www.fifermods.com Open in urlscan Pro
52.17.119.105 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://www.fifermods.com/
Effective URL:
https://www.fifermods.com/
Submission: On December 14 via api (December 14th 2023, 11:01:25 pm UTC) from US — Scanned from DE

Summary HTTP 309 Redirects Links 8 Behaviour Indicators

Summary

This website contacted 77 IPs in 11 countries across 50 domains to perform 309 HTTP transactions. The main IP is 52.17.119.105, located in Dublin, Ireland and belongs to AMAZON-02, US. The main domain is www.fifermods.com.
TLS certificate: Issued by R3 on November 15th 2023. Valid for: 3 months.

This is the only time www.fifermods.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 6	52.17.119.105 52.17.119.105	16509 (AMAZON-02) (AMAZON-02)
18	2600:9000:226... 2600:9000:2260:2400:12:9e5f:cac0:93a1	16509 (AMAZON-02) (AMAZON-02)
2	2a00:1450:400... 2a00:1450:4001:827::200a	15169 (GOOGLE) (GOOGLE)
4	2600:9000:225... 2600:9000:225a:6400:e:be87:cd40:21	16509 (AMAZON-02) (AMAZON-02)
41	2a00:1450:400... 2a00:1450:4001:82a::2002	15169 (GOOGLE) (GOOGLE)
1	18.64.84.99 18.64.84.99	16509 (AMAZON-02) (AMAZON-02)
7	2a00:1450:400... 2a00:1450:4001:81c::200a	15169 (GOOGLE) (GOOGLE)
7	2a00:1450:400... 2a00:1450:4001:813::2003	15169 (GOOGLE) (GOOGLE)
4	188.114.97.9 188.114.97.9	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	3.161.119.6 3.161.119.6	16509 (AMAZON-02) (AMAZON-02)
4	172.67.213.217 172.67.213.217	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a03:2880:f17... 2a03:2880:f176:84:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
4 6	2a00:1450:400... 2a00:1450:400c:c0d::54	15169 (GOOGLE) (GOOGLE)
1 3	2606:4700:20:... 2606:4700:20::ac43:464a	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6810:631	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	104.244.42.1 104.244.42.1	13414 (TWITTER) (TWITTER)
1	2606:2800:234... 2606:2800:234:59:254c:406:2366:268c	15133 (EDGECAST) (EDGECAST)
1 4	2a00:1450:400... 2a00:1450:4001:809::200e	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:80f::200e	15169 (GOOGLE) (GOOGLE)
1 1	162.159.134.234 162.159.134.234	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	162.159.135.232 162.159.135.232	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 2	2a03:2880:f27... 2a03:2880:f276:e8:face:b00c:0:4420	32934 (FACEBOOK) (FACEBOOK)
1 1	64.4.250.37 64.4.250.37	17012 (PAYPAL) (PAYPAL)
1 1	151.101.1.21 151.101.1.21	54113 (FASTLY) (FASTLY)
1	151.101.65.21 151.101.65.21	54113 (FASTLY) (FASTLY)
4	99.84.146.5 99.84.146.5	16509 (AMAZON-02) (AMAZON-02)
1 26	2a00:1450:400... 2a00:1450:4001:813::2002	15169 (GOOGLE) (GOOGLE)
3	2606:4700:440... 2606:4700:4400::ac40:919c	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	104.244.42.8 104.244.42.8	13414 (TWITTER) (TWITTER)
10	137.220.35.134 137.220.35.134	20473 (AS-CHOOPA) (AS-CHOOPA)
1 33	2a00:1450:400... 2a00:1450:4001:813::2001	15169 (GOOGLE) (GOOGLE)
6	2a00:1450:400... 2a00:1450:4001:827::2002	15169 (GOOGLE) (GOOGLE)
1	2620:1ec:bdf::45 2620:1ec:bdf::45	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	184.30.16.183 184.30.16.183	16625 (AKAMAI-AS) (AKAMAI-AS)
8 10	142.250.184.194 142.250.184.194	15169 (GOOGLE) (GOOGLE)
3 7	104.18.36.155 104.18.36.155	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3 8	185.89.210.141 185.89.210.141	29990 (ASN-APPNEX) (ASN-APPNEX)
4	2a00:1450:400... 2a00:1450:4001:831::2003	15169 (GOOGLE) (GOOGLE)
4	172.217.16.134 172.217.16.134	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:800::200e	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:827::200e	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:82f::200e	15169 (GOOGLE) (GOOGLE)
12	144.76.91.199 144.76.91.199	24940 (HETZNER-AS) (HETZNER-AS)
1 3	2a02:26f0:350... 2a02:26f0:3500:1b::1724:a38a	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1 4	138.201.135.164 138.201.135.164	24940 (HETZNER-AS) (HETZNER-AS)
2	142.250.186.34 142.250.186.34	15169 (GOOGLE) (GOOGLE)
3	91.121.248.44 91.121.248.44	16276 (OVH) (OVH)
1	2a0b:4d07:101::1 2a0b:4d07:101::1	44239 (PROINITY ...) (PROINITY PROINITY)
1 2	2a01:4f8:d0a:... 2a01:4f8:d0a:2321::2	24940 (HETZNER-AS) (HETZNER-AS)
1	49.12.22.42 49.12.22.42	24940 (HETZNER-AS) (HETZNER-AS)
1	13.43.203.41 13.43.203.41	16509 (AMAZON-02) (AMAZON-02)
2 4	216.58.206.38 216.58.206.38	15169 (GOOGLE) (GOOGLE)
1 1	94.23.99.218 94.23.99.218	16276 (OVH) (OVH)
2	2a00:1450:400... 2a00:1450:4001:80f::2008	15169 (GOOGLE) (GOOGLE)
1	18.66.2.29 18.66.2.29	16509 (AMAZON-02) (AMAZON-02)
1	99.84.146.86 99.84.146.86	16509 (AMAZON-02) (AMAZON-02)
2	2a00:1450:400... 2a00:1450:4001:81c::2002	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:808::200a	15169 (GOOGLE) (GOOGLE)
2	35.244.159.8 35.244.159.8	15169 (GOOGLE) (GOOGLE)
2	2.19.217.101 2.19.217.101	16625 (AKAMAI-AS) (AKAMAI-AS)
1 2	2a00:1450:400... 2a00:1450:4001:828::2004	15169 (GOOGLE) (GOOGLE)
8	2404:6800:400... 2404:6800:4004:821::2003	15169 (GOOGLE) (GOOGLE)
1	64.233.167.155 64.233.167.155	15169 (GOOGLE) (GOOGLE)
1	104.18.36.54 104.18.36.54	13335 (CLOUDFLAR...) (CLOUDFLARENET)
4	46.4.10.47 46.4.10.47	24940 (HETZNER-AS) (HETZNER-AS)
1 1	2a00:1450:400... 2a00:1450:4001:830::200e	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:3c::7	15169 (GOOGLE) (GOOGLE)
1	35.157.49.61 35.157.49.61	16509 (AMAZON-02) (AMAZON-02)
1 4	104.64.118.247 104.64.118.247	16625 (AKAMAI-AS) (AKAMAI-AS)
1	2606:4700::68... 2606:4700::6812:acf	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	3.8.107.16 3.8.107.16	16509 (AMAZON-02) (AMAZON-02)
4	136.243.149.243 136.243.149.243	24940 (HETZNER-AS) (HETZNER-AS)
1	85.10.231.200 85.10.231.200	24940 (HETZNER-AS) (HETZNER-AS)
6	142.250.186.98 142.250.186.98	15169 (GOOGLE) (GOOGLE)
5	130.211.44.5 130.211.44.5	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
2	142.250.185.194 142.250.185.194	15169 (GOOGLE) (GOOGLE)
2	2a02:26f0:350... 2a02:26f0:3500:58c::1ec4	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	2606:4700:440... 2606:4700:4400::6812:2aef	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	151.101.66.137 151.101.66.137	54113 (FASTLY) (FASTLY)
3	165.232.46.2 165.232.46.2	14061 (DIGITALOC...) (DIGITALOCEAN-ASN)
1	162.247.243.29 162.247.243.29	54113 (FASTLY) (FASTLY)
309	77

6 52.17.119.105 (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-52-17-119-105.eu-west-1.compute.amazonaws.com

www.fifermods.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

18 2600:9000:2260:2400:12:9e5f:cac0:93a1 (United States)

ASN16509 (AMAZON-02, US)

assets-global.website-files.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:827::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

ajax.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2600:9000:225a:6400:e:be87:cd40:21 (United States)

ASN16509 (AMAZON-02, US)

d3vw4uehoh23hx.cloudfront.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

41 2a00:1450:4001:82a::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.64.84.99 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-64-84-99.txl50.r.cloudfront.net

d3e54v103j8qbb.cloudfront.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2a00:1450:4001:81c::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2a00:1450:4001:813::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 188.114.97.9 (Amsterdam, Netherlands)

ASN13335 (CLOUDFLARENET, US)

pogothere.xyz	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 3.161.119.6 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-3-161-119-6.vie50.r.cloudfront.net

tbradshedm.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 172.67.213.217 (United States)

ASN13335 (CLOUDFLARENET, US)

unicatethebe.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a03:2880:f176:84:face:b00c:0:25de (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a00:1450:400c:c0d::54 (Brussels, Belgium) 4 redirects

ASN15169 (GOOGLE, US)

accounts.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2606:4700:20::ac43:464a (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

www.sociablekit.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:631 (United States)

ASN13335 (CLOUDFLARENET, US)

www.patreon.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.244.42.1 (United States)

ASN13414 (TWITTER, US)

twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:2800:234:59:254c:406:2366:268c (United States)

ASN15133 (EDGECAST, US)

platform.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:809::200e (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE, US)

www.youtube.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:80f::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

consent.youtube.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 162.159.134.234 (None, ) 1 redirects

ASN13335 (CLOUDFLARENET, US)

discord.gg	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 162.159.135.232 (None, )

ASN13335 (CLOUDFLARENET, US)

discord.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f276:e8:face:b00c:0:4420 (Frankfurt am Main, Germany) 1 redirects

ASN32934 (FACEBOOK, US)

www.instagram.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 64.4.250.37 (United States) 1 redirects

ASN17012 (PAYPAL, US)
PTR: paypal.com

paypal.me	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.1.21 (United States) 1 redirects

ASN54113 (FASTLY, US)

www.paypal.me	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.65.21 (United States)

ASN54113 (FASTLY, US)

www.paypal.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 99.84.146.5 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-99-84-146-5.txl52.r.cloudfront.net

uploads-ssl.webflow.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

26 2a00:1450:4001:813::2002 (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2606:4700:4400::ac40:919c (United States)

ASN13335 (CLOUDFLARENET, US)

scripts.cleverwebserver.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
ui.cleverwebserver.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
call.cleverwebserver.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.244.42.8 (United States)

ASN13414 (TWITTER, US)

syndication.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 137.220.35.134 (Kent, United States)

ASN20473 (AS-CHOOPA, US)
PTR: 137.220.35.134.vultrusercontent.com

widgets.sociablekit.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

33 2a00:1450:4001:813::2001 (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a00:1450:4001:827::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2620:1ec:bdf::45 (United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

adsdk.microsoft.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 184.30.16.183 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a184-30-16-183.deploy.static.akamaitechnologies.com

cdn.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 142.250.184.194 (United States) 8 redirects

ASN15169 (GOOGLE, US)
PTR: fra24s11-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 104.18.36.155 (None, ) 3 redirects

ASN13335 (CLOUDFLARENET, US)

dsum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 185.89.210.141 (Frankfurt am Main, Germany) 3 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 950.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
ams3-ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:831::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 172.217.16.134 (United States)

ASN15169 (GOOGLE, US)
PTR: fra15s46-in-f6.1e100.net

ad.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:800::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

encrypted-tbn1.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:827::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

encrypted-tbn2.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:82f::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

encrypted-tbn3.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 144.76.91.199 (Dottingen, Germany)

ASN24940 (HETZNER-AS, DE)
PTR: static.199.91.76.144.clients.your-server.de

hal9000.redintelligence.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a02:26f0:3500:1b::1724:a38a (Frankfurt am Main, Germany) 1 redirects

ASN20940 (AKAMAI-ASN1, NL)

www.bing.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 138.201.135.164 (St. Ingbert, Germany) 1 redirects

ASN24940 (HETZNER-AS, DE)
PTR: static.164.135.201.138.clients.your-server.de

hal900015.redintelligence.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.186.34 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s04-in-f2.1e100.net

www.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 91.121.248.44 (France)

ASN16276 (OVH, FR)
PTR: ip44.ip-91-121-248.eu

pv.medialead.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a0b:4d07:101::1 (Switzerland)

ASN44239 (PROINITY PROINITY, CH)

adv.office-partner.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a01:4f8:d0a:2321::2 (Ulm, Germany) 1 redirects

ASN24940 (HETZNER-AS, DE)

cdn.retailads.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 49.12.22.42 (Germany)

ASN24940 (HETZNER-AS, DE)
PTR: lb-3.futalis.de

futalis.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.43.203.41 (London, United Kingdom)

ASN16509 (AMAZON-02, US)
PTR: ec2-13-43-203-41.eu-west-2.compute.amazonaws.com

track.webgains.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 216.58.206.38 (United States) 2 redirects

ASN15169 (GOOGLE, US)
PTR: mil07s07-in-f6.1e100.net

5994599.fls.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
8019191.fls.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 94.23.99.218 (France) 1 redirects

ASN16276 (OVH, FR)
PTR: ip218.ip-94-23-99.eu

medialead.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:80f::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.66.2.29 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-66-2-29.txl50.r.cloudfront.net

analytics.webgains.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 99.84.146.86 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-99-84-146-86.txl52.r.cloudfront.net

cdn.track.production.webgains.team	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:81c::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:808::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

imasdk.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.244.159.8 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 8.159.244.35.bc.googleusercontent.com

us-u.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2.19.217.101 (Prague, Czech Republic)

ASN16625 (AKAMAI-AS, US)
PTR: a2-19-217-101.deploy.static.akamaitechnologies.com

sync.teads.tv	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:828::2004 (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2404:6800:4004:821::2003 (Australia)

ASN15169 (GOOGLE, US)

csi.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 64.233.167.155 (United States)

ASN15169 (GOOGLE, US)
PTR: wl-in-f155.1e100.net

bid.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.18.36.54 (None, )

ASN13335 (CLOUDFLARENET, US)

vast.doubleverify.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 46.4.10.47 (Rostock, Germany)

ASN24940 (HETZNER-AS, DE)
PTR: static.47.10.4.46.clients.your-server.de

hal90002.redintelligence.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:830::200e (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE, US)

gcdn.2mdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:3c::7 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

r2---sn-4g5e6nzl.c.2mdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.157.49.61 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-35-157-49-61.eu-central-1.compute.amazonaws.com

t23.intelliad.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 104.64.118.247 (Prague, Czech Republic) 1 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a104-64-118-247.deploy.static.akamaitechnologies.com

www.awin1.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6812:acf (United States)

ASN13335 (CLOUDFLARENET, US)

maxcdn.bootstrapcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 3.8.107.16 (London, United Kingdom)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-8-107-16.eu-west-2.compute.amazonaws.com

api.webgains.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 136.243.149.243 (Ludwigshafen am Rhein, Germany)

ASN24940 (HETZNER-AS, DE)
PTR: static.243.149.243.136.clients.your-server.de

hal900030.redintelligence.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 85.10.231.200 (Fellbach, Germany)

ASN24940 (HETZNER-AS, DE)
PTR: 85-10-231-200.clients.your-server.de

www.media01.eu	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 142.250.186.98 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s06-in-f2.1e100.net

ade.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 130.211.44.5 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 5.44.211.130.bc.googleusercontent.com

tpsc-video-eu.doubleverify.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
tps.doubleverify.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.185.194 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s52-in-f2.1e100.net

googleads4.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a02:26f0:3500:58c::1ec4 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

secure.insightexpressai.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:4400::6812:2aef (United States)

ASN13335 (CLOUDFLARENET, US)

vtrk.doubleverify.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.66.137 (United States)

ASN54113 (FASTLY, US)

js-agent.newrelic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 165.232.46.2 (Slough, United Kingdom)

ASN14061 (DIGITALOCEAN-ASN, US)
PTR: 1001405.cloudwaysapps.com

data.accentapi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 162.247.243.29 (United States)

ASN54113 (FASTLY, US)

bam.nr-data.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
80	googlesyndication.com 1 redirects pagead2.googlesyndication.com — Cisco Umbrella Rank: 102 tpc.googlesyndication.com — Cisco Umbrella Rank: 148 ade.googlesyndication.com — Cisco Umbrella Rank: 293	764 KB
47	doubleclick.net 11 redirects googleads.g.doubleclick.net — Cisco Umbrella Rank: 33 cm.g.doubleclick.net — Cisco Umbrella Rank: 219 ad.doubleclick.net — Cisco Umbrella Rank: 139 5994599.fls.doubleclick.net — Cisco Umbrella Rank: 98422 bid.g.doubleclick.net — Cisco Umbrella Rank: 840 8019191.fls.doubleclick.net — Cisco Umbrella Rank: 270869 googleads4.g.doubleclick.net — Cisco Umbrella Rank: 515	259 KB
26	gstatic.com fonts.gstatic.com www.gstatic.com encrypted-tbn1.gstatic.com encrypted-tbn2.gstatic.com encrypted-tbn3.gstatic.com csi.gstatic.com	369 KB
24	redintelligence.net 1 redirects hal9000.redintelligence.net — Cisco Umbrella Rank: 37721 hal900015.redintelligence.net — Cisco Umbrella Rank: 217342 hal90002.redintelligence.net — Cisco Umbrella Rank: 235191 hal900030.redintelligence.net — Cisco Umbrella Rank: 206142	118 KB
18	website-files.com assets-global.website-files.com — Cisco Umbrella Rank: 6575	1 MB
13	sociablekit.com 1 redirects www.sociablekit.com — Cisco Umbrella Rank: 385111 widgets.sociablekit.com — Cisco Umbrella Rank: 99964	159 KB
11	googleapis.com ajax.googleapis.com — Cisco Umbrella Rank: 340 fonts.googleapis.com — Cisco Umbrella Rank: 29 imasdk.googleapis.com — Cisco Umbrella Rank: 487	175 KB
10	google.com 5 redirects accounts.google.com — Cisco Umbrella Rank: 23 adservice.google.com — Cisco Umbrella Rank: 93 www.google.com — Cisco Umbrella Rank: 2	5 KB
9	adnxs.com 3 redirects cdn.adnxs.com — Cisco Umbrella Rank: 1605 ib.adnxs.com — Cisco Umbrella Rank: 229 ams3-ib.adnxs.com — Cisco Umbrella Rank: 6997	33 KB
7	doubleverify.com vast.doubleverify.com — Cisco Umbrella Rank: 1706 tpsc-video-eu.doubleverify.com — Cisco Umbrella Rank: 13049 tps.doubleverify.com — Cisco Umbrella Rank: 505 vtrk.doubleverify.com — Cisco Umbrella Rank: 1385	5 KB
7	casalemedia.com 3 redirects dsum-sec.casalemedia.com — Cisco Umbrella Rank: 578	5 KB
6	googletagservices.com www.googletagservices.com — Cisco Umbrella Rank: 206	386 KB
6	fifermods.com 1 redirects www.fifermods.com	22 KB
5	youtube.com 1 redirects www.youtube.com — Cisco Umbrella Rank: 71 consent.youtube.com — Cisco Umbrella Rank: 23557	70 KB
5	cloudfront.net d3vw4uehoh23hx.cloudfront.net d3e54v103j8qbb.cloudfront.net	148 KB
4	awin1.com 1 redirects www.awin1.com — Cisco Umbrella Rank: 13930	3 KB
4	medialead.de 1 redirects pv.medialead.de — Cisco Umbrella Rank: 47317 medialead.de — Cisco Umbrella Rank: 46843	1 KB
4	webflow.com uploads-ssl.webflow.com — Cisco Umbrella Rank: 13416	298 KB
4	unicatethebe.org unicatethebe.org	1 KB
4	pogothere.xyz pogothere.xyz — Cisco Umbrella Rank: 34161	202 KB
3	accentapi.com data.accentapi.com — Cisco Umbrella Rank: 110750	3 KB
3	2mdn.net 1 redirects gcdn.2mdn.net — Cisco Umbrella Rank: 1193 r2---sn-4g5e6nzl.c.2mdn.net — Cisco Umbrella Rank: 571077	2 MB
3	webgains.io analytics.webgains.io — Cisco Umbrella Rank: 24395 api.webgains.io — Cisco Umbrella Rank: 59842	19 KB
3	bing.com 1 redirects www.bing.com — Cisco Umbrella Rank: 60	6 KB
3	cleverwebserver.com scripts.cleverwebserver.com — Cisco Umbrella Rank: 27971 ui.cleverwebserver.com — Cisco Umbrella Rank: 28712 call.cleverwebserver.com — Cisco Umbrella Rank: 29496	48 KB
3	twitter.com twitter.com — Cisco Umbrella Rank: 316 platform.twitter.com — Cisco Umbrella Rank: 1230 syndication.twitter.com — Cisco Umbrella Rank: 1549	21 KB
2	insightexpressai.com secure.insightexpressai.com — Cisco Umbrella Rank: 1392	4 KB
2	teads.tv sync.teads.tv — Cisco Umbrella Rank: 1299	326 B
2	openx.net us-u.openx.net — Cisco Umbrella Rank: 491	400 B
2	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 36	154 KB
2	retailads.net 1 redirects cdn.retailads.net — Cisco Umbrella Rank: 164531	6 KB
2	googleadservices.com www.googleadservices.com — Cisco Umbrella Rank: 138
2	paypal.me 2 redirects paypal.me — Cisco Umbrella Rank: 196146 www.paypal.me — Cisco Umbrella Rank: 241095	537 B
2	instagram.com 1 redirects www.instagram.com — Cisco Umbrella Rank: 1868	214 B
2	tbradshedm.org tbradshedm.org	1 KB
1	nr-data.net bam.nr-data.net — Cisco Umbrella Rank: 225	407 B
1	newrelic.com js-agent.newrelic.com — Cisco Umbrella Rank: 590	16 KB
1	media01.eu www.media01.eu — Cisco Umbrella Rank: 254662	904 B
1	bootstrapcdn.com maxcdn.bootstrapcdn.com — Cisco Umbrella Rank: 988	7 KB
1	intelliad.de t23.intelliad.de — Cisco Umbrella Rank: 133815	555 B
1	webgains.team cdn.track.production.webgains.team — Cisco Umbrella Rank: 61264	447 B
1	webgains.com track.webgains.com — Cisco Umbrella Rank: 49821	2 KB
1	futalis.de futalis.de — Cisco Umbrella Rank: 305788	401 B
1	office-partner.de adv.office-partner.de — Cisco Umbrella Rank: 128498	923 B
1	microsoft.com adsdk.microsoft.com — Cisco Umbrella Rank: 4453	38 KB
1	paypal.com www.paypal.com — Cisco Umbrella Rank: 2085
1	discord.com discord.com — Cisco Umbrella Rank: 2277
1	discord.gg 1 redirects discord.gg — Cisco Umbrella Rank: 2653	591 B
1	patreon.com www.patreon.com — Cisco Umbrella Rank: 24398
1	facebook.com www.facebook.com — Cisco Umbrella Rank: 98
309	50

	Domain	Requested by
41	pagead2.googlesyndication.com	www.fifermods.com pagead2.googlesyndication.com googleads.g.doubleclick.net tpc.googlesyndication.com www.googletagservices.com
33	tpc.googlesyndication.com	1 redirects googleads.g.doubleclick.net tpc.googlesyndication.com www.fifermods.com imasdk.googleapis.com pagead2.googlesyndication.com
26	googleads.g.doubleclick.net	1 redirects pagead2.googlesyndication.com googleads.g.doubleclick.net www.fifermods.com
18	assets-global.website-files.com	www.fifermods.com
12	hal9000.redintelligence.net	googleads.g.doubleclick.net hal900015.redintelligence.net hal90002.redintelligence.net hal900030.redintelligence.net
10	cm.g.doubleclick.net	8 redirects googleads.g.doubleclick.net
10	widgets.sociablekit.com	www.sociablekit.com
8	csi.gstatic.com	imasdk.googleapis.com
7	dsum-sec.casalemedia.com	3 redirects googleads.g.doubleclick.net
7	fonts.gstatic.com	fonts.googleapis.com
7	fonts.googleapis.com	ajax.googleapis.com hal900015.redintelligence.net googleads.g.doubleclick.net hal90002.redintelligence.net hal900030.redintelligence.net
6	ade.googlesyndication.com	www.fifermods.com
6	www.googletagservices.com	googleads.g.doubleclick.net www.fifermods.com
6	accounts.google.com	4 redirects www.fifermods.com
6	www.fifermods.com	1 redirects www.fifermods.com
5	ib.adnxs.com	3 redirects googleads.g.doubleclick.net
4	tpsc-video-eu.doubleverify.com	www.fifermods.com
4	hal900030.redintelligence.net	hal9000.redintelligence.net hal900030.redintelligence.net
4	www.awin1.com	1 redirects googleads.g.doubleclick.net
4	hal90002.redintelligence.net	hal9000.redintelligence.net hal90002.redintelligence.net
4	hal900015.redintelligence.net	1 redirects googleads.g.doubleclick.net hal900015.redintelligence.net
4	ad.doubleclick.net	googleads.g.doubleclick.net imasdk.googleapis.com
4	www.gstatic.com	googleads.g.doubleclick.net
4	uploads-ssl.webflow.com	assets-global.website-files.com
4	www.youtube.com	1 redirects www.sociablekit.com www.youtube.com
4	unicatethebe.org	www.fifermods.com
4	pogothere.xyz	d3vw4uehoh23hx.cloudfront.net
4	d3vw4uehoh23hx.cloudfront.net	www.fifermods.com d3vw4uehoh23hx.cloudfront.net
3	data.accentapi.com	www.sociablekit.com
3	pv.medialead.de	hal900015.redintelligence.net googleads.g.doubleclick.net hal900030.redintelligence.net
3	ams3-ib.adnxs.com	googleads.g.doubleclick.net cdn.adnxs.com
3	www.bing.com	1 redirects googleads.g.doubleclick.net
3	encrypted-tbn1.gstatic.com	googleads.g.doubleclick.net
3	www.sociablekit.com	1 redirects www.fifermods.com www.sociablekit.com
2	secure.insightexpressai.com	www.fifermods.com
2	googleads4.g.doubleclick.net	www.fifermods.com
2	api.webgains.io	analytics.webgains.io
2	8019191.fls.doubleclick.net	1 redirects www.fifermods.com
2	r2---sn-4g5e6nzl.c.2mdn.net	www.fifermods.com
2	www.google.com	1 redirects tpc.googlesyndication.com
2	sync.teads.tv	googleads.g.doubleclick.net
2	us-u.openx.net	googleads.g.doubleclick.net
2	imasdk.googleapis.com	googleads.g.doubleclick.net
2	adservice.google.com	5994599.fls.doubleclick.net 8019191.fls.doubleclick.net
2	www.googletagmanager.com	adv.office-partner.de www.googletagmanager.com
2	5994599.fls.doubleclick.net	1 redirects www.fifermods.com
2	cdn.retailads.net	1 redirects futalis.de
2	www.googleadservices.com	www.fifermods.com
2	encrypted-tbn3.gstatic.com	googleads.g.doubleclick.net
2	encrypted-tbn2.gstatic.com	googleads.g.doubleclick.net
2	www.instagram.com	1 redirects www.fifermods.com
2	tbradshedm.org	d3vw4uehoh23hx.cloudfront.net
2	ajax.googleapis.com	www.fifermods.com www.sociablekit.com
1	bam.nr-data.net	js-agent.newrelic.com
1	js-agent.newrelic.com	www.sociablekit.com
1	vtrk.doubleverify.com	www.fifermods.com
1	tps.doubleverify.com	www.fifermods.com
1	www.media01.eu	hal900030.redintelligence.net
1	maxcdn.bootstrapcdn.com	www.sociablekit.com
1	t23.intelliad.de	googleads.g.doubleclick.net
1	gcdn.2mdn.net	1 redirects
1	vast.doubleverify.com	imasdk.googleapis.com
1	bid.g.doubleclick.net	imasdk.googleapis.com
1	cdn.track.production.webgains.team	googleads.g.doubleclick.net
1	analytics.webgains.io	track.webgains.com
1	medialead.de	1 redirects
1	track.webgains.com	www.fifermods.com
1	futalis.de	hal900015.redintelligence.net
1	adv.office-partner.de	hal900015.redintelligence.net
1	cdn.adnxs.com	googleads.g.doubleclick.net
1	adsdk.microsoft.com	googleads.g.doubleclick.net
1	call.cleverwebserver.com	www.fifermods.com
1	ui.cleverwebserver.com	www.fifermods.com
1	syndication.twitter.com	platform.twitter.com
1	scripts.cleverwebserver.com	www.fifermods.com
1	www.paypal.com	www.fifermods.com
1	www.paypal.me	1 redirects
1	paypal.me	1 redirects
1	discord.com	www.fifermods.com
1	discord.gg	1 redirects
1	consent.youtube.com	www.fifermods.com
1	platform.twitter.com	www.fifermods.com
1	twitter.com	www.fifermods.com
1	www.patreon.com	www.fifermods.com
1	www.facebook.com	www.fifermods.com
1	d3e54v103j8qbb.cloudfront.net	www.fifermods.com
309	86

This site contains links to these domains. Also see Links.

Domain
www.patreon.com
twitter.com
www.youtube.com
discord.gg
www.instagram.com
paypal.me
www.imstudiomods.com

Subject Issuer	Validity	Valid
www.fifermods.com R3	`2023-11-15` - `2024-02-13`	3 months	crt.sh
*.website-files.com Amazon RSA 2048 M03	`2023-09-11` - `2024-10-08`	a year	crt.sh
upload.video.google.com GTS CA 1C3	`2023-11-20` - `2024-02-12`	3 months	crt.sh
*.cloudfront.net Amazon RSA 2048 M01	`2023-10-10` - `2024-09-19`	a year	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2023-11-20` - `2024-02-12`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2023-11-20` - `2024-02-12`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2023-02-28` - `2024-02-27`	a year	crt.sh
tbradshedm.org Amazon RSA 2048 M02	`2023-12-09` - `2025-01-06`	a year	crt.sh
unicatethebe.org GTS CA 1P5	`2023-12-14` - `2024-03-13`	3 months	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2023-09-23` - `2023-12-22`	3 months	crt.sh
patreon.com Cloudflare Inc ECC CA-3	`2023-04-08` - `2024-04-07`	a year	crt.sh
twitter.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-10-31` - `2024-10-29`	a year	crt.sh
*.twimg.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-07-28` - `2024-07-26`	a year	crt.sh
uploads-ssl.webflow.com Amazon RSA 2048 M02	`2023-07-29` - `2024-08-26`	a year	crt.sh
cleverwebserver.com Cloudflare Inc ECC CA-3	`2023-08-06` - `2024-08-04`	a year	crt.sh
syndication.twitter.com R3	`2023-12-11` - `2024-03-10`	3 months	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2023-11-20` - `2024-02-12`	3 months	crt.sh
adsdk.microsoft.com Microsoft Azure TLS Issuing CA 02	`2023-10-11` - `2024-04-08`	6 months	crt.sh
cdn.adnxs.com GeoTrust RSA CA 2018	`2023-08-24` - `2024-08-24`	a year	crt.sh
*.doubleclick.net GTS CA 1C3	`2023-11-20` - `2024-02-12`	3 months	crt.sh
redintelligence.net R3	`2023-12-13` - `2024-03-12`	3 months	crt.sh
r.bing.com Microsoft Azure ECC TLS Issuing CA 05	`2023-10-18` - `2024-06-27`	8 months	crt.sh
*.adnxs.com GeoTrust ECC CA 2018	`2023-02-13` - `2024-03-15`	a year	crt.sh
pv.medialead.de R3	`2023-12-04` - `2024-03-03`	3 months	crt.sh
adv.office-partner.de R3	`2023-10-28` - `2024-01-26`	3 months	crt.sh
*.futalis.de R3	`2023-12-12` - `2024-03-11`	3 months	crt.sh
*.webgains.com Amazon RSA 2048 M01	`2023-05-15` - `2024-06-13`	a year	crt.sh
www.googleadservices.com GTS CA 1C3	`2023-11-20` - `2024-02-12`	3 months	crt.sh
*.google-analytics.com GTS CA 1C3	`2023-11-20` - `2024-02-12`	3 months	crt.sh
cdn.retailads.net Encryption Everywhere DV TLS CA - G2	`2023-05-18` - `2024-05-17`	a year	crt.sh
*.webgains.io Amazon RSA 2048 M01	`2023-07-24` - `2024-08-22`	a year	crt.sh
cdn.track.production.webgains.team Amazon RSA 2048 M03	`2023-08-30` - `2024-09-27`	a year	crt.sh
*.google.com GTS CA 1C3	`2023-11-20` - `2024-02-12`	3 months	crt.sh
*.openx.net RapidSSL TLS RSA CA G1	`2023-08-18` - `2024-08-18`	a year	crt.sh
teads.tv R3	`2023-11-03` - `2024-02-01`	3 months	crt.sh
vast.doubleverify.com Go Daddy Secure Certificate Authority - G2	`2023-06-11` - `2024-07-12`	a year	crt.sh
*.intelliad.de Thawte TLS RSA CA G1	`2023-07-31` - `2024-08-30`	a year	crt.sh
www.awin1.com DigiCert TLS RSA SHA256 2020 CA1	`2023-03-10` - `2024-03-09`	a year	crt.sh
widgets.sociablekit.com R3	`2023-12-13` - `2024-03-12`	3 months	crt.sh
bootstrapcdn.com GTS CA 1P5	`2023-11-30` - `2024-02-28`	3 months	crt.sh
*.c.docs.google.com GTS CA 1C3	`2023-12-05` - `2024-02-13`	2 months	crt.sh
*.media01.eu RapidSSL TLS RSA CA G1	`2023-05-16` - `2024-05-15`	a year	crt.sh
*.doubleverify.com Starfield Secure Certificate Authority - G2	`2023-08-25` - `2024-09-25`	a year	crt.sh
*.tps.doubleverify.com Go Daddy Secure Certificate Authority - G2	`2023-09-29` - `2024-09-28`	a year	crt.sh
*.insightexpressai.com DigiCert TLS RSA SHA256 2020 CA1	`2023-03-16` - `2024-03-15`	a year	crt.sh
vtrk.doubleverify.com E1	`2023-11-09` - `2024-02-07`	3 months	crt.sh
js-agent.newrelic.com GlobalSign Atlas R3 DV TLS CA 2023 Q2	`2023-04-13` - `2024-05-14`	a year	crt.sh
data.accentapi.com R3	`2023-11-22` - `2024-02-20`	3 months	crt.sh
*.nr-data.net DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-09-29` - `2024-10-01`	a year	crt.sh
www.google.com GTS CA 1C3	`2023-11-20` - `2024-02-12`	3 months	crt.sh

This page contains 38 frames:

Primary Page: https://www.fifermods.com/
Frame ID: 9533F82E46A3D4638387F9FB2E5A0B0B
Requests: 65 HTTP requests in this frame

Frame: https://www.sociablekit.com/app/embed/45837
Frame ID: B094B18022FFA1B21B9CE7D907D262E0
Requests: 22 HTTP requests in this frame

Frame: https://platform.twitter.com/widgets/follow_button.html
Frame ID: 5970C74EB61A5E80CC7E69421945C06C
Requests: 3 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20231207/r20190131/zrt_lookup_fy2021.html
Frame ID: 1DE9092572827ED56268A9C57C77144E
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2575916601382163&output=html&adk=1812271804&adf=3025194257&lmt=1702594879&plat=2%3A16777216%2C9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C41%3A32%2C42%3A32&plas=140x945_l%7C140x945_r&format=0x0&url=https%3A%2F%2Fwww.fifermods.com%2F&ea=0&pra=5&wgl=1&easpi=0&asro=0&asiscm=1&aslmt=0.4&asamt=-1&asedf=0&asefa=1&aseiel=1~2~4~6&aslcwct=150&asacwct=25&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1702594879256&bpp=4&bdt=331&idt=225&shv=r20231207&mjsv=m202312070101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=5814379461392&frm=20&pv=2&ga_vid=111540019.1702594879&ga_sid=1702594879&ga_hid=2004749650&ga_fc=0&u_tz=60&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C31079979%2C42532524%2C44785294%2C95320885&oid=2&pvsid=3081681150647098&tmod=667205178&uas=0&nvt=1&fsapi=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=1&uci=a!1&fsb=1&dtd=236
Frame ID: 2A0A8CC79FCB87E05A60C99133952FA2
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2575916601382163&output=html&h=90&slotname=1583562955&adk=1609618297&adf=3610118697&pi=t.ma~as.1583562955&w=728&lmt=1702594879&format=728x90&url=https%3A%2F%2Fwww.fifermods.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1702594879260&bpp=1&bdt=335&idt=234&shv=r20231207&mjsv=m202312070101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=5814379461392&frm=20&pv=1&ga_vid=111540019.1702594879&ga_sid=1702594879&ga_hid=2004749650&ga_fc=0&u_tz=60&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=436&ady=635&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C31079979%2C42532524%2C44785294%2C95320885&oid=2&pvsid=3081681150647098&tmod=667205178&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeE%7C&abl=CS&pfx=0&fu=0&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=a!2&fsb=1&dtd=236
Frame ID: 2F2AB643FF6722A0F10E4B2497CA23FE
Requests: 18 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2575916601382163&output=html&h=90&slotname=8687599108&adk=527282194&adf=2440769997&pi=t.ma~as.8687599108&w=728&lmt=1702594879&format=728x90&url=https%3A%2F%2Fwww.fifermods.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1702594879262&bpp=1&bdt=337&idt=235&shv=r20231207&mjsv=m202312070101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C728x90&nras=1&correlator=5814379461392&frm=20&pv=1&ga_vid=111540019.1702594879&ga_sid=1702594879&ga_hid=2004749650&ga_fc=0&u_tz=60&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=436&ady=3411&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C31079979%2C42532524%2C44785294%2C95320885&oid=2&pvsid=3081681150647098&tmod=667205178&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=3&uci=a!3&btvi=1&fsb=1&dtd=236
Frame ID: 164E8FD6BD52359A54CE8C879EAEE40E
Requests: 20 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2575916601382163&output=html&h=90&slotname=4967845940&adk=2824991640&adf=3631225521&pi=t.ma~as.4967845940&w=728&lmt=1702594879&format=728x90&url=https%3A%2F%2Fwww.fifermods.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1702594879262&bpp=1&bdt=337&idt=237&shv=r20231207&mjsv=m202312070101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C728x90%2C728x90&nras=1&correlator=5814379461392&frm=20&pv=1&ga_vid=111540019.1702594879&ga_sid=1702594879&ga_hid=2004749650&ga_fc=0&u_tz=60&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C31079979%2C42532524%2C44785294%2C95320885&oid=2&pvsid=3081681150647098&tmod=667205178&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7ConepEr%7C&abl=CS&pfx=0&fu=32768&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=4&uci=a!4&fsb=1&dtd=240
Frame ID: 541B983B7271183D1C408472003AFFDB
Requests: 12 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxj-rbvGATAB&v=APEucNVTXdu-KlEIKsUQeoXUZusq3HboeXXEnQZvIWIqFcl0r5Ciw4KXFAMZ5S-PKdCml9fK01xQB5UzRqPhQVzpDRKgHV9lIWxxAF-U7Be6NBbnOz7QueErk9cfwQ2CUjxeRtfLA5VR_F-hHQwc2naEE5TOPu0PieeXqDkHpZHtH44lmqHh8Yc
Frame ID: A4517E72FCDBFF04105301B49A232E9A
Requests: 5 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/62bHydCX.html
Frame ID: B4891B89BB0E6399A0DF156904A2E7C8
Requests: 3 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/a_HaIzZFyEVJYJ9hlnDU0-lGrGHVFv1T5ZfBCtEAYIo.js
Frame ID: 2C16DB8D7026ACAE2C0DCDB343502904
Requests: 1 HTTP requests in this frame

Frame: https://pv.medialead.de/trck/epv/e99aace94e6e5873881d3400993e1e7e?subid=67793200000114704444550012539015&t=htlp&gdpr=1&consent=1&gdpr_consent=
Frame ID: 555E7BB195FFA76959F1A3AB8860A8C7
Requests: 1 HTTP requests in this frame

Frame: https://adv.office-partner.de/?utm_source=webgains&utm_campaign=webgains
Frame ID: E033947233FC05CD50C85BD62E1E210F
Requests: 3 HTTP requests in this frame

Frame: https://futalis.de/htlp?utm_medium=affiliate&utm_source=retailads&utm_campaign=150337&ra_id=3386922984
Frame ID: 19E6973E1CDE93438F81D3211C4A43B9
Requests: 2 HTTP requests in this frame

Frame: https://5994599.fls.doubleclick.net/activityi;dc_pre=COaXqJiEkIMDFftdkQUdrOsEbQ;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=3149357723691.3286
Frame ID: 4A9086AD8FFDF16E1B85DCAC0899E9E6
Requests: 2 HTTP requests in this frame

Frame: https://hal900015.redintelligence.net/request_content.php?s=67793200000114704444550012539015&a=f484c46c
Frame ID: 536C931A9A3148BF4EFCD08D8F866719
Requests: 6 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2575916601382163&output=html&h=280&adk=3088186576&adf=1409212968&pi=t.aa~a.3354524715~rp.4&w=1200&fwrn=4&fwrnh=100&lmt=1702594880&rafmt=1&to=qs&pwprc=4191673006&format=1200x280&url=https%3A%2F%2Fwww.fifermods.com%2F&ea=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1702594880397&bpp=1&bdt=1472&idt=0&shv=r20231207&mjsv=m202312070101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D4ea1f9560c3741e1%3AT%3D1702594879%3ART%3D1702594879%3AS%3DALNI_MbM6YwTtaHarXXe78PDIwZu7vQP5w&gpic=UID%3D00000d1a4512dd46%3AT%3D1702594879%3ART%3D1702594879%3AS%3DALNI_MZjcAkBM7e5ItjOsjRW_1-8BujGuQ&prev_fmts=0x0%2C728x90%2C728x90%2C728x90&nras=2&correlator=5814379461392&frm=20&pv=1&ga_vid=111540019.1702594879&ga_sid=1702594879&ga_hid=2004749650&ga_fc=0&u_tz=60&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=1717&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C31079979%2C42532524%2C44785294%2C95320885&oid=2&psts=AOrYGskwPjGkbrx8u76LR6VuCTcSQWYsnJ3QfxEoyOjCx21NeLyfOqa9RttAJsVLwsCKF295N_NLansQ_cwLO74G4_aqlGJO%2CAOrYGslco8A4oWdFkubx1hb7S8AJtDBv0TUmktibaT8GulVtKiCm9t-K2R_cedv4LXgupErhVQcvPrsK-15ZmN-3KzlBRwjMXuDVNEgqZes%2CAOrYGskZyFFV7uJF6NfSVoFREk5CEX6qd5ZzcM1RT8kYWHFAuDf6fDDu-MOTQiS7dpzwY4PLfhJ3AbFgOu_TQ1Kg0A4C-kGB&pvsid=3081681150647098&tmod=667205178&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=5&uci=a!5&btvi=2&fsb=1&dtd=2
Frame ID: D24604530F14A0AA944D5908980B22D3
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20231207/r20110914/zrt_lookup_fy2021.html?fsb=1
Frame ID: 402597E025A1ECD1ACDB0DD72390497D
Requests: 6 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20231207/r20110914/zrt_lookup_fy2021.html?fsb=1
Frame ID: 5A1AFDDD7BE086B8C22F7610EB3C2B89
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20231207/r20110914/zrt_lookup_fy2021.html?fsb=1
Frame ID: 509B8E56D7FB550176FCC5E746DB8079
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20231207/r20110914/zrt_lookup_fy2021.html?fsb=1
Frame ID: 68E72E2D3B3E1F5AEA5E695A6A8687EA
Requests: 49 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxitm7vGATAB&v=APEucNVCbmTW4nJ6pInqBr9ZkcdhX0NDZ7I7SIJCToI_5TDBuM0svRJsntSy9B9CLsCLofZqwOBKh1LCd_Hh4EHr0hgfMaBFp_scBk70P1gS4oxqZyvjgkCsCaVoz7Zyx7bPZihLocylrDPloYwlH65bUIjm76k_aO39lpsh4Sb3fg83dwttSqw
Frame ID: 4FB000FA7DEA8E9817DAF3C95A72B55F
Requests: 5 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/js/dv3.js
Frame ID: 42DDCE667EBB936BAA437B97CC2BBED4
Requests: 18 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxitm7vGATAB&v=APEucNUL5Ism1_VpfSXb-zJJJPMP5cIvAhvU0TR5S-ZAYYNJ_8N2lO8fEg0sgFyf5RaWSa1r8awFd0ZI7Amc5iVVcaj5s1Eut5UKZrd2fwMdhTvuLzxpc1oNM7e5cIfrmltk-074B4_0Tpl-9Ty8bOjV9YgIxFOQkQiYNA4azBt8YRYhO2kIAMg
Frame ID: DD2335CBCFB153A4ADBFFA6973689FC4
Requests: 5 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/js/dv3.js
Frame ID: 51ECE7E8E703DCCCA4C910ADF5212C2F
Requests: 16 HTTP requests in this frame

Frame: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500
Frame ID: 74629D31A16E9A9D3BE170C99C53A616
Requests: 7 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Frame ID: 56C51C046C1BC0D069E8B4D592CCD4F7
Requests: 2 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/a_HaIzZFyEVJYJ9hlnDU0-lGrGHVFv1T5ZfBCtEAYIo.js
Frame ID: A2B40DF7218F5DD0AC23EC2DF687DFB7
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/62bHydCX.html
Frame ID: ECA15B6DD25BF4143AA1B6261BF64325
Requests: 3 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/H0ZEmIz7.html
Frame ID: EFCB641FB89E6F2FD760FF3291EF0843
Requests: 3 HTTP requests in this frame

Frame: https://8019191.fls.doubleclick.net/activityi;dc_pre=CKPU15iEkIMDFW1gkQUdFz0GRA;src=8019191;type=invmedia;cat=1up4h04i;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=9116758614660.271
Frame ID: 42D2B8B0D2A7E36C9C9B44309DA69BF2
Requests: 2 HTTP requests in this frame

Frame: https://hal90002.redintelligence.net/request_content.php?s=25864500000102504444552012539002&a=67bc9bea
Frame ID: 71BBA236700C8847C29E5B4C2B33E9DA
Requests: 9 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/62bHydCX.html
Frame ID: 123514CC3943757992CDF502559D42EF
Requests: 3 HTTP requests in this frame

Frame: https://pv.medialead.de/trck/epv/89f7480c0afa0150827cf163f8728151?subid=42066600000107704444552012539030&t=htlp&gdpr=1&consent=1&gdpr_consent=
Frame ID: 811078158110701C24DAAE81CC990DEF
Requests: 1 HTTP requests in this frame

Frame: https://www.media01.eu/view.aspx?trackid=4FFE2293E3AB03641C3925C92FA06F0B&dt_subid1=&dt_subid2=affiliate&dt_keywords=&dt_freetext=&awc=20646_296283_1702594881_b26cc0c1-9ad4-11ee-b1a8-22396ad6a5ca&dt_mode=iframe&dt_url=
Frame ID: B16869CD1E00A6ED0F34FEA9EB09C22F
Requests: 1 HTTP requests in this frame

Frame: https://hal900030.redintelligence.net/request_content.php?s=42066600000107704444552012539030&a=f19139eb
Frame ID: 2EEF52938BB4B711F2F4EB0A86AD33CF
Requests: 9 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 4F47B1ADB8D4BB8B9124F36DCAE94DFE
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 61169FE5E1C9085B7235D5027B5EA34A
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

FIFER Mods

Page URL History Show full URLs

http://www.fifermods.com/ HTTP 301
https://www.fifermods.com/ Page URL

Detected technologies

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

AppNexus (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.(?:net|com)

DoubleClick Campaign Manager (DCM) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

2mdn\.net

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/
2mdn\.net

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com
googleapis\.com/.+webfont

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js
googletagmanager\.com/gtag/js

Moment Timezone (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

moment-timezone(?:-data)?(?:\.min)?\.js

Moment.js (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

moment(?:\.min)?\.js

OpenX (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.openx\.net

Swiper Slider (Miscellaneous) Expand

Overall confidence: 100%
Detected patterns

swiper(?:\.min)?\.js

Webgains (Affiliate programs) Expand

Overall confidence: 100%
Detected patterns

analytics\.webgains\.io

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
/([\d.]+)/jquery(?:\.min)?\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

309
Requests

93 %
HTTPS

44 %
IPv6

50
Domains

86
Subdomains

77
IPs

11
Countries

6193 kB
Transfer

11555 kB
Size

47
Cookies

8 Outgoing links

These are links going to different origins than the main page.

URL: https://www.patreon.com/posts/74066559
Title: Download

Search URL Search Domain Scan URL

URL: https://www.patreon.com/realismmod

Search URL Search Domain Scan URL

URL: https://twitter.com/FIFER_Mods

Search URL Search Domain Scan URL

URL: https://www.youtube.com/c/FIFERMODS

Search URL Search Domain Scan URL

URL: https://discord.gg/DJxMEyk

Search URL Search Domain Scan URL

URL: https://www.instagram.com/fifermods

Search URL Search Domain Scan URL

URL: https://paypal.me/fifermodding

Search URL Search Domain Scan URL

URL: https://www.imstudiomods.com/

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://www.fifermods.com/ HTTP 301
https://www.fifermods.com/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 31

https://accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail HTTP 302
https://accounts.google.com/InteractiveLogin?continue=https://www.google.com/favicon.ico&hl=en&passive=true&service=mail&uilel=3&ifkv=ASKXGp3c3WC4Zse1Vm6eCJEQx7sl6fd-L8ypXX4gm0LrEYkl6Qr8rKMvQTsWUJj4h_qTM9EKiwaGPw HTTP 302
https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&ifkv=ASKXGp0E2HGBAZrhx5xhYqQNrWDBzhHN58g8lE9g4jBs6VrBWKKTIk5gCL-ohNvL6K9snMp7HC9QmQ&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-1660632531%3A1702594879353206&theme=glif

Request Chain 32

https://accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube HTTP 302
https://accounts.google.com/InteractiveLogin?continue=https://www.youtube.com/favicon.ico&hl=en&passive=true&service=youtube&uilel=3&ifkv=ASKXGp1dzHgm_FaqqTVetfzYbCDRmw0SARRB6jjzQ9nNRjvbxMOBvpvCPyAMj650JqECvcJdyzXGXA HTTP 302
https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&ifkv=ASKXGp1f9bDe9q0Ibn7WbE6MqdoHVR_67lXKMlgCDb2DcUU1pyFGZzDTQqmsSLtg1BK43HQMBAKLgQ&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-1593079165%3A1702594879346636&theme=glif

Request Chain 44

https://www.youtube.com/c/FIFERMODS HTTP 302
https://consent.youtube.com/m?continue=https%3A%2F%2Fwww.youtube.com%2Fc%2FFIFERMODS%3Fcbrd%3D1&gl=DE&m=0&pc=yt&cm=2&hl=de&src=1

Request Chain 45

https://discord.gg/DJxMEyk HTTP 301
https://discord.com/invite/DJxMEyk

Request Chain 46

https://www.instagram.com/fifermods HTTP 301
https://www.instagram.com/fifermods/

Request Chain 47

https://paypal.me/fifermodding HTTP 302
https://www.paypal.me/fifermodding HTTP 301
https://www.paypal.com/paypalme/fifermodding

Request Chain 70

https://www.sociablekit.com/app/embed/youtube-channel-videos/widget.js HTTP 301
https://widgets.sociablekit.com/youtube-channel-videos/widget.js

Request Chain 82

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEJSzsbemwos7f02XKktSP8M&google_cver=1

Request Chain 83

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZXuJPyWG6jtAxPreJfweIQAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEJSzsbemwos7f02XKktSP8M&google_cver=1

Request Chain 84

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESELd63qdH9mGBtsmuFdsI43Y&google_cver=1

Request Chain 85

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 307
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=ODYzNTQ2MDA4MzQwOTI4NjM5MA%3D%3D

Request Chain 104

https://tpc.googlesyndication.com/pageadimg/imgad?id=CICAgKDrk57T4QEQ4QEY4QEyCOqNrdsqEJ6G HTTP 301
https://tpc.googlesyndication.com/simgad/149948325527134548

Request Chain 106

https://www.bing.com/api/v1/mediation/tracking?adUnit=391466&auId=4357d576-d96e-484f-b038-8c15e5683aeb&bidId=15000&bidderId=4&cmExpId=LV2&oAdUnit=391466&publisherId=162645330&rId=92783cf0-52b1-456d-9f44-49c65199e6b4&rlink=https%3A%2F%2Fwww.bing.com%2Faes%2Fc.gif%3FDI%3D0%26DIS%3DSB_15000-1-0%3F%26RG%3Dd59ac2bad3944bb7a93a788b51336b03%26SNR%3D1%26GV%3D2%26med%3D10&rtype=miFeedbackURL&tagId=6929499&trafficGroup=knaqe_3c&trafficSubGroup=pbageby&aid=3618458485175534704 HTTP 303
https://www.bing.com/aes/c.gif?DI=0&DIS=SB_15000-1-0?&RG=d59ac2bad3944bb7a93a788b51336b03&SNR=1&GV=2&med=10

Request Chain 111

https://hal900015.redintelligence.net/request.php?zone=g72h7lz2c4az&nw=20&renderingType=javascript&namespace=8fc928fd51&subid=&uid=d89957c679b88880&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=728x90&scrollPos=0x0&extData[]=&extVar[]=DV360_SSP%3A1&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCQS36P4l7Zc2CIMCI7_UP0KKP-A-m5b2gaYWVnKfJD_AuEAEgpJHiPGCVgoCAoAfIAQmpAtPqU3VdUrI-qAMByAObBKoE4gFP0BXxST-Xym3z6XrusableXxtAssUXdswrPYaxOhGDsRqR7u02fvW7fLzmtXfxIl5qD8FYot4dhIWnLi8tfrQ7bQHGnKaEHtvOSo4o8GJteFjpPHgmZEtxUrQLkkMmA_JFAmHg3j6ukvINETiqlxnSxKBKP-xUDoSzeKAC4STQbtCU6Pc-1tzVM4qQqhKjflDlXvd3FiajWe7YCx6T38hBck1xB0oHof0JbwtGk9YkBStLDa6rUhxZVr4hwAPa1Mky6OTu9ybo9zmFN5XOZWU7nJPEMxlnCHDpM7mlSc8Fy5VwATrj_yO9wPgBAOIBe-vlog-kAYBoAZNgAesrfWfA6gH2baxAqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB9XJG6gHpr4bqAeaBqgH89EbqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCB8IgOGAEBABGB8yAqoCOgKAQEi9_cE6WLf-9ZeEkIMDgAoBmAsByAsBgAwBogwgKh4KHOS0sQLutbECtbixAqy6sQLktLEC7rWxAru7sQKqDQJERbATh--xFdATANgTA4gUAdgUAdAVAfgWAYAXAbIYAyIBAA%26ae%3D1%26num%3D1%26cid%3DCAQSTgAvHhf_jRNwqmYwMOxLIS4Raw0YccVbGsumxbcSWYJRnxngVWaka4pOXGKynffJY-TYuTOJ-F5sEDWjuMjPVuaZEl5gGHeDn4oxeYsFxBgB%26sig%3DAOD64_3RBh85FqOqHxlXcrBbTDVoFlpc7g%26client%3Dca-pub-2575916601382163%26dbm_c%3DAKAmf-A6-4p1SB6WcXTAvpJFpF276_QJzTPmJD6t_uV2ul4q2v_cek4IDnXUPOPTwmjpSay_3AIn91xeA_C0qfO34PLPrHr25lknelhp8aLWUt4ic4YLcmI8DippWp9S1OUs7zmyUXk73p-Hvh5Lyi0an0vQFnv2dsHsGfKamUOjC4CsP0xQIt0%26cry%3D1%26dbm_d%3DAKAmf-C2EMMagdx_qoxcEqXtnaHu3vFuAaSD39OxDFLiqax_rohintsTGZFgmLqH0xF0szr8Pat7cLB1_-SRgzGuMRaaM-WWcfj7WtrMcEZ7WIrHxj79fTfikj2Z_rQSjdm6RJjScf691FudO2GJJY96WYVQu-vZ4ZWy3Svly0pPNopCTlRWHWpFRGyJevnMM04-R7SWP7w6shh3-ydGuIsmf539IkThVl28WGS2_-_DMUg3NZFKbwDUgWA5ZjTHdALdgU4r09gP2JxMkDowuLlbi1tuZcWZh3yfD93BRwSXi9noeR4MhhirLucrSSfNAm-TXi13UYq9D-aZQVC218wv3E1fEMcUpdEHRZyHHSEwxSy6TsUsa-lEsjDpcZKj0MPsWsFfsCvitrAdYouWiPvAtU-9APZXLY9d3VnyHa5E46y6AzOkiCewD6xsH3_1zDWyLNOpkACYEoXON7SeXKsfuzx9hMLCT9cCO0uiOyYltC_QoFF1thtZ2QOLK9O1Yn7JbyiL4Lrm%26adurl%3D&documentReferer=https%3A%2F%2Fwww.fifermods.com%2F&ancestorOrigins=https%3A%2F%2Fwww.fifermods.com&random=2329849856581&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0 HTTP 302
https://hal900015.redintelligence.net/request.php?zone=g72h7lz2c4az&nw=20&renderingType=javascript&namespace=8fc928fd51&subid=&uid=d89957c679b88880&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=728x90&scrollPos=0x0&extData[]=&extVar[]=DV360_SSP%3A1&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCQS36P4l7Zc2CIMCI7_UP0KKP-A-m5b2gaYWVnKfJD_AuEAEgpJHiPGCVgoCAoAfIAQmpAtPqU3VdUrI-qAMByAObBKoE4gFP0BXxST-Xym3z6XrusableXxtAssUXdswrPYaxOhGDsRqR7u02fvW7fLzmtXfxIl5qD8FYot4dhIWnLi8tfrQ7bQHGnKaEHtvOSo4o8GJteFjpPHgmZEtxUrQLkkMmA_JFAmHg3j6ukvINETiqlxnSxKBKP-xUDoSzeKAC4STQbtCU6Pc-1tzVM4qQqhKjflDlXvd3FiajWe7YCx6T38hBck1xB0oHof0JbwtGk9YkBStLDa6rUhxZVr4hwAPa1Mky6OTu9ybo9zmFN5XOZWU7nJPEMxlnCHDpM7mlSc8Fy5VwATrj_yO9wPgBAOIBe-vlog-kAYBoAZNgAesrfWfA6gH2baxAqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB9XJG6gHpr4bqAeaBqgH89EbqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCB8IgOGAEBABGB8yAqoCOgKAQEi9_cE6WLf-9ZeEkIMDgAoBmAsByAsBgAwBogwgKh4KHOS0sQLutbECtbixAqy6sQLktLEC7rWxAru7sQKqDQJERbATh--xFdATANgTA4gUAdgUAdAVAfgWAYAXAbIYAyIBAA%26ae%3D1%26num%3D1%26cid%3DCAQSTgAvHhf_jRNwqmYwMOxLIS4Raw0YccVbGsumxbcSWYJRnxngVWaka4pOXGKynffJY-TYuTOJ-F5sEDWjuMjPVuaZEl5gGHeDn4oxeYsFxBgB%26sig%3DAOD64_3RBh85FqOqHxlXcrBbTDVoFlpc7g%26client%3Dca-pub-2575916601382163%26dbm_c%3DAKAmf-A6-4p1SB6WcXTAvpJFpF276_QJzTPmJD6t_uV2ul4q2v_cek4IDnXUPOPTwmjpSay_3AIn91xeA_C0qfO34PLPrHr25lknelhp8aLWUt4ic4YLcmI8DippWp9S1OUs7zmyUXk73p-Hvh5Lyi0an0vQFnv2dsHsGfKamUOjC4CsP0xQIt0%26cry%3D1%26dbm_d%3DAKAmf-C2EMMagdx_qoxcEqXtnaHu3vFuAaSD39OxDFLiqax_rohintsTGZFgmLqH0xF0szr8Pat7cLB1_-SRgzGuMRaaM-WWcfj7WtrMcEZ7WIrHxj79fTfikj2Z_rQSjdm6RJjScf691FudO2GJJY96WYVQu-vZ4ZWy3Svly0pPNopCTlRWHWpFRGyJevnMM04-R7SWP7w6shh3-ydGuIsmf539IkThVl28WGS2_-_DMUg3NZFKbwDUgWA5ZjTHdALdgU4r09gP2JxMkDowuLlbi1tuZcWZh3yfD93BRwSXi9noeR4MhhirLucrSSfNAm-TXi13UYq9D-aZQVC218wv3E1fEMcUpdEHRZyHHSEwxSy6TsUsa-lEsjDpcZKj0MPsWsFfsCvitrAdYouWiPvAtU-9APZXLY9d3VnyHa5E46y6AzOkiCewD6xsH3_1zDWyLNOpkACYEoXON7SeXKsfuzx9hMLCT9cCO0uiOyYltC_QoFF1thtZ2QOLK9O1Yn7JbyiL4Lrm%26adurl%3D&documentReferer=https%3A%2F%2Fwww.fifermods.com%2F&ancestorOrigins=https%3A%2F%2Fwww.fifermods.com&random=2329849856581&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0&uidRedirect=1

Request Chain 116

https://googleads.g.doubleclick.net/pagead/adview?ai=CMqwHP4l7ZeTqH5GC7_UPwrivgAHzmf-LdOfn0drmEcHfr7_0PhABIKSR4jxglYKAgKAHoAGWqYH_AsgBCakC0-pTdV1Ssj6oAwHIA8sEqgTFAU_QwFpzdxiIZW-fC17QLIfDIsEisgVvcLkQSXPayHJdciceAzajRIB0bGfBvfisa7cPiE6J3qbylOG63-1q8-w--vvDD7KMmely0WLtq1s4uhDEKkVitKPsqOjDUjV8Q08jYh85-33I-iH2O0T7macT_AsHIVMZtcJsjevS_bSYX_j4rZLgftmbr4iME-Ml-6-WQAOQcR3bBNX4V1ESi6MXztqEv-DrakoouEefByPp17Aq5B1briuESu_e9cKy5juPByAVwATDwYjLtgSIBfO4zfBLkgUECAQYAZIFBAgFGASSBQQIBRgYkgUFCAUYqAGgBi6AB5Cq6n-oB9m2sQKoB47OG6gHk9gbqAfulrECqAf-nrECqAemvhvYBwDyBwQQroUH0ggfCIDhgBAQARgfMgKqAjoCgEBIvf3BOliS4_WXhJCDA5oJHmh0dHBzOi8vd3d3LnN0b2ZmZS1oZW1tZXJzLmRlL4AKAcgLAaIMECoOCgzktLEC7rWxArW4sQLYEwvQFQGYFgGAFwGyFxwKGggAEhRwdWItMjU3NTkxNjYwMTM4MjE2MxgAshgDIgEA&sigh=Pj49CwkXmt0&uach_m=%5BUACH%5D&ase=2&nis=4&cid=CAQSTgAvHhf_QbNtTnucbYSZspU8x-9zD-tk6qCwYOi77SZJ_kquZzdvNRHAUI8I_BymllGvsfuV93UsiZGb6lRiSlsm0WirUUOL3bZk9F3CTBgB&template_id=494&cbvp=2&vis=1 HTTP 302
https://www.googleadservices.com/pagead/ar-adview/?nrh={%22debug_key%22:%224729824993685689685%22,%22debug_reporting%22:true,%22destination%22:%22https://stoffe-hemmers.de%22,%22event_report_window%22:%22259200%22,%22expiry%22:%222592000%22,%22filter_data%22:{%222%22:[%22803230870%22],%2222%22:[%22true%22],%224%22:[%2212-14%22],%226%22:[%22true%22]},%22priority%22:%22500%22,%22source_event_id%22:%226814921984435555169%22}&andc=true

Request Chain 120

https://cdn.retailads.net/tb.php?t=150337V2172132532M&subid=67793200000114704444550012539015&ra_cnt_active=1&ra_cnt=1 HTTP 302
https://futalis.de/htlp?utm_medium=affiliate&utm_source=retailads&utm_campaign=150337&ra_id=3386922984

Request Chain 122

https://5994599.fls.doubleclick.net/activityi;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=3149357723691.3286 HTTP 302
https://5994599.fls.doubleclick.net/activityi;dc_pre=COaXqJiEkIMDFftdkQUdrOsEbQ;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=3149357723691.3286

Request Chain 124

https://medialead.de/trck/eview/e99aace94e6e5873881d3400993e1e7e?subid=67793200000114704444550012539015&t=htlp&gdpr=1&consent=1&gdpr_consent= HTTP 302
https://pv.medialead.de/trck/eview/e99aace94e6e5873881d3400993e1e7e?subid=67793200000114704444550012539015&t=htlp&gdpr=1&consent=1&gdpr_consent=

Request Chain 175

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEJSzsbemwos7f02XKktSP8M&google_cver=1

Request Chain 176

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZXuJPyWG6jtAxPreJfweIQAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEJSzsbemwos7f02XKktSP8M&google_cver=1

Request Chain 177

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESELd63qdH9mGBtsmuFdsI43Y&google_cver=1

Request Chain 178

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=ODYzNTQ2MDA4MzQwOTI4NjM5MA%3D%3D

Request Chain 179

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_dbm HTTP 302
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEAnL1RarxFV2U6Azi21_-xA&google_cver=1

Request Chain 181

https://cm.g.doubleclick.net/pixel?google_nid=teadstv_dbm&google_cm&google_dbm HTTP 302
https://sync.teads.tv/um?eid=3&uid=CAESEIsvrs11V8baZPUtrKFJ6Nk&google_cver=1

Request Chain 183

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Request Chain 210

https://gcdn.2mdn.net/videoplayback/id/32ca47640c8a13be/itag/347/source/web_video_ads/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/3846240834/sparams/id,itag,source,ctier,acao,ip,ipbits,expire/signature/42E7D5F5A664CB39833C388C55C2731AC6D5805E.7A82513830BD98CE3D8060CAD6962D55EB72AD/key/ck2/file/file.mp4 HTTP 302
https://r2---sn-4g5e6nzl.c.2mdn.net/videoplayback/id/32ca47640c8a13be/itag/347/source/web_video_ads/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/3846240834/sparams/acao,ctier,expire,id,ip,ipbits,itag,mh,mip,mm,mn,ms,mv,mvi,pl,source/signature/362385EB6113E5FA44A660AB32BE9918FCF498CB.499BBB6DB3360075B825BD74503D0AEA74BC4C05/key/cms1/cms_redirect/yes/mh/bJ/mip/2a01:4a0:5a::4/mm/42/mn/sn-4g5e6nzl/ms/onc/mt/1702594561/mv/u/mvi/2/pl/42/file/file.mp4

Request Chain 214

https://8019191.fls.doubleclick.net/activityi;src=8019191;type=invmedia;cat=1up4h04i;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=9116758614660.271 HTTP 302
https://8019191.fls.doubleclick.net/activityi;dc_pre=CKPU15iEkIMDFW1gkQUdFz0GRA;src=8019191;type=invmedia;cat=1up4h04i;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=9116758614660.271

Request Chain 245

https://www.awin1.com/cshow.php?s=2840007&v=20646&q=409071&r=296283&pref1=42066600000107704444552012539030&pv=1 HTTP 302
https://www.media01.eu/view.aspx?trackid=4FFE2293E3AB03641C3925C92FA06F0B&dt_subid1=&dt_subid2=affiliate&dt_keywords=&dt_freetext=&awc=20646_296283_1702594881_b26cc0c1-9ad4-11ee-b1a8-22396ad6a5ca&dt_mode=iframe&dt_url=

309 HTTP transactions
6 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request / Show response
www.fifermods.com/
Redirect Chain

http://www.fifermods.com/
https://www.fifermods.com/

24 KB
6 KB

143ms
47ms

Document
text/html

52.17.119.105
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://www.fifermods.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 52.17.119.105 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-17-119-105.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: 525dffff10715b33aeae7a1947853ab50c1957ed411a9b748c4aacabbaae00be

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 43104
content-encoding: gzip
content-length: 5814
content-type: text/html
date: Thu, 14 Dec 2023 23:01:18 GMT
vary: x-wf-forwarded-proto, Accept-Encoding
x-cache: HIT
x-cache-hits: 1
x-cluster-name: eu-west-1-prod-hosting-red
x-lambda-id: 4d4b48a4-c268-4ef8-af12-f810d6a8e342
x-served-by: cache-dub4348-DUB
x-timer: S1702594879.907217,VS0,VE1

Redirect headers

Connection: keep-alive
Content-Length: 166
Content-Type: text/html
Date: Thu, 14 Dec 2023 23:01:18 GMT
Location: https://www.fifermods.com/

GET
H2 200 fifer-mods.webflow.90e9f54a1.min.css
assets-global.website-files.com/5f4826660c6a90730a8a0413/css/ 134 KB
25 KB 41ms
15ms Stylesheet
text/css 2600:9000:2260:2400:12:9e5f:cac0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://assets-global.website-files.com/5f4826660c6a90730a8a0413/css/fifer-mods.webflow.90e9f54a1.min.css
Requested by: Host: www.fifermods.com
URL: https://www.fifermods.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2260:2400:12:9e5f:cac0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: dc78bf9d45ba93578b2d142f70adc9cfb289f412e25580f74fb587a65fe50d47

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.fifermods.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

x-amz-version-id: skPHOSNXxDIulfzlgIx14T1qEfZgmWWt
content-encoding: gzip
via: 1.1 1bccf6a872dd296ef2ffc6656debd1f0.cloudfront.net (CloudFront)
date: Thu, 14 Dec 2023 01:59:28 GMT
age: 75710
x-amz-cf-pop: TXL50-P3
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-length: 25474
last-modified: Fri, 24 Nov 2023 04:04:50 GMT
server: AmazonS3
etag: "3a849f35e6de0f41e92c0b762c138b1d"
vary: Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=84600, must-revalidate
accept-ranges: bytes
x-amz-cf-id: 9sulRxrR6yRwZtXGQ-Gkqm-taxOJiXp0t28n217ZJoEK5FmmK1QHww==

GET
H2 200 webfont.js Show response
ajax.googleapis.com/ajax/libs/webfont/1.6.26/ 13 KB
6 KB 41ms
7ms Script
text/javascript 2a00:1450:4001:827::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ajax.googleapis.com/ajax/libs/webfont/1.6.26/webfont.js

Requested by

Host: www.fifermods.com
URL: https://www.fifermods.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

81016ac6be850b72df5d4faa0c3cec8e2c1b0ba0045712144a6766adfad40bee

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.fifermods.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Mon, 11 Dec 2023 22:07:28 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 262430
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 5437
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
vary: Accept-Encoding
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 10 Dec 2024 22:07:28 GMT

GET
H2 200 / Show response
d3vw4uehoh23hx.cloudfront.net/ 354 KB
115 KB 241ms
193ms Script
text/plain 2600:9000:225a:6400:e:be87:cd40:21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://d3vw4uehoh23hx.cloudfront.net/?euwvd=960429
Requested by: Host: www.fifermods.com
URL: https://www.fifermods.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:225a:6400:e:be87:cd40:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: 3b47682921f659780a201c59ab965f96010044750c9e942913de4ebd5552089d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.fifermods.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 14 Dec 2023 23:01:19 GMT
content-encoding: gzip
via: 1.1 eeeb5087a36839b2299b9c53f96feb8e.cloudfront.net (CloudFront)
x-amz-cf-pop: TXL50-P1
x-cache: Miss from cloudfront
access-control-allow-origin: *
cache-control: no-store, no-cache, proxy-revalidate, must-revalidate, private, no-transform
content-length: 117633
x-amz-cf-id: gnUWYsMw849_Dc1o7yInTUEB-YD65d0bbDCVPTGlje0d9dMBclgTJA==

GET
H2 200 5f48832a327ad1674651597c_big2fifer-p-500.png
assets-global.website-files.com/5f4826660c6a90730a8a0413/ 9 KB
9 KB 55ms
29ms Image
image/png 2600:9000:2260:2400:12:9e5f:cac0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets-global.website-files.com/5f4826660c6a90730a8a0413/5f48832a327ad1674651597c_big2fifer-p-500.png
Requested by: Host: www.fifermods.com
URL: https://www.fifermods.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2260:2400:12:9e5f:cac0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: efe991d60c04f9aacb277affdcfd04973376562978309dc1f4351b06bbbb86ec

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.fifermods.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 14 Dec 2023 18:40:07 GMT
x-amz-version-id: 8kuRabieBchM7EAc6f2lHqUAO77YiVLI
via: 1.1 1bccf6a872dd296ef2ffc6656debd1f0.cloudfront.net (CloudFront)
last-modified: Fri, 28 Aug 2020 04:08:12 GMT
server: AmazonS3
age: 15672
x-amz-cf-pop: TXL50-P3
etag: "94e08cbc5793e54173493afa827b6267"
x-cache: Hit from cloudfront
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=31536000, must-revalidate
accept-ranges: bytes
content-length: 8863
x-amz-cf-id: 2h9Bv9sLvWXPoa0DDFVxvl5h-9MjSnCoTJ5HchWi7pjmiJNAMrUbFg==

GET
H2 200 5f482666bce9ecadae04013f_chevron-down-white.svg
assets-global.website-files.com/5f4826660c6a90730a8a0413/ 287 B
719 B 43ms
17ms Image
image/svg+xml 2600:9000:2260:2400:12:9e5f:cac0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets-global.website-files.com/5f4826660c6a90730a8a0413/5f482666bce9ecadae04013f_chevron-down-white.svg
Requested by: Host: www.fifermods.com
URL: https://www.fifermods.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2260:2400:12:9e5f:cac0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 4ce4b53c8102243c8140e5464e30fe9b2cf5383415dba50cfd9fea443a59c0c1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.fifermods.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Fri, 24 Nov 2023 13:21:25 GMT
x-amz-version-id: dT3438JB1iDBBIzSHnV4D53O9LQdMop8
via: 1.1 1bccf6a872dd296ef2ffc6656debd1f0.cloudfront.net (CloudFront)
last-modified: Thu, 27 Aug 2020 21:32:27 GMT
server: AmazonS3
age: 1762794
x-amz-cf-pop: TXL50-P3
etag: "4dda7988bd84fe20d29f3b6469f60b5b"
x-cache: Hit from cloudfront
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31536000, must-revalidate
accept-ranges: bytes
content-length: 287
x-amz-cf-id: ghBZPDojZL-LTc94RJnBqKDYRuBWaC_eR-EZwskUMGFaGb-_JUq7Gg==

GET
H2 200 5f482666bce9eca0e60400d4_arrow-right-white.svg
assets-global.website-files.com/5f4826660c6a90730a8a0413/ 639 B
1 KB 13ms
13ms Image
image/svg+xml 2600:9000:2260:2400:12:9e5f:cac0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets-global.website-files.com/5f4826660c6a90730a8a0413/5f482666bce9eca0e60400d4_arrow-right-white.svg
Requested by: Host: www.fifermods.com
URL: https://www.fifermods.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2260:2400:12:9e5f:cac0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 8e0ccfb3cf18bf7f6496f79fc4048a24704275c42118d9a2f454c1015338ea81

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.fifermods.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Fri, 24 Nov 2023 13:21:25 GMT
x-amz-version-id: yJd6Tj2.G5QNeQKr0jBUvposJ.4zHwha
via: 1.1 1bccf6a872dd296ef2ffc6656debd1f0.cloudfront.net (CloudFront)
last-modified: Thu, 27 Aug 2020 21:32:26 GMT
server: AmazonS3
age: 1762794
x-amz-cf-pop: TXL50-P3
etag: "0e2d864741943c065a9e1a873c7526a8"
x-cache: Hit from cloudfront
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31536000, must-revalidate
accept-ranges: bytes
content-length: 639
x-amz-cf-id: z3aYlimRjFS0kB3--szwJCmzCA8IM6EMB-uGl4byNm1RSEAgGD_82g==

GET
H2 200 5f482666bce9ec6db80400d6_Menu%20Icon.svg
assets-global.website-files.com/5f4826660c6a90730a8a0413/ 659 B
1 KB 13ms
13ms Image
image/svg+xml 2600:9000:2260:2400:12:9e5f:cac0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets-global.website-files.com/5f4826660c6a90730a8a0413/5f482666bce9ec6db80400d6_Menu%20Icon.svg
Requested by: Host: www.fifermods.com
URL: https://www.fifermods.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2260:2400:12:9e5f:cac0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 46f0f6087cee9353ebe9d08263b956097c0d51d7fe2eb31decbba8b19e593166

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.fifermods.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Fri, 24 Nov 2023 13:21:25 GMT
x-amz-version-id: irziUas4HagL67iPAxUweV.cIYpfatzS
via: 1.1 1bccf6a872dd296ef2ffc6656debd1f0.cloudfront.net (CloudFront)
last-modified: Thu, 27 Aug 2020 21:32:26 GMT
server: AmazonS3
age: 1762794
x-amz-cf-pop: TXL50-P3
etag: "40a8549217515cbad0d030f3335fe009"
x-cache: Hit from cloudfront
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31536000, must-revalidate
accept-ranges: bytes
content-length: 659
x-amz-cf-id: FzTMsYP8dRwu3deMdvdVya3lsXvP7LiXx9fqetWgBRulWhaHyhBzBg==

GET
H2 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ 147 KB
51 KB 91ms
58ms Script
text/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-2575916601382163

Requested by

Host: www.fifermods.com
URL: https://www.fifermods.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

bdaff86a686857c91db1fbdb6410a07e895ea4ce3ce3bc620911758fde6b85cd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.fifermods.com/
Origin: https://www.fifermods.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 14 Dec 2023 23:01:19 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 51542
x-xss-protection: 0
server: cafe
etag: 11446747914619311952
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Thu, 14 Dec 2023 23:01:19 GMT

GET
H2 200 617a231ae122ca1ee1051f0b_Start%20Screen-min-p-1080.png
assets-global.website-files.com/5f4826660c6a90730a8a0413/ 325 KB
326 KB 28ms
28ms Image
image/png 2600:9000:2260:2400:12:9e5f:cac0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets-global.website-files.com/5f4826660c6a90730a8a0413/617a231ae122ca1ee1051f0b_Start%20Screen-min-p-1080.png
Requested by: Host: www.fifermods.com
URL: https://www.fifermods.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2260:2400:12:9e5f:cac0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 658de102c9c6d70011b1fceaa6d215ff66d0396e29b5eb7e616a7588d07feb41

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.fifermods.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Fri, 24 Nov 2023 13:21:25 GMT
x-amz-version-id: IIDvKf1yYBydnsmNCw0F1cXierkz4pMd
via: 1.1 1bccf6a872dd296ef2ffc6656debd1f0.cloudfront.net (CloudFront)
age: 1762793
x-amz-cf-pop: TXL50-P3
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-length: 332842
last-modified: Thu, 28 Oct 2021 04:12:14 GMT
server: AmazonS3
etag: "d189fce9bdd74755141d9a97de9337b9"
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=31536000, must-revalidate
accept-ranges: bytes
x-amz-cf-id: fdSB1-J1WO4vkMvWgeyV5FdsoFiE7toQd0g4keapummroQspYigyLg==

GET
H2 200 5faa37d6729033376b7bc73e_1.0-Splash-Screen.jpg
assets-global.website-files.com/5f4826660c6a90730a8a0413/ 57 KB
58 KB 29ms
29ms Image
image/jpeg 2600:9000:2260:2400:12:9e5f:cac0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets-global.website-files.com/5f4826660c6a90730a8a0413/5faa37d6729033376b7bc73e_1.0-Splash-Screen.jpg
Requested by: Host: www.fifermods.com
URL: https://www.fifermods.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2260:2400:12:9e5f:cac0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 7be1d1d528903b4815b1427c2fe8a4d67ce4908290804cdafb646330f19886c4

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.fifermods.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Fri, 24 Nov 2023 14:03:29 GMT
x-amz-version-id: iNvlGs.fPoA5Fh0gN0lICwG8u34A_HsD
via: 1.1 1bccf6a872dd296ef2ffc6656debd1f0.cloudfront.net (CloudFront)
age: 1760271
x-amz-cf-pop: TXL50-P3
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-length: 58381
last-modified: Tue, 10 Nov 2020 06:48:55 GMT
server: AmazonS3
etag: "742b7bed3a532fc448d5b91f9a945552"
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=31536000, must-revalidate
accept-ranges: bytes
x-amz-cf-id: 6EzpUoff0SDVcd9RMDaKK-1IYxSJWe82duIO3mqcuImbCQY7eEKDPQ==

GET
H2 200 5faa381de8714b66f37e7d1f_load.jpg
assets-global.website-files.com/5f4826660c6a90730a8a0413/ 55 KB
56 KB 33ms
27ms Image
image/jpeg 2600:9000:2260:2400:12:9e5f:cac0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets-global.website-files.com/5f4826660c6a90730a8a0413/5faa381de8714b66f37e7d1f_load.jpg
Requested by: Host: www.fifermods.com
URL: https://www.fifermods.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2260:2400:12:9e5f:cac0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 3764a25212d0293f34d97b30b929edd7bca41d3dfb3801bf973c460c540a046a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.fifermods.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Fri, 24 Nov 2023 14:03:29 GMT
x-amz-version-id: 1L4U4Pp6oI6u5cklFRIxw1GJIfXDaFQO
via: 1.1 1bccf6a872dd296ef2ffc6656debd1f0.cloudfront.net (CloudFront)
age: 1760271
x-amz-cf-pop: TXL50-P3
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-length: 56371
last-modified: Tue, 10 Nov 2020 06:50:07 GMT
server: AmazonS3
etag: "bc5677f1feae604bace22564ffc4092a"
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=31536000, must-revalidate
accept-ranges: bytes
x-amz-cf-id: zUsCmkmVis_kwtS-ky_FnKNsyub8T59RuwHa8YeEGAO17QQmVp-mZw==

GET
H2 200 5faa350221a7c46c226f4436_NORMAL_ICONS_IN_FIFA_21_CAREER_MODE.jpg
assets-global.website-files.com/5f4826660c6a90730a8a0413/ 78 KB
78 KB 42ms
36ms Image
image/jpeg 2600:9000:2260:2400:12:9e5f:cac0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets-global.website-files.com/5f4826660c6a90730a8a0413/5faa350221a7c46c226f4436_NORMAL_ICONS_IN_FIFA_21_CAREER_MODE.jpg
Requested by: Host: www.fifermods.com
URL: https://www.fifermods.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2260:2400:12:9e5f:cac0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 60c1496f3d7e8ec962ae287133365fbc7b004b497ab1ce72975fa10a05d38c22

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.fifermods.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Fri, 24 Nov 2023 14:03:29 GMT
x-amz-version-id: cnHDML7qtJO1X8xrmLyZ4RsuVV6DN8g8
via: 1.1 1bccf6a872dd296ef2ffc6656debd1f0.cloudfront.net (CloudFront)
age: 1760270
x-amz-cf-pop: TXL50-P3
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-length: 79490
last-modified: Tue, 10 Nov 2020 06:36:51 GMT
server: AmazonS3
etag: "9a50a8bac2d55a4486834d337853757f"
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=31536000, must-revalidate
accept-ranges: bytes
x-amz-cf-id: eLrhKLxMBY0qlKxxuXtelKD4cgXDR82Q8RHaaIy0yyTeXvlN8NBK1w==

GET
H2 200 5fa61f239b7bba0d525062e9_patreon%20logo%20copy-p-500.png
assets-global.website-files.com/5f4826660c6a90730a8a0413/ 12 KB
13 KB 35ms
29ms Image
image/png 2600:9000:2260:2400:12:9e5f:cac0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets-global.website-files.com/5f4826660c6a90730a8a0413/5fa61f239b7bba0d525062e9_patreon%20logo%20copy-p-500.png
Requested by: Host: www.fifermods.com
URL: https://www.fifermods.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2260:2400:12:9e5f:cac0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: f5c858874e89e28ab0a16f3bbfa0ae83303f496ded03c7d4f9c9691d0f17bc2b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.fifermods.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Sat, 25 Nov 2023 09:41:13 GMT
x-amz-version-id: L20utxtd886zEnP5EhBoZjxUi5zBzUvG
via: 1.1 1bccf6a872dd296ef2ffc6656debd1f0.cloudfront.net (CloudFront)
age: 1689607
x-amz-cf-pop: TXL50-P3
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-length: 12764
last-modified: Sat, 07 Nov 2020 04:14:30 GMT
server: AmazonS3
etag: "06fcc8a73fa2d7e150857cb068581503"
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=31536000, must-revalidate
accept-ranges: bytes
x-amz-cf-id: zZbUnCmYVonngfG9klaSCLiMuIZiQ7gy3sahPf2-QtiQXXW-9Z_dvQ==

GET
H2 200 5fa620e86639f64dcb4172e2_Twitter%20logo-p-500.png
assets-global.website-files.com/5f4826660c6a90730a8a0413/ 13 KB
13 KB 41ms
35ms Image
image/png 2600:9000:2260:2400:12:9e5f:cac0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets-global.website-files.com/5f4826660c6a90730a8a0413/5fa620e86639f64dcb4172e2_Twitter%20logo-p-500.png
Requested by: Host: www.fifermods.com
URL: https://www.fifermods.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2260:2400:12:9e5f:cac0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 54c151ba3c3bfc5f08e1090a569b8c3b78e6b192f9e48dc88b3bd4305a5c8a0a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.fifermods.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Sat, 25 Nov 2023 02:22:54 GMT
x-amz-version-id: dRY5BZESpGk7y._osDdYEiumDJhc_I.E
via: 1.1 1bccf6a872dd296ef2ffc6656debd1f0.cloudfront.net (CloudFront)
age: 1715906
x-amz-cf-pop: TXL50-P3
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-length: 13198
last-modified: Sat, 07 Nov 2020 04:22:02 GMT
server: AmazonS3
etag: "ae93fd24780009c8b088a45b6fb56011"
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=31536000, must-revalidate
accept-ranges: bytes
x-amz-cf-id: FJ8AQvWOEC6Av0Kkp1t-1URbAusjZYKt8nEBgIrFxrWLzmvagskL5A==

GET
H2 200 5fa61fb8fc6e3506f0b6691a_youtube%20logo-p-500.png
assets-global.website-files.com/5f4826660c6a90730a8a0413/ 9 KB
9 KB 40ms
34ms Image
image/png 2600:9000:2260:2400:12:9e5f:cac0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets-global.website-files.com/5f4826660c6a90730a8a0413/5fa61fb8fc6e3506f0b6691a_youtube%20logo-p-500.png
Requested by: Host: www.fifermods.com
URL: https://www.fifermods.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2260:2400:12:9e5f:cac0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 5f09b062a2f4c5fe159584e4de7bb96d77044147786df2c61ae28481533da6af

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.fifermods.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 14 Dec 2023 20:53:40 GMT
x-amz-version-id: 8RXfA4lzxo17x8KdxHwU8KLGQP2fyygd
via: 1.1 1bccf6a872dd296ef2ffc6656debd1f0.cloudfront.net (CloudFront)
age: 7659
x-amz-cf-pop: TXL50-P3
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-length: 8863
last-modified: Sat, 07 Nov 2020 04:17:02 GMT
server: AmazonS3
etag: "e62947ada6f225b421202b77a176556c"
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=31536000, must-revalidate
accept-ranges: bytes
x-amz-cf-id: QW3cpDY3vgqOVa2iiwcFLvQuh_RneahHzw_RUsHPuobpmguspjx-vA==

GET
H2 200 5fa62d3afc6e357e2cb67e47_discord%20logo.png
assets-global.website-files.com/5f4826660c6a90730a8a0413/ 10 KB
10 KB 20ms
15ms Image
image/png 2600:9000:2260:2400:12:9e5f:cac0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets-global.website-files.com/5f4826660c6a90730a8a0413/5fa62d3afc6e357e2cb67e47_discord%20logo.png
Requested by: Host: www.fifermods.com
URL: https://www.fifermods.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2260:2400:12:9e5f:cac0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: e3588e1938b3ec3c40eb97eed6e2c07244d894eaf1b5547f7811875b0ec9f165

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.fifermods.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Fri, 24 Nov 2023 14:03:30 GMT
x-amz-version-id: VoEv1eTtuGFMclc6WGG3zn.8mV2PTJb9
via: 1.1 1bccf6a872dd296ef2ffc6656debd1f0.cloudfront.net (CloudFront)
age: 1760270
x-amz-cf-pop: TXL50-P3
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-length: 9765
last-modified: Sat, 07 Nov 2020 05:14:35 GMT
server: AmazonS3
etag: "5ea061fa9b92541e119983b570e48272"
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=31536000, must-revalidate
accept-ranges: bytes
x-amz-cf-id: RRW8MGO1SszvPPecVweCTMtg_Kz_PSmofOJyqEHRppinrl9_oQOVUA==

GET
H2 200 5fa62de559a7f814cb6706ac_instagram%20logo-p-500.png
assets-global.website-files.com/5f4826660c6a90730a8a0413/ 164 KB
165 KB 35ms
30ms Image
image/png 2600:9000:2260:2400:12:9e5f:cac0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets-global.website-files.com/5f4826660c6a90730a8a0413/5fa62de559a7f814cb6706ac_instagram%20logo-p-500.png
Requested by: Host: www.fifermods.com
URL: https://www.fifermods.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2260:2400:12:9e5f:cac0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: a764c9e375792bb434cbf04cd365278786f7bc7a99ab23ef247a5f4aa148e4f8

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.fifermods.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Sat, 25 Nov 2023 02:22:54 GMT
x-amz-version-id: KuW4r3CFZ2MV_IQiazQ.YvbvMd4vr6M0
via: 1.1 1bccf6a872dd296ef2ffc6656debd1f0.cloudfront.net (CloudFront)
age: 1715906
x-amz-cf-pop: TXL50-P3
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-length: 168198
last-modified: Sat, 07 Nov 2020 05:17:28 GMT
server: AmazonS3
etag: "47046b028f995cf137204ed751810438"
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=31536000, must-revalidate
accept-ranges: bytes
x-amz-cf-id: vc_2FYEWks5RGHldNB0C8jgz8KAHES3p_7CkXVGNaCtRjae3y3TdOw==

GET
H2 200 5fa62e580c681f6c5a1be4cc_paypal%20logo.png
assets-global.website-files.com/5f4826660c6a90730a8a0413/ 2 KB
3 KB 21ms
16ms Image
image/png 2600:9000:2260:2400:12:9e5f:cac0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets-global.website-files.com/5f4826660c6a90730a8a0413/5fa62e580c681f6c5a1be4cc_paypal%20logo.png
Requested by: Host: www.fifermods.com
URL: https://www.fifermods.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2260:2400:12:9e5f:cac0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 379dff99fd52ffb767f728ef169b454d53e9c902aab39195780a1a925f87c81e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.fifermods.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Fri, 24 Nov 2023 14:03:30 GMT
x-amz-version-id: qhzy_Hz18AoWTn2xSO29D78gkCxqMbm3
via: 1.1 1bccf6a872dd296ef2ffc6656debd1f0.cloudfront.net (CloudFront)
age: 1760270
x-amz-cf-pop: TXL50-P3
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-length: 2175
last-modified: Sat, 07 Nov 2020 05:19:22 GMT
server: AmazonS3
etag: "5fade6005342f3c0ecb4770032456c56"
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=31536000, must-revalidate
accept-ranges: bytes
x-amz-cf-id: FBM_Uw57T8jk5vqWly9NAP6HXGZUAJedosjU3FPQD1qYOW293cauOQ==

GET
H3 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ 147 KB
50 KB 84ms
57ms Script
text/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Requested by

Host: www.fifermods.com
URL: https://www.fifermods.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

56d23cacbdf2933397dac5bf6badd639ea23c80dd362c098374fa6248a2b9609

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.fifermods.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 14 Dec 2023 23:01:19 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 51544
x-xss-protection: 0
server: cafe
etag: 7322617211775836440
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Thu, 14 Dec 2023 23:01:19 GMT

GET
H2 200 jquery-3.5.1.min.dc5e7f18c8.js Show response
d3e54v103j8qbb.cloudfront.net/js/ 87 KB
30 KB 40ms
14ms Script
application/javascript 18.64.84.99
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://d3e54v103j8qbb.cloudfront.net/js/jquery-3.5.1.min.dc5e7f18c8.js?site=5f4826660c6a90730a8a0413
Requested by: Host: www.fifermods.com
URL: https://www.fifermods.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.64.84.99 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-64-84-99.txl50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d

Request headers

Referer: https://www.fifermods.com/
Origin: https://www.fifermods.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 14 Dec 2023 07:45:16 GMT
content-encoding: br
via: 1.1 3588568928e677ce9bb8aedfd6e0ea04.cloudfront.net (CloudFront)
age: 54963
x-amz-cf-pop: TXL50-P2
x-cache: Hit from cloudfront
last-modified: Mon, 20 Jul 2020 17:53:02 GMT
server: AmazonS3
etag: W/"dc5e7f18c8d36ac1d3d4753a87c98d0a"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=84600, must-revalidate
vary: Accept-Encoding
x-amz-cf-id: so4fZpVkF7OtPFqOG2zVNKVjvL0yRpMSRTlYW2rQnXWf6ieuvarFYA==

GET
H2 200 webflow.cd3763e08.js Show response
assets-global.website-files.com/5f4826660c6a90730a8a0413/js/ 721 KB
183 KB 14ms
14ms Script
text/javascript 2600:9000:2260:2400:12:9e5f:cac0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://assets-global.website-files.com/5f4826660c6a90730a8a0413/js/webflow.cd3763e08.js
Requested by: Host: www.fifermods.com
URL: https://www.fifermods.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2260:2400:12:9e5f:cac0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: bb2fc3583b288ac492fee5cc0279f05eb9b58e8e47db2e1f9ca18ef36d5399a5

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.fifermods.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

x-amz-version-id: Rfh6T1mfn9RuVs5yRHmoh7yg7eAyRDtK
content-encoding: gzip
via: 1.1 1bccf6a872dd296ef2ffc6656debd1f0.cloudfront.net (CloudFront)
date: Thu, 14 Dec 2023 07:45:11 GMT
age: 54969
x-amz-cf-pop: TXL50-P3
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-length: 186201
last-modified: Fri, 24 Nov 2023 04:04:50 GMT
server: AmazonS3
etag: "227ae48c0a019887af908fbcb6eb2757"
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=84600, must-revalidate
accept-ranges: bytes
x-amz-cf-id: 8wLXfobJ5GGFXnHtdevjWVqVyAiiJqXLF0fsWMqCIb3gm4Dd6L6b6g==

GET
H2 200 css
fonts.googleapis.com/ 9 KB
1 KB 61ms
28ms Stylesheet
text/css 2a00:1450:4001:81c::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Inter:regular,500,600,700

Requested by

Host: ajax.googleapis.com
URL: https://ajax.googleapis.com/ajax/libs/webfont/1.6.26/webfont.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

0e9ef5355342a77d2e11dfc11fc0afccecf65c084241b030a19a629dbfa5a1ce

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.fifermods.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Thu, 14 Dec 2023 23:01:19 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Thu, 14 Dec 2023 22:39:29 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Thu, 14 Dec 2023 23:01:19 GMT

GET
H2 200 UcC73FwrK3iLTeHuS_fvQtMwCp50KnMa1ZL7.woff2
fonts.gstatic.com/s/inter/v13/ 46 KB
46 KB 40ms
7ms Font
font/woff2 2a00:1450:4001:813::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/inter/v13/UcC73FwrK3iLTeHuS_fvQtMwCp50KnMa1ZL7.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Inter:regular,500,600,700

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

88df0b5a7bc397dbc13a26bb8b3742cc62cd1c9b0dded57da7832416d6f52f42

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://www.fifermods.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Tue, 12 Dec 2023 08:57:12 GMT
x-content-type-options: nosniff
age: 223447
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 46704
x-xss-protection: 0
last-modified: Wed, 13 Sep 2023 23:49:07 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 11 Dec 2024 08:57:12 GMT

GET
H2 200 asd100.bin Show response
pogothere.xyz/ 100 KB
100 KB 227ms
195ms Fetch
binary/octet-stream 188.114.97.9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://pogothere.xyz/asd100.bin
Requested by: Host: d3vw4uehoh23hx.cloudfront.net
URL: https://d3vw4uehoh23hx.cloudfront.net/?euwvd=960429
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 188.114.97.9 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f627ca4c2c322f15db26152df306bd4f983f0146409b81a4341b9b340c365a16

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.fifermods.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 14 Dec 2023 23:01:19 GMT
cf-cache-status: EXPIRED
last-modified: Thu, 14 Dec 2023 14:03:19 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: binary/octet-stream
access-control-allow-origin: https://www.fifermods.com
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=F4eclH6aVtAqLpZGrILd5WkLNPRabVeyXJ48w6%2BUBTvGcbAIn4KpZlr6Ag590uUKpRiPGzex3QrUAdkiif%2BYHbYXyw1XOnLglTuXt9Gg04LNpZ5YKzLLZZySA520Fz%2FR"}],"group":"cf-nel","max_age":604800}
cache-control: max-age=14400
access-control-allow-credentials: true
cf-ray: 835a116b3f3565c4-FRA
access-control-allow-headers: X-Requested-With, content-type
alt-svc: h3=":443"; ma=86400

GET
H2 200 / Show response
pogothere.xyz/ 27 B
621 B 140ms
108ms Fetch
text/plain 188.114.97.9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://pogothere.xyz/
Requested by: Host: d3vw4uehoh23hx.cloudfront.net
URL: https://d3vw4uehoh23hx.cloudfront.net/?euwvd=960429
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 188.114.97.9 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4b8cfbda82e642f849339fbacfa963add5a8bab2dd5d30c9ec86d32ab3b7ed4f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.fifermods.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 14 Dec 2023 23:01:19 GMT
content-encoding: br
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ElaWWtGoyEariz2XvuQgTnYhBIoMlPnOb8ZYx68fHAPy7bzoPNpH8hi7BCVqC7Ev%2B0NEteYcIWLHy%2Bu2qCgQLBxSUU4%2BmLby%2F7MuNkn%2FsU8XZspJ8cXN7H9ckRsG0YNV"}],"group":"cf-nel","max_age":604800}
access-control-allow-methods: GET
access-control-allow-origin: https://www.fifermods.com
content-type: text/plain
access-control-allow-credentials: true
cf-ray: 835a116b3f3765c4-FRA
access-control-allow-headers: X-Requested-With, content-type
alt-svc: h3=":443"; ma=86400

GET
H2 204 utx Show response
tbradshedm.org/ 0
542 B 155ms
121ms XHR
text/plain 3.161.119.6
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tbradshedm.org/utx?cb=cAhiURW10OaT&top=www.fifermods.com&tid=960429
Requested by: Host: d3vw4uehoh23hx.cloudfront.net
URL: https://d3vw4uehoh23hx.cloudfront.net/?euwvd=960429
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.161.119.6 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-3-161-119-6.vie50.r.cloudfront.net
Software: openresty/1.17.8.2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.fifermods.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 14 Dec 2023 23:01:19 GMT
via: 1.1 b27f21f2e46f0db2d89ec3930dfac728.cloudfront.net (CloudFront)
server: openresty/1.17.8.2
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List
x-amz-cf-pop: VIE50-P2
x-cache: Miss from cloudfront
p3p: CP="NID DSP ALL COR"
access-control-allow-origin: https://www.fifermods.com
cache-control: no-store, no-cache, must-revalidate, no-transform
access-control-allow-credentials: true
x-amz-cf-id: eXVHj1wFxnzaoV-eCI-QgoNTNpCkTuaoZeXRBON6hZx3XnLJsU5vGw==

GET
H2 200 asd100.bin Show response
pogothere.xyz/ 100 KB
100 KB 327ms
302ms Fetch
binary/octet-stream 188.114.97.9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://pogothere.xyz/asd100.bin
Requested by: Host: d3vw4uehoh23hx.cloudfront.net
URL: https://d3vw4uehoh23hx.cloudfront.net/?euwvd=960429
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 188.114.97.9 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f627ca4c2c322f15db26152df306bd4f983f0146409b81a4341b9b340c365a16

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.fifermods.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 14 Dec 2023 23:01:19 GMT
cf-cache-status: EXPIRED
last-modified: Thu, 14 Dec 2023 14:03:19 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: binary/octet-stream
access-control-allow-origin: https://www.fifermods.com
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dRsm0SOV4tZc0aFLLqquZw3ksF137yKEj72KBcbPTNUPM6GB284noY65Mu3ysDiiYpW8Mol0YJ7uocakK3iXKFOGvdRSAXfXiYeDi%2BVTDp7LDGoSdI8D683a7rUoupbm"}],"group":"cf-nel","max_age":604800}
cache-control: max-age=14400
access-control-allow-credentials: true
cf-ray: 835a116b3f3a65c4-FRA
access-control-allow-headers: X-Requested-With, content-type
alt-svc: h3=":443"; ma=86400

GET
H2 200 / Show response
pogothere.xyz/ 26 B
352 B 138ms
114ms Fetch
text/plain 188.114.97.9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://pogothere.xyz/
Requested by: Host: d3vw4uehoh23hx.cloudfront.net
URL: https://d3vw4uehoh23hx.cloudfront.net/?euwvd=960429
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 188.114.97.9 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d39aff29486cc008efdc68adb1fcc3ac2752da7371bf1c18010299a8e09784a2

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.fifermods.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 14 Dec 2023 23:01:19 GMT
content-encoding: br
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Iz%2BOpVvlmhZYJWqDc%2FpGrCJVEuNPdD9jld75APW8FsSHE26d0mw7ekuvsq9nSG%2FeQ7UyYSjXMXUYFxiU2v%2BBw2rWU8elqvmJVvxGkvWZJorj03n0BviFe6nCMLsHXlCR"}],"group":"cf-nel","max_age":604800}
access-control-allow-methods: GET
access-control-allow-origin: https://www.fifermods.com
content-type: text/plain
access-control-allow-credentials: true
cf-ray: 835a116b3f3c65c4-FRA
access-control-allow-headers: X-Requested-With, content-type
alt-svc: h3=":443"; ma=86400

GET
H2 204 utx Show response
tbradshedm.org/ 0
540 B 155ms
129ms XHR
text/plain 3.161.119.6
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tbradshedm.org/utx?cb=Gm7pgXbyOX30&top=www.fifermods.com&tid=960435
Requested by: Host: d3vw4uehoh23hx.cloudfront.net
URL: https://d3vw4uehoh23hx.cloudfront.net/?euwvd=960429
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.161.119.6 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-3-161-119-6.vie50.r.cloudfront.net
Software: openresty/1.17.8.2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.fifermods.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 14 Dec 2023 23:01:19 GMT
via: 1.1 b27f21f2e46f0db2d89ec3930dfac728.cloudfront.net (CloudFront)
server: openresty/1.17.8.2
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List
x-amz-cf-pop: VIE50-P2
x-cache: Miss from cloudfront
p3p: CP="NID DSP ALL COR"
access-control-allow-origin: https://www.fifermods.com
cache-control: no-store, no-cache, must-revalidate, no-transform
access-control-allow-credentials: true
x-amz-cf-id: iz04HyU2iQah7cd0vgmw83W9NVJ2l-XNElSAN_VGkkDZCcvP8x01Ug==

GET
H2 204 RFEzYXZrblASSxBielAkHAcBMzcKYGc5QwgTXTM0IDp6JhUBABUVHyBsCldGcGMKRwYtNQ5QUDclUhUDN2wCRx8qN1xcUDJsAk9FcH8AVVh0d0ZcR2IlQwAReWAVEQIwPQ5QQXRjBlhCfGYKU0Z3
unicatethebe.org/ 0
242 B 141ms
116ms Image
text/plain 172.67.213.217
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://unicatethebe.org/RFEzYXZrblASSxBielAkHAcBMzcKYGc5QwgTXTM0IDp6JhUBABUVHyBsCldGcGMKRwYtNQ5QUDclUhUDN2wCRx8qN1xcUDJsAk9FcH8AVVh0d0ZcR2IlQwAReWAVEQIwPQ5QQXRjBlhCfGYKU0Z3
Requested by: Host: www.fifermods.com
URL: https://www.fifermods.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.67.213.217 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.fifermods.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 14 Dec 2023 23:01:19 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=q9bvDxJYGzVPr6hkDsEBCTD9kUmQNUshkpoEjLmCF6Dua2xdeIlF9VpaaK606Pkm%2F3CJ4unNZtmYtIoCVgJCb1Isuw2Xky00nuALV7ixz90%2B8yuTK24uOaM6lndU3hPNmXig"}],"group":"cf-nel","max_age":604800}
access-control-allow-origin: *
cf-ray: 835a116b581b65ad-FRA
alt-svc: h3=":443"; ma=86400

GET
H2 200 login.php
www.facebook.com/ 0
0 195ms
177ms Image
text/html 2a03:2880:f176:84:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.facebook.com/login.php?next=https%3A%2F%2Fwww.facebook.com%2Ffavicon.ico%3F_rdr%3Dp
Requested by: Host: www.fifermods.com
URL: https://www.fifermods.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a03:2880:f176:84:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.fifermods.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

GET
H3

403

identifier
accounts.google.com/v3/signin/
Redirect Chain

https://accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail
https://accounts.google.com/InteractiveLogin?continue=https://www.google.com/favicon.ico&hl=en&passive=true&service=mail&uilel=3&ifkv=ASKXGp3c3WC4Zse1Vm6eCJEQx7sl6fd-L8ypXX4gm0LrEYkl6Qr8rKMvQTsWUJj...
https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&ifkv=ASKXGp0E2HGBAZrhx5xhYqQNrWDBzhHN58g8lE9g4jBs6VrBWKKTIk5gCL-ohNvL6K9snMp7HC9QmQ&passiv...

0
0

73ms
73ms

Image
text/html

2a00:1450:400c:c0d::54
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&ifkv=ASKXGp0E2HGBAZrhx5xhYqQNrWDBzhHN58g8lE9g4jBs6VrBWKKTIk5gCL-ohNvL6K9snMp7HC9QmQ&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-1660632531%3A1702594879353206&theme=glif
Requested by: Host: www.fifermods.com
URL: https://www.fifermods.com/
Protocol: H3
Server: 2a00:1450:400c:c0d::54 Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.fifermods.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

Redirect headers

date: Thu, 14 Dec 2023 23:01:19 GMT
strict-transport-security: max-age=31536000; includeSubDomains
content-encoding: gzip
content-security-policy: require-trusted-types-for 'script';report-uri /cspreport, script-src 'report-sample' 'nonce-XaUeydYBvvCCg813eLrxzA' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 405
x-xss-protection: 1; mode=block
pragma: no-cache
server: GSE
x-frame-options: DENY
report-to: {"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]}
content-type: text/html; charset=UTF-8
location: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&ifkv=ASKXGp0E2HGBAZrhx5xhYqQNrWDBzhHN58g8lE9g4jBs6VrBWKKTIk5gCL-ohNvL6K9snMp7HC9QmQ&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-1660632531%3A1702594879353206&theme=glif
cache-control: no-cache, no-store, max-age=0, must-revalidate
cross-origin-opener-policy-report-only: same-origin; report-to="coop_gse_qebhlk"
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H3

403

identifier
accounts.google.com/v3/signin/
Redirect Chain

https://accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube
https://accounts.google.com/InteractiveLogin?continue=https://www.youtube.com/favicon.ico&hl=en&passive=true&service=youtube&uilel=3&ifkv=ASKXGp1dzHgm_FaqqTVetfzYbCDRmw0SARRB6jjzQ9nNRjvbxMOBvpvCPyA...
https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&ifkv=ASKXGp1f9bDe9q0Ibn7WbE6MqdoHVR_67lXKMlgCDb2DcUU1pyFGZzDTQqmsSLtg1BK43HQMBAKLgQ&passi...

0
0

48ms
48ms

Image
text/html

2a00:1450:400c:c0d::54
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&ifkv=ASKXGp1f9bDe9q0Ibn7WbE6MqdoHVR_67lXKMlgCDb2DcUU1pyFGZzDTQqmsSLtg1BK43HQMBAKLgQ&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-1593079165%3A1702594879346636&theme=glif
Requested by: Host: www.fifermods.com
URL: https://www.fifermods.com/
Protocol: H3
Server: 2a00:1450:400c:c0d::54 Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.fifermods.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

Redirect headers

date: Thu, 14 Dec 2023 23:01:19 GMT
strict-transport-security: max-age=31536000; includeSubDomains
content-encoding: gzip
content-security-policy: script-src 'report-sample' 'nonce-Adcu6mqBpOGLeUq6ddiMmg' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport, require-trusted-types-for 'script';report-uri /cspreport
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 409
x-xss-protection: 1; mode=block
pragma: no-cache
server: GSE
x-frame-options: DENY
report-to: {"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]}
content-type: text/html; charset=UTF-8
location: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&ifkv=ASKXGp1f9bDe9q0Ibn7WbE6MqdoHVR_67lXKMlgCDb2DcUU1pyFGZzDTQqmsSLtg1BK43HQMBAKLgQ&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-1593079165%3A1702594879346636&theme=glif
cache-control: no-cache, no-store, max-age=0, must-revalidate
cross-origin-opener-policy-report-only: same-origin; report-to="coop_gse_qebhlk"
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 popunder.gif
unicatethebe.org/ 35 B
531 B 40ms
16ms Image
image/gif 172.67.213.217
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://unicatethebe.org/popunder.gif
Requested by: Host: www.fifermods.com
URL: https://www.fifermods.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.67.213.217 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.fifermods.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: public
date: Thu, 14 Dec 2023 23:01:19 GMT
cf-cache-status: HIT
last-modified: Thu, 14 Dec 2023 15:04:01 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 28638
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gvxznywT6W71CWFZaW7ebJGRT4s%2BxSrQnr0VdaNcH1521ZWwqIkidSJlWRobV2I%2BybRgx3u0Rz%2FRMZIURU92cREPpenrE47H%2FTatOg8VEUUjfu2OWWsVcxJ8q6JDxz%2FKLpKE"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
access-control-allow-origin: *
cache-control: public, max-age=604800, immutable
cf-ray: 835a116b581965ad-FRA
alt-svc: h3=":443"; ma=86400

GET
H2 204 RFVNTzRrai48CRY+GzlWdDl9KWIgDCghfjMNCzsAJx0DKmJ3Ims7XSBodHkEcGZ4aUQtMXB+EjchLDtBN2h8aV0qMyJyEjJofGEHcHt+exp0czhyBWIhPS5TeWRrP0AwOXB+A3RneHYAfGJ0fQV0
unicatethebe.org/ 0
254 B 134ms
111ms Image
text/plain 172.67.213.217
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://unicatethebe.org/RFVNTzRrai48CRY+GzlWdDl9KWIgDCghfjMNCzsAJx0DKmJ3Ims7XSBodHkEcGZ4aUQtMXB+EjchLDtBN2h8aV0qMyJyEjJofGEHcHt+exp0czhyBWIhPS5TeWRrP0AwOXB+A3RneHYAfGJ0fQV0
Requested by: Host: www.fifermods.com
URL: https://www.fifermods.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.67.213.217 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.fifermods.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 14 Dec 2023 23:01:19 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=RL3Q08yNPp%2Bp7Tc3Xbpyc88Fh%2F%2FKi8LZVhE0DZoix%2FWc%2BeXBFWX0eLpIdHTdh0uaUGB7mv5pRQuwTwU2t9FvQYIRoT%2Bd3K26E2u%2BV%2Fl0w0n5IEj9NvG5ZAI%2BwthMRdF99%2B6I"}],"group":"cf-nel","max_age":604800}
access-control-allow-origin: *
cf-ray: 835a116b581a65ad-FRA
alt-svc: h3=":443"; ma=86400

GET
H2 204 UktDUWddVFlHPFJLSxU5Dh1QUG8fDhkNdF5NXVN8Vk5VVnBdS1k
unicatethebe.org/YUlvem1OdgwJUAUfLU43UB8rIzhULDU/IwYaAyAGNR4HMDhTGEkOBAV0VkxdVXpeXB0ILVJLVUc6GxsZFDpSS0sIJwkVUEc/ 0
252 B 125ms
102ms Image
text/plain 172.67.213.217
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://unicatethebe.org/YUlvem1OdgwJUAUfLU43UB8rIzhULDU/IwYaAyAGNR4HMDhTGEkOBAV0VkxdVXpeXB0ILVJLVUc6GxsZFDpSS0sIJwkVUEc/UktDUWddVFlHPFJLSxU5Dh1QUG8fDhkNdF5NXVN8Vk5VVnBdS1k
Requested by: Host: www.fifermods.com
URL: https://www.fifermods.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.67.213.217 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.fifermods.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 14 Dec 2023 23:01:19 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VcrfRB5mwZ4fsLtjbFzJaB8vOOVSc2E4x%2FGOgC8sXRzrS01A5k9d%2Fg3GZtfokPQznmbTgguzps4o%2FsvMWmNyujURtRljhSRe25nkxFkNJz7zglZg0AGnxZMC90tmd5AvWCwy"}],"group":"cf-nel","max_age":604800}
access-control-allow-origin: *
cf-ray: 835a116b581c65ad-FRA
alt-svc: h3=":443"; ma=86400

GET
H2 200 fifa21-realismmod
www.fifermods.com/ 0
5 KB 42ms
39ms Other
text/html 52.17.119.105
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://www.fifermods.com/fifa21-realismmod
Requested by: Host: www.fifermods.com
URL: https://www.fifermods.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 52.17.119.105 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-17-119-105.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.fifermods.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

x-served-by: cache-iad-kjyo7100160-IAD, cache-dub4350-DUB
date: Thu, 14 Dec 2023 23:01:19 GMT
content-encoding: gzip
age: 70325
x-timer: S1702594879.253398,VS0,VE0
x-lambda-id: fba79cbe-ca80-4663-b215-6bb4cae0da89
vary: Accept-Encoding,x-wf-forwarded-proto
x-cache: HIT, HIT
content-type: text/html
accept-ranges: bytes
x-cluster-name: eu-west-1-prod-hosting-red
content-length: 4316
x-cache-hits: 50, 3

GET
H2 200 fifa22-realismmod
www.fifermods.com/ 0
4 KB 43ms
40ms Other
text/html 52.17.119.105
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://www.fifermods.com/fifa22-realismmod
Requested by: Host: www.fifermods.com
URL: https://www.fifermods.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 52.17.119.105 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-17-119-105.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.fifermods.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

x-served-by: cache-iad-kiad7000096-IAD, cache-dub4364-DUB
date: Thu, 14 Dec 2023 23:01:19 GMT
content-encoding: gzip
age: 70325
x-timer: S1702594879.253801,VS0,VE0
x-lambda-id: ed02d42f-da04-429a-9f2c-abef1469aac6
vary: Accept-Encoding,x-wf-forwarded-proto
x-cache: HIT, HIT
content-type: text/html
accept-ranges: bytes
x-cluster-name: eu-west-1-prod-hosting-red
content-length: 3466
x-cache-hits: 1, 2

GET
H2 200 fifa20-realismmod
www.fifermods.com/ 0
5 KB 72ms
68ms Other
text/html 52.17.119.105
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://www.fifermods.com/fifa20-realismmod
Requested by: Host: www.fifermods.com
URL: https://www.fifermods.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 52.17.119.105 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-17-119-105.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.fifermods.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

x-served-by: cache-iad-kcgs7200050-IAD, cache-dub4329-DUB
date: Thu, 14 Dec 2023 23:01:19 GMT
content-encoding: gzip
age: 10924
x-timer: S1702594879.253564,VS0,VE1
x-lambda-id: 0a1e2d6a-41a3-4ac4-b514-c47487a4ed95
vary: Accept-Encoding,x-wf-forwarded-proto
x-cache: HIT, HIT
content-type: text/html
accept-ranges: bytes
x-cluster-name: eu-west-1-prod-hosting-red
content-length: 4511
x-cache-hits: 27, 1

GET
H2 200 other-mods
www.fifermods.com/mods/ 0
3 KB 72ms
69ms Other
text/html 52.17.119.105
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://www.fifermods.com/mods/other-mods
Requested by: Host: www.fifermods.com
URL: https://www.fifermods.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 52.17.119.105 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-17-119-105.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.fifermods.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

x-served-by: cache-iad-kjyo7100178-IAD, cache-dub4328-DUB
date: Thu, 14 Dec 2023 23:01:19 GMT
content-encoding: gzip
age: 40224
x-timer: S1702594879.253904,VS0,VE1
x-lambda-id: d0589909-8824-4bb1-9485-3b417d312d4f
vary: Accept-Encoding,x-wf-forwarded-proto
x-cache: HIT, HIT
content-type: text/html
accept-ranges: bytes
x-cluster-name: eu-west-1-prod-hosting-red
content-length: 2814
x-cache-hits: 5, 1

GET
H2 200 45837 Show response
www.sociablekit.com/app/embed/ Frame B094 31 KB
12 KB 653ms
627ms Document
text/html 2606:4700:20::ac43:464a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.sociablekit.com/app/embed/45837
Requested by: Host: www.fifermods.com
URL: https://www.fifermods.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::ac43:464a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5d72b61d422e2a61bbe8b4019debee3b1e7b76fdb9f6caf9b67afb140d8ce528

Request headers

Referer: https://www.fifermods.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-headers: Authorization
access-control-allow-methods: GET,POST,OPTIONS
access-control-allow-origin: *
access-control-max-age: 1728000
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
cf-cache-status: DYNAMIC
cf-ray: 835a116b5adf5d60-FRA
content-encoding: br
content-type: text/html; charset=UTF-8
date: Thu, 14 Dec 2023 23:01:19 GMT
expires: Thu, 19 Nov 1981 08:52:00 GM
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
pragma: no-cache
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Em63oO%2BOnNdJCS%2B32nIl%2BEwgalVJJr8YC%2F6quoDisiVhUeUrNdhvSH9xWdWvtK7IZQ%2F6km7h2Rzj4a2SNJye19qLN38kViT5KTqki0sFp05cbY%2BX9j9NLdogy9KLqRG2cyuILcJPrlk8zrJWv2DoO0A%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding

GET
H2 200 realismmod
www.patreon.com/ 0
0 789ms
763ms Other
text/html 2606:4700::6810:631
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.patreon.com/realismmod
Requested by: Host: www.fifermods.com
URL: https://www.fifermods.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6810:631 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.fifermods.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

GET
H2 200 FIFER_Mods
twitter.com/ 0
0 149ms
128ms Other
text/html 104.244.42.1
TWITTER

General

Check archive.org

Show headers Download Go to

Full URL: https://twitter.com/FIFER_Mods
Requested by: Host: www.fifermods.com
URL: https://www.fifermods.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.244.42.1 , United States, ASN13414 (TWITTER, US),
Reverse DNS
Software: /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.fifermods.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

GET
H/1.1 200
OK follow_button.html Show response
platform.twitter.com/widgets/ Frame 5970 63 KB
21 KB 35ms
7ms Document
text/html 2606:2800:234:59:254c:406:2366:268c
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/widgets/follow_button.html
Requested by: Host: www.fifermods.com
URL: https://www.fifermods.com/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (frb/67BA) /
Resource Hash: bd065f2a1f2651463c205c5a63374b1bb098612578abc3252e8a73f1b99337c9

Request headers

Referer: https://www.fifermods.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Access-Control-Allow-Methods: GET
Access-Control-Allow-Origin: *
Age: 745
Cache-Control: public, max-age=1800
Content-Encoding: gzip
Content-Length: 20650
Content-Type: text/html; charset=utf-8
Date: Thu, 14 Dec 2023 23:01:19 GMT
Etag: "31eeb809b4e1043ec5d72ddf921539fa+gzip"
Last-Modified: Mon, 11 Dec 2023 17:20:33 GMT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server: ECS (frb/67BA)
Server-Timing: x-cache;desc= HIT,x-tw-cdn;desc=VZ
Vary: Accept-Encoding
X-Cache: HIT
x-amz-server-side-encryption: AES256
x-tw-cdn: VZ

GET
H2

403

m
consent.youtube.com/
Redirect Chain

https://www.youtube.com/c/FIFERMODS
https://consent.youtube.com/m?continue=https%3A%2F%2Fwww.youtube.com%2Fc%2FFIFERMODS%3Fcbrd%3D1&gl=DE&m=0&pc=yt&cm=2&hl=de&src=1

0
0

101ms
41ms

Other
text/html

2a00:1450:4001:80f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://consent.youtube.com/m?continue=https%3A%2F%2Fwww.youtube.com%2Fc%2FFIFERMODS%3Fcbrd%3D1&gl=DE&m=0&pc=yt&cm=2&hl=de&src=1
Requested by: Host: www.fifermods.com
URL: https://www.fifermods.com/
Protocol: H2
Server: 2a00:1450:4001:80f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.fifermods.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

Redirect headers

date: Thu, 14 Dec 2023 23:01:19 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657?hl=de for more info."
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: same-origin-allow-popups; report-to="youtube_main"
server: ESF
x-frame-options: SAMEORIGIN
report-to: {"group":"youtube_main","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube_main"}]}
content-type: application/binary
location: https://consent.youtube.com/m?continue=https%3A%2F%2Fwww.youtube.com%2Fc%2FFIFERMODS%3Fcbrd%3D1&gl=DE&m=0&pc=yt&cm=2&hl=de&src=1
cache-control: no-cache, no-store, max-age=0, must-revalidate
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
origin-trial: AvC9UlR6RDk2crliDsFl66RWLnTbHrDbp+DiY6AYz/PNQ4G4tdUTjrHYr2sghbkhGQAVxb7jaPTHpEVBz0uzQwkAAAB4eyJvcmlnaW4iOiJodHRwczovL3lvdXR1YmUuY29tOjQ0MyIsImZlYXR1cmUiOiJXZWJWaWV3WFJlcXVlc3RlZFdpdGhEZXByZWNhdGlvbiIsImV4cGlyeSI6MTcxOTUzMjc5OSwiaXNTdWJkb21haW4iOnRydWV9
vary: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2

200

DJxMEyk
discord.com/invite/
Redirect Chain

https://discord.gg/DJxMEyk
https://discord.com/invite/DJxMEyk

0
0

290ms
269ms

Other
text/html

162.159.135.232
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://discord.com/invite/DJxMEyk
Requested by: Host: www.fifermods.com
URL: https://www.fifermods.com/
Protocol: H2
Server: 162.159.135.232 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.fifermods.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

Redirect headers

date: Thu, 14 Dec 2023 23:01:19 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
x-frame-options: DENY
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bsEi5nu9dH2SKxW0kndn1ViqEVftBImo%2BWE%2Bkc%2FG3wWgvy0IKkfMG%2FPM8wldo9THwDlp2yumiJJVGLVLZotnK3w4oOMXd1T%2F6z85xQnITriSmrgqeETqGxod4MI%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/plain;charset=UTF-8
location: https://discord.com/invite/DJxMEyk
vary: Accept-Encoding
permissions-policy: interest-cohort=()
x-robots-tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp
cf-ray: 835a116baa68925c-FRA
content-length: 0
x-xss-protection: 1; mode=block

GET
H2

200

/
www.instagram.com/fifermods/
Redirect Chain

https://www.instagram.com/fifermods
https://www.instagram.com/fifermods/

0
0

381ms
381ms

Other
text/html

2a03:2880:f276:e8:face:b00c:0:4420
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL: https://www.instagram.com/fifermods/
Requested by: Host: www.fifermods.com
URL: https://www.fifermods.com/
Protocol: H2
Server: 2a03:2880:f276:e8:face:b00c:0:4420 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software: /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.fifermods.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

Redirect headers

location: https://www.instagram.com/fifermods/
strict-transport-security: max-age=15552000
x-fb-debug: LJNGfR7audTqvyJtmJBqbF64sAWLEoge/Q25omBtgR8E72zf/R50lanQO69DqyWfQGmn81gnkITt5IPeQkQ0+w==
date: Thu, 14 Dec 2023 23:01:19 GMT
alt-svc: h3=":443"; ma=86400
content-length: 0
content-type: text/html; charset="utf-8"

GET
H2

200

fifermodding
www.paypal.com/paypalme/
Redirect Chain

https://paypal.me/fifermodding
https://www.paypal.me/fifermodding
https://www.paypal.com/paypalme/fifermodding

0
0

456ms
434ms

Other
text/html

151.101.65.21
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://www.paypal.com/paypalme/fifermodding
Requested by: Host: www.fifermods.com
URL: https://www.fifermods.com/
Protocol: H2
Server: 151.101.65.21 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.fifermods.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

Redirect headers

x-served-by: cache-fra-etou8220045-FRA, cache-fra-etou8220045-FRA
date: Thu, 14 Dec 2023 23:01:19 GMT
via: 1.1 varnish, 1.1 varnish
strict-transport-security: max-age=63072000; includeSubDomains; preload
traceparent: 00-0000000000000000000f128738f2b9ca-7a65f4b2b0bccd89-01
x-timer: S1702594880.545045,VS0,VE139
x-cache: MISS, MISS
location: https://www.paypal.com/paypalme/fifermodding
paypal-debug-id: f128738f2b9ca
cache-control: max-age=0, no-cache, no-store, must-revalidate
server-timing: content-encoding;desc="",x-cdn;desc="fastly"
accept-ranges: bytes
dc: ccg11-origin-www-1.paypal.com
content-length: 0
x-cache-hits: 0, 0

GET
H2 200 5f482666bce9eca4fc040095_SpaceGrotesk-Bold.otf
uploads-ssl.webflow.com/5f4826660c6a90730a8a0413/ 79 KB
80 KB 98ms
61ms Font
application/x-font-otf 99.84.146.5
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://uploads-ssl.webflow.com/5f4826660c6a90730a8a0413/5f482666bce9eca4fc040095_SpaceGrotesk-Bold.otf
Requested by: Host: assets-global.website-files.com
URL: https://assets-global.website-files.com/5f4826660c6a90730a8a0413/css/fifer-mods.webflow.90e9f54a1.min.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.84.146.5 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-84-146-5.txl52.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 03a3a68706c8a2f44da92c3182d0c9b7db57cd79e4b9720770964dd3af5d27fd

Request headers

Referer: https://assets-global.website-files.com/
Origin: https://www.fifermods.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Fri, 24 Nov 2023 18:38:13 GMT
x-amz-version-id: Y.sCsaH2ZK5EK6VLbgxnPAtik.HmORtO
via: 1.1 960b0b60c4f1507c51c75d8f9ab0dc90.cloudfront.net (CloudFront)
age: 1743787
x-amz-cf-pop: TXL52-C1
x-cache: Hit from cloudfront
content-length: 81060
last-modified: Thu, 27 Aug 2020 21:32:25 GMT
server: AmazonS3
etag: "5b6a83355a07337cc870891fe3d6cc90"
access-control-max-age: 3000
access-control-allow-methods: GET, HEAD
content-type: application/x-font-otf
access-control-allow-origin: *
cache-control: max-age=31536000, must-revalidate
accept-ranges: bytes
x-amz-cf-id: x_EUzZX2ot0sAW8WihmGdr_9jUxoGChhBsyJU6BweH_iseZ3B8uv3g==

GET
H2 200 5f482666bce9ecb32e040097_SpaceGrotesk-Medium.otf
uploads-ssl.webflow.com/5f4826660c6a90730a8a0413/ 77 KB
78 KB 91ms
54ms Font
application/x-font-otf 99.84.146.5
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://uploads-ssl.webflow.com/5f4826660c6a90730a8a0413/5f482666bce9ecb32e040097_SpaceGrotesk-Medium.otf
Requested by: Host: assets-global.website-files.com
URL: https://assets-global.website-files.com/5f4826660c6a90730a8a0413/css/fifer-mods.webflow.90e9f54a1.min.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.84.146.5 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-84-146-5.txl52.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: b4c57530869a39735d3159065d4c92baee5ace55349f1f4d871599cf0e7d1ba4

Request headers

Referer: https://assets-global.website-files.com/
Origin: https://www.fifermods.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Sun, 01 Oct 2023 15:45:31 GMT
x-amz-version-id: MPdm_ojB0.lgtRv2NHm5b08P0hXztDZ1
via: 1.1 960b0b60c4f1507c51c75d8f9ab0dc90.cloudfront.net (CloudFront)
last-modified: Thu, 27 Aug 2020 21:32:25 GMT
server: AmazonS3
age: 6419749
x-amz-cf-pop: TXL52-C1
etag: "07229533fad39ba822666b4724928cfa"
x-cache: Hit from cloudfront
content-type: application/x-font-otf
access-control-allow-origin: *
cache-control: max-age=31536000, must-revalidate
accept-ranges: bytes
content-length: 78952
x-amz-cf-id: oOprYlpv-G6EIMjgtXlZ3K4tuIxyBKYviHE6_Lb_q7afsLQxglK72g==

GET
H2 200 5f482666bce9ec851e040110_SpaceGrotesk-Regular.otf
uploads-ssl.webflow.com/5f4826660c6a90730a8a0413/ 62 KB
63 KB 65ms
28ms Font
application/x-font-otf 99.84.146.5
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://uploads-ssl.webflow.com/5f4826660c6a90730a8a0413/5f482666bce9ec851e040110_SpaceGrotesk-Regular.otf
Requested by: Host: assets-global.website-files.com
URL: https://assets-global.website-files.com/5f4826660c6a90730a8a0413/css/fifer-mods.webflow.90e9f54a1.min.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.84.146.5 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-84-146-5.txl52.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 5f81f66e7c127b280dee9ac61bae4d734cf888cf7bbbc23b44b869787537cfbc

Request headers

Referer: https://assets-global.website-files.com/
Origin: https://www.fifermods.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Sat, 23 Sep 2023 17:55:22 GMT
x-amz-version-id: LaN97o2B3H1QSq4UANhCSNBfaXa.WMoL
via: 1.1 960b0b60c4f1507c51c75d8f9ab0dc90.cloudfront.net (CloudFront)
age: 7103158
x-amz-cf-pop: TXL52-C1
x-cache: Hit from cloudfront
content-length: 63492
last-modified: Thu, 27 Aug 2020 21:32:27 GMT
server: AmazonS3
etag: "2d57723f8c32cd72c80ea185b19e3616"
access-control-max-age: 3000
access-control-allow-methods: GET, HEAD
content-type: application/x-font-otf
access-control-allow-origin: *
cache-control: max-age=31536000, must-revalidate
accept-ranges: bytes
x-amz-cf-id: sTDjyuY-cAtukKdBqUDPa7sfB32aZmLZ97EK-t3eHxa3Ta4mdqgycg==

GET
H2 200 5f482666bce9ec3a29040096_SpaceGrotesk-SemiBold.otf
uploads-ssl.webflow.com/5f4826660c6a90730a8a0413/ 78 KB
78 KB 79ms
43ms Font
application/x-font-otf 99.84.146.5
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://uploads-ssl.webflow.com/5f4826660c6a90730a8a0413/5f482666bce9ec3a29040096_SpaceGrotesk-SemiBold.otf
Requested by: Host: assets-global.website-files.com
URL: https://assets-global.website-files.com/5f4826660c6a90730a8a0413/css/fifer-mods.webflow.90e9f54a1.min.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.84.146.5 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-84-146-5.txl52.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 62c5f3d243cc0ca76dd629b71975c00f58d0feb938ad09c98d42af241cf8eef0

Request headers

Referer: https://assets-global.website-files.com/
Origin: https://www.fifermods.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Sun, 01 Oct 2023 15:45:31 GMT
x-amz-version-id: 2faRXwBQg9gOOasCuO9vZPc6Eaem3_Lp
via: 1.1 960b0b60c4f1507c51c75d8f9ab0dc90.cloudfront.net (CloudFront)
last-modified: Thu, 27 Aug 2020 21:32:25 GMT
server: AmazonS3
age: 6419749
x-amz-cf-pop: TXL52-C1
etag: "db8890a7c9c0004820deff8bcf72ed27"
x-cache: Hit from cloudfront
content-type: application/x-font-otf
access-control-allow-origin: *
cache-control: max-age=31536000, must-revalidate
accept-ranges: bytes
content-length: 79852
x-amz-cf-id: OAtArOVb-To3DnB941l5-Rjd0RTsNR5izGmaurS9YHuTwBjKfUfswA==

GET
H2 200 6360e06be0286aa4336194e6_FIFERS-FIFA-23-REALISM-MOD-OPENING-SPLASH-SCREEN-p-800.png
assets-global.website-files.com/5f4826660c6a90730a8a0413/ 213 KB
213 KB 57ms
56ms Image
image/png 2600:9000:2260:2400:12:9e5f:cac0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets-global.website-files.com/5f4826660c6a90730a8a0413/6360e06be0286aa4336194e6_FIFERS-FIFA-23-REALISM-MOD-OPENING-SPLASH-SCREEN-p-800.png
Requested by: Host: www.fifermods.com
URL: https://www.fifermods.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2260:2400:12:9e5f:cac0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 8c05b7200590e5e308649ebb7a8adb74a3b2b7bf1b72b035845cc236e7a9067b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.fifermods.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Fri, 24 Nov 2023 18:38:12 GMT
x-amz-version-id: pFEDDWrcNXKNxB3O3v8VP7fdOIlDubK3
via: 1.1 1bccf6a872dd296ef2ffc6656debd1f0.cloudfront.net (CloudFront)
age: 1743788
x-amz-cf-pop: TXL50-P3
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-length: 217688
last-modified: Tue, 01 Nov 2022 09:02:31 GMT
server: AmazonS3
etag: "d229fa9ac261d1cf736759fbba4d624f"
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=31536000, must-revalidate
accept-ranges: bytes
x-amz-cf-id: OtPNFT9hXJpn8tImni8MZJ4imIvFLeCYgXNk_w7P_94uW3wNxbaTvw==

GET
H2 200 605580d51a82e7f8c80ac442_IMstudiomods%20(2).png
assets-global.website-files.com/5f4826660c6a90730a8a0413/ 20 KB
21 KB 41ms
41ms Image
image/png 2600:9000:2260:2400:12:9e5f:cac0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets-global.website-files.com/5f4826660c6a90730a8a0413/605580d51a82e7f8c80ac442_IMstudiomods%20(2).png
Requested by: Host: www.fifermods.com
URL: https://www.fifermods.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2260:2400:12:9e5f:cac0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 8fe2bc50ca90d672f435b63b569325b582383587f6e930bc80c6324445b36ff4

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.fifermods.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 14 Dec 2023 18:40:08 GMT
x-amz-version-id: VoJfl7OD.j5KD4EpOws6WqUESU3p_NV4
via: 1.1 1bccf6a872dd296ef2ffc6656debd1f0.cloudfront.net (CloudFront)
age: 15672
x-amz-cf-pop: TXL50-P3
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-length: 20639
last-modified: Sat, 20 Mar 2021 04:57:59 GMT
server: AmazonS3
etag: "93e141dd58db46d9be3add5a5cfa391a"
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=31536000, must-revalidate
accept-ranges: bytes
x-amz-cf-id: wscBwsv4p2LPkI5M8zrSDD8M_GnM7O_IXx4EnmdGjYFUZutViXmEAQ==

GET
H3 200 show_ads_impl_with_ama_fy2021.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202312070101/ 399 KB
135 KB 78ms
78ms Script
text/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202312070101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-2575916601382163&plah=www.fifermods.com

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-2575916601382163

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

6087f2cae771671a0d11e0ca2c15492cb73728fdea6c94063ef91ef0710cf785

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.fifermods.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 14 Dec 2023 23:01:19 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 137956
x-xss-protection: 0
server: cafe
etag: 8853326046741055003
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Thu, 14 Dec 2023 23:01:19 GMT

GET
H2 200 zrt_lookup_fy2021.html Show response
googleads.g.doubleclick.net/pagead/html/r20231207/r20190131/ Frame 1DE9 9 KB
4 KB 45ms
6ms Document
text/html 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20231207/r20190131/zrt_lookup_fy2021.html

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-2575916601382163

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

1fc8dfdb8f646e934bf93bc6f793604bb12c6b304c04ac509aa86cdc1a2dbbea

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.fifermods.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 33101
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4130
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 14 Dec 2023 13:49:38 GMT
etag: 5585625838579639069
expires: Thu, 28 Dec 2023 13:49:38 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 74061f08793737e9374dd85cd2233d3c.js Show response
scripts.cleverwebserver.com/ 130 KB
47 KB 95ms
64ms Script
application/javascript 2606:4700:4400::ac40:919c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://scripts.cleverwebserver.com/74061f08793737e9374dd85cd2233d3c.js
Requested by: Host: www.fifermods.com
URL: https://www.fifermods.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:4400::ac40:919c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 95437c3c93656ab8dff0aab808c0337a0e37dc46fd591921659d4e03d77d6daa

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.fifermods.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 14 Dec 2023 23:01:19 GMT
x-amz-version-id: qrJwchN316uXQiCxqOALuk4FfNjt89iN
content-encoding: br
cf-cache-status: REVALIDATED
last-modified: Thu, 14 Dec 2023 15:22:13 GMT
server: cloudflare
x-amz-request-id: ECR3V4SEDNFWJV7P
etag: W/"02ba201860111c37a4bd6905b0966570"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=1800
cf-ray: 835a116c2ff34d80-FRA
x-amz-id-2: S/LPbmFq39yHF9r41nA29i32br+20lk7sUCZ8eeTBJtkVJ0AmdPGgTDYr57K7juFpIsCDZ2N6vs=
expires: Thu, 14 Dec 2023 23:31:19 GMT

GET
DATA 200
OK truncated
/ Frame 5970 471 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 844208d3f740c48ca14df4373b0d232cb9e81f3934b53114833ca717b03a90f5

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H2 200 embeds
syndication.twitter.com/i/jot/ Frame 5970 43 B
294 B 142ms
119ms Image
image/gif 104.244.42.8
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://syndication.twitter.com/i/jot/embeds?dnt=1&l=%7B%22message%22%3A%22m%3Anocount%3A%22%2C%22widget_origin%22%3A%22https%3A%2F%2Fwww.fifermods.com%2F%22%2C%22widget_frame%22%3A%7B%22ancestorOrigins%22%3A%7B%220%22%3A%22https%3A%2F%2Fwww.fifermods.com%22%7D%2C%22href%22%3A%22https%3A%2F%2Fplatform.twitter.com%2Fwidgets%2Ffollow_button.html%23dnt%3Dtrue%26height%3D20%26screen_name%3DFIFER_Mods%26show_count%3Dfalse%26size%3Dm%26width%3D100%2525%22%2C%22origin%22%3A%22https%3A%2F%2Fplatform.twitter.com%22%2C%22protocol%22%3A%22https%3A%22%2C%22host%22%3A%22platform.twitter.com%22%2C%22hostname%22%3A%22platform.twitter.com%22%2C%22port%22%3A%22%22%2C%22pathname%22%3A%22%2Fwidgets%2Ffollow_button.html%22%2C%22search%22%3A%22%22%2C%22hash%22%3A%22%23dnt%3Dtrue%26height%3D20%26screen_name%3DFIFER_Mods%26show_count%3Dfalse%26size%3Dm%26width%3D100%2525%22%7D%2C%22_category_%22%3A%22tfw_client_event%22%2C%22triggered_on%22%3A1702594879344%2C%22dnt%22%3Atrue%2C%22client_version%22%3A%222615f7e52b7e0%3A1702314776716%22%2C%22format_version%22%3A1%2C%22event_namespace%22%3A%7B%22client%22%3A%22tfw%22%2C%22page%22%3A%22button%22%2C%22section%22%3A%22follow%22%2C%22action%22%3A%22impression%22%7D%7D

Requested by

Host: platform.twitter.com
URL: https://platform.twitter.com/widgets/follow_button.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.244.42.8 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://platform.twitter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

x-response-time: 112
date: Thu, 14 Dec 2023 23:01:19 GMT
strict-transport-security: max-age=631138519
last-modified: Thu, 14 Dec 2023 23:01:19 GMT
server: tsa_o
vary: Origin
content-type: image/gif
x-transaction-id: 60b55d90efb5db45
cache-control: must-revalidate, max-age=600
perf: 7469935968
x-connection-hash: b28ec48074a5929d0570afc27c35d8d543352c869f993b7642cd4f41b9e6bdce
content-length: 43

GET
H2 200 1Umhvc2wxBwEVUyYBC05VZFhbQVV0AhwcAiJVJDs5YF4rNy8gLAVVGCgMUkJKPgkBFFF0DQEQUWNODhcOb1hJBxw9A1IYDjcHGhQePQsEVRkzVQIcFjsEAxJJYC5aXVx3Wl9bGzsGCxwbIU1dQwImTV1DXWJGX1ZfEE1dQxs7BllHSWEqSkFcKl5bWklgWA-4DHD4... Show response
d3vw4uehoh23hx.cloudfront.net/ 939 B
912 B 176ms
176ms Script
text/plain 2600:9000:225a:6400:e:be87:cd40:21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://d3vw4uehoh23hx.cloudfront.net/1Umhvc2wxBwEVUyYBC05VZFhbQVV0AhwcAiJVJDs5YF4rNy8gLAVVGCgMUkJKPgkBFFF0DQEQUWNODhcOb1hJBxw9A1IYDjcHGhQePQsEVRkzVQIcFjsEAxJJYC5aXVx3Wl9bGzsGCxwbIU1dQwImTV1DXWJGX1ZfEE1dQxs7BllHSWEqSkFcKl5bWklgWA-4DHD4NGBYOOQEbVl4UXVxEQmFeSkFcegMHBwE+TV0wSWBYAxoHN01dQws3CwQcRXdaXxAEIAcCFklgLl5BXHxYQUVca1FBQlxrTV1DHzMODgEFd1opRl9lRlxFSidVXg
Requested by: Host: d3vw4uehoh23hx.cloudfront.net
URL: https://d3vw4uehoh23hx.cloudfront.net/?euwvd=960429
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:225a:6400:e:be87:cd40:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: f9892bb1011c29b51b478b279c86a4bf87c08901be41a9a3c441f0cc0e833f00

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.fifermods.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 14 Dec 2023 23:01:19 GMT
content-encoding: gzip
via: 1.1 eeeb5087a36839b2299b9c53f96feb8e.cloudfront.net (CloudFront)
x-amz-cf-pop: TXL50-P1
x-cache: Miss from cloudfront
access-control-allow-origin: *
cache-control: max-age=31556926
content-length: 635
x-amz-cf-id: s-dPN_4sXpBosB8ePsrXWqrNVEv-OgV87WojpUgGBLzXDaiSnrMw5A==

GET
H2 200 Db3QwdXoMG14TRRsdVEhDWUQERk9JHkMaFB9JYhssPRoCHQMJE0ItGEkAShFHXlJcFBQISRYQFAxJAVMbCxYNRVwbBF8eRwQWVRoPCAZfFhFJAVFIFwAOWRkWDlECM09BRBVHSkcDWRseAANDUEhfGkRQSF9FAFtKSkdyUEhfA1kbTFtRAzdfXURIQ05GUQ-JFGx8... Show response
d3vw4uehoh23hx.cloudfront.net/ 913 B
915 B 180ms
179ms Script
text/plain 2600:9000:225a:6400:e:be87:cd40:21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://d3vw4uehoh23hx.cloudfront.net/Db3QwdXoMG14TRRsdVEhDWUQERk9JHkMaFB9JYhssPRoCHQMJE0ItGEkAShFHXlJcFBQISRYQFAxJAVMbCxYNRVwbBF8eRwQWVRoPCAZfFhFJAVFIFwAOWRkWDlECM09BRBVHSkcDWRseAANDUEhfGkRQSF9FAFtKSkdyUEhfA1kbTFtRAzdfXURIQ05GUQ-JFGx8EXBANChZbHA5KRnZASVhaA0NfXUQYHhIbGVxQSCxRAkUWBh9VUEhfE1UWEQBdFUdKDBxCGhcKUQIzS11EHkVUWUQJTFReRAlQSF8HURMbHR0VRzxaRwdbSVlSRUhL
Requested by: Host: d3vw4uehoh23hx.cloudfront.net
URL: https://d3vw4uehoh23hx.cloudfront.net/?euwvd=960429
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:225a:6400:e:be87:cd40:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: cd4b4ef2273d11d939cbb51a8a17f2bf456aca54bef585145e2caeb979223d91

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.fifermods.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 14 Dec 2023 23:01:19 GMT
content-encoding: gzip
via: 1.1 eeeb5087a36839b2299b9c53f96feb8e.cloudfront.net (CloudFront)
x-amz-cf-pop: TXL50-P1
x-cache: Miss from cloudfront
access-control-allow-origin: *
cache-control: max-age=31556926
content-length: 638
x-amz-cf-id: icNT-fwmiqODEDN7AhEbX1Kvdvl2du6zkpGcVZ2jhCNn0SejegWU3w==

GET
H2 200 ORwXPiluOzI6PyMiGj5rdRsCNGRiSRQxNzRSXjU3MFJJdjg3DUVgfyYORT02KQYUPDh2XT5ld2NKSmBxJAYWNDYkHF1iaT0bXWJpYl9WYHxgLV1iaSQGFmZtdlw6dWtjF05kcHZdSDEpIwMdJzwxBBEkfGEpTWNufV-xOdWtjRxM4LT4DXWIadl1IPDA4Cl1iaTQK... Show response
d3vw4uehoh23hx.cloudfront.net/mWVNveFA6PAEeby06C0Vpb2NbS2F/ 189 B
462 B 172ms
171ms Script
text/plain 2600:9000:225a:6400:e:be87:cd40:21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://d3vw4uehoh23hx.cloudfront.net/mWVNveFA6PAEeby06C0Vpb2NbS2F/ORwXPiluOzI6PyMiGj5rdRsCNGRiSRQxNzRSXjU3MFJJdjg3DUVgfyYORT02KQYUPDh2XT5ld2NKSmBxJAYWNDYkHF1iaT0bXWJpYl9WYHxgLV1iaSQGFmZtdlw6dWtjF05kcHZdSDEpIwMdJzwxBBEkfGEpTWNufV-xOdWtjRxM4LT4DXWIadl1IPDA4Cl1iaTQKGzs2ekpKYDo7HRc9PHZdPmFrY0FIfm9jVkF+aGNWXWJpIA4eMSs6SkoWbGBYVmNvdRpFYQ
Requested by: Host: d3vw4uehoh23hx.cloudfront.net
URL: https://d3vw4uehoh23hx.cloudfront.net/?euwvd=960429
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:225a:6400:e:be87:cd40:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: f79c8b55613c2ed9281fb8e4b2f7e6214011d231c2fbc27571fb9732e25a3680

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.fifermods.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 14 Dec 2023 23:01:19 GMT
content-encoding: gzip
via: 1.1 eeeb5087a36839b2299b9c53f96feb8e.cloudfront.net (CloudFront)
x-amz-cf-pop: TXL50-P1
x-cache: Miss from cloudfront
access-control-allow-origin: *
cache-control: max-age=31556926
content-length: 185
x-amz-cf-id: cgjlyPuQ3iA5KQrlV4OoblyR6hFE4PgM42PpUAPyAEUq4USyZhaktw==

GET
H2 200 / Show response
ui.cleverwebserver.com/ 159 B
383 B 38ms
28ms Script
application/javascript 2606:4700:4400::ac40:919c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ui.cleverwebserver.com/
Requested by: Host: www.fifermods.com
URL: https://www.fifermods.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:4400::ac40:919c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2b563bb990f539a48a217e8d0ea0dcbe5001c02b2519aaa7d75747527563eb1d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.fifermods.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 14 Dec 2023 23:01:19 GMT
content-encoding: br
cf-cache-status: DYNAMIC
server: cloudflare
access-control-allow-methods: GET, PUT, POST, DELETE, PATCH, OPTIONS
content-type: application/javascript
access-control-allow-origin: *
access-control-expose-headers: *
cf-ray: 835a116cb8584d80-FRA
access-control-allow-headers: DNT,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Authorization

GET
H2 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 2A0A 394 KB
86 KB 848ms
848ms Document
text/html 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2575916601382163&output=html&adk=1812271804&adf=3025194257&lmt=1702594879&plat=2%3A16777216%2C9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C41%3A32%2C42%3A32&plas=140x945_l%7C140x945_r&format=0x0&url=https%3A%2F%2Fwww.fifermods.com%2F&ea=0&pra=5&wgl=1&easpi=0&asro=0&asiscm=1&aslmt=0.4&asamt=-1&asedf=0&asefa=1&aseiel=1~2~4~6&aslcwct=150&asacwct=25&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1702594879256&bpp=4&bdt=331&idt=225&shv=r20231207&mjsv=m202312070101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=5814379461392&frm=20&pv=2&ga_vid=111540019.1702594879&ga_sid=1702594879&ga_hid=2004749650&ga_fc=0&u_tz=60&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C31079979%2C42532524%2C44785294%2C95320885&oid=2&pvsid=3081681150647098&tmod=667205178&uas=0&nvt=1&fsapi=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=1&uci=a!1&fsb=1&dtd=236

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202312070101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-2575916601382163&plah=www.fifermods.com

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef18198d8cf046833dfb79b0543246b4ad90bea839f33647f6377566c8378236

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.fifermods.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 87782
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 14 Dec 2023 23:01:20 GMT
expires: Thu, 14 Dec 2023 23:01:20 GMT
observe-browsing-topics: ?1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ 0
20 B 41ms
41ms Image
image/gif 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=ach_evt&tn=DIV&cls=navbar%20transparent-nav%20w-nav&ign=false&pw=1600&ph=1200&x=0&y=0

Requested by

Host: www.fifermods.com
URL: https://www.fifermods.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.fifermods.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 14 Dec 2023 23:01:19 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 2F2A 152 KB
44 KB 488ms
488ms Document
text/html 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2575916601382163&output=html&h=90&slotname=1583562955&adk=1609618297&adf=3610118697&pi=t.ma~as.1583562955&w=728&lmt=1702594879&format=728x90&url=https%3A%2F%2Fwww.fifermods.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1702594879260&bpp=1&bdt=335&idt=234&shv=r20231207&mjsv=m202312070101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=5814379461392&frm=20&pv=1&ga_vid=111540019.1702594879&ga_sid=1702594879&ga_hid=2004749650&ga_fc=0&u_tz=60&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=436&ady=635&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C31079979%2C42532524%2C44785294%2C95320885&oid=2&pvsid=3081681150647098&tmod=667205178&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeE%7C&abl=CS&pfx=0&fu=0&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=a!2&fsb=1&dtd=236

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9d8c9f33b16bf4baaf3026a0f7f1a330cfe349a22cfdacd10858ab8ef3d37130

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.fifermods.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 44386
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 14 Dec 2023 23:01:19 GMT
expires: Thu, 14 Dec 2023 23:01:19 GMT
observe-browsing-topics: ?1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 164E 25 KB
11 KB 381ms
381ms Document
text/html 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2575916601382163&output=html&h=90&slotname=8687599108&adk=527282194&adf=2440769997&pi=t.ma~as.8687599108&w=728&lmt=1702594879&format=728x90&url=https%3A%2F%2Fwww.fifermods.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1702594879262&bpp=1&bdt=337&idt=235&shv=r20231207&mjsv=m202312070101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C728x90&nras=1&correlator=5814379461392&frm=20&pv=1&ga_vid=111540019.1702594879&ga_sid=1702594879&ga_hid=2004749650&ga_fc=0&u_tz=60&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=436&ady=3411&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C31079979%2C42532524%2C44785294%2C95320885&oid=2&pvsid=3081681150647098&tmod=667205178&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=3&uci=a!3&btvi=1&fsb=1&dtd=236

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

6d64214135597e3d55f11b45f9660c5b2c6639a7f185f147ea551cfe3621ceca

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.fifermods.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 11079
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 14 Dec 2023 23:01:19 GMT
expires: Thu, 14 Dec 2023 23:01:19 GMT
observe-browsing-topics: ?1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 541B 45 KB
18 KB 393ms
393ms Document
text/html 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2575916601382163&output=html&h=90&slotname=4967845940&adk=2824991640&adf=3631225521&pi=t.ma~as.4967845940&w=728&lmt=1702594879&format=728x90&url=https%3A%2F%2Fwww.fifermods.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1702594879262&bpp=1&bdt=337&idt=237&shv=r20231207&mjsv=m202312070101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C728x90%2C728x90&nras=1&correlator=5814379461392&frm=20&pv=1&ga_vid=111540019.1702594879&ga_sid=1702594879&ga_hid=2004749650&ga_fc=0&u_tz=60&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C31079979%2C42532524%2C44785294%2C95320885&oid=2&pvsid=3081681150647098&tmod=667205178&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7ConepEr%7C&abl=CS&pfx=0&fu=32768&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=4&uci=a!4&fsb=1&dtd=240

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

afc255e8e374a37c6529b58332a3463993ac1e7b9cc4da408b4900692ed46339

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.fifermods.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 18060
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 14 Dec 2023 23:01:19 GMT
expires: Thu, 14 Dec 2023 23:01:19 GMT
observe-browsing-topics: ?1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 /
call.cleverwebserver.com/ 43 B
105 B 55ms
39ms Image
image/gif 2606:4700:4400::ac40:919c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://call.cleverwebserver.com/?id=32335&c=DE&r=BY&l=42&b=Chrome&os=Win10&mob=0&v=1.60.5&ref=aHR0cHM6Ly93d3cuZmlmZXJtb2RzLmNvbS8%3D&ruri=&iv=-1&ctr=DE&sz=1200
Requested by: Host: www.fifermods.com
URL: https://www.fifermods.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:4400::ac40:919c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: aa03dc59bdca72631d2301e4297cfa030bd31b907dc138e7b973d12311c90a22

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.fifermods.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 14 Dec 2023 23:01:19 GMT
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 835a116d08924d80-FRA
content-length: 43
content-type: image/gif

GET
H2 200 embed_iframe.php
www.sociablekit.com/app/libs/css/ Frame B094 247 B
556 B 194ms
193ms Stylesheet
text/css 2606:4700:20::ac43:464a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.sociablekit.com/app/libs/css/embed_iframe.php
Requested by: Host: www.sociablekit.com
URL: https://www.sociablekit.com/app/embed/45837
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::ac43:464a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3aa28d56bc3f834097bb4cb2ea00bb917eb479d4bbf40bc60f78419792b6d6b1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.sociablekit.com/app/embed/45837
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 14 Dec 2023 23:01:20 GMT
content-encoding: br
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
pragma: no-cache
server: cloudflare
access-control-max-age: 1728000
access-control-allow-methods: GET,POST,OPTIONS
content-type: text/css; charset: UTF-8;charset=UTF-8
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qdX7ZNlEehv6%2BtDG7350RHT%2F5H%2BZDcsQqglJ8yYq4POlX9k%2FmUt8kK2PgjHWEQpNZgu2NMb5zvau6uTx3xJ%2Bu2hLLJLFSZzsr1xAZY2QFEVQ0OsZiTV393qY%2Bh4erNIsuRtOurEjriE4yhtpOmhTPr8%3D"}],"group":"cf-nel","max_age":604800}
cache-control: no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
access-control-allow-credentials: true
vary: Accept-Encoding
cf-ray: 835a116f5f7f5d60-FRA
access-control-allow-headers: Authorization
expires: 0

GET
H2

200

widget.js Show response
widgets.sociablekit.com/youtube-channel-videos/ Frame B094
Redirect Chain

https://www.sociablekit.com/app/embed/youtube-channel-videos/widget.js
https://widgets.sociablekit.com/youtube-channel-videos/widget.js

86 KB
20 KB

614ms
302ms

Script
application/javascript

137.220.35.134
AS-CHOOPA

General

Check archive.org

Show headers Download Go to

Full URL: https://widgets.sociablekit.com/youtube-channel-videos/widget.js
Requested by: Host: www.sociablekit.com
URL: https://www.sociablekit.com/app/embed/45837
Protocol: H2
Server: 137.220.35.134 Kent, United States, ASN20473 (AS-CHOOPA, US),
Reverse DNS: 137.220.35.134.vultrusercontent.com
Software: nginx /
Resource Hash: 2e13d76f6d9a411a81f73defde43ae36192e1f0d93ecdbb13c7f7ef56bfc8b3f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.sociablekit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache, no-cache
date: Thu, 14 Dec 2023 23:01:20 GMT
content-encoding: gzip
server: nginx
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: *
cache-control: no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
access-control-allow-credentials: true
x-robots-tag: noindex, nofollow
access-control-allow-headers: access
content-length: 20259
expires: 0, Thu, 19 Nov 1981 08:52:00 GM

Redirect headers

date: Thu, 14 Dec 2023 23:01:20 GMT
cf-cache-status: EXPIRED
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
access-control-max-age: 1728000
access-control-allow-methods: GET,POST,OPTIONS
content-type: text/html; charset=iso-8859-1
location: https://widgets.sociablekit.com/youtube-channel-videos/widget.js
access-control-allow-origin: *
cache-control: max-age=16070400
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=SOcSmvIVfZioGFS50zt%2FAiVIr%2FUZGd9jpavX0VxmdFX5xS%2BWSWoWssoeIf8311x1LW%2FA569pnMAdNRV3oiYuilPaXRVwe2yM4ZW6cblU79i%2BtLFuWUHagpiejCdbFWTWDuljg5hKrtpQbtvpzhoZV8g%3D"}],"group":"cf-nel","max_age":604800}
vary: Accept-Encoding
cf-ray: 835a116f5f815d60-FRA
access-control-allow-headers: Authorization

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 164E 42 B
63 B 43ms
43ms Image
image/gif 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-BMydiAJ0_n1njIVA6XdPAdHcxvGmilhvGWjuotK24gODN4YKIqnOLzt59foEdiAVaEOVmIgnNm71RCGNfiA7MrZ6BK-MOANXquwl2ykhl7-TjXE_8

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2575916601382163&output=html&h=90&slotname=8687599108&adk=527282194&adf=2440769997&pi=t.ma~as.8687599108&w=728&lmt=1702594879&format=728x90&url=https%3A%2F%2Fwww.fifermods.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1702594879262&bpp=1&bdt=337&idt=235&shv=r20231207&mjsv=m202312070101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C728x90&nras=1&correlator=5814379461392&frm=20&pv=1&ga_vid=111540019.1702594879&ga_sid=1702594879&ga_hid=2004749650&ga_fc=0&u_tz=60&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=436&ady=3411&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C31079979%2C42532524%2C44785294%2C95320885&oid=2&pvsid=3081681150647098&tmod=667205178&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=3&uci=a!3&btvi=1&fsb=1&dtd=236

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 14 Dec 2023 23:01:19 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 dv3.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame 164E 89 KB
31 KB 56ms
55ms Script
text/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/dv3.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

38eb0379c855f10a0e69073af6b54582216fa37b7e2b1563a1246bbf1ef49642

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 14 Dec 2023 23:01:19 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 31485
x-xss-protection: 0
server: cafe
etag: 7119415641918660631
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=600
timing-allow-origin: *
expires: Thu, 14 Dec 2023 23:01:19 GMT

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231207/r20110914/client/ Frame 164E 3 KB
1 KB 36ms
13ms Script
text/javascript 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231207/r20110914/client/window_focus_fy2021.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 14 Dec 2023 08:48:30 GMT
content-encoding: br
x-content-type-options: nosniff
age: 51169
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 28 Dec 2023 08:48:30 GMT

GET
H2 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231207/r20110914/client/ Frame 164E 20 KB
8 KB 42ms
8ms Script
text/javascript 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231207/r20110914/client/qs_click_protection_fy2021.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8d6679c1ce1ac8605f5c410f30d1b06713479732043b75e81130cbe21b60e579

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 14 Dec 2023 01:54:19 GMT
content-encoding: br
x-content-type-options: nosniff
age: 76020
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8571
x-xss-protection: 0
server: cafe
etag: 5853369240893788875
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 28 Dec 2023 01:54:19 GMT

GET
H2 200 ufs_web_display.js Show response
www.googletagservices.com/activeview/js/current/ Frame 164E 203 KB
64 KB 83ms
49ms Script
text/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

566012676f5d43acfea4dc0bc5d9bb2c0805d8775fcdd081b1c895310956829a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 14 Dec 2023 23:01:19 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 65731
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1702472459035717"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 14 Dec 2023 23:01:19 GMT

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame A451 624 B
246 B 47ms
47ms Document
text/html 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxj-rbvGATAB&v=APEucNVTXdu-KlEIKsUQeoXUZusq3HboeXXEnQZvIWIqFcl0r5Ciw4KXFAMZ5S-PKdCml9fK01xQB5UzRqPhQVzpDRKgHV9lIWxxAF-U7Be6NBbnOz7QueErk9cfwQ2CUjxeRtfLA5VR_F-hHQwc2naEE5TOPu0PieeXqDkHpZHtH44lmqHh8Yc

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2575916601382163&output=html&h=90&slotname=8687599108&adk=527282194&adf=2440769997&pi=t.ma~as.8687599108&w=728&lmt=1702594879&format=728x90&url=https%3A%2F%2Fwww.fifermods.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1702594879262&bpp=1&bdt=337&idt=235&shv=r20231207&mjsv=m202312070101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C728x90&nras=1&correlator=5814379461392&frm=20&pv=1&ga_vid=111540019.1702594879&ga_sid=1702594879&ga_hid=2004749650&ga_fc=0&u_tz=60&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=436&ady=3411&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C31079979%2C42532524%2C44785294%2C95320885&oid=2&pvsid=3081681150647098&tmod=667205178&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=3&uci=a!3&btvi=1&fsb=1&dtd=236
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 222
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 14 Dec 2023 23:01:19 GMT
expires: Thu, 14 Dec 2023 23:01:19 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 sdk.js Show response
adsdk.microsoft.com/native-to-display/ Frame 541B 94 KB
38 KB 91ms
26ms Script
application/javascript 2620:1ec:bdf::45
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://adsdk.microsoft.com/native-to-display/sdk.js
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2575916601382163&output=html&h=90&slotname=4967845940&adk=2824991640&adf=3631225521&pi=t.ma~as.4967845940&w=728&lmt=1702594879&format=728x90&url=https%3A%2F%2Fwww.fifermods.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1702594879262&bpp=1&bdt=337&idt=237&shv=r20231207&mjsv=m202312070101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C728x90%2C728x90&nras=1&correlator=5814379461392&frm=20&pv=1&ga_vid=111540019.1702594879&ga_sid=1702594879&ga_hid=2004749650&ga_fc=0&u_tz=60&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C31079979%2C42532524%2C44785294%2C95320885&oid=2&pvsid=3081681150647098&tmod=667205178&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7ConepEr%7C&abl=CS&pfx=0&fu=32768&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=4&uci=a!4&fsb=1&dtd=240
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:bdf::45 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: 3921a1b162dfde77a136eb59baeab096961820fe6a881d0e66a5b125792dd334

Request headers

Referer: https://googleads.g.doubleclick.net/
Origin: https://googleads.g.doubleclick.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
date: Thu, 14 Dec 2023 23:01:19 GMT
content-encoding: br
last-modified: Tue, 12 Dec 2023 23:02:54 GMT
vary: Accept-Encoding
x-azure-ref: 20231214T230119Z-rtbdbkg1ah2kr93wvkavdk152s00000006bg000000006s7k
content-type: application/javascript
access-control-allow-origin: *
x-ms-request-id: 0063b020-101e-0016-0250-2d2090000000
cache-control: private, max-age=3600
x-cache: TCP_HIT
x-ms-version: 2009-09-19

GET
H/1.1 200
OK trk.js Show response
cdn.adnxs.com/v/s/240/ Frame 541B 80 KB
27 KB 51ms
15ms Script
application/x-javascript 184.30.16.183
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.adnxs.com/v/s/240/trk.js
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2575916601382163&output=html&h=90&slotname=4967845940&adk=2824991640&adf=3631225521&pi=t.ma~as.4967845940&w=728&lmt=1702594879&format=728x90&url=https%3A%2F%2Fwww.fifermods.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1702594879262&bpp=1&bdt=337&idt=237&shv=r20231207&mjsv=m202312070101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C728x90%2C728x90&nras=1&correlator=5814379461392&frm=20&pv=1&ga_vid=111540019.1702594879&ga_sid=1702594879&ga_hid=2004749650&ga_fc=0&u_tz=60&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C31079979%2C42532524%2C44785294%2C95320885&oid=2&pvsid=3081681150647098&tmod=667205178&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7ConepEr%7C&abl=CS&pfx=0&fu=32768&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=4&uci=a!4&fsb=1&dtd=240
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 184.30.16.183 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a184-30-16-183.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 519e50788224b3422c6e6b1cce48d5decb83eece248558b54e48f88491e48aa4

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

Date: Thu, 14 Dec 2023 23:01:19 GMT
Content-Encoding: gzip
Last-Modified: Wed, 15 Nov 2023 14:06:46 GMT
Server: AkamaiNetStorage
ETag: "ccac3ab7f323b8743d099010fcce15a4:1700057206.383562"
Vary: Accept-Encoding
Content-Type: application/x-javascript
Access-Control-Allow-Origin: *
Cache-Control: max-age=31536000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 27680
Expires: Fri, 13 Dec 2024 23:01:19 GMT

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231207/r20110914/client/ Frame 541B 3 KB
1 KB 24ms
12ms Script
text/javascript 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231207/r20110914/client/window_focus_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2575916601382163&output=html&h=90&slotname=4967845940&adk=2824991640&adf=3631225521&pi=t.ma~as.4967845940&w=728&lmt=1702594879&format=728x90&url=https%3A%2F%2Fwww.fifermods.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1702594879262&bpp=1&bdt=337&idt=237&shv=r20231207&mjsv=m202312070101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C728x90%2C728x90&nras=1&correlator=5814379461392&frm=20&pv=1&ga_vid=111540019.1702594879&ga_sid=1702594879&ga_hid=2004749650&ga_fc=0&u_tz=60&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C31079979%2C42532524%2C44785294%2C95320885&oid=2&pvsid=3081681150647098&tmod=667205178&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7ConepEr%7C&abl=CS&pfx=0&fu=32768&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=4&uci=a!4&fsb=1&dtd=240

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 14 Dec 2023 08:48:30 GMT
content-encoding: br
x-content-type-options: nosniff
age: 51169
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 28 Dec 2023 08:48:30 GMT

GET
H2 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231207/r20110914/client/ Frame 541B 20 KB
9 KB 25ms
6ms Script
text/javascript 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231207/r20110914/client/qs_click_protection_fy2021.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8d6679c1ce1ac8605f5c410f30d1b06713479732043b75e81130cbe21b60e579

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 14 Dec 2023 01:54:19 GMT
content-encoding: br
x-content-type-options: nosniff
age: 76020
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8571
x-xss-protection: 0
server: cafe
etag: 5853369240893788875
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 28 Dec 2023 01:54:19 GMT

GET
H2 200 ufs_web_display.js Show response
www.googletagservices.com/activeview/js/current/ Frame 541B 203 KB
65 KB 57ms
28ms Script
text/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

566012676f5d43acfea4dc0bc5d9bb2c0805d8775fcdd081b1c895310956829a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 14 Dec 2023 23:01:19 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 65731
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1702472459035717"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 14 Dec 2023 23:01:19 GMT

GET
H2

200

rum
dsum-sec.casalemedia.com/ Frame A451
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEJSzsbemwos7f02XKktSP8M&google_cver=1

43 B
561 B

22ms
20ms

Image
image/gif

104.18.36.155
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEJSzsbemwos7f02XKktSP8M&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxj-rbvGATAB&v=APEucNVTXdu-KlEIKsUQeoXUZusq3HboeXXEnQZvIWIqFcl0r5Ciw4KXFAMZ5S-PKdCml9fK01xQB5UzRqPhQVzpDRKgHV9lIWxxAF-U7Be6NBbnOz7QueErk9cfwQ2CUjxeRtfLA5VR_F-hHQwc2naEE5TOPu0PieeXqDkHpZHtH44lmqHh8Yc
Protocol: H2
Server: 104.18.36.155 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 14 Dec 2023 23:01:20 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2F7q%2FnvNsFDPKs7YVYr71IukOzGdPhVUj62WYElMW70MfoTh0pR73cBkj2shU4GxGwWu8Hlh9ysVN48lpczE%2FQBy4L3Gfh%2FOGIu4yV1LNkFiHtrlIFYvACbagvQ%2FsW6FPNvf6aENZLHklIA%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type: image/gif
cache-control: no-cache
cf-ray: 835a11703e1d1c9b-FRA
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

pragma: no-cache
date: Thu, 14 Dec 2023 23:01:20 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEJSzsbemwos7f02XKktSP8M&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

rum
dsum-sec.casalemedia.com/ Frame A451
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZXuJPyWG6jtAxPreJfweIQAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEJSzsbemwos7f02XKktSP8M&google_cver=1

43 B
767 B

27ms
27ms

Image
image/gif

104.18.36.155
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEJSzsbemwos7f02XKktSP8M&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxj-rbvGATAB&v=APEucNVTXdu-KlEIKsUQeoXUZusq3HboeXXEnQZvIWIqFcl0r5Ciw4KXFAMZ5S-PKdCml9fK01xQB5UzRqPhQVzpDRKgHV9lIWxxAF-U7Be6NBbnOz7QueErk9cfwQ2CUjxeRtfLA5VR_F-hHQwc2naEE5TOPu0PieeXqDkHpZHtH44lmqHh8Yc
Protocol: H3
Server: 104.18.36.155 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 14 Dec 2023 23:01:20 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=z4fRcVl0y8VBWgf%2FdGgoQGxtDSCH7Yt8y8ZPXTuhMxXc5pB2xoHOLaDtx2oy9XLiefX4LD6Gh41mjc%2FubwLEi5qKA0KP%2FyYKJmQ53kcgZsJFqcjR54NqIvNegHSacbHGVcZ2frCOfZ6Kag%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type: image/gif
cache-control: no-cache
cf-ray: 835a1170bab41c60-FRA
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

pragma: no-cache
date: Thu, 14 Dec 2023 23:01:20 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEJSzsbemwos7f02XKktSP8M&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

setuid
ib.adnxs.com/ Frame A451
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESELd63qdH9mGBtsmuFdsI43Y&google_cver=1

43 B
841 B

26ms
25ms

Image
image/gif

185.89.210.141
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/setuid?entity=101&code=CAESELd63qdH9mGBtsmuFdsI43Y&google_cver=1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxj-rbvGATAB&v=APEucNVTXdu-KlEIKsUQeoXUZusq3HboeXXEnQZvIWIqFcl0r5Ciw4KXFAMZ5S-PKdCml9fK01xQB5UzRqPhQVzpDRKgHV9lIWxxAF-U7Be6NBbnOz7QueErk9cfwQ2CUjxeRtfLA5VR_F-hHQwc2naEE5TOPu0PieeXqDkHpZHtH44lmqHh8Yc

Protocol

Server

185.89.210.141 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

950.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

Software

nginx/1.23.4 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 14 Dec 2023 23:01:20 GMT
an-x-request-uuid: 8deccd8e-db30-4e31-bfd9-232194ec413d
server: nginx/1.23.4
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: image/gif
cache-control: no-store, no-cache, private
x-proxy-origin: 80.255.10.201; 80.255.10.201; 950.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
content-length: 43
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 14 Dec 2023 23:01:20 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://ib.adnxs.com/setuid?entity=101&code=CAESELd63qdH9mGBtsmuFdsI43Y&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 290
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

pixel
cm.g.doubleclick.net/ Frame A451
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=ODYzNTQ2MDA4MzQwOTI4NjM5MA%3D%3D

170 B
243 B

30ms
30ms

Image
image/png

142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=ODYzNTQ2MDA4MzQwOTI4NjM5MA%3D%3D

Requested by

Protocol

Server

142.250.184.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 14 Dec 2023 23:01:20 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 14 Dec 2023 23:01:20 GMT
an-x-request-uuid: 5176d856-1377-4ea7-a4e0-221873e1c2d7
server: nginx/1.23.4
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: text/html; charset=utf-8
access-control-allow-origin: *
cache-control: no-store, no-cache, private
access-control-allow-credentials: true
location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=ODYzNTQ2MDA4MzQwOTI4NjM5MA%3D%3D
x-proxy-origin: 80.255.10.201; 80.255.10.201; 950.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
content-length: 0
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 164E 0
20 B 41ms
41ms Ping
image/gif 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=running&ord=5736568980705&version=m202309260101

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 14 Dec 2023 23:01:19 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 164E 0
20 B 41ms
41ms Ping
image/gif 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tlbr&ord=5736568980705&version=m202309260101&ct=77&x=1&cor=9980805915513240000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 14 Dec 2023 23:01:19 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 164E 20 KB
13 KB 58ms
58ms Script
text/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-B5LAX4zdbGR5Cs_d98YIKbTu4GEXVb9-SXyXmaJoE3x7aYKsHkadgrcipTspgsBw5jNhg9b644yqlh5TAxCQ-gRKx_ioPqdQeWeIf5OB1htvEtGGIsDxtytUVlmCWiXRJrNjr9ljyxm7_sns-kiAiB0BYuDWUdY7rQSwagDQ7japOjhOA&cry=1&dbm_d=AKAmf-B1n-SyDKqn4SUTcRwfREVD74DJcIf8LHTjg-QUQctFJGA_nkkyBJDQbwqBvvfpAhEci-j3Lp24ShzDHitDVb0HdbHGnCHOLVNCqf1HT77WRs7vIewyvNSR6mBx6iOa-d9bgydk8HeYAq9PmdjZsEVz2SRjZX63CoTQLgcSxPEPUHXfNhWrb-1Jg8qKeHANL6aGf6vEKT1HTcBONY0P7hfnQ0r19LzpqN2m0TkzZuI4lgCMs_MEgpiRwLPDhU2tLw95-q4xXEEpqV7GG22isdOYjeeegv8V1OeeSo0jNjsuEKp5t2zPjxCjHfvGyvya6bcqAU0_lMXQIqDAvfqpsrAo3ArI_CdPtHiqfnhw6N2CtnDSeEcIcj-lcMbCd_VU-TEwr4UDf8Er3pecDf7wk0ng8Qb80JWoVr928ndxGK_SSz3J6KpYDI40HtgBofzeXnY-2Hz_Z-6uA61v-z9VJGdZ5WSErXNMjx6LNUO4P7m7JDrZJ9882HJ9xNdLgnt_lPx0qL7bTT8rOX9Fkn3w5EHdHpMQyo1IESTkE9x8fEcEtXVv487Y_aZyV7atp2R297Ew1-5K0Z3MRDUYMsT8xKZKZNe8q06b7AZq8KbXk60AKmhabiZnl1AoV71z7hNYUmChsZMG7E0eMKVYqqL8N5iHkbgmUxcLDfntCHA6C8Bx4A-gIQUX05xgUqy2h-PJzVcVe921aTVM9OclHM1dnAIL1j6kO1ULK63-dop2z-go4HhOmfMwR73t_698Lejz6ZcTCliI87MPIrQyBwr08ibaiyo9Upp4YP39PsTbcCxVcHTFQLjiwm2nYXoAUQLmTaSvGiDlgYl4ADKQhweGiKiAHMtHIblbCuTC3YQfRFTYiJbCEwSFzq7Xtu9leC82S1gCgeTkBl3ZTUNA4zhMBH4nCzcxQxAW6vc3NDWddlga764dDFCpfvYwmAo5owox9b0cnkB1vKfObut6VkcdeN9uPk2837NjyVEo8zgC18bfNruq1NbLQfyOYCU27UT0mk4qXULOLZAzEd71A_pFWgTYY6Gfr1H1hAHK-g5sa-oAb8XFw-fdFTAHWlR-aUSqjQ5GcvW2DOqL6WTmTS53l3nfLahDMDo748fVeMcCJNlfdxfy_uaVI4U9dOThCvnzqIpEAIa6clU3hArdRiYhcLa9hOAbW9vQw5snpX2fXoiN2H8MJ8tRIpfKpgl0thHH5d52mI5rZphpokXCZTE3i33StuhzfNBn1p5aWSYWKtiuHwCk_mtSK2KjkFtghdybKAejxMNuUo7XzeoYReGgjMDfz2Xk1Tefpk1Rsgrw4l-0H93XpiWccGB6UqP9UsmtxFVnfi3PO_xX8RQBJrr8VyBVINh2SuXh6_hP32T7XvY0RlEujkq1rEV0SAclZKBtXDgHrqT5t5LPPNEcaKKWtbvW2ZrpGzXPn1z7eyLxioAnI7qHNUmUVLsTfl6ikVkeBFY8U0lB_fUI-oHKGeFudbt4G0crH4Knf5VP_90HCYeYpp49DdWseGRdP1TWsV7MWoHo9bBhfURff7uT_USUroEhlCHD0H55DNBER01vvnj-VxHAQD5J037eNY8pvFhcGyLwaTaz90qcTuV38JfoG6Ir0xTReZa83YlQ5HPjRHqWYJIUn8gAmrxloIjw0_1T_JcczSdwKcVypG3xThb6UnSCLyU3x1m307PINh-1A0ooUnX9OyAISKyBaIP43hwvMotyqKXU-SIM9ui171EywwOQJ5vfbIRpk0zKN7RdVCPMXwegkYEgFXfRiAX5jPTfXx4w2ZLiv8e5E-ThhHW6D5Cq8zYyOkflr69z--8VBtu_mo9854_WX9YFHwW55SxPJOSMT-uar5jGdN3DG__p4zdFTCrpNPq3-PdWxstn7HHK4eww-Po7Zl9jBVoE5gBjEDo-R9JaG6njxbSrq_o0RzkL5bU_2pnLGzF2jlDp5RfgR-iqHYtaLZ8zwmEJrdBsrUUcr2Z7D_FLj3nZhV2AGSMpyjd4D168fEOkwyVat62eTR89HyRXTEAG4ZULjj_p0jACuIr_5VwzCyjd3ZMzpDm3IzuOagNTqX_6W7ybbAE5kSqT0pSdf-CBxLgYeEEFmV0UNIIuAD1CmsG6hmKxsv55-36JaFK1MI3qAIbesiBgt00cThdeJ9W9-tD3yFcfoQVlxwJlF8UPXtjnFvGd2G4wu0Wndyx_vhGg4vbsn7LFsw_sEW-cogpTCS3LiA63-ecpBPDAg0_bAYPFtWAwJnrK51jppYNtu0vgG4ggxbkml7E4nLpbKKE9Pt7SbHKvzifaFp8Iwo_tDn8l1mPE49MsSqqGdWn3LBc4I18xSfs2AamA0gJ57YW8oxKItUS7-tKse9voj2DI9BDZkpeov8VSqqJIK-Qc66iekz0i-Dd8fUxO32damwDYB4nzmD9P9ExZZuUnST1bDu9am4pFeBosGm6_TEXEns0nS15FQEoGSoyWqVM3A0_K1sw1Ar-CLi7P0y3s2DmQjQHPG6qJ6zL5ZI46mBoj7_2pUvHTsaJGOvcTdEAQKTpBqrvE3H9MI7huOCsOF7_V8LoDNtxkdnrgxasTehDXHIF8IvshAm-qboiZpaISREzLsc4KPruroPMZ45EjannOjFknQAU0U3LKyAa_F3Otd9P4sCVmeS6_t6W4qVZqsHthEC-CzoDX-9BKrBR4Bg9uKQLhSrIHVO6_j5d8_7Km1ufnhocPQQRpfJC8Tfn2B7v3xGGKxHE5YsLZNTpH1bZ0RubthNv2zgoS7Gs2p_3_hLJeZh9aqWEAYtE1jUTC-FQDOitHJF7aXPpP9llAnRr9gYVl3NS_xnUgBfLTL0_hf1Mxa_a02CCmHJIBaPMcZplpBzDrWov-7ctOxUYWhY46AntVNI7gwXmudluyqMB1f9PLFIwUqHUcZ3Yj3plwC3Nd7q7xsIMcfdkWsWlpxs2W0JHc6Q8FqbCTbpB4Sv9qUkqdTeYCdvwKGKWkIBv5btYZPeypDri8GlQPP-vLvFQ_zRhlExRAGpAv3DRlyhhxlmBl0nKitqJ75vSMSq35dmUCrWgrfHkfhmIN7MsLtu4kUIvBbLnZ6PKRSexu1NTaSSNOQxv7MhwNXRJvRR8B4QHyDg032qAEs5-VyNr2POn2925XuJrDQIxYN0UsLqbzdFOG700ic6vcMzVqCOxnCqES9C7FCiYs0BjIGh0aFBAImT-vqSCieXEpDLzuxIf67QEc48MoBY9aoaFwnpgddLb1k2GE06LD7jJic3tEpsMmKPHajFmN7bkbiC--wWXmStdW5RJ03SK_wY93vy01e5g95KvWlUVmIfdpncdrwu0zNGs3WCatTJj-sbClWKlrqPuYFMxrZjun4n9lFOcZJXk4oiZ6U1vnTkAED3hXQ6XjdPDzaHlPVpTVEgM8R_3PwAbrv6VzWdEOIhDIjete2ZE4SdffoT53amF3YMwnHMgEYAKEzCUsA-cD5SIdDOWIVWttydJZf3h6Tq7WUP0JwswhS2IXQVUnX5Lb6rJBWdO5IISFJSpoD4I1BpKbgc5gy26LMobowRrndajIawhabXq3oyELkF2M7wvdTmxhx1ROjvUwXSGxonNAQ1_JRgK2ORLOObC1TllxyvV_Viglk3pFxEBQbphU6uh9Mo9dJSD5cNb88DSkGC5ULg0CSbc2_v95AEGCyNKHfmo9kpaN6ql66rYMEcfkzsYSR9MhOQ9_AgpiBZXGbUJL-uabcCaWpGfGDaV1Slp05OWbybVhEQVJTAOlEoV9hA1U3F8-&cid=CAQSTgAvHhf_jRNwqmYwMOxLIS4Raw0YccVbGsumxbcSWYJRnxngVWaka4pOXGKynffJY-TYuTOJ-F5sEDWjuMjPVuaZEl5gGHeDn4oxeYsFxBgB&dv3_ver=m202309260101&rfl=https%3A%2F%2Fwww.fifermods.com%2F&ds=l&xdt=1&iif=1&cor=9980805915513240000&adk=2228999114&idt=60&cac=0&dtd=17

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

275a61ee0bc9b862bf73be7288be91e9138b55d431d6da06f5085c7f2a8a9e9f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2575916601382163&output=html&h=90&slotname=8687599108&adk=527282194&adf=2440769997&pi=t.ma~as.8687599108&w=728&lmt=1702594879&format=728x90&url=https%3A%2F%2Fwww.fifermods.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1702594879262&bpp=1&bdt=337&idt=235&shv=r20231207&mjsv=m202312070101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C728x90&nras=1&correlator=5814379461392&frm=20&pv=1&ga_vid=111540019.1702594879&ga_sid=1702594879&ga_hid=2004749650&ga_fc=0&u_tz=60&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=436&ady=3411&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C31079979%2C42532524%2C44785294%2C95320885&oid=2&pvsid=3081681150647098&tmod=667205178&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=3&uci=a!3&btvi=1&fsb=1&dtd=236
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 14 Dec 2023 23:01:19 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13760
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 load_preloaded_resource_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231207/r20110914/client/ Frame 2F2A 2 KB
875 B 9ms
8ms Script
text/javascript 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231207/r20110914/client/load_preloaded_resource_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2575916601382163&output=html&h=90&slotname=1583562955&adk=1609618297&adf=3610118697&pi=t.ma~as.1583562955&w=728&lmt=1702594879&format=728x90&url=https%3A%2F%2Fwww.fifermods.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1702594879260&bpp=1&bdt=335&idt=234&shv=r20231207&mjsv=m202312070101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=5814379461392&frm=20&pv=1&ga_vid=111540019.1702594879&ga_sid=1702594879&ga_hid=2004749650&ga_fc=0&u_tz=60&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=436&ady=635&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C31079979%2C42532524%2C44785294%2C95320885&oid=2&pvsid=3081681150647098&tmod=667205178&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeE%7C&abl=CS&pfx=0&fu=0&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=a!2&fsb=1&dtd=236

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

41d2526e9c4595fc1fc747555bda18a041033a863a9b2ed180e7b5836918facd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 14 Dec 2023 01:54:19 GMT
content-encoding: br
x-content-type-options: nosniff
age: 76021
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 795
x-xss-protection: 0
server: cafe
etag: 4925184154378345226
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 28 Dec 2023 01:54:19 GMT

GET
H2 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231207/r20110914/ Frame 2F2A 24 KB
9 KB 9ms
8ms Script
text/javascript 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231207/r20110914/abg_lite_fy2021.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c8fffb0b438b7f9403ccd47fddc2de355f2f685fe2f59ac9d4c15f82854d79b1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 14 Dec 2023 23:00:17 GMT
content-encoding: br
x-content-type-options: nosniff
age: 63
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9318
x-xss-protection: 0
server: cafe
etag: 3562968281324141506
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 28 Dec 2023 23:00:17 GMT

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231207/r20110914/client/ Frame 2F2A 3 KB
1 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231207/r20110914/client/window_focus_fy2021.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 14 Dec 2023 08:48:30 GMT
content-encoding: br
x-content-type-options: nosniff
age: 51170
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 28 Dec 2023 08:48:30 GMT

GET
H2 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231207/r20110914/client/ Frame 2F2A 20 KB
8 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231207/r20110914/client/qs_click_protection_fy2021.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8d6679c1ce1ac8605f5c410f30d1b06713479732043b75e81130cbe21b60e579

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 14 Dec 2023 01:54:19 GMT
content-encoding: br
x-content-type-options: nosniff
age: 76021
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8571
x-xss-protection: 0
server: cafe
etag: 5853369240893788875
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 28 Dec 2023 01:54:19 GMT

GET
H2 200 ufs_web_display.js Show response
www.googletagservices.com/activeview/js/current/ Frame 2F2A 203 KB
64 KB 76ms
75ms Script
text/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

566012676f5d43acfea4dc0bc5d9bb2c0805d8775fcdd081b1c895310956829a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 14 Dec 2023 23:01:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 65731
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1702472459035717"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 14 Dec 2023 23:01:20 GMT

GET
H2 200 f9d9b65dbd646119ce96bad0f484d579.js Show response
www.gstatic.com/mysidia/ Frame 2F2A 37 KB
16 KB 40ms
7ms Script
text/javascript 2a00:1450:4001:831::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/f9d9b65dbd646119ce96bad0f484d579.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

457852000f1b85c1d570224fe5aaacc709625fc3bff458ad4e8a35420d21843d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Mon, 11 Dec 2023 13:56:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 291877
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15460
x-xss-protection: 0
last-modified: Thu, 07 Dec 2023 22:13:01 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Sun, 10 Mar 2024 13:56:43 GMT

GET
H2 200 Q12zgMmT.js Show response
tpc.googlesyndication.com/sodar/ Frame 164E 41 KB
14 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Q12zgMmT.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-B5LAX4zdbGR5Cs_d98YIKbTu4GEXVb9-SXyXmaJoE3x7aYKsHkadgrcipTspgsBw5jNhg9b644yqlh5TAxCQ-gRKx_ioPqdQeWeIf5OB1htvEtGGIsDxtytUVlmCWiXRJrNjr9ljyxm7_sns-kiAiB0BYuDWUdY7rQSwagDQ7japOjhOA&cry=1&dbm_d=AKAmf-B1n-SyDKqn4SUTcRwfREVD74DJcIf8LHTjg-QUQctFJGA_nkkyBJDQbwqBvvfpAhEci-j3Lp24ShzDHitDVb0HdbHGnCHOLVNCqf1HT77WRs7vIewyvNSR6mBx6iOa-d9bgydk8HeYAq9PmdjZsEVz2SRjZX63CoTQLgcSxPEPUHXfNhWrb-1Jg8qKeHANL6aGf6vEKT1HTcBONY0P7hfnQ0r19LzpqN2m0TkzZuI4lgCMs_MEgpiRwLPDhU2tLw95-q4xXEEpqV7GG22isdOYjeeegv8V1OeeSo0jNjsuEKp5t2zPjxCjHfvGyvya6bcqAU0_lMXQIqDAvfqpsrAo3ArI_CdPtHiqfnhw6N2CtnDSeEcIcj-lcMbCd_VU-TEwr4UDf8Er3pecDf7wk0ng8Qb80JWoVr928ndxGK_SSz3J6KpYDI40HtgBofzeXnY-2Hz_Z-6uA61v-z9VJGdZ5WSErXNMjx6LNUO4P7m7JDrZJ9882HJ9xNdLgnt_lPx0qL7bTT8rOX9Fkn3w5EHdHpMQyo1IESTkE9x8fEcEtXVv487Y_aZyV7atp2R297Ew1-5K0Z3MRDUYMsT8xKZKZNe8q06b7AZq8KbXk60AKmhabiZnl1AoV71z7hNYUmChsZMG7E0eMKVYqqL8N5iHkbgmUxcLDfntCHA6C8Bx4A-gIQUX05xgUqy2h-PJzVcVe921aTVM9OclHM1dnAIL1j6kO1ULK63-dop2z-go4HhOmfMwR73t_698Lejz6ZcTCliI87MPIrQyBwr08ibaiyo9Upp4YP39PsTbcCxVcHTFQLjiwm2nYXoAUQLmTaSvGiDlgYl4ADKQhweGiKiAHMtHIblbCuTC3YQfRFTYiJbCEwSFzq7Xtu9leC82S1gCgeTkBl3ZTUNA4zhMBH4nCzcxQxAW6vc3NDWddlga764dDFCpfvYwmAo5owox9b0cnkB1vKfObut6VkcdeN9uPk2837NjyVEo8zgC18bfNruq1NbLQfyOYCU27UT0mk4qXULOLZAzEd71A_pFWgTYY6Gfr1H1hAHK-g5sa-oAb8XFw-fdFTAHWlR-aUSqjQ5GcvW2DOqL6WTmTS53l3nfLahDMDo748fVeMcCJNlfdxfy_uaVI4U9dOThCvnzqIpEAIa6clU3hArdRiYhcLa9hOAbW9vQw5snpX2fXoiN2H8MJ8tRIpfKpgl0thHH5d52mI5rZphpokXCZTE3i33StuhzfNBn1p5aWSYWKtiuHwCk_mtSK2KjkFtghdybKAejxMNuUo7XzeoYReGgjMDfz2Xk1Tefpk1Rsgrw4l-0H93XpiWccGB6UqP9UsmtxFVnfi3PO_xX8RQBJrr8VyBVINh2SuXh6_hP32T7XvY0RlEujkq1rEV0SAclZKBtXDgHrqT5t5LPPNEcaKKWtbvW2ZrpGzXPn1z7eyLxioAnI7qHNUmUVLsTfl6ikVkeBFY8U0lB_fUI-oHKGeFudbt4G0crH4Knf5VP_90HCYeYpp49DdWseGRdP1TWsV7MWoHo9bBhfURff7uT_USUroEhlCHD0H55DNBER01vvnj-VxHAQD5J037eNY8pvFhcGyLwaTaz90qcTuV38JfoG6Ir0xTReZa83YlQ5HPjRHqWYJIUn8gAmrxloIjw0_1T_JcczSdwKcVypG3xThb6UnSCLyU3x1m307PINh-1A0ooUnX9OyAISKyBaIP43hwvMotyqKXU-SIM9ui171EywwOQJ5vfbIRpk0zKN7RdVCPMXwegkYEgFXfRiAX5jPTfXx4w2ZLiv8e5E-ThhHW6D5Cq8zYyOkflr69z--8VBtu_mo9854_WX9YFHwW55SxPJOSMT-uar5jGdN3DG__p4zdFTCrpNPq3-PdWxstn7HHK4eww-Po7Zl9jBVoE5gBjEDo-R9JaG6njxbSrq_o0RzkL5bU_2pnLGzF2jlDp5RfgR-iqHYtaLZ8zwmEJrdBsrUUcr2Z7D_FLj3nZhV2AGSMpyjd4D168fEOkwyVat62eTR89HyRXTEAG4ZULjj_p0jACuIr_5VwzCyjd3ZMzpDm3IzuOagNTqX_6W7ybbAE5kSqT0pSdf-CBxLgYeEEFmV0UNIIuAD1CmsG6hmKxsv55-36JaFK1MI3qAIbesiBgt00cThdeJ9W9-tD3yFcfoQVlxwJlF8UPXtjnFvGd2G4wu0Wndyx_vhGg4vbsn7LFsw_sEW-cogpTCS3LiA63-ecpBPDAg0_bAYPFtWAwJnrK51jppYNtu0vgG4ggxbkml7E4nLpbKKE9Pt7SbHKvzifaFp8Iwo_tDn8l1mPE49MsSqqGdWn3LBc4I18xSfs2AamA0gJ57YW8oxKItUS7-tKse9voj2DI9BDZkpeov8VSqqJIK-Qc66iekz0i-Dd8fUxO32damwDYB4nzmD9P9ExZZuUnST1bDu9am4pFeBosGm6_TEXEns0nS15FQEoGSoyWqVM3A0_K1sw1Ar-CLi7P0y3s2DmQjQHPG6qJ6zL5ZI46mBoj7_2pUvHTsaJGOvcTdEAQKTpBqrvE3H9MI7huOCsOF7_V8LoDNtxkdnrgxasTehDXHIF8IvshAm-qboiZpaISREzLsc4KPruroPMZ45EjannOjFknQAU0U3LKyAa_F3Otd9P4sCVmeS6_t6W4qVZqsHthEC-CzoDX-9BKrBR4Bg9uKQLhSrIHVO6_j5d8_7Km1ufnhocPQQRpfJC8Tfn2B7v3xGGKxHE5YsLZNTpH1bZ0RubthNv2zgoS7Gs2p_3_hLJeZh9aqWEAYtE1jUTC-FQDOitHJF7aXPpP9llAnRr9gYVl3NS_xnUgBfLTL0_hf1Mxa_a02CCmHJIBaPMcZplpBzDrWov-7ctOxUYWhY46AntVNI7gwXmudluyqMB1f9PLFIwUqHUcZ3Yj3plwC3Nd7q7xsIMcfdkWsWlpxs2W0JHc6Q8FqbCTbpB4Sv9qUkqdTeYCdvwKGKWkIBv5btYZPeypDri8GlQPP-vLvFQ_zRhlExRAGpAv3DRlyhhxlmBl0nKitqJ75vSMSq35dmUCrWgrfHkfhmIN7MsLtu4kUIvBbLnZ6PKRSexu1NTaSSNOQxv7MhwNXRJvRR8B4QHyDg032qAEs5-VyNr2POn2925XuJrDQIxYN0UsLqbzdFOG700ic6vcMzVqCOxnCqES9C7FCiYs0BjIGh0aFBAImT-vqSCieXEpDLzuxIf67QEc48MoBY9aoaFwnpgddLb1k2GE06LD7jJic3tEpsMmKPHajFmN7bkbiC--wWXmStdW5RJ03SK_wY93vy01e5g95KvWlUVmIfdpncdrwu0zNGs3WCatTJj-sbClWKlrqPuYFMxrZjun4n9lFOcZJXk4oiZ6U1vnTkAED3hXQ6XjdPDzaHlPVpTVEgM8R_3PwAbrv6VzWdEOIhDIjete2ZE4SdffoT53amF3YMwnHMgEYAKEzCUsA-cD5SIdDOWIVWttydJZf3h6Tq7WUP0JwswhS2IXQVUnX5Lb6rJBWdO5IISFJSpoD4I1BpKbgc5gy26LMobowRrndajIawhabXq3oyELkF2M7wvdTmxhx1ROjvUwXSGxonNAQ1_JRgK2ORLOObC1TllxyvV_Viglk3pFxEBQbphU6uh9Mo9dJSD5cNb88DSkGC5ULg0CSbc2_v95AEGCyNKHfmo9kpaN6ql66rYMEcfkzsYSR9MhOQ9_AgpiBZXGbUJL-uabcCaWpGfGDaV1Slp05OWbybVhEQVJTAOlEoV9hA1U3F8-&cid=CAQSTgAvHhf_jRNwqmYwMOxLIS4Raw0YccVbGsumxbcSWYJRnxngVWaka4pOXGKynffJY-TYuTOJ-F5sEDWjuMjPVuaZEl5gGHeDn4oxeYsFxBgB&dv3_ver=m202309260101&rfl=https%3A%2F%2Fwww.fifermods.com%2F&ds=l&xdt=1&iif=1&cor=9980805915513240000&adk=2228999114&idt=60&cac=0&dtd=17

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

435db380c9936c0970dcd3d9941eab6aec2fcf2a38c3e2b4e02d957e8e76bd1f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Fri, 08 Dec 2023 18:05:08 GMT
content-encoding: br
x-content-type-options: nosniff
age: 536172
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13937
x-xss-protection: 0
last-modified: Fri, 25 Aug 2023 23:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 07 Dec 2024 18:05:08 GMT

GET
H2 200 attribution_src_register;crd=cXVlcnlfZXZlbnRfaWQgewogIHRpbWVfdXNlYzogMTcwMjU5NDg3OTk5NTk0NwogIHNlcnZlcl9pcDogMTI2MDY4MzE5CiAgcHJvY2Vzc19pZDogMjE5ODM5NDA3Nwp9CmZsb29kbGlnaHRfY29uZmlnX2lkOiAxMTg2ODk0...
ad.doubleclick.net/ddm/activity/ Frame 164E 0
949 B 103ms
45ms Image
image/png 172.217.16.134
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ad.doubleclick.net/ddm/activity/attribution_src_register;crd=cXVlcnlfZXZlbnRfaWQgewogIHRpbWVfdXNlYzogMTcwMjU5NDg3OTk5NTk0NwogIHNlcnZlcl9pcDogMTI2MDY4MzE5CiAgcHJvY2Vzc19pZDogMjE5ODM5NDA3Nwp9CmZsb29kbGlnaHRfY29uZmlnX2lkOiAxMTg2ODk0MwphZHZlcnRpc2VyX2RvbWFpbjogImh0dHBzOi8vcmVkaW50ZWxsaWdlbmNlLm5ldCIKeGZhX2F0dHJpYnV0aW9uX2ludGVyYWN0aW9uX3R5cGU6IFZJRVcKaW1wcmVzc2lvbl9wcmlvcml0eTogMAppbXByZXNzaW9uX2V4cGlyeV9pbl9kYXlzOiAzMApldmVudF9pbXByZXNzaW9uX2lkOiAxNDA0MDA5NTE2NDIxNjk3NjI2OApkZWJ1Z19rZXk6IDEwMzYyMjMzNjY3Mzc5Njk1NTgxCmltcHJlc3Npb25fbWVhc3VyZW1lbnRfZGltZW5zaW9uc19kYXRhIHsKICBtZWFzdXJlbWVudF9kaW1lbnNpb246IElNUFJFU1NJT05fRElNRU5TSU9OX1BST0RVQ1RfVFlQRQogIG1lYXN1cmVtZW50X2RpbWVuc2lvbl92YWx1ZSB7CiAgICBpbnQ2NF92YWx1ZTogMgogIH0KfQppbXByZXNzaW9uX21lYXN1cmVtZW50X2RpbWVuc2lvbnNfZGF0YSB7CiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uOiBJTVBSRVNTSU9OX0RJTUVOU0lPTl9JTlRFUkFDVElPTl9UWVBFCiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uX3ZhbHVlIHsKICAgIGludDY0X3ZhbHVlOiAzCiAgfQp9CmltcHJlc3Npb25fbWVhc3VyZW1lbnRfZGltZW5zaW9uc19kYXRhIHsKICBtZWFzdXJlbWVudF9kaW1lbnNpb246IElNUFJFU1NJT05fRElNRU5TSU9OX0lOVEVSQUNUSU9OX0RBVEUKICBtZWFzdXJlbWVudF9kaW1lbnNpb25fdmFsdWUgewogICAgc3RyaW5nX3ZhbHVlOiAiMjAyMy0xMi0xNCIKICB9Cn0KaW1wcmVzc2lvbl9tZWFzdXJlbWVudF9kaW1lbnNpb25zX2RhdGEgewogIG1lYXN1cmVtZW50X2RpbWVuc2lvbjogSU1QUkVTU0lPTl9ESU1FTlNJT05fRkxPT0RMSUdIVF9DT05GSUdfSUQKICBtZWFzdXJlbWVudF9kaW1lbnNpb25fdmFsdWUgewogICAgaW50NjRfdmFsdWU6IDExODY4OTQzCiAgfQp9CmltcHJlc3Npb25fbWVhc3VyZW1lbnRfZGltZW5zaW9uc19kYXRhIHsKICBtZWFzdXJlbWVudF9kaW1lbnNpb246IElNUFJFU1NJT05fRElNRU5TSU9OX0NPUkVfUExBVEZPUk1fU0VSVklDRQogIG1lYXN1cmVtZW50X2RpbWVuc2lvbl92YWx1ZSB7CiAgICBpbnQ2NF92YWx1ZTogMAogIH0KfQppbXByZXNzaW9uX21lYXN1cmVtZW50X2RpbWVuc2lvbnNfZGF0YSB7CiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uOiBJTVBSRVNTSU9OX0RJTUVOU0lPTl9QTEFURk9STV9UWVBFCiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uX3ZhbHVlIHsKICAgIGludDY0X3ZhbHVlOiAwCiAgfQp9CmltcHJlc3Npb25fbWVhc3VyZW1lbnRfZGltZW5zaW9uc19kYXRhIHsKICBtZWFzdXJlbWVudF9kaW1lbnNpb246IElNUFJFU1NJT05fRElNRU5TSU9OX1FVRVJZX0NPVU5UUlkKICBtZWFzdXJlbWVudF9kaW1lbnNpb25fdmFsdWUgewogICAgc3RyaW5nX3ZhbHVlOiAiVVMiCiAgfQp9CmltcHJlc3Npb25fbWVhc3VyZW1lbnRfZGltZW5zaW9uc19kYXRhIHsKICBtZWFzdXJlbWVudF9kaW1lbnNpb246IElNUFJFU1NJT05fRElNRU5TSU9OX1BMQUNFTUVOVF9JRAogIG1lYXN1cmVtZW50X2RpbWVuc2lvbl92YWx1ZSB7CiAgICBpbnQ2NF92YWx1ZTogMzMyMTc0ODQwCiAgfQp9CmltcHJlc3Npb25fbWVhc3VyZW1lbnRfZGltZW5zaW9uc19kYXRhIHsKICBtZWFzdXJlbWVudF9kaW1lbnNpb246IElNUFJFU1NJT05fRElNRU5TSU9OX0RWM19BRFZFUlRJU0VSX0lECiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uX3ZhbHVlIHsKICAgIGludDY0X3ZhbHVlOiA4NzgyNDM2OTYKICB9Cn0KaW1wcmVzc2lvbl9tZWFzdXJlbWVudF9kaW1lbnNpb25zX2RhdGEgewogIG1lYXN1cmVtZW50X2RpbWVuc2lvbjogSU1QUkVTU0lPTl9ESU1FTlNJT05fRFYzX0xJTkVfSVRFTV9JRAogIG1lYXN1cmVtZW50X2RpbWVuc2lvbl92YWx1ZSB7CiAgICBpbnQ2NF92YWx1ZTogMTY2NjAxNDIwNjMKICB9Cn0KaW1wcmVzc2lvbl9tZWFzdXJlbWVudF9kaW1lbnNpb25zX2RhdGEgewogIG1lYXN1cmVtZW50X2RpbWVuc2lvbjogSU1QUkVTU0lPTl9ESU1FTlNJT05fRFYzX0NSRUFUSVZFX0lECiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uX3ZhbHVlIHsKICAgIGludDY0X3ZhbHVlOiA0MTYyMDg2MzgKICB9Cn0KYXJjaGV0eXBlX2lkOiAxMgphcmNoZXR5cGVfaWQ6IDEzCmFyY2hldHlwZV9pZDogMTQKYXJjaGV0eXBlX2lkOiAxNQphZHZlcnRpc2VyX2NvbnZlcnNpb25fZG9tYWluczogImh0dHBzOi8vcmVkaW50ZWxsaWdlbmNlLm5ldCIKYWR2ZXJ0aXNlcl9jb252ZXJzaW9uX2RvbWFpbnM6ICJodHRwczovL2FkLXNydi5uZXQiCmFkdmVydGlzZXJfY29udmVyc2lvbl9kb21haW5zOiAiaHR0cHM6Ly9rbGljay13ZWx0LmRlIgppbXByZXNzaW9uX2V2ZW50X3JlcG9ydGluZ193aW5kb3dfZGF5czogNApicm93c2VyX2F0dHJpYnV0aW9uX2FwaV9yZXF1ZXN0X3Byb2Nlc3NpbmdfYml0czogNzM4MTk3NTA0Cg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.16.134 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s46-in-f6.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 14 Dec 2023 23:01:20 GMT
x-content-type-options: nosniff
attribution-reporting-register-source: {"aggregation_keys":{"12":"0xb70a329dd636f7600000000000000000","13":"0xaffdcaa075ba9e900000000000000000","14":"0x2cdb1bbfb5d28d560000000000000000","15":"0xf30bb58399720ec00000000000000000"},"debug_key":"10362233667379695581","debug_reporting":true,"destination":"https://redintelligence.net","event_report_window":"345600","expiry":"2592000","filter_data":{"14":[],"21":[],"8":["11868943"]},"priority":"0","source_event_id":"14040095164216976268"}
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-type: image/png
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 shopping
encrypted-tbn1.gstatic.com/ Frame 2F2A 48 KB
48 KB 86ms
19ms Image
image/jpeg 2a00:1450:4001:800::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://encrypted-tbn1.gstatic.com/shopping?q=tbn:ANd9GcQnqwPfYq5oRJxKYwpdmnDTlPTTk1w3BxJ8l5nXRotVT2dawkYue7a3-crPeg&usqp=CAI

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

440a52c7f8c40cf8196dcc996d579a4019f8b3fef72caf1020babe5340ceba6a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Mon, 11 Dec 2023 17:16:43 GMT
x-content-type-options: nosniff
age: 279877
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/images-tbn
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 49373
x-xss-protection: 0
last-modified: Tue, 02 Jan 2024 07:34:44 GMT
server: sffe
report-to: {"group":"images-tbn","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/images-tbn"}]}
content-type: image/jpeg
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="images-tbn"
expires: Tue, 10 Dec 2024 17:16:43 GMT

GET
H2 200 shopping
encrypted-tbn2.gstatic.com/ Frame 2F2A 16 KB
16 KB 73ms
13ms Image
image/jpeg 2a00:1450:4001:827::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://encrypted-tbn2.gstatic.com/shopping?q=tbn:ANd9GcQuEVG_HjYTMjdUS2psPHCy8vmvJrlf-ihPC4tguCzdPUZH86k3XoDiNT5pPA&usqp=CAI

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f34b55b0be7a5111fb8c3d796db990e4d58380266933877f02462626e9a997de

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Mon, 11 Dec 2023 20:44:21 GMT
x-content-type-options: nosniff
age: 267419
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/images-tbn
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 16383
x-xss-protection: 0
last-modified: Wed, 03 Jan 2024 02:04:56 GMT
server: sffe
report-to: {"group":"images-tbn","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/images-tbn"}]}
content-type: image/jpeg
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="images-tbn"
expires: Tue, 10 Dec 2024 20:44:21 GMT

GET
H2 200 shopping
encrypted-tbn1.gstatic.com/ Frame 2F2A 47 KB
48 KB 78ms
11ms Image
image/jpeg 2a00:1450:4001:800::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://encrypted-tbn1.gstatic.com/shopping?q=tbn:ANd9GcQXLR6gkAq2CCrNooXKql_UA7BlfSkMIYtCgg_SZMEgLoAbCwO-xjEEUvwV1g&usqp=CAI

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

69e20e35ff7caa51c8d49b110b24a5bbf07404e186d1fb5d97ab802e5705a14a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Tue, 12 Dec 2023 00:26:16 GMT
x-content-type-options: nosniff
age: 254104
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/images-tbn
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 48532
x-xss-protection: 0
last-modified: Wed, 03 Jan 2024 04:57:40 GMT
server: sffe
report-to: {"group":"images-tbn","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/images-tbn"}]}
content-type: image/jpeg
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="images-tbn"
expires: Wed, 11 Dec 2024 00:26:16 GMT

GET
H2 200 shopping
encrypted-tbn1.gstatic.com/ Frame 2F2A 15 KB
15 KB 76ms
9ms Image
image/jpeg 2a00:1450:4001:800::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://encrypted-tbn1.gstatic.com/shopping?q=tbn:ANd9GcQBosDkPZ4p5BDmbvryxQDdvys8qjFibt2kvTB8285A4hq35LnICnkLH1UrNw&usqp=CAI

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

792c45522c9f8bd4e4b3dd28f8531dbf65662f70b1585b857a6671b4189fce06

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Tue, 12 Dec 2023 09:00:06 GMT
x-content-type-options: nosniff
age: 223274
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/images-tbn
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15304
x-xss-protection: 0
last-modified: Fri, 05 Jan 2024 08:37:30 GMT
server: sffe
report-to: {"group":"images-tbn","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/images-tbn"}]}
content-type: image/jpeg
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="images-tbn"
expires: Wed, 11 Dec 2024 09:00:06 GMT

GET
H2 200 shopping
encrypted-tbn3.gstatic.com/ Frame 2F2A 14 KB
15 KB 67ms
7ms Image
image/jpeg 2a00:1450:4001:82f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://encrypted-tbn3.gstatic.com/shopping?q=tbn:ANd9GcQVjH5LIRXKgDAqEtGGUCoUIU0XZLNz7W9Aea12vdHu0s_SsJ_h3Z5u80_NUKc&usqp=CAI

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b6191750405e05bca87e1834edac86e604657dab290e8f40acf86bdf50247404

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Tue, 12 Dec 2023 04:27:04 GMT
x-content-type-options: nosniff
age: 239656
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/images-tbn
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14488
x-xss-protection: 0
last-modified: Tue, 06 Feb 2024 03:54:05 GMT
server: sffe
report-to: {"group":"images-tbn","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/images-tbn"}]}
content-type: image/jpeg
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="images-tbn"
expires: Wed, 11 Dec 2024 04:27:04 GMT

GET
H2 200 shopping
encrypted-tbn3.gstatic.com/ Frame 2F2A 39 KB
40 KB 71ms
10ms Image
image/jpeg 2a00:1450:4001:82f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://encrypted-tbn3.gstatic.com/shopping?q=tbn:ANd9GcRc1vLsTCkxlonpli0bq133beijDS5OTwdpSInwS4XeemmNUHoFiPb0IFpecA&usqp=CAI

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6711235ff8d4bbbd8fe7c1f1f3d687316fef5df78c18cf5e8cff350ca1f90f01

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Sat, 09 Dec 2023 01:59:21 GMT
x-content-type-options: nosniff
age: 507719
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/images-tbn
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 40354
x-xss-protection: 0
last-modified: Wed, 03 Jan 2024 04:18:00 GMT
server: sffe
report-to: {"group":"images-tbn","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/images-tbn"}]}
content-type: image/jpeg
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="images-tbn"
expires: Sun, 08 Dec 2024 01:59:21 GMT

GET
H2 200 shopping
encrypted-tbn2.gstatic.com/ Frame 2F2A 19 KB
20 KB 67ms
8ms Image
image/jpeg 2a00:1450:4001:827::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://encrypted-tbn2.gstatic.com/shopping?q=tbn:ANd9GcTVKVDDZaoN_VSady1kQkvE54ht2CFvv55Wu9Z3IJke-xU_nc9_mTS-mFJe5LM&usqp=CAI

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2d885e778582f9e0e394a0143c567a8e731e301050eab20967d36ad80b9acc2f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Wed, 13 Dec 2023 05:01:50 GMT
x-content-type-options: nosniff
age: 151170
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/images-tbn
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 19484
x-xss-protection: 0
last-modified: Sun, 16 Apr 2023 09:02:07 GMT
server: sffe
report-to: {"group":"images-tbn","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/images-tbn"}]}
content-type: image/jpeg
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="images-tbn"
expires: Thu, 12 Dec 2024 05:01:50 GMT

GET
H3

200

149948325527134548
tpc.googlesyndication.com/simgad/ Frame 2F2A
Redirect Chain

https://tpc.googlesyndication.com/pageadimg/imgad?id=CICAgKDrk57T4QEQ4QEY4QEyCOqNrdsqEJ6G
https://tpc.googlesyndication.com/simgad/149948325527134548

30 KB
30 KB

7ms
7ms

Image
image/png

2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/149948325527134548

Requested by

Protocol

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d13e591fad5d260884e97a194be69a72eac53978157b95a3f3238a7de511af92

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Mon, 11 Dec 2023 14:02:03 GMT
x-content-type-options: nosniff
age: 291557
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 30553
x-xss-protection: 0
last-modified: Wed, 06 Jun 2018 16:00:34 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Tue, 10 Dec 2024 14:02:03 GMT

Redirect headers

date: Thu, 14 Dec 2023 19:07:24 GMT
x-content-type-options: nosniff
server: cafe
age: 14036
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
location: https://tpc.googlesyndication.com/simgad/149948325527134548
content-type: text/html; charset=UTF-8
cache-control: public, max-age=2592000
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Sat, 13 Jan 2024 19:07:24 GMT

GET
H/1.1 200
OK g72h7lz2c4az Show response
hal9000.redintelligence.net/zone/ Frame 164E 11 KB
4 KB 28ms
8ms Script
text/html 144.76.91.199
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal9000.redintelligence.net/zone/g72h7lz2c4az?subid=&gdpr=&gdpr_consent=&rnd=1702594879524621&extVar[]=DV360_SSP:1&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCQS36P4l7Zc2CIMCI7_UP0KKP-A-m5b2gaYWVnKfJD_AuEAEgpJHiPGCVgoCAoAfIAQmpAtPqU3VdUrI-qAMByAObBKoE4gFP0BXxST-Xym3z6XrusableXxtAssUXdswrPYaxOhGDsRqR7u02fvW7fLzmtXfxIl5qD8FYot4dhIWnLi8tfrQ7bQHGnKaEHtvOSo4o8GJteFjpPHgmZEtxUrQLkkMmA_JFAmHg3j6ukvINETiqlxnSxKBKP-xUDoSzeKAC4STQbtCU6Pc-1tzVM4qQqhKjflDlXvd3FiajWe7YCx6T38hBck1xB0oHof0JbwtGk9YkBStLDa6rUhxZVr4hwAPa1Mky6OTu9ybo9zmFN5XOZWU7nJPEMxlnCHDpM7mlSc8Fy5VwATrj_yO9wPgBAOIBe-vlog-kAYBoAZNgAesrfWfA6gH2baxAqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB9XJG6gHpr4bqAeaBqgH89EbqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCB8IgOGAEBABGB8yAqoCOgKAQEi9_cE6WLf-9ZeEkIMDgAoBmAsByAsBgAwBogwgKh4KHOS0sQLutbECtbixAqy6sQLktLEC7rWxAru7sQKqDQJERbATh--xFdATANgTA4gUAdgUAdAVAfgWAYAXAbIYAyIBAA%26ae%3D1%26num%3D1%26cid%3DCAQSTgAvHhf_jRNwqmYwMOxLIS4Raw0YccVbGsumxbcSWYJRnxngVWaka4pOXGKynffJY-TYuTOJ-F5sEDWjuMjPVuaZEl5gGHeDn4oxeYsFxBgB%26sig%3DAOD64_3RBh85FqOqHxlXcrBbTDVoFlpc7g%26client%3Dca-pub-2575916601382163%26dbm_c%3DAKAmf-A6-4p1SB6WcXTAvpJFpF276_QJzTPmJD6t_uV2ul4q2v_cek4IDnXUPOPTwmjpSay_3AIn91xeA_C0qfO34PLPrHr25lknelhp8aLWUt4ic4YLcmI8DippWp9S1OUs7zmyUXk73p-Hvh5Lyi0an0vQFnv2dsHsGfKamUOjC4CsP0xQIt0%26cry%3D1%26dbm_d%3DAKAmf-C2EMMagdx_qoxcEqXtnaHu3vFuAaSD39OxDFLiqax_rohintsTGZFgmLqH0xF0szr8Pat7cLB1_-SRgzGuMRaaM-WWcfj7WtrMcEZ7WIrHxj79fTfikj2Z_rQSjdm6RJjScf691FudO2GJJY96WYVQu-vZ4ZWy3Svly0pPNopCTlRWHWpFRGyJevnMM04-R7SWP7w6shh3-ydGuIsmf539IkThVl28WGS2_-_DMUg3NZFKbwDUgWA5ZjTHdALdgU4r09gP2JxMkDowuLlbi1tuZcWZh3yfD93BRwSXi9noeR4MhhirLucrSSfNAm-TXi13UYq9D-aZQVC218wv3E1fEMcUpdEHRZyHHSEwxSy6TsUsa-lEsjDpcZKj0MPsWsFfsCvitrAdYouWiPvAtU-9APZXLY9d3VnyHa5E46y6AzOkiCewD6xsH3_1zDWyLNOpkACYEoXON7SeXKsfuzx9hMLCT9cCO0uiOyYltC_QoFF1thtZ2QOLK9O1Yn7JbyiL4Lrm%26adurl%3D
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2575916601382163&output=html&h=90&slotname=8687599108&adk=527282194&adf=2440769997&pi=t.ma~as.8687599108&w=728&lmt=1702594879&format=728x90&url=https%3A%2F%2Fwww.fifermods.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1702594879262&bpp=1&bdt=337&idt=235&shv=r20231207&mjsv=m202312070101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C728x90&nras=1&correlator=5814379461392&frm=20&pv=1&ga_vid=111540019.1702594879&ga_sid=1702594879&ga_hid=2004749650&ga_fc=0&u_tz=60&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=436&ady=3411&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C31079979%2C42532524%2C44785294%2C95320885&oid=2&pvsid=3081681150647098&tmod=667205178&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=3&uci=a!3&btvi=1&fsb=1&dtd=236
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 144.76.91.199 Dottingen, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.199.91.76.144.clients.your-server.de
Software: Apache /
Resource Hash: 0229545d814835a66f23831961cb83730008a0a3c36eba67bb29e47d8d509080

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

Date: Thu, 14 Dec 2023 23:01:20 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 4142
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8

GET
H2

200

c.gif
www.bing.com/aes/ Frame 541B
Redirect Chain

https://www.bing.com/api/v1/mediation/tracking?adUnit=391466&auId=4357d576-d96e-484f-b038-8c15e5683aeb&bidId=15000&bidderId=4&cmExpId=LV2&oAdUnit=391466&publisherId=162645330&rId=92783cf0-52b1-456d...
https://www.bing.com/aes/c.gif?DI=0&DIS=SB_15000-1-0?&RG=d59ac2bad3944bb7a93a788b51336b03&SNR=1&GV=2&med=10

0
546 B

45ms
45ms

Image
text/plain

2a02:26f0:3500:1b::1724:a38a
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.bing.com/aes/c.gif?DI=0&DIS=SB_15000-1-0?&RG=d59ac2bad3944bb7a93a788b51336b03&SNR=1&GV=2&med=10
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2575916601382163&output=html&h=90&slotname=4967845940&adk=2824991640&adf=3631225521&pi=t.ma~as.4967845940&w=728&lmt=1702594879&format=728x90&url=https%3A%2F%2Fwww.fifermods.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1702594879262&bpp=1&bdt=337&idt=237&shv=r20231207&mjsv=m202312070101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C728x90%2C728x90&nras=1&correlator=5814379461392&frm=20&pv=1&ga_vid=111540019.1702594879&ga_sid=1702594879&ga_hid=2004749650&ga_fc=0&u_tz=60&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C31079979%2C42532524%2C44785294%2C95320885&oid=2&pvsid=3081681150647098&tmod=667205178&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7ConepEr%7C&abl=CS&pfx=0&fu=32768&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=4&uci=a!4&fsb=1&dtd=240
Protocol: H2
Server: 2a02:26f0:3500:1b::1724:a38a Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 14 Dec 2023 23:01:20 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 35A25F1EF00B4C5887D82B38A9F17371 Ref B: FRA31EDGE0516 Ref C: 2023-12-14T23:01:20Z
x-cdn-traceid: 0.8aa12417.1702594880.3f78fbc6
vary: Origin
p3p: CP=BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo
cache-control: private,no-store
alt-svc: h3=":443"; ma=93600
content-length: 0

Redirect headers

pragma: no-cache
strict-transport-security: max-age=15724800; includeSubDomains
date: Thu, 14 Dec 2023 23:01:20 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: E50E0E4620E349A9B97FCD1647CC163F Ref B: DUS30EDGE0722 Ref C: 2023-12-14T23:01:20Z
x-cdn-traceid: 0.8aa12417.1702594880.3f78fb17
vary: Origin
content-type: text/html; charset=utf-8
location: https://www.bing.com/aes/c.gif?DI=0&DIS=SB_15000-1-0?&RG=d59ac2bad3944bb7a93a788b51336b03&SNR=1&GV=2&med=10
cache-control: no-cache, no-store, must-revalidate
alt-svc: h3=":443"; ma=93600
content-length: 154
expires: 0

GET
H2 200 th
www.bing.com/ Frame 541B 4 KB
4 KB 59ms
12ms Image
image/jpeg 2a02:26f0:3500:1b::1724:a38a
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.bing.com/th?id=OADD2.7559549965431_1LR2IVKQ21NQMXL767&pid=21.2&c=3&w=200&h=105&qlt=90
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2575916601382163&output=html&h=90&slotname=4967845940&adk=2824991640&adf=3631225521&pi=t.ma~as.4967845940&w=728&lmt=1702594879&format=728x90&url=https%3A%2F%2Fwww.fifermods.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1702594879262&bpp=1&bdt=337&idt=237&shv=r20231207&mjsv=m202312070101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C728x90%2C728x90&nras=1&correlator=5814379461392&frm=20&pv=1&ga_vid=111540019.1702594879&ga_sid=1702594879&ga_hid=2004749650&ga_fc=0&u_tz=60&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C31079979%2C42532524%2C44785294%2C95320885&oid=2&pvsid=3081681150647098&tmod=667205178&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7ConepEr%7C&abl=CS&pfx=0&fu=32768&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=4&uci=a!4&fsb=1&dtd=240
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:3500:1b::1724:a38a Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash: ede17d08b29ddd1979a03d59056c753f3c842924f1b2c89ae060aaabf05b6345

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 14 Dec 2023 23:01:20 GMT
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
x-cdn-traceid: 0.8aa12417.1702594880.3f78fb22
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
content-type: image/jpeg
cache-control: public, max-age=2592000
timing-allow-origin: *
access-control-allow-headers: *
content-length: 4083
alt-svc: h3=":443"; ma=93600

GET
H2 200 rd_log Show response
ams3-ib.adnxs.com/ Frame 541B 0
645 B 20ms
14ms Script
text/html 185.89.210.141
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ams3-ib.adnxs.com/rd_log?an_audit=0&referrer=https%3A%2F%2Fwww.fifermods.com&e=wqT_3QLtA-jtAQAAAwDWAAUBCL-S7qsGEPCIi5uimtabMhgAKjYJWYVacmFoyz8Rn7YwX5G3yj8ZAAAAIK5H6T8hnw0SACkRJAAxARvAheuxPzDb-KYDOLUBQLVeSOMDULqJirYBWMCxPWAAaJ-kVHjy8wWAAQGKAQNVU0SSAQEG8J-YAawCoAH6AagBAbABALgBAcABBcgBAtABANgBAOABAPABANgC8AbgAqKoMeoCGWh0dHBzOi8vd3d3LmZpZmVybW9kcy5jb22AAwCIAwGQAwCYAwmgAwGqAwDAA9gEyAMA2AMA4AMA6AMA-AMDgAQAkgQEL3VhcJgEAKgEALIEDAgAEAAYACAAMAA4ALgEAMAEAMgEANoEAggB4AQB8AS6AcFYiAUBmAUAoAXok87hxL3esRjABQDJBQAFARTwP9IFCQkFC3wAAADYBQHgBQHwBaOrAfoFBAgAEACQBgCYBgC4BgDBBgEhNAAA8D_QBsKNBNoGFgoQCRIZAQGLYOAGAfIGAggAgAcBiAcAoAcByAfy8wXSBw0VZQEmCNoHBgFepBgA4AcA6gcCCADwB5P5A4oIAhAAlQgAAIA_mAgBwAjwBtIIBggAEAAYAA..&s=a3ec7518b5b60aa7306146cbc89eb114bb68b93a&bdref=https%3A%2F%2Fwww.fifermods.com%2F&bdtop=true&bdifs=1&bstk=https%3A%2F%2Fwww.fifermods.com%2F,https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fpagead%2Fads%3Fclient%3Dca-pub-2575916601382163%26output%3Dhtml%26h%3D90%26slotname%3D4967845940%26adk%3D2824991640%26adf%3D3631225521%26pi%3Dt.ma~as.4967845940%26w%3D728%26lmt%3D1702594879%26format%3D728x90%26url%3Dhttps%253A%252F%252Fwww.fifermods.com%252F%26ea%3D0%26wgl%3D1%26uach%3DWyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.%26dt%3D1702594879262%26bpp%3D1%26bdt%3D337%26idt%3D237%26shv%3Dr20231207%26mjsv%3Dm202312070101%26ptt%3D9%26saldr%3Daa%26abxe%3D1%26prev_fmts%3D0x0%252C728x90%252C728x90%26nras%3D1%26correlator%3D5814379461392%26frm%3D20%26pv%3D1%26ga_vid%3D111540019.1702594879%26ga_sid%3D1702594879%26ga_hid%3D2004749650%26ga_fc%3D0%26u_tz%3D60%26u_his%3D3%26u_h%3D1200%26u_w%3D1600%26u_ah%3D1200%26u_aw%3D1600%26u_cd%3D24%26u_sd%3D1%26dmc%3D8%26adx%3D-12245933%26ady%3D-12245933%26biw%3D1600%26bih%3D1200%26scr_x%3D0%26scr_y%3D0%26eid%3D44759875%252C44759926%252C31079979%252C42532524%252C44785294%252C95320885%26oid%3D2%26pvsid%3D3081681150647098%26tmod%3D667205178%26uas%3D0%26nvt%3D1%26fc%3D1920%26brdim%3D0%252C0%252C0%252C0%252C1600%252C0%252C1600%252C1200%252C1600%252C1200%26vis%3D1%26rsz%3D%257C%257ConepEr%257C%26abl%3DCS%26pfx%3D0%26fu%3D32768%26bc%3D31%26psd%3DW251bGwsbnVsbCxudWxsLDNd%26ifi%3D4%26uci%3Da!4%26fsb%3D1%26dtd%3D240&

Requested by

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.89.210.141 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

950.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

Software

nginx/1.23.4 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 14 Dec 2023 23:01:20 GMT
an-x-request-uuid: 54cf2b21-da96-4571-bc3d-eb91bfa86035
server: nginx/1.23.4
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: text/html; charset=utf-8
access-control-allow-origin: *
cache-control: no-store, no-cache, private
access-control-allow-credentials: true
x-proxy-origin: 80.255.10.201; 80.255.10.201; 950.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
content-length: 0
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
DATA 200
OK truncated
/ Frame 2F2A 215 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b107a35c225797ce65637180bec825336adb6cbed91b819a5f2f35c20ede151c

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 62bHydCX.html Show response
tpc.googlesyndication.com/sodar/ Frame B489 38 KB
13 KB 7ms
7ms Document
text/html 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/62bHydCX.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Q12zgMmT.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

eb66c7c9d097d5ba414230f422484c17fa6f37157d30e1ded2cc5f65a9667987

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 222473
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: br
content-length: 13045
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Tue, 12 Dec 2023 09:13:27 GMT
expires: Wed, 11 Dec 2024 09:13:27 GMT
last-modified: Fri, 25 Aug 2023 23:48:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H/1.1

200
OK

request.php Show response
hal900015.redintelligence.net/ Frame 164E
Redirect Chain

https://hal900015.redintelligence.net/request.php?zone=g72h7lz2c4az&nw=20&renderingType=javascript&namespace=8fc928fd51&subid=&uid=d89957c679b88880&screenSize=1600x1200&screenSizeAvail=1600x1200&cl...
https://hal900015.redintelligence.net/request.php?zone=g72h7lz2c4az&nw=20&renderingType=javascript&namespace=8fc928fd51&subid=&uid=d89957c679b88880&screenSize=1600x1200&screenSizeAvail=1600x1200&cl...

4 KB
2 KB

82ms
70ms

Script
application/x-javascript

138.201.135.164
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal900015.redintelligence.net/request.php?zone=g72h7lz2c4az&nw=20&renderingType=javascript&namespace=8fc928fd51&subid=&uid=d89957c679b88880&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=728x90&scrollPos=0x0&extData[]=&extVar[]=DV360_SSP%3A1&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCQS36P4l7Zc2CIMCI7_UP0KKP-A-m5b2gaYWVnKfJD_AuEAEgpJHiPGCVgoCAoAfIAQmpAtPqU3VdUrI-qAMByAObBKoE4gFP0BXxST-Xym3z6XrusableXxtAssUXdswrPYaxOhGDsRqR7u02fvW7fLzmtXfxIl5qD8FYot4dhIWnLi8tfrQ7bQHGnKaEHtvOSo4o8GJteFjpPHgmZEtxUrQLkkMmA_JFAmHg3j6ukvINETiqlxnSxKBKP-xUDoSzeKAC4STQbtCU6Pc-1tzVM4qQqhKjflDlXvd3FiajWe7YCx6T38hBck1xB0oHof0JbwtGk9YkBStLDa6rUhxZVr4hwAPa1Mky6OTu9ybo9zmFN5XOZWU7nJPEMxlnCHDpM7mlSc8Fy5VwATrj_yO9wPgBAOIBe-vlog-kAYBoAZNgAesrfWfA6gH2baxAqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB9XJG6gHpr4bqAeaBqgH89EbqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCB8IgOGAEBABGB8yAqoCOgKAQEi9_cE6WLf-9ZeEkIMDgAoBmAsByAsBgAwBogwgKh4KHOS0sQLutbECtbixAqy6sQLktLEC7rWxAru7sQKqDQJERbATh--xFdATANgTA4gUAdgUAdAVAfgWAYAXAbIYAyIBAA%26ae%3D1%26num%3D1%26cid%3DCAQSTgAvHhf_jRNwqmYwMOxLIS4Raw0YccVbGsumxbcSWYJRnxngVWaka4pOXGKynffJY-TYuTOJ-F5sEDWjuMjPVuaZEl5gGHeDn4oxeYsFxBgB%26sig%3DAOD64_3RBh85FqOqHxlXcrBbTDVoFlpc7g%26client%3Dca-pub-2575916601382163%26dbm_c%3DAKAmf-A6-4p1SB6WcXTAvpJFpF276_QJzTPmJD6t_uV2ul4q2v_cek4IDnXUPOPTwmjpSay_3AIn91xeA_C0qfO34PLPrHr25lknelhp8aLWUt4ic4YLcmI8DippWp9S1OUs7zmyUXk73p-Hvh5Lyi0an0vQFnv2dsHsGfKamUOjC4CsP0xQIt0%26cry%3D1%26dbm_d%3DAKAmf-C2EMMagdx_qoxcEqXtnaHu3vFuAaSD39OxDFLiqax_rohintsTGZFgmLqH0xF0szr8Pat7cLB1_-SRgzGuMRaaM-WWcfj7WtrMcEZ7WIrHxj79fTfikj2Z_rQSjdm6RJjScf691FudO2GJJY96WYVQu-vZ4ZWy3Svly0pPNopCTlRWHWpFRGyJevnMM04-R7SWP7w6shh3-ydGuIsmf539IkThVl28WGS2_-_DMUg3NZFKbwDUgWA5ZjTHdALdgU4r09gP2JxMkDowuLlbi1tuZcWZh3yfD93BRwSXi9noeR4MhhirLucrSSfNAm-TXi13UYq9D-aZQVC218wv3E1fEMcUpdEHRZyHHSEwxSy6TsUsa-lEsjDpcZKj0MPsWsFfsCvitrAdYouWiPvAtU-9APZXLY9d3VnyHa5E46y6AzOkiCewD6xsH3_1zDWyLNOpkACYEoXON7SeXKsfuzx9hMLCT9cCO0uiOyYltC_QoFF1thtZ2QOLK9O1Yn7JbyiL4Lrm%26adurl%3D&documentReferer=https%3A%2F%2Fwww.fifermods.com%2F&ancestorOrigins=https%3A%2F%2Fwww.fifermods.com&random=2329849856581&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0&uidRedirect=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2575916601382163&output=html&h=90&slotname=8687599108&adk=527282194&adf=2440769997&pi=t.ma~as.8687599108&w=728&lmt=1702594879&format=728x90&url=https%3A%2F%2Fwww.fifermods.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1702594879262&bpp=1&bdt=337&idt=235&shv=r20231207&mjsv=m202312070101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C728x90&nras=1&correlator=5814379461392&frm=20&pv=1&ga_vid=111540019.1702594879&ga_sid=1702594879&ga_hid=2004749650&ga_fc=0&u_tz=60&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=436&ady=3411&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C31079979%2C42532524%2C44785294%2C95320885&oid=2&pvsid=3081681150647098&tmod=667205178&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=3&uci=a!3&btvi=1&fsb=1&dtd=236
Protocol: HTTP/1.1
Server: 138.201.135.164 St. Ingbert, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.164.135.201.138.clients.your-server.de
Software: Apache /
Resource Hash: afb6e94dd3d73ce4039b89c415eca7d81d22c1f2447c05c8858b06af1c44df33

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 14 Dec 2023 23:01:20 GMT
Content-Encoding: gzip
Server: Apache
Vary: Accept-Encoding
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: application/x-javascript; charset=utf-8
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
X-NEORY-SubId: 67793200000114704444550012539015
Connection: close
Content-Length: 1334
Expires: Thu, 14 Dec 2023 23:01:20 +0100

Redirect headers

Pragma: no-cache
Date: Thu, 14 Dec 2023 23:01:20 GMT
Server: Apache
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Location: request.php?zone=g72h7lz2c4az&nw=20&renderingType=javascript&namespace=8fc928fd51&subid=&uid=d89957c679b88880&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=728x90&scrollPos=0x0&extData[]=&extVar[]=DV360_SSP%3A1&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCQS36P4l7Zc2CIMCI7_UP0KKP-A-m5b2gaYWVnKfJD_AuEAEgpJHiPGCVgoCAoAfIAQmpAtPqU3VdUrI-qAMByAObBKoE4gFP0BXxST-Xym3z6XrusableXxtAssUXdswrPYaxOhGDsRqR7u02fvW7fLzmtXfxIl5qD8FYot4dhIWnLi8tfrQ7bQHGnKaEHtvOSo4o8GJteFjpPHgmZEtxUrQLkkMmA_JFAmHg3j6ukvINETiqlxnSxKBKP-xUDoSzeKAC4STQbtCU6Pc-1tzVM4qQqhKjflDlXvd3FiajWe7YCx6T38hBck1xB0oHof0JbwtGk9YkBStLDa6rUhxZVr4hwAPa1Mky6OTu9ybo9zmFN5XOZWU7nJPEMxlnCHDpM7mlSc8Fy5VwATrj_yO9wPgBAOIBe-vlog-kAYBoAZNgAesrfWfA6gH2baxAqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB9XJG6gHpr4bqAeaBqgH89EbqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCB8IgOGAEBABGB8yAqoCOgKAQEi9_cE6WLf-9ZeEkIMDgAoBmAsByAsBgAwBogwgKh4KHOS0sQLutbECtbixAqy6sQLktLEC7rWxAru7sQKqDQJERbATh--xFdATANgTA4gUAdgUAdAVAfgWAYAXAbIYAyIBAA%26ae%3D1%26num%3D1%26cid%3DCAQSTgAvHhf_jRNwqmYwMOxLIS4Raw0YccVbGsumxbcSWYJRnxngVWaka4pOXGKynffJY-TYuTOJ-F5sEDWjuMjPVuaZEl5gGHeDn4oxeYsFxBgB%26sig%3DAOD64_3RBh85FqOqHxlXcrBbTDVoFlpc7g%26client%3Dca-pub-2575916601382163%26dbm_c%3DAKAmf-A6-4p1SB6WcXTAvpJFpF276_QJzTPmJD6t_uV2ul4q2v_cek4IDnXUPOPTwmjpSay_3AIn91xeA_C0qfO34PLPrHr25lknelhp8aLWUt4ic4YLcmI8DippWp9S1OUs7zmyUXk73p-Hvh5Lyi0an0vQFnv2dsHsGfKamUOjC4CsP0xQIt0%26cry%3D1%26dbm_d%3DAKAmf-C2EMMagdx_qoxcEqXtnaHu3vFuAaSD39OxDFLiqax_rohintsTGZFgmLqH0xF0szr8Pat7cLB1_-SRgzGuMRaaM-WWcfj7WtrMcEZ7WIrHxj79fTfikj2Z_rQSjdm6RJjScf691FudO2GJJY96WYVQu-vZ4ZWy3Svly0pPNopCTlRWHWpFRGyJevnMM04-R7SWP7w6shh3-ydGuIsmf539IkThVl28WGS2_-_DMUg3NZFKbwDUgWA5ZjTHdALdgU4r09gP2JxMkDowuLlbi1tuZcWZh3yfD93BRwSXi9noeR4MhhirLucrSSfNAm-TXi13UYq9D-aZQVC218wv3E1fEMcUpdEHRZyHHSEwxSy6TsUsa-lEsjDpcZKj0MPsWsFfsCvitrAdYouWiPvAtU-9APZXLY9d3VnyHa5E46y6AzOkiCewD6xsH3_1zDWyLNOpkACYEoXON7SeXKsfuzx9hMLCT9cCO0uiOyYltC_QoFF1thtZ2QOLK9O1Yn7JbyiL4Lrm%26adurl%3D&documentReferer=https%3A%2F%2Fwww.fifermods.com%2F&ancestorOrigins=https%3A%2F%2Fwww.fifermods.com&random=2329849856581&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0&uidRedirect=1
Content-Type: text/html; charset=UTF-8
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Connection: close
Content-Length: 0
Expires: Thu, 14 Dec 2023 23:01:20 +0100

POST
H2 200 vevent
ams3-ib.adnxs.com/ Frame 541B 0
669 B 22ms
20ms Ping
text/html 185.89.210.141
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ams3-ib.adnxs.com/vevent?an_audit=0&referrer=https%3A%2F%2Fwww.fifermods.com&e=wqT_3QKKB-iKAwAAAwDWAAUBCL-S7qsGEPCIi5uimtabMhgAKjYJWYVacmFoyz8Rn7YwX5G3yj8ZAAAAIK5H6T8hnw0SACkRJAAxARvAheuxPzDb-KYDOLUBQLVeSOMDULqJirYBWMCxPWAAaJ-kVHjy8wWAAQGKAQNVU0SSAQEG8GGYAdgFoAFaqAEBsAEAuAEBwAEFyAEC0AEA2AEA4AEA8AEA2ALwBuACoqgx6gIZaHR0cHM6Ly93d3cuZmlmZXJtb2RzLmNvbYADAIgDAZADAJgDCaADAaoDmgMKsAJodHRwcw0v8IZiaW5nLmNvbS9hcGkvdjEvbWVkaWF0aW9uL3RyYWNraW5nP2FkVW5pdD0zOTE0NjYmYXVJZD05Mjc4M2NmMC01MmIxLTQ1NmQtOWY0NC00OWM2NTE5OWU2YjQmYmlkSWQ9MTUwMDAmYmlkZGVySWQ9NCZjbUV4cElkPUxWMiZvQWRVbml0PTMJXFRwdWJsaXNoZXJJZD0xNjI2NDUzMzAmAQ4AOY5xALhydHlwZT1udXJsJnRhZ0lkPTY5Mjk0OTkmdHJhZmZpY0dyb3VwPWtuYXFlXzNjJg0WCFN1YgkZ9CoBcGJhZ2VieSZhaWQ9JHtBVUNUSU9OX0lEfRIFMTIwODUaEzM2MTg0NTg0ODUxNzU1MzQ3MDQiCTM4MTg0NjcxNCoEYmluZzo4VTJWaGNtTm9RV1FqT0RNM05qazBOVFEyTnpFek5qRWpNak16TlRVMk9EZzFOakUzTkRVME5BPT3AA9gEyAMA2AMA4AMA6AMA-AMDgAQAkgQEL3VhcJgEAKgEALIEDAgAEAAYACAAMAA4ALgEAMAEAMgEANoEAggB4AQB8AS6iYq2AYgFAZgFAKAF6JPO4cS93rEYwAUAyQUAAAAAAADwP9IFCQkAAAAAAAAAANgFAeAFAfAFo6sB-gUECAAQAJAGAJgGALgGAMEGAAAAAAAA8D_QBsKNBNoGFgoQAAAAAAAAAAAJPXwAABAAGADgBgHyBgIIAIAHAYgHAKAHAcgH8vMF0gcNCS4mAAzaBwYICS-kBwDqBwIIAPAHk_kDiggCEACVCAAAgD-YCAHACPAG0ggJCP___z8QAhgA&s=3208d461fe9b3a8aee2a3a0fde0a423b8703b076&type=nv&nvt=5&jm=1003&sid=4718093581298875960&vd=ct~0|rr~0&sv=240&tv=view7-1hs&ua=chrome52&pl=win&x=v&tag_id=6929499&sw=1600&sh=1200&pw=0&ph=0&ww=0&wh=0&ft=3

Requested by

Host: cdn.adnxs.com
URL: https://cdn.adnxs.com/v/s/240/trk.js

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.89.210.141 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

950.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

Software

nginx/1.23.4 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 14 Dec 2023 23:01:20 GMT
an-x-request-uuid: 3d8df769-3511-412b-bb73-0b9a44e011ac
server: nginx/1.23.4
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: text/html; charset=utf-8
access-control-allow-origin: https://googleads.g.doubleclick.net
cache-control: no-store, no-cache, private
access-control-allow-credentials: true
x-proxy-origin: 80.255.10.201; 80.255.10.201; 950.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
content-length: 0
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3 200 adview
googleads.g.doubleclick.net/pagead/ Frame 541B 0
19 B 51ms
50ms Image
text/html 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=CljCZP4l7Zb2SINq-9u8P-tq3kAPS4Nfgbo-ktpOTCsCNtwEQASAAYJWCgICgB4IBF2NhLXB1Yi0yNTc1OTE2NjAxMzgyMTYzyAEJqAMByAMCqgTFAU_QqC3hGix6HJhtwuBlIEvWdXn958Z0z_m7uxj0VFZNHMopLnq_wZWcl8heU9FEijTEvcsx9ZViph7-uqSua7tngdHf19o8Q2BFIZJhCVjUl2QNv5-CTqdmbVT4-ghpzUEoAPSazuwU2ZC51qCYtrr4r5yTmB4Ew2IvsnORv-B20sGcypNjVnJ280DjIbwpmlZOg-NQt-rUDlQT8apdLunjRmGD9eT_01yFok0I8Fzb0flGVqG-TkboWUYsEDnijHgYbyV3gAbA0p-GyLix-PEBoAYhqAemvhuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIHQiA4YAQEAEyAqoCOgKAQEi9_cE6WPqM9peEkIMDgAoB-gsCCAGADAHQFQGAFwGyFxoKGBIUcHViLTI1NzU5MTY2MDEzODIxNjMYAA&sigh=v1pmB0vD0rE&uach_m=%5BUACH%5D&cid=CAQSTwAvHhf_UQXmx3aMc7Mq2TxK1oJHp6vtwqyEPZRUMJ7bxg_qPdUt6_SyTC3-6hPt7Us2HFKfhPmLhG693FXVk3Uvh6aR5Z5OWSd9lRc_k78YAQ&cbvp=2&vis=1

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2575916601382163&output=html&h=90&slotname=4967845940&adk=2824991640&adf=3631225521&pi=t.ma~as.4967845940&w=728&lmt=1702594879&format=728x90&url=https%3A%2F%2Fwww.fifermods.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1702594879262&bpp=1&bdt=337&idt=237&shv=r20231207&mjsv=m202312070101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C728x90%2C728x90&nras=1&correlator=5814379461392&frm=20&pv=1&ga_vid=111540019.1702594879&ga_sid=1702594879&ga_hid=2004749650&ga_fc=0&u_tz=60&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C31079979%2C42532524%2C44785294%2C95320885&oid=2&pvsid=3081681150647098&tmod=667205178&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7ConepEr%7C&abl=CS&pfx=0&fu=32768&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=4&uci=a!4&fsb=1&dtd=240
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Thu, 14 Dec 2023 23:01:20 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H2 200 it
ams3-ib.adnxs.com/ Frame 541B 0
645 B 14ms
13ms Image
text/html 185.89.210.141
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ams3-ib.adnxs.com/it?an_audit=0&referrer=https%3A%2F%2Fwww.fifermods.com&e=wqT_3QKKB-iKAwAAAwDWAAUBCL-S7qsGEPCIi5uimtabMhgAKjYJWYVacmFoyz8Rn7YwX5G3yj8ZAAAAIK5H6T8hnw0SACkRJAAxARvAheuxPzDb-KYDOLUBQLVeSOMDULqJirYBWMCxPWAAaJ-kVHjy8wWAAQGKAQNVU0SSAQEG8GGYAdgFoAFaqAEBsAEAuAEBwAEFyAEC0AEA2AEA4AEA8AEA2ALwBuACoqgx6gIZaHR0cHM6Ly93d3cuZmlmZXJtb2RzLmNvbYADAIgDAZADAJgDCaADAaoDmgMKsAJodHRwcw0v8IZiaW5nLmNvbS9hcGkvdjEvbWVkaWF0aW9uL3RyYWNraW5nP2FkVW5pdD0zOTE0NjYmYXVJZD05Mjc4M2NmMC01MmIxLTQ1NmQtOWY0NC00OWM2NTE5OWU2YjQmYmlkSWQ9MTUwMDAmYmlkZGVySWQ9NCZjbUV4cElkPUxWMiZvQWRVbml0PTMJXFRwdWJsaXNoZXJJZD0xNjI2NDUzMzAmAQ4AOY5xALhydHlwZT1udXJsJnRhZ0lkPTY5Mjk0OTkmdHJhZmZpY0dyb3VwPWtuYXFlXzNjJg0WCFN1YgkZ9CoBcGJhZ2VieSZhaWQ9JHtBVUNUSU9OX0lEfRIFMTIwODUaEzM2MTg0NTg0ODUxNzU1MzQ3MDQiCTM4MTg0NjcxNCoEYmluZzo4VTJWaGNtTm9RV1FqT0RNM05qazBOVFEyTnpFek5qRWpNak16TlRVMk9EZzFOakUzTkRVME5BPT3AA9gEyAMA2AMA4AMA6AMA-AMDgAQAkgQEL3VhcJgEAKgEALIEDAgAEAAYACAAMAA4ALgEAMAEAMgEANoEAggB4AQB8AS6iYq2AYgFAZgFAKAF6JPO4cS93rEYwAUAyQUAAAAAAADwP9IFCQkAAAAAAAAAANgFAeAFAfAFo6sB-gUECAAQAJAGAJgGALgGAMEGAAAAAAAA8D_QBsKNBNoGFgoQAAAAAAAAAAAJPXwAABAAGADgBgHyBgIIAIAHAYgHAKAHAcgH8vMF0gcNCS4mAAzaBwYICS-kBwDqBwIIAPAHk_kDiggCEACVCAAAgD-YCAHACPAG0ggJCP___z8QAhgA&s=3208d461fe9b3a8aee2a3a0fde0a423b8703b076&pp=ZXuJPwAICT0H_Z9aAA3teoSrX6CQknSxx0eybw&ppt=1&pubclick=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCoIOEP4l7Zb2SINq-9u8P-tq3kAPS4Nfgbo-ktpOTCsCNtwEQASAAYJWCgICgB4IBF2NhLXB1Yi0yNTc1OTE2NjAxMzgyMTYzyAEJqAMByAMCqgTIAU_QqC3hGix6HJhtwuBlIEvWdXn958Z0z_m7uxj0VFZNHMopLnq_wZWcl8heU9FEijTEvcsx9ZViph7-uqSua7tngdHf19o8Q2BFIZJhCVjUl2QNv5-CTqdmbVT4-ghpzUEoAPSazuwU2ZC51qCYtrr4r5yTmB4Ew2IvsnORv-B20sGcypNjVnJ280DjIbwpmlZOg-NQt-rUDlQT8apdLqvhZ_NBUR6SR6bxF9NRdOrf8vPCX4-ml-RuAMKQkBPOlLiZjUjjVBKGgAbA0p-GyLix-PEBoAYhqAemvhuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIHQiA4YAQEAEyAqoCOgKAQEi9_cE6WPqM9peEkIMD-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_0MbAir5kbmRJKFOnPyDHNtdUKYhg%26client%3Dca-pub-2575916601382163%26adurl%3D&cbvp=2

Requested by

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.89.210.141 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

950.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

Software

nginx/1.23.4 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 14 Dec 2023 23:01:20 GMT
an-x-request-uuid: 03ef7fb5-eab2-453a-bf1f-d5308c4000b1
server: nginx/1.23.4
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: text/html; charset=utf-8
access-control-allow-origin: *
cache-control: no-store, no-cache, private
access-control-allow-credentials: true
x-proxy-origin: 80.255.10.201; 80.255.10.201; 950.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
content-length: 0
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3 200 Dtt_-LR3WxpzwV0Gscftq1A_D1owstvxoTnWWhwY4Ow.js Show response
pagead2.googlesyndication.com/bg/ Frame B489 39 KB
15 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/Dtt_-LR3WxpzwV0Gscftq1A_D1owstvxoTnWWhwY4Ow.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/62bHydCX.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0edb7ff8b4775b1a73c15d06b1c7edab503f0f5a30b2dbf1a139d65a1c18e0ec

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 14 Dec 2023 10:34:36 GMT
content-encoding: br
x-content-type-options: nosniff
age: 44804
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15165
x-xss-protection: 0
last-modified: Tue, 28 Nov 2023 18:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 13 Dec 2024 10:34:36 GMT

GET
H3

200

/
www.googleadservices.com/pagead/ar-adview/ Frame 2F2A
Redirect Chain

https://googleads.g.doubleclick.net/pagead/adview?ai=CMqwHP4l7ZeTqH5GC7_UPwrivgAHzmf-LdOfn0drmEcHfr7_0PhABIKSR4jxglYKAgKAHoAGWqYH_AsgBCakC0-pTdV1Ssj6oAwHIA8sEqgTFAU_QwFpzdxiIZW-fC17QLIfDIsEisgVvcLk...
https://www.googleadservices.com/pagead/ar-adview/?nrh={%22debug_key%22:%224729824993685689685%22,%22debug_reporting%22:true,%22destination%22:%22https://stoffe-hemmers.de%22,%22event_report_window...

0
0

71ms
43ms

Fetch
text/css

142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/ar-adview/?nrh={%22debug_key%22:%224729824993685689685%22,%22debug_reporting%22:true,%22destination%22:%22https://stoffe-hemmers.de%22,%22event_report_window%22:%22259200%22,%22expiry%22:%222592000%22,%22filter_data%22:{%222%22:[%22803230870%22],%2222%22:[%22true%22],%224%22:[%2212-14%22],%226%22:[%22true%22]},%22priority%22:%22500%22,%22source_event_id%22:%226814921984435555169%22}&andc=true

Requested by

Host: www.fifermods.com
URL: https://www.fifermods.com/

Protocol

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 14 Dec 2023 23:01:20 GMT
x-content-type-options: nosniff
attribution-reporting-register-source: {"debug_key":"4729824993685689685","debug_reporting":true,"destination":"https://stoffe-hemmers.de","event_report_window":"259200","expiry":"2592000","filter_data":{"2":["803230870"],"22":["true"],"4":["12-14"],"6":["true"]},"priority":"500","source_event_id":"6814921984435555169"}
server: cafe
content-type: text/css; charset=UTF-8
access-control-allow-origin: https://googleads.g.doubleclick.net
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: private
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Thu, 14 Dec 2023 23:01:20 GMT

Redirect headers

content-security-policy: script-src 'none'; object-src 'none'
date: Thu, 14 Dec 2023 23:01:20 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
location: https://www.googleadservices.com/pagead/ar-adview/?nrh={"debug_key":"4729824993685689685","debug_reporting":true,"destination":"https://stoffe-hemmers.de","event_report_window":"259200","expiry":"2592000","filter_data":{"2":["803230870"],"22":["true"],"4":["12-14"],"6":["true"]},"priority":"500","source_event_id":"6814921984435555169"}&andc=true
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H3 200 a_HaIzZFyEVJYJ9hlnDU0-lGrGHVFv1T5ZfBCtEAYIo.js Show response
pagead2.googlesyndication.com/bg/ Frame 2C16 50 KB
19 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/a_HaIzZFyEVJYJ9hlnDU0-lGrGHVFv1T5ZfBCtEAYIo.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6bf1da233645c84549609f619670d4d3e946ac61d516fd53e597c10ad100608a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Tue, 12 Dec 2023 08:10:10 GMT
content-encoding: br
x-content-type-options: nosniff
age: 226270
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 19601
x-xss-protection: 0
last-modified: Tue, 28 Nov 2023 18:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 11 Dec 2024 08:10:10 GMT

GET
H2 200 e99aace94e6e5873881d3400993e1e7e Show response
pv.medialead.de/trck/epv/ Frame 555E 0
327 B 61ms
19ms Document
application/javascript 91.121.248.44
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://pv.medialead.de/trck/epv/e99aace94e6e5873881d3400993e1e7e?subid=67793200000114704444550012539015&t=htlp&gdpr=1&consent=1&gdpr_consent=
Requested by: Host: hal900015.redintelligence.net
URL: https://hal900015.redintelligence.net/request.php?zone=g72h7lz2c4az&nw=20&renderingType=javascript&namespace=8fc928fd51&subid=&uid=d89957c679b88880&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=728x90&scrollPos=0x0&extData[]=&extVar[]=DV360_SSP%3A1&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCQS36P4l7Zc2CIMCI7_UP0KKP-A-m5b2gaYWVnKfJD_AuEAEgpJHiPGCVgoCAoAfIAQmpAtPqU3VdUrI-qAMByAObBKoE4gFP0BXxST-Xym3z6XrusableXxtAssUXdswrPYaxOhGDsRqR7u02fvW7fLzmtXfxIl5qD8FYot4dhIWnLi8tfrQ7bQHGnKaEHtvOSo4o8GJteFjpPHgmZEtxUrQLkkMmA_JFAmHg3j6ukvINETiqlxnSxKBKP-xUDoSzeKAC4STQbtCU6Pc-1tzVM4qQqhKjflDlXvd3FiajWe7YCx6T38hBck1xB0oHof0JbwtGk9YkBStLDa6rUhxZVr4hwAPa1Mky6OTu9ybo9zmFN5XOZWU7nJPEMxlnCHDpM7mlSc8Fy5VwATrj_yO9wPgBAOIBe-vlog-kAYBoAZNgAesrfWfA6gH2baxAqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB9XJG6gHpr4bqAeaBqgH89EbqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCB8IgOGAEBABGB8yAqoCOgKAQEi9_cE6WLf-9ZeEkIMDgAoBmAsByAsBgAwBogwgKh4KHOS0sQLutbECtbixAqy6sQLktLEC7rWxAru7sQKqDQJERbATh--xFdATANgTA4gUAdgUAdAVAfgWAYAXAbIYAyIBAA%26ae%3D1%26num%3D1%26cid%3DCAQSTgAvHhf_jRNwqmYwMOxLIS4Raw0YccVbGsumxbcSWYJRnxngVWaka4pOXGKynffJY-TYuTOJ-F5sEDWjuMjPVuaZEl5gGHeDn4oxeYsFxBgB%26sig%3DAOD64_3RBh85FqOqHxlXcrBbTDVoFlpc7g%26client%3Dca-pub-2575916601382163%26dbm_c%3DAKAmf-A6-4p1SB6WcXTAvpJFpF276_QJzTPmJD6t_uV2ul4q2v_cek4IDnXUPOPTwmjpSay_3AIn91xeA_C0qfO34PLPrHr25lknelhp8aLWUt4ic4YLcmI8DippWp9S1OUs7zmyUXk73p-Hvh5Lyi0an0vQFnv2dsHsGfKamUOjC4CsP0xQIt0%26cry%3D1%26dbm_d%3DAKAmf-C2EMMagdx_qoxcEqXtnaHu3vFuAaSD39OxDFLiqax_rohintsTGZFgmLqH0xF0szr8Pat7cLB1_-SRgzGuMRaaM-WWcfj7WtrMcEZ7WIrHxj79fTfikj2Z_rQSjdm6RJjScf691FudO2GJJY96WYVQu-vZ4ZWy3Svly0pPNopCTlRWHWpFRGyJevnMM04-R7SWP7w6shh3-ydGuIsmf539IkThVl28WGS2_-_DMUg3NZFKbwDUgWA5ZjTHdALdgU4r09gP2JxMkDowuLlbi1tuZcWZh3yfD93BRwSXi9noeR4MhhirLucrSSfNAm-TXi13UYq9D-aZQVC218wv3E1fEMcUpdEHRZyHHSEwxSy6TsUsa-lEsjDpcZKj0MPsWsFfsCvitrAdYouWiPvAtU-9APZXLY9d3VnyHa5E46y6AzOkiCewD6xsH3_1zDWyLNOpkACYEoXON7SeXKsfuzx9hMLCT9cCO0uiOyYltC_QoFF1thtZ2QOLK9O1Yn7JbyiL4Lrm%26adurl%3D&documentReferer=https%3A%2F%2Fwww.fifermods.com%2F&ancestorOrigins=https%3A%2F%2Fwww.fifermods.com&random=2329849856581&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 91.121.248.44 , France, ASN16276 (OVH, FR),
Reverse DNS: ip44.ip-91-121-248.eu
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-credentials: true
access-control-allow-origin: *
access-control-expose-headers: X-Request-ID
attribution-reporting-register-source: {"source_event_id":"17200521800104416","destination":"https://trck.easy-m.de","expiry":5184000,"filter_data":{}}
content-length: 0
content-type: application/javascript; charset=utf-8
date: Thu, 14 Dec 2023 23:01:20 GMT
host: pv.medialead.de
proxy-host: pv.medialead.de
server: nginx
vary: Origin

GET
H2 200 / Show response
adv.office-partner.de/ Frame E033 930 B
923 B 52ms
21ms Document
text/html 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to

Full URL: https://adv.office-partner.de/?utm_source=webgains&utm_campaign=webgains
Requested by: Host: hal900015.redintelligence.net
URL: https://hal900015.redintelligence.net/request.php?zone=g72h7lz2c4az&nw=20&renderingType=javascript&namespace=8fc928fd51&subid=&uid=d89957c679b88880&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=728x90&scrollPos=0x0&extData[]=&extVar[]=DV360_SSP%3A1&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCQS36P4l7Zc2CIMCI7_UP0KKP-A-m5b2gaYWVnKfJD_AuEAEgpJHiPGCVgoCAoAfIAQmpAtPqU3VdUrI-qAMByAObBKoE4gFP0BXxST-Xym3z6XrusableXxtAssUXdswrPYaxOhGDsRqR7u02fvW7fLzmtXfxIl5qD8FYot4dhIWnLi8tfrQ7bQHGnKaEHtvOSo4o8GJteFjpPHgmZEtxUrQLkkMmA_JFAmHg3j6ukvINETiqlxnSxKBKP-xUDoSzeKAC4STQbtCU6Pc-1tzVM4qQqhKjflDlXvd3FiajWe7YCx6T38hBck1xB0oHof0JbwtGk9YkBStLDa6rUhxZVr4hwAPa1Mky6OTu9ybo9zmFN5XOZWU7nJPEMxlnCHDpM7mlSc8Fy5VwATrj_yO9wPgBAOIBe-vlog-kAYBoAZNgAesrfWfA6gH2baxAqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB9XJG6gHpr4bqAeaBqgH89EbqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCB8IgOGAEBABGB8yAqoCOgKAQEi9_cE6WLf-9ZeEkIMDgAoBmAsByAsBgAwBogwgKh4KHOS0sQLutbECtbixAqy6sQLktLEC7rWxAru7sQKqDQJERbATh--xFdATANgTA4gUAdgUAdAVAfgWAYAXAbIYAyIBAA%26ae%3D1%26num%3D1%26cid%3DCAQSTgAvHhf_jRNwqmYwMOxLIS4Raw0YccVbGsumxbcSWYJRnxngVWaka4pOXGKynffJY-TYuTOJ-F5sEDWjuMjPVuaZEl5gGHeDn4oxeYsFxBgB%26sig%3DAOD64_3RBh85FqOqHxlXcrBbTDVoFlpc7g%26client%3Dca-pub-2575916601382163%26dbm_c%3DAKAmf-A6-4p1SB6WcXTAvpJFpF276_QJzTPmJD6t_uV2ul4q2v_cek4IDnXUPOPTwmjpSay_3AIn91xeA_C0qfO34PLPrHr25lknelhp8aLWUt4ic4YLcmI8DippWp9S1OUs7zmyUXk73p-Hvh5Lyi0an0vQFnv2dsHsGfKamUOjC4CsP0xQIt0%26cry%3D1%26dbm_d%3DAKAmf-C2EMMagdx_qoxcEqXtnaHu3vFuAaSD39OxDFLiqax_rohintsTGZFgmLqH0xF0szr8Pat7cLB1_-SRgzGuMRaaM-WWcfj7WtrMcEZ7WIrHxj79fTfikj2Z_rQSjdm6RJjScf691FudO2GJJY96WYVQu-vZ4ZWy3Svly0pPNopCTlRWHWpFRGyJevnMM04-R7SWP7w6shh3-ydGuIsmf539IkThVl28WGS2_-_DMUg3NZFKbwDUgWA5ZjTHdALdgU4r09gP2JxMkDowuLlbi1tuZcWZh3yfD93BRwSXi9noeR4MhhirLucrSSfNAm-TXi13UYq9D-aZQVC218wv3E1fEMcUpdEHRZyHHSEwxSy6TsUsa-lEsjDpcZKj0MPsWsFfsCvitrAdYouWiPvAtU-9APZXLY9d3VnyHa5E46y6AzOkiCewD6xsH3_1zDWyLNOpkACYEoXON7SeXKsfuzx9hMLCT9cCO0uiOyYltC_QoFF1thtZ2QOLK9O1Yn7JbyiL4Lrm%26adurl%3D&documentReferer=https%3A%2F%2Fwww.fifermods.com%2F&ancestorOrigins=https%3A%2F%2Fwww.fifermods.com&random=2329849856581&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),
Reverse DNS
Software: keycdn /
Resource Hash: 384179ee8fb1fd393558e28ea811532ea776e8cd69f9e94f379ddefb78948bd7

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
cache-control: max-age=604800
content-encoding: gzip
content-length: 552
content-type: text/html
date: Thu, 14 Dec 2023 23:01:20 GMT
etag: "3a2-5c1ab16b3be00-gzip"
expires: Thu, 21 Dec 2023 23:01:20 GMT
last-modified: Thu, 06 May 2021 15:37:28 GMT
link: <https://adv-srv.office-partner.de/?utm_source=webgains&utm_campaign=webgains>; rel="canonical"
server: keycdn
vary: Accept-Encoding
x-accel-version: 0.01
x-cache: HIT
x-edge-location: defr

GET
H2

200

htlp Show response
futalis.de/ Frame 19E6
Redirect Chain

https://cdn.retailads.net/tb.php?t=150337V2172132532M&subid=67793200000114704444550012539015&ra_cnt_active=1&ra_cnt=1
https://futalis.de/htlp?utm_medium=affiliate&utm_source=retailads&utm_campaign=150337&ra_id=3386922984

350 B
401 B

47ms
21ms

Document
text/html

49.12.22.42
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://futalis.de/htlp?utm_medium=affiliate&utm_source=retailads&utm_campaign=150337&ra_id=3386922984
Requested by: Host: hal900015.redintelligence.net
URL: https://hal900015.redintelligence.net/request.php?zone=g72h7lz2c4az&nw=20&renderingType=javascript&namespace=8fc928fd51&subid=&uid=d89957c679b88880&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=728x90&scrollPos=0x0&extData[]=&extVar[]=DV360_SSP%3A1&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCQS36P4l7Zc2CIMCI7_UP0KKP-A-m5b2gaYWVnKfJD_AuEAEgpJHiPGCVgoCAoAfIAQmpAtPqU3VdUrI-qAMByAObBKoE4gFP0BXxST-Xym3z6XrusableXxtAssUXdswrPYaxOhGDsRqR7u02fvW7fLzmtXfxIl5qD8FYot4dhIWnLi8tfrQ7bQHGnKaEHtvOSo4o8GJteFjpPHgmZEtxUrQLkkMmA_JFAmHg3j6ukvINETiqlxnSxKBKP-xUDoSzeKAC4STQbtCU6Pc-1tzVM4qQqhKjflDlXvd3FiajWe7YCx6T38hBck1xB0oHof0JbwtGk9YkBStLDa6rUhxZVr4hwAPa1Mky6OTu9ybo9zmFN5XOZWU7nJPEMxlnCHDpM7mlSc8Fy5VwATrj_yO9wPgBAOIBe-vlog-kAYBoAZNgAesrfWfA6gH2baxAqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB9XJG6gHpr4bqAeaBqgH89EbqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCB8IgOGAEBABGB8yAqoCOgKAQEi9_cE6WLf-9ZeEkIMDgAoBmAsByAsBgAwBogwgKh4KHOS0sQLutbECtbixAqy6sQLktLEC7rWxAru7sQKqDQJERbATh--xFdATANgTA4gUAdgUAdAVAfgWAYAXAbIYAyIBAA%26ae%3D1%26num%3D1%26cid%3DCAQSTgAvHhf_jRNwqmYwMOxLIS4Raw0YccVbGsumxbcSWYJRnxngVWaka4pOXGKynffJY-TYuTOJ-F5sEDWjuMjPVuaZEl5gGHeDn4oxeYsFxBgB%26sig%3DAOD64_3RBh85FqOqHxlXcrBbTDVoFlpc7g%26client%3Dca-pub-2575916601382163%26dbm_c%3DAKAmf-A6-4p1SB6WcXTAvpJFpF276_QJzTPmJD6t_uV2ul4q2v_cek4IDnXUPOPTwmjpSay_3AIn91xeA_C0qfO34PLPrHr25lknelhp8aLWUt4ic4YLcmI8DippWp9S1OUs7zmyUXk73p-Hvh5Lyi0an0vQFnv2dsHsGfKamUOjC4CsP0xQIt0%26cry%3D1%26dbm_d%3DAKAmf-C2EMMagdx_qoxcEqXtnaHu3vFuAaSD39OxDFLiqax_rohintsTGZFgmLqH0xF0szr8Pat7cLB1_-SRgzGuMRaaM-WWcfj7WtrMcEZ7WIrHxj79fTfikj2Z_rQSjdm6RJjScf691FudO2GJJY96WYVQu-vZ4ZWy3Svly0pPNopCTlRWHWpFRGyJevnMM04-R7SWP7w6shh3-ydGuIsmf539IkThVl28WGS2_-_DMUg3NZFKbwDUgWA5ZjTHdALdgU4r09gP2JxMkDowuLlbi1tuZcWZh3yfD93BRwSXi9noeR4MhhirLucrSSfNAm-TXi13UYq9D-aZQVC218wv3E1fEMcUpdEHRZyHHSEwxSy6TsUsa-lEsjDpcZKj0MPsWsFfsCvitrAdYouWiPvAtU-9APZXLY9d3VnyHa5E46y6AzOkiCewD6xsH3_1zDWyLNOpkACYEoXON7SeXKsfuzx9hMLCT9cCO0uiOyYltC_QoFF1thtZ2QOLK9O1Yn7JbyiL4Lrm%26adurl%3D&documentReferer=https%3A%2F%2Fwww.fifermods.com%2F&ancestorOrigins=https%3A%2F%2Fwww.fifermods.com&random=2329849856581&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 49.12.22.42 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: lb-3.futalis.de
Software: /
Resource Hash: 582e283baa4cce4006055beb2eb8fe257c1ec5ef573a40f173b880636089e8cd

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

content-length: 350
content-type: text/html; charset=utf-8

Redirect headers

content-length: 0
content-type: text/html; charset=utf-8
date: Thu, 14 Dec 2023 23:01:20 GMT
location: https://futalis.de/htlp?utm_medium=affiliate&utm_source=retailads&utm_campaign=150337&ra_id=3386922984
p3p: policyref="https://www.retailads.net/w3c/p3p.xml",CP="NOI CUR OUR STP"
server: Apache
xphp81: true

GET
H2 200 link.html Show response
track.webgains.com/ Frame 164E 2 KB
2 KB 127ms
72ms Script
text/html 13.43.203.41
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://track.webgains.com/link.html?wglinkid=498343&wgcampaignid=99582&js=1&viewref=67793200000114704444550012539015&nw=1
Requested by: Host: www.fifermods.com
URL: https://www.fifermods.com/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.43.203.41 London, United Kingdom, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-13-43-203-41.eu-west-2.compute.amazonaws.com
Software: nginx / PHP/7.4.26
Resource Hash: cf6fcaf95549d8b23c0088ac230ebc4620c8ba7aab09265befdc4ec1e0628c97

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 14 Dec 2023 23:01:20 GMT
last-modified: Thu, 14 Dec 2023 23:01:20 GMT
server: nginx
x-powered-by: PHP/7.4.26
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=60
access-control-allow-headers: Authorization
expires: Thu, 14 Dec 2023 23:02:20 GMT

GET
H2

200

activityi;dc_pre=COaXqJiEkIMDFftdkQUdrOsEbQ;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=3149357723691.3286 Show response
5994599.fls.doubleclick.net/ Frame 4A90
Redirect Chain

https://5994599.fls.doubleclick.net/activityi;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=3149357723691.3286?
https://5994599.fls.doubleclick.net/activityi;dc_pre=COaXqJiEkIMDFftdkQUdrOsEbQ;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=3149357723691.3286?

392 B
325 B

50ms
49ms

Document
text/html

216.58.206.38
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://5994599.fls.doubleclick.net/activityi;dc_pre=COaXqJiEkIMDFftdkQUdrOsEbQ;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=3149357723691.3286?

Requested by

Host: www.fifermods.com
URL: https://www.fifermods.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

216.58.206.38 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

mil07s07-in-f6.1e100.net

Software

cafe /

Resource Hash

2070e371397cce00eaa8e9729b9858a777891534b1fa56baa0db2a181ae0504e

Security Headers

Name	Value
Strict-Transport-Security	max-age=21600
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=0
content-encoding: br
content-length: 216
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 14 Dec 2023 23:01:20 GMT
expires: Thu, 14 Dec 2023 23:01:20 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
strict-transport-security: max-age=21600
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, must-revalidate
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 14 Dec 2023 23:01:20 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
follow-only-when-prerender-shown: 1
location: https://5994599.fls.doubleclick.net/activityi;dc_pre=COaXqJiEkIMDFftdkQUdrOsEbQ;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=3149357723691.3286?
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma: no-cache
server: cafe
strict-transport-security: max-age=21600
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H/1.1 200
OK request_content.php Show response
hal900015.redintelligence.net/ Frame 536C 7 KB
2 KB 19ms
7ms Document
text/html 138.201.135.164
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal900015.redintelligence.net/request_content.php?s=67793200000114704444550012539015&a=f484c46c
Requested by: Host: hal900015.redintelligence.net
URL: https://hal900015.redintelligence.net/request.php?zone=g72h7lz2c4az&nw=20&renderingType=javascript&namespace=8fc928fd51&subid=&uid=d89957c679b88880&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=728x90&scrollPos=0x0&extData[]=&extVar[]=DV360_SSP%3A1&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCQS36P4l7Zc2CIMCI7_UP0KKP-A-m5b2gaYWVnKfJD_AuEAEgpJHiPGCVgoCAoAfIAQmpAtPqU3VdUrI-qAMByAObBKoE4gFP0BXxST-Xym3z6XrusableXxtAssUXdswrPYaxOhGDsRqR7u02fvW7fLzmtXfxIl5qD8FYot4dhIWnLi8tfrQ7bQHGnKaEHtvOSo4o8GJteFjpPHgmZEtxUrQLkkMmA_JFAmHg3j6ukvINETiqlxnSxKBKP-xUDoSzeKAC4STQbtCU6Pc-1tzVM4qQqhKjflDlXvd3FiajWe7YCx6T38hBck1xB0oHof0JbwtGk9YkBStLDa6rUhxZVr4hwAPa1Mky6OTu9ybo9zmFN5XOZWU7nJPEMxlnCHDpM7mlSc8Fy5VwATrj_yO9wPgBAOIBe-vlog-kAYBoAZNgAesrfWfA6gH2baxAqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB9XJG6gHpr4bqAeaBqgH89EbqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCB8IgOGAEBABGB8yAqoCOgKAQEi9_cE6WLf-9ZeEkIMDgAoBmAsByAsBgAwBogwgKh4KHOS0sQLutbECtbixAqy6sQLktLEC7rWxAru7sQKqDQJERbATh--xFdATANgTA4gUAdgUAdAVAfgWAYAXAbIYAyIBAA%26ae%3D1%26num%3D1%26cid%3DCAQSTgAvHhf_jRNwqmYwMOxLIS4Raw0YccVbGsumxbcSWYJRnxngVWaka4pOXGKynffJY-TYuTOJ-F5sEDWjuMjPVuaZEl5gGHeDn4oxeYsFxBgB%26sig%3DAOD64_3RBh85FqOqHxlXcrBbTDVoFlpc7g%26client%3Dca-pub-2575916601382163%26dbm_c%3DAKAmf-A6-4p1SB6WcXTAvpJFpF276_QJzTPmJD6t_uV2ul4q2v_cek4IDnXUPOPTwmjpSay_3AIn91xeA_C0qfO34PLPrHr25lknelhp8aLWUt4ic4YLcmI8DippWp9S1OUs7zmyUXk73p-Hvh5Lyi0an0vQFnv2dsHsGfKamUOjC4CsP0xQIt0%26cry%3D1%26dbm_d%3DAKAmf-C2EMMagdx_qoxcEqXtnaHu3vFuAaSD39OxDFLiqax_rohintsTGZFgmLqH0xF0szr8Pat7cLB1_-SRgzGuMRaaM-WWcfj7WtrMcEZ7WIrHxj79fTfikj2Z_rQSjdm6RJjScf691FudO2GJJY96WYVQu-vZ4ZWy3Svly0pPNopCTlRWHWpFRGyJevnMM04-R7SWP7w6shh3-ydGuIsmf539IkThVl28WGS2_-_DMUg3NZFKbwDUgWA5ZjTHdALdgU4r09gP2JxMkDowuLlbi1tuZcWZh3yfD93BRwSXi9noeR4MhhirLucrSSfNAm-TXi13UYq9D-aZQVC218wv3E1fEMcUpdEHRZyHHSEwxSy6TsUsa-lEsjDpcZKj0MPsWsFfsCvitrAdYouWiPvAtU-9APZXLY9d3VnyHa5E46y6AzOkiCewD6xsH3_1zDWyLNOpkACYEoXON7SeXKsfuzx9hMLCT9cCO0uiOyYltC_QoFF1thtZ2QOLK9O1Yn7JbyiL4Lrm%26adurl%3D&documentReferer=https%3A%2F%2Fwww.fifermods.com%2F&ancestorOrigins=https%3A%2F%2Fwww.fifermods.com&random=2329849856581&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.135.164 St. Ingbert, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.164.135.201.138.clients.your-server.de
Software: Apache /
Resource Hash: 0a9e898704ff4341861103adb26e675444ab1764839d44aa516ac37c0d1fd6d9

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Connection: close
Content-Encoding: gzip
Content-Length: 2091
Content-Type: text/html; charset=utf-8
Date: Thu, 14 Dec 2023 23:01:20 GMT
Expires: Thu, 14 Dec 2023 23:01:20 +0100
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Pragma: no-cache
Server: Apache
Vary: Accept-Encoding

GET
H2

200

e99aace94e6e5873881d3400993e1e7e
pv.medialead.de/trck/eview/ Frame 164E
Redirect Chain

https://medialead.de/trck/eview/e99aace94e6e5873881d3400993e1e7e?subid=67793200000114704444550012539015&t=htlp&gdpr=1&consent=1&gdpr_consent=
https://pv.medialead.de/trck/eview/e99aace94e6e5873881d3400993e1e7e?subid=67793200000114704444550012539015&t=htlp&gdpr=1&consent=1&gdpr_consent=

43 B
360 B

17ms
17ms

Image
image/gif

91.121.248.44
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pv.medialead.de/trck/eview/e99aace94e6e5873881d3400993e1e7e?subid=67793200000114704444550012539015&t=htlp&gdpr=1&consent=1&gdpr_consent=
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2575916601382163&output=html&h=90&slotname=8687599108&adk=527282194&adf=2440769997&pi=t.ma~as.8687599108&w=728&lmt=1702594879&format=728x90&url=https%3A%2F%2Fwww.fifermods.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1702594879262&bpp=1&bdt=337&idt=235&shv=r20231207&mjsv=m202312070101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C728x90&nras=1&correlator=5814379461392&frm=20&pv=1&ga_vid=111540019.1702594879&ga_sid=1702594879&ga_hid=2004749650&ga_fc=0&u_tz=60&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=436&ady=3411&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C31079979%2C42532524%2C44785294%2C95320885&oid=2&pvsid=3081681150647098&tmod=667205178&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=3&uci=a!3&btvi=1&fsb=1&dtd=236
Protocol: H2
Server: 91.121.248.44 , France, ASN16276 (OVH, FR),
Reverse DNS: ip44.ip-91-121-248.eu
Software: nginx /
Resource Hash: 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 14 Dec 2023 23:01:20 GMT
attribution-reporting-register-source: {"source_event_id":"17200521800104416","destination":"https://trck.easy-m.de","expiry":5184000,"filter_data":{}}
server: nginx
host: pv.medialead.de
vary: Origin
content-type: image/gif
access-control-allow-origin: *
access-control-expose-headers: X-Request-ID
access-control-allow-credentials: true
content-length: 43
proxy-host: pv.medialead.de

Redirect headers

location: https://pv.medialead.de/trck/eview/e99aace94e6e5873881d3400993e1e7e?subid=67793200000114704444550012539015&t=htlp&gdpr=1&consent=1&gdpr_consent=
date: Thu, 14 Dec 2023 23:01:20 GMT
server: nginx
content-length: 138
content-type: text/html

OPTIONS
H2 204 /
www.googleadservices.com/pagead/ar-adview/ Frame 0
0 80ms
42ms Preflight
text/html 142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept: */*
Access-Control-Request-Headers: attribution-reporting-eligible
Access-Control-Request-Method: GET
Origin: https://googleads.g.doubleclick.net
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: attribution-reporting-eligible
access-control-allow-methods: POST, GET, OPTIONS
access-control-allow-origin: https://googleads.g.doubleclick.net
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
content-type: text/html; charset=UTF-8
date: Thu, 14 Dec 2023 23:01:20 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame 164E 211 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 52fde014f3a6a4d8e0dd67abf26ebf7d75ff02c07aab760669ba48eddbc57d94

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 css
fonts.googleapis.com/ Frame 536C 2 KB
530 B 28ms
27ms Stylesheet
text/css 2a00:1450:4001:81c::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Titillium+Web:400,700

Requested by

Host: hal900015.redintelligence.net
URL: https://hal900015.redintelligence.net/request_content.php?s=67793200000114704444550012539015&a=f484c46c

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

bf5b911ce6645add415b3dbf40d50dc8cda426f38f5300525bf4793c4131b2c2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal900015.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Thu, 14 Dec 2023 23:01:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Thu, 14 Dec 2023 21:43:04 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Thu, 14 Dec 2023 23:01:20 GMT

GET
H/1.1 200
OK /
hal9000.redintelligence.net/scale/ Frame 536C 10 KB
10 KB 21ms
7ms Image
image/png 144.76.91.199
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://hal9000.redintelligence.net/scale/?nw=20&mode=bb&width=62&height=62&url=https://cdn.contentspread.net/24i/advertiser/6383/creativesup/produkte-kredite-privatkredit-mann-auf-pferd-teaser-logout-627x627.jpg
Requested by: Host: hal900015.redintelligence.net
URL: https://hal900015.redintelligence.net/request_content.php?s=67793200000114704444550012539015&a=f484c46c
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 144.76.91.199 Dottingen, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.199.91.76.144.clients.your-server.de
Software: Apache /
Resource Hash: b13b617fecd820f8fddea7983896ec07ff5592de128a501fd9aace3e800b95ea

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal900015.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

Date: Thu, 14 Dec 2023 23:01:20 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 9892
Vary: Accept-Encoding
Content-Type: image/png

GET
H/1.1 200
OK /
hal9000.redintelligence.net/scale/ Frame 536C 9 KB
9 KB 22ms
8ms Image
image/png 144.76.91.199
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://hal9000.redintelligence.net/scale/?nw=20&mode=bb&width=62&height=62&url=https://cdn.contentspread.net/24i/advertiser/30229/creativesup/627x627_Office-Partner.jpg
Requested by: Host: hal900015.redintelligence.net
URL: https://hal900015.redintelligence.net/request_content.php?s=67793200000114704444550012539015&a=f484c46c
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 144.76.91.199 Dottingen, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.199.91.76.144.clients.your-server.de
Software: Apache /
Resource Hash: d098f7ac9bc5de08d91e0b01f9eb9ba01cc6a279a256c9c99568840352ee5dff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal900015.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

Date: Thu, 14 Dec 2023 23:01:20 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 9247
Vary: Accept-Encoding
Content-Type: image/png

GET
H/1.1 200
OK /
hal9000.redintelligence.net/scale/ Frame 536C 7 KB
8 KB 22ms
9ms Image
image/png 144.76.91.199
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://hal9000.redintelligence.net/scale/?nw=20&mode=bb&width=62&height=62&url=https://cdn.contentspread.net/24i/advertiser/55487/creativesup/627x627.jpg
Requested by: Host: hal900015.redintelligence.net
URL: https://hal900015.redintelligence.net/request_content.php?s=67793200000114704444550012539015&a=f484c46c
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 144.76.91.199 Dottingen, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.199.91.76.144.clients.your-server.de
Software: Apache /
Resource Hash: 98137b1ce0730493764b78ed2cdba908bdaa2ae90148674ce875a6f5565ad691

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal900015.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

Date: Thu, 14 Dec 2023 23:01:20 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 7631
Vary: Accept-Encoding
Content-Type: image/png

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame B489 0
20 B 44ms
44ms Image
image/gif 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=44&t=2&bgai=BrlY_P4l7ZevkPN_MjuwP3amjmAgAAAAAOAHgBAI&bg=!V1SlVBvNAAY3kmNgF5I7ADQBe5WfOAKhGRiM5LUvQCGYkhc_8TFTLn11rf2wiGSGDLSeWb5YDymeVPKu0FwQwP0FvQI1AgAAAFlSAAAAAWgBB5kDH1aElQsN-cofj9GX_Ua_tYijPZWV69XWKgfxXQJL4_j6FqBPHxxSTTjAt6MxzEg_qjmO2P-RLMvCZf4UmJ8cFmwnwkDwRK-_TYn0EyAEHPQsHYfCtDhPft2qTQniDmYBWqZKi3wjr8hLiBpN3Z5X3kzfJwHRTTx6_5G3VQGh6r_Ps_W3znR_ooJyiX1kOV9tJJkAO2ATi176sFri70i30mIWGzp3ScXx4ORHhbynRaPVuh9mm7YAZEWplqABIS2VjFQOsxKrHYEcpacszGLVeMK7R1xJP7VuKAP8K8EgCptty3BvAdQK6r7zk7mt67x2NfesPFAWWc7YCM8Fhllvf2WCe3VhzVRACOxKy9aYAX_VBIKVVy_AWXXncALGLXetjM2HsmLCcJH5A6lqTsMysUcICNrnpgzcco8XlaYtOQHO877z9QJQbX3MzE3kgge8l-YqOXxrsHxTr3IuagwfF37L_IkpfSOcz04RDz7LkfpswL8_6VD-nAbxsT1BWiAKfqwqQfUn6IeVlsjMWpXcGq7_Yucb4XgTI0L96L_aV7aRPFTf_B2mjoD87h5WvlrSFgAuOmwBM91Q7pFKNmxwJAs0l1wI2SHXKAoLy8X_k_uK1_LqxJNXoiVyreaRehhDMLoG6asDb0HtAu2HUunwqCAglweh_53dE-o0zbFinClAkTpW7OBFz3ECQfjMkut4wOXP-UqvCaUTZ-hA__SGGWGGfLV2njbrKKam4W7XSGYgA4JmRrUgYZsAdyr9Ew9UaqVfkQTZ4bDqS-fDvo_Dx81DGPBuoZnncxsiQD1ccEWHnSbgpy3GJwimisy7a1KBQmKkc3uF3dq3Q9VajA3kSXSqOEZkQP4nmiRQ6dPIHHrD75h3y4CW7FC_HoGYBvMfv_3YJHI3h37zM1Ty4MH1LEeO0jlcwYXLJ9QRd8DC38uwpFeyoQYPHeB3okhGsBeWQBijj5d4-qXLcCyPFNWFrfQ743ptW32wrixc1t5BqymslJzyfuGTWDcWklbOseqUeBDivALDuDdq2bDmBlbEfj9myuJc1CIxgmoTJfqxMqY

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 14 Dec 2023 23:01:20 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ Frame E033 175 KB
63 KB 53ms
21ms Script
application/javascript 2a00:1450:4001:80f::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-TBMT2SF

Requested by

Host: adv.office-partner.de
URL: https://adv.office-partner.de/?utm_source=webgains&utm_campaign=webgains

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

237e14c9627803414259ff96f1d8541f644158f948d8fa256a9cde3aab3a3c48

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://adv.office-partner.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 14 Dec 2023 23:01:20 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 64123
x-xss-protection: 0
last-modified: Thu, 14 Dec 2023 21:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Thu, 14 Dec 2023 23:01:20 GMT

GET
H/1.1 200
OK viewability Show response
hal900015.redintelligence.net/ Frame 536C 0
150 B 21ms
9ms Script
text/html 138.201.135.164
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal900015.redintelligence.net/viewability?s=67793200000114704444550012539015&a=88dc59c4&vb=m
Requested by: Host: hal900015.redintelligence.net
URL: https://hal900015.redintelligence.net/request_content.php?s=67793200000114704444550012539015&a=f484c46c
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.135.164 St. Ingbert, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.164.135.201.138.clients.your-server.de
Software: Apache /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal900015.redintelligence.net/request_content.php?s=67793200000114704444550012539015&a=f484c46c
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

Date: Thu, 14 Dec 2023 23:01:20 GMT
Server: Apache
Connection: close
Content-Length: 0
Content-Type: text/html; charset=UTF-8

GET
H2 200 ts.js Show response
cdn.retailads.net/ Frame 19E6 5 KB
5 KB 5ms
5ms Script
application/javascript 2a01:4f8:d0a:2321::2
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.retailads.net/ts.js
Requested by: Host: futalis.de
URL: https://futalis.de/htlp?utm_medium=affiliate&utm_source=retailads&utm_campaign=150337&ra_id=3386922984
Protocol: H2
Security: TLS 1.3, , CHACHA20_POLY1305
Server: 2a01:4f8:d0a:2321::2 Ulm, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
Software: Apache /
Resource Hash: 525e7c89461afb3f73ea7030fbceba4f9e9383570159926acee637b4f86b8148

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://futalis.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 14 Dec 2023 23:01:20 GMT
last-modified: Wed, 05 Apr 2023 20:14:46 GMT
server: Apache
etag: "1416-5f89c717cdc2f"
content-type: application/javascript
xphp81: true
accept-ranges: bytes
content-length: 5142

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ Frame E033 274 KB
91 KB 21ms
21ms Script
application/javascript 2a00:1450:4001:80f::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-Q7C756EV6G&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-TBMT2SF

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

5f47c7cd242246e5c38acfeb90fc3191dd9d95a7903ec6757cb358f933bd81a1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://adv.office-partner.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 14 Dec 2023 23:01:20 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 93096
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Thu, 14 Dec 2023 23:01:20 GMT

GET
H2 200 pvClk.min.js Show response
analytics.webgains.io/ Frame 164E 53 KB
19 KB 98ms
46ms Script
application/javascript 18.66.2.29
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.webgains.io/pvClk.min.js
Requested by: Host: track.webgains.com
URL: https://track.webgains.com/link.html?wglinkid=498343&wgcampaignid=99582&js=1&viewref=67793200000114704444550012539015&nw=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.2.29 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-2-29.txl50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: fbc6bed540723f219a878e5735ae8cb1c05aa9f7012bf21870cd79e41af25bcd

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 14 Dec 2023 06:03:32 GMT
content-encoding: gzip
via: 1.1 a966c6e25db0d10ed8111bf0f786dbc6.cloudfront.net (CloudFront)
last-modified: Sat, 09 Dec 2023 12:01:22 GMT
server: AmazonS3
x-amz-cf-pop: TXL50-P1
age: 75750
x-amz-server-side-encryption: AES256
etag: W/"1180a1bfee0aad979766ecd6180b923e"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
x-amz-cf-id: SKtb1MuRQ4LrGBMIGk0pBsh9zNAOjiLRcu9L_-aKTvlCA-m4MDnUkg==

GET
H2 200 1x1.gif
cdn.track.production.webgains.team/7121/ Frame 164E 85 B
447 B 51ms
16ms Image
image/gif 99.84.146.86
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.track.production.webgains.team/7121/1x1.gif?Expires=1702595180&Signature=fnTUPUeOO2D68-Jj1GVpzwo7jQRnYvn8004ysEdeJzUDT~9YlnBmQqtyc8~da1dtCsOYslfRdal4hA1M8FvcdXMLPBijgLDpzjWKK2VySgUrqJnhS0KKDsU9I1hfbDsDiD4~qAlBLe1Hk0-rLoUXO-ogPJZXqiMmZpjPGqUNwNw1SzA0o8PRAciUUYf29oQ519UFc8pkitma9-vWWK2Tre0AGYAx5GBzUWUnRpIkSB8JlfjVsef~3bITKKXIo~~iFNOT29b696P2Ci9LRUafT2Pv8GttGdCLRAPGQHDxpwqb5aiKKc1XlIZtjyjxUVzqHsbRCfAfI2TepE7cVlC6~A__&Key-Pair-Id=K28VXAGA7VWE0O
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2575916601382163&output=html&h=90&slotname=8687599108&adk=527282194&adf=2440769997&pi=t.ma~as.8687599108&w=728&lmt=1702594879&format=728x90&url=https%3A%2F%2Fwww.fifermods.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1702594879262&bpp=1&bdt=337&idt=235&shv=r20231207&mjsv=m202312070101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C728x90&nras=1&correlator=5814379461392&frm=20&pv=1&ga_vid=111540019.1702594879&ga_sid=1702594879&ga_hid=2004749650&ga_fc=0&u_tz=60&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=436&ady=3411&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C31079979%2C42532524%2C44785294%2C95320885&oid=2&pvsid=3081681150647098&tmod=667205178&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=3&uci=a!3&btvi=1&fsb=1&dtd=236
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.84.146.86 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-84-146-86.txl52.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 08409d08d8d118c6c6d1c375e079bfce656ac367ff4d1dd9551fff110033c185

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

x-amz-version-id: null
date: Thu, 14 Dec 2023 19:34:04 GMT
via: 1.1 a57d5819527c444e16b1875e3bd28970.cloudfront.net (CloudFront)
last-modified: Fri, 06 May 2022 11:40:06 GMT
server: AmazonS3
x-amz-cf-pop: TXL52-C1
age: 36777
etag: "70af33d70b6810475aae19743c8c435b"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: image/gif
accept-ranges: bytes
content-length: 85
x-amz-cf-id: 4yn498GTKSQ98o0q2rEBHN6h2qbCatfjRwVJ5pVKa0tFHvWxcavOEQ==

GET
H3 200 reactive_library_fy2021.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202312070101/ 160 KB
55 KB 62ms
62ms Script
text/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202312070101/reactive_library_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

2f7a17059bf4dee5dccdeea7dd5674c8d825c757224998bc1537036d1e6bed3b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.fifermods.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 14 Dec 2023 23:01:20 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 56007
x-xss-protection: 0
server: cafe
etag: 2520813889478468389
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=1209600
timing-allow-origin: *
expires: Thu, 14 Dec 2023 23:01:20 GMT

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame D246 436 B
233 B 375ms
375ms Document
text/html 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2575916601382163&output=html&h=280&adk=3088186576&adf=1409212968&pi=t.aa~a.3354524715~rp.4&w=1200&fwrn=4&fwrnh=100&lmt=1702594880&rafmt=1&to=qs&pwprc=4191673006&format=1200x280&url=https%3A%2F%2Fwww.fifermods.com%2F&ea=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1702594880397&bpp=1&bdt=1472&idt=0&shv=r20231207&mjsv=m202312070101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D4ea1f9560c3741e1%3AT%3D1702594879%3ART%3D1702594879%3AS%3DALNI_MbM6YwTtaHarXXe78PDIwZu7vQP5w&gpic=UID%3D00000d1a4512dd46%3AT%3D1702594879%3ART%3D1702594879%3AS%3DALNI_MZjcAkBM7e5ItjOsjRW_1-8BujGuQ&prev_fmts=0x0%2C728x90%2C728x90%2C728x90&nras=2&correlator=5814379461392&frm=20&pv=1&ga_vid=111540019.1702594879&ga_sid=1702594879&ga_hid=2004749650&ga_fc=0&u_tz=60&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=1717&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C31079979%2C42532524%2C44785294%2C95320885&oid=2&psts=AOrYGskwPjGkbrx8u76LR6VuCTcSQWYsnJ3QfxEoyOjCx21NeLyfOqa9RttAJsVLwsCKF295N_NLansQ_cwLO74G4_aqlGJO%2CAOrYGslco8A4oWdFkubx1hb7S8AJtDBv0TUmktibaT8GulVtKiCm9t-K2R_cedv4LXgupErhVQcvPrsK-15ZmN-3KzlBRwjMXuDVNEgqZes%2CAOrYGskZyFFV7uJF6NfSVoFREk5CEX6qd5ZzcM1RT8kYWHFAuDf6fDDu-MOTQiS7dpzwY4PLfhJ3AbFgOu_TQ1Kg0A4C-kGB&pvsid=3081681150647098&tmod=667205178&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=5&uci=a!5&btvi=2&fsb=1&dtd=2

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

533a2529f8baafc9116309b0a70f1cddae9d0edd13d5b5fc38d2a1997526e9de

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.fifermods.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: br
content-length: 212
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 14 Dec 2023 23:01:20 GMT
observe-browsing-topics: ?1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 dc_pre=COaXqJiEkIMDFftdkQUdrOsEbQ;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=3149357723691.3286
adservice.google.com/ddm/fls/z/ Frame 4A90 42 B
401 B 112ms
46ms Image
image/gif 2a00:1450:4001:81c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://adservice.google.com/ddm/fls/z/dc_pre=COaXqJiEkIMDFftdkQUdrOsEbQ;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=3149357723691.3286

Requested by

Host: 5994599.fls.doubleclick.net
URL: https://5994599.fls.doubleclick.net/activityi;dc_pre=COaXqJiEkIMDFftdkQUdrOsEbQ;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=3149357723691.3286?

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://5994599.fls.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 14 Dec 2023 23:01:20 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 zrt_lookup_fy2021.html Show response
googleads.g.doubleclick.net/pagead/html/r20231207/r20110914/ Frame 4025 9 KB
4 KB 7ms
7ms Document
text/html 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20231207/r20110914/zrt_lookup_fy2021.html?fsb=1

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

1fc8dfdb8f646e934bf93bc6f793604bb12c6b304c04ac509aa86cdc1a2dbbea

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.fifermods.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 67453
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4130
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 14 Dec 2023 04:17:07 GMT
etag: 5585625838579639069
expires: Thu, 28 Dec 2023 04:17:07 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 zrt_lookup_fy2021.html Show response
googleads.g.doubleclick.net/pagead/html/r20231207/r20110914/ Frame 5A1A 9 KB
4 KB 7ms
6ms Document
text/html 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20231207/r20110914/zrt_lookup_fy2021.html?fsb=1

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

1fc8dfdb8f646e934bf93bc6f793604bb12c6b304c04ac509aa86cdc1a2dbbea

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.fifermods.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 67453
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4130
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 14 Dec 2023 04:17:07 GMT
etag: 5585625838579639069
expires: Thu, 28 Dec 2023 04:17:07 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 zrt_lookup_fy2021.html Show response
googleads.g.doubleclick.net/pagead/html/r20231207/r20110914/ Frame 509B 9 KB
4 KB 7ms
6ms Document
text/html 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20231207/r20110914/zrt_lookup_fy2021.html?fsb=1

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

1fc8dfdb8f646e934bf93bc6f793604bb12c6b304c04ac509aa86cdc1a2dbbea

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.fifermods.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 67453
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4130
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 14 Dec 2023 04:17:07 GMT
etag: 5585625838579639069
expires: Thu, 28 Dec 2023 04:17:07 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 zrt_lookup_fy2021.html Show response
googleads.g.doubleclick.net/pagead/html/r20231207/r20110914/ Frame 68E7 9 KB
4 KB 8ms
8ms Document
text/html 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20231207/r20110914/zrt_lookup_fy2021.html?fsb=1

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

1fc8dfdb8f646e934bf93bc6f793604bb12c6b304c04ac509aa86cdc1a2dbbea

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.fifermods.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 67453
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4130
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 14 Dec 2023 04:17:07 GMT
etag: 5585625838579639069
expires: Thu, 28 Dec 2023 04:17:07 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 css2
fonts.googleapis.com/ Frame 4025 4 KB
671 B 28ms
28ms Stylesheet
text/css 2a00:1450:4001:81c::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Roboto:wght@400;700&display=swap

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231207/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

2d0922bd18f06df3c7413fcd6a3f1c5ec9545b4b07b131e362f30df7275fc058

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Thu, 14 Dec 2023 23:01:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Thu, 14 Dec 2023 21:50:48 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Thu, 14 Dec 2023 23:01:20 GMT

GET
H2 200 feedback_grey600_24dp.png
www.gstatic.com/images/icons/material/system/2x/ Frame 4025 205 B
520 B 8ms
7ms Image
image/png 2a00:1450:4001:831::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gstatic.com/images/icons/material/system/2x/feedback_grey600_24dp.png

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231207/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4d45982f2dc34f36c9045ee46a75a1943666bb7fd64e103cac8c7429e7012840

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Tue, 12 Dec 2023 08:54:46 GMT
x-content-type-options: nosniff
age: 223594
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 205
x-xss-protection: 0
last-modified: Thu, 20 Jul 2023 22:48:00 GMT
server: sffe
vary: Origin
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type: image/png
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
expires: Wed, 11 Dec 2024 08:54:46 GMT

GET
H2 200 settings_grey600_24dp.png
www.gstatic.com/images/icons/material/system/2x/ Frame 4025 604 B
696 B 9ms
8ms Image
image/png 2a00:1450:4001:831::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gstatic.com/images/icons/material/system/2x/settings_grey600_24dp.png

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231207/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5c4a713ee4250851232be9f9f68d41586be39b299528cfc7266e0b0e7e582e1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Tue, 12 Dec 2023 02:54:34 GMT
x-content-type-options: nosniff
age: 245206
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 604
x-xss-protection: 0
last-modified: Thu, 20 Jul 2023 22:48:00 GMT
server: sffe
vary: Origin
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type: image/png
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
expires: Wed, 11 Dec 2024 02:54:34 GMT

GET
H3 200 fullscreen_api_adapter_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231207/r20110914/elements/html/ Frame 4025 16 KB
7 KB 11ms
10ms Script
text/javascript 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231207/r20110914/elements/html/fullscreen_api_adapter_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231207/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

41b43f64c3e5d7f9eca80634429adb1b8e0a1c5e1fe67ad71ec651a991ebfe68

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 14 Dec 2023 01:54:43 GMT
content-encoding: br
x-content-type-options: nosniff
age: 75997
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6766
x-xss-protection: 0
server: cafe
etag: 14924840246271906451
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 28 Dec 2023 01:54:43 GMT

GET
H3 200 interstitial_ad_frame_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231207/r20110914/elements/html/ Frame 4025 22 KB
9 KB 10ms
9ms Script
text/javascript 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231207/r20110914/elements/html/interstitial_ad_frame_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231207/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

db2bdaad0dc9232fadb3de900bf039a0f356521698f213df1edf601e02a5870d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 14 Dec 2023 02:16:55 GMT
content-encoding: br
x-content-type-options: nosniff
age: 74665
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9210
x-xss-protection: 0
server: cafe
etag: 13914886398874665762
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 28 Dec 2023 02:16:55 GMT

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 4FB0 624 B
245 B 47ms
47ms Document
text/html 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxitm7vGATAB&v=APEucNVCbmTW4nJ6pInqBr9ZkcdhX0NDZ7I7SIJCToI_5TDBuM0svRJsntSy9B9CLsCLofZqwOBKh1LCd_Hh4EHr0hgfMaBFp_scBk70P1gS4oxqZyvjgkCsCaVoz7Zyx7bPZihLocylrDPloYwlH65bUIjm76k_aO39lpsh4Sb3fg83dwttSqw

Requested by

Host: www.fifermods.com
URL: https://www.fifermods.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/html/r20231207/r20110914/zrt_lookup_fy2021.html?fsb=1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 222
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 14 Dec 2023 23:01:20 GMT
expires: Thu, 14 Dec 2023 23:01:20 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 dv3.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame 42DD 89 KB
31 KB 86ms
86ms Script
text/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/dv3.js

Requested by

Host: www.fifermods.com
URL: https://www.fifermods.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

38eb0379c855f10a0e69073af6b54582216fa37b7e2b1563a1246bbf1ef49642

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 14 Dec 2023 23:01:20 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 31485
x-xss-protection: 0
server: cafe
etag: 7119415641918660631
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=600
timing-allow-origin: *
expires: Thu, 14 Dec 2023 23:01:20 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231207/r20110914/client/ Frame 42DD 3 KB
1 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231207/r20110914/client/window_focus_fy2021.js

Requested by

Host: www.fifermods.com
URL: https://www.fifermods.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 14 Dec 2023 08:48:30 GMT
content-encoding: br
x-content-type-options: nosniff
age: 51170
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 28 Dec 2023 08:48:30 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231207/r20110914/client/ Frame 42DD 20 KB
8 KB 10ms
9ms Script
text/javascript 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231207/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: www.fifermods.com
URL: https://www.fifermods.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8d6679c1ce1ac8605f5c410f30d1b06713479732043b75e81130cbe21b60e579

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 14 Dec 2023 01:54:19 GMT
content-encoding: br
x-content-type-options: nosniff
age: 76021
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8571
x-xss-protection: 0
server: cafe
etag: 5853369240893788875
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 28 Dec 2023 01:54:19 GMT

GET
H3 200 ufs_web_display.js Show response
www.googletagservices.com/activeview/js/current/ Frame 42DD 203 KB
64 KB 49ms
48ms Script
text/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Requested by

Host: www.fifermods.com
URL: https://www.fifermods.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

566012676f5d43acfea4dc0bc5d9bb2c0805d8775fcdd081b1c895310956829a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 14 Dec 2023 23:01:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 65731
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1702472459035717"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 14 Dec 2023 23:01:20 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 42DD 42 B
63 B 42ms
41ms Image
image/gif 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-D5m2KjcO6w7fw4AvIgGHbFxmzft8VHU9Tep0fiHQQQZ0ghn_5KOj43Lf3iU1FjjNb1w5hBJtlVaPutHrYy8diy4u15QDbpRdJI8fT7Eu6qTgvWYW4

Requested by

Host: www.fifermods.com
URL: https://www.fifermods.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 14 Dec 2023 23:01:20 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame DD23 640 B
265 B 53ms
50ms Document
text/html 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxitm7vGATAB&v=APEucNUL5Ism1_VpfSXb-zJJJPMP5cIvAhvU0TR5S-ZAYYNJ_8N2lO8fEg0sgFyf5RaWSa1r8awFd0ZI7Amc5iVVcaj5s1Eut5UKZrd2fwMdhTvuLzxpc1oNM7e5cIfrmltk-074B4_0Tpl-9Ty8bOjV9YgIxFOQkQiYNA4azBt8YRYhO2kIAMg

Requested by

Host: www.fifermods.com
URL: https://www.fifermods.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d0e8821e889280c3b745b859e6b3971924723a4562bac65ba8aa0fe44bfc83b2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/html/r20231207/r20110914/zrt_lookup_fy2021.html?fsb=1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 242
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 14 Dec 2023 23:01:20 GMT
expires: Thu, 14 Dec 2023 23:01:20 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 dv3.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame 51EC 89 KB
31 KB 181ms
179ms Script
text/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/dv3.js

Requested by

Host: www.fifermods.com
URL: https://www.fifermods.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

38eb0379c855f10a0e69073af6b54582216fa37b7e2b1563a1246bbf1ef49642

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 14 Dec 2023 23:01:20 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 31485
x-xss-protection: 0
server: cafe
etag: 7119415641918660631
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=600
timing-allow-origin: *
expires: Thu, 14 Dec 2023 23:01:20 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231207/r20110914/client/ Frame 51EC 3 KB
1 KB 8ms
6ms Script
text/javascript 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231207/r20110914/client/window_focus_fy2021.js

Requested by

Host: www.fifermods.com
URL: https://www.fifermods.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 14 Dec 2023 08:48:30 GMT
content-encoding: br
x-content-type-options: nosniff
age: 51170
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 28 Dec 2023 08:48:30 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231207/r20110914/client/ Frame 51EC 20 KB
8 KB 10ms
8ms Script
text/javascript 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231207/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: www.fifermods.com
URL: https://www.fifermods.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8d6679c1ce1ac8605f5c410f30d1b06713479732043b75e81130cbe21b60e579

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 14 Dec 2023 01:54:19 GMT
content-encoding: br
x-content-type-options: nosniff
age: 76021
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8571
x-xss-protection: 0
server: cafe
etag: 5853369240893788875
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 28 Dec 2023 01:54:19 GMT

GET
H3 200 ufs_web_display.js Show response
www.googletagservices.com/activeview/js/current/ Frame 51EC 203 KB
64 KB 63ms
61ms Script
text/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Requested by

Host: www.fifermods.com
URL: https://www.fifermods.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

566012676f5d43acfea4dc0bc5d9bb2c0805d8775fcdd081b1c895310956829a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 14 Dec 2023 23:01:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 65731
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1702472459035717"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 14 Dec 2023 23:01:20 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 51EC 42 B
63 B 46ms
44ms Image
image/gif 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-D8dE1vFhrp44wQjwK_O8ajtv62B0D6kMLJNiGAEbR85eBFAdupKEuZ5Q5Qw_dhdPl4YCpw31ZFKUoAB5t629l8OSVuC0rFp8CcFk7k_0M_8altRT0

Requested by

Host: www.fifermods.com
URL: https://www.fifermods.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 14 Dec 2023 23:01:20 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231207/r20110914/ Frame 68E7 24 KB
9 KB 8ms
6ms Script
text/javascript 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231207/r20110914/abg_lite_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231207/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c8fffb0b438b7f9403ccd47fddc2de355f2f685fe2f59ac9d4c15f82854d79b1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 14 Dec 2023 23:00:17 GMT
content-encoding: br
x-content-type-options: nosniff
age: 63
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9318
x-xss-protection: 0
server: cafe
etag: 3562968281324141506
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 28 Dec 2023 23:00:17 GMT

GET
H3 200 css
fonts.googleapis.com/ Frame 68E7 8 KB
750 B 43ms
42ms Stylesheet
text/css 2a00:1450:4001:81c::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto:700,500,400,300

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231207/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

98d2e3edd14aa506c4521125c7cdb7bb3030d7caae5803feec6d2613195ee955

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Thu, 14 Dec 2023 23:01:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Thu, 14 Dec 2023 21:49:21 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Thu, 14 Dec 2023 23:01:20 GMT

GET
H2 200 outstream.min.css
imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20231113_RC00/ Frame 68E7 15 KB
3 KB 52ms
7ms Stylesheet
text/css 2a00:1450:4001:808::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20231113_RC00/outstream.min.css

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231207/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

29c99771c81466150d55d307a9b0e12cfdab8240a9c65a80b764c1d58965406f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Tue, 12 Dec 2023 03:05:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 244526
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2920
x-xss-protection: 0
last-modified: Mon, 13 Nov 2023 11:34:13 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-doubleclick-instream-static"
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
content-type: text/css
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 11 Dec 2024 03:05:54 GMT

GET
H2 200 outstream.min.js Show response
imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20231113_RC00/ Frame 68E7 376 KB
131 KB 53ms
8ms Script
text/javascript 2a00:1450:4001:808::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20231113_RC00/outstream.min.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231207/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

28c5732eefa979245ff326045f37b6b7cdfc92385c594caea33e265e4a066c7b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Mon, 11 Dec 2023 13:38:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 292942
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 133672
x-xss-protection: 0
last-modified: Mon, 13 Nov 2023 11:34:13 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-doubleclick-instream-static"
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 10 Dec 2024 13:38:58 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231207/r20110914/client/ Frame 68E7 20 KB
8 KB 9ms
8ms Script
text/javascript 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231207/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231207/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8d6679c1ce1ac8605f5c410f30d1b06713479732043b75e81130cbe21b60e579

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 14 Dec 2023 01:54:19 GMT
content-encoding: br
x-content-type-options: nosniff
age: 76021
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8571
x-xss-protection: 0
server: cafe
etag: 5853369240893788875
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 28 Dec 2023 01:54:19 GMT

GET
H3 200 css
fonts.googleapis.com/ Frame 7462 14 KB
1 KB 93ms
93ms Stylesheet
text/css 2a00:1450:4001:81c::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231207/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

aade7746342f608807b7eb107059c842fe200e1ff09e146db822250055cecaed

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Thu, 14 Dec 2023 23:01:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Thu, 14 Dec 2023 21:45:47 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Thu, 14 Dec 2023 23:01:20 GMT

GET
H3 200 load_preloaded_resource_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231207/r20110914/client/ Frame 7462 2 KB
822 B 7ms
7ms Script
text/javascript 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231207/r20110914/client/load_preloaded_resource_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231207/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

41d2526e9c4595fc1fc747555bda18a041033a863a9b2ed180e7b5836918facd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 14 Dec 2023 01:54:19 GMT
content-encoding: br
x-content-type-options: nosniff
age: 76021
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 795
x-xss-protection: 0
server: cafe
etag: 4925184154378345226
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 28 Dec 2023 01:54:19 GMT

GET
H3 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231207/r20110914/ Frame 7462 24 KB
9 KB 8ms
8ms Script
text/javascript 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231207/r20110914/abg_lite_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231207/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c8fffb0b438b7f9403ccd47fddc2de355f2f685fe2f59ac9d4c15f82854d79b1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 14 Dec 2023 23:00:17 GMT
content-encoding: br
x-content-type-options: nosniff
age: 63
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9318
x-xss-protection: 0
server: cafe
etag: 3562968281324141506
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 28 Dec 2023 23:00:17 GMT

GET
H3 200 s Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 56C5 143 B
166 B 11ms
11ms Document
text/html 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231207/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/html/r20231207/r20110914/zrt_lookup_fy2021.html?fsb=1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 1902
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=3600
content-encoding: gzip
content-length: 145
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 14 Dec 2023 22:29:38 GMT
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231207/r20110914/client/ Frame 7462 3 KB
1 KB 9ms
9ms Script
text/javascript 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231207/r20110914/client/window_focus_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231207/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 14 Dec 2023 08:48:30 GMT
content-encoding: br
x-content-type-options: nosniff
age: 51170
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 28 Dec 2023 08:48:30 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231207/r20110914/client/ Frame 7462 20 KB
8 KB 11ms
10ms Script
text/javascript 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231207/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231207/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8d6679c1ce1ac8605f5c410f30d1b06713479732043b75e81130cbe21b60e579

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 14 Dec 2023 01:54:19 GMT
content-encoding: br
x-content-type-options: nosniff
age: 76021
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8571
x-xss-protection: 0
server: cafe
etag: 5853369240893788875
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 28 Dec 2023 01:54:19 GMT

GET
H3 200 ufs_web_display.js Show response
www.googletagservices.com/activeview/js/current/ Frame 7462 203 KB
64 KB 47ms
46ms Script
text/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231207/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

566012676f5d43acfea4dc0bc5d9bb2c0805d8775fcdd081b1c895310956829a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 14 Dec 2023 23:01:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 65731
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1702472459035717"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 14 Dec 2023 23:01:20 GMT

GET
H3 200 f9d9b65dbd646119ce96bad0f484d579.js Show response
www.gstatic.com/mysidia/ Frame 7462 37 KB
15 KB 13ms
13ms Script
text/javascript 2a00:1450:4001:831::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/f9d9b65dbd646119ce96bad0f484d579.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231207/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

457852000f1b85c1d570224fe5aaacc709625fc3bff458ad4e8a35420d21843d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Mon, 11 Dec 2023 13:56:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 291877
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15460
x-xss-protection: 0
last-modified: Thu, 07 Dec 2023 22:13:01 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Sun, 10 Mar 2024 13:56:43 GMT

GET
H3

200

rum
dsum-sec.casalemedia.com/ Frame 4FB0
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEJSzsbemwos7f02XKktSP8M&google_cver=1

43 B
734 B

20ms
20ms

Image
image/gif

104.18.36.155
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEJSzsbemwos7f02XKktSP8M&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxitm7vGATAB&v=APEucNVCbmTW4nJ6pInqBr9ZkcdhX0NDZ7I7SIJCToI_5TDBuM0svRJsntSy9B9CLsCLofZqwOBKh1LCd_Hh4EHr0hgfMaBFp_scBk70P1gS4oxqZyvjgkCsCaVoz7Zyx7bPZihLocylrDPloYwlH65bUIjm76k_aO39lpsh4Sb3fg83dwttSqw
Protocol: H3
Server: 104.18.36.155 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 14 Dec 2023 23:01:20 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=sKlDwG3szZPYMoShp6BDf6biaIvD8kz1CZbzgFAH860aL3xZnyn7JhCSOLdF7FJYhoy2ePzsfC%2F45If5oZ%2FOBOikUrLv2Oyulkc%2F%2Fxz5tPRRj0JW7c4eIBh%2Fc4CqSGufthiR3FZdPiFrVg%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type: image/gif
cache-control: no-cache
cf-ray: 835a11740d0f1c60-FRA
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

pragma: no-cache
date: Thu, 14 Dec 2023 23:01:20 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEJSzsbemwos7f02XKktSP8M&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

rum
dsum-sec.casalemedia.com/ Frame 4FB0
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZXuJPyWG6jtAxPreJfweIQAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEJSzsbemwos7f02XKktSP8M&google_cver=1

43 B
732 B

27ms
27ms

Image
image/gif

104.18.36.155
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEJSzsbemwos7f02XKktSP8M&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxitm7vGATAB&v=APEucNVCbmTW4nJ6pInqBr9ZkcdhX0NDZ7I7SIJCToI_5TDBuM0svRJsntSy9B9CLsCLofZqwOBKh1LCd_Hh4EHr0hgfMaBFp_scBk70P1gS4oxqZyvjgkCsCaVoz7Zyx7bPZihLocylrDPloYwlH65bUIjm76k_aO39lpsh4Sb3fg83dwttSqw
Protocol: H3
Server: 104.18.36.155 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 14 Dec 2023 23:01:20 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qvkGmnM21dSTAZx6xFdSN7rqSszz2F%2F6gbzmutLfQDSzkUaFoZFzN7fFh%2FkWfO4vylTpHdV28oefdpfbqZXOmw4%2BVOkiU7kOGBqaS85d7owRPUDUt6eKVl5tZJCtSDmPI88x01eLPedfKA%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type: image/gif
cache-control: no-cache
cf-ray: 835a11742d1f1c60-FRA
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

pragma: no-cache
date: Thu, 14 Dec 2023 23:01:20 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEJSzsbemwos7f02XKktSP8M&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

setuid
ib.adnxs.com/ Frame 4FB0
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESELd63qdH9mGBtsmuFdsI43Y&google_cver=1

43 B
841 B

14ms
14ms

Image
image/gif

185.89.210.141
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/setuid?entity=101&code=CAESELd63qdH9mGBtsmuFdsI43Y&google_cver=1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxitm7vGATAB&v=APEucNVCbmTW4nJ6pInqBr9ZkcdhX0NDZ7I7SIJCToI_5TDBuM0svRJsntSy9B9CLsCLofZqwOBKh1LCd_Hh4EHr0hgfMaBFp_scBk70P1gS4oxqZyvjgkCsCaVoz7Zyx7bPZihLocylrDPloYwlH65bUIjm76k_aO39lpsh4Sb3fg83dwttSqw

Protocol

Server

185.89.210.141 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

950.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

Software

nginx/1.23.4 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 14 Dec 2023 23:01:20 GMT
an-x-request-uuid: d58e14a9-e5b2-44e7-b436-6f26b470b0a0
server: nginx/1.23.4
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: image/gif
cache-control: no-store, no-cache, private
x-proxy-origin: 80.255.10.201; 80.255.10.201; 950.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
content-length: 43
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 14 Dec 2023 23:01:20 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://ib.adnxs.com/setuid?entity=101&code=CAESELd63qdH9mGBtsmuFdsI43Y&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 290
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 4FB0
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=ODYzNTQ2MDA4MzQwOTI4NjM5MA%3D%3D

170 B
188 B

281ms
281ms

Image
image/png

142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=ODYzNTQ2MDA4MzQwOTI4NjM5MA%3D%3D

Requested by

Protocol

Server

142.250.184.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 14 Dec 2023 23:01:20 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 14 Dec 2023 23:01:20 GMT
an-x-request-uuid: 1cc30527-fc7c-4765-9d15-2978af0832d0
server: nginx/1.23.4
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: text/html; charset=utf-8
access-control-allow-origin: *
cache-control: no-store, no-cache, private
access-control-allow-credentials: true
location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=ODYzNTQ2MDA4MzQwOTI4NjM5MA%3D%3D
x-proxy-origin: 80.255.10.201; 80.255.10.201; 950.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
content-length: 0
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2

200

sd
us-u.openx.net/w/1.0/ Frame DD23
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_dbm
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEAnL1RarxFV2U6Azi21_-xA&google_cver=1

43 B
105 B

28ms
28ms

Image
image/gif

35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEAnL1RarxFV2U6Azi21_-xA&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxitm7vGATAB&v=APEucNUL5Ism1_VpfSXb-zJJJPMP5cIvAhvU0TR5S-ZAYYNJ_8N2lO8fEg0sgFyf5RaWSa1r8awFd0ZI7Amc5iVVcaj5s1Eut5UKZrd2fwMdhTvuLzxpc1oNM7e5cIfrmltk-074B4_0Tpl-9Ty8bOjV9YgIxFOQkQiYNA4azBt8YRYhO2kIAMg
Protocol: H2
Server: 35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/0.0.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 14 Dec 2023 23:01:20 GMT
via: 1.1 google
server: OXGW/0.0.0
vary: Accept
content-type: image/gif
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 14 Dec 2023 23:01:20 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEAnL1RarxFV2U6Azi21_-xA&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 295
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 cm
us-u.openx.net/w/1.0/ Frame DD23 43 B
295 B 54ms
30ms Image
image/gif 35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://us-u.openx.net/w/1.0/cm?id=9ca165a9-d9fe-2ff6-d83d-d145a80b0d37&r=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dopenx%26google_hm%3D%7Bopenx_uuid_base64%7D
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxitm7vGATAB&v=APEucNUL5Ism1_VpfSXb-zJJJPMP5cIvAhvU0TR5S-ZAYYNJ_8N2lO8fEg0sgFyf5RaWSa1r8awFd0ZI7Amc5iVVcaj5s1Eut5UKZrd2fwMdhTvuLzxpc1oNM7e5cIfrmltk-074B4_0Tpl-9Ty8bOjV9YgIxFOQkQiYNA4azBt8YRYhO2kIAMg
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/0.0.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 14 Dec 2023 23:01:20 GMT
content-encoding: gzip
via: 1.1 google
server: OXGW/0.0.0
vary: Accept, Accept-Encoding
content-type: image/gif
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 56
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H2

200

um
sync.teads.tv/ Frame DD23
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=teadstv_dbm&google_cm&google_dbm
https://sync.teads.tv/um?eid=3&uid=CAESEIsvrs11V8baZPUtrKFJ6Nk&google_cver=1

23 B
163 B

76ms
52ms

Image
image/gif

2.19.217.101
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.teads.tv/um?eid=3&uid=CAESEIsvrs11V8baZPUtrKFJ6Nk&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxitm7vGATAB&v=APEucNUL5Ism1_VpfSXb-zJJJPMP5cIvAhvU0TR5S-ZAYYNJ_8N2lO8fEg0sgFyf5RaWSa1r8awFd0ZI7Amc5iVVcaj5s1Eut5UKZrd2fwMdhTvuLzxpc1oNM7e5cIfrmltk-074B4_0Tpl-9Ty8bOjV9YgIxFOQkQiYNA4azBt8YRYhO2kIAMg
Protocol: H2
Server: 2.19.217.101 Prague, Czech Republic, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-19-217-101.deploy.static.akamaitechnologies.com
Software: pekko-http/1.0.0 /
Resource Hash: 328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

expires: Thu, 14 Dec 2023 23:01:20 GMT
pragma: no-cache
date: Thu, 14 Dec 2023 23:01:20 GMT
cache-control: max-age=0, no-cache, no-store
server: pekko-http/1.0.0
content-length: 23
content-type: image/gif

Redirect headers

pragma: no-cache
date: Thu, 14 Dec 2023 23:01:20 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://sync.teads.tv/um?eid=3&uid=CAESEIsvrs11V8baZPUtrKFJ6Nk&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 281
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 um
sync.teads.tv/ Frame DD23 23 B
163 B 107ms
52ms Image
image/gif 2.19.217.101
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.teads.tv/um?eid=3&uid=&fb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dteadstv_dbm%26google_hm%3D%5BVID_B64%5D
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxitm7vGATAB&v=APEucNUL5Ism1_VpfSXb-zJJJPMP5cIvAhvU0TR5S-ZAYYNJ_8N2lO8fEg0sgFyf5RaWSa1r8awFd0ZI7Amc5iVVcaj5s1Eut5UKZrd2fwMdhTvuLzxpc1oNM7e5cIfrmltk-074B4_0Tpl-9Ty8bOjV9YgIxFOQkQiYNA4azBt8YRYhO2kIAMg
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2.19.217.101 Prague, Czech Republic, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-19-217-101.deploy.static.akamaitechnologies.com
Software: pekko-http/1.0.0 /
Resource Hash: 328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

expires: Thu, 14 Dec 2023 23:01:20 GMT
pragma: no-cache
date: Thu, 14 Dec 2023 23:01:20 GMT
cache-control: max-age=0, no-cache, no-store
server: pekko-http/1.0.0
content-length: 23
content-type: image/gif

GET
H3

200

si Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 56C5
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

0
17 B

29ms
29ms

Document
text/html

2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231207/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 14 Dec 2023 23:01:20 GMT
expires: Thu, 14 Dec 2023 23:01:20 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
x-content-type-options: nosniff
x-xss-protection: 0

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 14 Dec 2023 23:01:20 GMT
location: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 42DD 0
20 B 41ms
41ms Ping
image/gif 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=running&ord=911994977023&version=m202309260101

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 14 Dec 2023 23:01:20 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 42DD 0
20 B 41ms
41ms Ping
image/gif 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tlbr&ord=911994977023&version=m202309260101&ct=77&x=1&cor=14819518812473008000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 14 Dec 2023 23:01:20 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 42DD 20 KB
14 KB 193ms
192ms Script
text/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-CsPwOTIVIA3OgePNx7dg513ComPcROqfRh3u7t6fvMANSBZFRhz0ZZyl199HM6ObwvgR2fD3E8XbsLZoFzX4u46ynmZ0gFjIUJR0tp-WJPt8cUmgofC_il_ZmJmOaQ3Dinqfk2lpXdRU4Sr1zJQwSyyVaWijjS0QQSW0KXgRTeiSqeYO8&cry=1&dbm_d=AKAmf-Ds1F80Q3KLtoJqWCXIAoVWHWKYp05pCS-dq93DpJbofBZAc2oXVNiK-21MQ2ba_EBsXTaXwUksxPVcruaZnq0ORxf7VEusbCKuuNvTDmLD1vaPwYtphZX3bzBt90AH_BXwx-xwbwo2_2BBjGXo9AbTwcqAP4ZzW8agXB9MwoaXcK_606q5GXDRegjm2IquWvnRit0-8TfKDIQSI9LMXhnz7SJUOKlLVdW-O7wyBsyDC5b_LsbuTJD5Ew2GIETPM41wXDelQWGCzNywh9uiY9a7YGZzgZTvZheTFS0JatGrlNCY4O_1SVcWIg78uFjxgM0_F7cTUw_8gIvoFZIDzLCpxfzaFV09RLQV5OnHev7rA3x7ZC23s5pc7OC5_RE-_kRyWO1JoGFC6lQp-1M1g5P31FOrLiNIoqDuIhaGmeEZc8iu6ohxKMPu9cMIDI5-QwBeF6O0Ey1y6iinf91cCL_KbxGNTJR-E8lZN3stID40s7mmbRUx3OJrmHR_E-eNvIuo5TAzrN3gBwaItVf_vb13dQGpX-mPKUiNOVKJ_fsPhotLGNKL_CfY3jmEV9wYEmMAyhRp4xjvPxXpaQPsiW2XwluEHjY0RkVavcaBlZlSG_vLx06s0RWW3r1PoeVr9YNXxmVBvnPEcyRqUgBNoUdYs-8dh_FnOF7JjEnM8GbIC73faPj3EB1QipNkyo2DeyKvcMWK1CMqRHt49oWUOUnp0JAWIE4HtgPsjHvMBauGiyQ4gHiWnaZYwe7f1J696HfI00U9dB5kVpQAEwLgApeg3ViDyMOSLLO9RP6rIQtaYUrDNdmOVTNIqKDm-EEIqQUEz8TFH3N8jBx7srmOdsRf5npNVmSJHsgbtfe-5tPXIIfH0BXS0Vs5S3CAirZsUFvs9myY-1shUl7dV48J_0UpsoXrN0O-lKrBZR0t4yD3X--naxBqEujZUYszKFAcr-XXdXyzcFhNXwXmfoq2eubAv2K0HgzofNzzNwM524GIAEwp8CTDsU8lheQdpXDpFWZHgTfqo6JyxkvxLtTLLBE_qBf0advUvzkwWG1PSZ5xaLcZB8faSrNg77jnfsngLxhFPaFuAPYiVALhe_c1CkW68-AkD3ula4hN6Sp9RlDoGunmPnFiqYD3CmXqvQtY_SwbD-L07OSWl63BSmiE9MWP1vFEYlJu28f9NtCASRnJiWtW3-Rp8eLsgbF5XCAuoxStTRKNECgVHnpTbebsBUPpOBx0acYjUGH2Z8Yp9wx9qjs-Q21aFuMFlL08bf9IzBiWwBFv0UiLRkk9v6mmGTkravPVbduvvMf5Rk3ZU-fyyNiTmvS-XiEZIpzEl-RQ9IdLFVYBvCGFPihwG4DOZGJmcnsytQfaGfGgr5vs_j2-R_TTimZcK7eY8NkF79qfb32p2ggrYLhtu9fOHikP3KyDBflLI2AfuFKe-lYJ5YWj52CsB_xLuE5Bb_nHAKw4vHPS5-bdIRCvXZdChpkPklvUk3O3EZDBKm7nDxga50u6EUUsEd-tKRGxSd8_f2lcnTByDex13HQkhUcLbJIp_cF_mFtZ0Fvy1RDsXQGh5GFiVK9KMhLgWnV2TLgYFjci3LpMRyXXbnxbd8ErJFgpOqKaCwX_jbPH4S5NYYxH-rFnIqjs2zhrbLZBxbVxVnJIXE4_FN3Si0AYYjQryaQxg4Y8sY64fhVzH8XUN8BsaP0MVj75Kc6qE_OGWpxa-eevwPRuVCaQ60auxCOtyjeBmkSZLEIxosfABeX2jrk4SvIT5rFFpDUuOCQulU7-SmDJBKUMLGkW4irIBQOnHgqfjXcTR2pAh2g9RQ4M_0gi3mzDsaIN3z_Rq8nTJm-toZuDwqJknaBhE9P6yvYmk3dcQk3Llkp_P2MAaxUYMJjPBWjHmkfSXLFWdm7Tvt-MkhrA0nQ2ga2vmqu10iyeFpuLCdEs2qYB19f8GHUXvRqLCSN5YqhcJhNN77ImozPwyKZwIDn2yX5yKt_-46X790CiycnH5gTCOtlYb0r4VsShPWDoATEAsDhbmEgid2xo8x5ZGlL8IT9nfojT2ht0X-FWg_yAbE4WqdoZtQP9V_7cNEZip5i1u6_SSx5oh8L_C8fjlrvB4TMTwRfHQp9JdFSmF0cMa9wTjRKzJQWGlGBgjuIvCNacYMZZR0e6uVI6yBJuKR9s5wcu3ITZ8KgE7aElg8ULgy__gHv8ZmE0D6rPdXpUbgJ0EBwjBv4ozLefRecC4rqzrO_BF4GJiR-QFWURmHYS_J2RGDJwlV5nvnqQLK6lYwuM-ofwTb0NaLHfVxz_6_4V7Czja3TSDDyhpmeWtJVXZ5utmS5NyRqMn4q8Kb6Vjs6Ii0IEiieIHLmpTzTBokSmkCkB1D507e2y6ePf6VXSkVxByTQgXpr3REZeNihkRDRJKjdRK5PWYOhxiOrdc1UCmMIzJCA870Srn82s4WOh8nm8VPKhXxcJAx41OpI0kymixCxuk-imVCfPKnxOaznsAh4PS4aPFUHfaVRcdO-UjVYwEM4p5Ek4hI3d3ke7cvCi1Lm5_WclVXw-L-xYjIaJop9X-8vYV61yLXb60PHthjgbb8OI98mnppwFeqKP5dTo8CCMk0UEZaKLbf9DKPcHmBhhI8Ut5DlgFwqe5-iHpmK42yJejqEC-nsIKI46UNNmnYc62HiVLfhhg9eqZBtonzU2R30y0zfeWKteZTSutl_nvmNNol822vyhdWrIcvawOCYdevN2Va1s3jFeXRFMwXiK5u9y_MF5InDlAwzNNoK54y6AreGVEZB5Bhl6aw1xvtLUKLPyuk4OAwwFAw083jgAFeob7GCQqCmwZ1ZGxHS1qCEVZdq1iX_ZcsJ6j-AL3R4w8kv-5gwNsmoTvMtoTgvnYiYiwnKtXkTW2-V4V4KOSfhuzxg5lfbG3wC4TZcQagQqQlvXUXffhA2WqGsG79wkYG1gg_am5HErgRICeCPdgX0x1BqdZZ-cksV4x9lS2AePrjA2n8RSZ5eTd4GH5v9yCC8hiJFkfSu6I34ToEO-Na9fhAu1OrkNdQ9Q_h1C9Tn53QABfib6Qu0AP40T4Frj-IfYuZX9e9Rbna_NCjrGNaA1vLILsWawqXIV0Oc-bw2mYI19mZ_z2QKmaKfgwkmqpDeyihIWt90cb9tETtnfwg9MHuwVBmpyknHycRXS1qYBRR7hyIQ15TXr01pe1r4CxdhbCQVEmxQt9P6hdh0suI6Imryy7Hzipvg6F9w68Ht1NK9WCwL6OHnjvAi6mVhbuQV-6iQoJ9_d8DyCQEnzwHWMtrCWnzHtAC7HV0heSWeRPLwALq-GuWuvwwM0wts6e4LwBEdgew01AZQNP2XrjmWG2wHOLYEf4It7MFpYnHr072kJfC9ZLY6a45CkHZuQnzpJtKAi8k4yTGRZVNRA-5IqXGapMm5RcoFU3wK4KSgh_D0L5FjXQMVF6H4DDS0YcDRSjhVP0WV4GU3zCBiNz6FNJQvLGtXV5eyQOeMnd5vmyqK2HXui2WRHGlRBqcmwMALHNhQAu8tV-8bIktreMA7R7SXCt7Di947fcFav7zFf36LclqOJxfg38zOsPIlk5bzknWhDxrVrrrvGc4p1Kq-nq9YKehEuE1KWsFmVQ6kpHGh92nXZjj9HzT1oti9Ya8VG6bA_5PVrhCcYPToSjJKyYrn0a2t8mCb3Gyv1HActsPIID4dHMnSzLCn3W8ixjs-cwmZM104nuPC0zSdPsc_QS-lN4_zbcSftcITOwKY&cid=CAQSTgAvHhf_1JL-DXMpPB0yQQnkxA4pI0Uv9c8mXgh0FZySGhrJt5BMqRR0ExZEdGC9Wm1dMXeQIMLM5BBghVQd50YJ8Puj1twETVyQOOsdOBgB&dv3_ver=m202309260101&rfl=https%3A%2F%2Fwww.fifermods.com%2F&ds=l&xdt=1&iif=1&cor=14819518812473008000&adk=2988274606&idt=95&cac=0&dtd=1

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3b35b70370fcc687b5a6e48218434c28cb0df1d2cb7342cd317b6f677dea1ef2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/html/r20231207/r20110914/zrt_lookup_fy2021.html?fsb=1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 14 Dec 2023 23:01:20 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13879
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 csi
csi.gstatic.com/ Frame 68E7 0
234 B 803ms
271ms Ping
image/gif 2404:6800:4004:821::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://csi.gstatic.com/csi?v=2&s=osv&dmc=8&puid=1~lq5t15s6&c=3993659239035&slotId=1996829619517.5&qqid=CLac-peEkIMDFWm1fwQdZZ0ApQ&fb=outstream-lima&sei=44752538%2C44807614%2C44807615%2C75259414%2C420706098&nsei=44714510%2C44729911%2C44730425%2C44730426%2C72811302%2C75259405%2C75259407%2C75259408%2C318491509%2C447279544&bi=outstream
Requested by: Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20231113_RC00/outstream.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2404:6800:4004:821::2003 , Australia, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 14 Dec 2023 23:01:21 GMT
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
server: Golfe2
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 KFOlCnqEu92Fr1MmWUlfBBc4.woff2
fonts.gstatic.com/s/roboto/v30/ Frame 68E7 15 KB
16 KB 9ms
8ms Font
font/woff2 2a00:1450:4001:813::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:700,500,400,300

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://googleads.g.doubleclick.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Fri, 08 Dec 2023 16:39:21 GMT
x-content-type-options: nosniff
age: 541319
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15860
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:42 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 07 Dec 2024 16:39:21 GMT

GET
H2 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v30/ Frame 68E7 15 KB
15 KB 7ms
6ms Font
font/woff2 2a00:1450:4001:813::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:700,500,400,300

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://googleads.g.doubleclick.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Tue, 12 Dec 2023 08:54:09 GMT
x-content-type-options: nosniff
age: 223631
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15744
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:48 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 11 Dec 2024 08:54:09 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 68E7 0
20 B 42ms
41ms Image
image/gif 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=osv-info&clickstring=CzLSoP4l7ZfaAJOnq_tMP5bqCqAqpov7TdNO1k6aYEs-Ph_mUMRABIKSR4jxglYKAgKAHyAEFqAMByAObBKoEgQJP0PHEpUAVYUpfTX109OJce4QOx1ZSvzypQ21U-jq5tLoRk8TzVFGbOU7t4Onca1NwxeOfCvuyH943MBQ8jKMnKlQLrBx4pqzTJsETJz-ATITFdKSzH5MDgOitq8Pj6RDkFOS9Z8NMhy9YahbflbEXgtCfMdFHHe8t_AmUXUdb8nWfcQc4imYjMP1KxfUqcFAbkmiEk_YAakY0wGe9AgM_XVq4N3KEfTR75FnWSDtYoNzi216-tEKLjVJ1vdZwIVFMWZmBOgt8cGYfktTP0A7Xcog3rjDBI3si6FBliQuXfMTasxw7Y468SYnAzEzrmS1yCd_vqQ0OZX8qpHiz4dlGLsAEu4jbyL4E4AQDiAWtxa3HTJAGAaAGToAHmpLo1QKoB9m2sQKoB47OG6gHk9gbqAfulrECqAf-nrECqAfVyRuoB6a-G6gHmgaoB_PRG6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggfCIDhgBAQARgfMgKqAjoCgEBIvf3BOljT3vWXhJCDA4AKAZgLAcgLAYAMAaIMGCoWChTktLEC7rWxArW4sQKsurECu7uxAqoNAkRFsBOljN4VyBO_pMTjA9gTCogUBNgUAdAVAfgWAYAXAegXBQ&eventType=clickstring&clientTime=1702594880653&ai=CzLSoP4l7ZfaAJOnq_tMP5bqCqAqpov7TdNO1k6aYEs-Ph_mUMRABIKSR4jxglYKAgKAHyAEFqAMByAObBKoEgQJP0PHEpUAVYUpfTX109OJce4QOx1ZSvzypQ21U-jq5tLoRk8TzVFGbOU7t4Onca1NwxeOfCvuyH943MBQ8jKMnKlQLrBx4pqzTJsETJz-ATITFdKSzH5MDgOitq8Pj6RDkFOS9Z8NMhy9YahbflbEXgtCfMdFHHe8t_AmUXUdb8nWfcQc4imYjMP1KxfUqcFAbkmiEk_YAakY0wGe9AgM_XVq4N3KEfTR75FnWSDtYoNzi216-tEKLjVJ1vdZwIVFMWZmBOgt8cGYfktTP0A7Xcog3rjDBI3si6FBliQuXfMTasxw7Y468SYnAzEzrmS1yCd_vqQ0OZX8qpHiz4dlGLsAEu4jbyL4E4AQDiAWtxa3HTJAGAaAGToAHmpLo1QKoB9m2sQKoB47OG6gHk9gbqAfulrECqAf-nrECqAfVyRuoB6a-G6gHmgaoB_PRG6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggfCIDhgBAQARgfMgKqAjoCgEBIvf3BOljT3vWXhJCDA4AKAZgLAcgLAYAMAaIMGCoWChTktLEC7rWxArW4sQKsurECu7uxAqoNAkRFsBOljN4VyBO_pMTjA9gTCogUBNgUAdAVAfgWAYAXAegXBQ

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231207/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 14 Dec 2023 23:01:20 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 csi
csi.gstatic.com/ Frame 68E7 0
54 B 798ms
274ms Ping
image/gif 2404:6800:4004:821::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://csi.gstatic.com/csi?v=2&s=osv&dmc=8&puid=2~lq5t15se&c=3993659239035&slotId=1996829619517.5&qqid=CLac-peEkIMDFWm1fwQdZZ0ApQ&fb=outstream-lima&ulv=1&cll=0&met.4=arp_a_s.wf&vast_v=4.0&lima_p_ich=0&lima_p_icu=0
Requested by: Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20231113_RC00/outstream.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2404:6800:4004:821::2003 , Australia, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 14 Dec 2023 23:01:21 GMT
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
server: Golfe2
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 vast Show response
bid.g.doubleclick.net/dbm/ Frame 68E7 28 KB
18 KB 125ms
57ms XHR
text/xml 64.233.167.155
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://bid.g.doubleclick.net/dbm/vast?dbm_c=AKAmf-A_Gdj2Np8wuht6VsPv7-UIj-Y6G0GvUZQWmJxbkJ3AsDZ_URngtWxAEyc6mbYLTI0DKGV96BJCte4f6oiDP2x3L1BxQw&dbm_d=AKAmf-AYYEVZ3mrbWh2iFrJaUMLQuzJLfKRrNTMb_PQNDtUUUwGRG4_uRDOGobiPUAlR8q5QxEqQxca-5ANkanXBeyhILDvYe2mR-PZ4w0NPbQOUQp5z88b_fcBorKuFjcn5ao7v3mdPnrOqY_PVrGuzNdnpEc0i4gEvMaMPucIHRqosVZz85kaFVfGqGcF5GZppdgYgEggjB7Y11vTp3eTjgJWXOJii_AVP1ZN-DJItJOdbBkrkoXo8Sr7BDPlPvkroMdsRlCGJL14rmPIGYWjmGN2PRx2CsHIP13JV1NgkrMSveJDluntGg0CoEYIWbYfl1SpUCow-0HU7A2CJKwGHwe07HV0Ut6jSJ5MgjbbMvlG-FEiyowGLh0tUNHmPC5rI5j8NeEFQROfeBHRq9wt1tKPMKollP7_j98dAja1k95tQYnK6lTFqbV6nJuVbCBw9jXGw2s65FOkHUmgLzPZM0zpE9S7coZo6FexKKbyWg5yV24PXhtd0q-7H4X8S0DZ3TDvFTfRggRUly925KuTn61pEhGnUPYcWAD4N0YrDt75A6_A-DzkdLG3oBrO4uDiR9DHJQqr-kPxXyzuHeQ9-YYYQMNZMOzMtHHzVpdXDZDdERNnKM3AwnibtWM87N5-22WnPz3aOigB5qQuEFJSsV_7CVnG6wwpYm3u0JagymyZJwZ49S5gATtW66I21dUVm2mX2gkO2ku29JTZGWRhUvjuOWSRzL0i7UFcKpwDyywKNM9AOFcFEYLxU-rjoT7CqQeXHK4H3lNm6TFScOl2FrkBMrkwDUX_pNVGWiBVSPa4SCvYKKzIUNsTFjRn5ZTObnw3maLCW4rxRrYMWsca1Xg0wJeSBjsXQXGvCpUtdPArjtqY3oh065rIdcesas-Pj4Nh7_R1hEKRuk-4bd_Am5V_rHC1tCRKDZUetvSw-FNCJHkwj-eNNGcQePjpURX-5Pn9ZJ-YQ5Ipw4IQ98Xk1o_8y-5xqdmwWZVdMQZ0-SLhEEOyKLkIX8uBhPmKvhpqu9MKIxES3oJJc2YEmMrW9BsbeQ95xlZgFGdUwPFum0K9PT0rUj-Iy4fv7VrOiwnGknOIHvzauar7cqItPo73yUGETKs9tb0dDkAR6Jd_UByS2tcXT-mRx9LQt0gETFbosRZrd_3h6DUGZ_eBhGtzrVEm5rOYWqM2YNxW__D7zlcU1L6dpyW4iBYQLrQNVBoO7ZEXl4Sd9EOj5H6D0Fo9zWDd3cTTnVGc7_Y6dEzQzo1T4CAFVMCHZDmCMXGE5mEN2NkIqcqErjBK8YsRlhnHr-L8rSZrq8SpD0ebCiA_Dx8skFfIGpYoY9t6jQNmpjoIV9ke9V86Nk4PLzHFHg9MfK9qWSnFn9DiT5ewx40NDMKLNDQWLky6caGvQ9t056IT61XZbSZyu0Ii-QD8f4t-Dd-RV6grtTbGqem0IFMzPuQ3WTshr8-Esay3RKXNtX-ZYdLiwhBpaNLSxHXCt04EVbNtcr1kjxm6UGm1CpKgnbPHAcFp-FBg6u7AhddnNv0sFiC27QiYI9dNqG-EcOdAoCzjGxcDNqWQyDLhMuYwJ5wFJUZMrBiXhMIuhKBkz1JaKhlcc3meZcaN_YNslWd_aBNTo8q1U2dCjom5DUggRcffb1edYT8AiGWHptYQeDrhIyhYuOxn6OCx5euOfL-wv-DWwljLS6fLZtAIIQWh_xSz2tXrNtYrE8xgqo1W4-6HHi0pWPvb6SH0RMJR6bFgBx3W-YsWrDY8paB71G0KxBshOpcuvaS0ECXnSqpaN4RNHSwbGyhbA4eFEfut2zI7ZH5mFLPpV3LjYvbhzr2mSXbrt1Pt0cHlkoEVJo1VBBH6Xca6gc-1NlcwVfsmfmEKmc61RNV_HiMJzIXffkFXqESgr5SN1dmXhUDccGtU8V0KNOcRELMX3NRsjTd0IX9OKLKNrgiW7wkZgOVeo1AoOWugsnXJxLCwTtKX2vRkdEZ3ANpYnQEzkLg85uBok9eEojWtqiQ9sNMy2Wvlt4NIwu_WCxeZZzUoMxDeHoOp0EEiuoephTfk26QkCrhBfl_xzzghsW8hkki2FbvtB08IhgpVMHIM_nG6Y1ZtWhPjxUhyZ9WF6Ad-5hMqZJOoYIyrROQmQ_r7IVq___5rITc2jlXMAuipejQ2EIqpUcH0r_vqnM61h8hBKrq2-LKKfVyiAgdZQomXUniWW0N8fefo9HgIDtNqwY-9ySI9OJarKMA-Ke8fv6u7G263Exyj6oqr5bnRRS7LdQYeaHT-uHhZjO3yMC1ixq64d-TYyZnWP4drg2uOPuTJ9mX76AkSwjf12z2ldzeQ5OMor5jcdxXHK_xiM-8FT90ox-7eZ8d84kcSeGLwDDugt_QRqvRmAOpaixhE-mKFuZKdqjJ-9lK0H3r4MAIPak5a_7frVxsw0RcoKZ9KzXBsWWB387_spc_c9KfA8v-JRt1Ej41v7Uwrpxhd0dZ5FvuUheFLIEqdUycEOSszNBilgvwqf6xQLI7hBIFk0mfXg1Ythn8V05QePuf3dU0rmOcaRgNMQg28FnqQBn5BHDiOkm-CEzJybMoidmAYnHg4eA7tW6B-jeUIQlBEZGQgqTxVH7aKgQ_4B58xkHJavpqY7RGM6_pT3oY_S1ss0Z-fgmopsBS2oKW4Qpe-wsJWAw7vUr6XQ214bihx4WUS8aHYQ24JvQGu_le_pv_b6NxKJzLDzCpLxjdVAqh9G7lRr7aSLkCiOlF2-rk1u--5uV3rGmF2LvaDaGPZBYe0k6pAAH9DMEdbzWspKBUP8KOX-BgLVHwxK5ETuZj9JLPTPCKfTARSVU3ocSYKkIUY_-0ZfYNrkfGgkzUsDkbmHvQF751Km0JLcpqC1hXnoFQwos1mk1tGufj52ahQm8T-Etsfdkgx6amgtxEzgp4Lf_NEKN0qp3MqBbQK-afy8E3r9xZW25Aw0BT9yYdEGNy0OS3C_FH4PLLZC4COqpyGMOamPJrTHSkcpXgWAn67tQshiLSIwjheaX3p-nb8t00oDiv1d4NAbB9N4KivpeLmEgPa1KlFMyrnR_llsweKEhRhi94j72nMcziRuXCdFzf8SISJ1fm9SYuwxiyPtYEazMi14euaHyRZrpDSNVt1eHxH6Sq8QRwKFybZ1HEj8h6PIhv0KG17yDHdmo3Mh7sZmCysVHon4gSLINef6TrIxnY31BKaKVAqzaF0j8TrjVdrB_4exTMBuPUZ5x0i0j8c-zqt234SeoDRtEB9BT0GkYsN2H4JLhworyA8Rki4xRA72d8bDpTxqgCy5SUXgxtDTP0BxOsELRMUYszFwD6D7PC_2lIuNZG1BwCHY486LYV2kvMkEQrU1dQ23Is5xy3h1odnIzxYKb67Ri1sYCYtiwKZi5Majj8Dc_Ycc76dMMHr2olguwAZzXbKu3CowbSe5qyJGmhXeYS2uumFXk8JzgZI4qNbcXyWYdU4smMDCeSMzeKlpO6E09ebgcNfaUGMt9_tfrAxXmO_-qDtxKY41uOOtdBUG5nnqZp8rcCgcr_692D9MUw&cid=CAQSTgAvHhf_1JL-DXMpPB0yQQnkxA4pI0Uv9c8mXgh0FZySGhrJt5BMqRR0ExZEdGC9Wm1dMXeQIMLM5BBghVQd50YJ8Puj1twETVyQOOsdOBgB&sdkv=h.0.0.0&osd=2&frm=2&vis=1&sdr=1&nel=0

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20231113_RC00/outstream.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

64.233.167.155 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

wl-in-f155.1e100.net

Software

cafe /

Resource Hash

3edf8088895d073ac0d2fe0b74d3696ae86a87594b7d8fada3737c26863b16ca

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 14 Dec 2023 23:01:20 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 17678
x-xss-protection: 0
pragma: no-cache
server: cafe
content-type: text/xml; charset=UTF-8
access-control-allow-origin: https://googleads.g.doubleclick.net
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
DATA 200
OK truncated
/ Frame 68E7 216 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e9e7e5220645f0510938360c6c235f3c037d505b6d6c4fc52983c69ea21fbd55

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 adview
googleads.g.doubleclick.net/pagead/ Frame 68E7 0
0 45ms
44ms Fetch
text/html 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=CW8wDP4l7ZfaAJOnq_tMP5bqCqAqpov7TdNO1k6aYEs-Ph_mUMRABIKSR4jxglYKAgKAHyAEFqAMBqgT-AU_Q8cSlQBVhSl9NfXT04lx7hA7HVlK_PKlDbVT6Orm0uhGTxPNUUZs5Tu3g6dxrU3DF458K-7If3jcwFDyMoycqVAusHHimrNMmwRMnP4BMhMV0pLMfkwOA6K2rw-PpEOQU5L1nw0yHL1hqFt-VsReC0J8x0Ucd7y38CZRdR1vydZ9xBziKZiMw_UrF9SpwUBuSaIST9gBqRjTAZ70CAz9dWrg3coR9NHvkWdZIO1ig3OLbXr60QouNUnW91nAhCU2rNxLAF-6ctYmzL1m4oD4CGt7omwpL0MEYXE2AIo_bcyvDjvC0oJJRGEkfJEBw1FwlxwFOgy-eHPrtTiSIwAS7iNvIvgTgBAOIBa3FrcdMkgUECAMYAZIFBggbEAEYAZIFCwgiEAIYAUiPk8cBkgUGCB0QBBgBkgUGCB0QARgBkgUGCB4QARgBkAYBoAZOgAeakujVAqgH2baxAqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB9XJG6gHpr4b2AcA8gcKEMy_GxiPnpb9AdIIHwiA4YAQEAEYHzICqgI6AoBASL39wTpY0971l4SQgwOACgHICwGiDBgqFgoU5LSxAu61sQK1uLECrLqxAru7sQKwE6WM3hXIE7-kxOMD2BMKiBQE2BQB0BUBgBcBshccChoIABIUcHViLTI1NzU5MTY2MDEzODIxNjMYAOgXBQ&sigh=WoxUiDbZf_M&uach_m=%5BUACH%5D&ase=2&nis=4&cid=CAQSTgAvHhf_1JL-DXMpPB0yQQnkxA4pI0Uv9c8mXgh0FZySGhrJt5BMqRR0ExZEdGC9Wm1dMXeQIMLM5BBghVQd50YJ8Puj1twETVyQOOsdOBgB&vt=10&cbvp=2&vis=1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231207/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/html/r20231207/r20110914/zrt_lookup_fy2021.html?fsb=1
Attribution-Reporting-Eligible: event-source
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Thu, 14 Dec 2023 23:01:20 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H3 200 a_HaIzZFyEVJYJ9hlnDU0-lGrGHVFv1T5ZfBCtEAYIo.js Show response
pagead2.googlesyndication.com/bg/ Frame A2B4 50 KB
19 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/a_HaIzZFyEVJYJ9hlnDU0-lGrGHVFv1T5ZfBCtEAYIo.js

Requested by

Host: www.fifermods.com
URL: https://www.fifermods.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6bf1da233645c84549609f619670d4d3e946ac61d516fd53e597c10ad100608a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Tue, 12 Dec 2023 08:10:10 GMT
content-encoding: br
x-content-type-options: nosniff
age: 226270
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 19601
x-xss-protection: 0
last-modified: Tue, 28 Nov 2023 18:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 11 Dec 2024 08:10:10 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 51EC 0
20 B 41ms
41ms Ping
image/gif 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=running&ord=7940704007917&version=m202309260101

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 14 Dec 2023 23:01:20 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 51EC 0
20 B 41ms
41ms Ping
image/gif 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tlbr&ord=7940704007917&version=m202309260101&ct=77&x=1&cor=9815996558853773000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 14 Dec 2023 23:01:20 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 51EC 20 KB
14 KB 194ms
193ms Script
text/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-BAkVupHF03OdzSQF2Hq5KU28cilDxpcpktR6xJIa1rthgeeBZL1b4uFersHQx9ieI5TOx9Iq-ThVjaVZfCDSd-68lieCX6nQ1z7tcxdSP8Me_qjHkOz3IwbSdz62q7xBOrxYfhwF09DdBWeeAagHQEtKcjOPWtcYkLttJnUZLgMEOxvpg&cry=1&dbm_d=AKAmf-ASFvEPnxyPlhS5CbAwI6z3Is_HScxbe0uPKZeDN8rcqihUMkqQR2SMIEH7dm85BL2SVKZjRHH4uIQS_x2JUUCDTMmizVR1Pl_M3CMg8KnJtIbNy3XgGnSpQEFNWTr1pLVNUnyCfBdchpP64Yegr-1bRRmGNXwjo0tL3RbQgn_3i5upLK1EfMN-WBFLnpRpMArt5ew_uIQmqqL-sUWBykAd4GZvgU_ZaX96MnV9jQwOFCWWnqXfGXEulSqkNmA5pYFJ3qV4QW0EkAM06gr4PUwNrgA6iiw9siMoMI5mn84xsqVtq3S3LKaKYxEROOtZAGv_E6JduwGf7CK14DldMzQPsl9UlIMAb4TGMcNmS1olYpulxJjcGezflztYBZArC9WXLYEC6Fv4gM_lgrg4UOxTe9a7QOjFgNbi5OmpGItKVmPj8ONF-KWFnUXlN_vekCe6kKxkOPBaB4093C-WJXrlFd9V_BaytWo_DEcG2g1Cif2x1B7KS5FSCTbXWGZlNZBxzAY5IYwdICMnL2eMSlnMkjrvuXrl9Ltpz4slScGFELyr7pQ8aVKRGHONalPSwu74jvw45R_ovjjfieobN_5OBKS_h8qeMt7CnLYeHjbGYDYgr9hOsxR3MzeEJhEJxWjvLJT4_i1jMpCcMII3p9Wb9kkGDG_MaM6ux4Ql6Fv_rtD8jFBFDH98_2qytVkRmXn56GaqrwpZ16Kg6xgHJU61m7ZA6xp6nNA4Sn5g-jggnauG5Btez3bCodhZF4zmEhqSTv6b_VisueqvwIMHl7NI2LMwfskXxxgFqII-1w-cE9DsWOwAlB0qMAt8dE6qDrtNhLpuY-w4RU8ac-t4t5LBgZwURPKXfnn90BP1g5f4cALiFU58blqmk_6LXO6FD0kLyVft5FHi8gNJoPBH8QxGLKohPnxopRI0LtXMbPH9ueKnlizDtesHCKJUy9q2K5jKKfhDwLPuhkU5xtrpD4xKPviUXwlJZTLozFdFjNvnmEcytulcZ-ppLnXv_Jsir9kmolLE-Agjp_lvD2fRJFSD_R1cO3I2iE6c3ka7IB57-Pm5c7pbcp1WyZp5JHYBloBKu6VCJAe4PEowOVtXoEgkZHsrxykX0PTfHgs94U5n0xOgA-Ds_-gFOxkWPg4aHvHx3Bq-2PF-1FiE213_eAY8OnpGy7Ct3cmSIJkGtuv4F7DU4ODfXq-TC3l6cMIqD17cOl8gOzXbhxiYYP2jqCCiIjstloe35kIEf21p2My-1LuheQV76XA6MMSMLjJVdLwPv4poxtzCxC0LSsqLj5LDsW1F7iiNnLhKJ9kovCrSUpzlOg-C5Wuw3CkJ6ya8jpR3VSot5HX5FnTrSd4TV1HwkbrLfCuOsgXckHFKQ4zPHAX1TFN_MebdureyNMlEEawgH8wP9hXJbjrF2TX03QXy4778YkvQVxGq8316cVTsuJfwrzydjajFuXE69f0TlZn3UkCfZvvJEnQVXwUB1bqq0iWLiuVieJtClBWRrC_HbqCne0Gh-SJjYcPNAVrfn4jeL64Dp6E4M_mJuFiPUTTWNDUsTDQEMEY3fVv0wEyDEigTXnvjfiTeGoqWOySamCjc9AUhqHNTnf4KyUU1vGW5SIyS9UCuOnqeAaG-sMCbP2J_KENdhAwYRg0UgedeWn-5S2UipZeThQFhLNwFquuNc9z3KDsPG_6ScNJnxFAT4Hoz3_zkb8y5yfywQgU6yyx7I7p-b1RTclgkkMjjaxqkxsi8McoJpKSVnO5OIqkBO84Isvzi4J8X-pABNwPes91RoeVqYMLGOfM1_QHbv54_CPfmCINuaQWIsjjUS6RF7oO9K1vOZvUaTZkaz8IDQnkxFdb32OQ5OmpLHkOLosiqlybhLua-5YOoZclQ9dBKWfkyOTi47fzS7qqT5NI4qccx7TpNNNiQzC0SnTbTnNDOHpfW_5huYC1bzQ4LFHzvZDCHUjcITplmQMs8Qcj9FG9KRCtTaSinkxgf50GopjjY_zAUwkxkG3DbZwW6IEjK-qQayxTKjWGWmEevJ6HW1E8et8-s30SD0GFT60eOnMwjZlXjX_eAUMzsXy3WqIGEQ-UowNjym5wP2zuG_fm2fEbycJH-13jGjkdCqilJSyQWKt-N3Il8qjj_iaRmcdzBzfmqKNWL1Eb4LhypZ_RbOTruquRljTjWtIKoG-7_0Dm_h4IGF5T98vS_hZjISilFiW018slywXFPjoCOstXhEt97XtxmmPwhAB0UpOe0UI-2Do9-kY209FFJls5F7VWx3_RDJv4IYZ8N2gbFi7VSfN5WBI30XQpQ8dr8_pqVtKJGXDJLnKklerI_gyJP6uVFjbJjcytN-EK9rHkvNdFIBHRJgWsWS7gZxWYBtNkwrImReWjPSuSjXNhrJGTuhyOmlXHwhQ-UzFod8990v2-7NHqB5DSl3iG-M3XDmEeXm3zhAz-VLjR5Uh9Jsbyp5vho9ka0isbzwsWTQiuouOKZrF5RgpHzNERPrYRBMrksMTWkKU1sD12dcfo84mwVvjg5nHsmEhEuKCGybZum1LW_BJcm-dG-h-dqRgt4TpjATeYD8Wue6wrtDN539IzD8Wjtxhw8A7lli7CO5GFhG5CQIRrGvAPKxQ6yxT_fOHDc7XupjpjYKbugHQo_eym4HV-mPeFj0j3iysornv6up44lVOOGSKdbuRXdEc8nWf6OV1r1ZuFWDHleNhjv2wocTKgDQ3E-0TVJMbtoCeQLr-NpJbzeN9_Jil0nA0fCqwxRCHTD6DsOHQxBULEswOCVMey6JFwO1CGIeCsDiu351BzyzjgVCKwudBqXVSLtCyBcOmv8Nrwn4y_uMEE4jLL2tEiPxNNgR7ein1dUSrcuP4dP1JiAK87fT-uKqTzdoxxgCOb6zNSirCBqTH8xGGkkp7bFLh3ZPhFo6gMPAzIFyExCAONt2RCyvhEdDSEcP1qTUKbU7m3U2B18wBRNFvzOl22kOWcsWWFiuRUhQiZ1XccK5Fa80V_2_riZ5ythxkwEPo82e_sMStQyEDj60bHxqj9XnCnoj2dGjKAWmL3fWuLU_JJ-kjpWf4DXfiOz4zhwu8IBz7LEc34PKOxG2xsk3oloHwJVT2pyiyAQAN2DmkH33Dcth3EcMUlyDtBcCk0_RerHx88gcQzmbsIXFN0Msawt1DV8dzE13Wh7LR_fImLm_VhIUuwzdNB9NdkhBwH-A9itX5H66lVqJxKBl3VekgYKS0ToH-D2ZT6N1hNGPjmyN2hk1TCZjkE7bR6SeAtHhmbVeL-nYGg3cUWOMc55Mptr6yKmT_axOqiyACzT0AzT06M1jw0_CoiQkdz4wrnSmggLsj3C3lexG-emtIRJ-4DQ55VGz4BWvz2jJYQnKNJkQWLe_gZaNTtJuq9rq5is3KZk8PXvESqgEzsEYLr0l1cbNndvOlBHWmU5y_f38AAEXMKLLXcYXkahgj8W7aYKv-VqaXlEoDDj0eKLVb3OKvvL4SvoCmrrw8rEHEX9IGTog_gaPc_eoKfnt9I5pYL3I9QA2MCSrdAqf513PbXlondm8NSe59dZAIVFOoDHbHaK6aua2XQCxGzAnIV-eNxbXa_UL96sijzV6pj4Rw3z3Lsfx6NpWoK4hWH_vJYsdvfUpxsEA10uw9Ym4IPER3d90gSEcpue2cwL-TOZXqHEhjrZPPLfJbBjcnpRV5LWCGT4X_Ht88YSaeIhrYUio9a9kqwpyGNl5IQhktI6PyVbV_Tv7cGy3nE&cid=CAQSTgAvHhf_1JL-DXMpPB0yQQnkxA4pI0Uv9c8mXgh0FZySGhrJt5BMqRR0ExZEdGC9Wm1dMXeQIMLM5BBghVQd50YJ8Puj1twETVyQOOsdOBgB&dv3_ver=m202309260101&rfl=https%3A%2F%2Fwww.fifermods.com%2F&ds=l&xdt=1&iif=1&cor=9815996558853773000&adk=2935317966&idt=214&cac=0&dtd=1

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

1c0eb4806930bb3816ee1ce91b4fed3c3cbcad05604f73e9bde4a603edb404c9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/html/r20231207/r20110914/zrt_lookup_fy2021.html?fsb=1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 14 Dec 2023 23:01:20 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13857
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 csi
csi.gstatic.com/ Frame 68E7 0
54 B 662ms
271ms Ping
image/gif 2404:6800:4004:821::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://csi.gstatic.com/csi?v=2&s=osv&dmc=8&puid=3~lq5t15sl&c=3993659239035&slotId=1996829619517.5&qqid=CLac-peEkIMDFWm1fwQdZZ0ApQ&fb=outstream-lima&vast_v=2.0
Requested by: Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20231113_RC00/outstream.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2404:6800:4004:821::2003 , Australia, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 14 Dec 2023 23:01:21 GMT
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
server: Golfe2
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 vast Show response
vast.doubleverify.com/v3/ Frame 68E7 20 KB
4 KB 73ms
21ms XHR
text/xml 104.18.36.54
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://vast.doubleverify.com/v3/vast?_media=3&ctx=10242044&cmp=30443038&sid=5513185&plc=380567266&adsrv=166&_redirect=1&psf=0&_vast=https://ad.doubleclick.net/ddm/pfadx/N7657.3553448DISPLAYVIDEO360/B30443038.380567266%3Bsz%3D0x0%3Bord%3D%5Btimestamp%5D%3Bdc_lat%3D%3Bdc_rdid%3D%3Btag_for_child_directed_treatment%3D%3Btfua%3D%3Bdcmt%3Dtext/xml%3Bdc_sdkv%3Dh.0.0.0%3Bdc_osd%3D2%3Bdc_frm%3D2%3Bdc_sdr%3D1%3Bdc_ref%3Dhttps://www.fifermods.com/%3Bnel%3D0%3Fves%3DdGltZXN0YW1wOiAxNzAyNTk0ODgwNzY2CmNsaWNrX3Rocm91Z2hfdXJsOiAiaHR0cHM6Ly9hZGNsaWNrLmcuZG91YmxlY2xpY2submV0L3Bjcy9jbGljaz94YWk9QUtBT2pzdWphSi1JWERleU9KYVViek5RUXJZdUhWZXlCalRpVW5nczljNl9qUmZ2RGdJNlN2TjlBRE1pLWFEUC1UQ3FSSk5zOFRnQUFBcUc1NmxDdXdhXzl0VGFOMGlrNEFpVV8wRGE1UmNXaGJCelY3T0FES2ZLcVFWR09NUTAzMi1PTUVVOG80TldjdnhsMk02dVgwanMtNDRQeVZWZ1NRNEJBUV81WmFQS2xTMTl6QzFLSDE4WVBtLUZyc2dSeV9JRlJqaWdjT3ZYbml0ZEt6S2F3NzhTek9jRlpvRDB6RDM3dXdKb1dzMll5TGJzU2h5b01EcTlULTFpN2g5U19BVUZEUWNncmlDVXZVRTFEbGNuX0VzLUJlVGRrcFI5cGZKcHV5UnRTbGlhUWRFLVd3cmJPOUU1bTJtWU54NWdOTnJNdkM1bHd6U0pQQk5BTGtQRHIwZTRhV2l4Q0Znejl6WlRYT1kwaFZHVnhaT3RLRHhabERiMHE2R3BSOV9CRWN2T0VDaWlxcGV4R291SmVud2JueU5EdUJNU016WnlKRzh2SW56UmxKdmFTQTBRSnRmS0Q0RXBJNVlQVkVZOGFmeHpLV19ScF9zaGdXYXNWNHA1YVNDVTk3ZHVyQU1QbmtmNGhHMEhJUHR5MFozSXhtNWVSc3Z2VF85UmZHd080ZmRJaUJIWG15emgxbVVUZGJ0SW9XanFXTHRqaUREa2ZzMkwxUnRIZWFNQTlybHFXb014UmZjbUp6MnU2SWdlTnVPLTV5aUwyQ05ScVZlcDVTUWFxY0tjU2huYXV1OFNZZ2J0SGpNWi11ZldGN0taMUxYQ3djTnh4dUVkVWpvOWh0b1VGMl9BM0d3VldpU3k3blkyQzBBbWJiZVZDWjI4RW5xWVR3N2hiQWMxM242empDdDNtSUNZQ054Z180RFpjVkFoYmtqM0F2N2NTeHJiVlZnNzBNbnRtc1h2MFdZOW9TYlJYdjYxMEpPdjRhNS0xcm5nSVdjeDg5VW5DZDJlWWxfSGxCbDVPYzVSbGdpOExaVEtidi1hbmdNVGxPSnYzZGlQeXI2S1lsaUVpalBwUXFzV21lN09uUzNPWDREYTdqNXhtakxjR3oyWjBiNUUteEJYMGxTbEJKbjVlRDZVdG1keTlHQm51UDhod0NfM1F5WG0tLWxEeUlRSFB0YkZ6SlRtYnFtQXZkSThmb21wOWdHY0lDQ2pnZGg3QXctazVKSGo2dzFQZ3FHV2dYWDVCZTdUa2tMWXE1NDJIUVBvMERCZ09pajJhNy1rNFI3d2FPeXdjZ0k0MHNDQzZ0WFB4ZUMzYWdUQ3BzS0lTN1lnRXhNSTUzNUwyd0VnbzlOOExmNXJpMzBWUlJSOTJmY0xxRno5OGxYaUJEWXJmMDBPTXlzOVhxVDBLX3BVV0dSYlFsVlAxTDVtTVpBMm5IYXNIay1PeDIyZzR6eng4bUx0dzVxdEhtcnZtbFNPV1ZDaVJQOVNheDI2YUtHQkNmby1mY09reEdqRzJpOWdrTlFHcDZzei1wcGJZV3JPaC1rckpEa0ltX0ZYdXlqSWEwbzJYUDd5SkNmTGVrVkdxMzRzd21qd3RkU0pNVDRzWEttazNCQ2pTOE0wM2ZYOWlzd2JyZGUzTjRDek1JUlBrOU1qTDRtNWU5aVE0eUJJeHRnS0Q3dkk5ZGl0QVFSUktMUlNjYWN5N3lma19sa0pwWVBYRjhVajAwOVRGRkx0a0ZkR1d6V21qNGxmNGVXeFlvZFlER21GJnNhaT1BTWZsLVlUM1kxa1l5RDFIUUQwSk1qOUh1RXFrcnQ2MmJVSnd5Ujc4LUFjRU5GUGpjRzlBVEVjcTJXVjc2aGU4SFB2Q1pLOTZITGtsWmkzVXQxeF9pd01mMG94dFB6bUhyUTA2cmhmX0haNUdacjBmTVMzRTk2cUdXaE9lcHlYS2ZzQ3dSTUFBRktjTS0tUkgzVjFyLWdfUXBSaGxELWZxOVYyeFlubFlmMEF1UmZ0aGxPX2V3NEwxd3NmVWJ4blRQb1AyNGR6SFBiM05waXI5VW5aU1JMQkZhU19hZ1Q3bWZKMWRIS2RZOGpzc28wUWpYSkxSMk5HX3VvamQ4S2t2UFdjWjl2T2lMTzJWY0IyeGU4UmdmWXVTZjFFOWdmMlVqM2x4YjAwQ09INHNaQU5NQWJDaTVMUSZzaWc9Q2cwQXJLSlN6RWNWekRseDBvM19FQUUmY3J5PTEmZmJzX2FlaWQ9JTVCZ3dfZmJzYWVpZCU1RCZ1cmxmaXg9MSZhZHVybD1odHRwczovL3d3dy5lYS5jb20vZ2FtZXMvZWEtc3BvcnRzLWZjL2ZjLTI0L2ZlYXR1cmVzJTNGdXRtX2NhbXBhaWduJTNERkNfYnJkX3d3X202X3ByZ212X2R2MzYwX21mJTI2dXRtX3NvdXJjZSUzRGR2MzYwJTI2dXRtX21lZGl1bSUzRHZpZGVvJTI2Y2lkJTNENzM1OTglMjZ0cyUzRDE2NTI4OTAxNDE1OTMlMjZkY2xpZCUzRCUyNWVkY2xpZCEiCg%26dc_cid%3D206729091%26dc_adid%3D572283934&_api=[APIFRAMEWORKS]&_ssm=[SERVERSIDE]&_tsm=[TIMESTAMP]&gdpr=&gdpr_consent=&_abm=[APPBUNDLE]&_pum=[PAGEURL]
Requested by: Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20231113_RC00/outstream.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.18.36.54 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 847a56fa446fc9c5c40f683efcf577883cbcc75156c0c873aa553d136cebf38c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 14 Dec 2023 23:01:20 GMT
content-encoding: br
server: cloudflare
vary: origin, Accept-Encoding
content-type: text/xml; charset=utf-8
access-control-allow-origin: https://googleads.g.doubleclick.net
cache-control: no-cache
access-control-allow-credentials: true
cf-ray: 835a11755a845d7c-FRA
link: <https://cdn.doubleverify.com>; rel=preconnect, <https://tpsc-video-eu.doubleverify.com>; rel=preconnect, <https://vtrk.doubleverify.com>; rel=preconnect
alt-svc: h3=":443"; ma=86400

GET
H3 200 Q12zgMmT.js Show response
tpc.googlesyndication.com/sodar/ Frame 42DD 41 KB
14 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Q12zgMmT.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-CsPwOTIVIA3OgePNx7dg513ComPcROqfRh3u7t6fvMANSBZFRhz0ZZyl199HM6ObwvgR2fD3E8XbsLZoFzX4u46ynmZ0gFjIUJR0tp-WJPt8cUmgofC_il_ZmJmOaQ3Dinqfk2lpXdRU4Sr1zJQwSyyVaWijjS0QQSW0KXgRTeiSqeYO8&cry=1&dbm_d=AKAmf-Ds1F80Q3KLtoJqWCXIAoVWHWKYp05pCS-dq93DpJbofBZAc2oXVNiK-21MQ2ba_EBsXTaXwUksxPVcruaZnq0ORxf7VEusbCKuuNvTDmLD1vaPwYtphZX3bzBt90AH_BXwx-xwbwo2_2BBjGXo9AbTwcqAP4ZzW8agXB9MwoaXcK_606q5GXDRegjm2IquWvnRit0-8TfKDIQSI9LMXhnz7SJUOKlLVdW-O7wyBsyDC5b_LsbuTJD5Ew2GIETPM41wXDelQWGCzNywh9uiY9a7YGZzgZTvZheTFS0JatGrlNCY4O_1SVcWIg78uFjxgM0_F7cTUw_8gIvoFZIDzLCpxfzaFV09RLQV5OnHev7rA3x7ZC23s5pc7OC5_RE-_kRyWO1JoGFC6lQp-1M1g5P31FOrLiNIoqDuIhaGmeEZc8iu6ohxKMPu9cMIDI5-QwBeF6O0Ey1y6iinf91cCL_KbxGNTJR-E8lZN3stID40s7mmbRUx3OJrmHR_E-eNvIuo5TAzrN3gBwaItVf_vb13dQGpX-mPKUiNOVKJ_fsPhotLGNKL_CfY3jmEV9wYEmMAyhRp4xjvPxXpaQPsiW2XwluEHjY0RkVavcaBlZlSG_vLx06s0RWW3r1PoeVr9YNXxmVBvnPEcyRqUgBNoUdYs-8dh_FnOF7JjEnM8GbIC73faPj3EB1QipNkyo2DeyKvcMWK1CMqRHt49oWUOUnp0JAWIE4HtgPsjHvMBauGiyQ4gHiWnaZYwe7f1J696HfI00U9dB5kVpQAEwLgApeg3ViDyMOSLLO9RP6rIQtaYUrDNdmOVTNIqKDm-EEIqQUEz8TFH3N8jBx7srmOdsRf5npNVmSJHsgbtfe-5tPXIIfH0BXS0Vs5S3CAirZsUFvs9myY-1shUl7dV48J_0UpsoXrN0O-lKrBZR0t4yD3X--naxBqEujZUYszKFAcr-XXdXyzcFhNXwXmfoq2eubAv2K0HgzofNzzNwM524GIAEwp8CTDsU8lheQdpXDpFWZHgTfqo6JyxkvxLtTLLBE_qBf0advUvzkwWG1PSZ5xaLcZB8faSrNg77jnfsngLxhFPaFuAPYiVALhe_c1CkW68-AkD3ula4hN6Sp9RlDoGunmPnFiqYD3CmXqvQtY_SwbD-L07OSWl63BSmiE9MWP1vFEYlJu28f9NtCASRnJiWtW3-Rp8eLsgbF5XCAuoxStTRKNECgVHnpTbebsBUPpOBx0acYjUGH2Z8Yp9wx9qjs-Q21aFuMFlL08bf9IzBiWwBFv0UiLRkk9v6mmGTkravPVbduvvMf5Rk3ZU-fyyNiTmvS-XiEZIpzEl-RQ9IdLFVYBvCGFPihwG4DOZGJmcnsytQfaGfGgr5vs_j2-R_TTimZcK7eY8NkF79qfb32p2ggrYLhtu9fOHikP3KyDBflLI2AfuFKe-lYJ5YWj52CsB_xLuE5Bb_nHAKw4vHPS5-bdIRCvXZdChpkPklvUk3O3EZDBKm7nDxga50u6EUUsEd-tKRGxSd8_f2lcnTByDex13HQkhUcLbJIp_cF_mFtZ0Fvy1RDsXQGh5GFiVK9KMhLgWnV2TLgYFjci3LpMRyXXbnxbd8ErJFgpOqKaCwX_jbPH4S5NYYxH-rFnIqjs2zhrbLZBxbVxVnJIXE4_FN3Si0AYYjQryaQxg4Y8sY64fhVzH8XUN8BsaP0MVj75Kc6qE_OGWpxa-eevwPRuVCaQ60auxCOtyjeBmkSZLEIxosfABeX2jrk4SvIT5rFFpDUuOCQulU7-SmDJBKUMLGkW4irIBQOnHgqfjXcTR2pAh2g9RQ4M_0gi3mzDsaIN3z_Rq8nTJm-toZuDwqJknaBhE9P6yvYmk3dcQk3Llkp_P2MAaxUYMJjPBWjHmkfSXLFWdm7Tvt-MkhrA0nQ2ga2vmqu10iyeFpuLCdEs2qYB19f8GHUXvRqLCSN5YqhcJhNN77ImozPwyKZwIDn2yX5yKt_-46X790CiycnH5gTCOtlYb0r4VsShPWDoATEAsDhbmEgid2xo8x5ZGlL8IT9nfojT2ht0X-FWg_yAbE4WqdoZtQP9V_7cNEZip5i1u6_SSx5oh8L_C8fjlrvB4TMTwRfHQp9JdFSmF0cMa9wTjRKzJQWGlGBgjuIvCNacYMZZR0e6uVI6yBJuKR9s5wcu3ITZ8KgE7aElg8ULgy__gHv8ZmE0D6rPdXpUbgJ0EBwjBv4ozLefRecC4rqzrO_BF4GJiR-QFWURmHYS_J2RGDJwlV5nvnqQLK6lYwuM-ofwTb0NaLHfVxz_6_4V7Czja3TSDDyhpmeWtJVXZ5utmS5NyRqMn4q8Kb6Vjs6Ii0IEiieIHLmpTzTBokSmkCkB1D507e2y6ePf6VXSkVxByTQgXpr3REZeNihkRDRJKjdRK5PWYOhxiOrdc1UCmMIzJCA870Srn82s4WOh8nm8VPKhXxcJAx41OpI0kymixCxuk-imVCfPKnxOaznsAh4PS4aPFUHfaVRcdO-UjVYwEM4p5Ek4hI3d3ke7cvCi1Lm5_WclVXw-L-xYjIaJop9X-8vYV61yLXb60PHthjgbb8OI98mnppwFeqKP5dTo8CCMk0UEZaKLbf9DKPcHmBhhI8Ut5DlgFwqe5-iHpmK42yJejqEC-nsIKI46UNNmnYc62HiVLfhhg9eqZBtonzU2R30y0zfeWKteZTSutl_nvmNNol822vyhdWrIcvawOCYdevN2Va1s3jFeXRFMwXiK5u9y_MF5InDlAwzNNoK54y6AreGVEZB5Bhl6aw1xvtLUKLPyuk4OAwwFAw083jgAFeob7GCQqCmwZ1ZGxHS1qCEVZdq1iX_ZcsJ6j-AL3R4w8kv-5gwNsmoTvMtoTgvnYiYiwnKtXkTW2-V4V4KOSfhuzxg5lfbG3wC4TZcQagQqQlvXUXffhA2WqGsG79wkYG1gg_am5HErgRICeCPdgX0x1BqdZZ-cksV4x9lS2AePrjA2n8RSZ5eTd4GH5v9yCC8hiJFkfSu6I34ToEO-Na9fhAu1OrkNdQ9Q_h1C9Tn53QABfib6Qu0AP40T4Frj-IfYuZX9e9Rbna_NCjrGNaA1vLILsWawqXIV0Oc-bw2mYI19mZ_z2QKmaKfgwkmqpDeyihIWt90cb9tETtnfwg9MHuwVBmpyknHycRXS1qYBRR7hyIQ15TXr01pe1r4CxdhbCQVEmxQt9P6hdh0suI6Imryy7Hzipvg6F9w68Ht1NK9WCwL6OHnjvAi6mVhbuQV-6iQoJ9_d8DyCQEnzwHWMtrCWnzHtAC7HV0heSWeRPLwALq-GuWuvwwM0wts6e4LwBEdgew01AZQNP2XrjmWG2wHOLYEf4It7MFpYnHr072kJfC9ZLY6a45CkHZuQnzpJtKAi8k4yTGRZVNRA-5IqXGapMm5RcoFU3wK4KSgh_D0L5FjXQMVF6H4DDS0YcDRSjhVP0WV4GU3zCBiNz6FNJQvLGtXV5eyQOeMnd5vmyqK2HXui2WRHGlRBqcmwMALHNhQAu8tV-8bIktreMA7R7SXCt7Di947fcFav7zFf36LclqOJxfg38zOsPIlk5bzknWhDxrVrrrvGc4p1Kq-nq9YKehEuE1KWsFmVQ6kpHGh92nXZjj9HzT1oti9Ya8VG6bA_5PVrhCcYPToSjJKyYrn0a2t8mCb3Gyv1HActsPIID4dHMnSzLCn3W8ixjs-cwmZM104nuPC0zSdPsc_QS-lN4_zbcSftcITOwKY&cid=CAQSTgAvHhf_1JL-DXMpPB0yQQnkxA4pI0Uv9c8mXgh0FZySGhrJt5BMqRR0ExZEdGC9Wm1dMXeQIMLM5BBghVQd50YJ8Puj1twETVyQOOsdOBgB&dv3_ver=m202309260101&rfl=https%3A%2F%2Fwww.fifermods.com%2F&ds=l&xdt=1&iif=1&cor=14819518812473008000&adk=2988274606&idt=95&cac=0&dtd=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

435db380c9936c0970dcd3d9941eab6aec2fcf2a38c3e2b4e02d957e8e76bd1f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Fri, 08 Dec 2023 18:05:08 GMT
content-encoding: br
x-content-type-options: nosniff
age: 536172
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13937
x-xss-protection: 0
last-modified: Fri, 25 Aug 2023 23:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 07 Dec 2024 18:05:08 GMT

GET
H2 200 attribution_src_register;crd=cXVlcnlfZXZlbnRfaWQgewogIHRpbWVfdXNlYzogMTcwMjU5NDg4MDY3NTE0OQogIHNlcnZlcl9pcDogMTM5Nzk4MDAxCiAgcHJvY2Vzc19pZDogODIyOTc2MTQ5Cn0KZmxvb2RsaWdodF9jb25maWdfaWQ6IDExODY4OTQz...
ad.doubleclick.net/ddm/activity/ Frame 42DD 0
507 B 46ms
45ms Image
image/png 172.217.16.134
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ad.doubleclick.net/ddm/activity/attribution_src_register;crd=cXVlcnlfZXZlbnRfaWQgewogIHRpbWVfdXNlYzogMTcwMjU5NDg4MDY3NTE0OQogIHNlcnZlcl9pcDogMTM5Nzk4MDAxCiAgcHJvY2Vzc19pZDogODIyOTc2MTQ5Cn0KZmxvb2RsaWdodF9jb25maWdfaWQ6IDExODY4OTQzCmFkdmVydGlzZXJfZG9tYWluOiAiaHR0cHM6Ly9yZWRpbnRlbGxpZ2VuY2UubmV0Igp4ZmFfYXR0cmlidXRpb25faW50ZXJhY3Rpb25fdHlwZTogVklFVwppbXByZXNzaW9uX3ByaW9yaXR5OiAwCmltcHJlc3Npb25fZXhwaXJ5X2luX2RheXM6IDMwCmV2ZW50X2ltcHJlc3Npb25faWQ6IDQ5MjY2MTc2Njc0OTQwMjMxODYKZGVidWdfa2V5OiAxNTA3Mjc5NTU5MzA0MTg4MzczNgppbXByZXNzaW9uX21lYXN1cmVtZW50X2RpbWVuc2lvbnNfZGF0YSB7CiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uOiBJTVBSRVNTSU9OX0RJTUVOU0lPTl9QUk9EVUNUX1RZUEUKICBtZWFzdXJlbWVudF9kaW1lbnNpb25fdmFsdWUgewogICAgaW50NjRfdmFsdWU6IDIKICB9Cn0KaW1wcmVzc2lvbl9tZWFzdXJlbWVudF9kaW1lbnNpb25zX2RhdGEgewogIG1lYXN1cmVtZW50X2RpbWVuc2lvbjogSU1QUkVTU0lPTl9ESU1FTlNJT05fSU5URVJBQ1RJT05fVFlQRQogIG1lYXN1cmVtZW50X2RpbWVuc2lvbl92YWx1ZSB7CiAgICBpbnQ2NF92YWx1ZTogMwogIH0KfQppbXByZXNzaW9uX21lYXN1cmVtZW50X2RpbWVuc2lvbnNfZGF0YSB7CiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uOiBJTVBSRVNTSU9OX0RJTUVOU0lPTl9JTlRFUkFDVElPTl9EQVRFCiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uX3ZhbHVlIHsKICAgIHN0cmluZ192YWx1ZTogIjIwMjMtMTItMTQiCiAgfQp9CmltcHJlc3Npb25fbWVhc3VyZW1lbnRfZGltZW5zaW9uc19kYXRhIHsKICBtZWFzdXJlbWVudF9kaW1lbnNpb246IElNUFJFU1NJT05fRElNRU5TSU9OX0ZMT09ETElHSFRfQ09ORklHX0lECiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uX3ZhbHVlIHsKICAgIGludDY0X3ZhbHVlOiAxMTg2ODk0MwogIH0KfQppbXByZXNzaW9uX21lYXN1cmVtZW50X2RpbWVuc2lvbnNfZGF0YSB7CiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uOiBJTVBSRVNTSU9OX0RJTUVOU0lPTl9DT1JFX1BMQVRGT1JNX1NFUlZJQ0UKICBtZWFzdXJlbWVudF9kaW1lbnNpb25fdmFsdWUgewogICAgaW50NjRfdmFsdWU6IDAKICB9Cn0KaW1wcmVzc2lvbl9tZWFzdXJlbWVudF9kaW1lbnNpb25zX2RhdGEgewogIG1lYXN1cmVtZW50X2RpbWVuc2lvbjogSU1QUkVTU0lPTl9ESU1FTlNJT05fUExBVEZPUk1fVFlQRQogIG1lYXN1cmVtZW50X2RpbWVuc2lvbl92YWx1ZSB7CiAgICBpbnQ2NF92YWx1ZTogMAogIH0KfQppbXByZXNzaW9uX21lYXN1cmVtZW50X2RpbWVuc2lvbnNfZGF0YSB7CiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uOiBJTVBSRVNTSU9OX0RJTUVOU0lPTl9RVUVSWV9DT1VOVFJZCiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uX3ZhbHVlIHsKICAgIHN0cmluZ192YWx1ZTogIlVTIgogIH0KfQppbXByZXNzaW9uX21lYXN1cmVtZW50X2RpbWVuc2lvbnNfZGF0YSB7CiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uOiBJTVBSRVNTSU9OX0RJTUVOU0lPTl9QTEFDRU1FTlRfSUQKICBtZWFzdXJlbWVudF9kaW1lbnNpb25fdmFsdWUgewogICAgaW50NjRfdmFsdWU6IDMzMjMzNDEwNgogIH0KfQppbXByZXNzaW9uX21lYXN1cmVtZW50X2RpbWVuc2lvbnNfZGF0YSB7CiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uOiBJTVBSRVNTSU9OX0RJTUVOU0lPTl9EVjNfQURWRVJUSVNFUl9JRAogIG1lYXN1cmVtZW50X2RpbWVuc2lvbl92YWx1ZSB7CiAgICBpbnQ2NF92YWx1ZTogODc4MjQzNjk2CiAgfQp9CmltcHJlc3Npb25fbWVhc3VyZW1lbnRfZGltZW5zaW9uc19kYXRhIHsKICBtZWFzdXJlbWVudF9kaW1lbnNpb246IElNUFJFU1NJT05fRElNRU5TSU9OX0RWM19MSU5FX0lURU1fSUQKICBtZWFzdXJlbWVudF9kaW1lbnNpb25fdmFsdWUgewogICAgaW50NjRfdmFsdWU6IDE2NjYwMTQyMDYzCiAgfQp9CmltcHJlc3Npb25fbWVhc3VyZW1lbnRfZGltZW5zaW9uc19kYXRhIHsKICBtZWFzdXJlbWVudF9kaW1lbnNpb246IElNUFJFU1NJT05fRElNRU5TSU9OX0RWM19DUkVBVElWRV9JRAogIG1lYXN1cmVtZW50X2RpbWVuc2lvbl92YWx1ZSB7CiAgICBpbnQ2NF92YWx1ZTogNDE2MjA2MjUzCiAgfQp9CmFyY2hldHlwZV9pZDogMTIKYXJjaGV0eXBlX2lkOiAxMwphcmNoZXR5cGVfaWQ6IDE0CmFyY2hldHlwZV9pZDogMTUKYWR2ZXJ0aXNlcl9jb252ZXJzaW9uX2RvbWFpbnM6ICJodHRwczovL3JlZGludGVsbGlnZW5jZS5uZXQiCmFkdmVydGlzZXJfY29udmVyc2lvbl9kb21haW5zOiAiaHR0cHM6Ly9hZC1zcnYubmV0IgphZHZlcnRpc2VyX2NvbnZlcnNpb25fZG9tYWluczogImh0dHBzOi8va2xpY2std2VsdC5kZSIKaW1wcmVzc2lvbl9ldmVudF9yZXBvcnRpbmdfd2luZG93X2RheXM6IDQKYnJvd3Nlcl9hdHRyaWJ1dGlvbl9hcGlfcmVxdWVzdF9wcm9jZXNzaW5nX2JpdHM6IDczODE5NzUwNAo

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231207/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.16.134 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s46-in-f6.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 14 Dec 2023 23:01:20 GMT
x-content-type-options: nosniff
attribution-reporting-register-source: {"aggregation_keys":{"12":"0xb70a329dd636f7600000000000000000","13":"0xaffdcaa075ba9e900000000000000000","14":"0x2cdb1bbfb5d28d560000000000000000","15":"0x68a2b5fecbcee1d20000000000000000"},"debug_key":"15072795593041883736","debug_reporting":true,"destination":"https://redintelligence.net","event_report_window":"345600","expiry":"2592000","filter_data":{"14":[],"21":[],"8":["11868943"]},"priority":"0","source_event_id":"4926617667494023186"}
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-type: image/png
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK etoqsikfebn1 Show response
hal9000.redintelligence.net/zone/ Frame 42DD 11 KB
4 KB 20ms
8ms Script
text/html 144.76.91.199
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal9000.redintelligence.net/zone/etoqsikfebn1?subid=&gdpr=&gdpr_consent=&rnd=1702594879589940&extVar[]=DV360_SSP:1&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCe3K_P4l7ZfSAJOnq_tMP5bqCqAqm5b2gae2NnKfJD_AuEAEgpJHiPGCVgoCAoAfIAQmpAtPqU3VdUrI-qAMByAObBKoE6gFP0DbNDwvl8lz592w2jjhYNPzUq9Q4oNhpFZ9lRhnzcnaIZLq96MxlZsrTXIZL2jTsP1UqdCNxj9WJS27IHxhxekS-6hbfC_hiV4zvs3X_YfLCdGikRPuYfOnJBbLDA6VQnZqCfiUprT5as4qNh6frXK1Wt45Fxn7l2zGjEZ39XnKtqTldUPzuFcH1Im9rroqedrjVJ9KniAS_U4VznY7nhBBAj2lbyZC7Ci_KpPiMkkXTAyFSMSphCV0YMtiRpTtbncJDAxZcnr9BiW5SsAZA22M0yndOdnFpHpJ4tu2eAbISJqXzcTn06PLABOuP_I73A-AEA4gF76-WiD6QBgGgBk2AB6yt9Z8DqAfZtrECqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgH1ckbqAemvhuoB5oGqAfz0RuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIHwiA4YAQEAEYHzICqgI6AoBASL39wTpY0971l4SQgwOACgGYCwHICwGADAGiDBgqFgoU5LSxAu61sQK1uLECrLqxAru7sQKqDQJERbATh--xFdATANgTA4gUAdgUAdAVAfgWAYAXAQ%26ae%3D1%26num%3D1%26cid%3DCAQSTgAvHhf_1JL-DXMpPB0yQQnkxA4pI0Uv9c8mXgh0FZySGhrJt5BMqRR0ExZEdGC9Wm1dMXeQIMLM5BBghVQd50YJ8Puj1twETVyQOOsdOBgB%26sig%3DAOD64_3GHftI3A7HUOKPIRzM4utzvdt9PA%26client%3Dca-pub-2575916601382163%26dbm_c%3DAKAmf-ASPRWustNBVOs5Oo95UAxUq9gMilTyD0rrcgATFgeMcfvDQw8AKJQQOja4P0DTVHNcuyvpOoaEEaZgVhgVHMUd-8MydKSjm_Oc8FdApgXH8MugCrCH6l2SKnc7y2coBfRR7am3AJdY1irdQlJlPtazR68s-QrZ7PRNdHRzQzQR_WIkI-g%26cry%3D1%26dbm_d%3DAKAmf-C883sClg5bYvA0tdY2N-Lmh5D6V2ZwOfuvJWyMMU4ughfXdW0OCSgynEE8_WMngriVkeeGXMeanQL5UQ1JeRk9IUizgZWKFz-MeFZsCqWyNFRo_vICWrm0YTLQVA6F1HX2uvMdkg_LJ6vGpu86abEsc19jclKqRZhpul6gu7JqJu8QRu7hYxYjy82aPW4jHMnbuaUn8bGA_g7zYhPYB6W8PoizmLr2e5hCOi_N8-YW0c9WHeZW_Oc9vZRLq5WR0qb6dL3hOUuCO3gs3cUAv9xCc6AzOPSKHXr8UkG_qNnmDxAxL52GNGmpnZgqrCr3vDm9tx3rh5ClSqw-4imBvKJwZTEAtO2i8rHyv9z9ZQbSPXLv1EbVtgyR2egp_eZpmlLokNkeYCKYuF8D8v_87zf4yusb1XTURL9rK-nwnXnCaFmgYxc07odtVAPy_S3g9uc72JB_PbiqRFowKwdOUgmheze2wn_7kwIXhhgn0wAeQjrqmUON4A5b1kxGt--ghXA7_PR5%26adurl%3D
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231207/r20110914/zrt_lookup_fy2021.html?fsb=1
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 144.76.91.199 Dottingen, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.199.91.76.144.clients.your-server.de
Software: Apache /
Resource Hash: 2de7bcacacae3030dd0d2e8a44c3edae6b7f8bc3ee58181d97b92e5bed6cb65c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

Date: Thu, 14 Dec 2023 23:01:20 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 4136
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8

GET
H3 200 62bHydCX.html Show response
tpc.googlesyndication.com/sodar/ Frame ECA1 38 KB
13 KB 7ms
7ms Document
text/html 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/62bHydCX.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Q12zgMmT.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

eb66c7c9d097d5ba414230f422484c17fa6f37157d30e1ded2cc5f65a9667987

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 222473
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: br
content-length: 13045
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Tue, 12 Dec 2023 09:13:27 GMT
expires: Wed, 11 Dec 2024 09:13:27 GMT
last-modified: Fri, 25 Aug 2023 23:48:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 Dtt_-LR3WxpzwV0Gscftq1A_D1owstvxoTnWWhwY4Ow.js Show response
pagead2.googlesyndication.com/bg/ Frame ECA1 39 KB
15 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/Dtt_-LR3WxpzwV0Gscftq1A_D1owstvxoTnWWhwY4Ow.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/62bHydCX.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0edb7ff8b4775b1a73c15d06b1c7edab503f0f5a30b2dbf1a139d65a1c18e0ec

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 14 Dec 2023 10:34:36 GMT
content-encoding: br
x-content-type-options: nosniff
age: 44804
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15165
x-xss-protection: 0
last-modified: Tue, 28 Nov 2023 18:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 13 Dec 2024 10:34:36 GMT

GET
H/1.1 200
OK request.php Show response
hal90002.redintelligence.net/ Frame 42DD 3 KB
2 KB 94ms
72ms Script
application/x-javascript 46.4.10.47
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal90002.redintelligence.net/request.php?zone=etoqsikfebn1&nw=20&renderingType=javascript&namespace=a620146900&subid=&uid=1010fc1ca5c0951b&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=0x0&scrollPos=0x0&extData[]=&extVar[]=DV360_SSP%3A1&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCe3K_P4l7ZfSAJOnq_tMP5bqCqAqm5b2gae2NnKfJD_AuEAEgpJHiPGCVgoCAoAfIAQmpAtPqU3VdUrI-qAMByAObBKoE6gFP0DbNDwvl8lz592w2jjhYNPzUq9Q4oNhpFZ9lRhnzcnaIZLq96MxlZsrTXIZL2jTsP1UqdCNxj9WJS27IHxhxekS-6hbfC_hiV4zvs3X_YfLCdGikRPuYfOnJBbLDA6VQnZqCfiUprT5as4qNh6frXK1Wt45Fxn7l2zGjEZ39XnKtqTldUPzuFcH1Im9rroqedrjVJ9KniAS_U4VznY7nhBBAj2lbyZC7Ci_KpPiMkkXTAyFSMSphCV0YMtiRpTtbncJDAxZcnr9BiW5SsAZA22M0yndOdnFpHpJ4tu2eAbISJqXzcTn06PLABOuP_I73A-AEA4gF76-WiD6QBgGgBk2AB6yt9Z8DqAfZtrECqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgH1ckbqAemvhuoB5oGqAfz0RuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIHwiA4YAQEAEYHzICqgI6AoBASL39wTpY0971l4SQgwOACgGYCwHICwGADAGiDBgqFgoU5LSxAu61sQK1uLECrLqxAru7sQKqDQJERbATh--xFdATANgTA4gUAdgUAdAVAfgWAYAXAQ%26ae%3D1%26num%3D1%26cid%3DCAQSTgAvHhf_1JL-DXMpPB0yQQnkxA4pI0Uv9c8mXgh0FZySGhrJt5BMqRR0ExZEdGC9Wm1dMXeQIMLM5BBghVQd50YJ8Puj1twETVyQOOsdOBgB%26sig%3DAOD64_3GHftI3A7HUOKPIRzM4utzvdt9PA%26client%3Dca-pub-2575916601382163%26dbm_c%3DAKAmf-ASPRWustNBVOs5Oo95UAxUq9gMilTyD0rrcgATFgeMcfvDQw8AKJQQOja4P0DTVHNcuyvpOoaEEaZgVhgVHMUd-8MydKSjm_Oc8FdApgXH8MugCrCH6l2SKnc7y2coBfRR7am3AJdY1irdQlJlPtazR68s-QrZ7PRNdHRzQzQR_WIkI-g%26cry%3D1%26dbm_d%3DAKAmf-C883sClg5bYvA0tdY2N-Lmh5D6V2ZwOfuvJWyMMU4ughfXdW0OCSgynEE8_WMngriVkeeGXMeanQL5UQ1JeRk9IUizgZWKFz-MeFZsCqWyNFRo_vICWrm0YTLQVA6F1HX2uvMdkg_LJ6vGpu86abEsc19jclKqRZhpul6gu7JqJu8QRu7hYxYjy82aPW4jHMnbuaUn8bGA_g7zYhPYB6W8PoizmLr2e5hCOi_N8-YW0c9WHeZW_Oc9vZRLq5WR0qb6dL3hOUuCO3gs3cUAv9xCc6AzOPSKHXr8UkG_qNnmDxAxL52GNGmpnZgqrCr3vDm9tx3rh5ClSqw-4imBvKJwZTEAtO2i8rHyv9z9ZQbSPXLv1EbVtgyR2egp_eZpmlLokNkeYCKYuF8D8v_87zf4yusb1XTURL9rK-nwnXnCaFmgYxc07odtVAPy_S3g9uc72JB_PbiqRFowKwdOUgmheze2wn_7kwIXhhgn0wAeQjrqmUON4A5b1kxGt--ghXA7_PR5%26adurl%3D&documentReferer=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fpagead%2Fhtml%2Fr20231207%2Fr20110914%2Fzrt_lookup_fy2021.html%3Ffsb%3D1%23RS-1-%26adk%3D1812271803%26client%3Dca-pub-2575916601382163%26fa%3D3%26ifi%3D7%26uci%3Da!7%26btvi%3D3&ancestorOrigins=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Chttps%3A%2F%2Fwww.fifermods.com&random=999613630212&isIframe=1&container=&adPos=0x0&adPosCheck=0x0&adtagId=0
Requested by: Host: hal9000.redintelligence.net
URL: https://hal9000.redintelligence.net/zone/etoqsikfebn1?subid=&gdpr=&gdpr_consent=&rnd=1702594879589940&extVar[]=DV360_SSP:1&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCe3K_P4l7ZfSAJOnq_tMP5bqCqAqm5b2gae2NnKfJD_AuEAEgpJHiPGCVgoCAoAfIAQmpAtPqU3VdUrI-qAMByAObBKoE6gFP0DbNDwvl8lz592w2jjhYNPzUq9Q4oNhpFZ9lRhnzcnaIZLq96MxlZsrTXIZL2jTsP1UqdCNxj9WJS27IHxhxekS-6hbfC_hiV4zvs3X_YfLCdGikRPuYfOnJBbLDA6VQnZqCfiUprT5as4qNh6frXK1Wt45Fxn7l2zGjEZ39XnKtqTldUPzuFcH1Im9rroqedrjVJ9KniAS_U4VznY7nhBBAj2lbyZC7Ci_KpPiMkkXTAyFSMSphCV0YMtiRpTtbncJDAxZcnr9BiW5SsAZA22M0yndOdnFpHpJ4tu2eAbISJqXzcTn06PLABOuP_I73A-AEA4gF76-WiD6QBgGgBk2AB6yt9Z8DqAfZtrECqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgH1ckbqAemvhuoB5oGqAfz0RuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIHwiA4YAQEAEYHzICqgI6AoBASL39wTpY0971l4SQgwOACgGYCwHICwGADAGiDBgqFgoU5LSxAu61sQK1uLECrLqxAru7sQKqDQJERbATh--xFdATANgTA4gUAdgUAdAVAfgWAYAXAQ%26ae%3D1%26num%3D1%26cid%3DCAQSTgAvHhf_1JL-DXMpPB0yQQnkxA4pI0Uv9c8mXgh0FZySGhrJt5BMqRR0ExZEdGC9Wm1dMXeQIMLM5BBghVQd50YJ8Puj1twETVyQOOsdOBgB%26sig%3DAOD64_3GHftI3A7HUOKPIRzM4utzvdt9PA%26client%3Dca-pub-2575916601382163%26dbm_c%3DAKAmf-ASPRWustNBVOs5Oo95UAxUq9gMilTyD0rrcgATFgeMcfvDQw8AKJQQOja4P0DTVHNcuyvpOoaEEaZgVhgVHMUd-8MydKSjm_Oc8FdApgXH8MugCrCH6l2SKnc7y2coBfRR7am3AJdY1irdQlJlPtazR68s-QrZ7PRNdHRzQzQR_WIkI-g%26cry%3D1%26dbm_d%3DAKAmf-C883sClg5bYvA0tdY2N-Lmh5D6V2ZwOfuvJWyMMU4ughfXdW0OCSgynEE8_WMngriVkeeGXMeanQL5UQ1JeRk9IUizgZWKFz-MeFZsCqWyNFRo_vICWrm0YTLQVA6F1HX2uvMdkg_LJ6vGpu86abEsc19jclKqRZhpul6gu7JqJu8QRu7hYxYjy82aPW4jHMnbuaUn8bGA_g7zYhPYB6W8PoizmLr2e5hCOi_N8-YW0c9WHeZW_Oc9vZRLq5WR0qb6dL3hOUuCO3gs3cUAv9xCc6AzOPSKHXr8UkG_qNnmDxAxL52GNGmpnZgqrCr3vDm9tx3rh5ClSqw-4imBvKJwZTEAtO2i8rHyv9z9ZQbSPXLv1EbVtgyR2egp_eZpmlLokNkeYCKYuF8D8v_87zf4yusb1XTURL9rK-nwnXnCaFmgYxc07odtVAPy_S3g9uc72JB_PbiqRFowKwdOUgmheze2wn_7kwIXhhgn0wAeQjrqmUON4A5b1kxGt--ghXA7_PR5%26adurl%3D
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 46.4.10.47 Rostock, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.47.10.4.46.clients.your-server.de
Software: Apache /
Resource Hash: 9efbcce019d86e10a6df0ef85d294da157c33b2094ff82e893e0a99ecb9460fc

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 14 Dec 2023 23:01:20 GMT
Content-Encoding: gzip
Server: Apache
Vary: Accept-Encoding
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: application/x-javascript; charset=utf-8
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
X-NEORY-SubId: 25864500000102504444552012539002
Connection: close
Content-Length: 1110
Expires: Thu, 14 Dec 2023 23:01:20 +0100

GET
H2 200 B30443038.380567266 Show response
ad.doubleclick.net/ddm/pfadx/N7657.3553448DISPLAYVIDEO360/ Frame 68E7 42 KB
16 KB 61ms
61ms XHR
text/xml 172.217.16.134
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ad.doubleclick.net/ddm/pfadx/N7657.3553448DISPLAYVIDEO360/B30443038.380567266?ves=dGltZXN0YW1wOiAxNzAyNTk0ODgwNzY2CmNsaWNrX3Rocm91Z2hfdXJsOiAiaHR0cHM6Ly9hZGNsaWNrLmcuZG91YmxlY2xpY2submV0L3Bjcy9jbGljaz94YWk9QUtBT2pzdWphSi1JWERleU9KYVViek5RUXJZdUhWZXlCalRpVW5nczljNl9qUmZ2RGdJNlN2TjlBRE1pLWFEUC1UQ3FSSk5zOFRnQUFBcUc1NmxDdXdhXzl0VGFOMGlrNEFpVV8wRGE1UmNXaGJCelY3T0FES2ZLcVFWR09NUTAzMi1PTUVVOG80TldjdnhsMk02dVgwanMtNDRQeVZWZ1NRNEJBUV81WmFQS2xTMTl6QzFLSDE4WVBtLUZyc2dSeV9JRlJqaWdjT3ZYbml0ZEt6S2F3NzhTek9jRlpvRDB6RDM3dXdKb1dzMll5TGJzU2h5b01EcTlULTFpN2g5U19BVUZEUWNncmlDVXZVRTFEbGNuX0VzLUJlVGRrcFI5cGZKcHV5UnRTbGlhUWRFLVd3cmJPOUU1bTJtWU54NWdOTnJNdkM1bHd6U0pQQk5BTGtQRHIwZTRhV2l4Q0Znejl6WlRYT1kwaFZHVnhaT3RLRHhabERiMHE2R3BSOV9CRWN2T0VDaWlxcGV4R291SmVud2JueU5EdUJNU016WnlKRzh2SW56UmxKdmFTQTBRSnRmS0Q0RXBJNVlQVkVZOGFmeHpLV19ScF9zaGdXYXNWNHA1YVNDVTk3ZHVyQU1QbmtmNGhHMEhJUHR5MFozSXhtNWVSc3Z2VF85UmZHd080ZmRJaUJIWG15emgxbVVUZGJ0SW9XanFXTHRqaUREa2ZzMkwxUnRIZWFNQTlybHFXb014UmZjbUp6MnU2SWdlTnVPLTV5aUwyQ05ScVZlcDVTUWFxY0tjU2huYXV1OFNZZ2J0SGpNWi11ZldGN0taMUxYQ3djTnh4dUVkVWpvOWh0b1VGMl9BM0d3VldpU3k3blkyQzBBbWJiZVZDWjI4RW5xWVR3N2hiQWMxM242empDdDNtSUNZQ054Z180RFpjVkFoYmtqM0F2N2NTeHJiVlZnNzBNbnRtc1h2MFdZOW9TYlJYdjYxMEpPdjRhNS0xcm5nSVdjeDg5VW5DZDJlWWxfSGxCbDVPYzVSbGdpOExaVEtidi1hbmdNVGxPSnYzZGlQeXI2S1lsaUVpalBwUXFzV21lN09uUzNPWDREYTdqNXhtakxjR3oyWjBiNUUteEJYMGxTbEJKbjVlRDZVdG1keTlHQm51UDhod0NfM1F5WG0tLWxEeUlRSFB0YkZ6SlRtYnFtQXZkSThmb21wOWdHY0lDQ2pnZGg3QXctazVKSGo2dzFQZ3FHV2dYWDVCZTdUa2tMWXE1NDJIUVBvMERCZ09pajJhNy1rNFI3d2FPeXdjZ0k0MHNDQzZ0WFB4ZUMzYWdUQ3BzS0lTN1lnRXhNSTUzNUwyd0VnbzlOOExmNXJpMzBWUlJSOTJmY0xxRno5OGxYaUJEWXJmMDBPTXlzOVhxVDBLX3BVV0dSYlFsVlAxTDVtTVpBMm5IYXNIay1PeDIyZzR6eng4bUx0dzVxdEhtcnZtbFNPV1ZDaVJQOVNheDI2YUtHQkNmby1mY09reEdqRzJpOWdrTlFHcDZzei1wcGJZV3JPaC1rckpEa0ltX0ZYdXlqSWEwbzJYUDd5SkNmTGVrVkdxMzRzd21qd3RkU0pNVDRzWEttazNCQ2pTOE0wM2ZYOWlzd2JyZGUzTjRDek1JUlBrOU1qTDRtNWU5aVE0eUJJeHRnS0Q3dkk5ZGl0QVFSUktMUlNjYWN5N3lma19sa0pwWVBYRjhVajAwOVRGRkx0a0ZkR1d6V21qNGxmNGVXeFlvZFlER21GJnNhaT1BTWZsLVlUM1kxa1l5RDFIUUQwSk1qOUh1RXFrcnQ2MmJVSnd5Ujc4LUFjRU5GUGpjRzlBVEVjcTJXVjc2aGU4SFB2Q1pLOTZITGtsWmkzVXQxeF9pd01mMG94dFB6bUhyUTA2cmhmX0haNUdacjBmTVMzRTk2cUdXaE9lcHlYS2ZzQ3dSTUFBRktjTS0tUkgzVjFyLWdfUXBSaGxELWZxOVYyeFlubFlmMEF1UmZ0aGxPX2V3NEwxd3NmVWJ4blRQb1AyNGR6SFBiM05waXI5VW5aU1JMQkZhU19hZ1Q3bWZKMWRIS2RZOGpzc28wUWpYSkxSMk5HX3VvamQ4S2t2UFdjWjl2T2lMTzJWY0IyeGU4UmdmWXVTZjFFOWdmMlVqM2x4YjAwQ09INHNaQU5NQWJDaTVMUSZzaWc9Q2cwQXJLSlN6RWNWekRseDBvM19FQUUmY3J5PTEmZmJzX2FlaWQ9JTVCZ3dfZmJzYWVpZCU1RCZ1cmxmaXg9MSZhZHVybD1odHRwczovL3d3dy5lYS5jb20vZ2FtZXMvZWEtc3BvcnRzLWZjL2ZjLTI0L2ZlYXR1cmVzJTNGdXRtX2NhbXBhaWduJTNERkNfYnJkX3d3X202X3ByZ212X2R2MzYwX21mJTI2dXRtX3NvdXJjZSUzRGR2MzYwJTI2dXRtX21lZGl1bSUzRHZpZGVvJTI2Y2lkJTNENzM1OTglMjZ0cyUzRDE2NTI4OTAxNDE1OTMlMjZkY2xpZCUzRCUyNWVkY2xpZCEiCg&dc_cid=206729091&dc_adid=572283934;sz=0x0;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;dcmt=text%2Fxml;dc_sdkv=h.0.0.0;dc_osd=2;dc_frm=2;dc_sdr=1;dc_ref=https://www.fifermods.com/;nel=0;vis=1;dc_sdki=445;dc_eid=420706098%2C44752538%2C44807614%2C44807615%2C75259414;ord=[timestamp]

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20231113_RC00/outstream.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.16.134 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s46-in-f6.1e100.net

Software

cafe /

Resource Hash

6b5c8d91f51169762854ea615b68b58d8476feb78a23860147936c2a4eceb506

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 14 Dec 2023 23:01:20 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 16426
x-xss-protection: 0
pragma: no-cache
server: cafe
content-type: text/xml; charset=UTF-8
access-control-allow-origin: https://googleads.g.doubleclick.net
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 csi
csi.gstatic.com/ Frame 68E7 0
54 B 522ms
272ms Ping
image/gif 2404:6800:4004:821::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://csi.gstatic.com/csi?v=2&s=osv&dmc=8&puid=4~lq5t15wb&c=3993659239035&slotId=1996829619517.5&qqid=CLac-peEkIMDFWm1fwQdZZ0ApQ&fb=outstream-lima&vmfc=13&vhc=0
Requested by: Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20231113_RC00/outstream.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2404:6800:4004:821::2003 , Australia, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 14 Dec 2023 23:01:21 GMT
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
server: Golfe2
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 HdsydzJK.js Show response
tpc.googlesyndication.com/sodar/ Frame 68E7 41 KB
15 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/HdsydzJK.js

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20231113_RC00/outstream.min.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1ddb3277324a871335ef0b7e680de58c9a79b3c1355b4082ca5425818c8a0306

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Fri, 08 Dec 2023 20:29:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 527502
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15407
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 07 Dec 2024 20:29:38 GMT

HEAD
H/1.1

200
OK

file.mp4
r2---sn-4g5e6nzl.c.2mdn.net/videoplayback/id/32ca47640c8a13be/itag/347/source/web_video_ads/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/3846240834/sparams/acao,ctier,expire,id,ip,ipbits,itag,mh,mip... Frame 68E7
Redirect Chain

https://gcdn.2mdn.net/videoplayback/id/32ca47640c8a13be/itag/347/source/web_video_ads/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/3846240834/sparams/id,itag,source,ctier,acao,ip,ipbits,expire/signa...
https://r2---sn-4g5e6nzl.c.2mdn.net/videoplayback/id/32ca47640c8a13be/itag/347/source/web_video_ads/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/3846240834/sparams/acao,ctier,expire,id,ip,ipbits,ita...

0
0

74ms
7ms

Fetch
video/mp4

2a00:1450:4001:3c::7
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://r2---sn-4g5e6nzl.c.2mdn.net/videoplayback/id/32ca47640c8a13be/itag/347/source/web_video_ads/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/3846240834/sparams/acao,ctier,expire,id,ip,ipbits,itag,mh,mip,mm,mn,ms,mv,mvi,pl,source/signature/362385EB6113E5FA44A660AB32BE9918FCF498CB.499BBB6DB3360075B825BD74503D0AEA74BC4C05/key/cms1/cms_redirect/yes/mh/bJ/mip/2a01:4a0:5a::4/mm/42/mn/sn-4g5e6nzl/ms/onc/mt/1702594561/mv/u/mvi/2/pl/42/file/file.mp4

Requested by

Host: www.fifermods.com
URL: https://www.fifermods.com/

Protocol

HTTP/1.1

Server

2a00:1450:4001:3c::7 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

gvs 1.0 /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

Date: Thu, 14 Dec 2023 23:01:21 GMT
X-Content-Type-Options: nosniff
Connection: close
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,quic=":443"; ma=2592000; v="46"
Content-Length: 1715588
Last-Modified: Tue, 05 Dec 2023 16:11:35 GMT
Server: gvs 1.0
Vary: Origin
Content-Type: video/mp4
Access-Control-Allow-Origin: null
Access-Control-Expose-Headers: Client-Protocol, Content-Length, Content-Type, X-Bandwidth-Est, X-Bandwidth-Est2, X-Bandwidth-Est3, X-Bandwidth-App-Limited, X-Bandwidth-Est-App-Limited, X-Bandwidth-Est-Comp, X-Bandwidth-Avg, X-Head-Time-Millis, X-Head-Time-Sec, X-Head-Seqnum, X-Response-Itag, X-Restrict-Formats-Hint, X-Sequence-Num, X-Segment-Lmt, X-Walltime-Ms
Cache-Control: private, max-age=86400
Access-Control-Allow-Credentials: true
Accept-Ranges: bytes
Timing-Allow-Origin: null
Expires: Thu, 14 Dec 2023 23:01:21 GMT

Redirect headers

date: Thu, 14 Dec 2023 23:01:21 GMT
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 644
x-xss-protection: 0
pragma: no-cache
server: ClientMapServer
x-frame-options: SAMEORIGIN
content-type: text/html; charset=UTF-8
access-control-allow-origin: https://googleads.g.doubleclick.net
location: https://r2---sn-4g5e6nzl.c.2mdn.net/videoplayback/id/32ca47640c8a13be/itag/347/source/web_video_ads/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/3846240834/sparams/acao,ctier,expire,id,ip,ipbits,itag,mh,mip,mm,mn,ms,mv,mvi,pl,source/signature/362385EB6113E5FA44A660AB32BE9918FCF498CB.499BBB6DB3360075B825BD74503D0AEA74BC4C05/key/cms1/cms_redirect/yes/mh/bJ/mip/2a01:4a0:5a::4/mm/42/mn/sn-4g5e6nzl/ms/onc/mt/1702594561/mv/u/mvi/2/pl/42/file/file.mp4
access-control-expose-headers: Client-Protocol, Content-Length, Content-Type, X-Bandwidth-Est, X-Bandwidth-Est2, X-Bandwidth-Est3, X-Bandwidth-App-Limited, X-Bandwidth-Est-App-Limited, X-Bandwidth-Est-Comp, X-Bandwidth-Avg, X-Head-Time-Millis, X-Head-Time-Sec, X-Head-Seqnum, X-Response-Itag, X-Restrict-Formats-Hint, X-Sequence-Num, X-Segment-Lmt, X-Walltime-Ms
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: https://googleads.g.doubleclick.net
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 csi
csi.gstatic.com/ Frame 68E7 0
54 B 514ms
272ms Ping
image/gif 2404:6800:4004:821::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://csi.gstatic.com/csi?v=2&s=osv&dmc=8&puid=5~lq5t1608&c=3993659239035&slotId=1996829619517.5&qqid=CLac-peEkIMDFWm1fwQdZZ0ApQ&fb=outstream-lima&gpm_i=9&gpm_c=9&gpm_a=9&smb=Infinity&br=2076&mt=video%2Fmp4&vs=1024x576&msm=1&aits=0%2C18%2C22%2C37%2C692%2C59%2C342%2C343%2C344%2C345%2C346%2C347&webm=0&vp9=0&vamt=video%2Fmp4%2Cvideo%2Fmp4%2Cvideo%2Fmp4%2Cvideo%2Fmp4%2Cvideo%2Fmp4%2Cvideo%2Fmp4%2Cvideo%2Fmp4%2Cvideo%2Fmp4%2Cvideo%2Fmp4&hvmf=false&vms=1&bit=347&vsrc=web_video_ads&hcn=0&met.4=arp_a_e.145~videopreviewvisible.14b&ua_e=1&ape=1
Requested by: Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20231113_RC00/outstream.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2404:6800:4004:821::2003 , Australia, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 14 Dec 2023 23:01:21 GMT
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
server: Golfe2
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame ECA1 0
20 B 45ms
45ms Image
image/gif 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=44&t=2&bgai=BRW_sQIl7Zc2aKfHL1PIPlb22iAMAAAAAOAHgBAI&bg=!dXaldjnNAAY3kmNgF5I7ADQBe5WfOGt32K1_dmKgz9QdD3CajsS0kMwT9ZnG7Pa8aT6E_8YeQxEycoDeZaCiWMyqxysVAgAAAC5SAAAAAmgBB5kDQSHrOIh27YjIpjoFmP2Sap2D3QSi6ydcvmZV_lR9rFEHq2KMumlrBJv3HuiGJC51CBTksO_3aQ4ZERTTMo_z22mJ1y174bbPRRpvkotHF46Wv2ooTPpbM8pMhV9ETUHS8LL9XiBtrqYNa-YsL_B32ciq7tsI2iRrKgu6rkkvtfUEzMkoQRNB3nlGUDCpplpmksTGZRc1Hbju2aPLf1Ixt7jeTM6sjRoSc2XBXCUodsxOlLcDVyhDPMnF1e-HldXCDqVRgBB-QlsqvaJiyKl5c-tUtp8Va1et7d43r0m6_3w0nUpD8akcqKlwnlNxFYQXmG65YLT5YYk_dykR_uSZEPxW8tYny6lOHRTrmGxS09NX7luBSJ8YH_xV2foHNEi37dgckClDUQyx3s0XMjCEn7T2GLS2sk9RiLXNDcm9Z1-kqLpWvRLIW9nNPpjt69H40WXhOzS_lXLdQIi6AyFGsrN4M2nhMBjK-ixh1U9ByosJRhXFjS9pVZWi0eSiZGfYEVAQ4RrleWkKnvhNX57W3yQNmBQBC4_byWTSwzDgmdluc3nLb5RNVlTTYMD0DWcyxN0Y-_zWn7EbrNY-bN-ZxniOZs3PSuz3eZi0mJpHjfRwHCLICFBvQ1z72gdjcJkU-mMvtpFV4n6S86BhMScP8J_4kQWMTHfiPbNn4M2ejl0nG2s-JF8OYOG9UtLiKYfaZ_OtPCQDXFzZmBaWHMFoGep2ZipHQTBr57luS_763Ta4Tg0EZRpl9_mqKe9a73yLkVbp8_6OFkmooTinwsefbIok5AUvZZZZ3lR_1JarLcZ8pXvXWKhbQi7XhpSgnXrz2ebBrAZloZL3k-ZIUKHHk4gLdbV_u4KPxcqfKVe8S9PKKrCKpCkWa0WCzNZa_-TiusyFJajogg3ByAGLJ33m5FXQ1bhB4rctZsFhkPNbY7b0Ao2AEJP_YeZVwOZe4JGcHMmU_C--1lVse-QoyDJEHp2BXItBKugr2wpvcNH4nRhBRlzMbzMJl6Zug17EwExUXZr5i1xr55sEzT3sHUwZLnS13UIbxCUI3QsA3wclhXg_F3bBO8G4x5_h8vahAUGq-_Ysot0wGRQB5mfShGl6e8g5

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231207/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 14 Dec 2023 23:01:20 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 H0ZEmIz7.html Show response
tpc.googlesyndication.com/sodar/ Frame EFCB 23 KB
8 KB 7ms
7ms Document
text/html 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/H0ZEmIz7.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/HdsydzJK.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1f4644988cfb9648d5236c12056f9ca31317c75544ef8776f4fec148322bb954

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 231898
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: br
content-length: 7799
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Tue, 12 Dec 2023 06:36:22 GMT
expires: Wed, 11 Dec 2024 06:36:22 GMT
last-modified: Sun, 25 Jun 2023 02:58:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3

200

activityi;dc_pre=CKPU15iEkIMDFW1gkQUdFz0GRA;src=8019191;type=invmedia;cat=1up4h04i;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=9116758614660.271 Show response
8019191.fls.doubleclick.net/ Frame 42D2
Redirect Chain

https://8019191.fls.doubleclick.net/activityi;src=8019191;type=invmedia;cat=1up4h04i;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=9116758614660.271?
https://8019191.fls.doubleclick.net/activityi;dc_pre=CKPU15iEkIMDFW1gkQUdFz0GRA;src=8019191;type=invmedia;cat=1up4h04i;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=9116758614660.271?

391 B
239 B

53ms
53ms

Document
text/html

216.58.206.38
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://8019191.fls.doubleclick.net/activityi;dc_pre=CKPU15iEkIMDFW1gkQUdFz0GRA;src=8019191;type=invmedia;cat=1up4h04i;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=9116758614660.271?

Requested by

Host: www.fifermods.com
URL: https://www.fifermods.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

216.58.206.38 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

mil07s07-in-f6.1e100.net

Software

cafe /

Resource Hash

bee9a6889791e9f9144506ac46d438d3cd7208ea97745dfa6867ea28017cf8d5

Security Headers

Name	Value
Strict-Transport-Security	max-age=21600
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=0
content-encoding: br
content-length: 216
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 14 Dec 2023 23:01:21 GMT
expires: Thu, 14 Dec 2023 23:01:21 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
strict-transport-security: max-age=21600
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, must-revalidate
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 14 Dec 2023 23:01:21 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
follow-only-when-prerender-shown: 1
location: https://8019191.fls.doubleclick.net/activityi;dc_pre=CKPU15iEkIMDFW1gkQUdFz0GRA;src=8019191;type=invmedia;cat=1up4h04i;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=9116758614660.271?
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma: no-cache
server: cafe
strict-transport-security: max-age=21600
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H/1.1 200
OK request_content.php Show response
hal90002.redintelligence.net/ Frame 71BB 7 KB
2 KB 19ms
7ms Document
text/html 46.4.10.47
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal90002.redintelligence.net/request_content.php?s=25864500000102504444552012539002&a=67bc9bea
Requested by: Host: hal90002.redintelligence.net
URL: https://hal90002.redintelligence.net/request.php?zone=etoqsikfebn1&nw=20&renderingType=javascript&namespace=a620146900&subid=&uid=1010fc1ca5c0951b&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=0x0&scrollPos=0x0&extData[]=&extVar[]=DV360_SSP%3A1&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCe3K_P4l7ZfSAJOnq_tMP5bqCqAqm5b2gae2NnKfJD_AuEAEgpJHiPGCVgoCAoAfIAQmpAtPqU3VdUrI-qAMByAObBKoE6gFP0DbNDwvl8lz592w2jjhYNPzUq9Q4oNhpFZ9lRhnzcnaIZLq96MxlZsrTXIZL2jTsP1UqdCNxj9WJS27IHxhxekS-6hbfC_hiV4zvs3X_YfLCdGikRPuYfOnJBbLDA6VQnZqCfiUprT5as4qNh6frXK1Wt45Fxn7l2zGjEZ39XnKtqTldUPzuFcH1Im9rroqedrjVJ9KniAS_U4VznY7nhBBAj2lbyZC7Ci_KpPiMkkXTAyFSMSphCV0YMtiRpTtbncJDAxZcnr9BiW5SsAZA22M0yndOdnFpHpJ4tu2eAbISJqXzcTn06PLABOuP_I73A-AEA4gF76-WiD6QBgGgBk2AB6yt9Z8DqAfZtrECqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgH1ckbqAemvhuoB5oGqAfz0RuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIHwiA4YAQEAEYHzICqgI6AoBASL39wTpY0971l4SQgwOACgGYCwHICwGADAGiDBgqFgoU5LSxAu61sQK1uLECrLqxAru7sQKqDQJERbATh--xFdATANgTA4gUAdgUAdAVAfgWAYAXAQ%26ae%3D1%26num%3D1%26cid%3DCAQSTgAvHhf_1JL-DXMpPB0yQQnkxA4pI0Uv9c8mXgh0FZySGhrJt5BMqRR0ExZEdGC9Wm1dMXeQIMLM5BBghVQd50YJ8Puj1twETVyQOOsdOBgB%26sig%3DAOD64_3GHftI3A7HUOKPIRzM4utzvdt9PA%26client%3Dca-pub-2575916601382163%26dbm_c%3DAKAmf-ASPRWustNBVOs5Oo95UAxUq9gMilTyD0rrcgATFgeMcfvDQw8AKJQQOja4P0DTVHNcuyvpOoaEEaZgVhgVHMUd-8MydKSjm_Oc8FdApgXH8MugCrCH6l2SKnc7y2coBfRR7am3AJdY1irdQlJlPtazR68s-QrZ7PRNdHRzQzQR_WIkI-g%26cry%3D1%26dbm_d%3DAKAmf-C883sClg5bYvA0tdY2N-Lmh5D6V2ZwOfuvJWyMMU4ughfXdW0OCSgynEE8_WMngriVkeeGXMeanQL5UQ1JeRk9IUizgZWKFz-MeFZsCqWyNFRo_vICWrm0YTLQVA6F1HX2uvMdkg_LJ6vGpu86abEsc19jclKqRZhpul6gu7JqJu8QRu7hYxYjy82aPW4jHMnbuaUn8bGA_g7zYhPYB6W8PoizmLr2e5hCOi_N8-YW0c9WHeZW_Oc9vZRLq5WR0qb6dL3hOUuCO3gs3cUAv9xCc6AzOPSKHXr8UkG_qNnmDxAxL52GNGmpnZgqrCr3vDm9tx3rh5ClSqw-4imBvKJwZTEAtO2i8rHyv9z9ZQbSPXLv1EbVtgyR2egp_eZpmlLokNkeYCKYuF8D8v_87zf4yusb1XTURL9rK-nwnXnCaFmgYxc07odtVAPy_S3g9uc72JB_PbiqRFowKwdOUgmheze2wn_7kwIXhhgn0wAeQjrqmUON4A5b1kxGt--ghXA7_PR5%26adurl%3D&documentReferer=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fpagead%2Fhtml%2Fr20231207%2Fr20110914%2Fzrt_lookup_fy2021.html%3Ffsb%3D1%23RS-1-%26adk%3D1812271803%26client%3Dca-pub-2575916601382163%26fa%3D3%26ifi%3D7%26uci%3Da!7%26btvi%3D3&ancestorOrigins=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Chttps%3A%2F%2Fwww.fifermods.com&random=999613630212&isIframe=1&container=&adPos=0x0&adPosCheck=0x0&adtagId=0
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 46.4.10.47 Rostock, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.47.10.4.46.clients.your-server.de
Software: Apache /
Resource Hash: 619d95e79014193d4dc1b268d8e0568a168f7036151c72ed9c2885c09de2ef21

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Connection: close
Content-Encoding: gzip
Content-Length: 2048
Content-Type: text/html; charset=utf-8
Date: Thu, 14 Dec 2023 23:01:21 GMT
Expires: Thu, 14 Dec 2023 23:01:21 +0100
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Pragma: no-cache
Server: Apache
Vary: Accept-Encoding

GET
H2 200 impression.php
t23.intelliad.de/ Frame 42DD 43 B
555 B 52ms
19ms Image
image/gif 35.157.49.61
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://t23.intelliad.de/impression.php?cl=2353636373136323131303&cp=101&ag=248&bm=100&bmcl=5373735313236323131303&crid=101&timestamp=1702594880&co=
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231207/r20110914/zrt_lookup_fy2021.html?fsb=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.157.49.61 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-35-157-49-61.eu-central-1.compute.amazonaws.com
Software: Apache /
Resource Hash: 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 14 Dec 2023 23:01:21 GMT
server: Apache
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR LAW NID PSAo PSDo OUR STP OTC"
content-type: image/gif
cache-control: no-store, no-cache, max-age=0, must-revalidate
content-length: 43
expires: Sat, 26 Jul 1997 05:00:00 GMT

GET
H/1.1 200
OK cshow.php
www.awin1.com/ Frame 42DD 43 B
704 B 96ms
57ms Image
image/gif 104.64.118.247
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.awin1.com/cshow.php?s=3266505&v=11601&q=357526&r=113440&pref1=25864500000102504444552012539002&pv=1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231207/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

104.64.118.247 Prague, Czech Republic, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-64-118-247.deploy.static.akamaitechnologies.com

Software

Resource Hash

2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 14 Dec 2023 23:01:21 GMT
Strict-Transport-Security: max-age=86400
Node: Helix
Content-Type: image/gif
P3P: policyref="http://www.awin1.com/w3c/p3p.xml", CP="NOI NID CURa ADMa PSAa HISa OUR IND UNI PUR COM NAV"
Cache-Control: no-store, no-cache, max-age=0, must-revalidate
Awin-Akamai-Rule-Set: default
Connection: keep-alive
Content-Length: 43
Expires: 0

GET
H/1.1 200
OK cshow.php
www.awin1.com/ Frame 42DD 43 B
704 B 113ms
74ms Image
image/gif 104.64.118.247
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.awin1.com/cshow.php?s=3502280&v=23861&q=476504&r=296283&pref1=25864500000102504444552012539002&pv=1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231207/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

104.64.118.247 Prague, Czech Republic, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-64-118-247.deploy.static.akamaitechnologies.com

Software

Resource Hash

2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 14 Dec 2023 23:01:21 GMT
Strict-Transport-Security: max-age=86400
Node: Helix
Content-Type: image/gif
P3P: policyref="http://www.awin1.com/w3c/p3p.xml", CP="NOI NID CURa ADMa PSAa HISa OUR IND UNI PUR COM NAV"
Cache-Control: no-store, no-cache, max-age=0, must-revalidate
Awin-Akamai-Rule-Set: default
Connection: keep-alive
Content-Length: 43
Expires: 0

GET
H3 200 Q12zgMmT.js Show response
tpc.googlesyndication.com/sodar/ Frame 51EC 41 KB
14 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Q12zgMmT.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-BAkVupHF03OdzSQF2Hq5KU28cilDxpcpktR6xJIa1rthgeeBZL1b4uFersHQx9ieI5TOx9Iq-ThVjaVZfCDSd-68lieCX6nQ1z7tcxdSP8Me_qjHkOz3IwbSdz62q7xBOrxYfhwF09DdBWeeAagHQEtKcjOPWtcYkLttJnUZLgMEOxvpg&cry=1&dbm_d=AKAmf-ASFvEPnxyPlhS5CbAwI6z3Is_HScxbe0uPKZeDN8rcqihUMkqQR2SMIEH7dm85BL2SVKZjRHH4uIQS_x2JUUCDTMmizVR1Pl_M3CMg8KnJtIbNy3XgGnSpQEFNWTr1pLVNUnyCfBdchpP64Yegr-1bRRmGNXwjo0tL3RbQgn_3i5upLK1EfMN-WBFLnpRpMArt5ew_uIQmqqL-sUWBykAd4GZvgU_ZaX96MnV9jQwOFCWWnqXfGXEulSqkNmA5pYFJ3qV4QW0EkAM06gr4PUwNrgA6iiw9siMoMI5mn84xsqVtq3S3LKaKYxEROOtZAGv_E6JduwGf7CK14DldMzQPsl9UlIMAb4TGMcNmS1olYpulxJjcGezflztYBZArC9WXLYEC6Fv4gM_lgrg4UOxTe9a7QOjFgNbi5OmpGItKVmPj8ONF-KWFnUXlN_vekCe6kKxkOPBaB4093C-WJXrlFd9V_BaytWo_DEcG2g1Cif2x1B7KS5FSCTbXWGZlNZBxzAY5IYwdICMnL2eMSlnMkjrvuXrl9Ltpz4slScGFELyr7pQ8aVKRGHONalPSwu74jvw45R_ovjjfieobN_5OBKS_h8qeMt7CnLYeHjbGYDYgr9hOsxR3MzeEJhEJxWjvLJT4_i1jMpCcMII3p9Wb9kkGDG_MaM6ux4Ql6Fv_rtD8jFBFDH98_2qytVkRmXn56GaqrwpZ16Kg6xgHJU61m7ZA6xp6nNA4Sn5g-jggnauG5Btez3bCodhZF4zmEhqSTv6b_VisueqvwIMHl7NI2LMwfskXxxgFqII-1w-cE9DsWOwAlB0qMAt8dE6qDrtNhLpuY-w4RU8ac-t4t5LBgZwURPKXfnn90BP1g5f4cALiFU58blqmk_6LXO6FD0kLyVft5FHi8gNJoPBH8QxGLKohPnxopRI0LtXMbPH9ueKnlizDtesHCKJUy9q2K5jKKfhDwLPuhkU5xtrpD4xKPviUXwlJZTLozFdFjNvnmEcytulcZ-ppLnXv_Jsir9kmolLE-Agjp_lvD2fRJFSD_R1cO3I2iE6c3ka7IB57-Pm5c7pbcp1WyZp5JHYBloBKu6VCJAe4PEowOVtXoEgkZHsrxykX0PTfHgs94U5n0xOgA-Ds_-gFOxkWPg4aHvHx3Bq-2PF-1FiE213_eAY8OnpGy7Ct3cmSIJkGtuv4F7DU4ODfXq-TC3l6cMIqD17cOl8gOzXbhxiYYP2jqCCiIjstloe35kIEf21p2My-1LuheQV76XA6MMSMLjJVdLwPv4poxtzCxC0LSsqLj5LDsW1F7iiNnLhKJ9kovCrSUpzlOg-C5Wuw3CkJ6ya8jpR3VSot5HX5FnTrSd4TV1HwkbrLfCuOsgXckHFKQ4zPHAX1TFN_MebdureyNMlEEawgH8wP9hXJbjrF2TX03QXy4778YkvQVxGq8316cVTsuJfwrzydjajFuXE69f0TlZn3UkCfZvvJEnQVXwUB1bqq0iWLiuVieJtClBWRrC_HbqCne0Gh-SJjYcPNAVrfn4jeL64Dp6E4M_mJuFiPUTTWNDUsTDQEMEY3fVv0wEyDEigTXnvjfiTeGoqWOySamCjc9AUhqHNTnf4KyUU1vGW5SIyS9UCuOnqeAaG-sMCbP2J_KENdhAwYRg0UgedeWn-5S2UipZeThQFhLNwFquuNc9z3KDsPG_6ScNJnxFAT4Hoz3_zkb8y5yfywQgU6yyx7I7p-b1RTclgkkMjjaxqkxsi8McoJpKSVnO5OIqkBO84Isvzi4J8X-pABNwPes91RoeVqYMLGOfM1_QHbv54_CPfmCINuaQWIsjjUS6RF7oO9K1vOZvUaTZkaz8IDQnkxFdb32OQ5OmpLHkOLosiqlybhLua-5YOoZclQ9dBKWfkyOTi47fzS7qqT5NI4qccx7TpNNNiQzC0SnTbTnNDOHpfW_5huYC1bzQ4LFHzvZDCHUjcITplmQMs8Qcj9FG9KRCtTaSinkxgf50GopjjY_zAUwkxkG3DbZwW6IEjK-qQayxTKjWGWmEevJ6HW1E8et8-s30SD0GFT60eOnMwjZlXjX_eAUMzsXy3WqIGEQ-UowNjym5wP2zuG_fm2fEbycJH-13jGjkdCqilJSyQWKt-N3Il8qjj_iaRmcdzBzfmqKNWL1Eb4LhypZ_RbOTruquRljTjWtIKoG-7_0Dm_h4IGF5T98vS_hZjISilFiW018slywXFPjoCOstXhEt97XtxmmPwhAB0UpOe0UI-2Do9-kY209FFJls5F7VWx3_RDJv4IYZ8N2gbFi7VSfN5WBI30XQpQ8dr8_pqVtKJGXDJLnKklerI_gyJP6uVFjbJjcytN-EK9rHkvNdFIBHRJgWsWS7gZxWYBtNkwrImReWjPSuSjXNhrJGTuhyOmlXHwhQ-UzFod8990v2-7NHqB5DSl3iG-M3XDmEeXm3zhAz-VLjR5Uh9Jsbyp5vho9ka0isbzwsWTQiuouOKZrF5RgpHzNERPrYRBMrksMTWkKU1sD12dcfo84mwVvjg5nHsmEhEuKCGybZum1LW_BJcm-dG-h-dqRgt4TpjATeYD8Wue6wrtDN539IzD8Wjtxhw8A7lli7CO5GFhG5CQIRrGvAPKxQ6yxT_fOHDc7XupjpjYKbugHQo_eym4HV-mPeFj0j3iysornv6up44lVOOGSKdbuRXdEc8nWf6OV1r1ZuFWDHleNhjv2wocTKgDQ3E-0TVJMbtoCeQLr-NpJbzeN9_Jil0nA0fCqwxRCHTD6DsOHQxBULEswOCVMey6JFwO1CGIeCsDiu351BzyzjgVCKwudBqXVSLtCyBcOmv8Nrwn4y_uMEE4jLL2tEiPxNNgR7ein1dUSrcuP4dP1JiAK87fT-uKqTzdoxxgCOb6zNSirCBqTH8xGGkkp7bFLh3ZPhFo6gMPAzIFyExCAONt2RCyvhEdDSEcP1qTUKbU7m3U2B18wBRNFvzOl22kOWcsWWFiuRUhQiZ1XccK5Fa80V_2_riZ5ythxkwEPo82e_sMStQyEDj60bHxqj9XnCnoj2dGjKAWmL3fWuLU_JJ-kjpWf4DXfiOz4zhwu8IBz7LEc34PKOxG2xsk3oloHwJVT2pyiyAQAN2DmkH33Dcth3EcMUlyDtBcCk0_RerHx88gcQzmbsIXFN0Msawt1DV8dzE13Wh7LR_fImLm_VhIUuwzdNB9NdkhBwH-A9itX5H66lVqJxKBl3VekgYKS0ToH-D2ZT6N1hNGPjmyN2hk1TCZjkE7bR6SeAtHhmbVeL-nYGg3cUWOMc55Mptr6yKmT_axOqiyACzT0AzT06M1jw0_CoiQkdz4wrnSmggLsj3C3lexG-emtIRJ-4DQ55VGz4BWvz2jJYQnKNJkQWLe_gZaNTtJuq9rq5is3KZk8PXvESqgEzsEYLr0l1cbNndvOlBHWmU5y_f38AAEXMKLLXcYXkahgj8W7aYKv-VqaXlEoDDj0eKLVb3OKvvL4SvoCmrrw8rEHEX9IGTog_gaPc_eoKfnt9I5pYL3I9QA2MCSrdAqf513PbXlondm8NSe59dZAIVFOoDHbHaK6aua2XQCxGzAnIV-eNxbXa_UL96sijzV6pj4Rw3z3Lsfx6NpWoK4hWH_vJYsdvfUpxsEA10uw9Ym4IPER3d90gSEcpue2cwL-TOZXqHEhjrZPPLfJbBjcnpRV5LWCGT4X_Ht88YSaeIhrYUio9a9kqwpyGNl5IQhktI6PyVbV_Tv7cGy3nE&cid=CAQSTgAvHhf_1JL-DXMpPB0yQQnkxA4pI0Uv9c8mXgh0FZySGhrJt5BMqRR0ExZEdGC9Wm1dMXeQIMLM5BBghVQd50YJ8Puj1twETVyQOOsdOBgB&dv3_ver=m202309260101&rfl=https%3A%2F%2Fwww.fifermods.com%2F&ds=l&xdt=1&iif=1&cor=9815996558853773000&adk=2935317966&idt=214&cac=0&dtd=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

435db380c9936c0970dcd3d9941eab6aec2fcf2a38c3e2b4e02d957e8e76bd1f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Fri, 08 Dec 2023 18:05:08 GMT
content-encoding: br
x-content-type-options: nosniff
age: 536173
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13937
x-xss-protection: 0
last-modified: Fri, 25 Aug 2023 23:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 07 Dec 2024 18:05:08 GMT

GET
H3 200 attribution_src_register;crd=cXVlcnlfZXZlbnRfaWQgewogIHRpbWVfdXNlYzogMTcwMjU5NDg4MDgwMDIwNAogIHNlcnZlcl9pcDogMTI2MDY4MjAyCiAgcHJvY2Vzc19pZDogMzAyMjc5OTAzCn0KZmxvb2RsaWdodF9jb25maWdfaWQ6IDExODY4OTQz...
ad.doubleclick.net/ddm/activity/ Frame 51EC 0
22 B 46ms
45ms Image
image/png 172.217.16.134
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ad.doubleclick.net/ddm/activity/attribution_src_register;crd=cXVlcnlfZXZlbnRfaWQgewogIHRpbWVfdXNlYzogMTcwMjU5NDg4MDgwMDIwNAogIHNlcnZlcl9pcDogMTI2MDY4MjAyCiAgcHJvY2Vzc19pZDogMzAyMjc5OTAzCn0KZmxvb2RsaWdodF9jb25maWdfaWQ6IDExODY4OTQzCmFkdmVydGlzZXJfZG9tYWluOiAiaHR0cHM6Ly9yZWRpbnRlbGxpZ2VuY2UubmV0Igp4ZmFfYXR0cmlidXRpb25faW50ZXJhY3Rpb25fdHlwZTogVklFVwppbXByZXNzaW9uX3ByaW9yaXR5OiAwCmltcHJlc3Npb25fZXhwaXJ5X2luX2RheXM6IDMwCmV2ZW50X2ltcHJlc3Npb25faWQ6IDE2ODcwMjYzNjAzMzM2MzU1MzI2CmRlYnVnX2tleTogMTA1NzEzMDIwMTczNjE3MzQyNDUKaW1wcmVzc2lvbl9tZWFzdXJlbWVudF9kaW1lbnNpb25zX2RhdGEgewogIG1lYXN1cmVtZW50X2RpbWVuc2lvbjogSU1QUkVTU0lPTl9ESU1FTlNJT05fUFJPRFVDVF9UWVBFCiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uX3ZhbHVlIHsKICAgIGludDY0X3ZhbHVlOiAyCiAgfQp9CmltcHJlc3Npb25fbWVhc3VyZW1lbnRfZGltZW5zaW9uc19kYXRhIHsKICBtZWFzdXJlbWVudF9kaW1lbnNpb246IElNUFJFU1NJT05fRElNRU5TSU9OX0lOVEVSQUNUSU9OX1RZUEUKICBtZWFzdXJlbWVudF9kaW1lbnNpb25fdmFsdWUgewogICAgaW50NjRfdmFsdWU6IDMKICB9Cn0KaW1wcmVzc2lvbl9tZWFzdXJlbWVudF9kaW1lbnNpb25zX2RhdGEgewogIG1lYXN1cmVtZW50X2RpbWVuc2lvbjogSU1QUkVTU0lPTl9ESU1FTlNJT05fSU5URVJBQ1RJT05fREFURQogIG1lYXN1cmVtZW50X2RpbWVuc2lvbl92YWx1ZSB7CiAgICBzdHJpbmdfdmFsdWU6ICIyMDIzLTEyLTE0IgogIH0KfQppbXByZXNzaW9uX21lYXN1cmVtZW50X2RpbWVuc2lvbnNfZGF0YSB7CiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uOiBJTVBSRVNTSU9OX0RJTUVOU0lPTl9GTE9PRExJR0hUX0NPTkZJR19JRAogIG1lYXN1cmVtZW50X2RpbWVuc2lvbl92YWx1ZSB7CiAgICBpbnQ2NF92YWx1ZTogMTE4Njg5NDMKICB9Cn0KaW1wcmVzc2lvbl9tZWFzdXJlbWVudF9kaW1lbnNpb25zX2RhdGEgewogIG1lYXN1cmVtZW50X2RpbWVuc2lvbjogSU1QUkVTU0lPTl9ESU1FTlNJT05fQ09SRV9QTEFURk9STV9TRVJWSUNFCiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uX3ZhbHVlIHsKICAgIGludDY0X3ZhbHVlOiAwCiAgfQp9CmltcHJlc3Npb25fbWVhc3VyZW1lbnRfZGltZW5zaW9uc19kYXRhIHsKICBtZWFzdXJlbWVudF9kaW1lbnNpb246IElNUFJFU1NJT05fRElNRU5TSU9OX1BMQVRGT1JNX1RZUEUKICBtZWFzdXJlbWVudF9kaW1lbnNpb25fdmFsdWUgewogICAgaW50NjRfdmFsdWU6IDAKICB9Cn0KaW1wcmVzc2lvbl9tZWFzdXJlbWVudF9kaW1lbnNpb25zX2RhdGEgewogIG1lYXN1cmVtZW50X2RpbWVuc2lvbjogSU1QUkVTU0lPTl9ESU1FTlNJT05fUVVFUllfQ09VTlRSWQogIG1lYXN1cmVtZW50X2RpbWVuc2lvbl92YWx1ZSB7CiAgICBzdHJpbmdfdmFsdWU6ICJVUyIKICB9Cn0KaW1wcmVzc2lvbl9tZWFzdXJlbWVudF9kaW1lbnNpb25zX2RhdGEgewogIG1lYXN1cmVtZW50X2RpbWVuc2lvbjogSU1QUkVTU0lPTl9ESU1FTlNJT05fUExBQ0VNRU5UX0lECiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uX3ZhbHVlIHsKICAgIGludDY0X3ZhbHVlOiAzMzIzMzQxMDYKICB9Cn0KaW1wcmVzc2lvbl9tZWFzdXJlbWVudF9kaW1lbnNpb25zX2RhdGEgewogIG1lYXN1cmVtZW50X2RpbWVuc2lvbjogSU1QUkVTU0lPTl9ESU1FTlNJT05fRFYzX0FEVkVSVElTRVJfSUQKICBtZWFzdXJlbWVudF9kaW1lbnNpb25fdmFsdWUgewogICAgaW50NjRfdmFsdWU6IDg3ODI0MzY5NgogIH0KfQppbXByZXNzaW9uX21lYXN1cmVtZW50X2RpbWVuc2lvbnNfZGF0YSB7CiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uOiBJTVBSRVNTSU9OX0RJTUVOU0lPTl9EVjNfTElORV9JVEVNX0lECiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uX3ZhbHVlIHsKICAgIGludDY0X3ZhbHVlOiAxNjY2MDE0MjA2MwogIH0KfQppbXByZXNzaW9uX21lYXN1cmVtZW50X2RpbWVuc2lvbnNfZGF0YSB7CiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uOiBJTVBSRVNTSU9OX0RJTUVOU0lPTl9EVjNfQ1JFQVRJVkVfSUQKICBtZWFzdXJlbWVudF9kaW1lbnNpb25fdmFsdWUgewogICAgaW50NjRfdmFsdWU6IDQxNjIwNjI1MwogIH0KfQphcmNoZXR5cGVfaWQ6IDEyCmFyY2hldHlwZV9pZDogMTMKYXJjaGV0eXBlX2lkOiAxNAphcmNoZXR5cGVfaWQ6IDE1CmFkdmVydGlzZXJfY29udmVyc2lvbl9kb21haW5zOiAiaHR0cHM6Ly9yZWRpbnRlbGxpZ2VuY2UubmV0IgphZHZlcnRpc2VyX2NvbnZlcnNpb25fZG9tYWluczogImh0dHBzOi8vYWQtc3J2Lm5ldCIKYWR2ZXJ0aXNlcl9jb252ZXJzaW9uX2RvbWFpbnM6ICJodHRwczovL2tsaWNrLXdlbHQuZGUiCmltcHJlc3Npb25fZXZlbnRfcmVwb3J0aW5nX3dpbmRvd19kYXlzOiA0CmJyb3dzZXJfYXR0cmlidXRpb25fYXBpX3JlcXVlc3RfcHJvY2Vzc2luZ19iaXRzOiA3MzgxOTc1MDQK

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231207/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.16.134 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s46-in-f6.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 14 Dec 2023 23:01:21 GMT
x-content-type-options: nosniff
attribution-reporting-register-source: {"aggregation_keys":{"12":"0xb70a329dd636f7600000000000000000","13":"0xaffdcaa075ba9e900000000000000000","14":"0x2cdb1bbfb5d28d560000000000000000","15":"0x68a2b5fecbcee1d20000000000000000"},"debug_key":"10571302017361734245","debug_reporting":true,"destination":"https://redintelligence.net","event_report_window":"345600","expiry":"2592000","filter_data":{"14":[],"21":[],"8":["11868943"]},"priority":"0","source_event_id":"16870263603336355326"}
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-type: image/png
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK etoqsikfebn1 Show response
hal9000.redintelligence.net/zone/ Frame 51EC 11 KB
4 KB 21ms
8ms Script
text/html 144.76.91.199
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal9000.redintelligence.net/zone/etoqsikfebn1?subid=&gdpr=&gdpr_consent=&rnd=1702594879589941&extVar[]=DV360_SSP:1&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DC5qm5P4l7ZfWAJOnq_tMP5bqCqAqm5b2gae2NnKfJD_AuEAEgpJHiPGCVgoCAoAfIAQmpAtPqU3VdUrI-qAMByAObBKoE6gFP0G8TLd76mmVfb8e1shBVl2VQWs1nH4ghG0tNlv0reuqskGhod_Q_KSmBIxg9EMYMHxj2gWsScxjA7VwNWHzFaaWhG-uTThiGYXXiOjXT3c4ul76cyU_Hc8KTSWagoI8Xwe89V2Za_zNj4-AqGmM3MdLfTxaodZSCjXBiEHyRBf6S7bUU8rcZhUOuK8ep9bP8AeyyxNWWwohO2_GPNQFkzWtnPQ_KHMx9FGriFz6Ttgb81CVftCjlt4-HpPc_7rsakpqmwmdOseMoKwtMGa2Deg9Nkzg3T6HAXlqndxJojDG-aHLyH_v5yS7ABOuP_I73A-AEA4gF76-WiD6QBgGgBk2AB6yt9Z8DqAfZtrECqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgH1ckbqAemvhuoB5oGqAfz0RuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIHwiA4YAQEAEYHzICqgI6AoBASL39wTpY0971l4SQgwOACgGYCwHICwGADAGiDBgqFgoU5LSxAu61sQK1uLECrLqxAru7sQKqDQJERbATh--xFdATANgTA4gUAdgUAdAVAfgWAYAXAQ%26ae%3D1%26num%3D1%26cid%3DCAQSTgAvHhf_1JL-DXMpPB0yQQnkxA4pI0Uv9c8mXgh0FZySGhrJt5BMqRR0ExZEdGC9Wm1dMXeQIMLM5BBghVQd50YJ8Puj1twETVyQOOsdOBgB%26sig%3DAOD64_0C-ofJH5XK0LDSKRmT95eW3WaIgQ%26client%3Dca-pub-2575916601382163%26dbm_c%3DAKAmf-Bv8UNbgk5YZ-E8oSAxhCWn3FSPNgNAuV-KTn1laPAbECuVnFVcD80uFTZTOIi_avX5rZtLc9cfcGR163tme8WDGawbbNNFXEcMVgv8UAqiNk7o8EsMsQagR2UD4dGk5I77Zbq3lz-bbyoZgDT2ZIaUVunyg9aUW7HzmD1bABe7_bNzeWo%26cry%3D1%26dbm_d%3DAKAmf-B50J86nI_wfFrKXTonlr9Tv9mK0JKWg7L2pWJ2VI1BmwcJP9Dbq6X0uERj3MEwDLY_mypLIiYBGAMaAhQ56RwGICfGfHNBcuqiQjKuAYmewegarwBufUjg31ipWPeSONzZKR7HusXlELYDdCAdOPMtCg9G3eG6VHvw0uYwml5V5mo12JGmv9kyPKuZ39VykbBpJXj_Umc1exCHbrGO6MgvSii3ADN_MaOuMHUopBfHHTjSUXdeYlPuRAVAjWRIBPDC0jZatObzxdrzCgZqWgdTlGP3R2OO_F28K3fqsCl295gy3fNqLXXB3ldzEyAdDAg8XFl3449vinyovm1bPQm5nSWAyIGJTu5coawbPbz1Ll2okJhOcl3av5zGOM-F6o1crIwMWHxFAKRRgAnbbAb7MJ61G249XlqdHYYP_7ifR2X3jyTZqlRkoiUPMQfra981p6YLhF_t3Ki-2MdMjm9kbIO1uWfFQSQ3DVfJYUDn1Fj08vKdZr6gZ20T4IDopn9twFVM%26adurl%3D
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231207/r20110914/zrt_lookup_fy2021.html?fsb=1
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 144.76.91.199 Dottingen, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.199.91.76.144.clients.your-server.de
Software: Apache /
Resource Hash: 36ed4487d6b80c03c3facfb5ac92de08e9bf1ee3e7e12f1663459d16f25996e1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

Date: Thu, 14 Dec 2023 23:01:21 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 4136
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8

GET
H2 200 swiper.min.css
widgets.sociablekit.com/libs/js/swiper/ Frame B094 19 KB
3 KB 155ms
154ms Stylesheet
text/css 137.220.35.134
AS-CHOOPA

General

Check archive.org

Show headers Download Go to

Full URL: https://widgets.sociablekit.com/libs/js/swiper/swiper.min.css
Requested by: Host: www.sociablekit.com
URL: https://www.sociablekit.com/app/embed/youtube-channel-videos/widget.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 137.220.35.134 Kent, United States, ASN20473 (AS-CHOOPA, US),
Reverse DNS: 137.220.35.134.vultrusercontent.com
Software: nginx /
Resource Hash: 5f07d43571a20235b2506061c9729d91179d32b8b3c75123aa8fcd45e60d7541

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.sociablekit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 14 Dec 2023 23:01:21 GMT
content-encoding: gzip
last-modified: Wed, 10 Nov 2021 07:38:10 GMT
server: nginx
etag: W/"618b76e2-4d42"
vary: Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000

GET
H2 200 swiper.css
widgets.sociablekit.com/libs/js/swiper/ Frame B094 25 KB
4 KB 162ms
161ms Stylesheet
text/css 137.220.35.134
AS-CHOOPA

General

Check archive.org

Show headers Download Go to

Full URL: https://widgets.sociablekit.com/libs/js/swiper/swiper.css?v=ranndomchars
Requested by: Host: www.sociablekit.com
URL: https://www.sociablekit.com/app/embed/youtube-channel-videos/widget.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 137.220.35.134 Kent, United States, ASN20473 (AS-CHOOPA, US),
Reverse DNS: 137.220.35.134.vultrusercontent.com
Software: nginx /
Resource Hash: b3c2d3f3d593e38aeaac4475993b79953031060c9cdbcb68e57e126921f5d430

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.sociablekit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 14 Dec 2023 23:01:21 GMT
content-encoding: gzip
last-modified: Wed, 10 Nov 2021 07:38:10 GMT
server: nginx
etag: W/"618b76e2-6344"
vary: Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000

GET
H2 200 magnific-popup.css
widgets.sociablekit.com/libs/js/magnific-popup/ Frame B094 7 KB
2 KB 163ms
162ms Stylesheet
text/css 137.220.35.134
AS-CHOOPA

General

Check archive.org

Show headers Download Go to

Full URL: https://widgets.sociablekit.com/libs/js/magnific-popup/magnific-popup.css
Requested by: Host: www.sociablekit.com
URL: https://www.sociablekit.com/app/embed/youtube-channel-videos/widget.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 137.220.35.134 Kent, United States, ASN20473 (AS-CHOOPA, US),
Reverse DNS: 137.220.35.134.vultrusercontent.com
Software: nginx /
Resource Hash: e257e7f9f79c6e8bf6bb789f65e3ae2e423a161ef84daef0ef2ae45f91e9c7a2

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.sociablekit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 14 Dec 2023 23:01:21 GMT
content-encoding: gzip
last-modified: Thu, 21 Oct 2021 08:19:43 GMT
server: nginx
etag: W/"6171229f-1db2"
vary: Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000

GET
H2 200 font-awesome.min.css
maxcdn.bootstrapcdn.com/font-awesome/4.7.0/css/ Frame B094 30 KB
7 KB 45ms
18ms Stylesheet
text/css 2606:4700::6812:acf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://maxcdn.bootstrapcdn.com/font-awesome/4.7.0/css/font-awesome.min.css

Requested by

Host: www.sociablekit.com
URL: https://www.sociablekit.com/app/embed/youtube-channel-videos/widget.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:acf , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.sociablekit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 14 Dec 2023 23:01:21 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
cdn-edgestorageid: 722
age: 3013982
cdn-cachedat: 10/31/2023 18:48:06
cdn-pullzone: 252412
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
last-modified: Mon, 25 Jan 2021 22:04:55 GMT
cdn-proxyver: 1.04
cdn-requestpullcode: 200
server: cloudflare
etag: W/"269550530cc127b6aa5a35925a7de6ce"
vary: Accept-Encoding
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cache-control: public, max-age=31919000
cdn-requestid: 9e61a4e37a75208649ae6b63a0cb4f72
timing-allow-origin: *
cdn-requestcountrycode: DE
cdn-status: 200
cf-ray: 835a1176ef8e1e5a-FRA
cdn-requestpullsuccess: True

GET
H2 200 jquery.min.js Show response
ajax.googleapis.com/ajax/libs/jquery/2.1.1/ Frame B094 82 KB
29 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:827::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ajax.googleapis.com/ajax/libs/jquery/2.1.1/jquery.min.js

Requested by

Host: www.sociablekit.com
URL: https://www.sociablekit.com/app/embed/youtube-channel-videos/widget.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

874706b2b1311a0719b5267f7d1cf803057e367e94ae1ff7bf78c5450d30f5d4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.sociablekit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 14 Dec 2023 18:14:12 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 17229
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 29671
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
vary: Accept-Encoding
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 13 Dec 2024 18:14:12 GMT

GET
H2 200 ripple.svg
widgets.sociablekit.com/images/ Frame B094 973 B
571 B 167ms
166ms Image
image/svg+xml 137.220.35.134
AS-CHOOPA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://widgets.sociablekit.com/images/ripple.svg
Requested by: Host: www.sociablekit.com
URL: https://www.sociablekit.com/app/embed/45837
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 137.220.35.134 Kent, United States, ASN20473 (AS-CHOOPA, US),
Reverse DNS: 137.220.35.134.vultrusercontent.com
Software: nginx /
Resource Hash: 18311ad4a118c4b27d65dbe139ca9e96591dd142680ad1e0473db5bd0a36e1d3

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.sociablekit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 14 Dec 2023 23:01:21 GMT
content-encoding: gzip
last-modified: Thu, 21 Oct 2021 08:19:43 GMT
server: nginx
etag: W/"6171229f-3cd"
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000

GET
H3 200 css
fonts.googleapis.com/ Frame 71BB 5 KB
682 B 28ms
27ms Stylesheet
text/css 2a00:1450:4001:81c::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Source+Sans+Pro:400,600

Requested by

Host: hal90002.redintelligence.net
URL: https://hal90002.redintelligence.net/request_content.php?s=25864500000102504444552012539002&a=67bc9bea

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

e334ca19f092778f57815a534078daf8e3fce269e56f7ea374ab3a117eee92ad

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal90002.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Thu, 14 Dec 2023 23:01:21 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Thu, 14 Dec 2023 21:43:12 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Thu, 14 Dec 2023 23:01:21 GMT

GET
H/1.1 200
OK /
hal9000.redintelligence.net/scale/ Frame 71BB 9 KB
9 KB 21ms
7ms Image
image/png 144.76.91.199
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://hal9000.redintelligence.net/scale/?nw=20&mode=bb&width=100&height=55&url=https://cdn.contentspread.net/24i/advertiser/71572/creativesup/iQ_Native_Online-Deutschkurse_1200x627px_NEU.jpeg
Requested by: Host: hal90002.redintelligence.net
URL: https://hal90002.redintelligence.net/request_content.php?s=25864500000102504444552012539002&a=67bc9bea
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 144.76.91.199 Dottingen, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.199.91.76.144.clients.your-server.de
Software: Apache /
Resource Hash: ea2369a0bbef864bcee79608110843433abcd0771417177f8f09658f0ad88f40

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal90002.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

Date: Thu, 14 Dec 2023 23:01:21 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 9482
Vary: Accept-Encoding
Content-Type: image/png

GET
H/1.1 200
OK /
hal9000.redintelligence.net/scale/ Frame 71BB 8 KB
9 KB 22ms
8ms Image
image/png 144.76.91.199
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://hal9000.redintelligence.net/scale/?nw=20&mode=bb&width=100&height=55&url=https://cdn.contentspread.net/24i/advertiser/36340/creativesup/native2.png
Requested by: Host: hal90002.redintelligence.net
URL: https://hal90002.redintelligence.net/request_content.php?s=25864500000102504444552012539002&a=67bc9bea
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 144.76.91.199 Dottingen, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.199.91.76.144.clients.your-server.de
Software: Apache /
Resource Hash: 5d42c71d5fcfd1c3420fc3e46ea65f9f047d6a7edda0b6afd8221ea73f9743a4

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal90002.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

Date: Thu, 14 Dec 2023 23:01:21 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 8646
Vary: Accept-Encoding
Content-Type: image/png

GET
H/1.1 200
OK /
hal9000.redintelligence.net/scale/ Frame 71BB 10 KB
10 KB 120ms
105ms Image
image/png 144.76.91.199
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://hal9000.redintelligence.net/scale/?nw=20&mode=bb&width=100&height=55&url=https://cdn.contentspread.net/24i/advertiser/74889/creativesup/AEG-1200x627.jpg
Requested by: Host: hal90002.redintelligence.net
URL: https://hal90002.redintelligence.net/request_content.php?s=25864500000102504444552012539002&a=67bc9bea
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 144.76.91.199 Dottingen, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.199.91.76.144.clients.your-server.de
Software: Apache /
Resource Hash: cbc638d89bbce29e9aec95bd0c48c2c6130702eed3969aed4ea80cb31ebfcda7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal90002.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

Date: Thu, 14 Dec 2023 23:01:21 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 9836
Vary: Accept-Encoding
Content-Type: image/png

POST
H2 200 tracking-event Show response
api.webgains.io/ Frame 164E 16 B
209 B 73ms
73ms Fetch
application/json 3.8.107.16
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://api.webgains.io/tracking-event

Requested by

Host: analytics.webgains.io
URL: https://analytics.webgains.io/pvClk.min.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

3.8.107.16 London, United Kingdom, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-8-107-16.eu-west-2.compute.amazonaws.com

Software

nginx / PHP/8.1.14

Resource Hash

c955e57777ec0d73639dca6748560d00aa5eb8e12f13ebb2ed9656add3908f97

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://googleads.g.doubleclick.net/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
Content-Type: application/json

Response headers

date: Thu, 14 Dec 2023 23:01:21 GMT
x-content-type-options: nosniff
server: nginx
x-powered-by: PHP/8.1.14
content-type: application/json
access-control-allow-origin: *
cache-control: no-cache, private
x-xss-protection: 1; mode=block

OPTIONS
H2 204 tracking-event
api.webgains.io/ Frame 0
0 82ms
21ms Preflight 3.8.107.16
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://api.webgains.io/tracking-event
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.8.107.16 London, United Kingdom, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-8-107-16.eu-west-2.compute.amazonaws.com
Software: nginx /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://googleads.g.doubleclick.net
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

access-control-allow-headers: Authorization, Content-Type
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS
access-control-allow-origin: *
date: Thu, 14 Dec 2023 23:01:21 GMT
server: nginx

GET
H3 200 Dtt_-LR3WxpzwV0Gscftq1A_D1owstvxoTnWWhwY4Ow.js Show response
pagead2.googlesyndication.com/bg/ Frame EFCB 39 KB
15 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/Dtt_-LR3WxpzwV0Gscftq1A_D1owstvxoTnWWhwY4Ow.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/H0ZEmIz7.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0edb7ff8b4775b1a73c15d06b1c7edab503f0f5a30b2dbf1a139d65a1c18e0ec

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 14 Dec 2023 10:34:36 GMT
content-encoding: br
x-content-type-options: nosniff
age: 44805
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15165
x-xss-protection: 0
last-modified: Tue, 28 Nov 2023 18:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 13 Dec 2024 10:34:36 GMT

GET
H3 200 62bHydCX.html Show response
tpc.googlesyndication.com/sodar/ Frame 1235 38 KB
13 KB 7ms
7ms Document
text/html 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/62bHydCX.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Q12zgMmT.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

eb66c7c9d097d5ba414230f422484c17fa6f37157d30e1ded2cc5f65a9667987

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 222474
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: br
content-length: 13045
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Tue, 12 Dec 2023 09:13:27 GMT
expires: Wed, 11 Dec 2024 09:13:27 GMT
last-modified: Fri, 25 Aug 2023 23:48:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H/1.1 200
OK request.php Show response
hal900030.redintelligence.net/ Frame 51EC 2 KB
1 KB 96ms
71ms Script
application/x-javascript 136.243.149.243
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal900030.redintelligence.net/request.php?zone=etoqsikfebn1&nw=20&renderingType=javascript&namespace=51c6042ed5&subid=&uid=8832ff9203f5ba96&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=0x0&scrollPos=0x0&extData[]=&extVar[]=DV360_SSP%3A1&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DC5qm5P4l7ZfWAJOnq_tMP5bqCqAqm5b2gae2NnKfJD_AuEAEgpJHiPGCVgoCAoAfIAQmpAtPqU3VdUrI-qAMByAObBKoE6gFP0G8TLd76mmVfb8e1shBVl2VQWs1nH4ghG0tNlv0reuqskGhod_Q_KSmBIxg9EMYMHxj2gWsScxjA7VwNWHzFaaWhG-uTThiGYXXiOjXT3c4ul76cyU_Hc8KTSWagoI8Xwe89V2Za_zNj4-AqGmM3MdLfTxaodZSCjXBiEHyRBf6S7bUU8rcZhUOuK8ep9bP8AeyyxNWWwohO2_GPNQFkzWtnPQ_KHMx9FGriFz6Ttgb81CVftCjlt4-HpPc_7rsakpqmwmdOseMoKwtMGa2Deg9Nkzg3T6HAXlqndxJojDG-aHLyH_v5yS7ABOuP_I73A-AEA4gF76-WiD6QBgGgBk2AB6yt9Z8DqAfZtrECqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgH1ckbqAemvhuoB5oGqAfz0RuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIHwiA4YAQEAEYHzICqgI6AoBASL39wTpY0971l4SQgwOACgGYCwHICwGADAGiDBgqFgoU5LSxAu61sQK1uLECrLqxAru7sQKqDQJERbATh--xFdATANgTA4gUAdgUAdAVAfgWAYAXAQ%26ae%3D1%26num%3D1%26cid%3DCAQSTgAvHhf_1JL-DXMpPB0yQQnkxA4pI0Uv9c8mXgh0FZySGhrJt5BMqRR0ExZEdGC9Wm1dMXeQIMLM5BBghVQd50YJ8Puj1twETVyQOOsdOBgB%26sig%3DAOD64_0C-ofJH5XK0LDSKRmT95eW3WaIgQ%26client%3Dca-pub-2575916601382163%26dbm_c%3DAKAmf-Bv8UNbgk5YZ-E8oSAxhCWn3FSPNgNAuV-KTn1laPAbECuVnFVcD80uFTZTOIi_avX5rZtLc9cfcGR163tme8WDGawbbNNFXEcMVgv8UAqiNk7o8EsMsQagR2UD4dGk5I77Zbq3lz-bbyoZgDT2ZIaUVunyg9aUW7HzmD1bABe7_bNzeWo%26cry%3D1%26dbm_d%3DAKAmf-B50J86nI_wfFrKXTonlr9Tv9mK0JKWg7L2pWJ2VI1BmwcJP9Dbq6X0uERj3MEwDLY_mypLIiYBGAMaAhQ56RwGICfGfHNBcuqiQjKuAYmewegarwBufUjg31ipWPeSONzZKR7HusXlELYDdCAdOPMtCg9G3eG6VHvw0uYwml5V5mo12JGmv9kyPKuZ39VykbBpJXj_Umc1exCHbrGO6MgvSii3ADN_MaOuMHUopBfHHTjSUXdeYlPuRAVAjWRIBPDC0jZatObzxdrzCgZqWgdTlGP3R2OO_F28K3fqsCl295gy3fNqLXXB3ldzEyAdDAg8XFl3449vinyovm1bPQm5nSWAyIGJTu5coawbPbz1Ll2okJhOcl3av5zGOM-F6o1crIwMWHxFAKRRgAnbbAb7MJ61G249XlqdHYYP_7ifR2X3jyTZqlRkoiUPMQfra981p6YLhF_t3Ki-2MdMjm9kbIO1uWfFQSQ3DVfJYUDn1Fj08vKdZr6gZ20T4IDopn9twFVM%26adurl%3D&documentReferer=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fpagead%2Fhtml%2Fr20231207%2Fr20110914%2Fzrt_lookup_fy2021.html%3Ffsb%3D1%23RS-2-%26adk%3D1812271804%26client%3Dca-pub-2575916601382163%26fa%3D4%26ifi%3D8%26uci%3Da!8%26btvi%3D4&ancestorOrigins=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Chttps%3A%2F%2Fwww.fifermods.com&random=4975386296106&isIframe=1&container=&adPos=0x0&adPosCheck=0x0&adtagId=0
Requested by: Host: hal9000.redintelligence.net
URL: https://hal9000.redintelligence.net/zone/etoqsikfebn1?subid=&gdpr=&gdpr_consent=&rnd=1702594879589941&extVar[]=DV360_SSP:1&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DC5qm5P4l7ZfWAJOnq_tMP5bqCqAqm5b2gae2NnKfJD_AuEAEgpJHiPGCVgoCAoAfIAQmpAtPqU3VdUrI-qAMByAObBKoE6gFP0G8TLd76mmVfb8e1shBVl2VQWs1nH4ghG0tNlv0reuqskGhod_Q_KSmBIxg9EMYMHxj2gWsScxjA7VwNWHzFaaWhG-uTThiGYXXiOjXT3c4ul76cyU_Hc8KTSWagoI8Xwe89V2Za_zNj4-AqGmM3MdLfTxaodZSCjXBiEHyRBf6S7bUU8rcZhUOuK8ep9bP8AeyyxNWWwohO2_GPNQFkzWtnPQ_KHMx9FGriFz6Ttgb81CVftCjlt4-HpPc_7rsakpqmwmdOseMoKwtMGa2Deg9Nkzg3T6HAXlqndxJojDG-aHLyH_v5yS7ABOuP_I73A-AEA4gF76-WiD6QBgGgBk2AB6yt9Z8DqAfZtrECqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgH1ckbqAemvhuoB5oGqAfz0RuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIHwiA4YAQEAEYHzICqgI6AoBASL39wTpY0971l4SQgwOACgGYCwHICwGADAGiDBgqFgoU5LSxAu61sQK1uLECrLqxAru7sQKqDQJERbATh--xFdATANgTA4gUAdgUAdAVAfgWAYAXAQ%26ae%3D1%26num%3D1%26cid%3DCAQSTgAvHhf_1JL-DXMpPB0yQQnkxA4pI0Uv9c8mXgh0FZySGhrJt5BMqRR0ExZEdGC9Wm1dMXeQIMLM5BBghVQd50YJ8Puj1twETVyQOOsdOBgB%26sig%3DAOD64_0C-ofJH5XK0LDSKRmT95eW3WaIgQ%26client%3Dca-pub-2575916601382163%26dbm_c%3DAKAmf-Bv8UNbgk5YZ-E8oSAxhCWn3FSPNgNAuV-KTn1laPAbECuVnFVcD80uFTZTOIi_avX5rZtLc9cfcGR163tme8WDGawbbNNFXEcMVgv8UAqiNk7o8EsMsQagR2UD4dGk5I77Zbq3lz-bbyoZgDT2ZIaUVunyg9aUW7HzmD1bABe7_bNzeWo%26cry%3D1%26dbm_d%3DAKAmf-B50J86nI_wfFrKXTonlr9Tv9mK0JKWg7L2pWJ2VI1BmwcJP9Dbq6X0uERj3MEwDLY_mypLIiYBGAMaAhQ56RwGICfGfHNBcuqiQjKuAYmewegarwBufUjg31ipWPeSONzZKR7HusXlELYDdCAdOPMtCg9G3eG6VHvw0uYwml5V5mo12JGmv9kyPKuZ39VykbBpJXj_Umc1exCHbrGO6MgvSii3ADN_MaOuMHUopBfHHTjSUXdeYlPuRAVAjWRIBPDC0jZatObzxdrzCgZqWgdTlGP3R2OO_F28K3fqsCl295gy3fNqLXXB3ldzEyAdDAg8XFl3449vinyovm1bPQm5nSWAyIGJTu5coawbPbz1Ll2okJhOcl3av5zGOM-F6o1crIwMWHxFAKRRgAnbbAb7MJ61G249XlqdHYYP_7ifR2X3jyTZqlRkoiUPMQfra981p6YLhF_t3Ki-2MdMjm9kbIO1uWfFQSQ3DVfJYUDn1Fj08vKdZr6gZ20T4IDopn9twFVM%26adurl%3D
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 136.243.149.243 Ludwigshafen am Rhein, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.243.149.243.136.clients.your-server.de
Software: Apache /
Resource Hash: e2ab52fa8021342e8b19e7780859b8fbd96a395cea150586e9896f6c950eaf65

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 14 Dec 2023 23:01:21 GMT
Content-Encoding: gzip
Server: Apache
Vary: Accept-Encoding
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: application/x-javascript; charset=utf-8
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
X-NEORY-SubId: 42066600000107704444552012539030
Connection: close
Content-Length: 856
Expires: Thu, 14 Dec 2023 23:01:21 +0100

GET
H2 200 swiper.min.js Show response
widgets.sociablekit.com/libs/js/swiper/ Frame B094 125 KB
33 KB 189ms
186ms Script
application/javascript 137.220.35.134
AS-CHOOPA

General

Check archive.org

Show headers Download Go to

Full URL: https://widgets.sociablekit.com/libs/js/swiper/swiper.min.js
Requested by: Host: www.sociablekit.com
URL: https://www.sociablekit.com/app/embed/youtube-channel-videos/widget.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 137.220.35.134 Kent, United States, ASN20473 (AS-CHOOPA, US),
Reverse DNS: 137.220.35.134.vultrusercontent.com
Software: nginx /
Resource Hash: 60ea65c5df7567e92d3045440207c416bbf29a32a4274bcc38003f74ee18ba4e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.sociablekit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 14 Dec 2023 23:01:21 GMT
content-encoding: gzip
last-modified: Wed, 10 Nov 2021 07:38:10 GMT
server: nginx
etag: W/"618b76e2-1f397"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000

GET
H/1.1 200
OK viewability Show response
hal90002.redintelligence.net/ Frame 71BB 0
150 B 20ms
7ms Script
text/html 46.4.10.47
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal90002.redintelligence.net/viewability?s=25864500000102504444552012539002&a=08ebc648&vb=m
Requested by: Host: hal90002.redintelligence.net
URL: https://hal90002.redintelligence.net/request_content.php?s=25864500000102504444552012539002&a=67bc9bea
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 46.4.10.47 Rostock, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.47.10.4.46.clients.your-server.de
Software: Apache /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal90002.redintelligence.net/request_content.php?s=25864500000102504444552012539002&a=67bc9bea
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

Date: Thu, 14 Dec 2023 23:01:21 GMT
Server: Apache
Connection: close
Content-Length: 0
Content-Type: text/html; charset=UTF-8

GET
H3 200 Dtt_-LR3WxpzwV0Gscftq1A_D1owstvxoTnWWhwY4Ow.js Show response
pagead2.googlesyndication.com/bg/ Frame 1235 39 KB
15 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/Dtt_-LR3WxpzwV0Gscftq1A_D1owstvxoTnWWhwY4Ow.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/62bHydCX.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0edb7ff8b4775b1a73c15d06b1c7edab503f0f5a30b2dbf1a139d65a1c18e0ec

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 14 Dec 2023 10:34:36 GMT
content-encoding: br
x-content-type-options: nosniff
age: 44805
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15165
x-xss-protection: 0
last-modified: Tue, 28 Nov 2023 18:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 13 Dec 2024 10:34:36 GMT

GET
H3 206 file.mp4
r2---sn-4g5e6nzl.c.2mdn.net/videoplayback/id/32ca47640c8a13be/itag/347/source/web_video_ads/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/3846240834/sparams/acao,ctier,expire,id,ip,ipbits,itag,mh,mip... Frame 68E7 2 MB
2 MB 15ms
7ms Media
video/mp4 2a00:1450:4001:3c::7
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host: www.fifermods.com
URL: https://www.fifermods.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:3c::7 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

gvs 1.0 /

Resource Hash

a24e7b3830e2c5212d6ff52b7af0ea8b6d0bb85141bc9c5d9d4534b14bf87a65

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://googleads.g.doubleclick.net/
Accept-Encoding: identity;q=1, *;q=0
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
Range: bytes=0-

Response headers

expires: Thu, 14 Dec 2023 23:01:21 GMT
date: Thu, 14 Dec 2023 23:01:21 GMT
x-content-type-options: nosniff
Content-Range: bytes 0-1715587/1715588
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,quic=":443"; ma=2592000; v="46"
Content-Length: 1715588
last-modified: Tue, 05 Dec 2023 16:11:35 GMT
server: gvs 1.0
vary: Origin
content-type: video/mp4
access-control-allow-origin: https://googleads.g.doubleclick.net
access-control-expose-headers: Client-Protocol, Content-Length, Content-Type, X-Bandwidth-Est, X-Bandwidth-Est2, X-Bandwidth-Est3, X-Bandwidth-App-Limited, X-Bandwidth-Est-App-Limited, X-Bandwidth-Est-Comp, X-Bandwidth-Avg, X-Head-Time-Millis, X-Head-Time-Sec, X-Head-Seqnum, X-Response-Itag, X-Restrict-Formats-Hint, X-Sequence-Num, X-Segment-Lmt, X-Walltime-Ms
cache-control: private, max-age=86400
access-control-allow-credentials: true
accept-ranges: bytes
timing-allow-origin: https://googleads.g.doubleclick.net
client-protocol: quic

POST
H2 204 csi
csi.gstatic.com/ Frame 68E7 0
54 B 309ms
276ms Ping
image/gif 2404:6800:4004:821::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://csi.gstatic.com/csi?v=2&s=osv&dmc=8&puid=6~lq5t160f&c=3993659239035&slotId=1996829619517.5&qqid=CLac-peEkIMDFWm1fwQdZZ0ApQ&fb=outstream-lima&gpm_i=9&gpm_c=9&gpm_a=9&smb=Infinity&br=2076&mt=video%2Fmp4&vs=1024x576&ple=1&umsem=0&event_name=unmeasurable_asset&resource_name=https%253A%252F%252Fvast.doubleverify.com%252Fv3%252Fvast%253F_media%253D3%2526ctx%253D10242044%2526cmp%253D30443038%2526sid%253D5513185%2526plc%253D380567266%2526adsrv%253D166%2526_redirect%253D1%2526psf%253D0%2526_vast%253Dhttps%253A%252F%252Fad.doubleclick.net%252Fddm%252Fpfadx%252FN7657.3553448DISPLAYVIDEO360%252FB30443038.380567266%25253Bsz%25253D0x0%25253Bord%25253D%25255Btimestamp%25255D%25253Bdc_lat%25253D%25253Bdc_rdid%25253D%25253Btag_for_child_directed_treatment%25253D%25253Btfua%25253D%25253Bdcmt%25253Dtext%252Fxml%25253Bdc_sdkv%25253Dh.0.0.0%25253Bdc_osd%25253D2%25253Bdc_frm%25253D2%25253Bdc_sdr%25253D1%25253Bdc_ref%25253Dhttps%253A%252F%252Fwww.fifermods.com%252F%25253Bnel%25253D0%25253Fves%25253DdGltZXN0YW1wOiAxNzAyNTk0ODgwNzY2CmNsaWNrX3Rocm91Z2hfdXJsOiAiaHR0cHM6Ly9hZGNsaWNrLmcuZG91YmxlY2xpY2submV0L3Bjcy9jbGljaz94YWk9QUtBT2pzdWphSi1JWERleU9KYVViek5RUXJZdUhWZXlCalRpVW5nczljNl9qUmZ2RGdJNlN2TjlBRE1pLWFEUC1UQ3FSSk5zOFRnQUFBcUc1NmxDdXdhXzl0VGFOMGlrNEFpVV8wRGE1UmNXaGJCelY3T0FES2ZLcVFWR09NUTAzMi1PTUVVOG80TldjdnhsMk02dVgwanMtNDRQeVZWZ1NRNEJBUV81WmFQS2xTMTl6QzFLSDE4WVBtLUZyc2dSeV9JRlJqaWdjT3ZYbml0ZEt6S2F3NzhTek9jRlpvRDB6RDM3dXdKb1dzMll5TGJzU2h5b01EcTlULTFpN2g5U19BVUZEUWNncmlDVXZVRTFEbGNuX0VzLUJlVGRrcFI5cGZKcHV5UnRTbGlhUWRFLVd3cmJPOUU1bTJtWU54NWdOTnJNdkM1bHd6U0pQQk5BTGtQRHIwZTRhV2l4Q0Znejl6WlRYT1kwaFZHVnhaT3RLRHhabERiMHE2R3BSOV9CRWN2T0VDaWlxcGV4R291SmVud2JueU5EdUJNU016WnlKRzh2SW56UmxKdmFTQTBRSnRmS0Q0RXBJNVlQVkVZOGFmeHpLV19ScF9zaGdXYXNWNHA1YVNDVTk3ZHVyQU1QbmtmNGhHMEhJUHR5MFozSXhtNWVSc3Z2VF85UmZHd080ZmRJaUJIWG15emgxbVVUZGJ0SW9XanFXTHRqaUREa2ZzMkwxUnRIZWFNQTlybHFXb014UmZjbUp6MnU2SWdlTnVPLTV5aUwyQ05ScVZlcDVTUWFxY0tjU2huYXV1OFNZZ2J0SGpNWi11ZldGN0taMUxYQ3djTnh4dUVkVWpvOWh0b1VGMl9BM0d3VldpU3k3blkyQzBBbWJiZVZDWjI4RW5xWVR3N2hiQWMxM242empDdDNtSUNZQ054Z180RFpjVkFoYmtqM0F2N2NTeHJiVlZnNzBNbnRtc1h2MFdZOW9TYlJYdjYxMEpPdjRhNS0xcm5nSVdjeDg5VW5DZDJlWWxfSGxCbDVPYzVSbGdpOExaVEtidi1hbmdNVGxPSnYzZGlQeXI2S1lsaUVpalBwUXFzV21lN09uUzNPWDREYTdqNXhtakxjR3oyWjBiNUUteEJYMGxTbEJKbjVlRDZVdG1keTlHQm51UDhod0NfM1F5WG0tLWxEeUlRSFB0YkZ6SlRtYnFtQXZkSThmb21wOWdHY0lDQ2pnZGg3QXctazVKSGo2dzFQZ3FHV2dYWDVCZTdUa2tMWXE1NDJIUVBvMERCZ09pajJhNy1rNFI3d2FPeXdjZ0k0MHNDQzZ0WFB4ZUMzYWdUQ3BzS0lTN1lnRXhNSTUzNUwyd0VnbzlOOExmNXJpMzBWUlJSOTJmY0xxRno5OGxYaUJEWXJmMDBPTXlzOVhxVDBLX3BVV0dSYlFsVlAxTDVtTVpBMm5IYXNIay1PeDIyZzR6eng4bUx0dzVxdEhtcnZtbFNPV1ZDaVJQOVNheDI2YUtHQkNmby1mY09reEdqRzJpOWdrTlFHcDZzei1wcGJZV3JPaC1rckpEa0ltX0ZYdXlqSWEwbzJYUDd5SkNmTGVrVkdxMzRzd21qd3RkU0pNVDRzWEttazNCQ2pTOE0wM2ZYOWlzd2JyZGUzTjRDek1JUlBrOU1qTDRtNWU5aVE0eUJJeHRnS0Q3dkk5ZGl0QVFSUktMUlNjYWN5N3lma19sa0pwWVBYRjhVajAwOVRGRkx0a0ZkR1d6V21qNGxmNGVXeFlvZFlER21GJnNhaT1BTWZsLVlUM1kxa1l5RDFIUUQwSk1qOUh1RXFrcnQ2MmJVSnd5Ujc4LUFjRU5GUGpjRzlBVEVjcTJXVjc2aGU4SFB2Q1pLOTZITGtsWmkzVXQxeF9pd01mMG94dFB6bUhyUTA2cmhmX0haNUdacjBmTVMzRTk2cUdXaE9lcHlYS2ZzQ3dSTUFBRktjTS0tUkgzVjFyLWdfUXBSaGxELWZxOVYyeFlubFlmMEF1UmZ0aGxPX2V3NEwxd3NmVWJ4blRQb1AyNGR6SFBiM05waXI5VW5aU1JMQkZhU19hZ1Q3bWZKMWRIS2RZOGpzc28wUWpYSkxSMk5HX3VvamQ4S2t2UFdjWjl2T2lMTzJWY0IyeGU4UmdmWXVTZjFFOWdmMlVqM2x4YjAwQ09INHNaQU5NQWJDaTVMUSZzaWc9Q2cwQXJLSlN6RWNWekRseDBvM19FQUUmY3J5PTEmZmJzX2FlaWQ9JTVCZ3dfZmJzYWVpZCU1RCZ1cmxmaXg9MSZhZHVybD1odHRwczovL3d3dy5lYS5jb20vZ2FtZXMvZWEtc3BvcnRzLWZjL2ZjLTI0L2ZlYXR1cmVzJTNGdXRtX2NhbXBhaWduJTNERkNfYnJkX3d3X202X3ByZ212X2R2MzYwX21mJTI2dXRtX3NvdXJjZSUzRGR2MzYwJTI2dXRtX21lZGl1bSUzRHZpZGVvJTI2Y2lkJTNENzM1OTglMjZ0cyUzRDE2NTI4OTAxNDE1OTMlMjZkY2xpZCUzRCUyNWVkY2xpZCEiCg%252526dc_cid%25253D206729091%252526dc_adid%25253D572283934%2526_api%253D%255BAPIFRAMEWORKS%255D%2526_ssm%253D%255BSERVERSIDE%255D%2526_tsm%253D%255BTIMESTAMP%255D%2526gdpr%253D%2526gdpr_consent%253D%2526_abm%253D%255BAPPBUNDLE%255D%2526_pum%253D%255BPAGEURL%255D&encoded_body_size=0&transfer_size=0
Requested by: Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20231113_RC00/outstream.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2404:6800:4004:821::2003 , Australia, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 14 Dec 2023 23:01:21 GMT
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
server: Golfe2
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 2F2A 42 B
174 B 46ms
46ms Fetch
image/gif 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsvMhSp8XDQTyG2y2-e6p7Hi6O_X-7cKeNjIqxiQrcUAzP_53cK69dSFQFro-6T-BJ2DfB57H9QXt6FF6wobeZw5hDGsogM7_EXg0pJcA6LDE0AKrLOr5q6vrK6mZV4EoBgkoPi3e4xKE0A0CaLN_fQ9pF3nuPHSPOzYyFuQWQdPp2ZSYNZB4zyl&sai=AMfl-YRSadyFHICZcfj4481UNc7UNtTyiPTtNiVATulS5Tkv5QffI061dPCBdyxQjRPpPp5uapP7BKxeeaZK4ut74sRjEwJk-_4RocbhbSOaMOvcY2fuXc9GcR-8Lqh1V9b7cLz3Tgxfy1EbxDA5-pjc&sig=Cg0ArKJSzOrhIuaVTKUqEAE&cid=CAQSTgAvHhf_QbNtTnucbYSZspU8x-9zD-tk6qCwYOi77SZJ_kquZzdvNRHAUI8I_BymllGvsfuV93UsiZGb6lRiSlsm0WirUUOL3bZk9F3CTBgB&id=lidar2&mcvt=1006&p=0,0,90,728&mtos=1006,1006,1006,1006,1006&tos=1006,0,0,0,0&v=20231213&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=22&adk=1609618297&rs=2&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0%3D&vs=4&r=v&rst=1702594879496&rpt=666&met=mue&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0&io2=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 14 Dec 2023 23:01:21 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame EFCB 0
20 B 44ms
44ms Image
image/gif 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=34&t=2&li=v_h.0.0.0&bgai=Bi56FQIl7ZYvdLcuH2fcP3MWguAQAAAAAOAHgBAI&bg=!MTKlMn3NAAY3kmNgF5I7ADQBe5WfOPQHyiNmmsH6gbqsw-YGobdC5p_QaiyP-th9b9PLGQPCFgc79N_udlP-v45B3H7_AgAAAENSAAAAAmgBBwoAJPtrAyy87eEMtGK-vnHt0y1gGgb0HYLVYRIJK2VcDGKI2DxV6pkDHHeuHYJIpAanqW5yZdWiWlcO69LsltvulAF6YSmd4N1O9uivljb8YNmynFQvxb8AHGTV8IAFJBpbZeQqA_Gb_NaoOtYjLyECDOUnRUipiXocbGNYzebjFrgjEjpuOFDfT0SfiDHuQRgfZBXtYS-2yZF8-IVw7uCCo8TIAYwHp0rqX3SPT7Z19vcVq790SpvECsW5vC13gDsyNsKVZo_4cxfvapQudn1b8YLrI7Xmga1yLccFwUvivtXKjzbneXShrT2BrFfMHWeANlhxiN1SWScauB4S6XTtP1Y9EELZl7sWh0UAw3XZxNf9UpiRRUi2P6mbm9ekvzune2AqGSKJOP-Lmo9FWDOygBgYhTfLFAEGCPz9LcGtMo1KOqPQEKW2rbsVj4He8HshYciiS-6Ose6bqmrzS7UJnaMYNKpoJTA5rHm0vypCqnlYoR_YWATDhQxcPy9KO8ry-bUw8NXAHrbsO996QoMOkKXnIpLZ2jlfw-VGcsfbR53VbF4gBZhHuLi3BI9bZEnnoGXOv6EzslrdJNZrVAZ8RA03GgALEYwa0ycY9-aDbTrqgiiwY0diRI5WiVWiyxdXigo4vQAZuD63sdsOGTuKiBHdY2O_j8FyonIh8K7z0R7TVgCOx1omYHv2wGPK9pBxE3uDEbNaXU_HK_8sXHDTFOvnmifbXyGZronVR-U33HwTJibhJBzMGDanHdfN6CS6XTtMwiWaKZ16bRClyMapNfIvtTQLENKfZVy4TdEe3cgFikml5JaqGf2SGd0hhDwPkqcepdA0TyRfCKHcUuiQKVT6AM1JDdYCe1o6EVMHSXAjhpMkUS8s7W-aIgTjDlLimOs9kIGUEQnOLjAPFAkWSDcIfjzLQDpY9arG1ig7DqFlUUyMlemn4YR-PH2QVahc_JMrMgdeqvxLl2hDEwRVqj8Xx92aWWwZeDgr3MxnKm5pBExToVejRhf6FxcbKIT8yltbRKs2ACL-kaAx1XCO0e_LCGIoadgMxYKTOxKK7f2kyTjiZfe-CC3dJsljtrVpuZ08WOKVnfVbu3EABaS12mPpdXg

Requested by

Host: www.fifermods.com
URL: https://www.fifermods.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 14 Dec 2023 23:01:21 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 89f7480c0afa0150827cf163f8728151 Show response
pv.medialead.de/trck/epv/ Frame 8110 0
326 B 19ms
19ms Document
application/javascript 91.121.248.44
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://pv.medialead.de/trck/epv/89f7480c0afa0150827cf163f8728151?subid=42066600000107704444552012539030&t=htlp&gdpr=1&consent=1&gdpr_consent=
Requested by: Host: hal900030.redintelligence.net
URL: https://hal900030.redintelligence.net/request.php?zone=etoqsikfebn1&nw=20&renderingType=javascript&namespace=51c6042ed5&subid=&uid=8832ff9203f5ba96&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=0x0&scrollPos=0x0&extData[]=&extVar[]=DV360_SSP%3A1&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DC5qm5P4l7ZfWAJOnq_tMP5bqCqAqm5b2gae2NnKfJD_AuEAEgpJHiPGCVgoCAoAfIAQmpAtPqU3VdUrI-qAMByAObBKoE6gFP0G8TLd76mmVfb8e1shBVl2VQWs1nH4ghG0tNlv0reuqskGhod_Q_KSmBIxg9EMYMHxj2gWsScxjA7VwNWHzFaaWhG-uTThiGYXXiOjXT3c4ul76cyU_Hc8KTSWagoI8Xwe89V2Za_zNj4-AqGmM3MdLfTxaodZSCjXBiEHyRBf6S7bUU8rcZhUOuK8ep9bP8AeyyxNWWwohO2_GPNQFkzWtnPQ_KHMx9FGriFz6Ttgb81CVftCjlt4-HpPc_7rsakpqmwmdOseMoKwtMGa2Deg9Nkzg3T6HAXlqndxJojDG-aHLyH_v5yS7ABOuP_I73A-AEA4gF76-WiD6QBgGgBk2AB6yt9Z8DqAfZtrECqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgH1ckbqAemvhuoB5oGqAfz0RuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIHwiA4YAQEAEYHzICqgI6AoBASL39wTpY0971l4SQgwOACgGYCwHICwGADAGiDBgqFgoU5LSxAu61sQK1uLECrLqxAru7sQKqDQJERbATh--xFdATANgTA4gUAdgUAdAVAfgWAYAXAQ%26ae%3D1%26num%3D1%26cid%3DCAQSTgAvHhf_1JL-DXMpPB0yQQnkxA4pI0Uv9c8mXgh0FZySGhrJt5BMqRR0ExZEdGC9Wm1dMXeQIMLM5BBghVQd50YJ8Puj1twETVyQOOsdOBgB%26sig%3DAOD64_0C-ofJH5XK0LDSKRmT95eW3WaIgQ%26client%3Dca-pub-2575916601382163%26dbm_c%3DAKAmf-Bv8UNbgk5YZ-E8oSAxhCWn3FSPNgNAuV-KTn1laPAbECuVnFVcD80uFTZTOIi_avX5rZtLc9cfcGR163tme8WDGawbbNNFXEcMVgv8UAqiNk7o8EsMsQagR2UD4dGk5I77Zbq3lz-bbyoZgDT2ZIaUVunyg9aUW7HzmD1bABe7_bNzeWo%26cry%3D1%26dbm_d%3DAKAmf-B50J86nI_wfFrKXTonlr9Tv9mK0JKWg7L2pWJ2VI1BmwcJP9Dbq6X0uERj3MEwDLY_mypLIiYBGAMaAhQ56RwGICfGfHNBcuqiQjKuAYmewegarwBufUjg31ipWPeSONzZKR7HusXlELYDdCAdOPMtCg9G3eG6VHvw0uYwml5V5mo12JGmv9kyPKuZ39VykbBpJXj_Umc1exCHbrGO6MgvSii3ADN_MaOuMHUopBfHHTjSUXdeYlPuRAVAjWRIBPDC0jZatObzxdrzCgZqWgdTlGP3R2OO_F28K3fqsCl295gy3fNqLXXB3ldzEyAdDAg8XFl3449vinyovm1bPQm5nSWAyIGJTu5coawbPbz1Ll2okJhOcl3av5zGOM-F6o1crIwMWHxFAKRRgAnbbAb7MJ61G249XlqdHYYP_7ifR2X3jyTZqlRkoiUPMQfra981p6YLhF_t3Ki-2MdMjm9kbIO1uWfFQSQ3DVfJYUDn1Fj08vKdZr6gZ20T4IDopn9twFVM%26adurl%3D&documentReferer=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fpagead%2Fhtml%2Fr20231207%2Fr20110914%2Fzrt_lookup_fy2021.html%3Ffsb%3D1%23RS-2-%26adk%3D1812271804%26client%3Dca-pub-2575916601382163%26fa%3D4%26ifi%3D8%26uci%3Da!8%26btvi%3D4&ancestorOrigins=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Chttps%3A%2F%2Fwww.fifermods.com&random=4975386296106&isIframe=1&container=&adPos=0x0&adPosCheck=0x0&adtagId=0
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 91.121.248.44 , France, ASN16276 (OVH, FR),
Reverse DNS: ip44.ip-91-121-248.eu
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-credentials: true
access-control-allow-origin: *
access-control-expose-headers: X-Request-ID
attribution-reporting-register-source: {"source_event_id":"25200521800103636","destination":"https://trck.easy-m.de","expiry":5184000,"filter_data":{}}
content-length: 0
content-type: application/javascript; charset=utf-8
date: Thu, 14 Dec 2023 23:01:21 GMT
host: pv.medialead.de
proxy-host: pv.medialead.de
server: nginx
vary: Origin

GET
H/1.1

200
OK

view.aspx Show response
www.media01.eu/ Frame B168
Redirect Chain

https://www.awin1.com/cshow.php?s=2840007&v=20646&q=409071&r=296283&pref1=42066600000107704444552012539030&pv=1
https://www.media01.eu/view.aspx?trackid=4FFE2293E3AB03641C3925C92FA06F0B&dt_subid1=&dt_subid2=affiliate&dt_keywords=&dt_freetext=&awc=20646_296283_1702594881_b26cc0c1-9ad4-11ee-b1a8-22396ad6a5ca&d...

0
904 B

62ms
14ms

Document
text/html

85.10.231.200
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.media01.eu/view.aspx?trackid=4FFE2293E3AB03641C3925C92FA06F0B&dt_subid1=&dt_subid2=affiliate&dt_keywords=&dt_freetext=&awc=20646_296283_1702594881_b26cc0c1-9ad4-11ee-b1a8-22396ad6a5ca&dt_mode=iframe&dt_url=

Requested by

Host: hal900030.redintelligence.net
URL: https://hal900030.redintelligence.net/request.php?zone=etoqsikfebn1&nw=20&renderingType=javascript&namespace=51c6042ed5&subid=&uid=8832ff9203f5ba96&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=0x0&scrollPos=0x0&extData[]=&extVar[]=DV360_SSP%3A1&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DC5qm5P4l7ZfWAJOnq_tMP5bqCqAqm5b2gae2NnKfJD_AuEAEgpJHiPGCVgoCAoAfIAQmpAtPqU3VdUrI-qAMByAObBKoE6gFP0G8TLd76mmVfb8e1shBVl2VQWs1nH4ghG0tNlv0reuqskGhod_Q_KSmBIxg9EMYMHxj2gWsScxjA7VwNWHzFaaWhG-uTThiGYXXiOjXT3c4ul76cyU_Hc8KTSWagoI8Xwe89V2Za_zNj4-AqGmM3MdLfTxaodZSCjXBiEHyRBf6S7bUU8rcZhUOuK8ep9bP8AeyyxNWWwohO2_GPNQFkzWtnPQ_KHMx9FGriFz6Ttgb81CVftCjlt4-HpPc_7rsakpqmwmdOseMoKwtMGa2Deg9Nkzg3T6HAXlqndxJojDG-aHLyH_v5yS7ABOuP_I73A-AEA4gF76-WiD6QBgGgBk2AB6yt9Z8DqAfZtrECqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgH1ckbqAemvhuoB5oGqAfz0RuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIHwiA4YAQEAEYHzICqgI6AoBASL39wTpY0971l4SQgwOACgGYCwHICwGADAGiDBgqFgoU5LSxAu61sQK1uLECrLqxAru7sQKqDQJERbATh--xFdATANgTA4gUAdgUAdAVAfgWAYAXAQ%26ae%3D1%26num%3D1%26cid%3DCAQSTgAvHhf_1JL-DXMpPB0yQQnkxA4pI0Uv9c8mXgh0FZySGhrJt5BMqRR0ExZEdGC9Wm1dMXeQIMLM5BBghVQd50YJ8Puj1twETVyQOOsdOBgB%26sig%3DAOD64_0C-ofJH5XK0LDSKRmT95eW3WaIgQ%26client%3Dca-pub-2575916601382163%26dbm_c%3DAKAmf-Bv8UNbgk5YZ-E8oSAxhCWn3FSPNgNAuV-KTn1laPAbECuVnFVcD80uFTZTOIi_avX5rZtLc9cfcGR163tme8WDGawbbNNFXEcMVgv8UAqiNk7o8EsMsQagR2UD4dGk5I77Zbq3lz-bbyoZgDT2ZIaUVunyg9aUW7HzmD1bABe7_bNzeWo%26cry%3D1%26dbm_d%3DAKAmf-B50J86nI_wfFrKXTonlr9Tv9mK0JKWg7L2pWJ2VI1BmwcJP9Dbq6X0uERj3MEwDLY_mypLIiYBGAMaAhQ56RwGICfGfHNBcuqiQjKuAYmewegarwBufUjg31ipWPeSONzZKR7HusXlELYDdCAdOPMtCg9G3eG6VHvw0uYwml5V5mo12JGmv9kyPKuZ39VykbBpJXj_Umc1exCHbrGO6MgvSii3ADN_MaOuMHUopBfHHTjSUXdeYlPuRAVAjWRIBPDC0jZatObzxdrzCgZqWgdTlGP3R2OO_F28K3fqsCl295gy3fNqLXXB3ldzEyAdDAg8XFl3449vinyovm1bPQm5nSWAyIGJTu5coawbPbz1Ll2okJhOcl3av5zGOM-F6o1crIwMWHxFAKRRgAnbbAb7MJ61G249XlqdHYYP_7ifR2X3jyTZqlRkoiUPMQfra981p6YLhF_t3Ki-2MdMjm9kbIO1uWfFQSQ3DVfJYUDn1Fj08vKdZr6gZ20T4IDopn9twFVM%26adurl%3D&documentReferer=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fpagead%2Fhtml%2Fr20231207%2Fr20110914%2Fzrt_lookup_fy2021.html%3Ffsb%3D1%23RS-2-%26adk%3D1812271804%26client%3Dca-pub-2575916601382163%26fa%3D4%26ifi%3D8%26uci%3Da!8%26btvi%3D4&ancestorOrigins=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Chttps%3A%2F%2Fwww.fifermods.com&random=4975386296106&isIframe=1&container=&adPos=0x0&adPosCheck=0x0&adtagId=0

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

85.10.231.200 Fellbach, Germany, ASN24940 (HETZNER-AS, DE),

Reverse DNS

85-10-231-200.clients.your-server.de

Software

Microsoft-IIS/10.0 / ASP.NET

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	1; mode=block

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Content-Type, Content-Range, Content-Disposition, Content-Description, X-XSRF-TOKEN, X-Location
access-control-allow-methods: GET,POST
access-control-allow-origin: *
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
date: Thu, 14 Dec 2023 23:01:20 GMT
expires: Mon, 26 Jul 1997 05:00:00 GMT
last-modified: Fri, 15 Dec 2023 12:01:20 GMT
p3p: policyref="http://www.media01.eu/www.media01.eu/p3p.xml", CP="NOI NID PSA OUR BUS NAV STA"
pragma: no-cache
server: Microsoft-IIS/10.0
x-aspnet-version: 4.0.30319
x-powered-by: ASP.NET
x-xss-protection: 1; mode=block

Redirect headers

Awin-Akamai-Rule-Set: default
Connection: keep-alive
Content-Length: 0
Date: Thu, 14 Dec 2023 23:01:21 GMT
Location: https://www.media01.eu/view.aspx?trackid=4FFE2293E3AB03641C3925C92FA06F0B&dt_subid1=&dt_subid2=affiliate&dt_keywords=&dt_freetext=&awc=20646_296283_1702594881_b26cc0c1-9ad4-11ee-b1a8-22396ad6a5ca&dt_mode=iframe&dt_url=
Node: Helix
P3P: policyref="http://www.awin1.com/w3c/p3p.xml", CP="NOI NID CURa ADMa PSAa HISa OUR IND UNI PUR COM NAV"
Strict-Transport-Security: max-age=86400

GET
H/1.1 200
OK request_content.php Show response
hal900030.redintelligence.net/ Frame 2EEF 7 KB
2 KB 23ms
8ms Document
text/html 136.243.149.243
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal900030.redintelligence.net/request_content.php?s=42066600000107704444552012539030&a=f19139eb
Requested by: Host: hal900030.redintelligence.net
URL: https://hal900030.redintelligence.net/request.php?zone=etoqsikfebn1&nw=20&renderingType=javascript&namespace=51c6042ed5&subid=&uid=8832ff9203f5ba96&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=0x0&scrollPos=0x0&extData[]=&extVar[]=DV360_SSP%3A1&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DC5qm5P4l7ZfWAJOnq_tMP5bqCqAqm5b2gae2NnKfJD_AuEAEgpJHiPGCVgoCAoAfIAQmpAtPqU3VdUrI-qAMByAObBKoE6gFP0G8TLd76mmVfb8e1shBVl2VQWs1nH4ghG0tNlv0reuqskGhod_Q_KSmBIxg9EMYMHxj2gWsScxjA7VwNWHzFaaWhG-uTThiGYXXiOjXT3c4ul76cyU_Hc8KTSWagoI8Xwe89V2Za_zNj4-AqGmM3MdLfTxaodZSCjXBiEHyRBf6S7bUU8rcZhUOuK8ep9bP8AeyyxNWWwohO2_GPNQFkzWtnPQ_KHMx9FGriFz6Ttgb81CVftCjlt4-HpPc_7rsakpqmwmdOseMoKwtMGa2Deg9Nkzg3T6HAXlqndxJojDG-aHLyH_v5yS7ABOuP_I73A-AEA4gF76-WiD6QBgGgBk2AB6yt9Z8DqAfZtrECqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgH1ckbqAemvhuoB5oGqAfz0RuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIHwiA4YAQEAEYHzICqgI6AoBASL39wTpY0971l4SQgwOACgGYCwHICwGADAGiDBgqFgoU5LSxAu61sQK1uLECrLqxAru7sQKqDQJERbATh--xFdATANgTA4gUAdgUAdAVAfgWAYAXAQ%26ae%3D1%26num%3D1%26cid%3DCAQSTgAvHhf_1JL-DXMpPB0yQQnkxA4pI0Uv9c8mXgh0FZySGhrJt5BMqRR0ExZEdGC9Wm1dMXeQIMLM5BBghVQd50YJ8Puj1twETVyQOOsdOBgB%26sig%3DAOD64_0C-ofJH5XK0LDSKRmT95eW3WaIgQ%26client%3Dca-pub-2575916601382163%26dbm_c%3DAKAmf-Bv8UNbgk5YZ-E8oSAxhCWn3FSPNgNAuV-KTn1laPAbECuVnFVcD80uFTZTOIi_avX5rZtLc9cfcGR163tme8WDGawbbNNFXEcMVgv8UAqiNk7o8EsMsQagR2UD4dGk5I77Zbq3lz-bbyoZgDT2ZIaUVunyg9aUW7HzmD1bABe7_bNzeWo%26cry%3D1%26dbm_d%3DAKAmf-B50J86nI_wfFrKXTonlr9Tv9mK0JKWg7L2pWJ2VI1BmwcJP9Dbq6X0uERj3MEwDLY_mypLIiYBGAMaAhQ56RwGICfGfHNBcuqiQjKuAYmewegarwBufUjg31ipWPeSONzZKR7HusXlELYDdCAdOPMtCg9G3eG6VHvw0uYwml5V5mo12JGmv9kyPKuZ39VykbBpJXj_Umc1exCHbrGO6MgvSii3ADN_MaOuMHUopBfHHTjSUXdeYlPuRAVAjWRIBPDC0jZatObzxdrzCgZqWgdTlGP3R2OO_F28K3fqsCl295gy3fNqLXXB3ldzEyAdDAg8XFl3449vinyovm1bPQm5nSWAyIGJTu5coawbPbz1Ll2okJhOcl3av5zGOM-F6o1crIwMWHxFAKRRgAnbbAb7MJ61G249XlqdHYYP_7ifR2X3jyTZqlRkoiUPMQfra981p6YLhF_t3Ki-2MdMjm9kbIO1uWfFQSQ3DVfJYUDn1Fj08vKdZr6gZ20T4IDopn9twFVM%26adurl%3D&documentReferer=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fpagead%2Fhtml%2Fr20231207%2Fr20110914%2Fzrt_lookup_fy2021.html%3Ffsb%3D1%23RS-2-%26adk%3D1812271804%26client%3Dca-pub-2575916601382163%26fa%3D4%26ifi%3D8%26uci%3Da!8%26btvi%3D4&ancestorOrigins=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Chttps%3A%2F%2Fwww.fifermods.com&random=4975386296106&isIframe=1&container=&adPos=0x0&adPosCheck=0x0&adtagId=0
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 136.243.149.243 Ludwigshafen am Rhein, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.243.149.243.136.clients.your-server.de
Software: Apache /
Resource Hash: 335ffd7f4d740eb0b46dee8323f14cd50b3dc2cf607e471a64e5a24ad4ae0473

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Connection: close
Content-Encoding: gzip
Content-Length: 2091
Content-Type: text/html; charset=utf-8
Date: Thu, 14 Dec 2023 23:01:21 GMT
Expires: Thu, 14 Dec 2023 23:01:21 +0100
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Pragma: no-cache
Server: Apache
Vary: Accept-Encoding

GET
H/1.1 200
OK cshow.php
www.awin1.com/ Frame 51EC 43 B
704 B 54ms
54ms Image
image/gif 104.64.118.247
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.awin1.com/cshow.php?s=2329635&v=16160&q=356171&r=296283&pref1=42066600000107704444552012539030&pv=1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231207/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

104.64.118.247 Prague, Czech Republic, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-64-118-247.deploy.static.akamaitechnologies.com

Software

Resource Hash

2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 14 Dec 2023 23:01:21 GMT
Strict-Transport-Security: max-age=86400
Node: Helix
Content-Type: image/gif
P3P: policyref="http://www.awin1.com/w3c/p3p.xml", CP="NOI NID CURa ADMa PSAa HISa OUR IND UNI PUR COM NAV"
Cache-Control: no-store, no-cache, max-age=0, must-revalidate
Awin-Akamai-Rule-Set: default
Connection: keep-alive
Content-Length: 43
Expires: 0

GET
H2 200 dc_oe=ChMIu_XJmISQgwMVKp39Bx3hnQkqEAAYACCD38li;dc_eps=AHas8cApDOWL_7xrzk6RRyTYbmlTwf3yiJQrF4KK_4t7ZqArnjQCofAkhAE5VkX698oyS2DjVAINMaE;met=1;ecn1=1;etm1=0;eid1=11;
ade.googlesyndication.com/ddm/activity/ Frame 68E7 42 B
401 B 111ms
45ms Image
image/gif 142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ade.googlesyndication.com/ddm/activity/dc_oe=ChMIu_XJmISQgwMVKp39Bx3hnQkqEAAYACCD38li;dc_eps=AHas8cApDOWL_7xrzk6RRyTYbmlTwf3yiJQrF4KK_4t7ZqArnjQCofAkhAE5VkX698oyS2DjVAINMaE;met=1;ecn1=1;etm1=0;eid1=11;

Requested by

Host: www.fifermods.com
URL: https://www.fifermods.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 14 Dec 2023 23:01:21 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 204
No Content event.png
tpsc-video-eu.doubleverify.com/ Frame 68E7 0
162 B 69ms
20ms Image
text/plain 130.211.44.5
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpsc-video-eu.doubleverify.com/event.png?vstevt=0&dup=33c64e8f-135a-42c3-9123-623b5234664d
Requested by: Host: www.fifermods.com
URL: https://www.fifermods.com/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 130.211.44.5 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 5.44.211.130.bc.googleusercontent.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 14 Dec 2023 23:01:21 GMT
Cache-Control: max-age=0
Connection: keep-alive
Expires: 2023-12-13T23:01:21

GET
H2 200 dc_oe=ChMIi_3AmISQgwMVy0P2CB3cIghHEAAYACCD38liOhoIuoXQ1gIQu4jbyL4EGL-kxOMDINO1k6aYEkITCLac-peEkIMDFWm1fwQdZZ0ApQ;dc_rmcid=CAQSTgAvHhf_1JL-DXMpPB0yQQnkxA4pI0Uv9c8mXgh0FZySGhrJt5BMqRR0ExZEdGC9Wm1dMXe...
ade.googlesyndication.com/ddm/activity/ Frame 68E7 42 B
107 B 112ms
46ms Image
image/gif 142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ade.googlesyndication.com/ddm/activity/dc_oe=ChMIi_3AmISQgwMVy0P2CB3cIghHEAAYACCD38liOhoIuoXQ1gIQu4jbyL4EGL-kxOMDINO1k6aYEkITCLac-peEkIMDFWm1fwQdZZ0ApQ;dc_rmcid=CAQSTgAvHhf_1JL-DXMpPB0yQQnkxA4pI0Uv9c8mXgh0FZySGhrJt5BMqRR0ExZEdGC9Wm1dMXeQIMLM5BBghVQd50YJ8Puj1twETVyQOOsdOBgB;eps=CIDhgBAQARgfMgKqAjoCgEBIvf3BOljT3vWXhJCDAw;met=1;acvw=sv%3D959%26v%3D20231113%26cb%3Dout%26e%3D0%26nas%3D1%26if%3D1%26sdk%3Dh%26p%3D0,0,0,0%26tos%3D0,0,0,0,0%26mtos%3D0,0,0,0,0%26amtos%3D0,0,0,0,0%26mcvt%3D0%26ps%3D-12245933,-12245933%26scs%3D1600,1200%26bs%3D0,0%26vht%3D0%26mut%3D0%26a%3D0%26ft%3D0%26dft%3D0%26at%3D0%26dat%3D0%26as%3D0%26vpt%3D0%26gmm%3D4%26efpf%3D2%26nio%3D1%26vmmk%3D52%26nmt%3D0%26tcm%3D1%26bt%3D0%26pst%3D-1%26dur%3D6016%26vmtime%3D19%26dvs%3D0%26dfvs%3D0%26dvpt%3D0%26is%3D33554450%26i0%3D33554450%26ic%3D0%26cs%3D33554450%26c%3D0%26mc%3D0%26nc%3D0%26mv%3D0%26nv%3D0%26lte%3D-1%26ces%3D200104%26avms%3Dnio%26qi%3D919284379%26psm%3D1%26psv%3D0%26psfv%3D0%26psa%3D0%26pngs%3D9,14,200104c,15s%26veid%3Dumt%3A1,xdi%3A0,mvp_lv%3A1,fmd%3A0%26ssb%3D0,0,0,0,0,0,0,0,0,0,0;gv=atos%3D0,0,0,0,0%26avt%3D0%26davs%3D0%26dafvs%3D0%26ss%3D0%26t%3D1702594881210;dc_rfl=%5BURL_SIGNALS%5D;ecn1=1;etm1=0;eid1=11;

Requested by

Host: www.fifermods.com
URL: https://www.fifermods.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 14 Dec 2023 23:01:21 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 /
googleads.g.doubleclick.net/pagead/interaction/ Frame 68E7 42 B
64 B 49ms
45ms Image
image/gif 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://googleads.g.doubleclick.net/pagead/interaction/?ai=CzLSoP4l7ZfaAJOnq_tMP5bqCqAqpov7TdNO1k6aYEs-Ph_mUMRABIKSR4jxglYKAgKAHyAEFqAMByAObBKoEgQJP0PHEpUAVYUpfTX109OJce4QOx1ZSvzypQ21U-jq5tLoRk8TzVFGbOU7t4Onca1NwxeOfCvuyH943MBQ8jKMnKlQLrBx4pqzTJsETJz-ATITFdKSzH5MDgOitq8Pj6RDkFOS9Z8NMhy9YahbflbEXgtCfMdFHHe8t_AmUXUdb8nWfcQc4imYjMP1KxfUqcFAbkmiEk_YAakY0wGe9AgM_XVq4N3KEfTR75FnWSDtYoNzi216-tEKLjVJ1vdZwIVFMWZmBOgt8cGYfktTP0A7Xcog3rjDBI3si6FBliQuXfMTasxw7Y468SYnAzEzrmS1yCd_vqQ0OZX8qpHiz4dlGLsAEu4jbyL4E4AQDiAWtxa3HTJAGAaAGToAHmpLo1QKoB9m2sQKoB47OG6gHk9gbqAfulrECqAf-nrECqAfVyRuoB6a-G6gHmgaoB_PRG6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggfCIDhgBAQARgfMgKqAjoCgEBIvf3BOljT3vWXhJCDA4AKAZgLAcgLAYAMAaIMGCoWChTktLEC7rWxArW4sQKsurECu7uxAqoNAkRFsBOljN4VyBO_pMTjA9gTCogUBNgUAdAVAfgWAYAXAegXBQ&sigh=JKajoFpFKZE&label=part2viewed&ad_mt=20&acvw=sv%3D959%26v%3D20231113%26cb%3Dout%26e%3D0%26nas%3D1%26if%3D1%26sdk%3Dh%26p%3D0,0,0,0%26tos%3D0,0,0,0,0%26mtos%3D0,0,0,0,0%26amtos%3D0,0,0,0,0%26mcvt%3D0%26ps%3D-12245933,-12245933%26scs%3D1600,1200%26bs%3D0,0%26vht%3D0%26mut%3D0%26a%3D0%26ft%3D0%26dft%3D0%26at%3D0%26dat%3D0%26as%3D0%26vpt%3D0%26gmm%3D4%26efpf%3D2%26nio%3D1%26vmmk%3D52%26nmt%3D0%26tcm%3D1%26bt%3D0%26pst%3D-1%26dur%3D6016%26vmtime%3D19%26dvs%3D0%26dfvs%3D0%26dvpt%3D0%26is%3D33554450%26i0%3D33554450%26ic%3D0%26cs%3D33554450%26c%3D0%26mc%3D0%26nc%3D0%26mv%3D0%26nv%3D0%26lte%3D-1%26ces%3D200104%26avms%3Dnio%26qi%3D919284379%26psm%3D1%26psv%3D0%26psfv%3D0%26psa%3D0%26pngs%3D9,14,200104c,15s%26veid%3Dumt%3A1,xdi%3A0,mvp_lv%3A1,fmd%3A0%26ssb%3D0,0,0,0,0,0,0,0,0,0,0&gv=atos%3D0,0,0,0,0%26avt%3D0%26davs%3D0%26dafvs%3D0%26ss%3D0%26t%3D1702594881210

Requested by

Host: www.fifermods.com
URL: https://www.fifermods.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/html/r20231207/r20110914/zrt_lookup_fy2021.html?fsb=1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 14 Dec 2023 23:01:21 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame 68E7 0
482 B 108ms
47ms Image
image/gif 142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjstLNc60uqQSCZXv85-xmDc4X574vqaDqFVjdBP4b6lQ6rH7c74mM4Tg296XgofNX13LaKwIbGyx6cl1CKhcrMRFJ9PeInkmy0IO6XlnCS4zZAdQxcPXK4pQFvdee6K43eCmbjr3LjjT5jHY25lPVFG_RMja0ceFPEKwiKRT3cwnh4E&sai=AMfl-YRjUZBcUvJqelHJLrrdh9yIfSSn6wYxovI9qsK5Dg4TilZc6ktK_xv5w6hzIdeLGU4SoT2T9GcyyvwJNAtA7nnEqCGYDv3Wvr4uVw&sig=Cg0ArKJSzMri3Kz0-GhLEAE&uach_m=%5BUACH%5D&cry=1&fbs_aeid=%5Bgw_fbsaeid%5D&urlfix=1&adurl=

Requested by

Host: www.fifermods.com
URL: https://www.fifermods.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 14 Dec 2023 23:01:21 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H/1.1 204
No Content visit.jpg
tps.doubleverify.com/ Frame 68E7 0
162 B 156ms
27ms Image
text/plain 130.211.44.5
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tps.doubleverify.com/visit.jpg?ctx=10242044&cmp=30443038&sid=5513185&plc=380567266&num=&adid=&advid=10957991&adsrv=1&btreg=572283934&btadsrv=doubleclick&crt=206729091&crtname=&chnl=&unit=&pid=&uid=&tagtype=video&dvtagver=6.1.img&
Requested by: Host: www.fifermods.com
URL: https://www.fifermods.com/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 130.211.44.5 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 5.44.211.130.bc.googleusercontent.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 14 Dec 2023 23:01:21 GMT
Cache-Control: max-age=0
Connection: keep-alive
Expires: 12/13/2023 23:01:21

GET
H/1.1 200
OK adServerESI.aspx
secure.insightexpressai.com/adServer/ Frame 68E7 35 B
2 KB 73ms
35ms Image
image/gif 2a02:26f0:3500:58c::1ec4
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://secure.insightexpressai.com/adServer/adServerESI.aspx?script=false&bannerID=11784158&siteID=N7657.3553448DISPLAYVIDEO360&creativeID=206729091&placementID=380567266&rnd=686608963&gdpr=&gdpr_consent=&redir=https://secure.insightexpressai.com/adserver/1pixel.gif

Requested by

Host: www.fifermods.com
URL: https://www.fifermods.com/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:3500:58c::1ec4 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

22816a00dfe9fcdc30063d22717ab9cbab3aeb2a8e9844e9d774d256dc48b7c8

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src ; style-src 'unsafe-inline';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	ALLOWALL
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

Content-Security-Policy: default-src * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src *; style-src * 'unsafe-inline';
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
Date: Thu, 14 Dec 2023 23:01:21 GMT
P3P: CP="NOI DSP COR NID CUR ADMa OUR STP STA"
Connection: keep-alive
Content-Length: 35
X-XSS-Protection: 1; mode=block
Pragma: no-cache
Referrer-Policy: unsafe-url
Vary: Accept-Encoding
X-Frame-Options: ALLOWALL
Content-Type: image/gif
Access-Control-Allow-Origin: *
Cache-Control: max-age=0, no-cache
Feature-Policy: accelerometer 'none'; camera 'none'; geolocation 'none'; gyroscope 'none'; magnetometer 'none'; microphone 'none'; payment 'none'; usb 'none'
Expires: Thu, 14 Dec 2023 23:01:21 GMT

GET
H/1.1 204
No Content visit.jpg
tpsc-video-eu.doubleverify.com/ Frame 68E7 0
162 B 27ms
27ms Image
text/plain 130.211.44.5
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpsc-video-eu.doubleverify.com/visit.jpg?vstevt=2&tagtype=video&ctx=10242044&cmp=30443038&sid=5513185&plc=380567266&adsrv=166&dup=33c64e8f-135a-42c3-9123-623b5234664d&dvtagver=dvot_2023-12-13_9caecda4d_45ec3c9&dvp_cfbs=99&dvp_infra=cloudflare&dvp_zjsver=0.21.19&vstvr=2.0-r&dvp_redirect=1&dvp_psf=0&app=-1&essd=0
Requested by: Host: www.fifermods.com
URL: https://www.fifermods.com/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 130.211.44.5 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 5.44.211.130.bc.googleusercontent.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 14 Dec 2023 23:01:21 GMT
Cache-Control: max-age=0
Connection: keep-alive
Expires: 12/13/2023 23:01:21

GET
H2 204 /
vtrk.doubleverify.com/ Frame 68E7 0
184 B 63ms
17ms Image
text/plain 2606:4700:4400::6812:2aef
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://vtrk.doubleverify.com/?v=1&t=event&tid=ZW-12000000&ec=vast&cid=33c64e8f-135a-42c3-9123-623b5234664d&el=https%3A%2F%2Fad.doubleclick.net%2Fddm%2Fpfadx%2FN7657.3553448DISPLAYVIDEO360%2FB30443038.380567266%3Bsz%3D0x0%3Bord%3D%5Btimestamp%5D%3Bdc_lat%3D%3Bdc_rdid%3D%3Btag_for_child_directed_treatment%3D%3Btfua%3D%3Bdcmt%3Dtext%2Fxml%3Bdc_sdkv%3Dh.0.0.0%3Bdc_osd%3D2%3Bdc_frm%3D2%3Bdc_sdr%3D1%3Bdc_ref%3Dhttps%3A%2F%2Fwww.fifermods.com%2F%3Bnel%3D0%3Fves%3DdGltZXN0YW1wOiAxNzAyNTk0ODgwNzY2CmNsaWNrX3Rocm91Z2hfdXJsOiAiaHR0cHM6Ly9hZGNsaWNrLmcuZG91YmxlY2xpY2submV0L3Bjcy9jbGljaz94YWk9QUtBT2pzdWphSi1JWERleU9KYVViek5RUXJZdUhWZXlCalRpVW5nczljNl9qUmZ2RGdJNlN2TjlBRE1pLWFEUC1UQ3FSSk5zOFRnQUFBcUc1NmxDdXdhXzl0VGFOMGlrNEFpVV8wRGE1UmNXaGJCelY3T0FES2ZLcVFWR09NUTAzMi1PTUVVOG80TldjdnhsMk02dVgwanMtNDRQeVZWZ1NRNEJBUV81WmFQS2xTMTl6QzFLSDE4WVBtLUZyc2dSeV9JRlJqaWdjT3ZYbml0ZEt6S2F3NzhTek9jRlpvRDB6RDM3dXdKb1dzMll5TGJzU2h5b01EcTlULTFpN2g5U19BVUZEUWNncmlDVXZVRTFEbGNuX0VzLUJlVGRrcFI5cGZKcHV5UnRTbGlhUWRFLVd3cmJPOUU1bTJtWU54NWdOTnJNdkM1bHd6U0pQQk5BTGtQRHIwZTRhV2l4Q0Znejl6WlRYT1kwaFZHVnhaT3RLRHhabERiMHE2R3BSOV9CRWN2T0VDaWlxcGV4R291SmVud2JueU5EdUJNU016WnlKRzh2SW56UmxKdmFTQTBRSnRmS0Q0RXBJNVlQVkVZOGFmeHpLV19ScF9zaGdXYXNWNHA1YVNDVTk3ZHVyQU1QbmtmNGhHMEhJUHR5MFozSXhtNWVSc3Z2VF85UmZHd080ZmRJaUJIWG15emgxbVVUZGJ0SW9XanFXTHRqaUREa2ZzMkwxUnRIZWFNQTlybHFXb014UmZjbUp6MnU2SWdlTnVPLTV5aUwyQ05ScVZlcDVTUWFxY0tjU2huYXV1OFNZZ2J0SGpNWi11ZldGN0taMUxYQ3djTnh4dUVkVWpvOWh0b1VGMl9BM0d3VldpU3k3blkyQzBBbWJiZVZDWjI4RW5xWVR3N2hiQWMxM242empDdDNtSUNZQ054Z180RFpjVkFoYmtqM0F2N2NTeHJiVlZnNzBNbnRtc1h2MFdZOW9TYlJYdjYxMEpPdjRhNS0xcm5nSVdjeDg5VW5DZDJlWWxfSGxCbDVPYzVSbGdpOExaVEtidi1hbmdNVGxPSnYzZGlQeXI2S1lsaUVpalBwUXFzV21lN09uUzNPWDREYTdqNXhtakxjR3oyWjBiNUUteEJYMGxTbEJKbjVlRDZVdG1keTlHQm51UDhod0NfM1F5WG0tLWxEeUlRSFB0YkZ6SlRtYnFtQXZkSThmb21wOWdHY0lDQ2pnZGg3QXctazVKSGo2dzFQZ3FHV2dYWDVCZTdUa2tMWXE1NDJIUVBvMERCZ09pajJhNy1rNFI3d2FPeXdjZ0k0MHNDQzZ0WFB4ZUMzYWdUQ3BzS0lTN1lnRXhNSTUzNUwyd0VnbzlOOExmNXJpMzBWUlJSOTJmY0xxRno5OGxYaUJEWXJmMDBPTXlzOVhxVDBLX3BVV0dSYlFsVlAxTDVtTVpBMm5IYXNIay1PeDIyZzR6eng4bUx0dzVxdEhtcnZtbFNPV1ZDaVJQOVNheDI2YUtHQkNmby1mY09reEdqRzJpOWdrTlFHcDZzei1wcGJZV3JPaC1rckpEa0ltX0ZYdXlqSWEwbzJYUDd5SkNmTGVrVkdxMzRzd21qd3RkU0pNVDRzWEttazNCQ2pTOE0wM2ZYOWlzd2JyZGUzTjRDek1JUlBrOU1qTDRtNWU5aVE0eUJJeHRnS0Q3dkk5ZGl0QVFSUktMUlNjYWN5N3lma19sa0pwWVBYRjhVajAwOVRGRkx0a0ZkR1d6V21qNGxmNGVXeFlvZFlER21GJnNhaT1BTWZsLVlUM1kxa1l5RDFIUUQwSk1qOUh1RXFrcnQ2MmJVSnd5Ujc4LUFjRU5GUGpjRzlBVEVjcTJXVjc2aGU4SFB2Q1pLOTZITGtsWmkzVXQxeF9pd01mMG94dFB6bUhyUTA2cmhmX0haNUdacjBmTVMzRTk2cUdXaE9lcHlYS2ZzQ3dSTUFBRktjTS0tUkgzVjFyLWdfUXBSaGxELWZxOVYyeFlubFlmMEF1UmZ0aGxPX2V3NEwxd3NmVWJ4blRQb1AyNGR6SFBiM05waXI5VW5aU1JMQkZhU19hZ1Q3bWZKMWRIS2RZOGpzc28wUWpYSkxSMk5HX3VvamQ4S2t2UFdjWjl2T2lMTzJWY0IyeGU4UmdmWXVTZjFFOWdmMlVqM2x4YjAwQ09INHNaQU5NQWJDaTVMUSZzaWc9Q2cwQXJLSlN6RWNWekRseDBvM19FQUUmY3J5PTEmZmJzX2FlaWQ9JTVCZ3dfZmJzYWVpZCU1RCZ1cmxmaXg9MSZhZHVybD1odHRwczovL3d3dy5lYS5jb20vZ2FtZXMvZWEtc3BvcnRzLWZjL2ZjLTI0L2ZlYXR1cmVzJTNGdXRtX2NhbXBhaWduJTNERkNfYnJkX3d3X202X3ByZ212X2R2MzYwX21mJTI2dXRtX3NvdXJjZSUzRGR2MzYwJTI2dXRtX21lZGl1bSUzRHZpZGVvJTI2Y2lkJTNENzM1OTglMjZ0cyUzRDE2NTI4OTAxNDE1OTMlMjZkY2xpZCUzRCUyNWVkY2xpZCEiCg%26dc_cid%3D206729091%26dc_adid%3D572283934&ea=impression&cm114=0&cm115=0&cd101=vast&cd102=src&cd111=wrapper&cd112=csu&cd117=-1&cd170=166&cd182=vpaid-transformer%400.21.19&cd188=FRA&cd189=cloudflare&cd190=10242044&cd191=30443038&cd192=5513185&cd193=380567266&cd196=3&cd141=%5BAPIFRAMEWORKS%5D&cd142=2023-12-14T23%3A01%3A21.216Z&cd143=2023-12-14T23%3A01%3A21.216Z&z=23123033
Requested by: Host: www.fifermods.com
URL: https://www.fifermods.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:4400::6812:2aef , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 14 Dec 2023 23:01:21 GMT
server: cloudflare
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
cache-control: no-cache
access-control-allow-credentials: true
cf-ray: 835a11789f4465b5-FRA
alt-svc: h3=":443"; ma=86400

GET
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame 68E7 0
138 B 53ms
53ms Image
image/gif 142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsu5wrcXR3EHPfyRh4tm7_njaO0dal73IdDExxBXGBq2aWRJLLJSCXrNbMsfLDxCQ55Lg7CTIgLr71MxuTr1gpyAaBYeB0zlgpyH3vJTnU8UQ_l8-mEHm4Z3-Rw6a8XXPlhV-R_drvaeIg8uf1kkjEgfxsTuG_1q-Y4iX0P4jLcDZtbNQohOx__m9bSejwZcrV2kJBewa3Veil42Us4k2_vzmFyobRyVJUQwPvJ6PGwEwXjOggdVX7xKZFZDlurg5SMXxYw2ML6h04r2IKgFs2rLbKnbsGCX1awXJ6_uiS9KBIE_4q-2s5jSqipwj85VBDX3SwjTvUC0X-6MYA861XlzpHmSkQR08loeN5QeewyD1RLsVfnWHBso0IeN84sDGhQSKNF-7tKG5s8NlkqRkHOV7976YB4uL3EWmsofvnZV_0zdjpRNnV-IpGFNdKOvgFwjezftPJNoBsV_1Ltrn-R8oXlbo0RUaJI0HU6fOQmYZLfKl8eXx0WEUUElieiCO_IBFweW3_Jo26fyXrz6RAeF3nDl1tyoKJFpGfTxB6ESo4xuVV8UpUQ4aZNAGcRoIYl5Ll5s75ZCyNSrfnTKcyiPxT_1_nrnD1MXHwC0qQyQlA4cQTSBk22ofwuV6UceHFIlUaY-lseLMS4hdr3eGMgOU-JtxZRYQWOEO_aPBdhp_1OmumDOBqbLnJLVoSV69GP1hP-stOqLU5kN3KGixZv0vcCT3hwXkEQtWH0vZCaewZmHV53qOmje1RJP3LCunXbclmA4xF52ZOXC_5Gx3jivNFGEo9bHVAk2a3slHMrDZcqoYUwRSlp1WmMiWXLHu7u2RXxlwTzAFtfjOfMxhAzgD-5FHihmaoMsL-QHQR9S7-YoYU517sFLFLFfdEz5-ffLVBct80G8OfnvSjMkh7TJEnTu7_yOs3O6ziDSAJB0-1jH8g_oieRkFfMJN1fhfpbcuf7r1isQvz3ZGo7Sz44ETDawsVpyZB1lGwcftyom4l-H4LoyAp2F2bNSXTHCWMR68qLYmUxSxyMQrFNvTMxxuEKuu2alTRsagT4xULJgfsplXDcFRIEMhd1hqy9INYv5IYRlaweXEcOxClMrllbVpSgAaMiTCOCaJeJgLvP_6_ZIQoEzhDo8IR3re1iDgtOOJuoaQ60pz7hBpvrQNm_PxztHqccUaYVJ1Uynpk3iixEgUcQdU-tq2LSgy7iMtF0Ok_Ez_LXqtBqWoWLt5_99ja4MC4kMlExuuCP7hbcUvj7t647j96HKaGtvMkNLA14wG8szircb4DQEKnobne__Uu0u&sai=AMfl-YRYkxrV5mTWxdG8tYTQmFw8EhtTdvOS4G4YhkEAFgxAGos4i0EEMSdO5N7-RbaenkmY5pViTWVkCzXKRmJp0DDdsFOaJhnidptYWMwpCAagioiWV91NTgg6zUziFlLRhdAi1OGmYujJZLo_SAF6FfcT87p0u5B_SDYHrcQeQo4ynReVA6Ee8fErkHPFtd3VTkuOZcbP7BjVoqI55Equpwi82ElTX4rIgNlwUILYFck5tZC6W3Cfqlhw_D_Wg5BU3N9leaUoElA7P6Focku3yi0kPFkTbBqjQ9P5iw&sig=Cg0ArKJSzLdSBj72F6uLEAE&uach_m=%5BUACH%5D&cry=1&fbs_aeid=%5Bgw_fbsaeid%5D&urlfix=1&adurl=

Requested by

Host: www.fifermods.com
URL: https://www.fifermods.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Thu, 14 Dec 2023 23:01:21 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
content-type: image/gif
cache-control: private
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H/1.1 200
OK adServerESI.aspx
secure.insightexpressai.com/adServer/ Frame 68E7 35 B
2 KB 64ms
50ms Image
image/gif 2a02:26f0:3500:58c::1ec4
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://secure.insightexpressai.com/adServer/adServerESI.aspx?script=false&bannerID=11784158&siteID=N7657.3553448DISPLAYVIDEO360&creativeID=206729091&placementID=380567266&rnd=3263320240&gdpr=&gdpr_consent=&redir=https://secure.insightexpressai.com/adserver/1pixel.gif

Requested by

Host: www.fifermods.com
URL: https://www.fifermods.com/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:3500:58c::1ec4 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

22816a00dfe9fcdc30063d22717ab9cbab3aeb2a8e9844e9d774d256dc48b7c8

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src ; style-src 'unsafe-inline';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	ALLOWALL
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

Content-Security-Policy: default-src * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src *; style-src * 'unsafe-inline';
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
Date: Thu, 14 Dec 2023 23:01:21 GMT
P3P: CP="NOI DSP COR NID CUR ADMa OUR STP STA"
Connection: keep-alive
Content-Length: 35
X-XSS-Protection: 1; mode=block
Pragma: no-cache
Referrer-Policy: unsafe-url
Vary: Accept-Encoding
X-Frame-Options: ALLOWALL
Content-Type: image/gif
Access-Control-Allow-Origin: *
Cache-Control: max-age=0, no-cache
Feature-Policy: accelerometer 'none'; camera 'none'; geolocation 'none'; gyroscope 'none'; magnetometer 'none'; microphone 'none'; payment 'none'; usb 'none'
Expires: Thu, 14 Dec 2023 23:01:21 GMT

GET
H3 200 pixel
googleads.g.doubleclick.net/xbbe/ Frame 68E7 0
16 B 51ms
48ms Image
text/html 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CJyAIxC6hdDWAhiPnpb9ASABMAE&v=APEucNVqLKG8M8CVSM6UW5pbRZ8KUthjpCXi7NAwG5qJ-0AprzztMpVJNcZNsF5-62O2TWDvx5qF1ROXrqzQLZOhQsTFOgoReg

Requested by

Host: www.fifermods.com
URL: https://www.fifermods.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/html/r20231207/r20110914/zrt_lookup_fy2021.html?fsb=1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 14 Dec 2023 23:01:21 GMT
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 68E7 0
20 B 47ms
44ms Image
image/gif 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=video_impression_ping

Requested by

Host: www.fifermods.com
URL: https://www.fifermods.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 14 Dec 2023 23:01:21 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 activeview
pagead2.googlesyndication.com/pcs/ Frame 68E7 42 B
64 B 49ms
46ms Image
image/gif 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsvbHidir7vbab4HO_5903zGPPJkOCHwN_73LohVObrrhofCgYXCGvG7IGoVooNfkSKw6NjMZ9j_Wmh6mzL3HJFLieJJrhHCykq38nAz77cgocSH21SRz3FyZ6D561bqjwhkNOJfsWHhXr4&sai=AMfl-YTdgCl3y-QTSHHzYQuxmGIXcPtAKPlXNJ7h2mV97XLAktPm1IJ5nPIa3R76T0MOUCSN0QswYIfHFAgLkBgjpFG3L-QAtqa7fuUgmkh8OhU6A0UVSgIngQil0qrAHgOUR3gyKSQpKwgkMPc6c25v&sig=Cg0ArKJSzGOhpd5AXx4jEAE&cid=CAQSTgAvHhf_1JL-DXMpPB0yQQnkxA4pI0Uv9c8mXgh0FZySGhrJt5BMqRR0ExZEdGC9Wm1dMXeQIMLM5BBghVQd50YJ8Puj1twETVyQOOsdOBgB&id=lidarv&acvw=sv%3D959%26v%3D20231113%26cb%3Dout%26e%3D15%26nas%3D1%26if%3D1%26sdk%3Dh%26p%3D0,0,0,0%26tos%3D0,0,0,0,0%26mtos%3D0,0,0,0,0%26amtos%3D0,0,0,0,0%26mcvt%3D0%26ps%3D-12245933,-12245933%26scs%3D1600,1200%26bs%3D0,0%26vht%3D0%26mut%3D0%26a%3D0%26ft%3D0%26dft%3D0%26at%3D0%26dat%3D0%26as%3D0%26vpt%3D0%26gmm%3D4%26efpf%3D2%26nio%3D1%26vmmk%3D52%26nmt%3D0%26tcm%3D1%26bt%3D0%26pst%3D-1%26dur%3D6016%26vmtime%3D19%26dvs%3D0%26dfvs%3D0%26dvpt%3D0%26is%3D33554450%26ic%3D33554450%26cs%3D33554450%26c%3D0%26mc%3D0%26nc%3D0%26mv%3D0%26nv%3D0%26lte%3D-1%26ces%3D200104%26avms%3Dnio%26qi%3D919284379%26psm%3D1%26psv%3D0%26psfv%3D0%26psa%3D0%26pngs%3D9,14,200104c,15%26veid%3Dumt%3A1,xdi%3A0,mvp_lv%3A1,fmd%3A0%26ssb%3D0,0,0,0,0,0,0,0,0,0,0&gv=atos%3D0,0,0,0,0%26avt%3D0%26davs%3D0%26dafvs%3D0%26ss%3D0%26t%3D1702594881210&avm=1

Requested by

Host: www.fifermods.com
URL: https://www.fifermods.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 14 Dec 2023 23:01:21 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 /
googleads.g.doubleclick.net/pagead/interaction/ Frame 68E7 42 B
64 B 48ms
46ms Image
image/gif 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://googleads.g.doubleclick.net/pagead/interaction/?ai=CzLSoP4l7ZfaAJOnq_tMP5bqCqAqpov7TdNO1k6aYEs-Ph_mUMRABIKSR4jxglYKAgKAHyAEFqAMByAObBKoEgQJP0PHEpUAVYUpfTX109OJce4QOx1ZSvzypQ21U-jq5tLoRk8TzVFGbOU7t4Onca1NwxeOfCvuyH943MBQ8jKMnKlQLrBx4pqzTJsETJz-ATITFdKSzH5MDgOitq8Pj6RDkFOS9Z8NMhy9YahbflbEXgtCfMdFHHe8t_AmUXUdb8nWfcQc4imYjMP1KxfUqcFAbkmiEk_YAakY0wGe9AgM_XVq4N3KEfTR75FnWSDtYoNzi216-tEKLjVJ1vdZwIVFMWZmBOgt8cGYfktTP0A7Xcog3rjDBI3si6FBliQuXfMTasxw7Y468SYnAzEzrmS1yCd_vqQ0OZX8qpHiz4dlGLsAEu4jbyL4E4AQDiAWtxa3HTJAGAaAGToAHmpLo1QKoB9m2sQKoB47OG6gHk9gbqAfulrECqAf-nrECqAfVyRuoB6a-G6gHmgaoB_PRG6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggfCIDhgBAQARgfMgKqAjoCgEBIvf3BOljT3vWXhJCDA4AKAZgLAcgLAYAMAaIMGCoWChTktLEC7rWxArW4sQKsurECu7uxAqoNAkRFsBOljN4VyBO_pMTjA9gTCogUBNgUAdAVAfgWAYAXAegXBQ&sigh=JKajoFpFKZE&label=vast_creativeview&ad_mt=20&acvw=sv%3D959%26v%3D20231113%26cb%3Dout%26e%3D19%26nas%3D1%26if%3D1%26sdk%3Dh%26p%3D0,0,0,0%26tos%3D0,0,0,0,0%26mtos%3D0,0,0,0,0%26amtos%3D0,0,0,0,0%26mcvt%3D0%26ps%3D-12245933,-12245933%26scs%3D1600,1200%26bs%3D0,0%26vht%3D0%26mut%3D0%26a%3D0%26ft%3D0%26at%3D0%26as%3D0%26vpt%3D0%26gmm%3D4%26efpf%3D2%26nio%3D1%26vmmk%3D52%26nmt%3D0%26tcm%3D1%26bt%3D0%26pst%3D-1%26dur%3D6016%26vmtime%3D19%26is%3D33554450%26i0%3D33554450%26cs%3D33554450%26c%3D0%26mc%3D0%26nc%3D0%26mv%3D0%26nv%3D0%26lte%3D-1%26ces%3D200104%26avms%3Dnio%26qi%3D919284379%26psm%3D1%26psv%3D0%26psfv%3D0%26psa%3D0%26pngs%3D9,14,200104c,15s%26veid%3Dumt%3A1,xdi%3A0,mvp_lv%3A1,fmd%3A0%26ssb%3D0,0,0,0,0,0,0,0,0,0,0&gv=atos%3D0,0,0,0,0%26avt%3D0%26ss%3D0%26t%3D1702594881210

Requested by

Host: www.fifermods.com
URL: https://www.fifermods.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/html/r20231207/r20110914/zrt_lookup_fy2021.html?fsb=1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 14 Dec 2023 23:01:21 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 csi
csi.gstatic.com/ Frame 68E7 0
54 B 471ms
468ms Ping
image/gif 2404:6800:4004:821::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://csi.gstatic.com/csi?v=2&s=osv&dmc=8&puid=7~lq5t1668&c=3993659239035&slotId=1996829619517.5&qqid=CLac-peEkIMDFWm1fwQdZZ0ApQ&fb=outstream-lima&gpm_i=9&gpm_c=9&gpm_a=9&smb=Infinity&br=2076&mt=video%2Fmp4&vs=1024x576&dm=6000&event_name=first_play&asset_bytes=215513&video_bytes=300&cached_data_bytes=0&js_cached=false&css_cached=false&num_assets=11&num_assets_cached=0&num_assets_cache_validated=0&num_assets_unmeasurable=1&video_played_seconds=0.00&video_muted=true&video_seconds_loaded=0.00&met.4=vil.1bp~ff.1bw~videopreviewstarted.1bx
Requested by: Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20231113_RC00/outstream.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2404:6800:4004:821::2003 , Australia, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 14 Dec 2023 23:01:21 GMT
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
server: Golfe2
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 dc_pre=CKPU15iEkIMDFW1gkQUdFz0GRA;src=8019191;type=invmedia;cat=1up4h04i;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=9116758614660.271
adservice.google.com/ddm/fls/z/ Frame 42D2 42 B
107 B 47ms
45ms Image
image/gif 2a00:1450:4001:81c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://adservice.google.com/ddm/fls/z/dc_pre=CKPU15iEkIMDFW1gkQUdFz0GRA;src=8019191;type=invmedia;cat=1up4h04i;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=9116758614660.271

Requested by

Host: 8019191.fls.doubleclick.net
URL: https://8019191.fls.doubleclick.net/activityi;dc_pre=CKPU15iEkIMDFW1gkQUdFz0GRA;src=8019191;type=invmedia;cat=1up4h04i;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=9116758614660.271?

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8019191.fls.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 14 Dec 2023 23:01:21 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 css
fonts.googleapis.com/ Frame 2EEF 5 KB
682 B 28ms
27ms Stylesheet
text/css 2a00:1450:4001:81c::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Source+Sans+Pro:400,600

Requested by

Host: hal900030.redintelligence.net
URL: https://hal900030.redintelligence.net/request_content.php?s=42066600000107704444552012539030&a=f19139eb

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

e334ca19f092778f57815a534078daf8e3fce269e56f7ea374ab3a117eee92ad

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal900030.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Thu, 14 Dec 2023 23:01:21 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Thu, 14 Dec 2023 21:49:04 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Thu, 14 Dec 2023 23:01:21 GMT

GET
H/1.1 200
OK /
hal9000.redintelligence.net/scale/ Frame 2EEF 11 KB
11 KB 68ms
55ms Image
image/png 144.76.91.199
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://hal9000.redintelligence.net/scale/?nw=20&mode=bb&width=100&height=55&url=https://cdn.contentspread.net/24i/advertiser/50502/creativesup/Fyrst-1200x627.jpg
Requested by: Host: hal900030.redintelligence.net
URL: https://hal900030.redintelligence.net/request_content.php?s=42066600000107704444552012539030&a=f19139eb
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 144.76.91.199 Dottingen, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.199.91.76.144.clients.your-server.de
Software: Apache /
Resource Hash: f520d0568285762495b76d8a29697de2c8e8a8e2ac84171b98ffd039355d2a9e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal900030.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

Date: Thu, 14 Dec 2023 23:01:21 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 10696
Vary: Accept-Encoding
Content-Type: image/png

GET
H/1.1 200
OK /
hal9000.redintelligence.net/scale/ Frame 2EEF 14 KB
14 KB 20ms
8ms Image
image/png 144.76.91.199
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://hal9000.redintelligence.net/scale/?nw=20&mode=bb&width=100&height=55&url=https://cdn.contentspread.net/24i/advertiser/73943/creativesup/STIHL-X-Mas-1200x627.jpg
Requested by: Host: hal900030.redintelligence.net
URL: https://hal900030.redintelligence.net/request_content.php?s=42066600000107704444552012539030&a=f19139eb
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 144.76.91.199 Dottingen, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.199.91.76.144.clients.your-server.de
Software: Apache /
Resource Hash: 082a84bcf37f44e76d5bc5f6ed0b543d87e00007c7fbb30b5be2282402af30d8

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal900030.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

Date: Thu, 14 Dec 2023 23:01:21 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 13730
Vary: Accept-Encoding
Content-Type: image/png

GET
H/1.1 200
OK /
hal9000.redintelligence.net/scale/ Frame 2EEF 11 KB
11 KB 20ms
7ms Image
image/png 144.76.91.199
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://hal9000.redintelligence.net/scale/?nw=20&mode=bb&width=100&height=55&url=https://cdn.contentspread.net/24i/advertiser/49107/creativesup/forever_young_strunz_reachgroup_1200x627.jpg
Requested by: Host: hal900030.redintelligence.net
URL: https://hal900030.redintelligence.net/request_content.php?s=42066600000107704444552012539030&a=f19139eb
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 144.76.91.199 Dottingen, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.199.91.76.144.clients.your-server.de
Software: Apache /
Resource Hash: 2eca186696bfa670f95ee3596693bcf4b53a0e5f29bfc3a43087ac66d394c2d4

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal900030.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

Date: Thu, 14 Dec 2023 23:01:21 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 11224
Vary: Accept-Encoding
Content-Type: image/png

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 1235 0
20 B 44ms
44ms Image
image/gif 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=44&t=2&bgai=BGMDeQIl7ZczrMOrLjuwP39mRkAEAAAAAOAHgBAI&bg=!EhGlEV7NAAY3kmNgF5I7ADQBe5WfONgko-Y5Vxme1kpI1cmfM9CdshzfY__BThDAWeVeELgaXDB09fqTbfvLAjYlmJfWAgAAADZSAAAAAWgBB5kDSyXrQjSHLklc0etIHNsIqkVrGMxheQ5T1JpnQZxc8Tyg1bUVH7gzT-fgx-Txloj0_1tZJ9cnqQ974MHKs8aeECGavuum2xOnlqXGqlggene0-e-eUcomzvZwwlRcTuMAH07Dv_PZXqCAOlhF7cOgpmaXTyCzeY5BzHN9bxo_rMXX7b3gn_Xrjtzn0gDvPSETabWw4QoJovN3j5AI0p2xmWYty1Xnvfbpn1y6k3CP5IxnmOYkdRwjpSNEg5Oa46pFkPdUum9h7TrONfoNealnY6fjTyyXnOW4NpR6FdD39VjCZfl-V8fyn1meyzhERvjYSTGCwISNBaawu-sbqjM7EV0yY1HF3anrYy7vMZjilqLqudKhXN4Vx3EPUV9WF2G6q43H_xxJDoaE1RL99PHZnAb7zfcAXcK78ME9o31G73DgDS9bZNrZImEoUXiAWSklvWqa2FxtvJ130BpJKfcB7jX7Dj54fVBPAWVYwIJx4s7ShSp-qZS_nqFD6HGTlW4IAvuzkhVw_58YM3jJTAo-iZjBPdo1qAi6zGxHOUQS4wHSP3VaYr_4jrMj5JDf6K7sDe54aLGzRodRpciIXUimqwccdstN5mirXs9vJ35hb_OrNsLrAaXBFBxWiHQN1bbdiuVNUV1Nufz7CTjy53dfb7UHUuH9memojNU9U8pfZKil2vkQ6EFgtXeoL9EjySgr7qCmaOwaePoogY9njMABYGe6v0gYZ-CWvPcCrEwUqGh3NTfBkjY4wVfNlJ3PF7eXfI8aUsRbvHJ4tT4z9MH2ZBjHjbjdQ4CmwdLO7cf6JM0a0W-eOkuD3ZaHRHHyEKNWFA0J-gYpwhH-VdMNkVnQiEvFoF2PMcQjy59o-03orQSY1NgBpoa7NZobW8oaOaOAP7buLzwT6GUgUKD-Q542rLIzasE9gG9XOZueEjebQ1zjrU5NvwFiQpTzgk5d_l53Mqvml52CtF8ReML5Y-ZUomoiTQSLZxHhCkcXq4K9u6eYQVTwb6A57iIfvCFIl0PhRn_bGRc8160YWDVF5c7qmnMF1zaNDU3yfP3xOv7_CG763tbrIMTWk2A-PZpmhcKonyKjQIrdJNMJ0-BETOc36Sztgh6zpwz0QYbVsQ

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231207/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 14 Dec 2023 23:01:21 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK viewability Show response
hal900030.redintelligence.net/ Frame 2EEF 0
150 B 20ms
7ms Script
text/html 136.243.149.243
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal900030.redintelligence.net/viewability?s=42066600000107704444552012539030&a=be7284e1&vb=m
Requested by: Host: hal900030.redintelligence.net
URL: https://hal900030.redintelligence.net/request_content.php?s=42066600000107704444552012539030&a=f19139eb
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 136.243.149.243 Ludwigshafen am Rhein, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.243.149.243.136.clients.your-server.de
Software: Apache /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal900030.redintelligence.net/request_content.php?s=42066600000107704444552012539030&a=f19139eb
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

Date: Thu, 14 Dec 2023 23:01:21 GMT
Server: Apache
Connection: close
Content-Length: 0
Content-Type: text/html; charset=UTF-8

GET
DATA 200
OK truncated
/ Frame 42DD 215 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 479f3556d1473c070d612ec14b1308e3b57abbe98f7080e25a84d3ed95c798cb

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 6xKydSBYKcSV-LCoeQqfX1RYOo3i54rwlxdu.woff2
fonts.gstatic.com/s/sourcesanspro/v22/ Frame 71BB 14 KB
15 KB 7ms
7ms Font
font/woff2 2a00:1450:4001:813::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/sourcesanspro/v22/6xKydSBYKcSV-LCoeQqfX1RYOo3i54rwlxdu.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Source+Sans+Pro:400,600

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ca57b79a870bbf54700730858603a70d79743779c1b059922ec401bfddc5adc9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://hal90002.redintelligence.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Mon, 11 Dec 2023 17:12:00 GMT
x-content-type-options: nosniff
age: 280161
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14824
x-xss-protection: 0
last-modified: Thu, 01 Jun 2023 22:52:55 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 10 Dec 2024 17:12:00 GMT

GET
H3 200 6xK3dSBYKcSV-LCoeQqfX1RYOo3qOK7l.woff2
fonts.gstatic.com/s/sourcesanspro/v22/ Frame 71BB 15 KB
15 KB 8ms
8ms Font
font/woff2 2a00:1450:4001:813::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/sourcesanspro/v22/6xK3dSBYKcSV-LCoeQqfX1RYOo3qOK7l.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Source+Sans+Pro:400,600

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7b348b30ea1fe43857e68fc462c29e5c6e63c97666af75135c4396a272e54762

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://hal90002.redintelligence.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Tue, 12 Dec 2023 08:54:05 GMT
x-content-type-options: nosniff
age: 223636
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14892
x-xss-protection: 0
last-modified: Thu, 01 Jun 2023 22:52:56 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 11 Dec 2024 08:54:05 GMT

GET
DATA 200
OK truncated
/ Frame 51EC 215 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 79476d7bcb91fed9700565ba20d1a03ffcb707acfa994ca3bd4e31f6c86ec546

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 6xKydSBYKcSV-LCoeQqfX1RYOo3i54rwlxdu.woff2
fonts.gstatic.com/s/sourcesanspro/v22/ Frame 2EEF 14 KB
15 KB 7ms
6ms Font
font/woff2 2a00:1450:4001:813::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/sourcesanspro/v22/6xKydSBYKcSV-LCoeQqfX1RYOo3i54rwlxdu.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Source+Sans+Pro:400,600

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ca57b79a870bbf54700730858603a70d79743779c1b059922ec401bfddc5adc9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://hal900030.redintelligence.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Mon, 11 Dec 2023 17:12:00 GMT
x-content-type-options: nosniff
age: 280161
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14824
x-xss-protection: 0
last-modified: Thu, 01 Jun 2023 22:52:55 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 10 Dec 2024 17:12:00 GMT

GET
H3 200 6xK3dSBYKcSV-LCoeQqfX1RYOo3qOK7l.woff2
fonts.gstatic.com/s/sourcesanspro/v22/ Frame 2EEF 15 KB
15 KB 8ms
8ms Font
font/woff2 2a00:1450:4001:813::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/sourcesanspro/v22/6xK3dSBYKcSV-LCoeQqfX1RYOo3qOK7l.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Source+Sans+Pro:400,600

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7b348b30ea1fe43857e68fc462c29e5c6e63c97666af75135c4396a272e54762

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://hal900030.redintelligence.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Tue, 12 Dec 2023 08:54:05 GMT
x-content-type-options: nosniff
age: 223636
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14892
x-xss-protection: 0
last-modified: Thu, 01 Jun 2023 22:52:56 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 11 Dec 2024 08:54:05 GMT

GET
H2 200 jquery.magnific-popup.js Show response
widgets.sociablekit.com/libs/js/magnific-popup/ Frame B094 51 KB
14 KB 165ms
165ms Script
application/javascript 137.220.35.134
AS-CHOOPA

General

Check archive.org

Show headers Download Go to

Full URL: https://widgets.sociablekit.com/libs/js/magnific-popup/jquery.magnific-popup.js
Requested by: Host: www.sociablekit.com
URL: https://www.sociablekit.com/app/embed/youtube-channel-videos/widget.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 137.220.35.134 Kent, United States, ASN20473 (AS-CHOOPA, US),
Reverse DNS: 137.220.35.134.vultrusercontent.com
Software: nginx /
Resource Hash: 216b23e267946588bddf9129b4fca8e1db055a85dae782074d9540a52081a12c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.sociablekit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 14 Dec 2023 23:01:21 GMT
content-encoding: gzip
last-modified: Thu, 21 Oct 2021 08:19:43 GMT
server: nginx
etag: W/"6171229f-cba6"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000

GET
H2 200 moment.js Show response
widgets.sociablekit.com/libs/js/ Frame B094 147 KB
33 KB 171ms
171ms Script
application/javascript 137.220.35.134
AS-CHOOPA

General

Check archive.org

Show headers Download Go to

Full URL: https://widgets.sociablekit.com/libs/js/moment.js
Requested by: Host: www.sociablekit.com
URL: https://www.sociablekit.com/app/embed/youtube-channel-videos/widget.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 137.220.35.134 Kent, United States, ASN20473 (AS-CHOOPA, US),
Reverse DNS: 137.220.35.134.vultrusercontent.com
Software: nginx /
Resource Hash: d24578df52d3a3bed3ea5c667a27abe33aea45185294fb59ef776edd0c63c50e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.sociablekit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 14 Dec 2023 23:01:21 GMT
content-encoding: gzip
last-modified: Thu, 06 Jul 2023 11:15:13 GMT
server: nginx
etag: W/"64a6a241-24cf8"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 164E 0
20 B 41ms
41ms Ping
image/gif 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tler&ord=5736568980705&version=m202309260101&ct=77&x=1&cor=9980805915513240000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 14 Dec 2023 23:01:21 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 moment-timezone.js Show response
widgets.sociablekit.com/libs/js/ Frame B094 203 KB
31 KB 171ms
171ms Script
application/javascript 137.220.35.134
AS-CHOOPA

General

Check archive.org

Show headers Download Go to

Full URL: https://widgets.sociablekit.com/libs/js/moment-timezone.js
Requested by: Host: www.sociablekit.com
URL: https://www.sociablekit.com/app/embed/youtube-channel-videos/widget.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 137.220.35.134 Kent, United States, ASN20473 (AS-CHOOPA, US),
Reverse DNS: 137.220.35.134.vultrusercontent.com
Software: nginx /
Resource Hash: 97da1e515bb27bd9d9698f067909ee65561726d4cc0cddf3502f49d1e34bad8c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.sociablekit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 14 Dec 2023 23:01:21 GMT
content-encoding: gzip
last-modified: Thu, 21 Oct 2021 08:19:43 GMT
server: nginx
etag: W/"6171229f-32c0a"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000

POST
H2 204 csi
csi.gstatic.com/ Frame 68E7 0
54 B 271ms
271ms Ping
image/gif 2404:6800:4004:821::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://csi.gstatic.com/csi?v=2&s=osv&dmc=8&puid=8~lq5t1682&c=3993659239035&slotId=1996829619517.5&qqid=CLac-peEkIMDFWm1fwQdZZ0ApQ&fb=outstream-lima&gpm_i=9&gpm_c=9&gpm_a=9&smb=Infinity&br=2076&mt=video%2Fmp4&vs=1024x576&dm=6000&met.4=vfl.1cq
Requested by: Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20231113_RC00/outstream.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2404:6800:4004:821::2003 , Australia, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 14 Dec 2023 23:01:21 GMT
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
server: Golfe2
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 player_api Show response
www.youtube.com/ Frame B094 993 B
1013 B 40ms
40ms Script
text/javascript 2a00:1450:4001:809::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/player_api

Requested by

Host: www.sociablekit.com
URL: https://www.sociablekit.com/app/embed/youtube-channel-videos/widget.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

98b7d90beeaf2d2944f47d2c001be5d943d1b6306bbf7dc27c240e092ed8544d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.sociablekit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 14 Dec 2023 23:01:21 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-encoding: br
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657?hl=de for more info."
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
server: ESF
x-frame-options: SAMEORIGIN
report-to: {"group":"youtube_main","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube_main"}]}
content-type: text/javascript; charset=utf-8
vary: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cache-control: private, max-age=0
origin-trial: AvC9UlR6RDk2crliDsFl66RWLnTbHrDbp+DiY6AYz/PNQ4G4tdUTjrHYr2sghbkhGQAVxb7jaPTHpEVBz0uzQwkAAAB4eyJvcmlnaW4iOiJodHRwczovL3lvdXR1YmUuY29tOjQ0MyIsImZlYXR1cmUiOiJXZWJWaWV3WFJlcXVlc3RlZFdpdGhEZXByZWNhdGlvbiIsImV4cGlyeSI6MTcxOTUzMjc5OSwiaXNTdWJkb21haW4iOnRydWV9
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
cross-origin-opener-policy-report-only: same-origin; report-to="youtube_main"
expires: Thu, 14 Dec 2023 23:01:21 GMT

GET
H3 200 www-widgetapi.js Show response
www.youtube.com/s/player/d23221b6/www-widgetapi.vflset/ Frame B094 216 KB
67 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:809::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/s/player/d23221b6/www-widgetapi.vflset/www-widgetapi.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/player_api

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5a0e2b951191e60b6c3905118d84d9a95a309d355c4eb71dfead2ae2866683ee

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.sociablekit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 14 Dec 2023 20:34:49 GMT
content-encoding: br
x-content-type-options: nosniff
age: 8792
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 68553
x-xss-protection: 0
last-modified: Wed, 13 Dec 2023 02:47:51 GMT
server: sffe
vary: Accept-Encoding, Origin
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
expires: Fri, 13 Dec 2024 20:34:49 GMT

GET
H2 200 nr-rum-1.248.0.min.js Show response
js-agent.newrelic.com/ Frame B094 44 KB
16 KB 27ms
7ms Script
application/javascript 151.101.66.137
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://js-agent.newrelic.com/nr-rum-1.248.0.min.js

Requested by

Host: www.sociablekit.com
URL: https://www.sociablekit.com/app/embed/45837

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.66.137 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

fe2c8e1464e377e0e004cae5ca02498a306b7090feddbd3abe14d088c5a7bc19

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

Referer: https://www.sociablekit.com/
Origin: https://www.sociablekit.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

x-amz-version-id: 5pOats3JozwL.Cq.YDQ1.AKeG91t1nFP
content-encoding: br
via: 1.1 varnish
date: Thu, 14 Dec 2023 23:01:22 GMT
strict-transport-security: max-age=300
x-amz-request-id: ZCHJJ37CV41F90HG
x-amz-server-side-encryption: AES256
x-cache: HIT
cross-origin-resource-policy: cross-origin
content-length: 15747
x-amz-id-2: In+oT4EKsyAL9961Sgw8rBLoBIgHmqvEDUrAiAbYdLOqJhKMUT4P8L7A+MbONGQi8AwVIDnTkoM=
x-served-by: cache-fra-eddf8230122-FRA
last-modified: Thu, 16 Nov 2023 17:54:54 GMT
server: AmazonS3
x-timer: S1702594882.024989,VS0,VE0
etag: "ee8c8948e29e77d6bade8edf829b4863"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=86400, stale-if-error=86400
accept-ranges: bytes
x-cache-hits: 984469

GET
H2 200 45837.json Show response
data.accentapi.com/feed/ Frame B094 2 KB
772 B 72ms
23ms Fetch
application/json 165.232.46.2
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://data.accentapi.com/feed/45837.json?nocache=1702594882002
Requested by: Host: www.sociablekit.com
URL: https://www.sociablekit.com/app/embed/youtube-channel-videos/widget.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 165.232.46.2 Slough, United Kingdom, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS: 1001405.cloudwaysapps.com
Software: nginx /
Resource Hash: 953b0fff751dd75339795d118b5c24b69aca2e4d02e0bc5071de1ee2fa13328c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.sociablekit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 14 Dec 2023 23:01:22 GMT
content-encoding: gzip
last-modified: Wed, 17 May 2023 10:46:01 GMT
server: nginx
etag: W/"645-5fbe164d9d5bd"
vary: Accept-Encoding
access-control-allow-methods: GET,POST,OPTIONS
content-type: application/json
access-control-max-age: 1728000
access-control-allow-origin: *
access-control-allow-headers: Authorization

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 16 KB
12 KB 57ms
57ms XHR
application/json 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20231207&st=env

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

eae0c0cd2b39b972f48a373911918f3ad0d99c96a238990f756923bd9b87ce4e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.fifermods.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 14 Dec 2023 23:01:22 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 12106
x-xss-protection: 0

POST
H/1.1 200 b6b5d2c823 Show response
bam.nr-data.net/1/ Frame B094 40 B
407 B 549ms
516ms XHR
text/plain 162.247.243.29
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://bam.nr-data.net/1/b6b5d2c823?a=1228988218&v=1.248.0&to=MlBaNhZWCxVTBkBeXQsabRANGAQWQkpRWlAAURcLClMAHhwVXEc%3D&rst=2814&ck=0&s=ebf9f1cb1ddd1503&ref=https://www.sociablekit.com/app/embed/45837&ap=1&be=654&fe=2123&dc=1211&at=HhdZQF5MGBs%3D&fsh=1&perf=%7B%22timing%22:%7B%22of%22:1702594879226,%22n%22:0,%22f%22:0,%22dn%22:10,%22dne%22:10,%22c%22:10,%22s%22:17,%22ce%22:27,%22rq%22:27,%22rp%22:654,%22rpe%22:655,%22di%22:1865,%22ds%22:1865,%22de%22:1865,%22dc%22:2774,%22l%22:2774,%22le%22:2777%7D,%22navigation%22:%7B%7D%7D
Requested by: Host: js-agent.newrelic.com
URL: https://js-agent.newrelic.com/nr-rum-1.248.0.min.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 162.247.243.29 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: c831a58c25f63105a06a622b3435bc6761474664f87e8e7b6ef8dccafa0d890f

Request headers

Referer: https://www.sociablekit.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
content-type: text/plain

Response headers

date: Thu, 14 Dec 2023 23:01:22 GMT
access-control-allow-methods: GET, POST, PUT, HEAD, OPTIONS
content-type: text/plain
access-control-allow-origin: https://www.sociablekit.com
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
Connection: keep-alive
Content-Length: 40
x-served-by: cache-fra-etou8220106-FRA

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
6 KB 50ms
50ms Script
text/javascript 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.fifermods.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 14 Dec 2023 23:01:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Thu, 14 Dec 2023 23:01:22 GMT

GET
H2 200 widget_css.php
widgets.sociablekit.com/youtube-channel-videos/ Frame B094 27 KB
6 KB 154ms
154ms Stylesheet
text/css 137.220.35.134
AS-CHOOPA

General

Check archive.org

Show headers Download Go to

Full URL: https://widgets.sociablekit.com/youtube-channel-videos/widget_css.php
Requested by: Host: www.sociablekit.com
URL: https://www.sociablekit.com/app/embed/youtube-channel-videos/widget.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 137.220.35.134 Kent, United States, ASN20473 (AS-CHOOPA, US),
Reverse DNS: 137.220.35.134.vultrusercontent.com
Software: nginx /
Resource Hash: 691ed9554f364bfa51f7bdf7f6582bd733c6657dc400841bc19beed6380db07a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.sociablekit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 14 Dec 2023 23:01:22 GMT
content-encoding: gzip
server: nginx
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: text/css; charset: UTF-8;charset=UTF-8
access-control-allow-origin: *
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
access-control-allow-credentials: true
access-control-allow-headers: access
content-length: 5364
expires: Thu, 19 Nov 1981 08:52:00 GM

GET
H2 200 settings.json Show response
data.accentapi.com/settings/45837/ Frame B094 2 KB
1 KB 20ms
20ms Fetch
application/json 165.232.46.2
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://data.accentapi.com/settings/45837/settings.json?nocache=1702594882002
Requested by: Host: www.sociablekit.com
URL: https://www.sociablekit.com/app/embed/youtube-channel-videos/widget.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 165.232.46.2 Slough, United Kingdom, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS: 1001405.cloudwaysapps.com
Software: nginx /
Resource Hash: 19fb4fc743875a0b84d6fde36f2ff02c25f854949ea1856a655cc5cec4b922b9

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.sociablekit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 14 Dec 2023 23:01:22 GMT
content-encoding: gzip
last-modified: Wed, 17 May 2023 10:51:25 GMT
server: nginx
etag: W/"69a-5fbe17825c43e"
vary: Accept-Encoding
access-control-allow-methods: GET,POST,OPTIONS
content-type: application/json
access-control-max-age: 1728000
access-control-allow-origin: *
access-control-allow-headers: Authorization

GET
H3 200 player_api Show response
www.youtube.com/ Frame B094 993 B
518 B 44ms
44ms Script
text/javascript 2a00:1450:4001:809::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/player_api

Requested by

Host: www.sociablekit.com
URL: https://www.sociablekit.com/app/embed/youtube-channel-videos/widget.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

98b7d90beeaf2d2944f47d2c001be5d943d1b6306bbf7dc27c240e092ed8544d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.sociablekit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 14 Dec 2023 23:01:22 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-encoding: br
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657?hl=de for more info."
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
server: ESF
x-frame-options: SAMEORIGIN
report-to: {"group":"youtube_main","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube_main"}]}
content-type: text/javascript; charset=utf-8
vary: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cache-control: private, max-age=0
origin-trial: AvC9UlR6RDk2crliDsFl66RWLnTbHrDbp+DiY6AYz/PNQ4G4tdUTjrHYr2sghbkhGQAVxb7jaPTHpEVBz0uzQwkAAAB4eyJvcmlnaW4iOiJodHRwczovL3lvdXR1YmUuY29tOjQ0MyIsImZlYXR1cmUiOiJXZWJWaWV3WFJlcXVlc3RlZFdpdGhEZXByZWNhdGlvbiIsImV4cGlyeSI6MTcxOTUzMjc5OSwiaXNTdWJkb21haW4iOnRydWV9
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
cross-origin-opener-policy-report-only: same-origin; report-to="youtube_main"
expires: Thu, 14 Dec 2023 23:01:22 GMT

GET
H2 200 45837.json Show response
data.accentapi.com/feed/ Frame B094 2 KB
771 B 20ms
20ms Fetch
application/json 165.232.46.2
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://data.accentapi.com/feed/45837.json?nocache=1702594882098
Requested by: Host: www.sociablekit.com
URL: https://www.sociablekit.com/app/embed/youtube-channel-videos/widget.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 165.232.46.2 Slough, United Kingdom, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS: 1001405.cloudwaysapps.com
Software: nginx /
Resource Hash: 953b0fff751dd75339795d118b5c24b69aca2e4d02e0bc5071de1ee2fa13328c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.sociablekit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 14 Dec 2023 23:01:22 GMT
content-encoding: gzip
last-modified: Wed, 17 May 2023 10:46:01 GMT
server: nginx
etag: W/"645-5fbe164d9d5bd"
vary: Accept-Encoding
access-control-allow-methods: GET,POST,OPTIONS
content-type: application/json
access-control-max-age: 1728000
access-control-allow-origin: *
access-control-allow-headers: Authorization

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 4F47 13 KB
5 KB 7ms
6ms Document
text/html 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.fifermods.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 2219
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Thu, 14 Dec 2023 22:24:23 GMT
expires: Fri, 13 Dec 2024 22:24:23 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 6116 829 B
1000 B 30ms
29ms Document
text/html 2a00:1450:4001:828::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

9dd15b489a77a67683ab35ae920f4727bbb389156949159c5370e51229faa176

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-FZxb5wvVZhOM7QsXM26Rug' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.fifermods.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=300
content-encoding: gzip
content-security-policy: script-src 'report-sample' 'nonce-FZxb5wvVZhOM7QsXM26Rug' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Thu, 14 Dec 2023 23:01:22 GMT
expires: Thu, 14 Dec 2023 23:01:22 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H3 200 Dtt_-LR3WxpzwV0Gscftq1A_D1owstvxoTnWWhwY4Ow.js Show response
pagead2.googlesyndication.com/bg/ Frame 4F47 39 KB
15 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/Dtt_-LR3WxpzwV0Gscftq1A_D1owstvxoTnWWhwY4Ow.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0edb7ff8b4775b1a73c15d06b1c7edab503f0f5a30b2dbf1a139d65a1c18e0ec

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 14 Dec 2023 10:34:36 GMT
content-encoding: br
x-content-type-options: nosniff
age: 44806
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15165
x-xss-protection: 0
last-modified: Tue, 28 Nov 2023 18:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 13 Dec 2024 10:34:36 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 6116 0
0 41ms
41ms Image
text/html 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gda_r20231207&jk=3081681150647098&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame 4F47 0
11 B 6ms
6ms Image
text/plain 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?-2dfCg
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 14 Dec 2023 23:01:22 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 42DD 0
20 B 41ms
41ms Ping
image/gif 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tler&ord=911994977023&version=m202309260101&ct=77&x=1&cor=14819518812473008000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 14 Dec 2023 23:01:22 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 42DD 42 B
64 B 44ms
44ms Fetch
image/gif 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsvBCsAl-DtktVz0VAlJK6u5Z9r3o5A7CvfImEJQVA29PUiy3nz3kmPR9DV3QsML1CCJxyhilYqWYaBLgIdHlkxRp4ZSXShkn1AMzkTtsksvqHOgPEsenXXm8bjZ2FshU0pBFwq4D9wAQzo&sai=AMfl-YR_YdcfuLzWZLWj969HVvFQKfrYPaElyK71BGL7N5L02bd6X3my0fYmIeGei-eLbHrsIQ2H8vEwNU3jVquRK5dZTGX5VLBqCIQc9F6-3IAYCyCOJtu3lnlDQyduYn1pWnklPXf_9B43_3Sj4kOI&sig=Cg0ArKJSzGlWX1ljDqQHEAE&cid=CAQSTgAvHhf_1JL-DXMpPB0yQQnkxA4pI0Uv9c8mXgh0FZySGhrJt5BMqRR0ExZEdGC9Wm1dMXeQIMLM5BBghVQd50YJ8Puj1twETVyQOOsdOBgB&id=lidar2&mcvt=1000&p=0,0,600,120&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20231213&bin=7&avms=nio&bs=0,0&mc=1&if=1&app=0&itpl=20&adk=1812271803&rs=2&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0%3D&vs=4&r=v&rst=1702594880545&rpt=519&met=ie&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0&io2=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 14 Dec 2023 23:01:22 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 51EC 0
20 B 41ms
41ms Ping
image/gif 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tler&ord=7940704007917&version=m202309260101&ct=77&x=1&cor=9815996558853773000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 14 Dec 2023 23:01:22 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 51EC 42 B
64 B 46ms
46ms Fetch
image/gif 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsvJFCZ9tX1fMOdL6ujgb71L9DbOqKb5N-QQLoAcIUGJ0vp7RGCIBFH_04NDgEIFFGtGFaHi4x9drV_Ykj4L9XZtwUJ-R_1FdgqSx4ZaY0Pnm3YB01w6W9FHX1UjO6xzUJrOXGbgdT8yBRg&sai=AMfl-YRD1ARKl8S0r7NTg25j8SnD5drMHpgBqzFBPAtmqMT8KOqkuX0b-1vpXSvh25xdhX_5CznSApAwNYXks4bntifdRJDM1Jyq_SQoYNePOxs55YUTwvVzwbLY9gtbvrV2GAQ7QXneBsGCJiysAxZz&sig=Cg0ArKJSzNET4auyaa26EAE&cid=CAQSTgAvHhf_1JL-DXMpPB0yQQnkxA4pI0Uv9c8mXgh0FZySGhrJt5BMqRR0ExZEdGC9Wm1dMXeQIMLM5BBghVQd50YJ8Puj1twETVyQOOsdOBgB&id=lidar2&mcvt=1000&p=0,0,600,120&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20231213&bin=7&avms=nio&bs=0,0&mc=1&if=1&app=0&itpl=20&adk=1812271804&rs=2&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0%3D&vs=4&r=v&rst=1702594880553&rpt=656&met=ie&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0&io2=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 14 Dec 2023 23:01:22 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK viewability Show response
hal90002.redintelligence.net/ Frame 71BB 0
150 B 20ms
8ms Script
text/html 46.4.10.47
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal90002.redintelligence.net/viewability?s=25864500000102504444552012539002&a=08ebc648&vb=v
Requested by: Host: hal90002.redintelligence.net
URL: https://hal90002.redintelligence.net/request_content.php?s=25864500000102504444552012539002&a=67bc9bea
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 46.4.10.47 Rostock, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.47.10.4.46.clients.your-server.de
Software: Apache /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal90002.redintelligence.net/request_content.php?s=25864500000102504444552012539002&a=67bc9bea
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

Date: Thu, 14 Dec 2023 23:01:22 GMT
Server: Apache
Connection: close
Content-Length: 0
Content-Type: text/html; charset=UTF-8

GET
H/1.1 200
OK viewability Show response
hal900030.redintelligence.net/ Frame 2EEF 0
150 B 20ms
8ms Script
text/html 136.243.149.243
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal900030.redintelligence.net/viewability?s=42066600000107704444552012539030&a=be7284e1&vb=v
Requested by: Host: hal900030.redintelligence.net
URL: https://hal900030.redintelligence.net/request_content.php?s=42066600000107704444552012539030&a=f19139eb
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 136.243.149.243 Ludwigshafen am Rhein, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.243.149.243.136.clients.your-server.de
Software: Apache /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal900030.redintelligence.net/request_content.php?s=42066600000107704444552012539030&a=f19139eb
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

Date: Thu, 14 Dec 2023 23:01:22 GMT
Server: Apache
Connection: close
Content-Length: 0
Content-Type: text/html; charset=UTF-8

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ 0
0 44ms
44ms Image
text/html 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gda_r20231207&jk=3081681150647098&bg=!6Oul66TNAAY3kmNgF5I7ADQBe5WfOH1C_WEqJzS0nhp7bBSl4Mjz0NWzIM1LlMxlN8WbvDsBGETBXGF2m71HlQIVZp3ZAgAAAEJSAAAAAWgBB5kC6sqa-iiQdLYmX9S7WaoFA7GOJ6yccgCaN1c9wbCf_l8ICKx6kWvACklBncIBGaIQcjxUhhtsHGS53noXjrHrcPUWz21htwzc-npMc3yaqPyXfZx9L9iEyRUbxKVAmzb-hkCdHmQ_k5eQGh0nIuknlieZe1mabReH5qFgFZflhrWgT-UTWbM_Ut8dOmYV32Jqv5vXrX7xK--nDLvzS6NwcG6CvN8V4qa18J4G2w3dtgQcZEPfKmuVSA6G0CVrONFpxxNazk7d2aBKiko67QzNsDzzvkj42Xm4Fu8PdCeJLTAE2wTkxGZ5TKzsg-iHpU9bte64xs5fz4cb7HSXN6atapiuXQfuDTYgHDYWs-4jwDPSN6PRzRl4yBb2NgxUvBCYRKSpU4zNmp_OSauj6N1bM-hLm2mG_gBgNbCChI2BQk_MIlrg4fPM-fNRI5PmK2sIw95mbOLPMDLoG1inkqSVjuQB2Lbip7gPXCKgF7Io3eToy2co8NgrQuoM1YIpBYKjU6OmYLhNUvY0pab3MfGNIqZSRn_Oozvngo5KK7lBxSyKLhjjo1xikDrL0FU6i8IPeEybnpWynZEDiD02UiBgOeok_tAWfFuGGxx1C1qtNcMN5sy4yay09kmsuVcEPYkxKBcf2wwD2XtG_n__sHvnblXV5nIfZEs02aSFN4McIGNbNaA3pp2XYb6vOffpoctPLvU_CCo_FDz_Ax5Eb7KnP4XNxPalpZvqLw9Y0emhG6t6AwaZzNKyYS5v4g32UvYfu2EG0z4rX-_9TSm7PPb04Rl-ZJMCG6xSoNoyQLK_CL17Pdi_tN0ewnUQ6W_5lm3o03JhvP3_l_kmchpN_m0udLxiDSLJyJuc_R-Y3Y1a_QDtvnmJPSZtEtleQtghVO0Hh8mOzZAxuvt9xHbiArkkW8F6knTAniGEmUJ2uSDlR8Xw_ZeVR6yFb9jS-8e-xDrOzG0TgCxnGkKhBGgcds0WgXC7Ucb6-tHujxjh
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.fifermods.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

GET
H2 200 dc_oe=ChMIu_XJmISQgwMVKp39Bx3hnQkqEAAYACCD38li;dc_eps=AHas8cApDOWL_7xrzk6RRyTYbmlTwf3yiJQrF4KK_4t7ZqArnjQCofAkhAE5VkX698oyS2DjVAINMaE;met=1;ecn1=1;etm1=0;eid1=960584;
ade.googlesyndication.com/ddm/activity/ Frame 68E7 42 B
107 B 45ms
44ms Image
image/gif 142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 14 Dec 2023 23:01:22 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 204
No Content event.png
tpsc-video-eu.doubleverify.com/ Frame 68E7 0
162 B 20ms
19ms Image
text/plain 130.211.44.5
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpsc-video-eu.doubleverify.com/event.png?vstevt=4&dup=33c64e8f-135a-42c3-9123-623b5234664d
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 130.211.44.5 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 5.44.211.130.bc.googleusercontent.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 14 Dec 2023 23:01:22 GMT
Cache-Control: max-age=0
Connection: keep-alive
Expires: 2023-12-13T23:01:22

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ade.googlesyndication.com/ddm/activity/dc_oe=ChMIi_3AmISQgwMVy0P2CB3cIghHEAAYACCD38liOhoIuoXQ1gIQu4jbyL4EGL-kxOMDINO1k6aYEkITCLac-peEkIMDFWm1fwQdZZ0ApQ;dc_rmcid=CAQSTgAvHhf_1JL-DXMpPB0yQQnkxA4pI0Uv9c8mXgh0FZySGhrJt5BMqRR0ExZEdGC9Wm1dMXeQIMLM5BBghVQd50YJ8Puj1twETVyQOOsdOBgB;eps=CIDhgBAQARgfMgKqAjoCgEBIvf3BOljT3vWXhJCDAw;met=1;acvw=sv%3D959%26v%3D20231113%26cb%3Dout%26e%3D1%26nas%3D1%26if%3D1%26sdk%3Dh%26p%3D1,164,119,373%26tos%3D1157,200,0,0,0%26mtos%3D1157,1357,1357,1357,1357%26amtos%3D0,0,0,0,0%26mcvt%3D1357%26ps%3D-12245933,-12245933%26scs%3D1600,1200%26bs%3D0,0%26vht%3D0%26mut%3D0%26a%3D0%26ft%3D0%26dft%3D0%26at%3D0%26dat%3D0%26as%3D0%26vpt%3D1518%26gmm%3D4%26efpf%3D2%26nio%3D1%26vmmk%3D52%26nmt%3D0%26tcm%3D1%26bt%3D41%26pst%3D201%26dur%3D6016%26vmtime%3D1538%26dvs%3D1357%26dfvs%3D1157%26dvpt%3D1518%26is%3D33554707%26i0%3D33554450%26i1%3D33554707%26ic%3D256%26cs%3D33554706%26c%3D1%26mc%3D1%26nc%3D0%26mv%3D0%26nv%3D0%26qmt%3D1157,1357,1357,1357,1357%26qnc%3D0%26qmv%3D0%26qnv%3D0%26lte%3D-1%26ces%3D200104%26avms%3Dnio%26qi%3D919284379%26psm%3D3%26psv%3D2%26psfv%3D2%26psa%3D0%26pngs%3D9,14,200104c,15s%26veid%3Dumt%3A1,xdi%3A0,mvp_lv%3A1,fmd%3A0%26ssb%3D0,0,0,0,0,0,0,0,0,0,1357;gv=atos%3D0,0,0,0,0%26avt%3D0%26davs%3D0%26dafvs%3D0%26ss%3D0.01%26t%3D1702594881210;ecn1=1;etm1=0;eid1=960584;

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 14 Dec 2023 23:01:22 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 /
googleads.g.doubleclick.net/pagead/interaction/ Frame 68E7 42 B
64 B 46ms
45ms Image
image/gif 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://googleads.g.doubleclick.net/pagead/interaction/?ai=CzLSoP4l7ZfaAJOnq_tMP5bqCqAqpov7TdNO1k6aYEs-Ph_mUMRABIKSR4jxglYKAgKAHyAEFqAMByAObBKoEgQJP0PHEpUAVYUpfTX109OJce4QOx1ZSvzypQ21U-jq5tLoRk8TzVFGbOU7t4Onca1NwxeOfCvuyH943MBQ8jKMnKlQLrBx4pqzTJsETJz-ATITFdKSzH5MDgOitq8Pj6RDkFOS9Z8NMhy9YahbflbEXgtCfMdFHHe8t_AmUXUdb8nWfcQc4imYjMP1KxfUqcFAbkmiEk_YAakY0wGe9AgM_XVq4N3KEfTR75FnWSDtYoNzi216-tEKLjVJ1vdZwIVFMWZmBOgt8cGYfktTP0A7Xcog3rjDBI3si6FBliQuXfMTasxw7Y468SYnAzEzrmS1yCd_vqQ0OZX8qpHiz4dlGLsAEu4jbyL4E4AQDiAWtxa3HTJAGAaAGToAHmpLo1QKoB9m2sQKoB47OG6gHk9gbqAfulrECqAf-nrECqAfVyRuoB6a-G6gHmgaoB_PRG6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggfCIDhgBAQARgfMgKqAjoCgEBIvf3BOljT3vWXhJCDA4AKAZgLAcgLAYAMAaIMGCoWChTktLEC7rWxArW4sQKsurECu7uxAqoNAkRFsBOljN4VyBO_pMTjA9gTCogUBNgUAdAVAfgWAYAXAegXBQ&sigh=JKajoFpFKZE&label=videoplaytime25&ad_mt=1539&acvw=sv%3D959%26v%3D20231113%26cb%3Dout%26e%3D1%26nas%3D1%26if%3D1%26sdk%3Dh%26p%3D1,164,119,373%26tos%3D1157,200,0,0,0%26mtos%3D1157,1357,1357,1357,1357%26amtos%3D0,0,0,0,0%26mcvt%3D1357%26ps%3D-12245933,-12245933%26scs%3D1600,1200%26bs%3D0,0%26vht%3D0%26mut%3D0%26a%3D0%26ft%3D0%26dft%3D0%26at%3D0%26dat%3D0%26as%3D0%26vpt%3D1518%26gmm%3D4%26efpf%3D2%26nio%3D1%26vmmk%3D52%26nmt%3D0%26tcm%3D1%26bt%3D41%26pst%3D201%26dur%3D6016%26vmtime%3D1538%26dvs%3D1357%26dfvs%3D1157%26dvpt%3D1518%26is%3D33554707%26i0%3D33554450%26i1%3D33554707%26ic%3D256%26cs%3D33554706%26c%3D1%26mc%3D1%26nc%3D0%26mv%3D0%26nv%3D0%26qmt%3D1157,1357,1357,1357,1357%26qnc%3D0%26qmv%3D0%26qnv%3D0%26lte%3D-1%26ces%3D200104%26avms%3Dnio%26qi%3D919284379%26psm%3D3%26psv%3D2%26psfv%3D2%26psa%3D0%26pngs%3D9,14,200104c,15s%26veid%3Dumt%3A1,xdi%3A0,mvp_lv%3A1,fmd%3A0%26ssb%3D0,0,0,0,0,0,0,0,0,0,1357&gv=atos%3D0,0,0,0,0%26avt%3D0%26davs%3D0%26dafvs%3D0%26ss%3D0.01%26t%3D1702594881210

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/html/r20231207/r20110914/zrt_lookup_fy2021.html?fsb=1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 14 Dec 2023 23:01:22 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 activeview
pagead2.googlesyndication.com/pcs/ Frame 68E7 42 B
64 B 44ms
44ms Image
image/gif 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsvbHidir7vbab4HO_5903zGPPJkOCHwN_73LohVObrrhofCgYXCGvG7IGoVooNfkSKw6NjMZ9j_Wmh6mzL3HJFLieJJrhHCykq38nAz77cgocSH21SRz3FyZ6D561bqjwhkNOJfsWHhXr4&sai=AMfl-YTdgCl3y-QTSHHzYQuxmGIXcPtAKPlXNJ7h2mV97XLAktPm1IJ5nPIa3R76T0MOUCSN0QswYIfHFAgLkBgjpFG3L-QAtqa7fuUgmkh8OhU6A0UVSgIngQil0qrAHgOUR3gyKSQpKwgkMPc6c25v&sig=Cg0ArKJSzGOhpd5AXx4jEAE&cid=CAQSTgAvHhf_1JL-DXMpPB0yQQnkxA4pI0Uv9c8mXgh0FZySGhrJt5BMqRR0ExZEdGC9Wm1dMXeQIMLM5BBghVQd50YJ8Puj1twETVyQOOsdOBgB&id=lidarv&acvw=sv%3D959%26v%3D20231113%26cb%3Dout%26e%3D9%26nas%3D1%26if%3D1%26sdk%3Dh%26p%3D1,164,119,373%26tos%3D1958,200,0,0,0%26mtos%3D1958,2158,2158,2158,2158%26amtos%3D0,0,0,0,0%26mcvt%3D2158%26ps%3D-12245933,-12245933%26scs%3D1600,1200%26bs%3D0,0%26vht%3D0%26mut%3D0%26a%3D0%26ft%3D0%26dft%3D0%26at%3D0%26dat%3D0%26as%3D0%26vpt%3D2319%26gmm%3D4%26efpf%3D2%26nio%3D1%26vmmk%3D52%26nmt%3D0%26tcm%3D1%26bt%3D42%26pst%3D201%26dur%3D6016%26vmtime%3D2340%26dtos%3D2158%26dtoss%3D1%26dvs%3D801%26dfvs%3D801%26dvpt%3D801%26is%3D33554707%26i0%3D33554450%26i1%3D33554707%26ic%3D1%26cs%3D33554707%26c%3D1%26mc%3D1%26nc%3D0%26mv%3D0%26nv%3D0%26lte%3D-1%26ces%3D200104%26avms%3Dnio%26qi%3D919284379%26psm%3D7%26psv%3D6%26psfv%3D6%26psa%3D0%26pngs%3D9,14,200104c,15s%26veid%3Dumt%3A1,xdi%3A0,mvp_lv%3A1,fmd%3A0%26ssb%3D0,0,0,0,0,0,0,0,0,0,2158&gv=atos%3D0,0,0,0,0%26avt%3D0%26davs%3D0%26dafvs%3D0%26dav%3D0%26ss%3D0.01%26t%3D1702594881210

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 14 Dec 2023 23:01:23 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 dc_oe=ChMIu_XJmISQgwMVKp39Bx3hnQkqEAAYACCD38li;dc_eps=AHas8cApDOWL_7xrzk6RRyTYbmlTwf3yiJQrF4KK_4t7ZqArnjQCofAkhAE5VkX698oyS2DjVAINMaE;met=1;ecn1=1;etm1=0;eid1=18;
ade.googlesyndication.com/ddm/activity/ Frame 68E7 42 B
63 B 45ms
44ms Image
image/gif 142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 14 Dec 2023 23:01:24 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 204
No Content event.png
tpsc-video-eu.doubleverify.com/ Frame 68E7 0
162 B 21ms
21ms Image
text/plain 130.211.44.5
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpsc-video-eu.doubleverify.com/event.png?vstevt=6&dup=33c64e8f-135a-42c3-9123-623b5234664d
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 130.211.44.5 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 5.44.211.130.bc.googleusercontent.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 14 Dec 2023 23:01:24 GMT
Cache-Control: max-age=0
Connection: keep-alive
Expires: 2023-12-13T23:01:24

GET
H3 200 dc_oe=ChMIi_3AmISQgwMVy0P2CB3cIghHEAAYACCD38liOhoIuoXQ1gIQu4jbyL4EGL-kxOMDINO1k6aYEkITCLac-peEkIMDFWm1fwQdZZ0ApQ;dc_rmcid=CAQSTgAvHhf_1JL-DXMpPB0yQQnkxA4pI0Uv9c8mXgh0FZySGhrJt5BMqRR0ExZEdGC9Wm1dMXe...
ade.googlesyndication.com/ddm/activity/ Frame 68E7 42 B
63 B 45ms
45ms Image
image/gif 142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ade.googlesyndication.com/ddm/activity/dc_oe=ChMIi_3AmISQgwMVy0P2CB3cIghHEAAYACCD38liOhoIuoXQ1gIQu4jbyL4EGL-kxOMDINO1k6aYEkITCLac-peEkIMDFWm1fwQdZZ0ApQ;dc_rmcid=CAQSTgAvHhf_1JL-DXMpPB0yQQnkxA4pI0Uv9c8mXgh0FZySGhrJt5BMqRR0ExZEdGC9Wm1dMXeQIMLM5BBghVQd50YJ8Puj1twETVyQOOsdOBgB;eps=CIDhgBAQARgfMgKqAjoCgEBIvf3BOljT3vWXhJCDAw;met=1;acvw=sv%3D959%26v%3D20231113%26cb%3Dout%26e%3D2%26nas%3D1%26if%3D1%26sdk%3Dh%26p%3D1,164,119,373%26tos%3D2750,200,0,0,0%26mtos%3D2750,2950,2950,2950,2950%26amtos%3D0,0,0,0,0%26mcvt%3D2950%26ps%3D-12245933,-12245933%26scs%3D1600,1200%26bs%3D0,0%26vht%3D0%26mut%3D0%26a%3D0%26ft%3D0%26dft%3D0%26at%3D0%26dat%3D0%26as%3D0%26vpt%3D3111%26gmm%3D4%26efpf%3D2%26nio%3D1%26vmmk%3D52%26nmt%3D0%26tcm%3D1%26bt%3D42%26pst%3D201%26dur%3D6016%26vmtime%3D3132%26dtos%3D792%26dtoss%3D2%26dvs%3D792%26dfvs%3D792%26dvpt%3D792%26is%3D33554707%26i0%3D33554450%26i1%3D33554707%26i2%3D33554707%26ic%3D16777728%26cs%3D50332435%26c%3D1%26mc%3D1%26nc%3D0%26mv%3D0%26nv%3D0%26qmt%3D1593,1593,1593,1593,1593%26qnc%3D1%26qmv%3D0%26qnv%3D0%26lte%3D-1%26ces%3D200104%26avms%3Dnio%26qi%3D919284379%26psm%3D15%26psv%3D14%26psfv%3D14%26psa%3D0%26pngs%3D9s,14,200104c,15s%26veid%3Dumt%3A1,xdi%3A0,mvp_lv%3A1,fmd%3A0%26ssb%3D0,0,0,0,0,0,0,0,0,0,2950;gv=atos%3D0,0,0,0,0%26avt%3D0%26davs%3D0%26dafvs%3D0%26dav%3D0%26ss%3D0.01%26t%3D1702594881210;ecn1=1;etm1=0;eid1=18;

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 14 Dec 2023 23:01:24 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 /
googleads.g.doubleclick.net/pagead/interaction/ Frame 68E7 42 B
64 B 46ms
45ms Image
image/gif 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://googleads.g.doubleclick.net/pagead/interaction/?ai=CzLSoP4l7ZfaAJOnq_tMP5bqCqAqpov7TdNO1k6aYEs-Ph_mUMRABIKSR4jxglYKAgKAHyAEFqAMByAObBKoEgQJP0PHEpUAVYUpfTX109OJce4QOx1ZSvzypQ21U-jq5tLoRk8TzVFGbOU7t4Onca1NwxeOfCvuyH943MBQ8jKMnKlQLrBx4pqzTJsETJz-ATITFdKSzH5MDgOitq8Pj6RDkFOS9Z8NMhy9YahbflbEXgtCfMdFHHe8t_AmUXUdb8nWfcQc4imYjMP1KxfUqcFAbkmiEk_YAakY0wGe9AgM_XVq4N3KEfTR75FnWSDtYoNzi216-tEKLjVJ1vdZwIVFMWZmBOgt8cGYfktTP0A7Xcog3rjDBI3si6FBliQuXfMTasxw7Y468SYnAzEzrmS1yCd_vqQ0OZX8qpHiz4dlGLsAEu4jbyL4E4AQDiAWtxa3HTJAGAaAGToAHmpLo1QKoB9m2sQKoB47OG6gHk9gbqAfulrECqAf-nrECqAfVyRuoB6a-G6gHmgaoB_PRG6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggfCIDhgBAQARgfMgKqAjoCgEBIvf3BOljT3vWXhJCDA4AKAZgLAcgLAYAMAaIMGCoWChTktLEC7rWxArW4sQKsurECu7uxAqoNAkRFsBOljN4VyBO_pMTjA9gTCogUBNgUAdAVAfgWAYAXAegXBQ&sigh=JKajoFpFKZE&label=videoplaytime50&ad_mt=3132&acvw=sv%3D959%26v%3D20231113%26cb%3Dout%26e%3D2%26nas%3D1%26if%3D1%26sdk%3Dh%26p%3D1,164,119,373%26tos%3D2750,200,0,0,0%26mtos%3D2750,2950,2950,2950,2950%26amtos%3D0,0,0,0,0%26mcvt%3D2950%26ps%3D-12245933,-12245933%26scs%3D1600,1200%26bs%3D0,0%26vht%3D0%26mut%3D0%26a%3D0%26ft%3D0%26dft%3D0%26at%3D0%26dat%3D0%26as%3D0%26vpt%3D3111%26gmm%3D4%26efpf%3D2%26nio%3D1%26vmmk%3D52%26nmt%3D0%26tcm%3D1%26bt%3D42%26pst%3D201%26dur%3D6016%26vmtime%3D3132%26dtos%3D792%26dtoss%3D2%26dvs%3D792%26dfvs%3D792%26dvpt%3D792%26is%3D33554707%26i0%3D33554450%26i1%3D33554707%26i2%3D33554707%26ic%3D16777728%26cs%3D50332435%26c%3D1%26mc%3D1%26nc%3D0%26mv%3D0%26nv%3D0%26qmt%3D1593,1593,1593,1593,1593%26qnc%3D1%26qmv%3D0%26qnv%3D0%26lte%3D-1%26ces%3D200104%26avms%3Dnio%26qi%3D919284379%26psm%3D15%26psv%3D14%26psfv%3D14%26psa%3D0%26pngs%3D9s,14,200104c,15s%26veid%3Dumt%3A1,xdi%3A0,mvp_lv%3A1,fmd%3A0%26ssb%3D0,0,0,0,0,0,0,0,0,0,2950&gv=atos%3D0,0,0,0,0%26avt%3D0%26davs%3D0%26dafvs%3D0%26dav%3D0%26ss%3D0.01%26t%3D1702594881210

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/html/r20231207/r20110914/zrt_lookup_fy2021.html?fsb=1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 14 Dec 2023 23:01:24 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Verdicts & Comments Add Verdict or Comment

60 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

47 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.youtube.com/	1969-12-31 23:59:59	Name: YSC Value: Tapmh2UJkn0
pogothere.xyz/	1970-01-21 01:34:58	Name: csu Value: 463453357213398@1@1702594879
.twitter.com/	1970-01-21 02:26:49	Name: guest_id Value: v1%3A170259487931055725
www.fifermods.com/	1970-01-20 17:39:46	Name: clever-last-tracker-32335 Value: 0
.discord.com/	1969-12-31 23:59:59	Name: __cfruid Value: 09512ace4d3c232faaf1e45c498644cce0a17534-1702594879
.discord.com/	1969-12-31 23:59:59	Name: _cfuvid Value: aLqXLhgnssM69yxZM7rwZBnT28nKYvcVVmyRvAiLOsI-1702594879622-0-604800000
.instagram.com/	1970-01-21 01:40:44	Name: csrftoken Value: inMuW7-zgukJKMwlSvFBjh
.doubleclick.net/	1970-01-21 02:18:10	Name: IDE Value: AHWqTUmDirMkBF6sHoH_HY8Z149EXPYa933Tx4GEWElLtOH7m4kRNomBZzMdXT1E
.casalemedia.com/	1970-01-21 01:42:10	Name: CMID Value: ZXuJPyWG6jtAxPreJfweIQAA
.casalemedia.com/	1970-01-20 19:06:10	Name: CMPS Value: 5235
.casalemedia.com/	1970-01-20 19:06:10	Name: CMPRO Value: 5235
.patreon.com/	1970-01-20 16:56:36	Name: __cf_bm Value: TqzJ48dXTgG6r1neCatFo7ACqzSDcfqxa7A.aneOt.Y-1702594880-1-AQIu6G/WqgyL+4hbM9JJDdJN2Pd0QPnabcTP+eyPxz+CM7WVUjpG2JD0IsnjkTyvI4rlh3ryhVu4CP8LApFJsl5ryxopTMjJ5ABsCSEQvDW/
.adnxs.com/	1970-01-20 19:06:10	Name: uuid2 Value: 8635460083409286390
.doubleclick.net/	1970-01-20 21:15:46	Name: APC Value: AfxxVi41PZGa7YRHMg_jRQkkHov-moH_Q4W7J247KKSgAbridV1EFg
.adnxs.com/	1970-01-20 19:06:10	Name: anj Value: dTM7k!M41.D>6NRF']wIg2Hb6t_mW$!@wnfH8K6pQK`!5=E<L5?%K/eU^mKeT]Mdm8V53a!#.k`Mgz?[/CiKL=GFbpRzqF1`b_>8*G9H
.fifermods.com/	1970-01-21 02:18:10	Name: __gads Value: ID=4ea1f9560c3741e1:T=1702594879:RT=1702594879:S=ALNI_MbM6YwTtaHarXXe78PDIwZu7vQP5w
.fifermods.com/	1970-01-21 02:18:10	Name: __gpi Value: UID=00000d1a4512dd46:T=1702594879:RT=1702594879:S=ALNI_MZjcAkBM7e5ItjOsjRW_1-8BujGuQ
.redintelligence.net/	1970-01-20 19:06:10	Name: 8lcfmzhxc8d6_uid Value: 20d61a132f36d77c
.bing.com/	1970-01-21 02:18:10	Name: MUID Value: 26BA1FEE62C761153B0D0C09636D6013
.doubleclick.net/	1970-01-20 17:39:46	Name: ar_debug Value: 1
.retailads.net/	1970-01-20 17:39:46	Name: ppb2172 Value: 3386922984
.futalis.de/	1970-01-20 18:22:58	Name: raSIDb Value: 3386922984
.paypal.com/	1970-01-21 01:42:10	Name: enforce_policy Value: gdpr_v2.1
.paypal.com/	1970-01-20 16:57:06	Name: LANG Value: de_DE%3BDE
.paypal.com/	1970-01-20 17:00:54	Name: tsrce Value: ppme
.paypal.com/	1970-01-21 01:42:10	Name: cookie_prefs Value: T%3D0%2CP%3D0%2CF%3D0%2Ctype%3Dinitial
.paypal.com/	1969-12-31 23:59:59	Name: x-pp-s Value: eyJ0IjoiMTcwMjU5NDg4MDI1NiIsImwiOiIwIiwibSI6IjAifQ
www.paypal.com/	1969-12-31 23:59:59	Name: nsid Value: s%3Asd5DrEdf_fWJAuM8xX7F146k26ZIZwDC.fhnbbA9hkViLfKQg24oW2i5kFD6Pb9q7IXO%2B5BaKVPw
.paypal.com/	1970-01-20 16:56:36	Name: l7_az Value: dcg14.slc
.paypal.com/	1970-01-21 02:32:34	Name: ts Value: vreXpYrS%3D1797289279%26vteXpYrS%3D1702596679%26vr%3D6a9021ef18c0ad116479e562ffeca151%26vt%3D6a9021ef18c0ad116479e562ffeca150%26vtyp%3Dnew
.paypal.com/	1970-01-21 02:32:34	Name: ts_c Value: vr%3D6a9021ef18c0ad116479e562ffeca151%26vt%3D6a9021ef18c0ad116479e562ffeca150
.office-partner.de/	1970-01-21 02:32:34	Name: source Value: {"webgains_webgains":{"timestamp":1702594880355,"clickCookie":false}}
.googleadservices.com/	1970-01-20 19:06:10	Name: ar_debug Value: 1
.doubleclick.net/	1970-01-20 16:56:38	Name: DSID Value: NO_DATA
.t23.intelliad.de/	1970-01-20 19:20:34	Name: iact Value: 000124F212D346C1DC86403A3ADF63B7C65E
.t23.intelliad.de/	1970-01-20 19:20:34	Name: iaimp_42842 Value: 1702594881:42842:100:137:101:248:101:202312142301210882162e2350e470
.awin1.com/	1970-01-20 17:06:39	Name: awpv11601 Value: 113440\|1702594881\|b25d3060-9ad4-11ee-8661-22610dd0df18
.awin1.com/	1970-01-20 16:59:27	Name: awpv23861 Value: 296283\|1702594881\|b25d7e81-9ad4-11ee-b1a8-22396ad6a5ca
.awin1.com/	1970-01-20 16:59:27	Name: awpv16160 Value: 296283\|1702594881\|b26d5d00-9ad4-11ee-86a2-223889379c61
.awin1.com/	1970-01-20 17:00:54	Name: awpv20646 Value: 296283\|1702594881\|b26cc0c1-9ad4-11ee-b1a8-22396ad6a5ca
.awin1.com/	1969-12-31 23:59:59	Name: AWSESS Value: 409071:2840007
www.media01.eu/	1970-01-21 02:32:34	Name: DTU Value: 1013BDFAB8CB32BE0072201F3108643B
.insightexpressai.com/	1970-01-21 02:32:34	Name: IXAI70510 Value: FTF
.insightexpressai.com/	1970-01-21 01:42:10	Name: DW_Time Value: 1702594881
.insightexpressai.com/	1970-01-21 01:42:10	Name: DW Value: 00000000-0000-004c-15d0-791702594881
.insightexpressai.com/	1970-01-21 01:42:10	Name: TID Value: 00000000-0000-004c-15d0-791702594881
.youtube.com/	1970-01-20 21:15:46	Name: VISITOR_INFO1_LIVE Value: Y3syeDQ1iDg

3 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&ifkv=ASKXGp1f9bDe9q0Ibn7WbE6MqdoHVR_67lXKMlgCDb2DcUU1pyFGZzDTQqmsSLtg1BK43HQMBAKLgQ&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-1593079165%3A1702594879346636&theme=glif Message: Failed to load resource: the server responded with a status of 403 ()
network	error	URL: https://consent.youtube.com/m?continue=https%3A%2F%2Fwww.youtube.com%2Fc%2FFIFERMODS%3Fcbrd%3D1&gl=DE&m=0&pc=yt&cm=2&hl=de&src=1 Message: Failed to load resource: the server responded with a status of 403 ()
network	error	URL: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&ifkv=ASKXGp0E2HGBAZrhx5xhYqQNrWDBzhHN58g8lE9g4jBs6VrBWKKTIk5gCL-ohNvL6K9snMp7HC9QmQ&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-1660632531%3A1702594879353206&theme=glif Message: Failed to load resource: the server responded with a status of 403 ()

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

5994599.fls.doubleclick.net
8019191.fls.doubleclick.net
accounts.google.com
ad.doubleclick.net
ade.googlesyndication.com
adsdk.microsoft.com
adservice.google.com
adv.office-partner.de
ajax.googleapis.com
ams3-ib.adnxs.com
analytics.webgains.io
api.webgains.io
assets-global.website-files.com
bam.nr-data.net
bid.g.doubleclick.net
call.cleverwebserver.com
cdn.adnxs.com
cdn.retailads.net
cdn.track.production.webgains.team
cm.g.doubleclick.net
consent.youtube.com
csi.gstatic.com
d3e54v103j8qbb.cloudfront.net
d3vw4uehoh23hx.cloudfront.net
data.accentapi.com
discord.com
discord.gg
dsum-sec.casalemedia.com
encrypted-tbn1.gstatic.com
encrypted-tbn2.gstatic.com
encrypted-tbn3.gstatic.com
fonts.googleapis.com
fonts.gstatic.com
futalis.de
gcdn.2mdn.net
googleads.g.doubleclick.net
googleads4.g.doubleclick.net
hal9000.redintelligence.net
hal900015.redintelligence.net
hal90002.redintelligence.net
hal900030.redintelligence.net
ib.adnxs.com
imasdk.googleapis.com
js-agent.newrelic.com
maxcdn.bootstrapcdn.com
medialead.de
pagead2.googlesyndication.com
paypal.me
platform.twitter.com
pogothere.xyz
pv.medialead.de
r2---sn-4g5e6nzl.c.2mdn.net
scripts.cleverwebserver.com
secure.insightexpressai.com
sync.teads.tv
syndication.twitter.com
t23.intelliad.de
tbradshedm.org
tpc.googlesyndication.com
tps.doubleverify.com
tpsc-video-eu.doubleverify.com
track.webgains.com
twitter.com
ui.cleverwebserver.com
unicatethebe.org
uploads-ssl.webflow.com
us-u.openx.net
vast.doubleverify.com
vtrk.doubleverify.com
widgets.sociablekit.com
www.awin1.com
www.bing.com
www.facebook.com
www.fifermods.com
www.google.com
www.googleadservices.com
www.googletagmanager.com
www.googletagservices.com
www.gstatic.com
www.instagram.com
www.media01.eu
www.patreon.com
www.paypal.com
www.paypal.me
www.sociablekit.com
www.youtube.com
104.18.36.155
104.18.36.54
104.244.42.1
104.244.42.8
104.64.118.247
13.43.203.41
130.211.44.5
136.243.149.243
137.220.35.134
138.201.135.164
142.250.184.194
142.250.185.194
142.250.186.34
142.250.186.98
144.76.91.199
151.101.1.21
151.101.65.21
151.101.66.137
162.159.134.234
162.159.135.232
162.247.243.29
165.232.46.2
172.217.16.134
172.67.213.217
18.64.84.99
18.66.2.29
184.30.16.183
185.89.210.141
188.114.97.9
2.19.217.101
216.58.206.38
2404:6800:4004:821::2003
2600:9000:225a:6400:e:be87:cd40:21
2600:9000:2260:2400:12:9e5f:cac0:93a1
2606:2800:234:59:254c:406:2366:268c
2606:4700:20::ac43:464a
2606:4700:4400::6812:2aef
2606:4700:4400::ac40:919c
2606:4700::6810:631
2606:4700::6812:acf
2620:1ec:bdf::45
2a00:1450:4001:3c::7
2a00:1450:4001:800::200e
2a00:1450:4001:808::200a
2a00:1450:4001:809::200e
2a00:1450:4001:80f::2008
2a00:1450:4001:80f::200e
2a00:1450:4001:813::2001
2a00:1450:4001:813::2002
2a00:1450:4001:813::2003
2a00:1450:4001:81c::2002
2a00:1450:4001:81c::200a
2a00:1450:4001:827::2002
2a00:1450:4001:827::200a
2a00:1450:4001:827::200e
2a00:1450:4001:828::2004
2a00:1450:4001:82a::2002
2a00:1450:4001:82f::200e
2a00:1450:4001:830::200e
2a00:1450:4001:831::2003
2a00:1450:400c:c0d::54
2a01:4f8:d0a:2321::2
2a02:26f0:3500:1b::1724:a38a
2a02:26f0:3500:58c::1ec4
2a03:2880:f176:84:face:b00c:0:25de
2a03:2880:f276:e8:face:b00c:0:4420
2a0b:4d07:101::1
3.161.119.6
3.8.107.16
35.157.49.61
35.244.159.8
46.4.10.47
49.12.22.42
52.17.119.105
64.233.167.155
64.4.250.37
85.10.231.200
91.121.248.44
94.23.99.218
99.84.146.5
99.84.146.86
0229545d814835a66f23831961cb83730008a0a3c36eba67bb29e47d8d509080
03a3a68706c8a2f44da92c3182d0c9b7db57cd79e4b9720770964dd3af5d27fd
082a84bcf37f44e76d5bc5f6ed0b543d87e00007c7fbb30b5be2282402af30d8
08409d08d8d118c6c6d1c375e079bfce656ac367ff4d1dd9551fff110033c185
0a9e898704ff4341861103adb26e675444ab1764839d44aa516ac37c0d1fd6d9
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0e9ef5355342a77d2e11dfc11fc0afccecf65c084241b030a19a629dbfa5a1ce
0edb7ff8b4775b1a73c15d06b1c7edab503f0f5a30b2dbf1a139d65a1c18e0ec
18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421
18311ad4a118c4b27d65dbe139ca9e96591dd142680ad1e0473db5bd0a36e1d3
19fb4fc743875a0b84d6fde36f2ff02c25f854949ea1856a655cc5cec4b922b9
1c0eb4806930bb3816ee1ce91b4fed3c3cbcad05604f73e9bde4a603edb404c9
1ddb3277324a871335ef0b7e680de58c9a79b3c1355b4082ca5425818c8a0306
1f4644988cfb9648d5236c12056f9ca31317c75544ef8776f4fec148322bb954
1fc8dfdb8f646e934bf93bc6f793604bb12c6b304c04ac509aa86cdc1a2dbbea
2070e371397cce00eaa8e9729b9858a777891534b1fa56baa0db2a181ae0504e
216b23e267946588bddf9129b4fca8e1db055a85dae782074d9540a52081a12c
22816a00dfe9fcdc30063d22717ab9cbab3aeb2a8e9844e9d774d256dc48b7c8
237e14c9627803414259ff96f1d8541f644158f948d8fa256a9cde3aab3a3c48
275a61ee0bc9b862bf73be7288be91e9138b55d431d6da06f5085c7f2a8a9e9f
28c5732eefa979245ff326045f37b6b7cdfc92385c594caea33e265e4a066c7b
29c99771c81466150d55d307a9b0e12cfdab8240a9c65a80b764c1d58965406f
2b563bb990f539a48a217e8d0ea0dcbe5001c02b2519aaa7d75747527563eb1d
2d0922bd18f06df3c7413fcd6a3f1c5ec9545b4b07b131e362f30df7275fc058
2d885e778582f9e0e394a0143c567a8e731e301050eab20967d36ad80b9acc2f
2de7bcacacae3030dd0d2e8a44c3edae6b7f8bc3ee58181d97b92e5bed6cb65c
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363
2e13d76f6d9a411a81f73defde43ae36192e1f0d93ecdbb13c7f7ef56bfc8b3f
2eca186696bfa670f95ee3596693bcf4b53a0e5f29bfc3a43087ac66d394c2d4
2f7a17059bf4dee5dccdeea7dd5674c8d825c757224998bc1537036d1e6bed3b
3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5
328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7
335ffd7f4d740eb0b46dee8323f14cd50b3dc2cf607e471a64e5a24ad4ae0473
36ed4487d6b80c03c3facfb5ac92de08e9bf1ee3e7e12f1663459d16f25996e1
3764a25212d0293f34d97b30b929edd7bca41d3dfb3801bf973c460c540a046a
379dff99fd52ffb767f728ef169b454d53e9c902aab39195780a1a925f87c81e
384179ee8fb1fd393558e28ea811532ea776e8cd69f9e94f379ddefb78948bd7
38eb0379c855f10a0e69073af6b54582216fa37b7e2b1563a1246bbf1ef49642
3921a1b162dfde77a136eb59baeab096961820fe6a881d0e66a5b125792dd334
3aa28d56bc3f834097bb4cb2ea00bb917eb479d4bbf40bc60f78419792b6d6b1
3b35b70370fcc687b5a6e48218434c28cb0df1d2cb7342cd317b6f677dea1ef2
3b47682921f659780a201c59ab965f96010044750c9e942913de4ebd5552089d
3edf8088895d073ac0d2fe0b74d3696ae86a87594b7d8fada3737c26863b16ca
41b43f64c3e5d7f9eca80634429adb1b8e0a1c5e1fe67ad71ec651a991ebfe68
41d2526e9c4595fc1fc747555bda18a041033a863a9b2ed180e7b5836918facd
435db380c9936c0970dcd3d9941eab6aec2fcf2a38c3e2b4e02d957e8e76bd1f
440a52c7f8c40cf8196dcc996d579a4019f8b3fef72caf1020babe5340ceba6a
457852000f1b85c1d570224fe5aaacc709625fc3bff458ad4e8a35420d21843d
46f0f6087cee9353ebe9d08263b956097c0d51d7fe2eb31decbba8b19e593166
479f3556d1473c070d612ec14b1308e3b57abbe98f7080e25a84d3ed95c798cb
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
4b8cfbda82e642f849339fbacfa963add5a8bab2dd5d30c9ec86d32ab3b7ed4f
4ce4b53c8102243c8140e5464e30fe9b2cf5383415dba50cfd9fea443a59c0c1
4d45982f2dc34f36c9045ee46a75a1943666bb7fd64e103cac8c7429e7012840
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
519e50788224b3422c6e6b1cce48d5decb83eece248558b54e48f88491e48aa4
525dffff10715b33aeae7a1947853ab50c1957ed411a9b748c4aacabbaae00be
525e7c89461afb3f73ea7030fbceba4f9e9383570159926acee637b4f86b8148
52fde014f3a6a4d8e0dd67abf26ebf7d75ff02c07aab760669ba48eddbc57d94
533a2529f8baafc9116309b0a70f1cddae9d0edd13d5b5fc38d2a1997526e9de
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
54c151ba3c3bfc5f08e1090a569b8c3b78e6b192f9e48dc88b3bd4305a5c8a0a
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
566012676f5d43acfea4dc0bc5d9bb2c0805d8775fcdd081b1c895310956829a
56d23cacbdf2933397dac5bf6badd639ea23c80dd362c098374fa6248a2b9609
582e283baa4cce4006055beb2eb8fe257c1ec5ef573a40f173b880636089e8cd
5a0e2b951191e60b6c3905118d84d9a95a309d355c4eb71dfead2ae2866683ee
5c4a713ee4250851232be9f9f68d41586be39b299528cfc7266e0b0e7e582e1b
5d42c71d5fcfd1c3420fc3e46ea65f9f047d6a7edda0b6afd8221ea73f9743a4
5d72b61d422e2a61bbe8b4019debee3b1e7b76fdb9f6caf9b67afb140d8ce528
5f07d43571a20235b2506061c9729d91179d32b8b3c75123aa8fcd45e60d7541
5f09b062a2f4c5fe159584e4de7bb96d77044147786df2c61ae28481533da6af
5f47c7cd242246e5c38acfeb90fc3191dd9d95a7903ec6757cb358f933bd81a1
5f81f66e7c127b280dee9ac61bae4d734cf888cf7bbbc23b44b869787537cfbc
6087f2cae771671a0d11e0ca2c15492cb73728fdea6c94063ef91ef0710cf785
60c1496f3d7e8ec962ae287133365fbc7b004b497ab1ce72975fa10a05d38c22
60ea65c5df7567e92d3045440207c416bbf29a32a4274bcc38003f74ee18ba4e
619d95e79014193d4dc1b268d8e0568a168f7036151c72ed9c2885c09de2ef21
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
62c5f3d243cc0ca76dd629b71975c00f58d0feb938ad09c98d42af241cf8eef0
658de102c9c6d70011b1fceaa6d215ff66d0396e29b5eb7e616a7588d07feb41
6711235ff8d4bbbd8fe7c1f1f3d687316fef5df78c18cf5e8cff350ca1f90f01
691ed9554f364bfa51f7bdf7f6582bd733c6657dc400841bc19beed6380db07a
69e20e35ff7caa51c8d49b110b24a5bbf07404e186d1fb5d97ab802e5705a14a
6b5c8d91f51169762854ea615b68b58d8476feb78a23860147936c2a4eceb506
6bf1da233645c84549609f619670d4d3e946ac61d516fd53e597c10ad100608a
6d64214135597e3d55f11b45f9660c5b2c6639a7f185f147ea551cfe3621ceca
792c45522c9f8bd4e4b3dd28f8531dbf65662f70b1585b857a6671b4189fce06
79476d7bcb91fed9700565ba20d1a03ffcb707acfa994ca3bd4e31f6c86ec546
799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd
7b348b30ea1fe43857e68fc462c29e5c6e63c97666af75135c4396a272e54762
7be1d1d528903b4815b1427c2fe8a4d67ce4908290804cdafb646330f19886c4
81016ac6be850b72df5d4faa0c3cec8e2c1b0ba0045712144a6766adfad40bee
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
844208d3f740c48ca14df4373b0d232cb9e81f3934b53114833ca717b03a90f5
847a56fa446fc9c5c40f683efcf577883cbcc75156c0c873aa553d136cebf38c
874706b2b1311a0719b5267f7d1cf803057e367e94ae1ff7bf78c5450d30f5d4
88df0b5a7bc397dbc13a26bb8b3742cc62cd1c9b0dded57da7832416d6f52f42
8c05b7200590e5e308649ebb7a8adb74a3b2b7bf1b72b035845cc236e7a9067b
8d6679c1ce1ac8605f5c410f30d1b06713479732043b75e81130cbe21b60e579
8e0ccfb3cf18bf7f6496f79fc4048a24704275c42118d9a2f454c1015338ea81
8fe2bc50ca90d672f435b63b569325b582383587f6e930bc80c6324445b36ff4
953b0fff751dd75339795d118b5c24b69aca2e4d02e0bc5071de1ee2fa13328c
95437c3c93656ab8dff0aab808c0337a0e37dc46fd591921659d4e03d77d6daa
97da1e515bb27bd9d9698f067909ee65561726d4cc0cddf3502f49d1e34bad8c
98137b1ce0730493764b78ed2cdba908bdaa2ae90148674ce875a6f5565ad691
98b7d90beeaf2d2944f47d2c001be5d943d1b6306bbf7dc27c240e092ed8544d
98d2e3edd14aa506c4521125c7cdb7bb3030d7caae5803feec6d2613195ee955
9d8c9f33b16bf4baaf3026a0f7f1a330cfe349a22cfdacd10858ab8ef3d37130
9dd15b489a77a67683ab35ae920f4727bbb389156949159c5370e51229faa176
9efbcce019d86e10a6df0ef85d294da157c33b2094ff82e893e0a99ecb9460fc
9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120
a24e7b3830e2c5212d6ff52b7af0ea8b6d0bb85141bc9c5d9d4534b14bf87a65
a764c9e375792bb434cbf04cd365278786f7bc7a99ab23ef247a5f4aa148e4f8
aa03dc59bdca72631d2301e4297cfa030bd31b907dc138e7b973d12311c90a22
aade7746342f608807b7eb107059c842fe200e1ff09e146db822250055cecaed
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
afb6e94dd3d73ce4039b89c415eca7d81d22c1f2447c05c8858b06af1c44df33
afc255e8e374a37c6529b58332a3463993ac1e7b9cc4da408b4900692ed46339
b107a35c225797ce65637180bec825336adb6cbed91b819a5f2f35c20ede151c
b13b617fecd820f8fddea7983896ec07ff5592de128a501fd9aace3e800b95ea
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b3c2d3f3d593e38aeaac4475993b79953031060c9cdbcb68e57e126921f5d430
b4c57530869a39735d3159065d4c92baee5ace55349f1f4d871599cf0e7d1ba4
b6191750405e05bca87e1834edac86e604657dab290e8f40acf86bdf50247404
bb2fc3583b288ac492fee5cc0279f05eb9b58e8e47db2e1f9ca18ef36d5399a5
bd065f2a1f2651463c205c5a63374b1bb098612578abc3252e8a73f1b99337c9
bdaff86a686857c91db1fbdb6410a07e895ea4ce3ce3bc620911758fde6b85cd
bee9a6889791e9f9144506ac46d438d3cd7208ea97745dfa6867ea28017cf8d5
bf5b911ce6645add415b3dbf40d50dc8cda426f38f5300525bf4793c4131b2c2
c831a58c25f63105a06a622b3435bc6761474664f87e8e7b6ef8dccafa0d890f
c8fffb0b438b7f9403ccd47fddc2de355f2f685fe2f59ac9d4c15f82854d79b1
c955e57777ec0d73639dca6748560d00aa5eb8e12f13ebb2ed9656add3908f97
ca57b79a870bbf54700730858603a70d79743779c1b059922ec401bfddc5adc9
cbc638d89bbce29e9aec95bd0c48c2c6130702eed3969aed4ea80cb31ebfcda7
cd4b4ef2273d11d939cbb51a8a17f2bf456aca54bef585145e2caeb979223d91
cf6fcaf95549d8b23c0088ac230ebc4620c8ba7aab09265befdc4ec1e0628c97
d098f7ac9bc5de08d91e0b01f9eb9ba01cc6a279a256c9c99568840352ee5dff
d0e8821e889280c3b745b859e6b3971924723a4562bac65ba8aa0fe44bfc83b2
d13e591fad5d260884e97a194be69a72eac53978157b95a3f3238a7de511af92
d24578df52d3a3bed3ea5c667a27abe33aea45185294fb59ef776edd0c63c50e
d39aff29486cc008efdc68adb1fcc3ac2752da7371bf1c18010299a8e09784a2
db2bdaad0dc9232fadb3de900bf039a0f356521698f213df1edf601e02a5870d
dc78bf9d45ba93578b2d142f70adc9cfb289f412e25580f74fb587a65fe50d47
e257e7f9f79c6e8bf6bb789f65e3ae2e423a161ef84daef0ef2ae45f91e9c7a2
e2ab52fa8021342e8b19e7780859b8fbd96a395cea150586e9896f6c950eaf65
e334ca19f092778f57815a534078daf8e3fce269e56f7ea374ab3a117eee92ad
e3588e1938b3ec3c40eb97eed6e2c07244d894eaf1b5547f7811875b0ec9f165
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e9e7e5220645f0510938360c6c235f3c037d505b6d6c4fc52983c69ea21fbd55
ea2369a0bbef864bcee79608110843433abcd0771417177f8f09658f0ad88f40
eae0c0cd2b39b972f48a373911918f3ad0d99c96a238990f756923bd9b87ce4e
eb66c7c9d097d5ba414230f422484c17fa6f37157d30e1ded2cc5f65a9667987
ede17d08b29ddd1979a03d59056c753f3c842924f1b2c89ae060aaabf05b6345
ef18198d8cf046833dfb79b0543246b4ad90bea839f33647f6377566c8378236
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
efe991d60c04f9aacb277affdcfd04973376562978309dc1f4351b06bbbb86ec
f34b55b0be7a5111fb8c3d796db990e4d58380266933877f02462626e9a997de
f520d0568285762495b76d8a29697de2c8e8a8e2ac84171b98ffd039355d2a9e
f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860
f5c858874e89e28ab0a16f3bbfa0ae83303f496ded03c7d4f9c9691d0f17bc2b
f627ca4c2c322f15db26152df306bd4f983f0146409b81a4341b9b340c365a16
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
f79c8b55613c2ed9281fb8e4b2f7e6214011d231c2fbc27571fb9732e25a3680
f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d
f9892bb1011c29b51b478b279c86a4bf87c08901be41a9a3c441f0cc0e833f00
fbc6bed540723f219a878e5735ae8cb1c05aa9f7012bf21870cd79e41af25bcd
fe2c8e1464e377e0e004cae5ca02498a306b7090feddbd3abe14d088c5a7bc19

www.fifermods.com Open in urlscan Pro 52.17.119.105 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

309 Requests

93 %HTTPS

44 %IPv6

50 Domains

86 Subdomains

77 IPs

11 Countries

6193 kBTransfer

11555 kBSize

47 Cookies

8 Outgoing links

Page URL History

Redirected requests

309 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 6 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

www.fifermods.com Open in urlscan Pro
52.17.119.105 Public Scan

Screenshot
Live screenshot

Full Image

309
Requests

93 %
HTTPS

44 %
IPv6

50
Domains

86
Subdomains

77
IPs

11
Countries

6193 kB
Transfer

11555 kB
Size

47
Cookies

309 HTTP transactions
6 data transactions