adv-ref-was-sed.was-net-q8.xyz Open in urlscan Pro
2606:4700:3033::ac43:de87 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://adv-ref-was-sed.was-net-q8.xyz/t3lem#.YsHYLi4Fopw.whatsapp
Effective URL:
https://adv-ref-was-sed.was-net-q8.xyz/t3lem/
Submission Tags: falconsandbox
Submission: On July 05 via api (July 5th 2022, 3:41:53 pm UTC) from US — Scanned from DE

Summary HTTP 183 Redirects Links 76 Behaviour Indicators

Summary

This website contacted 31 IPs in 5 countries across 22 domains to perform 183 HTTP transactions. The main IP is 2606:4700:3033::ac43:de87, located in United States and belongs to CLOUDFLARENET, US. The main domain is adv-ref-was-sed.was-net-q8.xyz.
TLS certificate: Issued by E1 on May 14th 2022. Valid for: 3 months.

This is the only time adv-ref-was-sed.was-net-q8.xyz was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
4 7	2606:4700:303... 2606:4700:3033::ac43:de87	13335 (CLOUDFLAR...) (CLOUDFLARENET)
15	2a00:1450:400... 2a00:1450:4001:80e::2002	15169 (GOOGLE) (GOOGLE)
29	69.172.201.191 69.172.201.191	19324 (DOSARREST) (DOSARREST)
1	2a04:4e42::311 2a04:4e42::311	54113 (FASTLY) (FASTLY)
11	104.75.88.126 104.75.88.126	16625 (AKAMAI-AS) (AKAMAI-AS)
1	46.105.201.240 46.105.201.240	16276 (OVH) (OVH)
18	2a00:1450:400... 2a00:1450:4001:82f::2002	15169 (GOOGLE) (GOOGLE)
4	2a00:1450:400... 2a00:1450:4001:82f::200a	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:827::2008	15169 (GOOGLE) (GOOGLE)
1	2600:9000:205... 2600:9000:2057:6e00:18:1fcd:351:7bc1	16509 (AMAZON-02) (AMAZON-02)
1	158.69.251.190 158.69.251.190	16276 (OVH) (OVH)
1	142.250.181.226 142.250.181.226	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:800::2002	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:80f::2002	15169 (GOOGLE) (GOOGLE)
5	2a00:1450:400... 2a00:1450:4001:82f::2003	15169 (GOOGLE) (GOOGLE)
1 42	2a00:1450:400... 2a00:1450:4001:813::2001	15169 (GOOGLE) (GOOGLE)
1	2a02:2638::2 2a02:2638::2	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
1	2a02:2638:1::4 2a02:2638:1::4	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
6	2a00:1450:400... 2a00:1450:4001:830::2002	15169 (GOOGLE) (GOOGLE)
1	104.102.30.13 104.102.30.13	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	34.224.243.79 34.224.243.79	14618 (AMAZON-AES) (AMAZON-AES)
4	2a00:1450:400... 2a00:1450:4001:812::2006	15169 (GOOGLE) (GOOGLE)
7	2a02:2638:1::3 2a02:2638:1::3	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
1	2600:9000:206... 2600:9000:206f:6000:1e:a43d:b640:93a1	16509 (AMAZON-02) (AMAZON-02)
1	178.250.2.148 178.250.2.148	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
1	158.101.26.148 158.101.26.148	31898 (ORACLE-BM...) (ORACLE-BMC-31898)
2	2a00:1450:400... 2a00:1450:4001:827::2003	15169 (GOOGLE) (GOOGLE)
9	178.250.0.139 178.250.0.139	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
2	178.250.0.162 178.250.0.162	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
2 4	2a00:1450:400... 2a00:1450:4001:831::2004	15169 (GOOGLE) (GOOGLE)
183	31

7 2606:4700:3033::ac43:de87 (United States) 4 redirects

ASN13335 (CLOUDFLARENET, US)

adv-ref-was-sed.was-net-q8.xyz	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

15 2a00:1450:4001:80e::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

29 69.172.201.191 (Canada)

ASN19324 (DOSARREST, US)

www.alarabiya.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a04:4e42::311 (United States)

ASN54113 (FASTLY, US)

gumlet.assettype.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 104.75.88.126 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a104-75-88-126.deploy.static.akamaitechnologies.com

s7.addthis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
v1.addthisedge.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
m.addthis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
api-public.addthis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 46.105.201.240 (France)

ASN16276 (OVH, FR)

s10.histats.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

18 2a00:1450:4001:82f::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:82f::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:827::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:2057:6e00:18:1fcd:351:7bc1 (United States)

ASN16509 (AMAZON-02, US)

static.chartbeat.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 158.69.251.190 (Montreal, Canada)

ASN16276 (OVH, FR)
PTR: ns546644.ip-158-69-251.net

s4.histats.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.181.226 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s56-in-f2.1e100.net

partner.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:800::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:80f::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:82f::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

42 2a00:1450:4001:813::2001 (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:2638::2 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

rtb.fr.eu.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:2638:1::4 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

ads.eu.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a00:1450:4001:830::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.102.30.13 (Milan, Italy)

ASN20940 (AKAMAI-ASN1, NL)
PTR: a104-102-30-13.deploy.static.akamaitechnologies.com

z.moatads.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.224.243.79 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-224-243-79.compute-1.amazonaws.com

ping.chartbeat.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:812::2006 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

static.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
s0.2mdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2a02:2638:1::3 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

static.criteo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:206f:6000:1e:a43d:b640:93a1 (United States)

ASN16509 (AMAZON-02, US)

secure-gl.imrworldwide.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 178.250.2.148 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

cat.nl.eu.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 158.101.26.148 (Phoenix, United States)

ASN31898 (ORACLE-BMC-31898, US)

o.addthis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:827::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 178.250.0.139 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)
PTR: pix.par.vip.prod.criteo.com

pix.eu.criteo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 178.250.0.162 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

csm.eu.criteo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:831::2004 (Frankfurt am Main, Germany) 2 redirects

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
57	googlesyndication.com 1 redirects pagead2.googlesyndication.com — Cisco Umbrella Rank: 120 tpc.googlesyndication.com — Cisco Umbrella Rank: 160	801 KB
29	alarabiya.net www.alarabiya.net — Cisco Umbrella Rank: 247275	254 KB
20	doubleclick.net googleads.g.doubleclick.net — Cisco Umbrella Rank: 54 static.doubleclick.net — Cisco Umbrella Rank: 436	861 KB
18	criteo.net static.criteo.net — Cisco Umbrella Rank: 606 pix.eu.criteo.net — Cisco Umbrella Rank: 6881 csm.eu.criteo.net — Cisco Umbrella Rank: 7033	40 KB
11	addthis.com s7.addthis.com — Cisco Umbrella Rank: 1484 m.addthis.com — Cisco Umbrella Rank: 1421 o.addthis.com — Cisco Umbrella Rank: 53438 api-public.addthis.com — Cisco Umbrella Rank: 4298	222 KB
7	gstatic.com www.gstatic.com fonts.gstatic.com	100 KB
7	was-net-q8.xyz 4 redirects adv-ref-was-sed.was-net-q8.xyz	22 KB
6	googletagservices.com www.googletagservices.com — Cisco Umbrella Rank: 179	254 KB
6	google.com 2 redirects adservice.google.com — Cisco Umbrella Rank: 92 www.google.com — Cisco Umbrella Rank: 8	1 KB
4	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 71	3 KB
3	criteo.com rtb.fr.eu.criteo.com — Cisco Umbrella Rank: 13468 ads.eu.criteo.com — Cisco Umbrella Rank: 7052 cat.nl.eu.criteo.com — Cisco Umbrella Rank: 8884	54 KB
2	google.de adservice.google.de — Cisco Umbrella Rank: 7751	914 B
2	histats.com s10.histats.com — Cisco Umbrella Rank: 16196 s4.histats.com — Cisco Umbrella Rank: 13665	5 KB
1	2mdn.net s0.2mdn.net — Cisco Umbrella Rank: 276	48 KB
1	imrworldwide.com secure-gl.imrworldwide.com — Cisco Umbrella Rank: 1303	689 B
1	chartbeat.net ping.chartbeat.net — Cisco Umbrella Rank: 1095	201 B
1	addthisedge.com v1.addthisedge.com — Cisco Umbrella Rank: 1711	907 B
1	moatads.com z.moatads.com — Cisco Umbrella Rank: 406	1 KB
1	googleadservices.com partner.googleadservices.com — Cisco Umbrella Rank: 867	648 B
1	chartbeat.com static.chartbeat.com — Cisco Umbrella Rank: 1217	24 KB
1	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 89	69 KB
1	assettype.com gumlet.assettype.com — Cisco Umbrella Rank: 140218	28 KB
183	22

	Domain	Requested by
42	tpc.googlesyndication.com	1 redirects googleads.g.doubleclick.net adv-ref-was-sed.was-net-q8.xyz tpc.googlesyndication.com pagead2.googlesyndication.com
29	www.alarabiya.net	adv-ref-was-sed.was-net-q8.xyz www.alarabiya.net
17	googleads.g.doubleclick.net	pagead2.googlesyndication.com adv-ref-was-sed.was-net-q8.xyz googleads.g.doubleclick.net
15	pagead2.googlesyndication.com	adv-ref-was-sed.was-net-q8.xyz pagead2.googlesyndication.com googleads.g.doubleclick.net tpc.googlesyndication.com www.googletagservices.com
9	pix.eu.criteo.net	ads.eu.criteo.com
7	static.criteo.net	ads.eu.criteo.com
7	adv-ref-was-sed.was-net-q8.xyz	4 redirects adv-ref-was-sed.was-net-q8.xyz
6	www.googletagservices.com	googleads.g.doubleclick.net
5	www.gstatic.com	googleads.g.doubleclick.net
5	s7.addthis.com	adv-ref-was-sed.was-net-q8.xyz s7.addthis.com
4	www.google.com	2 redirects googleads.g.doubleclick.net tpc.googlesyndication.com
4	fonts.googleapis.com	www.alarabiya.net googleads.g.doubleclick.net
3	api-public.addthis.com	s7.addthis.com
3	static.doubleclick.net	googleads.g.doubleclick.net
2	csm.eu.criteo.net	ads.eu.criteo.com
2	fonts.gstatic.com	fonts.googleapis.com
2	m.addthis.com	s7.addthis.com
2	adservice.google.com	pagead2.googlesyndication.com
2	adservice.google.de	pagead2.googlesyndication.com
1	s0.2mdn.net	tpc.googlesyndication.com
1	o.addthis.com	s7.addthis.com
1	cat.nl.eu.criteo.com	ads.eu.criteo.com
1	secure-gl.imrworldwide.com	ads.eu.criteo.com
1	ping.chartbeat.net	adv-ref-was-sed.was-net-q8.xyz
1	v1.addthisedge.com	s7.addthis.com
1	z.moatads.com	s7.addthis.com
1	ads.eu.criteo.com	googleads.g.doubleclick.net
1	rtb.fr.eu.criteo.com	adv-ref-was-sed.was-net-q8.xyz
1	partner.googleadservices.com	pagead2.googlesyndication.com
1	s4.histats.com	s10.histats.com
1	static.chartbeat.com	adv-ref-was-sed.was-net-q8.xyz
1	www.googletagmanager.com	adv-ref-was-sed.was-net-q8.xyz
1	s10.histats.com	adv-ref-was-sed.was-net-q8.xyz
1	gumlet.assettype.com	adv-ref-was-sed.was-net-q8.xyz
183	34

This site contains links to these domains. Also see Links.

Domain
www.alarabiya.net
www.alhadath.net
english.alarabiya.net
farsi.alarabiya.net
urdu.alarabiya.net
www.facebook.com
twitter.com
www.twitter.com
www.instagram.com
www.snapchat.com
www.youtube.com
www.telegram.me
www.linkedin.com
www.addthis.com

Subject Issuer	Validity	Valid
*.was-net-q8.xyz E1	`2022-05-14` - `2022-08-12`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2022-06-06` - `2022-08-29`	3 months	crt.sh
*.alarabiya.net DigiCert TLS RSA SHA256 2020 CA1	`2021-10-10` - `2022-11-10`	a year	crt.sh
gumlet.assettype.com Sectigo RSA Domain Validation Secure Server CA	`2021-10-08` - `2022-10-08`	a year	crt.sh
odc-addthis-prod-01.oracle.com DigiCert SHA2 Secure Server CA	`2022-02-27` - `2023-02-28`	a year	crt.sh
histats.com R3	`2022-04-19` - `2022-07-18`	3 months	crt.sh
upload.video.google.com GTS CA 1C3	`2022-06-06` - `2022-08-29`	3 months	crt.sh
*.google-analytics.com GTS CA 1C3	`2022-06-20` - `2022-09-12`	3 months	crt.sh
*.chartbeat.com Thawte RSA CA 2018	`2022-05-06` - `2023-06-03`	a year	crt.sh
*.googleadservices.com GTS CA 1C3	`2022-06-06` - `2022-08-29`	3 months	crt.sh
*.google.de GTS CA 1C3	`2022-06-06` - `2022-08-29`	3 months	crt.sh
*.google.com GTS CA 1C3	`2022-06-20` - `2022-09-12`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2022-06-06` - `2022-08-29`	3 months	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2022-06-06` - `2022-08-29`	3 months	crt.sh
*.fr.eu.criteo.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-05-18` - `2022-08-13`	3 months	crt.sh
*.eu.criteo.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-05-27` - `2022-08-25`	3 months	crt.sh
moatads.com DigiCert SHA2 Secure Server CA	`2021-11-27` - `2022-11-29`	a year	crt.sh
*.chartbeat.net Thawte RSA CA 2018	`2021-12-01` - `2022-12-30`	a year	crt.sh
*.doubleclick.net GTS CA 1C3	`2022-06-06` - `2022-08-29`	3 months	crt.sh
*.criteo.net DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-06-21` - `2022-09-23`	3 months	crt.sh
*.imrworldwide.com DigiCert TLS RSA SHA256 2020 CA1	`2022-01-04` - `2023-02-03`	a year	crt.sh
*.nl.eu.criteo.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-05-22` - `2022-08-24`	3 months	crt.sh
*.addthis.com DigiCert TLS RSA SHA256 2020 CA1	`2022-01-10` - `2023-02-10`	a year	crt.sh
*.eu.criteo.net DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-06-12` - `2022-09-12`	3 months	crt.sh

This page contains 23 frames:

Primary Page: https://adv-ref-was-sed.was-net-q8.xyz/t3lem/
Frame ID: 1E78E81479922FB4261C811E9321C8A4
Requests: 69 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20220629/r20190131/zrt_lookup.html
Frame ID: 2B28148F4923F6A23E7394B5FDBF7360
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5290359410522938&output=html&adk=1812271804&adf=3025194257&lmt=1657035704&plat=9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32&format=0x0&url=https%3A%2F%2Fadv-ref-was-sed.was-net-q8.xyz%2Ft3lem%2F%23.YsHYLi4Fopw.whatsapp&ea=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1657035704612&bpp=161&bdt=150&idt=309&shv=r20220629&mjsv=m202206300101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=7569773864212&frm=20&pv=2&ga_vid=2068434089.1657035705&ga_sid=1657035705&ga_hid=1990264797&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C44766559%2C31068195%2C31068227&oid=2&pvsid=3494507679520155&tmod=1946640962&uas=0&nvt=1&eae=2&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=1&uci=a!1&fsb=1&dtd=324
Frame ID: 0F2C0A9AD6A3F727AD11EFE52CDEEECA
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5290359410522938&output=html&h=280&slotname=7165497559&adk=3290198356&adf=4054720894&pi=t.ma~as.7165497559&w=1200&fwrn=4&fwrnh=100&lmt=1657035704&rafmt=1&psa=0&format=1200x280&url=https%3A%2F%2Fadv-ref-was-sed.was-net-q8.xyz%2Ft3lem%2F%23.YsHYLi4Fopw.whatsapp&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1657035704793&bpp=8&bdt=331&idt=149&shv=r20220629&mjsv=m202206300101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=7569773864212&frm=20&pv=1&ga_vid=2068434089.1657035705&ga_sid=1657035705&ga_hid=1990264797&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=400&ady=216&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C44766559%2C31068195%2C31068227&oid=2&pvsid=3494507679520155&tmod=1946640962&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=aeOCsfZDHd&p=https%3A//adv-ref-was-sed.was-net-q8.xyz&dtd=154
Frame ID: CE4E7ADFF425CAFDD0A76667A72F4F49
Requests: 15 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5290359410522938&output=html&h=280&slotname=3018039299&adk=872464073&adf=2755099660&pi=t.ma~as.3018039299&w=706&fwrn=4&fwrnh=100&lmt=1657035704&rafmt=1&psa=0&format=706x280&url=https%3A%2F%2Fadv-ref-was-sed.was-net-q8.xyz%2Ft3lem%2F%23.YsHYLi4Fopw.whatsapp&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1657035704801&bpp=14&bdt=339&idt=151&shv=r20220629&mjsv=m202206300101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280&nras=1&correlator=7569773864212&frm=20&pv=1&ga_vid=2068434089.1657035705&ga_sid=1657035705&ga_hid=1990264797&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=605&ady=1216&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C44766559%2C31068195%2C31068227&oid=2&pvsid=3494507679520155&tmod=1946640962&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=3&uci=a!3&btvi=1&fsb=1&xpc=vY6zCfXOvn&p=https%3A//adv-ref-was-sed.was-net-q8.xyz&dtd=154
Frame ID: C67E2A59D88EDD70FB0DF8DEBEA014D4
Requests: 13 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5290359410522938&output=html&h=280&slotname=4153775738&adk=603482819&adf=2726949972&pi=t.ma~as.4153775738&w=706&fwrn=4&fwrnh=100&lmt=1657035704&rafmt=1&psa=0&format=706x280&url=https%3A%2F%2Fadv-ref-was-sed.was-net-q8.xyz%2Ft3lem%2F%23.YsHYLi4Fopw.whatsapp&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1657035704815&bpp=2&bdt=352&idt=143&shv=r20220629&mjsv=m202206300101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280%2C706x280&nras=1&correlator=7569773864212&frm=20&pv=1&ga_vid=2068434089.1657035705&ga_sid=1657035705&ga_hid=1990264797&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=605&ady=1754&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C44766559%2C31068195%2C31068227&oid=2&pvsid=3494507679520155&tmod=1946640962&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=4&uci=a!4&btvi=2&fsb=1&xpc=bShHBUc4k2&p=https%3A//adv-ref-was-sed.was-net-q8.xyz&dtd=145
Frame ID: DFB0115D2CB8933077EB77EA42B99FEF
Requests: 12 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5290359410522938&output=html&h=90&adk=4204718025&adf=2221415025&pi=t.aa~a.1744094222~rp.1&w=1200&fwrn=4&fwrnh=100&lmt=1657035705&rafmt=1&to=qs&pwprc=6468772052&psa=0&format=1200x90&url=https%3A%2F%2Fadv-ref-was-sed.was-net-q8.xyz%2Ft3lem%2F%23.YsHYLi4Fopw.whatsapp&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1657035705309&bpp=1&bdt=846&idt=1&shv=r20220629&mjsv=m202206300101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Df3687b9d5267f0d0-226e43f6c5cd00d4%3AT%3D1657035704%3ART%3D1657035704%3AS%3DALNI_MY22cy_diFmBiqUsTZStrefkT2DCw&prev_fmts=0x0%2C1200x280%2C706x280%2C706x280&nras=2&correlator=7569773864212&frm=20&pv=1&ga_vid=2068434089.1657035705&ga_sid=1657035705&ga_hid=1990264797&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=2544&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C44766559%2C31068195%2C31068227&oid=2&pvsid=3494507679520155&tmod=1946640962&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=5&uci=a!5&btvi=3&fsb=1&xpc=Hm1qEAuo4Z&p=https%3A//adv-ref-was-sed.was-net-q8.xyz&dtd=13
Frame ID: 6D46246BB8840613F02B625FFF8A9682
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20220629/r20110914/zrt_lookup.html?fsb=1
Frame ID: 4D3670B0CD3937F1EC1E0B7589D97D87
Requests: 5 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20220629/r20110914/zrt_lookup.html?fsb=1
Frame ID: 18C39668B63CE9CC1280248CC6EF7D77
Requests: 8 HTTP requests in this frame

Frame: https://ads.eu.criteo.com/delivery/r/afr.php?z=YsRbuQAADhsK3o4nAAwMBQm_6tOD3kzbW-Cn1Q&u=%7ChAqs%2By45nczo5ynQN2pTIh38m1emOFeUKsDP0lDGOJA%3D%7C&c1=0n2XosTo5ckbeNFvq0zVIcsyhyT3WKD0PIixkNz--ZUG2JILUkurhSkBmqMNl2IWHL9APLQJ6z1MiR3q3hC860tTybkW7qZn8kmuyTGI-gU2KUpamohAqlKvHLlSzC3AKpjZG6dFM-tBxAu9qY_nY9JjR-QIwjrM-6dBxDW_Slyy2pRFtz6iGuUJ2eBkq9IabrspZlWdbo6LMh97GBbpTEdPXAUuk-PJLlwV8RjUl-ZX6qaXPQ_l3BPK00WNAvablcG_LblOSpSFqc7KqoN8ioQxanaVM7u_oAGLoP3Q3dK1QNExgAxmEVSCnrDgj5Ba-XZesech3QuPnPEAs8zH9svwggCxROfMvkMlaawXnq0xP4Aqzkm2XooUUp06PxCUSGbpffYY4xGpIv1_NqhUKSGBp7ycnn2ZUhq78jpBjqY0ygBhO5hNA00JD_E2r-7VVvxd5cyokwOzWLH5mSgidO6hb0F3cBdRyTWPX8iCycE&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCvp0luVvEYpscp5z6BoWYsOADyZ7SsVzNo5b3cMCNtwEQASAAYJWCgICwB4IBF2NhLXB1Yi01MjkwMzU5NDEwNTIyOTM4oAHVttLqA8gBCakCIS_flVRGsT6oAwGqBJICT9BxXDiPkuk0Lj5q3lqXYMv6SpJDbA9Fxw9mL4zlP8mWL1LxCfuDS_IWl9ztkF02X-Ct4aRx16ff01WWUeW3bw2qLjc9QQ-ffoBWh6A8R2uBpmjuKGAaRibcKRIUufM3aWNUuprDKq-rn5IJHwHIoJA_SPHcnbLQPTXlF4pZRWMfbVN9PLIsFWY-ewwVPjxY5oNiUCt76vJlKq1pVSBVUfBFMS6jv93-bD_L1NHUz-nx9JfcQO45n7uh0z_luRupN5U6yHLn0TSblTHvFut9aMSRD9oQKgbhu70vqlu5gY5YPHcly9dNInU6zfmcRhrk6nEp7Ti0o8kcZrv12A1LPnMkRCQqu8zAXVS7NOEWfbocQYAG1KCKy6SbqKNsoAYhqAeKmLECqAemvhuoB5bYG6gHqpuxAqgH35-xAtgHANIIDwiA4YAQEAEyAqoCOgKAQPoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_3Rm2SnduqAQ0HRvBskJ9apLUVoqQ%26client%3Dca-pub-5290359410522938%26adurl%3D
Frame ID: 53D3A994364580606FF4336D1269DD97
Requests: 21 HTTP requests in this frame

Frame: https://s7.addthis.com/static/sh.f48a1a04fe8dbf021b4cda1d.html
Frame ID: 4D14DFFBF1A86EDD505EEC55FFD03354
Requests: 1 HTTP requests in this frame

Frame: https://s7.addthis.com/static/sh.f48a1a04fe8dbf021b4cda1d.html
Frame ID: 79F3944EC8442EB2940FA33F54AFD5D3
Requests: 3 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/pagead/js/r20220629/r20110914/client/load_preloaded_resource_fy2021.js
Frame ID: 468293C7543801AC72710B9E4B2FF300
Requests: 6 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Frame ID: 311392D1EBB14B9B848C90372980CF29
Requests: 2 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/edue1xTc5YuiZOhJi4VIA_c20CetZt5T9y7Q3cNnrTA.js
Frame ID: DBC9ED96B5BA5427E5697BBA66700809
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/edue1xTc5YuiZOhJi4VIA_c20CetZt5T9y7Q3cNnrTA.js
Frame ID: EC3C96377BB2CFD7DD1AFE091CB59D08
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/edue1xTc5YuiZOhJi4VIA_c20CetZt5T9y7Q3cNnrTA.js
Frame ID: 9710FD42C4EC93AEDF3F729FDED0051D
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/2795378711239061479/728_90_WT_Viking_fury.html
Frame ID: 2B6EF36E9E02D5029983096D61847FA0
Requests: 15 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/adview?ai=C0IAkuVvEYu32FZ6e1fAPg8OZ8AGL37qoYeznpeyDC_rIqfeDCRABIMXdqS9glYKAgLAHoAHz08vTA8gBCakCIS_flVRGsT6oAwHIA0iqBKICT9BvP4Qzci8WNID6brb93Eme21sRpQD9VTNPy-zPdEOmLA2r5yWE0LffJqMj3TiSuehXjx1Grcs45sMlXjGFEDeyUoV9qIwjLdvQAASEU7LISz9MGKZ81izkPwUpGDxgQhGtyrpEbpKt8Mw0EgYUFgEklCvxoE-QU_DE1oaY1kLhqZ4lwjKYvMUxlXBBeaG19UtHCGJxiXUsTKuoStoQ-uDyg2VFd7lVYedf5AMQI-5orF3QLsPj0GrCy_DUCleYlGXYTJgkXbAM0k5ummyHg87Oa5j8yHu32DXOALDon5_x4wREHfefVZbLtOFCuJle3FyPE35GMM7rqSpG4BfKiBqHvxjq8bjbiK14rRiXuQgNSza24AfELRVkab31BbPvLNLABJ-T97nuApIFBAgEGAGSBQQIBRgEkgUECAUYGJIFBQgFGKgBoAYugAfPl7ovqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhvYBwDyBwQQkvkT0ggRCIDhgBAQARgfMgKqAjoCgECACgHICwHYEwLQFQGAFwGyFxwKGggAEhRwdWItNTI5MDM1OTQxMDUyMjkzOBgA&sigh=kaJixshVsVk&uach_m=[UACH]&template_id=419
Frame ID: 3D8E8AB7342568B64A480FA1A190606B
Requests: 8 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Frame ID: CBA40EBF83EDCF64D21DB9BB3CBB11CD
Requests: 2 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/edue1xTc5YuiZOhJi4VIA_c20CetZt5T9y7Q3cNnrTA.js
Frame ID: 18FDDB0F103C6A8C8C3E57EF719D1AF8
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 46BE673B6615B64CA39AB609C8445496
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 6943823F3934FA5DE8C6654526023837
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

رسميًا.. وزارة التعليم تعلن إلغاء اختبار القدرات قياسFacebookTwitterAddThisWhatsAppTelegramFacebookTwitterAddThisWhatsAppTelegram

Page URL History Show full URLs

https://adv-ref-was-sed.was-net-q8.xyz/t3lem HTTP 301
http://adv-ref-was-sed.was-net-q8.xyz/t3lem/ HTTP 301
https://adv-ref-was-sed.was-net-q8.xyz/t3lem/ Page URL

Detected technologies

AddThis (Widgets) Expand

DoubleClick Campaign Manager (DCM) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

2mdn\.net

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/
2mdn\.net

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js

Moat (Analytics) Expand

Overall confidence: 100%
Detected patterns

moatads\.com

Page Statistics

183
Requests

93 %
HTTPS

63 %
IPv6

22
Domains

34
Subdomains

31
IPs

5
Countries

2787 kB
Transfer

7246 kB
Size

25
Cookies

76 Outgoing links

These are links going to different origins than the main page.

URL: https://www.alarabiya.net/min-alharamain.html
Title: من الحرمين

Search URL Search Domain Scan URL

URL: https://www.alarabiya.net/fm
Title: العربية FM

Search URL Search Domain Scan URL

URL: https://www.alhadath.net/
Title: الحدث

Search URL Search Domain Scan URL

URL: https://english.alarabiya.net/
Title: English

Search URL Search Domain Scan URL

URL: https://www.alarabiya.net/
Title: عربي

Search URL Search Domain Scan URL

URL: https://farsi.alarabiya.net/
Title: فارسي

Search URL Search Domain Scan URL

URL: https://urdu.alarabiya.net/
Title: اردو

Search URL Search Domain Scan URL

URL: https://www.alarabiya.net/ar
Title: الرئيسية

Search URL Search Domain Scan URL

URL: https://www.alarabiya.net/latest-news
Title: الأخبار

Search URL Search Domain Scan URL

URL: https://www.alarabiya.net/arab-and-world/gulf
Title: الخليج العربي

Search URL Search Domain Scan URL

URL: https://www.alarabiya.net/arab-and-world
Title: العرب والعالم

Search URL Search Domain Scan URL

URL: https://www.alarabiya.net/arab-and-world/syria
Title: سوريا

Search URL Search Domain Scan URL

URL: https://www.alarabiya.net/arab-and-world/yemen
Title: اليمن

Search URL Search Domain Scan URL

URL: https://www.alarabiya.net/north-africa
Title: المغرب العربي

Search URL Search Domain Scan URL

URL: https://www.alarabiya.net/arab-and-world/egypt
Title: مصر

Search URL Search Domain Scan URL

URL: https://www.alarabiya.net/arab-and-world/american-elections-2016
Title: أميركا

Search URL Search Domain Scan URL

URL: https://www.alarabiya.net/iran
Title: إيران

Search URL Search Domain Scan URL

URL: https://www.alarabiya.net/arab-and-world/iraq
Title: العراق

Search URL Search Domain Scan URL

URL: https://www.alarabiya.net/saudi-today
Title: السعودية

Search URL Search Domain Scan URL

URL: https://www.alarabiya.net/1300GMT
Title: الرابعة

Search URL Search Domain Scan URL

URL: https://www.alarabiya.net/aswaq
Title: أسواق

Search URL Search Domain Scan URL

URL: https://www.alarabiya.net/aswaq/news
Title: آخر الأخبار

Search URL Search Domain Scan URL

URL: https://www.alarabiya.net/aswaq/special-stories
Title: قصص اقتصادية

Search URL Search Domain Scan URL

URL: https://www.alarabiya.net/aswaq/financial-markets
Title: أسواق المال

Search URL Search Domain Scan URL

URL: https://www.alarabiya.net/aswaq/economy
Title: اقتصاد

Search URL Search Domain Scan URL

URL: https://www.alarabiya.net/aswaq/realestate
Title: عقارات

Search URL Search Domain Scan URL

URL: https://www.alarabiya.net/aswaq/oil-and-gas
Title: طاقة

Search URL Search Domain Scan URL

URL: https://www.alarabiya.net/aswaq/travel-and-tourism
Title: سياحة

Search URL Search Domain Scan URL

URL: https://www.alarabiya.net/aswaq/videos/inshort
Title: باختصار

Search URL Search Domain Scan URL

URL: https://www.alarabiya.net/aswaq/videos
Title: نشرات اقتصادية

Search URL Search Domain Scan URL

URL: https://www.alarabiya.net/sport
Title: رياضة

Search URL Search Domain Scan URL

URL: https://www.alarabiya.net/alarabiya-videos
Title: العربية TV

Search URL Search Domain Scan URL

URL: https://www.alarabiya.net/alarabiya-today
Title: فيديو

Search URL Search Domain Scan URL

URL: https://www.alarabiya.net/alarabiya-media
Title: العربية ميديا

Search URL Search Domain Scan URL

URL: https://www.alarabiya.net/programs
Title: البرامج

Search URL Search Domain Scan URL

URL: https://www.alarabiya.net/variety
Title: منوعات

Search URL Search Domain Scan URL

URL: https://www.alarabiya.net/medicine-and-health
Title: صحة

Search URL Search Domain Scan URL

URL: https://www.alarabiya.net/technology
Title: تكنولوجيا

Search URL Search Domain Scan URL

URL: https://www.alarabiya.net/social-media
Title: سوشيال ميديا

Search URL Search Domain Scan URL

URL: https://www.alarabiya.net/culture-and-art
Title: ثقافة وفن

Search URL Search Domain Scan URL

URL: https://www.alarabiya.net/fashion-beauty
Title: ستايل

Search URL Search Domain Scan URL

URL: https://www.alarabiya.net/science
Title: علم

Search URL Search Domain Scan URL

URL: https://www.alarabiya.net/views
Title: مقالات

Search URL Search Domain Scan URL

URL: https://www.alarabiya.net/last-page
Title: الأخيرة

Search URL Search Domain Scan URL

URL: https://www.alarabiya.net/coronavirus
Title: فيروس كورونا

Search URL Search Domain Scan URL

URL: https://www.alarabiya.net/podcast
Title: بودكاست

Search URL Search Domain Scan URL

URL: https://www.alarabiya.net/arab-and-world/sudan
Title: روسيا وأوكرانيا

Search URL Search Domain Scan URL

URL: https://www.alarabiya.net/ar/tools/kickers?kicker=%D8%A7%D9%86%D9%81%D8%AC%D8%A7%D8%B1%20%D8%A8%D9%8A%D8%B1%D9%88%D8%AA
Title: الأزمة الليبية

Search URL Search Domain Scan URL

URL: https://www.alarabiya.net/programs/khota7
Title: على خطى العرب

Search URL Search Domain Scan URL

URL: https://www.alarabiya.net/programs/interactions
Title: تفاعل com

Search URL Search Domain Scan URL

URL: https://www.alarabiya.net/programs/direct-question
Title: سؤال مباشر

Search URL Search Domain Scan URL

URL: https://www.alarabiya.net/saudi-today/views
Title: الآراء

Search URL Search Domain Scan URL

URL: https://www.facebook.com/sharer/sharer.php?u=https://adv-ref-was-sed.was-net-q8.xyz/t3lem&quote=%D8%B1%D8%B3%D9%85%D9%8A%D9%8B%D8%A7..%20%D9%88%D8%B2%D8%A7%D8%B1%D8%A9%20%D8%A7%D9%84%D8%AA%D8%B9%D9%84%D9%8A%D9%85%20%D8%AA%D8%B9%D9%84%D9%86%20%D8%A5%D9%84%D8%BA%D8%A7%D8%A1%20%D8%A7%D8%AE%D8%AA%D8%A8%D8%A7%D8%B1%20%D8%A7%D9%84%D9%82%D8%AF%D8%B1%D8%A7%D8%AA%20%D9%82%D9%8A%D8%A7%D8%B3

Search URL Search Domain Scan URL

URL: https://twitter.com/share?url=https://adv-ref-was-sed.was-net-q8.xyz/t3lem&text=%D8%B1%D8%B3%D9%85%D9%8A%D9%8B%D8%A7..%20%D9%88%D8%B2%D8%A7%D8%B1%D8%A9%20%D8%A7%D9%84%D8%AA%D8%B9%D9%84%D9%8A%D9%85%20%D8%AA%D8%B9%D9%84%D9%86%20%D8%A5%D9%84%D8%BA%D8%A7%D8%A1%20%D8%A7%D8%AE%D8%AA%D8%A8%D8%A7%D8%B1%20%D8%A7%D9%84%D9%82%D8%AF%D8%B1%D8%A7%D8%AA%20%D9%82%D9%8A%D8%A7%D8%B3

Search URL Search Domain Scan URL

URL: https://www.alarabiya.net/saudi-today/videos
Title: نشرة الرابعة

Search URL Search Domain Scan URL

URL: https://www.alarabiya.net/sport/saudi-sport
Title: رياضة سعودية

Search URL Search Domain Scan URL

URL: https://www.alarabiya.net/sport/arab-sport
Title: رياضة عربية

Search URL Search Domain Scan URL

URL: https://www.alarabiya.net/sport/international-sport
Title: رياضة عالمية

Search URL Search Domain Scan URL

URL: https://www.alarabiya.net/sport/other-sport
Title: رياضات أخرى

Search URL Search Domain Scan URL

URL: https://www.alarabiya.net/sport/views
Title: الآراء

Search URL Search Domain Scan URL

URL: https://www.alarabiya.net/politics
Title: آراء سياسية

Search URL Search Domain Scan URL

URL: https://www.facebook.com/AlArabiya/

Search URL Search Domain Scan URL

URL: https://www.twitter.com/AlArabiya/

Search URL Search Domain Scan URL

URL: https://www.instagram.com/alarabiya/

Search URL Search Domain Scan URL

URL: https://www.snapchat.com/discover/Al-Arabiya/0445020355

Search URL Search Domain Scan URL

URL: https://www.youtube.com/alarabiya/

Search URL Search Domain Scan URL

URL: https://www.telegram.me/alarabiya/

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/company/alarabiya/

Search URL Search Domain Scan URL

URL: https://www.alarabiya.net/applications.html
Title: تطبيقات العربية

Search URL Search Domain Scan URL

URL: https://www.alarabiya.net/tools/mrss
Title: خدمة RSS

Search URL Search Domain Scan URL

URL: https://www.alarabiya.net/tools/privacy-policy
Title: سياسة الخصوصية

Search URL Search Domain Scan URL

URL: https://www.alarabiya.net/service-provider
Title: مزودو الخدمة

Search URL Search Domain Scan URL

URL: https://www.alarabiya.net/tools/%D8%AD%D9%88%D9%84-%D8%A7%D9%84%D8%B9%D8%B1%D8%A8%D9%8A%D8%A9
Title: حول العربية

Search URL Search Domain Scan URL

URL: https://www.alarabiya.net/alarabiya-frequencies
Title: ترددات العربية

Search URL Search Domain Scan URL

URL: https://www.alarabiya.net/tools/contact-us
Title: اتصل بنا

Search URL Search Domain Scan URL

URL: https://www.addthis.com/website-tools/overview?utm_source=AddThis%20Tools&utm_medium=image
Title: AddThis

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://adv-ref-was-sed.was-net-q8.xyz/t3lem HTTP 301
http://adv-ref-was-sed.was-net-q8.xyz/t3lem/ HTTP 301
https://adv-ref-was-sed.was-net-q8.xyz/t3lem/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 8

https://adv-ref-was-sed.was-net-q8.xyz/.resources/aa-fe-templating/webresources/dist/app.bundle.js?random=0301 HTTP 301
https://adv-ref-was-sed.was-net-q8.xyz/

Request Chain 9

https://adv-ref-was-sed.was-net-q8.xyz/.resources/aa-fe-templating/webresources/js/js_cleverTapEvnets.js?random=0301 HTTP 301
https://adv-ref-was-sed.was-net-q8.xyz/

Request Chain 107

https://tpc.googlesyndication.com/pageadimg/imgad?id=CICAgKDnj86ZywEQ9AMY9AMyCGN8MsJOAEwL HTTP 301
https://tpc.googlesyndication.com/simgad/4091503581208051288

Request Chain 148

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Request Chain 169

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

183 HTTP transactions
9 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request / Show response
adv-ref-was-sed.was-net-q8.xyz/t3lem/
Redirect Chain

https://adv-ref-was-sed.was-net-q8.xyz/t3lem
http://adv-ref-was-sed.was-net-q8.xyz/t3lem/
https://adv-ref-was-sed.was-net-q8.xyz/t3lem/

52 KB
10 KB

42ms
42ms

Document
text/html

2606:4700:3033::ac43:de87
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://adv-ref-was-sed.was-net-q8.xyz/t3lem/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3033::ac43:de87 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f342b3a2b1527943b31231eec77d35ca0f3368a37c044f29b0a30acce6acda58

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 726134e0acaf8ff2-FRA
content-encoding: br
content-type: text/html; charset=UTF-8
date: Tue, 05 Jul 2022 15:41:44 GMT
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6V%2BptSygMEIqxMRmy%2BZwH59zyeselXYbVJjVUvYqccn%2F9GkpIJYnQQY6ujUjc9wcYTqyrlgQi3D%2BZmYtWdB7vDE%2FzcBFp%2BS7BxohC3ICE8%2FAtjHfWvCjmWOYamt1oqF7LpGxyxhR3J3pEFQLPL4bjEgGZ%2BfVEMAWObjaeDo%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
strict-transport-security: max-age=0; includeSubDomains; preload
vary: Accept-Encoding
x-content-type-options: nosniff

Redirect headers

CF-RAY: 726134e069dd995a-FRA
Cache-Control: max-age=3600
Connection: keep-alive
Date: Tue, 05 Jul 2022 15:41:44 GMT
Expires: Tue, 05 Jul 2022 16:41:44 GMT
Location: https://adv-ref-was-sed.was-net-q8.xyz/t3lem/
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FeOpmf3JtjBSvLGyaPlDGq4pHQwvSfZu8m7aqyoJ8LOJFH%2BeG36zt%2Fq3WWZZmgd9hCFwSvaZcPY%2BfUg8%2FkOhpkXWZ4lzydollyavP5r1whNPbPCUFf%2BtEXQoiHQvy3ow8Qa1M8rHMCkJUHY6Mwgzmj0%2Ba2iapKx%2FYBNn1Dc%3D"}],"group":"cf-nel","max_age":604800}
Server: cloudflare
Transfer-Encoding: chunked
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ 161 KB
56 KB 96ms
45ms Script
text/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-5290359410522938

Requested by

Host: adv-ref-was-sed.was-net-q8.xyz
URL: https://adv-ref-was-sed.was-net-q8.xyz/t3lem/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

5d8b143fe19bb0ab2623ed33513935d65e6ca2def66d93ce8a4e74562b6a91f5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://adv-ref-was-sed.was-net-q8.xyz/
Origin: https://adv-ref-was-sed.was-net-q8.xyz
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Tue, 05 Jul 2022 15:41:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 56337
x-xss-protection: 0
server: cafe
etag: 11092080922229714660
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Tue, 05 Jul 2022 15:41:44 GMT

GET
H2 200 font-faces.css
www.alarabiya.net/.resources/aa-fe-templating/webresources/dist/ 3 KB
776 B 174ms
98ms Stylesheet
text/css 69.172.201.191
DOSARREST

General

Check archive.org

Show headers Download Go to

Full URL

https://www.alarabiya.net/.resources/aa-fe-templating/webresources/dist/font-faces.css?random=0301

Requested by

Host: adv-ref-was-sed.was-net-q8.xyz
URL: https://adv-ref-was-sed.was-net-q8.xyz/t3lem/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

69.172.201.191 , Canada, ASN19324 (DOSARREST, US),

Reverse DNS

Software

Resource Hash

83c53d2718510cafd60eaa7dc717f5a1360bcd96ccc360e70c6bef4522d07482

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://adv-ref-was-sed.was-net-q8.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Tue, 05 Jul 2022 15:41:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
content-type: text/css;charset=UTF-8
cache-control: max-age=3600, public, proxy-revalidate
strict-transport-security: max-age=63072000
vary: Accept-Encoding
content-length: 375
x-xss-protection: 1; mode=block
x-dis-request-id: 2b0b996e6d1b8cd27b36f375623427a3

GET
H2 200 structure.css
www.alarabiya.net/.resources/aa-fe-templating/webresources/dist/ 658 KB
81 KB 173ms
98ms Stylesheet
text/css 69.172.201.191
DOSARREST

General

Check archive.org

Show headers Download Go to

Full URL

https://www.alarabiya.net/.resources/aa-fe-templating/webresources/dist/structure.css?random=0301

Requested by

Host: adv-ref-was-sed.was-net-q8.xyz
URL: https://adv-ref-was-sed.was-net-q8.xyz/t3lem/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

69.172.201.191 , Canada, ASN19324 (DOSARREST, US),

Reverse DNS

Software

Resource Hash

b76ee856ffad32771a86e7bf2a4c125a68a8b26e19d3b8a10bda52bf1da85687

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://adv-ref-was-sed.was-net-q8.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Tue, 05 Jul 2022 15:41:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
content-type: text/css;charset=UTF-8
cache-control: max-age=3600, public, proxy-revalidate
strict-transport-security: max-age=63072000
vary: Accept-Encoding
content-length: 82252
x-xss-protection: 1; mode=block
x-dis-request-id: 0785539f0697d1eb8a2e29218ce14e8e

GET
H2 200 app.css
www.alarabiya.net/.resources/aa-fe-templating/webresources/dist/ 125 KB
22 KB 172ms
97ms Stylesheet
text/css 69.172.201.191
DOSARREST

General

Check archive.org

Show headers Download Go to

Full URL

https://www.alarabiya.net/.resources/aa-fe-templating/webresources/dist/app.css?random=0301

Requested by

Host: adv-ref-was-sed.was-net-q8.xyz
URL: https://adv-ref-was-sed.was-net-q8.xyz/t3lem/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

69.172.201.191 , Canada, ASN19324 (DOSARREST, US),

Reverse DNS

Software

Resource Hash

129b19dacd43d31998736dd3c9390f52a92d287dfa4e1d55822549dd202be417

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://adv-ref-was-sed.was-net-q8.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Tue, 05 Jul 2022 15:41:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
content-type: text/css;charset=UTF-8
cache-control: max-age=3600, public, proxy-revalidate
strict-transport-security: max-age=63072000
vary: Accept-Encoding
content-length: 22529
x-xss-protection: 1; mode=block
x-dis-request-id: bb170ecccf87b4f5db95075fd36b9672

GET
H2 200 ar.typography.css
www.alarabiya.net/.resources/aa-fe-templating/webresources/dist/ 240 KB
21 KB 107ms
33ms Stylesheet
text/css 69.172.201.191
DOSARREST

General

Check archive.org

Show headers Download Go to

Full URL

https://www.alarabiya.net/.resources/aa-fe-templating/webresources/dist/ar.typography.css?random=0301

Requested by

Host: adv-ref-was-sed.was-net-q8.xyz
URL: https://adv-ref-was-sed.was-net-q8.xyz/t3lem/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

69.172.201.191 , Canada, ASN19324 (DOSARREST, US),

Reverse DNS

Software

Resource Hash

8319156ad5064aa6b154ffa69cacf57e9e591c8e71b7b5bc7407645a115273fa

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://adv-ref-was-sed.was-net-q8.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Tue, 05 Jul 2022 15:41:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
content-type: text/css;charset=UTF-8
cache-control: max-age=3600, public, proxy-revalidate
strict-transport-security: max-age=63072000
vary: Accept-Encoding
content-length: 21302
x-xss-protection: 1; mode=block
x-dis-request-id: e91af73ebc300c438fd61f3e08092e9e

GET
H2 200 master.theme.css
www.alarabiya.net/.resources/aa-fe-templating/webresources/dist/ 690 KB
59 KB 139ms
65ms Stylesheet
text/css 69.172.201.191
DOSARREST

General

Check archive.org

Show headers Download Go to

Full URL

https://www.alarabiya.net/.resources/aa-fe-templating/webresources/dist/master.theme.css?random=0301

Requested by

Host: adv-ref-was-sed.was-net-q8.xyz
URL: https://adv-ref-was-sed.was-net-q8.xyz/t3lem/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

69.172.201.191 , Canada, ASN19324 (DOSARREST, US),

Reverse DNS

Software

Resource Hash

ef69602a6e876c5efe14b8e1b04f6fc02d63d0380adc40b76fb07385851799f6

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://adv-ref-was-sed.was-net-q8.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Tue, 05 Jul 2022 15:41:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
content-type: text/css;charset=UTF-8
cache-control: max-age=3600, public, proxy-revalidate
strict-transport-security: max-age=63072000
vary: Accept-Encoding
content-length: 60564
x-xss-protection: 1; mode=block
x-dis-request-id: d1571eeb4b9ae458e94ee042932306cd

GET
H2 200 section.theme.css
www.alarabiya.net/.resources/aa-fe-templating/webresources/dist/ 57 KB
8 KB 170ms
97ms Stylesheet
text/css 69.172.201.191
DOSARREST

General

Check archive.org

Show headers Download Go to

Full URL

https://www.alarabiya.net/.resources/aa-fe-templating/webresources/dist/section.theme.css?random=0301

Requested by

Host: adv-ref-was-sed.was-net-q8.xyz
URL: https://adv-ref-was-sed.was-net-q8.xyz/t3lem/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

69.172.201.191 , Canada, ASN19324 (DOSARREST, US),

Reverse DNS

Software

Resource Hash

bfc1033f8bf0c49087d5bf1cbe0e953d89e598ff3d0a78eb51fd4e2a962d3559

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://adv-ref-was-sed.was-net-q8.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Tue, 05 Jul 2022 15:41:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
content-type: text/css;charset=UTF-8
cache-control: max-age=3600, public, proxy-revalidate
strict-transport-security: max-age=63072000
vary: Accept-Encoding
content-length: 8271
x-xss-protection: 1; mode=block
x-dis-request-id: 31613fc3b44b650bd4384be5992ad191

GET
H2 200 sabq%2Fimport%2Fuploads%2Fmaterial-file%2F5d769f98968e954abe8b45d1%2F5d769f9497f21.jpg
gumlet.assettype.com/ 27 KB
28 KB 87ms
19ms Image
image/webp 2a04:4e42::311
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://gumlet.assettype.com/sabq%2Fimport%2Fuploads%2Fmaterial-file%2F5d769f98968e954abe8b45d1%2F5d769f9497f21.jpg

Requested by

Host: adv-ref-was-sed.was-net-q8.xyz
URL: https://adv-ref-was-sed.was-net-q8.xyz/t3lem/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42::311 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

74e1ad29f2c237e90a6a960052a7251db5fc5468ec9daefcd20a256ddabf7570

Security Headers

Name	Value
Strict-Transport-Security	max-age=31557600

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://adv-ref-was-sed.was-net-q8.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

x-gumlet-pc: MISS
date: Tue, 05 Jul 2022 15:41:44 GMT
via: 1.1 varnish, 1.1 varnish, 1.1 varnish
nel: {"report_to": "gumlet-nel", "max_age": 604800, "success_fraction": 0.01, "response_headers":["content-length"] }
x-gumlet-reqid: 62c113a08f0d826187e4485f
age: 215064
x-gumlet-oc: HIT
x-cache: MISS, HIT, HIT
access-control-max-age: 1728000
x-gumlet-runtime: 0.051
strict-transport-security: max-age=31557600
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 27946
x-served-by: cache-fra19168-FRA, cache-bom4726-BOM, cache-hhn4035-HHN
x-timer: S1657035705.849028,VS0,VE1
etag: b9a145cae1a0aa10
vary: accept
report-to: {"group": "gumlet-nel", "max_age": 604800, "endpoints": [{"url": "https://nel.gumlytics.com/report"}]}
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=8640000, s-maxage=31536000
accept-ranges: bytes
access-control-allow-headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range
x-cache-hits: 0, 1, 1

GET
H3

200

/ Show response
adv-ref-was-sed.was-net-q8.xyz/
Redirect Chain

https://adv-ref-was-sed.was-net-q8.xyz/.resources/aa-fe-templating/webresources/dist/app.bundle.js?random=0301
https://adv-ref-was-sed.was-net-q8.xyz/

23 KB
5 KB

301ms
301ms

Script
text/html

2606:4700:3033::ac43:de87
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://adv-ref-was-sed.was-net-q8.xyz/

Requested by

Host: adv-ref-was-sed.was-net-q8.xyz
URL: https://adv-ref-was-sed.was-net-q8.xyz/t3lem/

Protocol

Server

2606:4700:3033::ac43:de87 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

26a240693f90b125c07f62d5937052f68fab7989cf25414808312c9a1fa4fbad

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://adv-ref-was-sed.was-net-q8.xyz/t3lem/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Tue, 05 Jul 2022 15:41:45 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
link: <https://adv-ref-was-sed.was-net-q8.xyz/wp-json/>; rel="https://api.w.org/"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=M3XAzFaNFzv8Hc1PgGWiktrWu3am9yNl6cSLutMtK3QtwMuBIcJUejmVvF4Cn5MgO5ZoYfz8S%2BY%2BMR%2FFvlbr7I4RoB4EKc2R01%2BqXICUpUE%2ByonOK0QXYybUbUcutC7lzQa3IdlVxNWerRypuAiGLxpl8skw4IB9txrbhto%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/html; charset=UTF-8
strict-transport-security: max-age=0; includeSubDomains; preload
cf-ray: 726134e49b55bbbb-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

Redirect headers

date: Tue, 05 Jul 2022 15:41:45 GMT
x-content-type-options: nosniff
cf-cache-status: EXPIRED
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=0; includeSubDomains; preload
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2bwACDnsdmPInxSbafK9jeweAavn72xwAmDFMpOWLlzr3EfkCIYA7aDZ8F0DKImybldF7kDqc8P46Wgy0lHW%2Bz7HQhfSDv9oVYSUyx2xDhbIwyBF0R2rE%2BPEXFobBrGgIUwu720%2BMWW6QkT0AaGsJJmEihYC70NuRN6s0kk%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/html; charset=UTF-8
location: https://adv-ref-was-sed.was-net-q8.xyz/
vary: Accept-Encoding
cache-control: max-age=14400, must-revalidate
cf-ray: 726134e29f7fbbbb-FRA
link: <https://adv-ref-was-sed.was-net-q8.xyz/wp-json/>; rel="https://api.w.org/"
expires: Wed, 11 Jan 1984 05:00:00 GMT

GET
H3

200

/ Show response
adv-ref-was-sed.was-net-q8.xyz/
Redirect Chain

https://adv-ref-was-sed.was-net-q8.xyz/.resources/aa-fe-templating/webresources/js/js_cleverTapEvnets.js?random=0301
https://adv-ref-was-sed.was-net-q8.xyz/

23 KB
5 KB

348ms
348ms

Script
text/html

2606:4700:3033::ac43:de87
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://adv-ref-was-sed.was-net-q8.xyz/

Requested by

Host: adv-ref-was-sed.was-net-q8.xyz
URL: https://adv-ref-was-sed.was-net-q8.xyz/t3lem/

Protocol

Server

2606:4700:3033::ac43:de87 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

26a240693f90b125c07f62d5937052f68fab7989cf25414808312c9a1fa4fbad

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://adv-ref-was-sed.was-net-q8.xyz/t3lem/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Tue, 05 Jul 2022 15:41:45 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
link: <https://adv-ref-was-sed.was-net-q8.xyz/wp-json/>; rel="https://api.w.org/"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WoBG%2F24mU6H9Nn0YSJmcumPNonORF1wqrQ9iYW9UpynDZgzSZQeAKpK9t3d5owFXZq4MQWK32X4B0pfDn%2B6X%2BNwP2FQRS05e0w%2FkAnk%2Fdqzwuk5tZL1JOxI7KlHsL4iTOLX%2Bg7PE6v5I%2F2%2BDz0Weh3Okeu%2ByS2Bzk9oTVEM%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/html; charset=UTF-8
strict-transport-security: max-age=0; includeSubDomains; preload
cf-ray: 726134e49b59bbbb-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

Redirect headers

date: Tue, 05 Jul 2022 15:41:45 GMT
x-content-type-options: nosniff
cf-cache-status: EXPIRED
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=0; includeSubDomains; preload
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FatYwl6XQ8rMD5jBeBWjH%2B6uGgoKan3e1XsxMTs%2Bxpv6lIF2OqaiGG5i3KQanU%2FMnm%2FO1HN1k5tnPlnqPyGSiZve2svbjYqUjGuDTrI%2FfryqBm2xaigIXR1VloSPFqa4EmKQE1jk48c1x77uXaqiu%2FyLcA%2F%2BOWY9rZRpiLE%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/html; charset=UTF-8
location: https://adv-ref-was-sed.was-net-q8.xyz/
vary: Accept-Encoding
cache-control: max-age=14400, must-revalidate
cf-ray: 726134e2bfb3bbbb-FRA
link: <https://adv-ref-was-sed.was-net-q8.xyz/wp-json/>; rel="https://api.w.org/"
expires: Wed, 11 Jan 1984 05:00:00 GMT

GET
H2 200 addthis_widget.js Show response
s7.addthis.com/js/300/ 353 KB
114 KB 159ms
34ms Script
application/javascript 104.75.88.126
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://s7.addthis.com/js/300/addthis_widget.js

Requested by

Host: adv-ref-was-sed.was-net-q8.xyz
URL: https://adv-ref-was-sed.was-net-q8.xyz/t3lem/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.75.88.126 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-75-88-126.deploy.static.akamaitechnologies.com

Software

nginx/1.15.8 /

Resource Hash

acd2f7ad78edeebad4b6b0fdd17ff57d81c3726c60fd5435ee8c5a0115d29403

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://adv-ref-was-sed.was-net-q8.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

strict-transport-security: max-age=15724800; includeSubDomains
content-encoding: gzip
last-modified: Mon, 26 Oct 2020 18:11:48 GMT
server: nginx/1.15.8
etag: "5f971164-5834c"
vary: Accept-Encoding
x-distribution: 99
content-type: application/javascript
cache-control: public, max-age=600
date: Tue, 05 Jul 2022 15:41:44 GMT
x-host: s7.addthis.com
content-length: 116379

GET
H2 200 js15_as.js Show response
s10.histats.com/ 11 KB
4 KB 112ms
23ms Script
text/javascript 46.105.201.240
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://s10.histats.com/js15_as.js
Requested by: Host: adv-ref-was-sed.was-net-q8.xyz
URL: https://adv-ref-was-sed.was-net-q8.xyz/t3lem/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 46.105.201.240 , France, ASN16276 (OVH, FR),
Reverse DNS
Software: /
Resource Hash: 2defe59e357a7d0683c8283ac42841db404a0884cae2eaecebf4b676e559dede

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://adv-ref-was-sed.was-net-q8.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Tue, 05 Jul 2022 15:33:37 GMT
content-encoding: br
last-modified: Thu, 16 Apr 2020 10:44:16 GMT
x-cdn-pop-ip: 137.74.120.0/27
etag: "-375139978"
x-cacheable: Matched cache
content-type: text/javascript
x-cdn-pop: sbg
accept-ranges: bytes
content-length: 4364
x-request-id: 765264562

GET
H3 200 show_ads_impl_with_ama_fy2019.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202206300101/ 340 KB
120 KB 86ms
45ms Script
text/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202206300101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-5290359410522938&plah=adv-ref-was-sed.was-net-q8.xyz&ama_t=adsense&asntp=100&asntpv=10&asntpl=10&asntpm=10&asntpc=0&asna=5&asnd=5&asnp=5&asns=5&asmat=-1&asptt=-1&easpi=true&asro=false&easai=true

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-5290359410522938

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b87d80258a5482c6c66a9920ef9890080563bfd09c7970cda90c1bdb84953eb8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://adv-ref-was-sed.was-net-q8.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Tue, 05 Jul 2022 15:41:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 122457
x-xss-protection: 0
server: cafe
etag: 7719057809858084419
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Tue, 05 Jul 2022 15:41:44 GMT

GET
H2 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20220629/r20190131/ Frame 2B28 10 KB
5 KB 68ms
20ms Document
text/html 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20220629/r20190131/zrt_lookup.html

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-5290359410522938

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

75a2067c9dff8e58ae83cdb8ee4fe896013966ac4e8f3f1d5e8a75f27c9a1ae2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://adv-ref-was-sed.was-net-q8.xyz/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 85154
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=1209600
content-encoding: gzip
content-length: 4414
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 04 Jul 2022 16:02:30 GMT
etag: 10429905676100781186
expires: Mon, 18 Jul 2022 16:02:30 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 css
fonts.googleapis.com/ 6 KB
1 KB 77ms
28ms Stylesheet
text/css 2a00:1450:4001:82f::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto:400,500,700&display=swap

Requested by

Host: www.alarabiya.net
URL: https://www.alarabiya.net/.resources/aa-fe-templating/webresources/dist/app.css?random=0301

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

55d2ab860a7100b201e762c2046bc65a5d16236a0263dee3e95c711be581b345

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.alarabiya.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Tue, 05 Jul 2022 13:56:57 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Tue, 05 Jul 2022 15:41:44 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Tue, 05 Jul 2022 15:41:44 GMT

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 216 KB
69 KB 74ms
27ms Script
application/javascript 2a00:1450:4001:827::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-W8PZ4D&l=adStat

Requested by

Host: adv-ref-was-sed.was-net-q8.xyz
URL: https://adv-ref-was-sed.was-net-q8.xyz/t3lem/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

250c4201a5fcd1386b944d06733cbf0ac601af55734b5303bb9c17ec1294f305

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://adv-ref-was-sed.was-net-q8.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Tue, 05 Jul 2022 15:41:44 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 69768
x-xss-protection: 0
last-modified: Tue, 05 Jul 2022 15:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Tue, 05 Jul 2022 15:41:44 GMT

GET
H2 200 chartbeat_video.js Show response
static.chartbeat.com/js/ 70 KB
24 KB 103ms
24ms Script
application/x-javascript 2600:9000:2057:6e00:18:1fcd:351:7bc1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.chartbeat.com/js/chartbeat_video.js
Requested by: Host: adv-ref-was-sed.was-net-q8.xyz
URL: https://adv-ref-was-sed.was-net-q8.xyz/t3lem/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2057:6e00:18:1fcd:351:7bc1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: f270f24bc218342b7704aa359f208608552a3bcdddecb3d2acad634d93dbd46a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://adv-ref-was-sed.was-net-q8.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Tue, 05 Jul 2022 15:31:32 GMT
content-encoding: gzip
last-modified: Fri, 24 Jun 2022 01:29:17 GMT
server: nginx
age: 611
etag: W/"62b5136d-116df"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/x-javascript
via: 1.1 c275031486c6f7b744b8d30847e98b14.cloudfront.net (CloudFront)
cache-control: max-age=7200
cross-origin-resource-policy: cross-origin
x-amz-cf-pop: FRA6-C1
x-amz-cf-id: bbPvjdT0XXZjpV5yK4mV-ITL9Fwnm-Yjf7mYLCgcMoMd6_rooTqRmA==
expires: Tue, 05 Jul 2022 17:31:32 GMT

GET
H2 200 icon-language.svg
www.alarabiya.net/.resources/aa-fe-templating/webresources/dist/assets/icons/ 25 KB
25 KB 33ms
33ms Image
image/svg+xml 69.172.201.191
DOSARREST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.alarabiya.net/.resources/aa-fe-templating/webresources/dist/assets/icons/icon-language.svg

Requested by

Host: www.alarabiya.net
URL: https://www.alarabiya.net/.resources/aa-fe-templating/webresources/dist/master.theme.css?random=0301

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

69.172.201.191 , Canada, ASN19324 (DOSARREST, US),

Reverse DNS

Software

Resource Hash

21cde34053d13b6f5c6ef7c04fb616c7df953591f475428584f55d2ee7ab8547

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.alarabiya.net/.resources/aa-fe-templating/webresources/dist/master.theme.css?random=0301
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Tue, 05 Jul 2022 15:41:44 GMT
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
content-type: image/svg+xml;charset=UTF-8
cache-control: max-age=3600, public, proxy-revalidate
strict-transport-security: max-age=63072000
content-length: 25265
x-xss-protection: 1; mode=block
x-dis-request-id: 0e06a6bcd34ab11333d69d4cb5a3e55e

GET
H2 200 icon-chevron-down.svg
www.alarabiya.net/.resources/aa-fe-templating/webresources/dist/assets/icons/ 387 B
651 B 34ms
33ms Image
image/svg+xml 69.172.201.191
DOSARREST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.alarabiya.net/.resources/aa-fe-templating/webresources/dist/assets/icons/icon-chevron-down.svg

Requested by

Host: www.alarabiya.net
URL: https://www.alarabiya.net/.resources/aa-fe-templating/webresources/dist/master.theme.css?random=0301

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

69.172.201.191 , Canada, ASN19324 (DOSARREST, US),

Reverse DNS

Software

Resource Hash

4e49c0db8fe5c52ddc31a2df0bb613c7cbe3c69a564f74cbffc7dda78d122ec4

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.alarabiya.net/.resources/aa-fe-templating/webresources/dist/master.theme.css?random=0301
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Tue, 05 Jul 2022 15:41:44 GMT
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
content-type: image/svg+xml;charset=UTF-8
cache-control: max-age=3600, public, proxy-revalidate
strict-transport-security: max-age=63072000
content-length: 387
x-xss-protection: 1; mode=block
x-dis-request-id: d6324d6da6811a84495db85efc063e8b

GET
H2 200 logo@2x.png
www.alarabiya.net/.resources/aa-fe-templating/webresources/dist/assets/gfx/logo/ 8 KB
8 KB 34ms
34ms Image
image/png 69.172.201.191
DOSARREST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.alarabiya.net/.resources/aa-fe-templating/webresources/dist/assets/gfx/logo/logo@2x.png

Requested by

Host: www.alarabiya.net
URL: https://www.alarabiya.net/.resources/aa-fe-templating/webresources/dist/structure.css?random=0301

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

69.172.201.191 , Canada, ASN19324 (DOSARREST, US),

Reverse DNS

Software

Resource Hash

500262eae1ee1af01a018fc6ba8d47d9b7f00146668ec4a4d624ce2e112a8f01

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.alarabiya.net/.resources/aa-fe-templating/webresources/dist/structure.css?random=0301
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Tue, 05 Jul 2022 15:41:44 GMT
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
content-type: image/png;charset=UTF-8
cache-control: max-age=3600, public, proxy-revalidate
strict-transport-security: max-age=63072000
content-length: 8217
x-xss-protection: 1; mode=block
x-dis-request-id: b877168790c3aa3e33bcde6dc29c8579

GET
H2 200 icon-search-arabic.svg
www.alarabiya.net/.resources/aa-fe-templating/webresources/dist/assets/icons/ 435 B
699 B 34ms
34ms Image
image/svg+xml 69.172.201.191
DOSARREST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.alarabiya.net/.resources/aa-fe-templating/webresources/dist/assets/icons/icon-search-arabic.svg

Requested by

Host: www.alarabiya.net
URL: https://www.alarabiya.net/.resources/aa-fe-templating/webresources/dist/master.theme.css?random=0301

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

69.172.201.191 , Canada, ASN19324 (DOSARREST, US),

Reverse DNS

Software

Resource Hash

2c14b2615cb95d0eb73503fee2d91f4ec21926e28b9ba71898179020e9bb69dc

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.alarabiya.net/.resources/aa-fe-templating/webresources/dist/master.theme.css?random=0301
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Tue, 05 Jul 2022 15:41:44 GMT
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
content-type: image/svg+xml;charset=UTF-8
cache-control: max-age=3600, public, proxy-revalidate
strict-transport-security: max-age=63072000
content-length: 435
x-xss-protection: 1; mode=block
x-dis-request-id: 1ed6dffd9225b6a835c0805be6c9ea25

GET
H2 200 icon-day-mode.svg
www.alarabiya.net/.resources/aa-fe-templating/webresources/dist/assets/icons/ 1 KB
2 KB 34ms
34ms Image
image/svg+xml 69.172.201.191
DOSARREST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.alarabiya.net/.resources/aa-fe-templating/webresources/dist/assets/icons/icon-day-mode.svg

Requested by

Host: www.alarabiya.net
URL: https://www.alarabiya.net/.resources/aa-fe-templating/webresources/dist/master.theme.css?random=0301

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

69.172.201.191 , Canada, ASN19324 (DOSARREST, US),

Reverse DNS

Software

Resource Hash

32bd9710b41bc7d8e44a972f53113dfcd580bb252d4eea5c8649cfc717db6b0f

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.alarabiya.net/.resources/aa-fe-templating/webresources/dist/master.theme.css?random=0301
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Tue, 05 Jul 2022 15:41:44 GMT
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
content-type: image/svg+xml;charset=UTF-8
cache-control: max-age=3600, public, proxy-revalidate
strict-transport-security: max-age=63072000
content-length: 1397
x-xss-protection: 1; mode=block
x-dis-request-id: 35805cd85fbebc547ba4d28eba4cf1c3

GET
H2 200 icon-night-mode.svg
www.alarabiya.net/.resources/aa-fe-templating/webresources/dist/assets/icons/ 530 B
794 B 58ms
58ms Image
image/svg+xml 69.172.201.191
DOSARREST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.alarabiya.net/.resources/aa-fe-templating/webresources/dist/assets/icons/icon-night-mode.svg

Requested by

Host: www.alarabiya.net
URL: https://www.alarabiya.net/.resources/aa-fe-templating/webresources/dist/master.theme.css?random=0301

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

69.172.201.191 , Canada, ASN19324 (DOSARREST, US),

Reverse DNS

Software

Resource Hash

d0fc97aadf3487ba739c96f3959bc6215760eedab71882aaf775f052be0c45ab

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.alarabiya.net/.resources/aa-fe-templating/webresources/dist/master.theme.css?random=0301
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Tue, 05 Jul 2022 15:41:44 GMT
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
content-type: image/svg+xml;charset=UTF-8
cache-control: max-age=3600, public, proxy-revalidate
strict-transport-security: max-age=63072000
content-length: 530
x-xss-protection: 1; mode=block
x-dis-request-id: c383e6c719945730309e3779a4a9826d

GET
H2 200 icon-live.svg
www.alarabiya.net/.resources/aa-fe-templating/webresources/dist/assets/icons/ 490 B
753 B 58ms
57ms Image
image/svg+xml 69.172.201.191
DOSARREST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.alarabiya.net/.resources/aa-fe-templating/webresources/dist/assets/icons/icon-live.svg

Requested by

Host: www.alarabiya.net
URL: https://www.alarabiya.net/.resources/aa-fe-templating/webresources/dist/master.theme.css?random=0301

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

69.172.201.191 , Canada, ASN19324 (DOSARREST, US),

Reverse DNS

Software

Resource Hash

d539a6bdc5528f1d3b0f0cdbbd3d19db0a3d6c94416ab7b7e9bd575575adb574

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.alarabiya.net/.resources/aa-fe-templating/webresources/dist/master.theme.css?random=0301
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Tue, 05 Jul 2022 15:41:44 GMT
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
content-type: image/svg+xml;charset=UTF-8
cache-control: max-age=3600, public, proxy-revalidate
strict-transport-security: max-age=63072000
content-length: 490
x-xss-protection: 1; mode=block
x-dis-request-id: 66ec44802f932cb87a8e2a15d2b4c11e

GET alarabiyaBoutros2020-Bold.woff2
www.alarabiya.net/.resources/aa-fe-templating/webresources/dist/assets/fonts/ 0
0

GET alarabiyaBoutros2020-Regular.woff2
www.alarabiya.net/.resources/aa-fe-templating/webresources/dist/assets/fonts/ 0
0

GET alarabiyaBoutros2020-Light.woff2
www.alarabiya.net/.resources/aa-fe-templating/webresources/dist/assets/fonts/ 0
0

GET NotoNaskhArabic-Bold.woff2
www.alarabiya.net/.resources/aa-fe-templating/webresources/dist/assets/fonts/ 0
0

GET
H2 200 icon-facebook-rgb.svg
www.alarabiya.net/.resources/aa-fe-templating/webresources/dist/assets/icons/ 818 B
1 KB 34ms
33ms Image
image/svg+xml 69.172.201.191
DOSARREST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.alarabiya.net/.resources/aa-fe-templating/webresources/dist/assets/icons/icon-facebook-rgb.svg

Requested by

Host: www.alarabiya.net
URL: https://www.alarabiya.net/.resources/aa-fe-templating/webresources/dist/master.theme.css?random=0301

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

69.172.201.191 , Canada, ASN19324 (DOSARREST, US),

Reverse DNS

Software

Resource Hash

fcb871bfa7ae1daf23bcfb549938bff3ef1075a96e63d2a15397614a6691d3f1

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.alarabiya.net/.resources/aa-fe-templating/webresources/dist/master.theme.css?random=0301
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Tue, 05 Jul 2022 15:41:44 GMT
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
content-type: image/svg+xml;charset=UTF-8
cache-control: max-age=3600, public, proxy-revalidate
strict-transport-security: max-age=63072000
content-length: 818
x-xss-protection: 1; mode=block
x-dis-request-id: 5486e2b5105a5f38c252c3068058f66c

GET
H2 200 icon-twitter-rgb.svg
www.alarabiya.net/.resources/aa-fe-templating/webresources/dist/assets/icons/ 1 KB
2 KB 39ms
38ms Image
image/svg+xml 69.172.201.191
DOSARREST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.alarabiya.net/.resources/aa-fe-templating/webresources/dist/assets/icons/icon-twitter-rgb.svg

Requested by

Host: www.alarabiya.net
URL: https://www.alarabiya.net/.resources/aa-fe-templating/webresources/dist/master.theme.css?random=0301

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

69.172.201.191 , Canada, ASN19324 (DOSARREST, US),

Reverse DNS

Software

Resource Hash

9c7a6a0a10501df413e51ac24dfb427b3e6c04bb36c3a366f7b8cd4a73663bb3

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.alarabiya.net/.resources/aa-fe-templating/webresources/dist/master.theme.css?random=0301
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Tue, 05 Jul 2022 15:41:44 GMT
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
content-type: image/svg+xml;charset=UTF-8
cache-control: max-age=3600, public, proxy-revalidate
strict-transport-security: max-age=63072000
content-length: 1450
x-xss-protection: 1; mode=block
x-dis-request-id: 65f875ff0b050ce3bd56c2f0a211cde0

GET
H2 200 icon-telegram-rgb.svg
www.alarabiya.net/.resources/aa-fe-templating/webresources/dist/assets/icons/ 879 B
1 KB 39ms
38ms Image
image/svg+xml 69.172.201.191
DOSARREST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.alarabiya.net/.resources/aa-fe-templating/webresources/dist/assets/icons/icon-telegram-rgb.svg

Requested by

Host: www.alarabiya.net
URL: https://www.alarabiya.net/.resources/aa-fe-templating/webresources/dist/master.theme.css?random=0301

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

69.172.201.191 , Canada, ASN19324 (DOSARREST, US),

Reverse DNS

Software

Resource Hash

27acb3b4f9ccc152e5fc95d294e23559f1a7d5994971e4ece6c2d1cbc44acb84

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.alarabiya.net/.resources/aa-fe-templating/webresources/dist/master.theme.css?random=0301
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Tue, 05 Jul 2022 15:41:44 GMT
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
content-type: image/svg+xml;charset=UTF-8
cache-control: max-age=3600, public, proxy-revalidate
strict-transport-security: max-age=63072000
content-length: 879
x-xss-protection: 1; mode=block
x-dis-request-id: 7119c6a5046ee2a460a8bbcbac9ad878

GET
H2 200 icon-whatsapp-rgb.svg
www.alarabiya.net/.resources/aa-fe-templating/webresources/dist/assets/icons/ 1 KB
1 KB 39ms
38ms Image
image/svg+xml 69.172.201.191
DOSARREST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.alarabiya.net/.resources/aa-fe-templating/webresources/dist/assets/icons/icon-whatsapp-rgb.svg

Requested by

Host: www.alarabiya.net
URL: https://www.alarabiya.net/.resources/aa-fe-templating/webresources/dist/master.theme.css?random=0301

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

69.172.201.191 , Canada, ASN19324 (DOSARREST, US),

Reverse DNS

Software

Resource Hash

b23ffd4ae2cd04bc4d22d0b99275fa7c5d663f3637580e0799b745070934250c

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.alarabiya.net/.resources/aa-fe-templating/webresources/dist/master.theme.css?random=0301
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Tue, 05 Jul 2022 15:41:44 GMT
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
content-type: image/svg+xml;charset=UTF-8
cache-control: max-age=3600, public, proxy-revalidate
strict-transport-security: max-age=63072000
content-length: 1252
x-xss-protection: 1; mode=block
x-dis-request-id: bf75e9afbd3a0a88e2ac05a5d21a8e3c

GET
H2 200 icon-timeline.svg
www.alarabiya.net/.resources/aa-fe-templating/webresources/dist/assets/icons/ 2 KB
2 KB 69ms
69ms Image
image/svg+xml 69.172.201.191
DOSARREST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.alarabiya.net/.resources/aa-fe-templating/webresources/dist/assets/icons/icon-timeline.svg

Requested by

Host: www.alarabiya.net
URL: https://www.alarabiya.net/.resources/aa-fe-templating/webresources/dist/master.theme.css?random=0301

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

69.172.201.191 , Canada, ASN19324 (DOSARREST, US),

Reverse DNS

Software

Resource Hash

0c04397947420d22fe0dcad2ebdce7bc1a5e60420ff4b9a6a1d50791782c1eb0

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.alarabiya.net/.resources/aa-fe-templating/webresources/dist/master.theme.css?random=0301
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Tue, 05 Jul 2022 15:41:44 GMT
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
content-type: image/svg+xml;charset=UTF-8
cache-control: max-age=3600, public, proxy-revalidate
strict-transport-security: max-age=63072000
content-length: 1670
x-xss-protection: 1; mode=block
x-dis-request-id: f027bab5406f47b6c1dfe9dbed976343

GET
H2 200 icon-fact-checked.svg
www.alarabiya.net/.resources/aa-fe-templating/webresources/dist/assets/icons/ 819 B
1 KB 52ms
51ms Image
image/svg+xml 69.172.201.191
DOSARREST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.alarabiya.net/.resources/aa-fe-templating/webresources/dist/assets/icons/icon-fact-checked.svg

Requested by

Host: www.alarabiya.net
URL: https://www.alarabiya.net/.resources/aa-fe-templating/webresources/dist/master.theme.css?random=0301

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

69.172.201.191 , Canada, ASN19324 (DOSARREST, US),

Reverse DNS

Software

Resource Hash

c8d813beffa369489dfef50cae363dac8dbf6f0d8d878c294d6c49e1872b0b6e

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.alarabiya.net/.resources/aa-fe-templating/webresources/dist/master.theme.css?random=0301
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Tue, 05 Jul 2022 15:41:44 GMT
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
content-type: image/svg+xml;charset=UTF-8
cache-control: max-age=3600, public, proxy-revalidate
strict-transport-security: max-age=63072000
content-length: 819
x-xss-protection: 1; mode=block
x-dis-request-id: 9d28b132f6538552a85e550696c50eb6

GET
H2 200 icon-back-to-top.svg
www.alarabiya.net/.resources/aa-fe-templating/webresources/dist/assets/icons/ 432 B
696 B 34ms
34ms Image
image/svg+xml 69.172.201.191
DOSARREST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.alarabiya.net/.resources/aa-fe-templating/webresources/dist/assets/icons/icon-back-to-top.svg

Requested by

Host: www.alarabiya.net
URL: https://www.alarabiya.net/.resources/aa-fe-templating/webresources/dist/master.theme.css?random=0301

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

69.172.201.191 , Canada, ASN19324 (DOSARREST, US),

Reverse DNS

Software

Resource Hash

36e06456164f050983b6142187b44701695b68b4ae367879f14f61a25bdf8815

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.alarabiya.net/.resources/aa-fe-templating/webresources/dist/master.theme.css?random=0301
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Tue, 05 Jul 2022 15:41:44 GMT
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
content-type: image/svg+xml;charset=UTF-8
cache-control: max-age=3600, public, proxy-revalidate
strict-transport-security: max-age=63072000
content-length: 432
x-xss-protection: 1; mode=block
x-dis-request-id: 249ce57db7ca3290fd520d26dab4dc35

GET
H2 200 icon-social-media-facebook-circle-colored.svg
www.alarabiya.net/.resources/aa-fe-templating/webresources/dist/assets/icons/ 647 B
911 B 34ms
33ms Image
image/svg+xml 69.172.201.191
DOSARREST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.alarabiya.net/.resources/aa-fe-templating/webresources/dist/assets/icons/icon-social-media-facebook-circle-colored.svg

Requested by

Host: www.alarabiya.net
URL: https://www.alarabiya.net/.resources/aa-fe-templating/webresources/dist/master.theme.css?random=0301

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

69.172.201.191 , Canada, ASN19324 (DOSARREST, US),

Reverse DNS

Software

Resource Hash

1402b2ee3d5436f4ff51e549f12349a605fbe38e481b07543715301e5dddaf99

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.alarabiya.net/.resources/aa-fe-templating/webresources/dist/master.theme.css?random=0301
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Tue, 05 Jul 2022 15:41:44 GMT
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
content-type: image/svg+xml;charset=UTF-8
cache-control: max-age=3600, public, proxy-revalidate
strict-transport-security: max-age=63072000
content-length: 647
x-xss-protection: 1; mode=block
x-dis-request-id: 3a0b6646355faac8ce4b4e18b10a7d4f

GET
H2 200 icon-social-media-twitter-circle-colored.svg
www.alarabiya.net/.resources/aa-fe-templating/webresources/dist/assets/icons/ 2 KB
2 KB 34ms
33ms Image
image/svg+xml 69.172.201.191
DOSARREST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.alarabiya.net/.resources/aa-fe-templating/webresources/dist/assets/icons/icon-social-media-twitter-circle-colored.svg

Requested by

Host: www.alarabiya.net
URL: https://www.alarabiya.net/.resources/aa-fe-templating/webresources/dist/master.theme.css?random=0301

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

69.172.201.191 , Canada, ASN19324 (DOSARREST, US),

Reverse DNS

Software

Resource Hash

7a3fb5742c3e8f815eea6249b75c8beb430bb6d817e3b6d325a9a0563c79cc47

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.alarabiya.net/.resources/aa-fe-templating/webresources/dist/master.theme.css?random=0301
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Tue, 05 Jul 2022 15:41:44 GMT
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
content-type: image/svg+xml;charset=UTF-8
cache-control: max-age=3600, public, proxy-revalidate
strict-transport-security: max-age=63072000
content-length: 1870
x-xss-protection: 1; mode=block
x-dis-request-id: 15108f8e59de4ba3cf13389fa3c185e3

GET
H2 200 icon-social-media-instagram-circle-colored.svg
www.alarabiya.net/.resources/aa-fe-templating/webresources/dist/assets/icons/ 3 KB
3 KB 34ms
34ms Image
image/svg+xml 69.172.201.191
DOSARREST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.alarabiya.net/.resources/aa-fe-templating/webresources/dist/assets/icons/icon-social-media-instagram-circle-colored.svg

Requested by

Host: www.alarabiya.net
URL: https://www.alarabiya.net/.resources/aa-fe-templating/webresources/dist/master.theme.css?random=0301

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

69.172.201.191 , Canada, ASN19324 (DOSARREST, US),

Reverse DNS

Software

Resource Hash

48d805dda34129b9b567b6bf0731013efe43a58474040d61cf21765222a914a0

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.alarabiya.net/.resources/aa-fe-templating/webresources/dist/master.theme.css?random=0301
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Tue, 05 Jul 2022 15:41:44 GMT
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
content-type: image/svg+xml;charset=UTF-8
cache-control: max-age=3600, public, proxy-revalidate
strict-transport-security: max-age=63072000
content-length: 2726
x-xss-protection: 1; mode=block
x-dis-request-id: 1181888fe268334f034d7988db29f839

GET
H2 200 icon-social-media-snapchat-circle-colored.svg
www.alarabiya.net/.resources/aa-fe-templating/webresources/dist/assets/icons/ 1 KB
1 KB 35ms
34ms Image
image/svg+xml 69.172.201.191
DOSARREST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.alarabiya.net/.resources/aa-fe-templating/webresources/dist/assets/icons/icon-social-media-snapchat-circle-colored.svg

Requested by

Host: www.alarabiya.net
URL: https://www.alarabiya.net/.resources/aa-fe-templating/webresources/dist/master.theme.css?random=0301

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

69.172.201.191 , Canada, ASN19324 (DOSARREST, US),

Reverse DNS

Software

Resource Hash

a43583612446704c57a1eceb171645daa59139ed98fa1f4f0a8e7b6cd00ba3d8

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.alarabiya.net/.resources/aa-fe-templating/webresources/dist/master.theme.css?random=0301
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Tue, 05 Jul 2022 15:41:44 GMT
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
content-type: image/svg+xml;charset=UTF-8
cache-control: max-age=3600, public, proxy-revalidate
strict-transport-security: max-age=63072000
content-length: 1247
x-xss-protection: 1; mode=block
x-dis-request-id: 047dae6a55b103b4731a6de8c0543e12

GET
H2 200 icon-social-media-youtube-circle-colored.svg
www.alarabiya.net/.resources/aa-fe-templating/webresources/dist/assets/icons/ 2 KB
2 KB 35ms
34ms Image
image/svg+xml 69.172.201.191
DOSARREST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.alarabiya.net/.resources/aa-fe-templating/webresources/dist/assets/icons/icon-social-media-youtube-circle-colored.svg

Requested by

Host: www.alarabiya.net
URL: https://www.alarabiya.net/.resources/aa-fe-templating/webresources/dist/master.theme.css?random=0301

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

69.172.201.191 , Canada, ASN19324 (DOSARREST, US),

Reverse DNS

Software

Resource Hash

b1adc3031f6dd145bb9474f9d9a63d478afaa0d5157eb5b294a84860c80c9653

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.alarabiya.net/.resources/aa-fe-templating/webresources/dist/master.theme.css?random=0301
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Tue, 05 Jul 2022 15:41:44 GMT
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
content-type: image/svg+xml;charset=UTF-8
cache-control: max-age=3600, public, proxy-revalidate
strict-transport-security: max-age=63072000
content-length: 2256
x-xss-protection: 1; mode=block
x-dis-request-id: 59d5a646683f8f7158b932fef59c23bc

GET
H2 200 icon-social-media-telegram-circle-colored.svg
www.alarabiya.net/.resources/aa-fe-templating/webresources/dist/assets/icons/ 1 KB
2 KB 35ms
35ms Image
image/svg+xml 69.172.201.191
DOSARREST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.alarabiya.net/.resources/aa-fe-templating/webresources/dist/assets/icons/icon-social-media-telegram-circle-colored.svg

Requested by

Host: www.alarabiya.net
URL: https://www.alarabiya.net/.resources/aa-fe-templating/webresources/dist/master.theme.css?random=0301

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

69.172.201.191 , Canada, ASN19324 (DOSARREST, US),

Reverse DNS

Software

Resource Hash

038add02be415e7db8c2c0e144be234baa6713c3b50812d45545ec3b06dc78ec

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.alarabiya.net/.resources/aa-fe-templating/webresources/dist/master.theme.css?random=0301
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Tue, 05 Jul 2022 15:41:44 GMT
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
content-type: image/svg+xml;charset=UTF-8
cache-control: max-age=3600, public, proxy-revalidate
strict-transport-security: max-age=63072000
content-length: 1352
x-xss-protection: 1; mode=block
x-dis-request-id: b587eccb4ed09feae85b08568ae67cc9

GET
H2 200 icon-social-media-linkedin-circle-colored.svg
www.alarabiya.net/.resources/aa-fe-templating/webresources/dist/assets/icons/ 1 KB
2 KB 36ms
35ms Image
image/svg+xml 69.172.201.191
DOSARREST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.alarabiya.net/.resources/aa-fe-templating/webresources/dist/assets/icons/icon-social-media-linkedin-circle-colored.svg

Requested by

Host: www.alarabiya.net
URL: https://www.alarabiya.net/.resources/aa-fe-templating/webresources/dist/master.theme.css?random=0301

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

69.172.201.191 , Canada, ASN19324 (DOSARREST, US),

Reverse DNS

Software

Resource Hash

fa83ea26221705fbfcb3c4bcda2a339ba1e2491cca346ba7f190b55977bc1117

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.alarabiya.net/.resources/aa-fe-templating/webresources/dist/master.theme.css?random=0301
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Tue, 05 Jul 2022 15:41:44 GMT
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
content-type: image/svg+xml;charset=UTF-8
cache-control: max-age=3600, public, proxy-revalidate
strict-transport-security: max-age=63072000
content-length: 1409
x-xss-protection: 1; mode=block
x-dis-request-id: 468f6969bba44de42e986befa6113bee

GET
H2 200 icon-chevron-left.svg
www.alarabiya.net/.resources/aa-fe-templating/webresources/dist/assets/icons/ 384 B
648 B 35ms
34ms Image
image/svg+xml 69.172.201.191
DOSARREST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.alarabiya.net/.resources/aa-fe-templating/webresources/dist/assets/icons/icon-chevron-left.svg

Requested by

Host: www.alarabiya.net
URL: https://www.alarabiya.net/.resources/aa-fe-templating/webresources/dist/master.theme.css?random=0301

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

69.172.201.191 , Canada, ASN19324 (DOSARREST, US),

Reverse DNS

Software

Resource Hash

b67c845954161526f642c7cf8fbfd08b1be75abfeca6a0d8a65a3ccd38569ec9

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.alarabiya.net/.resources/aa-fe-templating/webresources/dist/master.theme.css?random=0301
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Tue, 05 Jul 2022 15:41:44 GMT
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
content-type: image/svg+xml;charset=UTF-8
cache-control: max-age=3600, public, proxy-revalidate
strict-transport-security: max-age=63072000
content-length: 384
x-xss-protection: 1; mode=block
x-dis-request-id: 1b999139aabe65292726afe46049f584

GET
H2 200 icon-close.svg
www.alarabiya.net/.resources/aa-fe-templating/webresources/dist/assets/icons/ 466 B
730 B 64ms
63ms Image
image/svg+xml 69.172.201.191
DOSARREST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.alarabiya.net/.resources/aa-fe-templating/webresources/dist/assets/icons/icon-close.svg

Requested by

Host: www.alarabiya.net
URL: https://www.alarabiya.net/.resources/aa-fe-templating/webresources/dist/master.theme.css?random=0301

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

69.172.201.191 , Canada, ASN19324 (DOSARREST, US),

Reverse DNS

Software

Resource Hash

5950947750a59002e17c2ea0a79c2f53835b170957f64d01a62d1a3aec9ce771

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.alarabiya.net/.resources/aa-fe-templating/webresources/dist/master.theme.css?random=0301
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Tue, 05 Jul 2022 15:41:44 GMT
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
content-type: image/svg+xml;charset=UTF-8
cache-control: max-age=3600, public, proxy-revalidate
strict-transport-security: max-age=63072000
content-length: 466
x-xss-protection: 1; mode=block
x-dis-request-id: 1603fc3e3af7d9abb5f0a5c56c807e26

GET alarabiyaBoutros2020-Bold.woff
www.alarabiya.net/.resources/aa-fe-templating/webresources/dist/assets/fonts/ 0
0

GET
H/1.1 200
OK 0.php Show response
s4.histats.com/stats/ 51 B
185 B 396ms
112ms Script
text/html 158.69.251.190
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://s4.histats.com/stats/0.php?4658427&@f16&@g1&@h1&@i1&@j1657035704903&@k0&@l1&@m%D8%B1%D8%B3%D9%85%D9%8A%D9%8B%D8%A7..%20%D9%88%D8%B2%D8%A7%D8%B1%D8%A9%20%D8%A7%D9%84%D8%AA%D8%B9%D9%84%D9%8A%D9%85%20%D8%AA%D8%B9%D9%84%D9%86%20%D8%A5%D9%84%D8%BA%D8%A7%D8%A1%20%D8%A7%D8%AE%D8%AA%D8%A8%D8%A7%D8%B1%20%D8%A7%D9%84%D9%82%D8%AF%D8%B1%D8%A7%D8%AA%20%D9%82%D9%8A%D8%A7%D8%B3&@n0&@o1000&@q0&@r0&@s0&@ten-US&@u1600&@b1:21256569&@b3:1657035705&@b4:js15_as.js&@b5:0&@a-_0.2.1&@vhttps%3A%2F%2Fadv-ref-was-sed.was-net-q8.xyz%2Ft3lem%2F%23.YsHYLi4Fopw.whatsapp&@w
Requested by: Host: s10.histats.com
URL: https://s10.histats.com/js15_as.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 158.69.251.190 Montreal, Canada, ASN16276 (OVH, FR),
Reverse DNS: ns546644.ip-158-69-251.net
Software: /
Resource Hash: eb3b1e539d74c7f394611ba0709676bb66c1c69715cdee3774a971f326c9a194

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://adv-ref-was-sed.was-net-q8.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

Date: Tue, 05 Jul 2022 15:41:45 GMT
Connection: close
Content-Length: 51
Content-Type: text/html;charset=UTF-8

GET
H2 200 cookie.js Show response
partner.googleadservices.com/gampad/ 218 B
648 B 73ms
27ms Script
text/javascript 142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://partner.googleadservices.com/gampad/cookie.js?domain=adv-ref-was-sed.was-net-q8.xyz&callback=_gfp_s_&client=ca-pub-5290359410522938

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202206300101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-5290359410522938&plah=adv-ref-was-sed.was-net-q8.xyz&ama_t=adsense&asntp=100&asntpv=10&asntpl=10&asntpm=10&asntpc=0&asna=5&asnd=5&asnp=5&asns=5&asmat=-1&asptt=-1&easpi=true&asro=false&easai=true

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

cafe /

Resource Hash

d339b60c6425d169916dbce3d813e090ac2cb3cd77b7c548cdf71b50b40b6e16

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://adv-ref-was-sed.was-net-q8.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Tue, 05 Jul 2022 15:41:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: text/javascript; charset=UTF-8
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 204
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
792 B 76ms
29ms Script
application/javascript 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=adv-ref-was-sed.was-net-q8.xyz

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://adv-ref-was-sed.was-net-q8.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 05 Jul 2022 15:41:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
549 B 78ms
29ms Script
application/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=adv-ref-was-sed.was-net-q8.xyz

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://adv-ref-was-sed.was-net-q8.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 05 Jul 2022 15:41:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 0F2C 173 KB
47 KB 318ms
276ms Document
text/html 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5290359410522938&output=html&adk=1812271804&adf=3025194257&lmt=1657035704&plat=9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32&format=0x0&url=https%3A%2F%2Fadv-ref-was-sed.was-net-q8.xyz%2Ft3lem%2F%23.YsHYLi4Fopw.whatsapp&ea=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1657035704612&bpp=161&bdt=150&idt=309&shv=r20220629&mjsv=m202206300101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=7569773864212&frm=20&pv=2&ga_vid=2068434089.1657035705&ga_sid=1657035705&ga_hid=1990264797&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C44766559%2C31068195%2C31068227&oid=2&pvsid=3494507679520155&tmod=1946640962&uas=0&nvt=1&eae=2&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=1&uci=a!1&fsb=1&dtd=324

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0b8dfcc37828fa7e54be68db3e4b417e3f63416e4753cd7ed81f8cf8cb5a1b0e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://adv-ref-was-sed.was-net-q8.xyz/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-encoding: br
content-length: 47748
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 05 Jul 2022 15:41:45 GMT
expires: Tue, 05 Jul 2022 15:41:45 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame CE4E 90 KB
31 KB 489ms
456ms Document
text/html 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5290359410522938&output=html&h=280&slotname=7165497559&adk=3290198356&adf=4054720894&pi=t.ma~as.7165497559&w=1200&fwrn=4&fwrnh=100&lmt=1657035704&rafmt=1&psa=0&format=1200x280&url=https%3A%2F%2Fadv-ref-was-sed.was-net-q8.xyz%2Ft3lem%2F%23.YsHYLi4Fopw.whatsapp&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1657035704793&bpp=8&bdt=331&idt=149&shv=r20220629&mjsv=m202206300101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=7569773864212&frm=20&pv=1&ga_vid=2068434089.1657035705&ga_sid=1657035705&ga_hid=1990264797&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=400&ady=216&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C44766559%2C31068195%2C31068227&oid=2&pvsid=3494507679520155&tmod=1946640962&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=aeOCsfZDHd&p=https%3A//adv-ref-was-sed.was-net-q8.xyz&dtd=154

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ee329ecb873757fb6150629a7fd6a9136f8900638111cad54fca9465d61173d7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://adv-ref-was-sed.was-net-q8.xyz/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-encoding: br
content-length: 31859
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 05 Jul 2022 15:41:45 GMT
expires: Tue, 05 Jul 2022 15:41:45 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET alarabiyaBoutros2020-Regular.woff
www.alarabiya.net/.resources/aa-fe-templating/webresources/dist/assets/fonts/ 0
0

GET NotoNaskhArabic-Bold.woff
www.alarabiya.net/.resources/aa-fe-templating/webresources/dist/assets/fonts/ 0
0

GET alarabiyaBoutros2020-Light.woff
www.alarabiya.net/.resources/aa-fe-templating/webresources/dist/assets/fonts/ 0
0

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame C67E 88 KB
30 KB 530ms
506ms Document
text/html 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5290359410522938&output=html&h=280&slotname=3018039299&adk=872464073&adf=2755099660&pi=t.ma~as.3018039299&w=706&fwrn=4&fwrnh=100&lmt=1657035704&rafmt=1&psa=0&format=706x280&url=https%3A%2F%2Fadv-ref-was-sed.was-net-q8.xyz%2Ft3lem%2F%23.YsHYLi4Fopw.whatsapp&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1657035704801&bpp=14&bdt=339&idt=151&shv=r20220629&mjsv=m202206300101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280&nras=1&correlator=7569773864212&frm=20&pv=1&ga_vid=2068434089.1657035705&ga_sid=1657035705&ga_hid=1990264797&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=605&ady=1216&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C44766559%2C31068195%2C31068227&oid=2&pvsid=3494507679520155&tmod=1946640962&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=3&uci=a!3&btvi=1&fsb=1&xpc=vY6zCfXOvn&p=https%3A//adv-ref-was-sed.was-net-q8.xyz&dtd=154

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b81ca1a3c9dede576c144a087a70f302bd24fea1c264c20dde81cf4262296fa8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://adv-ref-was-sed.was-net-q8.xyz/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-encoding: br
content-length: 30344
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 05 Jul 2022 15:41:45 GMT
expires: Tue, 05 Jul 2022 15:41:45 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame DFB0 92 KB
30 KB 496ms
478ms Document
text/html 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5290359410522938&output=html&h=280&slotname=4153775738&adk=603482819&adf=2726949972&pi=t.ma~as.4153775738&w=706&fwrn=4&fwrnh=100&lmt=1657035704&rafmt=1&psa=0&format=706x280&url=https%3A%2F%2Fadv-ref-was-sed.was-net-q8.xyz%2Ft3lem%2F%23.YsHYLi4Fopw.whatsapp&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1657035704815&bpp=2&bdt=352&idt=143&shv=r20220629&mjsv=m202206300101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280%2C706x280&nras=1&correlator=7569773864212&frm=20&pv=1&ga_vid=2068434089.1657035705&ga_sid=1657035705&ga_hid=1990264797&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=605&ady=1754&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C44766559%2C31068195%2C31068227&oid=2&pvsid=3494507679520155&tmod=1946640962&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=4&uci=a!4&btvi=2&fsb=1&xpc=bShHBUc4k2&p=https%3A//adv-ref-was-sed.was-net-q8.xyz&dtd=145

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

2f6ce5f63be08e50bdbefd3a59c7b720c044e7ab58034bd1efa519520b5c5fa8

Security Headers

Name	Value
Content-Security-Policy	child-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/pagead/gadgets/in_page_full_auto_V1/Responsive_Monte_GpaSingleIframe.html;frame-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/pagead/gadgets/in_page_full_auto_V1/Responsive_Monte_GpaSingleIframe.html;report-uri https://pagead2.googlesyndication.com/pagead/gen_csp?id=adbundle&qqi=CO2dz4SL4vgCFQRBFQgd6PENHg&gqi=uFvEYuzhPK3l7_UPx5evgAI&layout=/pagead/gadgets/in_page_full_auto_V1/Responsive_Monte_GpaSingleIframe.html
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://adv-ref-was-sed.was-net-q8.xyz/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-encoding: br
content-length: 30966
content-security-policy: child-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/pagead/gadgets/in_page_full_auto_V1/Responsive_Monte_GpaSingleIframe.html;frame-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/pagead/gadgets/in_page_full_auto_V1/Responsive_Monte_GpaSingleIframe.html;report-uri https://pagead2.googlesyndication.com/pagead/gen_csp?id=adbundle&qqi=CO2dz4SL4vgCFQRBFQgd6PENHg&gqi=uFvEYuzhPK3l7_UPx5evgAI&layout=/pagead/gadgets/in_page_full_auto_V1/Responsive_Monte_GpaSingleIframe.html
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 05 Jul 2022 15:41:45 GMT
expires: Tue, 05 Jul 2022 15:41:45 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 reactive_library_fy2019.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202206300101/ 149 KB
53 KB 38ms
37ms Script
text/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202206300101/reactive_library_fy2019.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e479b598dd3d43c96cfd067cab3a8fabb93a7a70feb6fdac87f597c57c73fd40

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://adv-ref-was-sed.was-net-q8.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Tue, 05 Jul 2022 15:41:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 54364
x-xss-protection: 0
server: cafe
etag: 17616919888064214740
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=1209600
timing-allow-origin: *
expires: Tue, 05 Jul 2022 15:41:45 GMT

GET
H3 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
122 B 67ms
28ms Script
application/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=adv-ref-was-sed.was-net-q8.xyz

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://adv-ref-was-sed.was-net-q8.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 05 Jul 2022 15:41:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
122 B 79ms
39ms Script
application/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=adv-ref-was-sed.was-net-q8.xyz

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://adv-ref-was-sed.was-net-q8.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 05 Jul 2022 15:41:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 6D46 130 KB
43 KB 676ms
676ms Document
text/html 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5290359410522938&output=html&h=90&adk=4204718025&adf=2221415025&pi=t.aa~a.1744094222~rp.1&w=1200&fwrn=4&fwrnh=100&lmt=1657035705&rafmt=1&to=qs&pwprc=6468772052&psa=0&format=1200x90&url=https%3A%2F%2Fadv-ref-was-sed.was-net-q8.xyz%2Ft3lem%2F%23.YsHYLi4Fopw.whatsapp&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1657035705309&bpp=1&bdt=846&idt=1&shv=r20220629&mjsv=m202206300101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Df3687b9d5267f0d0-226e43f6c5cd00d4%3AT%3D1657035704%3ART%3D1657035704%3AS%3DALNI_MY22cy_diFmBiqUsTZStrefkT2DCw&prev_fmts=0x0%2C1200x280%2C706x280%2C706x280&nras=2&correlator=7569773864212&frm=20&pv=1&ga_vid=2068434089.1657035705&ga_sid=1657035705&ga_hid=1990264797&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=2544&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C44766559%2C31068195%2C31068227&oid=2&pvsid=3494507679520155&tmod=1946640962&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=5&uci=a!5&btvi=3&fsb=1&xpc=Hm1qEAuo4Z&p=https%3A//adv-ref-was-sed.was-net-q8.xyz&dtd=13

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c3e8de427cbc287137277a64f5e336110650cb329468b9d5b0bd01920d2148e3

Security Headers

Name	Value
Content-Security-Policy	child-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/2795378711239061479/728_90_WT_Viking_fury.html;frame-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/2795378711239061479/728_90_WT_Viking_fury.html;report-uri https://pagead2.googlesyndication.com/pagead/gen_csp?id=adbundle&qqi=CK235ISL4vgCFR5PFQgdg2EGHg&gqi=uVvEYt_TFPmS7_UPoO670AE&layout=/sadbundle/%24csp%253Der3%24/2795378711239061479/728_90_WT_Viking_fury.html
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://adv-ref-was-sed.was-net-q8.xyz/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-encoding: br
content-length: 44285
content-security-policy: child-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/2795378711239061479/728_90_WT_Viking_fury.html;frame-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/2795378711239061479/728_90_WT_Viking_fury.html;report-uri https://pagead2.googlesyndication.com/pagead/gen_csp?id=adbundle&qqi=CK235ISL4vgCFR5PFQgdg2EGHg&gqi=uVvEYt_TFPmS7_UPoO670AE&layout=/sadbundle/%24csp%253Der3%24/2795378711239061479/728_90_WT_Viking_fury.html
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 05 Jul 2022 15:41:45 GMT
expires: Tue, 05 Jul 2022 15:41:45 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20220629/r20110914/ Frame 4D36 10 KB
4 KB 20ms
20ms Document
text/html 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20220629/r20110914/zrt_lookup.html?fsb=1

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

75a2067c9dff8e58ae83cdb8ee4fe896013966ac4e8f3f1d5e8a75f27c9a1ae2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://adv-ref-was-sed.was-net-q8.xyz/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 80803
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=1209600
content-encoding: gzip
content-length: 4414
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 04 Jul 2022 17:15:02 GMT
etag: 10429905676100781186
expires: Mon, 18 Jul 2022 17:15:02 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20220629/r20110914/ Frame 18C3 10 KB
4 KB 20ms
19ms Document
text/html 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20220629/r20110914/zrt_lookup.html?fsb=1

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

75a2067c9dff8e58ae83cdb8ee4fe896013966ac4e8f3f1d5e8a75f27c9a1ae2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://adv-ref-was-sed.was-net-q8.xyz/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 80803
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=1209600
content-encoding: gzip
content-length: 4414
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 04 Jul 2022 17:15:02 GMT
etag: 10429905676100781186
expires: Mon, 18 Jul 2022 17:15:02 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 css2
fonts.googleapis.com/ Frame 4D36 4 KB
636 B 71ms
30ms Stylesheet
text/css 2a00:1450:4001:82f::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Roboto:wght@400;700&display=swap

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220629/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

c2777526a216d9692dd29697ebee7836fe8ae65f3a290faa20b75b64c0625205

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Tue, 05 Jul 2022 14:48:38 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Tue, 05 Jul 2022 15:41:45 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Tue, 05 Jul 2022 15:41:45 GMT

GET
H2 200 feedback_grey600_24dp.png
www.gstatic.com/images/icons/material/system/2x/ Frame 4D36 205 B
741 B 67ms
19ms Image
image/png 2a00:1450:4001:82f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gstatic.com/images/icons/material/system/2x/feedback_grey600_24dp.png

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220629/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4d45982f2dc34f36c9045ee46a75a1943666bb7fd64e103cac8c7429e7012840

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Tue, 05 Jul 2022 15:38:11 GMT
x-content-type-options: nosniff
age: 214
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 205
x-xss-protection: 0
last-modified: Tue, 22 Oct 2019 18:15:00 GMT
server: sffe
vary: Origin
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type: image/png
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
expires: Wed, 05 Jul 2023 15:38:11 GMT

GET
H2 200 settings_grey600_24dp.png
www.gstatic.com/images/icons/material/system/2x/ Frame 4D36 604 B
694 B 68ms
20ms Image
image/png 2a00:1450:4001:82f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gstatic.com/images/icons/material/system/2x/settings_grey600_24dp.png

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220629/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5c4a713ee4250851232be9f9f68d41586be39b299528cfc7266e0b0e7e582e1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Tue, 05 Jul 2022 14:48:51 GMT
x-content-type-options: nosniff
age: 3174
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 604
x-xss-protection: 0
last-modified: Tue, 22 Oct 2019 18:15:00 GMT
server: sffe
vary: Origin
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type: image/png
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
expires: Wed, 05 Jul 2023 14:48:51 GMT

GET
H2 200 interstitial_ad_frame_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20220629/r20110914/elements/html/ Frame 4D36 19 KB
8 KB 70ms
23ms Script
text/javascript 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220629/r20110914/elements/html/interstitial_ad_frame_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220629/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ae2e1dc0161fa05e80b225682868a9bfbab08c503b2429f06339d4487f160ac2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Tue, 05 Jul 2022 15:25:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 992
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8263
x-xss-protection: 0
server: cafe
etag: 17157773748623750166
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 19 Jul 2022 15:25:13 GMT

GET
H3 200 adview
googleads.g.doubleclick.net/pagead/ Frame 18C3 0
0 64ms
64ms Fetch
text/html 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=C-NFuuVvEYpscp5z6BoWYsOADyZ7SsVzNo5b3cMCNtwEQASAAYJWCgICwB4IBF2NhLXB1Yi01MjkwMzU5NDEwNTIyOTM4oAHVttLqA8gBCakCIS_flVRGsT6oAwGqBI8CT9BxXDiPkuk0Lj5q3lqXYMv6SpJDbA9Fxw9mL4zlP8mWL1LxCfuDS_IWl9ztkF02X-Ct4aRx16ff01WWUeW3bw2qLjc9QQ-ffoBWh6A8R2uBpmjuKGAaRibcKRIUufM3aWNUuprDKq-rn5IJHwHIoJA_SPHcnbLQPTXlF4pZRWMfbVN9PLIsFWY-ewwVPjxY5oNiUCt76vJlKq1pVSBVUfBFMS6jv93-bD_L1NHUz-nx9JfcQO45n7uh0z_luRupN5U6yHLn0TSblTHvFut9aMSRD9oQKgbhu70vqlu5gY5YPHcly9dNInV4z9gOwZV4-c61-Ztknm_kb6__bgdlJvGQjBmMSXPecUw-nmUFwoAG1KCKy6SbqKNsoAYhqAeKmLECqAemvhuoB5bYG6gHqpuxAqgH35-xAtgHANIIDwiA4YAQEAEyAqoCOgKAQIAKAfoLAggBgAwB0BUBgBcBshcaChgSFHB1Yi01MjkwMzU5NDEwNTIyOTM4GAA&sigh=Ha65TVK4Mnc&uach_m=[UACH]&cid=CAQSGwCNIrLMG2lsWEdPD8c2WdQvCVlVO9MBLgtPkBgB

Requested by

Host: adv-ref-was-sed.was-net-q8.xyz
URL: https://adv-ref-was-sed.was-net-q8.xyz/t3lem/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/html/r20220629/r20110914/zrt_lookup.html?fsb=1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
date: Tue, 05 Jul 2022 15:41:45 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Tue, 05 Jul 2022 15:41:45 GMT

GET
H2 200 notify
rtb.fr.eu.criteo.com/google/auction/ Frame 18C3 0
0 90ms
32ms Fetch 2a02:2638::2
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://rtb.fr.eu.criteo.com/google/auction/notify?profile=14&payload=kOb8EMz6RO0HfJ2DYgICAAAAV7BzxmhttVYQuFvEYpK5qyPrTrAARJDLABIAAA&wp=YsRbuQAADhsK3o4nAAwMBQm_6tOD3kzbW-Cn1Q

Requested by

Host: adv-ref-was-sed.was-net-q8.xyz
URL: https://adv-ref-was-sed.was-net-q8.xyz/t3lem/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638::2 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Tue, 05 Jul 2022 15:41:44 GMT
server: Kestrel
server-processing-duration-in-ticks: 313901
content-length: 0
strict-transport-security: max-age=31536000; preload;

GET
H2 200 afr.php Show response
ads.eu.criteo.com/delivery/r/ Frame 53D3 172 KB
54 KB 230ms
149ms Document
text/html 2a02:2638:1::4
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://ads.eu.criteo.com/delivery/r/afr.php?z=YsRbuQAADhsK3o4nAAwMBQm_6tOD3kzbW-Cn1Q&u=%7ChAqs%2By45nczo5ynQN2pTIh38m1emOFeUKsDP0lDGOJA%3D%7C&c1=0n2XosTo5ckbeNFvq0zVIcsyhyT3WKD0PIixkNz--ZUG2JILUkurhSkBmqMNl2IWHL9APLQJ6z1MiR3q3hC860tTybkW7qZn8kmuyTGI-gU2KUpamohAqlKvHLlSzC3AKpjZG6dFM-tBxAu9qY_nY9JjR-QIwjrM-6dBxDW_Slyy2pRFtz6iGuUJ2eBkq9IabrspZlWdbo6LMh97GBbpTEdPXAUuk-PJLlwV8RjUl-ZX6qaXPQ_l3BPK00WNAvablcG_LblOSpSFqc7KqoN8ioQxanaVM7u_oAGLoP3Q3dK1QNExgAxmEVSCnrDgj5Ba-XZesech3QuPnPEAs8zH9svwggCxROfMvkMlaawXnq0xP4Aqzkm2XooUUp06PxCUSGbpffYY4xGpIv1_NqhUKSGBp7ycnn2ZUhq78jpBjqY0ygBhO5hNA00JD_E2r-7VVvxd5cyokwOzWLH5mSgidO6hb0F3cBdRyTWPX8iCycE&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCvp0luVvEYpscp5z6BoWYsOADyZ7SsVzNo5b3cMCNtwEQASAAYJWCgICwB4IBF2NhLXB1Yi01MjkwMzU5NDEwNTIyOTM4oAHVttLqA8gBCakCIS_flVRGsT6oAwGqBJICT9BxXDiPkuk0Lj5q3lqXYMv6SpJDbA9Fxw9mL4zlP8mWL1LxCfuDS_IWl9ztkF02X-Ct4aRx16ff01WWUeW3bw2qLjc9QQ-ffoBWh6A8R2uBpmjuKGAaRibcKRIUufM3aWNUuprDKq-rn5IJHwHIoJA_SPHcnbLQPTXlF4pZRWMfbVN9PLIsFWY-ewwVPjxY5oNiUCt76vJlKq1pVSBVUfBFMS6jv93-bD_L1NHUz-nx9JfcQO45n7uh0z_luRupN5U6yHLn0TSblTHvFut9aMSRD9oQKgbhu70vqlu5gY5YPHcly9dNInU6zfmcRhrk6nEp7Ti0o8kcZrv12A1LPnMkRCQqu8zAXVS7NOEWfbocQYAG1KCKy6SbqKNsoAYhqAeKmLECqAemvhuoB5bYG6gHqpuxAqgH35-xAtgHANIIDwiA4YAQEAEyAqoCOgKAQPoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_3Rm2SnduqAQ0HRvBskJ9apLUVoqQ%26client%3Dca-pub-5290359410522938%26adurl%3D

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220629/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::4 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

1514178b2d78067236c1b7ff4af83f9ddbc33696c568f374321fa169fe37d0ce

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
access-control-max-age: 1000
cache-control: private, max-age=0, no-cache
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
date: Tue, 05 Jul 2022 15:41:45 GMT
expires: Mon, 26 Jul 1997 05:00:00 GMT
link: <pix.eu.criteo.net>; rel=preconnect; crossorigin, <static.criteo.net>; rel=preconnect; crossorigin
p3p: CP='CUR ADM OUR NOR STA NID'
pragma: no-cache
report-to: {"endpoints":[{"url":"https://csm.eu.criteo.net/heavyad?cppv=3&cpp=s7ECpPFmXoC8JICbmMy-af7oV59rcUjFF8uXMWfsQtqQwj066YeHPWd02uiX2gm3M4DFXPqr0t0c2v8CiZGT8uBanHK4iDLdL5_uVL_lOrQskkPimd2gtGc836r-bUo-xNAAArOt_W9zzztNEIaC968bPxQ8Gt2jxNxAKdAUJ_m5wxvrHtB6y993FfXo3dOMcfcBjIA6zUZs3v-KA7Sswvk_Xj-on1FlJobD09nKGR9xhMbMmX3ApUf_qa8sVYqx3Tti_Q"}], "max_age": 86400}
server: Kestrel
server-processing-duration-in-ticks: 109281961
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20220629/r20110914/client/ Frame 18C3 3 KB
1 KB 64ms
22ms Script
text/javascript 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220629/r20110914/client/window_focus_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220629/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8aa048082094d36080fc028ab1584264596c64fb5b362038c4761ac9838d6b14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Tue, 05 Jul 2022 15:09:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1921
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1359
x-xss-protection: 0
server: cafe
etag: 1484984001845508991
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 19 Jul 2022 15:09:44 GMT

GET
H2 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20220629/r20110914/client/ Frame 18C3 17 KB
8 KB 61ms
20ms Script
text/javascript 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220629/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220629/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

84d1ee47df256fbcd1042850b8fd40df9ca9952a5b37608f019f2f438713fa30

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Tue, 05 Jul 2022 15:34:17 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 448
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7309
x-xss-protection: 0
server: cafe
etag: 16921397534319471551
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 19 Jul 2022 15:34:17 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 18C3 138 KB
43 KB 74ms
29ms Script
text/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220629/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

29a74bd48fa0b500b61194468e760e8acef2f465e782e0da3eb219850bcea8fb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Tue, 05 Jul 2022 15:41:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 43256
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1656329918998510"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Tue, 05 Jul 2022 15:41:45 GMT

GET
H2 200 moatframe.js Show response
z.moatads.com/addthismoatframe568911941483/ 2 KB
1 KB 89ms
27ms Script
application/x-javascript 104.102.30.13
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://z.moatads.com/addthismoatframe568911941483/moatframe.js
Requested by: Host: s7.addthis.com
URL: https://s7.addthis.com/js/300/addthis_widget.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.102.30.13 Milan, Italy, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a104-102-30-13.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: 05090f9390f5bc0cd23fe5f432037cc92d7cbce1ced9bfe8faf3d1c9abae85cd

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://adv-ref-was-sed.was-net-q8.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Tue, 05 Jul 2022 15:41:45 GMT
content-encoding: gzip
last-modified: Fri, 08 Nov 2019 20:13:52 GMT
server: AmazonS3
x-amz-request-id: E880451BA994640A
etag: "f14b4e1f799b14f798a195f43cf58376"
vary: Accept-Encoding
content-type: application/x-javascript
cache-control: max-age=30741
accept-ranges: bytes
content-length: 948
x-amz-id-2: g48kfJZ1LDfwCY+hKucKHwOEQccxMwTRQc86H8DNT9MI1VyS34GvzBN90qGYIKnsTc9op8vunqY=

GET
H2 200 _ate.track.config_resp Show response
v1.addthisedge.com/live/boost/ra-5e993c65e0b62784/ 3 KB
907 B 331ms
331ms Script
application/javascript 104.75.88.126
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://v1.addthisedge.com/live/boost/ra-5e993c65e0b62784/_ate.track.config_resp
Requested by: Host: s7.addthis.com
URL: https://s7.addthis.com/js/300/addthis_widget.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.75.88.126 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-75-88-126.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: f9ab450344ece1e1f68be1576a184ce306b97c98a746359dd8836290a5346adc

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://adv-ref-was-sed.was-net-q8.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Tue, 05 Jul 2022 15:41:45 GMT
content-encoding: gzip
etag: -1574254553--gzip
vary: Accept-Encoding
content-type: application/javascript;charset=utf-8
cache-control: public, max-age=60, s-maxage=86400
content-disposition: attachment; filename=1.txt
content-length: 730

GET
H2 200 300lo.json Show response
m.addthis.com/live/red_lojson/ 90 B
250 B 166ms
164ms Script
application/javascript 104.75.88.126
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://m.addthis.com/live/red_lojson/300lo.json?si=62c45bb935619c18&bkl=0&bl=1&pdt=226&sid=62c45bb935619c18&pub=ra-5e993c65e0b62784&rev=v8.28.8-wp&ln=ar&pc=men&cb=0&ab=-&dp=adv-ref-was-sed.was-net-q8.xyz&fp=t3lem&fr=&of=0&sr=whatsapp&pd=0&irt=0&vcl=0&md=0&ct=1&tct=0&abt=0&cdn=0&pi=1&rb=0&gen=100&chr=UTF-8&colc=1657035705471&jsl=131072&uvs=62c45bb97c489afb000&skipb=1&callback=addthis.cbs.jsonp__052483653246351070
Requested by: Host: s7.addthis.com
URL: https://s7.addthis.com/js/300/addthis_widget.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.75.88.126 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-75-88-126.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 9bdc071c5a6f1be56893d8c6aff6bcbb2b7f24fd93dda3e87b1e5822d2fba027

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://adv-ref-was-sed.was-net-q8.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 05 Jul 2022 15:41:45 GMT
cache-control: max-age=0, no-cache, no-store, no-transform
content-disposition: attachment; filename=1.txt
content-length: 90
content-type: application/javascript;charset=utf-8

GET sh.f48a1a04fe8dbf021b4cda1d.html
s7.addthis.com/static/ Frame 4D14 0
0

GET
H2 200 sh.f48a1a04fe8dbf021b4cda1d.html Show response
s7.addthis.com/static/ Frame 79F3 71 KB
26 KB 78ms
78ms Document
text/html 104.75.88.126
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://s7.addthis.com/static/sh.f48a1a04fe8dbf021b4cda1d.html

Requested by

Host: s7.addthis.com
URL: https://s7.addthis.com/js/300/addthis_widget.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.75.88.126 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-75-88-126.deploy.static.akamaitechnologies.com

Software

nginx/1.15.8 /

Resource Hash

7b6bfa13f0778c40bb2a00af9819bea2f07afcb4d071e7e4f436196953a5db4d

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

Referer: https://adv-ref-was-sed.was-net-q8.xyz/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: public, max-age=86313600
content-encoding: gzip
content-length: 26421
content-type: text/html
date: Tue, 05 Jul 2022 15:41:45 GMT
etag: W/"5f971164-11adc"
last-modified: Mon, 26 Oct 2020 18:11:48 GMT
p3p: CP="NON ADM OUR DEV IND COM STA"
server: nginx/1.15.8
strict-transport-security: max-age=15724800; includeSubDomains
timing-allow-origin: *
vary: Accept-Encoding
x-host: s7.addthis.com

GET
H2 200 client.ar.min.json Show response
s7.addthis.com/l10n/ 4 KB
2 KB 87ms
25ms XHR
application/json 104.75.88.126
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://s7.addthis.com/l10n/client.ar.min.json

Requested by

Host: s7.addthis.com
URL: https://s7.addthis.com/js/300/addthis_widget.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.75.88.126 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-75-88-126.deploy.static.akamaitechnologies.com

Software

nginx/1.15.8 /

Resource Hash

72d2367dc35967c758f93deefb69e76a1cfed9be0dcab06fc8ae2bf8d37bc879

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://adv-ref-was-sed.was-net-q8.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

strict-transport-security: max-age=15724800; includeSubDomains
content-encoding: gzip
last-modified: Tue, 10 Sep 2019 15:15:17 GMT
server: nginx/1.15.8
etag: W/"5d77be05-11fd"
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
cache-control: public, s-maxage=604800
date: Tue, 05 Jul 2022 15:41:45 GMT
x-host: s7.addthis.com
timing-allow-origin: *
content-length: 1925

GET
H3 200 css
fonts.googleapis.com/ Frame CE4E 8 KB
711 B 29ms
28ms Stylesheet
text/css 2a00:1450:4001:82f::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Open%20Sans%3A300%2C400%2C500

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5290359410522938&output=html&h=280&slotname=7165497559&adk=3290198356&adf=4054720894&pi=t.ma~as.7165497559&w=1200&fwrn=4&fwrnh=100&lmt=1657035704&rafmt=1&psa=0&format=1200x280&url=https%3A%2F%2Fadv-ref-was-sed.was-net-q8.xyz%2Ft3lem%2F%23.YsHYLi4Fopw.whatsapp&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1657035704793&bpp=8&bdt=331&idt=149&shv=r20220629&mjsv=m202206300101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=7569773864212&frm=20&pv=1&ga_vid=2068434089.1657035705&ga_sid=1657035705&ga_hid=1990264797&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=400&ady=216&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C44766559%2C31068195%2C31068227&oid=2&pvsid=3494507679520155&tmod=1946640962&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=aeOCsfZDHd&p=https%3A//adv-ref-was-sed.was-net-q8.xyz&dtd=154

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

012bb7853079db95a8f44671bc867eec7d09ff13c92794d75ba81003747bfbe7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Tue, 05 Jul 2022 14:43:35 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Tue, 05 Jul 2022 15:41:45 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Tue, 05 Jul 2022 15:41:45 GMT

GET
H3 200 load_preloaded_resource_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20220629/r20110914/client/ Frame CE4E 2 KB
902 B 91ms
47ms Script
text/javascript 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220629/r20110914/client/load_preloaded_resource_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

981c0bff12cb03203363a70e8ffe9b7fdf4af3b0b10c7a02a639eb13327574c0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Tue, 05 Jul 2022 15:36:16 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 329
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 875
x-xss-protection: 0
server: cafe
etag: 16974406330603315520
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 19 Jul 2022 15:36:16 GMT

GET
H3 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20220629/r20110914/ Frame CE4E 21 KB
8 KB 65ms
21ms Script
text/javascript 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220629/r20110914/abg_lite_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a2625083f682f667dbd0121720f86b02cc023e7cc2c36d1fad2d1a3dbe0b8cc6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Tue, 05 Jul 2022 15:31:37 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 608
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8671
x-xss-protection: 0
server: cafe
etag: 18116328616323621410
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 19 Jul 2022 15:31:37 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20220629/r20110914/client/ Frame CE4E 3 KB
1 KB 60ms
49ms Script
text/javascript 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220629/r20110914/client/window_focus_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8aa048082094d36080fc028ab1584264596c64fb5b362038c4761ac9838d6b14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Tue, 05 Jul 2022 15:16:16 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1529
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1359
x-xss-protection: 0
server: cafe
etag: 1484984001845508991
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 19 Jul 2022 15:16:16 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20220629/r20110914/client/ Frame CE4E 17 KB
7 KB 75ms
31ms Script
text/javascript 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220629/r20110914/client/qs_click_protection_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

84d1ee47df256fbcd1042850b8fd40df9ca9952a5b37608f019f2f438713fa30

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Tue, 05 Jul 2022 15:40:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 62
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7309
x-xss-protection: 0
server: cafe
etag: 16921397534319471551
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 19 Jul 2022 15:40:43 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame CE4E 138 KB
42 KB 75ms
37ms Script
text/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

29a74bd48fa0b500b61194468e760e8acef2f465e782e0da3eb219850bcea8fb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Tue, 05 Jul 2022 15:41:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 43256
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1656329918998510"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Tue, 05 Jul 2022 15:41:45 GMT

GET
H3 200 21b2dfe42abab24529e209ac1efa07c6.js Show response
www.gstatic.com/mysidia/ Frame CE4E 31 KB
13 KB 63ms
22ms Script
text/javascript 2a00:1450:4001:82f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/21b2dfe42abab24529e209ac1efa07c6.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b97d2c98f8bac4ee72d075d577db22903f83ae9a2742b9caef94f0842b459348

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Tue, 05 Jul 2022 07:22:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 29959
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13060
x-xss-protection: 0
last-modified: Mon, 27 Jun 2022 20:43:39 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Mon, 03 Oct 2022 07:22:26 GMT

GET
H2 200 ping
ping.chartbeat.net/ 43 B
201 B 319ms
103ms Image
image/gif 34.224.243.79
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ping.chartbeat.net/ping?h=adv-ref-was-sed.was-net-q8.xyz&p=%2Ft3lem%2F&u=BWP4iaFn0GMDfECSn&d=adv-ref-was-sed.was-net-q8.xyz&g0=ar%20articles&g1=Alarabiya.net&n=1&f=00001&c=0&x=0&m=0&y=3602&o=1600&w=1200&j=45&R=1&W=0&I=0&E=0&e=0&r=&b=1253&t=LWxMrBkCk8cD7gzdPBoEdKADLoBz2&V=135&i=%D8%B1%D8%B3%D9%85%D9%8A%D9%8B%D8%A7..%20%D9%88%D8%B2%D8%A7%D8%B1%D8%A9%20%D8%A7%D9%84%D8%AA%D8%B9%D9%84%D9%8A%D9%85%20%D8%AA%D8%B9%D9%84%D9%86%20%D8%A5%D9%84%D8%BA%D8%A7%D8%A1%20%D8%A7%D8%AE%D8%AA%D8%A8%D8%A7%D8%B1%20%D8%A7%D9%84%D9%82%D8%AF%D8%B1%D8%A7%D8%AA%20%D9%82%D9%8A%D8%A7%D8%B3&tz=0&sn=1&sv=Bj525nB7NAdtYuotCobbgsNjvf&sd=1&im=06632cf0&_
Requested by: Host: adv-ref-was-sed.was-net-q8.xyz
URL: https://adv-ref-was-sed.was-net-q8.xyz/t3lem/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.224.243.79 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-224-243-79.compute-1.amazonaws.com
Software: /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://adv-ref-was-sed.was-net-q8.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 05 Jul 2022 15:41:45 GMT
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
content-length: 43
expires: 0

GET
H3 200 adview
googleads.g.doubleclick.net/pagead/ Frame CE4E 0
0 67ms
67ms Fetch
text/html 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=CfZ9muVvEYttu4LLV8A-Lq4m4DouexOdq77Oat5QQt8uivcABEAEgxd2pL2CVgoCAsAegAb_amNkDyAEJqQIhL9-VVEaxPqgDAcgDywSqBJoCT9DcNKnnAueTFdJwf_dVU9teklbLNyKPDAmIGdOkrihu6qPw2OqGMG1VnYEuKiTeZCixEx1xYOL5MITXnBvTNywdGMbOfCIen_7SIquCkdJld5Fk5xeDUJAo4iiMWn_jS55g4_FVs8m6HEXZKLZAgS9L5bkBHYVRAKtysVg-JV3itGDOrPk_jfmCEIFoUsnMNLPb3rjRzGwWGqEtBPMNjGxFyXDbqJWm7yno8ltGZBwSacQIAQewYK8K98BLBJPpgS6VRW4ylDMq86tmcPMHFP0ZhNrIElNbaHTXjjPc_VfHL0qQfg9Zm19kvB3GzrPOxRMKt3nAsIoieIhA3gSJLEBmHb5rOrVCv_ck1gZAw2nhXAzx8SJ9jhFxwAS9_aqx_AOSBQQIBBgBkgUECAUYBKAGLoAH_f_6FKgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4b2AcA8gcEELSVHtIIEQiA4YAQEAEYHzICqgI6AoBAgAoByAsBuBOIJ9gTDYgUBNAVAYAXAbIXHAoaCAASFHB1Yi01MjkwMzU5NDEwNTIyOTM4GAA&sigh=8-h6JrbKWY4&uach_m=[UACH]&template_id=5000

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5290359410522938&output=html&h=280&slotname=7165497559&adk=3290198356&adf=4054720894&pi=t.ma~as.7165497559&w=1200&fwrn=4&fwrnh=100&lmt=1657035704&rafmt=1&psa=0&format=1200x280&url=https%3A%2F%2Fadv-ref-was-sed.was-net-q8.xyz%2Ft3lem%2F%23.YsHYLi4Fopw.whatsapp&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1657035704793&bpp=8&bdt=331&idt=149&shv=r20220629&mjsv=m202206300101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=7569773864212&frm=20&pv=1&ga_vid=2068434089.1657035705&ga_sid=1657035705&ga_hid=1990264797&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=400&ady=216&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C44766559%2C31068195%2C31068227&oid=2&pvsid=3494507679520155&tmod=1946640962&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=aeOCsfZDHd&p=https%3A//adv-ref-was-sed.was-net-q8.xyz&dtd=154
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
date: Tue, 05 Jul 2022 15:41:45 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0

GET
H3 200 ssrh.js Show response
tpc.googlesyndication.com/pagead/gadgets/html5/ Frame DFB0 84 KB
29 KB 28ms
22ms Script
text/javascript 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/gadgets/html5/ssrh.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5290359410522938&output=html&h=280&slotname=4153775738&adk=603482819&adf=2726949972&pi=t.ma~as.4153775738&w=706&fwrn=4&fwrnh=100&lmt=1657035704&rafmt=1&psa=0&format=706x280&url=https%3A%2F%2Fadv-ref-was-sed.was-net-q8.xyz%2Ft3lem%2F%23.YsHYLi4Fopw.whatsapp&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1657035704815&bpp=2&bdt=352&idt=143&shv=r20220629&mjsv=m202206300101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280%2C706x280&nras=1&correlator=7569773864212&frm=20&pv=1&ga_vid=2068434089.1657035705&ga_sid=1657035705&ga_hid=1990264797&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=605&ady=1754&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C44766559%2C31068195%2C31068227&oid=2&pvsid=3494507679520155&tmod=1946640962&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=4&uci=a!4&btvi=2&fsb=1&xpc=bShHBUc4k2&p=https%3A//adv-ref-was-sed.was-net-q8.xyz&dtd=145

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9b5312cb2f154f2bd64ee8746195a63df254d10bfd107a61eec3d5d38dd48bff

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Mon, 04 Jul 2022 16:37:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 83026
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 30063
x-xss-protection: 0
server: cafe
etag: 16132151104434394549
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=86400
timing-allow-origin: *
expires: Tue, 05 Jul 2022 16:37:59 GMT

GET
H3 200 load_preloaded_resource_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20220629/r20110914/client/ Frame 4682 2 KB
902 B 38ms
38ms Script
text/javascript 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220629/r20110914/client/load_preloaded_resource_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220629/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

981c0bff12cb03203363a70e8ffe9b7fdf4af3b0b10c7a02a639eb13327574c0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Tue, 05 Jul 2022 15:36:16 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 329
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 875
x-xss-protection: 0
server: cafe
etag: 16974406330603315520
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 19 Jul 2022 15:36:16 GMT

GET
H3 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20220629/r20110914/ Frame 4682 21 KB
8 KB 27ms
27ms Script
text/javascript 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220629/r20110914/abg_lite_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220629/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a2625083f682f667dbd0121720f86b02cc023e7cc2c36d1fad2d1a3dbe0b8cc6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Tue, 05 Jul 2022 15:31:37 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 608
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8671
x-xss-protection: 0
server: cafe
etag: 18116328616323621410
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 19 Jul 2022 15:31:37 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20220629/r20110914/client/ Frame 4682 3 KB
1 KB 37ms
37ms Script
text/javascript 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220629/r20110914/client/window_focus_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220629/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8aa048082094d36080fc028ab1584264596c64fb5b362038c4761ac9838d6b14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Tue, 05 Jul 2022 15:16:16 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1529
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1359
x-xss-protection: 0
server: cafe
etag: 1484984001845508991
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 19 Jul 2022 15:16:16 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20220629/r20110914/client/ Frame 4682 17 KB
7 KB 30ms
29ms Script
text/javascript 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220629/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220629/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

84d1ee47df256fbcd1042850b8fd40df9ca9952a5b37608f019f2f438713fa30

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Tue, 05 Jul 2022 15:40:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 62
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7309
x-xss-protection: 0
server: cafe
etag: 16921397534319471551
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 19 Jul 2022 15:40:43 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 4682 138 KB
42 KB 42ms
41ms Script
text/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220629/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

29a74bd48fa0b500b61194468e760e8acef2f465e782e0da3eb219850bcea8fb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Tue, 05 Jul 2022 15:41:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 43256
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1656329918998510"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Tue, 05 Jul 2022 15:41:45 GMT

GET
H3 200 21b2dfe42abab24529e209ac1efa07c6.js Show response
www.gstatic.com/mysidia/ Frame 4682 31 KB
13 KB 37ms
21ms Script
text/javascript 2a00:1450:4001:82f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/21b2dfe42abab24529e209ac1efa07c6.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220629/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b97d2c98f8bac4ee72d075d577db22903f83ae9a2742b9caef94f0842b459348

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Tue, 05 Jul 2022 07:22:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 29959
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13060
x-xss-protection: 0
last-modified: Mon, 27 Jun 2022 20:43:39 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Mon, 03 Oct 2022 07:22:26 GMT

GET
DATA 200
OK truncated
/ Frame 18C3 219 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 6bb4749e2b751b0661c372b48b49c5fb11096d9086ca863cfef9b9add88e8c51

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 css
fonts.googleapis.com/ Frame C67E 4 KB
621 B 28ms
28ms Stylesheet
text/css 2a00:1450:4001:82f::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto%3A400%2C500

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5290359410522938&output=html&h=280&slotname=3018039299&adk=872464073&adf=2755099660&pi=t.ma~as.3018039299&w=706&fwrn=4&fwrnh=100&lmt=1657035704&rafmt=1&psa=0&format=706x280&url=https%3A%2F%2Fadv-ref-was-sed.was-net-q8.xyz%2Ft3lem%2F%23.YsHYLi4Fopw.whatsapp&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1657035704801&bpp=14&bdt=339&idt=151&shv=r20220629&mjsv=m202206300101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280&nras=1&correlator=7569773864212&frm=20&pv=1&ga_vid=2068434089.1657035705&ga_sid=1657035705&ga_hid=1990264797&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=605&ady=1216&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C44766559%2C31068195%2C31068227&oid=2&pvsid=3494507679520155&tmod=1946640962&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=3&uci=a!3&btvi=1&fsb=1&xpc=vY6zCfXOvn&p=https%3A//adv-ref-was-sed.was-net-q8.xyz&dtd=154

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

46d1791d45e9e6840842ef90f192c2c6f1f4247baa7c1f32f2da75d3a05c0de2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Tue, 05 Jul 2022 14:23:23 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Tue, 05 Jul 2022 15:41:45 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Tue, 05 Jul 2022 15:41:45 GMT

GET
H3 200 load_preloaded_resource_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20220629/r20110914/client/ Frame C67E 2 KB
902 B 23ms
20ms Script
text/javascript 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220629/r20110914/client/load_preloaded_resource_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

981c0bff12cb03203363a70e8ffe9b7fdf4af3b0b10c7a02a639eb13327574c0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Tue, 05 Jul 2022 15:36:16 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 329
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 875
x-xss-protection: 0
server: cafe
etag: 16974406330603315520
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 19 Jul 2022 15:36:16 GMT

GET
H3 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20220629/r20110914/ Frame C67E 21 KB
8 KB 23ms
21ms Script
text/javascript 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220629/r20110914/abg_lite_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a2625083f682f667dbd0121720f86b02cc023e7cc2c36d1fad2d1a3dbe0b8cc6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Tue, 05 Jul 2022 15:31:37 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 608
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8671
x-xss-protection: 0
server: cafe
etag: 18116328616323621410
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 19 Jul 2022 15:31:37 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20220629/r20110914/client/ Frame C67E 3 KB
1 KB 20ms
19ms Script
text/javascript 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220629/r20110914/client/window_focus_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8aa048082094d36080fc028ab1584264596c64fb5b362038c4761ac9838d6b14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Tue, 05 Jul 2022 15:16:16 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1529
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1359
x-xss-protection: 0
server: cafe
etag: 1484984001845508991
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 19 Jul 2022 15:16:16 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame C67E 138 KB
42 KB 44ms
42ms Script
text/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

29a74bd48fa0b500b61194468e760e8acef2f465e782e0da3eb219850bcea8fb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Tue, 05 Jul 2022 15:41:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 43256
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1656329918998510"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Tue, 05 Jul 2022 15:41:45 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20220629/r20110914/client/ Frame C67E 17 KB
7 KB 23ms
20ms Script
text/javascript 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220629/r20110914/client/qs_click_protection_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

84d1ee47df256fbcd1042850b8fd40df9ca9952a5b37608f019f2f438713fa30

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Tue, 05 Jul 2022 15:40:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 62
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7309
x-xss-protection: 0
server: cafe
etag: 16921397534319471551
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 19 Jul 2022 15:40:43 GMT

GET
H3 200 21b2dfe42abab24529e209ac1efa07c6.js Show response
www.gstatic.com/mysidia/ Frame C67E 31 KB
13 KB 21ms
20ms Script
text/javascript 2a00:1450:4001:82f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/21b2dfe42abab24529e209ac1efa07c6.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b97d2c98f8bac4ee72d075d577db22903f83ae9a2742b9caef94f0842b459348

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Tue, 05 Jul 2022 07:22:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 29959
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13060
x-xss-protection: 0
last-modified: Mon, 27 Jun 2022 20:43:39 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Mon, 03 Oct 2022 07:22:26 GMT

GET
H3 200 downsize_200k_v1
tpc.googlesyndication.com/simgad/15074820936715392639/ Frame CE4E 33 KB
33 KB 24ms
22ms Image
image/jpeg 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/15074820936715392639/downsize_200k_v1?w=600&h=314

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2a9456236abe7e50fd51cf797f73455aca3cd9371fe1f5acdf0055b4761cd653

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Fri, 01 Jul 2022 14:29:41 GMT
x-content-type-options: nosniff
age: 349924
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 33952
x-xss-protection: 0
last-modified: Fri, 17 Jun 2022 13:01:33 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Sat, 01 Jul 2023 14:29:41 GMT

GET
DATA 200
OK truncated
/ Frame CE4E 206 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 44eefef34507164f4234b958d8f6906488a2521071379498041568bae9499b2e

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ Frame CE4E 209 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 9d29a0edd5f55c965f72331218d94428fa5fcaec361f94850cd9869b35af8228

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H3 200 adview
googleads.g.doubleclick.net/pagead/ Frame C67E 0
0 63ms
63ms Fetch
text/html 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=CmEQ2uVvEYqExzJKBB-LfnIAOt_y3hGmJmafrwQytmNDNgAcQASDF3akvYJWCgICwB6ABsLqh1wPIAQmpAjMmUgfgRbE-qAMByAPLBKoEnAJP0A2tqxdaentYX8QqowuH7kJgDPFUhSXjHQ3zRMrc05LTCNGXa0jEv0aq8FcxjLogVCoGRin2YVnli9x4r3RWwE8rza4c_AL12pcQAq5s0AuiON1BX8l8vTu7LSuaxGHGMR0A8KmF_L2oZqGqaDUkShwsj06M07d76s1iH1WFRktrwWpbgMaSYENMlWqwWrdeXRx214MWpbmi85YTTB44k8tNEexukxZg82LHcB0MzLgi-oONIiO1LYc7Dt5Tui0YotM600G-0Ab7ZIzwJnJnKhObMb0tvFmJwCndPxUvTN6eUgwXTOtZCHOlRmPZqNO2bIdRHqh_dR9ejaITLz-58GnK-uSrCZIDIYsIb1nS0_vpMFYnvD-WQvdKocAEm_HQzq0DkgUECAQYAZIFBAgFGASgBi6AB7_ZvWCoB47OG6gHk9gbqAfulrECqAf-nrECqAeko7ECqAemvhvYBwDyBwQQ7vMQ0ggRCIDhgBAQARgfMgKqAjoCgECACgHICwHYEwyIFALQFQGAFwGyFxwKGggAEhRwdWItNTI5MDM1OTQxMDUyMjkzOBgA&sigh=_f_F9DkSP0Q&uach_m=[UACH]&template_id=494

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5290359410522938&output=html&h=280&slotname=3018039299&adk=872464073&adf=2755099660&pi=t.ma~as.3018039299&w=706&fwrn=4&fwrnh=100&lmt=1657035704&rafmt=1&psa=0&format=706x280&url=https%3A%2F%2Fadv-ref-was-sed.was-net-q8.xyz%2Ft3lem%2F%23.YsHYLi4Fopw.whatsapp&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1657035704801&bpp=14&bdt=339&idt=151&shv=r20220629&mjsv=m202206300101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280&nras=1&correlator=7569773864212&frm=20&pv=1&ga_vid=2068434089.1657035705&ga_sid=1657035705&ga_hid=1990264797&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=605&ady=1216&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C44766559%2C31068195%2C31068227&oid=2&pvsid=3494507679520155&tmod=1946640962&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=3&uci=a!3&btvi=1&fsb=1&xpc=vY6zCfXOvn&p=https%3A//adv-ref-was-sed.was-net-q8.xyz&dtd=154
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
date: Tue, 05 Jul 2022 15:41:45 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame C67E 287 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 605b14697226eeb0be6b2c11db8206b70f4c8681c3f921e4ceca4793ce1a95ce

Request headers

Referer
Origin: https://googleads.g.doubleclick.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H3

200

4091503581208051288
tpc.googlesyndication.com/simgad/ Frame C67E
Redirect Chain

https://tpc.googlesyndication.com/pageadimg/imgad?id=CICAgKDnj86ZywEQ9AMY9AMyCGN8MsJOAEwL
https://tpc.googlesyndication.com/simgad/4091503581208051288

107 KB
107 KB

21ms
21ms

Image
image/png

2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/4091503581208051288

Requested by

Protocol

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

fcab803c6d01082f69e5510655ca566241f3a4fd3ee7aa1506b1308e2d069ccb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Tue, 28 Jun 2022 16:38:02 GMT
x-content-type-options: nosniff
age: 601423
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 109931
x-xss-protection: 0
last-modified: Wed, 23 Oct 2019 12:45:40 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Wed, 28 Jun 2023 16:38:02 GMT

Redirect headers

date: Mon, 04 Jul 2022 19:00:19 GMT
x-content-type-options: nosniff
server: cafe
age: 74486
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: text/html; charset=UTF-8
location: https://tpc.googlesyndication.com/simgad/4091503581208051288
cache-control: public, max-age=2592000
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Wed, 03 Aug 2022 19:00:19 GMT

GET
H2 200 red_pjson Show response
m.addthis.com/live/ Frame 79F3 28 B
771 B 168ms
167ms Script
application/javascript 104.75.88.126
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://m.addthis.com/live/red_pjson?q162uy&vr=300&rev=v8.28.8-wp&rb=0&gen=50&sid=62c45bb935619c18&callback=_ate.ad.hrr%20&pub=ra-5e993c65e0b62784&url=https%3A%2F%2Fadv-ref-was-sed.was-net-q8.xyz%2Ft3lem&
Requested by: Host: s7.addthis.com
URL: https://s7.addthis.com/static/sh.f48a1a04fe8dbf021b4cda1d.html
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.75.88.126 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-75-88-126.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 0e2796a9d67acf02d30321dd989fae6e1721f75fca03c97d139adc36f8e47f78

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s7.addthis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 05 Jul 2022 15:41:45 GMT
cache-control: max-age=0, no-cache, no-store, no-transform
content-disposition: attachment; filename=1.txt
p3p: policyref="/w3c/p3p.xml", CP="NON ADM OUR DEV IND COM STA"
content-length: 28
content-type: application/javascript;charset=utf-8

GET
H2 200 3160502710491326704_9446619675313733468.jpeg
static.doubleclick.net/dynamic/5/179058610/ Frame DFB0 259 KB
259 KB 111ms
41ms Image
image/jpeg 2a00:1450:4001:812::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.doubleclick.net/dynamic/5/179058610/3160502710491326704_9446619675313733468.jpeg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

287c026f26ce7e0c966b32b24b2fa2c2c3181cf110a31202fd7eadc50620c74c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Mon, 04 Jul 2022 11:50:55 GMT
x-content-type-options: nosniff
age: 100250
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-programmable
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 265329
x-xss-protection: 0
last-modified: Mon, 04 Jul 2022 04:25:10 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-programmable"
report-to: {"group":"ads-programmable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-programmable"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 04 Jul 2023 11:50:55 GMT

GET
H2 200 17808515361411363939_12353137186703928873.jpeg
static.doubleclick.net/dynamic/5/179058610/ Frame DFB0 237 KB
238 KB 91ms
21ms Image
image/jpeg 2a00:1450:4001:812::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.doubleclick.net/dynamic/5/179058610/17808515361411363939_12353137186703928873.jpeg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a7529f444584dca11f6461c147e677a11cb142a9ce1bb644b11ba4b561d72987

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Mon, 04 Jul 2022 11:52:38 GMT
x-content-type-options: nosniff
age: 100147
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-programmable
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 242850
x-xss-protection: 0
last-modified: Mon, 04 Jul 2022 04:25:10 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-programmable"
report-to: {"group":"ads-programmable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-programmable"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 04 Jul 2023 11:52:38 GMT

GET
H2 200 9828891179601484680_16710216030554577208.jpeg
static.doubleclick.net/dynamic/5/179058610/ Frame DFB0 169 KB
169 KB 123ms
53ms Image
image/jpeg 2a00:1450:4001:812::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.doubleclick.net/dynamic/5/179058610/9828891179601484680_16710216030554577208.jpeg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

abf22880765f6c66ecb93fd8875e3bc87855e055c518774bf095348cb08f53a7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Mon, 04 Jul 2022 13:48:19 GMT
x-content-type-options: nosniff
age: 93206
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-programmable
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 172854
x-xss-protection: 0
last-modified: Mon, 04 Jul 2022 04:25:39 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-programmable"
report-to: {"group":"ads-programmable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-programmable"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 04 Jul 2023 13:48:19 GMT

GET
H3 200 9507606201371492950
tpc.googlesyndication.com/simgad/ Frame DFB0 37 KB
37 KB 21ms
21ms Image
image/png 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/9507606201371492950

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2ee8ced4aa208edb5900fa92393d38bf5f02086863574f64cce2d0b2eb96b0f7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Fri, 01 Jul 2022 06:43:02 GMT
x-content-type-options: nosniff
age: 377923
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37736
x-xss-protection: 0
last-modified: Wed, 08 Aug 2018 08:13:41 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Sat, 01 Jul 2023 06:43:02 GMT

GET
H3 200 adview
googleads.g.doubleclick.net/pagead/ Frame DFB0 0
0 65ms
65ms Fetch
text/html 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=CERkuuVvEYq1dhILV8A_o47fwAbf8t4RpiZmn68EMrZjQzYAHEAEgxd2pL2CVgoCAsAegAbC6odcDyAEJqQIhL9-VVEaxPqgDAcgDywSqBJwCT9ANDzR5Taftq2lkjFYrlsO8Ulf5akI0JppnJUnTJdamBqdGxhmEnjVI3uHGbFzfRZqs6qjnH3v-xPb-JUaHCczFm0MsYnOa4-I1KqVXMICTz-dT1TN_GHgQqQukvc4VXbhU4FzLPy4KFDG4gFgt2cHmToWdiNve1CphItTAln165qcSkRxPIyI7JzpSA3qUiAN5e1C0WWRBL_FojnNwGHid8Tf6QG5HnhsOp0U9LZbhYmdjzns4uOYcyIH7JH8lfkPgFlJlegB6_POWwQLaRLT86RjPxnu9Th2yBcXCzcfUigLmp040nMbp5ylmEIMwhSVXciOs2my7QzZt52NFdAvQwjPrc2zFHKz8Yd5ryYXKKyLk0_ITn_sP98nABJvx0M6tA5IFBAgEGAGSBQQIBRgEoAYugAe_2b1gqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgHpr4b2AcA8gcEENXOF9IIEQiA4YAQEAEYHzICqgI6AoBAgAoByAsB2BMMiBQC0BUBgBcBshccChoIABIUcHViLTUyOTAzNTk0MTA1MjI5MzgYAA&sigh=-aRS2WamYp0&uach_m=[UACH]&template_id=494

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5290359410522938&output=html&h=280&slotname=4153775738&adk=603482819&adf=2726949972&pi=t.ma~as.4153775738&w=706&fwrn=4&fwrnh=100&lmt=1657035704&rafmt=1&psa=0&format=706x280&url=https%3A%2F%2Fadv-ref-was-sed.was-net-q8.xyz%2Ft3lem%2F%23.YsHYLi4Fopw.whatsapp&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1657035704815&bpp=2&bdt=352&idt=143&shv=r20220629&mjsv=m202206300101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280%2C706x280&nras=1&correlator=7569773864212&frm=20&pv=1&ga_vid=2068434089.1657035705&ga_sid=1657035705&ga_hid=1990264797&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=605&ady=1754&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C44766559%2C31068195%2C31068227&oid=2&pvsid=3494507679520155&tmod=1946640962&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=4&uci=a!4&btvi=2&fsb=1&xpc=bShHBUc4k2&p=https%3A//adv-ref-was-sed.was-net-q8.xyz&dtd=145
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
date: Tue, 05 Jul 2022 15:41:45 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0

GET
H3 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20220629/r20110914/ Frame DFB0 21 KB
8 KB 20ms
20ms Script
text/javascript 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220629/r20110914/abg_lite_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a2625083f682f667dbd0121720f86b02cc023e7cc2c36d1fad2d1a3dbe0b8cc6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Tue, 05 Jul 2022 15:31:37 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 608
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8671
x-xss-protection: 0
server: cafe
etag: 18116328616323621410
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 19 Jul 2022 15:31:37 GMT

GET
DATA 200
OK truncated
/ Frame CE4E 212 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 24955581e43feb2c28e2aa4ef4f617c2bd6a38e5af3001063e2115804ce3158d

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 privacy_small.svg
static.criteo.net/flash/icon/ Frame 53D3 2 KB
1 KB 149ms
72ms Image
image/svg+xml 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/privacy_small.svg

Requested by

Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=YsRbuQAADhsK3o4nAAwMBQm_6tOD3kzbW-Cn1Q&u=%7ChAqs%2By45nczo5ynQN2pTIh38m1emOFeUKsDP0lDGOJA%3D%7C&c1=0n2XosTo5ckbeNFvq0zVIcsyhyT3WKD0PIixkNz--ZUG2JILUkurhSkBmqMNl2IWHL9APLQJ6z1MiR3q3hC860tTybkW7qZn8kmuyTGI-gU2KUpamohAqlKvHLlSzC3AKpjZG6dFM-tBxAu9qY_nY9JjR-QIwjrM-6dBxDW_Slyy2pRFtz6iGuUJ2eBkq9IabrspZlWdbo6LMh97GBbpTEdPXAUuk-PJLlwV8RjUl-ZX6qaXPQ_l3BPK00WNAvablcG_LblOSpSFqc7KqoN8ioQxanaVM7u_oAGLoP3Q3dK1QNExgAxmEVSCnrDgj5Ba-XZesech3QuPnPEAs8zH9svwggCxROfMvkMlaawXnq0xP4Aqzkm2XooUUp06PxCUSGbpffYY4xGpIv1_NqhUKSGBp7ycnn2ZUhq78jpBjqY0ygBhO5hNA00JD_E2r-7VVvxd5cyokwOzWLH5mSgidO6hb0F3cBdRyTWPX8iCycE&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCvp0luVvEYpscp5z6BoWYsOADyZ7SsVzNo5b3cMCNtwEQASAAYJWCgICwB4IBF2NhLXB1Yi01MjkwMzU5NDEwNTIyOTM4oAHVttLqA8gBCakCIS_flVRGsT6oAwGqBJICT9BxXDiPkuk0Lj5q3lqXYMv6SpJDbA9Fxw9mL4zlP8mWL1LxCfuDS_IWl9ztkF02X-Ct4aRx16ff01WWUeW3bw2qLjc9QQ-ffoBWh6A8R2uBpmjuKGAaRibcKRIUufM3aWNUuprDKq-rn5IJHwHIoJA_SPHcnbLQPTXlF4pZRWMfbVN9PLIsFWY-ewwVPjxY5oNiUCt76vJlKq1pVSBVUfBFMS6jv93-bD_L1NHUz-nx9JfcQO45n7uh0z_luRupN5U6yHLn0TSblTHvFut9aMSRD9oQKgbhu70vqlu5gY5YPHcly9dNInU6zfmcRhrk6nEp7Ti0o8kcZrv12A1LPnMkRCQqu8zAXVS7NOEWfbocQYAG1KCKy6SbqKNsoAYhqAeKmLECqAemvhuoB5bYG6gHqpuxAqgH35-xAtgHANIIDwiA4YAQEAEyAqoCOgKAQPoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_3Rm2SnduqAQ0HRvBskJ9apLUVoqQ%26client%3Dca-pub-5290359410522938%26adurl%3D

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

a71fdb2af0679f36edbf63eb7944dc2403c85572d9de916cfcb12bf6277c5c37

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Tue, 05 Jul 2022 15:41:45 GMT
content-encoding: gzip
last-modified: Tue, 11 Feb 2020 14:30:28 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5e42ba84-6aa"
strict-transport-security: max-age=31536000; preload;
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Fri, 30 Jun 2023 15:41:45 GMT

GET
H2 200 adchoices_de.svg
static.criteo.net/flash/icon/ Frame 53D3 2 KB
1 KB 122ms
45ms Image
image/svg+xml 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/adchoices_de.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

f5ac04f16be2eb0fbb4477e9e100a88674bda296ce7acf2419ec2898858b37f1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Tue, 05 Jul 2022 15:41:45 GMT
content-encoding: gzip
last-modified: Tue, 11 Feb 2020 14:27:58 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5e42b9ee-763"
strict-transport-security: max-age=31536000; preload;
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Fri, 30 Jun 2023 15:41:45 GMT

GET
H2 200 close_button.svg
static.criteo.net/flash/icon/ Frame 53D3 308 B
636 B 100ms
39ms Image
image/svg+xml 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/close_button.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

8ec89605fe3d580e9539c7b858e8f69ba4e26fe06377ebe04585397de23a7395

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Tue, 05 Jul 2022 15:41:45 GMT
last-modified: Fri, 14 Feb 2020 13:51:32 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: "5e46a5e4-134"
strict-transport-security: max-age=31536000; preload;
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
content-length: 308
expires: Fri, 30 Jun 2023 15:41:45 GMT

GET
H2 200 back_button2.svg
static.criteo.net/flash/icon/ Frame 53D3 293 B
621 B 107ms
46ms Image
image/svg+xml 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/back_button2.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

725e869434fef8013208ed4c233d29744f9b363f867dcfb8f23e862880fa699a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Tue, 05 Jul 2022 15:41:45 GMT
last-modified: Thu, 28 Apr 2022 09:09:48 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: "626a59dc-125"
strict-transport-security: max-age=31536000; preload;
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
content-length: 293
expires: Fri, 30 Jun 2023 15:41:45 GMT

GET
H2 200 m
secure-gl.imrworldwide.com/cgi-bin/ Frame 53D3 0
689 B 194ms
114ms Image
text/plain 2600:9000:206f:6000:1e:a43d:b640:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://secure-gl.imrworldwide.com/cgi-bin/m?ca=nlsn184820&cr=crtve&ce=criteo&pc=criteo_plc0001&ci=nlsnci162&am=3&at=view&rt=banner&st=image&r=1657035705
Requested by: Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=YsRbuQAADhsK3o4nAAwMBQm_6tOD3kzbW-Cn1Q&u=%7ChAqs%2By45nczo5ynQN2pTIh38m1emOFeUKsDP0lDGOJA%3D%7C&c1=0n2XosTo5ckbeNFvq0zVIcsyhyT3WKD0PIixkNz--ZUG2JILUkurhSkBmqMNl2IWHL9APLQJ6z1MiR3q3hC860tTybkW7qZn8kmuyTGI-gU2KUpamohAqlKvHLlSzC3AKpjZG6dFM-tBxAu9qY_nY9JjR-QIwjrM-6dBxDW_Slyy2pRFtz6iGuUJ2eBkq9IabrspZlWdbo6LMh97GBbpTEdPXAUuk-PJLlwV8RjUl-ZX6qaXPQ_l3BPK00WNAvablcG_LblOSpSFqc7KqoN8ioQxanaVM7u_oAGLoP3Q3dK1QNExgAxmEVSCnrDgj5Ba-XZesech3QuPnPEAs8zH9svwggCxROfMvkMlaawXnq0xP4Aqzkm2XooUUp06PxCUSGbpffYY4xGpIv1_NqhUKSGBp7ycnn2ZUhq78jpBjqY0ygBhO5hNA00JD_E2r-7VVvxd5cyokwOzWLH5mSgidO6hb0F3cBdRyTWPX8iCycE&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCvp0luVvEYpscp5z6BoWYsOADyZ7SsVzNo5b3cMCNtwEQASAAYJWCgICwB4IBF2NhLXB1Yi01MjkwMzU5NDEwNTIyOTM4oAHVttLqA8gBCakCIS_flVRGsT6oAwGqBJICT9BxXDiPkuk0Lj5q3lqXYMv6SpJDbA9Fxw9mL4zlP8mWL1LxCfuDS_IWl9ztkF02X-Ct4aRx16ff01WWUeW3bw2qLjc9QQ-ffoBWh6A8R2uBpmjuKGAaRibcKRIUufM3aWNUuprDKq-rn5IJHwHIoJA_SPHcnbLQPTXlF4pZRWMfbVN9PLIsFWY-ewwVPjxY5oNiUCt76vJlKq1pVSBVUfBFMS6jv93-bD_L1NHUz-nx9JfcQO45n7uh0z_luRupN5U6yHLn0TSblTHvFut9aMSRD9oQKgbhu70vqlu5gY5YPHcly9dNInU6zfmcRhrk6nEp7Ti0o8kcZrv12A1LPnMkRCQqu8zAXVS7NOEWfbocQYAG1KCKy6SbqKNsoAYhqAeKmLECqAemvhuoB5bYG6gHqpuxAqgH35-xAtgHANIIDwiA4YAQEAEyAqoCOgKAQPoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_3Rm2SnduqAQ0HRvBskJ9apLUVoqQ%26client%3Dca-pub-5290359410522938%26adurl%3D
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:206f:6000:1e:a43d:b640:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 05 Jul 2022 15:41:45 GMT
via: 1.1 72e8bbddfffeeec486003f867d631024.cloudfront.net (CloudFront)
server: nginx
x-amz-cf-pop: FRA56-C1
access-control-allow-methods: POST, OPTIONS
p3p: P3P policyref="http://secure-gl.imrworldwide.com/w3c/p3p.xml", CP="NOI DSP COR NID PSA ADM OUR IND UNI NAV COM"
access-control-allow-origin: *
cache-control: no-cache
cross-origin-resource-policy: cross-origin
x-cache: Miss from cloudfront
accept-ch: Sec-CH-Save-Data, Sec-CH-DPR, Sec-CH-Width, Sec-CH-Viewport-Width, Sec-CH-Viewport-Height, Sec-CH-Device-Memory, Sec-CH-RTT, Sec-CH-Downlink, Sec-CH-ECT, Sec-CH-Prefers-Color-Scheme, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
content-length: 0
x-amz-cf-id: 6Jf3jT9t4bpsFLitbBNIG95J7OhCJtWHtAqF_2HdHULmTj8LXYv93Q==
expires: Thu, 01 Dec 1994 16:00:00 GMT

GET
H2 200 lg.php
cat.nl.eu.criteo.com/delivery/ Frame 53D3 43 B
348 B 88ms
27ms Image
image/gif 178.250.2.148
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cat.nl.eu.criteo.com/delivery/lg.php?cppv=3&cpp=yGIgYPEQXosB4o_DSZQa_qdMyZ7giYHuklpL4m9PNT2CHD50-eNOjC2WiYPxLETjnIUdGuskjmuwCOQikTEAMwd3rY3dirj_QR3iY7oej7U-4spnFnDGPYeNaAPFHvOaTcDG-JyTkuFQUTH3aFluN1tUiGuDnvDyj-J3aBr5Cwpw_3lxaFTYD73ZDy6p_fMyfEDsWXxNGYk0_3pHyjvZwGIy-d8CgkvqpGTxZFHBDbXtDZNoTT8FZl1iy0GgQ3KCa0emyhkElBI5aLeONUiNHgQHZs739TWMTBIkrPEbFmfKwmm9gFQjmYYO4B3_CZRTO8hFNSN4NJf8dIhwuHydS1UHCtwPqJVz-KZ9HuoJYIJIIURUEDb2rIdIYs4O6W9mAf9ZHa_GhETARGxOD8zschBdXilSxiACSWUmqicjF-IcVK1kG_ApNga1XyGRl5bpOdJyKg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.2.148 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 05 Jul 2022 15:41:45 GMT
server: Kestrel
strict-transport-security: max-age=31536000; preload;
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
cache-control: no-cache
cross-origin-resource-policy: cross-origin
server-processing-duration-in-ticks: 1870217
content-type: image/gif
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H/1.1 200
OK cev-plv-aohqnb.png
o.addthis.com/at/ Frame 79F3 67 B
482 B 507ms
170ms Image
image/png 158.101.26.148
ORACLE-BMC-31898

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://o.addthis.com/at/cev-plv-aohqnb.png?&ev=AT-ra-5e993c65e0b62784/-/-/62c45bb935619c18/1/X62c45bb9efbc16ae&ce=gen%3D1%3B0%2Crxi%3D62c1d82e2e05a29c%3B0%2Crsc%3Dwhatsapp%3B0%2Cplv%3D1%3B0%2Cpti%3D%25D8%25B1%25D8%25B3%25D9%2585%25D9%258A%25D9%258B%25D8%25A7..%2520%25D9%2588%25D8%25B2%25D8%25A7%25D8%25B1%25D8%25A9%2520%25D8%25A7%25D9%2584%25D8%25AA%25D8%25B9%25D9%2584%25D9%258A%25D9%2585%2520%25D8%25AA%25D8%25B9%25D9%2584%25D9%2586%2520%25D8%25A5%25D9%2584%25D8%25BA%25D8%25A7%25D8%25A1%2520%25D8%25A7%25D8%25AE%25D8%25AA%25D8%25A8%25D8%25A7%25D8%25B1%2520%25D8%25A7%25D9%2584%25D9%2582%25D8%25AF%25D8%25B1%25D8%25A7%25D8%25AA%2520%25D9%2582%25D9%258A%25D8%25A7%25D8%25B3%3B0%2Clng%3Den%3B0&PRE=https%3A%2F%2Fadv-ref-was-sed.was-net-q8.xyz%2Ft3lem&pro=0&rev=v8.28.8-wp
Requested by: Host: s7.addthis.com
URL: https://s7.addthis.com/static/sh.f48a1a04fe8dbf021b4cda1d.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 158.101.26.148 Phoenix, United States, ASN31898 (ORACLE-BMC-31898, US),
Reverse DNS
Software: /
Resource Hash: eaa4a94ea300e0d2c775968cbe42f0b5b51ceafdeb73d64e9efddf6d4e880865

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s7.addthis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 05 Jul 2022 15:41:46 GMT
P3P: CP="NON ADM OUR DEV IND COM STA"
Cache-Control: no-cache, no-store, private, must-revalidate, max-age=0
Connection: keep-alive
Content-Type: image/png
Content-Length: 67
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 200 memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
fonts.gstatic.com/s/opensans/v29/ Frame CE4E 44 KB
44 KB 74ms
25ms Font
font/woff2 2a00:1450:4001:827::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v29/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Open%20Sans%3A300%2C400%2C500

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a658b2be7323c57d4bd5c4197b657e1f5360d1b950131dc377efec1d5111ffd0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://googleads.g.doubleclick.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Mon, 04 Jul 2022 12:16:38 GMT
x-content-type-options: nosniff
age: 98707
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 44800
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:25:14 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 04 Jul 2023 12:16:38 GMT

GET
DATA 200
OK truncated
/ Frame C67E 216 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: d92dbdfcb095883f6d4709d761169be4bf504b8d6022c07ced97a2d635260693

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 KFOlCnqEu92Fr1MmEU9fBBc4.woff2
fonts.gstatic.com/s/roboto/v30/ Frame C67E 16 KB
16 KB 52ms
20ms Font
font/woff2 2a00:1450:4001:827::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto%3A400%2C500

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b019538234514166ec7665359d097403358f8a4c991901983922fb4d56989f1e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://googleads.g.doubleclick.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Mon, 04 Jul 2022 12:56:05 GMT
x-content-type-options: nosniff
age: 96340
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15920
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:45 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 04 Jul 2023 12:56:05 GMT

GET
H3 200 s Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 3113 143 B
163 B 22ms
21ms Document
text/html 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5290359410522938&output=html&h=280&slotname=4153775738&adk=603482819&adf=2726949972&pi=t.ma~as.4153775738&w=706&fwrn=4&fwrnh=100&lmt=1657035704&rafmt=1&psa=0&format=706x280&url=https%3A%2F%2Fadv-ref-was-sed.was-net-q8.xyz%2Ft3lem%2F%23.YsHYLi4Fopw.whatsapp&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1657035704815&bpp=2&bdt=352&idt=143&shv=r20220629&mjsv=m202206300101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280%2C706x280&nras=1&correlator=7569773864212&frm=20&pv=1&ga_vid=2068434089.1657035705&ga_sid=1657035705&ga_hid=1990264797&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=605&ady=1754&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C44766559%2C31068195%2C31068227&oid=2&pvsid=3494507679520155&tmod=1946640962&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=4&uci=a!4&btvi=2&fsb=1&xpc=bShHBUc4k2&p=https%3A//adv-ref-was-sed.was-net-q8.xyz&dtd=145
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 3056
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=3600
content-encoding: gzip
content-length: 145
content-type: text/html; charset=UTF-8
date: Tue, 05 Jul 2022 14:50:49 GMT
server: cafe
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20220629/r20110914/client/ Frame DFB0 3 KB
1 KB 20ms
19ms Script
text/javascript 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220629/r20110914/client/window_focus_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8aa048082094d36080fc028ab1584264596c64fb5b362038c4761ac9838d6b14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Tue, 05 Jul 2022 15:16:16 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1529
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1359
x-xss-protection: 0
server: cafe
etag: 1484984001845508991
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 19 Jul 2022 15:16:16 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20220629/r20110914/client/ Frame DFB0 17 KB
7 KB 21ms
20ms Script
text/javascript 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220629/r20110914/client/qs_click_protection_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

84d1ee47df256fbcd1042850b8fd40df9ca9952a5b37608f019f2f438713fa30

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Tue, 05 Jul 2022 15:40:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 62
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7309
x-xss-protection: 0
server: cafe
etag: 16921397534319471551
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 19 Jul 2022 15:40:43 GMT

GET
H3 200 edue1xTc5YuiZOhJi4VIA_c20CetZt5T9y7Q3cNnrTA.js Show response
pagead2.googlesyndication.com/bg/ Frame DBC9 36 KB
14 KB 20ms
20ms Script
text/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/edue1xTc5YuiZOhJi4VIA_c20CetZt5T9y7Q3cNnrTA.js

Requested by

Host: adv-ref-was-sed.was-net-q8.xyz
URL: https://adv-ref-was-sed.was-net-q8.xyz/t3lem/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

79db9ed714dce58ba264e8498b854803f736d027ad66de53f72ed0ddc367ad30

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Tue, 05 Jul 2022 13:42:12 GMT
content-encoding: br
x-content-type-options: nosniff
age: 7173
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13936
x-xss-protection: 0
last-modified: Mon, 27 Jun 2022 08:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 05 Jul 2023 13:42:12 GMT

GET
H2 200 animejs.js Show response
static.criteo.net/animejs/ Frame 53D3 12 KB
6 KB 51ms
38ms Script
text/javascript 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.criteo.net/animejs/animejs.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

a2e14a498cfcc1b6920f069a9d657ad3c6fbbe217dd26dbfe54815db5107fed6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Tue, 05 Jul 2022 15:41:45 GMT
content-encoding: gzip
last-modified: Tue, 26 Mar 2019 17:44:11 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5c9a64eb-3181"
strict-transport-security: max-age=31536000; preload;
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Fri, 30 Jun 2023 15:41:45 GMT

GET
H2 200 img
pix.eu.criteo.net/img/ Frame 53D3 7 KB
7 KB 119ms
55ms Image
image/png 178.250.0.139
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pix.eu.criteo.net/img/img?h=244&m=0&partner=2861&q=80&r=0&u=http%3A%2F%2Fstatic.nl.eu.criteo.net%2Fdesign%2Fdt%2F2861%2F190124%2F79f2c646e3f74b54931cff1f39d769d0_blue.png&v=3&w=196&s=OSVWZlqsAEjHj4o1uxJfPYMJ

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.0.139 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

pix.par.vip.prod.criteo.com

Software

Finatra /

Resource Hash

bfcd7a262745ac2a8520d46dbe261c5db424c001970e9ebe83c440bfb48454f7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Tue, 05 Jul 2022 15:41:44 GMT
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/png
cache-control: public, max-age=28834826
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; preload;
timing-allow-origin: *
content-length: 6722
expires: Sun, 04 Jun 2023 09:22:12 GMT

GET
H2 200 img
pix.eu.criteo.net/img/ Frame 53D3 2 KB
2 KB 121ms
57ms Image
image/webp 178.250.0.139
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pix.eu.criteo.net/img/img?c=3&cq=256&h=400&m=0&partner=2861&q=80&r=0&u=http%3A%2F%2Fwww.stepstone.de%2Fupload_DE%2Flogo%2FD%2FlogoDZH-GmbH-71233DE-2201071435.gif%3Feb%3D1&v=3&w=400&s=GdGTAr7UZCrAyx1v0-prh3mc&b=400

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.0.139 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

pix.par.vip.prod.criteo.com

Software

Finatra /

Resource Hash

65e821b53990c7e875f3a0c2ed1d78d9aaf42a0ac22e5befe5903e4e87faf931

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Tue, 05 Jul 2022 15:41:45 GMT
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/webp
cache-control: public, max-age=1452793
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; preload;
timing-allow-origin: *
content-length: 1540
expires: Fri, 22 Jul 2022 11:14:59 GMT

GET
H2 200 img
pix.eu.criteo.net/img/ Frame 53D3 1 KB
2 KB 118ms
54ms Image
image/webp 178.250.0.139
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pix.eu.criteo.net/img/img?c=3&cq=256&h=400&m=0&partner=2861&q=80&r=0&u=http%3A%2F%2Fwww.stepstone.de%2Fupload_DE%2Flogo%2FD%2FlogoDienstleistungs-Center-Halle-GmbH-DLC-Halle-153157DE.gif%3Feb%3D1&v=3&w=400&s=Y5UrGVI-PKzb_L9pX4wn0Fm8&b=400

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.0.139 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

pix.par.vip.prod.criteo.com

Software

Finatra /

Resource Hash

5f5654d3095dcc7a871f7d4c1355b2c9eea3eb0d8f72f87e65b0cf51961aefd6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Tue, 05 Jul 2022 15:41:45 GMT
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/webp
cache-control: public, max-age=1306953
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; preload;
timing-allow-origin: *
content-length: 1382
expires: Wed, 20 Jul 2022 18:44:19 GMT

GET
H2 200 img
pix.eu.criteo.net/img/ Frame 53D3 7 KB
7 KB 119ms
55ms Image
image/webp 178.250.0.139
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pix.eu.criteo.net/img/img?c=3&cq=256&h=400&m=0&partner=2861&q=80&r=0&u=http%3A%2F%2Fwww.stepstone.de%2Fupload_DE%2Flogo%2FA%2FlogoPrivatbrauerei-ERDINGER-Weissbraeu-9455DE.gif%3Feb%3D1&v=3&w=400&s=Fm63FxkfPKLDrMYb-R4qqMlo&b=400

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.0.139 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

pix.par.vip.prod.criteo.com

Software

Finatra /

Resource Hash

a9890b746997315256f2888be5d65e06908b42d440ac8c8326c2c85434b3486c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Tue, 05 Jul 2022 15:41:45 GMT
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/webp
cache-control: public, max-age=1715044
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; preload;
timing-allow-origin: *
content-length: 7128
expires: Mon, 25 Jul 2022 12:05:50 GMT

GET
H2 200 img
pix.eu.criteo.net/img/ Frame 53D3 1 KB
2 KB 119ms
56ms Image
image/webp 178.250.0.139
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pix.eu.criteo.net/img/img?c=3&cq=256&h=400&m=0&partner=2861&q=80&r=0&u=http%3A%2F%2Fwww.stepstone.de%2Fupload_DE%2Flogo%2FH%2FlogoHerbert_Kannegiesser_GmbH_26597DE.gif%3Feb%3D1&v=3&w=400&s=ATh67J3wUZbv7skz3bfRvnOT&b=400

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.0.139 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

pix.par.vip.prod.criteo.com

Software

Finatra /

Resource Hash

0d099b0d12903fbbef6a3026f529c9ef954986ceaf5e3fd67d0152a659ca1f29

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Tue, 05 Jul 2022 15:41:45 GMT
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/webp
cache-control: public, max-age=2407527
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; preload;
timing-allow-origin: *
content-length: 1366
expires: Tue, 02 Aug 2022 12:27:13 GMT

GET
H2 200 img
pix.eu.criteo.net/img/ Frame 53D3 1 KB
2 KB 120ms
56ms Image
image/webp 178.250.0.139
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pix.eu.criteo.net/img/img?c=3&cq=256&h=400&m=0&partner=2861&q=80&r=0&u=http%3A%2F%2Fwww.stepstone.de%2Fupload_DE%2Flogo%2FA%2FlogoAXA-Konzern-AG-8008DE.gif%3Feb%3D1&v=3&w=400&s=0cAxZ1jy3WXy8wPtaqjO-CTC&b=400

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.0.139 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

pix.par.vip.prod.criteo.com

Software

Finatra /

Resource Hash

cdff7ea2f26f008c8ffb939f1cce521c1162deeb0ed943928194511f24355e95

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Tue, 05 Jul 2022 15:41:45 GMT
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/webp
cache-control: public, max-age=6297
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; preload;
timing-allow-origin: *
content-length: 1348
expires: Tue, 05 Jul 2022 17:26:43 GMT

GET
H2 200 img
pix.eu.criteo.net/img/ Frame 53D3 3 KB
4 KB 34ms
34ms Image
image/webp 178.250.0.139
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pix.eu.criteo.net/img/img?c=3&cq=256&h=400&m=0&partner=2861&q=80&r=0&u=http%3A%2F%2Fwww.stepstone.de%2Fupload_DE%2Flogo%2F6%2FlogoAUTO1-Group-122756DE.gif%3Feb%3D1&v=3&w=400&s=wSixxbTu0tVpgsfxHSay5C8B&b=400

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.0.139 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

pix.par.vip.prod.criteo.com

Software

Finatra /

Resource Hash

28f12a5e97bafa06cf723dfa71a93daac27f33e6ef2929332d7320a9b2685007

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Tue, 05 Jul 2022 15:41:45 GMT
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/webp
cache-control: public, max-age=1135085
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; preload;
timing-allow-origin: *
content-length: 3420
expires: Mon, 18 Jul 2022 18:59:51 GMT

GET
H2 200 img
pix.eu.criteo.net/img/ Frame 53D3 1 KB
2 KB 30ms
30ms Image
image/webp 178.250.0.139
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pix.eu.criteo.net/img/img?c=3&cq=256&h=400&m=0&partner=2861&q=80&r=0&u=http%3A%2F%2Fwww.stepstone.de%2Fupload_DE%2Flogo%2FE%2FlogoANDREAS-STIHL-AG-Co-KG-109625DE-2206021139.gif%3Feb%3D1&v=3&w=400&s=kG21DCZv5YW3CQLe9Za8UjUu&b=400

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.0.139 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

pix.par.vip.prod.criteo.com

Software

Finatra /

Resource Hash

a89875fd6e2615e901875ea237ad1705270e6beb461986d5bd1d6ae4de60619a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Tue, 05 Jul 2022 15:41:45 GMT
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/webp
cache-control: public, max-age=31104000
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; preload;
timing-allow-origin: *
content-length: 1412
expires: Fri, 30 Jun 2023 15:41:45 GMT

GET
H2 200 img
pix.eu.criteo.net/img/ Frame 53D3 2 KB
2 KB 29ms
29ms Image
image/webp 178.250.0.139
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pix.eu.criteo.net/img/img?c=3&cq=256&h=400&m=0&partner=2861&q=80&r=0&u=http%3A%2F%2Fwww.stepstone.de%2Fupload_DE%2Flogo%2F1%2FlogoMedline-International-Germany-GmbH-32230DE.gif%3Feb%3D1&v=3&w=400&s=8IspK4cV2mUrNzzyAC01WBtp&b=400

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.0.139 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

pix.par.vip.prod.criteo.com

Software

Finatra /

Resource Hash

18a2843245ddc539c1368335ca480f9ec8f3657f3f174248ed5b9079480fa18e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Tue, 05 Jul 2022 15:41:45 GMT
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/webp
cache-control: public, max-age=1353
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; preload;
timing-allow-origin: *
content-length: 1712
expires: Tue, 05 Jul 2022 16:04:19 GMT

POST
H2 200 all
csm.eu.criteo.net/ Frame 53D3 0
128 B 112ms
33ms Ping
text/plain 178.250.0.162
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://csm.eu.criteo.net/all?cppv=3&cpp=s7ECpPFmXoC8JICbmMy-af7oV59rcUjFF8uXMWfsQtqQwj066YeHPWd02uiX2gm3M4DFXPqr0t0c2v8CiZGT8uBanHK4iDLdL5_uVL_lOrQskkPimd2gtGc836r-bUo-xNAAArOt_W9zzztNEIaC968bPxQ8Gt2jxNxAKdAUJ_m5wxvrHtB6y993FfXo3dOMcfcBjIA6zUZs3v-KA7Sswvk_Xj-on1FlJobD09nKGR9xhMbMmX3ApUf_qa8sVYqx3Tti_Q&sds=2&rev=81891&sendBeacon=true

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.0.162 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Finatra /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://ads.eu.criteo.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: *
date: Tue, 05 Jul 2022 15:41:45 GMT
cross-origin-resource-policy: cross-origin
server: Finatra
content-length: 0
strict-transport-security: max-age=31536000; preload;

GET
H2 200 criteo_logo_2021.svg
static.criteo.net/flash/icon/ Frame 53D3 2 KB
1 KB 42ms
41ms Image
image/svg+xml 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/criteo_logo_2021.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

a0e62ca4a82bef79bbe9dc2aba6c0782a7d8eca046bb1baa30ee91ec37931553

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Tue, 05 Jul 2022 15:41:45 GMT
content-encoding: gzip
last-modified: Thu, 27 May 2021 13:21:59 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"60af9cf7-891"
strict-transport-security: max-age=31536000; preload;
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Fri, 30 Jun 2023 15:41:45 GMT

GET
H2 200 privacy.svg
static.criteo.net/flash/icon/ Frame 53D3 2 KB
1 KB 42ms
42ms Image
image/svg+xml 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/privacy.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

095c997695f6a290fdba58b778eb0a0fdcdd9c108669e41265527a262223f1e6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Tue, 05 Jul 2022 15:41:45 GMT
content-encoding: gzip
last-modified: Wed, 19 Feb 2020 10:57:21 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5e4d1491-646"
strict-transport-security: max-age=31536000; preload;
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Fri, 30 Jun 2023 15:41:45 GMT

GET
H3 200 edue1xTc5YuiZOhJi4VIA_c20CetZt5T9y7Q3cNnrTA.js Show response
pagead2.googlesyndication.com/bg/ Frame EC3C 36 KB
14 KB 19ms
18ms Script
text/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/edue1xTc5YuiZOhJi4VIA_c20CetZt5T9y7Q3cNnrTA.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

79db9ed714dce58ba264e8498b854803f736d027ad66de53f72ed0ddc367ad30

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Tue, 05 Jul 2022 13:42:12 GMT
content-encoding: br
x-content-type-options: nosniff
age: 7173
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13936
x-xss-protection: 0
last-modified: Mon, 27 Jun 2022 08:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 05 Jul 2023 13:42:12 GMT

GET
H3 200 edue1xTc5YuiZOhJi4VIA_c20CetZt5T9y7Q3cNnrTA.js Show response
pagead2.googlesyndication.com/bg/ Frame 9710 36 KB
14 KB 18ms
18ms Script
text/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/edue1xTc5YuiZOhJi4VIA_c20CetZt5T9y7Q3cNnrTA.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

79db9ed714dce58ba264e8498b854803f736d027ad66de53f72ed0ddc367ad30

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Tue, 05 Jul 2022 13:42:12 GMT
content-encoding: br
x-content-type-options: nosniff
age: 7173
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13936
x-xss-protection: 0
last-modified: Mon, 27 Jun 2022 08:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 05 Jul 2023 13:42:12 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame DFB0 138 KB
42 KB 40ms
39ms Script
text/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

29a74bd48fa0b500b61194468e760e8acef2f465e782e0da3eb219850bcea8fb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Tue, 05 Jul 2022 15:41:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 43256
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1656329918998510"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Tue, 05 Jul 2022 15:41:45 GMT

GET
H2 200 layers.fa6cd1947ce26e890d3d.js Show response
s7.addthis.com/static/ 263 KB
76 KB 31ms
31ms Script
application/javascript 104.75.88.126
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://s7.addthis.com/static/layers.fa6cd1947ce26e890d3d.js

Requested by

Host: s7.addthis.com
URL: https://s7.addthis.com/js/300/addthis_widget.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.75.88.126 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-75-88-126.deploy.static.akamaitechnologies.com

Software

nginx/1.15.8 /

Resource Hash

6121ca306ad1045453d52517b8f436eb5a68055c82aefa46a9a77de36996a3df

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://adv-ref-was-sed.was-net-q8.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

strict-transport-security: max-age=15724800; includeSubDomains
content-encoding: gzip
last-modified: Mon, 26 Oct 2020 18:11:48 GMT
server: nginx/1.15.8
etag: W/"5f971164-41cf5"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=86313600
date: Tue, 05 Jul 2022 15:41:45 GMT
x-host: s7.addthis.com
timing-allow-origin: *
content-length: 77617

GET
DATA 200
OK truncated
/ Frame DFB0 209 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 77a5d236290aa90f32027033af2ed5f31ad37b724e776da93681d1f6945976da

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

Content-Type: image/png

GET
H3

200

si Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 3113
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

0
16 B

61ms
61ms

Document
text/html

2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
date: Tue, 05 Jul 2022 15:41:46 GMT
expires: Tue, 05 Jul 2022 15:41:46 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
x-content-type-options: nosniff
x-xss-protection: 0

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
date: Tue, 05 Jul 2022 15:41:46 GMT
location: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
server: cafe
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 728_90_WT_Viking_fury.html Show response
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/2795378711239061479/ Frame 2B6E 3 KB
1 KB 21ms
21ms Document
text/html 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/2795378711239061479/728_90_WT_Viking_fury.html

Requested by

Host: adv-ref-was-sed.was-net-q8.xyz
URL: https://adv-ref-was-sed.was-net-q8.xyz/t3lem/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e6f4393698ab967e7123c55500523accbf40a672741bea808ad79df281254026

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
age: 435848
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 1420
content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
cross-origin-resource-policy: cross-origin
date: Thu, 30 Jun 2022 14:37:38 GMT
expires: Fri, 30 Jun 2023 14:37:38 GMT
last-modified: Mon, 16 Mar 2020 15:37:39 GMT
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-xss-protection: 0

GET
H3 200 adview
googleads.g.doubleclick.net/pagead/ Frame 3D8E 0
0 65ms
64ms Fetch
text/html 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=C0IAkuVvEYu32FZ6e1fAPg8OZ8AGL37qoYeznpeyDC_rIqfeDCRABIMXdqS9glYKAgLAHoAHz08vTA8gBCakCIS_flVRGsT6oAwHIA0iqBKICT9BvP4Qzci8WNID6brb93Eme21sRpQD9VTNPy-zPdEOmLA2r5yWE0LffJqMj3TiSuehXjx1Grcs45sMlXjGFEDeyUoV9qIwjLdvQAASEU7LISz9MGKZ81izkPwUpGDxgQhGtyrpEbpKt8Mw0EgYUFgEklCvxoE-QU_DE1oaY1kLhqZ4lwjKYvMUxlXBBeaG19UtHCGJxiXUsTKuoStoQ-uDyg2VFd7lVYedf5AMQI-5orF3QLsPj0GrCy_DUCleYlGXYTJgkXbAM0k5ummyHg87Oa5j8yHu32DXOALDon5_x4wREHfefVZbLtOFCuJle3FyPE35GMM7rqSpG4BfKiBqHvxjq8bjbiK14rRiXuQgNSza24AfELRVkab31BbPvLNLABJ-T97nuApIFBAgEGAGSBQQIBRgEkgUECAUYGJIFBQgFGKgBoAYugAfPl7ovqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhvYBwDyBwQQkvkT0ggRCIDhgBAQARgfMgKqAjoCgECACgHICwHYEwLQFQGAFwGyFxwKGggAEhRwdWItNTI5MDM1OTQxMDUyMjkzOBgA&sigh=kaJixshVsVk&uach_m=[UACH]&template_id=419

Requested by

Host: adv-ref-was-sed.was-net-q8.xyz
URL: https://adv-ref-was-sed.was-net-q8.xyz/t3lem/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5290359410522938&output=html&h=90&adk=4204718025&adf=2221415025&pi=t.aa~a.1744094222~rp.1&w=1200&fwrn=4&fwrnh=100&lmt=1657035705&rafmt=1&to=qs&pwprc=6468772052&psa=0&format=1200x90&url=https%3A%2F%2Fadv-ref-was-sed.was-net-q8.xyz%2Ft3lem%2F%23.YsHYLi4Fopw.whatsapp&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1657035705309&bpp=1&bdt=846&idt=1&shv=r20220629&mjsv=m202206300101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Df3687b9d5267f0d0-226e43f6c5cd00d4%3AT%3D1657035704%3ART%3D1657035704%3AS%3DALNI_MY22cy_diFmBiqUsTZStrefkT2DCw&prev_fmts=0x0%2C1200x280%2C706x280%2C706x280&nras=2&correlator=7569773864212&frm=20&pv=1&ga_vid=2068434089.1657035705&ga_sid=1657035705&ga_hid=1990264797&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=2544&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C44766559%2C31068195%2C31068227&oid=2&pvsid=3494507679520155&tmod=1946640962&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=5&uci=a!5&btvi=3&fsb=1&xpc=Hm1qEAuo4Z&p=https%3A//adv-ref-was-sed.was-net-q8.xyz&dtd=13
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
date: Tue, 05 Jul 2022 15:41:46 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0

GET
H3 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20220629/r20110914/ Frame 3D8E 21 KB
9 KB 21ms
21ms Script
text/javascript 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220629/r20110914/abg_lite_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5290359410522938&output=html&h=90&adk=4204718025&adf=2221415025&pi=t.aa~a.1744094222~rp.1&w=1200&fwrn=4&fwrnh=100&lmt=1657035705&rafmt=1&to=qs&pwprc=6468772052&psa=0&format=1200x90&url=https%3A%2F%2Fadv-ref-was-sed.was-net-q8.xyz%2Ft3lem%2F%23.YsHYLi4Fopw.whatsapp&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1657035705309&bpp=1&bdt=846&idt=1&shv=r20220629&mjsv=m202206300101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Df3687b9d5267f0d0-226e43f6c5cd00d4%3AT%3D1657035704%3ART%3D1657035704%3AS%3DALNI_MY22cy_diFmBiqUsTZStrefkT2DCw&prev_fmts=0x0%2C1200x280%2C706x280%2C706x280&nras=2&correlator=7569773864212&frm=20&pv=1&ga_vid=2068434089.1657035705&ga_sid=1657035705&ga_hid=1990264797&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=2544&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C44766559%2C31068195%2C31068227&oid=2&pvsid=3494507679520155&tmod=1946640962&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=5&uci=a!5&btvi=3&fsb=1&xpc=Hm1qEAuo4Z&p=https%3A//adv-ref-was-sed.was-net-q8.xyz&dtd=13

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a2625083f682f667dbd0121720f86b02cc023e7cc2c36d1fad2d1a3dbe0b8cc6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Tue, 05 Jul 2022 15:31:37 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 609
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8671
x-xss-protection: 0
server: cafe
etag: 18116328616323621410
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 19 Jul 2022 15:31:37 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20220629/r20110914/client/ Frame 3D8E 3 KB
1 KB 21ms
21ms Script
text/javascript 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220629/r20110914/client/window_focus_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8aa048082094d36080fc028ab1584264596c64fb5b362038c4761ac9838d6b14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Tue, 05 Jul 2022 15:16:16 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1530
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1359
x-xss-protection: 0
server: cafe
etag: 1484984001845508991
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 19 Jul 2022 15:16:16 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 3D8E 138 KB
42 KB 28ms
27ms Script
text/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

29a74bd48fa0b500b61194468e760e8acef2f465e782e0da3eb219850bcea8fb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Tue, 05 Jul 2022 15:41:46 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 43256
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1656329918998510"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Tue, 05 Jul 2022 15:41:46 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20220629/r20110914/client/ Frame 3D8E 17 KB
7 KB 21ms
20ms Script
text/javascript 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220629/r20110914/client/qs_click_protection_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

84d1ee47df256fbcd1042850b8fd40df9ca9952a5b37608f019f2f438713fa30

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Tue, 05 Jul 2022 15:40:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 63
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7309
x-xss-protection: 0
server: cafe
etag: 16921397534319471551
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 19 Jul 2022 15:40:43 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame 3D8E 0
0 68ms
26ms Image
text/html 2a00:1450:4001:831::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaRWZq2wnMLwQskC2A3e0kJVwWuNDvEXXvRVP5VpBCDAWQ0SA0XjpF4bWmOjTeJHar2mZvuAP4e7ybInJ5skBCg53HN_ag
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5290359410522938&output=html&h=90&adk=4204718025&adf=2221415025&pi=t.aa~a.1744094222~rp.1&w=1200&fwrn=4&fwrnh=100&lmt=1657035705&rafmt=1&to=qs&pwprc=6468772052&psa=0&format=1200x90&url=https%3A%2F%2Fadv-ref-was-sed.was-net-q8.xyz%2Ft3lem%2F%23.YsHYLi4Fopw.whatsapp&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1657035705309&bpp=1&bdt=846&idt=1&shv=r20220629&mjsv=m202206300101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Df3687b9d5267f0d0-226e43f6c5cd00d4%3AT%3D1657035704%3ART%3D1657035704%3AS%3DALNI_MY22cy_diFmBiqUsTZStrefkT2DCw&prev_fmts=0x0%2C1200x280%2C706x280%2C706x280&nras=2&correlator=7569773864212&frm=20&pv=1&ga_vid=2068434089.1657035705&ga_sid=1657035705&ga_hid=1990264797&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=2544&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C44766559%2C31068195%2C31068227&oid=2&pvsid=3494507679520155&tmod=1946640962&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=5&uci=a!5&btvi=3&fsb=1&xpc=Hm1qEAuo4Z&p=https%3A//adv-ref-was-sed.was-net-q8.xyz&dtd=13
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:831::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

GET
H2 200 159.1c3fceccbc80f2a3615f.js Show response
s7.addthis.com/static/ 564 B
634 B 29ms
28ms Script
application/javascript 104.75.88.126
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://s7.addthis.com/static/159.1c3fceccbc80f2a3615f.js

Requested by

Host: s7.addthis.com
URL: https://s7.addthis.com/js/300/addthis_widget.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.75.88.126 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-75-88-126.deploy.static.akamaitechnologies.com

Software

nginx/1.15.8 /

Resource Hash

c02d2e4ee660f561338f717a6dc83745ea23c4ad356a57bdfee60c3643b25b1a

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://adv-ref-was-sed.was-net-q8.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

strict-transport-security: max-age=15724800; includeSubDomains
content-encoding: gzip
last-modified: Mon, 26 Oct 2020 18:11:48 GMT
server: nginx/1.15.8
etag: W/"5f971164-234"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=86313600
date: Tue, 05 Jul 2022 15:41:46 GMT
x-host: s7.addthis.com
timing-allow-origin: *
content-length: 394

POST
H2 200 shares-post.json Show response
api-public.addthis.com/url/serviceapi/ 2 B
281 B 36ms
28ms XHR
application/json 104.75.88.126
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://api-public.addthis.com/url/serviceapi/shares-post.json?services=sFbt&url=https%3A%2F%2Fadv-ref-was-sed.was-net-q8.xyz%2Ft3lem

Requested by

Host: s7.addthis.com
URL: https://s7.addthis.com/js/300/addthis_widget.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.75.88.126 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-75-88-126.deploy.static.akamaitechnologies.com

Software

nginx/1.15.8 /

Resource Hash

44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

Referer: https://adv-ref-was-sed.was-net-q8.xyz/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
Content-type: text/plain

Response headers

strict-transport-security: max-age=15724800; includeSubDomains
surrogate-key: sFbt=https://adv-ref-was-sed.was-net-q8.xyz/t3lem
last-modified: Tue, 05 Jul 2022 15:00:00 GMT
server: nginx/1.15.8
date: Tue, 05 Jul 2022 15:41:46 GMT
content-type: application/json
access-control-allow-origin: https://adv-ref-was-sed.was-net-q8.xyz
cache-control: no-transform, max-age=0, s-maxage=14400
access-control-allow-credentials: true
content-length: 2

GET
H2 200 shares.json Show response
api-public.addthis.com/url/ 33 B
297 B 216ms
208ms Script
application/json 104.75.88.126
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://api-public.addthis.com/url/shares.json?url=https%3A%2F%2Fadv-ref-was-sed.was-net-q8.xyz%2Ft3lem&callback=_ate.cbs.rcb_jhzk0

Requested by

Host: s7.addthis.com
URL: https://s7.addthis.com/js/300/addthis_widget.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.75.88.126 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-75-88-126.deploy.static.akamaitechnologies.com

Software

nginx/1.15.8 /

Resource Hash

83f6e3cbc4129a38fc553960c0905b174dd488d0d04a02c944e8143b904a6787

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://adv-ref-was-sed.was-net-q8.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

strict-transport-security: max-age=15724800; includeSubDomains
content-encoding: gzip
surrogate-key: adv-ref-was-sed.was-net-q8.xyz/t3lem
last-modified: Tue, 05 Jul 2022 15:41:46 GMT
server: nginx/1.15.8
date: Tue, 05 Jul 2022 15:41:46 GMT
vary: Accept-Encoding
content-type: application/json
cache-control: no-transform, must-revalidate, max-age=0, s-maxage=3600
content-length: 53

GET
H2 200 shares.json Show response
api-public.addthis.com/url/ 33 B
297 B 238ms
231ms Script
application/json 104.75.88.126
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://api-public.addthis.com/url/shares.json?url=http%3A%2F%2Fadv-ref-was-sed.was-net-q8.xyz%2Ft3lem&callback=_ate.cbs.rcb_ka150

Requested by

Host: s7.addthis.com
URL: https://s7.addthis.com/js/300/addthis_widget.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.75.88.126 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-75-88-126.deploy.static.akamaitechnologies.com

Software

nginx/1.15.8 /

Resource Hash

7082678ac58e5432b46d82ae80cabae35013a6b5650cdb2a3c0aadf1580c51e3

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://adv-ref-was-sed.was-net-q8.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

strict-transport-security: max-age=15724800; includeSubDomains
content-encoding: gzip
surrogate-key: adv-ref-was-sed.was-net-q8.xyz/t3lem
last-modified: Tue, 05 Jul 2022 15:41:46 GMT
server: nginx/1.15.8
date: Tue, 05 Jul 2022 15:41:46 GMT
vary: Accept-Encoding
content-type: application/json
cache-control: no-transform, must-revalidate, max-age=0, s-maxage=3600
content-length: 53

GET
DATA 200
OK truncated
/ 443 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 5876d235b697479a9e5f476a33115aea1ddc21fd4b4740dd7180398c6224fdba

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 exitapi-impl.js Show response
tpc.googlesyndication.com/pagead/gadgets/html5/api/ Frame 2B6E 9 KB
3 KB 20ms
19ms Script
text/javascript 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/gadgets/html5/api/exitapi-impl.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/2795378711239061479/728_90_WT_Viking_fury.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d661244532ddce6a92fb96fde511e23ea4de69ff2e41a5bffb884caa71166e01

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Tue, 05 Jul 2022 09:36:14 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 21932
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3271
x-xss-protection: 0
server: cafe
etag: 7483759447172721109
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=86400
timing-allow-origin: *
expires: Wed, 06 Jul 2022 09:36:14 GMT

GET
H3 200 addata.js Show response
tpc.googlesyndication.com/pagead/gadgets/html5/ Frame 2B6E 26 KB
10 KB 20ms
20ms Script
text/javascript 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/gadgets/html5/addata.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/2795378711239061479/728_90_WT_Viking_fury.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

54a66c4693bfd79901040269ae7d7304508cbd02859797a1780f2bbe72176e23

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Mon, 04 Jul 2022 16:13:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 84484
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10382
x-xss-protection: 0
server: cafe
etag: 12806417668659483808
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=86400
timing-allow-origin: *
expires: Tue, 05 Jul 2022 16:13:42 GMT

GET
H2 200 createjs_2015.11.26_54e1c3722102182bb133912ad4442e19_min.js Show response
s0.2mdn.net/ads/studio/cached_libs/ Frame 2B6E 186 KB
48 KB 49ms
28ms Script
text/javascript 2a00:1450:4001:812::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/ads/studio/cached_libs/createjs_2015.11.26_54e1c3722102182bb133912ad4442e19_min.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/2795378711239061479/728_90_WT_Viking_fury.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

575c82f23dbb9285df2f62c7c8121c65d89e8137713110a149067d695975215e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Tue, 05 Jul 2022 15:41:46 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 0
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 49100
x-xss-protection: 0
last-modified: Wed, 16 Mar 2016 13:51:35 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=0
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 05 Jul 2022 15:41:46 GMT

GET
H3 200 728_90_WT_Viking_fury.js Show response
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/2795378711239061479/ Frame 2B6E 40 KB
11 KB 23ms
22ms Script
application/x-javascript 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/2795378711239061479/728_90_WT_Viking_fury.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/2795378711239061479/728_90_WT_Viking_fury.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a3b0c631da2cd0a5a87e14920daa94eb18f39b95c3560feee32fadbf987c1fc2

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
content-encoding: gzip
x-content-type-options: nosniff
age: 178804
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11016
x-xss-protection: 0
last-modified: Mon, 16 Mar 2020 15:37:39 GMT
server: sffe
date: Sun, 03 Jul 2022 14:01:42 GMT
vary: Accept-Encoding
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Mon, 03 Jul 2023 14:01:42 GMT

GET
H3 200 s Show response
googleads.g.doubleclick.net/pagead/drt/ Frame CBA4 143 B
163 B 20ms
19ms Document
text/html 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5290359410522938&output=html&h=90&adk=4204718025&adf=2221415025&pi=t.aa~a.1744094222~rp.1&w=1200&fwrn=4&fwrnh=100&lmt=1657035705&rafmt=1&to=qs&pwprc=6468772052&psa=0&format=1200x90&url=https%3A%2F%2Fadv-ref-was-sed.was-net-q8.xyz%2Ft3lem%2F%23.YsHYLi4Fopw.whatsapp&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1657035705309&bpp=1&bdt=846&idt=1&shv=r20220629&mjsv=m202206300101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Df3687b9d5267f0d0-226e43f6c5cd00d4%3AT%3D1657035704%3ART%3D1657035704%3AS%3DALNI_MY22cy_diFmBiqUsTZStrefkT2DCw&prev_fmts=0x0%2C1200x280%2C706x280%2C706x280&nras=2&correlator=7569773864212&frm=20&pv=1&ga_vid=2068434089.1657035705&ga_sid=1657035705&ga_hid=1990264797&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=2544&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C44766559%2C31068195%2C31068227&oid=2&pvsid=3494507679520155&tmod=1946640962&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=5&uci=a!5&btvi=3&fsb=1&xpc=Hm1qEAuo4Z&p=https%3A//adv-ref-was-sed.was-net-q8.xyz&dtd=13
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 3057
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=3600
content-encoding: gzip
content-length: 145
content-type: text/html; charset=UTF-8
date: Tue, 05 Jul 2022 14:50:49 GMT
server: cafe
x-content-type-options: nosniff
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame 3D8E 215 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 1361820f9ed18b2d333913eac21f53c25dd22b54a926e56c348e578588b35fd4

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

Content-Type: image/png

POST
H3 204 gen_csp
pagead2.googlesyndication.com/pagead/ Frame 3D8E 0
20 B 94ms
54ms Other
image/gif 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_csp?id=adbundle&qqi=CK235ISL4vgCFR5PFQgdg2EGHg&gqi=uVvEYt_TFPmS7_UPoO670AE&layout=/sadbundle/%24csp%253Der3%24/2795378711239061479/728_90_WT_Viking_fury.html

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
Content-Type: application/csp-report

Response headers

pragma: no-cache
date: Tue, 05 Jul 2022 15:41:46 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 edue1xTc5YuiZOhJi4VIA_c20CetZt5T9y7Q3cNnrTA.js Show response
pagead2.googlesyndication.com/bg/ Frame 18FD 36 KB
14 KB 20ms
20ms Script
text/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/edue1xTc5YuiZOhJi4VIA_c20CetZt5T9y7Q3cNnrTA.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

79db9ed714dce58ba264e8498b854803f736d027ad66de53f72ed0ddc367ad30

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Tue, 05 Jul 2022 13:42:12 GMT
content-encoding: br
x-content-type-options: nosniff
age: 7174
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13936
x-xss-protection: 0
last-modified: Mon, 27 Jun 2022 08:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 05 Jul 2023 13:42:12 GMT

GET
H3

200

si Show response
googleads.g.doubleclick.net/pagead/drt/ Frame CBA4
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

0
16 B

80ms
79ms

Document
text/html

2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
date: Tue, 05 Jul 2022 15:41:46 GMT
expires: Tue, 05 Jul 2022 15:41:46 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
x-content-type-options: nosniff
x-xss-protection: 0

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
date: Tue, 05 Jul 2022 15:41:46 GMT
location: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
server: cafe
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 _1.jpg
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/2795378711239061479/ Frame 2B6E 48 KB
48 KB 21ms
21ms Image
image/jpeg 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/2795378711239061479/_1.jpg

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d0367262ab3ec6ecc50a562ec98eab62a0784a3c75d5a7265ad4fcc261b9f6cc

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options: nosniff
age: 440335
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 49406
x-xss-protection: 0
last-modified: Mon, 16 Mar 2020 15:37:39 GMT
server: sffe
date: Thu, 30 Jun 2022 13:22:51 GMT
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Fri, 30 Jun 2023 13:22:51 GMT

GET
H3 200 _2.png
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/2795378711239061479/ Frame 2B6E 6 KB
6 KB 21ms
21ms Image
image/png 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/2795378711239061479/_2.png

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

aa214f08c87a11a1c377e60103a91a801a34ff855f6c2caf989678dfc06cb75b

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options: nosniff
age: 355440
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5810
x-xss-protection: 0
last-modified: Mon, 16 Mar 2020 15:37:39 GMT
server: sffe
date: Fri, 01 Jul 2022 12:57:46 GMT
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Sat, 01 Jul 2023 12:57:46 GMT

GET
H3 200 edue1xTc5YuiZOhJi4VIA_c20CetZt5T9y7Q3cNnrTA.js Show response
pagead2.googlesyndication.com/bg/ Frame 2B6E 36 KB
14 KB 19ms
19ms Script
text/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/edue1xTc5YuiZOhJi4VIA_c20CetZt5T9y7Q3cNnrTA.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/pagead/gadgets/html5/addata.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

79db9ed714dce58ba264e8498b854803f736d027ad66de53f72ed0ddc367ad30

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Tue, 05 Jul 2022 13:42:12 GMT
content-encoding: br
x-content-type-options: nosniff
age: 7174
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13936
x-xss-protection: 0
last-modified: Mon, 27 Jun 2022 08:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 05 Jul 2023 13:42:12 GMT

GET
H3 200 _3.png
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/2795378711239061479/ Frame 2B6E 14 KB
14 KB 21ms
21ms Image
image/png 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/2795378711239061479/_3.png

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

33507da951d9f6945b291868156542a3031f834e14c45b93f10b85785d585e03

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options: nosniff
age: 435848
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 14415
x-xss-protection: 0
last-modified: Mon, 16 Mar 2020 15:37:39 GMT
server: sffe
date: Thu, 30 Jun 2022 14:37:38 GMT
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Fri, 30 Jun 2023 14:37:38 GMT

GET
H3 200 _4.png
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/2795378711239061479/ Frame 2B6E 22 KB
22 KB 21ms
20ms Image
image/png 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/2795378711239061479/_4.png

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7b4f1124afeb67c61e1d2625166f53d4f43a886590ded2fafddbb983f7aa3b12

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options: nosniff
age: 65845
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 22311
x-xss-protection: 0
last-modified: Mon, 16 Mar 2020 15:37:39 GMT
server: sffe
date: Mon, 04 Jul 2022 21:24:21 GMT
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Tue, 04 Jul 2023 21:24:21 GMT

GET
H3 200 _5.png
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/2795378711239061479/ Frame 2B6E 9 KB
9 KB 22ms
22ms Image
image/png 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/2795378711239061479/_5.png

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1cdf408c31b7c2a651546ea51e4a76b9a376b8f65285e1668a2286f03eb2dad8

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options: nosniff
age: 435848
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9473
x-xss-protection: 0
last-modified: Mon, 16 Mar 2020 15:37:39 GMT
server: sffe
date: Thu, 30 Jun 2022 14:37:38 GMT
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Fri, 30 Jun 2023 14:37:38 GMT

GET
H3 200 _6.png
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/2795378711239061479/ Frame 2B6E 7 KB
8 KB 21ms
21ms Image
image/png 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/2795378711239061479/_6.png

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7d9dc606715d4b4bbbd5df839c56ffa5f16c2b951467c30e00c0fd84e18bd4c3

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options: nosniff
age: 435848
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7654
x-xss-protection: 0
last-modified: Mon, 16 Mar 2020 15:37:39 GMT
server: sffe
date: Thu, 30 Jun 2022 14:37:38 GMT
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Fri, 30 Jun 2023 14:37:38 GMT

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 14 KB
10 KB 35ms
35ms XHR
application/json 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20220629&st=env

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a2a1015b565133afbd5d6101839088ba05bf77d6f0bd34cb71baf281ef474a8d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://adv-ref-was-sed.was-net-q8.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 05 Jul 2022 15:41:46 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10696
x-xss-protection: 0

GET
H3 200 _7.png
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/2795378711239061479/ Frame 2B6E 21 KB
21 KB 21ms
21ms Image
image/png 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/2795378711239061479/_7.png

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7716989b80ec806fafb387ce194afbf897b34fa4ff014310da62c26a41b3e7ce

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options: nosniff
age: 14230
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 21548
x-xss-protection: 0
last-modified: Mon, 16 Mar 2020 15:37:39 GMT
server: sffe
date: Tue, 05 Jul 2022 11:44:36 GMT
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Wed, 05 Jul 2023 11:44:36 GMT

GET
H3 200 _8.png
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/2795378711239061479/ Frame 2B6E 96 B
131 B 21ms
21ms Image
image/png 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/2795378711239061479/_8.png

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3a73551fb97a5347b1ac1e69f38fb32c7f7e62efe1d201b98282698b854ce020

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options: nosniff
age: 435848
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 96
x-xss-protection: 0
last-modified: Mon, 16 Mar 2020 15:37:39 GMT
server: sffe
date: Thu, 30 Jun 2022 14:37:38 GMT
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Fri, 30 Jun 2023 14:37:38 GMT

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
6 KB 28ms
28ms Script
text/javascript 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://adv-ref-was-sed.was-net-q8.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Tue, 05 Jul 2022 15:41:46 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Tue, 05 Jul 2022 15:41:46 GMT

GET
H3 200 _9.png
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/2795378711239061479/ Frame 2B6E 4 KB
4 KB 21ms
20ms Image
image/png 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/2795378711239061479/_9.png

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4e6dfa7c8f158c43a57cc09ac3e10103502b3c44909b71fba9594cf766c447ba

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options: nosniff
age: 435848
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3796
x-xss-protection: 0
last-modified: Mon, 16 Mar 2020 15:37:39 GMT
server: sffe
date: Thu, 30 Jun 2022 14:37:38 GMT
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Fri, 30 Jun 2023 14:37:38 GMT

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 46BE 13 KB
5 KB 20ms
20ms Document
text/html 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://adv-ref-was-sed.was-net-q8.xyz/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 3868
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Tue, 05 Jul 2022 14:37:18 GMT
expires: Wed, 05 Jul 2023 14:37:18 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 6943 783 B
536 B 28ms
27ms Document
text/html 2a00:1450:4001:831::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

5ba16afe8443c26b4960ad875c0152a2418abf71dfdf9bcc3b0e54f10fa9a7ba

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-v3hQF3N8V7p9htYs-2PRTA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://adv-ref-was-sed.was-net-q8.xyz/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private, max-age=300
content-encoding: gzip
content-length: 514
content-security-policy: script-src 'report-sample' 'nonce-v3hQF3N8V7p9htYs-2PRTA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Tue, 05 Jul 2022 15:41:46 GMT
expires: Tue, 05 Jul 2022 15:41:46 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 6943 0
0 116ms
115ms Image
text/html 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gda_r20220629&jk=3494507679520155&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

GET
H3 200 edue1xTc5YuiZOhJi4VIA_c20CetZt5T9y7Q3cNnrTA.js Show response
pagead2.googlesyndication.com/bg/ Frame 46BE 36 KB
14 KB 19ms
18ms Script
text/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/edue1xTc5YuiZOhJi4VIA_c20CetZt5T9y7Q3cNnrTA.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

79db9ed714dce58ba264e8498b854803f736d027ad66de53f72ed0ddc367ad30

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Tue, 05 Jul 2022 13:42:12 GMT
content-encoding: br
x-content-type-options: nosniff
age: 7174
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13936
x-xss-protection: 0
last-modified: Mon, 27 Jun 2022 08:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 05 Jul 2023 13:42:12 GMT

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame 46BE 0
10 B 20ms
20ms Image
text/plain 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?GP9Law
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Tue, 05 Jul 2022 15:41:46 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 18C3 42 B
64 B 54ms
54ms Fetch
image/gif 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjssXij2QehB7kVMXxA8G2Pt3EsqzU2HJglZg5lFpFwWK2_Dst3Xsnb6yA9HVJINqEGb2oMBCqLwlc0t2dGIbOetZKW0&sig=Cg0ArKJSzHgdcUqpBPzyEAE&id=lidar2&mcvt=1001&p=0,0,124,1005&mtos=112,707,1001,1090,1174&tos=112,595,294,89,84&v=20220627&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=20&adk=1812271801&rs=2&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0%3D&vs=4&r=v&rst=1657035705351&rpt=211&met=ie&wmsd=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 05 Jul 2022 15:41:46 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame CE4E 42 B
64 B 55ms
54ms Fetch
image/gif 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjssxZKg9tMc1oPHPb8wazZJ4jpMwRLkehLYbv5ydOyzEv9ZjUsofl-rAQaZ91p4aMmv9n0_Kbvg8cHO8Xwx_2VwvLGoyjTSP_-9RKqYHc-aSdEXpIl9jPrruA2MXc5FdKmE6-m87ZA&sai=AMfl-YSED0ZhQTI-wYOr7fRPCqHtU4_3-dEvR3LjBEEq4x47I8H5j-3TU4637fpob-zkI4TlcBuxfPT8gFD9&sig=Cg0ArKJSzCgMBcIj_5jWEAE&id=lidar2&mcvt=1001&p=0,0,280,1200&mtos=1001,1001,1001,1001,1001&tos=1001,0,0,0,0&v=20220627&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=22&adk=3290198356&rs=2&la=1&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0%3D&vs=4&r=v&rst=1657035704948&rpt=910&met=mue&wmsd=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 05 Jul 2022 15:41:46 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 all
csm.eu.criteo.net/ Frame 53D3 0
127 B 33ms
33ms Ping
text/plain 178.250.0.162
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.0.162 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Finatra /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://ads.eu.criteo.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: *
date: Tue, 05 Jul 2022 15:41:46 GMT
cross-origin-resource-policy: cross-origin
server: Finatra
content-length: 0
strict-transport-security: max-age=31536000; preload;

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ 0
0 62ms
62ms Image
text/html 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gda_r20220629&jk=3494507679520155&bg=!QEOlQwfNAAaLlKKnq5Q7ACkAdvg8WnuWGrl-CZfgCLoomor_rzTFn0U6njc66JWKETuw1fPIQ0hkUAIAAABAUgAAAAJoAQeZAq32VpBLqicbEPxfltLFTSC697GejXun2pIymJPp4NgFPJ6zxp_OFoRCS_49jbJ_KmMr1c3-1nIdN_7Gq0rxuhWrFTW2-fX53-gMpqi4HQ4oKT2xYuoDL03sFONldnefufijhKDHZyA0_u5lTTa8GiDcwdV76T8q6kp4EL5Bvr5pidmHoa5Qd-KGAQGX_6jcu7nz0izlRhMgA1sHGrP7rchFfdgNsr2NmNuq1S9NSYsq7q5QqGRh4ssYx-5LbK5Nwjr2k8cddGIhToGEwgI2-YnmyE3B0xlH8CuwSF5VmXTSD9Cr7y45YQFljbAHhMewXXN5DeLNf34fDjjZbkxOF5A3_ddB13qmVNHgm49u005zVoDnwVkRMh7CS1WTnIT2ps7h0LCBQzlCcy97Bk7sf-sbdl6hARbsfv8xBtPTag_fZ0ALvWvryaZ5tRpYk0w0vpOeGhcEh6ea7EydrU1osffQfxY-A71uEwsiP6KU3bWHdv4LNQnkP1LcLTqMdWjghYWJtj1VzB8zM6ZIW8--0zz-RT3VxAk52n9Z_0OG5hNzkPsuyvvFFkoPuafaCExJihMjPnn8Jk_T-5wFp8SFpvtpB_of7oB7UiSZ85QtmD2DT_EiqCfE4xr23uysfxhldLiHu7wVKgveR_La7I6GJgqjx6MttCVjJZXuojPfOWqwZy8NiX6qFlx4ZDR9og50DjcGLMTyXZNFG8CPc8mBMXHwBURy943PHEWZ6-IOLy23vP4ht-ftq5ZsL5bN4X-TaX1BJBPF64H0foj1yXSnIah0eD-JX-hwKVTjsgbD5o-pzB8wLOFMJPi-FK_tnGsJXuJlFMi3qKzVyhL7p5rDuZONLRLMwQLa9XQal8_Z25VwIxCSEZ668gUMszD_bv_XtX-YCa8E7jNNu5fCw2-0
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://adv-ref-was-sed.was-net-q8.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: www.alarabiya.net
URL: https://www.alarabiya.net/.resources/aa-fe-templating/webresources/dist/assets/fonts/alarabiyaBoutros2020-Bold.woff2

Domain: www.alarabiya.net
URL: https://www.alarabiya.net/.resources/aa-fe-templating/webresources/dist/assets/fonts/alarabiyaBoutros2020-Regular.woff2

Domain: www.alarabiya.net
URL: https://www.alarabiya.net/.resources/aa-fe-templating/webresources/dist/assets/fonts/alarabiyaBoutros2020-Light.woff2

Domain: www.alarabiya.net
URL: https://www.alarabiya.net/.resources/aa-fe-templating/webresources/dist/assets/fonts/NotoNaskhArabic-Bold.woff2

Domain: www.alarabiya.net
URL: https://www.alarabiya.net/.resources/aa-fe-templating/webresources/dist/assets/fonts/alarabiyaBoutros2020-Bold.woff

Domain: www.alarabiya.net
URL: https://www.alarabiya.net/.resources/aa-fe-templating/webresources/dist/assets/fonts/alarabiyaBoutros2020-Regular.woff

Domain: www.alarabiya.net
URL: https://www.alarabiya.net/.resources/aa-fe-templating/webresources/dist/assets/fonts/NotoNaskhArabic-Bold.woff

Domain: www.alarabiya.net
URL: https://www.alarabiya.net/.resources/aa-fe-templating/webresources/dist/assets/fonts/alarabiyaBoutros2020-Light.woff

Domain: s7.addthis.com
URL: https://s7.addthis.com/static/sh.f48a1a04fe8dbf021b4cda1d.html

Verdicts & Comments Add Verdict or Comment

151 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

25 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
adv-ref-was-sed.was-net-q8.xyz/	1970-01-20 13:02:51	Name: HstCfa4658427 Value: 1657035704903
adv-ref-was-sed.was-net-q8.xyz/	1970-01-20 13:02:51	Name: HstCla4658427 Value: 1657035704903
adv-ref-was-sed.was-net-q8.xyz/	1970-01-20 13:02:51	Name: HstCmu4658427 Value: 1657035704903
adv-ref-was-sed.was-net-q8.xyz/	1970-01-20 13:02:51	Name: HstPn4658427 Value: 1
adv-ref-was-sed.was-net-q8.xyz/	1970-01-20 13:02:51	Name: HstPt4658427 Value: 1
adv-ref-was-sed.was-net-q8.xyz/	1970-01-20 13:02:51	Name: HstCnv4658427 Value: 1
adv-ref-was-sed.was-net-q8.xyz/	1970-01-20 13:02:51	Name: HstCns4658427 Value: 1
.was-net-q8.xyz/	1970-01-20 13:38:51	Name: __gads Value: ID=f3687b9d5267f0d0-226e43f6c5cd00d4:T=1657035704:RT=1657035704:S=ALNI_MY22cy_diFmBiqUsTZStrefkT2DCw
.was-net-q8.xyz/	1970-01-20 13:46:03	Name: _cb Value: BWP4iaFn0GMDfECSn
.was-net-q8.xyz/	1970-01-20 13:46:03	Name: _chartbeat2 Value: .1657035705455.1657035705455.1.Bj525nB7NAdtYuotCobbgsNjvf.1
.was-net-q8.xyz/	1970-01-20 04:17:17	Name: _cb_svref Value: null
adv-ref-was-sed.was-net-q8.xyz/	1970-01-20 13:47:30	Name: __atuvc Value: 1%7C27
adv-ref-was-sed.was-net-q8.xyz/	1970-01-20 04:17:17	Name: __atuvs Value: 62c45bb97c489afb000
adv-ref-was-sed.was-net-q8.xyz/	1970-01-20 13:47:30	Name: __atssc Value: whatsapp%3B1
adv-ref-was-sed.was-net-q8.xyz/	1969-12-31 23:59:59	Name: __atrfs Value: ab/\|pos/\|tot/\|rsi/\|cfc/\|hash/1\|rsiq/\|fuid/\|rxi/62c1d82e2e05a29c\|rsc/whatsapp\|gen/1\|csi/\|dr/
.addthis.com/	1970-01-20 13:47:30	Name: uvc Value: 1%7C27
.addthis.com/	1970-01-20 13:47:30	Name: ssc Value: whatsapp%3B1
.addthis.com/	1970-01-20 13:47:30	Name: loc Value: MDAwMDBFVURFSEUyMzA4MTg5MzAwMzAwMDBDSA==
.addthis.com/	1970-01-20 13:38:51	Name: ouid Value: 62c45bb900012c8a1e7c8b25fa3365b3238c6a9f86cf0d9e09e6
.addthis.com/	1970-01-20 13:38:51	Name: di2 Value: aVS_n%2h))x)&_)&U)%z)%Y
.addthis.com/	1970-01-20 13:38:51	Name: um Value: j.'2022070515414573000599351345'
.addthis.com/	1970-01-20 13:38:51	Name: uid Value: 62c45bb9ccd2bb00
.addthis.com/	1970-01-20 13:38:51	Name: na_id Value: 2022070515414573000599351345
.doubleclick.net/	1970-01-20 13:38:51	Name: IDE Value: AHWqTUkQoMcOzNNOA9tVVUP42fqpvIFXf7xP2Vn3Dgg1353lESglSdrMAr3DbEG3kPg
.doubleclick.net/	1970-01-20 04:17:19	Name: DSID Value: NO_DATA

21 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
javascript	error	URL: https://adv-ref-was-sed.was-net-q8.xyz/t3lem/#.YsHYLi4Fopw.whatsapp Message: Access to font at 'https://www.alarabiya.net/.resources/aa-fe-templating/webresources/dist/assets/fonts/alarabiyaBoutros2020-Bold.woff2' from origin 'https://adv-ref-was-sed.was-net-q8.xyz' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://www.alarabiya.net/.resources/aa-fe-templating/webresources/dist/assets/fonts/alarabiyaBoutros2020-Bold.woff2 Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: https://adv-ref-was-sed.was-net-q8.xyz/t3lem/#.YsHYLi4Fopw.whatsapp Message: Access to font at 'https://www.alarabiya.net/.resources/aa-fe-templating/webresources/dist/assets/fonts/alarabiyaBoutros2020-Regular.woff2' from origin 'https://adv-ref-was-sed.was-net-q8.xyz' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://www.alarabiya.net/.resources/aa-fe-templating/webresources/dist/assets/fonts/alarabiyaBoutros2020-Regular.woff2 Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: https://adv-ref-was-sed.was-net-q8.xyz/t3lem/#.YsHYLi4Fopw.whatsapp Message: Access to font at 'https://www.alarabiya.net/.resources/aa-fe-templating/webresources/dist/assets/fonts/NotoNaskhArabic-Bold.woff2' from origin 'https://adv-ref-was-sed.was-net-q8.xyz' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://www.alarabiya.net/.resources/aa-fe-templating/webresources/dist/assets/fonts/NotoNaskhArabic-Bold.woff2 Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: https://adv-ref-was-sed.was-net-q8.xyz/t3lem/#.YsHYLi4Fopw.whatsapp Message: Access to font at 'https://www.alarabiya.net/.resources/aa-fe-templating/webresources/dist/assets/fonts/alarabiyaBoutros2020-Light.woff2' from origin 'https://adv-ref-was-sed.was-net-q8.xyz' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://www.alarabiya.net/.resources/aa-fe-templating/webresources/dist/assets/fonts/alarabiyaBoutros2020-Light.woff2 Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: https://adv-ref-was-sed.was-net-q8.xyz/t3lem/#.YsHYLi4Fopw.whatsapp Message: Access to font at 'https://www.alarabiya.net/.resources/aa-fe-templating/webresources/dist/assets/fonts/alarabiyaBoutros2020-Bold.woff' from origin 'https://adv-ref-was-sed.was-net-q8.xyz' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://www.alarabiya.net/.resources/aa-fe-templating/webresources/dist/assets/fonts/alarabiyaBoutros2020-Bold.woff Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: https://adv-ref-was-sed.was-net-q8.xyz/t3lem/#.YsHYLi4Fopw.whatsapp Message: Access to font at 'https://www.alarabiya.net/.resources/aa-fe-templating/webresources/dist/assets/fonts/alarabiyaBoutros2020-Regular.woff' from origin 'https://adv-ref-was-sed.was-net-q8.xyz' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://www.alarabiya.net/.resources/aa-fe-templating/webresources/dist/assets/fonts/alarabiyaBoutros2020-Regular.woff Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: https://adv-ref-was-sed.was-net-q8.xyz/t3lem/#.YsHYLi4Fopw.whatsapp Message: Access to font at 'https://www.alarabiya.net/.resources/aa-fe-templating/webresources/dist/assets/fonts/alarabiyaBoutros2020-Light.woff' from origin 'https://adv-ref-was-sed.was-net-q8.xyz' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://www.alarabiya.net/.resources/aa-fe-templating/webresources/dist/assets/fonts/alarabiyaBoutros2020-Light.woff Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: https://adv-ref-was-sed.was-net-q8.xyz/t3lem/#.YsHYLi4Fopw.whatsapp Message: Access to font at 'https://www.alarabiya.net/.resources/aa-fe-templating/webresources/dist/assets/fonts/NotoNaskhArabic-Bold.woff' from origin 'https://adv-ref-was-sed.was-net-q8.xyz' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://www.alarabiya.net/.resources/aa-fe-templating/webresources/dist/assets/fonts/NotoNaskhArabic-Bold.woff Message: Failed to load resource: net::ERR_FAILED
security	error	URL: https://adv-ref-was-sed.was-net-q8.xyz/t3lem/#.YsHYLi4Fopw.whatsapp Message: Refused to execute script from 'https://adv-ref-was-sed.was-net-q8.xyz/' because its MIME type ('text/html') is not executable, and strict MIME type checking is enabled.
other	warning	URL: https://googleads.g.doubleclick.net/pagead/html/r20220629/r20110914/zrt_lookup.html?fsb=1(Line 21) Message: Origin trial controlled feature not enabled: 'attribution-reporting'.
security	error	URL: https://adv-ref-was-sed.was-net-q8.xyz/t3lem/#.YsHYLi4Fopw.whatsapp Message: Refused to execute script from 'https://adv-ref-was-sed.was-net-q8.xyz/' because its MIME type ('text/html') is not executable, and strict MIME type checking is enabled.
security	error	URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5290359410522938&output=html&h=90&adk=4204718025&adf=2221415025&pi=t.aa~a.1744094222~rp.1&w=1200&fwrn=4&fwrnh=100&lmt=1657035705&rafmt=1&to=qs&pwprc=6468772052&psa=0&format=1200x90&url=https%3A%2F%2Fadv-ref-was-sed.was-net-q8.xyz%2Ft3lem%2F%23.YsHYLi4Fopw.whatsapp&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1657035705309&bpp=1&bdt=846&idt=1&shv=r20220629&mjsv=m202206300101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Df3687b9d5267f0d0-226e43f6c5cd00d4%3AT%3D1657035704%3ART%3D1657035704%3AS%3DALNI_MY22cy_diFmBiqUsTZStrefkT2DCw&prev_fmts=0x0%2C1200x280%2C706x280%2C706x280&nras=2&correlator=7569773864212&frm=20&pv=1&ga_vid=2068434089.1657035705&ga_sid=1657035705&ga_hid=1990264797&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=2544&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C44766559%2C31068195%2C31068227&oid=2&pvsid=3494507679520155&tmod=1946640962&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=5&uci=a!5&btvi=3&fsb=1&xpc=Hm1qEAuo4Z&p=https%3A//adv-ref-was-sed.was-net-q8.xyz&dtd=13 Message: Refused to frame 'https://pagead2.googlesyndication.com/' because it violates the following Content Security Policy directive: "frame-src cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp=er3$/2795378711239061479/728_90_WT_Viking_fury.html".
security	error	URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5290359410522938&output=html&h=90&adk=4204718025&adf=2221415025&pi=t.aa~a.1744094222~rp.1&w=1200&fwrn=4&fwrnh=100&lmt=1657035705&rafmt=1&to=qs&pwprc=6468772052&psa=0&format=1200x90&url=https%3A%2F%2Fadv-ref-was-sed.was-net-q8.xyz%2Ft3lem%2F%23.YsHYLi4Fopw.whatsapp&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1657035705309&bpp=1&bdt=846&idt=1&shv=r20220629&mjsv=m202206300101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Df3687b9d5267f0d0-226e43f6c5cd00d4%3AT%3D1657035704%3ART%3D1657035704%3AS%3DALNI_MY22cy_diFmBiqUsTZStrefkT2DCw&prev_fmts=0x0%2C1200x280%2C706x280%2C706x280&nras=2&correlator=7569773864212&frm=20&pv=1&ga_vid=2068434089.1657035705&ga_sid=1657035705&ga_hid=1990264797&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=2544&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C44766559%2C31068195%2C31068227&oid=2&pvsid=3494507679520155&tmod=1946640962&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=5&uci=a!5&btvi=3&fsb=1&xpc=Hm1qEAuo4Z&p=https%3A//adv-ref-was-sed.was-net-q8.xyz&dtd=13 Message: Refused to frame 'https://pagead2.googlesyndication.com/' because it violates the following Content Security Policy directive: "frame-src cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp=er3$/2795378711239061479/728_90_WT_Viking_fury.html".

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=0; includeSubDomains; preload
X-Content-Type-Options	nosniff

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ads.eu.criteo.com
adservice.google.com
adservice.google.de
adv-ref-was-sed.was-net-q8.xyz
api-public.addthis.com
cat.nl.eu.criteo.com
csm.eu.criteo.net
fonts.googleapis.com
fonts.gstatic.com
googleads.g.doubleclick.net
gumlet.assettype.com
m.addthis.com
o.addthis.com
pagead2.googlesyndication.com
partner.googleadservices.com
ping.chartbeat.net
pix.eu.criteo.net
rtb.fr.eu.criteo.com
s0.2mdn.net
s10.histats.com
s4.histats.com
s7.addthis.com
secure-gl.imrworldwide.com
static.chartbeat.com
static.criteo.net
static.doubleclick.net
tpc.googlesyndication.com
v1.addthisedge.com
www.alarabiya.net
www.google.com
www.googletagmanager.com
www.googletagservices.com
www.gstatic.com
z.moatads.com
s7.addthis.com
www.alarabiya.net
104.102.30.13
104.75.88.126
142.250.181.226
158.101.26.148
158.69.251.190
178.250.0.139
178.250.0.162
178.250.2.148
2600:9000:2057:6e00:18:1fcd:351:7bc1
2600:9000:206f:6000:1e:a43d:b640:93a1
2606:4700:3033::ac43:de87
2a00:1450:4001:800::2002
2a00:1450:4001:80e::2002
2a00:1450:4001:80f::2002
2a00:1450:4001:812::2006
2a00:1450:4001:813::2001
2a00:1450:4001:827::2003
2a00:1450:4001:827::2008
2a00:1450:4001:82f::2002
2a00:1450:4001:82f::2003
2a00:1450:4001:82f::200a
2a00:1450:4001:830::2002
2a00:1450:4001:831::2004
2a02:2638:1::3
2a02:2638:1::4
2a02:2638::2
2a04:4e42::311
34.224.243.79
46.105.201.240
69.172.201.191
012bb7853079db95a8f44671bc867eec7d09ff13c92794d75ba81003747bfbe7
038add02be415e7db8c2c0e144be234baa6713c3b50812d45545ec3b06dc78ec
05090f9390f5bc0cd23fe5f432037cc92d7cbce1ced9bfe8faf3d1c9abae85cd
095c997695f6a290fdba58b778eb0a0fdcdd9c108669e41265527a262223f1e6
0b8dfcc37828fa7e54be68db3e4b417e3f63416e4753cd7ed81f8cf8cb5a1b0e
0c04397947420d22fe0dcad2ebdce7bc1a5e60420ff4b9a6a1d50791782c1eb0
0d099b0d12903fbbef6a3026f529c9ef954986ceaf5e3fd67d0152a659ca1f29
0e2796a9d67acf02d30321dd989fae6e1721f75fca03c97d139adc36f8e47f78
129b19dacd43d31998736dd3c9390f52a92d287dfa4e1d55822549dd202be417
1361820f9ed18b2d333913eac21f53c25dd22b54a926e56c348e578588b35fd4
1402b2ee3d5436f4ff51e549f12349a605fbe38e481b07543715301e5dddaf99
1514178b2d78067236c1b7ff4af83f9ddbc33696c568f374321fa169fe37d0ce
18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421
18a2843245ddc539c1368335ca480f9ec8f3657f3f174248ed5b9079480fa18e
1cdf408c31b7c2a651546ea51e4a76b9a376b8f65285e1668a2286f03eb2dad8
21cde34053d13b6f5c6ef7c04fb616c7df953591f475428584f55d2ee7ab8547
24955581e43feb2c28e2aa4ef4f617c2bd6a38e5af3001063e2115804ce3158d
250c4201a5fcd1386b944d06733cbf0ac601af55734b5303bb9c17ec1294f305
26a240693f90b125c07f62d5937052f68fab7989cf25414808312c9a1fa4fbad
27acb3b4f9ccc152e5fc95d294e23559f1a7d5994971e4ece6c2d1cbc44acb84
287c026f26ce7e0c966b32b24b2fa2c2c3181cf110a31202fd7eadc50620c74c
28f12a5e97bafa06cf723dfa71a93daac27f33e6ef2929332d7320a9b2685007
29a74bd48fa0b500b61194468e760e8acef2f465e782e0da3eb219850bcea8fb
2a9456236abe7e50fd51cf797f73455aca3cd9371fe1f5acdf0055b4761cd653
2c14b2615cb95d0eb73503fee2d91f4ec21926e28b9ba71898179020e9bb69dc
2defe59e357a7d0683c8283ac42841db404a0884cae2eaecebf4b676e559dede
2ee8ced4aa208edb5900fa92393d38bf5f02086863574f64cce2d0b2eb96b0f7
2f6ce5f63be08e50bdbefd3a59c7b720c044e7ab58034bd1efa519520b5c5fa8
32bd9710b41bc7d8e44a972f53113dfcd580bb252d4eea5c8649cfc717db6b0f
33507da951d9f6945b291868156542a3031f834e14c45b93f10b85785d585e03
36e06456164f050983b6142187b44701695b68b4ae367879f14f61a25bdf8815
3a73551fb97a5347b1ac1e69f38fb32c7f7e62efe1d201b98282698b854ce020
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
44eefef34507164f4234b958d8f6906488a2521071379498041568bae9499b2e
46d1791d45e9e6840842ef90f192c2c6f1f4247baa7c1f32f2da75d3a05c0de2
48d805dda34129b9b567b6bf0731013efe43a58474040d61cf21765222a914a0
4d45982f2dc34f36c9045ee46a75a1943666bb7fd64e103cac8c7429e7012840
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
4e49c0db8fe5c52ddc31a2df0bb613c7cbe3c69a564f74cbffc7dda78d122ec4
4e6dfa7c8f158c43a57cc09ac3e10103502b3c44909b71fba9594cf766c447ba
500262eae1ee1af01a018fc6ba8d47d9b7f00146668ec4a4d624ce2e112a8f01
54a66c4693bfd79901040269ae7d7304508cbd02859797a1780f2bbe72176e23
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
55d2ab860a7100b201e762c2046bc65a5d16236a0263dee3e95c711be581b345
575c82f23dbb9285df2f62c7c8121c65d89e8137713110a149067d695975215e
5876d235b697479a9e5f476a33115aea1ddc21fd4b4740dd7180398c6224fdba
5950947750a59002e17c2ea0a79c2f53835b170957f64d01a62d1a3aec9ce771
5ba16afe8443c26b4960ad875c0152a2418abf71dfdf9bcc3b0e54f10fa9a7ba
5c4a713ee4250851232be9f9f68d41586be39b299528cfc7266e0b0e7e582e1b
5d8b143fe19bb0ab2623ed33513935d65e6ca2def66d93ce8a4e74562b6a91f5
5f5654d3095dcc7a871f7d4c1355b2c9eea3eb0d8f72f87e65b0cf51961aefd6
605b14697226eeb0be6b2c11db8206b70f4c8681c3f921e4ceca4793ce1a95ce
6121ca306ad1045453d52517b8f436eb5a68055c82aefa46a9a77de36996a3df
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
65e821b53990c7e875f3a0c2ed1d78d9aaf42a0ac22e5befe5903e4e87faf931
6bb4749e2b751b0661c372b48b49c5fb11096d9086ca863cfef9b9add88e8c51
7082678ac58e5432b46d82ae80cabae35013a6b5650cdb2a3c0aadf1580c51e3
725e869434fef8013208ed4c233d29744f9b363f867dcfb8f23e862880fa699a
72d2367dc35967c758f93deefb69e76a1cfed9be0dcab06fc8ae2bf8d37bc879
74e1ad29f2c237e90a6a960052a7251db5fc5468ec9daefcd20a256ddabf7570
75a2067c9dff8e58ae83cdb8ee4fe896013966ac4e8f3f1d5e8a75f27c9a1ae2
7716989b80ec806fafb387ce194afbf897b34fa4ff014310da62c26a41b3e7ce
77a5d236290aa90f32027033af2ed5f31ad37b724e776da93681d1f6945976da
79db9ed714dce58ba264e8498b854803f736d027ad66de53f72ed0ddc367ad30
7a3fb5742c3e8f815eea6249b75c8beb430bb6d817e3b6d325a9a0563c79cc47
7b4f1124afeb67c61e1d2625166f53d4f43a886590ded2fafddbb983f7aa3b12
7b6bfa13f0778c40bb2a00af9819bea2f07afcb4d071e7e4f436196953a5db4d
7d9dc606715d4b4bbbd5df839c56ffa5f16c2b951467c30e00c0fd84e18bd4c3
8319156ad5064aa6b154ffa69cacf57e9e591c8e71b7b5bc7407645a115273fa
83c53d2718510cafd60eaa7dc717f5a1360bcd96ccc360e70c6bef4522d07482
83f6e3cbc4129a38fc553960c0905b174dd488d0d04a02c944e8143b904a6787
84d1ee47df256fbcd1042850b8fd40df9ca9952a5b37608f019f2f438713fa30
8aa048082094d36080fc028ab1584264596c64fb5b362038c4761ac9838d6b14
8ec89605fe3d580e9539c7b858e8f69ba4e26fe06377ebe04585397de23a7395
981c0bff12cb03203363a70e8ffe9b7fdf4af3b0b10c7a02a639eb13327574c0
9b5312cb2f154f2bd64ee8746195a63df254d10bfd107a61eec3d5d38dd48bff
9bdc071c5a6f1be56893d8c6aff6bcbb2b7f24fd93dda3e87b1e5822d2fba027
9c7a6a0a10501df413e51ac24dfb427b3e6c04bb36c3a366f7b8cd4a73663bb3
9d29a0edd5f55c965f72331218d94428fa5fcaec361f94850cd9869b35af8228
a0e62ca4a82bef79bbe9dc2aba6c0782a7d8eca046bb1baa30ee91ec37931553
a2625083f682f667dbd0121720f86b02cc023e7cc2c36d1fad2d1a3dbe0b8cc6
a2a1015b565133afbd5d6101839088ba05bf77d6f0bd34cb71baf281ef474a8d
a2e14a498cfcc1b6920f069a9d657ad3c6fbbe217dd26dbfe54815db5107fed6
a3b0c631da2cd0a5a87e14920daa94eb18f39b95c3560feee32fadbf987c1fc2
a43583612446704c57a1eceb171645daa59139ed98fa1f4f0a8e7b6cd00ba3d8
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a658b2be7323c57d4bd5c4197b657e1f5360d1b950131dc377efec1d5111ffd0
a71fdb2af0679f36edbf63eb7944dc2403c85572d9de916cfcb12bf6277c5c37
a7529f444584dca11f6461c147e677a11cb142a9ce1bb644b11ba4b561d72987
a89875fd6e2615e901875ea237ad1705270e6beb461986d5bd1d6ae4de60619a
a9890b746997315256f2888be5d65e06908b42d440ac8c8326c2c85434b3486c
aa214f08c87a11a1c377e60103a91a801a34ff855f6c2caf989678dfc06cb75b
abf22880765f6c66ecb93fd8875e3bc87855e055c518774bf095348cb08f53a7
acd2f7ad78edeebad4b6b0fdd17ff57d81c3726c60fd5435ee8c5a0115d29403
ae2e1dc0161fa05e80b225682868a9bfbab08c503b2429f06339d4487f160ac2
b019538234514166ec7665359d097403358f8a4c991901983922fb4d56989f1e
b1adc3031f6dd145bb9474f9d9a63d478afaa0d5157eb5b294a84860c80c9653
b23ffd4ae2cd04bc4d22d0b99275fa7c5d663f3637580e0799b745070934250c
b67c845954161526f642c7cf8fbfd08b1be75abfeca6a0d8a65a3ccd38569ec9
b76ee856ffad32771a86e7bf2a4c125a68a8b26e19d3b8a10bda52bf1da85687
b81ca1a3c9dede576c144a087a70f302bd24fea1c264c20dde81cf4262296fa8
b87d80258a5482c6c66a9920ef9890080563bfd09c7970cda90c1bdb84953eb8
b97d2c98f8bac4ee72d075d577db22903f83ae9a2742b9caef94f0842b459348
bfc1033f8bf0c49087d5bf1cbe0e953d89e598ff3d0a78eb51fd4e2a962d3559
bfcd7a262745ac2a8520d46dbe261c5db424c001970e9ebe83c440bfb48454f7
c02d2e4ee660f561338f717a6dc83745ea23c4ad356a57bdfee60c3643b25b1a
c2777526a216d9692dd29697ebee7836fe8ae65f3a290faa20b75b64c0625205
c3e8de427cbc287137277a64f5e336110650cb329468b9d5b0bd01920d2148e3
c8d813beffa369489dfef50cae363dac8dbf6f0d8d878c294d6c49e1872b0b6e
cdff7ea2f26f008c8ffb939f1cce521c1162deeb0ed943928194511f24355e95
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
d0367262ab3ec6ecc50a562ec98eab62a0784a3c75d5a7265ad4fcc261b9f6cc
d0fc97aadf3487ba739c96f3959bc6215760eedab71882aaf775f052be0c45ab
d339b60c6425d169916dbce3d813e090ac2cb3cd77b7c548cdf71b50b40b6e16
d539a6bdc5528f1d3b0f0cdbbd3d19db0a3d6c94416ab7b7e9bd575575adb574
d661244532ddce6a92fb96fde511e23ea4de69ff2e41a5bffb884caa71166e01
d92dbdfcb095883f6d4709d761169be4bf504b8d6022c07ced97a2d635260693
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e479b598dd3d43c96cfd067cab3a8fabb93a7a70feb6fdac87f597c57c73fd40
e6f4393698ab967e7123c55500523accbf40a672741bea808ad79df281254026
eaa4a94ea300e0d2c775968cbe42f0b5b51ceafdeb73d64e9efddf6d4e880865
eb3b1e539d74c7f394611ba0709676bb66c1c69715cdee3774a971f326c9a194
ee329ecb873757fb6150629a7fd6a9136f8900638111cad54fca9465d61173d7
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
ef69602a6e876c5efe14b8e1b04f6fc02d63d0380adc40b76fb07385851799f6
f270f24bc218342b7704aa359f208608552a3bcdddecb3d2acad634d93dbd46a
f342b3a2b1527943b31231eec77d35ca0f3368a37c044f29b0a30acce6acda58
f5ac04f16be2eb0fbb4477e9e100a88674bda296ce7acf2419ec2898858b37f1
f9ab450344ece1e1f68be1576a184ce306b97c98a746359dd8836290a5346adc
fa83ea26221705fbfcb3c4bcda2a339ba1e2491cca346ba7f190b55977bc1117
fcab803c6d01082f69e5510655ca566241f3a4fd3ee7aa1506b1308e2d069ccb
fcb871bfa7ae1daf23bcfb549938bff3ef1075a96e63d2a15397614a6691d3f1

adv-ref-was-sed.was-net-q8.xyz Open in urlscan Pro 2606:4700:3033::ac43:de87 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

183 Requests

93 %HTTPS

63 %IPv6

22 Domains

34 Subdomains

31 IPs

5 Countries

2787 kBTransfer

7246 kBSize

25 Cookies

76 Outgoing links

Page URL History

Redirected requests

183 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 9 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

adv-ref-was-sed.was-net-q8.xyz Open in urlscan Pro
2606:4700:3033::ac43:de87 Public Scan

Screenshot
Live screenshot

Full Image

183
Requests

93 %
HTTPS

63 %
IPv6

22
Domains

34
Subdomains

31
IPs

5
Countries

2787 kB
Transfer

7246 kB
Size

25
Cookies

183 HTTP transactions
9 data transactions