www.bestone-work.com Open in urlscan Pro
2606:4700:3030::ac43:da23 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://www.bestone-work.com/doc_WFBmaC9HUTJhOThXemNIMkhHMlhRUT09?fbclid=IwAR2toTevgLsppj6JOZjrSHBFdjHyazS0QA9jX7BxsXQ8IfaeND...
Submission: On November 04 via api (November 4th 2023, 2:29:54 pm UTC) from US — Scanned from DE

Summary HTTP 475 Redirects Links 9 Behaviour Indicators

Summary

This website contacted 73 IPs in 11 countries across 52 domains to perform 475 HTTP transactions. The main IP is 2606:4700:3030::ac43:da23, located in United States and belongs to CLOUDFLARENET, US. The main domain is www.bestone-work.com.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on December 7th 2022. Valid for: a year.

This is the only time www.bestone-work.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
3 22	2606:4700:303... 2606:4700:3030::ac43:da23	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	47.254.187.184 47.254.187.184	45102 (ALIBABA-C...) (ALIBABA-CN-NET Alibaba US Technology Co.)
23	2606:4700:303... 2606:4700:3035::6815:185c	13335 (CLOUDFLAR...) (CLOUDFLARENET)
65	2a00:1450:400... 2a00:1450:4001:828::2002	15169 (GOOGLE) (GOOGLE)
2	35.186.215.140 35.186.215.140	15169 (GOOGLE) (GOOGLE)
5	2a03:2880:f08... 2a03:2880:f084:105:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
2	2606:4700::68... 2606:4700::6811:190e	13335 (CLOUDFLAR...) (CLOUDFLARENET)
7	2a06:98c1:312... 2a06:98c1:3120::3	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	151.101.65.44 151.101.65.44	54113 (FASTLY) (FASTLY)
1	92.123.150.201 92.123.150.201	16625 (AKAMAI-AS) (AKAMAI-AS)
1	13.230.48.250 13.230.48.250	16509 (AMAZON-02) (AMAZON-02)
2 18	2a00:1450:400... 2a00:1450:4001:80e::2002	15169 (GOOGLE) (GOOGLE)
2	3.36.201.146 3.36.201.146	16509 (AMAZON-02) (AMAZON-02)
1	2a02:2638:3::c 2a02:2638:3::c	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
6	2606:4700:303... 2606:4700:3031::ac43:d208	13335 (CLOUDFLAR...) (CLOUDFLARENET)
4	141.226.228.48 141.226.228.48	200478 (TABOOLA-AS) (TABOOLA-AS)
1	2a00:1450:400... 2a00:1450:4001:82a::2002	15169 (GOOGLE) (GOOGLE)
1	119.28.16.172 119.28.16.172	132203 (TENCENT-N...) (TENCENT-NET-AP-CN Tencent Building)
2	2a00:1450:400... 2a00:1450:4001:803::2008	15169 (GOOGLE) (GOOGLE)
6	2a00:1450:400... 2a00:1450:4001:828::200a	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:806::200e	15169 (GOOGLE) (GOOGLE)
22	2600:9000:225... 2600:9000:2250:cc00:0:e06c:e940:93a1	16509 (AMAZON-02) (AMAZON-02)
2	2a03:2880:f17... 2a03:2880:f177:83:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
1	2001:4860:480... 2001:4860:4802:34::36	15169 (GOOGLE) (GOOGLE)
4	2a00:1450:400... 2a00:1450:4001:801::200a	15169 (GOOGLE) (GOOGLE)
1 48	2a00:1450:400... 2a00:1450:4001:82b::2001	15169 (GOOGLE) (GOOGLE)
8	2a00:1450:400... 2a00:1450:4001:813::2002	15169 (GOOGLE) (GOOGLE)
5	2a00:1450:400... 2a00:1450:4001:80f::2003	15169 (GOOGLE) (GOOGLE)
2	2a02:26f0:2c:... 2a02:26f0:2c::213:609a	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	52.222.149.123 52.222.149.123	16509 (AMAZON-02) (AMAZON-02)
3	116.50.36.71 116.50.36.71	() ()
6	52.196.35.8 52.196.35.8	16509 (AMAZON-02) (AMAZON-02)
3	34.95.67.231 34.95.67.231	() ()
3	54.250.3.213 54.250.3.213	16509 (AMAZON-02) (AMAZON-02)
13	203.75.214.136 203.75.214.136	3462 (HINET Dat...) (HINET Data Communication Business Group)
3 6	35.201.76.93 35.201.76.93	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
16 31	216.58.212.130 216.58.212.130	15169 (GOOGLE) (GOOGLE)
3	35.227.249.156 35.227.249.156	15169 (GOOGLE) (GOOGLE)
6	18.179.162.182 18.179.162.182	16509 (AMAZON-02) (AMAZON-02)
3	2a00:1288:80:... 2a00:1288:80:807::1	203220 (YAHOO-DEB) (YAHOO-DEB)
1	2a00:1450:400... 2a00:1450:4001:831::2003	15169 (GOOGLE) (GOOGLE)
1	2600:1901:0:e... 2600:1901:0:e207::	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
2	13.113.11.240 13.113.11.240	16509 (AMAZON-02) (AMAZON-02)
1 1	23.37.42.132 23.37.42.132	16625 (AKAMAI-AS) (AKAMAI-AS)
2	23.35.238.55 23.35.238.55	16625 (AKAMAI-AS) (AKAMAI-AS)
3	87.248.100.136 87.248.100.136	34010 (YAHOO-IRD) (YAHOO-IRD)
3	2a00:1288:110... 2a00:1288:110:c204::b000	34010 (YAHOO-IRD) (YAHOO-IRD)
14	142.250.185.194 142.250.185.194	15169 (GOOGLE) (GOOGLE)
40	2a00:1450:400... 2a00:1450:4001:808::2006	15169 (GOOGLE) (GOOGLE)
7 11	172.64.151.101 172.64.151.101	13335 (CLOUDFLAR...) (CLOUDFLARENET)
4 6	185.89.211.12 185.89.211.12	29990 (ASN-APPNEX) (ASN-APPNEX)
1	69.173.144.138 69.173.144.138	26667 (RUBICONPR...) (RUBICONPROJECT)
1 5	2a00:1450:400... 2a00:1450:4001:830::2004	15169 (GOOGLE) (GOOGLE)
11	2a02:2638:3::3 2a02:2638:3::3	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
6	103.132.192.30 103.132.192.30	138552 (RTBHOUSE-...) (RTBHOUSE-AS-AP RTB HOUSE PTE. LTD.)
6	210.59.219.34 210.59.219.34	3462 (HINET Dat...) (HINET Data Communication Business Group)
6 12	35.190.36.98 35.190.36.98	15169 (GOOGLE) (GOOGLE)
6 6	172.105.213.147 172.105.213.147	63949 (AKAMAI-LI...) (AKAMAI-LINODE-AP Akamai Connected Cloud)
12	2a02:2638:3::7 2a02:2638:3::7	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
9	2a00:1450:400... 2a00:1450:4001:82b::2002	15169 (GOOGLE) (GOOGLE)
6	2a00:1450:400... 2a00:1450:4001:81c::2001	15169 (GOOGLE) (GOOGLE)
2	34.98.64.218 34.98.64.218	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
2 6	2.16.97.41 2.16.97.41	16625 (AKAMAI-AS) (AKAMAI-AS)
1	3.75.62.37 3.75.62.37	16509 (AMAZON-02) (AMAZON-02)
1	2620:116:800d... 2620:116:800d:21:93ca:31d8:d86e:38f6	16509 (AMAZON-02) (AMAZON-02)
1 2	34.96.105.8 34.96.105.8	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1 1	85.114.159.118 85.114.159.118	24961 (MYLOC-AS ...) (MYLOC-AS IP Backbone of myLoc managed IT AG)
4 6	51.89.9.252 51.89.9.252	16276 (OVH) (OVH)
1 1	151.101.194.49 151.101.194.49	() ()
1	178.250.1.9 178.250.1.9	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
2 2	69.173.144.165 69.173.144.165	26667 (RUBICONPR...) (RUBICONPROJECT)
1	2600:9000:212... 2600:9000:2127:4600:1b:5138:8a40:93a1	16509 (AMAZON-02) (AMAZON-02)
2	185.86.139.103 185.86.139.103	201081 (SMARTADSE...) (SMARTADSERVER)
1	2a02:fa8:8806... 2a02:fa8:8806:12::1400	41041 (VCLK-EU-SE) (VCLK-EU-SE)
1	185.64.190.78 185.64.190.78	62713 (AS-PUBMATIC) (AS-PUBMATIC)
2 2	216.52.2.16 216.52.2.16	30282 (AS-INAPCD...) (AS-INAPCDN-OCY)
2 2	13.248.245.213 13.248.245.213	16509 (AMAZON-02) (AMAZON-02)
1	185.86.138.151 185.86.138.151	201081 (SMARTADSE...) (SMARTADSERVER)
1	2a02:26f0:350... 2a02:26f0:3500:11::215:14dc	() ()
475	73

22 2606:4700:3030::ac43:da23 (United States) 3 redirects

ASN13335 (CLOUDFLARENET, US)

www.bestone-work.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 47.254.187.184 (Frankfurt am Main, Germany)

ASN45102 (ALIBABA-CN-NET Alibaba US Technology Co., Ltd., CN)

cdn16.oss-accelerate.aliyuncs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

23 2606:4700:3035::6815:185c (United States)

ASN13335 (CLOUDFLARENET, US)

store.bestone-work.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
twstat.bestone-work.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
count.bestone-work.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
popup.bestone-work.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

65 2a00:1450:4001:828::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.186.215.140 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 140.215.186.35.bc.googleusercontent.com

ad.sitemaji.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a03:2880:f084:105:face:b00c:0:3 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6811:190e (United States)

ASN13335 (CLOUDFLARENET, US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2a06:98c1:3120::3 (United States)

ASN13335 (CLOUDFLARENET, US)

www.scupio.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 151.101.65.44 (United States)

ASN54113 (FASTLY, US)

cdn.taboola.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
trc.taboola.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 92.123.150.201 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a92-123-150-201.deploy.static.akamaitechnologies.com

static.dable.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.230.48.250 (Tokyo, Japan)

ASN16509 (AMAZON-02, US)
PTR: ec2-13-230-48-250.ap-northeast-1.compute.amazonaws.com

nt.compass-fit.jp	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

18 2a00:1450:4001:80e::2002 (Frankfurt am Main, Germany) 2 redirects

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 3.36.201.146 (Incheon, Korea, Republic Of)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-36-201-146.ap-northeast-2.compute.amazonaws.com

api.dable.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:2638:3::c (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

gum.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2606:4700:3031::ac43:d208 (United States)

ASN13335 (CLOUDFLARENET, US)

static.intentarget.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 141.226.228.48 (Netherlands)

ASN200478 (TABOOLA-AS, IL)

trc-events.taboola.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:82a::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

partner.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 119.28.16.172 (Hong Kong, Hong Kong)

ASN132203 (TENCENT-NET-AP-CN Tencent Building, Kejizhongyi Avenue, CN)

count.xxxssk.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:803::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a00:1450:4001:828::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

ajax.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:806::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

22 2600:9000:2250:cc00:0:e06c:e940:93a1 (United States)

ASN16509 (AMAZON-02, US)

cdn.holmesmind.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f177:83:face:b00c:0:25de (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:4860:4802:34::36 (United States)

ASN15169 (GOOGLE, US)

region1.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:801::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

48 2a00:1450:4001:82b::2001 (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2a00:1450:4001:813::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:80f::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a02:26f0:2c::213:609a (Düsseldorf, Germany)

ASN20940 (AKAMAI-ASN1, NL)

dmp.im-apps.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.222.149.123 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-52-222-149-123.cdg52.r.cloudfront.net

l.logly.co.jp	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 116.50.36.71 (None, )

ASN- ()

cm.lndata.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 52.196.35.8 (Tokyo, Japan)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-196-35-8.ap-northeast-1.compute.amazonaws.com

cm-dev-poc.holmesmind.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 34.95.67.231 (None, )

ASN- ()

fcm.holmesmind.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 54.250.3.213 (Tokyo, Japan)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-250-3-213.ap-northeast-1.compute.amazonaws.com

fcm2.holmesmind.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

13 203.75.214.136 (Taiwan)

ASN3462 (HINET Data Communication Business Group, TW)
PTR: 203-75-214-136.hinet-ip.hinet.net

t.ssp.hinet.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
b48f03a6-b6fe-4d71-9574-fe50a5d3aa40.t.ssp.hinet.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
1ec7d22b-2a91-45b9-8e83-5d594383f546.t.ssp.hinet.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 35.201.76.93 (Kansas City, United States) 3 redirects

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 93.76.201.35.bc.googleusercontent.com

c.holmesmind.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

31 216.58.212.130 (United States) 16 redirects

ASN15169 (GOOGLE, US)
PTR: ams15s21-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 35.227.249.156 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 156.249.227.35.bc.googleusercontent.com

m.holmesmind.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 18.179.162.182 (Tokyo, Japan)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-179-162-182.ap-northeast-1.compute.amazonaws.com

adcdn.holmesmind.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
ad.holmesmind.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1288:80:807::1 (United Kingdom)

ASN203220 (YAHOO-DEB, GB)

s.yimg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:831::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:1901:0:e207:: (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)

audiencedata.im-apps.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 13.113.11.240 (Tokyo, Japan)

ASN16509 (AMAZON-02, US)
PTR: ec2-13-113-11-240.ap-northeast-1.compute.amazonaws.com

sync.logly.co.jp	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 23.37.42.132 (Frankfurt am Main, Germany) 1 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a23-37-42-132.deploy.static.akamaitechnologies.com

secure-assets.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 23.35.238.55 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a23-35-238-55.deploy.static.akamaitechnologies.com

eus.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 87.248.100.136 (Dublin, Ireland)

ASN34010 (YAHOO-IRD, GB)
PTR: o1.ycpi.vip.ir2.yahoo.com

ads.yap.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1288:110:c204::b000 (United Kingdom)

ASN34010 (YAHOO-IRD, GB)

geo.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

14 142.250.185.194 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s52-in-f2.1e100.net

www.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
googleads4.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

40 2a00:1450:4001:808::2006 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

s0.2mdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 172.64.151.101 (United States) 7 redirects

ASN13335 (CLOUDFLARENET, US)

dsum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
ssum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 185.89.211.12 (Frankfurt am Main, Germany) 4 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 947.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 69.173.144.138 (Frankfurt am Main, Germany)

ASN26667 (RUBICONPROJECT, US)

token.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:830::2004 (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 2a02:2638:3::3 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

static.criteo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 103.132.192.30 (Singapore)

ASN138552 (RTBHOUSE-AS-AP RTB HOUSE PTE. LTD., SG)
PTR: ip-103-132-192-30.rtbhouse.net

prebid-asia.creativecdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 210.59.219.34 (Taichung, Taiwan)

ASN3462 (HINET Data Communication Business Group, TW)
PTR: 210-59-219-34.hinet-ip.hinet.net

prebid.scupio.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 35.190.36.98 (Kansas City, United States) 6 redirects

ASN15169 (GOOGLE, US)
PTR: 98.36.190.35.bc.googleusercontent.com

ad2.apx.appier.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 172.105.213.147 (Tokyo, Japan) 6 redirects

ASN63949 (AKAMAI-LINODE-AP Akamai Connected Cloud, SG)
PTR: li1867-147.members.linode.com

gocm.c.appier.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 2a02:2638:3::7 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

bidder.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 2a00:1450:4001:82b::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a00:1450:4001:81c::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

ad75d8a6f6312b049d5445096012f93d.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
29878dff826212eb6f9b86cfaeef62e8.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
0ac3468258a2676e4f5363caa7d6254b.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.98.64.218 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 218.64.98.34.bc.googleusercontent.com

us-u.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2.16.97.41 (Frankfurt am Main, Germany) 2 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a2-16-97-41.deploy.static.akamaitechnologies.com

sync.teads.tv	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 3.75.62.37 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-75-62-37.eu-central-1.compute.amazonaws.com

ups.analytics.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2620:116:800d:21:93ca:31d8:d86e:38f6 (United States)

ASN16509 (AMAZON-02, US)

cms.quantserve.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.96.105.8 (Kansas City, United States) 1 redirects

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 8.105.96.34.bc.googleusercontent.com

tr.blismedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 85.114.159.118 (Mössingen, Germany) 1 redirects

ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE)
PTR: dsp.adfarm1.adition.com

dsp.adfarm1.adition.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 51.89.9.252 (London, United Kingdom) 4 redirects

ASN16276 (OVH, FR)
PTR: ip252.ip-51-89-9.eu

onetag-sys.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.194.49 (None, ) 1 redirects

ASN- ()

sync-tm.everesttech.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 178.250.1.9 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

dis.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 69.173.144.165 (Frankfurt am Main, Germany) 2 redirects

ASN26667 (RUBICONPROJECT, US)

pixel.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:2127:4600:1b:5138:8a40:93a1 (United States)

ASN16509 (AMAZON-02, US)

s.ad.smaato.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 185.86.139.103 (France)

ASN201081 (SMARTADSERVER, FR)

rtb-csync.smartadserver.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:fa8:8806:12::1400 (Singapore)

ASN41041 (VCLK-EU-SE, US)

dclk-match.dotomi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.64.190.78 (United Kingdom)

ASN62713 (AS-PUBMATIC, US)

image6.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 216.52.2.16 (New York, United States) 2 redirects

ASN30282 (AS-INAPCDN-OCY, US)

ap.lijit.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 13.248.245.213 (United States) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: a0f671730127a0812.awsglobalaccelerator.com

eb2.3lift.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.86.138.151 (France)

ASN201081 (SMARTADSERVER, FR)

ssbsync.smartadserver.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:3500:11::215:14dc (None, )

ASN- ()

code.createjs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
119	googlesyndication.com 1 redirects pagead2.googlesyndication.com — Cisco Umbrella Rank: 97 tpc.googlesyndication.com — Cisco Umbrella Rank: 149 ad75d8a6f6312b049d5445096012f93d.safeframe.googlesyndication.com 29878dff826212eb6f9b86cfaeef62e8.safeframe.googlesyndication.com 0ac3468258a2676e4f5363caa7d6254b.safeframe.googlesyndication.com	973 KB
68	doubleclick.net 18 redirects googleads.g.doubleclick.net — Cisco Umbrella Rank: 33 cm.g.doubleclick.net — Cisco Umbrella Rank: 245 googleads4.g.doubleclick.net — Cisco Umbrella Rank: 439 securepubads.g.doubleclick.net — Cisco Umbrella Rank: 196	859 KB
49	holmesmind.com 3 redirects cdn.holmesmind.com — Cisco Umbrella Rank: 99095 cm-dev-poc.holmesmind.com — Cisco Umbrella Rank: 140223 fcm.holmesmind.com fcm2.holmesmind.com — Cisco Umbrella Rank: 131344 c.holmesmind.com — Cisco Umbrella Rank: 98234 m.holmesmind.com — Cisco Umbrella Rank: 148053 adcdn.holmesmind.com — Cisco Umbrella Rank: 144394 ad.holmesmind.com — Cisco Umbrella Rank: 93797	178 KB
45	bestone-work.com 3 redirects www.bestone-work.com store.bestone-work.com twstat.bestone-work.com count.bestone-work.com popup.bestone-work.com	1 MB
40	2mdn.net s0.2mdn.net — Cisco Umbrella Rank: 300	1 MB
18	appier.net 12 redirects ad2.apx.appier.net — Cisco Umbrella Rank: 47637 gocm.c.appier.net — Cisco Umbrella Rank: 2603	3 KB
14	criteo.com gum.criteo.com — Cisco Umbrella Rank: 454 bidder.criteo.com — Cisco Umbrella Rank: 757 dis.criteo.com — Cisco Umbrella Rank: 597	3 KB
13	hinet.net t.ssp.hinet.net — Cisco Umbrella Rank: 74825 b48f03a6-b6fe-4d71-9574-fe50a5d3aa40.t.ssp.hinet.net 1ec7d22b-2a91-45b9-8e83-5d594383f546.t.ssp.hinet.net	13 KB
11	criteo.net static.criteo.net — Cisco Umbrella Rank: 668	128 KB
11	casalemedia.com 7 redirects dsum-sec.casalemedia.com — Cisco Umbrella Rank: 625 ssum-sec.casalemedia.com — Cisco Umbrella Rank: 486	6 KB
10	googleapis.com ajax.googleapis.com — Cisco Umbrella Rank: 364 fonts.googleapis.com — Cisco Umbrella Rank: 31	494 KB
8	googletagservices.com www.googletagservices.com — Cisco Umbrella Rank: 212	475 KB
7	yahoo.com ads.yap.yahoo.com — Cisco Umbrella Rank: 18467 geo.yahoo.com — Cisco Umbrella Rank: 1552 ups.analytics.yahoo.com — Cisco Umbrella Rank: 327	2 KB
7	taboola.com cdn.taboola.com — Cisco Umbrella Rank: 1136 trc.taboola.com — Cisco Umbrella Rank: 705 trc-events.taboola.com — Cisco Umbrella Rank: 2170	226 KB
7	scupio.net www.scupio.net — Cisco Umbrella Rank: 230251	13 KB
6	onetag-sys.com 4 redirects onetag-sys.com — Cisco Umbrella Rank: 746	2 KB
6	teads.tv 2 redirects sync.teads.tv — Cisco Umbrella Rank: 1403	1 KB
6	scupio.com prebid.scupio.com — Cisco Umbrella Rank: 85892	1 KB
6	creativecdn.com prebid-asia.creativecdn.com — Cisco Umbrella Rank: 22680	1 KB
6	adnxs.com 4 redirects ib.adnxs.com — Cisco Umbrella Rank: 246	4 KB
6	rubiconproject.com 3 redirects secure-assets.rubiconproject.com — Cisco Umbrella Rank: 969 eus.rubiconproject.com — Cisco Umbrella Rank: 602 token.rubiconproject.com — Cisco Umbrella Rank: 458 pixel.rubiconproject.com — Cisco Umbrella Rank: 376	15 KB
6	gstatic.com www.gstatic.com fonts.gstatic.com	62 KB
6	intentarget.com static.intentarget.com — Cisco Umbrella Rank: 283054	17 KB
5	google.com 1 redirects www.google.com — Cisco Umbrella Rank: 2	2 KB
5	googleadservices.com partner.googleadservices.com — Cisco Umbrella Rank: 1181 www.googleadservices.com — Cisco Umbrella Rank: 145	609 B
5	facebook.net connect.facebook.net — Cisco Umbrella Rank: 174	249 KB
3	smartadserver.com rtb-csync.smartadserver.com — Cisco Umbrella Rank: 733 ssbsync.smartadserver.com — Cisco Umbrella Rank: 774	302 B
3	yimg.com s.yimg.com — Cisco Umbrella Rank: 648	91 KB
3	lndata.com cm.lndata.com	1 KB
3	logly.co.jp l.logly.co.jp — Cisco Umbrella Rank: 65572 sync.logly.co.jp — Cisco Umbrella Rank: 71941	2 KB
3	im-apps.net dmp.im-apps.net — Cisco Umbrella Rank: 26793 audiencedata.im-apps.net — Cisco Umbrella Rank: 30155	3 KB
3	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 27 region1.google-analytics.com — Cisco Umbrella Rank: 2462	21 KB
3	dable.io static.dable.io — Cisco Umbrella Rank: 29332 api.dable.io — Cisco Umbrella Rank: 27015	25 KB
2	3lift.com 2 redirects eb2.3lift.com — Cisco Umbrella Rank: 417	954 B
2	lijit.com 2 redirects ap.lijit.com — Cisco Umbrella Rank: 683	1 KB
2	blismedia.com 1 redirects tr.blismedia.com — Cisco Umbrella Rank: 1824	575 B
2	openx.net us-u.openx.net — Cisco Umbrella Rank: 522	418 B
2	facebook.com www.facebook.com — Cisco Umbrella Rank: 110
2	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 35	145 KB
2	cloudflare.com cdnjs.cloudflare.com — Cisco Umbrella Rank: 223	16 KB
2	sitemaji.com ad.sitemaji.com — Cisco Umbrella Rank: 105045	25 KB
1	createjs.com code.createjs.com	63 KB
1	pubmatic.com image6.pubmatic.com — Cisco Umbrella Rank: 823	166 B
1	dotomi.com dclk-match.dotomi.com — Cisco Umbrella Rank: 3451	104 B
1	smaato.net s.ad.smaato.net — Cisco Umbrella Rank: 716	236 B
1	everesttech.net 1 redirects sync-tm.everesttech.net	545 B
1	adition.com 1 redirects dsp.adfarm1.adition.com — Cisco Umbrella Rank: 1533	584 B
1	quantserve.com cms.quantserve.com — Cisco Umbrella Rank: 764	463 B
1	xxxssk.com count.xxxssk.com — Cisco Umbrella Rank: 186586	565 B
1	compass-fit.jp nt.compass-fit.jp — Cisco Umbrella Rank: 106732	17 KB
1	aliyuncs.com cdn16.oss-accelerate.aliyuncs.com — Cisco Umbrella Rank: 214176	60 KB
0	spotxchange.com Failed sync.search.spotxchange.com Failed
475	52

	Domain	Requested by
65	pagead2.googlesyndication.com	www.bestone-work.com pagead2.googlesyndication.com googleads.g.doubleclick.net tpc.googlesyndication.com www.googletagservices.com s0.2mdn.net securepubads.g.doubleclick.net 0ac3468258a2676e4f5363caa7d6254b.safeframe.googlesyndication.com 29878dff826212eb6f9b86cfaeef62e8.safeframe.googlesyndication.com
48	tpc.googlesyndication.com	1 redirects googleads.g.doubleclick.net www.bestone-work.com tpc.googlesyndication.com s0.2mdn.net securepubads.g.doubleclick.net
40	s0.2mdn.net	www.bestone-work.com s0.2mdn.net ad75d8a6f6312b049d5445096012f93d.safeframe.googlesyndication.com
31	cm.g.doubleclick.net	16 redirects googleads.g.doubleclick.net 0ac3468258a2676e4f5363caa7d6254b.safeframe.googlesyndication.com www.bestone-work.com 29878dff826212eb6f9b86cfaeef62e8.safeframe.googlesyndication.com ad75d8a6f6312b049d5445096012f93d.safeframe.googlesyndication.com
22	cdn.holmesmind.com	ad.sitemaji.com cdn.holmesmind.com ad.holmesmind.com
22	www.bestone-work.com	3 redirects www.bestone-work.com
19	store.bestone-work.com	www.bestone-work.com
18	googleads.g.doubleclick.net	2 redirects pagead2.googlesyndication.com www.bestone-work.com googleads.g.doubleclick.net
12	bidder.criteo.com	static.criteo.net
12	ad2.apx.appier.net	6 redirects www.bestone-work.com
11	static.criteo.net	cdn.holmesmind.com www.bestone-work.com static.criteo.net
11	t.ssp.hinet.net	cdn.holmesmind.com t.ssp.hinet.net
10	googleads4.g.doubleclick.net	www.bestone-work.com
10	dsum-sec.casalemedia.com	6 redirects googleads.g.doubleclick.net
9	securepubads.g.doubleclick.net	www.bestone-work.com securepubads.g.doubleclick.net
8	www.googletagservices.com	googleads.g.doubleclick.net www.bestone-work.com
7	www.scupio.net	www.bestone-work.com static.intentarget.com www.scupio.net
6	onetag-sys.com	4 redirects 0ac3468258a2676e4f5363caa7d6254b.safeframe.googlesyndication.com ad75d8a6f6312b049d5445096012f93d.safeframe.googlesyndication.com
6	sync.teads.tv	2 redirects googleads.g.doubleclick.net 0ac3468258a2676e4f5363caa7d6254b.safeframe.googlesyndication.com 29878dff826212eb6f9b86cfaeef62e8.safeframe.googlesyndication.com
6	gocm.c.appier.net	6 redirects
6	prebid.scupio.com	cdn.holmesmind.com
6	prebid-asia.creativecdn.com	cdn.holmesmind.com
6	ib.adnxs.com	4 redirects googleads.g.doubleclick.net
6	c.holmesmind.com	3 redirects cdn.holmesmind.com
6	cm-dev-poc.holmesmind.com	cdn.holmesmind.com
6	ajax.googleapis.com	static.intentarget.com api.dable.io s0.2mdn.net
6	static.intentarget.com	www.bestone-work.com static.intentarget.com
5	www.google.com	1 redirects tpc.googlesyndication.com www.bestone-work.com
5	www.gstatic.com	googleads.g.doubleclick.net
5	connect.facebook.net	www.bestone-work.com connect.facebook.net fcm2.holmesmind.com
4	www.googleadservices.com	www.bestone-work.com
4	fonts.googleapis.com	googleads.g.doubleclick.net
4	trc-events.taboola.com	www.bestone-work.com cdn.taboola.com
3	ad.holmesmind.com	cdn.holmesmind.com
3	geo.yahoo.com	www.bestone-work.com s.yimg.com
3	ads.yap.yahoo.com	s.yimg.com
3	s.yimg.com	www.bestone-work.com
3	adcdn.holmesmind.com	cdn.holmesmind.com
3	m.holmesmind.com	cdn.holmesmind.com
3	fcm2.holmesmind.com	cdn.holmesmind.com
3	fcm.holmesmind.com	cdn.holmesmind.com
3	cm.lndata.com	cdn.holmesmind.com
2	eb2.3lift.com	2 redirects
2	ap.lijit.com	2 redirects
2	rtb-csync.smartadserver.com	googleads.g.doubleclick.net
2	pixel.rubiconproject.com	2 redirects
2	tr.blismedia.com	1 redirects 0ac3468258a2676e4f5363caa7d6254b.safeframe.googlesyndication.com
2	us-u.openx.net	googleads.g.doubleclick.net
2	0ac3468258a2676e4f5363caa7d6254b.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
2	29878dff826212eb6f9b86cfaeef62e8.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
2	ad75d8a6f6312b049d5445096012f93d.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
2	eus.rubiconproject.com	nt.compass-fit.jp eus.rubiconproject.com
2	sync.logly.co.jp	nt.compass-fit.jp sync.logly.co.jp
2	dmp.im-apps.net	nt.compass-fit.jp dmp.im-apps.net
2	www.facebook.com	connect.facebook.net
2	www.google-analytics.com	www.googletagmanager.com www.google-analytics.com
2	www.googletagmanager.com	www.scupio.net www.googletagmanager.com
2	api.dable.io	static.dable.io
2	cdn.taboola.com	www.bestone-work.com cdn.taboola.com
2	twstat.bestone-work.com	www.bestone-work.com
2	cdnjs.cloudflare.com	www.bestone-work.com
2	ad.sitemaji.com	www.bestone-work.com
1	code.createjs.com	s0.2mdn.net
1	ssbsync.smartadserver.com	ad75d8a6f6312b049d5445096012f93d.safeframe.googlesyndication.com
1	image6.pubmatic.com	ad75d8a6f6312b049d5445096012f93d.safeframe.googlesyndication.com
1	dclk-match.dotomi.com	ad75d8a6f6312b049d5445096012f93d.safeframe.googlesyndication.com
1	s.ad.smaato.net	29878dff826212eb6f9b86cfaeef62e8.safeframe.googlesyndication.com
1	dis.criteo.com	29878dff826212eb6f9b86cfaeef62e8.safeframe.googlesyndication.com
1	sync-tm.everesttech.net	1 redirects
1	ssum-sec.casalemedia.com	1 redirects
1	dsp.adfarm1.adition.com	1 redirects
1	cms.quantserve.com	0ac3468258a2676e4f5363caa7d6254b.safeframe.googlesyndication.com
1	ups.analytics.yahoo.com	googleads.g.doubleclick.net
1	1ec7d22b-2a91-45b9-8e83-5d594383f546.t.ssp.hinet.net	cdn.holmesmind.com
1	b48f03a6-b6fe-4d71-9574-fe50a5d3aa40.t.ssp.hinet.net	www.bestone-work.com
1	token.rubiconproject.com	eus.rubiconproject.com
1	secure-assets.rubiconproject.com	1 redirects
1	audiencedata.im-apps.net	dmp.im-apps.net
1	fonts.gstatic.com	fonts.googleapis.com
1	l.logly.co.jp	nt.compass-fit.jp
1	region1.google-analytics.com	www.googletagmanager.com
1	count.xxxssk.com	www.bestone-work.com
1	partner.googleadservices.com	pagead2.googlesyndication.com
1	trc.taboola.com	cdn.taboola.com
1	gum.criteo.com	cdn.taboola.com
1	nt.compass-fit.jp	www.bestone-work.com
1	static.dable.io	www.bestone-work.com
1	popup.bestone-work.com	www.bestone-work.com
1	count.bestone-work.com	www.bestone-work.com
1	cdn16.oss-accelerate.aliyuncs.com	www.bestone-work.com
0	sync.search.spotxchange.com Failed	googleads.g.doubleclick.net
475	91

This site contains links to these domains. Also see Links.

Domain
histvb.com
effort-us.com

Subject Issuer	Validity	Valid
www.bestone-work.com Cloudflare Inc ECC CA-3	`2022-12-07` - `2023-12-07`	a year	crt.sh
*.oss-eu-central-1.aliyuncs.com GlobalSign Organization Validation CA - SHA256 - G3	`2023-07-07` - `2024-03-02`	8 months	crt.sh
bestone-work.com E1	`2023-09-14` - `2023-12-13`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2023-10-16` - `2024-01-08`	3 months	crt.sh
feebee.com.tw R3	`2023-09-05` - `2023-12-04`	3 months	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2023-08-13` - `2023-11-11`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2023-07-03` - `2024-07-02`	a year	crt.sh
scupio.net E1	`2023-09-07` - `2023-12-06`	3 months	crt.sh
*.taboola.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-10-23` - `2024-11-22`	a year	crt.sh
static.dable.io R3	`2023-09-19` - `2023-12-18`	3 months	crt.sh
*.compass-fit.jp GlobalSign RSA OV SSL CA 2018	`2023-04-11` - `2024-05-12`	a year	crt.sh
*.dable.io Sectigo ECC Domain Validation Secure Server CA	`2023-10-27` - `2024-11-25`	a year	crt.sh
*.criteo.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-09-26` - `2023-12-23`	3 months	crt.sh
intentarget.com GTS CA 1P5	`2023-09-28` - `2023-12-27`	3 months	crt.sh
*.googleadservices.com GTS CA 1C3	`2023-10-16` - `2024-01-08`	3 months	crt.sh
count.xxxssk.com TrustAsia RSA DV TLS CA G2	`2023-05-05` - `2024-05-04`	a year	crt.sh
*.google-analytics.com GTS CA 1C3	`2023-10-16` - `2024-01-08`	3 months	crt.sh
upload.video.google.com GTS CA 1C3	`2023-10-16` - `2024-01-08`	3 months	crt.sh
*.holmesmind.com Go Daddy Secure Certificate Authority - G2	`2023-05-19` - `2024-06-19`	a year	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2023-10-16` - `2024-01-08`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2023-10-16` - `2024-01-08`	3 months	crt.sh
*.im-apps.net DigiCert TLS RSA SHA256 2020 CA1	`2023-04-13` - `2024-04-13`	a year	crt.sh
*.logly.co.jp Amazon RSA 2048 M02	`2023-04-05` - `2024-05-04`	a year	crt.sh
*.lndata.com GeoTrust RSA CA 2018	`2022-11-23` - `2023-12-24`	a year	crt.sh
*.t.ssp.hinet.net	`2023-04-06` - `2024-04-06`	a year	crt.sh
*.api.fantasysports.yahoo.com DigiCert SHA2 High Assurance Server CA	`2023-09-25` - `2023-11-15`	2 months	crt.sh
audiencedata.im-apps.net GTS CA 1D4	`2023-10-05` - `2024-01-03`	3 months	crt.sh
*.rubiconproject.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2023-03-07` - `2024-04-03`	a year	crt.sh
*.pubgw.ads.yahoo.com DigiCert SHA2 High Assurance Server CA	`2023-09-25` - `2023-11-15`	2 months	crt.sh
yahoo.com DigiCert SHA2 High Assurance Server CA	`2023-09-26` - `2024-03-20`	6 months	crt.sh
*.doubleclick.net GTS CA 1C3	`2023-10-16` - `2024-01-08`	3 months	crt.sh
www.googleadservices.com GTS CA 1C3	`2023-10-16` - `2024-01-08`	3 months	crt.sh
*.criteo.net DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-10-09` - `2024-01-06`	3 months	crt.sh
*.creativecdn.com RapidSSL TLS RSA CA G1	`2023-03-29` - `2024-04-28`	a year	crt.sh
*.scupio.com Sectigo RSA Organization Validation Secure Server CA	`2023-09-27` - `2024-10-27`	a year	crt.sh
www.google.com GTS CA 1C3	`2023-10-16` - `2024-01-08`	3 months	crt.sh
*.google.com GTS CA 1C3	`2023-10-16` - `2024-01-08`	3 months	crt.sh
*.openx.net RapidSSL TLS RSA CA G1	`2023-08-18` - `2024-08-18`	a year	crt.sh
teads.tv R3	`2023-11-03` - `2024-02-01`	3 months	crt.sh
ups.analytics.yahoo.com DigiCert SHA2 High Assurance Server CA	`2023-08-03` - `2024-01-24`	6 months	crt.sh
quantserve.com R3	`2023-10-28` - `2024-01-26`	3 months	crt.sh
tr.blismedia.com GTS CA 1D4	`2023-10-04` - `2024-01-02`	3 months	crt.sh
s.ad.smaato.net Amazon RSA 2048 M03	`2023-09-04` - `2024-10-02`	a year	crt.sh
*.smartadserver.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2023-01-21` - `2024-01-23`	a year	crt.sh
*.dotomi.com GlobalSign RSA OV SSL CA 2018	`2023-08-15` - `2024-09-15`	a year	crt.sh
*.pubmatic.com DigiCert Baltimore TLS RSA SHA256 2020 CA1	`2023-04-20` - `2024-05-20`	a year	crt.sh
tls.adobe.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2023-02-08` - `2024-03-10`	a year	crt.sh

This page contains 76 frames:

Primary Page: https://www.bestone-work.com/doc_WFBmaC9HUTJhOThXemNIMkhHMlhRUT09?fbclid=IwAR2toTevgLsppj6JOZjrSHBFdjHyazS0QA9jX7BxsXQ8IfaeNDAa-hnA6Bs
Frame ID: 08F51A7F4C69CDDB1BBBD99B2BB85BB0
Requests: 75 HTTP requests in this frame

Frame: https://www.bestone-work.com/gmifr_lei.html
Frame ID: 29598A7680355E47FE6084D9E10549F7
Requests: 4 HTTP requests in this frame

Frame: https://www.bestone-work.com/gmifr_lei.html
Frame ID: 9CBA8413F519F4FEAFE76C1BBB5AA4A5
Requests: 4 HTTP requests in this frame

Frame: https://www.bestone-work.com/gmifr_lei.html
Frame ID: C32F01A4261B0EC7486E2D59FAC721B4
Requests: 4 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20231101/r20190131/zrt_lookup.html
Frame ID: A0736D03A9FFACF2C074DB95F4D1C564
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3098793998441432&output=html&adk=1812271804&adf=3025194257&lmt=1699108183&plat=9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C41%3A32%2C42%3A32&plas=212x945_l%7C212x945_r&format=0x0&url=https%3A%2F%2Fwww.bestone-work.com%2Fdoc_WFBmaC9HUTJhOThXemNIMkhHMlhRUT09%3Ffbclid%3DIwAR2toTevgLsppj6JOZjrSHBFdjHyazS0QA9jX7BxsXQ8IfaeNDAa-hnA6Bs&ea=0&pra=5&wgl=1&easpi=0&asro=0&asiscm=1&aslmt=0.4&asamt=-1&asedf=0&asefa=1&aseiel=1~2&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1699108183041&bpp=5&bdt=1218&idt=309&shv=r20231101&mjsv=m202310310101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=2761362793210&frm=20&pv=2&ga_vid=480937667.1699108183&ga_sid=1699108183&ga_hid=1853131435&ga_fc=0&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C31079266%2C42532334%2C44785293%2C44795921%2C44807048%2C44807336%2C44807455%2C44807461%2C31078297%2C31079355%2C31079382%2C44807753%2C31079156&oid=2&pvsid=3811317344055165&tmod=1966486662&uas=0&nvt=1&fsapi=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=1&uci=a!1&fsb=1&dtd=353
Frame ID: D1210FE39FA6F6C826FB5BBD08A3ED51
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3098793998441432&output=html&h=280&slotname=2221091893&adk=4126388737&adf=692969693&pi=t.ma~as.2221091893&w=700&fwrn=4&fwrnh=100&lmt=1699108183&rafmt=1&format=700x280&url=https%3A%2F%2Fwww.bestone-work.com%2Fdoc_WFBmaC9HUTJhOThXemNIMkhHMlhRUT09%3Ffbclid%3DIwAR2toTevgLsppj6JOZjrSHBFdjHyazS0QA9jX7BxsXQ8IfaeNDAa-hnA6Bs&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1699108183046&bpp=8&bdt=1223&idt=358&shv=r20231101&mjsv=m202310310101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=2761362793210&frm=20&pv=1&ga_vid=480937667.1699108183&ga_sid=1699108183&ga_hid=1853131435&ga_fc=0&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=285&ady=316&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C31079266%2C42532334%2C44785293%2C44795921%2C44807048%2C44807336%2C44807455%2C44807461%2C31078297%2C31079355%2C31079382%2C44807753%2C31079156&oid=2&pvsid=3811317344055165&tmod=1966486662&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=a!2&fsb=1&xpc=c8j7T7Bdi2&p=https%3A//www.bestone-work.com&dtd=384
Frame ID: 05C599E58E7C3EB6599C026D605CAEE0
Requests: 14 HTTP requests in this frame

Frame: https://api.dable.io/widgets/id/goP0dJoQ/users/00000000.0000000000000?from=https%3A%2F%2Fwww.bestone-work.com%2Fdoc_WFBmaC9HUTJhOThXemNIMkhHMlhRUT09%3Ffbclid%3DIwAR2toTevgLsppj6JOZjrSHBFdjHyazS0QA9jX7BxsXQ8IfaeNDAa-hnA6Bs&url=https%3A%2F%2Fwww.bestone-work.com%2Fdoc_WFBmaC9HUTJhOThXemNIMkhHMlhRUT09%3Ffbclid%3DIwAR2toTevgLsppj6JOZjrSHBFdjHyazS0QA9jX7BxsXQ8IfaeNDAa-hnA6Bs&ref=&cid=00000000.0000000000000&uid=00000000.0000000000000&site=sddmovie.com%2Fpal-mate&gdpr=1&service_id=10086&service_type=news&country=TW&client_id=2011&lazyload_widget_ids=%5B%5D&randomStr=83cb9679-e6ae-4cf0-bfd0-802cde354873&id=dablewidget_goP0dJoQ&category1=%E6%96%B0%E6%89%8B%E6%8C%87%E5%8D%97&author=0&item_id=5141933&item_pub_date=2023-11-02&pixel_ratio=1&client_width=700&network=non-wifi&lang=en&is_top_win=1&top_win_accessible=1&is_lazyload=0
Frame ID: 231C1F99A4A948C14C8B1B8F086564AA
Requests: 2 HTTP requests in this frame

Frame: https://www.facebook.com/v12.0/plugins/comments.php?app_id=1001839627068325&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df88da033ec318c%26domain%3Dwww.bestone-work.com%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fwww.bestone-work.com%252Ff3ced1166ec65fc%26relation%3Dparent.parent&container_width=700&height=100&href=http%3A%2F%2Fwww.bestone-work.com%2Fdoc_WFBmaC9HUTJhOThXemNIMkhHMlhRUT09%3Ffbclid%3DIwAR2toTevgLsppj6JOZjrSHBFdjHyazS0QA9jX7BxsXQ8IfaeNDAa-hnA6Bs&locale=zh_TW&numposts=3&sdk=joey&version=v12.0&width=
Frame ID: 988920EB92253FBDAB55FF694FAA1ACD
Requests: 1 HTTP requests in this frame

Frame: https://www.facebook.com/v12.0/plugins/comments.php?app_id=1001839627068325&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df70e888344e66%26domain%3Dwww.bestone-work.com%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fwww.bestone-work.com%252Ff3ced1166ec65fc%26relation%3Dparent.parent&container_width=0&height=100&href=http%3A%2F%2Fwww.bestone-work.com%2Fdoc_WFBmaC9HUTJhOThXemNIMkhHMlhRUT09%3Ffbclid%3DIwAR2toTevgLsppj6JOZjrSHBFdjHyazS0QA9jX7BxsXQ8IfaeNDAa-hnA6Bs&locale=zh_TW&numposts=3&sdk=joey&version=v12.0&width=550
Frame ID: 2EB9902CF8EC4B8CEDFC6C85EBC10FD7
Requests: 1 HTTP requests in this frame

Frame: https://cdn.holmesmind.com/js/capmapping.htm
Frame ID: 6DB94AB0032DF851C9C05A60AC7A0918
Requests: 11 HTTP requests in this frame

Frame: https://cdn.holmesmind.com/js/presetfn.js?20230627
Frame ID: 50851DF02E4C71B824EF4F98B77F379F
Requests: 23 HTTP requests in this frame

Frame: https://cdn.holmesmind.com/js/presetfn.js?20230627
Frame ID: 95D824553F25167D3D1F708702B8239C
Requests: 23 HTTP requests in this frame

Frame: https://cdn.holmesmind.com/js/presetfn.js?20230627
Frame ID: E331BCD5C4C6EFE168074620F07FB765
Requests: 28 HTTP requests in this frame

Frame: https://cdn.holmesmind.com/js/capmapping.htm
Frame ID: 7F00E8DB00F4F4F03AC84EA4645F904E
Requests: 7 HTTP requests in this frame

Frame: https://cdn.holmesmind.com/js/capmapping.htm
Frame ID: 955D24C914992B618A5463A04138D2FA
Requests: 7 HTTP requests in this frame

Frame: https://www.scupio.net/track/kangleigm/js/gemini_2getherclick_ifr.js?size=336280&cssHost=//www.scupio.net/track/kangleigm/css/&cssUrl=//www.scupio.net/track/kangleigm/css/336280_4.css&aid=0&apiKey=CK4PB4R8D4RGY8DZQ5CS&sectionCode=7fa91bc8-8090-42fc-9d6f-8414b9834b15
Frame ID: CBC9C1A6462A057B5A5CAB022DC54B9A
Requests: 5 HTTP requests in this frame

Frame: https://cm-dev-poc.holmesmind.com/fp
Frame ID: B17AA5C5935A8C53EE0A25E3913FDF9D
Requests: 1 HTTP requests in this frame

Frame: https://fcm.holmesmind.com/cm.php
Frame ID: D47CB82E5687C4F09E9EBAEB54FA74A4
Requests: 1 HTTP requests in this frame

Frame: https://cm-dev-poc.holmesmind.com/fp
Frame ID: 5A581C220F09926FA041BF653943035A
Requests: 1 HTTP requests in this frame

Frame: https://fcm.holmesmind.com/cm.php
Frame ID: 76E953AC447004B3EB315CA3E93EE844
Requests: 1 HTTP requests in this frame

Frame: https://cm-dev-poc.holmesmind.com/fp
Frame ID: E5841FC122CFDB5641C0ADDEB070B671
Requests: 1 HTTP requests in this frame

Frame: https://fcm.holmesmind.com/cm.php
Frame ID: 53F871FB4AB244C5754CBC4C22A46BC6
Requests: 1 HTTP requests in this frame

Frame: https://www.scupio.net/track/kangleigm/js/gemini_2getherclick_ifr.js?size=336280&cssHost=//www.scupio.net/track/kangleigm/css/&cssUrl=//www.scupio.net/track/kangleigm/css/336280_4.css&aid=0&apiKey=CK4PB4R8D4RGY8DZQ5CS&sectionCode=7fa91bc8-8090-42fc-9d6f-8414b9834b15
Frame ID: CB1179DDCAF8B1682B1573C65E4F3D2F
Requests: 5 HTTP requests in this frame

Frame: https://www.scupio.net/track/kangleigm/js/gemini_2getherclick_ifr.js?size=336280&cssHost=//www.scupio.net/track/kangleigm/css/&cssUrl=//www.scupio.net/track/kangleigm/css/336280_4.css&aid=0&apiKey=CK4PB4R8D4RGY8DZQ5CS&sectionCode=7fa91bc8-8090-42fc-9d6f-8414b9834b15
Frame ID: 26FE750E0AA1981EABC816D4D57790D6
Requests: 5 HTTP requests in this frame

Frame: https://sync.logly.co.jp/sync/sync.html
Frame ID: CEBAB2627E61BBD2B2BF3192823F673B
Requests: 2 HTTP requests in this frame

Frame: https://eus.rubiconproject.com/usync.html?p=logly&endpoint=apac
Frame ID: 0E9FD821FA0CB2DDAB27B05DF73D9B65
Requests: 3 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20231101/r20110914/zrt_lookup.html?fsb=1
Frame ID: 3E809F5D0FF6CB4927CFC86B11CCCEA1
Requests: 6 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20231101/r20110914/zrt_lookup.html?fsb=1
Frame ID: 4A8E709B8BF24325D87876208885F41B
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20231101/r20110914/zrt_lookup.html?fsb=1
Frame ID: 314D1F7566FFC8E964A8E7D218D95283
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20231101/r20110914/zrt_lookup.html?fsb=1
Frame ID: 01A3672941D36DA4F35D8958F8D17E08
Requests: 14 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/Dq7XSZMeOny_zs0cDs__BulTyuvw0_s4UMxrCFcwjBQ.js
Frame ID: 272DA8B7E3029AB4EC30608E14E9BDEF
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CNj8mwIQq6iuAhjChYn7ATAB&v=APEucNVvoEJV7Die3oolzDzrsXfNnlKA5kQIAC150lIAtcVh3iahwMwEJO_D4x4GHv679YRPEPsNJN7StzvPJR-kYNYzWx-T9Zu5UxLJsHzlHRMO9Z_Tgv6FbZ842YVLQZlDzizaMR4Kpby4Id7_DqYML7PPN_65xMBJOU7dYA62_q7WwYcusck
Frame ID: 5934E1360C4BA7D5B76AF18C6B52DB95
Requests: 5 HTTP requests in this frame

Frame: https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_278.js
Frame ID: 459AB928F2B3E87797301ABF0C945FAE
Requests: 12 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CNj8mwIQq6iuAhji9Ij7ATAB&v=APEucNXpvfLyawFZaRvQktXFOAvTIPSWSVxravLHwnDRn5bwJ0L0U3bYmUBms-R_e9mWXVqjB4vCJA2h97Uuo54DrEhLma65EsKnKKwa4WXXfyDwOlJSzsGYPQkFj0v089GDdhoXIbniyOwtedcwPwXhuAR36wy7GN1g6QogcRswUuvQzcge1aA
Frame ID: 33F7DB7E29364634BBD34594B137042F
Requests: 5 HTTP requests in this frame

Frame: https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_278.js
Frame ID: D04F6854CD124930A6CF09BCCC319993
Requests: 12 HTTP requests in this frame

Frame: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500
Frame ID: CB33A9A041C645C645F380AB82BA6C06
Requests: 7 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Frame ID: 058FE98A1D61F21C9FC0C570696DD8C4
Requests: 2 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/62bHydCX.html
Frame ID: 47C1070E1C85247BB6AB106EC069FF2B
Requests: 3 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/62bHydCX.html
Frame ID: 5BB31B95DC8E1967757FE4395FB74B1E
Requests: 3 HTTP requests in this frame

Frame: https://s0.2mdn.net/sadbundle/16610766004197242518/index.html?e=69&leftOffset=0&topOffset=0&c=vBe9yAd3Qf&t=1&renderingType=2&ev=01_250
Frame ID: 8B66047F1A63DC9FC5AF1F30C2C7CF44
Requests: 11 HTTP requests in this frame

Frame: https://s0.2mdn.net/sadbundle/4410051726317096281/index.html?e=69&leftOffset=0&topOffset=0&c=d2RLXaBWXb&t=1&renderingType=2&ev=01_250
Frame ID: E9787809A113C84D4E2BFEA1A2E78488
Requests: 11 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/Dq7XSZMeOny_zs0cDs__BulTyuvw0_s4UMxrCFcwjBQ.js
Frame ID: C9C463652815485D2A1CDA38D410561B
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/Dq7XSZMeOny_zs0cDs__BulTyuvw0_s4UMxrCFcwjBQ.js
Frame ID: FAB621E97681B219D07D567BEB1FE944
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/4WwaGfWzeDAeGvs0ZrtmWMJUG7fu6zGPBJzQt4duOkA.js
Frame ID: 2C5101AA1AE2191E6369BF6C89A60462
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/4WwaGfWzeDAeGvs0ZrtmWMJUG7fu6zGPBJzQt4duOkA.js
Frame ID: 62FFB1F583873871D09A32479296C21F
Requests: 1 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/tag/js/gpt.js
Frame ID: 84AE24E84026C6BBEFF42E5BB75CDEE6
Requests: 6 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/tag/js/gpt.js
Frame ID: AB99C9504EDBE3CF08A3070DA607DAFD
Requests: 6 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/tag/js/gpt.js
Frame ID: 1AB1159C4B02698408AB64743BA41202
Requests: 6 HTTP requests in this frame

Frame: https://ad75d8a6f6312b049d5445096012f93d.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=2
Frame ID: E89889194BD057E382860CDF00D2B3D0
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 001FFC21CC6A70062E971B1275F72F30
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 1E38D10C9E311B8AF74B55FFD6F2741F
Requests: 2 HTTP requests in this frame

Frame: https://29878dff826212eb6f9b86cfaeef62e8.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=2
Frame ID: 3CD2C3E9C4BFA67F99F12DB703FCF1CD
Requests: 1 HTTP requests in this frame

Frame: https://0ac3468258a2676e4f5363caa7d6254b.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=2
Frame ID: 06C6865D8136DA614A5E7082DF87D5DD
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 68C9A1DDF3A36EA823692294FCDD571A
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: E6A711CB6EDEB84D3F1CD9B870B2DC51
Requests: 2 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 45D021346E4DE607F20C97482A4E69DA
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 7C6F8299F4CE67F00A914738F7BC9E08
Requests: 2 HTTP requests in this frame

Frame: https://0ac3468258a2676e4f5363caa7d6254b.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=2
Frame ID: 4551D5581BA08D414821A833545A8EC9
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPjqRhC5lOngAhihpsL1ATAB&v=APEucNWCeOQaMz9xRt3j2O_1FGfvG1UuGnuj2rc5EjXUn4Gq-D11uLzoQY693P5DXbAWOVkESTghR6fLjlpiyHpEWBiEScuNmz9lSsuwtNLm-W5EomdKDDh7uXbjeX0qZ-ENEzb96f854TfD7B2_yYTCeILeuzWg5RiJR4j-12xykRwOR2RIaT0
Frame ID: 5FF20B429DB6C94ACEB4D6642265A59E
Requests: 5 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/js/dv3.js
Frame ID: E1E45EB7CF08B5A9245F147314E938E6
Requests: 17 HTTP requests in this frame

Frame: https://29878dff826212eb6f9b86cfaeef62e8.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=2
Frame ID: 5AADD0E8F9EF6B21797568B506627A0B
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPjqRhC5lOngAhihpsL1ATAB&v=APEucNUM6pSFR6jgRxxXpqEX1Gvt9r_soPY5gRHFj8httDh6aW_0kdqouPAFk4eS_3mBspUWQIUuygUDG-4bmVsOQwC1y9e_nf_rrxy-UHA68N_748gUHVjwyq2bl-SZz126jlwNI_iSzCGVLlFh79L8BqdB5M6quwnmudfwBVHI3Xch1-PaOL0
Frame ID: E1692FE3A72C81A27AE14A14E9BBF717
Requests: 4 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/js/dv3.js
Frame ID: 5761131B8B518E215F3A8C01B630E0C1
Requests: 17 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 334284DB235B54AAF3F0935EA3675141
Requests: 9 HTTP requests in this frame

Frame: https://s0.2mdn.net/sadbundle/17435885309376629927/index.html?ev=01_250
Frame ID: 28C6AAB2487C50DF8668B6B811AD7F09
Requests: 2 HTTP requests in this frame

Frame: https://ad75d8a6f6312b049d5445096012f93d.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=2
Frame ID: F445C0806E6FA922B692034BCCCAA854
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/62bHydCX.html
Frame ID: EE7D4C2326E195AC5D10472F9A27B5D3
Requests: 3 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: E49E765973B65DAD5A9D87338DDB97B1
Requests: 9 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CNHn4wEQ4JWpAhi9hsHjATAB&v=APEucNXpwduYl5k0vYRA5v-2HO-LAeIl9aSD17JqhaHZpj_1gBGSQpop0EtcT45jzFPQ6BKTgzpqfS94p1UKXNQnY66R-Mwqb0DM3bfaHESoykp1hTgQLY6sueOmBpPucp2-OPHgJAHcQk0z_4f_RmC8oUYPpewHFuhTC9gCLQaeb5FH7KBNp5Y
Frame ID: DE068C2F775A7249ABA7FF21C817353E
Requests: 3 HTTP requests in this frame

Frame: https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_278.js
Frame ID: 51BE8BE2E80824FC215899C9F48D0793
Requests: 13 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 41FBBF9B9B39508FB7C81CB0BC257611
Requests: 9 HTTP requests in this frame

Frame: https://s0.2mdn.net/sadbundle/17435885309376629927/index.html?ev=01_250
Frame ID: AB886829D7572B177180DA6272DB149A
Requests: 2 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/62bHydCX.html
Frame ID: ADFFEBA41E544CE1E584A126ADAC47D3
Requests: 3 HTTP requests in this frame

Frame: https://s0.2mdn.net/sadbundle/4486057005446783324/index.html?ev=01_250
Frame ID: C69BE645C33B1E323D5D3787E3233767
Requests: 16 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/62bHydCX.html
Frame ID: 1A2A5EAA5A90B6F8AD56A9DDB86B3CFA
Requests: 3 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

寶馬車上的三色帶是啥意思？懂車人提醒：不懂它意思就別跟風

Detected technologies

AppNexus (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.(?:net|com)

DoubleClick Campaign Manager (DCM) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

2mdn\.net

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

//connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/
2mdn\.net

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtag/js

OpenX (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.openx\.net

PubMatic (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.pubmatic\.com

Rubicon Project (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.rubiconproject\.com

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
/([\d.]+)/jquery(?:\.min)?\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

475
Requests

90 %
HTTPS

44 %
IPv6

52
Domains

91
Subdomains

73
IPs

11
Countries

6508 kB
Transfer

16191 kB
Size

44
Cookies

9 Outgoing links

These are links going to different origins than the main page.

URL: https://histvb.com/book/chapter/13052714
Title: 董事長因無子出國治療，機場看到一窩縮小版，他怒吼：你們媽媽呢

Search URL Search Domain Scan URL

URL: https://effort-us.com/book_S3ZYYUlzUFJ3VFdCK2tkZDR4NDJ1dz09
Title: 爺爺去世前,說了三遍扔被子,母親沒有在意,3年后洗被子傻眼了!

Search URL Search Domain Scan URL

URL: https://histvb.com/book/chapter/13140600
Title: 王府百年無子嗣，她用現代醫術怒懷六胞胎！王爺冷宮外跪嚎：祖宗，我就看一眼行嗎?

Search URL Search Domain Scan URL

URL: https://histvb.com/book/chapter/13136864
Title: 我養不起你了，去投靠你的九個姐姐！姐姐們：小祖宗下山了

Search URL Search Domain Scan URL

URL: https://effort-us.com/book_S0piQWFmb2pxVklmUlBtUmRHVTd6UT09
Title: 「只要你認了，刑滿我娶你」，五年后，婚車在外等了三天，沒見到她。

Search URL Search Domain Scan URL

URL: https://histvb.com/book/chapter/13050001
Title: 昏迷三年竟懷了兩胎? 她帶娃猛踹丈夫，別裝了，趕緊起來!

Search URL Search Domain Scan URL

URL: https://effort-us.com/book_UnFldjJlSmhla2RJdGduc1J6My9IUT09
Title: 她死了五年，總裁去注銷戶口，卻意外發現名下有龍鳳胎，當場崩潰大哭

Search URL Search Domain Scan URL

URL: https://effort-us.com/book_RWpSY0dwUzJOMnVMcWNtTjdHNDRuQT09
Title: 冷宮爬滿這個，王爺逼傻妃去吃，穿越而來的她摘下狂吃，王爺嚇傻

Search URL Search Domain Scan URL

URL: https://effort-us.com/book_b3FQMlRCOGxKMXBSMFNWUUljeEJvZz09
Title: 皇上久病無子，路過冷宮仨奶娃樹下玩雪，他怒吼：你們母妃呢

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 27

https://www.bestone-work.com/xstat/moneystat HTTP 302
https://twstat.bestone-work.com/stat

Request Chain 28

https://www.bestone-work.com/xstat/index/2576 HTTP 302
https://count.bestone-work.com/?2576

Request Chain 29

https://www.bestone-work.com/xstat/pop/5141933 HTTP 302
https://popup.bestone-work.com/js/ad?lang=zh&aid=5141933&host=www.bestone-work.com&type=1&count=0

Request Chain 86

https://tpc.googlesyndication.com/pageadimg/imgad?id=CICAgKDr3ZqF_gEQgAgYgAgyCFFyRh2Ouq9r HTTP 301
https://tpc.googlesyndication.com/simgad/624907996767536446

Request Chain 110

https://c.holmesmind.com/cm HTTP 302
https://c.holmesmind.com/cm?tc=getIn&

Request Chain 111

https://cm.g.doubleclick.net/pixel?google_nid=clickforce_dmp&google_cm&cf_uid=undefined&uu_m=undefined HTTP 302
https://m.holmesmind.com/ml/google?cf_uid=undefined&uu_m=undefined&google_gid=CAESELFEwpBJ9_FIIhMAday_gM0&google_cver=1

Request Chain 114

https://c.holmesmind.com/cm HTTP 302
https://c.holmesmind.com/cm?tc=getIn&

Request Chain 118

https://cm.g.doubleclick.net/pixel?google_nid=clickforce_dmp&google_cm&cf_uid=undefined&uu_m=undefined HTTP 302
https://m.holmesmind.com/ml/google?cf_uid=undefined&uu_m=undefined&google_gid=CAESEA3E8tB0lP6BCluqmGVkJ0Q&google_cver=1

Request Chain 123

https://c.holmesmind.com/cm HTTP 302
https://c.holmesmind.com/cm?tc=getIn&

Request Chain 127

https://cm.g.doubleclick.net/pixel?google_nid=clickforce_dmp&google_cm&cf_uid=undefined&uu_m=undefined HTTP 302
https://m.holmesmind.com/ml/google?cf_uid=undefined&uu_m=undefined&google_gid=CAESEDvAhZTyTEmeb0gTPJWY99A&google_cver=1

Request Chain 143

https://secure-assets.rubiconproject.com/utils/xapi/multi-sync.html?p=logly&endpoint=apac HTTP 301
https://eus.rubiconproject.com/usync.html?p=logly&endpoint=apac

Request Chain 150

https://googleads.g.doubleclick.net/pagead/adview?ai=CxdkgV1VGZbzMHa_I1fAPwLykoAu9jaavb8fMr6y_DvfSor3AARABILeQ34sBYJWK_IGUB6ABsLqh1wPIAQmpAircdGgTAbI-qAMByAPLBKoErwJP0IWw47poeorSa-GyppHMMbcW5eP6MIn1X7f6-Wbu7cUsmh8OXcGOENMD5hFZIHw0DkcjKm75aPl2BplCHZmhzey76ymQmlpQ5b4CLdrjRFSwN3QbJWGXS8lm0RwdDSdZyxmHiuiOUJ1VDfSe0syl0H0sfvRBzceO2SO8C4FLtio0k-5WnwghXtCdcH1DEFcsJYP09v9gH5JLhL27_M8tTn9clWieqA9Ig9IpdnJSKt0lX8W43Rx_GEP2bx_W0x-e8hi8jzJVkvAn3MEzHZ5LsOXCn1Mvio-uKr8bg-JrV1KK2wfiidDulH1NVkpYAKapm38ZjxWd1jPL_W_IxAO7b0-fNglg8Df8ClPyP8vZ44IfRIZyyqGZz2V28nS9udJwdUi3o9Y3FSWUCuwI2NzABNGcqargA4gF-MTU6DaSBQQIBBgBkgUECAUYBKAGLoAHxfetPqgH2baxAqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6a-G9gHAPIHBBClwQjSCBYIgOGAEBABGB8yAqoCOgKAQEi9_cE6mgk8aHR0cHM6Ly93d3cua2F5YWsuZGUvc2VtaS9nZG50ZXh0L2ZsaWdodF9nZW5lcmFsL2FueS9kZS5odG1sgAoByAsB2BMMiBQC0BUBgBcBshccChoIABIUcHViLTMwOTg3OTM5OTg0NDE0MzIYAA&sigh=1szzugNRXpY&uach_m=[UACH]&ase=2&nis=4&cid=CAQSTADICaaN3NTK1yxe7qDw3zI1VHW8m666oNLI1cHKQUQ6MRiGk-d7x1s9Tm7wMS_r9GoI3UvIa82ksXszlwrqMqqrOhL3F38uqHPM43wYAQ&template_id=494&cbvp=2&vis=1 HTTP 302
https://www.googleadservices.com/pagead/ar-adview/?nrh={%22debug_key%22:%227519831406010278124%22,%22debug_reporting%22:true,%22destination%22:%22https://kayak.de%22,%22event_report_window%22:%22259200%22,%22expiry%22:%222592000%22,%22filter_data%22:{%222%22:[%22988306736%22],%224%22:[%2211-04%22],%226%22:[%22true%22]},%22priority%22:%22500%22,%22source_event_id%22:%2216706648394579716593%22}&andc=true

Request Chain 191

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEEtLGIwVKY2Zc9Gao3Gg37g&google_cver=1 HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEEtLGIwVKY2Zc9Gao3Gg37g&google_cver=1&C=1

Request Chain 192

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZUZVWYXO-kqxdWdC2dXQEAAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEEtLGIwVKY2Zc9Gao3Gg37g&google_cver=1

Request Chain 193

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESEG0Cmblhy1-QPc7OG1WPJqY&google_cver=1

Request Chain 194

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 307
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NTI2NDE4MjIzMjQwNjgyNzkzNA%3D%3D

Request Chain 195

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEEtLGIwVKY2Zc9Gao3Gg37g&google_cver=1 HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEEtLGIwVKY2Zc9Gao3Gg37g&google_cver=1&C=1

Request Chain 196

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZUZVWYXO-kqxdWdC2dXQEAAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEEtLGIwVKY2Zc9Gao3Gg37g&google_cver=1

Request Chain 197

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESEG0Cmblhy1-QPc7OG1WPJqY&google_cver=1

Request Chain 198

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 307
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NTI2NDE4MjIzMjQwNjgyNzkzNA%3D%3D

Request Chain 218

https://googleads.g.doubleclick.net/pagead/adview?ai=Cw5cZV1VGZZ2jG8OX1fAPvZ2_yAfarf3Hcqnp67b1EWQQASC3kN-LAWCVivyBlAegAZPf1OYpyAEJqQIq3HRoEwGyPqgDAcgDywSqBL4CT9D3fTmVCi3Gz0BSumwmDPECKGcM7JN5laTohhvgkgXgEY8crv55Une-O6tIY2Fg_379W-Le7hDXvcYbe8ph04kOPYNrQZbqxau9fw0vIgBgUin_RcaaaY_PjjYDEMbDjatMUQ2mXDuHiFVUO_W8gbcvb18F-rS4nAiM3rdFr3btrulHoxEQYv0bSUnR_UbLfnpgcmco32nCOqUQJUDIcdTBtfo4-haCMgC6Yckc5WwBo37SaHzPD6-lTPyxCjbEP7u6JDl1wM75ejTqKgc3pyAs10IETbucKRahsqqpmxx7w_b-AkDUESWy-2g4glJ6oSHcgumenkFlkPfU0GUgdr_OsQmzZx0cyNOk_uR8det9yRwGs4puQxfWuDTvmpe3nfiYxRYWhHg4CHS7PAX9NNim8ZpUrW6xCYaHl55iwASfuPfzswSIBfPTwKVMkgUECAQYAZIFBAgFGASgBi6AB5OXpcYEqAfZtrECqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhvYBwDyBwQQkN4D0ggWCIDhgBAQARgfMgKqAjoCgEBIvf3BOpoJLWh0dHBzOi8vZmxpZXNlbi1zdG9yZS5jb20vc2hvd3Jvb20taGVpZGVsYmVyZ4AKAcgLAdgTDogUAtAVAYAXAbIXHAoaCAASFHB1Yi0zMDk4NzkzOTk4NDQxNDMyGAA&sigh=vZtFAxC2Nq4&uach_m=%5BUACH%5D&ase=2&nis=4&cid=CAQSTADICaaNcENSp6H22ZxgHKdIMYCAymXwDpr6ZSOG19tDD3mXHRsspowSmwslVei5SjzmmxlQqR1lBr_8oqt_oKxAAYZqzpZmRMsdO9IYAQ&template_id=5000&cbvp=2&vis=1 HTTP 302
https://www.googleadservices.com/pagead/ar-adview/?nrh={%22debug_key%22:%229091679002925577561%22,%22debug_reporting%22:true,%22destination%22:%22https://fliesen-store.com%22,%22event_report_window%22:%22259200%22,%22expiry%22:%222592000%22,%22filter_data%22:{%222%22:[%2211221151635%22],%224%22:[%2211-04%22],%226%22:[%22true%22]},%22priority%22:%22500%22,%22source_event_id%22:%225831379481998015777%22}&andc=true

Request Chain 219

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Request Chain 250

https://ad2.apx.appier.net/v1/prebid/bid HTTP 307
https://gocm.c.appier.net/apnet?url=ad2.apx.appier.net%2Fv1%2Fprebid%2Fbid HTTP 307
https://ad2.apx.appier.net/v1/prebid/bid?acid=Ebj5mF_HAi-GeAmzX1VGZQ

Request Chain 251

https://ad2.apx.appier.net/v1/prebid/bid HTTP 307
https://gocm.c.appier.net/apnet?url=ad2.apx.appier.net%2Fv1%2Fprebid%2Fbid HTTP 307
https://ad2.apx.appier.net/v1/prebid/bid?acid=WRB3l_q3A421-SbMX1VGZQ

Request Chain 256

https://ad2.apx.appier.net/v1/prebid/bid HTTP 307
https://gocm.c.appier.net/apnet?url=ad2.apx.appier.net%2Fv1%2Fprebid%2Fbid HTTP 307
https://ad2.apx.appier.net/v1/prebid/bid?acid=t57Om_5oBxir4EYOXlVGZQ

Request Chain 257

https://ad2.apx.appier.net/v1/prebid/bid HTTP 307
https://gocm.c.appier.net/apnet?url=ad2.apx.appier.net%2Fv1%2Fprebid%2Fbid HTTP 307
https://ad2.apx.appier.net/v1/prebid/bid?acid=jSs24xvuBESBVscnX1VGZQ

Request Chain 262

https://ad2.apx.appier.net/v1/prebid/bid HTTP 307
https://gocm.c.appier.net/apnet?url=ad2.apx.appier.net%2Fv1%2Fprebid%2Fbid HTTP 307
https://ad2.apx.appier.net/v1/prebid/bid?acid=-yyjK2y2DAuuKKz_X1VGZQ

Request Chain 263

https://ad2.apx.appier.net/v1/prebid/bid HTTP 307
https://gocm.c.appier.net/apnet?url=ad2.apx.appier.net%2Fv1%2Fprebid%2Fbid HTTP 307
https://ad2.apx.appier.net/v1/prebid/bid?acid=9lg-y5j6CS-THg0GXlVGZQ

Request Chain 378

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_dbm HTTP 302
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESELNuUaFY5I3k5L1SSEmuGlk&google_cver=1

Request Chain 380

https://cm.g.doubleclick.net/pixel?google_nid=teadstv_dbm&google_cm&google_dbm HTTP 302
https://sync.teads.tv/um?eid=3&uid=CAESELXwQi1pE3A7fGufBsB5gBw&google_cver=1

Request Chain 385

https://cm.g.doubleclick.net/pixel?google_nid=spotxchange_dbm&google_cm&google_dbm HTTP 302
https://sync.search.spotxchange.com/partner?adv_id=7025&uid=CAESEJ1rq7Vxq8xsnwj0yBiUIk8&google_cver=1

Request Chain 404

https://dsp.adfarm1.adition.com/cookie/?ssp=2&google_gid=CAESEJOfcN1QJblElvkZY_d3Uk8&google_cver=1&google_push=AXcoOmSzePFzbhgaq5JkgY4HTQOXHQKI31_3cNoSq_Fn--_e9izHNTxKUwyhhz-pgVgyhWkHDVEi9R-FDTOz0OgBhhbCedOwB8bt HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=agent&google_hm=NzI5NzYxNDExMjczMTYyNTYyMw%3D%3D&google_push=AXcoOmSzePFzbhgaq5JkgY4HTQOXHQKI31_3cNoSq_Fn--_e9izHNTxKUwyhhz-pgVgyhWkHDVEi9R-FDTOz0OgBhhbCedOwB8bt

Request Chain 405

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEDEBhkBHvHUuVnJHKhfzJgc&google_cver=1&google_push=AXcoOmTKi__PVAH9OmWI7jSZBvHBwR54A7Nc56sZU7wRWmKnrYtPbujlnhEVLXi1Q4uGEJj-Cur3M_5Gu4fYgW9OEMmk1zTb-1T6bw HTTP 302
https://cm.g.doubleclick.net/pixel?google_cver=1&google_gid=CAESEDEBhkBHvHUuVnJHKhfzJgc&google_hm=ZUZVWYXO_kqxdWdC2dXQEAAADRwAAAAB&google_nid=index&google_push=AXcoOmTKi__PVAH9OmWI7jSZBvHBwR54A7Nc56sZU7wRWmKnrYtPbujlnhEVLXi1Q4uGEJj-Cur3M_5Gu4fYgW9OEMmk1zTb-1T6bw

Request Chain 406

https://onetag-sys.com/match/?int_id=19&redir=1&google_gid=CAESEF4qSAbBOF5r6W5QV7sFGSo&google_cver=1&google_push=AXcoOmT7qrzLjtRUmW5tqnccLIWMdkO6oFqLndriq6Tjn0ZT3Bju6wlo6MDJxaSs2V9TXQmCRKh49MEXEFXErx8aeY7cjAGTmt1S HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=AXcoOmT7qrzLjtRUmW5tqnccLIWMdkO6oFqLndriq6Tjn0ZT3Bju6wlo6MDJxaSs2V9TXQmCRKh49MEXEFXErx8aeY7cjAGTmt1S

Request Chain 407

https://onetag-sys.com/match/?int_id=106&redir=1&google_gid=CAESEF4qSAbBOF5r6W5QV7sFGSo&google_cver=1&google_push=AXcoOmSFsn7DMzBlYjWcMWsITosMZRszeFNVNc-8ektU_wRNOS3LBEdtRsLwMCB051IViX9cVDDK-h5UlC1ZhwvyesUKeWtnOLXetQ HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=AXcoOmSFsn7DMzBlYjWcMWsITosMZRszeFNVNc-8ektU_wRNOS3LBEdtRsLwMCB051IViX9cVDDK-h5UlC1ZhwvyesUKeWtnOLXetQ HTTP 302
https://onetag-sys.com/match/?int_id=19&google_error=5

Request Chain 408

https://sync.teads.tv/um?ssb_provider_id=3&uid=&google_nid=teadstv_ab&fb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dteadstv_ab%26google_hm%3D%5BVID_B64%5D&google_gid=CAESEO8uPEFiAzKvhzg_y96rOhQ&google_cver=1&google_push=AXcoOmQAzYh8Xov-sYRX6SvELSjoXOyLq_kiNARzr5FU6DTsFJO-cH4ES_13OmXrss6FmL_G7QZZ0JOTvwMKq5W0LOC9pu5ND2I-voU HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=teadstv_ab&google_hm=&google_push=AXcoOmQAzYh8Xov-sYRX6SvELSjoXOyLq_kiNARzr5FU6DTsFJO-cH4ES_13OmXrss6FmL_G7QZZ0JOTvwMKq5W0LOC9pu5ND2I-voU HTTP 302
https://sync.teads.tv/um/report?eid=3&google_nid=teadstv_ab

Request Chain 432

https://sync-tm.everesttech.net/upi/pid/5w3jqr4k?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dg8f47s39e399f3fe%26google_hm%3D%24%7BTM_USER_ID_BASE64ENC_URLENC%7D&google_gid=CAESEFz2MqkBVBItw-IkXtXhlyE&google_cver=1&google_push=AXcoOmSXHdtAA30fuKIoc8HIWuZX2c1T_nz6XOAgmESC5jaUMievPi2GJAlJkK9DDzFyhbiLXtwXWAZCjJHkc6Ggr8yeLggNdW7xiA HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_hm=&google_cver=1&google_gid=CAESEFz2MqkBVBItw-IkXtXhlyE&google_push=AXcoOmSXHdtAA30fuKIoc8HIWuZX2c1T_nz6XOAgmESC5jaUMievPi2GJAlJkK9DDzFyhbiLXtwXWAZCjJHkc6Ggr8yeLggNdW7xiA

Request Chain 433

https://tr.blismedia.com/v1/api/sync/AdxPixel?google_gid=CAESELToA51-wQ3lPQz2olqifow&google_cver=1&google_push=AXcoOmSGJHoywmMPL42PVmL2sjJA9TJwat9VKjX8dqepjmZWYhgpJzKOg1PSePTePMkwppRVGYtIN18yOU4FpZ5O0TF3OLEahPsSfQ HTTP 307
https://cm.g.doubleclick.net/pixel?google_nid=blismobile&google_push=AXcoOmSGJHoywmMPL42PVmL2sjJA9TJwat9VKjX8dqepjmZWYhgpJzKOg1PSePTePMkwppRVGYtIN18yOU4FpZ5O0TF3OLEahPsSfQ&google_hm=hmVGVV_3M59cyr9Ueg&google_redir=https%3A%2F%2Ftr.blismedia.com%2Fv1%2Fredirect%2FAdxPixel%3F%25%25GOOGLE_ERROR_PAIR%25%25%26partner_device_id%3D6546555FF7339F5CCABF547ABLIS

Request Chain 435

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEIgVQAZp7Gy14rF8lUJ2kH0&google_cver=1&google_push=AXcoOmQtioyKdXYQSvDmW7erHQ54ndiBvQLsQFET6aBiufvHQCcPwxOG_YePjaLTVesZcDFQdE82sSHWVkZB8613A95ZwsoFXs_A HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TE9LNTVCUTQtQi0xWTg4&google_push=AXcoOmQtioyKdXYQSvDmW7erHQ54ndiBvQLsQFET6aBiufvHQCcPwxOG_YePjaLTVesZcDFQdE82sSHWVkZB8613A95ZwsoFXs_A

Request Chain 437

https://onetag-sys.com/match/?int_id=19&redir=1&google_gid=CAESEF4qSAbBOF5r6W5QV7sFGSo&google_cver=1&google_push=AXcoOmQrVXgr7CWqS1KeLc59W_KiQphqIJw-RaLeO1RjH5hErbECU_a46GFJnd6GowaOOQxFp9x84xQvkUIFVM4p5N24roxzP_XPGA HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=AXcoOmQrVXgr7CWqS1KeLc59W_KiQphqIJw-RaLeO1RjH5hErbECU_a46GFJnd6GowaOOQxFp9x84xQvkUIFVM4p5N24roxzP_XPGA

Request Chain 438

https://sync.teads.tv/um?ssb_provider_id=3&uid=&google_nid=teadstv_ab&fb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dteadstv_ab%26google_hm%3D%5BVID_B64%5D&google_gid=CAESEO8uPEFiAzKvhzg_y96rOhQ&google_cver=1&google_push=AXcoOmRQAgUskb3W83HTb1uNYef-EpetFn2T-f4Sy6qpRaeVbV0oJ_lYHPMOev08OyEEQEoRRoCQyMMNIKjZjG48-n9ipNF4cOsmwfE HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=teadstv_ab&google_hm=&google_push=AXcoOmRQAgUskb3W83HTb1uNYef-EpetFn2T-f4Sy6qpRaeVbV0oJ_lYHPMOev08OyEEQEoRRoCQyMMNIKjZjG48-n9ipNF4cOsmwfE HTTP 302
https://sync.teads.tv/um/report?eid=3&google_nid=teadstv_ab

Request Chain 442

https://cm.g.doubleclick.net/pixel?google_nid=smartrtb_dbm&google_cm&google_dbm HTTP 302
https://rtb-csync.smartadserver.com/redir/?partnerid=76&partneruserid=CAESEErU7eAmwBtrMVc5269vxU0&google_cver=1

Request Chain 452

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEIgVQAZp7Gy14rF8lUJ2kH0&google_cver=1&google_push=AXcoOmRPS5rmC3jH3_d6se-te0hiefAoVYMU0BYvXcP0Yiz2oOnaDlMZlgPAdWa-Zwi9epW_jVZVA4kc9NumbcmSY1fPmEReKr_T HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TE9LNTVCUTMtMVktRlA5NA==&google_push=AXcoOmRPS5rmC3jH3_d6se-te0hiefAoVYMU0BYvXcP0Yiz2oOnaDlMZlgPAdWa-Zwi9epW_jVZVA4kc9NumbcmSY1fPmEReKr_T

Request Chain 453

https://ap.lijit.com/dsp/google/pixelmatch?google_gid=CAESEMuACVMc_MMFAftabEWYhIg&google_cver=1&google_push=AXcoOmSRENYMWEqmD1J2iouIsqN4AtfQJ7j-nYRLGz8aRTYXsAPGNTZiKihfyYURfbp8BzitZhqL3zlup6Y5ON8rYnVtH4NJypHx HTTP 307
https://ap.lijit.com/dsp/google/pixelmatch?google_gid=CAESEMuACVMc_MMFAftabEWYhIg&google_cver=1&google_push=AXcoOmSRENYMWEqmD1J2iouIsqN4AtfQJ7j-nYRLGz8aRTYXsAPGNTZiKihfyYURfbp8BzitZhqL3zlup6Y5ON8rYnVtH4NJypHx&sovrn_retry=true HTTP 307
https://cm.g.doubleclick.net/pixel?google_nid=sovrn&google_push=AXcoOmSRENYMWEqmD1J2iouIsqN4AtfQJ7j-nYRLGz8aRTYXsAPGNTZiKihfyYURfbp8BzitZhqL3zlup6Y5ON8rYnVtH4NJypHx&google_hm=HmbFrGZHoNwYQcmcQmCmknph

Request Chain 454

https://eb2.3lift.com/ebda?sync=1&google_gid=CAESEHHmNoBZoPe_ninCxHgjrrY&google_cver=1&google_push=AXcoOmTIQucnxlNj9KiL4CNZlqA0e-6XsxbwbGdi_jgJf8qWvZwBJmu5imvTSkneDhHhB76ZA-qaAhY9xvooTkUuo-yUlM7dCOzg HTTP 302
https://eb2.3lift.com/sync/google/supply?ld=1&gdpr=1&gdpr_consent=&us_privacy=&sync=1&google_push=AXcoOmTIQucnxlNj9KiL4CNZlqA0e-6XsxbwbGdi_jgJf8qWvZwBJmu5imvTSkneDhHhB76ZA-qaAhY9xvooTkUuo-yUlM7dCOzg&google_gid=CAESEHHmNoBZoPe_ninCxHgjrrY HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_hm=MzI4MjM0MzcyMDI1NzY4NzE3ODc2OQ%3D%3D&google_push=AXcoOmTIQucnxlNj9KiL4CNZlqA0e-6XsxbwbGdi_jgJf8qWvZwBJmu5imvTSkneDhHhB76ZA-qaAhY9xvooTkUuo-yUlM7dCOzg

Request Chain 456

https://onetag-sys.com/match/?int_id=106&redir=1&google_gid=CAESEF4qSAbBOF5r6W5QV7sFGSo&google_cver=1&google_push=AXcoOmQPyi0DNuxqk5_v9QjtvHFVc0_hGE8up2FCn8Dv7dCYrPaDs25f6tm4638srt9EyB8O71toOQHwjwVylvTB7c5_pDd6g_FRzw HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=AXcoOmQPyi0DNuxqk5_v9QjtvHFVc0_hGE8up2FCn8Dv7dCYrPaDs25f6tm4638srt9EyB8O71toOQHwjwVylvTB7c5_pDd6g_FRzw HTTP 302
https://onetag-sys.com/match/?int_id=19&google_error=5

475 HTTP transactions
11 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request doc_WFBmaC9HUTJhOThXemNIMkhHMlhRUT09 Show response
www.bestone-work.com/ 45 KB
13 KB 739ms
623ms Document
text/html 2606:4700:3030::ac43:da23
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.bestone-work.com/doc_WFBmaC9HUTJhOThXemNIMkhHMlhRUT09?fbclid=IwAR2toTevgLsppj6JOZjrSHBFdjHyazS0QA9jX7BxsXQ8IfaeNDAa-hnA6Bs
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3030::ac43:da23 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / ASP.NET
Resource Hash: db726e33bb3ae4acf2d43e01e9ff7af099e7fca3a886ee670cbbc55528dcab1e

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cache-control: private
cf-cache-status: DYNAMIC
cf-ray: 820d8cf3ebe95d9d-FRA
content-encoding: br
content-type: text/html; charset=utf-8
date: Sat, 04 Nov 2023 14:29:41 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=TvTHH6bWASwYfaNw29wQY%2BINZcD%2BA0%2Fp0nasHvB1lvTwOyCcneY%2BfIZ3%2FTLV6IxIXY3Grt99RrvdzifduK4dzrOwyzkQ0NYIinE3BR61%2Flu%2B9czd9aPgBi%2Fu3OOtTHZ%2FpeXAU62bjIhkAlUlhB8o2JfhwA%3D%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
x-aspnet-version: 4.0.30319
x-aspnetmvc-version: 5.2
x-powered-by: ASP.NET

GET
H2 200 min.css
www.bestone-work.com/Content/zc002_cn/css/ 223 KB
37 KB 847ms
841ms Stylesheet
text/css 2606:4700:3030::ac43:da23
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.bestone-work.com/Content/zc002_cn/css/min.css
Requested by: Host: www.bestone-work.com
URL: https://www.bestone-work.com/doc_WFBmaC9HUTJhOThXemNIMkhHMlhRUT09?fbclid=IwAR2toTevgLsppj6JOZjrSHBFdjHyazS0QA9jX7BxsXQ8IfaeNDAa-hnA6Bs
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3030::ac43:da23 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / ASP.NET
Resource Hash: a42d095bbf6a8a40272995bb22b09d14dba01959476fe734d7236bd96a87fc5d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.bestone-work.com/doc_WFBmaC9HUTJhOThXemNIMkhHMlhRUT09?fbclid=IwAR2toTevgLsppj6JOZjrSHBFdjHyazS0QA9jX7BxsXQ8IfaeNDAa-hnA6Bs
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Sat, 04 Nov 2023 14:29:42 GMT
content-encoding: br
cf-cache-status: MISS
last-modified: Wed, 22 Mar 2023 12:07:25 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"807c41ddb65cd91:0"
x-powered-by: ASP.NET
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fMQoO%2BXg6kMnyCmUWOS9jZ1HbS%2Bvg45bvgbPx9KJL0UWy7I5Sw1UBZxwfnsulMPIbzo%2FQ62aMJ%2BYxTl07TLdFkthvqyak3c5%2FS%2BqvfRMj73SyY6mppaznc23rLurjw15DrlaWI1lniE5CDE2VJCJHPMzzg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: public, max-age=28800
cf-ray: 820d8cf888f65d9d-FRA
alt-svc: h3=":443"; ma=86400
expires: Sat, 04 Nov 2023 22:29:42 GMT

GET
H2 200 page.css
www.bestone-work.com/Content/zc002_cn/css/ 49 KB
8 KB 596ms
590ms Stylesheet
text/css 2606:4700:3030::ac43:da23
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.bestone-work.com/Content/zc002_cn/css/page.css
Requested by: Host: www.bestone-work.com
URL: https://www.bestone-work.com/doc_WFBmaC9HUTJhOThXemNIMkhHMlhRUT09?fbclid=IwAR2toTevgLsppj6JOZjrSHBFdjHyazS0QA9jX7BxsXQ8IfaeNDAa-hnA6Bs
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3030::ac43:da23 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / ASP.NET
Resource Hash: 0def7252823eb7844a7425ebe2eb49a701d998e1ea9d790bde56033fbce7fdb5

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.bestone-work.com/doc_WFBmaC9HUTJhOThXemNIMkhHMlhRUT09?fbclid=IwAR2toTevgLsppj6JOZjrSHBFdjHyazS0QA9jX7BxsXQ8IfaeNDAa-hnA6Bs
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Sat, 04 Nov 2023 14:29:42 GMT
content-encoding: br
cf-cache-status: MISS
last-modified: Wed, 22 Mar 2023 12:52:27 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"80f7c527bd5cd91:0"
x-powered-by: ASP.NET
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=M3J588oONLmE1apPLyKQOBGcKnuEfds3OW%2F0%2F5e%2F%2FTJFnNWfyMF9aSd%2FHacc%2FZpBeOYxoucPMSu53RSW8PJXOLdUcVLQ%2BOzJlCRtlR7ZJFUv%2FxAr9TcAPJC68pVC3APnhOZpwzXtpxozxVrHd1mlznDqMQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: public, max-age=28800
cf-ray: 820d8cf888f75d9d-FRA
alt-svc: h3=":443"; ma=86400
expires: Sat, 04 Nov 2023 22:29:42 GMT

GET
H2 200 jquery-2.1.0.min.js Show response
www.bestone-work.com/Scripts/ 99 KB
32 KB 59ms
53ms Script
application/javascript 2606:4700:3030::ac43:da23
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.bestone-work.com/Scripts/jquery-2.1.0.min.js
Requested by: Host: www.bestone-work.com
URL: https://www.bestone-work.com/doc_WFBmaC9HUTJhOThXemNIMkhHMlhRUT09?fbclid=IwAR2toTevgLsppj6JOZjrSHBFdjHyazS0QA9jX7BxsXQ8IfaeNDAa-hnA6Bs
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3030::ac43:da23 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / ASP.NET
Resource Hash: ef973092ac39265e4497c81e4263b7d28543062302c9cedacf2da24ac5115542

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.bestone-work.com/doc_WFBmaC9HUTJhOThXemNIMkhHMlhRUT09?fbclid=IwAR2toTevgLsppj6JOZjrSHBFdjHyazS0QA9jX7BxsXQ8IfaeNDAa-hnA6Bs
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Sat, 04 Nov 2023 14:29:41 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 22253
x-powered-by: ASP.NET
alt-svc: h3=":443"; ma=86400
last-modified: Wed, 22 Mar 2023 12:52:37 GMT
server: cloudflare
etag: W/"25ed342ebd5cd91:0"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=NA0tItmURziPNdNP8hiEiy%2FD1Zh1c572RZJRnXLVM3M0hghI5eoFpGNJWapR28mTLCUHIiuqkS%2FvebQlmMuYzqEGe6INrJiBL38T%2BJdW9Llg%2BugY%2FXrrem2006f4QsW4gcD63bBRz14Zu3wc862iFaZQug%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=28800
cf-ray: 820d8cf888fc5d9d-FRA
expires: Sat, 04 Nov 2023 16:18:47 GMT

GET
H3 200 rocket-loader.min.js Show response
www.bestone-work.com/Content/zc002_cn/js/ 18 KB
5 KB 829ms
821ms Script
application/javascript 2606:4700:3030::ac43:da23
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.bestone-work.com/Content/zc002_cn/js/rocket-loader.min.js
Requested by: Host: www.bestone-work.com
URL: https://www.bestone-work.com/doc_WFBmaC9HUTJhOThXemNIMkhHMlhRUT09?fbclid=IwAR2toTevgLsppj6JOZjrSHBFdjHyazS0QA9jX7BxsXQ8IfaeNDAa-hnA6Bs
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3030::ac43:da23 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / ASP.NET
Resource Hash: 422fae47ff72778a6ba083c215b0b47f84ed30d1dd553f685efc4869188620c8

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.bestone-work.com/doc_WFBmaC9HUTJhOThXemNIMkhHMlhRUT09?fbclid=IwAR2toTevgLsppj6JOZjrSHBFdjHyazS0QA9jX7BxsXQ8IfaeNDAa-hnA6Bs
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Sat, 04 Nov 2023 14:29:43 GMT
content-encoding: br
cf-cache-status: MISS
last-modified: Wed, 22 Mar 2023 12:07:27 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"d584cedeb65cd91:0"
x-powered-by: ASP.NET
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yDdnfgWgtWRwxoPDj8pvJGOV0X%2BF98YPqkpGMXgEhX91b7pykWRL1RTFl9PICHibd7OgulPdMurYcVbYYmrBvKAFPCR8smgSYW7iL7Wl68f2fRH2YPEvODEre7xNIQCaDo1cDUGv7h6FRM83IETUW%2FSluQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=28800
cf-ray: 820d8cfe089e37fc-FRA
alt-svc: h3=":443"; ma=86400
expires: Sat, 04 Nov 2023 22:29:43 GMT

GET
H2 200 contents.css
www.bestone-work.com/Content/css/ 7 KB
2 KB 602ms
597ms Stylesheet
text/css 2606:4700:3030::ac43:da23
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.bestone-work.com/Content/css/contents.css
Requested by: Host: www.bestone-work.com
URL: https://www.bestone-work.com/doc_WFBmaC9HUTJhOThXemNIMkhHMlhRUT09?fbclid=IwAR2toTevgLsppj6JOZjrSHBFdjHyazS0QA9jX7BxsXQ8IfaeNDAa-hnA6Bs
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3030::ac43:da23 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / ASP.NET
Resource Hash: b1ede5f6c20a18e0e28467f98d21dc394f6dce158cdf898610ca109867eba989

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.bestone-work.com/doc_WFBmaC9HUTJhOThXemNIMkhHMlhRUT09?fbclid=IwAR2toTevgLsppj6JOZjrSHBFdjHyazS0QA9jX7BxsXQ8IfaeNDAa-hnA6Bs
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Sat, 04 Nov 2023 14:29:42 GMT
content-encoding: br
cf-cache-status: MISS
last-modified: Wed, 22 Mar 2023 12:52:32 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"0e8c02abd5cd91:0"
x-powered-by: ASP.NET
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=12gdtJ1L2Xyng2S3rMNHWJ3JKjARebAg1MsU7pVa%2FXIYcKgWt4sgrTSJ%2BdCTlueBKF9zpY8QG96NaK3juZBWSvjsXGomVYlymyn16Ql7AMV3ZkEox%2FJqUq%2FqkyI0zOERgIPFB0mhX8pMM7mldMnAvwHcbA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: public, max-age=28800
cf-ray: 820d8cf888f85d9d-FRA
alt-svc: h3=":443"; ma=86400
expires: Sat, 04 Nov 2023 22:29:42 GMT

GET
H2 200 globaldefault2.css
www.bestone-work.com/Content/css/ 78 B
392 B 616ms
611ms Stylesheet
text/css 2606:4700:3030::ac43:da23
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.bestone-work.com/Content/css/globaldefault2.css
Requested by: Host: www.bestone-work.com
URL: https://www.bestone-work.com/doc_WFBmaC9HUTJhOThXemNIMkhHMlhRUT09?fbclid=IwAR2toTevgLsppj6JOZjrSHBFdjHyazS0QA9jX7BxsXQ8IfaeNDAa-hnA6Bs
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3030::ac43:da23 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / ASP.NET
Resource Hash: 3231d3e91326130da7ba4183d0633fdb6b3ac950b9d40228bae0439d3142b397

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.bestone-work.com/doc_WFBmaC9HUTJhOThXemNIMkhHMlhRUT09?fbclid=IwAR2toTevgLsppj6JOZjrSHBFdjHyazS0QA9jX7BxsXQ8IfaeNDAa-hnA6Bs
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Sat, 04 Nov 2023 14:29:42 GMT
content-encoding: br
cf-cache-status: MISS
last-modified: Wed, 27 Sep 2023 01:29:20 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"f9549ae2f0d91:0"
x-powered-by: ASP.NET
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9lUCfCVmr9sQ6X%2BVRsy3LAX5bW0gK5guBgJud4kWanMz%2FSNhxwfZAvf42z0fR7x9mfcB%2Fn%2F9b6qvlxcVlz5drdjrX6lCs1FBWiAlcynu%2BF%2BO3ANxZuKr1I9%2Bn4AE1ZgHvJoN0Zc7Dxh7qSBZ%2BcUF%2FiW%2B0Q%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: public, max-age=28800
cf-ray: 820d8cf888f95d9d-FRA
alt-svc: h3=":443"; ma=86400
expires: Sat, 04 Nov 2023 22:29:42 GMT

GET
H2 200 adtext.css
www.bestone-work.com/Content/css/ 859 B
605 B 584ms
579ms Stylesheet
text/css 2606:4700:3030::ac43:da23
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.bestone-work.com/Content/css/adtext.css
Requested by: Host: www.bestone-work.com
URL: https://www.bestone-work.com/doc_WFBmaC9HUTJhOThXemNIMkhHMlhRUT09?fbclid=IwAR2toTevgLsppj6JOZjrSHBFdjHyazS0QA9jX7BxsXQ8IfaeNDAa-hnA6Bs
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3030::ac43:da23 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / ASP.NET
Resource Hash: 06605ec7ba35ed117fdef019c170683bf260013053db236f81bac821a92fb03b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.bestone-work.com/doc_WFBmaC9HUTJhOThXemNIMkhHMlhRUT09?fbclid=IwAR2toTevgLsppj6JOZjrSHBFdjHyazS0QA9jX7BxsXQ8IfaeNDAa-hnA6Bs
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Sat, 04 Nov 2023 14:29:42 GMT
content-encoding: br
cf-cache-status: MISS
last-modified: Wed, 27 Sep 2023 01:29:20 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"d659aae2f0d91:0"
x-powered-by: ASP.NET
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ka8t9tvu8TFHoaLcIOjgXK%2FL5P2ZeLUhub44wm32UeTv%2Ft6KUfSgpoYobijwJv3gtWHh7n8axiQieKYZsMUMF7HNI8kXFdXwp5CzhK2jCHqIuTbcwsccMHIiwA901G9whJaMNv5%2FgpN9pUbOK0C2A9QiGw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: public, max-age=28800
cf-ray: 820d8cf888fb5d9d-FRA
alt-svc: h3=":443"; ma=86400
expires: Sat, 04 Nov 2023 22:29:42 GMT

GET
H2 200 openart.js Show response
www.bestone-work.com/Content/js/ 86 B
464 B 576ms
571ms Script
application/javascript 2606:4700:3030::ac43:da23
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.bestone-work.com/Content/js/openart.js
Requested by: Host: www.bestone-work.com
URL: https://www.bestone-work.com/doc_WFBmaC9HUTJhOThXemNIMkhHMlhRUT09?fbclid=IwAR2toTevgLsppj6JOZjrSHBFdjHyazS0QA9jX7BxsXQ8IfaeNDAa-hnA6Bs
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3030::ac43:da23 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / ASP.NET
Resource Hash: bfc29c17292ecabcf6ac3123497ef8e0684c078f1b2a58cdd65da41fc29b28fd

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.bestone-work.com/doc_WFBmaC9HUTJhOThXemNIMkhHMlhRUT09?fbclid=IwAR2toTevgLsppj6JOZjrSHBFdjHyazS0QA9jX7BxsXQ8IfaeNDAa-hnA6Bs
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Sat, 04 Nov 2023 14:29:42 GMT
content-encoding: br
cf-cache-status: MISS
last-modified: Wed, 22 Mar 2023 12:52:20 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"d27cbb23bd5cd91:0"
x-powered-by: ASP.NET
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BR1pXDnhttFT%2F8g1KHT%2BOGMQw5Xd2vqOVwD6vWfnRsaWjEJzkmB%2FL77oZkIGcZWDvD00U4ur130pwr8QN0Btxwt1%2FmCEFPcyCxJpWTIxBnnOf%2BPvq%2F31AEUEy523JcWSnDx8SVEKOiDKJY7PoB6qR4GSXA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=28800
cf-ray: 820d8cf888fd5d9d-FRA
alt-svc: h3=":443"; ma=86400
expires: Sat, 04 Nov 2023 22:29:42 GMT

GET
H/1.1 200
OK 34F5F7B5F4FCw1000h525.jpeg
cdn16.oss-accelerate.aliyuncs.com/ 60 KB
60 KB 1154ms
206ms Image
image/jpeg 47.254.187.184
ALIBABA-CN-NET Al...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn16.oss-accelerate.aliyuncs.com/34F5F7B5F4FCw1000h525.jpeg
Requested by: Host: www.bestone-work.com
URL: https://www.bestone-work.com/doc_WFBmaC9HUTJhOThXemNIMkhHMlhRUT09?fbclid=IwAR2toTevgLsppj6JOZjrSHBFdjHyazS0QA9jX7BxsXQ8IfaeNDAa-hnA6Bs
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 47.254.187.184 Frankfurt am Main, Germany, ASN45102 (ALIBABA-CN-NET Alibaba US Technology Co., Ltd., CN),
Reverse DNS
Software: AliyunOSS /
Resource Hash: b2c9199eb1d5e69e7986b06f54156e9d0a8d71895e8d2bc54c106ac20bc7733c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.bestone-work.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

Date: Sat, 04 Nov 2023 14:29:42 GMT
x-oss-request-id: 65465556F596847235D618CF
Content-MD5: gbh1tURrduYwGOhgSGZajw==
Content-Disposition: attachment
Connection: keep-alive
Content-Length: 60989
x-oss-object-type: Normal
Last-Modified: Thu, 02 Nov 2023 08:20:18 GMT
Server: AliyunOSS
ETag: "81B875B5446B76E63018E86048665A8F"
Content-Type: image/jpeg
x-oss-ec: 0048-00000110
x-oss-force-download: true
x-oss-storage-class: Standard
Accept-Ranges: bytes
x-oss-hash-crc64ecma: 2862757520148257034
x-oss-server-time: 1

GET
H2 200 7328BEB65F43.png
store.bestone-work.com/logo/2022-01-26/ 17 KB
18 KB 341ms
83ms Image
image/png 2606:4700:3035::6815:185c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://store.bestone-work.com/logo/2022-01-26/7328BEB65F43.png
Requested by: Host: www.bestone-work.com
URL: https://www.bestone-work.com/doc_WFBmaC9HUTJhOThXemNIMkhHMlhRUT09?fbclid=IwAR2toTevgLsppj6JOZjrSHBFdjHyazS0QA9jX7BxsXQ8IfaeNDAa-hnA6Bs
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3035::6815:185c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / ASP.NET
Resource Hash: 08b2bd2b7effe49331291e7f3ec75c72df1d9c224fac7c2159ea14676dcbfcab

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.bestone-work.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Sat, 04 Nov 2023 14:29:42 GMT
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-powered-by: ASP.NET
x-cache: HIT
alt-svc: h3=":443"; ma=86400
last-modified: Wed, 26 Jan 2022 03:47:39 GMT
server: cloudflare
etag: W/"a875df766712d81:0"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=g%2FdRMfWmoSLrih6tQsZ89nx9WsLRYSO4dpsKxhQ7mk1et4XK8BArCmn5wQ9%2BQFkAXNBuQAF%2Fob%2F5Qot4HzNiTsa%2FKyMiKKi9WX3A9eKkIA05avt88XkvT6VEmXJy3tPx9SmfGfleXPduBpjhek%2Bmi%2BM85owL"}],"group":"cf-nel","max_age":604800}
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=604800
cf-ray: 820d8cfa2d75695d-FRA
expires: Sat, 11 Nov 2023 14:29:42 GMT

GET
H2 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ 148 KB
51 KB 210ms
97ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-3098793998441432

Requested by

Host: www.bestone-work.com
URL: https://www.bestone-work.com/doc_WFBmaC9HUTJhOThXemNIMkhHMlhRUT09?fbclid=IwAR2toTevgLsppj6JOZjrSHBFdjHyazS0QA9jX7BxsXQ8IfaeNDAa-hnA6Bs

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8b90db0df4ed3b6cfda75691207c3757096bc6ce07e13875c27eff151cfe1ae6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bestone-work.com/
Origin: https://www.bestone-work.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Sat, 04 Nov 2023 14:29:42 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 52017
x-xss-protection: 0
server: cafe
etag: 9911990033515860785
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Sat, 04 Nov 2023 14:29:42 GMT

GET
H2 200 ysm_docilepuppy.js Show response
ad.sitemaji.com/ 41 KB
12 KB 159ms
49ms Script
application/javascript 35.186.215.140
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://ad.sitemaji.com/ysm_docilepuppy.js
Requested by: Host: www.bestone-work.com
URL: https://www.bestone-work.com/doc_WFBmaC9HUTJhOThXemNIMkhHMlhRUT09?fbclid=IwAR2toTevgLsppj6JOZjrSHBFdjHyazS0QA9jX7BxsXQ8IfaeNDAa-hnA6Bs
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.186.215.140 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 140.215.186.35.bc.googleusercontent.com
Software: nginx/1.12.1 (Ubuntu) /
Resource Hash: 63b41a8345664bf6831b001714dc902cd6f41a4d4ee5ef151a539d3b790e670e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.bestone-work.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Fri, 03 Nov 2023 16:46:31 GMT
content-encoding: br
via: 1.1 google
last-modified: Wed, 16 Aug 2023 03:01:27 GMT
server: nginx/1.12.1 (Ubuntu)
age: 78191
etag: W/"64dc3c07-a24f"
vary: Accept-Encoding,Accept-Encoding
content-type: application/javascript
cache-control: max-age=86400,public
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 12647
expires: Sat, 04 Nov 2023 16:46:31 GMT

GET
H2 200 0524713BE7CFw572h370.jpeg
store.bestone-work.com/uploads/20230915/52/ 42 KB
43 KB 83ms
71ms Image
image/jpeg 2606:4700:3035::6815:185c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://store.bestone-work.com/uploads/20230915/52/0524713BE7CFw572h370.jpeg
Requested by: Host: www.bestone-work.com
URL: https://www.bestone-work.com/doc_WFBmaC9HUTJhOThXemNIMkhHMlhRUT09?fbclid=IwAR2toTevgLsppj6JOZjrSHBFdjHyazS0QA9jX7BxsXQ8IfaeNDAa-hnA6Bs
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3035::6815:185c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / ASP.NET
Resource Hash: c6574baf3d3afd6abc938ef8e989bdce19e3019aa4a1972210a0011ff84df05a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.bestone-work.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Sat, 04 Nov 2023 14:29:42 GMT
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-powered-by: ASP.NET
x-cache: HIT
alt-svc: h3=":443"; ma=86400
last-modified: Fri, 15 Sep 2023 05:38:30 GMT
server: cloudflare
etag: W/"df70b5db96e7d91:0"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zNZP2p4%2B3arryUV0TujburFJ%2FIj62Ci6b%2FFIYSXYyefzSR%2BR2hYWtTcKgK%2FFNMWrgsJ3LjXIR5SvzlQEtjPwS8%2FTdPVpq5TF7HmlQi3MpcbunUqSFoCyqYdT2keFJVIXkdZzQV6fgxzg2j15IVwU9lvxVuSg"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=604800
cf-ray: 820d8cfabe2e695d-FRA
expires: Sat, 11 Nov 2023 14:29:42 GMT

GET
H2 200 B33C545B5615w640h438.jpeg
store.bestone-work.com/uploads/20230915/33/ 45 KB
45 KB 92ms
92ms Image
image/jpeg 2606:4700:3035::6815:185c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://store.bestone-work.com/uploads/20230915/33/B33C545B5615w640h438.jpeg
Requested by: Host: www.bestone-work.com
URL: https://www.bestone-work.com/doc_WFBmaC9HUTJhOThXemNIMkhHMlhRUT09?fbclid=IwAR2toTevgLsppj6JOZjrSHBFdjHyazS0QA9jX7BxsXQ8IfaeNDAa-hnA6Bs
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3035::6815:185c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / ASP.NET
Resource Hash: afa04a0b4926a1d3ae239a0d8d69c420c35c120e3e01aadb378313d8d7cbe12b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.bestone-work.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Sat, 04 Nov 2023 14:29:42 GMT
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-powered-by: ASP.NET
x-cache: HIT
alt-svc: h3=":443"; ma=86400
last-modified: Fri, 15 Sep 2023 05:38:30 GMT
server: cloudflare
etag: W/"df70b5db96e7d91:0"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=i%2FiVvD4Nsn5ltq7xe5MsNKGSjvPerj%2FqSgX7csEVQ7y0BoBtYTwkkDrcv8%2FpWNAQq7xwI2oqXaLAssL6dgz6FoSsU%2FMFCol4v5QsvUb%2F1KHcSMLgBx5C%2F4Xe4lJt5y8IpSlBLnNdLG%2FtQXJpIMRv1I620Xw5"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=604800
cf-ray: 820d8cfb3e86695d-FRA
expires: Sat, 11 Nov 2023 14:29:42 GMT

GET
H2 200 F64A0ECDB86Bw640h417.jpeg
store.bestone-work.com/uploads/20230915/64/ 39 KB
40 KB 75ms
73ms Image
image/jpeg 2606:4700:3035::6815:185c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://store.bestone-work.com/uploads/20230915/64/F64A0ECDB86Bw640h417.jpeg
Requested by: Host: www.bestone-work.com
URL: https://www.bestone-work.com/doc_WFBmaC9HUTJhOThXemNIMkhHMlhRUT09?fbclid=IwAR2toTevgLsppj6JOZjrSHBFdjHyazS0QA9jX7BxsXQ8IfaeNDAa-hnA6Bs
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3035::6815:185c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / ASP.NET
Resource Hash: 28bedc3842e6f1453823713085663a045e61cf21660c070058440b7ef1e7467b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.bestone-work.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Sat, 04 Nov 2023 14:29:42 GMT
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-powered-by: ASP.NET
x-cache: HIT
alt-svc: h3=":443"; ma=86400
last-modified: Fri, 15 Sep 2023 05:38:29 GMT
server: cloudflare
etag: W/"dbc347db96e7d91:0"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dG8EoKfGfMReleetkvGPYJ2JJBl8c2%2BJmLCTz%2BEcAyeNZu4ajZlqGdlPNnQFl9eVlq4arduxfbSfkf1UGuKPz5QYmttiwrMLiDt1tFn6govTW%2Fc0pgDYyN00NXYHcTbcInslrpKZpBT6C1YpRiYf50BZmEvP"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=604800
cf-ray: 820d8cfbdee1695d-FRA
expires: Sat, 11 Nov 2023 14:29:42 GMT

GET
H3 200 A619F20190F3w638h477.jpeg
store.bestone-work.com/uploads/20230915/61/ 40 KB
40 KB 140ms
134ms Image
image/jpeg 2606:4700:3035::6815:185c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://store.bestone-work.com/uploads/20230915/61/A619F20190F3w638h477.jpeg
Requested by: Host: www.bestone-work.com
URL: https://www.bestone-work.com/doc_WFBmaC9HUTJhOThXemNIMkhHMlhRUT09?fbclid=IwAR2toTevgLsppj6JOZjrSHBFdjHyazS0QA9jX7BxsXQ8IfaeNDAa-hnA6Bs
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3035::6815:185c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / ASP.NET
Resource Hash: 29260c7172efeca31b5ef3cb9081efd967770aae7c6d29277b3000083f280b19

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.bestone-work.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Sat, 04 Nov 2023 14:29:42 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 45292
x-powered-by: ASP.NET
x-cache: HIT
alt-svc: h3=":443"; ma=86400
last-modified: Fri, 15 Sep 2023 05:38:29 GMT
server: cloudflare
etag: W/"256145db96e7d91:0"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hFIwbGL7TLlYtGdfZPsX%2BEYRTzygTuaLsSDyql1%2Bpt8ZcOyUGTGHoGrpqC3TB3qjfZfNrq8f4qCy2ME9PYqAepAXnFqoqCVQRwWzOVA3OMHrEi7UvpRocpjdCDzJZoMIgPeakYA3D%2FeavHznfS9G9mtkLVAJ"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=604800
cf-ray: 820d8cfe59ca8c7b-EWR
expires: Sat, 11 Nov 2023 01:54:50 GMT

GET
H2 200 sdk.js Show response
connect.facebook.net/zh_TW/ 3 KB
2 KB 147ms
41ms Script
application/x-javascript 2a03:2880:f084:105:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/zh_TW/sdk.js

Requested by

Host: www.bestone-work.com
URL: https://www.bestone-work.com/doc_WFBmaC9HUTJhOThXemNIMkhHMlhRUT09?fbclid=IwAR2toTevgLsppj6JOZjrSHBFdjHyazS0QA9jX7BxsXQ8IfaeNDAa-hnA6Bs

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f084:105:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

0101af1899250179122776a2cf1418db051a0af2d7fd968b825189c2e4abcc7d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://www.bestone-work.com/
Origin: https://www.bestone-work.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
date: Sat, 04 Nov 2023 14:29:42 GMT
content-md5: mMzvkRBjX2wyYDJbgOtmkw==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 1687
reporting-endpoints
x-fb-debug: gRLtGZzhxnAXyIfkQjzB5eqq2anmp7e+GNTRDdRPZg7CcuW0wA/yGxVjgzSZEFCJUWwgd62woLTRKjNi9nPdBw==
x-fb-content-md5: dc2ed6d1e059fd4edc4f678bc1774247
cross-origin-opener-policy: same-origin-allow-popups
etag: "c3fe35620b0e9f885ebc7d4f1d6e0d55"
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: X-FB-Content-MD5
cache-control: public,max-age=1200,stale-while-revalidate=3600
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
timing-allow-origin: *
expires: Sat, 04 Nov 2023 14:34:29 GMT

GET
H3 200 F0F7DBB43163w843h474.jpeg
store.bestone-work.com/uploads/20231014/0F/ 50 KB
51 KB 394ms
388ms Image
image/jpeg 2606:4700:3035::6815:185c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://store.bestone-work.com/uploads/20231014/0F/F0F7DBB43163w843h474.jpeg
Requested by: Host: www.bestone-work.com
URL: https://www.bestone-work.com/doc_WFBmaC9HUTJhOThXemNIMkhHMlhRUT09?fbclid=IwAR2toTevgLsppj6JOZjrSHBFdjHyazS0QA9jX7BxsXQ8IfaeNDAa-hnA6Bs
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3035::6815:185c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / ASP.NET
Resource Hash: 2c65630576e69df9935d3fe565dc72e68b6542d3079a143e821a9a39d3081588

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.bestone-work.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Sat, 04 Nov 2023 14:29:42 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 45291
x-powered-by: ASP.NET
x-cache: HIT
alt-svc: h3=":443"; ma=86400
last-modified: Sat, 14 Oct 2023 08:54:18 GMT
server: cloudflare
etag: W/"d2996547cfed91:0"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=P2nGzAKnC374aPxGrtBsfQkrxZQXne3AtvqpcNmhC%2Bmm5N4XOn689h0v2EuKsgvKf1CARgBm9EMk4uRP9PYCX60QhgE6jAvhs%2FDSExmtTVjYMvFf0%2BXvslJMfMIrsinGvKSTtaE0JrIX3ENyLIpyxAmk8poH"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=604800
cf-ray: 820d8cfe59cc8c7b-EWR
expires: Sat, 11 Nov 2023 01:54:50 GMT

GET
H3 200 7EB90A7FB536w660h371.jpeg
store.bestone-work.com/uploads/20231025/EB/ 33 KB
34 KB 513ms
507ms Image
image/jpeg 2606:4700:3035::6815:185c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://store.bestone-work.com/uploads/20231025/EB/7EB90A7FB536w660h371.jpeg
Requested by: Host: www.bestone-work.com
URL: https://www.bestone-work.com/doc_WFBmaC9HUTJhOThXemNIMkhHMlhRUT09?fbclid=IwAR2toTevgLsppj6JOZjrSHBFdjHyazS0QA9jX7BxsXQ8IfaeNDAa-hnA6Bs
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3035::6815:185c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / ASP.NET
Resource Hash: a4cc3c53fbbf069b632ab9c5061d0ffb770b9961d3201d61bdf5a5373bf62833

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.bestone-work.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Sat, 04 Nov 2023 14:29:42 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 45291
x-powered-by: ASP.NET
x-cache: HIT
alt-svc: h3=":443"; ma=86400
last-modified: Wed, 25 Oct 2023 06:09:50 GMT
server: cloudflare
etag: W/"8cd6d8dc97da1:0"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7SYFAxTawJ9RysjJO4UcWFD7XyXnDW0tReiiaPE%2FcfulMEAxOpBqYDGH9pWuyH0zNdBNCLVrKoe1%2Fk84FpLoNQouhZkw%2FBVknU95M5%2FaAIi0ht2urkK3dujjloHogODmpsKZuhDkadYa4E88a%2FE9QvEqGUDq"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=604800
cf-ray: 820d8cfe59d08c7b-EWR
expires: Sat, 11 Nov 2023 01:54:50 GMT

GET
H3 200 937B793C4E59w1000h525.jpeg
store.bestone-work.com/uploads/20231028/37/ 26 KB
27 KB 514ms
508ms Image
image/jpeg 2606:4700:3035::6815:185c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://store.bestone-work.com/uploads/20231028/37/937B793C4E59w1000h525.jpeg
Requested by: Host: www.bestone-work.com
URL: https://www.bestone-work.com/doc_WFBmaC9HUTJhOThXemNIMkhHMlhRUT09?fbclid=IwAR2toTevgLsppj6JOZjrSHBFdjHyazS0QA9jX7BxsXQ8IfaeNDAa-hnA6Bs
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3035::6815:185c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / ASP.NET
Resource Hash: 6ebd60f817297373e7288405392bdacfc9dfa4be17c373e03edc5727d2cb9ff5

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.bestone-work.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Sat, 04 Nov 2023 14:29:42 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 45291
x-powered-by: ASP.NET
x-cache: HIT
alt-svc: h3=":443"; ma=86400
last-modified: Sat, 28 Oct 2023 05:17:56 GMT
server: cloudflare
etag: W/"442c201c5e9da1:0"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BXlbZtwLPoPax8oAXiVvdM36azQGbrx6FlIkCwojBkxIiBL%2FFjwrkkqr1wqreQZEc7z2%2FyUqrMtvC3bS1qf7c6EVKEOSdvicO0p2cW%2BI2c%2B6kVS11Ncno43vKDvut5ixrRZ3QFLBfQI8zZJ4%2BNxeopOBwXlM"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=604800
cf-ray: 820d8cfe59d18c7b-EWR
expires: Sat, 11 Nov 2023 01:54:50 GMT

GET
H3 200 0CC9B7D79D45w900h472.jpeg
store.bestone-work.com/uploads/20231003/CC/ 66 KB
67 KB 515ms
510ms Image
image/jpeg 2606:4700:3035::6815:185c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://store.bestone-work.com/uploads/20231003/CC/0CC9B7D79D45w900h472.jpeg
Requested by: Host: www.bestone-work.com
URL: https://www.bestone-work.com/doc_WFBmaC9HUTJhOThXemNIMkhHMlhRUT09?fbclid=IwAR2toTevgLsppj6JOZjrSHBFdjHyazS0QA9jX7BxsXQ8IfaeNDAa-hnA6Bs
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3035::6815:185c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / ASP.NET
Resource Hash: c5f6cbf9b4be48ebae52034fe59d6b2b8cd0688090b447d96263068628406e61

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.bestone-work.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Sat, 04 Nov 2023 14:29:42 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 45291
x-powered-by: ASP.NET
x-cache: HIT
alt-svc: h3=":443"; ma=86400
last-modified: Tue, 03 Oct 2023 08:46:52 GMT
server: cloudflare
etag: W/"48acba27d6f5d91:0"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ORlinAQr9AM9HtLIPwWwLvZs7i%2FPItN4f2FOPaoij3MBcS2o3V0V1gwkEfsuXw0%2BebJqLcGlQ%2BFf%2Bo3NeX6eg0Y7WpkjJ4Yw3wjB0xQww5b%2FSol5sREs%2BToNMHrtOc7gzRFLBRKE5O36lP63glaPFyWE05EA"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=604800
cf-ray: 820d8cfe59d28c7b-EWR
expires: Sat, 11 Nov 2023 01:54:50 GMT

GET
H3 200 48E4A60E81F5w864h486.jpeg
store.bestone-work.com/uploads/20231027/8E/ 76 KB
76 KB 635ms
630ms Image
image/jpeg 2606:4700:3035::6815:185c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://store.bestone-work.com/uploads/20231027/8E/48E4A60E81F5w864h486.jpeg
Requested by: Host: www.bestone-work.com
URL: https://www.bestone-work.com/doc_WFBmaC9HUTJhOThXemNIMkhHMlhRUT09?fbclid=IwAR2toTevgLsppj6JOZjrSHBFdjHyazS0QA9jX7BxsXQ8IfaeNDAa-hnA6Bs
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3035::6815:185c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / ASP.NET
Resource Hash: 493a339be0cd72f8ab32574b46183a12f91b97829ab1fbe755942814bbe96540

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.bestone-work.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Sat, 04 Nov 2023 14:29:42 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 45291
x-powered-by: ASP.NET
x-cache: HIT
alt-svc: h3=":443"; ma=86400
last-modified: Fri, 27 Oct 2023 03:17:45 GMT
server: cloudflare
etag: W/"b2218b27848da1:0"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=I4Mq9SDwrbVX0sXEJgw3IUKUXxeRH3gv0beOJeEXyC%2B3NZt31QvIV7hzGuEOjERh1vLserqlwE1BRlDbQmahpeIwvb8fky8Atjfzij1WZ4dICCZSUgICYvnRT7A3c20Mkb7i%2FKLAsAf1xJQ373RGyOkdr%2Bsf"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=604800
cf-ray: 820d8cfe59d38c7b-EWR
expires: Sat, 11 Nov 2023 01:54:50 GMT

GET
H3 200 7EB6B7F15795w1000h525.jpeg
store.bestone-work.com/uploads/20231028/EB/ 45 KB
45 KB 639ms
634ms Image
image/jpeg 2606:4700:3035::6815:185c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://store.bestone-work.com/uploads/20231028/EB/7EB6B7F15795w1000h525.jpeg
Requested by: Host: www.bestone-work.com
URL: https://www.bestone-work.com/doc_WFBmaC9HUTJhOThXemNIMkhHMlhRUT09?fbclid=IwAR2toTevgLsppj6JOZjrSHBFdjHyazS0QA9jX7BxsXQ8IfaeNDAa-hnA6Bs
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3035::6815:185c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / ASP.NET
Resource Hash: b88fc686d13496829c0f697839007050c9a52b3f8b82e1817f8b7041705287dc

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.bestone-work.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Sat, 04 Nov 2023 14:29:42 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 45291
x-powered-by: ASP.NET
x-cache: HIT
alt-svc: h3=":443"; ma=86400
last-modified: Sat, 28 Oct 2023 05:47:26 GMT
server: cloudflare
etag: W/"1a91293b629da1:0"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=XTmwtx168IdejNRmxsKXpMbJqbMqkeYsoyp3ym4Qbx%2Fl%2Bi2jTVQhOx1KYPT1s117vfHQp%2B7c8pCmmQIoIFjGmgcuMsH5qPaEqYe6%2BdiHOrqRvi%2FJtQGXDjlnn4fGbrly6Bd7UlJtbHGf4JOrwOBXOOEsMeR6"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=604800
cf-ray: 820d8cfe59d58c7b-EWR
expires: Sat, 11 Nov 2023 01:54:50 GMT

GET
H3 200 8434D6F805BBw726h445.jpeg
store.bestone-work.com/uploads/20231028/43/ 32 KB
32 KB 666ms
661ms Image
image/jpeg 2606:4700:3035::6815:185c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://store.bestone-work.com/uploads/20231028/43/8434D6F805BBw726h445.jpeg
Requested by: Host: www.bestone-work.com
URL: https://www.bestone-work.com/doc_WFBmaC9HUTJhOThXemNIMkhHMlhRUT09?fbclid=IwAR2toTevgLsppj6JOZjrSHBFdjHyazS0QA9jX7BxsXQ8IfaeNDAa-hnA6Bs
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3035::6815:185c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / ASP.NET
Resource Hash: 85d04ead155cc7b37238017bd4f23af84b45f10d6c578c24529bea41a8bcd653

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.bestone-work.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Sat, 04 Nov 2023 14:29:42 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 45291
x-powered-by: ASP.NET
x-cache: HIT
alt-svc: h3=":443"; ma=86400
last-modified: Sat, 28 Oct 2023 01:23:22 GMT
server: cloudflare
etag: W/"79aa7573d9da1:0"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6vz3kD8syHTeA5N3T8m2Qx%2BB4K9LKK2H6NhTCtXGFL3Wa8mZZYnTTfrlk%2Bzfb25cDvi3jLZuf4XAIZYsyVblnB4aHKsx9HKnA4gg1jTyDt2BQQ%2Fqrpa49F%2B9R0rEA%2FrirAaLhCpt8Vp1D0aiMKXNsFxQpbCJ"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=604800
cf-ray: 820d8cfe59d68c7b-EWR
expires: Sat, 11 Nov 2023 01:54:50 GMT

GET
H3 200 09D4F8A317C5w1000h525.jpeg
store.bestone-work.com/uploads/20231006/9D/ 72 KB
72 KB 762ms
756ms Image
image/jpeg 2606:4700:3035::6815:185c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://store.bestone-work.com/uploads/20231006/9D/09D4F8A317C5w1000h525.jpeg
Requested by: Host: www.bestone-work.com
URL: https://www.bestone-work.com/doc_WFBmaC9HUTJhOThXemNIMkhHMlhRUT09?fbclid=IwAR2toTevgLsppj6JOZjrSHBFdjHyazS0QA9jX7BxsXQ8IfaeNDAa-hnA6Bs
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3035::6815:185c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / ASP.NET
Resource Hash: 0638a3d76046a9dd12b7a4a135f27c633e6f484431a892d3d82e762d9ba80be7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.bestone-work.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Sat, 04 Nov 2023 14:29:42 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 45291
x-powered-by: ASP.NET
x-cache: HIT
alt-svc: h3=":443"; ma=86400
last-modified: Fri, 06 Oct 2023 06:07:41 GMT
server: cloudflare
etag: W/"63c286a1bf8d91:0"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2FLjiU4mWeddGkFnnhl1GF8KmrnI1XjUNaG6WWMK48vsH3Z8qiAwvidpLKfSxjo6g6uLJHum7sg1jdoZQu1IS75ZnHiuSAxNF%2FZBqnmVwZTHeeQdRuLyTsyJjl1QUzZDZVDeHLUp%2FX%2By5cMVuuf8yi4henjlD"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=604800
cf-ray: 820d8cfe59d78c7b-EWR
expires: Sat, 11 Nov 2023 01:54:50 GMT

GET
H3 200 34F5F7B5F4FCw1000h525.jpeg
store.bestone-work.com/uploads/20230915/4F/ 60 KB
60 KB 765ms
760ms Image
image/jpeg 2606:4700:3035::6815:185c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://store.bestone-work.com/uploads/20230915/4F/34F5F7B5F4FCw1000h525.jpeg
Requested by: Host: www.bestone-work.com
URL: https://www.bestone-work.com/doc_WFBmaC9HUTJhOThXemNIMkhHMlhRUT09?fbclid=IwAR2toTevgLsppj6JOZjrSHBFdjHyazS0QA9jX7BxsXQ8IfaeNDAa-hnA6Bs
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3035::6815:185c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / ASP.NET
Resource Hash: b2c9199eb1d5e69e7986b06f54156e9d0a8d71895e8d2bc54c106ac20bc7733c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.bestone-work.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Sat, 04 Nov 2023 14:29:42 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 45291
x-powered-by: ASP.NET
x-cache: HIT
alt-svc: h3=":443"; ma=86400
last-modified: Fri, 15 Sep 2023 05:38:29 GMT
server: cloudflare
etag: W/"e0cc9db96e7d91:0"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=24i9C5NA64Fv77%2BnS4%2FBhvce81tgGaaaEHRat7mNX%2FyELNW%2B8qZCf3gj3xIShgsbyXXgc9xboZssMgKjw4qmZEkRDd5wV3zCtzfOsleY3XwL3zoyycq6LJLl50HcGTVBZ%2BnVa35hJDknxmlRVx1py4EmSCFd"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=604800
cf-ray: 820d8cfe59d88c7b-EWR
expires: Sat, 11 Nov 2023 01:54:50 GMT

GET
H2 200 crypto-js.min.js Show response
cdnjs.cloudflare.com/ajax/libs/crypto-js/4.1.1/ 47 KB
14 KB 218ms
42ms Script
application/javascript 2606:4700::6811:190e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/crypto-js/4.1.1/crypto-js.min.js

Requested by

Host: www.bestone-work.com
URL: https://www.bestone-work.com/doc_WFBmaC9HUTJhOThXemNIMkhHMlhRUT09?fbclid=IwAR2toTevgLsppj6JOZjrSHBFdjHyazS0QA9jX7BxsXQ8IfaeNDAa-hnA6Bs

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:190e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8e3b0117f4df4be452c0b6af5b8f0a0acf9d4ade23d08d55d7e312af22077762

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.bestone-work.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Sat, 04 Nov 2023 14:29:42 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
age: 4313071
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 13972
last-modified: Sat, 14 Aug 2021 20:33:09 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "61182885-3694"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=IDYByCaqFi5kD8t9piHP3%2BEqAubmFD7b1rNAxfFYQNbXODI2cTRSXOB6OUs5V%2Bc3Zag8Eu8N0MbExFQnpFyvhA4%2Bh6TbqmsERe5VRJQsPOwNaiQl1nSX%2FJvHplQDdOc%2FdmlrTzd6FYo7WbyOJIiLYUDd"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 820d8cfd6d016925-FRA
expires: Thu, 24 Oct 2024 14:29:42 GMT

GET
H2

200

stat Show response
twstat.bestone-work.com/
Redirect Chain

https://www.bestone-work.com/xstat/moneystat
https://twstat.bestone-work.com/stat

6 KB
3 KB

464ms
435ms

Script
text/html

2606:4700:3035::6815:185c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://twstat.bestone-work.com/stat
Requested by: Host: www.bestone-work.com
URL: https://www.bestone-work.com/doc_WFBmaC9HUTJhOThXemNIMkhHMlhRUT09?fbclid=IwAR2toTevgLsppj6JOZjrSHBFdjHyazS0QA9jX7BxsXQ8IfaeNDAa-hnA6Bs
Protocol: H2
Server: 2606:4700:3035::6815:185c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / ASP.NET
Resource Hash: 087192fe5f6f1b398d5ec470ee5637a4a758f35789199e293163d2adaade2f17

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.bestone-work.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Sat, 04 Nov 2023 14:29:43 GMT
content-encoding: br
x-aspnetmvc-version: 5.2
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-aspnet-version: 4.0.30319
server: cloudflare
x-powered-by: ASP.NET
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BCOURC4%2BjDf3%2B36xJz7Crm%2B6u%2FXxUOW6gXri7JeM%2BIU54D%2Fz2SboM7ygx1Qhi0V2QWJwABUWiK0%2FAV0KDZ3oTSjZhxB2XSmBJYhbb8oz6GGnlgWxmxtklKrGCBzD1EdZb4FbaT%2BtpKCwqxvhtJx%2FpWEVB%2Bz%2FLA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/html; charset=utf-8
cache-control: private
cf-ray: 820d8d018b3c695d-FRA
alt-svc: h3=":443"; ma=86400

Redirect headers

date: Sat, 04 Nov 2023 14:29:43 GMT
x-aspnetmvc-version: 5.2
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-aspnet-version: 4.0.30319
server: cloudflare
x-powered-by: ASP.NET
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=IiIS4uLIyKPMRWMFRVPmlaPOKydf0VhXJ1V%2FokyODiVmo4MiZQZzENynL%2BC%2BrFhRYD1FQb6%2BZqp6775XJJ%2BTD0Km2Y6pisDh89KP%2Bv31fwHmi1s3UtapLGjeuD2y0Qv6grrOraVhD22gzmO59IgSofTanw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/html; charset=utf-8
location: https://twstat.bestone-work.com/stat
cache-control: private
cf-ray: 820d8cfdcfce37fc-FRA
alt-svc: h3=":443"; ma=86400

GET
H2

200

/ Show response
count.bestone-work.com/
Redirect Chain

https://www.bestone-work.com/xstat/index/2576
https://count.bestone-work.com/?2576

7 KB
2 KB

489ms
439ms

Script
text/javascript

2606:4700:3035::6815:185c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://count.bestone-work.com/?2576
Requested by: Host: www.bestone-work.com
URL: https://www.bestone-work.com/doc_WFBmaC9HUTJhOThXemNIMkhHMlhRUT09?fbclid=IwAR2toTevgLsppj6JOZjrSHBFdjHyazS0QA9jX7BxsXQ8IfaeNDAa-hnA6Bs
Protocol: H2
Server: 2606:4700:3035::6815:185c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / ASP.NET
Resource Hash: 51abb4cfae06c4cf82d0c8fc4523f67553e0653def18c05927d41e5bc5542909

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.bestone-work.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Sat, 04 Nov 2023 14:29:43 GMT
content-encoding: br
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
x-aspnet-version: 4.0.30319
x-powered-by: ASP.NET
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=EWozxHcJBM8nmz3FrduSHtrhYnXHib6U15B9rSX7LGktPk1ELKW%2FsFoAb63GQIK9CHzuY5bgkbK68pO0e7CaBzBUV%2FUknu61E1H2W0DN6WtbgynQjZ74PQY8catrnKTt9yY4zqH77JJxTC3lSS4KEBg2AhSB"}],"group":"cf-nel","max_age":604800}
content-type: text/javascript; charset=utf-8
p3p: CP=CAO PSA OUR
cache-control: public
cf-ray: 820d8d01eb97695d-FRA
alt-svc: h3=":443"; ma=86400
expires: Sat, 04 Nov 2023 14:34:43 GMT

Redirect headers

date: Sat, 04 Nov 2023 14:29:43 GMT
x-aspnetmvc-version: 5.2
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-aspnet-version: 4.0.30319
server: cloudflare
x-powered-by: ASP.NET
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rgQlR%2BLSrjTVysN13%2BChtESu2jiplSrZh6d2FAkAQe180%2B925Tmo%2BKenfgW6NRGHxQSvLMTsS369yTNJ8gKFNgD6x6nhMz3Zzy2lJnE9%2BTV6UTDKqYMGWqOm2UsmCZKxTl6o2C%2FMzIkzGRwXztw09KaFnA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/html; charset=utf-8
location: https://count.bestone-work.com?2576
cache-control: private
cf-ray: 820d8cfe087037fc-FRA
alt-svc: h3=":443"; ma=86400

GET
H2

200

ad Show response
popup.bestone-work.com/js/
Redirect Chain

https://www.bestone-work.com/xstat/pop/5141933
https://popup.bestone-work.com/js/ad?lang=zh&aid=5141933&host=www.bestone-work.com&type=1&count=0

5 KB
2 KB

468ms
441ms

Script
text/html

2606:4700:3035::6815:185c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://popup.bestone-work.com/js/ad?lang=zh&aid=5141933&host=www.bestone-work.com&type=1&count=0
Requested by: Host: www.bestone-work.com
URL: https://www.bestone-work.com/doc_WFBmaC9HUTJhOThXemNIMkhHMlhRUT09?fbclid=IwAR2toTevgLsppj6JOZjrSHBFdjHyazS0QA9jX7BxsXQ8IfaeNDAa-hnA6Bs
Protocol: H2
Server: 2606:4700:3035::6815:185c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / ASP.NET
Resource Hash: 7d82489396992f913b7017f29d5ba2ff5754cbc99cf552558bfe0db183d38d6a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.bestone-work.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Sat, 04 Nov 2023 14:29:43 GMT
content-encoding: br
x-aspnetmvc-version: 5.2
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-aspnet-version: 4.0.30319
server: cloudflare
x-powered-by: ASP.NET
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YSzz0N4q2G8G6P80TQE%2BYLsvLPVVZS%2BC3ufwVYSk1AiH%2BuBTPnEZuVHgEWlASaaE%2BKcvXcSJwvGe0oZ4obxedegxbRKnkrdMOjZsWCIudkUgxnjPsXKqHHlkHpjX2WA4p3r5QvWWOQra8qWTUwpz%2Bir0K9aO"}],"group":"cf-nel","max_age":604800}
content-type: text/html; charset=utf-8
cache-control: private
cf-ray: 820d8d021bcd695d-FRA
alt-svc: h3=":443"; ma=86400

Redirect headers

date: Sat, 04 Nov 2023 14:29:43 GMT
x-aspnetmvc-version: 5.2
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-aspnet-version: 4.0.30319
server: cloudflare
x-powered-by: ASP.NET
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=C2uVMc%2FHAlBDnBdPtmS7M9kf410ppOuFryUJ%2FQeemmgnZNEV76oEvf%2FDSdrY%2F7bfdWB6EtxXnD2jfZxegajTVbHi5Edt1arZxBMMO%2BpRMFou4PFHRHGfPr5N8Cerpu33duaJZPM%2FBUWWHQo96UOz4%2Fp9%2Bg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/html; charset=utf-8
location: https://popup.bestone-work.com/js/ad?lang=zh&aid=5141933&host=www.bestone-work.com&type=1&count=0
cache-control: private
cf-ray: 820d8cfe089537fc-FRA
alt-svc: h3=":443"; ma=86400

GET
H3 200 email-decode.min.js Show response
www.bestone-work.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/ 1 KB
1 KB 68ms
59ms Script
application/javascript 2606:4700:3030::ac43:da23
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bestone-work.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js

Requested by

Host: www.bestone-work.com
URL: https://www.bestone-work.com/doc_WFBmaC9HUTJhOThXemNIMkhHMlhRUT09?fbclid=IwAR2toTevgLsppj6JOZjrSHBFdjHyazS0QA9jX7BxsXQ8IfaeNDAa-hnA6Bs

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3030::ac43:da23 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.bestone-work.com/doc_WFBmaC9HUTJhOThXemNIMkhHMlhRUT09?fbclid=IwAR2toTevgLsppj6JOZjrSHBFdjHyazS0QA9jX7BxsXQ8IfaeNDAa-hnA6Bs
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Sat, 04 Nov 2023 14:29:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 24 Oct 2023 17:54:11 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"653804c3-4d7"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hciM1PmO%2F01uK1sZZ6t55Vuz%2BBFnIpWD%2BzLEJ%2BpGCoOcvXPUKZoVrWxisXoV55t1blOtX%2FuC3LL9WOYOE5wIcdUW3HyNy4hDQgQGGWI28W5A9ia2wYMwtHKJuaHFQVHCv5DvbIz%2B2SNZSuu4CagF8IPD4Q%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
x-frame-options: DENY
cache-control: max-age=172800, public
cf-ray: 820d8cfe089b37fc-FRA
expires: Mon, 06 Nov 2023 14:29:42 GMT

GET
H2 200 / Show response
www.scupio.net/kanglei/ 3 KB
2 KB 905ms
785ms Script
text/html 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.scupio.net/kanglei/
Requested by: Host: www.bestone-work.com
URL: https://www.bestone-work.com/doc_WFBmaC9HUTJhOThXemNIMkhHMlhRUT09?fbclid=IwAR2toTevgLsppj6JOZjrSHBFdjHyazS0QA9jX7BxsXQ8IfaeNDAa-hnA6Bs
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / PHP/5.3.9
Resource Hash: 5f04a67133e8d41a751e2030f0c3492cd7438868d74e850b94007eb12805e6d7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.bestone-work.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Sat, 04 Nov 2023 14:29:43 GMT
content-encoding: br
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
x-powered-by: PHP/5.3.9
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=n2O%2FLDAyZOiaJEG4gXUtE6h%2B0LS1Jecv21s3XP559vsTeS8P%2FWPR4Grj7PlEpCVI3bBH3Bi1p96s7l7j5cPm8q1Kyu1tKOujwTG0Fs2hdW4044XMq0HEUdMKbyyOrtBD6UGtVsDLvaMJXgLF8g%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/html; charset=utf-8
cf-ray: 820d8cfede940a4f-AMS
alt-svc: h3=":443"; ma=86400

GET
H3 200 jquery.lazyload.min.js Show response
cdnjs.cloudflare.com/ajax/libs/jquery_lazyload/1.9.7/ 3 KB
2 KB 93ms
46ms Script
application/javascript 2606:4700::6811:190e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/jquery_lazyload/1.9.7/jquery.lazyload.min.js

Requested by

Host: www.bestone-work.com
URL: https://www.bestone-work.com/doc_WFBmaC9HUTJhOThXemNIMkhHMlhRUT09?fbclid=IwAR2toTevgLsppj6JOZjrSHBFdjHyazS0QA9jX7BxsXQ8IfaeNDAa-hnA6Bs

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6811:190e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

80351098c2478918bb80008d7836499305bf6f4d4b2abf742b8823255bbb0d8e

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.bestone-work.com/
Origin: https://www.bestone-work.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Sat, 04 Nov 2023 14:29:42 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
age: 3369178
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 1120
last-modified: Mon, 04 May 2020 16:11:48 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb03ec4-d35"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0sGo%2FzwK84gFB%2FD7MYTTF0c4L4iNAr1uXEbnnXFJE24sw8njEa1BU8hQJIHpSkDyyCe2s5qPU2tjpnEtZMaJtdJgBncTbNctkz8lHf5cVvW3FbRiqyqMcOWzn97ILDdsHQAEBlJPKZ8x4adYWClI9F%2BL"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 820d8cfe490c4dc6-FRA
expires: Thu, 24 Oct 2024 14:29:42 GMT

GET
H2 200 loader.js Show response
cdn.taboola.com/libtrc/palmate-gyyplay/ 527 KB
57 KB 176ms
71ms Script
application/javascript 151.101.65.44
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.taboola.com/libtrc/palmate-gyyplay/loader.js
Requested by: Host: www.bestone-work.com
URL: https://www.bestone-work.com/doc_WFBmaC9HUTJhOThXemNIMkhHMlhRUT09?fbclid=IwAR2toTevgLsppj6JOZjrSHBFdjHyazS0QA9jX7BxsXQ8IfaeNDAa-hnA6Bs
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.65.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: 4f1af668bb4d7e34e715c0903ce2bdf1c69976f73b0cfa55e55b27d5f54e94b6

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.bestone-work.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

x-amz-version-id: ULlQeH4FEwQcQp7gngOEGR3AbDa_2mcD
content-encoding: gzip
via: 1.1 varnish
date: Sat, 04 Nov 2023 14:29:42 GMT
x-amz-request-id: BY66NZXQZ4HK46QW
age: 0
x-amz-server-side-encryption: AES256
x-cache: MISS
x-from-cache: 1
x-envoy-upstream-service-time: 8
x-amz-replication-status: FAILED
content-length: 57425
x-amz-id-2: BAXaaT8XxJgWVYgWq+QRQttxE98RnKBLpSERgcJkL0tLMYS44pEdk81t2oA65n/K8wD0h4LM3ls=
x-served-by: cache-fra-eddf8230081-FRA
last-modified: Sat, 04 Nov 2023 14:29:42 UTC
server: nginx
x-timer: S1699108183.831572,VS0,VE28
etag: "e13dcb53d483a2c3051c8084a89c780552d52a18"
vary: Accept-Encoding, Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
abp: 21
cache-control: private,max-age=14400
accept-ranges: bytes
x-cache-hits: 0

GET
H3 200 gmifr_lei.html Show response
www.bestone-work.com/ Frame 2959 1 KB
1 KB 621ms
616ms Document
text/html 2606:4700:3030::ac43:da23
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.bestone-work.com/gmifr_lei.html
Requested by: Host: www.bestone-work.com
URL: https://www.bestone-work.com/doc_WFBmaC9HUTJhOThXemNIMkhHMlhRUT09?fbclid=IwAR2toTevgLsppj6JOZjrSHBFdjHyazS0QA9jX7BxsXQ8IfaeNDAa-hnA6Bs
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3030::ac43:da23 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / ASP.NET
Resource Hash: c950bdb3171907dd6adc02a07023992f892095f78f251750ebbb01ff386282ac

Request headers

Referer: https://www.bestone-work.com/doc_WFBmaC9HUTJhOThXemNIMkhHMlhRUT09?fbclid=IwAR2toTevgLsppj6JOZjrSHBFdjHyazS0QA9jX7BxsXQ8IfaeNDAa-hnA6Bs
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cache-control: private
cf-cache-status: DYNAMIC
cf-ray: 820d8cfe08a237fc-FRA
content-encoding: br
content-type: text/html; charset=utf-8
date: Sat, 04 Nov 2023 14:29:43 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Db%2FOHAyN0JcM4UVt4MGuJ7vgQTmMZ4uZj8eacFtmASHzJtrcuGcK%2F8RI16Nls9Gn73FUUQX3DiTUDwtj%2FJfEceGs2b0jdh0NdFgAYURxNUoyGNR52MteL2u40rIEulIJY%2BvmOgdIUCLH2SbR%2FTE70tbyxA%3D%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
x-aspnet-version: 4.0.30319
x-aspnetmvc-version: 5.2
x-powered-by: ASP.NET

GET
H2 200 ysm_docilepuppy.js Show response
ad.sitemaji.com/ 41 KB
13 KB 148ms
42ms Script
application/javascript 35.186.215.140
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://ad.sitemaji.com/ysm_docilepuppy.js
Requested by: Host: www.bestone-work.com
URL: https://www.bestone-work.com/doc_WFBmaC9HUTJhOThXemNIMkhHMlhRUT09?fbclid=IwAR2toTevgLsppj6JOZjrSHBFdjHyazS0QA9jX7BxsXQ8IfaeNDAa-hnA6Bs
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.186.215.140 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 140.215.186.35.bc.googleusercontent.com
Software: nginx/1.12.1 (Ubuntu) /
Resource Hash: 63b41a8345664bf6831b001714dc902cd6f41a4d4ee5ef151a539d3b790e670e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.bestone-work.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Fri, 03 Nov 2023 16:46:31 GMT
content-encoding: br
via: 1.1 google
last-modified: Wed, 16 Aug 2023 03:01:27 GMT
server: nginx/1.12.1 (Ubuntu)
age: 78191
etag: W/"64dc3c07-a24f"
vary: Accept-Encoding,Accept-Encoding
content-type: application/javascript
cache-control: max-age=86400,public
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 12647
expires: Sat, 04 Nov 2023 16:46:31 GMT

GET
H3 200 scrolldepth_tw.js Show response
www.bestone-work.com/Content/js/ 1 KB
962 B 612ms
608ms Script
application/javascript 2606:4700:3030::ac43:da23
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.bestone-work.com/Content/js/scrolldepth_tw.js?r=0.38853537516875836
Requested by: Host: www.bestone-work.com
URL: https://www.bestone-work.com/doc_WFBmaC9HUTJhOThXemNIMkhHMlhRUT09?fbclid=IwAR2toTevgLsppj6JOZjrSHBFdjHyazS0QA9jX7BxsXQ8IfaeNDAa-hnA6Bs
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3030::ac43:da23 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / ASP.NET
Resource Hash: 40741befbc3c09b5f0fb087cb0183ac25824ca837eab7276267719669461474b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.bestone-work.com/doc_WFBmaC9HUTJhOThXemNIMkhHMlhRUT09?fbclid=IwAR2toTevgLsppj6JOZjrSHBFdjHyazS0QA9jX7BxsXQ8IfaeNDAa-hnA6Bs
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Sat, 04 Nov 2023 14:29:43 GMT
content-encoding: br
cf-cache-status: MISS
last-modified: Wed, 22 Mar 2023 12:07:21 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"1356ddbb65cd91:0"
x-powered-by: ASP.NET
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HYqXuzd08WrQhsWQ7dyLXeDBZdiDyydQjLuIos%2BfbVKLxXqAgHg3ElikQ3mQIo1Wl7sjpBnEwGyPN82DpA7gnawQxNIh2njbLHyKUo62hKXeEIdIzjhNgoKZ478fkjmdsHpMdRoU9iHQBzurreiecAnoxQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=28800
cf-ray: 820d8cfe08a437fc-FRA
alt-svc: h3=":443"; ma=86400
expires: Sat, 04 Nov 2023 22:29:43 GMT

GET
H2 200 plugin.min.js Show response
static.dable.io/dist/ 90 KB
24 KB 214ms
47ms Script
application/javascript 92.123.150.201
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://static.dable.io/dist/plugin.min.js
Requested by: Host: www.bestone-work.com
URL: https://www.bestone-work.com/doc_WFBmaC9HUTJhOThXemNIMkhHMlhRUT09?fbclid=IwAR2toTevgLsppj6JOZjrSHBFdjHyazS0QA9jX7BxsXQ8IfaeNDAa-hnA6Bs
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 92.123.150.201 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a92-123-150-201.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: ff2819f882317412b7579aefcdf767d51b5e4f1e231dbc9e50aeefde4507eede

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.bestone-work.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

x-amz-version-id: cjy03xRwzptr4f4YrsrLsskJ9RIDUy3h
content-encoding: br
date: Sat, 04 Nov 2023 14:29:42 GMT
last-modified: Mon, 30 Oct 2023 00:55:21 GMT
server: nginx
x-amz-request-id: NKJ4R2WPMK0MAR5E
etag: W/"6c78c7dbc348c9a011a7719cb56245a2"
x-amz-server-side-encryption: AES256
content-type: application/javascript; charset=utf-8
cache-control: public, max-age=42614
content-length: 24209
x-amz-id-2: Npq6V8UkKh6jXT9sYsfsnyvuwiZLFTgAW2Cca4lKhOqvuF2BoMzCIbPxXioTi9rTQ7fOlpp6IOE=

GET
H2 200 lift_widget.js Show response
nt.compass-fit.jp/ 79 KB
17 KB 1577ms
534ms Script
text/javascript 13.230.48.250
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://nt.compass-fit.jp/lift_widget.js?adspot_id=4300666
Requested by: Host: www.bestone-work.com
URL: https://www.bestone-work.com/doc_WFBmaC9HUTJhOThXemNIMkhHMlhRUT09?fbclid=IwAR2toTevgLsppj6JOZjrSHBFdjHyazS0QA9jX7BxsXQ8IfaeNDAa-hnA6Bs
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.230.48.250 Tokyo, Japan, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-13-230-48-250.ap-northeast-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 5b6d2a705d32a2210991e821dba60a25bdf8a34b5e1beefa832c563b50edbdb5

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.bestone-work.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 04 Nov 2023 14:29:43 GMT
content-encoding: gzip
server: nginx
vary: Accept-Encoding
p3p: CP="NOI DSP COR NID DEVa PSAa PSDo OUR SAMa STP PRE STA UNI NAV COM"
content-type: text/javascript
cache-control: private, no-cache, no-cache="Set-Cookie", proxy-revalidate

GET
H3 200 gmifr_lei.html Show response
www.bestone-work.com/ Frame 9CBA 1 KB
1 KB 567ms
564ms Document
text/html 2606:4700:3030::ac43:da23
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.bestone-work.com/gmifr_lei.html
Requested by: Host: www.bestone-work.com
URL: https://www.bestone-work.com/doc_WFBmaC9HUTJhOThXemNIMkhHMlhRUT09?fbclid=IwAR2toTevgLsppj6JOZjrSHBFdjHyazS0QA9jX7BxsXQ8IfaeNDAa-hnA6Bs
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3030::ac43:da23 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / ASP.NET
Resource Hash: c950bdb3171907dd6adc02a07023992f892095f78f251750ebbb01ff386282ac

Request headers

Referer: https://www.bestone-work.com/doc_WFBmaC9HUTJhOThXemNIMkhHMlhRUT09?fbclid=IwAR2toTevgLsppj6JOZjrSHBFdjHyazS0QA9jX7BxsXQ8IfaeNDAa-hnA6Bs
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cache-control: private
cf-cache-status: DYNAMIC
cf-ray: 820d8cfe08a637fc-FRA
content-encoding: br
content-type: text/html; charset=utf-8
date: Sat, 04 Nov 2023 14:29:43 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9URTaXXoZOhG5GXz0PJmTJQWAynUECxIORW6qbYRUsgwr2RV7BYiHOoqsLHNswyEujwH3LEIys%2FTeM2PIe%2FAbfY5toCJc18ZAlBU32gB6bnhaBoGbtm%2Fgdp%2FAh4UXRNr0w88zb2znW9YySTN6ssraA1GIA%3D%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
x-aspnet-version: 4.0.30319
x-aspnetmvc-version: 5.2
x-powered-by: ASP.NET

GET
H3 200 gmifr_lei.html Show response
www.bestone-work.com/ Frame C32F 1 KB
1 KB 617ms
615ms Document
text/html 2606:4700:3030::ac43:da23
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.bestone-work.com/gmifr_lei.html
Requested by: Host: www.bestone-work.com
URL: https://www.bestone-work.com/doc_WFBmaC9HUTJhOThXemNIMkhHMlhRUT09?fbclid=IwAR2toTevgLsppj6JOZjrSHBFdjHyazS0QA9jX7BxsXQ8IfaeNDAa-hnA6Bs
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3030::ac43:da23 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / ASP.NET
Resource Hash: c950bdb3171907dd6adc02a07023992f892095f78f251750ebbb01ff386282ac

Request headers

Referer: https://www.bestone-work.com/doc_WFBmaC9HUTJhOThXemNIMkhHMlhRUT09?fbclid=IwAR2toTevgLsppj6JOZjrSHBFdjHyazS0QA9jX7BxsXQ8IfaeNDAa-hnA6Bs
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cache-control: private
cf-cache-status: DYNAMIC
cf-ray: 820d8cfe08aa37fc-FRA
content-encoding: br
content-type: text/html; charset=utf-8
date: Sat, 04 Nov 2023 14:29:43 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=h%2Bao0PhvwrhYMs%2BAQFswbYU77hNLatyoEb%2FrfekeDeNW%2Fpk6vDKos%2Fgz1uC1UHNj4HifMauJ6WGj1MNWJ%2F6l0I2CzRdn7AR6TXJRF6ZXZHOD%2BGGLghisekk7KlfFstx3JxwVhZvsLokI%2FAHbtRKptMWmLA%3D%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
x-aspnet-version: 4.0.30319
x-aspnetmvc-version: 5.2
x-powered-by: ASP.NET

GET
H3 200 fontawesome-webfont.woff2
www.bestone-work.com/Content/zc002_cn/fonts/ 75 KB
76 KB 571ms
571ms Font
application/x-font-woff2 2606:4700:3030::ac43:da23
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.bestone-work.com/Content/zc002_cn/fonts/fontawesome-webfont.woff2
Requested by: Host: www.bestone-work.com
URL: https://www.bestone-work.com/Content/zc002_cn/css/min.css
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3030::ac43:da23 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / ASP.NET
Resource Hash: 2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe

Request headers

Referer: https://www.bestone-work.com/Content/zc002_cn/css/min.css
Origin: https://www.bestone-work.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Sat, 04 Nov 2023 14:29:43 GMT
cf-cache-status: REVALIDATED
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-powered-by: ASP.NET
alt-svc: h3=":443"; ma=86400
content-length: 77160
last-modified: Wed, 22 Mar 2023 12:07:26 GMT
server: cloudflare
etag: "f827dcddb65cd91:0"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GkakAEhWsUUQYfRuqlrdKt73gtYyuf7X%2FeT90PoFxScmttdhSj6VEhuPkSi8%2B8jPd09CEG0aCM9OXXI1Qc1IW3R%2F%2BFQI5JdJMldkMJW8LCFN169n1mz0q%2BWF8%2FYjIKcUChSdVaj6pKajjwiiBT3NghBFpg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/x-font-woff2
cache-control: public, max-age=28800
accept-ranges: bytes
cf-ray: 820d8cfe18b337fc-FRA
expires: Sat, 04 Nov 2023 22:29:43 GMT

GET
H2 200 sdk.js Show response
connect.facebook.net/zh_TW/ 303 KB
87 KB 60ms
57ms Script
application/x-javascript 2a03:2880:f084:105:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/zh_TW/sdk.js?hash=d7d7464528a456bd73b30d9baf6afe52

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/zh_TW/sdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f084:105:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

eb7d3ae243205232e48dd153d96631030226ca8719c1352f395a46e377276758

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://www.bestone-work.com/
Origin: https://www.bestone-work.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
date: Sat, 04 Nov 2023 14:29:42 GMT
content-md5: W4eDPmU8GneP4pXNAo5csg==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 88502
reporting-endpoints
x-fb-debug: f/SLU69zb70r+hK0ByIeOLS1yCWqHBbBiYtng4OAw88AQN85K5UegQMFcm/1W+oTDTi/oaTKGo5kwPeXFOxh2w==
x-fb-content-md5: 61cbc2372bdb5bd4b40c34cc1aaa6158
cross-origin-opener-policy: same-origin-allow-popups
etag: "5bc69bf1e89a0859943c9fa64715bcc6"
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: X-FB-Content-MD5
cache-control: public,max-age=31536000,stale-while-revalidate=3600,immutable
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
timing-allow-origin: *
expires: Sun, 03 Nov 2024 13:19:11 GMT

GET
H2 200 impl.20231026-7-RELEASE.js Show response
cdn.taboola.com/libtrc/ 814 KB
169 KB 59ms
58ms Script
application/javascript 151.101.65.44
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.taboola.com/libtrc/impl.20231026-7-RELEASE.js
Requested by: Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/palmate-gyyplay/loader.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.65.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3-br /
Resource Hash: 7800e3c307c07f97cd107a04d57cb6677817d306ac584f5ea752507580460ecd

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.bestone-work.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

x-amz-version-id: GPZDFjjWSy3DhCggTNa1mL7dkkadWjQ7
content-encoding: br
via: 1.1 varnish
date: Sat, 04 Nov 2023 14:29:43 GMT
x-amz-request-id: VZFGC8359BVKSVD6
age: 15584
x-amz-server-side-encryption: AES256
x-cache: HIT
content-length: 172502
x-amz-id-2: t1gTCaGz4uky89uR4Db3jrRYY0rHGvgNQamE07UtbQyIQLiCX0dmJN02DEihjZUQDS/z+csym+U=
x-served-by: cache-fra-eddf8230081-FRA
last-modified: Thu, 26 Oct 2023 09:58:50 GMT
server: AmazonS3-br
x-timer: S1699108183.028385,VS0,VE1
etag: "2360df86d9f30659043fb748ff4e84af"
vary: Accept-Encoding
content-type: application/javascript
abp: 80
access-control-allow-origin: *
cache-control: private,max-age=31536000
accept-ranges: bytes
x-cache-hits: 1

GET
H3 200 show_ads_impl_with_ama_fy2021.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202310310101/ 399 KB
135 KB 193ms
106ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202310310101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-3098793998441432&plah=www.bestone-work.com&bust=31079355

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-3098793998441432

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

710bb217cd880d6fcedb2223e6bbc9b67fcb75da4b0e72475fa2ead91bcd9ebb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.bestone-work.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Sat, 04 Nov 2023 14:29:43 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 138239
x-xss-protection: 0
server: cafe
etag: 15048832039830254584
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Sat, 04 Nov 2023 14:29:43 GMT

GET
H2 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20231101/r20190131/ Frame A073 10 KB
5 KB 142ms
39ms Document
text/html 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20231101/r20190131/zrt_lookup.html

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-3098793998441432

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

626c65063bcb00fcc4574cffc418820fc209794a0519ec1e65931896c79a6ee1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bestone-work.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 18213
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4502
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sat, 04 Nov 2023 09:26:10 GMT
etag: 251720774729838433
expires: Sat, 18 Nov 2023 09:26:10 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 prefs2 Show response
api.dable.io/plugin/services/sddmovie.com%2Fpal-mate/ 934 B
1 KB 892ms
270ms Script
text/javascript 3.36.201.146
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://api.dable.io/plugin/services/sddmovie.com%2Fpal-mate/prefs2?uid=&tcfapiSet=0&gdpr=0&callback=dbljson1

Requested by

Host: static.dable.io
URL: https://static.dable.io/dist/plugin.min.js

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

3.36.201.146 Incheon, Korea, Republic Of, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-36-201-146.ap-northeast-2.compute.amazonaws.com

Software

nginx /

Resource Hash

d63d895fd45bffb8bb40d2c4333961ee680df90284f36cdcbd9eaf00ad2baea2

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.bestone-work.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Sat, 04 Nov 2023 14:29:43 GMT
content-encoding: br
x-content-type-options: nosniff
server: nginx
etag: W/"3a6-HRLZqiwRDSHrK4YHh9XGa5wYArw"
content-type: text/javascript; charset=utf-8

GET
H2 200 sync Show response
gum.criteo.com/ 46 B
288 B 174ms
40ms Script
text/javascript 2a02:2638:3::c
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://gum.criteo.com/sync?c=72&r=2&j=TRC.getRTUS

Requested by

Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/impl.20231026-7-RELEASE.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::c , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

189b8ed64093b12937354b2ef71ccf1df59690d90432241a10fe1cb25000acba

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.bestone-work.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Sat, 04 Nov 2023 14:29:42 GMT
strict-transport-security: max-age=31536000; preload;
content-encoding: gzip
server: Kestrel
vary: Accept-Encoding
content-type: text/javascript; charset=utf-8
cache-control: private, max-age=3600
server-processing-duration-in-ticks: 254820
expires: 60

GET
H2 200 json Show response
trc.taboola.com/palmate-gyyplay/trc/3/ 31 B
420 B 66ms
54ms XHR
text/plain 151.101.65.44
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://trc.taboola.com/palmate-gyyplay/trc/3/json?tim=15%3A29%3A43.212&lti=deflated&data=%7B%22id%22%3A902%2C%22ii%22%3A%22%2Fdoc_wfbmac9hutjhotldrfdgd2u0rzy2ut09%22%2C%22it%22%3A%22text%22%2C%22sd%22%3Anull%2C%22ui%22%3Anull%2C%22uifp%22%3Anull%2C%22lbt%22%3A1698567507362%2C%22vi%22%3A1699108183208%2C%22cv%22%3A%2220231026-7-RELEASE%22%2C%22uiv%22%3A%22default%22%2C%22u%22%3A%22https%3A%2F%2Fwww.bestone-work.com%2Fdoc_WFBmaC9HUTJhOTlDRFdGd2U0RzY2UT09%22%2C%22bv%22%3A%220%22%2C%22wc%22%3Atrue%2C%22ul%22%3A%5B%22en-US%22%2C%22en%22%5D%2C%22uad%22%3A%7B%22mobile%22%3Afalse%2C%22model%22%3A%22%22%2C%22platform%22%3A%22%22%2C%22platformVersion%22%3A%22%22%2C%22uaFullVersion%22%3A%22%22%7D%2C%22btv%22%3A%220%22%2C%22cos%22%3A%224g%22%2C%22bu%22%3A%22https%3A%2F%2Fwww.bestone-work.com%2Fdoc_WFBmaC9HUTJhOThXemNIMkhHMlhRUT09%3Ffbclid%3DIwAR2toTevgLsppj6JOZjrSHBFdjHyazS0QA9jX7BxsXQ8IfaeNDAa-hnA6Bs%22%2C%22vpi%22%3A%22%2Fdoc_wfbmac9hutjhothxemnimkhhmlhrut09%22%2C%22bad%22%3A-1%2C%22sw%22%3A1600%2C%22sh%22%3A1200%2C%22bw%22%3A1600%2C%22sde%22%3A%221.000%22%2C%22bh%22%3A1200%2C%22dw%22%3A1600%2C%22dh%22%3A4824%2C%22qs%22%3A%22%3Ffbclid%3DIwAR2toTevgLsppj6JOZjrSHBFdjHyazS0QA9jX7BxsXQ8IfaeNDAa-hnA6Bs%22%2C%22r%22%3A%5B%7B%22li%22%3A%22rbox-t2m%22%2C%22s%22%3A6%2C%22uim%22%3A%22alternating-thumbnails-a%3Aabp%3D0%22%2C%22uip%22%3A%22Below%20Article%20Feed%22%2C%22orig_uip%22%3A%22Below%20Article%20Feed%22%2C%22cd%22%3A4794.015625%2C%22mw%22%3A810%7D%5D%2C%22cacheKey%22%3A%22text%3D%2Fdoc_wfbmac9hutjhotldrfdgd2u0rzy2ut09%2CBelow%20Article%20Feed%3Dalternating-thumbnails-a%3Aabp%3D0%22%2C%22cb%22%3A%22TRC.callbacks.recommendations_1%22%2C%22lt%22%3A%22deflated%22%7D&llvl=2
Requested by: Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/impl.20231026-7-RELEASE.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.65.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: ef3b2092c6bd1a3a6855b7a3a0d67951f0b7cd1678bbcfe563226bfe8a2b9126

Request headers

Referer: https://www.bestone-work.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36
Content-Type: text/plain

Response headers

x-vcl-time-ms: 11
date: Sat, 04 Nov 2023 14:29:43 GMT
content-encoding: gzip
via: 1.1 varnish
x-fastly-to-nlb-rtt: 7201
x-cache: MISS
p3p: policyref="http://trc.taboola.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
x-service-version: v1
x-served-by: cache-fra-eddf8230081-FRA
x-log-content-encoding: gzip
server: nginx
x-timer: S1699108183.242796,VS0,VE11
vary: Accept-Encoding
content-type: text/plain;charset=utf-8
access-control-allow-origin: https://www.bestone-work.com
access-control-allow-credentials: true
accept-ranges: bytes
x-cache-hits: 0

GET
H2 200 / Show response
static.intentarget.com/track/kangleigm/ Frame 9CBA 2 KB
926 B 692ms
585ms Script
text/html 2606:4700:3031::ac43:d208
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://static.intentarget.com/track/kangleigm/
Requested by: Host: www.bestone-work.com
URL: https://www.bestone-work.com/gmifr_lei.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3031::ac43:d208 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 01be87bdd44ea4a83a27e27b216a98a911ebbe58a05836e91e10f13a54578f09

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.bestone-work.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Sat, 04 Nov 2023 14:29:43 GMT
content-encoding: br
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6Ny8Huqb0dQyeay2vjBAK0%2B6bAcU2Zivc0SXgn3w%2FYpFaEKbIYA9wLLeJL6tYas%2B8Qaa3CGH6eBarrhYhUYBIWtMdLv0%2FrCTJ%2BLvXBwK57AjDiqyVEKzr73XdVZh3WUriPQ08nVrtXOHr1AFHG4q2gdO8c07"}],"group":"cf-nel","max_age":604800}
content-type: text/html; charset=utf-8
cf-ray: 820d8d024ac40410-FRA
alt-svc: h3=":443"; ma=86400

GET
H2 204 debug
trc-events.taboola.com/palmate-gyyplay/log/2/ 0
89 B 198ms
43ms Image
text/plain 141.226.228.48
TABOOLA-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://trc-events.taboola.com/palmate-gyyplay/log/2/debug?tim=15%3A29%3A43.284&type=error&msg=Server%20did%20not%20respond%20to%20loadRBox&llvl=2&id=706&cv=20231026-7-RELEASE&lt=deflated&pct=1
Requested by: Host: www.bestone-work.com
URL: https://www.bestone-work.com/doc_WFBmaC9HUTJhOThXemNIMkhHMlhRUT09?fbclid=IwAR2toTevgLsppj6JOZjrSHBFdjHyazS0QA9jX7BxsXQ8IfaeNDAa-hnA6Bs
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 141.226.228.48 , Netherlands, ASN200478 (TABOOLA-AS, IL),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.bestone-work.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Sat, 04 Nov 2023 14:29:43 GMT
access-control-allow-credentials: true
server: nginx
x-fastly-to-nlb-rtt: 41819

GET
H2 204 debug
trc-events.taboola.com/palmate-gyyplay/log/2/ 0
90 B 197ms
42ms Image
text/plain 141.226.228.48
TABOOLA-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://trc-events.taboola.com/palmate-gyyplay/log/2/debug?tim=15%3A29%3A43.286&type=error&msg=loadRBox%20failed%2C%20aborting.&llvl=2&id=2354&cv=20231026-7-RELEASE&lt=deflated&pct=1
Requested by: Host: www.bestone-work.com
URL: https://www.bestone-work.com/doc_WFBmaC9HUTJhOThXemNIMkhHMlhRUT09?fbclid=IwAR2toTevgLsppj6JOZjrSHBFdjHyazS0QA9jX7BxsXQ8IfaeNDAa-hnA6Bs
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 141.226.228.48 , Netherlands, ASN200478 (TABOOLA-AS, IL),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.bestone-work.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Sat, 04 Nov 2023 14:29:43 GMT
access-control-allow-credentials: true
server: nginx
x-fastly-to-nlb-rtt: 41819

GET
H2 204 debug
trc-events.taboola.com/palmate-gyyplay/log/2/ 0
89 B 197ms
43ms Image
text/plain 141.226.228.48
TABOOLA-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://trc-events.taboola.com/palmate-gyyplay/log/2/debug?tim=15%3A29%3A43.286&type=warn&msg=Invalid%20ajax%20response%20from%20server&llvl=2&id=3232&cv=20231026-7-RELEASE&lt=deflated&pct=1
Requested by: Host: www.bestone-work.com
URL: https://www.bestone-work.com/doc_WFBmaC9HUTJhOThXemNIMkhHMlhRUT09?fbclid=IwAR2toTevgLsppj6JOZjrSHBFdjHyazS0QA9jX7BxsXQ8IfaeNDAa-hnA6Bs
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 141.226.228.48 , Netherlands, ASN200478 (TABOOLA-AS, IL),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.bestone-work.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Sat, 04 Nov 2023 14:29:43 GMT
access-control-allow-credentials: true
server: nginx
x-fastly-to-nlb-rtt: 41819

GET
H2 200 / Show response
static.intentarget.com/track/kangleigm/ Frame 2959 2 KB
1 KB 630ms
571ms Script
text/html 2606:4700:3031::ac43:d208
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://static.intentarget.com/track/kangleigm/
Requested by: Host: www.bestone-work.com
URL: https://www.bestone-work.com/gmifr_lei.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3031::ac43:d208 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 01be87bdd44ea4a83a27e27b216a98a911ebbe58a05836e91e10f13a54578f09

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.bestone-work.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Sat, 04 Nov 2023 14:29:43 GMT
content-encoding: br
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jDhXAZ%2FPntNB7DlPFxJHLRvVIPBpaibxHhv0yUgAiQjK6o1XPC0EOhUsGqlAvAXcuTULmDnPpAuBGQHBEcUaA2B1YS5hqZFwaIg7vNzdK5Cvp2JTPW1cK0MeDxEe4vHMU82gabnWOPChXgOcg7YzcZd2SxyX"}],"group":"cf-nel","max_age":604800}
content-type: text/html; charset=utf-8
cf-ray: 820d8d024ac90410-FRA
alt-svc: h3=":443"; ma=86400

GET
H2 200 / Show response
static.intentarget.com/track/kangleigm/ Frame C32F 2 KB
927 B 647ms
590ms Script
text/html 2606:4700:3031::ac43:d208
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://static.intentarget.com/track/kangleigm/
Requested by: Host: www.bestone-work.com
URL: https://www.bestone-work.com/gmifr_lei.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3031::ac43:d208 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 01be87bdd44ea4a83a27e27b216a98a911ebbe58a05836e91e10f13a54578f09

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.bestone-work.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Sat, 04 Nov 2023 14:29:43 GMT
content-encoding: br
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5ff2%2FThST48ZkUKG4KSCN5mC7xuNTTTTAldUrsEgeFo%2FeSfzhh6%2F6adnVcYtmbZGAju6L20XDneJitDR9ReIuv2GHEFMQO4o05Bfo3B3vfZQYPy%2FOtmj9V9zVFQOuTaaJ%2F5KCDlQ8DwnrwXhFfOr1VBAW66k"}],"group":"cf-nel","max_age":604800}
content-type: text/html; charset=utf-8
cf-ray: 820d8d024ac80410-FRA
alt-svc: h3=":443"; ma=86400

GET
H2 200 cookie.js Show response
partner.googleadservices.com/gampad/ 399 B
609 B 517ms
49ms Script
text/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://partner.googleadservices.com/gampad/cookie.js?domain=www.bestone-work.com&callback=_gfp_s_&client=ca-pub-3098793998441432

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202310310101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-3098793998441432&plah=www.bestone-work.com&bust=31079355

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

22904ccae7368fa53fd9704bcb6b15b59f2407d11bb5b73c18b471e2344fd6ff

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.bestone-work.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Sat, 04 Nov 2023 14:29:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: text/javascript; charset=UTF-8
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 257
x-xss-protection: 0

GET
H2 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame D121 638 KB
151 KB 1120ms
1118ms Document
text/html 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3098793998441432&output=html&adk=1812271804&adf=3025194257&lmt=1699108183&plat=9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C41%3A32%2C42%3A32&plas=212x945_l%7C212x945_r&format=0x0&url=https%3A%2F%2Fwww.bestone-work.com%2Fdoc_WFBmaC9HUTJhOThXemNIMkhHMlhRUT09%3Ffbclid%3DIwAR2toTevgLsppj6JOZjrSHBFdjHyazS0QA9jX7BxsXQ8IfaeNDAa-hnA6Bs&ea=0&pra=5&wgl=1&easpi=0&asro=0&asiscm=1&aslmt=0.4&asamt=-1&asedf=0&asefa=1&aseiel=1~2&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1699108183041&bpp=5&bdt=1218&idt=309&shv=r20231101&mjsv=m202310310101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=2761362793210&frm=20&pv=2&ga_vid=480937667.1699108183&ga_sid=1699108183&ga_hid=1853131435&ga_fc=0&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C31079266%2C42532334%2C44785293%2C44795921%2C44807048%2C44807336%2C44807455%2C44807461%2C31078297%2C31079355%2C31079382%2C44807753%2C31079156&oid=2&pvsid=3811317344055165&tmod=1966486662&uas=0&nvt=1&fsapi=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=1&uci=a!1&fsb=1&dtd=353

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

dc4c4466af7126ff52ba0db925717fca03109f53397130f649d1e322b8cec953

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bestone-work.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 154574
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sat, 04 Nov 2023 14:29:44 GMT
expires: Sat, 04 Nov 2023 14:29:44 GMT
observe-browsing-topics: ?1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 05C5 135 KB
42 KB 760ms
756ms Document
text/html 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3098793998441432&output=html&h=280&slotname=2221091893&adk=4126388737&adf=692969693&pi=t.ma~as.2221091893&w=700&fwrn=4&fwrnh=100&lmt=1699108183&rafmt=1&format=700x280&url=https%3A%2F%2Fwww.bestone-work.com%2Fdoc_WFBmaC9HUTJhOThXemNIMkhHMlhRUT09%3Ffbclid%3DIwAR2toTevgLsppj6JOZjrSHBFdjHyazS0QA9jX7BxsXQ8IfaeNDAa-hnA6Bs&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1699108183046&bpp=8&bdt=1223&idt=358&shv=r20231101&mjsv=m202310310101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=2761362793210&frm=20&pv=1&ga_vid=480937667.1699108183&ga_sid=1699108183&ga_hid=1853131435&ga_fc=0&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=285&ady=316&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C31079266%2C42532334%2C44785293%2C44795921%2C44807048%2C44807336%2C44807455%2C44807461%2C31078297%2C31079355%2C31079382%2C44807753%2C31079156&oid=2&pvsid=3811317344055165&tmod=1966486662&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=a!2&fsb=1&xpc=c8j7T7Bdi2&p=https%3A//www.bestone-work.com&dtd=384

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

324fdb4f9a5096e0883662c96976c1b9306fccae51ad3f4f66cc07c979f303df

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bestone-work.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 42986
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sat, 04 Nov 2023 14:29:44 GMT
expires: Sat, 04 Nov 2023 14:29:44 GMT
observe-browsing-topics: ?1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H/1.1 200
OK /
count.xxxssk.com/s/ 338 B
565 B 1019ms
235ms Image
image/jpeg 119.28.16.172
TENCENT-NET-AP-CN...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://count.xxxssk.com/s/?isentrance=true&guid=95d2d080-90ae-780b-f450-a01a5c591197&resolution=1600,1200&colordepth=24&location=https%3A%2F%2Fwww.bestone-work.com%2Fdoc_WFBmaC9HUTJhOThXemNIMkhHMlhRUT09%3Ffbclid%3DIwAR2toTevgLsppj6JOZjrSHBFdjHyazS0QA9jX7BxsXQ8IfaeNDAa-hnA6Bs&referrer=&rd=0.4900805489518789&sid=2576&dpr=1&appCodeName=Mozilla&appName=Netscape&appVersion=5.0%20(Windows%20NT%2010.0;%20Win64;%20x64)%20AppleWebKit/537.36%20(KHTML,%20like%20Gecko)%20Chrome/119.0.6045.105%20Safari/537.36&maxTouchPoints=0&platform=Win32&product=Gecko&productSub=20030107&vendor=Google%20Inc.&deviceMemory=8
Requested by: Host: www.bestone-work.com
URL: https://www.bestone-work.com/doc_WFBmaC9HUTJhOThXemNIMkhHMlhRUT09?fbclid=IwAR2toTevgLsppj6JOZjrSHBFdjHyazS0QA9jX7BxsXQ8IfaeNDAa-hnA6Bs
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_CBC
Server: 119.28.16.172 Hong Kong, Hong Kong, ASN132203 (TENCENT-NET-AP-CN Tencent Building, Kejizhongyi Avenue, CN),
Reverse DNS
Software: Microsoft-IIS/8.5 / ASP.NET
Resource Hash: e93636d3ef399dc7d33a87e01495e525303cdcb7f443dbfa77f05e4c80825407

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.bestone-work.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

Date: Sat, 04 Nov 2023 14:29:44 GMT
Server: Microsoft-IIS/8.5
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Content-Type: image/jpeg
P3P: CP=CAO PSA OUR
Cache-Control: private
Content-Length: 338

GET
H3 200 2A39EBB3AA5Aw658h370.jpeg
store.bestone-work.com/uploads/2023-09-01/ 47 KB
47 KB 130ms
128ms Image
image/jpeg 2606:4700:3035::6815:185c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://store.bestone-work.com/uploads/2023-09-01/2A39EBB3AA5Aw658h370.jpeg
Requested by: Host: www.bestone-work.com
URL: https://www.bestone-work.com/doc_WFBmaC9HUTJhOThXemNIMkhHMlhRUT09?fbclid=IwAR2toTevgLsppj6JOZjrSHBFdjHyazS0QA9jX7BxsXQ8IfaeNDAa-hnA6Bs
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3035::6815:185c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / ASP.NET
Resource Hash: f30c95f506891396b8cd9ef96a6c734fbf381756fa6c6355c4d99e80d4adec8f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.bestone-work.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Sat, 04 Nov 2023 14:29:43 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 264136
x-powered-by: ASP.NET
x-cache: HIT
alt-svc: h3=":443"; ma=86400
last-modified: Fri, 01 Sep 2023 08:13:31 GMT
server: cloudflare
etag: W/"7140bc31acdcd91:0"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lAKxRTlk%2FJBVcNL6N76qORYeWsMbalEJezuqfY8dkr%2Bpv4Hqei2Tq7Hnt4L0byT23s7gr0cAri8ZnYVVHULgvE2ejyRDduOiRqeofhYdYa%2BfcJjdlTBsgZogzZANOXd59j4X0nh7L80HQqTgMir9ruPhuIE%2B"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=604800
cf-ray: 820d8d0528268c7b-EWR
expires: Wed, 08 Nov 2023 13:07:27 GMT

GET
H3 200 F16BF93EA5A4.Png
store.bestone-work.com/uploads/ 3 KB
3 KB 132ms
129ms Image
image/png 2606:4700:3035::6815:185c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://store.bestone-work.com/uploads/F16BF93EA5A4.Png
Requested by: Host: www.bestone-work.com
URL: https://www.bestone-work.com/doc_WFBmaC9HUTJhOThXemNIMkhHMlhRUT09?fbclid=IwAR2toTevgLsppj6JOZjrSHBFdjHyazS0QA9jX7BxsXQ8IfaeNDAa-hnA6Bs
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3035::6815:185c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / ASP.NET
Resource Hash: 195e6636d3f6dce1239d1ee3a5b5d3833baa50b3248934f29a60618f5d9fb35a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.bestone-work.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Sat, 04 Nov 2023 14:29:43 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 264138
x-powered-by: ASP.NET
x-cache: HIT
alt-svc: h3=":443"; ma=86400
last-modified: Tue, 28 May 2019 05:10:52 GMT
server: cloudflare
etag: W/"6fcc75b81315d51:0"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=V%2BKDNoQD9E1RQN%2Fy4YHZBUBSnkVfO7Lgx8D6ycBrrsxdCKgIYP4HGAsgWa4Wwz%2BA926zbBBSZbq6pcyFtcqTN5b8QTEdMS8r%2BiJcvKOJnJuVWC7xjBOWSeYeamCD3HHU9%2BWP2pW3zr9ef8mHBFA9R1AGxKj1"}],"group":"cf-nel","max_age":604800}
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=604800
cf-ray: 820d8d0528298c7b-EWR
expires: Wed, 08 Nov 2023 13:07:25 GMT

GET
H3 200 B8924A5DCA95w1257h659.jpeg
store.bestone-work.com/uploads/2023-10-06/ 140 KB
140 KB 254ms
246ms Image
image/jpeg 2606:4700:3035::6815:185c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://store.bestone-work.com/uploads/2023-10-06/B8924A5DCA95w1257h659.jpeg
Requested by: Host: www.bestone-work.com
URL: https://www.bestone-work.com/doc_WFBmaC9HUTJhOThXemNIMkhHMlhRUT09?fbclid=IwAR2toTevgLsppj6JOZjrSHBFdjHyazS0QA9jX7BxsXQ8IfaeNDAa-hnA6Bs
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3035::6815:185c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / ASP.NET
Resource Hash: 3981f80e725da62b16030df119290d0efd937f1d552a953609b467e12b64f058

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.bestone-work.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Sat, 04 Nov 2023 14:29:43 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 264136
x-powered-by: ASP.NET
x-cache: HIT
alt-svc: h3=":443"; ma=86400
last-modified: Fri, 06 Oct 2023 05:24:54 GMT
server: cloudflare
etag: W/"c191687015f8d91:0"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4X49xWsz5%2BPBjTcBdVcwpZ%2F8A5N%2Fzl%2B%2FIKaOgm69FPJXDggqimagrXHRXy2vpJJ6ermRzq8Qoiep1CqOzVMhbXLFFZVfJXWQb2Uq596XtEbaEcxMA9hRvMOWkUrcF1LPSJvaKbd7YCqvCGT8a5oC%2FB2uwwPs"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=604800
cf-ray: 820d8d05282d8c7b-EWR
expires: Wed, 08 Nov 2023 13:07:27 GMT

GET
H3 200 9A97FF3C9CFAw1251h653.jpeg
store.bestone-work.com/uploads/2023-09-14/ 95 KB
96 KB 135ms
127ms Image
image/jpeg 2606:4700:3035::6815:185c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://store.bestone-work.com/uploads/2023-09-14/9A97FF3C9CFAw1251h653.jpeg
Requested by: Host: www.bestone-work.com
URL: https://www.bestone-work.com/doc_WFBmaC9HUTJhOThXemNIMkhHMlhRUT09?fbclid=IwAR2toTevgLsppj6JOZjrSHBFdjHyazS0QA9jX7BxsXQ8IfaeNDAa-hnA6Bs
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3035::6815:185c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / ASP.NET
Resource Hash: 0de064e0d351d3587d30719c92451e0790ff625eb5b44da19c3b47e122bbe4f7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.bestone-work.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Sat, 04 Nov 2023 14:29:43 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 151996
x-powered-by: ASP.NET
x-cache: HIT
alt-svc: h3=":443"; ma=86400
last-modified: Thu, 14 Sep 2023 05:42:27 GMT
server: cloudflare
etag: W/"9ee4de3ecee6d91:0"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=x3JQE8V95q7prHHoA6pdxhS4h0BAw%2FpCJ5DSovetM2Ki7CJpvQoUY1K0RO4mYODpCYOjw%2BBgZF9DLMDA7VUEdqvEyl4gDnd2ZHMbaqf6fplzmlNYfsS2%2FNixMjctwCe%2FKrT%2FfOtnpf3X2G4VM%2F1KImoXP8HA"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=604800
cf-ray: 820d8d05282e8c7b-EWR
expires: Thu, 09 Nov 2023 20:16:26 GMT

GET
H3 200 682C62429D8Dw1280h720.jpeg
store.bestone-work.com/uploads/2023-09-14/ 114 KB
114 KB 138ms
130ms Image
image/jpeg 2606:4700:3035::6815:185c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://store.bestone-work.com/uploads/2023-09-14/682C62429D8Dw1280h720.jpeg
Requested by: Host: www.bestone-work.com
URL: https://www.bestone-work.com/doc_WFBmaC9HUTJhOThXemNIMkhHMlhRUT09?fbclid=IwAR2toTevgLsppj6JOZjrSHBFdjHyazS0QA9jX7BxsXQ8IfaeNDAa-hnA6Bs
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3035::6815:185c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / ASP.NET
Resource Hash: e8a86c90f43cf1f45bf25d0aae457f431075c753a711cc9098db7548ed5d4a8a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.bestone-work.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Sat, 04 Nov 2023 14:29:43 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 264136
x-powered-by: ASP.NET
x-cache: HIT
alt-svc: h3=":443"; ma=86400
last-modified: Thu, 14 Sep 2023 05:46:38 GMT
server: cloudflare
etag: W/"e57225d4cee6d91:0"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dSibCxjx32QJD9pW0rnTKPzV0PfWRcsLBvEWwuRFAeaRjW43pL4IAn0b8GvrAimu691U8XCfE1lTGXFJsWfBz3m1pDE3tYMynJpFjUnrWl66JyL4eCk8dapTI5KnwTO79h8%2FJayIMpEnL0Tal73sKjPNU1WF"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=604800
cf-ray: 820d8d05282f8c7b-EWR
expires: Wed, 08 Nov 2023 13:07:27 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 186 KB
68 KB 150ms
59ms Script
application/javascript 2a00:1450:4001:803::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=UA-87942765-23

Requested by

Host: www.scupio.net
URL: https://www.scupio.net/kanglei/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

65578602dfaf8a758cfb0d8d14f7106253f979c7f28734043f61f09cc766c335

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.bestone-work.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Sat, 04 Nov 2023 14:29:43 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 68909
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Sat, 04 Nov 2023 14:29:43 GMT

GET
H3 200 openart.js Show response
www.bestone-work.com/Content/js/ 86 B
600 B 315ms
314ms Script
application/javascript 2606:4700:3030::ac43:da23
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.bestone-work.com/Content/js/openart.js
Requested by: Host: www.bestone-work.com
URL: https://www.bestone-work.com/doc_WFBmaC9HUTJhOThXemNIMkhHMlhRUT09?fbclid=IwAR2toTevgLsppj6JOZjrSHBFdjHyazS0QA9jX7BxsXQ8IfaeNDAa-hnA6Bs
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3030::ac43:da23 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / ASP.NET
Resource Hash: bfc29c17292ecabcf6ac3123497ef8e0684c078f1b2a58cdd65da41fc29b28fd

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.bestone-work.com/doc_WFBmaC9HUTJhOThXemNIMkhHMlhRUT09?fbclid=IwAR2toTevgLsppj6JOZjrSHBFdjHyazS0QA9jX7BxsXQ8IfaeNDAa-hnA6Bs
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Sat, 04 Nov 2023 14:29:44 GMT
content-encoding: br
cf-cache-status: MISS
last-modified: Wed, 22 Mar 2023 12:07:21 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"8891fdbb65cd91:0"
x-powered-by: ASP.NET
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=arf8wSkR6vGLzgvGkDPlAT9Zffuu6IbMqZQtCnnewWCWV8yQ%2FFTogS%2BML858Xi79p1gx6dgVHpK02Y%2BJL4bCpxw1nvRfbyP5iZF1%2FMM52k9FjAcdv3zFqSSevf4cA3vdYlLuXvD%2FCbrUZgKMTl1%2FqjKxcA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=28800
cf-ray: 820d8d04ffb437fc-FRA
alt-svc: h3=":443"; ma=86400
expires: Sat, 04 Nov 2023 22:29:44 GMT

GET
H2 200 trkyjs.js Show response
static.intentarget.com/track/kangleigm/js/ Frame 2959 19 KB
5 KB 49ms
48ms Script
application/x-javascript 2606:4700:3031::ac43:d208
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://static.intentarget.com/track/kangleigm/js/trkyjs.js?v=2
Requested by: Host: static.intentarget.com
URL: https://static.intentarget.com/track/kangleigm/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3031::ac43:d208 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e6bba6feb15a60d44c08db700decfbc5828d9deb725b698dfbbde5606f4688b3

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.bestone-work.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Sat, 04 Nov 2023 14:29:44 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 30 Aug 2023 02:34:52 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 32076
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=RNVhV3gIT7bd4aGlzX53%2BsX8NIIAmb2%2B3IfR%2BsQblw61qpTLhTH2RkEw%2Bay%2B4mc9gItOspog6nv2aOG%2BofNW3KB2v%2FYhXtjXwv9wbwG%2BtXVkzYCkNpVVOchTz5oDnrLY6KuXXspe89Ct9YUYgoz1bJurAI1%2F"}],"group":"cf-nel","max_age":604800}
content-type: application/x-javascript; charset=utf-8
cache-control: max-age=259200
cf-ray: 820d8d060ee50410-FRA
alt-svc: h3=":443"; ma=86400
expires: Tue, 07 Nov 2023 05:35:08 GMT

GET
H2 200 trkyjs.js Show response
static.intentarget.com/track/kangleigm/js/ Frame 9CBA 19 KB
5 KB 49ms
49ms Script
application/x-javascript 2606:4700:3031::ac43:d208
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://static.intentarget.com/track/kangleigm/js/trkyjs.js?v=2
Requested by: Host: static.intentarget.com
URL: https://static.intentarget.com/track/kangleigm/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3031::ac43:d208 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e6bba6feb15a60d44c08db700decfbc5828d9deb725b698dfbbde5606f4688b3

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.bestone-work.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Sat, 04 Nov 2023 14:29:44 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 30 Aug 2023 02:34:52 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 32076
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hCEMh16bL94xDFKhfJySHvMd2jOk5TNsvm%2Fj2MldbzyuMYPvse%2Bws1%2F4AJK9fIUGRedsajzQiqV9IJLsoj9EBfAyZZMEI2UF5xWNmGfNR%2Fd6XrgLpZqWuHVqrBjNzQHnKBlOtyoLKK7lrt4%2BGrNPBSBgZ7wf"}],"group":"cf-nel","max_age":604800}
content-type: application/x-javascript; charset=utf-8
cache-control: max-age=259200
cf-ray: 820d8d060ee60410-FRA
alt-svc: h3=":443"; ma=86400
expires: Tue, 07 Nov 2023 05:35:08 GMT

GET
H2 200 trkyjs.js Show response
static.intentarget.com/track/kangleigm/js/ Frame C32F 19 KB
5 KB 55ms
54ms Script
application/x-javascript 2606:4700:3031::ac43:d208
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://static.intentarget.com/track/kangleigm/js/trkyjs.js?v=2
Requested by: Host: static.intentarget.com
URL: https://static.intentarget.com/track/kangleigm/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3031::ac43:d208 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e6bba6feb15a60d44c08db700decfbc5828d9deb725b698dfbbde5606f4688b3

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.bestone-work.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Sat, 04 Nov 2023 14:29:44 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 30 Aug 2023 02:34:52 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 32076
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WoiFK6moP8uawrlDFVTlBu%2FWLG20XMwkAJdGa3510CPeKyyYY5u0ECZjORIvcfH2X%2BI1UXvdNNKLLAaVsfK5t9Jk3RN7oaz%2FlvHeunDNDpKUXLoZHCOXu80VydP0LWhG7qNa%2Fjy7dHgWDwob3VwE8uAK%2FRKL"}],"group":"cf-nel","max_age":604800}
content-type: application/x-javascript; charset=utf-8
cache-control: max-age=259200
cf-ray: 820d8d060ee70410-FRA
alt-svc: h3=":443"; ma=86400
expires: Tue, 07 Nov 2023 05:35:08 GMT

GET
H2 200 00000000.0000000000000 Show response
api.dable.io/widgets/id/goP0dJoQ/users/ Frame 231C 415 B
373 B 400ms
392ms Document
text/html 3.36.201.146
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://api.dable.io/widgets/id/goP0dJoQ/users/00000000.0000000000000?from=https%3A%2F%2Fwww.bestone-work.com%2Fdoc_WFBmaC9HUTJhOThXemNIMkhHMlhRUT09%3Ffbclid%3DIwAR2toTevgLsppj6JOZjrSHBFdjHyazS0QA9jX7BxsXQ8IfaeNDAa-hnA6Bs&url=https%3A%2F%2Fwww.bestone-work.com%2Fdoc_WFBmaC9HUTJhOThXemNIMkhHMlhRUT09%3Ffbclid%3DIwAR2toTevgLsppj6JOZjrSHBFdjHyazS0QA9jX7BxsXQ8IfaeNDAa-hnA6Bs&ref=&cid=00000000.0000000000000&uid=00000000.0000000000000&site=sddmovie.com%2Fpal-mate&gdpr=1&service_id=10086&service_type=news&country=TW&client_id=2011&lazyload_widget_ids=%5B%5D&randomStr=83cb9679-e6ae-4cf0-bfd0-802cde354873&id=dablewidget_goP0dJoQ&category1=%E6%96%B0%E6%89%8B%E6%8C%87%E5%8D%97&author=0&item_id=5141933&item_pub_date=2023-11-02&pixel_ratio=1&client_width=700&network=non-wifi&lang=en&is_top_win=1&top_win_accessible=1&is_lazyload=0
Requested by: Host: static.dable.io
URL: https://static.dable.io/dist/plugin.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 3.36.201.146 Incheon, Korea, Republic Of, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-36-201-146.ap-northeast-2.compute.amazonaws.com
Software: nginx /
Resource Hash: 684204dccf86bdda51afb3708722b0e1931d5f867b05f544b767023f09c80007

Request headers

Referer: https://www.bestone-work.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

content-encoding: br
content-type: text/html; charset=utf-8
date: Sat, 04 Nov 2023 14:29:44 GMT
server: nginx

GET
H2 200 jquery.min.js Show response
ajax.googleapis.com/ajax/libs/jquery/1.12.4/ Frame 2959 95 KB
96 KB 146ms
49ms Script
text/javascript 2a00:1450:4001:828::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ajax.googleapis.com/ajax/libs/jquery/1.12.4/jquery.min.js

Requested by

Host: static.intentarget.com
URL: https://static.intentarget.com/track/kangleigm/js/trkyjs.js?v=2

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

668b046d12db350ccba6728890476b3efee53b2f42dbb84743e5e9f1ae0cc404

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.bestone-work.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Sat, 04 Nov 2023 14:11:32 GMT
x-content-type-options: nosniff
age: 1092
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 97163
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
vary: Accept-Encoding
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 03 Nov 2024 14:11:32 GMT

GET
H2 200 jquery.min.js Show response
ajax.googleapis.com/ajax/libs/jquery/1.12.4/ Frame 9CBA 95 KB
95 KB 215ms
120ms Script
text/javascript 2a00:1450:4001:828::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ajax.googleapis.com/ajax/libs/jquery/1.12.4/jquery.min.js

Requested by

Host: static.intentarget.com
URL: https://static.intentarget.com/track/kangleigm/js/trkyjs.js?v=2

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

668b046d12db350ccba6728890476b3efee53b2f42dbb84743e5e9f1ae0cc404

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.bestone-work.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Sat, 04 Nov 2023 14:11:32 GMT
x-content-type-options: nosniff
age: 1092
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 97163
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
vary: Accept-Encoding
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 03 Nov 2024 14:11:32 GMT

GET
H2 200 jquery.min.js Show response
ajax.googleapis.com/ajax/libs/jquery/1.12.4/ Frame C32F 95 KB
95 KB 192ms
97ms Script
text/javascript 2a00:1450:4001:828::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ajax.googleapis.com/ajax/libs/jquery/1.12.4/jquery.min.js

Requested by

Host: static.intentarget.com
URL: https://static.intentarget.com/track/kangleigm/js/trkyjs.js?v=2

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

668b046d12db350ccba6728890476b3efee53b2f42dbb84743e5e9f1ae0cc404

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.bestone-work.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Sat, 04 Nov 2023 14:11:32 GMT
x-content-type-options: nosniff
age: 1092
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 97163
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
vary: Accept-Encoding
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 03 Nov 2024 14:11:32 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 216 KB
77 KB 62ms
61ms Script
application/javascript 2a00:1450:4001:803::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-VCEDQQD6JV&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-87942765-23

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

e41a6e5e9947fc7845b1a9c9f5b4ea2dac2c0c49d96a2b683099b993dc310689

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.bestone-work.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Sat, 04 Nov 2023 14:29:44 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 78988
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Sat, 04 Nov 2023 14:29:44 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 52 KB
21 KB 141ms
39ms Script
text/javascript 2a00:1450:4001:806::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-87942765-23

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.bestone-work.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
date: Sat, 04 Nov 2023 13:51:32 GMT
last-modified: Mon, 12 Jun 2023 18:23:07 GMT
server: Golfe2
age: 2292
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20994
expires: Sat, 04 Nov 2023 15:51:32 GMT

GET
H3 200 cse.js Show response
www.bestone-work.com/Content/zc002_cn/js/ 13 KB
5 KB 614ms
613ms Script
application/javascript 2606:4700:3030::ac43:da23
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.bestone-work.com/Content/zc002_cn/js/cse.js
Requested by: Host: www.bestone-work.com
URL: https://www.bestone-work.com/Content/zc002_cn/js/rocket-loader.min.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3030::ac43:da23 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / ASP.NET
Resource Hash: abc242f134647159f15fc4e8a3691daf1b7a1153d3370885c3389130b9ab3f74

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.bestone-work.com/doc_WFBmaC9HUTJhOThXemNIMkhHMlhRUT09?fbclid=IwAR2toTevgLsppj6JOZjrSHBFdjHyazS0QA9jX7BxsXQ8IfaeNDAa-hnA6Bs
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Sat, 04 Nov 2023 14:29:44 GMT
content-encoding: br
cf-cache-status: EXPIRED
last-modified: Wed, 22 Mar 2023 12:07:27 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"bcf9c8deb65cd91:0"
x-powered-by: ASP.NET
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=J7z1LppZJDA2MJkaN2htgs74EXjO%2FY0%2B5KHdJ0BVJjqesRouMdQxNjbBfJ%2Fd%2B6ZoecrF8WkB38IoLsTuTGjfpWCBkTP1638WbM02OwM%2FZq4L7mxmmklh3hz7dsf4e9EXezUHmLFLCSqEN2m4%2FjJMZC35hw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=28800
cf-ray: 820d8d06f97d37fc-FRA
alt-svc: h3=":443"; ma=86400
expires: Sat, 04 Nov 2023 22:29:44 GMT

GET
H3 200 min.js Show response
www.bestone-work.com/Content/zc002_cn/js/ 163 KB
36 KB 1594ms
1593ms Script
application/javascript 2606:4700:3030::ac43:da23
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.bestone-work.com/Content/zc002_cn/js/min.js
Requested by: Host: www.bestone-work.com
URL: https://www.bestone-work.com/Content/zc002_cn/js/rocket-loader.min.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3030::ac43:da23 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / ASP.NET
Resource Hash: aea7a0b33959519cc0da4cbad38826e5e99391568dee742f63c25801e6c109fe

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.bestone-work.com/doc_WFBmaC9HUTJhOThXemNIMkhHMlhRUT09?fbclid=IwAR2toTevgLsppj6JOZjrSHBFdjHyazS0QA9jX7BxsXQ8IfaeNDAa-hnA6Bs
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Sat, 04 Nov 2023 14:29:45 GMT
content-encoding: br
cf-cache-status: MISS
last-modified: Wed, 22 Mar 2023 12:07:27 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"a835cedeb65cd91:0"
x-powered-by: ASP.NET
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=chUsJRpo%2FJOvRv7p%2BWTgZL5MqniBZX6G9Nu2wGmRixd16xFTmyrSNBt8sgYns7RQhQWGXCdJf%2B2QjBQjg8hod7dFa6euhlv8Llw63ELhMCpYb%2BVrTObMs1RhlMzRaK%2BMTUoKagLoS2MXOgbL2OQJjjxFLA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=28800
cf-ray: 820d8d06f97f37fc-FRA
alt-svc: h3=":443"; ma=86400
expires: Sat, 04 Nov 2023 22:29:44 GMT

GET
H3 200 imagesloaded.min.js Show response
www.bestone-work.com/Content/zc002_cn/js/ 7 KB
3 KB 592ms
592ms Script
application/javascript 2606:4700:3030::ac43:da23
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.bestone-work.com/Content/zc002_cn/js/imagesloaded.min.js
Requested by: Host: www.bestone-work.com
URL: https://www.bestone-work.com/Content/zc002_cn/js/rocket-loader.min.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3030::ac43:da23 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / ASP.NET
Resource Hash: a38776c09a3752a38cc775fdd597a31dde3d57640b54fcdf2136f942970b687a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.bestone-work.com/doc_WFBmaC9HUTJhOThXemNIMkhHMlhRUT09?fbclid=IwAR2toTevgLsppj6JOZjrSHBFdjHyazS0QA9jX7BxsXQ8IfaeNDAa-hnA6Bs
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Sat, 04 Nov 2023 14:29:44 GMT
content-encoding: br
cf-cache-status: REVALIDATED
last-modified: Wed, 22 Mar 2023 12:52:29 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"68fe1d29bd5cd91:0"
x-powered-by: ASP.NET
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4OPm1QYuP2xK8cs%2BckHjQ2AemgYf0QeASrPZV%2F7JwasrOI9PxQTWaTd2fsJBHqvOsukc3FXGOanJmOOXPBwMFcWlilUWPN%2FP%2FnoHZLNwK0Q9iBejHRRC%2BMmGaKHI9hCAk1veVL2abRP1N8rrotJ%2Fy3zvsg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=28800
cf-ray: 820d8d06f98137fc-FRA
alt-svc: h3=":443"; ma=86400
expires: Sat, 04 Nov 2023 22:29:44 GMT

GET
H2 200 init.js Show response
cdn.holmesmind.com/js/ 9 KB
10 KB 193ms
43ms Script
application/javascript 2600:9000:2250:cc00:0:e06c:e940:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.holmesmind.com/js/init.js
Requested by: Host: ad.sitemaji.com
URL: https://ad.sitemaji.com/ysm_docilepuppy.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2250:cc00:0:e06c:e940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: d66d050c1353eca80d839d1a923cc17dfa16e8c6269071a616913e6c48d527cb

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.bestone-work.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

x-amz-version-id: VshDKnuHeNiMt59J2StfAXgq2H_4k9s3
date: Sat, 04 Nov 2023 14:29:13 GMT
via: 1.1 598a1f878f2efc16baaf47787ffe82d2.cloudfront.net (CloudFront)
last-modified: Thu, 26 Oct 2023 07:42:06 GMT
server: AmazonS3
x-amz-cf-pop: FRA60-P2
age: 33
x-amz-server-side-encryption: AES256
etag: "12ca9b8d762245204824a3562038d0e1"
x-cache: Hit from cloudfront
content-type: application/javascript
accept-ranges: bytes
content-length: 9645
x-amz-cf-id: CCFzjR5iEcGkw3Zt1hLxoUqWv7memWgStg8mF8qi6-SK-BxE1kR4XA==

GET
H3 200 scrolldepth Show response
twstat.bestone-work.com/stat/ 50 B
538 B 567ms
566ms Script
text/html 2606:4700:3035::6815:185c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://twstat.bestone-work.com/stat/scrolldepth?url=https%3A%2F%2Fwww.bestone-work.com%2Fdoc_WFBmaC9HUTJhOThXemNIMkhHMlhRUT09%3Ffbclid%3DIwAR2toTevgLsppj6JOZjrSHBFdjHyazS0QA9jX7BxsXQ8IfaeNDAa-hnA6Bs&type=1&_=1699108182699
Requested by: Host: www.bestone-work.com
URL: https://www.bestone-work.com/Scripts/jquery-2.1.0.min.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3035::6815:185c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / ASP.NET
Resource Hash: 83dfd87b1c9e1ccb27c7d7e6f972e533af3dd662d65a0cb2c0f54a293bd1cf64

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.bestone-work.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Sat, 04 Nov 2023 14:29:44 GMT
content-encoding: br
x-aspnetmvc-version: 5.2
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-aspnet-version: 4.0.30319
server: cloudflare
x-powered-by: ASP.NET
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tdyVRXaHyUJhCQhtGe4mq81F6hKeu8Iw49ipUsToclxf8V4Li4cABc1YmPxYsBwP4wCBBJCALqR%2Br8KuKQd2dBd0bjahD7LU92OqCOXlPfyUVhYrjyE%2BQJpGZzR%2BvI3qdyPY5GHVnaB1gMmSA2QFgcoB6FjNlg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/html; charset=utf-8
cache-control: private
cf-ray: 820d8d075a3b8c7b-EWR
alt-svc: h3=":443"; ma=86400

GET
H2 200 comments.php
www.facebook.com/v12.0/plugins/ Frame 9889 0
0 171ms
81ms Document
text/html 2a03:2880:f177:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/v12.0/plugins/comments.php?app_id=1001839627068325&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df88da033ec318c%26domain%3Dwww.bestone-work.com%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fwww.bestone-work.com%252Ff3ced1166ec65fc%26relation%3Dparent.parent&container_width=700&height=100&href=http%3A%2F%2Fwww.bestone-work.com%2Fdoc_WFBmaC9HUTJhOThXemNIMkhHMlhRUT09%3Ffbclid%3DIwAR2toTevgLsppj6JOZjrSHBFdjHyazS0QA9jX7BxsXQ8IfaeNDAa-hnA6Bs&locale=zh_TW&numposts=3&sdk=joey&version=v12.0&width=

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/zh_TW/sdk.js?hash=d7d7464528a456bd73b30d9baf6afe52

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f177:83:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com .fbcdn.net 'unsafe-eval';script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval';style-src fonts.googleapis.com .fbcdn.net data: .facebook.com 'unsafe-inline';connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: .cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com;font-src data: .gstatic.com .facebook.com .fbcdn.net .fbsbx.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com .tenor.co media.tenor.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net .giphy.com connect.facebook.net .carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com .whatsapp.net .fb.com .oculuscdn.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com https://.giphy.com data:;frame-src .doubleclick.net .google.com .facebook.com www.googleadservices.com .fbsbx.com fbsbx.com data: www.instagram.com .fbcdn.net https://paywithmybank.com https://sandbox.paywithmybank.com;worker-src blob: .facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://www.bestone-work.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cache-control: private, no-cache, no-store, must-revalidate
content-length: 0
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval';style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com https://sandbox.paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
content-type: text/html;charset=utf-8
cross-origin-opener-policy: same-origin-allow-popups
date: Sat, 04 Nov 2023 14:29:44 GMT
expires: Sat, 01 Jan 2000 00:00:00 GMT
nel: {"report_to":"network-errors","max_age":3600,"failure_fraction":0.01}
pragma: no-cache
report-to: {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}, {"max_age":3600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}],"group":"network-errors"}
reporting-endpoints: default="https://www.facebook.com/ajax/browser_error_reports/?device_level=unknown"
x-content-type-options: nosniff
x-fb-debug: aK1r7k9Ua0F7Cc6+SurYMC3TdmvP+WpBUxS29r6k3cEVyGmCSvqfVVVp3dHtP+O8MnxlGqY/YBQGpPebQD6WTA==
x-frame-options: DENY
x-xss-protection: 0

GET
H2 200 comments.php
www.facebook.com/v12.0/plugins/ Frame 2EB9 0
0 167ms
83ms Document
text/html 2a03:2880:f177:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/v12.0/plugins/comments.php?app_id=1001839627068325&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df70e888344e66%26domain%3Dwww.bestone-work.com%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fwww.bestone-work.com%252Ff3ced1166ec65fc%26relation%3Dparent.parent&container_width=0&height=100&href=http%3A%2F%2Fwww.bestone-work.com%2Fdoc_WFBmaC9HUTJhOThXemNIMkhHMlhRUT09%3Ffbclid%3DIwAR2toTevgLsppj6JOZjrSHBFdjHyazS0QA9jX7BxsXQ8IfaeNDAa-hnA6Bs&locale=zh_TW&numposts=3&sdk=joey&version=v12.0&width=550

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/zh_TW/sdk.js?hash=d7d7464528a456bd73b30d9baf6afe52

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f177:83:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com .fbcdn.net 'unsafe-eval';script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval';style-src fonts.googleapis.com .fbcdn.net data: .facebook.com 'unsafe-inline';connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: .cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com;font-src data: .gstatic.com .facebook.com .fbcdn.net .fbsbx.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com .tenor.co media.tenor.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net .giphy.com connect.facebook.net .carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com .whatsapp.net .fb.com .oculuscdn.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com https://.giphy.com data:;frame-src .doubleclick.net .google.com .facebook.com www.googleadservices.com .fbsbx.com fbsbx.com data: www.instagram.com .fbcdn.net https://paywithmybank.com https://sandbox.paywithmybank.com;worker-src blob: .facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://www.bestone-work.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cache-control: private, no-cache, no-store, must-revalidate
content-length: 0
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval';style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com https://sandbox.paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
content-type: text/html;charset=utf-8
cross-origin-opener-policy: same-origin-allow-popups
date: Sat, 04 Nov 2023 14:29:44 GMT
expires: Sat, 01 Jan 2000 00:00:00 GMT
nel: {"report_to":"network-errors","max_age":3600,"failure_fraction":0.01}
pragma: no-cache
report-to: {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}, {"max_age":3600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}],"group":"network-errors"}
reporting-endpoints: default="https://www.facebook.com/ajax/browser_error_reports/?device_level=unknown"
x-content-type-options: nosniff
x-fb-debug: FmgiLX5JNJehXRF7enEOUPXxwcDDR2DC2YpHCGXTZ8PMhn4g4+9zOjia6WUYVw2BUllsc8s2FioiPs6GjCIIqw==
x-frame-options: DENY
x-xss-protection: 0

POST
H2 204 collect
region1.google-analytics.com/g/ 0
258 B 142ms
50ms Ping
text/plain 2001:4860:4802:34::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.google-analytics.com/g/collect?v=2&tid=G-VCEDQQD6JV&gtm=45je3b11v9117407323&_p=1699108183805&gcd=11l1l1l1l1&cid=480937667.1699108183&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_eu=AAAI&_s=1&sid=1699108184&sct=1&seg=0&dl=https%3A%2F%2Fwww.bestone-work.com%2Fdoc_WFBmaC9HUTJhOThXemNIMkhHMlhRUT09%3Ffbclid%3DIwAR2toTevgLsppj6JOZjrSHBFdjHyazS0QA9jX7BxsXQ8IfaeNDAa-hnA6Bs&dt=%E5%AF%B6%E9%A6%AC%E8%BB%8A%E4%B8%8A%E7%9A%84%E4%B8%89%E8%89%B2%E5%B8%B6%E6%98%AF%E5%95%A5%E6%84%8F%E6%80%9D%EF%BC%9F%E6%87%82%E8%BB%8A%E4%BA%BA%E6%8F%90%E9%86%92%EF%BC%9A%E4%B8%8D%E6%87%82%E5%AE%83%E6%84%8F%E6%80%9D%E5%B0%B1%E5%88%A5%E8%B7%9F%E9%A2%A8&en=page_view&_fv=1&_ss=1&tfd=3261
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-VCEDQQD6JV&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.bestone-work.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 04 Nov 2023 14:29:44 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.bestone-work.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 css
fonts.googleapis.com/ Frame 05C5 4 KB
1 KB 139ms
50ms Stylesheet
text/css 2a00:1450:4001:801::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto%3A400%2C500

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3098793998441432&output=html&h=280&slotname=2221091893&adk=4126388737&adf=692969693&pi=t.ma~as.2221091893&w=700&fwrn=4&fwrnh=100&lmt=1699108183&rafmt=1&format=700x280&url=https%3A%2F%2Fwww.bestone-work.com%2Fdoc_WFBmaC9HUTJhOThXemNIMkhHMlhRUT09%3Ffbclid%3DIwAR2toTevgLsppj6JOZjrSHBFdjHyazS0QA9jX7BxsXQ8IfaeNDAa-hnA6Bs&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1699108183046&bpp=8&bdt=1223&idt=358&shv=r20231101&mjsv=m202310310101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=2761362793210&frm=20&pv=1&ga_vid=480937667.1699108183&ga_sid=1699108183&ga_hid=1853131435&ga_fc=0&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=285&ady=316&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C31079266%2C42532334%2C44785293%2C44795921%2C44807048%2C44807336%2C44807455%2C44807461%2C31078297%2C31079355%2C31079382%2C44807753%2C31079156&oid=2&pvsid=3811317344055165&tmod=1966486662&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=a!2&fsb=1&xpc=c8j7T7Bdi2&p=https%3A//www.bestone-work.com&dtd=384

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:801::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

f8238cdd1cc6032f1c34cf7e559b55a936097f78cc8839628e5cc39a6fc3f390

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Sat, 04 Nov 2023 14:29:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Sat, 04 Nov 2023 14:13:38 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Sat, 04 Nov 2023 14:29:44 GMT

GET
H2 200 load_preloaded_resource_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231101/r20110914/client/ Frame 05C5 2 KB
879 B 181ms
56ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231101/r20110914/client/load_preloaded_resource_fy2021.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d66ca23a7be1d8803307f937a250d0f90959f1289862b8e870d6795000f2b731

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Fri, 03 Nov 2023 19:21:46 GMT
content-encoding: br
x-content-type-options: nosniff
age: 68878
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 798
x-xss-protection: 0
server: cafe
etag: 15713038447858168282
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 17 Nov 2023 19:21:46 GMT

GET
DATA 200
OK truncated
/ Frame 05C5 287 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 605b14697226eeb0be6b2c11db8206b70f4c8681c3f921e4ceca4793ce1a95ce

Request headers

Referer
Origin: https://googleads.g.doubleclick.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H2

200

624907996767536446
tpc.googlesyndication.com/simgad/ Frame 05C5
Redirect Chain

https://tpc.googlesyndication.com/pageadimg/imgad?id=CICAgKDr3ZqF_gEQgAgYgAgyCFFyRh2Ouq9r
https://tpc.googlesyndication.com/simgad/624907996767536446

8 KB
9 KB

41ms
41ms

Image
image/png

2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/624907996767536446

Requested by

Protocol

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

484ec1c347c17d7d3b98d5058aa5d90bb5c7315f3a67f44611e902de4be50831

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Sat, 04 Nov 2023 07:46:12 GMT
x-content-type-options: nosniff
age: 24212
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8502
x-xss-protection: 0
last-modified: Tue, 09 Apr 2019 09:00:52 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Sun, 03 Nov 2024 07:46:12 GMT

Redirect headers

date: Sat, 04 Nov 2023 01:10:15 GMT
x-content-type-options: nosniff
server: cafe
age: 47969
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
location: https://tpc.googlesyndication.com/simgad/624907996767536446
content-type: text/html; charset=UTF-8
cache-control: public, max-age=2592000
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Mon, 04 Dec 2023 01:10:15 GMT

GET
H2 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231101/r20110914/ Frame 05C5 23 KB
9 KB 151ms
47ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231101/r20110914/abg_lite_fy2021.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

961f547cdb29f79eed49fddf9c4867b1f8589facfe487d6055c512950db7a914

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Fri, 03 Nov 2023 19:21:46 GMT
content-encoding: br
x-content-type-options: nosniff
age: 68878
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9345
x-xss-protection: 0
server: cafe
etag: 15168757854195530193
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 17 Nov 2023 19:21:46 GMT

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231101/r20110914/client/ Frame 05C5 3 KB
1 KB 158ms
55ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231101/r20110914/client/window_focus_fy2021.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Sat, 04 Nov 2023 11:05:10 GMT
content-encoding: br
x-content-type-options: nosniff
age: 12274
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 18 Nov 2023 11:05:10 GMT

GET
H2 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231101/r20110914/client/ Frame 05C5 20 KB
9 KB 149ms
47ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231101/r20110914/client/qs_click_protection_fy2021.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

11435640d1ed2fa5f24ccd7f074b66c4d191a97a2931e793be6799d2b6a5e459

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Fri, 03 Nov 2023 19:20:48 GMT
content-encoding: br
x-content-type-options: nosniff
age: 68936
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8610
x-xss-protection: 0
server: cafe
etag: 7739385728678230190
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 17 Nov 2023 19:20:48 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 05C5 189 KB
60 KB 228ms
114ms Script
text/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a7b6ac83d0a5dbb3a50fb28ff292d09cdd262834c50beb293d9aad1550eac5a1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Sat, 04 Nov 2023 14:29:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 60699
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1698838693892887"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 04 Nov 2023 14:29:44 GMT

GET
H2 200 ac1dbca482530a26bafc7a8c1241173a.js Show response
www.gstatic.com/mysidia/ Frame 05C5 36 KB
15 KB 141ms
40ms Script
text/javascript 2a00:1450:4001:80f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/ac1dbca482530a26bafc7a8c1241173a.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cddb42bd69440699ae8fe758dac4d5f52911fa67b2a7a637d5d1bcfa2d88b0d3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Fri, 03 Nov 2023 17:18:51 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 76253
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15099
x-xss-protection: 0
last-modified: Wed, 01 Nov 2023 17:23:42 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Thu, 01 Feb 2024 17:18:51 GMT

POST
H2 200 collect Show response
www.google-analytics.com/j/ 1 B
210 B 50ms
48ms XHR
text/plain 2a00:1450:4001:806::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j101&a=1853131435&t=pageview&_s=1&dl=https%3A%2F%2Fwww.bestone-work.com%2Fdoc_WFBmaC9HUTJhOThXemNIMkhHMlhRUT09%3Ffbclid%3DIwAR2toTevgLsppj6JOZjrSHBFdjHyazS0QA9jX7BxsXQ8IfaeNDAa-hnA6Bs&ul=en-us&de=UTF-8&dt=%E5%AF%B6%E9%A6%AC%E8%BB%8A%E4%B8%8A%E7%9A%84%E4%B8%89%E8%89%B2%E5%B8%B6%E6%98%AF%E5%95%A5%E6%84%8F%E6%80%9D%EF%BC%9F%E6%87%82%E8%BB%8A%E4%BA%BA%E6%8F%90%E9%86%92%EF%BC%9A%E4%B8%8D%E6%87%82%E5%AE%83%E6%84%8F%E6%80%9D%E5%B0%B1%E5%88%A5%E8%B7%9F%E9%A2%A8&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YADAAUABAAAAACAAI~&jid=1426364455&gjid=1125283174&cid=480937667.1699108183&tid=UA-87942765-23&_gid=633354883.1699108184&_r=1&gtm=457e3b11&gcd=11l1l1l1l1&jsscut=1&z=1298008570

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.bestone-work.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Sat, 04 Nov 2023 14:29:44 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.bestone-work.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 im-uid-hook.js Show response
dmp.im-apps.net/scripts/ 633 B
597 B 202ms
46ms Script
text/javascript 2a02:26f0:2c::213:609a
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://dmp.im-apps.net/scripts/im-uid-hook.js?cid=6858
Requested by: Host: nt.compass-fit.jp
URL: https://nt.compass-fit.jp/lift_widget.js?adspot_id=4300666
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:2c::213:609a Düsseldorf, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash: 69fa4215009a4325ef2d8ed36a318853ec8597bfa8fc52197de529582b85a965

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.bestone-work.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Sat, 04 Nov 2023 14:29:44 GMT
content-encoding: gzip
vary: Accept-Encoding
p3p: CP="NOI PSD OTR"
content-type: text/javascript
cache-control: private, max-age=14400
content-length: 445
expires: Sat, 04 Nov 2023 18:29:44 GMT

GET
H/1.1 200
OK lift.json Show response
l.logly.co.jp/ 0
603 B 414ms
285ms Script
text/plain 52.222.149.123
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://l.logly.co.jp/lift.json?adspot_id=4300666&widget_id=54803&auc_id=&callback=_lgy_lift_callback_4300666&render_id=MTY5OTEwODE4M18xX2E4OTRiZmNmNzQ2OQ%3D%3D&url=https%3A%2F%2Fwww.bestone-work.com%2Fdoc_WFBmaC9HUTJhOThXemNIMkhHMlhRUT09%3Ffbclid%3DIwAR2toTevgLsppj6JOZjrSHBFdjHyazS0QA9jX7BxsXQ8IfaeNDAa-hnA6Bs&ref=
Requested by: Host: nt.compass-fit.jp
URL: https://nt.compass-fit.jp/lift_widget.js?adspot_id=4300666
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 52.222.149.123 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-52-222-149-123.cdg52.r.cloudfront.net
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.bestone-work.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 04 Nov 2023 14:29:44 GMT
Via: 1.1 a769201928d4a671d76c2aeb231718ae.cloudfront.net (CloudFront)
Server: nginx
X-Amz-Cf-Pop: CDG52-P1
Transfer-Encoding: chunked
X-Cache: Miss from cloudfront
P3P: CP="NOI DSP COR NID DEVa PSAa PSDo OUR SAMa STP PRE STA UNI NAV COM"
Access-Control-Allow-Origin: *
Cache-Control: private, no-cache, no-cache="Set-Cookie", proxy-revalidate
Connection: keep-alive
Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept
X-Amz-Cf-Id: deg-7J4GMCBr30alZJy_FXYkitT6VplLx3jE0C8g3nGveVVQx0YOrA==

GET
DATA 200
OK truncated
/ 34 B
0 Image
image/webp

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 86be52bdb7547413cafb3ed175a806a798c65de98b40849e0b974c47d187de65

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

Content-Type: image/webp

GET
H2 200 capmapping.htm Show response
cdn.holmesmind.com/js/ Frame 6DB9 10 KB
10 KB 48ms
47ms Document
text/html 2600:9000:2250:cc00:0:e06c:e940:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.holmesmind.com/js/capmapping.htm
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/init.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2250:cc00:0:e06c:e940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 569cde2a2d9c46b8a90a8c4296aa45d9f52a146d7b075f9e5dba7fcc2f03ce2c

Request headers

Referer: https://www.bestone-work.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 10
content-length: 9921
content-type: text/html
date: Sat, 04 Nov 2023 14:29:35 GMT
etag: "d9100a146ee339f43d0752ef9c998a0d"
last-modified: Tue, 17 Oct 2023 03:41:19 GMT
server: AmazonS3
via: 1.1 598a1f878f2efc16baaf47787ffe82d2.cloudfront.net (CloudFront)
x-amz-cf-id: pjW9U67EpqcXqsTKVgX9dec6usncN1tGmXlqrGjgXzALBUt49CpCQw==
x-amz-cf-pop: FRA60-P2
x-amz-server-side-encryption: AES256
x-amz-version-id: TarNhskOd4wxrR7dgXgmC4vTJkUNVmiW
x-cache: Hit from cloudfront

GET
H2 200 presetfn.js Show response
cdn.holmesmind.com/js/ Frame 5085 12 KB
12 KB 50ms
46ms Script
application/javascript 2600:9000:2250:cc00:0:e06c:e940:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.holmesmind.com/js/presetfn.js?20230627
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/init.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2250:cc00:0:e06c:e940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: fd7b1af2255bed03d8fb859d9ca152f8aa470a4e109c6eb998ff3849766c6400

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.bestone-work.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

x-amz-version-id: U102ul7TGCGIc00wMtHiXPSOyaWj5IB2
date: Sat, 04 Nov 2023 14:29:16 GMT
via: 1.1 598a1f878f2efc16baaf47787ffe82d2.cloudfront.net (CloudFront)
last-modified: Fri, 03 Nov 2023 03:47:16 GMT
server: AmazonS3
x-amz-cf-pop: FRA60-P2
age: 29
x-amz-server-side-encryption: AES256
etag: "655bcdf3a63cb30eef798e519f9e2531"
x-cache: Hit from cloudfront
content-type: application/javascript
accept-ranges: bytes
content-length: 11853
x-amz-cf-id: 6kpORf9AH04iHtvTOnd_JbY9YUHbAj6uN7-kRBzg0IueBhrKsrlHmA==

GET
H2 200 presetfn.js Show response
cdn.holmesmind.com/js/ Frame 95D8 12 KB
12 KB 48ms
47ms Script
application/javascript 2600:9000:2250:cc00:0:e06c:e940:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.holmesmind.com/js/presetfn.js?20230627
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/init.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2250:cc00:0:e06c:e940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: fd7b1af2255bed03d8fb859d9ca152f8aa470a4e109c6eb998ff3849766c6400

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.bestone-work.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

x-amz-version-id: U102ul7TGCGIc00wMtHiXPSOyaWj5IB2
date: Sat, 04 Nov 2023 14:29:16 GMT
via: 1.1 598a1f878f2efc16baaf47787ffe82d2.cloudfront.net (CloudFront)
last-modified: Fri, 03 Nov 2023 03:47:16 GMT
server: AmazonS3
x-amz-cf-pop: FRA60-P2
age: 29
x-amz-server-side-encryption: AES256
etag: "655bcdf3a63cb30eef798e519f9e2531"
x-cache: Hit from cloudfront
content-type: application/javascript
accept-ranges: bytes
content-length: 11853
x-amz-cf-id: 2wp4RwROU9bnRkaV6e3Rrnm-XStlia8mgliPL-2uQ3bY3-NCGmIgNQ==

GET
H2 200 presetfn.js Show response
cdn.holmesmind.com/js/ Frame E331 12 KB
12 KB 61ms
61ms Script
application/javascript 2600:9000:2250:cc00:0:e06c:e940:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.holmesmind.com/js/presetfn.js?20230627
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/init.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2250:cc00:0:e06c:e940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: fd7b1af2255bed03d8fb859d9ca152f8aa470a4e109c6eb998ff3849766c6400

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.bestone-work.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

x-amz-version-id: U102ul7TGCGIc00wMtHiXPSOyaWj5IB2
date: Sat, 04 Nov 2023 14:29:16 GMT
via: 1.1 598a1f878f2efc16baaf47787ffe82d2.cloudfront.net (CloudFront)
last-modified: Fri, 03 Nov 2023 03:47:16 GMT
server: AmazonS3
x-amz-cf-pop: FRA60-P2
age: 29
x-amz-server-side-encryption: AES256
etag: "655bcdf3a63cb30eef798e519f9e2531"
x-cache: Hit from cloudfront
content-type: application/javascript
accept-ranges: bytes
content-length: 11853
x-amz-cf-id: FQMa5k8CuHiTFjFUF0qTgI5cTHaGwvd_uM_UE0EmUzMMzMjy1SyAKA==

GET
H2 200 capmapping.htm Show response
cdn.holmesmind.com/js/ Frame 7F00 10 KB
10 KB 65ms
64ms Document
text/html 2600:9000:2250:cc00:0:e06c:e940:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.holmesmind.com/js/capmapping.htm
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/init.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2250:cc00:0:e06c:e940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 569cde2a2d9c46b8a90a8c4296aa45d9f52a146d7b075f9e5dba7fcc2f03ce2c

Request headers

Referer: https://www.bestone-work.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 10
content-length: 9921
content-type: text/html
date: Sat, 04 Nov 2023 14:29:35 GMT
etag: "d9100a146ee339f43d0752ef9c998a0d"
last-modified: Tue, 17 Oct 2023 03:41:19 GMT
server: AmazonS3
via: 1.1 598a1f878f2efc16baaf47787ffe82d2.cloudfront.net (CloudFront)
x-amz-cf-id: q8gaFdDc4_UFNGIgyuOA1GdRPFCmjGeotZNTaSHZbtJ0Fd3FneGJww==
x-amz-cf-pop: FRA60-P2
x-amz-server-side-encryption: AES256
x-amz-version-id: TarNhskOd4wxrR7dgXgmC4vTJkUNVmiW
x-cache: Hit from cloudfront

GET
H2 200 capmapping.htm Show response
cdn.holmesmind.com/js/ Frame 955D 10 KB
10 KB 61ms
59ms Document
text/html 2600:9000:2250:cc00:0:e06c:e940:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.holmesmind.com/js/capmapping.htm
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/init.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2250:cc00:0:e06c:e940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 569cde2a2d9c46b8a90a8c4296aa45d9f52a146d7b075f9e5dba7fcc2f03ce2c

Request headers

Referer: https://www.bestone-work.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 10
content-length: 9921
content-type: text/html
date: Sat, 04 Nov 2023 14:29:35 GMT
etag: "d9100a146ee339f43d0752ef9c998a0d"
last-modified: Tue, 17 Oct 2023 03:41:19 GMT
server: AmazonS3
via: 1.1 598a1f878f2efc16baaf47787ffe82d2.cloudfront.net (CloudFront)
x-amz-cf-id: 0MozT-7-HkAMWlp0ppmBPoX9I1ur5TbJEYTg1X_38NLVxtcXzeicag==
x-amz-cf-pop: FRA60-P2
x-amz-server-side-encryption: AES256
x-amz-version-id: TarNhskOd4wxrR7dgXgmC4vTJkUNVmiW
x-cache: Hit from cloudfront

GET
H2 200 gemini_2getherclick_ifr.js Show response
www.scupio.net/track/kangleigm/js/ Frame CBC9 6 KB
2 KB 56ms
54ms Script
application/x-javascript 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.scupio.net/track/kangleigm/js/gemini_2getherclick_ifr.js?size=336280&cssHost=//www.scupio.net/track/kangleigm/css/&cssUrl=//www.scupio.net/track/kangleigm/css/336280_4.css&aid=0&apiKey=CK4PB4R8D4RGY8DZQ5CS&sectionCode=7fa91bc8-8090-42fc-9d6f-8414b9834b15
Requested by: Host: static.intentarget.com
URL: https://static.intentarget.com/track/kangleigm/js/trkyjs.js?v=2
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 9ba8cc7f1277640242a262f7575fe90a1216015965b7779bd91ddeb526633bce

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.bestone-work.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Sat, 04 Nov 2023 14:29:44 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 30 Aug 2023 02:34:52 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 99255
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8%2FQaz3bVrmiN8DI1coiKjZL4d2Oj6IaQSob8eVf8%2BqA7QplxCfVQsIH6llFw2qMonmu7yHWoOph%2FN2HCimEEJJLsUjUW%2F3M1%2BbrLy2hXqZcr2fviIuByWYxRBl4i4ECYEsPwrcHtQstjp0sN2A%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/x-javascript; charset=utf-8
cache-control: max-age=259200
cf-ray: 820d8d08fcd60a4f-AMS
alt-svc: h3=":443"; ma=86400
expires: Mon, 06 Nov 2023 10:55:29 GMT

GET
H2 200 jquery.min.js Show response
ajax.googleapis.com/ajax/libs/jquery/1.11.3/ Frame 231C 94 KB
33 KB 43ms
40ms Script
text/javascript 2a00:1450:4001:828::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ajax.googleapis.com/ajax/libs/jquery/1.11.3/jquery.min.js

Requested by

Host: api.dable.io
URL: https://api.dable.io/widgets/id/goP0dJoQ/users/00000000.0000000000000?from=https%3A%2F%2Fwww.bestone-work.com%2Fdoc_WFBmaC9HUTJhOThXemNIMkhHMlhRUT09%3Ffbclid%3DIwAR2toTevgLsppj6JOZjrSHBFdjHyazS0QA9jX7BxsXQ8IfaeNDAa-hnA6Bs&url=https%3A%2F%2Fwww.bestone-work.com%2Fdoc_WFBmaC9HUTJhOThXemNIMkhHMlhRUT09%3Ffbclid%3DIwAR2toTevgLsppj6JOZjrSHBFdjHyazS0QA9jX7BxsXQ8IfaeNDAa-hnA6Bs&ref=&cid=00000000.0000000000000&uid=00000000.0000000000000&site=sddmovie.com%2Fpal-mate&gdpr=1&service_id=10086&service_type=news&country=TW&client_id=2011&lazyload_widget_ids=%5B%5D&randomStr=83cb9679-e6ae-4cf0-bfd0-802cde354873&id=dablewidget_goP0dJoQ&category1=%E6%96%B0%E6%89%8B%E6%8C%87%E5%8D%97&author=0&item_id=5141933&item_pub_date=2023-11-02&pixel_ratio=1&client_width=700&network=non-wifi&lang=en&is_top_win=1&top_win_accessible=1&is_lazyload=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

aec3d419d50f05781a96f223e18289aeb52598b5db39be82a7b71dc67d6a7947

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://api.dable.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Fri, 03 Nov 2023 10:18:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 101480
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 33507
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
vary: Accept-Encoding
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 02 Nov 2024 10:18:24 GMT

GET
H/1.1 200
OK /
cm.lndata.com/ Frame 6DB9 35 B
470 B 9676ms
254ms Image
image/gif 116.50.36.71

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cm.lndata.com/?tid=4084&uid=media_cookie_id
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/capmapping.htm
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 116.50.36.71 -, , ASN (),
Reverse DNS
Software: TornadoServer/1.2.1 /
Resource Hash: 8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cdn.holmesmind.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

Content-Type: image/gif
Date: Sat, 04 Nov 2023 14:29:53 GMT
Server: TornadoServer/1.2.1
Connection: keep-alive
Etag: "0f4e929dd5bb2564f7ab9c76338e04e292a42ace"
Content-Length: 35
P3P: CP=CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR

GET
H2 200 fp Show response
cm-dev-poc.holmesmind.com/ Frame B17A 0
217 B 873ms
270ms Document
text/html 52.196.35.8
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cm-dev-poc.holmesmind.com/fp
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/capmapping.htm
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.196.35.8 Tokyo, Japan, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-196-35-8.ap-northeast-1.compute.amazonaws.com
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://cdn.holmesmind.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

content-encoding: gzip
content-type: text/html; charset=UTF-8
date: Sat, 04 Nov 2023 14:29:45 GMT
server: nginx/1.18.0 (Ubuntu)

GET
H2 502 cm.php Show response
fcm.holmesmind.com/ Frame D47C 332 B
392 B 9248ms
9149ms Document
text/html 34.95.67.231

General

Check archive.org

Show headers Download Go to

Full URL: https://fcm.holmesmind.com/cm.php
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/capmapping.htm
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.95.67.231 -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 8128514a9917b6dcdf20f7ee24d6b00a27b2a6aa0f971acb988f358f25ac4005

Request headers

Referer: https://cdn.holmesmind.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 332
content-type: text/html; charset=UTF-8
date: Sat, 04 Nov 2023 14:29:53 GMT
referrer-policy: no-referrer

GET
H2 200 cm.js Show response
fcm2.holmesmind.com/ Frame 6DB9 409 B
633 B 855ms
262ms Script
application/javascript 54.250.3.213
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://fcm2.holmesmind.com/cm.js
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/capmapping.htm
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 54.250.3.213 Tokyo, Japan, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-250-3-213.ap-northeast-1.compute.amazonaws.com
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: c205c874491530a4288b8f643e5da8fbcf7c54bee71bb787f4444e77de90e821

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cdn.holmesmind.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

access-control-allow-origin: *
date: Sat, 04 Nov 2023 14:29:45 GMT
server: nginx/1.18.0 (Ubuntu)
content-type: application/javascript; charset=utf-8

GET
H2 200 utag.js Show response
t.ssp.hinet.net/ Frame 6DB9 5 KB
3 KB 5482ms
3413ms Script
application/javascript 203.75.214.136
HINET Data Commun...

General

Check archive.org

Show headers Download Go to

Full URL

https://t.ssp.hinet.net/utag.js

Requested by

Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/capmapping.htm

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

203.75.214.136 , Taiwan, ASN3462 (HINET Data Communication Business Group, TW),

Reverse DNS

203-75-214-136.hinet-ip.hinet.net

Software

nginx /

Resource Hash

9c988e280a9af2e0bfc476f7ada40e1984db51651029927933b16de44400c28b

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cdn.holmesmind.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Sat, 04 Nov 2023 14:29:46 GMT
strict-transport-security: max-age=0
content-encoding: gzip
last-modified: Wed, 16 Nov 2022 03:58:03 GMT
server: nginx
etag: W/"63745fcb-142e"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=600
expires: Sat, 04 Nov 2023 14:39:46 GMT

GET
H2 200 fp
cm-dev-poc.holmesmind.com/ Frame 6DB9 0
217 B 879ms
271ms Image
text/html 52.196.35.8
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cm-dev-poc.holmesmind.com/fp
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/capmapping.htm
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.196.35.8 Tokyo, Japan, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-196-35-8.ap-northeast-1.compute.amazonaws.com
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cdn.holmesmind.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Sat, 04 Nov 2023 14:29:45 GMT
content-encoding: gzip
server: nginx/1.18.0 (Ubuntu)
content-type: text/html; charset=UTF-8

GET
H2

200

cm
c.holmesmind.com/ Frame 6DB9
Redirect Chain

https://c.holmesmind.com/cm
https://c.holmesmind.com/cm?tc=getIn&

0
509 B

159ms
158ms

Image
text/html

35.201.76.93
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://c.holmesmind.com/cm?tc=getIn&
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/capmapping.htm
Protocol: H2
Server: 35.201.76.93 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 93.76.201.35.bc.googleusercontent.com
Software: nginx/1.10.3 (Ubuntu) / PHP/7.0.18-0ubuntu0.17.04.1
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cdn.holmesmind.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Sat, 04 Nov 2023 14:29:44 GMT
via: 1.1 google
server: nginx/1.10.3 (Ubuntu)
x-powered-by: PHP/7.0.18-0ubuntu0.17.04.1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-type: text/html; charset=UTF-8

Redirect headers

location: https://c.holmesmind.com/cm?tc=getIn&
date: Sat, 04 Nov 2023 14:29:44 GMT
via: 1.1 google
server: nginx/1.10.3 (Ubuntu)
x-powered-by: PHP/7.0.18-0ubuntu0.17.04.1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-type: text/html; charset=UTF-8

GET
H2

200

google
m.holmesmind.com/ml/ Frame 6DB9
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=clickforce_dmp&google_cm&cf_uid=undefined&uu_m=undefined
https://m.holmesmind.com/ml/google?cf_uid=undefined&uu_m=undefined&google_gid=CAESELFEwpBJ9_FIIhMAday_gM0&google_cver=1

0
135 B

1095ms
974ms

Image
image/png

35.227.249.156
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://m.holmesmind.com/ml/google?cf_uid=undefined&uu_m=undefined&google_gid=CAESELFEwpBJ9_FIIhMAday_gM0&google_cver=1
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/capmapping.htm
Protocol: H2
Server: 35.227.249.156 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 156.249.227.35.bc.googleusercontent.com
Software: UploadServer /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cdn.holmesmind.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Sat, 04 Nov 2023 14:29:45 GMT
x-guploader-uploadid: ABPtcPovyp6Qh9p2nptGwDXNaXHAssaSpGOD3IP6greuviQ5QcZibC4ZVZno3oVoz5bJlY2M-i5a6S7pXyWe2FiZ8sBr
x-goog-storage-class: REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
last-modified: Wed, 21 Feb 2018 07:36:41 GMT
server: UploadServer
etag: "d41d8cd98f00b204e9800998ecf8427e"
x-goog-generation: 1519198601160228
content-type: image/png
x-goog-hash: crc32c=AAAAAA==, md5=1B2M2Y8AsgTpgAmY7PhCfg==
cache-control: public, max-age=3600
x-goog-stored-content-length: 0
accept-ranges: bytes
expires: Sat, 04 Nov 2023 15:29:45 GMT

Redirect headers

pragma: no-cache
date: Sat, 04 Nov 2023 14:29:44 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://m.holmesmind.com/ml/google?cf_uid=undefined&uu_m=undefined&google_gid=CAESELFEwpBJ9_FIIhMAday_gM0&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 328
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK /
cm.lndata.com/ Frame 7F00 35 B
470 B 9397ms
253ms Image
image/gif 116.50.36.71

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cm.lndata.com/?tid=4084&uid=media_cookie_id
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/capmapping.htm
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 116.50.36.71 -, , ASN (),
Reverse DNS
Software: TornadoServer/1.2.1 /
Resource Hash: 8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cdn.holmesmind.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

Content-Type: image/gif
Date: Sat, 04 Nov 2023 14:29:53 GMT
Server: TornadoServer/1.2.1
Connection: keep-alive
Etag: "0f4e929dd5bb2564f7ab9c76338e04e292a42ace"
Content-Length: 35
P3P: CP=CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR

GET
H2 200 fp
cm-dev-poc.holmesmind.com/ Frame 7F00 0
217 B 1113ms
527ms Image
text/html 52.196.35.8
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cm-dev-poc.holmesmind.com/fp
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/capmapping.htm
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.196.35.8 Tokyo, Japan, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-196-35-8.ap-northeast-1.compute.amazonaws.com
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cdn.holmesmind.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Sat, 04 Nov 2023 14:29:45 GMT
content-encoding: gzip
server: nginx/1.18.0 (Ubuntu)
content-type: text/html; charset=UTF-8

GET
H2

200

cm
c.holmesmind.com/ Frame 7F00
Redirect Chain

https://c.holmesmind.com/cm
https://c.holmesmind.com/cm?tc=getIn&

0
509 B

156ms
156ms

Image
text/html

35.201.76.93
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://c.holmesmind.com/cm?tc=getIn&
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/capmapping.htm
Protocol: H2
Server: 35.201.76.93 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 93.76.201.35.bc.googleusercontent.com
Software: nginx/1.10.3 (Ubuntu) / PHP/7.0.18-0ubuntu0.17.04.1
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cdn.holmesmind.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Sat, 04 Nov 2023 14:29:44 GMT
via: 1.1 google
server: nginx/1.10.3 (Ubuntu)
x-powered-by: PHP/7.0.18-0ubuntu0.17.04.1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-type: text/html; charset=UTF-8

Redirect headers

date: Sat, 04 Nov 2023 14:29:44 GMT
via: 1.1 google
server: nginx/1.10.3 (Ubuntu)
x-powered-by: PHP/7.0.18-0ubuntu0.17.04.1
content-type: text/html; charset=UTF-8
location: https://c.holmesmind.com/cm?tc=getIn&
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H2 200 fp Show response
cm-dev-poc.holmesmind.com/ Frame 5A58 0
218 B 853ms
269ms Document
text/html 52.196.35.8
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cm-dev-poc.holmesmind.com/fp
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/capmapping.htm
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.196.35.8 Tokyo, Japan, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-196-35-8.ap-northeast-1.compute.amazonaws.com
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://cdn.holmesmind.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

content-encoding: gzip
content-type: text/html; charset=UTF-8
date: Sat, 04 Nov 2023 14:29:45 GMT
server: nginx/1.18.0 (Ubuntu)

GET
H2 502 cm.php Show response
fcm.holmesmind.com/ Frame 76E9 332 B
473 B 9225ms
9146ms Document
text/html 34.95.67.231

General

Check archive.org

Show headers Download Go to

Full URL: https://fcm.holmesmind.com/cm.php
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/capmapping.htm
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.95.67.231 -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 8128514a9917b6dcdf20f7ee24d6b00a27b2a6aa0f971acb988f358f25ac4005

Request headers

Referer: https://cdn.holmesmind.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 332
content-type: text/html; charset=UTF-8
date: Sat, 04 Nov 2023 14:29:53 GMT
referrer-policy: no-referrer

GET
H2 200 cm.js Show response
fcm2.holmesmind.com/ Frame 7F00 409 B
632 B 831ms
263ms Script
application/javascript 54.250.3.213
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://fcm2.holmesmind.com/cm.js
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/capmapping.htm
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 54.250.3.213 Tokyo, Japan, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-250-3-213.ap-northeast-1.compute.amazonaws.com
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: c205c874491530a4288b8f643e5da8fbcf7c54bee71bb787f4444e77de90e821

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cdn.holmesmind.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

access-control-allow-origin: *
date: Sat, 04 Nov 2023 14:29:45 GMT
server: nginx/1.18.0 (Ubuntu)
content-type: application/javascript; charset=utf-8

GET
H2

200

google
m.holmesmind.com/ml/ Frame 7F00
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=clickforce_dmp&google_cm&cf_uid=undefined&uu_m=undefined
https://m.holmesmind.com/ml/google?cf_uid=undefined&uu_m=undefined&google_gid=CAESEA3E8tB0lP6BCluqmGVkJ0Q&google_cver=1

0
159 B

1077ms
970ms

Image
image/png

35.227.249.156
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://m.holmesmind.com/ml/google?cf_uid=undefined&uu_m=undefined&google_gid=CAESEA3E8tB0lP6BCluqmGVkJ0Q&google_cver=1
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/capmapping.htm
Protocol: H2
Server: 35.227.249.156 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 156.249.227.35.bc.googleusercontent.com
Software: UploadServer /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cdn.holmesmind.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Sat, 04 Nov 2023 14:29:45 GMT
x-guploader-uploadid: ABPtcPqOs3WCQX4cJJpvUMMvWuup2ecsKnW3A08uT54ieWC9I-qjPb_VzHAnYl-cebhj-EpDj6nY8CaXpwu_TP5mNWgl
x-goog-storage-class: REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
last-modified: Wed, 21 Feb 2018 07:36:41 GMT
server: UploadServer
etag: "d41d8cd98f00b204e9800998ecf8427e"
x-goog-generation: 1519198601160228
content-type: image/png
x-goog-hash: crc32c=AAAAAA==, md5=1B2M2Y8AsgTpgAmY7PhCfg==
cache-control: public, max-age=3600
x-goog-stored-content-length: 0
accept-ranges: bytes
expires: Sat, 04 Nov 2023 15:29:45 GMT

Redirect headers

pragma: no-cache
date: Sat, 04 Nov 2023 14:29:44 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://m.holmesmind.com/ml/google?cf_uid=undefined&uu_m=undefined&google_gid=CAESEA3E8tB0lP6BCluqmGVkJ0Q&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 328
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 Preset.js Show response
adcdn.holmesmind.com/adserver/ Frame 5085 2 KB
729 B 1145ms
530ms Script
text/html 18.179.162.182
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://adcdn.holmesmind.com/adserver/Preset.js?z=14487
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js?20230627
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.179.162.182 Tokyo, Japan, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-179-162-182.ap-northeast-1.compute.amazonaws.com
Software: nginx/1.14.0 (Ubuntu) /
Resource Hash: 561bab429a795b1828ea1c42937f4f66bb916b36336a6034fb83396a84df5791

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.bestone-work.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

access-control-allow-origin: https://www.bestone-work.com
date: Sat, 04 Nov 2023 14:29:45 GMT
content-encoding: gzip
access-control-allow-credentials: true
server: nginx/1.14.0 (Ubuntu)
vary: Accept-Encoding
content-type: text/html; charset=UTF-8

GET
H2 200 Preset.js Show response
adcdn.holmesmind.com/adserver/ Frame 95D8 2 KB
730 B 1140ms
529ms Script
text/html 18.179.162.182
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://adcdn.holmesmind.com/adserver/Preset.js?z=14487
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js?20230627
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.179.162.182 Tokyo, Japan, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-179-162-182.ap-northeast-1.compute.amazonaws.com
Software: nginx/1.14.0 (Ubuntu) /
Resource Hash: 561bab429a795b1828ea1c42937f4f66bb916b36336a6034fb83396a84df5791

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.bestone-work.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

access-control-allow-origin: https://www.bestone-work.com
date: Sat, 04 Nov 2023 14:29:45 GMT
content-encoding: gzip
access-control-allow-credentials: true
server: nginx/1.14.0 (Ubuntu)
vary: Accept-Encoding
content-type: text/html; charset=UTF-8

GET
H/1.1 200
OK /
cm.lndata.com/ Frame 955D 35 B
470 B 9883ms
253ms Image
image/gif 116.50.36.71

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cm.lndata.com/?tid=4084&uid=media_cookie_id
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/capmapping.htm
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 116.50.36.71 -, , ASN (),
Reverse DNS
Software: TornadoServer/1.2.1 /
Resource Hash: 8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cdn.holmesmind.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

Content-Type: image/gif
Date: Sat, 04 Nov 2023 14:29:54 GMT
Server: TornadoServer/1.2.1
Connection: keep-alive
Etag: "0f4e929dd5bb2564f7ab9c76338e04e292a42ace"
Content-Length: 35
P3P: CP=CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR

GET
H2 200 fp
cm-dev-poc.holmesmind.com/ Frame 955D 0
217 B 833ms
270ms Image
text/html 52.196.35.8
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cm-dev-poc.holmesmind.com/fp
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/capmapping.htm
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.196.35.8 Tokyo, Japan, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-196-35-8.ap-northeast-1.compute.amazonaws.com
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cdn.holmesmind.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Sat, 04 Nov 2023 14:29:45 GMT
content-encoding: gzip
server: nginx/1.18.0 (Ubuntu)
content-type: text/html; charset=UTF-8

GET
H2

200

cm
c.holmesmind.com/ Frame 955D
Redirect Chain

https://c.holmesmind.com/cm
https://c.holmesmind.com/cm?tc=getIn&

0
508 B

157ms
157ms

Image
text/html

35.201.76.93
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://c.holmesmind.com/cm?tc=getIn&
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/capmapping.htm
Protocol: H2
Server: 35.201.76.93 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 93.76.201.35.bc.googleusercontent.com
Software: nginx/1.10.3 (Ubuntu) / PHP/7.0.18-0ubuntu0.17.04.1
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cdn.holmesmind.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Sat, 04 Nov 2023 14:29:44 GMT
via: 1.1 google
server: nginx/1.10.3 (Ubuntu)
x-powered-by: PHP/7.0.18-0ubuntu0.17.04.1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-type: text/html; charset=UTF-8

Redirect headers

location: https://c.holmesmind.com/cm?tc=getIn&
date: Sat, 04 Nov 2023 14:29:44 GMT
via: 1.1 google
server: nginx/1.10.3 (Ubuntu)
x-powered-by: PHP/7.0.18-0ubuntu0.17.04.1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-type: text/html; charset=UTF-8

GET
H2 200 fp Show response
cm-dev-poc.holmesmind.com/ Frame E584 0
217 B 1075ms
526ms Document
text/html 52.196.35.8
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cm-dev-poc.holmesmind.com/fp
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/capmapping.htm
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.196.35.8 Tokyo, Japan, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-196-35-8.ap-northeast-1.compute.amazonaws.com
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://cdn.holmesmind.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

content-encoding: gzip
content-type: text/html; charset=UTF-8
date: Sat, 04 Nov 2023 14:29:45 GMT
server: nginx/1.18.0 (Ubuntu)

GET
H2 502 cm.php Show response
fcm.holmesmind.com/ Frame 53F8 332 B
392 B 9193ms
9147ms Document
text/html 34.95.67.231

General

Check archive.org

Show headers Download Go to

Full URL: https://fcm.holmesmind.com/cm.php
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/capmapping.htm
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.95.67.231 -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 8128514a9917b6dcdf20f7ee24d6b00a27b2a6aa0f971acb988f358f25ac4005

Request headers

Referer: https://cdn.holmesmind.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 332
content-type: text/html; charset=UTF-8
date: Sat, 04 Nov 2023 14:29:53 GMT
referrer-policy: no-referrer

GET
H2 200 cm.js Show response
fcm2.holmesmind.com/ Frame 955D 409 B
632 B 798ms
264ms Script
application/javascript 54.250.3.213
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://fcm2.holmesmind.com/cm.js
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/capmapping.htm
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 54.250.3.213 Tokyo, Japan, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-250-3-213.ap-northeast-1.compute.amazonaws.com
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: c205c874491530a4288b8f643e5da8fbcf7c54bee71bb787f4444e77de90e821

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cdn.holmesmind.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

access-control-allow-origin: *
date: Sat, 04 Nov 2023 14:29:45 GMT
server: nginx/1.18.0 (Ubuntu)
content-type: application/javascript; charset=utf-8

GET
H2

200

google
m.holmesmind.com/ml/ Frame 955D
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=clickforce_dmp&google_cm&cf_uid=undefined&uu_m=undefined
https://m.holmesmind.com/ml/google?cf_uid=undefined&uu_m=undefined&google_gid=CAESEDvAhZTyTEmeb0gTPJWY99A&google_cver=1

0
472 B

405ms
284ms

Image
image/png

35.227.249.156
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://m.holmesmind.com/ml/google?cf_uid=undefined&uu_m=undefined&google_gid=CAESEDvAhZTyTEmeb0gTPJWY99A&google_cver=1
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/capmapping.htm
Protocol: H2
Server: 35.227.249.156 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 156.249.227.35.bc.googleusercontent.com
Software: UploadServer /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cdn.holmesmind.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Sat, 04 Nov 2023 14:29:44 GMT
x-guploader-uploadid: ABPtcPodGlgmuzZ-u3F-H_xt5f6PITPL4KkKQsuiAQKazDBDK8PTIUUGc_0o13Nl_VKcJEtIYKKvg5euxAF-XW518Ypo
x-goog-storage-class: REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
last-modified: Wed, 21 Feb 2018 07:36:41 GMT
server: UploadServer
etag: "d41d8cd98f00b204e9800998ecf8427e"
x-goog-generation: 1519198601160228
content-type: image/png
x-goog-hash: crc32c=AAAAAA==, md5=1B2M2Y8AsgTpgAmY7PhCfg==
cache-control: public, max-age=3600
x-goog-stored-content-length: 0
accept-ranges: bytes
expires: Sat, 04 Nov 2023 15:29:44 GMT

Redirect headers

pragma: no-cache
date: Sat, 04 Nov 2023 14:29:44 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://m.holmesmind.com/ml/google?cf_uid=undefined&uu_m=undefined&google_gid=CAESEDvAhZTyTEmeb0gTPJWY99A&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 328
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 Preset.js Show response
adcdn.holmesmind.com/adserver/ Frame E331 2 KB
729 B 1112ms
529ms Script
text/html 18.179.162.182
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://adcdn.holmesmind.com/adserver/Preset.js?z=14487
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js?20230627
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.179.162.182 Tokyo, Japan, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-179-162-182.ap-northeast-1.compute.amazonaws.com
Software: nginx/1.14.0 (Ubuntu) /
Resource Hash: 561bab429a795b1828ea1c42937f4f66bb916b36336a6034fb83396a84df5791

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.bestone-work.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

access-control-allow-origin: https://www.bestone-work.com
date: Sat, 04 Nov 2023 14:29:45 GMT
content-encoding: gzip
access-control-allow-credentials: true
server: nginx/1.14.0 (Ubuntu)
vary: Accept-Encoding
content-type: text/html; charset=UTF-8

GET
DATA 200
OK truncated
/ Frame 05C5 215 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 6f4e4f6cbc55002dbedeeb87b8e75558c487dbe41ea62982209eca2558e1ac6c

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 gemini_2getherclick_ifr.js Show response
www.scupio.net/track/kangleigm/js/ Frame CB11 6 KB
2 KB 59ms
59ms Script
application/x-javascript 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.scupio.net/track/kangleigm/js/gemini_2getherclick_ifr.js?size=336280&cssHost=//www.scupio.net/track/kangleigm/css/&cssUrl=//www.scupio.net/track/kangleigm/css/336280_4.css&aid=0&apiKey=CK4PB4R8D4RGY8DZQ5CS&sectionCode=7fa91bc8-8090-42fc-9d6f-8414b9834b15
Requested by: Host: static.intentarget.com
URL: https://static.intentarget.com/track/kangleigm/js/trkyjs.js?v=2
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 9ba8cc7f1277640242a262f7575fe90a1216015965b7779bd91ddeb526633bce

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.bestone-work.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Sat, 04 Nov 2023 14:29:44 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 30 Aug 2023 02:34:52 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 99255
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=T7Crd58oKqZCwkTj5OqP2liiO5Z5BxHD7it4QOBxjlPyR0wH3SZ2aT5EyqVCjB3R%2FtUgTSLxVrWJSUuMgmVsv6UXnsZasO9czuYmq50eV3TLPyH%2BZuPBvZmVX25uvH2XTaDsZ%2BxEXdkxBQ7T%2FA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/x-javascript; charset=utf-8
cache-control: max-age=259200
cf-ray: 820d8d09bddf0a4f-AMS
alt-svc: h3=":443"; ma=86400
expires: Mon, 06 Nov 2023 10:55:29 GMT

GET
H3 200 gemini_2getherclick_ifr.js Show response
www.scupio.net/track/kangleigm/js/ Frame 26FE 6 KB
3 KB 56ms
56ms Script
application/x-javascript 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.scupio.net/track/kangleigm/js/gemini_2getherclick_ifr.js?size=336280&cssHost=//www.scupio.net/track/kangleigm/css/&cssUrl=//www.scupio.net/track/kangleigm/css/336280_4.css&aid=0&apiKey=CK4PB4R8D4RGY8DZQ5CS&sectionCode=7fa91bc8-8090-42fc-9d6f-8414b9834b15
Requested by: Host: static.intentarget.com
URL: https://static.intentarget.com/track/kangleigm/js/trkyjs.js?v=2
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 9ba8cc7f1277640242a262f7575fe90a1216015965b7779bd91ddeb526633bce

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.bestone-work.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Sat, 04 Nov 2023 14:29:44 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 30 Aug 2023 02:34:52 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 20910
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4BX%2FeFGkV0NCRr5UNMoam9qxqwkTQvjrEOSCyv6pBQruWj9T3rd%2B6YXDSLzdZmAWIfkuLIzTIgsGlvzjsOI5rT4%2BiiYmmyppZLP1AQJ3aZVnG2ADpLoD0zn4%2Faibsm%2F54i9zKDKLFu%2F7l12ptw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/x-javascript; charset=utf-8
cache-control: max-age=259200
cf-ray: 820d8d09cd376619-AMS
alt-svc: h3=":443"; ma=86400
expires: Tue, 07 Nov 2023 08:41:14 GMT

GET
H3 200 336280_4.css
www.scupio.net/track/kangleigm/css/ Frame CBC9 3 KB
2 KB 57ms
56ms Stylesheet
text/css 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.scupio.net/track/kangleigm/css/336280_4.css
Requested by: Host: www.scupio.net
URL: https://www.scupio.net/track/kangleigm/js/gemini_2getherclick_ifr.js?size=336280&cssHost=//www.scupio.net/track/kangleigm/css/&cssUrl=//www.scupio.net/track/kangleigm/css/336280_4.css&aid=0&apiKey=CK4PB4R8D4RGY8DZQ5CS&sectionCode=7fa91bc8-8090-42fc-9d6f-8414b9834b15
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e9e1406f09c68b9b04ec8f03149c9d5c28818f3c4109c796c6d957e81553b528

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.bestone-work.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Sat, 04 Nov 2023 14:29:44 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 23 Aug 2023 01:43:44 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 220050
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=P09xOskkMxE0ywCJMw7QKGFq1MF3rTT1RRD%2FZc3lH2sen3C5iKm05J1wM9rAJVIKkhDYVq0qYqlSzM92CnaFI7p7njPjobihmjyjrvyItrdfW4%2FzL6CXKtet57q4sR1%2FXzWwZLpcCzXm%2BmyEpw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=259200
cf-ray: 820d8d0a3e0a6619-AMS
alt-svc: h3=":443"; ma=86400
expires: Sun, 05 Nov 2023 01:22:14 GMT

GET
H2 200 native.js Show response
s.yimg.com/dy/ads/ Frame CBC9 81 KB
31 KB 148ms
47ms Script
application/javascript 2a00:1288:80:807::1
YAHOO-DEB

General

Check archive.org

Show headers Download Go to

Full URL

https://s.yimg.com/dy/ads/native.js

Requested by

Host: www.bestone-work.com
URL: https://www.bestone-work.com/doc_WFBmaC9HUTJhOThXemNIMkhHMlhRUT09?fbclid=IwAR2toTevgLsppj6JOZjrSHBFdjHyazS0QA9jX7BxsXQ8IfaeNDAa-hnA6Bs

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1288:80:807::1 , United Kingdom, ASN203220 (YAHOO-DEB, GB),

Reverse DNS

Software

ATS /

Resource Hash

f5be70c103392c0ce642305bd1a7ee21a157f8d8f1f382b32b1cb56d04d47dfa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.bestone-work.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Sat, 04 Nov 2023 14:27:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000
x-amz-request-id: VJJHQJECGWHFFMDC
age: 135
x-amz-server-side-encryption: AES256
x-amz-id-2: jqnD7SKT/qxIYLcSHfQSkJ1UCjl3MR0+pD/WrXsOEXR7tDd9okclSYjco2jf89bRTZGBGBjND1/+tHlxwwBmMEu+EJKHN9rr
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
last-modified: Tue, 17 Oct 2023 19:38:05 GMT
server: ATS
etag: "3db30c4cf00aa6181fb6d0d40f94d7fc-df"
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
vary: Origin, Accept-Encoding
content-type: application/javascript
cache-control: max-age=600
accept-ranges: bytes

GET
H2 200 im-uid.js Show response
dmp.im-apps.net/sdk/ 6 KB
3 KB 45ms
42ms Script
application/javascript 2a02:26f0:2c::213:609a
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://dmp.im-apps.net/sdk/im-uid.js
Requested by: Host: dmp.im-apps.net
URL: https://dmp.im-apps.net/scripts/im-uid-hook.js?cid=6858
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:2c::213:609a Düsseldorf, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash: 957135063edbb7272a9f5247b887095262f77644fa42419381bf7ca2b0622bb8

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.bestone-work.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

x-amz-version-id: Ewv0cV5pGNUFzf4cpCFpusOmzbO5pqOY
content-encoding: gzip
date: Sat, 04 Nov 2023 14:29:44 GMT
last-modified: Fri, 21 Apr 2023 06:05:08 GMT
etag: "14ccaf76e8933bdcf899015e943cd2df"
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
content-type: application/javascript
p3p: CP="NOI PSD OTR"
cache-control: max-age=10800
x-amz-replication-status: COMPLETED
accept-ranges: bytes
content-length: 2434
expires: Sat, 04 Nov 2023 17:29:44 GMT

GET
H3 200 reactive_library_fy2021.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202310310101/ 160 KB
55 KB 89ms
88ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202310310101/reactive_library_fy2021.js?bust=31079355

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f6695e49b1a553fee4b90864009dd5f3573d63d831d2ccf08f9bb2032e3c4ec2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.bestone-work.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Sat, 04 Nov 2023 14:29:44 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 55823
x-xss-protection: 0
server: cafe
etag: 16466617755742210319
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=1209600
timing-allow-origin: *
expires: Sat, 04 Nov 2023 14:29:44 GMT

GET
H3 200 336280_4.css
www.scupio.net/track/kangleigm/css/ Frame CB11 3 KB
2 KB 55ms
55ms Stylesheet
text/css 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.scupio.net/track/kangleigm/css/336280_4.css
Requested by: Host: www.scupio.net
URL: https://www.scupio.net/track/kangleigm/js/gemini_2getherclick_ifr.js?size=336280&cssHost=//www.scupio.net/track/kangleigm/css/&cssUrl=//www.scupio.net/track/kangleigm/css/336280_4.css&aid=0&apiKey=CK4PB4R8D4RGY8DZQ5CS&sectionCode=7fa91bc8-8090-42fc-9d6f-8414b9834b15
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e9e1406f09c68b9b04ec8f03149c9d5c28818f3c4109c796c6d957e81553b528

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.bestone-work.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Sat, 04 Nov 2023 14:29:44 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 23 Aug 2023 01:43:44 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 220050
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wh%2FELZViTGLFzl7TdZZkSBw6JMBHkIrho8%2FPZIUmmUiF154hB4%2FaKAYbI5uQiHDxbHgkutgNuco0qD%2BKTAPOBOpwi6l6Q3rfDHRzG8vlTliF0mxfnxmwotFl6DKe4IIV9abPlM%2Bav%2FPXj4C3bQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=259200
cf-ray: 820d8d0aeedc6619-AMS
alt-svc: h3=":443"; ma=86400
expires: Sun, 05 Nov 2023 01:22:14 GMT

GET
H2 200 native.js Show response
s.yimg.com/dy/ads/ Frame CB11 81 KB
30 KB 117ms
116ms Script
application/javascript 2a00:1288:80:807::1
YAHOO-DEB

General

Check archive.org

Show headers Download Go to

Full URL

https://s.yimg.com/dy/ads/native.js

Requested by

Host: www.bestone-work.com
URL: https://www.bestone-work.com/doc_WFBmaC9HUTJhOThXemNIMkhHMlhRUT09?fbclid=IwAR2toTevgLsppj6JOZjrSHBFdjHyazS0QA9jX7BxsXQ8IfaeNDAa-hnA6Bs

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1288:80:807::1 , United Kingdom, ASN203220 (YAHOO-DEB, GB),

Reverse DNS

Software

ATS /

Resource Hash

f5be70c103392c0ce642305bd1a7ee21a157f8d8f1f382b32b1cb56d04d47dfa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.bestone-work.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Sat, 04 Nov 2023 14:27:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000
x-amz-request-id: VJJHQJECGWHFFMDC
age: 135
x-amz-server-side-encryption: AES256
x-amz-id-2: jqnD7SKT/qxIYLcSHfQSkJ1UCjl3MR0+pD/WrXsOEXR7tDd9okclSYjco2jf89bRTZGBGBjND1/+tHlxwwBmMEu+EJKHN9rr
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
last-modified: Tue, 17 Oct 2023 19:38:05 GMT
server: ATS
etag: "3db30c4cf00aa6181fb6d0d40f94d7fc-df"
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
vary: Origin, Accept-Encoding
content-type: application/javascript
cache-control: max-age=600
accept-ranges: bytes

GET
H3 200 336280_4.css
www.scupio.net/track/kangleigm/css/ Frame 26FE 3 KB
2 KB 56ms
55ms Stylesheet
text/css 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.scupio.net/track/kangleigm/css/336280_4.css
Requested by: Host: www.scupio.net
URL: https://www.scupio.net/track/kangleigm/js/gemini_2getherclick_ifr.js?size=336280&cssHost=//www.scupio.net/track/kangleigm/css/&cssUrl=//www.scupio.net/track/kangleigm/css/336280_4.css&aid=0&apiKey=CK4PB4R8D4RGY8DZQ5CS&sectionCode=7fa91bc8-8090-42fc-9d6f-8414b9834b15
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e9e1406f09c68b9b04ec8f03149c9d5c28818f3c4109c796c6d957e81553b528

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.bestone-work.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Sat, 04 Nov 2023 14:29:44 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 23 Aug 2023 01:43:44 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 220050
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MUqDx0Hyg4LaVaT1G30lFwNf1L44NWwvq3%2BgLx%2FUANkV3lj9Nszod9Nn0xypOUzfVqC9%2F2yJYr3x05J3rAX3fDtiiZ3fdQ6PjwwMDUevESrGs9E7ZXZ%2BAi%2Bxu8%2FjTD9Rxrw3zgoFF4CwhP6wsA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=259200
cf-ray: 820d8d0aeede6619-AMS
alt-svc: h3=":443"; ma=86400
expires: Sun, 05 Nov 2023 01:22:14 GMT

GET
H2 200 native.js Show response
s.yimg.com/dy/ads/ Frame 26FE 81 KB
30 KB 124ms
124ms Script
application/javascript 2a00:1288:80:807::1
YAHOO-DEB

General

Check archive.org

Show headers Download Go to

Full URL

https://s.yimg.com/dy/ads/native.js

Requested by

Host: www.bestone-work.com
URL: https://www.bestone-work.com/doc_WFBmaC9HUTJhOThXemNIMkhHMlhRUT09?fbclid=IwAR2toTevgLsppj6JOZjrSHBFdjHyazS0QA9jX7BxsXQ8IfaeNDAa-hnA6Bs

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1288:80:807::1 , United Kingdom, ASN203220 (YAHOO-DEB, GB),

Reverse DNS

Software

ATS /

Resource Hash

f5be70c103392c0ce642305bd1a7ee21a157f8d8f1f382b32b1cb56d04d47dfa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.bestone-work.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Sat, 04 Nov 2023 14:27:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000
x-amz-request-id: VJJHQJECGWHFFMDC
age: 135
x-amz-server-side-encryption: AES256
x-amz-id-2: jqnD7SKT/qxIYLcSHfQSkJ1UCjl3MR0+pD/WrXsOEXR7tDd9okclSYjco2jf89bRTZGBGBjND1/+tHlxwwBmMEu+EJKHN9rr
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
last-modified: Tue, 17 Oct 2023 19:38:05 GMT
server: ATS
etag: "3db30c4cf00aa6181fb6d0d40f94d7fc-df"
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
vary: Origin, Accept-Encoding
content-type: application/javascript
cache-control: max-age=600
accept-ranges: bytes

GET
H2 200 KFOlCnqEu92Fr1MmEU9fBBc4.woff2
fonts.gstatic.com/s/roboto/v30/ Frame 05C5 16 KB
16 KB 150ms
40ms Font
font/woff2 2a00:1450:4001:831::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto%3A400%2C500

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b019538234514166ec7665359d097403358f8a4c991901983922fb4d56989f1e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://googleads.g.doubleclick.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Tue, 31 Oct 2023 17:26:14 GMT
x-content-type-options: nosniff
age: 335010
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15920
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:45 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 30 Oct 2024 17:26:14 GMT

GET
H2 200 get Show response
audiencedata.im-apps.net/imuid/ 10 B
187 B 396ms
279ms XHR
application/json 2600:1901:0:e207::
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://audiencedata.im-apps.net/imuid/get?cid=6858&vid=01HEDBTRPJR3VRZ8ZX89V5KGEV
Requested by: Host: dmp.im-apps.net
URL: https://dmp.im-apps.net/sdk/im-uid.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:1901:0:e207:: Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
Software: /
Resource Hash: bb54369234516c2f2469a9989fce0f73145879defec57a2b276b5b1e0bf92336

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.bestone-work.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

access-control-allow-origin: https://www.bestone-work.com
date: Sat, 04 Nov 2023 14:29:45 GMT
via: 1.1 google
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 10
content-type: application/json

GET
H2 200 sync.html Show response
sync.logly.co.jp/sync/ Frame CEBA 495 B
666 B 1313ms
771ms Document
text/html 13.113.11.240
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://sync.logly.co.jp/sync/sync.html
Requested by: Host: nt.compass-fit.jp
URL: https://nt.compass-fit.jp/lift_widget.js?adspot_id=4300666
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.113.11.240 Tokyo, Japan, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-13-113-11-240.ap-northeast-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 13d5c0f2451f0a14104098f72c6f3334114a68927e50beb4779a0bf98966d9f5

Request headers

Referer: https://www.bestone-work.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
cache-control: max-age=2592000
content-length: 495
content-type: text/html
date: Sat, 04 Nov 2023 14:29:45 GMT
etag: "6543cf68-1ef"
last-modified: Thu, 02 Nov 2023 16:33:44 GMT
server: nginx

GET
H/1.1

200
OK

usync.html Show response
eus.rubiconproject.com/ Frame 0E9F
Redirect Chain

https://secure-assets.rubiconproject.com/utils/xapi/multi-sync.html?p=logly&endpoint=apac
https://eus.rubiconproject.com/usync.html?p=logly&endpoint=apac

281 B
555 B

153ms
45ms

Document
text/html

23.35.238.55
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.html?p=logly&endpoint=apac
Requested by: Host: nt.compass-fit.jp
URL: https://nt.compass-fit.jp/lift_widget.js?adspot_id=4300666
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.35.238.55 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-35-238-55.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390

Request headers

Referer: https://www.bestone-work.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Accept-Ranges: bytes
Connection: keep-alive
Content-Encoding: gzip
Content-Length: 233
Content-Type: text/html; charset=UTF-8
Date: Sat, 04 Nov 2023 14:29:45 GMT
ETag: "280525-119-60930cbd3cec0"
Last-Modified: Thu, 02 Nov 2023 19:57:23 GMT
Server: Apache/2.2.15 (CentOS)
Vary: Accept-Encoding

Redirect headers

access-control-allow-credentials: true
access-control-allow-origin: *
content-length: 0
date: Sat, 04 Nov 2023 14:29:44 GMT
location: https://eus.rubiconproject.com/usync.html?p=logly&endpoint=apac
server: AkamaiGHost

GET
H2 200 getAds.do Show response
ads.yap.yahoo.com/nosdk/wj/v1/ Frame CBC9 264 B
589 B 259ms
82ms Script
application/javascript 87.248.100.136
YAHOO-IRD

General

Check archive.org

Show headers Download Go to

Full URL

https://ads.yap.yahoo.com/nosdk/wj/v1/getAds.do?agentVersion=205&adTrackingEnabled=true&locale=en&adUnitCode=7fa91bc8-8090-42fc-9d6f-8414b9834b15&apiKey=CK4PB4R8D4RGY8DZQ5CS&gpp=&gppSid=&usp=&gdpr=&euconsent=&publisherUrl=https%3A%2F%2Fwww.bestone-work.com%2Fgmifr_lei.html&caps=16&cb=jsonpCallback0

Requested by

Host: s.yimg.com
URL: https://s.yimg.com/dy/ads/native.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

87.248.100.136 Dublin, Ireland, ASN34010 (YAHOO-IRD, GB),

Reverse DNS

o1.ycpi.vip.ir2.yahoo.com

Software

ATS /

Resource Hash

db77a02adf6e0dfcd6101426b0fccb03f8f29303294d9819e6df1a9415b7a481

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.bestone-work.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
referrer-policy: no-referrer-when-downgrade
date: Sat, 04 Nov 2023 14:29:44 GMT
server: ATS
age: 1
x-content-type-options: nosniff
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
vary: Accept-Encoding, User-Agent
content-type: application/javascript; charset=UTF-8
x-envoy-upstream-service-time: 15
x-xss-protection: 1; mode=block
x-request-id: 557eef06-4c71-4877-bdc0-119907e08190

GET
H2 200 b
geo.yahoo.com/ Frame CBC9 43 B
96 B 257ms
96ms Image
image/gif 2a00:1288:110:c204::b000
YAHOO-IRD

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://geo.yahoo.com/b?t=xhkd7&9sdk8454

Requested by

Host: www.bestone-work.com
URL: https://www.bestone-work.com/gmifr_lei.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1288:110:c204::b000 , United Kingdom, ASN34010 (YAHOO-IRD, GB),

Reverse DNS

Software

ATS /

Resource Hash

b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.bestone-work.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 04 Nov 2023 14:29:45 GMT
strict-transport-security: max-age=31536000
server: ATS
age: 0
content-type: image/gif
p3p: policyref="https://policies.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
cache-control: no-cache, no-store, private
x-envoy-upstream-service-time: 1
content-length: 43

GET
H3 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20231101/r20110914/ Frame 3E80 10 KB
4 KB 40ms
39ms Document
text/html 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20231101/r20110914/zrt_lookup.html?fsb=1

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

626c65063bcb00fcc4574cffc418820fc209794a0519ec1e65931896c79a6ee1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bestone-work.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 63343
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4502
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 03 Nov 2023 20:54:01 GMT
etag: 251720774729838433
expires: Fri, 17 Nov 2023 20:54:01 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20231101/r20110914/ Frame 4A8E 10 KB
4 KB 40ms
39ms Document
text/html 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20231101/r20110914/zrt_lookup.html?fsb=1

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

626c65063bcb00fcc4574cffc418820fc209794a0519ec1e65931896c79a6ee1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bestone-work.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 63343
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4502
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 03 Nov 2023 20:54:01 GMT
etag: 251720774729838433
expires: Fri, 17 Nov 2023 20:54:01 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20231101/r20110914/ Frame 314D 10 KB
4 KB 41ms
38ms Document
text/html 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20231101/r20110914/zrt_lookup.html?fsb=1

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

626c65063bcb00fcc4574cffc418820fc209794a0519ec1e65931896c79a6ee1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bestone-work.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 63343
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4502
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 03 Nov 2023 20:54:01 GMT
etag: 251720774729838433
expires: Fri, 17 Nov 2023 20:54:01 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20231101/r20110914/ Frame 01A3 10 KB
4 KB 44ms
42ms Document
text/html 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20231101/r20110914/zrt_lookup.html?fsb=1

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

626c65063bcb00fcc4574cffc418820fc209794a0519ec1e65931896c79a6ee1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bestone-work.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 63343
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4502
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 03 Nov 2023 20:54:01 GMT
etag: 251720774729838433
expires: Fri, 17 Nov 2023 20:54:01 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3

200

/
www.googleadservices.com/pagead/ar-adview/ Frame 05C5
Redirect Chain

https://googleads.g.doubleclick.net/pagead/adview?ai=CxdkgV1VGZbzMHa_I1fAPwLykoAu9jaavb8fMr6y_DvfSor3AARABILeQ34sBYJWK_IGUB6ABsLqh1wPIAQmpAircdGgTAbI-qAMByAPLBKoErwJP0IWw47poeorSa-GyppHMMbcW5eP6MIn...
https://www.googleadservices.com/pagead/ar-adview/?nrh={%22debug_key%22:%227519831406010278124%22,%22debug_reporting%22:true,%22destination%22:%22https://kayak.de%22,%22event_report_window%22:%2225...

0
0

176ms
74ms

Fetch
text/css

142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/ar-adview/?nrh={%22debug_key%22:%227519831406010278124%22,%22debug_reporting%22:true,%22destination%22:%22https://kayak.de%22,%22event_report_window%22:%22259200%22,%22expiry%22:%222592000%22,%22filter_data%22:{%222%22:[%22988306736%22],%224%22:[%2211-04%22],%226%22:[%22true%22]},%22priority%22:%22500%22,%22source_event_id%22:%2216706648394579716593%22}&andc=true

Requested by

Host: www.bestone-work.com
URL: https://www.bestone-work.com/doc_WFBmaC9HUTJhOThXemNIMkhHMlhRUT09?fbclid=IwAR2toTevgLsppj6JOZjrSHBFdjHyazS0QA9jX7BxsXQ8IfaeNDAa-hnA6Bs

Protocol

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Sat, 04 Nov 2023 14:29:45 GMT
x-content-type-options: nosniff
attribution-reporting-register-source: {"debug_key":"7519831406010278124","debug_reporting":true,"destination":"https://kayak.de","event_report_window":"259200","expiry":"2592000","filter_data":{"2":["988306736"],"4":["11-04"],"6":["true"]},"priority":"500","source_event_id":"16706648394579716593"}
server: cafe
content-type: text/css; charset=UTF-8
access-control-allow-origin: https://googleads.g.doubleclick.net
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: private
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Sat, 04 Nov 2023 14:29:45 GMT

Redirect headers

content-security-policy: script-src 'none'; object-src 'none'
date: Sat, 04 Nov 2023 14:29:45 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
location: https://www.googleadservices.com/pagead/ar-adview/?nrh={"debug_key":"7519831406010278124","debug_reporting":true,"destination":"https://kayak.de","event_report_window":"259200","expiry":"2592000","filter_data":{"2":["988306736"],"4":["11-04"],"6":["true"]},"priority":"500","source_event_id":"16706648394579716593"}&andc=true
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H2 200 b
geo.yahoo.com/ Frame CB11 43 B
366 B 154ms
91ms Image
image/gif 2a00:1288:110:c204::b000
YAHOO-IRD

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://geo.yahoo.com/b?t=xhkd7&9sdk8454

Requested by

Host: s.yimg.com
URL: https://s.yimg.com/dy/ads/native.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1288:110:c204::b000 , United Kingdom, ASN34010 (YAHOO-IRD, GB),

Reverse DNS

Software

ATS /

Resource Hash

b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.bestone-work.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 04 Nov 2023 14:29:45 GMT
strict-transport-security: max-age=31536000
server: ATS
age: 0
content-type: image/gif
p3p: policyref="https://policies.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
cache-control: no-cache, no-store, private
x-envoy-upstream-service-time: 0
content-length: 43

GET
H2 200 getAds.do Show response
ads.yap.yahoo.com/nosdk/wj/v1/ Frame CB11 264 B
366 B 208ms
130ms Script
application/javascript 87.248.100.136
YAHOO-IRD

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host: s.yimg.com
URL: https://s.yimg.com/dy/ads/native.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

87.248.100.136 Dublin, Ireland, ASN34010 (YAHOO-IRD, GB),

Reverse DNS

o1.ycpi.vip.ir2.yahoo.com

Software

ATS /

Resource Hash

db77a02adf6e0dfcd6101426b0fccb03f8f29303294d9819e6df1a9415b7a481

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.bestone-work.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
referrer-policy: no-referrer-when-downgrade
date: Sat, 04 Nov 2023 14:29:45 GMT
server: ATS
age: 0
x-content-type-options: nosniff
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
vary: Accept-Encoding, User-Agent
content-type: application/javascript; charset=UTF-8
x-envoy-upstream-service-time: 14
x-xss-protection: 1; mode=block
x-request-id: 1d6e009d-c6af-48e3-b139-07d5ce3ef665

GET
H3 200 Dq7XSZMeOny_zs0cDs__BulTyuvw0_s4UMxrCFcwjBQ.js Show response
pagead2.googlesyndication.com/bg/ Frame 272D 50 KB
19 KB 41ms
40ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/Dq7XSZMeOny_zs0cDs__BulTyuvw0_s4UMxrCFcwjBQ.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0eaed749931e3a7cbfcecd1c0ecfff06e953caebf0d3fb3850cc6b0857308c14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Wed, 01 Nov 2023 19:38:15 GMT
content-encoding: br
x-content-type-options: nosniff
age: 240690
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 19631
x-xss-protection: 0
last-modified: Tue, 31 Oct 2023 13:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 31 Oct 2024 19:38:15 GMT

GET
H2 200 css2
fonts.googleapis.com/ Frame 3E80 4 KB
767 B 53ms
53ms Stylesheet
text/css 2a00:1450:4001:801::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Roboto:wght@400;700&display=swap

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231101/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:801::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

2d0922bd18f06df3c7413fcd6a3f1c5ec9545b4b07b131e362f30df7275fc058

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Sat, 04 Nov 2023 14:29:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Sat, 04 Nov 2023 13:29:43 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Sat, 04 Nov 2023 14:29:45 GMT

GET
H2 200 feedback_grey600_24dp.png
www.gstatic.com/images/icons/material/system/2x/ Frame 3E80 205 B
520 B 47ms
45ms Image
image/png 2a00:1450:4001:80f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gstatic.com/images/icons/material/system/2x/feedback_grey600_24dp.png

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231101/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4d45982f2dc34f36c9045ee46a75a1943666bb7fd64e103cac8c7429e7012840

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Thu, 02 Nov 2023 08:30:10 GMT
x-content-type-options: nosniff
age: 194375
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 205
x-xss-protection: 0
last-modified: Thu, 20 Jul 2023 22:48:00 GMT
server: sffe
vary: Origin
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type: image/png
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
expires: Fri, 01 Nov 2024 08:30:10 GMT

GET
H2 200 settings_grey600_24dp.png
www.gstatic.com/images/icons/material/system/2x/ Frame 3E80 604 B
695 B 47ms
45ms Image
image/png 2a00:1450:4001:80f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gstatic.com/images/icons/material/system/2x/settings_grey600_24dp.png

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231101/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5c4a713ee4250851232be9f9f68d41586be39b299528cfc7266e0b0e7e582e1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Fri, 03 Nov 2023 12:18:27 GMT
x-content-type-options: nosniff
age: 94278
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 604
x-xss-protection: 0
last-modified: Thu, 20 Jul 2023 22:48:00 GMT
server: sffe
vary: Origin
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type: image/png
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
expires: Sat, 02 Nov 2024 12:18:27 GMT

GET
H3 200 fullscreen_api_adapter_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231101/r20110914/elements/html/ Frame 3E80 16 KB
7 KB 45ms
45ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231101/r20110914/elements/html/fullscreen_api_adapter_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231101/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

913dd787ddb1c1055833af1b085aeccbed3dc54e94bdd1e143ad9f9372c46969

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Fri, 03 Nov 2023 23:24:10 GMT
content-encoding: br
x-content-type-options: nosniff
age: 54335
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6828
x-xss-protection: 0
server: cafe
etag: 11986448221276412250
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 17 Nov 2023 23:24:10 GMT

GET
H3 200 interstitial_ad_frame_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231101/r20110914/elements/html/ Frame 3E80 21 KB
9 KB 47ms
47ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231101/r20110914/elements/html/interstitial_ad_frame_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231101/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e67417b0b06b8190bcbc2063e7e5b70febd93586e820049fd4eda8e491fd9ec7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Fri, 03 Nov 2023 20:49:45 GMT
content-encoding: br
x-content-type-options: nosniff
age: 63600
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8796
x-xss-protection: 0
server: cafe
etag: 1225823381704108053
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 17 Nov 2023 20:49:45 GMT

GET
H2 200 b
geo.yahoo.com/ Frame 26FE 43 B
72 B 122ms
95ms Image
image/gif 2a00:1288:110:c204::b000
YAHOO-IRD

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://geo.yahoo.com/b?t=xhkd7&9sdk8454

Requested by

Host: s.yimg.com
URL: https://s.yimg.com/dy/ads/native.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1288:110:c204::b000 , United Kingdom, ASN34010 (YAHOO-IRD, GB),

Reverse DNS

Software

ATS /

Resource Hash

b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.bestone-work.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 04 Nov 2023 14:29:45 GMT
strict-transport-security: max-age=31536000
server: ATS
age: 0
content-type: image/gif
p3p: policyref="https://policies.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
cache-control: no-cache, no-store, private
x-envoy-upstream-service-time: 0
content-length: 43

GET
H2 200 getAds.do Show response
ads.yap.yahoo.com/nosdk/wj/v1/ Frame 26FE 264 B
307 B 173ms
132ms Script
application/javascript 87.248.100.136
YAHOO-IRD

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host: s.yimg.com
URL: https://s.yimg.com/dy/ads/native.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

87.248.100.136 Dublin, Ireland, ASN34010 (YAHOO-IRD, GB),

Reverse DNS

o1.ycpi.vip.ir2.yahoo.com

Software

ATS /

Resource Hash

db77a02adf6e0dfcd6101426b0fccb03f8f29303294d9819e6df1a9415b7a481

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.bestone-work.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
referrer-policy: no-referrer-when-downgrade
date: Sat, 04 Nov 2023 14:29:44 GMT
server: ATS
age: 1
x-content-type-options: nosniff
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
vary: Accept-Encoding, User-Agent
content-type: application/javascript; charset=UTF-8
x-envoy-upstream-service-time: 15
x-xss-protection: 1; mode=block
x-request-id: 958b4bf0-6791-4c26-ab2b-159b15f45620

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 5934 624 B
242 B 93ms
91ms Document
text/html 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CNj8mwIQq6iuAhjChYn7ATAB&v=APEucNVvoEJV7Die3oolzDzrsXfNnlKA5kQIAC150lIAtcVh3iahwMwEJO_D4x4GHv679YRPEPsNJN7StzvPJR-kYNYzWx-T9Zu5UxLJsHzlHRMO9Z_Tgv6FbZ842YVLQZlDzizaMR4Kpby4Id7_DqYML7PPN_65xMBJOU7dYA62_q7WwYcusck

Requested by

Host: www.bestone-work.com
URL: https://www.bestone-work.com/doc_WFBmaC9HUTJhOThXemNIMkhHMlhRUT09?fbclid=IwAR2toTevgLsppj6JOZjrSHBFdjHyazS0QA9jX7BxsXQ8IfaeNDAa-hnA6Bs

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/html/r20231101/r20110914/zrt_lookup.html?fsb=1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: br
content-length: 222
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sat, 04 Nov 2023 14:29:45 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 html_inpage_rendering_lib_200_278.js Show response
s0.2mdn.net/879366/ Frame 459A 172 KB
61 KB 165ms
41ms Script
text/javascript 2a00:1450:4001:808::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_278.js

Requested by

Host: www.bestone-work.com
URL: https://www.bestone-work.com/doc_WFBmaC9HUTJhOThXemNIMkhHMlhRUT09?fbclid=IwAR2toTevgLsppj6JOZjrSHBFdjHyazS0QA9jX7BxsXQ8IfaeNDAa-hnA6Bs

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a6d36aa3d742ccd6f1ca3c76dcf885af72f7bebe2fcc001ea011a7aea2f55678

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Origin: https://googleads.g.doubleclick.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Sat, 04 Nov 2023 07:14:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 26109
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 61485
x-xss-protection: 0
last-modified: Tue, 14 Mar 2023 18:43:57 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 05 Nov 2023 07:14:36 GMT

GET
H3 200 omrhp_fy2021.js Show response
pagead2.googlesyndication.com/pagead/js/r20231101/r20110914/elements/html/ Frame 459A 7 KB
3 KB 62ms
62ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20231101/r20110914/elements/html/omrhp_fy2021.js

Requested by

Host: www.bestone-work.com
URL: https://www.bestone-work.com/doc_WFBmaC9HUTJhOThXemNIMkhHMlhRUT09?fbclid=IwAR2toTevgLsppj6JOZjrSHBFdjHyazS0QA9jX7BxsXQ8IfaeNDAa-hnA6Bs

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c4b813f7aa04eca20be469b259cca2779799f58e280d73488bd7386940d2d146

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Fri, 03 Nov 2023 20:17:00 GMT
content-encoding: br
x-content-type-options: nosniff
age: 65565
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 3071
x-xss-protection: 0
server: cafe
etag: 10674441169935035545
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 17 Nov 2023 20:17:00 GMT

GET
H3 200 abg_lite_fy2021.js Show response
pagead2.googlesyndication.com/pagead/js/r20231101/r20110914/ Frame 459A 23 KB
9 KB 59ms
56ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20231101/r20110914/abg_lite_fy2021.js

Requested by

Host: www.bestone-work.com
URL: https://www.bestone-work.com/doc_WFBmaC9HUTJhOThXemNIMkhHMlhRUT09?fbclid=IwAR2toTevgLsppj6JOZjrSHBFdjHyazS0QA9jX7BxsXQ8IfaeNDAa-hnA6Bs

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

961f547cdb29f79eed49fddf9c4867b1f8589facfe487d6055c512950db7a914

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Fri, 03 Nov 2023 19:25:22 GMT
content-encoding: br
x-content-type-options: nosniff
age: 68663
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9345
x-xss-protection: 0
server: cafe
etag: 15168757854195530193
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 17 Nov 2023 19:25:22 GMT

GET
H3 200 Q12zgMmT.js Show response
tpc.googlesyndication.com/sodar/ Frame 459A 41 KB
14 KB 59ms
56ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Q12zgMmT.js

Requested by

Host: www.bestone-work.com
URL: https://www.bestone-work.com/doc_WFBmaC9HUTJhOThXemNIMkhHMlhRUT09?fbclid=IwAR2toTevgLsppj6JOZjrSHBFdjHyazS0QA9jX7BxsXQ8IfaeNDAa-hnA6Bs

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

435db380c9936c0970dcd3d9941eab6aec2fcf2a38c3e2b4e02d957e8e76bd1f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Fri, 03 Nov 2023 14:17:59 GMT
content-encoding: br
x-content-type-options: nosniff
age: 87106
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13937
x-xss-protection: 0
last-modified: Fri, 25 Aug 2023 23:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 02 Nov 2024 14:17:59 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231101/r20110914/client/ Frame 459A 3 KB
1 KB 64ms
62ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231101/r20110914/client/window_focus_fy2021.js

Requested by

Host: www.bestone-work.com
URL: https://www.bestone-work.com/doc_WFBmaC9HUTJhOThXemNIMkhHMlhRUT09?fbclid=IwAR2toTevgLsppj6JOZjrSHBFdjHyazS0QA9jX7BxsXQ8IfaeNDAa-hnA6Bs

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Sat, 04 Nov 2023 11:05:10 GMT
content-encoding: br
x-content-type-options: nosniff
age: 12275
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 18 Nov 2023 11:05:10 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231101/r20110914/client/ Frame 459A 20 KB
8 KB 59ms
57ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231101/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: www.bestone-work.com
URL: https://www.bestone-work.com/doc_WFBmaC9HUTJhOThXemNIMkhHMlhRUT09?fbclid=IwAR2toTevgLsppj6JOZjrSHBFdjHyazS0QA9jX7BxsXQ8IfaeNDAa-hnA6Bs

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

11435640d1ed2fa5f24ccd7f074b66c4d191a97a2931e793be6799d2b6a5e459

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Fri, 03 Nov 2023 19:20:48 GMT
content-encoding: br
x-content-type-options: nosniff
age: 68937
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8610
x-xss-protection: 0
server: cafe
etag: 7739385728678230190
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 17 Nov 2023 19:20:48 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 459A 189 KB
59 KB 61ms
55ms Script
text/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: www.bestone-work.com
URL: https://www.bestone-work.com/doc_WFBmaC9HUTJhOThXemNIMkhHMlhRUT09?fbclid=IwAR2toTevgLsppj6JOZjrSHBFdjHyazS0QA9jX7BxsXQ8IfaeNDAa-hnA6Bs

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a7b6ac83d0a5dbb3a50fb28ff292d09cdd262834c50beb293d9aad1550eac5a1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Sat, 04 Nov 2023 14:29:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 60699
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1698838693892887"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 04 Nov 2023 14:29:45 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 459A 42 B
63 B 88ms
87ms Image
image/gif 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-B__uOPuc-hjOSeykpecY5U2xdzUcxC7SIc3uHLD1JA7-fJVkYOM6i4eMKbOkKLil2iEmrqRAPW7v2IH8lH5N3AzLpyi3bPx2DkAozSBeQMzFEX_To

Requested by

Host: www.bestone-work.com
URL: https://www.bestone-work.com/doc_WFBmaC9HUTJhOThXemNIMkhHMlhRUT09?fbclid=IwAR2toTevgLsppj6JOZjrSHBFdjHyazS0QA9jX7BxsXQ8IfaeNDAa-hnA6Bs

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 04 Nov 2023 14:29:45 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 33F7 624 B
242 B 83ms
82ms Document
text/html 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CNj8mwIQq6iuAhji9Ij7ATAB&v=APEucNXpvfLyawFZaRvQktXFOAvTIPSWSVxravLHwnDRn5bwJ0L0U3bYmUBms-R_e9mWXVqjB4vCJA2h97Uuo54DrEhLma65EsKnKKwa4WXXfyDwOlJSzsGYPQkFj0v089GDdhoXIbniyOwtedcwPwXhuAR36wy7GN1g6QogcRswUuvQzcge1aA

Requested by

Host: www.bestone-work.com
URL: https://www.bestone-work.com/doc_WFBmaC9HUTJhOThXemNIMkhHMlhRUT09?fbclid=IwAR2toTevgLsppj6JOZjrSHBFdjHyazS0QA9jX7BxsXQ8IfaeNDAa-hnA6Bs

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/html/r20231101/r20110914/zrt_lookup.html?fsb=1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: br
content-length: 222
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sat, 04 Nov 2023 14:29:45 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 html_inpage_rendering_lib_200_278.js Show response
s0.2mdn.net/879366/ Frame D04F 172 KB
60 KB 172ms
88ms Script
text/javascript 2a00:1450:4001:808::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_278.js

Requested by

Host: www.bestone-work.com
URL: https://www.bestone-work.com/doc_WFBmaC9HUTJhOThXemNIMkhHMlhRUT09?fbclid=IwAR2toTevgLsppj6JOZjrSHBFdjHyazS0QA9jX7BxsXQ8IfaeNDAa-hnA6Bs

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a6d36aa3d742ccd6f1ca3c76dcf885af72f7bebe2fcc001ea011a7aea2f55678

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Origin: https://googleads.g.doubleclick.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Sat, 04 Nov 2023 07:14:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 26109
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 61485
x-xss-protection: 0
last-modified: Tue, 14 Mar 2023 18:43:57 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 05 Nov 2023 07:14:36 GMT

GET
H3 200 omrhp_fy2021.js Show response
pagead2.googlesyndication.com/pagead/js/r20231101/r20110914/elements/html/ Frame D04F 7 KB
3 KB 57ms
53ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20231101/r20110914/elements/html/omrhp_fy2021.js

Requested by

Host: www.bestone-work.com
URL: https://www.bestone-work.com/doc_WFBmaC9HUTJhOThXemNIMkhHMlhRUT09?fbclid=IwAR2toTevgLsppj6JOZjrSHBFdjHyazS0QA9jX7BxsXQ8IfaeNDAa-hnA6Bs

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c4b813f7aa04eca20be469b259cca2779799f58e280d73488bd7386940d2d146

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Fri, 03 Nov 2023 20:17:00 GMT
content-encoding: br
x-content-type-options: nosniff
age: 65565
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 3071
x-xss-protection: 0
server: cafe
etag: 10674441169935035545
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 17 Nov 2023 20:17:00 GMT

GET
H3 200 abg_lite_fy2021.js Show response
pagead2.googlesyndication.com/pagead/js/r20231101/r20110914/ Frame D04F 23 KB
9 KB 65ms
49ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20231101/r20110914/abg_lite_fy2021.js

Requested by

Host: www.bestone-work.com
URL: https://www.bestone-work.com/doc_WFBmaC9HUTJhOThXemNIMkhHMlhRUT09?fbclid=IwAR2toTevgLsppj6JOZjrSHBFdjHyazS0QA9jX7BxsXQ8IfaeNDAa-hnA6Bs

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

961f547cdb29f79eed49fddf9c4867b1f8589facfe487d6055c512950db7a914

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Fri, 03 Nov 2023 19:25:22 GMT
content-encoding: br
x-content-type-options: nosniff
age: 68663
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9345
x-xss-protection: 0
server: cafe
etag: 15168757854195530193
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 17 Nov 2023 19:25:22 GMT

GET
H3 200 Q12zgMmT.js Show response
tpc.googlesyndication.com/sodar/ Frame D04F 41 KB
14 KB 66ms
50ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Q12zgMmT.js

Requested by

Host: www.bestone-work.com
URL: https://www.bestone-work.com/doc_WFBmaC9HUTJhOThXemNIMkhHMlhRUT09?fbclid=IwAR2toTevgLsppj6JOZjrSHBFdjHyazS0QA9jX7BxsXQ8IfaeNDAa-hnA6Bs

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

435db380c9936c0970dcd3d9941eab6aec2fcf2a38c3e2b4e02d957e8e76bd1f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Fri, 03 Nov 2023 14:17:59 GMT
content-encoding: br
x-content-type-options: nosniff
age: 87106
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13937
x-xss-protection: 0
last-modified: Fri, 25 Aug 2023 23:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 02 Nov 2024 14:17:59 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231101/r20110914/client/ Frame D04F 3 KB
1 KB 80ms
64ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231101/r20110914/client/window_focus_fy2021.js

Requested by

Host: www.bestone-work.com
URL: https://www.bestone-work.com/doc_WFBmaC9HUTJhOThXemNIMkhHMlhRUT09?fbclid=IwAR2toTevgLsppj6JOZjrSHBFdjHyazS0QA9jX7BxsXQ8IfaeNDAa-hnA6Bs

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Sat, 04 Nov 2023 11:05:10 GMT
content-encoding: br
x-content-type-options: nosniff
age: 12275
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 18 Nov 2023 11:05:10 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231101/r20110914/client/ Frame D04F 20 KB
8 KB 66ms
50ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231101/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: www.bestone-work.com
URL: https://www.bestone-work.com/doc_WFBmaC9HUTJhOThXemNIMkhHMlhRUT09?fbclid=IwAR2toTevgLsppj6JOZjrSHBFdjHyazS0QA9jX7BxsXQ8IfaeNDAa-hnA6Bs

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

11435640d1ed2fa5f24ccd7f074b66c4d191a97a2931e793be6799d2b6a5e459

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Fri, 03 Nov 2023 19:20:48 GMT
content-encoding: br
x-content-type-options: nosniff
age: 68937
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8610
x-xss-protection: 0
server: cafe
etag: 7739385728678230190
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 17 Nov 2023 19:20:48 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame D04F 189 KB
59 KB 78ms
54ms Script
text/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: www.bestone-work.com
URL: https://www.bestone-work.com/doc_WFBmaC9HUTJhOThXemNIMkhHMlhRUT09?fbclid=IwAR2toTevgLsppj6JOZjrSHBFdjHyazS0QA9jX7BxsXQ8IfaeNDAa-hnA6Bs

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a7b6ac83d0a5dbb3a50fb28ff292d09cdd262834c50beb293d9aad1550eac5a1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Sat, 04 Nov 2023 14:29:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 60699
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1698838693892887"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 04 Nov 2023 14:29:45 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame D04F 42 B
63 B 88ms
73ms Image
image/gif 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-BCeX9oCBFnkJ0UMkvMUHgc-18KO8-Fqx5aTwb75Y79G-4ZELOVmHMhxrm5oG8lBQaFTBs6jrTUdluYw0PvtqSojxQqynRydizC14Sv5WV7V-nXEpA

Requested by

Host: www.bestone-work.com
URL: https://www.bestone-work.com/doc_WFBmaC9HUTJhOThXemNIMkhHMlhRUT09?fbclid=IwAR2toTevgLsppj6JOZjrSHBFdjHyazS0QA9jX7BxsXQ8IfaeNDAa-hnA6Bs

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 04 Nov 2023 14:29:45 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 css
fonts.googleapis.com/ Frame 01A3 14 KB
1 KB 56ms
49ms Stylesheet
text/css 2a00:1450:4001:801::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231101/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

aade7746342f608807b7eb107059c842fe200e1ff09e146db822250055cecaed

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Sat, 04 Nov 2023 14:29:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Sat, 04 Nov 2023 13:29:14 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Sat, 04 Nov 2023 14:29:45 GMT

GET
H3 200 load_preloaded_resource_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231101/r20110914/client/ Frame 01A3 2 KB
825 B 58ms
53ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231101/r20110914/client/load_preloaded_resource_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231101/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d66ca23a7be1d8803307f937a250d0f90959f1289862b8e870d6795000f2b731

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Fri, 03 Nov 2023 19:21:46 GMT
content-encoding: br
x-content-type-options: nosniff
age: 68879
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 798
x-xss-protection: 0
server: cafe
etag: 15713038447858168282
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 17 Nov 2023 19:21:46 GMT

GET
H3 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231101/r20110914/ Frame 01A3 23 KB
9 KB 56ms
53ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231101/r20110914/abg_lite_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231101/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

961f547cdb29f79eed49fddf9c4867b1f8589facfe487d6055c512950db7a914

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Fri, 03 Nov 2023 19:21:46 GMT
content-encoding: br
x-content-type-options: nosniff
age: 68879
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9345
x-xss-protection: 0
server: cafe
etag: 15168757854195530193
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 17 Nov 2023 19:21:46 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231101/r20110914/client/ Frame 01A3 3 KB
1 KB 61ms
59ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231101/r20110914/client/window_focus_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231101/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Sat, 04 Nov 2023 11:05:10 GMT
content-encoding: br
x-content-type-options: nosniff
age: 12275
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 18 Nov 2023 11:05:10 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231101/r20110914/client/ Frame 01A3 20 KB
8 KB 47ms
45ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231101/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231101/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

11435640d1ed2fa5f24ccd7f074b66c4d191a97a2931e793be6799d2b6a5e459

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Fri, 03 Nov 2023 19:20:48 GMT
content-encoding: br
x-content-type-options: nosniff
age: 68937
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8610
x-xss-protection: 0
server: cafe
etag: 7739385728678230190
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 17 Nov 2023 19:20:48 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 01A3 189 KB
59 KB 76ms
75ms Script
text/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231101/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a7b6ac83d0a5dbb3a50fb28ff292d09cdd262834c50beb293d9aad1550eac5a1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Sat, 04 Nov 2023 14:29:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 60699
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1698838693892887"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 04 Nov 2023 14:29:45 GMT

GET
H3 200 ac1dbca482530a26bafc7a8c1241173a.js Show response
www.gstatic.com/mysidia/ Frame 01A3 36 KB
15 KB 44ms
43ms Script
text/javascript 2a00:1450:4001:80f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/ac1dbca482530a26bafc7a8c1241173a.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231101/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cddb42bd69440699ae8fe758dac4d5f52911fa67b2a7a637d5d1bcfa2d88b0d3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Fri, 03 Nov 2023 17:18:51 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 76254
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15099
x-xss-protection: 0
last-modified: Wed, 01 Nov 2023 17:23:42 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Thu, 01 Feb 2024 17:18:51 GMT

OPTIONS
H2 204 /
www.googleadservices.com/pagead/ar-adview/ Frame 0
0 191ms
73ms Preflight
text/html 142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept: */*
Access-Control-Request-Headers: attribution-reporting-eligible
Access-Control-Request-Method: GET
Origin: https://googleads.g.doubleclick.net
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: attribution-reporting-eligible
access-control-allow-methods: POST, GET, OPTIONS
access-control-allow-origin: https://googleads.g.doubleclick.net
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
content-type: text/html; charset=UTF-8
date: Sat, 04 Nov 2023 14:29:45 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 14763004658117789537
tpc.googlesyndication.com/simgad/1773211252966884386/ Frame 01A3 20 KB
20 KB 51ms
48ms Image
image/jpeg 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/1773211252966884386/14763004658117789537?w=400&h=209&tw=1&q=75

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231101/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

63523bed462ca3b72e9d17af07d6226748a5265640ebb37a45053ed4f6a46cd5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Fri, 03 Nov 2023 06:09:07 GMT
x-content-type-options: nosniff
age: 116438
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20562
x-xss-protection: 0
last-modified: Thu, 24 Aug 2023 04:04:22 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Sat, 02 Nov 2024 06:09:07 GMT

GET
DATA 200
OK truncated
/ Frame 01A3 209 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: ea61f0803c132463640b3f4c907c9a627bcdbd3a1490ef28ac47139c075c528f

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ Frame 01A3 206 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 44eefef34507164f4234b958d8f6906488a2521071379498041568bae9499b2e

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H/1.1 200
OK usync.js Show response
eus.rubiconproject.com/ Frame 0E9F 46 KB
13 KB 66ms
64ms Script
text/html 23.35.238.55
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.js
Requested by: Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?p=logly&endpoint=apac
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.35.238.55 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-35-238-55.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) / PHP/5.3.3
Resource Hash: 2370824014f588c0a504d6bcca32475f2684a93fa4e54071ac08aea47465433f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/usync.html?p=logly&endpoint=apac
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

Date: Sat, 04 Nov 2023 14:29:45 GMT
Content-Encoding: gzip
Last-Modified: Fri, 03 Nov 2023 21:07:15 GMT
Server: Apache/2.2.15 (CentOS)
X-Powered-By: PHP/5.3.3
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
p3p: CP="NOI CURa ADMa DEVa TAIa OUR # BUS IND UNI COM NAV INT"
Cache-Control: max-age=23836
Connection: keep-alive
Content-Length: 13281
Expires: Sat, 04 Nov 2023 21:07:01 GMT

GET
H2

200

rum
dsum-sec.casalemedia.com/ Frame 5934
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEEtLGIwVKY2Zc9Gao3Gg37g&google_cver=1
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEEtLGIwVKY2Zc9Gao3Gg37g&google_cver=1&C=1

43 B
457 B

72ms
70ms

Image
image/gif

172.64.151.101
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEEtLGIwVKY2Zc9Gao3Gg37g&google_cver=1&C=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CNj8mwIQq6iuAhjChYn7ATAB&v=APEucNVvoEJV7Die3oolzDzrsXfNnlKA5kQIAC150lIAtcVh3iahwMwEJO_D4x4GHv679YRPEPsNJN7StzvPJR-kYNYzWx-T9Zu5UxLJsHzlHRMO9Z_Tgv6FbZ842YVLQZlDzizaMR4Kpby4Id7_DqYML7PPN_65xMBJOU7dYA62_q7WwYcusck
Protocol: H2
Server: 172.64.151.101 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 04 Nov 2023 14:29:45 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7LTeCFe6CjvyhruLNGUr4%2FcRRJsq5vc3pz%2BfhdPpwHDtjqsPz362tekt%2FaCQNcZBNGH3I1xMxJwmn2S%2Fd94NB0CPJj2smUkPpakETW0Behj002O2sp1f9QwW3Dw6N0tfGgJTI1rkBvUWiQ%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type: image/gif
cache-control: no-cache
cf-ray: 820d8d0eeac1380a-FRA
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

pragma: no-cache
date: Sat, 04 Nov 2023 14:29:45 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0qitw87zYBtgWuf5Qck%2BDrXMA0o7JO3%2FKRjws9QKTMh%2FUve64LET%2BNtm1DxGsu05ci5Qfe1vufGp4G6kKjIdbl61ziY5BoudCFmGNQTGTZ9Y2B2cRwnuMEfpgqsyyoeLamx2ogY1HR83jw%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
location: /rum?cm_dsp_id=45&external_user_id=CAESEEtLGIwVKY2Zc9Gao3Gg37g&google_cver=1&C=1
cache-control: no-cache
cf-ray: 820d8d0e5a3f380a-FRA
alt-svc: h3=":443"; ma=86400
content-length: 0
expires: 0

GET
H3

200

rum
dsum-sec.casalemedia.com/ Frame 5934
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZUZVWYXO-kqxdWdC2dXQEAAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEEtLGIwVKY2Zc9Gao3Gg37g&google_cver=1

43 B
738 B

71ms
71ms

Image
image/gif

172.64.151.101
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEEtLGIwVKY2Zc9Gao3Gg37g&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CNj8mwIQq6iuAhjChYn7ATAB&v=APEucNVvoEJV7Die3oolzDzrsXfNnlKA5kQIAC150lIAtcVh3iahwMwEJO_D4x4GHv679YRPEPsNJN7StzvPJR-kYNYzWx-T9Zu5UxLJsHzlHRMO9Z_Tgv6FbZ842YVLQZlDzizaMR4Kpby4Id7_DqYML7PPN_65xMBJOU7dYA62_q7WwYcusck
Protocol: H3
Server: 172.64.151.101 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 04 Nov 2023 14:29:45 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tCeKU6gDwoBjOA6gwi993T7p%2B%2F7TF0vUiaqCPq6BtaT%2BmLvhu3C1HfgakofdvRGkQx2z%2FeuoMww6dM3NmBXO%2BRSoEkEcO%2FUKZxFx0dvnn1DsHMoDbexxp8ulU06jGeHegpBZG7f%2BTVJ6cg%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type: image/gif
cache-control: no-cache
cf-ray: 820d8d0fdd9c3838-FRA
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

pragma: no-cache
date: Sat, 04 Nov 2023 14:29:45 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEEtLGIwVKY2Zc9Gao3Gg37g&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

setuid
ib.adnxs.com/ Frame 5934
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESEG0Cmblhy1-QPc7OG1WPJqY&google_cver=1

0
392 B

129ms
44ms

Image
text/html

185.89.211.12
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/setuid?entity=101&code=CAESEG0Cmblhy1-QPc7OG1WPJqY&google_cver=1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CNj8mwIQq6iuAhjChYn7ATAB&v=APEucNVvoEJV7Die3oolzDzrsXfNnlKA5kQIAC150lIAtcVh3iahwMwEJO_D4x4GHv679YRPEPsNJN7StzvPJR-kYNYzWx-T9Zu5UxLJsHzlHRMO9Z_Tgv6FbZ842YVLQZlDzizaMR4Kpby4Id7_DqYML7PPN_65xMBJOU7dYA62_q7WwYcusck

Protocol

Server

185.89.211.12 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

947.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 04 Nov 2023 14:29:45 GMT
an-x-request-uuid: 1e7d651f-2324-480a-b115-6c4dc3098f09
server: nginx/1.21.3
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: text/html; charset=utf-8
cache-control: no-store, no-cache, private
x-proxy-origin: 80.255.7.108; 80.255.7.108; 947.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
content-length: 0
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Sat, 04 Nov 2023 14:29:45 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://ib.adnxs.com/setuid?entity=101&code=CAESEG0Cmblhy1-QPc7OG1WPJqY&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 290
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 5934
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NTI2NDE4MjIzMjQwNjgyNzkzNA%3D%3D

170 B
188 B

53ms
53ms

Image
image/png

216.58.212.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NTI2NDE4MjIzMjQwNjgyNzkzNA%3D%3D

Requested by

Protocol

Server

216.58.212.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s21-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 04 Nov 2023 14:29:45 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Sat, 04 Nov 2023 14:29:45 GMT
an-x-request-uuid: df20f42e-c686-47b5-800c-7e89618236d6
server: nginx/1.21.3
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: text/html; charset=utf-8
access-control-allow-origin: *
cache-control: no-store, no-cache, private
access-control-allow-credentials: true
location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NTI2NDE4MjIzMjQwNjgyNzkzNA%3D%3D
x-proxy-origin: 80.255.7.108; 80.255.7.108; 947.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
content-length: 0
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2

200

rum
dsum-sec.casalemedia.com/ Frame 33F7
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEEtLGIwVKY2Zc9Gao3Gg37g&google_cver=1
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEEtLGIwVKY2Zc9Gao3Gg37g&google_cver=1&C=1

43 B
428 B

72ms
71ms

Image
image/gif

172.64.151.101
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEEtLGIwVKY2Zc9Gao3Gg37g&google_cver=1&C=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CNj8mwIQq6iuAhji9Ij7ATAB&v=APEucNXpvfLyawFZaRvQktXFOAvTIPSWSVxravLHwnDRn5bwJ0L0U3bYmUBms-R_e9mWXVqjB4vCJA2h97Uuo54DrEhLma65EsKnKKwa4WXXfyDwOlJSzsGYPQkFj0v089GDdhoXIbniyOwtedcwPwXhuAR36wy7GN1g6QogcRswUuvQzcge1aA
Protocol: H2
Server: 172.64.151.101 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 04 Nov 2023 14:29:45 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WTG1ozVe56Eo9IOoGm%2FmWaUWiM9PK8moKaAl%2FGQWibg386HNzO8R8pI%2FEP%2FZpv9ONOM4v0gG%2FIQuJXrp5aQGvuncDc3BEtaD6lNue3NFPtJ%2BOjGkqgWDRggKYdaPupUSlfaia27Hc21WUg%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type: image/gif
cache-control: no-cache
cf-ray: 820d8d0eeac5380a-FRA
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

pragma: no-cache
date: Sat, 04 Nov 2023 14:29:45 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=UId7lsjTcqBaCy971fbz8BumC0Y86piVVf6dx5LuQ4PLhhi0VRcmq1s9pJ29YfiOnDlrcl50CZ9BdKbDbGyko2aw%2BlljxBx7DPG25gt%2BGXiIDmxWmcQ3D9iBgRVLEYEiJS7ogYQfNJF5mA%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
location: /rum?cm_dsp_id=45&external_user_id=CAESEEtLGIwVKY2Zc9Gao3Gg37g&google_cver=1&C=1
cache-control: no-cache
cf-ray: 820d8d0e5a3e380a-FRA
alt-svc: h3=":443"; ma=86400
content-length: 0
expires: 0

GET
H3

200

rum
dsum-sec.casalemedia.com/ Frame 33F7
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZUZVWYXO-kqxdWdC2dXQEAAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEEtLGIwVKY2Zc9Gao3Gg37g&google_cver=1

43 B
772 B

66ms
65ms

Image
image/gif

172.64.151.101
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEEtLGIwVKY2Zc9Gao3Gg37g&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CNj8mwIQq6iuAhji9Ij7ATAB&v=APEucNXpvfLyawFZaRvQktXFOAvTIPSWSVxravLHwnDRn5bwJ0L0U3bYmUBms-R_e9mWXVqjB4vCJA2h97Uuo54DrEhLma65EsKnKKwa4WXXfyDwOlJSzsGYPQkFj0v089GDdhoXIbniyOwtedcwPwXhuAR36wy7GN1g6QogcRswUuvQzcge1aA
Protocol: H3
Server: 172.64.151.101 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 04 Nov 2023 14:29:45 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Jiq0JwsKbJ3qJRl%2Fo02zHZstq%2Fm%2FwhQBc%2FNI07onhh9dkePDMnePZ7R8%2FO9VcfT9pvcM%2Feoj5a7CrW0E4w0C9b4LZSPgmXWqAlaamDekdZUxKHDGszPjmoT3Ut5ohgvt3PoU7iiEj4xXZA%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type: image/gif
cache-control: no-cache
cf-ray: 820d8d0fdd973838-FRA
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

pragma: no-cache
date: Sat, 04 Nov 2023 14:29:45 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEEtLGIwVKY2Zc9Gao3Gg37g&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

setuid
ib.adnxs.com/ Frame 33F7
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESEG0Cmblhy1-QPc7OG1WPJqY&google_cver=1

0
392 B

130ms
46ms

Image
text/html

185.89.211.12
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/setuid?entity=101&code=CAESEG0Cmblhy1-QPc7OG1WPJqY&google_cver=1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CNj8mwIQq6iuAhji9Ij7ATAB&v=APEucNXpvfLyawFZaRvQktXFOAvTIPSWSVxravLHwnDRn5bwJ0L0U3bYmUBms-R_e9mWXVqjB4vCJA2h97Uuo54DrEhLma65EsKnKKwa4WXXfyDwOlJSzsGYPQkFj0v089GDdhoXIbniyOwtedcwPwXhuAR36wy7GN1g6QogcRswUuvQzcge1aA

Protocol

Server

185.89.211.12 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

947.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 04 Nov 2023 14:29:45 GMT
an-x-request-uuid: 3dcac7ab-c749-42fe-9791-ff7f6f2869e8
server: nginx/1.21.3
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: text/html; charset=utf-8
cache-control: no-store, no-cache, private
x-proxy-origin: 80.255.7.108; 80.255.7.108; 947.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
content-length: 0
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Sat, 04 Nov 2023 14:29:45 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://ib.adnxs.com/setuid?entity=101&code=CAESEG0Cmblhy1-QPc7OG1WPJqY&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 290
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 33F7
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NTI2NDE4MjIzMjQwNjgyNzkzNA%3D%3D

170 B
188 B

52ms
52ms

Image
image/png

216.58.212.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NTI2NDE4MjIzMjQwNjgyNzkzNA%3D%3D

Requested by

Protocol

Server

216.58.212.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s21-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 04 Nov 2023 14:29:45 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Sat, 04 Nov 2023 14:29:45 GMT
an-x-request-uuid: dddb9d60-5fbd-4b82-85c0-7f9ac8f2fc8f
server: nginx/1.21.3
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: text/html; charset=utf-8
access-control-allow-origin: *
cache-control: no-store, no-cache, private
access-control-allow-credentials: true
location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NTI2NDE4MjIzMjQwNjgyNzkzNA%3D%3D
x-proxy-origin: 80.255.7.108; 80.255.7.108; 947.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
content-length: 0
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3 200 css
fonts.googleapis.com/ Frame CB33 14 KB
1 KB 56ms
56ms Stylesheet
text/css 2a00:1450:4001:801::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231101/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

aade7746342f608807b7eb107059c842fe200e1ff09e146db822250055cecaed

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Sat, 04 Nov 2023 14:29:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Sat, 04 Nov 2023 12:49:07 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Sat, 04 Nov 2023 14:29:45 GMT

GET
H3 200 load_preloaded_resource_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231101/r20110914/client/ Frame CB33 2 KB
825 B 42ms
42ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231101/r20110914/client/load_preloaded_resource_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231101/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d66ca23a7be1d8803307f937a250d0f90959f1289862b8e870d6795000f2b731

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Fri, 03 Nov 2023 19:21:46 GMT
content-encoding: br
x-content-type-options: nosniff
age: 68879
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 798
x-xss-protection: 0
server: cafe
etag: 15713038447858168282
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 17 Nov 2023 19:21:46 GMT

GET
H3 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231101/r20110914/ Frame CB33 23 KB
9 KB 44ms
42ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231101/r20110914/abg_lite_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231101/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

961f547cdb29f79eed49fddf9c4867b1f8589facfe487d6055c512950db7a914

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Fri, 03 Nov 2023 19:21:46 GMT
content-encoding: br
x-content-type-options: nosniff
age: 68879
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9345
x-xss-protection: 0
server: cafe
etag: 15168757854195530193
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 17 Nov 2023 19:21:46 GMT

GET
H3 200 s Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 058F 143 B
166 B 56ms
45ms Document
text/html 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231101/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/html/r20231101/r20110914/zrt_lookup.html?fsb=1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 347
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=3600
content-encoding: gzip
content-length: 145
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sat, 04 Nov 2023 14:23:58 GMT
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231101/r20110914/client/ Frame CB33 3 KB
1 KB 45ms
43ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231101/r20110914/client/window_focus_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231101/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Sat, 04 Nov 2023 11:05:10 GMT
content-encoding: br
x-content-type-options: nosniff
age: 12275
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 18 Nov 2023 11:05:10 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231101/r20110914/client/ Frame CB33 20 KB
8 KB 46ms
44ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231101/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231101/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

11435640d1ed2fa5f24ccd7f074b66c4d191a97a2931e793be6799d2b6a5e459

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Fri, 03 Nov 2023 19:20:48 GMT
content-encoding: br
x-content-type-options: nosniff
age: 68937
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8610
x-xss-protection: 0
server: cafe
etag: 7739385728678230190
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 17 Nov 2023 19:20:48 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame CB33 189 KB
59 KB 55ms
53ms Script
text/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231101/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a7b6ac83d0a5dbb3a50fb28ff292d09cdd262834c50beb293d9aad1550eac5a1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Sat, 04 Nov 2023 14:29:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 60699
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1698838693892887"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 04 Nov 2023 14:29:45 GMT

GET
H3 200 ac1dbca482530a26bafc7a8c1241173a.js Show response
www.gstatic.com/mysidia/ Frame CB33 36 KB
15 KB 46ms
43ms Script
text/javascript 2a00:1450:4001:80f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/ac1dbca482530a26bafc7a8c1241173a.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231101/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cddb42bd69440699ae8fe758dac4d5f52911fa67b2a7a637d5d1bcfa2d88b0d3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Fri, 03 Nov 2023 17:18:51 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 76254
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15099
x-xss-protection: 0
last-modified: Wed, 01 Nov 2023 17:23:42 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Thu, 01 Feb 2024 17:18:51 GMT

GET
H3 200 62bHydCX.html Show response
tpc.googlesyndication.com/sodar/ Frame 47C1 38 KB
13 KB 53ms
40ms Document
text/html 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/62bHydCX.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Q12zgMmT.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

eb66c7c9d097d5ba414230f422484c17fa6f37157d30e1ded2cc5f65a9667987

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 81986
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: br
content-length: 13045
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Fri, 03 Nov 2023 15:43:19 GMT
expires: Sat, 02 Nov 2024 15:43:19 GMT
last-modified: Fri, 25 Aug 2023 23:48:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 62bHydCX.html Show response
tpc.googlesyndication.com/sodar/ Frame 5BB3 38 KB
13 KB 40ms
39ms Document
text/html 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/62bHydCX.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Q12zgMmT.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

eb66c7c9d097d5ba414230f422484c17fa6f37157d30e1ded2cc5f65a9667987

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 81986
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: br
content-length: 13045
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Fri, 03 Nov 2023 15:43:19 GMT
expires: Sat, 02 Nov 2024 15:43:19 GMT
last-modified: Fri, 25 Aug 2023 23:48:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H/1.1 200
OK khaos.json Show response
token.rubiconproject.com/ Frame 0E9F 7 B
380 B 226ms
46ms XHR
application/json 69.173.144.138
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to

Full URL: https://token.rubiconproject.com/khaos.json?
Requested by: Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.js
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_GCM
Server: 69.173.144.138 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: /
Resource Hash: 81c2cbe50044dac07e1ac9ea9841ac415bdc38dd2f6b915ab044bf69ee71c628

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

Pragma: no-cache
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
content-type: application/json; charset=UTF-8
access-control-allow-origin: https://eus.rubiconproject.com
Cache-Control: no-cache,no-store,must-revalidate
access-control-allow-credentials: true
content-length: 7
X-RPHost: 5b959e9b7aef6dd90a6fa539ca64ac62
Expires: 0

GET
H3 200 index.html Show response
s0.2mdn.net/sadbundle/16610766004197242518/ Frame 8B66 298 KB
41 KB 142ms
56ms Document
text/html 2a00:1450:4001:808::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/16610766004197242518/index.html?e=69&leftOffset=0&topOffset=0&c=vBe9yAd3Qf&t=1&renderingType=2&ev=01_250

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_278.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b61261c97769d37aafccde467f3cab452bff08adc2d04bba58322e71e57ceead

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
cross-origin-resource-policy: cross-origin
date: Sat, 04 Nov 2023 14:29:45 GMT
expires: Sun, 03 Nov 2024 14:29:45 GMT
last-modified: Wed, 18 Oct 2023 11:12:19 GMT
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-xss-protection: 0

GET
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame 459A 0
0 201ms
86ms Fetch
image/gif 142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsvILQSYE_Qvn47odEQ-k9VRUz0MRd-s2oAsjFemv7xjk3qpZVuvKdoVwoUj-RltBrBD4iqBZXujeG2pdYfOotl47D30ED7SOy851YVJY15y5rV1yCVUQCVvZdO-JpwCg7e82R8EWDMuKMYQ3JTkhKktCSnjYsuQdeQyxSb1EVuO5tx8jFJoALLyfKnajKxCp1si8Kxxya-Nm6bStR7vq2H0GUS0EvG9d50Y_f_5wT39HGTwBi5Upw3hlhMibAu22KU9Rh59pnY-cwRlZkjeJb8ol3TI_7BP4qWV96pEHY3Sto4BySkZdGGH6FghDzEyFBFZ2kF8PNQ0LuNWSTS9CzzFidJK6N8jHsrNelOwR5TCLaobghrtDhiAmr4Bm6xwjL63yAv7A77piUjjxenb15hBi1xKmKU_Ioi3zW4rLzda2rE6UnLcetWakhX_TPZwGTAlGg9O-eWy1mVBrWxPzb6axOj_3Su0oihf8Z5rwAa29UyxEHHwfqhjlYBwT3uPa1KCp-pQdABAyuTtbmKKuad7B-5HCFSmalK1jb9wU7g0FL--bIKDYN6wwGgMfFIY3XMJnttR1bgJ_DYweq-vMjnpQw8KVmyyyVrR1dZ-6BN9CtETiHo0_1HhOrLmQzTkO0-9JGVM1pMgkEoLoxEdjvaRBrxeqaNeAcpFa2rnck0kY3PwhndKd-Xr5Cjh6KsTP93Qhwx6LmVpwqTWzwQoPt0fVmMvI6mOZUqNGM0Z5AWRyDAu_SUE98nA7JNA9Bb3Fs0xn4HoHvIFOR9XW4ylDs7jAZgBy81Rdg5YnkjByWrCCv9my_6CdJYxe0eY-4VoGx2cwA0SzSwXCYUPvgnOJvEbMGNw0S5AFfUlqhTukhRQpG5nq1yJPTs-C8gbC8DyBKhLLw_FN91jHgEPKI27QEl0LOqQSn-ZnHOwsUkZi1O1JEpG9gsS_Nq0a1cCXqjIjo5kbfDLBw_eE1yO53KuWUcvBc0blebn7hvsVidWxFswrhy5xssY7H-fuFqQhOze8pmaOS5-oUlAXi7j0jNFxtp-3xT7eZB6Bi_3WPuxkxQSNkovF8DFMBT4IxytuIbokGS1zDlp1xXJNo1Em5epYzOSHUIvBVzJZCqNve-ajOO0YVR_N46D_PcsNd6uZLAkWdzOay5phAp1W3bgHKhOlRHsvcalofnAmVbINyx16RnlFsN9ENXZ2EuEOfOR6QGV_zhqfo0peOcmLaHtHqR6CjoYgShOpGxZZlsp8i9kmv-Z594W44v1USlUqy99mWmqJVVFlIuO6ESCSgcAng5Pk2T7V__uzqW8EGQDsYfdtGkuAe82keA7xpBzloTL5rE9IqPWywoOAVDVdFMYQ0gP13o_eXNjyuTQFcRVGoUx5Ls4uKoV4dUvHchtjLPB2yg7uwMTHHqq2UZuImrJbw&sai=AMfl-YS2AZXH1ScfUq-EM87tdtwCOVNxrIFE0Qj3DNUVeODMGO6egsTwnO4EHcfyc4b8wd7FtIzrgEa2TroXfGzO7kD31ziJmCMlQTc-ykW3bbdL8WhwniYy_leTvxxm8gJKcVjKfRAvI9SWyT-SGyXi5PA4PNudwiCLUHt-daizODvaL1vx0ZB1XwIeCN4Jnnfn8d3_8b1MCN-HstSVrg9tuqYOtL2f9W8mWlqo24o32HKc9sK7-I7ePRF_axAOa5uOBvtwxuhS81rQR5Yc3DYtC1ZVna7A1aBjq-oNJc1cO8d6NiZKvhAmRTm9vT8xE2r-wpc7NCQGRhaWVLEwa9pgMGIauxG7okegpNBJNDbOkuNORHDt9CMXZ6FdsPsWi98zbscH0y3eWrJm7N63y_i9ogqMgP6iWyGiq2IC5q5HmqxFAdVoUkErdl1oDzZlqzDbsutiDTJDEtW3qIJkV3SxGrzk4gw2r0B6tT26G790M8rntsw&sig=Cg0ArKJSzD7GMAdApTFwEAE&uach_m=%5BUACH%5D&pr=missingexchangepricemacro&fbs_aeid=%5Bgw_fbsaeid%5D&urlfix=1&omid=0&rm=1&ctpt=541&cbvp=1&cstd=527&cisv=r20231101.68129&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&arae=0&ftch=1&adurl=

Requested by

Host: www.bestone-work.com
URL: https://www.bestone-work.com/doc_WFBmaC9HUTJhOThXemNIMkhHMlhRUT09?fbclid=IwAR2toTevgLsppj6JOZjrSHBFdjHyazS0QA9jX7BxsXQ8IfaeNDAa-hnA6Bs

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Sat, 04 Nov 2023 14:29:45 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
content-type: image/gif
cache-control: private
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H3 200 index.html Show response
s0.2mdn.net/sadbundle/4410051726317096281/ Frame E978 298 KB
41 KB 136ms
68ms Document
text/html 2a00:1450:4001:808::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/4410051726317096281/index.html?e=69&leftOffset=0&topOffset=0&c=d2RLXaBWXb&t=1&renderingType=2&ev=01_250

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_278.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1664a71c358a7b2ce310acb25850e6ff09b9abe9373638614528ac21647958a7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
cross-origin-resource-policy: cross-origin
date: Sat, 04 Nov 2023 14:29:45 GMT
expires: Sun, 03 Nov 2024 14:29:45 GMT
last-modified: Wed, 18 Oct 2023 11:12:28 GMT
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-xss-protection: 0

GET
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame D04F 0
0 194ms
85ms Fetch
image/gif 142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjssOYuM-2jAAklUNg6GSbcKZ6V-u5usfwa8kqn0tydUIHU0yCE4HcLUBr9cO6M85I_Zpw7nXcZuPATaGcAmA6xt7xc0vsEUW0k73K-Jo10_aHTfrky8L9RkE_2eDqikKARgtP31IjXI8TFCtUsNFbSVFXu69X6U2r01eZzU1nkMgMpKwNdvqxXeQ3jiPR3FaErWaP59f0tn2zltDPEZNRQ_NKF6egdiowc7gJc-o0eO0-iR2NyhXJzpYJXO1XgnrYXlNzqr_cDBz8tWpCeH06riL7AJsGqniniF2kwFzPGsdX5O0a9SOGEKvNXlPDEzzddwXc2quBxTxN0KFJUEU-gh0IF0IPU9vrKBoF9nzGu9xjB9jf4AIYU9gL4XAdEesKQ4AMJ9J8aDD2Isx8hjCLZoEI5k7kaoxIxubCVITqWg5je0vMQHzvpY7AUwD8Puh8C3KJSMFE6v7ZfJIj7ia7jMx-ZEGNCaUADtLeSP8G0SkJ8qDp1J3UHujv3v0M7c2BPO4C3kWq-GlaFeCwmyHxmE_0NrNiidiKuf7BqHEbX7AYROhwscuZo4JyAhCB1buQEDctBcwFqgOl-LVt0X6V4bvRIX_t4U3fQGJL45w_OO6D9zqMahdaIVCXLJ1NRDFPlE424FDJXgLuoDjbsqmko4iLJlV58nYmZjttzZX2uOfXNIYrA99lUI_CTXrtVOv1-xwn1deCm9JNTenfutXz4uVTqosLOntlF_bxICN0X8ibwOuvh_ws-BzRCbUQEd8jm1OQMwy4DWz6yxpHRIXT5A1H5gj1WoPnLeumjFl-Q9Ci7mYb4nY8SNPoXpkBmSoTH2gjrTClfpPIO7H-qu_NgJqWCzgIxwolVI_KVeeG8ri8UQa81-34tKKTvBNr9Q0KhyrdLrlb_4Wvn8tZNJgHBKdNYuZVS6vf0VLOsvdHsdlIZqjfWx6RSwtbbAwPkRtoCo97kdCKytbVgr8l7wHbtvU3Yal_YVMOXhcAW9xGwfGO4Y7C5F3ivV0qulZ9zS-kHfRinWGnwfxuY9sK7ajrOV2LUTXnWIf3J7pBRqbMi7LhIMg9kBAvDyUGUseC4LwKDFFmUSgN6O2NkRLnKpUVRDybfdlTCQTsGOYfpCRlzKAEF8pcAG-9jcn0Ff-GWm7fhIfd1iwTKvq-UpCEH4y-fSUaBl8UM4eSMTo3qqwRQvAWiUhZLOB3vH6RWDSgQW_YQQnrNtZsV8IJ_xcbRTxeB00wF96Bpase7FEKEJIgt5uu2JCxr210yX9BeJkPzUZuFugWTLUpHu9eF0j6N13vjNq15KF4C_xmpZMG8yALuStZzUxNgteSEJ1nv5NtGFhgc-tzpm-YRx7x__7Z8xJ5-6Hp5fvHXVxrBhHpE2A8Fk8t5VGSkO_9WyPGmtsEpRK5jUzb8TYTujLnHfq&sai=AMfl-YRj-xmEsPPA_uOADmbt-WgS2MkoHDof2oY5xcm3ZVQgvkvP41oyKbB6fv4eOTy79FAkG4TwgHNMnjZn7-NoHSmoDDkyeki80z6Q7nFE-dvnOYPeOwss9UNTRk8vTwkVvGn8VuvGwOaiatcEtpK9-tbcTIi7be1V60ByowpO2AlNTmg7TYlHgwyZdi4oA99kMoxbrvoVDjHYfK_w--58JGOnb-g4Nw_yWyAGVVpotpJnst47TUjJw15UEuM9ZJurvD9nYrPHy_Cn5Co0hquz1Xy7C9qC5H9S1xEGPbU5qu0X9jZ_NdwzI7gQnBGF402dkZccilSpmcPUdfCl0sfm8lbLAmiJ6lCpnOFrMFloI1l04AklqnwCZys_6YB0J4-2GJBBYlE0wiCGqCZIhpj9lXbWwB6bc4TAyhAoqW95G2F7JvJzTBFNCN6zbpcFiPZXxNRxWxKGxlRDGk_bw6GkZvKIxuExI7Jvet1eAw6W993B7eU&sig=Cg0ArKJSzJwIpOqFew6tEAE&uach_m=%5BUACH%5D&pr=missingexchangepricemacro&fbs_aeid=%5Bgw_fbsaeid%5D&urlfix=1&omid=0&rm=1&ctpt=515&cbvp=1&cstd=507&cisv=r20231101.45431&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&arae=0&ftch=1&adurl=

Requested by

Host: www.bestone-work.com
URL: https://www.bestone-work.com/doc_WFBmaC9HUTJhOThXemNIMkhHMlhRUT09?fbclid=IwAR2toTevgLsppj6JOZjrSHBFdjHyazS0QA9jX7BxsXQ8IfaeNDAa-hnA6Bs

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Sat, 04 Nov 2023 14:29:45 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
content-type: image/gif
cache-control: private
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame 01A3 214 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 7d0486daef9bc194945a29d2aca0adcb5bf00b4153de048762d81b7c88387141

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 fbevents.js Show response
connect.facebook.net/en_US/ Frame 6DB9 202 KB
53 KB 90ms
45ms Script
application/x-javascript 2a03:2880:f084:105:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Host: fcm2.holmesmind.com
URL: https://fcm2.holmesmind.com/cm.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f084:105:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

3e136e77083bfc6ef14ffc5abd19da89a82bf12fc0cda3c603e01582b93303c8

Security Headers

Name	Value
Content-Security-Policy	default-src facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com data: blob: 'self';script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cdn.holmesmind.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Sat, 04 Nov 2023 14:29:45 GMT
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 54273
x-xss-protection: 0
reporting-endpoints
pragma: public
x-fb-debug: qy+gVVlHepaWmC1AwPSLnXfaFnGU3o+X1tw9nqH/cOBGLQHAL3Wsy05YBFsbQ7h+mNBCeM24dmzmStvoZyMJfA==
cross-origin-opener-policy: same-origin-allow-popups
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
cache-control: public, max-age=1200
x-fb-optimizer: 1
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
timing-allow-origin: *
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H3 200 fbevents.js Show response
connect.facebook.net/en_US/ Frame 7F00 202 KB
53 KB 131ms
85ms Script
application/x-javascript 2a03:2880:f084:105:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Host: fcm2.holmesmind.com
URL: https://fcm2.holmesmind.com/cm.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f084:105:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

3e136e77083bfc6ef14ffc5abd19da89a82bf12fc0cda3c603e01582b93303c8

Security Headers

Name	Value
Content-Security-Policy	default-src facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com data: blob: 'self';script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cdn.holmesmind.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Sat, 04 Nov 2023 14:29:45 GMT
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 54273
x-xss-protection: 0
reporting-endpoints
pragma: public
x-fb-debug: qy+gVVlHepaWmC1AwPSLnXfaFnGU3o+X1tw9nqH/cOBGLQHAL3Wsy05YBFsbQ7h+mNBCeM24dmzmStvoZyMJfA==
cross-origin-opener-policy: same-origin-allow-popups
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
cache-control: public, max-age=1200
x-fb-optimizer: 1
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
timing-allow-origin: *
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H3 200 fbevents.js Show response
connect.facebook.net/en_US/ Frame 955D 202 KB
53 KB 129ms
83ms Script
application/x-javascript 2a03:2880:f084:105:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Host: fcm2.holmesmind.com
URL: https://fcm2.holmesmind.com/cm.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f084:105:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

3e136e77083bfc6ef14ffc5abd19da89a82bf12fc0cda3c603e01582b93303c8

Security Headers

Name	Value
Content-Security-Policy	default-src facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com data: blob: 'self';script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cdn.holmesmind.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Sat, 04 Nov 2023 14:29:45 GMT
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 54273
x-xss-protection: 0
reporting-endpoints
pragma: public
x-fb-debug: qy+gVVlHepaWmC1AwPSLnXfaFnGU3o+X1tw9nqH/cOBGLQHAL3Wsy05YBFsbQ7h+mNBCeM24dmzmStvoZyMJfA==
cross-origin-opener-policy: same-origin-allow-popups
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
cache-control: public, max-age=1200
x-fb-optimizer: 1
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
timing-allow-origin: *
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H3

200

/
www.googleadservices.com/pagead/ar-adview/ Frame 01A3
Redirect Chain

https://googleads.g.doubleclick.net/pagead/adview?ai=Cw5cZV1VGZZ2jG8OX1fAPvZ2_yAfarf3Hcqnp67b1EWQQASC3kN-LAWCVivyBlAegAZPf1OYpyAEJqQIq3HRoEwGyPqgDAcgDywSqBL4CT9D3fTmVCi3Gz0BSumwmDPECKGcM7JN5laTohhv...
https://www.googleadservices.com/pagead/ar-adview/?nrh={%22debug_key%22:%229091679002925577561%22,%22debug_reporting%22:true,%22destination%22:%22https://fliesen-store.com%22,%22event_report_window...

0
0

74ms
74ms

Fetch
text/css

142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/ar-adview/?nrh={%22debug_key%22:%229091679002925577561%22,%22debug_reporting%22:true,%22destination%22:%22https://fliesen-store.com%22,%22event_report_window%22:%22259200%22,%22expiry%22:%222592000%22,%22filter_data%22:{%222%22:[%2211221151635%22],%224%22:[%2211-04%22],%226%22:[%22true%22]},%22priority%22:%22500%22,%22source_event_id%22:%225831379481998015777%22}&andc=true

Requested by

Host: www.bestone-work.com
URL: https://www.bestone-work.com/doc_WFBmaC9HUTJhOThXemNIMkhHMlhRUT09?fbclid=IwAR2toTevgLsppj6JOZjrSHBFdjHyazS0QA9jX7BxsXQ8IfaeNDAa-hnA6Bs

Protocol

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Sat, 04 Nov 2023 14:29:45 GMT
x-content-type-options: nosniff
attribution-reporting-register-source: {"debug_key":"9091679002925577561","debug_reporting":true,"destination":"https://fliesen-store.com","event_report_window":"259200","expiry":"2592000","filter_data":{"2":["11221151635"],"4":["11-04"],"6":["true"]},"priority":"500","source_event_id":"5831379481998015777"}
server: cafe
content-type: text/css; charset=UTF-8
access-control-allow-origin: https://googleads.g.doubleclick.net
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: private
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Sat, 04 Nov 2023 14:29:45 GMT

Redirect headers

content-security-policy: script-src 'none'; object-src 'none'
date: Sat, 04 Nov 2023 14:29:45 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
location: https://www.googleadservices.com/pagead/ar-adview/?nrh={"debug_key":"9091679002925577561","debug_reporting":true,"destination":"https://fliesen-store.com","event_report_window":"259200","expiry":"2592000","filter_data":{"2":["11221151635"],"4":["11-04"],"6":["true"]},"priority":"500","source_event_id":"5831379481998015777"}&andc=true
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H3

200

si Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 058F
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

0
17 B

54ms
53ms

Document
text/html

2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231101/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sat, 04 Nov 2023 14:29:45 GMT
expires: Sat, 04 Nov 2023 14:29:45 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
x-content-type-options: nosniff
x-xss-protection: 0

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sat, 04 Nov 2023 14:29:45 GMT
location: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 Dq7XSZMeOny_zs0cDs__BulTyuvw0_s4UMxrCFcwjBQ.js Show response
pagead2.googlesyndication.com/bg/ Frame C9C4 50 KB
19 KB 41ms
40ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/Dq7XSZMeOny_zs0cDs__BulTyuvw0_s4UMxrCFcwjBQ.js

Requested by

Host: www.bestone-work.com
URL: https://www.bestone-work.com/doc_WFBmaC9HUTJhOThXemNIMkhHMlhRUT09?fbclid=IwAR2toTevgLsppj6JOZjrSHBFdjHyazS0QA9jX7BxsXQ8IfaeNDAa-hnA6Bs

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0eaed749931e3a7cbfcecd1c0ecfff06e953caebf0d3fb3850cc6b0857308c14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Wed, 01 Nov 2023 19:38:15 GMT
content-encoding: br
x-content-type-options: nosniff
age: 240690
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 19631
x-xss-protection: 0
last-modified: Tue, 31 Oct 2023 13:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 31 Oct 2024 19:38:15 GMT

GET
H3 200 jquery.min.js Show response
ajax.googleapis.com/ajax/libs/jquery/3.7.1/ Frame 8B66 85 KB
86 KB 46ms
45ms Script
text/javascript 2a00:1450:4001:828::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ajax.googleapis.com/ajax/libs/jquery/3.7.1/jquery.min.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/16610766004197242518/index.html?e=69&leftOffset=0&topOffset=0&c=vBe9yAd3Qf&t=1&renderingType=2&ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

fc9a93dd241f6b045cbff0481cf4e1901becd0e12fb45166a8f17f95823f0b1a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Thu, 02 Nov 2023 10:41:32 GMT
x-content-type-options: nosniff
age: 186493
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 87533
x-xss-protection: 0
last-modified: Tue, 12 Sep 2023 02:38:22 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
vary: Accept-Encoding
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 01 Nov 2024 10:41:32 GMT

GET
H3 200 Enabler_01_250.js Show response
s0.2mdn.net/879366/ Frame 8B66 120 KB
41 KB 45ms
44ms Script
text/javascript 2a00:1450:4001:808::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/Enabler_01_250.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/16610766004197242518/index.html?e=69&leftOffset=0&topOffset=0&c=vBe9yAd3Qf&t=1&renderingType=2&ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

31d02f43dd0c7fc5c0d95db087a23f1c2d729c93f10450884c8da6b415f7839b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/16610766004197242518/index.html?e=69&leftOffset=0&topOffset=0&c=vBe9yAd3Qf&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Fri, 03 Nov 2023 17:00:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 77328
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42247
x-xss-protection: 0
last-modified: Tue, 14 Mar 2023 21:28:42 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 04 Nov 2023 17:00:57 GMT

GET
H3 200 4WwaGfWzeDAeGvs0ZrtmWMJUG7fu6zGPBJzQt4duOkA.js Show response
pagead2.googlesyndication.com/bg/ Frame 47C1 38 KB
15 KB 44ms
43ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/4WwaGfWzeDAeGvs0ZrtmWMJUG7fu6zGPBJzQt4duOkA.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/62bHydCX.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e16c1a19f5b378301e1afb3466bb6658c2541bb7eeeb318f049cd0b7876e3a40

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Fri, 03 Nov 2023 19:04:57 GMT
content-encoding: br
x-content-type-options: nosniff
age: 69888
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15096
x-xss-protection: 0
last-modified: Tue, 31 Oct 2023 13:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sat, 02 Nov 2024 19:04:57 GMT

GET
H3 200 4WwaGfWzeDAeGvs0ZrtmWMJUG7fu6zGPBJzQt4duOkA.js Show response
pagead2.googlesyndication.com/bg/ Frame 5BB3 38 KB
15 KB 51ms
43ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/4WwaGfWzeDAeGvs0ZrtmWMJUG7fu6zGPBJzQt4duOkA.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/62bHydCX.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e16c1a19f5b378301e1afb3466bb6658c2541bb7eeeb318f049cd0b7876e3a40

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Fri, 03 Nov 2023 19:04:57 GMT
content-encoding: br
x-content-type-options: nosniff
age: 69888
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15096
x-xss-protection: 0
last-modified: Tue, 31 Oct 2023 13:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sat, 02 Nov 2024 19:04:57 GMT

GET
H3 200 jquery.min.js Show response
ajax.googleapis.com/ajax/libs/jquery/3.7.1/ Frame E978 85 KB
86 KB 46ms
43ms Script
text/javascript 2a00:1450:4001:828::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ajax.googleapis.com/ajax/libs/jquery/3.7.1/jquery.min.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/4410051726317096281/index.html?e=69&leftOffset=0&topOffset=0&c=d2RLXaBWXb&t=1&renderingType=2&ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

fc9a93dd241f6b045cbff0481cf4e1901becd0e12fb45166a8f17f95823f0b1a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Thu, 02 Nov 2023 10:41:32 GMT
x-content-type-options: nosniff
age: 186493
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 87533
x-xss-protection: 0
last-modified: Tue, 12 Sep 2023 02:38:22 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
vary: Accept-Encoding
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 01 Nov 2024 10:41:32 GMT

GET
H3 200 Enabler_01_250.js Show response
s0.2mdn.net/879366/ Frame E978 120 KB
41 KB 45ms
42ms Script
text/javascript 2a00:1450:4001:808::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/Enabler_01_250.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/4410051726317096281/index.html?e=69&leftOffset=0&topOffset=0&c=d2RLXaBWXb&t=1&renderingType=2&ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

31d02f43dd0c7fc5c0d95db087a23f1c2d729c93f10450884c8da6b415f7839b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/4410051726317096281/index.html?e=69&leftOffset=0&topOffset=0&c=d2RLXaBWXb&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Fri, 03 Nov 2023 17:00:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 77328
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42247
x-xss-protection: 0
last-modified: Tue, 14 Mar 2023 21:28:42 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 04 Nov 2023 17:00:57 GMT

OPTIONS
H2 204 /
www.googleadservices.com/pagead/ar-adview/ Frame 0
0 76ms
73ms Preflight
text/html 142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept: */*
Access-Control-Request-Headers: attribution-reporting-eligible
Access-Control-Request-Method: GET
Origin: https://googleads.g.doubleclick.net
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: attribution-reporting-eligible
access-control-allow-methods: POST, GET, OPTIONS
access-control-allow-origin: https://googleads.g.doubleclick.net
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
content-type: text/html; charset=UTF-8
date: Sat, 04 Nov 2023 14:29:45 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 ads.js Show response
ad.holmesmind.com/adserver/ Frame 95D8 2 KB
1 KB 454ms
416ms Script
text/html 18.179.162.182
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://ad.holmesmind.com/adserver/ads.js?z=14487&rf=https%3A%2F%2Fwww.bestone-work.com%2Fdoc_WFBmaC9HUTJhOThXemNIMkhHMlhRUT09%3Ffbclid%3DIwAR2toTevgLsppj6JOZjrSHBFdjHyazS0QA9jX7BxsXQ8IfaeNDAa-hnA6Bs&n=913&o=1&fc=undefined&d=1&b=2&ts=1&ii=3&FPCK=955-x1nooupvOK0ldZ3HcyYe8O9EASUmBYIb&fp_uuid=0955-228ed05eed155c3ebfffe38b1136212a27ea5561caf434edf23f2da9a091d681&initver=230627P
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js?20230627
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.179.162.182 Tokyo, Japan, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-179-162-182.ap-northeast-1.compute.amazonaws.com
Software: nginx/1.14.0 (Ubuntu) /
Resource Hash: bd29f9ae7453f9b340fe2e649bd5eb39bec34a084ad131126c9ccb9516d7b5ad

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.bestone-work.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

access-control-allow-origin: https://www.bestone-work.com
date: Sat, 04 Nov 2023 14:29:46 GMT
content-encoding: gzip
access-control-allow-credentials: true
server: nginx/1.14.0 (Ubuntu)
vary: Accept-Encoding
content-type: text/html; charset=UTF-8

GET
H2 200 rtbhouseV2.js Show response
cdn.holmesmind.com/js/ Frame 95D8 3 KB
3 KB 45ms
41ms Script
application/javascript 2600:9000:2250:cc00:0:e06c:e940:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.holmesmind.com/js/rtbhouseV2.js
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js?20230627
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2250:cc00:0:e06c:e940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: b97b6a79b734e9323aa8c3847d0b2a1bb5db32fc6a7df92ac69653d1c8ba13c5

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.bestone-work.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

x-amz-version-id: BhYfibf8ln9C4F8AF59WvZqelYblDtF0
date: Sat, 04 Nov 2023 14:29:09 GMT
via: 1.1 598a1f878f2efc16baaf47787ffe82d2.cloudfront.net (CloudFront)
last-modified: Mon, 04 Sep 2023 03:28:50 GMT
server: AmazonS3
x-amz-cf-pop: FRA60-P2
age: 37
x-amz-server-side-encryption: AES256
etag: "519bf06eca29382b4ee4cc4f1dace214"
x-cache: Hit from cloudfront
content-type: application/javascript
accept-ranges: bytes
content-length: 2905
x-amz-cf-id: uGsRZdye3iDDVJdLfwisLOlZisbaXw6m3mvYr0DdnqWKf2C-UoeSzQ==

GET
H2 200 publishertag.js Show response
static.criteo.net/js/ld/ Frame 95D8 129 KB
42 KB 176ms
85ms Script
text/javascript 2a02:2638:3::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.criteo.net/js/ld/publishertag.js

Requested by

Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js?20230627

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

d6c5ee567fc259b1e6a5aaf4e1de177ebfec611be8dd32ec933ba6b0cf2b9e74

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.bestone-work.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Sat, 04 Nov 2023 14:29:45 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Fri, 27 Oct 2023 06:43:26 GMT
server: nginx
etag: W/"653b5c0e-20336"
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=86400, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Sun, 05 Nov 2023 14:29:45 GMT

GET
H2 200 criteoV2.js Show response
cdn.holmesmind.com/js/ Frame 95D8 3 KB
4 KB 45ms
42ms Script
application/javascript 2600:9000:2250:cc00:0:e06c:e940:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.holmesmind.com/js/criteoV2.js
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js?20230627
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2250:cc00:0:e06c:e940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: cef005a7925817203365e696b47631a1bb7741d6b22f19399f5b958069a09eda

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.bestone-work.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

x-amz-version-id: ScZOn53LDZH9EqQBQtTybn_n.yFFnixh
date: Sat, 04 Nov 2023 14:28:51 GMT
via: 1.1 598a1f878f2efc16baaf47787ffe82d2.cloudfront.net (CloudFront)
last-modified: Thu, 27 Jul 2023 02:29:01 GMT
server: AmazonS3
x-amz-cf-pop: FRA60-P2
age: 55
x-amz-server-side-encryption: AES256
etag: "13519f9e63c9828d93a698c47992e115"
x-cache: Hit from cloudfront
content-type: application/javascript
accept-ranges: bytes
content-length: 3197
x-amz-cf-id: s4IrbWULU8QLpMsM5UI-ifnTnLphQhFs6y7TciP40i445AX5OF8pdQ==

GET
H2 200 bridgewellV3.js Show response
cdn.holmesmind.com/js/ Frame 95D8 3 KB
4 KB 45ms
43ms Script
application/javascript 2600:9000:2250:cc00:0:e06c:e940:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.holmesmind.com/js/bridgewellV3.js
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js?20230627
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2250:cc00:0:e06c:e940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: f3c5e5a0064eec4419f514718f35b3eb4ff163a77ebf16445041f5498a84638b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.bestone-work.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

x-amz-version-id: DID93KRiG7PHJMF22E9BP3B26tce7ZQK
date: Sat, 04 Nov 2023 14:29:20 GMT
via: 1.1 598a1f878f2efc16baaf47787ffe82d2.cloudfront.net (CloudFront)
last-modified: Mon, 02 Oct 2023 08:50:04 GMT
server: AmazonS3
x-amz-cf-pop: FRA60-P2
age: 26
x-amz-server-side-encryption: AES256
etag: "41ecd67a1e57b2a3aa7cf0c876da0a59"
x-cache: Hit from cloudfront
content-type: application/javascript
accept-ranges: bytes
content-length: 3470
x-amz-cf-id: C3OmA1XwavSfEQUtFA6vE89-iAfOsc_kAQiWVcAbDfb2Hs6rRSJBKg==

GET
H2 200 appier_mainV3.js Show response
cdn.holmesmind.com/js/ Frame 95D8 6 KB
6 KB 46ms
44ms Script
application/javascript 2600:9000:2250:cc00:0:e06c:e940:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.holmesmind.com/js/appier_mainV3.js
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js?20230627
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2250:cc00:0:e06c:e940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: bd0366660d2837d11ab498b4adbca774d02854cbb182aaba77f5bc96075df9fb

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.bestone-work.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

x-amz-version-id: YYuAhwhSx_GsTeUJoqJMc_2F0T8dyIho
date: Sat, 04 Nov 2023 14:28:50 GMT
via: 1.1 598a1f878f2efc16baaf47787ffe82d2.cloudfront.net (CloudFront)
last-modified: Tue, 29 Aug 2023 09:16:38 GMT
server: AmazonS3
x-amz-cf-pop: FRA60-P2
age: 56
x-amz-server-side-encryption: AES256
etag: "f06a16ff0c73f1550fb80377786b8f06"
x-cache: Hit from cloudfront
content-type: application/javascript
accept-ranges: bytes
content-length: 6065
x-amz-cf-id: w4M17Nt4ChumYwKGlDvmqQPcqsCXhW1y-z_-WT9kTtV2TGBtuT2NIw==

GET
H2 200 ads.js Show response
ad.holmesmind.com/adserver/ Frame E331 2 KB
1 KB 455ms
420ms Script
text/html 18.179.162.182
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://ad.holmesmind.com/adserver/ads.js?z=14487&rf=https%3A%2F%2Fwww.bestone-work.com%2Fdoc_WFBmaC9HUTJhOThXemNIMkhHMlhRUT09%3Ffbclid%3DIwAR2toTevgLsppj6JOZjrSHBFdjHyazS0QA9jX7BxsXQ8IfaeNDAa-hnA6Bs&n=541&o=1&fc=undefined&d=1&b=2&ts=1&ii=3&FPCK=955-x1nooupvOK0ldZ3HcyYe8O9EASUmBYIb&fp_uuid=0955-228ed05eed155c3ebfffe38b1136212a27ea5561caf434edf23f2da9a091d681&initver=230627P
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js?20230627
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.179.162.182 Tokyo, Japan, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-179-162-182.ap-northeast-1.compute.amazonaws.com
Software: nginx/1.14.0 (Ubuntu) /
Resource Hash: a8069ac41eb2b126f5aee9f8fc85c0bb9b5b1f6bca823990b5754b31312c8c83

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.bestone-work.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

access-control-allow-origin: https://www.bestone-work.com
date: Sat, 04 Nov 2023 14:29:46 GMT
content-encoding: gzip
access-control-allow-credentials: true
server: nginx/1.14.0 (Ubuntu)
vary: Accept-Encoding
content-type: text/html; charset=UTF-8

GET
H2 200 rtbhouseV2.js Show response
cdn.holmesmind.com/js/ Frame E331 3 KB
3 KB 46ms
44ms Script
application/javascript 2600:9000:2250:cc00:0:e06c:e940:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.holmesmind.com/js/rtbhouseV2.js
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js?20230627
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2250:cc00:0:e06c:e940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: b97b6a79b734e9323aa8c3847d0b2a1bb5db32fc6a7df92ac69653d1c8ba13c5

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.bestone-work.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

x-amz-version-id: BhYfibf8ln9C4F8AF59WvZqelYblDtF0
date: Sat, 04 Nov 2023 14:29:09 GMT
via: 1.1 598a1f878f2efc16baaf47787ffe82d2.cloudfront.net (CloudFront)
last-modified: Mon, 04 Sep 2023 03:28:50 GMT
server: AmazonS3
x-amz-cf-pop: FRA60-P2
age: 37
x-amz-server-side-encryption: AES256
etag: "519bf06eca29382b4ee4cc4f1dace214"
x-cache: Hit from cloudfront
content-type: application/javascript
accept-ranges: bytes
content-length: 2905
x-amz-cf-id: wUFVpktzOEBiSzGVqyzTGaF9Z0_RRSiAVuyfK8J2sORfH79YUGDEbA==

GET
H2 200 publishertag.js Show response
static.criteo.net/js/ld/ Frame E331 129 KB
42 KB 259ms
171ms Script
text/javascript 2a02:2638:3::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.criteo.net/js/ld/publishertag.js

Requested by

Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js?20230627

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

d6c5ee567fc259b1e6a5aaf4e1de177ebfec611be8dd32ec933ba6b0cf2b9e74

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.bestone-work.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Sat, 04 Nov 2023 14:29:45 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Fri, 27 Oct 2023 06:43:26 GMT
server: nginx
etag: W/"653b5c0e-20336"
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=86400, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Sun, 05 Nov 2023 14:29:45 GMT

GET
H2 200 criteoV2.js Show response
cdn.holmesmind.com/js/ Frame E331 3 KB
4 KB 47ms
46ms Script
application/javascript 2600:9000:2250:cc00:0:e06c:e940:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.holmesmind.com/js/criteoV2.js
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js?20230627
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2250:cc00:0:e06c:e940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: cef005a7925817203365e696b47631a1bb7741d6b22f19399f5b958069a09eda

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.bestone-work.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

x-amz-version-id: ScZOn53LDZH9EqQBQtTybn_n.yFFnixh
date: Sat, 04 Nov 2023 14:28:51 GMT
via: 1.1 598a1f878f2efc16baaf47787ffe82d2.cloudfront.net (CloudFront)
last-modified: Thu, 27 Jul 2023 02:29:01 GMT
server: AmazonS3
x-amz-cf-pop: FRA60-P2
age: 55
x-amz-server-side-encryption: AES256
etag: "13519f9e63c9828d93a698c47992e115"
x-cache: Hit from cloudfront
content-type: application/javascript
accept-ranges: bytes
content-length: 3197
x-amz-cf-id: wm6D7VkzgDGIhsJVHMPiVTtBz8AemkU6cwb7xjx74p3mROAkP_dRmA==

GET
H2 200 bridgewellV3.js Show response
cdn.holmesmind.com/js/ Frame E331 3 KB
4 KB 48ms
47ms Script
application/javascript 2600:9000:2250:cc00:0:e06c:e940:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.holmesmind.com/js/bridgewellV3.js
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js?20230627
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2250:cc00:0:e06c:e940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: f3c5e5a0064eec4419f514718f35b3eb4ff163a77ebf16445041f5498a84638b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.bestone-work.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

x-amz-version-id: DID93KRiG7PHJMF22E9BP3B26tce7ZQK
date: Sat, 04 Nov 2023 14:29:20 GMT
via: 1.1 598a1f878f2efc16baaf47787ffe82d2.cloudfront.net (CloudFront)
last-modified: Mon, 02 Oct 2023 08:50:04 GMT
server: AmazonS3
x-amz-cf-pop: FRA60-P2
age: 26
x-amz-server-side-encryption: AES256
etag: "41ecd67a1e57b2a3aa7cf0c876da0a59"
x-cache: Hit from cloudfront
content-type: application/javascript
accept-ranges: bytes
content-length: 3470
x-amz-cf-id: K6_3-HUi_7TDWVvR8tmmIXGJMgiqPkefeloZxxAlwf21lQcdV7H9Tg==

GET
H2 200 appier_mainV3.js Show response
cdn.holmesmind.com/js/ Frame E331 6 KB
6 KB 50ms
49ms Script
application/javascript 2600:9000:2250:cc00:0:e06c:e940:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.holmesmind.com/js/appier_mainV3.js
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js?20230627
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2250:cc00:0:e06c:e940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: bd0366660d2837d11ab498b4adbca774d02854cbb182aaba77f5bc96075df9fb

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.bestone-work.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

x-amz-version-id: YYuAhwhSx_GsTeUJoqJMc_2F0T8dyIho
date: Sat, 04 Nov 2023 14:28:50 GMT
via: 1.1 598a1f878f2efc16baaf47787ffe82d2.cloudfront.net (CloudFront)
last-modified: Tue, 29 Aug 2023 09:16:38 GMT
server: AmazonS3
x-amz-cf-pop: FRA60-P2
age: 56
x-amz-server-side-encryption: AES256
etag: "f06a16ff0c73f1550fb80377786b8f06"
x-cache: Hit from cloudfront
content-type: application/javascript
accept-ranges: bytes
content-length: 6065
x-amz-cf-id: uf7KlSaiZPUX8sE-RsdP81fZBHcGB_hlgqOdB00MGTVAwNxbdp6b4w==

GET
H2 200 ads.js Show response
ad.holmesmind.com/adserver/ Frame 5085 2 KB
1 KB 511ms
478ms Script
text/html 18.179.162.182
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://ad.holmesmind.com/adserver/ads.js?z=14487&rf=https%3A%2F%2Fwww.bestone-work.com%2Fdoc_WFBmaC9HUTJhOThXemNIMkhHMlhRUT09%3Ffbclid%3DIwAR2toTevgLsppj6JOZjrSHBFdjHyazS0QA9jX7BxsXQ8IfaeNDAa-hnA6Bs&n=517&o=1&fc=undefined&d=1&b=2&ts=1&ii=3&FPCK=955-x1nooupvOK0ldZ3HcyYe8O9EASUmBYIb&fp_uuid=0955-228ed05eed155c3ebfffe38b1136212a27ea5561caf434edf23f2da9a091d681&initver=230627P
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js?20230627
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.179.162.182 Tokyo, Japan, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-179-162-182.ap-northeast-1.compute.amazonaws.com
Software: nginx/1.14.0 (Ubuntu) /
Resource Hash: c50acbfb387dd690e87d779b4f41ac272219fb6659c256da7604e9349eda1780

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.bestone-work.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

access-control-allow-origin: https://www.bestone-work.com
date: Sat, 04 Nov 2023 14:29:46 GMT
content-encoding: gzip
access-control-allow-credentials: true
server: nginx/1.14.0 (Ubuntu)
vary: Accept-Encoding
content-type: text/html; charset=UTF-8

GET
H2 200 rtbhouseV2.js Show response
cdn.holmesmind.com/js/ Frame 5085 3 KB
3 KB 55ms
38ms Script
application/javascript 2600:9000:2250:cc00:0:e06c:e940:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.holmesmind.com/js/rtbhouseV2.js
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js?20230627
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2250:cc00:0:e06c:e940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: b97b6a79b734e9323aa8c3847d0b2a1bb5db32fc6a7df92ac69653d1c8ba13c5

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.bestone-work.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

x-amz-version-id: BhYfibf8ln9C4F8AF59WvZqelYblDtF0
date: Sat, 04 Nov 2023 14:29:09 GMT
via: 1.1 598a1f878f2efc16baaf47787ffe82d2.cloudfront.net (CloudFront)
last-modified: Mon, 04 Sep 2023 03:28:50 GMT
server: AmazonS3
x-amz-cf-pop: FRA60-P2
age: 37
x-amz-server-side-encryption: AES256
etag: "519bf06eca29382b4ee4cc4f1dace214"
x-cache: Hit from cloudfront
content-type: application/javascript
accept-ranges: bytes
content-length: 2905
x-amz-cf-id: uIicZx9-RskI3Ig0a-58EJz0cepgNqngn63ItdcQPTbHsf87FOYF5w==

GET
H2 200 publishertag.js Show response
static.criteo.net/js/ld/ Frame 5085 129 KB
42 KB 202ms
120ms Script
text/javascript 2a02:2638:3::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.criteo.net/js/ld/publishertag.js

Requested by

Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js?20230627

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

d6c5ee567fc259b1e6a5aaf4e1de177ebfec611be8dd32ec933ba6b0cf2b9e74

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.bestone-work.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Sat, 04 Nov 2023 14:29:45 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Fri, 27 Oct 2023 06:43:26 GMT
server: nginx
etag: W/"653b5c0e-20336"
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=86400, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Sun, 05 Nov 2023 14:29:45 GMT

GET
H2 200 criteoV2.js Show response
cdn.holmesmind.com/js/ Frame 5085 3 KB
4 KB 49ms
39ms Script
application/javascript 2600:9000:2250:cc00:0:e06c:e940:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.holmesmind.com/js/criteoV2.js
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js?20230627
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2250:cc00:0:e06c:e940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: cef005a7925817203365e696b47631a1bb7741d6b22f19399f5b958069a09eda

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.bestone-work.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

x-amz-version-id: ScZOn53LDZH9EqQBQtTybn_n.yFFnixh
date: Sat, 04 Nov 2023 14:28:51 GMT
via: 1.1 598a1f878f2efc16baaf47787ffe82d2.cloudfront.net (CloudFront)
last-modified: Thu, 27 Jul 2023 02:29:01 GMT
server: AmazonS3
x-amz-cf-pop: FRA60-P2
age: 55
x-amz-server-side-encryption: AES256
etag: "13519f9e63c9828d93a698c47992e115"
x-cache: Hit from cloudfront
content-type: application/javascript
accept-ranges: bytes
content-length: 3197
x-amz-cf-id: WrpZJ4uI3A2AErRSwCTSQUVavrFKWCYY6HQ_7o0dB1YCtSOO2zY31g==

GET
H2 200 bridgewellV3.js Show response
cdn.holmesmind.com/js/ Frame 5085 3 KB
4 KB 69ms
60ms Script
application/javascript 2600:9000:2250:cc00:0:e06c:e940:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.holmesmind.com/js/bridgewellV3.js
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js?20230627
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2250:cc00:0:e06c:e940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: f3c5e5a0064eec4419f514718f35b3eb4ff163a77ebf16445041f5498a84638b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.bestone-work.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

x-amz-version-id: DID93KRiG7PHJMF22E9BP3B26tce7ZQK
date: Sat, 04 Nov 2023 14:29:20 GMT
via: 1.1 598a1f878f2efc16baaf47787ffe82d2.cloudfront.net (CloudFront)
last-modified: Mon, 02 Oct 2023 08:50:04 GMT
server: AmazonS3
x-amz-cf-pop: FRA60-P2
age: 26
x-amz-server-side-encryption: AES256
etag: "41ecd67a1e57b2a3aa7cf0c876da0a59"
x-cache: Hit from cloudfront
content-type: application/javascript
accept-ranges: bytes
content-length: 3470
x-amz-cf-id: vUFlUSlImjPWGVtTYhbt0j4EfOk4RCQFPlZIBmd2TCEdrvTTBb63Eg==

GET
H2 200 appier_mainV3.js Show response
cdn.holmesmind.com/js/ Frame 5085 6 KB
6 KB 71ms
62ms Script
application/javascript 2600:9000:2250:cc00:0:e06c:e940:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.holmesmind.com/js/appier_mainV3.js
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js?20230627
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2250:cc00:0:e06c:e940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: bd0366660d2837d11ab498b4adbca774d02854cbb182aaba77f5bc96075df9fb

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.bestone-work.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

x-amz-version-id: YYuAhwhSx_GsTeUJoqJMc_2F0T8dyIho
date: Sat, 04 Nov 2023 14:28:50 GMT
via: 1.1 598a1f878f2efc16baaf47787ffe82d2.cloudfront.net (CloudFront)
last-modified: Tue, 29 Aug 2023 09:16:38 GMT
server: AmazonS3
x-amz-cf-pop: FRA60-P2
age: 56
x-amz-server-side-encryption: AES256
etag: "f06a16ff0c73f1550fb80377786b8f06"
x-cache: Hit from cloudfront
content-type: application/javascript
accept-ranges: bytes
content-length: 6065
x-amz-cf-id: s6-cu6n61-VWsYLLdZL1xdUjspJlxnr93oyaR2UpvmudW68YvEQDZQ==

POST
H2 204 bids Show response
prebid-asia.creativecdn.com/bidder/prebid/ Frame 95D8 0
183 B 632ms
199ms XHR
text/plain 103.132.192.30
RTBHOUSE-AS-AP RT...

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid-asia.creativecdn.com/bidder/prebid/bids
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/rtbhouseV2.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 103.132.192.30 , Singapore, ASN138552 (RTBHOUSE-AS-AP RTB HOUSE PTE. LTD., SG),
Reverse DNS: ip-103-132-192-30.rtbhouse.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.bestone-work.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: https://www.bestone-work.com
date: Sat, 04 Nov 2023 14:29:46 GMT
access-control-allow-credentials: true
vary: Origin
access-control-max-age: 3600
access-control-allow-methods: POST

POST
H2 204 bids Show response
prebid-asia.creativecdn.com/bidder/prebid/ Frame 95D8 0
182 B 632ms
199ms XHR
text/plain 103.132.192.30
RTBHOUSE-AS-AP RT...

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid-asia.creativecdn.com/bidder/prebid/bids
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/rtbhouseV2.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 103.132.192.30 , Singapore, ASN138552 (RTBHOUSE-AS-AP RTB HOUSE PTE. LTD., SG),
Reverse DNS: ip-103-132-192-30.rtbhouse.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.bestone-work.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: https://www.bestone-work.com
date: Sat, 04 Nov 2023 14:29:46 GMT
access-control-allow-credentials: true
vary: Origin
access-control-max-age: 3600
access-control-allow-methods: POST

POST
H/1.1 204
No Content prebid.aspx Show response
prebid.scupio.com/recweb/ Frame 95D8 0
180 B 3968ms
3365ms XHR
text/plain 210.59.219.34
HINET Data Commun...

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid.scupio.com/recweb/prebid.aspx?cb=0.2514055217799396
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/bridgewellV3.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 210.59.219.34 Taichung, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),
Reverse DNS: 210-59-219-34.hinet-ip.hinet.net
Software: Kestrel /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.bestone-work.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

Access-Control-Allow-Origin: https://www.bestone-work.com
Date: Sat, 04 Nov 2023 14:29:46 GMT
Access-Control-Allow-Credentials: true
Server: Kestrel

POST
H/1.1 204
No Content prebid.aspx Show response
prebid.scupio.com/recweb/ Frame 95D8 0
180 B 4264ms
291ms XHR
text/plain 210.59.219.34
HINET Data Commun...

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid.scupio.com/recweb/prebid.aspx?cb=0.6792869520361344
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/bridgewellV3.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 210.59.219.34 Taichung, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),
Reverse DNS: 210-59-219-34.hinet-ip.hinet.net
Software: Kestrel /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.bestone-work.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

Access-Control-Allow-Origin: https://www.bestone-work.com
Date: Sat, 04 Nov 2023 14:29:49 GMT
Access-Control-Allow-Credentials: true
Server: Kestrel

POST
H3

200

bid Show response
ad2.apx.appier.net/v1/prebid/ Frame 95D8
Redirect Chain

https://ad2.apx.appier.net/v1/prebid/bid
https://gocm.c.appier.net/apnet?url=ad2.apx.appier.net%2Fv1%2Fprebid%2Fbid
https://ad2.apx.appier.net/v1/prebid/bid?acid=Ebj5mF_HAi-GeAmzX1VGZQ

2 B
20 B

314ms
314ms

XHR
application/json

35.190.36.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://ad2.apx.appier.net/v1/prebid/bid?acid=Ebj5mF_HAi-GeAmzX1VGZQ
Requested by: Host: www.bestone-work.com
URL: https://www.bestone-work.com/doc_WFBmaC9HUTJhOThXemNIMkhHMlhRUT09?fbclid=IwAR2toTevgLsppj6JOZjrSHBFdjHyazS0QA9jX7BxsXQ8IfaeNDAa-hnA6Bs
Protocol: H3
Server: 35.190.36.98 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 98.36.190.35.bc.googleusercontent.com
Software: /
Resource Hash: 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.bestone-work.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Sat, 04 Nov 2023 14:29:51 GMT
via: 1.1 google
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List
content-type: application/json; charset=utf-8
access-control-allow-origin: null
cache-control: no-store
access-control-allow-credentials: true
critical-ch: Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2

Redirect headers

date: Sat, 04 Nov 2023 14:29:51 GMT
accept-ch: Sec-CH-UA-Model,Sec-CH-UA-Platform-Version
server: nginx
p3p: CP="CUR ADM DEV TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: null
location: https://ad2.apx.appier.net/v1/prebid/bid?acid=Ebj5mF_HAi-GeAmzX1VGZQ
cache-control: no-store
access-control-allow-credentials: true
content-length: 0

POST
H3

200

bid Show response
ad2.apx.appier.net/v1/prebid/ Frame 95D8
Redirect Chain

https://ad2.apx.appier.net/v1/prebid/bid
https://gocm.c.appier.net/apnet?url=ad2.apx.appier.net%2Fv1%2Fprebid%2Fbid
https://ad2.apx.appier.net/v1/prebid/bid?acid=WRB3l_q3A421-SbMX1VGZQ

2 B
20 B

314ms
313ms

XHR
application/json

35.190.36.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://ad2.apx.appier.net/v1/prebid/bid?acid=WRB3l_q3A421-SbMX1VGZQ
Requested by: Host: www.bestone-work.com
URL: https://www.bestone-work.com/doc_WFBmaC9HUTJhOThXemNIMkhHMlhRUT09?fbclid=IwAR2toTevgLsppj6JOZjrSHBFdjHyazS0QA9jX7BxsXQ8IfaeNDAa-hnA6Bs
Protocol: H3
Server: 35.190.36.98 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 98.36.190.35.bc.googleusercontent.com
Software: /
Resource Hash: 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.bestone-work.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Sat, 04 Nov 2023 14:29:51 GMT
via: 1.1 google
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List
content-type: application/json; charset=utf-8
access-control-allow-origin: null
cache-control: no-store
access-control-allow-credentials: true
critical-ch: Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2

Redirect headers

date: Sat, 04 Nov 2023 14:29:51 GMT
accept-ch: Sec-CH-UA-Model,Sec-CH-UA-Platform-Version
server: nginx
p3p: CP="CUR ADM DEV TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: null
location: https://ad2.apx.appier.net/v1/prebid/bid?acid=WRB3l_q3A421-SbMX1VGZQ
cache-control: no-store
access-control-allow-credentials: true
content-length: 0

POST
H2 204 bids Show response
prebid-asia.creativecdn.com/bidder/prebid/ Frame E331 0
182 B 3961ms
3531ms XHR
text/plain 103.132.192.30
RTBHOUSE-AS-AP RT...

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid-asia.creativecdn.com/bidder/prebid/bids
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/rtbhouseV2.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 103.132.192.30 , Singapore, ASN138552 (RTBHOUSE-AS-AP RTB HOUSE PTE. LTD., SG),
Reverse DNS: ip-103-132-192-30.rtbhouse.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.bestone-work.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: https://www.bestone-work.com
date: Sat, 04 Nov 2023 14:29:46 GMT
access-control-allow-credentials: true
vary: Origin
access-control-max-age: 3600
access-control-allow-methods: POST

POST
H2 204 bids Show response
prebid-asia.creativecdn.com/bidder/prebid/ Frame E331 0
182 B 3961ms
3531ms XHR
text/plain 103.132.192.30
RTBHOUSE-AS-AP RT...

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid-asia.creativecdn.com/bidder/prebid/bids
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/rtbhouseV2.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 103.132.192.30 , Singapore, ASN138552 (RTBHOUSE-AS-AP RTB HOUSE PTE. LTD., SG),
Reverse DNS: ip-103-132-192-30.rtbhouse.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.bestone-work.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: https://www.bestone-work.com
date: Sat, 04 Nov 2023 14:29:46 GMT
access-control-allow-credentials: true
vary: Origin
access-control-max-age: 3600
access-control-allow-methods: POST

POST
H/1.1 204
No Content prebid.aspx Show response
prebid.scupio.com/recweb/ Frame E331 0
180 B 3966ms
3359ms XHR
text/plain 210.59.219.34
HINET Data Commun...

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid.scupio.com/recweb/prebid.aspx?cb=0.09021711611767635
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/bridgewellV3.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 210.59.219.34 Taichung, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),
Reverse DNS: 210-59-219-34.hinet-ip.hinet.net
Software: Kestrel /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.bestone-work.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

Access-Control-Allow-Origin: https://www.bestone-work.com
Date: Sat, 04 Nov 2023 14:29:46 GMT
Access-Control-Allow-Credentials: true
Server: Kestrel

POST
H/1.1 204
No Content prebid.aspx Show response
prebid.scupio.com/recweb/ Frame E331 0
180 B 3965ms
3353ms XHR
text/plain 210.59.219.34
HINET Data Commun...

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid.scupio.com/recweb/prebid.aspx?cb=0.052236279022544796
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/bridgewellV3.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 210.59.219.34 Taichung, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),
Reverse DNS: 210-59-219-34.hinet-ip.hinet.net
Software: Kestrel /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.bestone-work.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

Access-Control-Allow-Origin: https://www.bestone-work.com
Date: Sat, 04 Nov 2023 14:29:45 GMT
Access-Control-Allow-Credentials: true
Server: Kestrel

POST
H2

200

bid Show response
ad2.apx.appier.net/v1/prebid/ Frame E331
Redirect Chain

https://ad2.apx.appier.net/v1/prebid/bid
https://gocm.c.appier.net/apnet?url=ad2.apx.appier.net%2Fv1%2Fprebid%2Fbid
https://ad2.apx.appier.net/v1/prebid/bid?acid=t57Om_5oBxir4EYOXlVGZQ

2 B
168 B

311ms
311ms

XHR
application/json

35.190.36.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://ad2.apx.appier.net/v1/prebid/bid?acid=t57Om_5oBxir4EYOXlVGZQ
Requested by: Host: www.bestone-work.com
URL: https://www.bestone-work.com/doc_WFBmaC9HUTJhOThXemNIMkhHMlhRUT09?fbclid=IwAR2toTevgLsppj6JOZjrSHBFdjHyazS0QA9jX7BxsXQ8IfaeNDAa-hnA6Bs
Protocol: H2
Server: 35.190.36.98 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 98.36.190.35.bc.googleusercontent.com
Software: /
Resource Hash: 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.bestone-work.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Sat, 04 Nov 2023 14:29:51 GMT
via: 1.1 google
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List
content-type: application/json; charset=utf-8
access-control-allow-origin: null
cache-control: no-store
access-control-allow-credentials: true
critical-ch: Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2

Redirect headers

date: Sat, 04 Nov 2023 14:29:50 GMT
accept-ch: Sec-CH-UA-Model,Sec-CH-UA-Platform-Version
server: nginx
p3p: CP="CUR ADM DEV TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: null
location: https://ad2.apx.appier.net/v1/prebid/bid?acid=t57Om_5oBxir4EYOXlVGZQ
cache-control: no-store
access-control-allow-credentials: true
content-length: 0

POST
H3

200

bid Show response
ad2.apx.appier.net/v1/prebid/ Frame E331
Redirect Chain

https://ad2.apx.appier.net/v1/prebid/bid
https://gocm.c.appier.net/apnet?url=ad2.apx.appier.net%2Fv1%2Fprebid%2Fbid
https://ad2.apx.appier.net/v1/prebid/bid?acid=jSs24xvuBESBVscnX1VGZQ

2 B
20 B

314ms
314ms

XHR
application/json

35.190.36.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://ad2.apx.appier.net/v1/prebid/bid?acid=jSs24xvuBESBVscnX1VGZQ
Requested by: Host: www.bestone-work.com
URL: https://www.bestone-work.com/doc_WFBmaC9HUTJhOThXemNIMkhHMlhRUT09?fbclid=IwAR2toTevgLsppj6JOZjrSHBFdjHyazS0QA9jX7BxsXQ8IfaeNDAa-hnA6Bs
Protocol: H3
Server: 35.190.36.98 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 98.36.190.35.bc.googleusercontent.com
Software: /
Resource Hash: 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.bestone-work.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Sat, 04 Nov 2023 14:29:51 GMT
via: 1.1 google
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List
content-type: application/json; charset=utf-8
access-control-allow-origin: null
cache-control: no-store
access-control-allow-credentials: true
critical-ch: Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2

Redirect headers

date: Sat, 04 Nov 2023 14:29:51 GMT
accept-ch: Sec-CH-UA-Model,Sec-CH-UA-Platform-Version
server: nginx
p3p: CP="CUR ADM DEV TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: null
location: https://ad2.apx.appier.net/v1/prebid/bid?acid=jSs24xvuBESBVscnX1VGZQ
cache-control: no-store
access-control-allow-credentials: true
content-length: 0

POST
H2 204 bids Show response
prebid-asia.creativecdn.com/bidder/prebid/ Frame 5085 0
182 B 3959ms
3532ms XHR
text/plain 103.132.192.30
RTBHOUSE-AS-AP RT...

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid-asia.creativecdn.com/bidder/prebid/bids
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/rtbhouseV2.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 103.132.192.30 , Singapore, ASN138552 (RTBHOUSE-AS-AP RTB HOUSE PTE. LTD., SG),
Reverse DNS: ip-103-132-192-30.rtbhouse.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.bestone-work.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: https://www.bestone-work.com
date: Sat, 04 Nov 2023 14:29:46 GMT
access-control-allow-credentials: true
vary: Origin
access-control-max-age: 3600
access-control-allow-methods: POST

POST
H2 204 bids Show response
prebid-asia.creativecdn.com/bidder/prebid/ Frame 5085 0
182 B 3959ms
3532ms XHR
text/plain 103.132.192.30
RTBHOUSE-AS-AP RT...

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid-asia.creativecdn.com/bidder/prebid/bids
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/rtbhouseV2.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 103.132.192.30 , Singapore, ASN138552 (RTBHOUSE-AS-AP RTB HOUSE PTE. LTD., SG),
Reverse DNS: ip-103-132-192-30.rtbhouse.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.bestone-work.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: https://www.bestone-work.com
date: Sat, 04 Nov 2023 14:29:46 GMT
access-control-allow-credentials: true
vary: Origin
access-control-max-age: 3600
access-control-allow-methods: POST

POST
H/1.1 204
No Content prebid.aspx Show response
prebid.scupio.com/recweb/ Frame 5085 0
180 B 4211ms
285ms XHR
text/plain 210.59.219.34
HINET Data Commun...

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid.scupio.com/recweb/prebid.aspx?cb=0.1218175420986165
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/bridgewellV3.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 210.59.219.34 Taichung, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),
Reverse DNS: 210-59-219-34.hinet-ip.hinet.net
Software: Kestrel /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.bestone-work.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

Access-Control-Allow-Origin: https://www.bestone-work.com
Date: Sat, 04 Nov 2023 14:29:49 GMT
Access-Control-Allow-Credentials: true
Server: Kestrel

POST
H/1.1 204
No Content prebid.aspx Show response
prebid.scupio.com/recweb/ Frame 5085 0
180 B 4231ms
306ms XHR
text/plain 210.59.219.34
HINET Data Commun...

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid.scupio.com/recweb/prebid.aspx?cb=0.5184341553210687
Requested by: Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/bridgewellV3.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 210.59.219.34 Taichung, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),
Reverse DNS: 210-59-219-34.hinet-ip.hinet.net
Software: Kestrel /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.bestone-work.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

Access-Control-Allow-Origin: https://www.bestone-work.com
Date: Sat, 04 Nov 2023 14:29:49 GMT
Access-Control-Allow-Credentials: true
Server: Kestrel

POST
H3

200

bid Show response
ad2.apx.appier.net/v1/prebid/ Frame 5085
Redirect Chain

https://ad2.apx.appier.net/v1/prebid/bid
https://gocm.c.appier.net/apnet?url=ad2.apx.appier.net%2Fv1%2Fprebid%2Fbid
https://ad2.apx.appier.net/v1/prebid/bid?acid=-yyjK2y2DAuuKKz_X1VGZQ

2 B
20 B

313ms
312ms

XHR
application/json

35.190.36.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://ad2.apx.appier.net/v1/prebid/bid?acid=-yyjK2y2DAuuKKz_X1VGZQ
Requested by: Host: www.bestone-work.com
URL: https://www.bestone-work.com/doc_WFBmaC9HUTJhOThXemNIMkhHMlhRUT09?fbclid=IwAR2toTevgLsppj6JOZjrSHBFdjHyazS0QA9jX7BxsXQ8IfaeNDAa-hnA6Bs
Protocol: H3
Server: 35.190.36.98 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 98.36.190.35.bc.googleusercontent.com
Software: /
Resource Hash: 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.bestone-work.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Sat, 04 Nov 2023 14:29:51 GMT
via: 1.1 google
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List
content-type: application/json; charset=utf-8
access-control-allow-origin: null
cache-control: no-store
access-control-allow-credentials: true
critical-ch: Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2

Redirect headers

date: Sat, 04 Nov 2023 14:29:51 GMT
accept-ch: Sec-CH-UA-Model,Sec-CH-UA-Platform-Version
server: nginx
p3p: CP="CUR ADM DEV TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: null
location: https://ad2.apx.appier.net/v1/prebid/bid?acid=-yyjK2y2DAuuKKz_X1VGZQ
cache-control: no-store
access-control-allow-credentials: true
content-length: 0

POST
H2

200

bid Show response
ad2.apx.appier.net/v1/prebid/ Frame 5085
Redirect Chain

https://ad2.apx.appier.net/v1/prebid/bid
https://gocm.c.appier.net/apnet?url=ad2.apx.appier.net%2Fv1%2Fprebid%2Fbid
https://ad2.apx.appier.net/v1/prebid/bid?acid=9lg-y5j6CS-THg0GXlVGZQ

2 B
140 B

309ms
308ms

XHR
application/json

35.190.36.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://ad2.apx.appier.net/v1/prebid/bid?acid=9lg-y5j6CS-THg0GXlVGZQ
Requested by: Host: www.bestone-work.com
URL: https://www.bestone-work.com/doc_WFBmaC9HUTJhOThXemNIMkhHMlhRUT09?fbclid=IwAR2toTevgLsppj6JOZjrSHBFdjHyazS0QA9jX7BxsXQ8IfaeNDAa-hnA6Bs
Protocol: H2
Server: 35.190.36.98 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 98.36.190.35.bc.googleusercontent.com
Software: /
Resource Hash: 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.bestone-work.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Sat, 04 Nov 2023 14:29:51 GMT
via: 1.1 google
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List
content-type: application/json; charset=utf-8
access-control-allow-origin: null
cache-control: no-store
access-control-allow-credentials: true
critical-ch: Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2

Redirect headers

date: Sat, 04 Nov 2023 14:29:50 GMT
accept-ch: Sec-CH-UA-Model,Sec-CH-UA-Platform-Version
server: nginx
p3p: CP="CUR ADM DEV TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: null
location: https://ad2.apx.appier.net/v1/prebid/bid?acid=9lg-y5j6CS-THg0GXlVGZQ
cache-control: no-store
access-control-allow-credentials: true
content-length: 0

GET
H3 200 Dq7XSZMeOny_zs0cDs__BulTyuvw0_s4UMxrCFcwjBQ.js Show response
pagead2.googlesyndication.com/bg/ Frame FAB6 50 KB
19 KB 40ms
39ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/Dq7XSZMeOny_zs0cDs__BulTyuvw0_s4UMxrCFcwjBQ.js

Requested by

Host: www.bestone-work.com
URL: https://www.bestone-work.com/doc_WFBmaC9HUTJhOThXemNIMkhHMlhRUT09?fbclid=IwAR2toTevgLsppj6JOZjrSHBFdjHyazS0QA9jX7BxsXQ8IfaeNDAa-hnA6Bs

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0eaed749931e3a7cbfcecd1c0ecfff06e953caebf0d3fb3850cc6b0857308c14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Wed, 01 Nov 2023 19:38:15 GMT
content-encoding: br
x-content-type-options: nosniff
age: 240691
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 19631
x-xss-protection: 0
last-modified: Tue, 31 Oct 2023 13:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 31 Oct 2024 19:38:15 GMT

GET
H2 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 05C5 42 B
174 B 84ms
83ms Fetch
image/gif 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjssZ1jF6-1PqVDOMZJeRIcd6pcbsK4V9FDKNJT9tbNef0OWR6-6lG2r7HuWriOBCKcxsAo--Hqx2QZjn-Q_meIbyQ0e_xRcVLIqbnTvlzF668fqX18bORcP6h-1PAIlOAntMK2OmeU8YSd6E&sai=AMfl-YSsAoTulw-Uw-IFaHUIGY31CkpLZPdNaEajvWqATm_IWXmqz--STFs-BoF4ulk2JcMFveuUKXKFq6_3kgfmLrlubfby54Uf37r5FQQ4ul562Bj6oVcMJTG9JDQpzjEVjzCVmSb-iiSrdfnjFA&sig=Cg0ArKJSzB506wrvbfRhEAE&cid=CAQSTADICaaN3NTK1yxe7qDw3zI1VHW8m666oNLI1cHKQUQ6MRiGk-d7x1s9Tm7wMS_r9GoI3UvIa82ksXszlwrqMqqrOhL3F38uqHPM43wYAQ&id=lidar2&mcvt=1077&p=0,0,280,700&mtos=1077,1077,1077,1077,1077&tos=1077,0,0,0,0&v=20231101&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=22&adk=4126388737&rs=2&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0%3D&vs=4&r=v&rst=1699108183433&rpt=1538&met=mue&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0&io2=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 04 Nov 2023 14:29:46 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 utag.js Show response
t.ssp.hinet.net/ Frame 95D8 5 KB
3 KB 3890ms
3415ms Script
application/javascript 203.75.214.136
HINET Data Commun...

General

Check archive.org

Show headers Download Go to

Full URL

https://t.ssp.hinet.net/utag.js

Requested by

Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js?20230627

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

203.75.214.136 , Taiwan, ASN3462 (HINET Data Communication Business Group, TW),

Reverse DNS

203-75-214-136.hinet-ip.hinet.net

Software

nginx /

Resource Hash

9c988e280a9af2e0bfc476f7ada40e1984db51651029927933b16de44400c28b

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.bestone-work.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Sat, 04 Nov 2023 14:29:46 GMT
strict-transport-security: max-age=0
content-encoding: gzip
last-modified: Wed, 16 Nov 2022 03:58:03 GMT
server: nginx
etag: W/"63745fcb-142e"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=600
expires: Sat, 04 Nov 2023 14:39:46 GMT

GET
H2 200 utag.js Show response
t.ssp.hinet.net/ Frame E331 5 KB
3 KB 3887ms
3415ms Script
application/javascript 203.75.214.136
HINET Data Commun...

General

Check archive.org

Show headers Download Go to

Full URL

https://t.ssp.hinet.net/utag.js

Requested by

Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js?20230627

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

203.75.214.136 , Taiwan, ASN3462 (HINET Data Communication Business Group, TW),

Reverse DNS

203-75-214-136.hinet-ip.hinet.net

Software

nginx /

Resource Hash

9c988e280a9af2e0bfc476f7ada40e1984db51651029927933b16de44400c28b

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.bestone-work.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Sat, 04 Nov 2023 14:29:46 GMT
strict-transport-security: max-age=0
content-encoding: gzip
last-modified: Wed, 16 Nov 2022 03:58:03 GMT
server: nginx
etag: W/"63745fcb-142e"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=600
expires: Sat, 04 Nov 2023 14:39:46 GMT

GET
H2 200 utag.js Show response
t.ssp.hinet.net/ Frame 5085 5 KB
3 KB 3886ms
3414ms Script
application/javascript 203.75.214.136
HINET Data Commun...

General

Check archive.org

Show headers Download Go to

Full URL

https://t.ssp.hinet.net/utag.js

Requested by

Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/presetfn.js?20230627

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

203.75.214.136 , Taiwan, ASN3462 (HINET Data Communication Business Group, TW),

Reverse DNS

203-75-214-136.hinet-ip.hinet.net

Software

nginx /

Resource Hash

9c988e280a9af2e0bfc476f7ada40e1984db51651029927933b16de44400c28b

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.bestone-work.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Sat, 04 Nov 2023 14:29:46 GMT
strict-transport-security: max-age=0
content-encoding: gzip
last-modified: Wed, 16 Nov 2022 03:58:03 GMT
server: nginx
etag: W/"63745fcb-142e"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=600
expires: Sat, 04 Nov 2023 14:39:46 GMT

GET
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame 459A 0
0 80ms
78ms Fetch
image/gif 142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsvILQSYE_Qvn47odEQ-k9VRUz0MRd-s2oAsjFemv7xjk3qpZVuvKdoVwoUj-RltBrBD4iqBZXujeG2pdYfOotl47D30ED7SOy851YVJY15y5rV1yCVUQCVvZdO-JpwCg7e82R8EWDMuKMYQ3JTkhKktCSnjYsuQdeQyxSb1EVuO5tx8jFJoALLyfKnajKxCp1si8Kxxya-Nm6bStR7vq2H0GUS0EvG9d50Y_f_5wT39HGTwBi5Upw3hlhMibAu22KU9Rh59pnY-cwRlZkjeJb8ol3TI_7BP4qWV96pEHY3Sto4BySkZdGGH6FghDzEyFBFZ2kF8PNQ0LuNWSTS9CzzFidJK6N8jHsrNelOwR5TCLaobghrtDhiAmr4Bm6xwjL63yAv7A77piUjjxenb15hBi1xKmKU_Ioi3zW4rLzda2rE6UnLcetWakhX_TPZwGTAlGg9O-eWy1mVBrWxPzb6axOj_3Su0oihf8Z5rwAa29UyxEHHwfqhjlYBwT3uPa1KCp-pQdABAyuTtbmKKuad7B-5HCFSmalK1jb9wU7g0FL--bIKDYN6wwGgMfFIY3XMJnttR1bgJ_DYweq-vMjnpQw8KVmyyyVrR1dZ-6BN9CtETiHo0_1HhOrLmQzTkO0-9JGVM1pMgkEoLoxEdjvaRBrxeqaNeAcpFa2rnck0kY3PwhndKd-Xr5Cjh6KsTP93Qhwx6LmVpwqTWzwQoPt0fVmMvI6mOZUqNGM0Z5AWRyDAu_SUE98nA7JNA9Bb3Fs0xn4HoHvIFOR9XW4ylDs7jAZgBy81Rdg5YnkjByWrCCv9my_6CdJYxe0eY-4VoGx2cwA0SzSwXCYUPvgnOJvEbMGNw0S5AFfUlqhTukhRQpG5nq1yJPTs-C8gbC8DyBKhLLw_FN91jHgEPKI27QEl0LOqQSn-ZnHOwsUkZi1O1JEpG9gsS_Nq0a1cCXqjIjo5kbfDLBw_eE1yO53KuWUcvBc0blebn7hvsVidWxFswrhy5xssY7H-fuFqQhOze8pmaOS5-oUlAXi7j0jNFxtp-3xT7eZB6Bi_3WPuxkxQSNkovF8DFMBT4IxytuIbokGS1zDlp1xXJNo1Em5epYzOSHUIvBVzJZCqNve-ajOO0YVR_N46D_PcsNd6uZLAkWdzOay5phAp1W3bgHKhOlRHsvcalofnAmVbINyx16RnlFsN9ENXZ2EuEOfOR6QGV_zhqfo0peOcmLaHtHqR6CjoYgShOpGxZZlsp8i9kmv-Z594W44v1USlUqy99mWmqJVVFlIuO6ESCSgcAng5Pk2T7V__uzqW8EGQDsYfdtGkuAe82keA7xpBzloTL5rE9IqPWywoOAVDVdFMYQ0gP13o_eXNjyuTQFcRVGoUx5Ls4uKoV4dUvHchtjLPB2yg7uwMTHHqq2UZuImrJbw&sai=AMfl-YS2AZXH1ScfUq-EM87tdtwCOVNxrIFE0Qj3DNUVeODMGO6egsTwnO4EHcfyc4b8wd7FtIzrgEa2TroXfGzO7kD31ziJmCMlQTc-ykW3bbdL8WhwniYy_leTvxxm8gJKcVjKfRAvI9SWyT-SGyXi5PA4PNudwiCLUHt-daizODvaL1vx0ZB1XwIeCN4Jnnfn8d3_8b1MCN-HstSVrg9tuqYOtL2f9W8mWlqo24o32HKc9sK7-I7ePRF_axAOa5uOBvtwxuhS81rQR5Yc3DYtC1ZVna7A1aBjq-oNJc1cO8d6NiZKvhAmRTm9vT8xE2r-wpc7NCQGRhaWVLEwa9pgMGIauxG7okegpNBJNDbOkuNORHDt9CMXZ6FdsPsWi98zbscH0y3eWrJm7N63y_i9ogqMgP6iWyGiq2IC5q5HmqxFAdVoUkErdl1oDzZlqzDbsutiDTJDEtW3qIJkV3SxGrzk4gw2r0B6tT26G790M8rntsw&sig=Cg0ArKJSzD7GMAdApTFwEAE&uach_m=%5BUACH%5D&pr=missingexchangepricemacro&fbs_aeid=%5Bgw_fbsaeid%5D&urlfix=1&omid=0&rm=1&ctpt=1081&vt=11&dtpt=540&dett=3&cstd=527&cisv=r20231101.68129&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&arae=0&ftch=1&adurl=

Requested by

Host: www.bestone-work.com
URL: https://www.bestone-work.com/doc_WFBmaC9HUTJhOThXemNIMkhHMlhRUT09?fbclid=IwAR2toTevgLsppj6JOZjrSHBFdjHyazS0QA9jX7BxsXQ8IfaeNDAa-hnA6Bs

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Sat, 04 Nov 2023 14:29:46 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame D04F 0
0 79ms
77ms Fetch
image/gif 142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjssOYuM-2jAAklUNg6GSbcKZ6V-u5usfwa8kqn0tydUIHU0yCE4HcLUBr9cO6M85I_Zpw7nXcZuPATaGcAmA6xt7xc0vsEUW0k73K-Jo10_aHTfrky8L9RkE_2eDqikKARgtP31IjXI8TFCtUsNFbSVFXu69X6U2r01eZzU1nkMgMpKwNdvqxXeQ3jiPR3FaErWaP59f0tn2zltDPEZNRQ_NKF6egdiowc7gJc-o0eO0-iR2NyhXJzpYJXO1XgnrYXlNzqr_cDBz8tWpCeH06riL7AJsGqniniF2kwFzPGsdX5O0a9SOGEKvNXlPDEzzddwXc2quBxTxN0KFJUEU-gh0IF0IPU9vrKBoF9nzGu9xjB9jf4AIYU9gL4XAdEesKQ4AMJ9J8aDD2Isx8hjCLZoEI5k7kaoxIxubCVITqWg5je0vMQHzvpY7AUwD8Puh8C3KJSMFE6v7ZfJIj7ia7jMx-ZEGNCaUADtLeSP8G0SkJ8qDp1J3UHujv3v0M7c2BPO4C3kWq-GlaFeCwmyHxmE_0NrNiidiKuf7BqHEbX7AYROhwscuZo4JyAhCB1buQEDctBcwFqgOl-LVt0X6V4bvRIX_t4U3fQGJL45w_OO6D9zqMahdaIVCXLJ1NRDFPlE424FDJXgLuoDjbsqmko4iLJlV58nYmZjttzZX2uOfXNIYrA99lUI_CTXrtVOv1-xwn1deCm9JNTenfutXz4uVTqosLOntlF_bxICN0X8ibwOuvh_ws-BzRCbUQEd8jm1OQMwy4DWz6yxpHRIXT5A1H5gj1WoPnLeumjFl-Q9Ci7mYb4nY8SNPoXpkBmSoTH2gjrTClfpPIO7H-qu_NgJqWCzgIxwolVI_KVeeG8ri8UQa81-34tKKTvBNr9Q0KhyrdLrlb_4Wvn8tZNJgHBKdNYuZVS6vf0VLOsvdHsdlIZqjfWx6RSwtbbAwPkRtoCo97kdCKytbVgr8l7wHbtvU3Yal_YVMOXhcAW9xGwfGO4Y7C5F3ivV0qulZ9zS-kHfRinWGnwfxuY9sK7ajrOV2LUTXnWIf3J7pBRqbMi7LhIMg9kBAvDyUGUseC4LwKDFFmUSgN6O2NkRLnKpUVRDybfdlTCQTsGOYfpCRlzKAEF8pcAG-9jcn0Ff-GWm7fhIfd1iwTKvq-UpCEH4y-fSUaBl8UM4eSMTo3qqwRQvAWiUhZLOB3vH6RWDSgQW_YQQnrNtZsV8IJ_xcbRTxeB00wF96Bpase7FEKEJIgt5uu2JCxr210yX9BeJkPzUZuFugWTLUpHu9eF0j6N13vjNq15KF4C_xmpZMG8yALuStZzUxNgteSEJ1nv5NtGFhgc-tzpm-YRx7x__7Z8xJ5-6Hp5fvHXVxrBhHpE2A8Fk8t5VGSkO_9WyPGmtsEpRK5jUzb8TYTujLnHfq&sai=AMfl-YRj-xmEsPPA_uOADmbt-WgS2MkoHDof2oY5xcm3ZVQgvkvP41oyKbB6fv4eOTy79FAkG4TwgHNMnjZn7-NoHSmoDDkyeki80z6Q7nFE-dvnOYPeOwss9UNTRk8vTwkVvGn8VuvGwOaiatcEtpK9-tbcTIi7be1V60ByowpO2AlNTmg7TYlHgwyZdi4oA99kMoxbrvoVDjHYfK_w--58JGOnb-g4Nw_yWyAGVVpotpJnst47TUjJw15UEuM9ZJurvD9nYrPHy_Cn5Co0hquz1Xy7C9qC5H9S1xEGPbU5qu0X9jZ_NdwzI7gQnBGF402dkZccilSpmcPUdfCl0sfm8lbLAmiJ6lCpnOFrMFloI1l04AklqnwCZys_6YB0J4-2GJBBYlE0wiCGqCZIhpj9lXbWwB6bc4TAyhAoqW95G2F7JvJzTBFNCN6zbpcFiPZXxNRxWxKGxlRDGk_bw6GkZvKIxuExI7Jvet1eAw6W993B7eU&sig=Cg0ArKJSzJwIpOqFew6tEAE&uach_m=%5BUACH%5D&pr=missingexchangepricemacro&fbs_aeid=%5Bgw_fbsaeid%5D&urlfix=1&omid=0&rm=1&ctpt=1054&vt=11&dtpt=539&dett=3&cstd=507&cisv=r20231101.45431&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&arae=0&ftch=1&adurl=

Requested by

Host: www.bestone-work.com
URL: https://www.bestone-work.com/doc_WFBmaC9HUTJhOThXemNIMkhHMlhRUT09?fbclid=IwAR2toTevgLsppj6JOZjrSHBFdjHyazS0QA9jX7BxsXQ8IfaeNDAa-hnA6Bs

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Sat, 04 Nov 2023 14:29:46 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame 459A 216 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 6cd95f25faae6fdc6740e6c5d59270c022568d221aef89501bf5ce86b7b60642

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 Fuchs-Bold.woff
s0.2mdn.net/sadbundle/16610766004197242518/ Frame 8B66 52 KB
53 KB 42ms
41ms Font
font/woff 2a00:1450:4001:808::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/16610766004197242518/Fuchs-Bold.woff

Requested by

Host: www.bestone-work.com
URL: https://www.bestone-work.com/doc_WFBmaC9HUTJhOThXemNIMkhHMlhRUT09?fbclid=IwAR2toTevgLsppj6JOZjrSHBFdjHyazS0QA9jX7BxsXQ8IfaeNDAa-hnA6Bs

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

465174ff94e0cb2a43c830797d23a0df7be69bfdf6dc8edfc2c68d4c8646974e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/sadbundle/16610766004197242518/index.html?e=69&leftOffset=0&topOffset=0&c=vBe9yAd3Qf&t=1&renderingType=2&ev=01_250
Origin: https://s0.2mdn.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Fri, 03 Nov 2023 02:16:19 GMT
x-content-type-options: nosniff
age: 130407
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 53752
x-xss-protection: 0
last-modified: Wed, 18 Oct 2023 11:12:19 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: font/woff
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 02 Nov 2024 02:16:19 GMT

GET
H3 200 Fuchs-Regular.woff2
s0.2mdn.net/sadbundle/16610766004197242518/ Frame 8B66 42 KB
42 KB 46ms
46ms Font
font/woff2 2a00:1450:4001:808::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/16610766004197242518/Fuchs-Regular.woff2

Requested by

Host: www.bestone-work.com
URL: https://www.bestone-work.com/doc_WFBmaC9HUTJhOThXemNIMkhHMlhRUT09?fbclid=IwAR2toTevgLsppj6JOZjrSHBFdjHyazS0QA9jX7BxsXQ8IfaeNDAa-hnA6Bs

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

78201805b315901e12781261ffd7bee843acfa8045774f567f729541d5104a20

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/sadbundle/16610766004197242518/index.html?e=69&leftOffset=0&topOffset=0&c=vBe9yAd3Qf&t=1&renderingType=2&ev=01_250
Origin: https://s0.2mdn.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Thu, 02 Nov 2023 22:48:30 GMT
x-content-type-options: nosniff
age: 142876
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43052
x-xss-protection: 0
last-modified: Wed, 18 Oct 2023 11:12:19 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 01 Nov 2024 22:48:30 GMT

GET
DATA 200
OK truncated
/ Frame D04F 211 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 89b9f0fcf0bef8de0c11196135a53af7b9219c0e6e4bdb08a3102e48169c67f5

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 Fuchs-Bold.woff
s0.2mdn.net/sadbundle/4410051726317096281/ Frame E978 52 KB
53 KB 49ms
48ms Font
font/woff 2a00:1450:4001:808::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/4410051726317096281/Fuchs-Bold.woff

Requested by

Host: www.bestone-work.com
URL: https://www.bestone-work.com/doc_WFBmaC9HUTJhOThXemNIMkhHMlhRUT09?fbclid=IwAR2toTevgLsppj6JOZjrSHBFdjHyazS0QA9jX7BxsXQ8IfaeNDAa-hnA6Bs

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

465174ff94e0cb2a43c830797d23a0df7be69bfdf6dc8edfc2c68d4c8646974e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/sadbundle/4410051726317096281/index.html?e=69&leftOffset=0&topOffset=0&c=d2RLXaBWXb&t=1&renderingType=2&ev=01_250
Origin: https://s0.2mdn.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Thu, 02 Nov 2023 22:47:38 GMT
x-content-type-options: nosniff
age: 142928
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 53752
x-xss-protection: 0
last-modified: Wed, 18 Oct 2023 11:12:28 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: font/woff
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 01 Nov 2024 22:47:38 GMT

GET
H3 200 Fuchs-Regular.woff2
s0.2mdn.net/sadbundle/4410051726317096281/ Frame E978 42 KB
42 KB 53ms
53ms Font
font/woff2 2a00:1450:4001:808::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/4410051726317096281/Fuchs-Regular.woff2

Requested by

Host: www.bestone-work.com
URL: https://www.bestone-work.com/doc_WFBmaC9HUTJhOThXemNIMkhHMlhRUT09?fbclid=IwAR2toTevgLsppj6JOZjrSHBFdjHyazS0QA9jX7BxsXQ8IfaeNDAa-hnA6Bs

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

78201805b315901e12781261ffd7bee843acfa8045774f567f729541d5104a20

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/sadbundle/4410051726317096281/index.html?e=69&leftOffset=0&topOffset=0&c=d2RLXaBWXb&t=1&renderingType=2&ev=01_250
Origin: https://s0.2mdn.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Thu, 02 Nov 2023 22:47:38 GMT
x-content-type-options: nosniff
age: 142928
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43052
x-xss-protection: 0
last-modified: Wed, 18 Oct 2023 11:12:28 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 01 Nov 2024 22:47:38 GMT

POST
H2 204 cdb Show response
bidder.criteo.com/ Frame 95D8 0
198 B 216ms
102ms XHR
text/plain 2a02:2638:3::7
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://bidder.criteo.com/cdb?ptv=144&profileId=184&cb=73209399604

Requested by

Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::7 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://www.bestone-work.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36
Content-type: application/x-www-form-urlencoded

Response headers

access-control-allow-origin: https://www.bestone-work.com
date: Sat, 04 Nov 2023 14:29:45 GMT
strict-transport-security: max-age=31536000; preload;
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
server: Kestrel
vary: Origin

POST
H2 204 cdb Show response
bidder.criteo.com/ Frame 95D8 0
198 B 213ms
101ms XHR
text/plain 2a02:2638:3::7
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://bidder.criteo.com/cdb?ptv=144&profileId=184&cb=79049805135

Requested by

Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::7 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://www.bestone-work.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36
Content-type: application/x-www-form-urlencoded

Response headers

access-control-allow-origin: https://www.bestone-work.com
date: Sat, 04 Nov 2023 14:29:46 GMT
strict-transport-security: max-age=31536000; preload;
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
server: Kestrel
vary: Origin

POST
H2 204 cdb Show response
bidder.criteo.com/ Frame 5085 0
199 B 138ms
45ms XHR
text/plain 2a02:2638:3::7
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://bidder.criteo.com/cdb?ptv=144&profileId=184&cb=26888515360

Requested by

Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::7 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://www.bestone-work.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36
Content-type: application/x-www-form-urlencoded

Response headers

access-control-allow-origin: https://www.bestone-work.com
date: Sat, 04 Nov 2023 14:29:45 GMT
strict-transport-security: max-age=31536000; preload;
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
server: Kestrel
vary: Origin

POST
H2 204 cdb Show response
bidder.criteo.com/ Frame 5085 0
198 B 139ms
47ms XHR
text/plain 2a02:2638:3::7
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://bidder.criteo.com/cdb?ptv=144&profileId=184&cb=41905221483

Requested by

Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::7 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://www.bestone-work.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36
Content-type: application/x-www-form-urlencoded

Response headers

access-control-allow-origin: https://www.bestone-work.com
date: Sat, 04 Nov 2023 14:29:45 GMT
strict-transport-security: max-age=31536000; preload;
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
server: Kestrel
vary: Origin

GET
H2 200 sync.js Show response
sync.logly.co.jp/sync/ Frame CEBA 0
268 B 263ms
262ms Script
text/plain 13.113.11.240
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://sync.logly.co.jp/sync/sync.js
Requested by: Host: sync.logly.co.jp
URL: https://sync.logly.co.jp/sync/sync.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.113.11.240 Tokyo, Japan, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-13-113-11-240.ap-northeast-1.compute.amazonaws.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://sync.logly.co.jp/sync/sync.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

access-control-allow-origin: *
pragma: no-cache
date: Sat, 04 Nov 2023 14:29:46 GMT
cache-control: private, no-cache, no-cache="Set-Cookie", proxy-revalidate
server: nginx
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
p3p: CP="NOI DSP COR NID DEVa PSAa PSDo OUR SAMa STP PRE STA UNI NAV COM"

POST
H2 204 cdb Show response
bidder.criteo.com/ Frame E331 0
198 B 164ms
102ms XHR
text/plain 2a02:2638:3::7
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://bidder.criteo.com/cdb?ptv=144&profileId=184&cb=37924048184

Requested by

Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::7 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://www.bestone-work.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36
Content-type: application/x-www-form-urlencoded

Response headers

access-control-allow-origin: https://www.bestone-work.com
date: Sat, 04 Nov 2023 14:29:45 GMT
strict-transport-security: max-age=31536000; preload;
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
server: Kestrel
vary: Origin

POST
H2 204 cdb Show response
bidder.criteo.com/ Frame E331 0
198 B 163ms
101ms XHR
text/plain 2a02:2638:3::7
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://bidder.criteo.com/cdb?ptv=144&profileId=184&cb=38538405122

Requested by

Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::7 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://www.bestone-work.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36
Content-type: application/x-www-form-urlencoded

Response headers

access-control-allow-origin: https://www.bestone-work.com
date: Sat, 04 Nov 2023 14:29:46 GMT
strict-transport-security: max-age=31536000; preload;
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
server: Kestrel
vary: Origin

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame 8B66 7 KB
6 KB 85ms
84ms XHR
application/json 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=xfad&tv=01_250&st=int

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_250.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7d60169e6cbaed215bca69cf53ce1826c2ab0522944f5d6a27a9adc92bb826cb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Sat, 04 Nov 2023 14:29:46 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 5780
x-xss-protection: 0

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame E978 7 KB
6 KB 89ms
88ms XHR
application/json 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=xfad&tv=01_250&st=int

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_250.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f4ca3178766060dba885fb47d492a3384ac5ef17579133a37adee9fa374145d8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Sat, 04 Nov 2023 14:29:46 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 5788
x-xss-protection: 0

POST
H2 204 events
bidder.criteo.com/csm/ Frame 5085 0
198 B 52ms
46ms Ping
text/plain 2a02:2638:3::7
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://bidder.criteo.com/csm/events

Requested by

Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::7 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://www.bestone-work.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: https://www.bestone-work.com
date: Sat, 04 Nov 2023 14:29:45 GMT
strict-transport-security: max-age=31536000; preload;
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
server: Kestrel
vary: Origin

GET
H2 200 pixel.gif
static.criteo.net/images/ Frame 5085 43 B
365 B 48ms
42ms Image
image/gif 2a02:2638:3::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/images/pixel.gif?ch=1

Requested by

Host: www.bestone-work.com
URL: https://www.bestone-work.com/doc_WFBmaC9HUTJhOThXemNIMkhHMlhRUT09?fbclid=IwAR2toTevgLsppj6JOZjrSHBFdjHyazS0QA9jX7BxsXQ8IfaeNDAa-hnA6Bs

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.bestone-work.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Sat, 04 Nov 2023 14:29:46 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Tue, 09 Dec 2008 16:52:36 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: "493ea254-2b"
content-type: image/gif
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
content-length: 43
expires: Tue, 29 Oct 2024 14:29:46 GMT

GET
H2 200 pixel.gif
static.criteo.net/images/ Frame 5085 43 B
365 B 49ms
44ms Image
image/gif 2a02:2638:3::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/images/pixel.gif?ch=2

Requested by

Host: www.bestone-work.com
URL: https://www.bestone-work.com/doc_WFBmaC9HUTJhOThXemNIMkhHMlhRUT09?fbclid=IwAR2toTevgLsppj6JOZjrSHBFdjHyazS0QA9jX7BxsXQ8IfaeNDAa-hnA6Bs

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.bestone-work.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Sat, 04 Nov 2023 14:29:46 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Tue, 09 Dec 2008 16:52:36 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: "493ea254-2b"
content-type: image/gif
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
content-length: 43
expires: Tue, 29 Oct 2024 14:29:46 GMT

POST
H2 204 events
bidder.criteo.com/csm/ Frame 5085 0
198 B 49ms
45ms Ping
text/plain 2a02:2638:3::7
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://bidder.criteo.com/csm/events

Requested by

Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::7 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://www.bestone-work.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: https://www.bestone-work.com
date: Sat, 04 Nov 2023 14:29:45 GMT
strict-transport-security: max-age=31536000; preload;
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
server: Kestrel
vary: Origin

GET
H3 200 60016953_20231006060352917_BG_male.jpg
s0.2mdn.net/ads/richmedia/studio/60016953/ Frame 8B66 53 KB
53 KB 44ms
43ms Image
image/jpeg 2a00:1450:4001:808::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/ads/richmedia/studio/60016953/60016953_20231006060352917_BG_male.jpg

Requested by

Host: www.bestone-work.com
URL: https://www.bestone-work.com/doc_WFBmaC9HUTJhOThXemNIMkhHMlhRUT09?fbclid=IwAR2toTevgLsppj6JOZjrSHBFdjHyazS0QA9jX7BxsXQ8IfaeNDAa-hnA6Bs

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f37cd718ea3e969d30ad2b3463f612c248454f42016144b79439ec8ba59f0d98

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/16610766004197242518/index.html?e=69&leftOffset=0&topOffset=0&c=vBe9yAd3Qf&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Fri, 03 Nov 2023 22:50:50 GMT
x-content-type-options: nosniff
age: 56336
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 54636
x-xss-protection: 0
last-modified: Fri, 06 Oct 2023 13:03:53 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 04 Nov 2023 22:50:50 GMT

GET
H3 200 VRB_Logo.png
s0.2mdn.net/ads/richmedia/studio/pv2/93987074/dirty/ Frame 8B66 8 KB
8 KB 60ms
58ms Image
image/png 2a00:1450:4001:808::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/ads/richmedia/studio/pv2/93987074/dirty/VRB_Logo.png

Requested by

Host: www.bestone-work.com
URL: https://www.bestone-work.com/doc_WFBmaC9HUTJhOThXemNIMkhHMlhRUT09?fbclid=IwAR2toTevgLsppj6JOZjrSHBFdjHyazS0QA9jX7BxsXQ8IfaeNDAa-hnA6Bs

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

45bd13f850b3ce3a888b0fffa935658a3f1581b5200bf4d0f337e001aea335ed

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/16610766004197242518/index.html?e=69&leftOffset=0&topOffset=0&c=vBe9yAd3Qf&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Fri, 03 Nov 2023 22:00:48 GMT
x-content-type-options: nosniff
age: 59338
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8130
x-xss-protection: 0
last-modified: Fri, 06 Oct 2023 13:03:37 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 04 Nov 2023 22:00:48 GMT

GET
H3 200 BSH_Logo.png
s0.2mdn.net/ads/richmedia/studio/pv2/94264659/dirty/ Frame 8B66 5 KB
5 KB 61ms
59ms Image
image/png 2a00:1450:4001:808::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/ads/richmedia/studio/pv2/94264659/dirty/BSH_Logo.png

Requested by

Host: www.bestone-work.com
URL: https://www.bestone-work.com/doc_WFBmaC9HUTJhOThXemNIMkhHMlhRUT09?fbclid=IwAR2toTevgLsppj6JOZjrSHBFdjHyazS0QA9jX7BxsXQ8IfaeNDAa-hnA6Bs

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6007562ecb492b00c4c60335f93fe56c8649b3036ef2a4e1585c20c05c058aae

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/16610766004197242518/index.html?e=69&leftOffset=0&topOffset=0&c=vBe9yAd3Qf&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Fri, 03 Nov 2023 22:48:55 GMT
x-content-type-options: nosniff
age: 56451
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4647
x-xss-protection: 0
last-modified: Fri, 06 Oct 2023 13:03:56 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 04 Nov 2023 22:48:55 GMT

GET
H3 200 60016953_20231006060333750_DerFuchs.png
s0.2mdn.net/ads/richmedia/studio/60016953/ Frame 8B66 53 KB
54 KB 60ms
58ms Image
image/png 2a00:1450:4001:808::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/ads/richmedia/studio/60016953/60016953_20231006060333750_DerFuchs.png

Requested by

Host: www.bestone-work.com
URL: https://www.bestone-work.com/doc_WFBmaC9HUTJhOThXemNIMkhHMlhRUT09?fbclid=IwAR2toTevgLsppj6JOZjrSHBFdjHyazS0QA9jX7BxsXQ8IfaeNDAa-hnA6Bs

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

dc6f09ea768ca2654fa70e0b53835d54c5002262c97aac33f53491f6de7299a8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/16610766004197242518/index.html?e=69&leftOffset=0&topOffset=0&c=vBe9yAd3Qf&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Fri, 03 Nov 2023 21:54:51 GMT
x-content-type-options: nosniff
age: 59695
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 54751
x-xss-protection: 0
last-modified: Fri, 06 Oct 2023 13:03:33 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 04 Nov 2023 21:54:51 GMT

GET
H3 200 60016953_20231006060352917_BG_male.jpg
s0.2mdn.net/ads/richmedia/studio/60016953/ Frame E978 53 KB
53 KB 55ms
53ms Image
image/jpeg 2a00:1450:4001:808::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/ads/richmedia/studio/60016953/60016953_20231006060352917_BG_male.jpg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/4410051726317096281/index.html?e=69&leftOffset=0&topOffset=0&c=d2RLXaBWXb&t=1&renderingType=2&ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f37cd718ea3e969d30ad2b3463f612c248454f42016144b79439ec8ba59f0d98

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/4410051726317096281/index.html?e=69&leftOffset=0&topOffset=0&c=d2RLXaBWXb&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Fri, 03 Nov 2023 22:50:50 GMT
x-content-type-options: nosniff
age: 56336
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 54636
x-xss-protection: 0
last-modified: Fri, 06 Oct 2023 13:03:53 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 04 Nov 2023 22:50:50 GMT

GET
H3 200 VRB_Logo.png
s0.2mdn.net/ads/richmedia/studio/pv2/93987074/dirty/ Frame E978 8 KB
8 KB 61ms
60ms Image
image/png 2a00:1450:4001:808::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/ads/richmedia/studio/pv2/93987074/dirty/VRB_Logo.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/4410051726317096281/index.html?e=69&leftOffset=0&topOffset=0&c=d2RLXaBWXb&t=1&renderingType=2&ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

45bd13f850b3ce3a888b0fffa935658a3f1581b5200bf4d0f337e001aea335ed

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/4410051726317096281/index.html?e=69&leftOffset=0&topOffset=0&c=d2RLXaBWXb&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Fri, 03 Nov 2023 22:00:48 GMT
x-content-type-options: nosniff
age: 59338
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8130
x-xss-protection: 0
last-modified: Fri, 06 Oct 2023 13:03:37 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 04 Nov 2023 22:00:48 GMT

GET
H3 200 BSH_Logo.png
s0.2mdn.net/ads/richmedia/studio/pv2/94264659/dirty/ Frame E978 5 KB
5 KB 63ms
61ms Image
image/png 2a00:1450:4001:808::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/ads/richmedia/studio/pv2/94264659/dirty/BSH_Logo.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/4410051726317096281/index.html?e=69&leftOffset=0&topOffset=0&c=d2RLXaBWXb&t=1&renderingType=2&ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6007562ecb492b00c4c60335f93fe56c8649b3036ef2a4e1585c20c05c058aae

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/4410051726317096281/index.html?e=69&leftOffset=0&topOffset=0&c=d2RLXaBWXb&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Fri, 03 Nov 2023 22:48:55 GMT
x-content-type-options: nosniff
age: 56451
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4647
x-xss-protection: 0
last-modified: Fri, 06 Oct 2023 13:03:56 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 04 Nov 2023 22:48:55 GMT

GET
H3 200 60016953_20231006060333750_DerFuchs.png
s0.2mdn.net/ads/richmedia/studio/60016953/ Frame E978 53 KB
54 KB 62ms
61ms Image
image/png 2a00:1450:4001:808::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/ads/richmedia/studio/60016953/60016953_20231006060333750_DerFuchs.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/4410051726317096281/index.html?e=69&leftOffset=0&topOffset=0&c=d2RLXaBWXb&t=1&renderingType=2&ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

dc6f09ea768ca2654fa70e0b53835d54c5002262c97aac33f53491f6de7299a8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/4410051726317096281/index.html?e=69&leftOffset=0&topOffset=0&c=d2RLXaBWXb&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Fri, 03 Nov 2023 21:54:51 GMT
x-content-type-options: nosniff
age: 59695
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 54751
x-xss-protection: 0
last-modified: Fri, 06 Oct 2023 13:03:33 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 04 Nov 2023 21:54:51 GMT

GET
H2 200 pixel.gif
static.criteo.net/images/ Frame E331 43 B
365 B 46ms
45ms Image
image/gif 2a02:2638:3::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/images/pixel.gif?ch=1

Requested by

Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.bestone-work.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Sat, 04 Nov 2023 14:29:46 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Tue, 09 Dec 2008 16:52:36 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: "493ea254-2b"
content-type: image/gif
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
content-length: 43
expires: Tue, 29 Oct 2024 14:29:46 GMT

GET
H2 200 pixel.gif
static.criteo.net/images/ Frame E331 43 B
365 B 45ms
44ms Image
image/gif 2a02:2638:3::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/images/pixel.gif?ch=2

Requested by

Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.bestone-work.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Sat, 04 Nov 2023 14:29:46 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Tue, 09 Dec 2008 16:52:36 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: "493ea254-2b"
content-type: image/gif
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
content-length: 43
expires: Tue, 29 Oct 2024 14:29:46 GMT

POST
H2 204 events
bidder.criteo.com/csm/ Frame E331 0
198 B 43ms
43ms Ping
text/plain 2a02:2638:3::7
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://bidder.criteo.com/csm/events

Requested by

Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::7 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://www.bestone-work.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: https://www.bestone-work.com
date: Sat, 04 Nov 2023 14:29:45 GMT
strict-transport-security: max-age=31536000; preload;
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
server: Kestrel
vary: Origin

GET
H2 200 pixel.gif
static.criteo.net/images/ Frame 95D8 43 B
365 B 49ms
46ms Image
image/gif 2a02:2638:3::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/images/pixel.gif?ch=1

Requested by

Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.bestone-work.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Sat, 04 Nov 2023 14:29:46 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Tue, 09 Dec 2008 16:52:36 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: "493ea254-2b"
content-type: image/gif
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
content-length: 43
expires: Tue, 29 Oct 2024 14:29:46 GMT

GET
H2 200 pixel.gif
static.criteo.net/images/ Frame 95D8 43 B
365 B 50ms
47ms Image
image/gif 2a02:2638:3::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/images/pixel.gif?ch=2

Requested by

Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.bestone-work.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Sat, 04 Nov 2023 14:29:46 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Tue, 09 Dec 2008 16:52:36 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: "493ea254-2b"
content-type: image/gif
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
content-length: 43
expires: Tue, 29 Oct 2024 14:29:46 GMT

POST
H2 204 events
bidder.criteo.com/csm/ Frame 95D8 0
198 B 47ms
46ms Ping
text/plain 2a02:2638:3::7
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://bidder.criteo.com/csm/events

Requested by

Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::7 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://www.bestone-work.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: https://www.bestone-work.com
date: Sat, 04 Nov 2023 14:29:45 GMT
strict-transport-security: max-age=31536000; preload;
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
server: Kestrel
vary: Origin

POST
H2 204 events
bidder.criteo.com/csm/ Frame 95D8 0
198 B 46ms
45ms Ping
text/plain 2a02:2638:3::7
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://bidder.criteo.com/csm/events

Requested by

Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::7 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://www.bestone-work.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: https://www.bestone-work.com
date: Sat, 04 Nov 2023 14:29:45 GMT
strict-transport-security: max-age=31536000; preload;
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
server: Kestrel
vary: Origin

GET
H2 200 pixel.gif
static.criteo.net/images/ Frame E331 43 B
365 B 50ms
42ms Image
image/gif 2a02:2638:3::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/images/pixel.gif?ch=1

Requested by

Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.bestone-work.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Sat, 04 Nov 2023 14:29:46 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Tue, 09 Dec 2008 16:52:36 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: "493ea254-2b"
content-type: image/gif
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
content-length: 43
expires: Tue, 29 Oct 2024 14:29:46 GMT

GET
H2 200 pixel.gif
static.criteo.net/images/ Frame E331 43 B
365 B 49ms
41ms Image
image/gif 2a02:2638:3::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/images/pixel.gif?ch=2

Requested by

Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.bestone-work.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Sat, 04 Nov 2023 14:29:46 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Tue, 09 Dec 2008 16:52:36 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: "493ea254-2b"
content-type: image/gif
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
content-length: 43
expires: Tue, 29 Oct 2024 14:29:46 GMT

POST
H2 204 events
bidder.criteo.com/csm/ Frame E331 0
198 B 70ms
62ms Ping
text/plain 2a02:2638:3::7
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://bidder.criteo.com/csm/events

Requested by

Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::7 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://www.bestone-work.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: https://www.bestone-work.com
date: Sat, 04 Nov 2023 14:29:45 GMT
strict-transport-security: max-age=31536000; preload;
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
server: Kestrel
vary: Origin

GET
H2 200 drawV2.js Show response
cdn.holmesmind.com/js/ Frame 95D8 13 KB
13 KB 49ms
43ms Script
application/javascript 2600:9000:2250:cc00:0:e06c:e940:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.holmesmind.com/js/drawV2.js
Requested by: Host: ad.holmesmind.com
URL: https://ad.holmesmind.com/adserver/ads.js?z=14487&rf=https%3A%2F%2Fwww.bestone-work.com%2Fdoc_WFBmaC9HUTJhOThXemNIMkhHMlhRUT09%3Ffbclid%3DIwAR2toTevgLsppj6JOZjrSHBFdjHyazS0QA9jX7BxsXQ8IfaeNDAa-hnA6Bs&n=913&o=1&fc=undefined&d=1&b=2&ts=1&ii=3&FPCK=955-x1nooupvOK0ldZ3HcyYe8O9EASUmBYIb&fp_uuid=0955-228ed05eed155c3ebfffe38b1136212a27ea5561caf434edf23f2da9a091d681&initver=230627P
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2250:cc00:0:e06c:e940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 31b4d2ac4928b0129a5a969594be92783dbbb13112dd350f128de1b8d7215f30

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.bestone-work.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

x-amz-version-id: sfdFHmFdC8YPCZiGqqMtE7USitFZTlzr
date: Sat, 04 Nov 2023 14:29:09 GMT
via: 1.1 598a1f878f2efc16baaf47787ffe82d2.cloudfront.net (CloudFront)
last-modified: Mon, 02 Oct 2023 08:54:55 GMT
server: AmazonS3
x-amz-cf-pop: FRA60-P2
age: 37
x-amz-server-side-encryption: AES256
etag: "dcf480340ca4b65dc9aa76bd9e677036"
x-cache: Hit from cloudfront
content-type: application/javascript
accept-ranges: bytes
content-length: 13033
x-amz-cf-id: T9b-FJAl_RVhsIYvCU3WXkiSDWzD7FTbXB38JJqBTD4iNsHuNarcgg==

GET
H2 200 drawV2.js Show response
cdn.holmesmind.com/js/ Frame E331 13 KB
13 KB 49ms
46ms Script
application/javascript 2600:9000:2250:cc00:0:e06c:e940:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.holmesmind.com/js/drawV2.js
Requested by: Host: ad.holmesmind.com
URL: https://ad.holmesmind.com/adserver/ads.js?z=14487&rf=https%3A%2F%2Fwww.bestone-work.com%2Fdoc_WFBmaC9HUTJhOThXemNIMkhHMlhRUT09%3Ffbclid%3DIwAR2toTevgLsppj6JOZjrSHBFdjHyazS0QA9jX7BxsXQ8IfaeNDAa-hnA6Bs&n=541&o=1&fc=undefined&d=1&b=2&ts=1&ii=3&FPCK=955-x1nooupvOK0ldZ3HcyYe8O9EASUmBYIb&fp_uuid=0955-228ed05eed155c3ebfffe38b1136212a27ea5561caf434edf23f2da9a091d681&initver=230627P
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2250:cc00:0:e06c:e940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 31b4d2ac4928b0129a5a969594be92783dbbb13112dd350f128de1b8d7215f30

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.bestone-work.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

x-amz-version-id: sfdFHmFdC8YPCZiGqqMtE7USitFZTlzr
date: Sat, 04 Nov 2023 14:29:09 GMT
via: 1.1 598a1f878f2efc16baaf47787ffe82d2.cloudfront.net (CloudFront)
last-modified: Mon, 02 Oct 2023 08:54:55 GMT
server: AmazonS3
x-amz-cf-pop: FRA60-P2
age: 37
x-amz-server-side-encryption: AES256
etag: "dcf480340ca4b65dc9aa76bd9e677036"
x-cache: Hit from cloudfront
content-type: application/javascript
accept-ranges: bytes
content-length: 13033
x-amz-cf-id: ruXnk7i8rslpCRTU-uLOoh_inQulv84dbgF6ac5mh63i2MJMcLAdsA==

GET
H2 200 drawV2.js Show response
cdn.holmesmind.com/js/ Frame 5085 13 KB
13 KB 62ms
59ms Script
application/javascript 2600:9000:2250:cc00:0:e06c:e940:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.holmesmind.com/js/drawV2.js
Requested by: Host: ad.holmesmind.com
URL: https://ad.holmesmind.com/adserver/ads.js?z=14487&rf=https%3A%2F%2Fwww.bestone-work.com%2Fdoc_WFBmaC9HUTJhOThXemNIMkhHMlhRUT09%3Ffbclid%3DIwAR2toTevgLsppj6JOZjrSHBFdjHyazS0QA9jX7BxsXQ8IfaeNDAa-hnA6Bs&n=517&o=1&fc=undefined&d=1&b=2&ts=1&ii=3&FPCK=955-x1nooupvOK0ldZ3HcyYe8O9EASUmBYIb&fp_uuid=0955-228ed05eed155c3ebfffe38b1136212a27ea5561caf434edf23f2da9a091d681&initver=230627P
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2250:cc00:0:e06c:e940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 31b4d2ac4928b0129a5a969594be92783dbbb13112dd350f128de1b8d7215f30

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.bestone-work.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

x-amz-version-id: sfdFHmFdC8YPCZiGqqMtE7USitFZTlzr
date: Sat, 04 Nov 2023 14:29:09 GMT
via: 1.1 598a1f878f2efc16baaf47787ffe82d2.cloudfront.net (CloudFront)
last-modified: Mon, 02 Oct 2023 08:54:55 GMT
server: AmazonS3
x-amz-cf-pop: FRA60-P2
age: 37
x-amz-server-side-encryption: AES256
etag: "dcf480340ca4b65dc9aa76bd9e677036"
x-cache: Hit from cloudfront
content-type: application/javascript
accept-ranges: bytes
content-length: 13033
x-amz-cf-id: TZQx5xyGe-H_Wt0Q2wrBUK-HndyLgWQZNHHW0-UrYw78v2NRTUNnpw==

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame 8B66 17 KB
6 KB 67ms
66ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_250.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Sat, 04 Nov 2023 14:29:46 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Sat, 04 Nov 2023 14:29:46 GMT

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame E978 17 KB
6 KB 71ms
64ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_250.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Sat, 04 Nov 2023 14:29:46 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Sat, 04 Nov 2023 14:29:46 GMT

GET
H3 200 4WwaGfWzeDAeGvs0ZrtmWMJUG7fu6zGPBJzQt4duOkA.js Show response
pagead2.googlesyndication.com/bg/ Frame 2C51 38 KB
15 KB 40ms
39ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/4WwaGfWzeDAeGvs0ZrtmWMJUG7fu6zGPBJzQt4duOkA.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e16c1a19f5b378301e1afb3466bb6658c2541bb7eeeb318f049cd0b7876e3a40

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Fri, 03 Nov 2023 19:04:57 GMT
content-encoding: br
x-content-type-options: nosniff
age: 69889
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15096
x-xss-protection: 0
last-modified: Tue, 31 Oct 2023 13:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sat, 02 Nov 2024 19:04:57 GMT

GET
H3 200 4WwaGfWzeDAeGvs0ZrtmWMJUG7fu6zGPBJzQt4duOkA.js Show response
pagead2.googlesyndication.com/bg/ Frame 62FF 38 KB
15 KB 40ms
40ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/4WwaGfWzeDAeGvs0ZrtmWMJUG7fu6zGPBJzQt4duOkA.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e16c1a19f5b378301e1afb3466bb6658c2541bb7eeeb318f049cd0b7876e3a40

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Fri, 03 Nov 2023 19:04:57 GMT
content-encoding: br
x-content-type-options: nosniff
age: 69889
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15096
x-xss-protection: 0
last-modified: Tue, 31 Oct 2023 13:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sat, 02 Nov 2024 19:04:57 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 5BB3 0
20 B 77ms
77ms Image
image/gif 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=44&t=2&bgai=BCxh_V1VGZZujG8OX1fAPvZ2_yAcAAAAAOAHgBAI&bg=!39yl3JPNAAb4oU7C2KE7ADQBe5WfOHq4th4c9IyKBPt2tuQkG8b3oqF2fh1-pBS4Df5c9ih2yfjcjuH0C8CYmKTSiZhNAgAAAhdSAAAADGgBBwoAJhsP2Pzih7tHf5AwvcT8eCobG5NSaTOCfeG7BczxOs6mvRlLiqbpmQNF3FdlsSYX9Z66W0xqvzFOJzdjuqFV5Hx8Rb9tOTAfzmcxI24WKceoFhdwa2Kwopbsy8Xda52FjlbbSdWb3ZOOHQgi_GzTgzDSLwheopFBr_N5gNBO4XZ77bTB_-Y5uOfY7K0efob3x7AThWgNAJqwgPZKHIfmUGeyezPJt1OF8UozIohu5DPnE_4ZytX4VotIGkRG1fuBAZAvup9UIQoycL7s8TmqKNS1G66gu-yBjjitQieMMf5eArAeA940i01jdrfS_T4g0lSCs6CAtG87jJdEx2uh9gA-0eZxRVzJsfAg_o_LPFN0P2Nrpy0xoZwIjF3aCk-DOEUshvQjBZ7nfP_XtUVS7di-FRwykVwK2TYJ32JnJSP3YD7B3m8zZwcS_lR7ZmmkP3V5X-VO7pwklYyRuhef8wKmpGhlR08qodjrFytTXQw93LelUzgQiyf3iZQ1eoKr8y_9S-El00xurpj0PSpTLIJKCAT4JVbjUTgA2m09CFXdHQUE91wcPI5Vym-YbKwWzQx5wBTTNpOBKJJUL2hOOsl802dqrVHFuvTVNp5jAkJHIv3Vz24RAT97Rejvrpsy4_LWXpF6A8MaSj981mE4_otFdToenwDrPsO0t1ofEndnpZf_7vB-2IHk2uttUNsfTNXUoYA5kY2WEOK6EyQHt53Ph6Pc_60LAPyjJDU_d4sPKsuOeKNxghVLK9QHTqcoaR1K21YTpHbgb2ZWt7KNqsQ_yxT232TQrils6frQyItudY40cf0L6sJJtX5Q9OLYIREqTxWu8TqkaHGGqSzGGz-ipOIc_7WKs9eRgvx-3TmrjlqpYaMkGz-rbe3CNkzxBivyjRRr1fHo8ZUgrp-TYJzgTdqIvhSb_YSu-MAFrEXDA7tRGqCBpxopzlQeQmg4msaVo8ghyFhFK4n2h6cOoN2GZPPKSQxSFr-eHzC-67ebxC7r6PpAkRlXAMdwAxed4gFwtIxLgq4yUYKUyfESKwPlpTbHCvFCbNKvdPKH7X8y7D2OzxrsCtxg6av6cVxEJspipQqbw36df1h59-kHeDSHki6OOEdCD1Vrs0c29kXYd98V4IYKFL3T_-ncG-qVmQhkuZ94taWg6_qzvUch

Requested by

Host: www.bestone-work.com
URL: https://www.bestone-work.com/doc_WFBmaC9HUTJhOThXemNIMkhHMlhRUT09?fbclid=IwAR2toTevgLsppj6JOZjrSHBFdjHyazS0QA9jX7BxsXQ8IfaeNDAa-hnA6Bs

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 04 Nov 2023 14:29:46 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 47C1 0
20 B 82ms
81ms Image
image/gif 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=44&t=2&bgai=BqQYOV1VGZZyjG8OX1fAPvZ2_yAcAAAAAOAHgBAI&bg=!CgmlCUbNAAb4oU7C2KE7ADQBe5WfOCb5htFhOqBo9UZu2tl0N6sTCU1aUfVtXtyEyEHHHDCISfAvf6CCWC7GWW8WcbdgAgAAAmNSAAAACmgBB5kDS8OAtXjsfGFRS1QbqFb5b0uy6T7-OYpUOoCx0rxlgk3ZjPFGiip4OJfimBuSpBZNdqPRI7QGP80W6FbalD4gPWHnxuJufOQsLgUucIE14pLB85iXRLfmP3-oIvcVszwb_GctXy6xrnVkZZfXR5GgBxgrPWA62F5VBidc_uel6R9GPaKIf4shHQsJeY_A3wc8SyYbfwXnEtb6jfuUERwFkH-qhH9Um6N6N1e07fzqgR7GnFAsGp5cunYfKBXEJDj86a__BEx0jEtDdBKepEpoxdNH2faVX2-MoSl8lN3tdz_C36-gEyy76EKBDPAa4EucH_pX26qQ00ysDLMxARHPuXbsnAAFa7uuW3WNJyVfqrTEl7Ot9NsyWddW8HxgW0TcJD4Vp7K8tsPaoZj26PmVv5Wt9V4MMDMoPZHSGv-3L0Yu2bRNtTqRHarGZttOnggDqpGo0KpS_yI0A6rBFl0CzPy6nOM8pBFhCoOnc3UNE3tS8o8wsZ7P-Qt2Ywr8UARnncgsjJtB27nYigX7S4rK58IN3sAujKevc4ta7q2bseLcqNY5pBBaYOCpcEvGfDEMnwSRF3uOCp5GcvViqRpDTWPBPyyi7k3SZplKZKn462s9JdiZk-z4Jtjwxa3Q1WmVLXdvOCrkQzftL6qa2CGS2mDb1ma19TrdRC7fAIvAXIsHFvbnAt6b5tk3QcUfiOa0AJSywweFijZC1sIsVEyDJIozr4hpdbdpJD-2UHzbLQ4RTtgGGSimb_hkB1Es3TevSMqUtl9OJwgcBaBkKnw3V-1npLbOFpSWSptD-F7pyItiEYuFIZZCxC_pMPCOQkb-AT6OuGzXnZgGDI6PPwBPd3h_V71KZeaUKtyE6NvcQtDV3xKpqelx0vLqjj8ETFg6Rb-cz89zxXnmjs4M75pT6_ElWtfDKpogpTr77L5d0rsBaTaTv1h26IBO46IVeFujzSUM-EeQLH1G3v4U3oAd0G9eM10ZfEIsXFFiA9Ng0A5E5joDZ_xelVpH0lbDRDegQAFD4RpIBpckObtTEZxNug8SQDnRmBcqmROzJVoGtSsD0zkC29gMocJPU5ijN2zXlIPAMpnAVmdcZVlBdnopjZBZY0X_-17ZjS9Mlw

Requested by

Host: www.bestone-work.com
URL: https://www.bestone-work.com/doc_WFBmaC9HUTJhOThXemNIMkhHMlhRUT09?fbclid=IwAR2toTevgLsppj6JOZjrSHBFdjHyazS0QA9jX7BxsXQ8IfaeNDAa-hnA6Bs

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 04 Nov 2023 14:29:46 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 01A3 42 B
64 B 3265ms
3265ms Fetch
image/gif 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjssIb3NesDVm0AaZmYjJO99itgsGhL_o1gn6o9mXOBgrlsRgu8YbvDhE58GnKIsO0VvvsCjEhxrfP5NOBz2Zf6znhLoHoOLMfgH6SGzhVfiC-BdZm99NreoUHu1LYy-vKUXRVy2PWYOMrcgf&sai=AMfl-YR2qH8gYyj0ZH48zimUc1XXLJveSk_S10TAk9a3ky4TD63UApHy5YYzKEPk4F-I-0VIHqqL6pwWXOJ6dY1u6m9FaTiWmtubCL9_Frmy2F2vQER1sBm1SQBlr1SHDEmKJSpoD1pHBKTpCjLYpA&sig=Cg0ArKJSzMj-n-SIupf3EAE&cid=CAQSTADICaaNcENSp6H22ZxgHKdIMYCAymXwDpr6ZSOG19tDD3mXHRsspowSmwslVei5SjzmmxlQqR1lBr_8oqt_oKxAAYZqzpZmRMsdO9IYAQ&id=lidar2&mcvt=1011&p=0,0,124,1005&mtos=383,1011,1011,1011,1011&tos=383,628,0,0,0&v=20231101&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=22&adk=1812271801&rs=2&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0%3D&vs=4&r=v&rst=1699108184935&rpt=715&met=mue&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0&io2=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 04 Nov 2023 14:29:46 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ Frame 84AE 99 KB
31 KB 2984ms
105ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: www.bestone-work.com
URL: https://www.bestone-work.com/doc_WFBmaC9HUTJhOThXemNIMkhHMlhRUT09?fbclid=IwAR2toTevgLsppj6JOZjrSHBFdjHyazS0QA9jX7BxsXQ8IfaeNDAa-hnA6Bs

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c2219375fabfebb3e34a8644b5183623445456b319ed173bdb9b8a5413651bd0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.bestone-work.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Sat, 04 Nov 2023 14:29:50 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 31020
x-xss-protection: 0
server: cafe
etag: 944 / 19665 / m202310310101 / config-hash: 7101305502720886139
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
expires: Sat, 04 Nov 2023 14:29:50 GMT

GET
H2 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ Frame AB99 99 KB
30 KB 3082ms
298ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: www.bestone-work.com
URL: https://www.bestone-work.com/doc_WFBmaC9HUTJhOThXemNIMkhHMlhRUT09?fbclid=IwAR2toTevgLsppj6JOZjrSHBFdjHyazS0QA9jX7BxsXQ8IfaeNDAa-hnA6Bs

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

dded9212044cf5652b9d310e290e71a426c271abe5eef07b2bf8c87ca593d64c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.bestone-work.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Sat, 04 Nov 2023 14:29:50 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 31018
x-xss-protection: 0
server: cafe
etag: 117 / 19665 / m202310310101 / config-hash: 7101305502720886139
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
expires: Sat, 04 Nov 2023 14:29:50 GMT

GET
H2 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ Frame 1AB1 99 KB
31 KB 3061ms
294ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: www.bestone-work.com
URL: https://www.bestone-work.com/doc_WFBmaC9HUTJhOThXemNIMkhHMlhRUT09?fbclid=IwAR2toTevgLsppj6JOZjrSHBFdjHyazS0QA9jX7BxsXQ8IfaeNDAa-hnA6Bs

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

75e321d9e0543d48415b7cd45279ad60e43d070dc18b15028382380a78e8b7c2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.bestone-work.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Sat, 04 Nov 2023 14:29:50 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 31161
x-xss-protection: 0
server: cafe
etag: 368 / 19665 / 31079420 / config-hash: 7101305502720886139
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
expires: Sat, 04 Nov 2023 14:29:50 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 459A 42 B
64 B 2708ms
2707ms Fetch
image/gif 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsskdR-HdMEo0MUsGlrWeqk3i6hehpf8NRa6MJn3ScmYpDeKrV-H1flekFBmMFBi1UbhweX0uXKRHJB0RK6eQWfJ9YDQ-H1iR9wMJavnLcCz_kBGCc1ber5aZl4e3NgjwFlWFripEnZ2LZ9p&sai=AMfl-YQmTbQcs2hmOOhEgpQarO5QnPvW8cmLDCfua82P25FraE5pWmz5QU9g9ef6ODQ7a_PRpK0Lx7XZJO1hwj8aXyVegTahlvH8XssR7E_qk4tcX8MZMTyatFc6tcoGDHG81kVncE2vzwMtXpnBtg&sig=Cg0ArKJSzFDQdMrLpII8EAE&cid=CAQSTADICaaNcENSp6H22ZxgHKdIMYCAymXwDpr6ZSOG19tDD3mXHRsspowSmwslVei5SjzmmxlQqR1lBr_8oqt_oKxAAYZqzpZmRMsdO9IYAQ&id=lidar2&mcvt=1000&p=0,0,600,160&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20231101&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=20&adk=1812271803&rs=2&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0%3D&vs=4&r=v&rst=1699108185022&rpt=710&met=ie&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0&io2=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 04 Nov 2023 14:29:49 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame D04F 42 B
64 B 2701ms
2700ms Fetch
image/gif 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjssqEQ776bM16Tg5rBGIbyy8vyCFs-5eVI1fpQ5A42VPO8WoqzPPiQqDjvveNYWuIxkSMWW5deFO_jG3y_STTigHzkyXFbBMVLMZ3blu4pKxtgCp6rUcntsrjP-Z_yX0wT5nNyMMZnyqZ9L5&sai=AMfl-YQigt0R-Wvy41WQrkLiRK7TA10D7jv32KMpwTaaQltwOEkqXndt4ZIiRqmapof-urwaZ9kIQi2JMHn0jGsLyrRBBI_yHoXSKE3q0s2SkLWX8Zw5_RzlgKQB8P6EswI-3MpJ2uuuzxAdAZR1JA&sig=Cg0ArKJSzLRFKfgtMSo5EAE&cid=CAQSTADICaaNcENSp6H22ZxgHKdIMYCAymXwDpr6ZSOG19tDD3mXHRsspowSmwslVei5SjzmmxlQqR1lBr_8oqt_oKxAAYZqzpZmRMsdO9IYAQ&id=lidar2&mcvt=1003&p=0,0,600,160&mtos=1003,1003,1003,1003,1003&tos=1003,0,0,0,0&v=20231101&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=20&adk=1812271804&rs=2&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0%3D&vs=4&r=v&rst=1699108185064&rpt=666&met=ie&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0&io2=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 04 Nov 2023 14:29:49 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 / Show response
t.ssp.hinet.net/ Frame E331 37 B
411 B 285ms
283ms XHR
text/html 203.75.214.136
HINET Data Commun...

General

Check archive.org

Show headers Download Go to

Full URL

https://t.ssp.hinet.net/

Requested by

Host: t.ssp.hinet.net
URL: https://t.ssp.hinet.net/utag.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

203.75.214.136 , Taiwan, ASN3462 (HINET Data Communication Business Group, TW),

Reverse DNS

203-75-214-136.hinet-ip.hinet.net

Software

nginx /

Resource Hash

211436c6c514192586535b621306528e7f95f85a8cd342682a6eb100a0ea671b

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.bestone-work.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Sat, 04 Nov 2023 14:29:50 GMT
strict-transport-security: max-age=0
content-encoding: gzip
server: nginx
vary: Accept-Encoding, Origin
content-type: text/html; charset=UTF-8
access-control-allow-origin: https://www.bestone-work.com
cache-control: no-cache, private
access-control-allow-credentials: true

GET
H2 200 / Show response
t.ssp.hinet.net/ Frame 95D8 37 B
410 B 562ms
561ms XHR
text/html 203.75.214.136
HINET Data Commun...

General

Check archive.org

Show headers Download Go to

Full URL

https://t.ssp.hinet.net/

Requested by

Host: t.ssp.hinet.net
URL: https://t.ssp.hinet.net/utag.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

203.75.214.136 , Taiwan, ASN3462 (HINET Data Communication Business Group, TW),

Reverse DNS

203-75-214-136.hinet-ip.hinet.net

Software

nginx /

Resource Hash

d3fe55369b0139ca1111fdfe2efe53ce0497f81078221a362c949050c6d0cf9c

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.bestone-work.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Sat, 04 Nov 2023 14:29:50 GMT
strict-transport-security: max-age=0
content-encoding: gzip
server: nginx
vary: Accept-Encoding, Origin
content-type: text/html; charset=UTF-8
access-control-allow-origin: https://www.bestone-work.com
cache-control: no-cache, private
access-control-allow-credentials: true

GET
H2 200 / Show response
t.ssp.hinet.net/ Frame 5085 37 B
411 B 557ms
556ms XHR
text/html 203.75.214.136
HINET Data Commun...

General

Check archive.org

Show headers Download Go to

Full URL

https://t.ssp.hinet.net/

Requested by

Host: t.ssp.hinet.net
URL: https://t.ssp.hinet.net/utag.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

203.75.214.136 , Taiwan, ASN3462 (HINET Data Communication Business Group, TW),

Reverse DNS

203-75-214-136.hinet-ip.hinet.net

Software

nginx /

Resource Hash

558086c9a2e2e18e5e4f4600dd48b067d18576f8e5d1f923defc75bde78c4f6a

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.bestone-work.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Sat, 04 Nov 2023 14:29:50 GMT
strict-transport-security: max-age=0
content-encoding: gzip
server: nginx
vary: Accept-Encoding, Origin
content-type: text/html; charset=UTF-8
access-control-allow-origin: https://www.bestone-work.com
cache-control: no-cache, private
access-control-allow-credentials: true

GET
H2 200 / Show response
t.ssp.hinet.net/ Frame 6DB9 37 B
409 B 556ms
556ms XHR
text/html 203.75.214.136
HINET Data Commun...

General

Check archive.org

Show headers Download Go to

Full URL

https://t.ssp.hinet.net/

Requested by

Host: t.ssp.hinet.net
URL: https://t.ssp.hinet.net/utag.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

203.75.214.136 , Taiwan, ASN3462 (HINET Data Communication Business Group, TW),

Reverse DNS

203-75-214-136.hinet-ip.hinet.net

Software

nginx /

Resource Hash

006c6c5f69e7079f466ed83d2c79bba516fad14a9800f6c948b325597f7059f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cdn.holmesmind.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Sat, 04 Nov 2023 14:29:50 GMT
strict-transport-security: max-age=0
content-encoding: gzip
server: nginx
vary: Accept-Encoding, Origin
content-type: text/html; charset=UTF-8
access-control-allow-origin: https://cdn.holmesmind.com
cache-control: no-cache, private
access-control-allow-credentials: true

GET
H2 200 pubads_impl.js Show response
securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202310310101/ Frame 84AE 425 KB
133 KB 40ms
39ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202310310101/pubads_impl.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e8cf20f6e98c91ff5a877209649b0839bb06e5751793babfb0dbbbb60a9e811a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.bestone-work.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Sat, 04 Nov 2023 10:57:06 GMT
content-encoding: br
x-content-type-options: nosniff
age: 12764
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 136288
x-xss-protection: 0
server: cafe
etag: 17302374607849014435
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, immutable, max-age=31536000
timing-allow-origin: *
expires: Sun, 03 Nov 2024 10:57:06 GMT

GET
H2 200 emome2 Show response
t.ssp.hinet.net/ Frame E331 30 B
280 B 285ms
285ms XHR
application/json 203.75.214.136
HINET Data Commun...

General

Check archive.org

Show headers Download Go to

Full URL

https://t.ssp.hinet.net/emome2?u=b48f03a6-b6fe-4d71-9574-fe50a5d3aa40

Requested by

Host: t.ssp.hinet.net
URL: https://t.ssp.hinet.net/utag.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

203.75.214.136 , Taiwan, ASN3462 (HINET Data Communication Business Group, TW),

Reverse DNS

203-75-214-136.hinet-ip.hinet.net

Software

nginx /

Resource Hash

365fc555dbd2149871a77b9485dbb0cbd487a0553f7a90163444349fee756f60

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.bestone-work.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Sat, 04 Nov 2023 14:29:50 GMT
strict-transport-security: max-age=0
content-encoding: gzip
server: nginx
vary: Accept-Encoding, Origin
content-type: application/json
access-control-allow-origin: https://www.bestone-work.com
cache-control: no-cache, private
access-control-allow-credentials: true

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ Frame 84AE 123 KB
46 KB 1076ms
1075ms Fetch
text/plain 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=863273736673448&correlator=2062800145920218&eid=31079310&output=ldjh&gdfp_req=1&vrg=202310310101&ptt=17&impl=fif&iu_parts=22670248360%2Cdocilepuppy_336x280&enc_prev_ius=%2F0%2F1&prev_iu_szs=336x280&ifi=1&sfv=1-0-40&sc=1&cookie=ID%3D837943565148831f%3AT%3D1699108183%3ART%3D1699108183%3AS%3DALNI_MZLRfKYJxDdf9Rq740IDnTR-SlHUw&gpic=UID%3D00000cc7858b6b4d%3AT%3D1699108183%3ART%3D1699108183%3AS%3DALNI_MYfm_-2kE2HkKonv82SA1qmi1255g&abxe=1&dt=1699108190361&lmt=1699108190&adxs=467&adys=596&biw=1600&bih=1200&isw=336&ish=280&scr_x=0&scr_y=0&btvi=0&ucis=ykb0s4kpttur&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&u_tz=60&dmc=8&bc=31&nvt=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&nhd=2&url=https%3A%2F%2Fwww.bestone-work.com%2Fdoc_WFBmaC9HUTJhOThXemNIMkhHMlhRUT09%3Ffbclid%3DIwAR2toTevgLsppj6JOZjrSHBFdjHyazS0QA9jX7BxsXQ8IfaeNDAa-hnA6Bs&ref=https%3A%2F%2Fwww.bestone-work.com%2Fdoc_WFBmaC9HUTJhOThXemNIMkhHMlhRUT09%3Ffbclid%3DIwAR2toTevgLsppj6JOZjrSHBFdjHyazS0QA9jX7BxsXQ8IfaeNDAa-hnA6Bs&top=https%3A%2F%2Fwww.bestone-work.com%2Fdoc_WFBmaC9HUTJhOThXemNIMkhHMlhRUT09%3Ffbclid%3DIwAR2toTevgLsppj6JOZjrSHBFdjHyazS0QA9jX7BxsXQ8IfaeNDAa-hnA6Bs&vis=1&psz=336x280&msz=336x0&fws=256&ohw=0&ea=0&ga_vid=480937667.1699108183&ga_sid=1699108190&ga_hid=1942817271&ga_fc=true&dlt=1699108187144&idt=3190&adks=1603015165&frm=23

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202310310101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8c79382216b01d58cdd19056ac52094d585188046de9a75e937abee42a4808a1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.bestone-work.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Sat, 04 Nov 2023 14:29:51 GMT
content-encoding: br
x-content-type-options: nosniff
observe-browsing-topics: ?1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 47073
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.bestone-work.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame 84AE 16 KB
12 KB 93ms
92ms XHR
application/json 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=m202310310101&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202310310101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

02e4edbd5e2986110fc70d68e251c2ddeeb6c6b07017f8b2a132d6c702c7695c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.bestone-work.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Sat, 04 Nov 2023 14:29:50 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 12314
x-xss-protection: 0

GET
H2 200 container.html Show response
ad75d8a6f6312b049d5445096012f93d.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame E898 6 KB
3 KB 173ms
52ms Document
text/html 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ad75d8a6f6312b049d5445096012f93d.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=2

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202310310101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bestone-work.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Sat, 04 Nov 2023 14:29:50 GMT
expires: Sun, 03 Nov 2024 14:29:50 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 pubads_impl.js Show response
securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202311020101/ Frame 1AB1 426 KB
133 KB 41ms
40ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202311020101/pubads_impl.js?cb=31079420

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a0691590289efab8aecb842f768940fb34fc23791ca890f77b1e6b7aeec03126

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.bestone-work.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Sat, 04 Nov 2023 12:53:41 GMT
content-encoding: br
x-content-type-options: nosniff
age: 5769
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 136626
x-xss-protection: 0
server: cafe
etag: 12374074705736737879
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, immutable, max-age=31536000
timing-allow-origin: *
expires: Sun, 03 Nov 2024 12:53:41 GMT

GET
H3 200 pubads_impl.js Show response
securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202310310101/ Frame AB99 425 KB
133 KB 55ms
55ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202310310101/pubads_impl.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e8cf20f6e98c91ff5a877209649b0839bb06e5751793babfb0dbbbb60a9e811a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.bestone-work.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Sat, 04 Nov 2023 14:17:57 GMT
content-encoding: br
x-content-type-options: nosniff
age: 713
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 136288
x-xss-protection: 0
server: cafe
etag: 17302374607849014435
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, immutable, max-age=31536000
timing-allow-origin: *
expires: Sun, 03 Nov 2024 14:17:57 GMT

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame 84AE 17 KB
6 KB 58ms
57ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202310310101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.bestone-work.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Sat, 04 Nov 2023 14:29:50 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Sat, 04 Nov 2023 14:29:50 GMT

GET
H2 200 cm Show response
t.ssp.hinet.net/ Frame E331 0
196 B 335ms
334ms XHR
image/png 203.75.214.136
HINET Data Commun...

General

Check archive.org

Show headers Download Go to

Full URL

https://t.ssp.hinet.net/cm?c=50ef57&cid=955-x1nooupvOK0ldZ3HcyYe8O9EASUmBYIb&mp=b48f03a6-b6fe-4d71-9574-fe50a5d3aa40

Requested by

Host: t.ssp.hinet.net
URL: https://t.ssp.hinet.net/utag.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

203.75.214.136 , Taiwan, ASN3462 (HINET Data Communication Business Group, TW),

Reverse DNS

203-75-214-136.hinet-ip.hinet.net

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.bestone-work.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Sat, 04 Nov 2023 14:29:50 GMT
strict-transport-security: max-age=0
server: nginx
vary: Origin
content-type: image/png
access-control-allow-origin: https://www.bestone-work.com
cache-control: no-cache, private
access-control-allow-credentials: true

GET
H2 200 pixel
b48f03a6-b6fe-4d71-9574-fe50a5d3aa40.t.ssp.hinet.net/ Frame E331 0
79 B 1274ms
280ms Image
image/png 203.75.214.136
HINET Data Commun...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b48f03a6-b6fe-4d71-9574-fe50a5d3aa40.t.ssp.hinet.net/pixel?bd=b48f03a6-b6fe-4d71-9574-fe50a5d3aa40&t=50ef57&referrer=

Requested by

Host: www.bestone-work.com
URL: https://www.bestone-work.com/doc_WFBmaC9HUTJhOThXemNIMkhHMlhRUT09?fbclid=IwAR2toTevgLsppj6JOZjrSHBFdjHyazS0QA9jX7BxsXQ8IfaeNDAa-hnA6Bs

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

203.75.214.136 , Taiwan, ASN3462 (HINET Data Communication Business Group, TW),

Reverse DNS

203-75-214-136.hinet-ip.hinet.net

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.bestone-work.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Sat, 04 Nov 2023 14:29:51 GMT
strict-transport-security: max-age=0
server: nginx
content-length: 0
content-type: image/png

GET
H2 200 cm Show response
t.ssp.hinet.net/ Frame 6DB9 0
194 B 284ms
284ms XHR
image/png 203.75.214.136
HINET Data Commun...

General

Check archive.org

Show headers Download Go to

Full URL

https://t.ssp.hinet.net/cm?c=cf&cid=undefined

Requested by

Host: t.ssp.hinet.net
URL: https://t.ssp.hinet.net/utag.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

203.75.214.136 , Taiwan, ASN3462 (HINET Data Communication Business Group, TW),

Reverse DNS

203-75-214-136.hinet-ip.hinet.net

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cdn.holmesmind.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Sat, 04 Nov 2023 14:29:50 GMT
strict-transport-security: max-age=0
server: nginx
vary: Origin
content-type: image/png
access-control-allow-origin: https://cdn.holmesmind.com
cache-control: no-cache, private
access-control-allow-credentials: true

GET
H2 200 pixel
1ec7d22b-2a91-45b9-8e83-5d594383f546.t.ssp.hinet.net/ Frame 6DB9 0
79 B 1289ms
281ms Image
image/png 203.75.214.136
HINET Data Commun...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://1ec7d22b-2a91-45b9-8e83-5d594383f546.t.ssp.hinet.net/pixel?bd=1ec7d22b-2a91-45b9-8e83-5d594383f546&t=cf&referrer=https%3A%2F%2Fbestone-work.com

Requested by

Host: cdn.holmesmind.com
URL: https://cdn.holmesmind.com/js/capmapping.htm

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

203.75.214.136 , Taiwan, ASN3462 (HINET Data Communication Business Group, TW),

Reverse DNS

203-75-214-136.hinet-ip.hinet.net

Software

nginx /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cdn.holmesmind.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Sat, 04 Nov 2023 14:29:51 GMT
strict-transport-security: max-age=0
server: nginx
content-length: 0
content-type: image/png

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 001F 13 KB
5 KB 40ms
39ms Document
text/html 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bestone-work.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 712
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Sat, 04 Nov 2023 14:17:58 GMT
expires: Sun, 03 Nov 2024 14:17:58 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 1E38 829 B
997 B 52ms
51ms Document
text/html 2a00:1450:4001:830::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

bb013843f8852f5bcbf355baf5b0fd5a78be11b4bd5e793d5776b90e3d69b05f

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-W-Z0vspf-y3Fn0IO2MrZ0w' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.bestone-work.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=300
content-encoding: gzip
content-security-policy: script-src 'report-sample' 'nonce-W-Z0vspf-y3Fn0IO2MrZ0w' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Sat, 04 Nov 2023 14:29:50 GMT
expires: Sat, 04 Nov 2023 14:29:50 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ Frame 1AB1 30 KB
12 KB 490ms
490ms Fetch
text/plain 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=2136066731595673&correlator=998162673288670&eid=31079420%2C21065724&output=ldjh&gdfp_req=1&vrg=202311020101&ptt=17&impl=fif&iu_parts=22670248360%2Cdocilepuppy_336x280&enc_prev_ius=%2F0%2F1&prev_iu_szs=336x280&ifi=1&sfv=1-0-40&sc=1&cookie=ID%3D837943565148831f%3AT%3D1699108183%3ART%3D1699108183%3AS%3DALNI_MZLRfKYJxDdf9Rq740IDnTR-SlHUw&gpic=UID%3D00000cc7858b6b4d%3AT%3D1699108183%3ART%3D1699108183%3AS%3DALNI_MYfm_-2kE2HkKonv82SA1qmi1255g&abxe=1&dt=1699108190592&lmt=1699108190&adxs=467&adys=4796&biw=1600&bih=1200&isw=336&ish=280&scr_x=0&scr_y=0&btvi=1&ucis=azp878db4l6y&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&u_tz=60&dmc=8&bc=31&nvt=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&nhd=2&url=https%3A%2F%2Fwww.bestone-work.com%2Fdoc_WFBmaC9HUTJhOThXemNIMkhHMlhRUT09%3Ffbclid%3DIwAR2toTevgLsppj6JOZjrSHBFdjHyazS0QA9jX7BxsXQ8IfaeNDAa-hnA6Bs&ref=https%3A%2F%2Fwww.bestone-work.com%2Fdoc_WFBmaC9HUTJhOThXemNIMkhHMlhRUT09%3Ffbclid%3DIwAR2toTevgLsppj6JOZjrSHBFdjHyazS0QA9jX7BxsXQ8IfaeNDAa-hnA6Bs&top=https%3A%2F%2Fwww.bestone-work.com%2Fdoc_WFBmaC9HUTJhOThXemNIMkhHMlhRUT09%3Ffbclid%3DIwAR2toTevgLsppj6JOZjrSHBFdjHyazS0QA9jX7BxsXQ8IfaeNDAa-hnA6Bs&vis=1&psz=336x280&msz=336x0&fws=256&ohw=0&ea=0&ga_vid=480937667.1699108183&ga_sid=1699108191&ga_hid=2049339166&ga_fc=true&dlt=1699108187256&idt=3315&adks=1603015165&frm=23

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202311020101/pubads_impl.js?cb=31079420

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

19b96e87d22b2e7717a263dd5856b1151eb62ec5ad393020fcd8573d6129a4ed

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.bestone-work.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Sat, 04 Nov 2023 14:29:51 GMT
content-encoding: br
x-content-type-options: nosniff
observe-browsing-topics: ?1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 12466
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.bestone-work.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame 1AB1 16 KB
12 KB 98ms
97ms XHR
application/json 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=m202311020101&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202311020101/pubads_impl.js?cb=31079420

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

cdd679436ffc3ffe8e43cc18ff2250adbff21e1ba559f2fd88f6dd1e388f1ae4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.bestone-work.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Sat, 04 Nov 2023 14:29:50 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 12367
x-xss-protection: 0

GET
H2 200 container.html Show response
29878dff826212eb6f9b86cfaeef62e8.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 3CD2 6 KB
3 KB 83ms
49ms Document
text/html 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://29878dff826212eb6f9b86cfaeef62e8.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=2

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202311020101/pubads_impl.js?cb=31079420

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bestone-work.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Sat, 04 Nov 2023 14:29:50 GMT
expires: Sun, 03 Nov 2024 14:29:50 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ Frame AB99 30 KB
12 KB 332ms
332ms Fetch
text/plain 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=1899101359555269&correlator=2966510920626513&eid=31079194&output=ldjh&gdfp_req=1&vrg=202310310101&ptt=17&impl=fif&iu_parts=22670248360%2Cdocilepuppy_336x280&enc_prev_ius=%2F0%2F1&prev_iu_szs=336x280&ifi=1&sfv=1-0-40&sc=1&cookie=ID%3D837943565148831f%3AT%3D1699108183%3ART%3D1699108183%3AS%3DALNI_MZLRfKYJxDdf9Rq740IDnTR-SlHUw&gpic=UID%3D00000cc7858b6b4d%3AT%3D1699108183%3ART%3D1699108183%3AS%3DALNI_MYfm_-2kE2HkKonv82SA1qmi1255g&abxe=1&dt=1699108190639&lmt=1699108190&adxs=467&adys=3296&biw=1600&bih=1200&isw=336&ish=280&scr_x=0&scr_y=0&btvi=1&ucis=q388w19dgv0g&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&u_tz=60&dmc=8&bc=31&nvt=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&nhd=2&url=https%3A%2F%2Fwww.bestone-work.com%2Fdoc_WFBmaC9HUTJhOThXemNIMkhHMlhRUT09%3Ffbclid%3DIwAR2toTevgLsppj6JOZjrSHBFdjHyazS0QA9jX7BxsXQ8IfaeNDAa-hnA6Bs&ref=https%3A%2F%2Fwww.bestone-work.com%2Fdoc_WFBmaC9HUTJhOThXemNIMkhHMlhRUT09%3Ffbclid%3DIwAR2toTevgLsppj6JOZjrSHBFdjHyazS0QA9jX7BxsXQ8IfaeNDAa-hnA6Bs&top=https%3A%2F%2Fwww.bestone-work.com%2Fdoc_WFBmaC9HUTJhOThXemNIMkhHMlhRUT09%3Ffbclid%3DIwAR2toTevgLsppj6JOZjrSHBFdjHyazS0QA9jX7BxsXQ8IfaeNDAa-hnA6Bs&vis=1&psz=336x280&msz=336x0&fws=256&ohw=0&ea=0&ga_vid=480937667.1699108183&ga_sid=1699108191&ga_hid=96760477&ga_fc=true&dlt=1699108187237&idt=3388&adks=1603015165&frm=23

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202310310101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d81a6be52d63d83dd8b2934525696d0088853a39729e01a7c35cf749751bffaa

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.bestone-work.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Sat, 04 Nov 2023 14:29:50 GMT
content-encoding: br
x-content-type-options: nosniff
observe-browsing-topics: ?1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 12340
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.bestone-work.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame AB99 16 KB
12 KB 152ms
152ms XHR
application/json 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=m202310310101&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202310310101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c225fa9e47bd57d83f5c9c3dcba41e0666f076410a55078ed1bfb2885021acd1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.bestone-work.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Sat, 04 Nov 2023 14:29:50 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 12164
x-xss-protection: 0

GET
H2 200 container.html Show response
0ac3468258a2676e4f5363caa7d6254b.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 06C6 6 KB
3 KB 97ms
51ms Document
text/html 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://0ac3468258a2676e4f5363caa7d6254b.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=2

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202310310101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bestone-work.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Sat, 04 Nov 2023 14:29:50 GMT
expires: Sun, 03 Nov 2024 14:29:50 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 1E38 0
0 74ms
74ms Image
text/html 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gpt_m202310310101&jk=863273736673448&rc=
Requested by: Host: www.bestone-work.com
URL: https://www.bestone-work.com/doc_WFBmaC9HUTJhOThXemNIMkhHMlhRUT09?fbclid=IwAR2toTevgLsppj6JOZjrSHBFdjHyazS0QA9jX7BxsXQ8IfaeNDAa-hnA6Bs
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

GET
H3 200 4WwaGfWzeDAeGvs0ZrtmWMJUG7fu6zGPBJzQt4duOkA.js Show response
pagead2.googlesyndication.com/bg/ Frame 001F 38 KB
15 KB 41ms
41ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/4WwaGfWzeDAeGvs0ZrtmWMJUG7fu6zGPBJzQt4duOkA.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e16c1a19f5b378301e1afb3466bb6658c2541bb7eeeb318f049cd0b7876e3a40

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Fri, 03 Nov 2023 19:04:57 GMT
content-encoding: br
x-content-type-options: nosniff
age: 69893
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15096
x-xss-protection: 0
last-modified: Tue, 31 Oct 2023 13:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sat, 02 Nov 2024 19:04:57 GMT

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame 1AB1 17 KB
6 KB 61ms
61ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202311020101/pubads_impl.js?cb=31079420

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.bestone-work.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Sat, 04 Nov 2023 14:29:50 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Sat, 04 Nov 2023 14:29:50 GMT

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 68C9 13 KB
5 KB 41ms
41ms Document
text/html 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bestone-work.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 712
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Sat, 04 Nov 2023 14:17:58 GMT
expires: Sun, 03 Nov 2024 14:17:58 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 aframe Show response
www.google.com/recaptcha/api2/ Frame E6A7 829 B
559 B 49ms
49ms Document
text/html 2a00:1450:4001:830::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

9df52b037eb2207bec06f864cde6638b1ff3355ea364d4bb0d593e7821cada7f

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-n_ijsxxqyo3V11vhGIqI7A' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.bestone-work.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=300
content-encoding: gzip
content-security-policy: script-src 'report-sample' 'nonce-n_ijsxxqyo3V11vhGIqI7A' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Sat, 04 Nov 2023 14:29:50 GMT
expires: Sat, 04 Nov 2023 14:29:50 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame 001F 0
10 B 39ms
39ms Image
text/plain 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?NcgU1g
Requested by: Host: www.bestone-work.com
URL: https://www.bestone-work.com/doc_WFBmaC9HUTJhOThXemNIMkhHMlhRUT09?fbclid=IwAR2toTevgLsppj6JOZjrSHBFdjHyazS0QA9jX7BxsXQ8IfaeNDAa-hnA6Bs
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Sat, 04 Nov 2023 14:29:50 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame AB99 17 KB
6 KB 54ms
54ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202310310101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.bestone-work.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Sat, 04 Nov 2023 14:29:50 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Sat, 04 Nov 2023 14:29:50 GMT

GET
H3 200 4WwaGfWzeDAeGvs0ZrtmWMJUG7fu6zGPBJzQt4duOkA.js Show response
pagead2.googlesyndication.com/bg/ Frame 68C9 38 KB
15 KB 39ms
39ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/4WwaGfWzeDAeGvs0ZrtmWMJUG7fu6zGPBJzQt4duOkA.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e16c1a19f5b378301e1afb3466bb6658c2541bb7eeeb318f049cd0b7876e3a40

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Fri, 03 Nov 2023 19:04:57 GMT
content-encoding: br
x-content-type-options: nosniff
age: 69893
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15096
x-xss-protection: 0
last-modified: Tue, 31 Oct 2023 13:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sat, 02 Nov 2024 19:04:57 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame E6A7 0
0 74ms
73ms Image
text/html 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gpt_m202311020101&jk=2136066731595673&rc=
Requested by: Host: www.bestone-work.com
URL: https://www.bestone-work.com/doc_WFBmaC9HUTJhOThXemNIMkhHMlhRUT09?fbclid=IwAR2toTevgLsppj6JOZjrSHBFdjHyazS0QA9jX7BxsXQ8IfaeNDAa-hnA6Bs
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 45D0 13 KB
5 KB 41ms
40ms Document
text/html 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bestone-work.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 712
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Sat, 04 Nov 2023 14:17:58 GMT
expires: Sun, 03 Nov 2024 14:17:58 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 7C6F 829 B
560 B 50ms
50ms Document
text/html 2a00:1450:4001:830::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

d33496ad81d75fc169b779b7fdb422d05ab224e0d3a3aa4252a4d82525e54d49

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-bJFcmcGpQXcS9HxwJKRZsQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.bestone-work.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=300
content-encoding: gzip
content-security-policy: script-src 'report-sample' 'nonce-bJFcmcGpQXcS9HxwJKRZsQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Sat, 04 Nov 2023 14:29:50 GMT
expires: Sat, 04 Nov 2023 14:29:50 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H3 200 4WwaGfWzeDAeGvs0ZrtmWMJUG7fu6zGPBJzQt4duOkA.js Show response
pagead2.googlesyndication.com/bg/ Frame 45D0 38 KB
15 KB 39ms
39ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/4WwaGfWzeDAeGvs0ZrtmWMJUG7fu6zGPBJzQt4duOkA.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e16c1a19f5b378301e1afb3466bb6658c2541bb7eeeb318f049cd0b7876e3a40

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Fri, 03 Nov 2023 19:04:57 GMT
content-encoding: br
x-content-type-options: nosniff
age: 69893
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15096
x-xss-protection: 0
last-modified: Tue, 31 Oct 2023 13:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sat, 02 Nov 2024 19:04:57 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 7C6F 0
0 73ms
73ms Image
text/html 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gpt_m202310310101&jk=1899101359555269&rc=
Requested by: Host: www.bestone-work.com
URL: https://www.bestone-work.com/doc_WFBmaC9HUTJhOThXemNIMkhHMlhRUT09?fbclid=IwAR2toTevgLsppj6JOZjrSHBFdjHyazS0QA9jX7BxsXQ8IfaeNDAa-hnA6Bs
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame 68C9 0
10 B 39ms
39ms Image
text/plain 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?1MKx_w
Requested by: Host: www.bestone-work.com
URL: https://www.bestone-work.com/doc_WFBmaC9HUTJhOThXemNIMkhHMlhRUT09?fbclid=IwAR2toTevgLsppj6JOZjrSHBFdjHyazS0QA9jX7BxsXQ8IfaeNDAa-hnA6Bs
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Sat, 04 Nov 2023 14:29:50 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H2 200 container.html Show response
0ac3468258a2676e4f5363caa7d6254b.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 4551 6 KB
3 KB 48ms
47ms Document
text/html 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://0ac3468258a2676e4f5363caa7d6254b.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=2

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202310310101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bestone-work.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Sat, 04 Nov 2023 14:29:50 GMT
expires: Sun, 03 Nov 2024 14:29:50 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame 45D0 0
11 B 39ms
38ms Image
text/plain 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?EfDOEQ
Requested by: Host: www.bestone-work.com
URL: https://www.bestone-work.com/doc_WFBmaC9HUTJhOThXemNIMkhHMlhRUT09?fbclid=IwAR2toTevgLsppj6JOZjrSHBFdjHyazS0QA9jX7BxsXQ8IfaeNDAa-hnA6Bs
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Sat, 04 Nov 2023 14:29:51 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 5FF2 640 B
262 B 100ms
99ms Document
text/html 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CPjqRhC5lOngAhihpsL1ATAB&v=APEucNWCeOQaMz9xRt3j2O_1FGfvG1UuGnuj2rc5EjXUn4Gq-D11uLzoQY693P5DXbAWOVkESTghR6fLjlpiyHpEWBiEScuNmz9lSsuwtNLm-W5EomdKDDh7uXbjeX0qZ-ENEzb96f854TfD7B2_yYTCeILeuzWg5RiJR4j-12xykRwOR2RIaT0

Requested by

Host: www.bestone-work.com
URL: https://www.bestone-work.com/doc_WFBmaC9HUTJhOThXemNIMkhHMlhRUT09?fbclid=IwAR2toTevgLsppj6JOZjrSHBFdjHyazS0QA9jX7BxsXQ8IfaeNDAa-hnA6Bs

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d0e8821e889280c3b745b859e6b3971924723a4562bac65ba8aa0fe44bfc83b2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://0ac3468258a2676e4f5363caa7d6254b.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: br
content-length: 242
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sat, 04 Nov 2023 14:29:51 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 dv3.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame E1E4 89 KB
31 KB 165ms
164ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/dv3.js

Requested by

Host: www.bestone-work.com
URL: https://www.bestone-work.com/doc_WFBmaC9HUTJhOThXemNIMkhHMlhRUT09?fbclid=IwAR2toTevgLsppj6JOZjrSHBFdjHyazS0QA9jX7BxsXQ8IfaeNDAa-hnA6Bs

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

6c0bd41a591f67aa54215c9f9c1f0e86935d86b6546a0ba0bf9cebbed53a9ebc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://0ac3468258a2676e4f5363caa7d6254b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Sat, 04 Nov 2023 14:29:51 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 31491
x-xss-protection: 0
server: cafe
etag: 6167930392490353973
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=600
timing-allow-origin: *
expires: Sat, 04 Nov 2023 14:29:51 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231101/r20110914/client/ Frame E1E4 3 KB
1 KB 41ms
39ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231101/r20110914/client/window_focus_fy2021.js

Requested by

Host: www.bestone-work.com
URL: https://www.bestone-work.com/doc_WFBmaC9HUTJhOThXemNIMkhHMlhRUT09?fbclid=IwAR2toTevgLsppj6JOZjrSHBFdjHyazS0QA9jX7BxsXQ8IfaeNDAa-hnA6Bs

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://0ac3468258a2676e4f5363caa7d6254b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Sat, 04 Nov 2023 11:05:10 GMT
content-encoding: br
x-content-type-options: nosniff
age: 12281
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 18 Nov 2023 11:05:10 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231101/r20110914/client/ Frame E1E4 20 KB
8 KB 41ms
40ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231101/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: www.bestone-work.com
URL: https://www.bestone-work.com/doc_WFBmaC9HUTJhOThXemNIMkhHMlhRUT09?fbclid=IwAR2toTevgLsppj6JOZjrSHBFdjHyazS0QA9jX7BxsXQ8IfaeNDAa-hnA6Bs

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

11435640d1ed2fa5f24ccd7f074b66c4d191a97a2931e793be6799d2b6a5e459

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://0ac3468258a2676e4f5363caa7d6254b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Fri, 03 Nov 2023 19:20:48 GMT
content-encoding: br
x-content-type-options: nosniff
age: 68943
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8610
x-xss-protection: 0
server: cafe
etag: 7739385728678230190
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 17 Nov 2023 19:20:48 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame E1E4 189 KB
59 KB 52ms
51ms Script
text/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: www.bestone-work.com
URL: https://www.bestone-work.com/doc_WFBmaC9HUTJhOThXemNIMkhHMlhRUT09?fbclid=IwAR2toTevgLsppj6JOZjrSHBFdjHyazS0QA9jX7BxsXQ8IfaeNDAa-hnA6Bs

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a7b6ac83d0a5dbb3a50fb28ff292d09cdd262834c50beb293d9aad1550eac5a1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://0ac3468258a2676e4f5363caa7d6254b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Sat, 04 Nov 2023 14:29:51 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 60699
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1698838693892887"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 04 Nov 2023 14:29:51 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame E1E4 42 B
63 B 74ms
73ms Image
image/gif 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-A40ZQD36Ni38KXj3vvYN1e-5-zcErkx_0C56dK10PigkRfu0YoN7AXtfqbTQgMZBnCg2ynnjfpFzAHTS91MmoQQC2uvN8vVKe5_HA26avGr0LGBKQ

Requested by

Host: www.bestone-work.com
URL: https://www.bestone-work.com/doc_WFBmaC9HUTJhOThXemNIMkhHMlhRUT09?fbclid=IwAR2toTevgLsppj6JOZjrSHBFdjHyazS0QA9jX7BxsXQ8IfaeNDAa-hnA6Bs

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://0ac3468258a2676e4f5363caa7d6254b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 04 Nov 2023 14:29:51 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame E1E4 0
20 B 74ms
73ms Image
image/gif 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=fetch&cor=10958962371668473453&x=1&ct=119

Requested by

Host: www.bestone-work.com
URL: https://www.bestone-work.com/doc_WFBmaC9HUTJhOThXemNIMkhHMlhRUT09?fbclid=IwAR2toTevgLsppj6JOZjrSHBFdjHyazS0QA9jX7BxsXQ8IfaeNDAa-hnA6Bs

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://0ac3468258a2676e4f5363caa7d6254b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 04 Nov 2023 14:29:51 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 container.html Show response
29878dff826212eb6f9b86cfaeef62e8.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 5AAD 6 KB
3 KB 41ms
41ms Document
text/html 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://29878dff826212eb6f9b86cfaeef62e8.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=2

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202311020101/pubads_impl.js?cb=31079420

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bestone-work.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Sat, 04 Nov 2023 14:29:50 GMT
expires: Sun, 03 Nov 2024 14:29:50 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame E169 466 B
235 B 90ms
85ms Document
text/html 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CPjqRhC5lOngAhihpsL1ATAB&v=APEucNUM6pSFR6jgRxxXpqEX1Gvt9r_soPY5gRHFj8httDh6aW_0kdqouPAFk4eS_3mBspUWQIUuygUDG-4bmVsOQwC1y9e_nf_rrxy-UHA68N_748gUHVjwyq2bl-SZz126jlwNI_iSzCGVLlFh79L8BqdB5M6quwnmudfwBVHI3Xch1-PaOL0

Requested by

Host: www.bestone-work.com
URL: https://www.bestone-work.com/doc_WFBmaC9HUTJhOThXemNIMkhHMlhRUT09?fbclid=IwAR2toTevgLsppj6JOZjrSHBFdjHyazS0QA9jX7BxsXQ8IfaeNDAa-hnA6Bs

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

37ab5c060ae53ccda75b8bd212d874a17650f7954b11c4e31f568990ab40196b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://29878dff826212eb6f9b86cfaeef62e8.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: br
content-length: 215
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sat, 04 Nov 2023 14:29:51 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 dv3.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame 5761 89 KB
31 KB 219ms
213ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/dv3.js

Requested by

Host: www.bestone-work.com
URL: https://www.bestone-work.com/doc_WFBmaC9HUTJhOThXemNIMkhHMlhRUT09?fbclid=IwAR2toTevgLsppj6JOZjrSHBFdjHyazS0QA9jX7BxsXQ8IfaeNDAa-hnA6Bs

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

6c0bd41a591f67aa54215c9f9c1f0e86935d86b6546a0ba0bf9cebbed53a9ebc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://29878dff826212eb6f9b86cfaeef62e8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Sat, 04 Nov 2023 14:29:51 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 31491
x-xss-protection: 0
server: cafe
etag: 6167930392490353973
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=600
timing-allow-origin: *
expires: Sat, 04 Nov 2023 14:29:51 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231101/r20110914/client/ Frame 5761 3 KB
1 KB 45ms
39ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231101/r20110914/client/window_focus_fy2021.js

Requested by

Host: www.bestone-work.com
URL: https://www.bestone-work.com/doc_WFBmaC9HUTJhOThXemNIMkhHMlhRUT09?fbclid=IwAR2toTevgLsppj6JOZjrSHBFdjHyazS0QA9jX7BxsXQ8IfaeNDAa-hnA6Bs

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://29878dff826212eb6f9b86cfaeef62e8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Sat, 04 Nov 2023 11:05:10 GMT
content-encoding: br
x-content-type-options: nosniff
age: 12281
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 18 Nov 2023 11:05:10 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231101/r20110914/client/ Frame 5761 20 KB
8 KB 45ms
40ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231101/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: www.bestone-work.com
URL: https://www.bestone-work.com/doc_WFBmaC9HUTJhOThXemNIMkhHMlhRUT09?fbclid=IwAR2toTevgLsppj6JOZjrSHBFdjHyazS0QA9jX7BxsXQ8IfaeNDAa-hnA6Bs

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

11435640d1ed2fa5f24ccd7f074b66c4d191a97a2931e793be6799d2b6a5e459

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://29878dff826212eb6f9b86cfaeef62e8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Fri, 03 Nov 2023 19:20:48 GMT
content-encoding: br
x-content-type-options: nosniff
age: 68943
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8610
x-xss-protection: 0
server: cafe
etag: 7739385728678230190
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 17 Nov 2023 19:20:48 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 5761 189 KB
59 KB 58ms
52ms Script
text/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: www.bestone-work.com
URL: https://www.bestone-work.com/doc_WFBmaC9HUTJhOThXemNIMkhHMlhRUT09?fbclid=IwAR2toTevgLsppj6JOZjrSHBFdjHyazS0QA9jX7BxsXQ8IfaeNDAa-hnA6Bs

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a7b6ac83d0a5dbb3a50fb28ff292d09cdd262834c50beb293d9aad1550eac5a1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://29878dff826212eb6f9b86cfaeef62e8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Sat, 04 Nov 2023 14:29:51 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 60699
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1698838693892887"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 04 Nov 2023 14:29:51 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 5761 42 B
63 B 78ms
72ms Image
image/gif 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-C7zCNgNwp9F2q4C0DWgqkcjChkjCQJTzYJebsBcMCGIxn1Yn9nOxku9z6p0qoFTs-g5S_h_W0O_XUu--yDRdhRb5OgvSwIZ1Sh93JA_85-Jl4-dCU

Requested by

Host: www.bestone-work.com
URL: https://www.bestone-work.com/doc_WFBmaC9HUTJhOThXemNIMkhHMlhRUT09?fbclid=IwAR2toTevgLsppj6JOZjrSHBFdjHyazS0QA9jX7BxsXQ8IfaeNDAa-hnA6Bs

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://29878dff826212eb6f9b86cfaeef62e8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 04 Nov 2023 14:29:51 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 5761 0
20 B 77ms
72ms Image
image/gif 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=fetch&cor=11504441218517931303&x=1&ct=119

Requested by

Host: www.bestone-work.com
URL: https://www.bestone-work.com/doc_WFBmaC9HUTJhOThXemNIMkhHMlhRUT09?fbclid=IwAR2toTevgLsppj6JOZjrSHBFdjHyazS0QA9jX7BxsXQ8IfaeNDAa-hnA6Bs

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://29878dff826212eb6f9b86cfaeef62e8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 04 Nov 2023 14:29:51 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

sd
us-u.openx.net/w/1.0/ Frame 5FF2
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_dbm
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESELNuUaFY5I3k5L1SSEmuGlk&google_cver=1

43 B
273 B

88ms
49ms

Image
image/gif

34.98.64.218
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESELNuUaFY5I3k5L1SSEmuGlk&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPjqRhC5lOngAhihpsL1ATAB&v=APEucNWCeOQaMz9xRt3j2O_1FGfvG1UuGnuj2rc5EjXUn4Gq-D11uLzoQY693P5DXbAWOVkESTghR6fLjlpiyHpEWBiEScuNmz9lSsuwtNLm-W5EomdKDDh7uXbjeX0qZ-ENEzb96f854TfD7B2_yYTCeILeuzWg5RiJR4j-12xykRwOR2RIaT0
Protocol: H2
Server: 34.98.64.218 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 218.64.98.34.bc.googleusercontent.com
Software: OXGW/0.0.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 04 Nov 2023 14:29:51 GMT
via: 1.1 google
server: OXGW/0.0.0
vary: Accept
content-type: image/gif
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma: no-cache
date: Sat, 04 Nov 2023 14:29:51 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESELNuUaFY5I3k5L1SSEmuGlk&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 295
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 cm
us-u.openx.net/w/1.0/ Frame 5FF2 43 B
145 B 139ms
50ms Image
image/gif 34.98.64.218
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://us-u.openx.net/w/1.0/cm?id=9ca165a9-d9fe-2ff6-d83d-d145a80b0d37&r=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dopenx%26google_hm%3D%7Bopenx_uuid_base64%7D
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPjqRhC5lOngAhihpsL1ATAB&v=APEucNWCeOQaMz9xRt3j2O_1FGfvG1UuGnuj2rc5EjXUn4Gq-D11uLzoQY693P5DXbAWOVkESTghR6fLjlpiyHpEWBiEScuNmz9lSsuwtNLm-W5EomdKDDh7uXbjeX0qZ-ENEzb96f854TfD7B2_yYTCeILeuzWg5RiJR4j-12xykRwOR2RIaT0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.98.64.218 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 218.64.98.34.bc.googleusercontent.com
Software: OXGW/0.0.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 04 Nov 2023 14:29:51 GMT
content-encoding: gzip
via: 1.1 google
server: OXGW/0.0.0
vary: Accept, Accept-Encoding
content-type: image/gif
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 56
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H2

200

um
sync.teads.tv/ Frame 5FF2
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=teadstv_dbm&google_cm&google_dbm
https://sync.teads.tv/um?eid=3&uid=CAESELXwQi1pE3A7fGufBsB5gBw&google_cver=1

23 B
163 B

187ms
67ms

Image
image/gif

2.16.97.41
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.teads.tv/um?eid=3&uid=CAESELXwQi1pE3A7fGufBsB5gBw&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPjqRhC5lOngAhihpsL1ATAB&v=APEucNWCeOQaMz9xRt3j2O_1FGfvG1UuGnuj2rc5EjXUn4Gq-D11uLzoQY693P5DXbAWOVkESTghR6fLjlpiyHpEWBiEScuNmz9lSsuwtNLm-W5EomdKDDh7uXbjeX0qZ-ENEzb96f854TfD7B2_yYTCeILeuzWg5RiJR4j-12xykRwOR2RIaT0
Protocol: H2
Server: 2.16.97.41 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-16-97-41.deploy.static.akamaitechnologies.com
Software: pekko-http/1.0.0 /
Resource Hash: 328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

expires: Sat, 04 Nov 2023 14:29:51 GMT
pragma: no-cache
date: Sat, 04 Nov 2023 14:29:51 GMT
cache-control: max-age=0, no-cache, no-store
server: pekko-http/1.0.0
content-length: 23
content-type: image/gif

Redirect headers

pragma: no-cache
date: Sat, 04 Nov 2023 14:29:51 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://sync.teads.tv/um?eid=3&uid=CAESELXwQi1pE3A7fGufBsB5gBw&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 281
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 um
sync.teads.tv/ Frame 5FF2 23 B
163 B 238ms
67ms Image
image/gif 2.16.97.41
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.teads.tv/um?eid=3&uid=&fb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dteadstv_dbm%26google_hm%3D%5BVID_B64%5D
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPjqRhC5lOngAhihpsL1ATAB&v=APEucNWCeOQaMz9xRt3j2O_1FGfvG1UuGnuj2rc5EjXUn4Gq-D11uLzoQY693P5DXbAWOVkESTghR6fLjlpiyHpEWBiEScuNmz9lSsuwtNLm-W5EomdKDDh7uXbjeX0qZ-ENEzb96f854TfD7B2_yYTCeILeuzWg5RiJR4j-12xykRwOR2RIaT0
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2.16.97.41 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-16-97-41.deploy.static.akamaitechnologies.com
Software: pekko-http/1.0.0 /
Resource Hash: 328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

expires: Sat, 04 Nov 2023 14:29:51 GMT
pragma: no-cache
date: Sat, 04 Nov 2023 14:29:51 GMT
cache-control: max-age=0, no-cache, no-store
server: pekko-http/1.0.0
content-length: 23
content-type: image/gif

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame E1E4 0
20 B 75ms
75ms Ping
image/gif 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=running&ord=7907925375904&version=m202309260101

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://0ac3468258a2676e4f5363caa7d6254b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 04 Nov 2023 14:29:51 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame E1E4 0
20 B 78ms
75ms Ping
image/gif 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tlbr&ord=7907925375904&version=m202309260101&ct=119&x=1&cor=10958962371668474000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://0ac3468258a2676e4f5363caa7d6254b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 04 Nov 2023 14:29:51 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame E1E4 90 KB
38 KB 85ms
85ms Script
text/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-CmyG4O7lHq1sjdjtbktyyZX0OkYyFhuieIq2Jde9mnVo3-1IXSv2XxX5EiP2vgcpdMACi1jtzGPWXHG831A0ivSQI8F98PkwvsruPqckHc21vzMRN-WaCO_RTzIIwtoBs8OTFUzfsBUz6a2ZwR3TsY44YPOiUIVj8Zxi6wxDwEi3je2Nw&cry=1&dbm_d=AKAmf-BraGfkicNzbQS8c8ka-UO8Fn-d32CQFQtmfwL33VyqEfAy9Is852EwrYqtGgaZT_SGpWEmOtyalvQbhWC_gGHKEX8VuQRbHk16US6CYRvmjJ4S22ZMRhgw3gE--nSf6bv27y_Xh1qbZYlLtT8_hIIgEMxPHd40RXy0tTHvBZ6Uw16_5pKsszXhbz0zgq5rnxcW_hSHTRNSAjlx2zsXhTSpCk6jyTstfnSk9zmOdIq7V4ysX7w159Su6-73SXEu5WYnuH_2cLyyj21wWU46csucmtpnmR1Hek6wupxqaXqmYI00ou9oaHUv8jI6S4wjBvNpogaNYqa9ds9_PWPE_t5T-cVHJJEnWDlTWk3n-TwibkrxWXVHWt5wORuXODdjNzsyM4vv6QNHWk_NjE66wMrYC3zeHzl3sV99rpN8w1JN9ndINoVNlJbi6iTW-kVeTJH2fg9leESLor6DNnuQiAJYAdHSW9wuzhITdC7mnFn0taVnp5YVOZb26XT06LSxQ2ZPvg_L_T59pzy4vu-jrXhj4Em9yMCvXYP8EI2DxtTPmArNgWrdffrmuvHAVIvzK-W85V_Cq_qARMEyFnwTMZiqAShDZSqBJdHdwMLF-DA_Ewp46nfDAkIaZ3bAnTyan1GbES33MiXw6guyTZm8UupPfdJfyNN4MCCWALGM4k_Zpfj9dXE1BN5Hz-zP6Ice7NFeDzXd78h9g6Rr0cBTkZi_1y7oaVJfZ-5z-DEZuu0ggj7fA0Xoi8O5VVo_al2hopKmd4VSiENhaE6bOhbwDle-htGxQHe_b-LXYkXGVMooXbQQTds9loQkfUKSxWyC40F4rpXbI2VsAFJDjJ9A4Q4zM9AL0w2VX5eVvW1EkM8G6KOCy1N0X10XYsiX1QKVCmb2qBDZKgAt3WLH18auWV97rgo5El-p9Qk7kn-jY-fbeGlnnUFh7_boCPW1IZPg5cjf1NwNI0DJnwWTvg9JUex0buXKsV_la8VcrhkhLYTcAWBSwnMGiqlOTFObNmE7C5KXj_wDB-NMCqZO8MefQ-7WaVBeCG3mgJjgA5Budg4EIP1brfKlx5RTKdqJD85WdhL8UBpn2h86iNWy7oDXBFJi9nrylvF-erPgnBXFhIOB_KizFXw_LcN6Qv-Sa7sq6LXWSuis0siXsN150NYheqrJjhfBpAUdoD5gd-FZhocW1G8Qv75GnMEG1Xb8hAU7JR5jxoZBa6xuiTQaqhwUkgILVruIu4mNnMTwW8TI6Ry8laAawkqMyAT2IiEYsJhCcyhcUJP2SUNbtUkfzOtijj8J-iyhiWnadbeifC2udpytkZ5uxO0iwplHYiTl7VXQ4L-HAZfGyLsluoXI-oq9JRqO_02qeywGCoXxQtDUaji1_yc0JcXFkM3klSe9wBeJevOAjkv_mWX6AodVY9kNFaqsWZQlpkoImgffeRJYWXkSpUpkiIqw8iHEF7eQvECQI6kr8ZJSZoz3--4UpfcP31YsK_qEEN-35bm5tRNgk8YQHryBttGjG8s110otBqLff0eYB_ReAjtY2l7frXOFdjFcW2c-P2SLkTzD2SlO_jpbkhD-vHN6_G_t0nJTIhzHtJLFhiiDR_aBVLEXF0LtrpntTBjZkg-qbib8-c1mMqzWuouZTMrG7Sp0B4k3LnBext7pQ7mbZwsubAkqkRCaHaFe_3TbRze4B-zEKDV1AMeSsa71iHgkZRlkNro5FRwqYXU1FEwytHS1enl8vb-b-lYzDtpKav0WI_LEKjoRDI__TCpThPsIEaldQ3_hWGQBrtmVNUwiAin9oZQElykrQr88SK2PrMvYygD3xoEeS7mGRn3KoNdChgIwYwSy_bD2ah7nQrC9SJPNfTVQN0WMouM9YeMw2USMqC8H5QGA2dc7gu_o9PKKgkpXM5MoAg9A8fVvJn9e-u1pxuoUUpxKzdTtA1eZdaq_Vmhk_3hje30Vjk5t9dX6FJQ9xLs5vog6is5_a4z0uPfuleTcywcdKUBtW9yJKK-rWoS_1eBI8AtBFBPq12nnKp8rgIIGVcdN2scez38xuyKmMl3fjTwRaX88_RoI4BnYjst6LCQalGv-oXNPeNOuge3raxx7dF7k90x0ir4PL--qReIpyDWNROoANIxPnEg2Y-TuhhZD4hM1XMFpnIUrQMEBGSYoob4iI7jJEOgWur1-x63B_hJgWrar-ZR--oIsBpAktkB5_lBLWzs1jXs5xoSwHH_QZMIvrSlCmsZErT-2lzX4sMCnpzd3cfREvuSk7vPL5o5OUkLTW5nQsOWQrjEUXrR6d6HHSbv2Qp0ZXpojzR04ac_mhEtqyyz9Jya0lFMeGr76goUkBLGXpnIKr9HkdKJ-IOiCWXvizh7XVtO9XKKZH8oFdOSvktzVgpRqutBy-vBzNpWAwC3I081Sq02utbSDv3RhDVAEgm2MRwHoC_cRaaVGC8WAL55jGsPjobBgthYwWnSdyAUDsg36wOtCV9GsLiTO2Oet9Jlrqc8hsltCwGR-MILSoe3ElnngB7yliAsgnWg21LN1Im1M8YLZpz8vtZimNHn6bQmYUXrUPL2xCU9_SJsJO1HcbAmX5AfFfQJs9tZZiTKPgxtBlvbxcaRcvunDQMtWWv3W1SpvQPcbZhbqp0gZLBV2gjgXhYQEJZJcA_k36cfuM7l_wZ-jQ4yHl6NXUSb1FhVGPUd0nzdUMUVp67gd1OpIxju9adsSIKqt1rHC1-C5oRAUpjkXTmAxw1Qe9tbv06FvbofXcnBOYqN91PGm9-n5-DcGz4UpzZjs5nk72fyvjQ52_LWGqC2sbB3l3ihFauNo83jLYlA8UQ6X-raUq3QTOfyFYELPkkYTgMakqNcaVi8i-5v8l_7HL89OqZDXsCQArHOalzMgFJr_PJkRpZ8zDrSt74AQ64SCX7TBLhrq1t6H0zEfArkFU-1o3u6iPm9yZ7h_HXFJmA8xGMw63jaVAMH7lneCU27aLLCrfok0aVB9NOvzHy3ldKZ8WhrS3J9ktAtGt5nQKyGqX5SwOlwuwb-p1UrXlna-8fDFTmEtQv3oh_COoH-9geZgZNIO-r0sGbUkMAa6j9LUhhe_3hMJNN5NvddQSaX-rGg6lQBqhemcXuComGpXIQfqXWSfqW9e5u6cujjletOKfLCrhrdqN_B0vLF4hMvQV13JJkmRYuPnQ8waUXJAu9Zr1EDrFTZ5XsypTSSXrDrO_JjwFrWF5XsOAnItY4gSCQN_PJYXfVkR1utDWtH-5ArtnhdNVhdngWkIlSbTfTF4zT43T48BaH7uJxan8XLq6XgcfqtIAetncO1j7iLn6YIDfaFI08K8S1InDoUId0GKP4UXTNLY7DVOpD8SOOtUz9SsDeScaa9_rMrXn_X328V5BZo8yU8MqlfLjwIWCja5kw-U7-18mv54VjQoVFDLBHzBezuNqUpbgCfWYUe0Mi4Ux6Z9EOjmGu_o937l0NKaSs7VOg7DBfSfDVCAqUR0cra0ahYGv5BnQppi5eHJBlIobUTFnJnu_NFSCREErxaWrntWrRglVbiVE-Bd1F2OT_N6bDyyRj4tOsc7CBBgM4ph3JTHvN0K9zcgXu4knrSxpdEoGpEwb1bCY8OyWshKtiVcGiZw40e37BZABVKt-Dfd9rAJlLwyfxyxMeVzNCqYcOsdYvGEJedfmz2luRISq8h_YQtAelws_CuBaND4XorJELUNlUTze8HkV2lq2KZV5ZIfbY-JmT89hFhIQDKsTg9ZM2A0NAeBOXTPYw6-ePx0w7t2Tumy1lXcUblRb94IdNaX1Cze7G7coV4rlPSW8S0_wV92ecTI7JNn2AxLo99bYO1kSNi6XtGjX0wmrxfYxKFlVkNAwTqcQEz6ebZMSlVSfL0xBRjOw17M_aUOah-4-58HeHsP1vwMCtC88kxNPgSCDnlADRxebQQfvBM8638nKvFRvc3LrEyHC_FPtHv3YMNXHRaIjBz8tjIzejik92JujE-BHs3WvFVkR9cJm9bCSbE74EC8w7apivcIrrIBYtqmBTWnW38CVg_cCwYHWIochj2HK6gqE6TvjBimUnO7xLBSWAb8hjLcUlTfDmFHb5FUvZECZzehw3wY0kjxuv1A0NrrRnJpz5Y7sJsAx_I4NS1t3Ywk0nwFo9OkGPqEIIaGqp32KJFqCctYYEKPSO_ZVB3UiA&cid=CAQSPADICaaNjvleuLEN5_JqkN5Sf-9mbW__Y9lDDfXTYAGeAlKwmrxv_63em1O3e1k_b37C73r0ijQWH5vjwxgB&dv3_ver=m202309260101&rfl=https%3A%2F%2Fwww.bestone-work.com&ds=l&xdt=1&iif=1&cor=10958962371668474000&adk=2940155321&idt=175&cac=0&dtd=21

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8c3740350d4b39beb3130c52dfa915248fcea1e5e4983429348479f7e09e69df

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://0ac3468258a2676e4f5363caa7d6254b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 04 Nov 2023 14:29:51 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 38997
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET

partner
sync.search.spotxchange.com/ Frame E169
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=spotxchange_dbm&google_cm&google_dbm
https://sync.search.spotxchange.com/partner?adv_id=7025&uid=CAESEJ1rq7Vxq8xsnwj0yBiUIk8&google_cver=1

0
0

GET partner
sync.search.spotxchange.com/ Frame E169 0
0

GET
H2 204 sync
ups.analytics.yahoo.com/ups/58269/ Frame E169 0
125 B 398ms
42ms Image
text/plain 3.75.62.37
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ups.analytics.yahoo.com/ups/58269/sync?_origin=1&redir=true

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPjqRhC5lOngAhihpsL1ATAB&v=APEucNUM6pSFR6jgRxxXpqEX1Gvt9r_soPY5gRHFj8httDh6aW_0kdqouPAFk4eS_3mBspUWQIUuygUDG-4bmVsOQwC1y9e_nf_rrxy-UHA68N_748gUHVjwyq2bl-SZz126jlwNI_iSzCGVLlFh79L8BqdB5M6quwnmudfwBVHI3Xch1-PaOL0

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

3.75.62.37 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-75-62-37.eu-central-1.compute.amazonaws.com

Software

ATS/9.1.10.87 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Sat, 04 Nov 2023 14:29:51 GMT
strict-transport-security: max-age=31536000
server: ATS/9.1.10.87
age: 0
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 84AE 0
0 76ms
76ms Image
text/html 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gpt_m202310310101&jk=863273736673448&bg=!oaKlou3NAAb4oU7C2KE7ADQBe5WfOJKws7WzIBiSZyxN4tyPez_OmpqDQhqp1lWdVI_70RdsVGN-mghK1N5uVm7eXdXuAgAAAFtSAAAACGgBBwoAIVgprlA9HRBSUHqPEJvaRzzy96x9PpS2_djpgRNGXL6MOZkDUtW63eNfStGCh2LP57Msd4GuaaljN6X8vZoMrXOLbUhQEmwt2iTMZEOcenI9VH4cJlIY7TMAShGMan5pZG6W7X9cqsbnWoQUd6KgCNSJJCHFv0E4mDR3RadekDHJLs5ImVAWq9GLyt5OsuKUUQZIyKnhK0S3uBgc9EKVgU2p6utzpb24C6WRDU__fBYgIeYGnxREy76qBiQH2WqxAT6WI5l7uu08P7Pp9dfCtdWSm-8BkEqjhlfAEc07XJJNvrXd-xbtyGC26XkztsHF1Z8yUEJKYSfTZzffAKXpg8zF2ufsbhY4kezNu1PDzml3UIX_YbCsC6wA9E1aaSWf7Ikiu0gUDmglVxPkKBQiTT0x5G1Qvr2OT4d4IAqOrotWJFBIPTqIc-mJ_MPPtjAaOJlCTbLC8gpj08TRYNDyWAMdSB99D4qHqpLsSwYwWQzMSesKOzRUXFGxDmsM5ZccImrwjk_GucY5XRJGzrtxSfwuqU8Pz23AyHagYvhtJIcD_78QxkOq3VtNP-78cXnve49lZCgxSuADOJu_uO2dXrE2SvZlBIuOjBTzrm5ByP0hdUwZSGo2bKFiZ9GN6ydc-4Uwyll18c5EsKnoMQV6bT1NN4RIH2AKFubBurRNYqvpoT2bunMsyBFf_gW-GGwuiAQRnVSFIUgXU_3mJARZB6zJh14vI2HGGAWcOIwFjqRshSCBPOomg-9tQ1lDNmrcOoygszEvBBfmxSBgwFObUHOWq44ZTR63SCVSqJ4BtFiQ0k8t0KWw9Zjt6WNDhKXIbyVhWkecG1ruROOOPm3KBko4y-wzQ0tj4pM5tEKHNCAoiP1T7H_oZLIx_2ArhT2oVFHP3RkkirdMAajuc78p4pvu4iW8h0Ikr-aCfJvK9gplNzT2ikPfEHJSB1MRhvFALT9bp4K4Dt1q4p8Mbaa4i8ugs6sOgodT9qScC9mvdWyDkO5I4HpO3q0rtydTbrS-QqYckn_QoHaKwXOgti-ZG49QgGC8eae-W76dBcIXgxIyuNty_6KKsckF5tlCSYT1KQENObZVOG4iBmkJiJ_u4f41S7Uymp-AkawAQJOSqO5VJ9eyETl6I3anpKzdmUXxru95DcojUGfhK9h2mDx1Z6rA8vtMgMg
Requested by: Host: www.bestone-work.com
URL: https://www.bestone-work.com/doc_WFBmaC9HUTJhOThXemNIMkhHMlhRUT09?fbclid=IwAR2toTevgLsppj6JOZjrSHBFdjHyazS0QA9jX7BxsXQ8IfaeNDAa-hnA6Bs
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.bestone-work.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

GET
H2 200 express_html_inpage_rendering_lib_200_278.js Show response
s0.2mdn.net/879366/ Frame E1E4 111 KB
39 KB 41ms
40ms Script
text/javascript 2a00:1450:4001:808::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_278.js

Requested by

Host: www.bestone-work.com
URL: https://www.bestone-work.com/doc_WFBmaC9HUTJhOThXemNIMkhHMlhRUT09?fbclid=IwAR2toTevgLsppj6JOZjrSHBFdjHyazS0QA9jX7BxsXQ8IfaeNDAa-hnA6Bs

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1642dd5dc126df4feff2255cba0988528507973d842d0a73331a5873f6b9d4e5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://0ac3468258a2676e4f5363caa7d6254b.safeframe.googlesyndication.com/
Origin: https://0ac3468258a2676e4f5363caa7d6254b.safeframe.googlesyndication.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Sat, 04 Nov 2023 02:22:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 43649
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 39806
x-xss-protection: 0
last-modified: Tue, 14 Mar 2023 18:44:05 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 05 Nov 2023 02:22:22 GMT

GET
H3 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20231101/r20110914/elements/html/ Frame E1E4 11 KB
4 KB 39ms
39ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20231101/r20110914/elements/html/omrhp.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-CmyG4O7lHq1sjdjtbktyyZX0OkYyFhuieIq2Jde9mnVo3-1IXSv2XxX5EiP2vgcpdMACi1jtzGPWXHG831A0ivSQI8F98PkwvsruPqckHc21vzMRN-WaCO_RTzIIwtoBs8OTFUzfsBUz6a2ZwR3TsY44YPOiUIVj8Zxi6wxDwEi3je2Nw&cry=1&dbm_d=AKAmf-BraGfkicNzbQS8c8ka-UO8Fn-d32CQFQtmfwL33VyqEfAy9Is852EwrYqtGgaZT_SGpWEmOtyalvQbhWC_gGHKEX8VuQRbHk16US6CYRvmjJ4S22ZMRhgw3gE--nSf6bv27y_Xh1qbZYlLtT8_hIIgEMxPHd40RXy0tTHvBZ6Uw16_5pKsszXhbz0zgq5rnxcW_hSHTRNSAjlx2zsXhTSpCk6jyTstfnSk9zmOdIq7V4ysX7w159Su6-73SXEu5WYnuH_2cLyyj21wWU46csucmtpnmR1Hek6wupxqaXqmYI00ou9oaHUv8jI6S4wjBvNpogaNYqa9ds9_PWPE_t5T-cVHJJEnWDlTWk3n-TwibkrxWXVHWt5wORuXODdjNzsyM4vv6QNHWk_NjE66wMrYC3zeHzl3sV99rpN8w1JN9ndINoVNlJbi6iTW-kVeTJH2fg9leESLor6DNnuQiAJYAdHSW9wuzhITdC7mnFn0taVnp5YVOZb26XT06LSxQ2ZPvg_L_T59pzy4vu-jrXhj4Em9yMCvXYP8EI2DxtTPmArNgWrdffrmuvHAVIvzK-W85V_Cq_qARMEyFnwTMZiqAShDZSqBJdHdwMLF-DA_Ewp46nfDAkIaZ3bAnTyan1GbES33MiXw6guyTZm8UupPfdJfyNN4MCCWALGM4k_Zpfj9dXE1BN5Hz-zP6Ice7NFeDzXd78h9g6Rr0cBTkZi_1y7oaVJfZ-5z-DEZuu0ggj7fA0Xoi8O5VVo_al2hopKmd4VSiENhaE6bOhbwDle-htGxQHe_b-LXYkXGVMooXbQQTds9loQkfUKSxWyC40F4rpXbI2VsAFJDjJ9A4Q4zM9AL0w2VX5eVvW1EkM8G6KOCy1N0X10XYsiX1QKVCmb2qBDZKgAt3WLH18auWV97rgo5El-p9Qk7kn-jY-fbeGlnnUFh7_boCPW1IZPg5cjf1NwNI0DJnwWTvg9JUex0buXKsV_la8VcrhkhLYTcAWBSwnMGiqlOTFObNmE7C5KXj_wDB-NMCqZO8MefQ-7WaVBeCG3mgJjgA5Budg4EIP1brfKlx5RTKdqJD85WdhL8UBpn2h86iNWy7oDXBFJi9nrylvF-erPgnBXFhIOB_KizFXw_LcN6Qv-Sa7sq6LXWSuis0siXsN150NYheqrJjhfBpAUdoD5gd-FZhocW1G8Qv75GnMEG1Xb8hAU7JR5jxoZBa6xuiTQaqhwUkgILVruIu4mNnMTwW8TI6Ry8laAawkqMyAT2IiEYsJhCcyhcUJP2SUNbtUkfzOtijj8J-iyhiWnadbeifC2udpytkZ5uxO0iwplHYiTl7VXQ4L-HAZfGyLsluoXI-oq9JRqO_02qeywGCoXxQtDUaji1_yc0JcXFkM3klSe9wBeJevOAjkv_mWX6AodVY9kNFaqsWZQlpkoImgffeRJYWXkSpUpkiIqw8iHEF7eQvECQI6kr8ZJSZoz3--4UpfcP31YsK_qEEN-35bm5tRNgk8YQHryBttGjG8s110otBqLff0eYB_ReAjtY2l7frXOFdjFcW2c-P2SLkTzD2SlO_jpbkhD-vHN6_G_t0nJTIhzHtJLFhiiDR_aBVLEXF0LtrpntTBjZkg-qbib8-c1mMqzWuouZTMrG7Sp0B4k3LnBext7pQ7mbZwsubAkqkRCaHaFe_3TbRze4B-zEKDV1AMeSsa71iHgkZRlkNro5FRwqYXU1FEwytHS1enl8vb-b-lYzDtpKav0WI_LEKjoRDI__TCpThPsIEaldQ3_hWGQBrtmVNUwiAin9oZQElykrQr88SK2PrMvYygD3xoEeS7mGRn3KoNdChgIwYwSy_bD2ah7nQrC9SJPNfTVQN0WMouM9YeMw2USMqC8H5QGA2dc7gu_o9PKKgkpXM5MoAg9A8fVvJn9e-u1pxuoUUpxKzdTtA1eZdaq_Vmhk_3hje30Vjk5t9dX6FJQ9xLs5vog6is5_a4z0uPfuleTcywcdKUBtW9yJKK-rWoS_1eBI8AtBFBPq12nnKp8rgIIGVcdN2scez38xuyKmMl3fjTwRaX88_RoI4BnYjst6LCQalGv-oXNPeNOuge3raxx7dF7k90x0ir4PL--qReIpyDWNROoANIxPnEg2Y-TuhhZD4hM1XMFpnIUrQMEBGSYoob4iI7jJEOgWur1-x63B_hJgWrar-ZR--oIsBpAktkB5_lBLWzs1jXs5xoSwHH_QZMIvrSlCmsZErT-2lzX4sMCnpzd3cfREvuSk7vPL5o5OUkLTW5nQsOWQrjEUXrR6d6HHSbv2Qp0ZXpojzR04ac_mhEtqyyz9Jya0lFMeGr76goUkBLGXpnIKr9HkdKJ-IOiCWXvizh7XVtO9XKKZH8oFdOSvktzVgpRqutBy-vBzNpWAwC3I081Sq02utbSDv3RhDVAEgm2MRwHoC_cRaaVGC8WAL55jGsPjobBgthYwWnSdyAUDsg36wOtCV9GsLiTO2Oet9Jlrqc8hsltCwGR-MILSoe3ElnngB7yliAsgnWg21LN1Im1M8YLZpz8vtZimNHn6bQmYUXrUPL2xCU9_SJsJO1HcbAmX5AfFfQJs9tZZiTKPgxtBlvbxcaRcvunDQMtWWv3W1SpvQPcbZhbqp0gZLBV2gjgXhYQEJZJcA_k36cfuM7l_wZ-jQ4yHl6NXUSb1FhVGPUd0nzdUMUVp67gd1OpIxju9adsSIKqt1rHC1-C5oRAUpjkXTmAxw1Qe9tbv06FvbofXcnBOYqN91PGm9-n5-DcGz4UpzZjs5nk72fyvjQ52_LWGqC2sbB3l3ihFauNo83jLYlA8UQ6X-raUq3QTOfyFYELPkkYTgMakqNcaVi8i-5v8l_7HL89OqZDXsCQArHOalzMgFJr_PJkRpZ8zDrSt74AQ64SCX7TBLhrq1t6H0zEfArkFU-1o3u6iPm9yZ7h_HXFJmA8xGMw63jaVAMH7lneCU27aLLCrfok0aVB9NOvzHy3ldKZ8WhrS3J9ktAtGt5nQKyGqX5SwOlwuwb-p1UrXlna-8fDFTmEtQv3oh_COoH-9geZgZNIO-r0sGbUkMAa6j9LUhhe_3hMJNN5NvddQSaX-rGg6lQBqhemcXuComGpXIQfqXWSfqW9e5u6cujjletOKfLCrhrdqN_B0vLF4hMvQV13JJkmRYuPnQ8waUXJAu9Zr1EDrFTZ5XsypTSSXrDrO_JjwFrWF5XsOAnItY4gSCQN_PJYXfVkR1utDWtH-5ArtnhdNVhdngWkIlSbTfTF4zT43T48BaH7uJxan8XLq6XgcfqtIAetncO1j7iLn6YIDfaFI08K8S1InDoUId0GKP4UXTNLY7DVOpD8SOOtUz9SsDeScaa9_rMrXn_X328V5BZo8yU8MqlfLjwIWCja5kw-U7-18mv54VjQoVFDLBHzBezuNqUpbgCfWYUe0Mi4Ux6Z9EOjmGu_o937l0NKaSs7VOg7DBfSfDVCAqUR0cra0ahYGv5BnQppi5eHJBlIobUTFnJnu_NFSCREErxaWrntWrRglVbiVE-Bd1F2OT_N6bDyyRj4tOsc7CBBgM4ph3JTHvN0K9zcgXu4knrSxpdEoGpEwb1bCY8OyWshKtiVcGiZw40e37BZABVKt-Dfd9rAJlLwyfxyxMeVzNCqYcOsdYvGEJedfmz2luRISq8h_YQtAelws_CuBaND4XorJELUNlUTze8HkV2lq2KZV5ZIfbY-JmT89hFhIQDKsTg9ZM2A0NAeBOXTPYw6-ePx0w7t2Tumy1lXcUblRb94IdNaX1Cze7G7coV4rlPSW8S0_wV92ecTI7JNn2AxLo99bYO1kSNi6XtGjX0wmrxfYxKFlVkNAwTqcQEz6ebZMSlVSfL0xBRjOw17M_aUOah-4-58HeHsP1vwMCtC88kxNPgSCDnlADRxebQQfvBM8638nKvFRvc3LrEyHC_FPtHv3YMNXHRaIjBz8tjIzejik92JujE-BHs3WvFVkR9cJm9bCSbE74EC8w7apivcIrrIBYtqmBTWnW38CVg_cCwYHWIochj2HK6gqE6TvjBimUnO7xLBSWAb8hjLcUlTfDmFHb5FUvZECZzehw3wY0kjxuv1A0NrrRnJpz5Y7sJsAx_I4NS1t3Ywk0nwFo9OkGPqEIIaGqp32KJFqCctYYEKPSO_ZVB3UiA&cid=CAQSPADICaaNjvleuLEN5_JqkN5Sf-9mbW__Y9lDDfXTYAGeAlKwmrxv_63em1O3e1k_b37C73r0ijQWH5vjwxgB&dv3_ver=m202309260101&rfl=https%3A%2F%2Fwww.bestone-work.com&ds=l&xdt=1&iif=1&cor=10958962371668474000&adk=2940155321&idt=175&cac=0&dtd=21

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

47a0342d90a877ec7125c3a38706b2faefa9b867661ebcef4a98ec6cf3e60b40

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://0ac3468258a2676e4f5363caa7d6254b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Fri, 03 Nov 2023 19:24:21 GMT
content-encoding: br
x-content-type-options: nosniff
age: 68730
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4206
x-xss-protection: 0
server: cafe
etag: 17947678125179771625
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 17 Nov 2023 19:24:21 GMT

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20231101/r20110914/ Frame E1E4 31 KB
12 KB 40ms
40ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20231101/r20110914/abg_lite.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

54cb15acb0c5f40e191701b259fca34a71656a5d07c750de734ce598f5f5255a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://0ac3468258a2676e4f5363caa7d6254b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Fri, 03 Nov 2023 19:28:02 GMT
content-encoding: br
x-content-type-options: nosniff
age: 68509
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11960
x-xss-protection: 0
server: cafe
etag: 17132697034905592634
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 17 Nov 2023 19:28:02 GMT

GET
H3 200 Q12zgMmT.js Show response
tpc.googlesyndication.com/sodar/ Frame E1E4 41 KB
14 KB 41ms
41ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Q12zgMmT.js

Requested by

Host: www.bestone-work.com
URL: https://www.bestone-work.com/doc_WFBmaC9HUTJhOThXemNIMkhHMlhRUT09?fbclid=IwAR2toTevgLsppj6JOZjrSHBFdjHyazS0QA9jX7BxsXQ8IfaeNDAa-hnA6Bs

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

435db380c9936c0970dcd3d9941eab6aec2fcf2a38c3e2b4e02d957e8e76bd1f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://0ac3468258a2676e4f5363caa7d6254b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Fri, 03 Nov 2023 14:17:59 GMT
content-encoding: br
x-content-type-options: nosniff
age: 87112
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13937
x-xss-protection: 0
last-modified: Fri, 25 Aug 2023 23:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 02 Nov 2024 14:17:59 GMT

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 3342 1 KB
648 B 41ms
40ms Document
text/html 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: 0ac3468258a2676e4f5363caa7d6254b.safeframe.googlesyndication.com
URL: https://0ac3468258a2676e4f5363caa7d6254b.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=2

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://0ac3468258a2676e4f5363caa7d6254b.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 43664
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=86400
content-encoding: br
content-length: 618
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sat, 04 Nov 2023 02:22:07 GMT
etag: 48472445140208031
expires: Sun, 05 Nov 2023 02:22:07 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame E1E4 219 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 6618a50d2d42c87ffe89f83367c7528e8b2d3da51e73affd8cdc3082586c3441

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

Content-Type: image/png

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 5761 0
20 B 74ms
74ms Ping
image/gif 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=running&ord=5262344719650&version=m202309260101

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://29878dff826212eb6f9b86cfaeef62e8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 04 Nov 2023 14:29:51 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 5761 0
20 B 73ms
73ms Ping
image/gif 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tlbr&ord=5262344719650&version=m202309260101&ct=119&x=1&cor=11504441218517932000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://29878dff826212eb6f9b86cfaeef62e8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 04 Nov 2023 14:29:51 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 5761 90 KB
38 KB 81ms
80ms Script
text/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-ACwu0UCPn5-dxA12GCs_Yzl-s7ceqnZDj62frU7zsX-KB_Rm311uDk9vwCm3nn4Pgu8x7UXmAzCKGyb5M5EkpVSRoG5cTuEgqD0eyQnQYxHA_jaTEUiWU9ylMhNnsp-jsCyQiA7TQ-cZa-PVQ3iJ5fxJNJkW_GTqFTE9ZfW4EZOHA-6OM&cry=1&dbm_d=AKAmf-B2OiMrW_Zn6LzOVs48vdYNjRe6JGYbHXzrLdini0LC_0Qj6eI4w-dUl1sOch5h6hbVNR_ezc8bxdamxFOJtQWGfll6cN7bFZJpyMZgWOSqwD4sxXGz8xdXs5tcQQigHGz2KZgTD6y0e5Ia20jYyk33DXNY0r-qFvqX-sWiPhqqTzcV8_ma6nWF98raWk4o_2lZBbuqa7WwowNhgII783TZnhkZ5bSriWLwUq9_cvNFTuxNe8DikyWcsF7-diw5SnX-4NajwYxTbmxoCOCtnroOmrOXysy6l038bubKUM8jv-HmWQOEcrKcozVPT_eGQA5FZU7x6JjFMI8dJATC9bWMZfGZKMvg2WumOrYI6p0RQI1NUV7dusNOpw5ooT15N3gTTJqbqBLCY4P2_0TTtV9UerYlqykW8k_uNy1sWV0Cq5pmop7-3EhZapdn51ywgpIY3_IolRdpPqczpyLJf39lvX5jj7AP5LEckhVF91VDNb1E2NANxsVMBXR-j4_EE5mRqdYa0CylpyTwixm6bplclF9NWBIZAoZ23qldss655D22EuvpzJEikirfhB-Oy1ddt-Ue-Tw2TJigL0cCOq-q-4wj0dq56lbpZ7ko1VjvKA8AwZ4QvYuvlMS-lG7tvTNhzUwWAMF3foVsIUpFPf3xfPl8d4s87OpCAS36-k-6oCLJI9qj5bkJPF7kSg0Vy_LnZ3DUET5bXHJreKH2ovZFCyRc8SuOWfrhvYUlzH_aELjU5eLp9aUs7JVqQE4bUE7h2iW4ipOifDZF9zYcxOntdMuasjZ7dSX_rc1tauRXPLrtM010vUwzwoZQfNyy9kjNDaRStMHIX_POUMBnxrlA24OcSv0U4hS167_n71UjGVvHuUWVKYCs-ppfhA-AhPcp85nWbN1gJC_RnS1_dpUERcYtquxF3HuO0MdptRlpkVn9OiVFR7-31P60IIAFszJIIWlNCaDIfspefIXrTshYm4l7CVMokIGJcSLTmNJCbvNgjfcLca6CvSymzeIpomyGvY0JxgHAKUf0JJQ2jBMuqIXoXS-cIxy0kkdatr1kUOv63oHAdvmU9TQQZPSRDrXhN2I3AXVkjwtuQzBkwtIQIFcuua2k5BYp6pQqBLRQqiOcW5KA_VXGgBgTttK8qI2KmEM-XgJqTgh8nvwi5p41gpT8mKAlJfcptW39jLQ_E1yRpnhseNWL7DBm71cQYaW8LiFKN0k3ko2LTebn-2oiC92E4HiLAVkIJMklOWMt0KdN8GEyESIUE61LPI5KOClsyLEJyXN14-NswJHv3iR-WkcUykfXnLi6DS8GXI3nZGxG9Q6hF8HbgfBUDBRPr0I98uwYCHB61D_F7iQY7StxVXWhflCtpAqwK0OzL7JShtOim_V6w3bg8PCUM-YNTq5pDSOhIYiaTj2N2UCP1NZC5YLRRbiRE8m9uX5iqQydo535agj5S5-CruCrk9rv-GApbfr74a0z4EXwSCpUpxEZ8g2Fxjh02tFL0fGkYCujBUBoW72fnbijNluXGsUNlPDYMug6WELaQkCMH419iWceVL1tTpK1uDrayRN31KMQjAhWVq_3_7RZWYIT0qp7dXY6uX2QhSfccbW1g8H7hOCLCshZHR1f8CRKCEhL9ekHwRkRFukGPPwfLs81UqsYhagVPpK2jmm4dn2SbQUj7ucc3x6h1HBM4eY0BgNbwPqZXux3g3AOujJjVX9wMtj18p27V2DkvbIA6X_HNrOhtd8-ce8r7H72O_Gm1OI2tXkEX2dMKmctg0i6pZw0Odxpa49Uwk92ooV8sxwQ97GMgTEfzJFm2qEBFvlwm39sDOdqnCUyfc1QnkHvthtW4rkHjaCsXW9hBNR1m2siLK4FJCRa05Aw0WtuU3uUiYVdr2u0R75kr8B89dAbKeS5pc5BWzW07GI3ZgPn1nwstqyNhpeukWh2lYSGMouvOUz_z3dGL3poR18V54CYvZ4z-oJvRfZZVW5Xok5U_xZSx8A3DnC4-pm15Fb_4Cp1ets05FFQ2ocfzfDElXrineChIjWYzcowDVRI_cTCrN9qf71j-K5QqX-Lqy8aQBWqw1xKJI0TpmWtWl1HdOyTFUHjBKxifF4iiI13rIZ6ljmo-ATbRoPMPy4ewgPp81_DYRFNVNynvPiIfB8DzzsFpyQ_vcduc8p9qwBrkhTycmJV5TjrcwxYixLHZDn7LFoxMWFoeq4mraL7Sa-OzeZev51Yk4MLOm1kDwh-HWa67P_JmYFPCwnZmu-1ZHCGh9WwVTaePTXlhIe0Z_yYrYHBe3SjEPl_a0siXNRbyvnBE5cGQApRgeB-vUKQJVIjcAsSTnIcaWybO1LEp3WcTibU5XKAdEUyU69TsfJ9Am1z0FshfW_yxOKAbKWDX4X3YPPBk_st2j4u_9FRZ5EPgGdhvDVmTOyAxO2unTiFsvq5Qb4En3dE7A32izolJYNR0WwhZpgQhCj1ABksT6FCjB6sv1nvh4HGvWAZCvWc4G11MgdhoIewpMxI1wfO9R1BKHQxDUEbjpaYiVgZ2_p9hzwmsUn-EJpwVPHDHd88sP0cLrd6AY8FkBHfGcpmxF_5hkIPuQV6X72w_xU0WIm31vJ6jcoU4KvBvUlMPzgnOQDxVCZLJ39CiJQ5z4uApYq4axm6hd5XD0ZTtb_YdVb7dyEzbsHNVcYFLOScsD5f22MzJV2DAEm7-OMualspotpp5CJT3A3ebwn5fmSwyowIisJnHktxJkrhOyGWDVZxGHT8Rm9wrqHrJqK42SQ4ZWa7ejys8Z-TxS2ZZylphLF3fOY1lxpNHkBp_WFKrbOQkSvGH6Pj_xbfEgJC_nIsHibTsPawoeObBBhK8qUoBibEe3Aw2POs1bSewWiSRafSoqKpnWD753ys6niTMVgYVRR9IuGjF3_PWZW-UtouZE8R33i3rji-Vte13YcwMQfFnm8-ymgzjAP4nnq6-l-cIXeL1HhiKP5rFkIH1YQmNSnQu1lzuhXKNmFcEYKy5ha2VYIjrW74QJQg9MXaQ-8Lpn2XfhXxP7KmHjABYky59qXyIlO4Y6CSgphyhWD6XtYxYafzbGVlRDK_9n2haygyyoIgvlfNnCU856RwuUeXjJT1o0M6gLuXKvbls8q9NekTf6Rc3imeSQMhAGks0u1cdP2jDxZt_1a43CPC1HDDt4K_evS9dFFc2d5xQm9jxO5zOaNVweX9tXdggmYN-kTLYqPhIaR45iP6YsjptO-_tX05QxHJbEVPf635Mn24Pvf3JakG5zCMI9Kq8VYQHLVSi6pXoMFmPj4WMFIo2tr1owB4Y5v9ebc0XJc38lAIqFfNDEkxCj7b-PW57gBAXbrY4kzXRsJ_YbQunYt9o0L8sdzKXBUAEQOcSJ_VkLwPo7snD-KCDEsD7qzukkbML0dtU0B_wNZ0_TSjZ8XHg2IfdoRIBU4AsVUtydxBAwgShfF9AXrhXsz_4LAEDJbF88iQQeG2nPGf_BQqzLbuOL2GPattfLLScDqz8z_LJLfyPsqsI3ylI7NxmfwU4EZmKAdQ4RKy9rJq7qGj9S6QzbSlHVxGd1we4gpBe2kEA5yCy30smVmPOQ7UcF9IzyAN6wDEv_nlWakKJP1AuEgoUjNKylUrju_ELoGH_neEME1LE8BLhuELN2wGg7JRIsDSr0_m2Citw-qVISNShZrL1R0xdb1IQJsb9wjXhMCkZlEe3UdWnb2BD414Su6MQONsHcVPz_a6QbYqFAn6FPbaVNfsvRfMdjpSYmphFltrgkW0g08zwwFmCNDhQ_N52dcfv-G-VRQFVgAskGHK9W8QA6aNRdjzrbrbA7SJHoSqZky9_yBYl4vjPETmok93QARr85UUgaRiwWfIPG_NGsHpxzAs65PwrntLDAyPIsY_Xw2cz6sVVQGg01tvQ_zu6dWeFjHJEBnYrwk1d8Bc0A9dHCzBETB7KDcLLbj6JI4cuXWNwoZBzt3nF4I4_d88FpspxWj5z2KYf6aHgWfKT6Csg5fYrbOMctqsTZ5JYSRnHMctqCYz5q_IpbWJPFkTtAvKZpTsam5haDGLLUEAIv6QTyJxvHY4YgEvpMoKqWtyyH73LApHqQ_vyhtZFNOiQNpU-VWK67__bTlNiEeYnfaDr7iqbucQaMhQJ5jQRXVrOUXFhv4s2-PNAfKCGHuC_AqKmTL-_g&cid=CAQSPADICaaNDB1PNgVajXp9fj6pwGUEP4z3Z4KsWLVuM_BPo7DeiadKuG9WYM8daiZDpkQx8k9axFlMIdYsWRgB&dv3_ver=m202309260101&rfl=https%3A%2F%2Fwww.bestone-work.com&ds=l&xdt=1&iif=1&cor=11504441218517932000&adk=737003102&idt=252&cac=0&dtd=12

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

326cad642e785611064fba0fa319ab72c1b953e2114349527250376960fad2bd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://29878dff826212eb6f9b86cfaeef62e8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 04 Nov 2023 14:29:51 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 38862
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 index.html Show response
s0.2mdn.net/sadbundle/17435885309376629927/ Frame 28C6 252 KB
57 KB 40ms
40ms Document
text/html 2a00:1450:4001:808::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/17435885309376629927/index.html?ev=01_250

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_278.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e7e1d181be7031c84401cd4ef1ab1d9126f9ea7a911adc6deb99788e5614c489

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://0ac3468258a2676e4f5363caa7d6254b.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
age: 129756
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 58131
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
cross-origin-resource-policy: cross-origin
date: Fri, 03 Nov 2023 02:27:15 GMT
expires: Sat, 02 Nov 2024 02:27:15 GMT
last-modified: Tue, 05 Sep 2023 08:10:59 GMT
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-xss-protection: 0

GET
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame E1E4 0
0 86ms
85ms Fetch
image/gif 142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsuS1nGboSfmghTkO9gQJBA431aGyb27df3BsmQxao351QyJA_eIgGzhHYfpixBQBJM2GlntLyaFPOFTFkU-SgC7S6LH6YKfTWgTOBPpKyjghjoh2sz_fGk4SLV9xufEiyJqSvoazP3zGoF-_QR7WdvQVl5iX18vgv5OsuE2B6O6f6KMEzh2MSsHOi8G3yAtpRNF6qYbZl5ivBMVceQ0-cLPhcDV01fvNlJIb2ZYXspr4g8imkXlUsa9Xh67QJnvTPaZCE4ZYHncDdI7IW21ZK61smyZ0Tsj_LGUriFrE5axK67olUF0ZeaaZF61gKvYgDlR9m1E4Wqt37HZ4utYarLTxqmCSMLBBHeHmZzpfUWmRb73iSKeBUb7f4UPd6SJZ2dNBHqpq7z-q2bR5zAy7MiPBejOI_hdNLh27whwQUqyTxyId2ff0AA40NRyOsj7Li-S9aljKDbU9YPhE83ZQU19qe0KqOWI27Zu5q2HVtr0Halo5e07ylAMpZgYc2x3a0BMRvG4UxUPYUxMulAMVgovdgkcKqbJ2v16GnaTxNQixvqIiIEwIr0itHG_Ku_4GK6eefYMKHE5TZ5cQU_jwrHxNhQzcu6vbKv9hYnbIKvNu79KWSNhTztox8tR2IefvvnOAG7lcxuR0Zjm3ke2VEFxt9Sy8-IoKJE9VLZc3F7D-ywIxWrTlh8dIUj3mgXR_4B3K9A8QB-OhAH2bQqZ6zKSzALgnr9BStt0UTZ7hZiRHUkp_n_-wHUbC6SbSxqLnR_4ZFx9aZn-xMtJ_JjzP0riM0WwFMvTI3AF4273Dg3rYCPsxaaOi1N3MSfzxWQrmcR6YCexvZr2M9chnkGgzj-ZIfBrwrB-xhNm38DJ3oq1YJCmgBHFqlZatJcOZskrvILMkSFgfnZ9q1TJwXae9UodWw6u-CeUi-ESgqZASILitaeDqi-3m_xuf9iKfBcd0PhAqHYB2dQUwYZc955V3VRpnq1ZFBt9UCvCxu8d_ICfDuoR--f4KBLt0445vH8AjiACg9PnodCrdHbDA09_UoZs7dAxmb6ME1LUQT5zLcyRQsuJh3VeUMrNX5zh_gWZAnNxwfD1bYQvwFMkP1zErR8ks14iVijGcx0f-NvaTjMDNWiA7Rlu4vKBaXylUeMo4NW_tSiQpoA2OpwP03DeaYCYHjjZRutaSqr45PmwJt1xF7fxN9e8i6w2bMuxpndTrqcER8aLZlhOCL4ip1p-o22Uu-Vtc_wX9imvzHBvLBjMQ3tWPl5nzpcBS9ZzI4wzehM1yHZ4hscBM2WzUwTTLPf2gM7cBBrX9gbjMphFfHRq4CBQbUH1iEOq_d-J8_WdbmmySChk1IO3AtJxaZ6RFMoioHOxGeTjA2ZgCni0FGUmzC2UpvP1uRjHuJcnuWifuLuQNOPZYoJlUTEG-5c7Ofi6&sai=AMfl-YRu95yVcnfECEuiZOrQLtzjJPFZJ6cSzG-aXABvgh2EL67yvxFAEYnxbw67l9C1bW_hT8jyyzEQRKATuQVd5XGvWuVIj9tT28HAgaKaee5CO9jIwBDGJ-8yALL8P7Z_NcTaiZVEASmalr3go1A8xIzfcG0PuL-lvIUceTwlk-MnO8o6Qcey-5kNnkbnnovfJRzIWhcJ9Hw_82g29fdE0zBpnr3OPg5wJhsiRmq8M_oqDrqanjGGKmNt5WZ101aoewRb6ZA&sig=Cg0ArKJSzL_z6m7jH5B5EAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=85&cbvp=1&cstd=81&cisv=r20231101.53321&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&arae=0&ftch=1&adurl=

Requested by

Host: www.bestone-work.com
URL: https://www.bestone-work.com/doc_WFBmaC9HUTJhOThXemNIMkhHMlhRUT09?fbclid=IwAR2toTevgLsppj6JOZjrSHBFdjHyazS0QA9jX7BxsXQ8IfaeNDAa-hnA6Bs

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://0ac3468258a2676e4f5363caa7d6254b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Sat, 04 Nov 2023 14:29:51 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
content-type: image/gif
cache-control: private
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H3 200 container.html Show response
ad75d8a6f6312b049d5445096012f93d.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame F445 6 KB
3 KB 40ms
39ms Document
text/html 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ad75d8a6f6312b049d5445096012f93d.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=2

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202310310101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bestone-work.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Sat, 04 Nov 2023 14:29:50 GMT
expires: Sun, 03 Nov 2024 14:29:50 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 62bHydCX.html Show response
tpc.googlesyndication.com/sodar/ Frame EE7D 38 KB
13 KB 40ms
39ms Document
text/html 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/62bHydCX.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Q12zgMmT.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

eb66c7c9d097d5ba414230f422484c17fa6f37157d30e1ded2cc5f65a9667987

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://0ac3468258a2676e4f5363caa7d6254b.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 81992
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: br
content-length: 13045
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Fri, 03 Nov 2023 15:43:19 GMT
expires: Sat, 02 Nov 2024 15:43:19 GMT
last-modified: Fri, 25 Aug 2023 23:48:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 dpixel
cms.quantserve.com/ Frame 3342 35 B
463 B 152ms
43ms Image
image/gif 2620:116:800d:21:93ca:31d8:d86e:38f6
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cms.quantserve.com/dpixel?a=p-n5vvLvRdjg0ek&eid=0&qc_google_push=&google_gid=CAESEIcwddguSOoaGi--elMEQGo&google_cver=1&google_push=AXcoOmQZIhnhyVwlyTfYd29Y8rEXkVF87S0BSAXS_D23Im1YbcYacBq6YrVbbHJoZ8Q3i62YLK5YL_hQFdsnO_Fat8LBDjM7L6qe4Q

Requested by

Host: 0ac3468258a2676e4f5363caa7d6254b.safeframe.googlesyndication.com
URL: https://0ac3468258a2676e4f5363caa7d6254b.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=2

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:116:800d:21:93ca:31d8:d86e:38f6 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 04 Nov 2023 14:29:51 GMT
strict-transport-security: max-age=86400
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
content-type: image/gif
cache-control: private, no-cache, no-store, proxy-revalidate
content-length: 35
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H2 204 AdxPixel
tr.blismedia.com/v1/api/sync/ Frame 3342 0
174 B 158ms
49ms Image
text/plain 34.96.105.8
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tr.blismedia.com/v1/api/sync/AdxPixel?google_gid=CAESELToA51-wQ3lPQz2olqifow&google_cver=1&google_push=AXcoOmQbUglBughuIjBFGbuEEsO7lsV4cnyUc9u86oU0aAgB-0OQ_41V1Kcl7jRh9LM38qYEIzGOrlDLFES5uT0rEB2Ey1xwuramZQ
Requested by: Host: 0ac3468258a2676e4f5363caa7d6254b.safeframe.googlesyndication.com
URL: https://0ac3468258a2676e4f5363caa7d6254b.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=2
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.96.105.8 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 8.105.96.34.bc.googleusercontent.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Sat, 04 Nov 2023 14:29:51 GMT
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 3342
Redirect Chain

https://dsp.adfarm1.adition.com/cookie/?ssp=2&google_gid=CAESEJOfcN1QJblElvkZY_d3Uk8&google_cver=1&google_push=AXcoOmSzePFzbhgaq5JkgY4HTQOXHQKI31_3cNoSq_Fn--_e9izHNTxKUwyhhz-pgVgyhWkHDVEi9R-FDTOz0O...
https://cm.g.doubleclick.net/pixel?google_nid=agent&google_hm=NzI5NzYxNDExMjczMTYyNTYyMw%3D%3D&google_push=AXcoOmSzePFzbhgaq5JkgY4HTQOXHQKI31_3cNoSq_Fn--_e9izHNTxKUwyhhz-pgVgyhWkHDVEi9R-FDTOz0OgBhh...

170 B
188 B

53ms
53ms

Image
image/png

216.58.212.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=agent&google_hm=NzI5NzYxNDExMjczMTYyNTYyMw%3D%3D&google_push=AXcoOmSzePFzbhgaq5JkgY4HTQOXHQKI31_3cNoSq_Fn--_e9izHNTxKUwyhhz-pgVgyhWkHDVEi9R-FDTOz0OgBhhbCedOwB8bt

Requested by

Host: 0ac3468258a2676e4f5363caa7d6254b.safeframe.googlesyndication.com
URL: https://0ac3468258a2676e4f5363caa7d6254b.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=2

Protocol

Server

216.58.212.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s21-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 04 Nov 2023 14:29:51 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location: https://cm.g.doubleclick.net/pixel?google_nid=agent&google_hm=NzI5NzYxNDExMjczMTYyNTYyMw%3D%3D&google_push=AXcoOmSzePFzbhgaq5JkgY4HTQOXHQKI31_3cNoSq_Fn--_e9izHNTxKUwyhhz-pgVgyhWkHDVEi9R-FDTOz0OgBhhbCedOwB8bt
Date: Sat, 04 Nov 2023 14:29:51 GMT
Server: nginx
Connection: keep-alive
Transfer-Encoding: chunked
p3p: policyref="http://imagesrv.adition.com/w3c/p3p.xml",CP="NON DSP ADM DEV PSD IVDo OTPi OUR IND STP PHY PRE NAV UNI"

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 3342
Redirect Chain

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEDEBhkBHvHUuVnJHKhfzJgc&google_cver=1&googl...
https://cm.g.doubleclick.net/pixel?google_cver=1&google_gid=CAESEDEBhkBHvHUuVnJHKhfzJgc&google_hm=ZUZVWYXO_kqxdWdC2dXQEAAADRwAAAAB&google_nid=index&google_push=AXcoOmTKi__PVAH9OmWI7jSZBvHBwR54A7Nc5...

170 B
188 B

52ms
52ms

Image
image/png

216.58.212.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_cver=1&google_gid=CAESEDEBhkBHvHUuVnJHKhfzJgc&google_hm=ZUZVWYXO_kqxdWdC2dXQEAAADRwAAAAB&google_nid=index&google_push=AXcoOmTKi__PVAH9OmWI7jSZBvHBwR54A7Nc56sZU7wRWmKnrYtPbujlnhEVLXi1Q4uGEJj-Cur3M_5Gu4fYgW9OEMmk1zTb-1T6bw

Requested by

Host: 0ac3468258a2676e4f5363caa7d6254b.safeframe.googlesyndication.com
URL: https://0ac3468258a2676e4f5363caa7d6254b.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=2

Protocol

Server

216.58.212.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s21-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 04 Nov 2023 14:29:51 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Sat, 04 Nov 2023 14:29:51 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2B1WhOzS0mPeb%2BlTBggUzLj0Ini7USGQkSgS1qz44sLyBoDXSBZYnOe4j1RH6kmo7HoOt528unmfZo92eNdsVC7PZXlNpls22%2Fu8ggApC%2FjHbfb4sUwX7jgM9SBxARoUacT83iTrnhp5QVg%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
location: https://cm.g.doubleclick.net/pixel?google_cver=1&google_gid=CAESEDEBhkBHvHUuVnJHKhfzJgc&google_hm=ZUZVWYXO_kqxdWdC2dXQEAAADRwAAAAB&google_nid=index&google_push=AXcoOmTKi__PVAH9OmWI7jSZBvHBwR54A7Nc56sZU7wRWmKnrYtPbujlnhEVLXi1Q4uGEJj-Cur3M_5Gu4fYgW9OEMmk1zTb-1T6bw
cache-control: no-cache
cf-ray: 820d8d3528a3380a-FRA
alt-svc: h3=":443"; ma=86400
content-length: 0
expires: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 3342
Redirect Chain

https://onetag-sys.com/match/?int_id=19&redir=1&google_gid=CAESEF4qSAbBOF5r6W5QV7sFGSo&google_cver=1&google_push=AXcoOmT7qrzLjtRUmW5tqnccLIWMdkO6oFqLndriq6Tjn0ZT3Bju6wlo6MDJxaSs2V9TXQmCRKh49MEXEFXE...
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=AXcoOmT7qrzLjtRUmW5tqnccLIWMdkO6oFqLndriq6Tjn0ZT3Bju6wlo6MDJxaSs2V9TXQmCRKh49MEXEFXErx8aeY7cjAGTmt1S

170 B
188 B

50ms
50ms

Image
image/png

216.58.212.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=AXcoOmT7qrzLjtRUmW5tqnccLIWMdkO6oFqLndriq6Tjn0ZT3Bju6wlo6MDJxaSs2V9TXQmCRKh49MEXEFXErx8aeY7cjAGTmt1S

Requested by

Host: 0ac3468258a2676e4f5363caa7d6254b.safeframe.googlesyndication.com
URL: https://0ac3468258a2676e4f5363caa7d6254b.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=2

Protocol

Server

216.58.212.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s21-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 04 Nov 2023 14:29:51 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=AXcoOmT7qrzLjtRUmW5tqnccLIWMdkO6oFqLndriq6Tjn0ZT3Bju6wlo6MDJxaSs2V9TXQmCRKh49MEXEFXErx8aeY7cjAGTmt1S
strict-transport-security: max-age=15552000
cache-control: no-transform, no-cache
alt-svc: h3=":443"; ma=900, h3-29=":443"; ma=900
content-length: 0
p3p: CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'

GET
H2

200

/
onetag-sys.com/match/ Frame 3342
Redirect Chain

https://onetag-sys.com/match/?int_id=106&redir=1&google_gid=CAESEF4qSAbBOF5r6W5QV7sFGSo&google_cver=1&google_push=AXcoOmSFsn7DMzBlYjWcMWsITosMZRszeFNVNc-8ektU_wRNOS3LBEdtRsLwMCB051IViX9cVDDK-h5UlC1...
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=AXcoOmSFsn7DMzBlYjWcMWsITosMZRszeFNVNc-8ektU_wRNOS3LBEdtRsLwMCB051IViX9cVDDK-h5UlC1ZhwvyesUKeWtnOLXetQ
https://onetag-sys.com/match/?int_id=19&google_error=5

0
200 B

42ms
41ms

Image
text/plain

51.89.9.252
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://onetag-sys.com/match/?int_id=19&google_error=5

Requested by

Host: 0ac3468258a2676e4f5363caa7d6254b.safeframe.googlesyndication.com
URL: https://0ac3468258a2676e4f5363caa7d6254b.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=2

Protocol

Server

51.89.9.252 London, United Kingdom, ASN16276 (OVH, FR),

Reverse DNS

ip252.ip-51-89-9.eu

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

strict-transport-security: max-age=15552000
cache-control: no-transform, no-cache
alt-svc: h3=":443"; ma=900, h3-29=":443"; ma=900
content-length: 0
p3p: CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'

Redirect headers

pragma: no-cache
date: Sat, 04 Nov 2023 14:29:51 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://onetag-sys.com/match/?int_id=19&google_error=5
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 255
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

report
sync.teads.tv/um/ Frame 3342
Redirect Chain

https://sync.teads.tv/um?ssb_provider_id=3&uid=&google_nid=teadstv_ab&fb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dteadstv_ab%26google_hm%3D%5BVID_B64%5D&google_gid=CAESEO8uPEFiAzKv...
https://cm.g.doubleclick.net/pixel?google_nid=teadstv_ab&google_hm=&google_push=AXcoOmQAzYh8Xov-sYRX6SvELSjoXOyLq_kiNARzr5FU6DTsFJO-cH4ES_13OmXrss6FmL_G7QZZ0JOTvwMKq5W0LOC9pu5ND2I-voU
https://sync.teads.tv/um/report?eid=3&google_nid=teadstv_ab

23 B
163 B

80ms
79ms

Image
image/gif

2.16.97.41
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.teads.tv/um/report?eid=3&google_nid=teadstv_ab
Requested by: Host: 0ac3468258a2676e4f5363caa7d6254b.safeframe.googlesyndication.com
URL: https://0ac3468258a2676e4f5363caa7d6254b.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=2
Protocol: H2
Server: 2.16.97.41 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-16-97-41.deploy.static.akamaitechnologies.com
Software: pekko-http/1.0.0 /
Resource Hash: 328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

expires: Sat, 04 Nov 2023 14:29:51 GMT
pragma: no-cache
date: Sat, 04 Nov 2023 14:29:51 GMT
cache-control: max-age=0, no-cache, no-store
server: pekko-http/1.0.0
content-length: 23
content-type: image/gif

Redirect headers

pragma: no-cache
date: Sat, 04 Nov 2023 14:29:51 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://sync.teads.tv/um/report?eid=3&google_nid=teadstv_ab
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 260
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame 3342 0
12 B 51ms
51ms Image
text/html 216.58.212.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13LYy-sxY-K5K-gqSQiMWw-PotdbWIpkMR6kQruL4qIY2Ky66BjU7UJeA70W28s2n_m3c3jZJ3A

Requested by

Host: 0ac3468258a2676e4f5363caa7d6254b.safeframe.googlesyndication.com
URL: https://0ac3468258a2676e4f5363caa7d6254b.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=2

Protocol

Security

QUIC, , AES_128_GCM

Server

216.58.212.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s21-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Sat, 04 Nov 2023 14:29:51 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H3 200 DcmEnabler_01_250.js Show response
s0.2mdn.net/879366/ Frame 28C6 32 KB
11 KB 43ms
42ms Script
text/javascript 2a00:1450:4001:808::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/DcmEnabler_01_250.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/17435885309376629927/index.html?ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

fc9fe8ec0612072dc6d3b4acd268e09d28c253807f47846a5f70dd8360d1a0d1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/17435885309376629927/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Fri, 03 Nov 2023 17:05:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 77033
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11558
x-xss-protection: 0
last-modified: Tue, 14 Mar 2023 21:28:37 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 04 Nov 2023 17:05:58 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 1AB1 0
0 80ms
80ms Image
text/html 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gpt_m202311020101&jk=2136066731595673&bg=!tbaltvnNAAb4oU7C2KE7ADQBe5WfOA8Ob8J3e7M06KzCYEfF-pjbooiesyzJGyjAFmmngSRrGlPyIzaIzmIqgaLpqUSPAgAAAFlSAAAABWgBB5kDNiIazigQzMfEL4RHKD1z7eZ6phq6SwaCPavokj4k1E5hmPKo2Sw6AiA3NbVOz9G4uR3cpPM48Ml6Lzy04wCGAabZTu5vD5Mb_AysibOSDyAKUv2owvsN0ZNOrxkMXHhULgqbDRvaVaeUbmYVcjtVIGmVKUMDgf-6u3aFX245Nj9Vi4LOKpqWFMAqAshk57BNL724yjzhkbeO8ktA3sFiPIvBQlaga1SsxMC7LI3_oe9qSr-LckW0a6-WH01VTEnlrx1bIZDBKQEBYL58uZlCrHa2n7mR-3Z0hO0fFyPJC5HkHE5PLEfXx6CynQktVD_9xKCVp1q76JXTAVynZ-yDspcg7ZQJUZKG9k7TBgZpkN-UU1NmjzowOsREAgpuc2RVqekN7x9qeYeOH7oMSPJuK8UUfBuffQKPWudlq-YJ5NA1eGohzusSIhozP4UiEB_lCdzP4gUe1YWgdEcw5lvoZJaApfMT2-qyKsq7Nvxh1zUmQN24i_YG0Ls06Ptncnrbmbu136Xp7V7hpjQCf7W7eNs6ycirrFNfttcSK21p5fdd7uvqWF_tgbE609xBlfyv5mX3Kb4vFqDTj95Ve_8c1WoEvqNz_PAt3hq-nw0YaKzGvBcLn2WqWSCMWQiv8lRf6ALqNO4rtqwazO1DjsvI__HIZrHWk2FhMmv6aW6vb5BJwdZ6JcpPK7TNixUNK1QlgZB90NrK_2xA4AYszQfEoe47XlehqEaSCU7Vd-UJYbfh0GomQwDEFrahVA0w23nCDMjo_ZcaNwHYH6_z6kvBvEvPf2RUtFcaRB3lhCpF-Prdpg1DvbjWCdMWsG71zPw53ubbKFVO2HaMFnabhhTgIOLtyUDrOJ_PEcxBQViKKhUEchSUOBWHrEiYO5icHpbmsBaOY3S-euHCc92npojso4m1tVNdMP72DvMUTlhRdUwZZ6bQRIVqsieNj-8YFfXHOvRtZcLch__AA2723QGnVapSBicL_A2kG_ceNbHHJdmjMwwfs6-H93M6Nl6vIyecZ2nKnII2YDUNMn0KcUwgPaWpJHssaHQmN3XV0LbGCvj9YwwtzueWiAYAkk5MFIIZKyBdPwf2lg
Requested by: Host: www.bestone-work.com
URL: https://www.bestone-work.com/doc_WFBmaC9HUTJhOThXemNIMkhHMlhRUT09?fbclid=IwAR2toTevgLsppj6JOZjrSHBFdjHyazS0QA9jX7BxsXQ8IfaeNDAa-hnA6Bs
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.bestone-work.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

GET
H3 200 express_html_inpage_rendering_lib_200_278.js Show response
s0.2mdn.net/879366/ Frame 5761 111 KB
39 KB 40ms
40ms Script
text/javascript 2a00:1450:4001:808::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_278.js

Requested by

Host: www.bestone-work.com
URL: https://www.bestone-work.com/doc_WFBmaC9HUTJhOThXemNIMkhHMlhRUT09?fbclid=IwAR2toTevgLsppj6JOZjrSHBFdjHyazS0QA9jX7BxsXQ8IfaeNDAa-hnA6Bs

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1642dd5dc126df4feff2255cba0988528507973d842d0a73331a5873f6b9d4e5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://29878dff826212eb6f9b86cfaeef62e8.safeframe.googlesyndication.com/
Origin: https://29878dff826212eb6f9b86cfaeef62e8.safeframe.googlesyndication.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Sat, 04 Nov 2023 02:22:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 43649
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 39806
x-xss-protection: 0
last-modified: Tue, 14 Mar 2023 18:44:05 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 05 Nov 2023 02:22:22 GMT

GET
H3 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20231101/r20110914/elements/html/ Frame 5761 11 KB
4 KB 40ms
40ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20231101/r20110914/elements/html/omrhp.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-ACwu0UCPn5-dxA12GCs_Yzl-s7ceqnZDj62frU7zsX-KB_Rm311uDk9vwCm3nn4Pgu8x7UXmAzCKGyb5M5EkpVSRoG5cTuEgqD0eyQnQYxHA_jaTEUiWU9ylMhNnsp-jsCyQiA7TQ-cZa-PVQ3iJ5fxJNJkW_GTqFTE9ZfW4EZOHA-6OM&cry=1&dbm_d=AKAmf-B2OiMrW_Zn6LzOVs48vdYNjRe6JGYbHXzrLdini0LC_0Qj6eI4w-dUl1sOch5h6hbVNR_ezc8bxdamxFOJtQWGfll6cN7bFZJpyMZgWOSqwD4sxXGz8xdXs5tcQQigHGz2KZgTD6y0e5Ia20jYyk33DXNY0r-qFvqX-sWiPhqqTzcV8_ma6nWF98raWk4o_2lZBbuqa7WwowNhgII783TZnhkZ5bSriWLwUq9_cvNFTuxNe8DikyWcsF7-diw5SnX-4NajwYxTbmxoCOCtnroOmrOXysy6l038bubKUM8jv-HmWQOEcrKcozVPT_eGQA5FZU7x6JjFMI8dJATC9bWMZfGZKMvg2WumOrYI6p0RQI1NUV7dusNOpw5ooT15N3gTTJqbqBLCY4P2_0TTtV9UerYlqykW8k_uNy1sWV0Cq5pmop7-3EhZapdn51ywgpIY3_IolRdpPqczpyLJf39lvX5jj7AP5LEckhVF91VDNb1E2NANxsVMBXR-j4_EE5mRqdYa0CylpyTwixm6bplclF9NWBIZAoZ23qldss655D22EuvpzJEikirfhB-Oy1ddt-Ue-Tw2TJigL0cCOq-q-4wj0dq56lbpZ7ko1VjvKA8AwZ4QvYuvlMS-lG7tvTNhzUwWAMF3foVsIUpFPf3xfPl8d4s87OpCAS36-k-6oCLJI9qj5bkJPF7kSg0Vy_LnZ3DUET5bXHJreKH2ovZFCyRc8SuOWfrhvYUlzH_aELjU5eLp9aUs7JVqQE4bUE7h2iW4ipOifDZF9zYcxOntdMuasjZ7dSX_rc1tauRXPLrtM010vUwzwoZQfNyy9kjNDaRStMHIX_POUMBnxrlA24OcSv0U4hS167_n71UjGVvHuUWVKYCs-ppfhA-AhPcp85nWbN1gJC_RnS1_dpUERcYtquxF3HuO0MdptRlpkVn9OiVFR7-31P60IIAFszJIIWlNCaDIfspefIXrTshYm4l7CVMokIGJcSLTmNJCbvNgjfcLca6CvSymzeIpomyGvY0JxgHAKUf0JJQ2jBMuqIXoXS-cIxy0kkdatr1kUOv63oHAdvmU9TQQZPSRDrXhN2I3AXVkjwtuQzBkwtIQIFcuua2k5BYp6pQqBLRQqiOcW5KA_VXGgBgTttK8qI2KmEM-XgJqTgh8nvwi5p41gpT8mKAlJfcptW39jLQ_E1yRpnhseNWL7DBm71cQYaW8LiFKN0k3ko2LTebn-2oiC92E4HiLAVkIJMklOWMt0KdN8GEyESIUE61LPI5KOClsyLEJyXN14-NswJHv3iR-WkcUykfXnLi6DS8GXI3nZGxG9Q6hF8HbgfBUDBRPr0I98uwYCHB61D_F7iQY7StxVXWhflCtpAqwK0OzL7JShtOim_V6w3bg8PCUM-YNTq5pDSOhIYiaTj2N2UCP1NZC5YLRRbiRE8m9uX5iqQydo535agj5S5-CruCrk9rv-GApbfr74a0z4EXwSCpUpxEZ8g2Fxjh02tFL0fGkYCujBUBoW72fnbijNluXGsUNlPDYMug6WELaQkCMH419iWceVL1tTpK1uDrayRN31KMQjAhWVq_3_7RZWYIT0qp7dXY6uX2QhSfccbW1g8H7hOCLCshZHR1f8CRKCEhL9ekHwRkRFukGPPwfLs81UqsYhagVPpK2jmm4dn2SbQUj7ucc3x6h1HBM4eY0BgNbwPqZXux3g3AOujJjVX9wMtj18p27V2DkvbIA6X_HNrOhtd8-ce8r7H72O_Gm1OI2tXkEX2dMKmctg0i6pZw0Odxpa49Uwk92ooV8sxwQ97GMgTEfzJFm2qEBFvlwm39sDOdqnCUyfc1QnkHvthtW4rkHjaCsXW9hBNR1m2siLK4FJCRa05Aw0WtuU3uUiYVdr2u0R75kr8B89dAbKeS5pc5BWzW07GI3ZgPn1nwstqyNhpeukWh2lYSGMouvOUz_z3dGL3poR18V54CYvZ4z-oJvRfZZVW5Xok5U_xZSx8A3DnC4-pm15Fb_4Cp1ets05FFQ2ocfzfDElXrineChIjWYzcowDVRI_cTCrN9qf71j-K5QqX-Lqy8aQBWqw1xKJI0TpmWtWl1HdOyTFUHjBKxifF4iiI13rIZ6ljmo-ATbRoPMPy4ewgPp81_DYRFNVNynvPiIfB8DzzsFpyQ_vcduc8p9qwBrkhTycmJV5TjrcwxYixLHZDn7LFoxMWFoeq4mraL7Sa-OzeZev51Yk4MLOm1kDwh-HWa67P_JmYFPCwnZmu-1ZHCGh9WwVTaePTXlhIe0Z_yYrYHBe3SjEPl_a0siXNRbyvnBE5cGQApRgeB-vUKQJVIjcAsSTnIcaWybO1LEp3WcTibU5XKAdEUyU69TsfJ9Am1z0FshfW_yxOKAbKWDX4X3YPPBk_st2j4u_9FRZ5EPgGdhvDVmTOyAxO2unTiFsvq5Qb4En3dE7A32izolJYNR0WwhZpgQhCj1ABksT6FCjB6sv1nvh4HGvWAZCvWc4G11MgdhoIewpMxI1wfO9R1BKHQxDUEbjpaYiVgZ2_p9hzwmsUn-EJpwVPHDHd88sP0cLrd6AY8FkBHfGcpmxF_5hkIPuQV6X72w_xU0WIm31vJ6jcoU4KvBvUlMPzgnOQDxVCZLJ39CiJQ5z4uApYq4axm6hd5XD0ZTtb_YdVb7dyEzbsHNVcYFLOScsD5f22MzJV2DAEm7-OMualspotpp5CJT3A3ebwn5fmSwyowIisJnHktxJkrhOyGWDVZxGHT8Rm9wrqHrJqK42SQ4ZWa7ejys8Z-TxS2ZZylphLF3fOY1lxpNHkBp_WFKrbOQkSvGH6Pj_xbfEgJC_nIsHibTsPawoeObBBhK8qUoBibEe3Aw2POs1bSewWiSRafSoqKpnWD753ys6niTMVgYVRR9IuGjF3_PWZW-UtouZE8R33i3rji-Vte13YcwMQfFnm8-ymgzjAP4nnq6-l-cIXeL1HhiKP5rFkIH1YQmNSnQu1lzuhXKNmFcEYKy5ha2VYIjrW74QJQg9MXaQ-8Lpn2XfhXxP7KmHjABYky59qXyIlO4Y6CSgphyhWD6XtYxYafzbGVlRDK_9n2haygyyoIgvlfNnCU856RwuUeXjJT1o0M6gLuXKvbls8q9NekTf6Rc3imeSQMhAGks0u1cdP2jDxZt_1a43CPC1HDDt4K_evS9dFFc2d5xQm9jxO5zOaNVweX9tXdggmYN-kTLYqPhIaR45iP6YsjptO-_tX05QxHJbEVPf635Mn24Pvf3JakG5zCMI9Kq8VYQHLVSi6pXoMFmPj4WMFIo2tr1owB4Y5v9ebc0XJc38lAIqFfNDEkxCj7b-PW57gBAXbrY4kzXRsJ_YbQunYt9o0L8sdzKXBUAEQOcSJ_VkLwPo7snD-KCDEsD7qzukkbML0dtU0B_wNZ0_TSjZ8XHg2IfdoRIBU4AsVUtydxBAwgShfF9AXrhXsz_4LAEDJbF88iQQeG2nPGf_BQqzLbuOL2GPattfLLScDqz8z_LJLfyPsqsI3ylI7NxmfwU4EZmKAdQ4RKy9rJq7qGj9S6QzbSlHVxGd1we4gpBe2kEA5yCy30smVmPOQ7UcF9IzyAN6wDEv_nlWakKJP1AuEgoUjNKylUrju_ELoGH_neEME1LE8BLhuELN2wGg7JRIsDSr0_m2Citw-qVISNShZrL1R0xdb1IQJsb9wjXhMCkZlEe3UdWnb2BD414Su6MQONsHcVPz_a6QbYqFAn6FPbaVNfsvRfMdjpSYmphFltrgkW0g08zwwFmCNDhQ_N52dcfv-G-VRQFVgAskGHK9W8QA6aNRdjzrbrbA7SJHoSqZky9_yBYl4vjPETmok93QARr85UUgaRiwWfIPG_NGsHpxzAs65PwrntLDAyPIsY_Xw2cz6sVVQGg01tvQ_zu6dWeFjHJEBnYrwk1d8Bc0A9dHCzBETB7KDcLLbj6JI4cuXWNwoZBzt3nF4I4_d88FpspxWj5z2KYf6aHgWfKT6Csg5fYrbOMctqsTZ5JYSRnHMctqCYz5q_IpbWJPFkTtAvKZpTsam5haDGLLUEAIv6QTyJxvHY4YgEvpMoKqWtyyH73LApHqQ_vyhtZFNOiQNpU-VWK67__bTlNiEeYnfaDr7iqbucQaMhQJ5jQRXVrOUXFhv4s2-PNAfKCGHuC_AqKmTL-_g&cid=CAQSPADICaaNDB1PNgVajXp9fj6pwGUEP4z3Z4KsWLVuM_BPo7DeiadKuG9WYM8daiZDpkQx8k9axFlMIdYsWRgB&dv3_ver=m202309260101&rfl=https%3A%2F%2Fwww.bestone-work.com&ds=l&xdt=1&iif=1&cor=11504441218517932000&adk=737003102&idt=252&cac=0&dtd=12

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

47a0342d90a877ec7125c3a38706b2faefa9b867661ebcef4a98ec6cf3e60b40

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://29878dff826212eb6f9b86cfaeef62e8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Fri, 03 Nov 2023 19:24:21 GMT
content-encoding: br
x-content-type-options: nosniff
age: 68730
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4206
x-xss-protection: 0
server: cafe
etag: 17947678125179771625
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 17 Nov 2023 19:24:21 GMT

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20231101/r20110914/ Frame 5761 31 KB
12 KB 40ms
40ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20231101/r20110914/abg_lite.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

54cb15acb0c5f40e191701b259fca34a71656a5d07c750de734ce598f5f5255a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://29878dff826212eb6f9b86cfaeef62e8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Fri, 03 Nov 2023 19:28:02 GMT
content-encoding: br
x-content-type-options: nosniff
age: 68509
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11960
x-xss-protection: 0
server: cafe
etag: 17132697034905592634
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 17 Nov 2023 19:28:02 GMT

GET
H3 200 Q12zgMmT.js Show response
tpc.googlesyndication.com/sodar/ Frame 5761 41 KB
14 KB 42ms
42ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Q12zgMmT.js

Requested by

Host: www.bestone-work.com
URL: https://www.bestone-work.com/doc_WFBmaC9HUTJhOThXemNIMkhHMlhRUT09?fbclid=IwAR2toTevgLsppj6JOZjrSHBFdjHyazS0QA9jX7BxsXQ8IfaeNDAa-hnA6Bs

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

435db380c9936c0970dcd3d9941eab6aec2fcf2a38c3e2b4e02d957e8e76bd1f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://29878dff826212eb6f9b86cfaeef62e8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Fri, 03 Nov 2023 14:17:59 GMT
content-encoding: br
x-content-type-options: nosniff
age: 87112
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13937
x-xss-protection: 0
last-modified: Fri, 25 Aug 2023 23:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 02 Nov 2024 14:17:59 GMT

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame E49E 1 KB
648 B 41ms
40ms Document
text/html 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: 29878dff826212eb6f9b86cfaeef62e8.safeframe.googlesyndication.com
URL: https://29878dff826212eb6f9b86cfaeef62e8.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=2

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://29878dff826212eb6f9b86cfaeef62e8.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 43664
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=86400
content-encoding: br
content-length: 618
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sat, 04 Nov 2023 02:22:07 GMT
etag: 48472445140208031
expires: Sun, 05 Nov 2023 02:22:07 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame 5761 218 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: c7b2f1194c1e9b45584f5286cd7d8872efc745d9870c1ea56c240e0cf4e49b98

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame DE06 398 B
222 B 80ms
80ms Document
text/html 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CNHn4wEQ4JWpAhi9hsHjATAB&v=APEucNXpwduYl5k0vYRA5v-2HO-LAeIl9aSD17JqhaHZpj_1gBGSQpop0EtcT45jzFPQ6BKTgzpqfS94p1UKXNQnY66R-Mwqb0DM3bfaHESoykp1hTgQLY6sueOmBpPucp2-OPHgJAHcQk0z_4f_RmC8oUYPpewHFuhTC9gCLQaeb5FH7KBNp5Y

Requested by

Host: www.bestone-work.com
URL: https://www.bestone-work.com/doc_WFBmaC9HUTJhOThXemNIMkhHMlhRUT09?fbclid=IwAR2toTevgLsppj6JOZjrSHBFdjHyazS0QA9jX7BxsXQ8IfaeNDAa-hnA6Bs

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

dc00d2dc19a9dd32d5f89ec3d68bfed90dd775a5fa638855b7fe00d6415f379b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ad75d8a6f6312b049d5445096012f93d.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: br
content-length: 202
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sat, 04 Nov 2023 14:29:51 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 express_html_inpage_rendering_lib_200_278.js Show response
s0.2mdn.net/879366/ Frame 51BE 111 KB
39 KB 44ms
43ms Script
text/javascript 2a00:1450:4001:808::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_278.js

Requested by

Host: www.bestone-work.com
URL: https://www.bestone-work.com/doc_WFBmaC9HUTJhOThXemNIMkhHMlhRUT09?fbclid=IwAR2toTevgLsppj6JOZjrSHBFdjHyazS0QA9jX7BxsXQ8IfaeNDAa-hnA6Bs

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1642dd5dc126df4feff2255cba0988528507973d842d0a73331a5873f6b9d4e5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ad75d8a6f6312b049d5445096012f93d.safeframe.googlesyndication.com/
Origin: https://ad75d8a6f6312b049d5445096012f93d.safeframe.googlesyndication.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Sat, 04 Nov 2023 02:22:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 43649
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 39806
x-xss-protection: 0
last-modified: Tue, 14 Mar 2023 18:44:05 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 05 Nov 2023 02:22:22 GMT

GET
H3 200 omrhp_fy2021.js Show response
pagead2.googlesyndication.com/pagead/js/r20231101/r20110914/elements/html/ Frame 51BE 7 KB
3 KB 43ms
43ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20231101/r20110914/elements/html/omrhp_fy2021.js

Requested by

Host: www.bestone-work.com
URL: https://www.bestone-work.com/doc_WFBmaC9HUTJhOThXemNIMkhHMlhRUT09?fbclid=IwAR2toTevgLsppj6JOZjrSHBFdjHyazS0QA9jX7BxsXQ8IfaeNDAa-hnA6Bs

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c4b813f7aa04eca20be469b259cca2779799f58e280d73488bd7386940d2d146

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ad75d8a6f6312b049d5445096012f93d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Fri, 03 Nov 2023 20:17:00 GMT
content-encoding: br
x-content-type-options: nosniff
age: 65571
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 3071
x-xss-protection: 0
server: cafe
etag: 10674441169935035545
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 17 Nov 2023 20:17:00 GMT

GET
H3 200 abg_lite_fy2021.js Show response
pagead2.googlesyndication.com/pagead/js/r20231101/r20110914/ Frame 51BE 23 KB
9 KB 45ms
44ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20231101/r20110914/abg_lite_fy2021.js

Requested by

Host: www.bestone-work.com
URL: https://www.bestone-work.com/doc_WFBmaC9HUTJhOThXemNIMkhHMlhRUT09?fbclid=IwAR2toTevgLsppj6JOZjrSHBFdjHyazS0QA9jX7BxsXQ8IfaeNDAa-hnA6Bs

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

961f547cdb29f79eed49fddf9c4867b1f8589facfe487d6055c512950db7a914

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ad75d8a6f6312b049d5445096012f93d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Fri, 03 Nov 2023 19:25:22 GMT
content-encoding: br
x-content-type-options: nosniff
age: 68669
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9345
x-xss-protection: 0
server: cafe
etag: 15168757854195530193
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 17 Nov 2023 19:25:22 GMT

GET
H3 200 Q12zgMmT.js Show response
tpc.googlesyndication.com/sodar/ Frame 51BE 41 KB
14 KB 45ms
44ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Q12zgMmT.js

Requested by

Host: www.bestone-work.com
URL: https://www.bestone-work.com/doc_WFBmaC9HUTJhOThXemNIMkhHMlhRUT09?fbclid=IwAR2toTevgLsppj6JOZjrSHBFdjHyazS0QA9jX7BxsXQ8IfaeNDAa-hnA6Bs

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

435db380c9936c0970dcd3d9941eab6aec2fcf2a38c3e2b4e02d957e8e76bd1f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ad75d8a6f6312b049d5445096012f93d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Fri, 03 Nov 2023 14:17:59 GMT
content-encoding: br
x-content-type-options: nosniff
age: 87112
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13937
x-xss-protection: 0
last-modified: Fri, 25 Aug 2023 23:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 02 Nov 2024 14:17:59 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231101/r20110914/client/ Frame 51BE 3 KB
1 KB 45ms
45ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231101/r20110914/client/window_focus_fy2021.js

Requested by

Host: www.bestone-work.com
URL: https://www.bestone-work.com/doc_WFBmaC9HUTJhOThXemNIMkhHMlhRUT09?fbclid=IwAR2toTevgLsppj6JOZjrSHBFdjHyazS0QA9jX7BxsXQ8IfaeNDAa-hnA6Bs

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ad75d8a6f6312b049d5445096012f93d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Sat, 04 Nov 2023 11:05:10 GMT
content-encoding: br
x-content-type-options: nosniff
age: 12281
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 18 Nov 2023 11:05:10 GMT

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 41FB 1 KB
648 B 48ms
43ms Document
text/html 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: www.bestone-work.com
URL: https://www.bestone-work.com/doc_WFBmaC9HUTJhOThXemNIMkhHMlhRUT09?fbclid=IwAR2toTevgLsppj6JOZjrSHBFdjHyazS0QA9jX7BxsXQ8IfaeNDAa-hnA6Bs

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ad75d8a6f6312b049d5445096012f93d.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 43664
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=86400
content-encoding: br
content-length: 618
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sat, 04 Nov 2023 02:22:07 GMT
etag: 48472445140208031
expires: Sun, 05 Nov 2023 02:22:07 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231101/r20110914/client/ Frame 51BE 20 KB
8 KB 46ms
45ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231101/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: www.bestone-work.com
URL: https://www.bestone-work.com/doc_WFBmaC9HUTJhOThXemNIMkhHMlhRUT09?fbclid=IwAR2toTevgLsppj6JOZjrSHBFdjHyazS0QA9jX7BxsXQ8IfaeNDAa-hnA6Bs

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

11435640d1ed2fa5f24ccd7f074b66c4d191a97a2931e793be6799d2b6a5e459

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ad75d8a6f6312b049d5445096012f93d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Fri, 03 Nov 2023 19:20:48 GMT
content-encoding: br
x-content-type-options: nosniff
age: 68943
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8610
x-xss-protection: 0
server: cafe
etag: 7739385728678230190
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 17 Nov 2023 19:20:48 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame 51BE 0
0 50ms
48ms Image
text/html 2a00:1450:4001:830::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaT4Oceq1_bLxfnvZe1pvMdJ22jKBl5GOlKSmsvGNz80ekyztu_pQTH_2Zarkdq40usDRrxttMbYDLmMwD2HX1T1Q1y7Rg
Requested by: Host: www.bestone-work.com
URL: https://www.bestone-work.com/doc_WFBmaC9HUTJhOThXemNIMkhHMlhRUT09?fbclid=IwAR2toTevgLsppj6JOZjrSHBFdjHyazS0QA9jX7BxsXQ8IfaeNDAa-hnA6Bs
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:830::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ad75d8a6f6312b049d5445096012f93d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 51BE 189 KB
59 KB 69ms
68ms Script
text/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: www.bestone-work.com
URL: https://www.bestone-work.com/doc_WFBmaC9HUTJhOThXemNIMkhHMlhRUT09?fbclid=IwAR2toTevgLsppj6JOZjrSHBFdjHyazS0QA9jX7BxsXQ8IfaeNDAa-hnA6Bs

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a7b6ac83d0a5dbb3a50fb28ff292d09cdd262834c50beb293d9aad1550eac5a1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ad75d8a6f6312b049d5445096012f93d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Sat, 04 Nov 2023 14:29:51 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 60699
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1698838693892887"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 04 Nov 2023 14:29:51 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 51BE 42 B
63 B 73ms
72ms Image
image/gif 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-BEINhInTFn8tejLUPVxEoPnnpbh-iXiY8YaPJhqSEcHjVipSx6U5VYGlbUl4XR4abjCJ1wm-dzP_Y_aICu79k7x-oT9TdBv6BlpEVHz9o0M5apbJE

Requested by

Host: www.bestone-work.com
URL: https://www.bestone-work.com/doc_WFBmaC9HUTJhOThXemNIMkhHMlhRUT09?fbclid=IwAR2toTevgLsppj6JOZjrSHBFdjHyazS0QA9jX7BxsXQ8IfaeNDAa-hnA6Bs

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ad75d8a6f6312b049d5445096012f93d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 04 Nov 2023 14:29:51 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 index.html Show response
s0.2mdn.net/sadbundle/17435885309376629927/ Frame AB88 252 KB
57 KB 41ms
40ms Document
text/html 2a00:1450:4001:808::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/17435885309376629927/index.html?ev=01_250

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_278.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e7e1d181be7031c84401cd4ef1ab1d9126f9ea7a911adc6deb99788e5614c489

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://29878dff826212eb6f9b86cfaeef62e8.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
age: 129756
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 58131
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
cross-origin-resource-policy: cross-origin
date: Fri, 03 Nov 2023 02:27:15 GMT
expires: Sat, 02 Nov 2024 02:27:15 GMT
last-modified: Tue, 05 Sep 2023 08:10:59 GMT
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-xss-protection: 0

GET
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame 5761 0
0 88ms
87ms Fetch
image/gif 142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjssyNpWjz2nfe6qqQ-YgXm3fcT6fNhpBypgMKKMeWkDG8hnfeyJvY5W_UlIXmmPRIdJZ0OUNmsQpOWhtunwXurfF_9nFV0R8ch5INdr5I-9nJebfCf29FPeQWuhl-6CILCng6KZPbHoIBZEbw4V1gNP-IDMWtfkHaadyI1zlI24NRcsb_ib7y3m_sqsb42wZnqWa61GyODkzl0sZM0kzG7t2Q_LZAw8qH3kIP86r9eLGO9fTB8KfbQFXgdytaoJCASc1nxkfIDRo0TfVT875ytbcnWlZZu7xFs_q3maGPj4clOkO8Z6N0aEFh2hKNPYkzKyZEDcjLuBOoYfOWX5ctMhkxWfpSW7ZFWVot3BnM_4ylzPsh1JGEkTOl_9yuuYYlwqHMd-cCc8S_vTQ7dcO4syDtWMcRasPqXnKVssr9JVlSobiPZsuuYOE3c2vQtXfGl6a4FBJ9Y7WQxmyhNbbmvDi5ecJXWsrD4sgOxfCBgHRCufCDarfPeLgrW8I7OoLSRug6wd-11BoOsI94CJAavC8k0laJC1tn9Am9xeAFzj7NcdSlBE-cYOb3mwqXC0iEdUHAThWCF6VF5pqfA2_J_fuptqDbwU9XExLRmvZmJb84TQWncn8WesrNo9hfZPXZMK4MH7teMgWxLRvnFUfIroixi841B38vDRxo1YkuXD3U1TB1ty0r2GrpcFrRgUyupGJGXo5TlB9d4VDC9pl8Hup_ZzrOTcEXBDElz3ZMSaw-gT6H0OPwpF2m6ynaVCEWChooIwnaoJPqir7PljnQl5K837gP_vZo-Ne4stbeHuKCQ3SZZfCf3oYaMjxrTQPZZSSIoeUyqCILAG1SYqaR010JHHCCUpvwZZ1w5Db17pewhtwcwSKSBMMm1vpq_wGzjjqRAdN1RDeymnIri9WI2AvBPb5rBvcqdORXbj-td6MJllGREuYt4Z6dy9bxmMWbwpdbG4xTrK65-UVDF8vAN2IkONSiN41gcwHsIEPL2xz8RH6H_n7wDG7VwGfKJpIBM5F3OceFPXYMiPSpTf_3NiOSh720OThgyOU5z0adyNhdJ298LNfGmU9LCu6uBG3qpTAqUMb7e5FcAj5JIB3EqzHhibV_gT7q9wRaYYdtyhKO-ntfctvpH49QqqbKsHu1lnQmK3xrhq5cjIlQvJP5Y5VMxCZlAY-VPjcFlU431Ou6z0xOVsJgTWB6QV46QOSQV3T2Ppx-2ENfnoul4GpSYsmcH42xRHt_iKfsB4UqT_rRCWTH6B8qylqHxbF3VRE_BXsnfa1T75E26HQFbbaXiSYr035QC_fX36xjwApZi5gEcWJ3mvR_EwG5VNEEYdu2oFA1XIF0YhkLiz4NPIrqYAIh-gXRux84Mq9S6zk4xzSkh9PviaFu_fejI8M9l0bHDFIJjEW27JF1kGOFSNqOpWI&sai=AMfl-YQMGjFNZDTylAiDx0Sb6d0Zj2fD9XMjbpj8Q59-OyFmTCz23-lV0JNVeB-LYKuEShZo7Vpd9bXhDF2JXYU4OfEXu_BErFK78T3b-pSpPcBUft582v6ZIz2pNQTRDfk6TegQNEujNnrQBoy1LMKuU2Cd4r58Wr5Q1Rij0pghC_IJDAFayN3LIkVNniuCffXvE7m83mq82XrkqOCYTayoNdqNVk772cyh0_sElPzRMEpCxII0q2jfIqQcuhyYqr-TrfyqRQE&sig=Cg0ArKJSzMGPkqchkSE7EAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=143&cbvp=1&cstd=142&cisv=r20231101.57987&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&arae=0&ftch=1&adurl=

Requested by

Host: www.bestone-work.com
URL: https://www.bestone-work.com/doc_WFBmaC9HUTJhOThXemNIMkhHMlhRUT09?fbclid=IwAR2toTevgLsppj6JOZjrSHBFdjHyazS0QA9jX7BxsXQ8IfaeNDAa-hnA6Bs

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://29878dff826212eb6f9b86cfaeef62e8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Sat, 04 Nov 2023 14:29:51 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
content-type: image/gif
cache-control: private
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H3 200 4WwaGfWzeDAeGvs0ZrtmWMJUG7fu6zGPBJzQt4duOkA.js Show response
pagead2.googlesyndication.com/bg/ Frame EE7D 38 KB
15 KB 41ms
41ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/4WwaGfWzeDAeGvs0ZrtmWMJUG7fu6zGPBJzQt4duOkA.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/62bHydCX.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e16c1a19f5b378301e1afb3466bb6658c2541bb7eeeb318f049cd0b7876e3a40

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Fri, 03 Nov 2023 19:04:57 GMT
content-encoding: br
x-content-type-options: nosniff
age: 69894
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15096
x-xss-protection: 0
last-modified: Tue, 31 Oct 2023 13:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sat, 02 Nov 2024 19:04:57 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame E49E
Redirect Chain

https://sync-tm.everesttech.net/upi/pid/5w3jqr4k?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dg8f47s39e399f3fe%26google_hm%3D%24%7BTM_USER_ID_BASE64ENC_URLENC%7D&google_gid=CAESE...
https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_hm=&google_cver=1&google_gid=CAESEFz2MqkBVBItw-IkXtXhlyE&google_push=AXcoOmSXHdtAA30fuKIoc8HIWuZX2c1T_nz6XOAgmESC5jaUMievPi2GJA...

170 B
188 B

51ms
50ms

Image
image/png

216.58.212.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_hm=&google_cver=1&google_gid=CAESEFz2MqkBVBItw-IkXtXhlyE&google_push=AXcoOmSXHdtAA30fuKIoc8HIWuZX2c1T_nz6XOAgmESC5jaUMievPi2GJAlJkK9DDzFyhbiLXtwXWAZCjJHkc6Ggr8yeLggNdW7xiA

Requested by

Host: www.bestone-work.com
URL: https://www.bestone-work.com/doc_WFBmaC9HUTJhOThXemNIMkhHMlhRUT09?fbclid=IwAR2toTevgLsppj6JOZjrSHBFdjHyazS0QA9jX7BxsXQ8IfaeNDAa-hnA6Bs

Protocol

Server

216.58.212.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s21-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 04 Nov 2023 14:29:52 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

x-served-by: cache-fra-eddf8230042-FRA
pragma: no-cache
date: Sat, 04 Nov 2023 14:29:52 GMT
via: 1.1 varnish
server: Jetty(9.4.35.v20201120)
x-timer: S1699108192.123946,VS0,VE98
x-cache: MISS
p3p: CP="NOI DSP COR LAW PSAo PSDo IVAo IVDo OUR BUS UNI DEM"
access-control-allow-origin: *
location: https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_hm=&google_cver=1&google_gid=CAESEFz2MqkBVBItw-IkXtXhlyE&google_push=AXcoOmSXHdtAA30fuKIoc8HIWuZX2c1T_nz6XOAgmESC5jaUMievPi2GJAlJkK9DDzFyhbiLXtwXWAZCjJHkc6Ggr8yeLggNdW7xiA
cache-control: no-cache
accept-ranges: bytes
content-length: 0
x-cache-hits: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame E49E
Redirect Chain

https://tr.blismedia.com/v1/api/sync/AdxPixel?google_gid=CAESELToA51-wQ3lPQz2olqifow&google_cver=1&google_push=AXcoOmSGJHoywmMPL42PVmL2sjJA9TJwat9VKjX8dqepjmZWYhgpJzKOg1PSePTePMkwppRVGYtIN18yOU4FpZ...
https://cm.g.doubleclick.net/pixel?google_nid=blismobile&google_push=AXcoOmSGJHoywmMPL42PVmL2sjJA9TJwat9VKjX8dqepjmZWYhgpJzKOg1PSePTePMkwppRVGYtIN18yOU4FpZ5O0TF3OLEahPsSfQ&google_hm=hmVGVV_3M59cyr9...

170 B
188 B

54ms
52ms

Image
image/png

216.58.212.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=blismobile&google_push=AXcoOmSGJHoywmMPL42PVmL2sjJA9TJwat9VKjX8dqepjmZWYhgpJzKOg1PSePTePMkwppRVGYtIN18yOU4FpZ5O0TF3OLEahPsSfQ&google_hm=hmVGVV_3M59cyr9Ueg&google_redir=https%3A%2F%2Ftr.blismedia.com%2Fv1%2Fredirect%2FAdxPixel%3F%25%25GOOGLE_ERROR_PAIR%25%25%26partner_device_id%3D6546555FF7339F5CCABF547ABLIS

Requested by

Host: 29878dff826212eb6f9b86cfaeef62e8.safeframe.googlesyndication.com
URL: https://29878dff826212eb6f9b86cfaeef62e8.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=2

Protocol

Server

216.58.212.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s21-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 04 Nov 2023 14:29:51 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=blismobile&google_push=AXcoOmSGJHoywmMPL42PVmL2sjJA9TJwat9VKjX8dqepjmZWYhgpJzKOg1PSePTePMkwppRVGYtIN18yOU4FpZ5O0TF3OLEahPsSfQ&google_hm=hmVGVV_3M59cyr9Ueg&google_redir=https%3A%2F%2Ftr.blismedia.com%2Fv1%2Fredirect%2FAdxPixel%3F%25%25GOOGLE_ERROR_PAIR%25%25%26partner_device_id%3D6546555FF7339F5CCABF547ABLIS
date: Sat, 04 Nov 2023 14:29:51 GMT
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H2 200 usersync.aspx
dis.criteo.com/dis/ Frame E49E 43 B
363 B 421ms
41ms Image
image/gif 178.250.1.9
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dis.criteo.com/dis/usersync.aspx?r=4&p=14&cp=google&cu=1&url=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcjp%26google_hm%3D%40%40CRITEO_USERID%40%40%26google_push%3DAXcoOmR91362z-ddSMemUEKKSiiV3_rmufMbF8ksOJpIkriOH7UL0W6swk3lNM4Pa0L3MHO1cReQHcioif4G9XQvn1Au3GBMkRjn8w&google_gid=CAESEOMwyoYd93xtwphQAZHvCqw&google_cver=1

Requested by

Host: 29878dff826212eb6f9b86cfaeef62e8.safeframe.googlesyndication.com
URL: https://29878dff826212eb6f9b86cfaeef62e8.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=2

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.1.9 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 04 Nov 2023 14:29:51 GMT
x-errorlevel: 0
strict-transport-security: max-age=31536000; preload;
server: Kestrel
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
content-type: image/gif
cache-control: no-cache
cross-origin-resource-policy: cross-origin
server-processing-duration-in-ticks: 281660
expires: Sat, 04 Nov 2023 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame E49E
Redirect Chain

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEIgVQAZp7Gy14rF8lUJ2kH0&google_cver=1&google_push=AXcoOmQtioyKdXYQSvDmW7erHQ54ndiBvQLsQFET6aBiufvHQCcPwxOG_YePjaLTVesZcDFQdE8...
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TE9LNTVCUTQtQi0xWTg4&google_push=AXcoOmQtioyKdXYQSvDmW7erHQ54ndiBvQLsQFET6aBiufvHQCcPwxOG_YePjaLTVesZcDFQdE82sSHWVkZB8613A95ZwsoFXs_A

170 B
188 B

49ms
49ms

Image
image/png

216.58.212.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TE9LNTVCUTQtQi0xWTg4&google_push=AXcoOmQtioyKdXYQSvDmW7erHQ54ndiBvQLsQFET6aBiufvHQCcPwxOG_YePjaLTVesZcDFQdE82sSHWVkZB8613A95ZwsoFXs_A

Requested by

Host: www.bestone-work.com
URL: https://www.bestone-work.com/doc_WFBmaC9HUTJhOThXemNIMkhHMlhRUT09?fbclid=IwAR2toTevgLsppj6JOZjrSHBFdjHyazS0QA9jX7BxsXQ8IfaeNDAa-hnA6Bs

Protocol

Server

216.58.212.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s21-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 04 Nov 2023 14:29:52 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Content-Type: text/html
Location: https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TE9LNTVCUTQtQi0xWTg4&google_push=AXcoOmQtioyKdXYQSvDmW7erHQ54ndiBvQLsQFET6aBiufvHQCcPwxOG_YePjaLTVesZcDFQdE82sSHWVkZB8613A95ZwsoFXs_A
Cache-Control: no-cache,no-store,must-revalidate
content-length: 0
X-RPHost: a66cbf3142c6ef39e3614b84a34262cf
Expires: 0

GET
H2 204 -
s.ad.smaato.net/c/n/// Frame E49E 0
236 B 445ms
66ms Image
text/plain 2600:9000:2127:4600:1b:5138:8a40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s.ad.smaato.net/c/n///-?adNetInit=g&google_gid=CAESEBwvIDIFp3oojrkxS1ysNuA&google_cver=1&google_push=AXcoOmT4AQwVwtnwPluYNH3KeVmADiSZ6mhd3XU9ID1g4YVVTOSq2aE9bgL9piRyH_-pY_mDd5WL9_9i9l79EincbWiWzLk1BN9G
Requested by: Host: 29878dff826212eb6f9b86cfaeef62e8.safeframe.googlesyndication.com
URL: https://29878dff826212eb6f9b86cfaeef62e8.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=2
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2127:4600:1b:5138:8a40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: CloudFront /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Sat, 04 Nov 2023 14:29:52 GMT
cache-control: no-cache, must-revalidate
via: 1.1 2a9856881d192b485d1bf1928e98c7ec.cloudfront.net (CloudFront)
server: CloudFront
x-amz-cf-pop: PRG50-C1
x-amz-cf-id: 8ixD2rR4up3tHdbAeDKlODyNC0YNlbrsW9f3TcZ0tW2wlPNaMTpWxg==
x-cache: Miss from cloudfront

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame E49E
Redirect Chain

https://onetag-sys.com/match/?int_id=19&redir=1&google_gid=CAESEF4qSAbBOF5r6W5QV7sFGSo&google_cver=1&google_push=AXcoOmQrVXgr7CWqS1KeLc59W_KiQphqIJw-RaLeO1RjH5hErbECU_a46GFJnd6GowaOOQxFp9x84xQvkUIF...
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=AXcoOmQrVXgr7CWqS1KeLc59W_KiQphqIJw-RaLeO1RjH5hErbECU_a46GFJnd6GowaOOQxFp9x84xQvkUIFVM4p5N24roxzP_XPGA

170 B
188 B

52ms
51ms

Image
image/png

216.58.212.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=AXcoOmQrVXgr7CWqS1KeLc59W_KiQphqIJw-RaLeO1RjH5hErbECU_a46GFJnd6GowaOOQxFp9x84xQvkUIFVM4p5N24roxzP_XPGA

Requested by

Host: 29878dff826212eb6f9b86cfaeef62e8.safeframe.googlesyndication.com
URL: https://29878dff826212eb6f9b86cfaeef62e8.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=2

Protocol

Server

216.58.212.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s21-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 04 Nov 2023 14:29:51 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=AXcoOmQrVXgr7CWqS1KeLc59W_KiQphqIJw-RaLeO1RjH5hErbECU_a46GFJnd6GowaOOQxFp9x84xQvkUIFVM4p5N24roxzP_XPGA
strict-transport-security: max-age=15552000
cache-control: no-transform, no-cache
alt-svc: h3=":443"; ma=900, h3-29=":443"; ma=900
content-length: 0
p3p: CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'

GET
H2

200

report
sync.teads.tv/um/ Frame E49E
Redirect Chain

https://sync.teads.tv/um?ssb_provider_id=3&uid=&google_nid=teadstv_ab&fb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dteadstv_ab%26google_hm%3D%5BVID_B64%5D&google_gid=CAESEO8uPEFiAzKv...
https://cm.g.doubleclick.net/pixel?google_nid=teadstv_ab&google_hm=&google_push=AXcoOmRQAgUskb3W83HTb1uNYef-EpetFn2T-f4Sy6qpRaeVbV0oJ_lYHPMOev08OyEEQEoRRoCQyMMNIKjZjG48-n9ipNF4cOsmwfE
https://sync.teads.tv/um/report?eid=3&google_nid=teadstv_ab

23 B
163 B

81ms
81ms

Image
image/gif

2.16.97.41
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.teads.tv/um/report?eid=3&google_nid=teadstv_ab
Requested by: Host: 29878dff826212eb6f9b86cfaeef62e8.safeframe.googlesyndication.com
URL: https://29878dff826212eb6f9b86cfaeef62e8.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=2
Protocol: H2
Server: 2.16.97.41 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-16-97-41.deploy.static.akamaitechnologies.com
Software: pekko-http/1.0.0 /
Resource Hash: 328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

expires: Sat, 04 Nov 2023 14:29:51 GMT
pragma: no-cache
date: Sat, 04 Nov 2023 14:29:51 GMT
cache-control: max-age=0, no-cache, no-store
server: pekko-http/1.0.0
content-length: 23
content-type: image/gif

Redirect headers

pragma: no-cache
date: Sat, 04 Nov 2023 14:29:51 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://sync.teads.tv/um/report?eid=3&google_nid=teadstv_ab
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 260
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame E49E 0
12 B 55ms
54ms Image
text/html 216.58.212.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13I2z897w6WVLXtWd9j-xyTttfZk3yXgNnz4UyQ-OU7K8pSMKnkDVgP3anwhFraSg1DDSaK0oQ

Requested by

Host: 29878dff826212eb6f9b86cfaeef62e8.safeframe.googlesyndication.com
URL: https://29878dff826212eb6f9b86cfaeef62e8.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=2

Protocol

Security

QUIC, , AES_128_GCM

Server

216.58.212.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s21-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Sat, 04 Nov 2023 14:29:51 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame AB99 0
0 80ms
80ms Image
text/html 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gpt_m202310310101&jk=1899101359555269&bg=!FxSlFFvNAAb4oU7C2KE7ADQBe5WfONt7cDggy9H4i3vzbqHI5MEPxPLyun9NGgV-Op_HNbjmb10FfykxnT-18hEKx7a8AgAAAG1SAAAAB2gBB5kDVk8IXmBTvrFfEH-MMw3NKNjjRF0KnnzsKmZpvYNzcuVRcDfjPwn2qwzeo7YMxeW-viPGM_ezCdo5qA6O9XqY_4RcQLHqj7_lLonNU-oyQlPWLaWxnfCRjOgPbaW_w5wLsNqTthOQ2Z_GFruqIBfevh_lE1RJ-RH6QyvLm7m3bTtJFsTCofg3ZTtfsfXNmoHABRxLa7Bv4OuKVYV3xHffEDa_cvlCnDL0RsQnbwcT5lPew5f7ydl-8i_eBrx-LefipnesZ1PmmXb8Vd0ma2USYVERXAfxnpmVKCyn_unw_cDZHJCzjpeQ89Ja67nRh-k9N3xKkB2CiiVBtPuoxZJsj4WxMvVBQ8pWZglvwWUSCQj8Hd2t9HB7fzcgO-a_wliZCohcn0xMXUG3e93l6q3OfFLeExJiG3SDghwI0o-i5k2Umk3F10nlPHS3xs1Pbe48K3MuSTji868DxADcraxC013spmsNIg11xhbr37PVG11OJ9-LRKoHYsPA4B-uRqA0pEOw3K-lPTUG-zHGt7SDw6rIqYV3Wxf_LH8fp4cStCP_cFOwDsx4qoQSDPGsw_C20rBRdWwjNr37MvM1kw9XiJKdkjRPbKgcIqai_8fLWd--geBfGWUxSxzUrVMxRF9kQUfIRd9QnbNzLZsnQlFS0pfoQojnsTLMotDtyQlTun-59nRuDSw7d4iFMC90lyFAaFW0lS4TEf9n096BmmSGnsr-UbuelD5qGBuivQRm-AFZ4fOUdjAKkDuBvqQpAHshJMfkcgbwZevMJcRiAe1wCQzwqYNDYEXT6fnHwDVMSKtrxFIm16YO64Dg8a4tzikt1KDHUNRNHqjLJNJPWi2KC3shv4VrgFlMfgtHzDnwfkyVjfR63U6CKsq706focJC94-s1kpJ5WyWHR47Y7zZJ8KAZD44qbgqE1HgrSSK6hCc3P_Hso_GN6g6kPDg_TcVg_bEE1E6l_E7YSzANUjHwBqJH3Q4_IyNf7vvVn8P2IVeHyY9A7mrqf9XHczVt5NDuI7MO8xZNHMK8BPZVbzk3mDMBE7IXdqjn0lfCOISGfLZrN_hrlKFjmG4yq3KXAujzf4ApZdfN8gNSpHjcizCAx1uMdfir2m5ot4mNVpXmJQHEzwdh08D9
Requested by: Host: www.bestone-work.com
URL: https://www.bestone-work.com/doc_WFBmaC9HUTJhOThXemNIMkhHMlhRUT09?fbclid=IwAR2toTevgLsppj6JOZjrSHBFdjHyazS0QA9jX7BxsXQ8IfaeNDAa-hnA6Bs
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.bestone-work.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

GET
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame E1E4 0
0 78ms
78ms Fetch
image/gif 142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsuS1nGboSfmghTkO9gQJBA431aGyb27df3BsmQxao351QyJA_eIgGzhHYfpixBQBJM2GlntLyaFPOFTFkU-SgC7S6LH6YKfTWgTOBPpKyjghjoh2sz_fGk4SLV9xufEiyJqSvoazP3zGoF-_QR7WdvQVl5iX18vgv5OsuE2B6O6f6KMEzh2MSsHOi8G3yAtpRNF6qYbZl5ivBMVceQ0-cLPhcDV01fvNlJIb2ZYXspr4g8imkXlUsa9Xh67QJnvTPaZCE4ZYHncDdI7IW21ZK61smyZ0Tsj_LGUriFrE5axK67olUF0ZeaaZF61gKvYgDlR9m1E4Wqt37HZ4utYarLTxqmCSMLBBHeHmZzpfUWmRb73iSKeBUb7f4UPd6SJZ2dNBHqpq7z-q2bR5zAy7MiPBejOI_hdNLh27whwQUqyTxyId2ff0AA40NRyOsj7Li-S9aljKDbU9YPhE83ZQU19qe0KqOWI27Zu5q2HVtr0Halo5e07ylAMpZgYc2x3a0BMRvG4UxUPYUxMulAMVgovdgkcKqbJ2v16GnaTxNQixvqIiIEwIr0itHG_Ku_4GK6eefYMKHE5TZ5cQU_jwrHxNhQzcu6vbKv9hYnbIKvNu79KWSNhTztox8tR2IefvvnOAG7lcxuR0Zjm3ke2VEFxt9Sy8-IoKJE9VLZc3F7D-ywIxWrTlh8dIUj3mgXR_4B3K9A8QB-OhAH2bQqZ6zKSzALgnr9BStt0UTZ7hZiRHUkp_n_-wHUbC6SbSxqLnR_4ZFx9aZn-xMtJ_JjzP0riM0WwFMvTI3AF4273Dg3rYCPsxaaOi1N3MSfzxWQrmcR6YCexvZr2M9chnkGgzj-ZIfBrwrB-xhNm38DJ3oq1YJCmgBHFqlZatJcOZskrvILMkSFgfnZ9q1TJwXae9UodWw6u-CeUi-ESgqZASILitaeDqi-3m_xuf9iKfBcd0PhAqHYB2dQUwYZc955V3VRpnq1ZFBt9UCvCxu8d_ICfDuoR--f4KBLt0445vH8AjiACg9PnodCrdHbDA09_UoZs7dAxmb6ME1LUQT5zLcyRQsuJh3VeUMrNX5zh_gWZAnNxwfD1bYQvwFMkP1zErR8ks14iVijGcx0f-NvaTjMDNWiA7Rlu4vKBaXylUeMo4NW_tSiQpoA2OpwP03DeaYCYHjjZRutaSqr45PmwJt1xF7fxN9e8i6w2bMuxpndTrqcER8aLZlhOCL4ip1p-o22Uu-Vtc_wX9imvzHBvLBjMQ3tWPl5nzpcBS9ZzI4wzehM1yHZ4hscBM2WzUwTTLPf2gM7cBBrX9gbjMphFfHRq4CBQbUH1iEOq_d-J8_WdbmmySChk1IO3AtJxaZ6RFMoioHOxGeTjA2ZgCni0FGUmzC2UpvP1uRjHuJcnuWifuLuQNOPZYoJlUTEG-5c7Ofi6&sai=AMfl-YRu95yVcnfECEuiZOrQLtzjJPFZJ6cSzG-aXABvgh2EL67yvxFAEYnxbw67l9C1bW_hT8jyyzEQRKATuQVd5XGvWuVIj9tT28HAgaKaee5CO9jIwBDGJ-8yALL8P7Z_NcTaiZVEASmalr3go1A8xIzfcG0PuL-lvIUceTwlk-MnO8o6Qcey-5kNnkbnnovfJRzIWhcJ9Hw_82g29fdE0zBpnr3OPg5wJhsiRmq8M_oqDrqanjGGKmNt5WZ101aoewRb6ZA&sig=Cg0ArKJSzL_z6m7jH5B5EAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=345&vt=11&dtpt=260&dett=3&cstd=81&cisv=r20231101.53321&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&arae=0&ftch=1&adurl=

Requested by

Host: www.bestone-work.com
URL: https://www.bestone-work.com/doc_WFBmaC9HUTJhOThXemNIMkhHMlhRUT09?fbclid=IwAR2toTevgLsppj6JOZjrSHBFdjHyazS0QA9jX7BxsXQ8IfaeNDAa-hnA6Bs

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://0ac3468258a2676e4f5363caa7d6254b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Sat, 04 Nov 2023 14:29:51 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H2

200

/
rtb-csync.smartadserver.com/redir/ Frame DE06
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=smartrtb_dbm&google_cm&google_dbm
https://rtb-csync.smartadserver.com/redir/?partnerid=76&partneruserid=CAESEErU7eAmwBtrMVc5269vxU0&google_cver=1

43 B
113 B

346ms
56ms

Image
image/gif

185.86.139.103
SMARTADSERVER

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb-csync.smartadserver.com/redir/?partnerid=76&partneruserid=CAESEErU7eAmwBtrMVc5269vxU0&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CNHn4wEQ4JWpAhi9hsHjATAB&v=APEucNXpwduYl5k0vYRA5v-2HO-LAeIl9aSD17JqhaHZpj_1gBGSQpop0EtcT45jzFPQ6BKTgzpqfS94p1UKXNQnY66R-Mwqb0DM3bfaHESoykp1hTgQLY6sueOmBpPucp2-OPHgJAHcQk0z_4f_RmC8oUYPpewHFuhTC9gCLQaeb5FH7KBNp5Y
Protocol: H2
Server: 185.86.139.103 , France, ASN201081 (SMARTADSERVER, FR),
Reverse DNS
Software: /
Resource Hash: 89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Sat, 04 Nov 2023 14:29:51 GMT
content-type: image/gif

Redirect headers

pragma: no-cache
date: Sat, 04 Nov 2023 14:29:51 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://rtb-csync.smartadserver.com/redir/?partnerid=76&partneruserid=CAESEErU7eAmwBtrMVc5269vxU0&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 316
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
rtb-csync.smartadserver.com/redir/ Frame DE06 43 B
114 B 412ms
52ms Image
image/gif 185.86.139.103
SMARTADSERVER

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb-csync.smartadserver.com/redir/?partnerid=76&partneruserid=GOOGLE_HOSTED_PI&redirurl=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dsmartrtb_dbm%26google_cm%26google_hm%3DSMART_USER_ID_B64
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CNHn4wEQ4JWpAhi9hsHjATAB&v=APEucNXpwduYl5k0vYRA5v-2HO-LAeIl9aSD17JqhaHZpj_1gBGSQpop0EtcT45jzFPQ6BKTgzpqfS94p1UKXNQnY66R-Mwqb0DM3bfaHESoykp1hTgQLY6sueOmBpPucp2-OPHgJAHcQk0z_4f_RmC8oUYPpewHFuhTC9gCLQaeb5FH7KBNp5Y
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 185.86.139.103 , France, ASN201081 (SMARTADSERVER, FR),
Reverse DNS
Software: /
Resource Hash: 89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Sat, 04 Nov 2023 14:29:51 GMT
content-type: image/gif

GET
H3 200 62bHydCX.html Show response
tpc.googlesyndication.com/sodar/ Frame ADFF 38 KB
13 KB 40ms
39ms Document
text/html 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/62bHydCX.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Q12zgMmT.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

eb66c7c9d097d5ba414230f422484c17fa6f37157d30e1ded2cc5f65a9667987

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://29878dff826212eb6f9b86cfaeef62e8.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 81992
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: br
content-length: 13045
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Fri, 03 Nov 2023 15:43:19 GMT
expires: Sat, 02 Nov 2024 15:43:19 GMT
last-modified: Fri, 25 Aug 2023 23:48:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 index.html Show response
s0.2mdn.net/sadbundle/4486057005446783324/ Frame C69B 6 KB
2 KB 46ms
44ms Document
text/html 2a00:1450:4001:808::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/4486057005446783324/index.html?ev=01_250

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_278.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9a1ad8599d395bf94f20d32a7d2a17b7506a52737e6b34677be70fcf180dd3b9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ad75d8a6f6312b049d5445096012f93d.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
age: 138435
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 2130
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
cross-origin-resource-policy: cross-origin
date: Fri, 03 Nov 2023 00:02:36 GMT
expires: Sat, 02 Nov 2024 00:02:36 GMT
last-modified: Tue, 18 Apr 2023 13:53:17 GMT
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-xss-protection: 0

GET
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame 51BE 0
0 86ms
85ms Fetch
image/gif 142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsuCasgvE-PCbLfZt3WSjU3Gc6Y-L_roApz7dbwr9KEiWhhdjy1DEpYTpxiRZCGDutSSLuVQTqghmrD7Dqa36AunV1p9xbhtFOkJgCOp3R5TAuD2tr1uM-NWjbnHbZCFb27gj1XhRII7DpFqt-Tr1gl5lWE2QeqfO-Bz7FM9It__kPWoXZ6paNLyQwkMAVgiJ8hlVyZG1s2Hip5x3aw6j-WgR4yc7T6x5tcvoY987Xb-y8DDJogBfEvSlwrCbfC1LwG5lyX6Hq9rqTMN_KadWOEDiglon1ayS2Cu9VSWrA9GKUcQXEFTGyifEdIk97rcwUF_zv6D50GvZ6PX-gFX3iLNOmYEEN3R9ZxaxgBsxX_9KclOCGOd8gKJqScfescHRwRz1iauuQJD-SKOhEVYkcPMGAJonkd79s4vLMHXhYc_0tu4WCfsJpJo0izdpkqZhxuPKIQ9qUTMlgV8em5bCwShCsJako1gvnb35oB_Ib6dR282t5y9wB09K4AqXksXtFtv_lCXWtVvZUJCPwDQ2lMtjGXnFb9MERuHk9ZDs1V1NNTyS17uBAn8WWN1SRMR1pkqA1wfNWCfT7eQQR9LtGOKlkK8KtHRQkNC9LZ5p_lpPMqmLRkYB19Y8WOtlKadNwkQM-rEDQZlM7CpBYKwH6Rhg6Re6ncY8BoAhMJ9Z4Clw68yAuDv0Hjr3Msdzw0Jy0MyiknjkGV7w-DBkTpwTfO78SWhhwJ0AwziXhsTkzaPr7gDXH6FmFuZpXNiGHBWaMqup2yhle6wIvNkkR3v5x4WMl0LFhRahsKacBppzPA7rUuahzPhyi4QNRDFkwsfSVvij5h_70Y8XfjhmFtphpC1A5CH5MYa-755QKVrAZHmloyd6JDAHZsS0xPvX08w81dGq7PuXbrSDPMIyTKLAtZ9XW_j9hO8YWqvdAZvzoIo0w4qjNm7ZAIszrIcbt2NVRD1YRgosaU9sknqRDAWLYfQ_UGuFB24m4b16lhXFXoSdUdifSdV7jkXHCbXBK8_ewfZLZS1loPMLcbp2DKSyT29ufteyIn4pQS2vLoBEtsCWBdbNfPL02sKiSA6tvEyDkoUmdK2fKZuQoEg7wQM3yIKZIOw3gj1ZMdVRgwym_SBqSqrsfFONPb_xyeQMYoSf1ktS6n2rySXQRJ4mk12PkH0dbZV8b1v7snv2vAPveg-aRKTyMrNrGJ4g8JmsUGRzXr49T_CLSA2Yc73B7kV4UNcFRgB-hUy6d-EOcMgF1RbPNoyjXyd3y7BgzGNhZFerrLUuzRtsdXg4YzjGEHIQE4LFYsKalXAV3YwzvbX1hQRrYPMxgXQQMz9uX7b5kz5OzqPA_OugwEwORzOOX7clXfwBi3NwVo-xKoCA6_DRvroPxzY0pUOVAngDF-NKR6tRvhSMUBSR-hS81AeiCrw1WM2tdUnbsYFgX5Hq8MGXS8&sai=AMfl-YSov4F4ArQkOsw4epLeZ48l7s68jt1Cn7MLCoq2nIJpKlYm09j-5qmiJ-J89Sasz0U6Fefck3NMkau7m9n9kw3kV_Si0GLudlUzOW1lamej6hCkA3FohgkM5cWbVXEgd0nvWjOyp3TtGSHjTDGCz-eWrhfbaXfg6moOj4kNRmZd4p9_dkGUsqYEuLLOht2CU8FaWbSnkxxewl2YSP0NBGSD3x_dELWJV-RGxIev4dRK6R5je-n0tF14qk0gZQuGtoFNaH_6KVq8C6ekZXQZHFolI-UlUaodMZv4dDFIxq4H4iUqrjt2qwQSoj0HRaW-060dhx4LxpkN_pRcgGpLiaLIF5acQOKBHtIocIBj3ef6bQDY2Ohr0sbYiztAU_DlAupEwk9icixcccSyBN2cRUAMhFym&sig=Cg0ArKJSzGpHcHFh1XPEEAE&uach_m=[UACH]&pr=missingexchangepricemacro&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=122&cbvp=1&cstd=120&cisv=r20231101.82804&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&arae=0&ftch=1&adurl=

Requested by

Host: www.bestone-work.com
URL: https://www.bestone-work.com/doc_WFBmaC9HUTJhOThXemNIMkhHMlhRUT09?fbclid=IwAR2toTevgLsppj6JOZjrSHBFdjHyazS0QA9jX7BxsXQ8IfaeNDAa-hnA6Bs

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ad75d8a6f6312b049d5445096012f93d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Sat, 04 Nov 2023 14:29:51 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
content-type: image/gif
cache-control: private
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H3 200 62bHydCX.html Show response
tpc.googlesyndication.com/sodar/ Frame 1A2A 38 KB
13 KB 360ms
39ms Document
text/html 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/62bHydCX.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Q12zgMmT.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

eb66c7c9d097d5ba414230f422484c17fa6f37157d30e1ded2cc5f65a9667987

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ad75d8a6f6312b049d5445096012f93d.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 81993
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: br
content-length: 13045
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Fri, 03 Nov 2023 15:43:19 GMT
expires: Sat, 02 Nov 2024 15:43:19 GMT
last-modified: Fri, 25 Aug 2023 23:48:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame 51BE 214 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: c72a846d15982078839c05cab87c4fab8f4188a8b39ab5333f34e9be61fac65c

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 DcmEnabler_01_250.js Show response
s0.2mdn.net/879366/ Frame AB88 32 KB
11 KB 43ms
42ms Script
text/javascript 2a00:1450:4001:808::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/DcmEnabler_01_250.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/17435885309376629927/index.html?ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

fc9fe8ec0612072dc6d3b4acd268e09d28c253807f47846a5f70dd8360d1a0d1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/17435885309376629927/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Fri, 03 Nov 2023 17:05:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 77033
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11558
x-xss-protection: 0
last-modified: Tue, 14 Mar 2023 21:28:37 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 04 Nov 2023 17:05:58 GMT

GET
H2 204 current
dclk-match.dotomi.com/match/bounce/ Frame 41FB 0
104 B 360ms
75ms Image
text/plain 2a02:fa8:8806:12::1400
VCLK-EU-SE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dclk-match.dotomi.com/match/bounce/current?networkId=14000&version=1&google_gid=CAESEJmpKcavTn6Y0846aG3qpuA&google_cver=1&google_push=AXcoOmS2sWnJJw-maIMekyNSR07lctD5eWtPXo3yYh5bsfWyBA-gCo0p5gvAOohGFN1hM-NoBox_b5CQnrVZBJNZ7ZfcPYbDuQU4
Requested by: Host: ad75d8a6f6312b049d5445096012f93d.safeframe.googlesyndication.com
URL: https://ad75d8a6f6312b049d5445096012f93d.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=2
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2a02:fa8:8806:12::1400 , Singapore, ASN41041 (VCLK-EU-SE, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 04 Nov 2023 14:29:52 GMT
cache-control: no-cache, private, max-age=0, no-store
server: nginx
expires: 0

GET
H2 200 UCookieSetPug
image6.pubmatic.com/AdServer/ Frame 41FB 0
166 B 334ms
51ms Image
text/html 185.64.190.78
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESEJtXni7gKzHhGO_iHLDTTWI&google_cver=1&google_push=AXcoOmTe0UMqzEwXr1OqzJ8VPzFBNi5r8L5L1zpWzCU98hdoVoRhd8HHLVEtpAWOcJ6p_zYRSj66TOTVo_OpDhbp88TqpLhdI3E
Requested by: Host: ad75d8a6f6312b049d5445096012f93d.safeframe.googlesyndication.com
URL: https://ad75d8a6f6312b049d5445096012f93d.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=2
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 185.64.190.78 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
date: Sat, 04 Nov 2023 14:29:52 GMT
content-length: 0
content-type: text/html; charset=UTF-8

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 41FB
Redirect Chain

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEIgVQAZp7Gy14rF8lUJ2kH0&google_cver=1&google_push=AXcoOmRPS5rmC3jH3_d6se-te0hiefAoVYMU0BYvXcP0Yiz2oOnaDlMZlgPAdWa-Zwi9epW_jVZ...
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TE9LNTVCUTMtMVktRlA5NA==&google_push=AXcoOmRPS5rmC3jH3_d6se-te0hiefAoVYMU0BYvXcP0Yiz2oOnaDlMZlgPAdWa-Zwi9epW_jVZVA4kc9NumbcmSY1fPmEReKr_T

170 B
188 B

51ms
51ms

Image
image/png

216.58.212.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TE9LNTVCUTMtMVktRlA5NA==&google_push=AXcoOmRPS5rmC3jH3_d6se-te0hiefAoVYMU0BYvXcP0Yiz2oOnaDlMZlgPAdWa-Zwi9epW_jVZVA4kc9NumbcmSY1fPmEReKr_T

Requested by

Host: ad75d8a6f6312b049d5445096012f93d.safeframe.googlesyndication.com
URL: https://ad75d8a6f6312b049d5445096012f93d.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=2

Protocol

Server

216.58.212.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s21-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 04 Nov 2023 14:29:52 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Content-Type: text/html
Location: https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TE9LNTVCUTMtMVktRlA5NA==&google_push=AXcoOmRPS5rmC3jH3_d6se-te0hiefAoVYMU0BYvXcP0Yiz2oOnaDlMZlgPAdWa-Zwi9epW_jVZVA4kc9NumbcmSY1fPmEReKr_T
Cache-Control: no-cache,no-store,must-revalidate
content-length: 0
X-RPHost: 8f052d4f888ae4e0626c5f819879cacd
Expires: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 41FB
Redirect Chain

https://ap.lijit.com/dsp/google/pixelmatch?google_gid=CAESEMuACVMc_MMFAftabEWYhIg&google_cver=1&google_push=AXcoOmSRENYMWEqmD1J2iouIsqN4AtfQJ7j-nYRLGz8aRTYXsAPGNTZiKihfyYURfbp8BzitZhqL3zlup6Y5ON8rY...
https://ap.lijit.com/dsp/google/pixelmatch?google_gid=CAESEMuACVMc_MMFAftabEWYhIg&google_cver=1&google_push=AXcoOmSRENYMWEqmD1J2iouIsqN4AtfQJ7j-nYRLGz8aRTYXsAPGNTZiKihfyYURfbp8BzitZhqL3zlup6Y5ON8rY...
https://cm.g.doubleclick.net/pixel?google_nid=sovrn&google_push=AXcoOmSRENYMWEqmD1J2iouIsqN4AtfQJ7j-nYRLGz8aRTYXsAPGNTZiKihfyYURfbp8BzitZhqL3zlup6Y5ON8rYnVtH4NJypHx&google_hm=HmbFrGZHoNwYQcmcQmCmknph

170 B
188 B

53ms
53ms

Image
image/png

216.58.212.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=sovrn&google_push=AXcoOmSRENYMWEqmD1J2iouIsqN4AtfQJ7j-nYRLGz8aRTYXsAPGNTZiKihfyYURfbp8BzitZhqL3zlup6Y5ON8rYnVtH4NJypHx&google_hm=HmbFrGZHoNwYQcmcQmCmknph

Requested by

Host: ad75d8a6f6312b049d5445096012f93d.safeframe.googlesyndication.com
URL: https://ad75d8a6f6312b049d5445096012f93d.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=2

Protocol

Server

216.58.212.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s21-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 04 Nov 2023 14:29:52 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date: Sat, 04 Nov 2023 14:29:52 GMT
Access-Control-Allow-Methods: GET, POST, DELETE, PUT
Location: https://cm.g.doubleclick.net/pixel?google_nid=sovrn&google_push=AXcoOmSRENYMWEqmD1J2iouIsqN4AtfQJ7j-nYRLGz8aRTYXsAPGNTZiKihfyYURfbp8BzitZhqL3zlup6Y5ON8rYnVtH4NJypHx&google_hm=HmbFrGZHoNwYQcmcQmCmknph
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
X-Sovrn-Pod: ad_ap3ams1
Access-Control-Allow-Headers: X-Requested-With, Content-Type
Content-Length: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 41FB
Redirect Chain

https://eb2.3lift.com/ebda?sync=1&google_gid=CAESEHHmNoBZoPe_ninCxHgjrrY&google_cver=1&google_push=AXcoOmTIQucnxlNj9KiL4CNZlqA0e-6XsxbwbGdi_jgJf8qWvZwBJmu5imvTSkneDhHhB76ZA-qaAhY9xvooTkUuo-yUlM7dCOzg
https://eb2.3lift.com/sync/google/supply?ld=1&gdpr=1&gdpr_consent=&us_privacy=&sync=1&google_push=AXcoOmTIQucnxlNj9KiL4CNZlqA0e-6XsxbwbGdi_jgJf8qWvZwBJmu5imvTSkneDhHhB76ZA-qaAhY9xvooTkUuo-yUlM7dCOz...
https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_hm=MzI4MjM0MzcyMDI1NzY4NzE3ODc2OQ%3D%3D&google_push=AXcoOmTIQucnxlNj9KiL4CNZlqA0e-6XsxbwbGdi_jgJf8qWvZwBJmu5...

170 B
188 B

50ms
50ms

Image
image/png

216.58.212.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_hm=MzI4MjM0MzcyMDI1NzY4NzE3ODc2OQ%3D%3D&google_push=AXcoOmTIQucnxlNj9KiL4CNZlqA0e-6XsxbwbGdi_jgJf8qWvZwBJmu5imvTSkneDhHhB76ZA-qaAhY9xvooTkUuo-yUlM7dCOzg

Requested by

Host: ad75d8a6f6312b049d5445096012f93d.safeframe.googlesyndication.com
URL: https://ad75d8a6f6312b049d5445096012f93d.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=2

Protocol

Server

216.58.212.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s21-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 04 Nov 2023 14:29:52 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_hm=MzI4MjM0MzcyMDI1NzY4NzE3ODc2OQ%3D%3D&google_push=AXcoOmTIQucnxlNj9KiL4CNZlqA0e-6XsxbwbGdi_jgJf8qWvZwBJmu5imvTSkneDhHhB76ZA-qaAhY9xvooTkUuo-yUlM7dCOzg
date: Sat, 04 Nov 2023 14:29:52 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 0
p3p: policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

GET
H/1.1 200
OK sync
ssbsync.smartadserver.com/api/ Frame 41FB 0
75 B 334ms
52ms Image
text/plain 185.86.138.151
SMARTADSERVER

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ssbsync.smartadserver.com/api/sync?callerId=3&google_gid=CAESEPGOfo_i5Xygdq_XSGuooTg&google_cver=1&google_push=AXcoOmQoQ962F-d2ma9I9SQzuc2heD_SYrZ2lKALl_8UJ6oC8o-i4PTq2K_XBNqpIQeLo9qPVmnqBRp4Bkg9cBr3RzJb8KZCmiH3
Requested by: Host: ad75d8a6f6312b049d5445096012f93d.safeframe.googlesyndication.com
URL: https://ad75d8a6f6312b049d5445096012f93d.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=2
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 185.86.138.151 , France, ASN201081 (SMARTADSERVER, FR),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Sat, 04 Nov 2023 14:29:51 GMT
content-length: 0

GET
H2

200

/
onetag-sys.com/match/ Frame 41FB
Redirect Chain

https://onetag-sys.com/match/?int_id=106&redir=1&google_gid=CAESEF4qSAbBOF5r6W5QV7sFGSo&google_cver=1&google_push=AXcoOmQPyi0DNuxqk5_v9QjtvHFVc0_hGE8up2FCn8Dv7dCYrPaDs25f6tm4638srt9EyB8O71toOQHwjwV...
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=AXcoOmQPyi0DNuxqk5_v9QjtvHFVc0_hGE8up2FCn8Dv7dCYrPaDs25f6tm4638srt9EyB8O71toOQHwjwVylvTB7c5_pDd6g_FRzw
https://onetag-sys.com/match/?int_id=19&google_error=5

0
200 B

40ms
40ms

Image
text/plain

51.89.9.252
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://onetag-sys.com/match/?int_id=19&google_error=5

Requested by

Host: ad75d8a6f6312b049d5445096012f93d.safeframe.googlesyndication.com
URL: https://ad75d8a6f6312b049d5445096012f93d.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=2

Protocol

Server

51.89.9.252 London, United Kingdom, ASN16276 (OVH, FR),

Reverse DNS

ip252.ip-51-89-9.eu

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

strict-transport-security: max-age=15552000
cache-control: no-transform, no-cache
alt-svc: h3=":443"; ma=900, h3-29=":443"; ma=900
content-length: 0
p3p: CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'

Redirect headers

pragma: no-cache
date: Sat, 04 Nov 2023 14:29:51 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://onetag-sys.com/match/?int_id=19&google_error=5
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 255
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame 41FB 0
12 B 52ms
52ms Image
text/html 216.58.212.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13JKE6yZX8c8aCz8P_kO2_BWQzZCwd7H_-C6b28Zw2xlcrWzHoFaNSzqVtW2P65FW2Yy_GtD2A

Requested by

Host: ad75d8a6f6312b049d5445096012f93d.safeframe.googlesyndication.com
URL: https://ad75d8a6f6312b049d5445096012f93d.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=2

Protocol

Security

QUIC, , AES_128_GCM

Server

216.58.212.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s21-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Sat, 04 Nov 2023 14:29:51 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame EE7D 0
25 B 78ms
77ms Image
image/gif 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=44&t=2&bgai=BD4b6X1VGZZrEEoStrATcuLW4BwAAAAA4AeAEAg&bg=!3d6l3pHNAAb4oU7C2KE7ADQBe5WfOPxfr2GsFAtOkg4ALzgnxNoyeon2dhzi6rgyy3olUGyPXzzrNU13kbmllQpt0BSyAgAAAJ1SAAAAB2gBB5kD2eWW2y1_b2eP_I6LqIc4EgX4pCliCK1aNLHJeuoIm8XdqcuWZtyzKJq9N4Te33zSrwQCgG2PsoGgPucktg-9qX6tJ1pujKXf9b7pdQBAj-4bb60bIMMGHk8FlcFDCy6QDGJmGn0MKy38zJFyRJSxUtuIHlH5quio3kMg7KC0hOnALSU36_uzOh-feYOA66CgK99W1ZDoLkGYwliodv49xEUVBp_xxFgnqIjMEBX1zRz49LmX97j0wLyEvnFLc_nkLX8YegspWLXrI5xgqwtiUcg6J6lW0ErzT4DJQo9cjYtu4GIyaFRySbq6OVLvtxBxqO4zsPZdUYBYMeBeRLFYdlopye1klIseXSQ0B0aEcAADB8iOSmoEIEcZV1dh9J2FAZPbeO2coHDrTOpeY6j5hWwj9q6lWwEDvSzuqn2nrtTbDgx7c_n8NoXPLHe6IJ5pupYjrmsC4KqmR5RkREc-dV9fLhqYd8tPjg3F-w0NBpAh6UOrwFDYgkarVJpwgHyJanOJgPoE0Mz0Na7lgDKqOrxLILAePNFupoVZ8sYpFMYsm__-2wS9Wz0CV3X5h4ZPSfEdkW8tjDaD6lEqgw7CkYIRQcDduSShVKttTt8BkZTLWvbvXA2JiwcgiinkR8ozMTEvr6dApynu5inFEmGOypd5VQZtsJPFGu8kfqvjCBd-RdDG5eAkKuqPfqn_OElYIADupcyVc3cbTVuKmmtIyzchziWXJpen26hwnYLt47ah3CWKYsXyQj3fnPcoS_R3uEfOyonUkbvuVK5Og1B2tvb-oJN0E3cQNtvezJLX-tbceKQ2cyByCFJr_tMNmLo2NRSvs-bix0_FHYgnPw8R_Z4eRQaMa-49Y4RzAeW1uxlmDdqIQSWZIGzXsHIDQCMbG2VgUkMfztnGLWU4HBWGUrBFdQzqUxmY93prLy5yUyORy2whH4a_AG8gZNkJYoqkq7OqSFG-Q9qMrSX4AsC-XgBBihcjmMhGaqgyQYpxaWWrHjaBV0VAe6M4a4J3d_I2XbigLhs78LQ5CAQ0_u2vvKuybH6FMXUch1ZpHVWy7tEJTj0cuDlYQ66ewITSBZFEi-9TM4Z-g_OJY0bgzviVnkzz-7VDdHULQ4Tjcfc84NuXidsPfsszDrf1Ne0zNigrcmXgyenlTB8Bg8zAoveJSPzgwkBi8qxr9YEyIP2MuuxUnW56LZJ50qaTe3HT6ZROaGKS3ZaHK4sFQQnO8ulL1JWN7bP8yQA4uWS8zQHKtM3gbqRKSlG4-Jca9QoSyVAjVFY3aCrO146w0l0JyLfn6eDawgSRqEca1X4

Requested by

Host: www.bestone-work.com
URL: https://www.bestone-work.com/doc_WFBmaC9HUTJhOThXemNIMkhHMlhRUT09?fbclid=IwAR2toTevgLsppj6JOZjrSHBFdjHyazS0QA9jX7BxsXQ8IfaeNDAa-hnA6Bs

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 04 Nov 2023 14:29:52 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 createjs.min.js Show response
code.createjs.com/1.0.0/ Frame C69B 236 KB
63 KB 176ms
58ms Script
text/javascript 2a02:26f0:3500:11::215:14dc

General

Check archive.org

Show headers Download Go to

Full URL: https://code.createjs.com/1.0.0/createjs.min.js
Requested by: Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/4486057005446783324/index.html?ev=01_250
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 2a02:26f0:3500:11::215:14dc -, , ASN (),
Reverse DNS
Software: Apache /
Resource Hash: e439bebf8de2df0582273906d2c1dceff2387c661efb2152ef1c28420ce4e7e5

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Sat, 04 Nov 2023 14:29:52 GMT
content-encoding: gzip
server: Apache
vary: Accept-Encoding
content-type: text/javascript
cache-control: max-age=900
x-n: S
accept-ranges: bytes
expires: Sat, 04 Nov 2023 14:44:52 GMT

GET
H3 200 300x250_kia-flex_picanto.js Show response
s0.2mdn.net/sadbundle/4486057005446783324/ Frame C69B 41 KB
6 KB 42ms
40ms Script
application/x-javascript 2a00:1450:4001:808::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/4486057005446783324/300x250_kia-flex_picanto.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/4486057005446783324/index.html?ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5ca59b988cbfb75b3cb18696cc421b25e2b2ccb0741f4c994a6bafc091076de5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/4486057005446783324/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Sun, 29 Oct 2023 20:10:00 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 497992
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6132
x-xss-protection: 0
last-modified: Tue, 18 Apr 2023 13:53:17 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Mon, 28 Oct 2024 20:10:00 GMT

GET
H3 200 4WwaGfWzeDAeGvs0ZrtmWMJUG7fu6zGPBJzQt4duOkA.js Show response
pagead2.googlesyndication.com/bg/ Frame ADFF 38 KB
15 KB 40ms
39ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/4WwaGfWzeDAeGvs0ZrtmWMJUG7fu6zGPBJzQt4duOkA.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/62bHydCX.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e16c1a19f5b378301e1afb3466bb6658c2541bb7eeeb318f049cd0b7876e3a40

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Fri, 03 Nov 2023 19:04:57 GMT
content-encoding: br
x-content-type-options: nosniff
age: 69895
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15096
x-xss-protection: 0
last-modified: Tue, 31 Oct 2023 13:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sat, 02 Nov 2024 19:04:57 GMT

GET
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame 5761 0
0 80ms
80ms Fetch
image/gif 142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjssyNpWjz2nfe6qqQ-YgXm3fcT6fNhpBypgMKKMeWkDG8hnfeyJvY5W_UlIXmmPRIdJZ0OUNmsQpOWhtunwXurfF_9nFV0R8ch5INdr5I-9nJebfCf29FPeQWuhl-6CILCng6KZPbHoIBZEbw4V1gNP-IDMWtfkHaadyI1zlI24NRcsb_ib7y3m_sqsb42wZnqWa61GyODkzl0sZM0kzG7t2Q_LZAw8qH3kIP86r9eLGO9fTB8KfbQFXgdytaoJCASc1nxkfIDRo0TfVT875ytbcnWlZZu7xFs_q3maGPj4clOkO8Z6N0aEFh2hKNPYkzKyZEDcjLuBOoYfOWX5ctMhkxWfpSW7ZFWVot3BnM_4ylzPsh1JGEkTOl_9yuuYYlwqHMd-cCc8S_vTQ7dcO4syDtWMcRasPqXnKVssr9JVlSobiPZsuuYOE3c2vQtXfGl6a4FBJ9Y7WQxmyhNbbmvDi5ecJXWsrD4sgOxfCBgHRCufCDarfPeLgrW8I7OoLSRug6wd-11BoOsI94CJAavC8k0laJC1tn9Am9xeAFzj7NcdSlBE-cYOb3mwqXC0iEdUHAThWCF6VF5pqfA2_J_fuptqDbwU9XExLRmvZmJb84TQWncn8WesrNo9hfZPXZMK4MH7teMgWxLRvnFUfIroixi841B38vDRxo1YkuXD3U1TB1ty0r2GrpcFrRgUyupGJGXo5TlB9d4VDC9pl8Hup_ZzrOTcEXBDElz3ZMSaw-gT6H0OPwpF2m6ynaVCEWChooIwnaoJPqir7PljnQl5K837gP_vZo-Ne4stbeHuKCQ3SZZfCf3oYaMjxrTQPZZSSIoeUyqCILAG1SYqaR010JHHCCUpvwZZ1w5Db17pewhtwcwSKSBMMm1vpq_wGzjjqRAdN1RDeymnIri9WI2AvBPb5rBvcqdORXbj-td6MJllGREuYt4Z6dy9bxmMWbwpdbG4xTrK65-UVDF8vAN2IkONSiN41gcwHsIEPL2xz8RH6H_n7wDG7VwGfKJpIBM5F3OceFPXYMiPSpTf_3NiOSh720OThgyOU5z0adyNhdJ298LNfGmU9LCu6uBG3qpTAqUMb7e5FcAj5JIB3EqzHhibV_gT7q9wRaYYdtyhKO-ntfctvpH49QqqbKsHu1lnQmK3xrhq5cjIlQvJP5Y5VMxCZlAY-VPjcFlU431Ou6z0xOVsJgTWB6QV46QOSQV3T2Ppx-2ENfnoul4GpSYsmcH42xRHt_iKfsB4UqT_rRCWTH6B8qylqHxbF3VRE_BXsnfa1T75E26HQFbbaXiSYr035QC_fX36xjwApZi5gEcWJ3mvR_EwG5VNEEYdu2oFA1XIF0YhkLiz4NPIrqYAIh-gXRux84Mq9S6zk4xzSkh9PviaFu_fejI8M9l0bHDFIJjEW27JF1kGOFSNqOpWI&sai=AMfl-YQMGjFNZDTylAiDx0Sb6d0Zj2fD9XMjbpj8Q59-OyFmTCz23-lV0JNVeB-LYKuEShZo7Vpd9bXhDF2JXYU4OfEXu_BErFK78T3b-pSpPcBUft582v6ZIz2pNQTRDfk6TegQNEujNnrQBoy1LMKuU2Cd4r58Wr5Q1Rij0pghC_IJDAFayN3LIkVNniuCffXvE7m83mq82XrkqOCYTayoNdqNVk772cyh0_sElPzRMEpCxII0q2jfIqQcuhyYqr-TrfyqRQE&sig=Cg0ArKJSzMGPkqchkSE7EAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=559&vt=11&dtpt=416&dett=3&cstd=142&cisv=r20231101.57987&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&arae=0&ftch=1&adurl=

Requested by

Host: www.bestone-work.com
URL: https://www.bestone-work.com/doc_WFBmaC9HUTJhOThXemNIMkhHMlhRUT09?fbclid=IwAR2toTevgLsppj6JOZjrSHBFdjHyazS0QA9jX7BxsXQ8IfaeNDAa-hnA6Bs

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://29878dff826212eb6f9b86cfaeef62e8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Sat, 04 Nov 2023 14:29:52 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H3 200 4WwaGfWzeDAeGvs0ZrtmWMJUG7fu6zGPBJzQt4duOkA.js Show response
pagead2.googlesyndication.com/bg/ Frame 1A2A 38 KB
15 KB 43ms
42ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/4WwaGfWzeDAeGvs0ZrtmWMJUG7fu6zGPBJzQt4duOkA.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/62bHydCX.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e16c1a19f5b378301e1afb3466bb6658c2541bb7eeeb318f049cd0b7876e3a40

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Fri, 03 Nov 2023 19:04:57 GMT
content-encoding: br
x-content-type-options: nosniff
age: 69895
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15096
x-xss-protection: 0
last-modified: Tue, 31 Oct 2023 13:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sat, 02 Nov 2024 19:04:57 GMT

GET
H3 200 bg_01.jpg
s0.2mdn.net/sadbundle/4486057005446783324/ Frame C69B 21 KB
21 KB 49ms
44ms Image
image/jpeg 2a00:1450:4001:808::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/4486057005446783324/bg_01.jpg

Requested by

Host: ad75d8a6f6312b049d5445096012f93d.safeframe.googlesyndication.com
URL: https://ad75d8a6f6312b049d5445096012f93d.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=2

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0131a7f26b1261d26332b3c3286ec65da3bd8df18182ef95c6fed4cf64ef841c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/4486057005446783324/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Fri, 03 Nov 2023 07:35:27 GMT
x-content-type-options: nosniff
age: 111265
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 21419
x-xss-protection: 0
last-modified: Tue, 18 Apr 2023 13:53:17 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 02 Nov 2024 07:35:27 GMT

GET
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame 51BE 0
0 83ms
77ms Fetch
image/gif 142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsuCasgvE-PCbLfZt3WSjU3Gc6Y-L_roApz7dbwr9KEiWhhdjy1DEpYTpxiRZCGDutSSLuVQTqghmrD7Dqa36AunV1p9xbhtFOkJgCOp3R5TAuD2tr1uM-NWjbnHbZCFb27gj1XhRII7DpFqt-Tr1gl5lWE2QeqfO-Bz7FM9It__kPWoXZ6paNLyQwkMAVgiJ8hlVyZG1s2Hip5x3aw6j-WgR4yc7T6x5tcvoY987Xb-y8DDJogBfEvSlwrCbfC1LwG5lyX6Hq9rqTMN_KadWOEDiglon1ayS2Cu9VSWrA9GKUcQXEFTGyifEdIk97rcwUF_zv6D50GvZ6PX-gFX3iLNOmYEEN3R9ZxaxgBsxX_9KclOCGOd8gKJqScfescHRwRz1iauuQJD-SKOhEVYkcPMGAJonkd79s4vLMHXhYc_0tu4WCfsJpJo0izdpkqZhxuPKIQ9qUTMlgV8em5bCwShCsJako1gvnb35oB_Ib6dR282t5y9wB09K4AqXksXtFtv_lCXWtVvZUJCPwDQ2lMtjGXnFb9MERuHk9ZDs1V1NNTyS17uBAn8WWN1SRMR1pkqA1wfNWCfT7eQQR9LtGOKlkK8KtHRQkNC9LZ5p_lpPMqmLRkYB19Y8WOtlKadNwkQM-rEDQZlM7CpBYKwH6Rhg6Re6ncY8BoAhMJ9Z4Clw68yAuDv0Hjr3Msdzw0Jy0MyiknjkGV7w-DBkTpwTfO78SWhhwJ0AwziXhsTkzaPr7gDXH6FmFuZpXNiGHBWaMqup2yhle6wIvNkkR3v5x4WMl0LFhRahsKacBppzPA7rUuahzPhyi4QNRDFkwsfSVvij5h_70Y8XfjhmFtphpC1A5CH5MYa-755QKVrAZHmloyd6JDAHZsS0xPvX08w81dGq7PuXbrSDPMIyTKLAtZ9XW_j9hO8YWqvdAZvzoIo0w4qjNm7ZAIszrIcbt2NVRD1YRgosaU9sknqRDAWLYfQ_UGuFB24m4b16lhXFXoSdUdifSdV7jkXHCbXBK8_ewfZLZS1loPMLcbp2DKSyT29ufteyIn4pQS2vLoBEtsCWBdbNfPL02sKiSA6tvEyDkoUmdK2fKZuQoEg7wQM3yIKZIOw3gj1ZMdVRgwym_SBqSqrsfFONPb_xyeQMYoSf1ktS6n2rySXQRJ4mk12PkH0dbZV8b1v7snv2vAPveg-aRKTyMrNrGJ4g8JmsUGRzXr49T_CLSA2Yc73B7kV4UNcFRgB-hUy6d-EOcMgF1RbPNoyjXyd3y7BgzGNhZFerrLUuzRtsdXg4YzjGEHIQE4LFYsKalXAV3YwzvbX1hQRrYPMxgXQQMz9uX7b5kz5OzqPA_OugwEwORzOOX7clXfwBi3NwVo-xKoCA6_DRvroPxzY0pUOVAngDF-NKR6tRvhSMUBSR-hS81AeiCrw1WM2tdUnbsYFgX5Hq8MGXS8&sai=AMfl-YSov4F4ArQkOsw4epLeZ48l7s68jt1Cn7MLCoq2nIJpKlYm09j-5qmiJ-J89Sasz0U6Fefck3NMkau7m9n9kw3kV_Si0GLudlUzOW1lamej6hCkA3FohgkM5cWbVXEgd0nvWjOyp3TtGSHjTDGCz-eWrhfbaXfg6moOj4kNRmZd4p9_dkGUsqYEuLLOht2CU8FaWbSnkxxewl2YSP0NBGSD3x_dELWJV-RGxIev4dRK6R5je-n0tF14qk0gZQuGtoFNaH_6KVq8C6ekZXQZHFolI-UlUaodMZv4dDFIxq4H4iUqrjt2qwQSoj0HRaW-060dhx4LxpkN_pRcgGpLiaLIF5acQOKBHtIocIBj3ef6bQDY2Ohr0sbYiztAU_DlAupEwk9icixcccSyBN2cRUAMhFym&sig=Cg0ArKJSzGpHcHFh1XPEEAE&uach_m=[UACH]&pr=missingexchangepricemacro&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=730&vt=11&dtpt=608&dett=3&cstd=120&cisv=r20231101.82804&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&arae=0&ftch=1&adurl=

Requested by

Host: www.bestone-work.com
URL: https://www.bestone-work.com/doc_WFBmaC9HUTJhOThXemNIMkhHMlhRUT09?fbclid=IwAR2toTevgLsppj6JOZjrSHBFdjHyazS0QA9jX7BxsXQ8IfaeNDAa-hnA6Bs

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ad75d8a6f6312b049d5445096012f93d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Sat, 04 Nov 2023 14:29:52 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H3 200 bg_02.jpg
s0.2mdn.net/sadbundle/4486057005446783324/ Frame C69B 28 KB
28 KB 58ms
57ms Image
image/jpeg 2a00:1450:4001:808::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/4486057005446783324/bg_02.jpg

Requested by

Host: www.bestone-work.com
URL: https://www.bestone-work.com/doc_WFBmaC9HUTJhOThXemNIMkhHMlhRUT09?fbclid=IwAR2toTevgLsppj6JOZjrSHBFdjHyazS0QA9jX7BxsXQ8IfaeNDAa-hnA6Bs

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2fa09d352afd9ec9576a670bd2056d564f2b7e3a34ee10cc1eb0cb3924be814d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/4486057005446783324/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Thu, 02 Nov 2023 16:23:46 GMT
x-content-type-options: nosniff
age: 165966
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 28425
x-xss-protection: 0
last-modified: Tue, 18 Apr 2023 13:53:17 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 01 Nov 2024 16:23:46 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame ADFF 0
25 B 78ms
77ms Image
image/gif 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=44&t=2&bgai=BEcJ4X1VGZdSeHdqK1PIPh-SukAcAAAAAOAHgBAI&bg=!urmlufbNAAb4oU7C2KE7ADQBe5WfOF3udryY5pEq3DJQsc_VhjE0wc_CBixKQ8D23wke0R_42WKR1tn9V-KYAG0QQytjAgAAAN5SAAAAF2gBB5kDxQLwoOxa8Dfo5dH3dxNlwdX_YhuzGOj6dTGZx1OSXeRjobx0sbCbdGDLnIha_9p-z3PXJA7V8JMUhxcYQHdQb4icysses3oRUGGZ9iAx3XJPBMVTA0K_odKbWMdR_A92G2adWry1MTDBJf7AvA4DU1vonxbmof4t7YDxP7BvT74-d9PtbPlv4QbeTJ1q0HCbNuTGGT49I3WWcAVc2DDjmMiZzSTFoShMF1XQSdjclLxAMpus-gSkL13AlsIHt_7UZGiHPvd5xOG1X8xM0RvHENHUpnPkkdpcwq14jheaWEffsABUcjuzQC_jnUAmMDhnLssnyLty4FDR2OucXyWR8UiT98R1fwW0na0v1MlWbaqXxt5xtDWAuhSZd8crYCk2MAw1AnTh6QpOVcEfDjCtesLRTSMaNSzSVyDjifDLpl6T0DrSc6k_tjkXYcf-cIb4VeIWd0xz4cPNhLsrEjXe6MD-aKuy-kEP2T8JX95a_TQAL93vkIos1xQHaCM6hUQ2NbKMToMcqU1tXtBpTlmyf0R-QHb1MZ62AYQq9jl4xkd65-SS1Yi1-KCfKd5qzr8JWUdIn07FP39_U54kbFXWwWT2r3sAi1OXhMHU-n-ZB55uD4uv1oAS6Q-RbkH1CszRfaWH2gJJ4IK3C65jgm9vOf33cHqHXf3DfNUvy1oZHulOCtocT9obw2mQMknJTJWlUtu2B5jeSmYq0Z5uZH6t_cAqXMJdG38vlWWOt0jwafybGysBEZyNLyPoqlnjY_ulwURe7GL8PY6HzF94KjWhkosZRnWC5RgIeqXnsd8dvoCF4WDI0Q2Y1r-Iz9cmqRzyoRvaGKlYXE-OFhyalhiQgyQbDAxVjwouIUu0Lb41Pd_JZAE-f6IB7tskZpAV2jXLDKaSGIN7GtSS9-SgCv8yEYp0AGd8muDlkGJ5QiQfR0DDhngglkPnLThk4n0RYxVKwunkzIWStAWYGt-9tF1ujxN_SjrhXXX3h5pUWmkEMQfq7AHeijX3DEERTIE6AcfbPYAdE7racQdu0KgHEQkvo5VpHdm7lfW3UMe1vCUaTumdJJOpFWHYw7vLYeTI8ckThbs1fHOaUeaH6SWh5BNr9XBLMY1P86UPuBkG8IU8saGKRei8DAgFS9UrzSPkKSxsMZa8aPj3Ttk5Lx3MmyFVgaqVxdWQ4jZgRxM_0cOfg06J23Ere4tzQil6XDUoGYPW3A_HyVxaQsKR7Hg1q5PYcc5se9aJnU46g3Ev_zDBdq4Fy499Yfvm5WMGyoLGBLgh_OZJGfYS

Requested by

Host: www.bestone-work.com
URL: https://www.bestone-work.com/doc_WFBmaC9HUTJhOThXemNIMkhHMlhRUT09?fbclid=IwAR2toTevgLsppj6JOZjrSHBFdjHyazS0QA9jX7BxsXQ8IfaeNDAa-hnA6Bs

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 04 Nov 2023 14:29:52 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 1A2A 0
25 B 89ms
77ms Image
image/gif 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=44&t=2&bgai=BXKIjXlVGZdePGrnd7_UP8JGEgA0AAAAAOAHgBAI&bg=!KSqlKmXNAAb4oU7C2KE7ADQBe5WfOGoWzFTKFsoytRwcFuYMOWfLCra-QzV2Pey-MWYd3PYaBwFmbkT54Oz77Ct7X7swAgAAAOJSAAAAImgBB5kDwMVZntbnRFmROKDKhe6oxE9PVosPrRk1TxaqiDJfh4TNbuNzw4BBbDDLhF2QrVVJtC1X9U0LPRW4CkCqAX0dYu-VtRat9wakaPAJwIfgAKpW9FYq4Ukii6AsTaOO7dHrL5qIZ7arjSK-0jkzbX2DlhCKWgNNzwRtvkY7bF_t0x0WNdnqXPi1sd0DwPvOSkU9F-IldT4wwqPdeZKQuyFczEqDwDTjcce2qaoQcmELzSSan7ucU8nREG_80mTYR0jfnVvaxKI4V6c_u8Iq5fpG3_zdRwqMUh24ttl3MTEIFDnCXiVQR8ojTfT_hlK3cZ4buxuiHpfeCIJOTaDiub5bWJV6ImH_pF1mzFBqA093U4IyeKIrPIsrX8xBxcdapuZMpnD_RsV1FAHVVJpIhSsAHnOKMkuJtahZSI-Yef3HtdFTXi2ujBExWCoepchkKnJwxCkLiQV7QYQILb0rFtDTWHAfrB7tsKCJ_v9bPv9qMyFPLCjBcQu_GUGwfrWw9wOXRIcxjaKdbUA0D_nbm35P5WFdmRxcwd5VZh7NPsh2ejrFdb5p-8_PEyleakjS7dsmJ6emGIbP6WbyBngov8oYUE0Mv8VQBQke5EFuVwE3D-uny13d0VBDzHW_ZdZhuWEg1XMH9T6SgZPkbgF8bnqJIU8WRO8bKqx3PGbhGYicx2amJgLZlu6ARyZ6y3aZZf1ieSQif7ONu8k23Fz-PA_mEZBy0dov3p9IXakZbzVFlcprtAxzg26EKc4ro2DojPcfKEKt8CRZpEvXiYYh0bp77-GJFGvnrs-obAHK0jCdADrn9yBYZH7wWi3rj2KdLFF2HKmn-rNH1KJp4qSPV-lsTlbu7X9AkvTUZ37zEmZ6jQpjb0mrwWVx3ue3M66FWEUMxh-QNmV5zTPbQ7JaqTsTzPm1OGtw6BMAppT9FEwPO8CeToU_Q-Y0dwRCOqp1Urlrr3yWZUhIic53Qt0luilx_-sqjag4CUhG3WElF6IRdvW5Tdl1A_PtxDfnFTiVYoPJvldCO00h3OIpNLAzyMkUoCUvkuStT37pO2rz9nwhLeowcD4W6wB7jNCX-7EtMry535vd5ZQCAyPW2lS3REAYrBkDGU39GZyG5VNgYWidMVsyuLSWMxUg0IktdxmCtrGiwKIT8FK3AFmjS3ABdd6LjLiU6xJuIFBjhnrZsox2f-xfhMEogCwUJamni7ndXnaEEwDIlsufTCjdYUvlovAJcmwhUhZwrYXnu-ldwS2-30ZEw83yi9qbF6fHpp4bDsl9iQ

Requested by

Host: www.bestone-work.com
URL: https://www.bestone-work.com/doc_WFBmaC9HUTJhOThXemNIMkhHMlhRUT09?fbclid=IwAR2toTevgLsppj6JOZjrSHBFdjHyazS0QA9jX7BxsXQ8IfaeNDAa-hnA6Bs

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 04 Nov 2023 14:29:52 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 btn_cta.png
s0.2mdn.net/sadbundle/4486057005446783324/ Frame C69B 761 B
795 B 41ms
40ms Image
image/png 2a00:1450:4001:808::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/4486057005446783324/btn_cta.png

Requested by

Host: www.bestone-work.com
URL: https://www.bestone-work.com/doc_WFBmaC9HUTJhOThXemNIMkhHMlhRUT09?fbclid=IwAR2toTevgLsppj6JOZjrSHBFdjHyazS0QA9jX7BxsXQ8IfaeNDAa-hnA6Bs

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

68552cca682bb0b73fe0c5bccadba8c66051f3bb0f87e49aafabd3915249eee8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/4486057005446783324/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Sat, 28 Oct 2023 21:47:01 GMT
x-content-type-options: nosniff
age: 578571
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 761
x-xss-protection: 0
last-modified: Tue, 18 Apr 2023 13:53:17 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 27 Oct 2024 21:47:01 GMT

GET
H3 200 headline_01.png
s0.2mdn.net/sadbundle/4486057005446783324/ Frame C69B 3 KB
3 KB 40ms
39ms Image
image/png 2a00:1450:4001:808::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/4486057005446783324/headline_01.png

Requested by

Host: www.bestone-work.com
URL: https://www.bestone-work.com/doc_WFBmaC9HUTJhOThXemNIMkhHMlhRUT09?fbclid=IwAR2toTevgLsppj6JOZjrSHBFdjHyazS0QA9jX7BxsXQ8IfaeNDAa-hnA6Bs

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0c80c5883759feba7ae4e6d3a6cb4c4f5a625b1fbfca4d3af95c1ba8c2712721

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/4486057005446783324/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Tue, 31 Oct 2023 17:38:08 GMT
x-content-type-options: nosniff
age: 334304
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2610
x-xss-protection: 0
last-modified: Tue, 18 Apr 2023 13:53:17 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 30 Oct 2024 17:38:08 GMT

GET
H3 200 headline_02.png
s0.2mdn.net/sadbundle/4486057005446783324/ Frame C69B 2 KB
2 KB 40ms
40ms Image
image/png 2a00:1450:4001:808::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/4486057005446783324/headline_02.png

Requested by

Host: www.bestone-work.com
URL: https://www.bestone-work.com/doc_WFBmaC9HUTJhOThXemNIMkhHMlhRUT09?fbclid=IwAR2toTevgLsppj6JOZjrSHBFdjHyazS0QA9jX7BxsXQ8IfaeNDAa-hnA6Bs

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2562707fbb527236c793e1bb96b0a09b2251184a45b12b905c53c5aa0160bb4b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/4486057005446783324/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Fri, 03 Nov 2023 07:15:31 GMT
x-content-type-options: nosniff
age: 112461
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1748
x-xss-protection: 0
last-modified: Tue, 18 Apr 2023 13:53:17 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 02 Nov 2024 07:15:31 GMT

GET
H3 200 icon_check.png
s0.2mdn.net/sadbundle/4486057005446783324/ Frame C69B 656 B
690 B 40ms
40ms Image
image/png 2a00:1450:4001:808::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/4486057005446783324/icon_check.png

Requested by

Host: www.bestone-work.com
URL: https://www.bestone-work.com/doc_WFBmaC9HUTJhOThXemNIMkhHMlhRUT09?fbclid=IwAR2toTevgLsppj6JOZjrSHBFdjHyazS0QA9jX7BxsXQ8IfaeNDAa-hnA6Bs

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ce0334984e5f44af91c12d8ed33b76b040558ef5100a1985cb5bc0354ebcab64

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/4486057005446783324/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Mon, 30 Oct 2023 16:37:57 GMT
x-content-type-options: nosniff
age: 424315
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 656
x-xss-protection: 0
last-modified: Tue, 18 Apr 2023 13:53:17 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 29 Oct 2024 16:37:57 GMT

GET
H3 200 kia_flex_white.png
s0.2mdn.net/sadbundle/4486057005446783324/ Frame C69B 1 KB
2 KB 40ms
40ms Image
image/png 2a00:1450:4001:808::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/4486057005446783324/kia_flex_white.png

Requested by

Host: www.bestone-work.com
URL: https://www.bestone-work.com/doc_WFBmaC9HUTJhOThXemNIMkhHMlhRUT09?fbclid=IwAR2toTevgLsppj6JOZjrSHBFdjHyazS0QA9jX7BxsXQ8IfaeNDAa-hnA6Bs

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

fb158ee3a60ca46559d0535a2101a6569c76957c58c4da910744adc525d77949

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/4486057005446783324/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Fri, 03 Nov 2023 07:28:09 GMT
x-content-type-options: nosniff
age: 111703
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1515
x-xss-protection: 0
last-modified: Tue, 18 Apr 2023 13:53:17 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 02 Nov 2024 07:28:09 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame E1E4 0
25 B 74ms
73ms Ping
image/gif 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tler&ord=7907925375904&version=m202309260101&ct=119&x=1&cor=10958962371668474000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://0ac3468258a2676e4f5363caa7d6254b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 04 Nov 2023 14:29:52 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 liste_01.png
s0.2mdn.net/sadbundle/4486057005446783324/ Frame C69B 1 KB
1 KB 40ms
39ms Image
image/png 2a00:1450:4001:808::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/4486057005446783324/liste_01.png

Requested by

Host: www.bestone-work.com
URL: https://www.bestone-work.com/doc_WFBmaC9HUTJhOThXemNIMkhHMlhRUT09?fbclid=IwAR2toTevgLsppj6JOZjrSHBFdjHyazS0QA9jX7BxsXQ8IfaeNDAa-hnA6Bs

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1bb6bb2316416b6f3440548ea3ee0ff5472d742c8477b7a3b12234e8703256c4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/4486057005446783324/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Fri, 03 Nov 2023 19:16:06 GMT
x-content-type-options: nosniff
age: 69226
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1085
x-xss-protection: 0
last-modified: Tue, 18 Apr 2023 13:53:17 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 02 Nov 2024 19:16:06 GMT

GET
H3 200 liste_02.png
s0.2mdn.net/sadbundle/4486057005446783324/ Frame C69B 1 KB
1 KB 40ms
40ms Image
image/png 2a00:1450:4001:808::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/4486057005446783324/liste_02.png

Requested by

Host: www.bestone-work.com
URL: https://www.bestone-work.com/doc_WFBmaC9HUTJhOThXemNIMkhHMlhRUT09?fbclid=IwAR2toTevgLsppj6JOZjrSHBFdjHyazS0QA9jX7BxsXQ8IfaeNDAa-hnA6Bs

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

85764e3d281c3748129051ff30544d7705cd95ac363e17d599cf0358ed7c0584

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/4486057005446783324/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Sat, 04 Nov 2023 05:58:17 GMT
x-content-type-options: nosniff
age: 30695
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1404
x-xss-protection: 0
last-modified: Tue, 18 Apr 2023 13:53:17 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 03 Nov 2024 05:58:17 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 51BE 42 B
64 B 81ms
81ms Fetch
image/gif 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjstatL5HgV1kDecd73Xy7a6MYHyy0rJ7xbHWA0Z4loQNHl-Sed8TVhHGVTfsfk92wCWufc0d-Ic8roG5YdQGrETM0cdP3ndHgPOffVbUzG9w40z4VJXAXG4hU-052smPBkeweVc9Kb5n7TqH&sai=AMfl-YSI59Lo-d8lyww8MMdIlnj6ukGXXVFcgtLLojdTJsmMUz_XkGvr03bMUJe7bx0PFOi1aOlXOVWbprq84k5zKFQ9y5KOQ6FcqHEpm5iUb-t7tIfKZR8OvR1XSJlN&sig=Cg0ArKJSzPBhp7i6tvFWEAE&cid=CAQSPADICaaNs8tYU3rq_s9xjJZyLUDpNPyJdf2cmMg6ha65KQuRG90Qk9LGoycQxvRr5smLCK1FWCnh0Tew5RgB&id=lidar2&mcvt=1000&p=0,0,250,300&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20231101&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=20&adk=1603015165&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0%3D&vs=4&r=v&rst=1699108191620&rpt=193&met=ie&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0&io2=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ad75d8a6f6312b049d5445096012f93d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 04 Nov 2023 14:29:52 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 liste_03.png
s0.2mdn.net/sadbundle/4486057005446783324/ Frame C69B 1 KB
1 KB 40ms
40ms Image
image/png 2a00:1450:4001:808::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/4486057005446783324/liste_03.png

Requested by

Host: www.bestone-work.com
URL: https://www.bestone-work.com/doc_WFBmaC9HUTJhOThXemNIMkhHMlhRUT09?fbclid=IwAR2toTevgLsppj6JOZjrSHBFdjHyazS0QA9jX7BxsXQ8IfaeNDAa-hnA6Bs

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

fc4fec40905fbd51adf29ef0554369e7e7ead1adfbaa03adfe158faf2ddd5872

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/4486057005446783324/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Thu, 02 Nov 2023 18:56:02 GMT
x-content-type-options: nosniff
age: 156830
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1227
x-xss-protection: 0
last-modified: Tue, 18 Apr 2023 13:53:17 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 01 Nov 2024 18:56:02 GMT

GET
H3 200 liste_04.png
s0.2mdn.net/sadbundle/4486057005446783324/ Frame C69B 1 KB
1 KB 40ms
39ms Image
image/png 2a00:1450:4001:808::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/4486057005446783324/liste_04.png

Requested by

Host: www.bestone-work.com
URL: https://www.bestone-work.com/doc_WFBmaC9HUTJhOThXemNIMkhHMlhRUT09?fbclid=IwAR2toTevgLsppj6JOZjrSHBFdjHyazS0QA9jX7BxsXQ8IfaeNDAa-hnA6Bs

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

bdaa45add05fb6a742549affbe0c6351520d4a2d7e2a8677ae431b88c7d8846d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/4486057005446783324/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Sat, 04 Nov 2023 00:05:42 GMT
x-content-type-options: nosniff
age: 51850
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1187
x-xss-protection: 0
last-modified: Tue, 18 Apr 2023 13:53:17 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 03 Nov 2024 00:05:42 GMT

GET
H3 200 preis.png
s0.2mdn.net/sadbundle/4486057005446783324/ Frame C69B 2 KB
2 KB 40ms
40ms Image
image/png 2a00:1450:4001:808::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/4486057005446783324/preis.png

Requested by

Host: www.bestone-work.com
URL: https://www.bestone-work.com/doc_WFBmaC9HUTJhOThXemNIMkhHMlhRUT09?fbclid=IwAR2toTevgLsppj6JOZjrSHBFdjHyazS0QA9jX7BxsXQ8IfaeNDAa-hnA6Bs

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9a6e5a83211909b83cf5acaed836a5d08663dfa738f205977cbff3e68065b7c5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/4486057005446783324/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Fri, 03 Nov 2023 07:38:58 GMT
x-content-type-options: nosniff
age: 111054
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1664
x-xss-protection: 0
last-modified: Tue, 18 Apr 2023 13:53:17 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 02 Nov 2024 07:38:58 GMT

GET
H3 200 va.png
s0.2mdn.net/sadbundle/4486057005446783324/ Frame C69B 4 KB
4 KB 40ms
39ms Image
image/png 2a00:1450:4001:808::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/4486057005446783324/va.png

Requested by

Host: www.bestone-work.com
URL: https://www.bestone-work.com/doc_WFBmaC9HUTJhOThXemNIMkhHMlhRUT09?fbclid=IwAR2toTevgLsppj6JOZjrSHBFdjHyazS0QA9jX7BxsXQ8IfaeNDAa-hnA6Bs

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f9c1f218151c6df1dab3a5f3da6f5cd1da78f7e9cde44eb2b8e49fbc3a3d79d1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/4486057005446783324/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Mon, 30 Oct 2023 17:55:37 GMT
x-content-type-options: nosniff
age: 419655
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 3914
x-xss-protection: 0
last-modified: Tue, 18 Apr 2023 13:53:17 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 29 Oct 2024 17:55:37 GMT

POST
H2 204 perf Show response
trc-events.taboola.com/palmate-gyyplay/log/3/ 0
250 B 46ms
45ms XHR
text/plain 141.226.228.48
TABOOLA-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://trc-events.taboola.com/palmate-gyyplay/log/3/perf?lti=deflated
Requested by: Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/impl.20231026-7-RELEASE.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 141.226.228.48 , Netherlands, ASN200478 (TABOOLA-AS, IL),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.bestone-work.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

access-control-allow-origin: https://www.bestone-work.com
pragma: no-cache
date: Sat, 04 Nov 2023 14:29:53 GMT
cache-control: no-cache
access-control-allow-credentials: true
server: nginx
p3p: policyref="http://trc.taboola.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 5761 0
25 B 94ms
93ms Ping
image/gif 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tler&ord=5262344719650&version=m202309260101&ct=119&x=1&cor=11504441218517932000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://29878dff826212eb6f9b86cfaeef62e8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 04 Nov 2023 14:29:53 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET in
twstat.bestone-work.com/stat/ 0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: sync.search.spotxchange.com
URL: https://sync.search.spotxchange.com/partner?adv_id=7025&uid=CAESEJ1rq7Vxq8xsnwj0yBiUIk8&google_cver=1

Domain: sync.search.spotxchange.com
URL: https://sync.search.spotxchange.com/partner?adv_id=7025&redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dspotxchange_dbm%26google_hm%3D%24SPOTX_BASE64_USER_ID

Domain: twstat.bestone-work.com
URL: https://twstat.bestone-work.com/stat/in?ds=1600%2C1200&ref=&hash=&arturl=https%3A%2F%2Fwww.bestone-work.com%2Fdoc_WFBmaC9HUTJhOThXemNIMkhHMlhRUT09%3Ffbclid%3DIwAR2toTevgLsppj6JOZjrSHBFdjHyazS0QA9jX7BxsXQ8IfaeNDAa-hnA6Bs&token=41b83caebc532836181a97a740f725ba&isapp1=0&isapp2=0&_=1699108182700

Verdicts & Comments Add Verdict or Comment

135 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

44 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
www.bestone-work.com/	1970-01-20 15:58:49	Name: xxxsskguid2576 Value: 95d2d080-90ae-780b-f450-a01a5c591197
www.bestone-work.com/	1970-01-20 15:58:49	Name: lastlocation2576 Value: https%3A//www.bestone-work.com/doc_WFBmaC9HUTJhOThXemNIMkhHMlhRUT09%3Ffbclid%3DIwAR2toTevgLsppj6JOZjrSHBFdjHyazS0QA9jX7BxsXQ8IfaeNDAa-hnA6Bs
.dable.io/	1970-01-20 16:16:19	Name: _gg_ck_match Value: 1
.dable.io/	1970-01-20 16:16:19	Name: _nas_ck_match Value: 1
.dable.io/	1970-01-20 16:16:19	Name: _nh_ck_match Value: 1
.dable.io/	1970-01-20 16:16:19	Name: _gn_ck_match Value: 1
.dable.io/	1970-01-20 16:16:19	Name: _kko_ck_match Value: 1
.dable.io/	1970-01-20 16:06:14	Name: _bw_ck_match Value: 1
.www.bestone-work.com/	1970-01-21 01:34:28	Name: dable_uid Value: undefined
.bestone-work.com/	1970-01-21 01:34:28	Name: _ga_VCEDQQD6JV Value: GS1.1.1699108184.1.0.1699108184.0.0.0
.bestone-work.com/	1970-01-21 01:34:28	Name: _ga Value: GA1.2.480937667.1699108183
.bestone-work.com/	1970-01-20 15:59:54	Name: _gid Value: GA1.2.633354883.1699108184
.bestone-work.com/	1970-01-20 15:58:28	Name: _gat_gtag_UA_87942765_23 Value: 1
.bestone-work.com/	1970-01-21 01:20:04	Name: __gads Value: ID=837943565148831f:T=1699108183:RT=1699108183:S=ALNI_MZLRfKYJxDdf9Rq740IDnTR-SlHUw
.bestone-work.com/	1970-01-21 01:20:04	Name: __gpi Value: UID=00000cc7858b6b4d:T=1699108183:RT=1699108183:S=ALNI_MYfm_-2kE2HkKonv82SA1qmi1255g
.doubleclick.net/	1970-01-21 01:20:04	Name: IDE Value: AHWqTUkkqAY-vz52OIHPKFtVQGDA4LV5XNvgthSbAx2j1R7NDSXDqf2U5wdM42NbGvc
.www.bestone-work.com/	1970-01-20 16:41:40	Name: _im_vid Value: 01HEDBTRPJR3VRZ8ZX89V5KGEV
.holmesmind.com/	1970-01-20 16:19:35	Name: Vision Value: 20231104-23:59,20231105-01,20231105-01,20231104-23:59
.holmesmind.com/	1970-01-20 16:19:35	Name: C Value: null
.holmesmind.com/	1970-01-20 18:23:25	Name: RK Value: null
.holmesmind.com/	1970-01-21 01:34:28	Name: P Value: 873109-tz1FW0o8Wws9s0NzC7hbR9OjBqwXLrqE
.holmesmind.com/	1970-01-20 15:59:54	Name: fcm Value: 1
.casalemedia.com/	1970-01-21 00:44:04	Name: CMID Value: ZUZVWYXO-kqxdWdC2dXQEAAA
.casalemedia.com/	1970-01-20 18:08:04	Name: CMPS Value: 3356
.casalemedia.com/	1970-01-20 18:08:04	Name: CMPRO Value: 3356
.googleadservices.com/	1970-01-20 18:08:04	Name: ar_debug Value: 1
.adnxs.com/	1970-01-20 18:08:04	Name: uuid2 Value: 5264182232406827934
.bestone-work.com/	1970-01-20 16:41:40	Name: CFFPCKUUID Value: 4771-VLV39Ai6RUoLNdNlIDE6XMVccM4flBU7
.bestone-work.com/	1970-01-20 16:41:40	Name: CFFPCKUUIDMAIN Value: 955-x1nooupvOK0ldZ3HcyYe8O9EASUmBYIb
.bestone-work.com/	1970-01-20 16:41:40	Name: FPUUID Value: 0955-228ed05eed155c3ebfffe38b1136212a27ea5561caf434edf23f2da9a091d681
.doubleclick.net/	1970-01-20 15:58:31	Name: DSID Value: NO_DATA
.bestone-work.com/	1970-01-21 00:44:04	Name: __htid Value: b48f03a6-b6fe-4d71-9574-fe50a5d3aa40
.bestone-work.com/	1970-01-20 15:58:31	Name: _ht_em Value: 1
.bestone-work.com/	1970-01-20 15:59:54	Name: _ht_50ef57 Value: 1
.hinet.net/	1970-01-21 01:34:28	Name: uuid Value: 1ec7d22b-2a91-45b9-8e83-5d594383f546
.doubleclick.net/	1970-01-20 20:17:40	Name: APC Value: AfxxVi5mYWWFDpxcBHakpfUh3e5CuuXeDd6NCMaTX57TUE8k8RCFRA
.c.appier.net/	1970-01-21 00:44:04	Name: _auid Value: jSs24xvuBESBVscnX1VGZQ
.quantserve.com/	1970-01-20 18:08:04	Name: d Value: EB4BCQGsKoEA
.quantserve.com/	1970-01-21 01:28:42	Name: mc Value: 6546555f-9e2ee-40496-c581a
.adfarm1.adition.com/	1970-01-20 18:08:04	Name: UserID1 Value: 7297614112731625623
.blismedia.com/	1970-01-21 00:44:08	Name: b Value: 6546555FF7339F5CCABF547ABLIS
.3lift.com/	1970-01-20 18:08:04	Name: tluid Value: 3282343720257687178769
.lijit.com/	1970-01-21 00:44:04	Name: ljt_reader Value: HmbFrGZHoNwYQcmcQmCmknph
.everesttech.net/	1970-01-21 00:44:04	Name: everest_g_v2 Value: g_surferid~ZUZVYAABRuNCSQAm

15 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
rendering	warning	URL: https://www.bestone-work.com/gmifr_lei.html(Line 10) Message: The key "target-densitydpi" is not supported.
rendering	warning	URL: https://www.bestone-work.com/gmifr_lei.html(Line 10) Message: The key "target-densitydpi" is not supported.
rendering	warning	URL: https://www.bestone-work.com/gmifr_lei.html(Line 10) Message: The key "target-densitydpi" is not supported.
other	error	URL: chrome-error://chromewebdata/ Message: Refused to display 'https://www.facebook.com/' in a frame because it set 'X-Frame-Options' to 'deny'.
other	error	URL: chrome-error://chromewebdata/ Message: Refused to display 'https://www.facebook.com/' in a frame because it set 'X-Frame-Options' to 'deny'.
rendering	warning	URL: https://static.intentarget.com/track/kangleigm/js/trkyjs.js?v=2(Line 149) Message: The key "target-densitydpi" is not supported.
rendering	warning	URL: https://static.intentarget.com/track/kangleigm/js/trkyjs.js?v=2(Line 149) Message: The key "target-densitydpi" is not supported.
rendering	warning	URL: https://static.intentarget.com/track/kangleigm/js/trkyjs.js?v=2(Line 149) Message: The key "target-densitydpi" is not supported.
javascript	warning	URL: https://googleads.g.doubleclick.net/pagead/html/r20231101/r20110914/zrt_lookup.html?fsb=1#RS-3-&adk=1812271801&client=ca-pub-3098793998441432&fa=1&ifi=6&uci=a!6&btvi=3&xpc=9OUZjgD4hS&p=https%3A//www.bestone-work.com Message: The resource https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500 was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.
network	error	URL: https://sync.search.spotxchange.com/partner?adv_id=7025&redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dspotxchange_dbm%26google_hm%3D%24SPOTX_BASE64_USER_ID Message: Failed to load resource: net::ERR_NAME_NOT_RESOLVED
network	error	URL: https://sync.search.spotxchange.com/partner?adv_id=7025&uid=CAESEJ1rq7Vxq8xsnwj0yBiUIk8&google_cver=1 Message: Failed to load resource: net::ERR_NAME_NOT_RESOLVED
javascript	warning	URL: https://googleads.g.doubleclick.net/pagead/html/r20231101/r20110914/zrt_lookup.html?fsb=1#RS-3-&adk=1812271801&client=ca-pub-3098793998441432&fa=1&ifi=6&uci=a!6&btvi=3&xpc=9OUZjgD4hS&p=https%3A//www.bestone-work.com Message: The resource https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500 was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.
network	error	URL: https://fcm.holmesmind.com/cm.php Message: Failed to load resource: the server responded with a status of 502 ()
network	error	URL: https://fcm.holmesmind.com/cm.php Message: Failed to load resource: the server responded with a status of 502 ()
network	error	URL: https://fcm.holmesmind.com/cm.php Message: Failed to load resource: the server responded with a status of 502 ()

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

0ac3468258a2676e4f5363caa7d6254b.safeframe.googlesyndication.com
1ec7d22b-2a91-45b9-8e83-5d594383f546.t.ssp.hinet.net
29878dff826212eb6f9b86cfaeef62e8.safeframe.googlesyndication.com
ad.holmesmind.com
ad.sitemaji.com
ad2.apx.appier.net
ad75d8a6f6312b049d5445096012f93d.safeframe.googlesyndication.com
adcdn.holmesmind.com
ads.yap.yahoo.com
ajax.googleapis.com
ap.lijit.com
api.dable.io
audiencedata.im-apps.net
b48f03a6-b6fe-4d71-9574-fe50a5d3aa40.t.ssp.hinet.net
bidder.criteo.com
c.holmesmind.com
cdn.holmesmind.com
cdn.taboola.com
cdn16.oss-accelerate.aliyuncs.com
cdnjs.cloudflare.com
cm-dev-poc.holmesmind.com
cm.g.doubleclick.net
cm.lndata.com
cms.quantserve.com
code.createjs.com
connect.facebook.net
count.bestone-work.com
count.xxxssk.com
dclk-match.dotomi.com
dis.criteo.com
dmp.im-apps.net
dsp.adfarm1.adition.com
dsum-sec.casalemedia.com
eb2.3lift.com
eus.rubiconproject.com
fcm.holmesmind.com
fcm2.holmesmind.com
fonts.googleapis.com
fonts.gstatic.com
geo.yahoo.com
gocm.c.appier.net
googleads.g.doubleclick.net
googleads4.g.doubleclick.net
gum.criteo.com
ib.adnxs.com
image6.pubmatic.com
l.logly.co.jp
m.holmesmind.com
nt.compass-fit.jp
onetag-sys.com
pagead2.googlesyndication.com
partner.googleadservices.com
pixel.rubiconproject.com
popup.bestone-work.com
prebid-asia.creativecdn.com
prebid.scupio.com
region1.google-analytics.com
rtb-csync.smartadserver.com
s.ad.smaato.net
s.yimg.com
s0.2mdn.net
secure-assets.rubiconproject.com
securepubads.g.doubleclick.net
ssbsync.smartadserver.com
ssum-sec.casalemedia.com
static.criteo.net
static.dable.io
static.intentarget.com
store.bestone-work.com
sync-tm.everesttech.net
sync.logly.co.jp
sync.search.spotxchange.com
sync.teads.tv
t.ssp.hinet.net
token.rubiconproject.com
tpc.googlesyndication.com
tr.blismedia.com
trc-events.taboola.com
trc.taboola.com
twstat.bestone-work.com
ups.analytics.yahoo.com
us-u.openx.net
www.bestone-work.com
www.facebook.com
www.google-analytics.com
www.google.com
www.googleadservices.com
www.googletagmanager.com
www.googletagservices.com
www.gstatic.com
www.scupio.net
sync.search.spotxchange.com
twstat.bestone-work.com
103.132.192.30
116.50.36.71
119.28.16.172
13.113.11.240
13.230.48.250
13.248.245.213
141.226.228.48
142.250.185.194
151.101.194.49
151.101.65.44
172.105.213.147
172.64.151.101
178.250.1.9
18.179.162.182
185.64.190.78
185.86.138.151
185.86.139.103
185.89.211.12
2.16.97.41
2001:4860:4802:34::36
203.75.214.136
210.59.219.34
216.52.2.16
216.58.212.130
23.35.238.55
23.37.42.132
2600:1901:0:e207::
2600:9000:2127:4600:1b:5138:8a40:93a1
2600:9000:2250:cc00:0:e06c:e940:93a1
2606:4700:3030::ac43:da23
2606:4700:3031::ac43:d208
2606:4700:3035::6815:185c
2606:4700::6811:190e
2620:116:800d:21:93ca:31d8:d86e:38f6
2a00:1288:110:c204::b000
2a00:1288:80:807::1
2a00:1450:4001:801::200a
2a00:1450:4001:803::2008
2a00:1450:4001:806::200e
2a00:1450:4001:808::2006
2a00:1450:4001:80e::2002
2a00:1450:4001:80f::2003
2a00:1450:4001:813::2002
2a00:1450:4001:81c::2001
2a00:1450:4001:828::2002
2a00:1450:4001:828::200a
2a00:1450:4001:82a::2002
2a00:1450:4001:82b::2001
2a00:1450:4001:82b::2002
2a00:1450:4001:830::2004
2a00:1450:4001:831::2003
2a02:2638:3::3
2a02:2638:3::7
2a02:2638:3::c
2a02:26f0:2c::213:609a
2a02:26f0:3500:11::215:14dc
2a02:fa8:8806:12::1400
2a03:2880:f084:105:face:b00c:0:3
2a03:2880:f177:83:face:b00c:0:25de
2a06:98c1:3120::3
3.36.201.146
3.75.62.37
34.95.67.231
34.96.105.8
34.98.64.218
35.186.215.140
35.190.36.98
35.201.76.93
35.227.249.156
47.254.187.184
51.89.9.252
52.196.35.8
52.222.149.123
54.250.3.213
69.173.144.138
69.173.144.165
85.114.159.118
87.248.100.136
92.123.150.201
006c6c5f69e7079f466ed83d2c79bba516fad14a9800f6c948b325597f7059f8
0101af1899250179122776a2cf1418db051a0af2d7fd968b825189c2e4abcc7d
0131a7f26b1261d26332b3c3286ec65da3bd8df18182ef95c6fed4cf64ef841c
01be87bdd44ea4a83a27e27b216a98a911ebbe58a05836e91e10f13a54578f09
02e4edbd5e2986110fc70d68e251c2ddeeb6c6b07017f8b2a132d6c702c7695c
0638a3d76046a9dd12b7a4a135f27c633e6f484431a892d3d82e762d9ba80be7
06605ec7ba35ed117fdef019c170683bf260013053db236f81bac821a92fb03b
087192fe5f6f1b398d5ec470ee5637a4a758f35789199e293163d2adaade2f17
08b2bd2b7effe49331291e7f3ec75c72df1d9c224fac7c2159ea14676dcbfcab
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0c80c5883759feba7ae4e6d3a6cb4c4f5a625b1fbfca4d3af95c1ba8c2712721
0de064e0d351d3587d30719c92451e0790ff625eb5b44da19c3b47e122bbe4f7
0def7252823eb7844a7425ebe2eb49a701d998e1ea9d790bde56033fbce7fdb5
0eaed749931e3a7cbfcecd1c0ecfff06e953caebf0d3fb3850cc6b0857308c14
11435640d1ed2fa5f24ccd7f074b66c4d191a97a2931e793be6799d2b6a5e459
13d5c0f2451f0a14104098f72c6f3334114a68927e50beb4779a0bf98966d9f5
1642dd5dc126df4feff2255cba0988528507973d842d0a73331a5873f6b9d4e5
1664a71c358a7b2ce310acb25850e6ff09b9abe9373638614528ac21647958a7
18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421
189b8ed64093b12937354b2ef71ccf1df59690d90432241a10fe1cb25000acba
195e6636d3f6dce1239d1ee3a5b5d3833baa50b3248934f29a60618f5d9fb35a
19b96e87d22b2e7717a263dd5856b1151eb62ec5ad393020fcd8573d6129a4ed
1bb6bb2316416b6f3440548ea3ee0ff5472d742c8477b7a3b12234e8703256c4
211436c6c514192586535b621306528e7f95f85a8cd342682a6eb100a0ea671b
22904ccae7368fa53fd9704bcb6b15b59f2407d11bb5b73c18b471e2344fd6ff
2370824014f588c0a504d6bcca32475f2684a93fa4e54071ac08aea47465433f
2562707fbb527236c793e1bb96b0a09b2251184a45b12b905c53c5aa0160bb4b
2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8
28bedc3842e6f1453823713085663a045e61cf21660c070058440b7ef1e7467b
29260c7172efeca31b5ef3cb9081efd967770aae7c6d29277b3000083f280b19
2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe
2c65630576e69df9935d3fe565dc72e68b6542d3079a143e821a9a39d3081588
2d0922bd18f06df3c7413fcd6a3f1c5ec9545b4b07b131e362f30df7275fc058
2fa09d352afd9ec9576a670bd2056d564f2b7e3a34ee10cc1eb0cb3924be814d
3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5
31b4d2ac4928b0129a5a969594be92783dbbb13112dd350f128de1b8d7215f30
31d02f43dd0c7fc5c0d95db087a23f1c2d729c93f10450884c8da6b415f7839b
3231d3e91326130da7ba4183d0633fdb6b3ac950b9d40228bae0439d3142b397
324fdb4f9a5096e0883662c96976c1b9306fccae51ad3f4f66cc07c979f303df
326cad642e785611064fba0fa319ab72c1b953e2114349527250376960fad2bd
328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7
365fc555dbd2149871a77b9485dbb0cbd487a0553f7a90163444349fee756f60
37ab5c060ae53ccda75b8bd212d874a17650f7954b11c4e31f568990ab40196b
3981f80e725da62b16030df119290d0efd937f1d552a953609b467e12b64f058
3e136e77083bfc6ef14ffc5abd19da89a82bf12fc0cda3c603e01582b93303c8
3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390
40741befbc3c09b5f0fb087cb0183ac25824ca837eab7276267719669461474b
422fae47ff72778a6ba083c215b0b47f84ed30d1dd553f685efc4869188620c8
435db380c9936c0970dcd3d9941eab6aec2fcf2a38c3e2b4e02d957e8e76bd1f
44eefef34507164f4234b958d8f6906488a2521071379498041568bae9499b2e
45bd13f850b3ce3a888b0fffa935658a3f1581b5200bf4d0f337e001aea335ed
465174ff94e0cb2a43c830797d23a0df7be69bfdf6dc8edfc2c68d4c8646974e
468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99
47a0342d90a877ec7125c3a38706b2faefa9b867661ebcef4a98ec6cf3e60b40
484ec1c347c17d7d3b98d5058aa5d90bb5c7315f3a67f44611e902de4be50831
493a339be0cd72f8ab32574b46183a12f91b97829ab1fbe755942814bbe96540
4d45982f2dc34f36c9045ee46a75a1943666bb7fd64e103cac8c7429e7012840
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
4f1af668bb4d7e34e715c0903ce2bdf1c69976f73b0cfa55e55b27d5f54e94b6
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
51abb4cfae06c4cf82d0c8fc4523f67553e0653def18c05927d41e5bc5542909
54cb15acb0c5f40e191701b259fca34a71656a5d07c750de734ce598f5f5255a
558086c9a2e2e18e5e4f4600dd48b067d18576f8e5d1f923defc75bde78c4f6a
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
561bab429a795b1828ea1c42937f4f66bb916b36336a6034fb83396a84df5791
569cde2a2d9c46b8a90a8c4296aa45d9f52a146d7b075f9e5dba7fcc2f03ce2c
5b6d2a705d32a2210991e821dba60a25bdf8a34b5e1beefa832c563b50edbdb5
5c4a713ee4250851232be9f9f68d41586be39b299528cfc7266e0b0e7e582e1b
5ca59b988cbfb75b3cb18696cc421b25e2b2ccb0741f4c994a6bafc091076de5
5f04a67133e8d41a751e2030f0c3492cd7438868d74e850b94007eb12805e6d7
6007562ecb492b00c4c60335f93fe56c8649b3036ef2a4e1585c20c05c058aae
605b14697226eeb0be6b2c11db8206b70f4c8681c3f921e4ceca4793ce1a95ce
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
626c65063bcb00fcc4574cffc418820fc209794a0519ec1e65931896c79a6ee1
63523bed462ca3b72e9d17af07d6226748a5265640ebb37a45053ed4f6a46cd5
63b41a8345664bf6831b001714dc902cd6f41a4d4ee5ef151a539d3b790e670e
65578602dfaf8a758cfb0d8d14f7106253f979c7f28734043f61f09cc766c335
6618a50d2d42c87ffe89f83367c7528e8b2d3da51e73affd8cdc3082586c3441
668b046d12db350ccba6728890476b3efee53b2f42dbb84743e5e9f1ae0cc404
684204dccf86bdda51afb3708722b0e1931d5f867b05f544b767023f09c80007
68552cca682bb0b73fe0c5bccadba8c66051f3bb0f87e49aafabd3915249eee8
69fa4215009a4325ef2d8ed36a318853ec8597bfa8fc52197de529582b85a965
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
6c0bd41a591f67aa54215c9f9c1f0e86935d86b6546a0ba0bf9cebbed53a9ebc
6cd95f25faae6fdc6740e6c5d59270c022568d221aef89501bf5ce86b7b60642
6ebd60f817297373e7288405392bdacfc9dfa4be17c373e03edc5727d2cb9ff5
6f4e4f6cbc55002dbedeeb87b8e75558c487dbe41ea62982209eca2558e1ac6c
710bb217cd880d6fcedb2223e6bbc9b67fcb75da4b0e72475fa2ead91bcd9ebb
75e321d9e0543d48415b7cd45279ad60e43d070dc18b15028382380a78e8b7c2
7800e3c307c07f97cd107a04d57cb6677817d306ac584f5ea752507580460ecd
78201805b315901e12781261ffd7bee843acfa8045774f567f729541d5104a20
7d0486daef9bc194945a29d2aca0adcb5bf00b4153de048762d81b7c88387141
7d60169e6cbaed215bca69cf53ce1826c2ab0522944f5d6a27a9adc92bb826cb
7d82489396992f913b7017f29d5ba2ff5754cbc99cf552558bfe0db183d38d6a
80351098c2478918bb80008d7836499305bf6f4d4b2abf742b8823255bbb0d8e
8128514a9917b6dcdf20f7ee24d6b00a27b2a6aa0f971acb988f358f25ac4005
81c2cbe50044dac07e1ac9ea9841ac415bdc38dd2f6b915ab044bf69ee71c628
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
83dfd87b1c9e1ccb27c7d7e6f972e533af3dd662d65a0cb2c0f54a293bd1cf64
85764e3d281c3748129051ff30544d7705cd95ac363e17d599cf0358ed7c0584
85d04ead155cc7b37238017bd4f23af84b45f10d6c578c24529bea41a8bcd653
86be52bdb7547413cafb3ed175a806a798c65de98b40849e0b974c47d187de65
89b9f0fcf0bef8de0c11196135a53af7b9219c0e6e4bdb08a3102e48169c67f5
89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7
8b90db0df4ed3b6cfda75691207c3757096bc6ce07e13875c27eff151cfe1ae6
8c3740350d4b39beb3130c52dfa915248fcea1e5e4983429348479f7e09e69df
8c79382216b01d58cdd19056ac52094d585188046de9a75e937abee42a4808a1
8e3b0117f4df4be452c0b6af5b8f0a0acf9d4ade23d08d55d7e312af22077762
913dd787ddb1c1055833af1b085aeccbed3dc54e94bdd1e143ad9f9372c46969
957135063edbb7272a9f5247b887095262f77644fa42419381bf7ca2b0622bb8
961f547cdb29f79eed49fddf9c4867b1f8589facfe487d6055c512950db7a914
9a1ad8599d395bf94f20d32a7d2a17b7506a52737e6b34677be70fcf180dd3b9
9a6e5a83211909b83cf5acaed836a5d08663dfa738f205977cbff3e68065b7c5
9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062
9ba8cc7f1277640242a262f7575fe90a1216015965b7779bd91ddeb526633bce
9c988e280a9af2e0bfc476f7ada40e1984db51651029927933b16de44400c28b
9df52b037eb2207bec06f864cde6638b1ff3355ea364d4bb0d593e7821cada7f
9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120
a0691590289efab8aecb842f768940fb34fc23791ca890f77b1e6b7aeec03126
a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8
a38776c09a3752a38cc775fdd597a31dde3d57640b54fcdf2136f942970b687a
a42d095bbf6a8a40272995bb22b09d14dba01959476fe734d7236bd96a87fc5d
a4cc3c53fbbf069b632ab9c5061d0ffb770b9961d3201d61bdf5a5373bf62833
a6d36aa3d742ccd6f1ca3c76dcf885af72f7bebe2fcc001ea011a7aea2f55678
a7b6ac83d0a5dbb3a50fb28ff292d09cdd262834c50beb293d9aad1550eac5a1
a8069ac41eb2b126f5aee9f8fc85c0bb9b5b1f6bca823990b5754b31312c8c83
aade7746342f608807b7eb107059c842fe200e1ff09e146db822250055cecaed
abc242f134647159f15fc4e8a3691daf1b7a1153d3370885c3389130b9ab3f74
aea7a0b33959519cc0da4cbad38826e5e99391568dee742f63c25801e6c109fe
aec3d419d50f05781a96f223e18289aeb52598b5db39be82a7b71dc67d6a7947
afa04a0b4926a1d3ae239a0d8d69c420c35c120e3e01aadb378313d8d7cbe12b
b019538234514166ec7665359d097403358f8a4c991901983922fb4d56989f1e
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b1ede5f6c20a18e0e28467f98d21dc394f6dce158cdf898610ca109867eba989
b2c9199eb1d5e69e7986b06f54156e9d0a8d71895e8d2bc54c106ac20bc7733c
b61261c97769d37aafccde467f3cab452bff08adc2d04bba58322e71e57ceead
b88fc686d13496829c0f697839007050c9a52b3f8b82e1817f8b7041705287dc
b97b6a79b734e9323aa8c3847d0b2a1bb5db32fc6a7df92ac69653d1c8ba13c5
bb013843f8852f5bcbf355baf5b0fd5a78be11b4bd5e793d5776b90e3d69b05f
bb54369234516c2f2469a9989fce0f73145879defec57a2b276b5b1e0bf92336
bd0366660d2837d11ab498b4adbca774d02854cbb182aaba77f5bc96075df9fb
bd29f9ae7453f9b340fe2e649bd5eb39bec34a084ad131126c9ccb9516d7b5ad
bdaa45add05fb6a742549affbe0c6351520d4a2d7e2a8677ae431b88c7d8846d
bfc29c17292ecabcf6ac3123497ef8e0684c078f1b2a58cdd65da41fc29b28fd
c205c874491530a4288b8f643e5da8fbcf7c54bee71bb787f4444e77de90e821
c2219375fabfebb3e34a8644b5183623445456b319ed173bdb9b8a5413651bd0
c225fa9e47bd57d83f5c9c3dcba41e0666f076410a55078ed1bfb2885021acd1
c4b813f7aa04eca20be469b259cca2779799f58e280d73488bd7386940d2d146
c50acbfb387dd690e87d779b4f41ac272219fb6659c256da7604e9349eda1780
c5f6cbf9b4be48ebae52034fe59d6b2b8cd0688090b447d96263068628406e61
c6574baf3d3afd6abc938ef8e989bdce19e3019aa4a1972210a0011ff84df05a
c72a846d15982078839c05cab87c4fab8f4188a8b39ab5333f34e9be61fac65c
c7b2f1194c1e9b45584f5286cd7d8872efc745d9870c1ea56c240e0cf4e49b98
c950bdb3171907dd6adc02a07023992f892095f78f251750ebbb01ff386282ac
cdd679436ffc3ffe8e43cc18ff2250adbff21e1ba559f2fd88f6dd1e388f1ae4
cddb42bd69440699ae8fe758dac4d5f52911fa67b2a7a637d5d1bcfa2d88b0d3
ce0334984e5f44af91c12d8ed33b76b040558ef5100a1985cb5bc0354ebcab64
cef005a7925817203365e696b47631a1bb7741d6b22f19399f5b958069a09eda
d0e8821e889280c3b745b859e6b3971924723a4562bac65ba8aa0fe44bfc83b2
d33496ad81d75fc169b779b7fdb422d05ab224e0d3a3aa4252a4d82525e54d49
d3fe55369b0139ca1111fdfe2efe53ce0497f81078221a362c949050c6d0cf9c
d63d895fd45bffb8bb40d2c4333961ee680df90284f36cdcbd9eaf00ad2baea2
d66ca23a7be1d8803307f937a250d0f90959f1289862b8e870d6795000f2b731
d66d050c1353eca80d839d1a923cc17dfa16e8c6269071a616913e6c48d527cb
d6c5ee567fc259b1e6a5aaf4e1de177ebfec611be8dd32ec933ba6b0cf2b9e74
d81a6be52d63d83dd8b2934525696d0088853a39729e01a7c35cf749751bffaa
db726e33bb3ae4acf2d43e01e9ff7af099e7fca3a886ee670cbbc55528dcab1e
db77a02adf6e0dfcd6101426b0fccb03f8f29303294d9819e6df1a9415b7a481
dc00d2dc19a9dd32d5f89ec3d68bfed90dd775a5fa638855b7fe00d6415f379b
dc4c4466af7126ff52ba0db925717fca03109f53397130f649d1e322b8cec953
dc6f09ea768ca2654fa70e0b53835d54c5002262c97aac33f53491f6de7299a8
dded9212044cf5652b9d310e290e71a426c271abe5eef07b2bf8c87ca593d64c
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
e16c1a19f5b378301e1afb3466bb6658c2541bb7eeeb318f049cd0b7876e3a40
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e41a6e5e9947fc7845b1a9c9f5b4ea2dac2c0c49d96a2b683099b993dc310689
e439bebf8de2df0582273906d2c1dceff2387c661efb2152ef1c28420ce4e7e5
e67417b0b06b8190bcbc2063e7e5b70febd93586e820049fd4eda8e491fd9ec7
e6bba6feb15a60d44c08db700decfbc5828d9deb725b698dfbbde5606f4688b3
e7e1d181be7031c84401cd4ef1ab1d9126f9ea7a911adc6deb99788e5614c489
e8a86c90f43cf1f45bf25d0aae457f431075c753a711cc9098db7548ed5d4a8a
e8cf20f6e98c91ff5a877209649b0839bb06e5751793babfb0dbbbb60a9e811a
e93636d3ef399dc7d33a87e01495e525303cdcb7f443dbfa77f05e4c80825407
e9e1406f09c68b9b04ec8f03149c9d5c28818f3c4109c796c6d957e81553b528
ea61f0803c132463640b3f4c907c9a627bcdbd3a1490ef28ac47139c075c528f
eb66c7c9d097d5ba414230f422484c17fa6f37157d30e1ded2cc5f65a9667987
eb7d3ae243205232e48dd153d96631030226ca8719c1352f395a46e377276758
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
ef3b2092c6bd1a3a6855b7a3a0d67951f0b7cd1678bbcfe563226bfe8a2b9126
ef973092ac39265e4497c81e4263b7d28543062302c9cedacf2da24ac5115542
f30c95f506891396b8cd9ef96a6c734fbf381756fa6c6355c4d99e80d4adec8f
f37cd718ea3e969d30ad2b3463f612c248454f42016144b79439ec8ba59f0d98
f3c5e5a0064eec4419f514718f35b3eb4ff163a77ebf16445041f5498a84638b
f4ca3178766060dba885fb47d492a3384ac5ef17579133a37adee9fa374145d8
f5be70c103392c0ce642305bd1a7ee21a157f8d8f1f382b32b1cb56d04d47dfa
f6695e49b1a553fee4b90864009dd5f3573d63d831d2ccf08f9bb2032e3c4ec2
f8238cdd1cc6032f1c34cf7e559b55a936097f78cc8839628e5cc39a6fc3f390
f9c1f218151c6df1dab3a5f3da6f5cd1da78f7e9cde44eb2b8e49fbc3a3d79d1
fb158ee3a60ca46559d0535a2101a6569c76957c58c4da910744adc525d77949
fc4fec40905fbd51adf29ef0554369e7e7ead1adfbaa03adfe158faf2ddd5872
fc9a93dd241f6b045cbff0481cf4e1901becd0e12fb45166a8f17f95823f0b1a
fc9fe8ec0612072dc6d3b4acd268e09d28c253807f47846a5f70dd8360d1a0d1
fd7b1af2255bed03d8fb859d9ca152f8aa470a4e109c6eb998ff3849766c6400
ff2819f882317412b7579aefcdf767d51b5e4f1e231dbc9e50aeefde4507eede

www.bestone-work.com Open in urlscan Pro 2606:4700:3030::ac43:da23 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

475 Requests

90 %HTTPS

44 %IPv6

52 Domains

91 Subdomains

73 IPs

11 Countries

6508 kBTransfer

16191 kBSize

44 Cookies

9 Outgoing links

Redirected requests

475 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 11 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

www.bestone-work.com Open in urlscan Pro
2606:4700:3030::ac43:da23 Public Scan

Screenshot
Live screenshot

Full Image

475
Requests

90 %
HTTPS

44 %
IPv6

52
Domains

91
Subdomains

73
IPs

11
Countries

6508 kB
Transfer

16191 kB
Size

44
Cookies

475 HTTP transactions
11 data transactions