBGJTHawJRDbCYARrgpNWoV-s5PPoz0XfWAw1VNvj5EKP_pod7psn48V81HCQbIPyrIPA1IsWRF2B3kgY1Qrcu-6_t6q_1k6UgDg8wORqQgcSvOxCO7ltKT8

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 30 Aug 2023 13:54:24 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 5564 0
20 B 119ms
119ms Ping
image/gif 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tler&ord=2987989658751&version=m202307240101&ct=77&x=1&cor=2903381711510893000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 30 Aug 2023 13:54:26 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 9E9F 0
20 B 118ms
118ms Ping
image/gif 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tler&ord=5993571271243&version=m202307240101&ct=77&x=1&cor=15115443121410339000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 30 Aug 2023 13:54:26 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 1425 0
20 B 120ms
119ms Ping
image/gif 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tler&ord=5252623320728&version=m202307240101&ct=77&x=1&cor=15613628907982103000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 30 Aug 2023 13:54:26 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 05AB 0
20 B 119ms
119ms Ping
image/gif 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tler&ord=3979311007278&version=m202307240101&ct=77&x=1&cor=10817292458346824000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 30 Aug 2023 13:54:26 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 22A0 0
20 B 119ms
119ms Ping
image/gif 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tler&ord=165583989185&version=m202307240101&ct=77&x=1&cor=3755509232437121000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 30 Aug 2023 13:54:26 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame BD87 0
20 B 118ms
118ms Ping
image/gif 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tler&ord=569521148968&version=m202307240101&ct=77&x=1&cor=13207843948640830000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 30 Aug 2023 13:54:26 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 tracking-event Show response
api.webgains.io/ Frame 5564 16 B
209 B 80ms
77ms Fetch
application/json 35.179.59.129

General

Check archive.org

Show headers Download Go to

Full URL

https://api.webgains.io/tracking-event

Requested by

Host: analytics.webgains.io
URL: https://analytics.webgains.io/pvClk.min.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

35.179.59.129 -, , ASN (),

Reverse DNS

Software

nginx / PHP/8.1.14

Resource Hash

c955e57777ec0d73639dca6748560d00aa5eb8e12f13ebb2ed9656add3908f97

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36
Content-Type: application/json

Response headers

date: Wed, 30 Aug 2023 13:54:27 GMT
x-content-type-options: nosniff
server: nginx
x-powered-by: PHP/8.1.14
content-type: application/json
access-control-allow-origin: *
cache-control: no-cache, private
x-xss-protection: 1; mode=block

POST
H2 200 tracking-event Show response
api.webgains.io/ Frame 1425 16 B
209 B 79ms
78ms Fetch
application/json 35.179.59.129

General

Check archive.org

Show headers Download Go to

Full URL

https://api.webgains.io/tracking-event

Requested by

Host: analytics.webgains.io
URL: https://analytics.webgains.io/pvClk.min.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

35.179.59.129 -, , ASN (),

Reverse DNS

Software

nginx / PHP/8.1.14

Resource Hash

c955e57777ec0d73639dca6748560d00aa5eb8e12f13ebb2ed9656add3908f97

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36
Content-Type: application/json

Response headers

date: Wed, 30 Aug 2023 13:54:27 GMT
x-content-type-options: nosniff
server: nginx
x-powered-by: PHP/8.1.14
content-type: application/json
access-control-allow-origin: *
cache-control: no-cache, private
x-xss-protection: 1; mode=block

POST
H2 200 tracking-event Show response
api.webgains.io/ Frame 05AB 16 B
209 B 94ms
93ms Fetch
application/json 35.179.59.129

General

Check archive.org

Show headers Download Go to

Full URL

https://api.webgains.io/tracking-event

Requested by

Host: analytics.webgains.io
URL: https://analytics.webgains.io/pvClk.min.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

35.179.59.129 -, , ASN (),

Reverse DNS

Software

nginx / PHP/8.1.14

Resource Hash

c955e57777ec0d73639dca6748560d00aa5eb8e12f13ebb2ed9656add3908f97

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36
Content-Type: application/json

Response headers

date: Wed, 30 Aug 2023 13:54:27 GMT
x-content-type-options: nosniff
server: nginx
x-powered-by: PHP/8.1.14
content-type: application/json
access-control-allow-origin: *
cache-control: no-cache, private
x-xss-protection: 1; mode=block

POST
H2 200 tracking-event Show response
api.webgains.io/ Frame 2BC1 16 B
209 B 95ms
94ms Fetch
application/json 35.179.59.129

General

Check archive.org

Show headers Download Go to

Full URL

https://api.webgains.io/tracking-event

Requested by

Host: analytics.webgains.io
URL: https://analytics.webgains.io/pvClk.min.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

35.179.59.129 -, , ASN (),

Reverse DNS

Software

nginx / PHP/8.1.14

Resource Hash

c955e57777ec0d73639dca6748560d00aa5eb8e12f13ebb2ed9656add3908f97

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36
Content-Type: application/json

Response headers

date: Wed, 30 Aug 2023 13:54:27 GMT
x-content-type-options: nosniff
server: nginx
x-powered-by: PHP/8.1.14
content-type: application/json
access-control-allow-origin: *
cache-control: no-cache, private
x-xss-protection: 1; mode=block

POST
H2 200 tracking-event Show response
api.webgains.io/ Frame 22A0 16 B
209 B 90ms
89ms Fetch
application/json 35.179.59.129

General

Check archive.org

Show headers Download Go to

Full URL

https://api.webgains.io/tracking-event

Requested by

Host: analytics.webgains.io
URL: https://analytics.webgains.io/pvClk.min.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

35.179.59.129 -, , ASN (),

Reverse DNS

Software

nginx / PHP/8.1.14

Resource Hash

c955e57777ec0d73639dca6748560d00aa5eb8e12f13ebb2ed9656add3908f97

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36
Content-Type: application/json

Response headers

date: Wed, 30 Aug 2023 13:54:27 GMT
x-content-type-options: nosniff
server: nginx
x-powered-by: PHP/8.1.14
content-type: application/json
access-control-allow-origin: *
cache-control: no-cache, private
x-xss-protection: 1; mode=block

POST
H2 200 tracking-event Show response
api.webgains.io/ Frame BD87 16 B
209 B 97ms
96ms Fetch
application/json 35.179.59.129

General

Check archive.org

Show headers Download Go to

Full URL

https://api.webgains.io/tracking-event

Requested by

Host: analytics.webgains.io
URL: https://analytics.webgains.io/pvClk.min.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

35.179.59.129 -, , ASN (),

Reverse DNS

Software

nginx / PHP/8.1.14

Resource Hash

c955e57777ec0d73639dca6748560d00aa5eb8e12f13ebb2ed9656add3908f97

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36
Content-Type: application/json

Response headers

date: Wed, 30 Aug 2023 13:54:27 GMT
x-content-type-options: nosniff
server: nginx
x-powered-by: PHP/8.1.14
content-type: application/json
access-control-allow-origin: *
cache-control: no-cache, private
x-xss-protection: 1; mode=block

OPTIONS
H2 204 tracking-event
api.webgains.io/ Frame 0
0 292ms
37ms Preflight 35.179.59.129

General

Check archive.org

Show headers Download Go to

Full URL: https://api.webgains.io/tracking-event
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.179.59.129 -, , ASN (),
Reverse DNS
Software: nginx /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

access-control-allow-headers: Authorization, Content-Type
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS
access-control-allow-origin: *
date: Wed, 30 Aug 2023 13:54:27 GMT
server: nginx

OPTIONS
H2 204 tracking-event
api.webgains.io/ Frame 0
0 127ms
40ms Preflight 35.179.59.129

General

Check archive.org

Show headers Download Go to

Full URL: https://api.webgains.io/tracking-event
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.179.59.129 -, , ASN (),
Reverse DNS
Software: nginx /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

access-control-allow-headers: Authorization, Content-Type
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS
access-control-allow-origin: *
date: Wed, 30 Aug 2023 13:54:27 GMT
server: nginx

OPTIONS
H2 204 tracking-event
api.webgains.io/ Frame 0
0 199ms
39ms Preflight 35.179.59.129

General

Check archive.org

Show headers Download Go to

Full URL: https://api.webgains.io/tracking-event
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.179.59.129 -, , ASN (),
Reverse DNS
Software: nginx /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

access-control-allow-headers: Authorization, Content-Type
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS
access-control-allow-origin: *
date: Wed, 30 Aug 2023 13:54:27 GMT
server: nginx

OPTIONS
H2 204 tracking-event
api.webgains.io/ Frame 0
0 169ms
39ms Preflight 35.179.59.129

General

Check archive.org

Show headers Download Go to

Full URL: https://api.webgains.io/tracking-event
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.179.59.129 -, , ASN (),
Reverse DNS
Software: nginx /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

access-control-allow-headers: Authorization, Content-Type
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS
access-control-allow-origin: *
date: Wed, 30 Aug 2023 13:54:27 GMT
server: nginx

OPTIONS
H2 204 tracking-event
api.webgains.io/ Frame 0
0 101ms
40ms Preflight 35.179.59.129

General

Check archive.org

Show headers Download Go to

Full URL: https://api.webgains.io/tracking-event
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.179.59.129 -, , ASN (),
Reverse DNS
Software: nginx /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

access-control-allow-headers: Authorization, Content-Type
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS
access-control-allow-origin: *
date: Wed, 30 Aug 2023 13:54:27 GMT
server: nginx

OPTIONS
H2 204 tracking-event
api.webgains.io/ Frame 0
0 76ms
38ms Preflight 35.179.59.129

General

Check archive.org

Show headers Download Go to

Full URL: https://api.webgains.io/tracking-event
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.179.59.129 -, , ASN (),
Reverse DNS
Software: nginx /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

access-control-allow-headers: Authorization, Content-Type
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS
access-control-allow-origin: *
date: Wed, 30 Aug 2023 13:54:27 GMT
server: nginx

OPTIONS
H2 204 tracking-event
api.webgains.io/ Frame 0
0 42ms
38ms Preflight 35.179.59.129

General

Check archive.org

Show headers Download Go to

Full URL: https://api.webgains.io/tracking-event
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.179.59.129 -, , ASN (),
Reverse DNS
Software: nginx /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

access-control-allow-headers: Authorization, Content-Type
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS
access-control-allow-origin: *
date: Wed, 30 Aug 2023 13:54:27 GMT
server: nginx

POST
H2 200 tracking-event Show response
api.webgains.io/ Frame 9E9F 16 B
209 B 74ms
72ms Fetch
application/json 35.179.59.129

General

Check archive.org

Show headers Download Go to

Full URL

https://api.webgains.io/tracking-event

Requested by

Host: analytics.webgains.io
URL: https://analytics.webgains.io/pvClk.min.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

35.179.59.129 -, , ASN (),

Reverse DNS

Software

nginx / PHP/8.1.14

Resource Hash

c955e57777ec0d73639dca6748560d00aa5eb8e12f13ebb2ed9656add3908f97

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36
Content-Type: application/json

Response headers

date: Wed, 30 Aug 2023 13:54:27 GMT
x-content-type-options: nosniff
server: nginx
x-powered-by: PHP/8.1.14
content-type: application/json
access-control-allow-origin: *
cache-control: no-cache, private
x-xss-protection: 1; mode=block

OPTIONS
H2 204 tracking-event
api.webgains.io/ Frame 0
0 35ms
35ms Preflight 35.179.59.129

General

Check archive.org

Show headers Download Go to

Full URL: https://api.webgains.io/tracking-event
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.179.59.129 -, , ASN (),
Reverse DNS
Software: nginx /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

access-control-allow-headers: Authorization, Content-Type
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS
access-control-allow-origin: *
date: Wed, 30 Aug 2023 13:54:27 GMT
server: nginx

POST
H2 200 tracking-event Show response
api.webgains.io/ Frame 9E07 16 B
209 B 86ms
86ms Fetch
application/json 35.179.59.129

General

Check archive.org

Show headers Download Go to

Full URL

https://api.webgains.io/tracking-event

Requested by

Host: analytics.webgains.io
URL: https://analytics.webgains.io/pvClk.min.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

35.179.59.129 -, , ASN (),

Reverse DNS

Software

nginx / PHP/8.1.14

Resource Hash

c955e57777ec0d73639dca6748560d00aa5eb8e12f13ebb2ed9656add3908f97

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36
Content-Type: application/json

Response headers

date: Wed, 30 Aug 2023 13:54:27 GMT
x-content-type-options: nosniff
server: nginx
x-powered-by: PHP/8.1.14
content-type: application/json
access-control-allow-origin: *
cache-control: no-cache, private
x-xss-protection: 1; mode=block

POST
H2 200 tracking-event Show response
api.webgains.io/ Frame EAC8 16 B
209 B 76ms
75ms Fetch
application/json 35.179.59.129

General

Check archive.org

Show headers Download Go to

Full URL

https://api.webgains.io/tracking-event

Requested by

Host: analytics.webgains.io
URL: https://analytics.webgains.io/pvClk.min.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

35.179.59.129 -, , ASN (),

Reverse DNS

Software

nginx / PHP/8.1.14

Resource Hash

c955e57777ec0d73639dca6748560d00aa5eb8e12f13ebb2ed9656add3908f97

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36
Content-Type: application/json

Response headers

date: Wed, 30 Aug 2023 13:54:27 GMT
x-content-type-options: nosniff
server: nginx
x-powered-by: PHP/8.1.14
content-type: application/json
access-control-allow-origin: *
cache-control: no-cache, private
x-xss-protection: 1; mode=block

OPTIONS
H2 204 tracking-event
api.webgains.io/ Frame 0
0 36ms
35ms Preflight 35.179.59.129

General

Check archive.org

Show headers Download Go to

Full URL: https://api.webgains.io/tracking-event
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.179.59.129 -, , ASN (),
Reverse DNS
Software: nginx /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

access-control-allow-headers: Authorization, Content-Type
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS
access-control-allow-origin: *
date: Wed, 30 Aug 2023 13:54:27 GMT
server: nginx

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 2BC1 0
20 B 118ms
118ms Ping
image/gif 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tler&ord=5072247250250&version=m202307240101&ct=77&x=1&cor=1310444133649392400

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 30 Aug 2023 13:54:27 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame EAC8 0
20 B 119ms
119ms Ping
image/gif 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tler&ord=3846498016862&version=m202307240101&ct=77&x=1&cor=3826551579037500400

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 30 Aug 2023 13:54:27 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 9E07 0
20 B 119ms
118ms Ping
image/gif 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tler&ord=8472837299605&version=m202307240101&ct=77&x=1&cor=5322491079958603000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 30 Aug 2023 13:54:27 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame A54E 0
20 B 120ms
119ms Ping
image/gif 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tler&ord=9002081185234&version=m202307240101&ct=77&x=1&cor=5985497211662203000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 30 Aug 2023 13:54:27 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 tracking-event Show response
api.webgains.io/ Frame A54E 16 B
209 B 80ms
79ms Fetch
application/json 35.179.59.129

General

Check archive.org

Show headers Download Go to

Full URL

https://api.webgains.io/tracking-event

Requested by

Host: analytics.webgains.io
URL: https://analytics.webgains.io/pvClk.min.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

35.179.59.129 -, , ASN (),

Reverse DNS

Software

nginx / PHP/8.1.14

Resource Hash

c955e57777ec0d73639dca6748560d00aa5eb8e12f13ebb2ed9656add3908f97

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36
Content-Type: application/json

Response headers

date: Wed, 30 Aug 2023 13:54:27 GMT
x-content-type-options: nosniff
server: nginx
x-powered-by: PHP/8.1.14
content-type: application/json
access-control-allow-origin: *
cache-control: no-cache, private
x-xss-protection: 1; mode=block

OPTIONS
H2 204 tracking-event
api.webgains.io/ Frame 0
0 35ms
34ms Preflight 35.179.59.129

General

Check archive.org

Show headers Download Go to

Full URL: https://api.webgains.io/tracking-event
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.179.59.129 -, , ASN (),
Reverse DNS
Software: nginx /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

access-control-allow-headers: Authorization, Content-Type
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS
access-control-allow-origin: *
date: Wed, 30 Aug 2023 13:54:27 GMT
server: nginx

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame AE73 0
20 B 119ms
118ms Ping
image/gif 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tler&ord=761978886903&version=m202307240101&ct=77&x=1&cor=2669107400472455000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 30 Aug 2023 13:54:27 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 tracking-event Show response
api.webgains.io/ Frame AE73 16 B
209 B 84ms
83ms Fetch
application/json 35.179.59.129

General

Check archive.org

Show headers Download Go to

Full URL

https://api.webgains.io/tracking-event

Requested by

Host: analytics.webgains.io
URL: https://analytics.webgains.io/pvClk.min.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

35.179.59.129 -, , ASN (),

Reverse DNS

Software

nginx / PHP/8.1.14

Resource Hash

c955e57777ec0d73639dca6748560d00aa5eb8e12f13ebb2ed9656add3908f97

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36
Content-Type: application/json

Response headers

date: Wed, 30 Aug 2023 13:54:27 GMT
x-content-type-options: nosniff
server: nginx
x-powered-by: PHP/8.1.14
content-type: application/json
access-control-allow-origin: *
cache-control: no-cache, private
x-xss-protection: 1; mode=block

OPTIONS
H2 204 tracking-event
api.webgains.io/ Frame 0
0 35ms
35ms Preflight 35.179.59.129

General

Check archive.org

Show headers Download Go to

Full URL: https://api.webgains.io/tracking-event
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.179.59.129 -, , ASN (),
Reverse DNS
Software: nginx /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

access-control-allow-headers: Authorization, Content-Type
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS
access-control-allow-origin: *
date: Wed, 30 Aug 2023 13:54:27 GMT
server: nginx

POST
H2 200 tracking-event Show response
api.webgains.io/ Frame 2F46 16 B
209 B 80ms
79ms Fetch
application/json 35.179.59.129

General

Check archive.org

Show headers Download Go to

Full URL

https://api.webgains.io/tracking-event

Requested by

Host: analytics.webgains.io
URL: https://analytics.webgains.io/pvClk.min.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

35.179.59.129 -, , ASN (),

Reverse DNS

Software

nginx / PHP/8.1.14

Resource Hash

c955e57777ec0d73639dca6748560d00aa5eb8e12f13ebb2ed9656add3908f97

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36
Content-Type: application/json

Response headers

date: Wed, 30 Aug 2023 13:54:27 GMT
x-content-type-options: nosniff
server: nginx
x-powered-by: PHP/8.1.14
content-type: application/json
access-control-allow-origin: *
cache-control: no-cache, private
x-xss-protection: 1; mode=block

OPTIONS
H2 204 tracking-event
api.webgains.io/ Frame 0
0 36ms
35ms Preflight 35.179.59.129

General

Check archive.org

Show headers Download Go to

Full URL: https://api.webgains.io/tracking-event
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.179.59.129 -, , ASN (),
Reverse DNS
Software: nginx /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

access-control-allow-headers: Authorization, Content-Type
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS
access-control-allow-origin: *
date: Wed, 30 Aug 2023 13:54:27 GMT
server: nginx

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 2F46 0
20 B 119ms
118ms Ping
image/gif 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tler&ord=6762053275475&version=m202307240101&ct=77&x=1&cor=13609989718639352000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 30 Aug 2023 13:54:27 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: sync.search.spotxchange.com
URL: https://sync.search.spotxchange.com/partner?adv_id=7025&uid=CAESEEw65sDJqqI19FsR0faER_o&google_cver=1

Domain: sync.search.spotxchange.com
URL: https://sync.search.spotxchange.com/partner?adv_id=7025&redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dspotxchange_dbm%26google_hm%3D%24SPOTX_BASE64_USER_ID

Verdicts & Comments Add Verdict or Comment

46 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

18 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
epicenter.bg/	1969-12-31 23:59:59	Name: PHPSESSID Value: eaab2dc19ec8899eb263c5b5e80cc6dd
.epicenter.bg/	1970-01-20 23:59:23	Name: _ga Value: GA1.2.2035867739.1693403659
.epicenter.bg/	1970-01-20 14:24:50	Name: _gid Value: GA1.2.1216982177.1693403659
.epicenter.bg/	1970-01-20 14:23:23	Name: _gat Value: 1
.epicenter.bg/	1970-01-20 23:59:23	Name: _ga_K328L3FRYH Value: GS1.2.1693403659.1.0.1693403659.60.0.0
.epicenter.bg/	1970-01-20 23:44:59	Name: __gads Value: ID=db57f3e8522d0af6:T=1693403660:RT=1693403660:S=ALNI_Mb_zQnuGXqXLJHNuGI17J5JsaoEgA
.epicenter.bg/	1970-01-20 23:44:59	Name: __gpi Value: UID=00000c6b81040c9e:T=1693403660:RT=1693403660:S=ALNI_MYk_PrRjp3W4IVLc4cb_AVsQ6USgQ
.doubleclick.net/	1970-01-20 23:44:59	Name: IDE Value: AHWqTUnR0m-T5XXqPoQ5ygXgIlUYFRJU31sF6Pnb9loDrwjMXyE636DKz7J_yytw
.casalemedia.com/	1970-01-20 23:08:59	Name: CMID Value: ZO9KDd-4imj.QXiIdBLSCAAA
.casalemedia.com/	1970-01-20 16:32:59	Name: CMPS Value: 1204
.casalemedia.com/	1970-01-20 16:32:59	Name: CMPRO Value: 1204
.doubleclick.net/	1970-01-20 18:42:35	Name: APC Value: AfxxVi6V79dlUe_zlBJZmTecFNCGiMMjam4y9J1SjHlrEGXP1q1Z2w
.adnxs.com/	1970-01-20 16:32:59	Name: anj Value: dTM7k!M41.D>6NRF']wIg2C$MeRSBJ!]tbPl1M>e)ZlrFUfJ+tGXxoDVrzhV^AAjPR1Y(cLs2j<<5:3`Uwe:c!$WbpRzqF1`b_v:-IW[
.adnxs.com/	1970-01-20 16:32:59	Name: uuid2 Value: 112900192276053488
.redintelligence.net/	1970-01-20 16:32:59	Name: 8lcfmzhxc8d6_uid Value: f90917f64ea97657
.awin1.com/	1969-12-31 23:59:59	Name: AWSESS Value: 357526:3266505
.awin1.com/	1970-01-20 14:33:28	Name: awpv11601 Value: 113440\|1693403662\|b9510a90-473c-11ee-898e-223287d3f473
.office-partner.de/	1970-01-20 23:59:23	Name: source Value: {"webgains_webgains":{"timestamp":1693403664246,"clickCookie":false}}

3 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://epicenter.bg/images/bx_loader.gif Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://sync.search.spotxchange.com/partner?adv_id=7025&redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dspotxchange_dbm%26google_hm%3D%24SPOTX_BASE64_USER_ID Message: Failed to load resource: net::ERR_NAME_NOT_RESOLVED
network	error	URL: https://sync.search.spotxchange.com/partner?adv_id=7025&uid=CAESEEw65sDJqqI19FsR0faER_o&google_cver=1 Message: Failed to load resource: net::ERR_NAME_NOT_RESOLVED

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

10295e8d5ed12fb87d994cd6e4e2ea79.safeframe.googlesyndication.com
5994599.fls.doubleclick.net
8019191.fls.doubleclick.net
adservice.google.com
adv.office-partner.de
analytics.webgains.io
api.webgains.io
apis.google.com
cdn.track.production.webgains.team
cdnjs.cloudflare.com
cm.g.doubleclick.net
connect.facebook.net
dsum-sec.casalemedia.com
epicenter.bg
fonts.googleapis.com
fonts.gstatic.com
googleads.g.doubleclick.net
hal9000.redintelligence.net
hal900010.redintelligence.net
hal900012.redintelligence.net
hal900015.redintelligence.net
hal900017.redintelligence.net
hal900018.redintelligence.net
hal900019.redintelligence.net
hal900023.redintelligence.net
hal900026.redintelligence.net
hal90003.redintelligence.net
hal90005.redintelligence.net
hal90007.redintelligence.net
ib.adnxs.com
medialead.de
pagead2.googlesyndication.com
pv.medialead.de
region1.analytics.google.com
securepubads.g.doubleclick.net
stats.g.doubleclick.net
sync.search.spotxchange.com
sync.teads.tv
tpc.googlesyndication.com
track.webgains.com
ups.analytics.yahoo.com
us-u.openx.net
www.awin1.com
www.facebook.com
www.google-analytics.com
www.google.com
www.google.de
www.googletagmanager.com
www.googletagservices.com
sync.search.spotxchange.com
138.201.135.164
138.201.63.117
138.201.63.145
138.201.63.157
138.201.63.165
138.201.84.244
144.76.91.199
145.239.193.130
159.69.70.9
164.138.220.34
172.217.16.134
18.66.147.120
185.80.39.216
2001:4860:4802:34::36
216.58.206.34
23.218.170.194
23.35.237.56
2606:4700::6811:180e
2a00:1450:4001:800::2002
2a00:1450:4001:801::2002
2a00:1450:4001:802::2003
2a00:1450:4001:806::2002
2a00:1450:4001:808::200a
2a00:1450:4001:80b::2002
2a00:1450:4001:80b::200e
2a00:1450:4001:812::2004
2a00:1450:4001:81c::2008
2a00:1450:4001:82a::200e
2a00:1450:4001:82b::2001
2a00:1450:4001:830::2001
2a00:1450:4001:831::2003
2a00:1450:400c:c0c::9c
2a03:2880:f083:9:face:b00c:0:3
2a03:2880:f176:84:face:b00c:0:25de
2a0b:4d07:102::1
3.75.62.37
3.9.22.61
35.179.59.129
35.244.159.8
37.252.173.215
78.46.23.46
78.46.90.238
94.130.102.164
94.23.99.218
99.86.4.36
0556bb3caff5a221b2a58d2a6d10e0e3b725f568b504d40396fec6f8fa3d2c82
05c45bff87b6e095281cfcfc97e2a376aedc8deaac6d9fa336d4044ee4832120
0766b9b89ed9a55da4d615837f3ce8e5a60f2120b94ceebf66e8779e902c973f
07ebd33d6259bd8106581c6ecc8e4b0abde63541f99664f71e8f2dedf819126b
08409d08d8d118c6c6d1c375e079bfce656ac367ff4d1dd9551fff110033c185
09309ddb733a7c98fba0d2d5a245e3eea11f6eedae44ca55f08027659a614d14
0a9327fdebcd4d96d2be40c59dcd4d6e925339da8d8a56d87146936fb8702a25
0af1e3ad5f721ab91946ce697ce2efae9d08dcdf6c6f10c141572858525011c0
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0e27a7b85567e28d5cef05d21fa70b553e864598ba2cb3559caad6725d3e96a1
0eadcbd7a0c1d5a1accdf273d00dea97f33b83f3a4a7c0c33a62bfe00c12968f
0ee5555d4c2a1f38918963cca11b3020b3beeaaf53050d3060d07bd32a9bcd70
0f1c2fb7eb8559ea84436c8f9ceb5614091b62ca8f684645826a66d73b941786
0fe03863d065a826de62f1aab58994056602e3f09b9065e3f4e7faa034102292
0fffd4a4670502f0633fa5c91c09f60c780d7d7588960a4bf33929a88f77705a
11477df5ca7a427a67e039861f76f49041a0044320fcb92e966e3592a334a1b5
127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b
140ea75986ac0c2de018a883db71d8df32c62d1aa58e2c84ef09a4cef31dc0e0
144607a68ae9036490b885ac1ebd46dd7d81cc56d2b7ff1a414ccbe54f88599a
14484484f67f5f23795a4bbd2dc62c05aeaf24a71bd74833fb22bb4813d9da6a
148b946c3c39e33522973a57e142448ee24b0ad585df4cf6ffb0085c76a18bfd
15556d3de35493783f09592bef1d0529771a0ceb55706774a49e953422200c25
169beeeb664277a045c0c8a272987ad6766f883261d159520ea107792bb0a34b
1795bb8c27b77188889229c4c3fe7e830fd967082721b8f8f5a475044c97f0f6
190fc02d8e8f1dd5acc40f48d0d6203e6115eb31e3f47f55db0c3f07797d68f0
1a1139cb261fd4c7786ca1ac97bc96bdc99936a48fcdd5a4e0f78be6c266c95f
1a264bf0d4bbde19fdcec748219dfb73e41c71eb2a32b74a80c28aa1c7d92344
1af515016722a1ec9968057f97fd98d41e85e76fb7ab648aade1c6fa769fc5c8
1d331622923139591db4e2ad40a9a52e63a0d8e6f5fc98cf65ccbce27054906e
1dc8d07161e876e47c0776b8a181e18c4c36a76563a5227b2c6fc617cf4e80aa
1e6c8e421ba75c8d2a485390f737f97653ccea040d7e4e39996ce1432d7539c8
21adc10ab1507e83597c87447ff7bc62f3e21b5be38fccfd50f215241ee68d55
221d20e98d7a43170a8d2a43726c2792661d232992541bae5a9f05999cefbadf
232d3fbf590a584138bb563319747dbef0c9e41db91f19ff45d41e785a5f4f98
23b1ccd76efb5b2ba4c994d4efcd276b939a5f99496820c7e12de238b99a89ab
2425e58d353358d8587f676f5a62d38a8c696c191990a2f0c2a93e4300fdafdc
24b4acf06c060c547c11502d93077b5ecf7aa61256a46475c357e4c62086320b
257206c4fd6bcee36927eb0ef2ba087b5dfc6c9a18df7f8553878bf847616226
25bad2ab358500891778111c8fd9c6ffbb9beae21f0cbb111115258ea9bfb4b4
2823bf86a5bca2c20c28c227e9ed59739ade0918d4c76c343162b4c4d109d594
28b32d77626de1ab394e74a1439a1eb5e2c8ced17e795ee83a277817eb7d9389
28b563207c4915110ad0378f0d4cb995427808ec14e1b53399c3c52b4ec346d7
29ad3ec7146da573d5ec9a83ca185390837fe29e64b9903d4f53f159cf4f0cd4
2a1c50c951785cdd9b692e728aaa16eb998f5eaec6675effdc7520db77c42ff6
2a2fa44e7e53d06372596991a94cbd0480a9f2f8cf3f057e08a8c8ca0ff9306a
2af72f792c5989fd70288459bf9c1230619f1fce8693c109d1be6995aac9b7ac
2c3afca047713f38486016bb526bde4b25173b88df824a3cd7d7237aeda79e9d
2d47afe234a4b2c9b6a47f5abc0890dc73923b43b950fa2322b895979bc32ddb
2df70e50acd55e5c43473e10fe965570290791c4d8aaafeb82c6d33c11c6e8c0
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363
2f4a71bf1ae269240ff889dcad44f96a7ad6503b86c2ec6cbfea971aeea1cafd
3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5
328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7
3301af88827f9551e92c89029312b90313ff03843a1264f47a23e4cfef2b2c34
33e1de165482304fe4e4f87b957b4c73d2be6d0d5d944955b0c94d37446ee2e3
354155ec58de6856b53fcb551f483d65785c05f145170b30b8881c8aa478b42e
354fe5bec457ff5f56e486faeb6921c465ce96a20f49f1bfe49a214f39429daa
371064d578ab360cede3dc307168fcb45dcbd5460938eb683963c6c945ba03ce
37a9adcc7f3af711bbf2ca41134dbf6cc35a713fddfdacdaeb9df091ba8269b5
37ab5c060ae53ccda75b8bd212d874a17650f7954b11c4e31f568990ab40196b
384179ee8fb1fd393558e28ea811532ea776e8cd69f9e94f379ddefb78948bd7
38c5d0db4327ca7d0485887b5cfc1a34be351f118363d5c70ca9ee3184d1232a
3ac12cf0b189c32a43be98b17088c98faea53bea40d2d2a08d025aa0a1b8df84
3c86f1180bc1f0411600032f0e5a94036a42ee28e4245fbf2c95c62ce99b9cb4
3e30f57028496d7fe5c3e963f81e24fb326b254ac000593dd4bed3c5690d7bd4
3e48869d45889d8c1370161ac5b499cb02dc73c6bebefb8c487173010aabb78b
3ffbcd6104aef277786281dc2d9e81d2f0ae70a9c6f945a0548b8de612bca9b1
408108837819404f83384f16736290bcf47726b4970f9c1b80dd6967cc307c92
40cc36785f951201bfaa8850eaad6db5fae23f433a7175b52653134a5ba1edab
40d5731232bcec855d3b848443dea745d22799eddb3101e0af9f949a5e634717
4192104ece7528a36131dc1a08fcb1de0b8217f94bebbfc00e7c770c7b9b1ed9
42194a6bc721fed9ad007cb5569c1fcc4fe0a7ebaa4c6a487b6ebb5d8110194f
429962f6ef313d719f37947835c051d904f27f944b7fbe7b59df1ccaf8ecc500
43c969dd91796954ee5b0d995fddf5dc9b008844db541a4103c1d95b28ef2f74
4495611d44f774078042240d72cfbe7fe69e3fed3cca1ada8815e44df13f8bd6
45094627fb3f83a906abcf319ad45b20125ce40c639fce84057ced86b821ea88
455c103213cdc3c03bb5d8541affbc6a6c8c08dbbb39fc92a0ee17b853277759
46469113dad716ebe5b0498a909269e3bd7abf7371d536c5c40a4e410711c9b7
468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99
47b68dce8cb6805ad5b3ea4d27af92a241f4e29a5c12a274c852e4346a0500b4
47bb0cff4cc5e5c753bc9d630dcc09d9fe202a133cceec2d64e9632b51f06f8e
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
4bc6901d4d986a6fd88a30aa87b6fbf9e7904ef8231f7aa65dc69e2f2366be73
4d2352778795bb4ffd0b0e312d2e8d2049a4a2479442922c051d829b9b6b0225
4d2d8c52faf4702f1c4eebf033f78083e15fe831f6cd9a9c02939b29dc5bc870
4d437ad06939240f63f5ee411e934f53f8c8b5a895db5dbd9dd324df567c9352
4de67c3e9f8631b62b9ebe04f11b54d54aac73d0372a08297490357672d70c50
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
4efd78f59416dbafee49c85a8e3a7579a3e86a69276434fcb98aee7d4c166b42
500d85c61079ee4896c729cc79cecca49dae28c4ccc3cd5d9634d5086066b002
502bd792873e9a919b23722971f07cfe324eb856d83063b9ea5d4c5addbacb53
5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f
508ecc51e1ebdc0798b41ab754e78fcfb51c0f573fd1a72195fee5020785841b
515ab025e0d19c7c52b8db7c3491a157b2e292a2e94d0b7f72d4bfa0b6713683
5489696245946bda9389c1331d7fbc5bc8dfd348b045fc2c72dec68ce36c6695
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
5602a342a6a7fca41659868011aa330c75bcd277032184db5188625d26fb5317
597376019e2b74afda434f9e227ddd59d97b9cb1a0b19a5ca3cc5a22c99f077d
59aae596fbe710cd7d787ea7983496a9a26c8f8eb94c8a0d72cd040a92c65f9a
5aa1b5e97a52a8bdc4a369307ecdb143c0823e76f5bdef79dd2a73afe3002d88
5b127c0960ce0bb0343246d06447e82eac8da397ce037a5cac5795c3a770b882
5b48ba80c1d2d47c475ddc48c5d701e4c0fa211a38fe3cfc029acf2379658d1a
5bc90c831249bb95d00f4791aa5eff2756f2f10e4e4d0dd04c7d0677a907e406
60802872ad53d0edadca50013544ed8a224fe7c3fe30d2ed6fa3ff090af6fa2a
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
632d6a19390fca4822340ef4e9096ca38455e9920a43c0ac2e8cbc1bc699ef02
664fe56291c39c9907c3b6ea1ba76fd7f0172febe8c052807208a0275347065e
66f34c3de87643cf772454fbbb483e6dfe1fc4c3e8f6207bf4fdc3fce2047623
6889708c66668b730402abf7493e6acd8e12c28befef25ee1ece9f3e88e2ee12
689bc2c7bd3803e1a2f7699c0eedf4da1a4bd431b3f2595dcc867d6fa4474f15
68e41157dc1b5c39374f93783086784a275989fb108e1d5654d17f2da0227c25
6947faf4d8aff56964bd3a3b095297a749f1ccdb6bd80e21d5e28bd19ce6578d
6a3cef6f3cc8537d78fd5719c36fa3d4fc3b4323ffe84fc5a50a6aa532efc9ee
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
6e87a7ceffb754d773490ff26881dfeca2b0756ed6efa737a0ea1b6ab5e4a540
6f3ff8d0676f4db13cdfc4edaea1c38c48bafed4ff5e8b48ef714778c924ba5a
6f87db7846cefed9612c3cd6da1bff0745b94a101a72c1265a7d081e475dc6f6
6fae4df8509881d4229e3472eb3fbe937338a61331ba5f79d2a0543173951cf1
6fc4c567224207d5fa73d0cb00dd0ed2115df95d5f0e3a35be1518d36ce37bbe
71a6892ef2f97d06bb1da892a5a2870e58bc36ac00b0c932d9e8c23f124d3f76
71e5547ac3993db6323354f736950c88f936099ab70e115264e28ac1d038328f
735d3f010e0dab5b61e102b3b7997fb44073f916aabce5d24b2ee87c8480e5a8
740614f9425a4bbc83c53848eb0b26735ac503b5714c49e427b8bf58202139f8
765811024b5b81ccbe600b082ac763e82a33fb6472768673f165c0fe31ac9832
79c1045012152e819305ac27c918d165d37afb02633e19de06dece1eaaf2c330
7ae381300329dab93885157930978c1d54febdb68d23dab435b9cd78fca951ca
7b348b30ea1fe43857e68fc462c29e5c6e63c97666af75135c4396a272e54762
7bb90a0cc160da966097c8d7011dc629c9a47c8525483a9b9815f9e12c60629f
7c37f22bbc0acb8e210ca5319d10c0c4280e29496544b4e9cc3a0d241a438b94
7c95ca72e92cc5150a67da2913a092c3e41d33a7fb8f7733d75a19e6ec513c97
7d6b9e826375a61c3bc4421bec97243bfc0fce3a7a2ce0612624e0f9983517d8
7e4f38582dae952aba008e48b8372ecb0f2f2a11dc31f5d02a272ca2059c1c53
7e92ad431981f21ae65a73e392fd13871de2d103a74f03cf3b2a7bf2ad47387c
7eb98bff359f5293dfb2c4338ae77b8db487c98a054cb175357035b498b15837
7fd41fff1616eb9cd23a9c45ca67214937aa9fffadbd42ce6dee7ab139f71454
81d505d448bf9012e2f8dd4bdfc6e8fa25f60ee9128b859d8047ff26ee777feb
86de7d796f12d635c9852102b5860e5d5d6819029281c351d60d1451850ac7d5
870e283f2e9d4e72693cb1fbf1ae243d29cc1758533577a7a99645e547e4e333
887867b4521ea4df2571536f917e9a53ea3bed0f1655a926fec86c31637ad271
88a5290ca788e5166561ab0d792426426353614ff7d28d97caa99caf06069b77
8c487ade441799a3ad1c340a453356a95249a2ac7fb59d7b67ed05ef781cd3fb
8e38fdcbca5270e830913208c33d6468816dc9632de9996b36a00e7e5f0b696b
8ef5dd8d2d8ffe33cc0cb1749270caabdbd6931611a3717132296f44341149af
8f8ee8f6c73a5a8fa0a274d8609c03f59db49fc8eb2407e0599f07f665555daf
9099d4c157d9d1f0c6e23d3b7facfc99224a5a80d0ad65e27fbb42c18726f0d0
90f19c3cd95066179ee0ca324b39df8e3914408da2a825cee9fab1b9bd2abab9
91405eb5dd272df2cef9ad263658096654b7b0a435b8e3883eb7993ab16a5735
91d8a0b52f9987088a7e6de15316384a5134955ae08f67c7b4d7fd12812ad36c
91f50f416c6fde8cd286cee1dde3de45c8b9d1a7e5f3074b35d45e3088b2578a
93b7f72e6b7a98aaf5d4c086f943f145f254db974c72810a5d5f1e63abedd83e
9643a65a01685464a7c9f06e2bc5851996213f49cb18da977f2b9b62251983ce
96a181b447e874ab33059737aedb39d87ebfc5790776b8a1f09ea1a56d9e47e4
9732d82adcb0918d270b160fb468d160d38c2be862bb91305de26a5bdc8b7c9f
986454a5c49a1fa0060a598a96a371dab3f83de4b44decdd21726bf5425b9410
98760b1f86d07c142da6c2516dafe1481046f8cf304b71cf0a379f9174ed3d63
9a1e3c8ee5451648f4d3f42900be8841b00e598502ef81b9d0b8d3e81e6f1984
9a402b07c3abdb24d89dbe1812bb258e0dbc914f42b697b2ef74e5ccf02f4c08
9c1feb879bfcdf6cf59957c246b61335141d867756c5fb8dfb573472f0ce441c
9c8ccdd7107470d9069bc19eb993c76102622170a1b461a910fc878a0a155e8a
9dfe1f819bb2abd9663550cec9005dc0ed81151f85f2efa7a8a9b1b33aa64f40
9f1a44132469c279691116ccff2cf1160c14a4ad6abcf00d7ddc00c8bbc06c90
9f30b0d0ab21f4fecd438b0d6fd06812e7e55ee819f4169d4a59ed10df9ea134
9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120
a0578ad0242b9cb0ed6dc45cb72ed6e6bbbcc86a4c15bf9b956032573391e50e
a2b0280239e833e0314d5dd4fe096c2a3937838ab0d55863735f4989dd068451
a328c75083a23880928c6ca01d34b5628a40d7db39a95fa8dfdd6d812d739450
a3cfdc27937a9365618b5710ba9dc78128e032d3ca54768d9266ddc97dba4646
a44407142af2a1826cd0b14730134eeadc622d604ca569a1b8739731765ba980
a5f95c68b9b6d469f7a66b38ad0e092b3005df8ab71b7f813f31ecd981580161
a72454bece17a210dd46ab81014c4b9389606ca392f40547c7729381f1becf35
a738702ca0c04d2ca0505ceb1063bdd830bc09193bc77fc3d1f2378fc9265fc3
a7de66422675310c3ae05841632e4a25952cba73a67253dcba0a3892868df64a
aa201b4f1458e5003ca6348860727bf6bc3f8f6c69db61fd89f4cc822f828efa
aa5569bd7f8bcc2f9e92fd956db75b4b5eeda9d23adfaa2796944c14ce55e4e6
aa95ca6c9676932bc1ea0e9613a7d7a4a407ae7d3acaa69eafad033ab3a164c1
ab93e2630d12aa917be41e647cd2747bc28561a898dba31412c03893fbcca619
ad0b4b022794192f02d6ae172b4477d1c69d2b8efa979df025b2d7fef16b74c6
adb8c6f4563a53800a59acde11f4d4ab22da6349db0c55761f63c8d563f29e36
ae0a668461b4d5577b9d30e01b9694d774eb59b187af3e54e57e680b1cebfac1
ae1e021add30c1a6595dcbf8eca884b6ce234884181af6cb4956ee412912ecd0
b02c42ad0a364ca7a5f1bde5d3a5f56e0a7b67c5be5bd481f4dbbe525c2fc7dd
b0474d8930cd24a17cd492edb031906f15b8cba084e916c3c577fee0910f8eea
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b1fe6456a4e2d8871862a70a1d1ad7dee8887643ee994ad850ee0a30072cfbd2
b2708a31dfa822407d6f490bf76ae1bbe65d015ac2ad71cee19f7c64e164fee0
b27d7634ffd144fb5ac753e6b2aff374522dc7650e288c368d108a4c088ea757
b309510c5ee4a22d74dc29eb5a2beee7134d738058b383d7af61cf57f9f87e7d
b3382041ef609c814118453726035a24eded3a32369edbaa6854733d77b4e3ab
b367927f6f386d4bcb157662e422dc19aa72803f4b4c1ac1400cd1aeacb3f946
b381a9d08dc62dee3c7bc742c47bc117048f95bd400b31650ac9435268bac454
b644c1a4b915c4379b0f9f3ae426c4211286c346b0ad97d4f6191a64b830c204
b6691cf3a7e284d739d3ec756396020c7c3a0d482ce79b7faa08ea03058850c3
bb1734d88f563d8e156449f8dcc6f906b53baae1b8503bf458ee5e170b25794b
bb51b2c88c7b5788e05ff89937d198be02434f8e6f725603418b15cc92dd3e78
be8c20f8f23a4d1a7b71207f80a96b6650d08eafba94e5fe9c6ac1a147a20a50
bf5b911ce6645add415b3dbf40d50dc8cda426f38f5300525bf4793c4131b2c2
bf5daedb21854eff5c85e0f47c41648fa2546c8792751654a6fdd07e21058181
bfc27ab86c5b5d230ff0dcac514c4b302e72c20fde6237ed12ad179ac0009200
c1fc7f8a5978b9bbbb24483d993b36b04b7c8fa37e761a998d4021ad76d4f6f0
c274c9b4144c012cb9201eec2802ff19c9eead2511699aea87a5107097897818
c2d4492b082d66f4601ec1f4b1b1dd730422fc6d7c7605e8a90a252ab1bb2ab9
c3b9943ce253052a5f45e5db24819b8659c221f2a3bc2505f5869ab9295f58a4
c496d5308ce3f7be1462ac8bad06bcaaeb1c026a46b387bb25e1db64c3fb9ddd
c49cc4251bdd9e6804f64dcedc35731446350f5cf953ced77246697d434fe3a0
c4d621fc6cf5ab78902f71a7b616ed71de59c239f21027f0abf98c15b0bd0ee2
c5826580fa305fb4de0b01a02bfbd273c5b73a537500c771a4fd4d84ec80b59f
c7a783467492f519b2645799ebb83ce6ca8dff61402c2909d5f6ee10154576f2
c845722a217eadf2457ada3d5108f2086023ba7fc59670bd3d9071ff8f456973
c870ab904be1212a5c0fdf9a21aaff1270675858dc9b8426fdd6b96928e54640
c8dde2372406b232b047fe2e154ccc97926ded213257eb271a345ef9e5bfe16e
c9177e977a177a0851a15c88ff988c8d065740253eddb44981482b4ed272230e
c955e57777ec0d73639dca6748560d00aa5eb8e12f13ebb2ed9656add3908f97
c981dcb044c5ab904f06fb48a0ea7f37f958d29af8fad2609c19e37be0602996
ca57b79a870bbf54700730858603a70d79743779c1b059922ec401bfddc5adc9
caaf5afbe7516b5c7249cf2a7d285e16850d89b377be4b52490c5bb2569e1e8a
caf3c6e1c977e0ed1ef12708c31210e8ce36b6ec1bdba5f7d1b42867d1829e2e
cb06d80355f192e3ef7e0f21801bff82d9e7524167f4d818d8c2e530f5a843a1
cb7c14648d1fe914145976bcc9127aaf13672bc3c5440c65add4c7f69e1a8f63
ce5d5141ab8fd9e59fec58bef77b8d8c194a4c61a8472c186007574c9463ace5
cfd72b8639b5f016ebf1309543947bc99d03804d2fd4439e64dabcbefe103cd4
d0e8821e889280c3b745b859e6b3971924723a4562bac65ba8aa0fe44bfc83b2
d2033d613715ff5666b48dd3256af22ad5bcc592c2615e836c442a7381e9ff12
d6dae77160e57381a44c5048e94e3df0b0c8e3903010f8b6e8a5edcbe2cdb5db
d7fb526955ef7382c3bccb9c5df150583bf6dea44ab8c327723ce2b4ccdb5028
d834b14025300320cdcf296f38e980740bfc0411d1198bf8351bd96251cf4ba6
da5d4de3e6663568bd35186f211ea55dde2d442ce2c7ae619203ac587b46da88
da93912ae1584f8d99cb18bd27ccb5ef85737be24fa4db191860ec56cdccf6b6
dafbd0e91848043a138f00a944ef29296d0ba654858b4412e884121e665fe35c
db21b6d58c1a20945833319a90fac5a8c7fbcd97349f85a803a7ba259f5bd3c1
dd1ed64ffd1462f48130a7ad13018ee8f7cccede02ee4b4e1c904cee3fc54c71
ddebc8568fb90d7fcc7965594dbddee3edd66c7d81a22eaee5f4161c7eda5cbd
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
de434a12bc8eb3fc70b4ed53b0e4633e0e31a7e94735eb6a714f00b9f3bcf015
dedec9068f8da4f1539c95d04c10afc815e74e1360bf7b8508972e8d32557b69
df185a4fd5ce91dd7607f01980b83b5ba9be5d8a41b6ca64735e5f9d8968f5f5
e1a858ac4d9f4fa52889b7abadc43f0cc1dd134db7cee21f702d66548fe64862
e1d987a655aa95fe73998fde8f00bdef7002115a7a95d849c6d05c1472f0699b
e334ca19f092778f57815a534078daf8e3fce269e56f7ea374ab3a117eee92ad
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e57eb62b9440a6e28162f7cb08352c025b418b4e24199bfc14b630eeb8965f51
e67f5e78f2c8bb80c13b567bfad2a8c0a3d14c80619d8a12034266db3a1add67
e6a2c195a844f45d8e47c3f9219967c93b4440f8d090826b60da74e85c421e48
e98e1802d6c84b348969c428c14b5eef73dbe33744477d92b7700b7c9777ce62
eb89c14d08d0d6959dd6082f77a7e4c3110a39fb339ce50446375be75896b511
ec0c5a18f6c1f41910379e8d87d82ca6bfda07dc0c974a8c36076e6799ce3dfc
ec58e38498f5cb5a8dc11ccc0c43324db9791c84ebb1508c30882f72a0ed22a6
ee31890ceb03021432ed1ec2cf366cfed693658cbe3e2959d82eb421b6ade7ec
eed1e62701bf81360e0a5a018ae93465bd69c001f939b2d6d66ac49d6079adb7
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
ef58847fd85fe56ee6efa22250f8c9d1c6f00688ef1c83cc06c2db2a059cec5e
efdfe88b7b0800e9267f59fec7f7b10481d7d52967316df2aa32f12b0403afeb
f0eede80b33487d627cf31f43e1f353240d67c478f0f2d00d9333b4237d3f2cf
f0f5468f9b124b880ef8d34024c289ce4594c1d9b20eabede57d709e7390a6bd
f11fb8c35dc0d3bb0bdcc09e98376266e4c2fb0fb59287aa985d99dbfd165aa4
f29c6b6dbbea8fcc3983d943a2a5959eebe58f730f31660cf1b31b2b88b116c3
f3af78da1d928290657e104eb70027dd60dc212fdbfd4c3a90e2310a4f1819c6
f6679ea7e994d0a7efdec0dfcd7c402a67b372a2c594b5db8c6d25826650189c
f6d74940de5cc282f554cbdfdf8151c9cb17490ac871d5251c0771a22a8b0993
f8072c45fee6c4a0cc36d41f5fd532f39dcbf6bb78db6d801cac62b6a4fae207
f906bcaf8ba478e4606cf734534611cac9765e61f67d80b5aa5cb667121abfcf
f9e653d3d069cdda6237b8b16d302c3a032d231cfa6289359fb0f940e4f3d139
fc00b9625d90f37225039ccbe84ab2d837e89c09a73651bb5a18201158b5200a
fc842e87738ff25f16170a4041e783caf7432236abb68e28b38a8e4e2c436fb4

epicenter.bg Open in urlscan Pro 164.138.220.34 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

641 Requests

92 %HTTPS

42 %IPv6

26 Domains

49 Subdomains

45 IPs

8 Countries

8302 kBTransfer

16420 kBSize

18 Cookies

8 Outgoing links

Redirected requests

641 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 12 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

epicenter.bg Open in urlscan Pro
164.138.220.34 Public Scan

Screenshot
Live screenshot

Full Image

641
Requests

92 %
HTTPS

42 %
IPv6

26
Domains

49
Subdomains

45
IPs

8
Countries

8302 kB
Transfer

16420 kB
Size

18
Cookies

641 HTTP transactions
12 data transactions