onotepad.com Open in urlscan Pro
2606:4700:3033::6815:1c95 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://onotepad.com/sPIhfJ
Submission: On July 22 via manual (July 22nd 2023, 4:33:10 pm UTC) from ID — Scanned from DE

Summary HTTP 168 Redirects Links 1 Behaviour Indicators

Summary

This website contacted 36 IPs in 5 countries across 24 domains to perform 168 HTTP transactions. The main IP is 2606:4700:3033::6815:1c95, located in United States and belongs to CLOUDFLARENET, US. The main domain is onotepad.com.
TLS certificate: Issued by E1 on July 1st 2023. Valid for: 3 months.

This is the only time onotepad.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
3	2606:4700:303... 2606:4700:3033::6815:1c95	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2a04:4e42:200... 2a04:4e42:200::485	54113 (FASTLY) (FASTLY)
1	2a06:98c1:312... 2a06:98c1:3120::3	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 2	2606:4700::68... 2606:4700::6810:7baf	13335 (CLOUDFLAR...) (CLOUDFLARENET)
37	2a00:1450:400... 2a00:1450:4001:812::2002	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:806::2002	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:82b::2008	15169 (GOOGLE) (GOOGLE)
1 2	2600:9000:249... 2600:9000:2490:3000:4:8ff3:780:93a1	16509 (AMAZON-02) (AMAZON-02)
1	143.204.231.97 143.204.231.97	16509 (AMAZON-02) (AMAZON-02)
1	2001:4de0:ac1... 2001:4de0:ac18::1:a:3a	20446 (STACKPATH...) (STACKPATH-CDN)
13	2a00:1450:400... 2a00:1450:4001:830::2002	15169 (GOOGLE) (GOOGLE)
1	2001:4860:480... 2001:4860:4802:32::36	15169 (GOOGLE) (GOOGLE)
1	2606:4700::68... 2606:4700::6811:180e	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2a00:1450:400... 2a00:1450:4001:810::2001	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:80f::2002	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:80b::2002	15169 (GOOGLE) (GOOGLE)
23	2a00:1450:400... 2a00:1450:4001:830::2001	15169 (GOOGLE) (GOOGLE)
1 2	2a00:1450:400... 2a00:1450:4001:81c::2004	15169 (GOOGLE) (GOOGLE)
4	2a00:1450:400... 2a00:1450:4001:82b::2002	15169 (GOOGLE) (GOOGLE)
6 8	142.250.186.34 142.250.186.34	15169 (GOOGLE) (GOOGLE)
3 7	185.80.39.216 185.80.39.216	27381 (CASALE-MEDIA) (CASALE-MEDIA)
3 5	37.252.171.53 37.252.171.53	29990 (ASN-APPNEX) (ASN-APPNEX)
7	18.194.104.7 18.194.104.7	16509 (AMAZON-02) (AMAZON-02)
2	2a00:1450:400... 2a00:1450:4001:80b::200a	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:811::2003	15169 (GOOGLE) (GOOGLE)
12	2a00:1450:400... 2a00:1450:4001:828::2006	15169 (GOOGLE) (GOOGLE)
2	142.250.185.130 142.250.185.130	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:80e::2003	15169 (GOOGLE) (GOOGLE)
11	193.108.153.28 193.108.153.28	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
9	23.35.237.151 23.35.237.151	16625 (AKAMAI-AS) (AKAMAI-AS)
2	34.241.14.248 34.241.14.248	16509 (AMAZON-02) (AMAZON-02)
4	3.73.242.95 3.73.242.95	16509 (AMAZON-02) (AMAZON-02)
1	35.201.109.54 35.201.109.54	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
7	2.18.161.148 2.18.161.148	16625 (AKAMAI-AS) (AKAMAI-AS)
1	142.250.185.66 142.250.185.66	15169 (GOOGLE) (GOOGLE)
168	36

3 2606:4700:3033::6815:1c95 (United States)

ASN13335 (CLOUDFLARENET, US)

onotepad.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a04:4e42:200::485 (United States)

ASN54113 (FASTLY, US)

cdn.jsdelivr.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a06:98c1:3120::3 (United States)

ASN13335 (CLOUDFLARENET, US)

mynewsmedia.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6810:7baf (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

unpkg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

37 2a00:1450:4001:812::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:806::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:82b::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2600:9000:2490:3000:4:8ff3:780:93a1 (United States) 1 redirects

ASN16509 (AMAZON-02, US)

cdn.tiny.cloud	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 143.204.231.97 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-143-204-231-97.cdg3.r.cloudfront.net

sp.tinymce.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:4de0:ac18::1:a:3a (Netherlands)

ASN20446 (STACKPATH-CDN, US)

code.jquery.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

13 2a00:1450:4001:830::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:4860:4802:32::36 (United States)

ASN15169 (GOOGLE, US)

region1.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:180e (United States)

ASN13335 (CLOUDFLARENET, US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:810::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

39398e5a679a9dbb947c244fab0d9cc5.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:80f::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

partner.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:80b::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

23 2a00:1450:4001:830::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:81c::2004 (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:82b::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 142.250.186.34 (United States) 6 redirects

ASN15169 (GOOGLE, US)
PTR: fra24s04-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 185.80.39.216 (Canada) 3 redirects

ASN27381 (CASALE-MEDIA, CA)

dsum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 37.252.171.53 (Frankfurt am Main, Germany) 3 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 1003.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 18.194.104.7 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-194-104-7.eu-central-1.compute.amazonaws.com

bs.serving-sys.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:80b::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
ajax.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:811::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 2a00:1450:4001:828::2006 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

s0.2mdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.185.130 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s50-in-f2.1e100.net

googleads4.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:80e::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 193.108.153.28 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)
PTR: a193-108-153-28.deploy.static.akamaitechnologies.com

secure-ds.serving-sys.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 23.35.237.151 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a23-35-237-151.deploy.static.akamaitechnologies.com

z.moatads.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
px.moatads.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.241.14.248 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-34-241-14-248.eu-west-1.compute.amazonaws.com

geo.moatads.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
mb.moatads.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 3.73.242.95 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-73-242-95.eu-central-1.compute.amazonaws.com

lm.serving-sys.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.201.109.54 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 54.109.201.35.bc.googleusercontent.com

mx-gmtdmp.mookie1.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2.18.161.148 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a2-18-161-148.deploy.static.akamaitechnologies.com

xaxislatamdisplay5449357860.s.moatpixel.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.185.66 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s48-in-f2.1e100.net

ade.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
63	googlesyndication.com pagead2.googlesyndication.com — Cisco Umbrella Rank: 134 39398e5a679a9dbb947c244fab0d9cc5.safeframe.googlesyndication.com tpc.googlesyndication.com — Cisco Umbrella Rank: 153 ade.googlesyndication.com — Cisco Umbrella Rank: 320	727 KB
26	doubleclick.net 6 redirects securepubads.g.doubleclick.net — Cisco Umbrella Rank: 208 googleads.g.doubleclick.net — Cisco Umbrella Rank: 56 cm.g.doubleclick.net — Cisco Umbrella Rank: 242 googleads4.g.doubleclick.net — Cisco Umbrella Rank: 354	305 KB
22	serving-sys.com bs.serving-sys.com — Cisco Umbrella Rank: 1400 secure-ds.serving-sys.com — Cisco Umbrella Rank: 2418 lm.serving-sys.com — Cisco Umbrella Rank: 2453	339 KB
12	2mdn.net s0.2mdn.net — Cisco Umbrella Rank: 317	488 KB
11	moatads.com z.moatads.com — Cisco Umbrella Rank: 647 geo.moatads.com — Cisco Umbrella Rank: 765 mb.moatads.com — Cisco Umbrella Rank: 855 px.moatads.com — Cisco Umbrella Rank: 570	115 KB
7	moatpixel.com xaxislatamdisplay5449357860.s.moatpixel.com — Cisco Umbrella Rank: 220458	2 KB
7	casalemedia.com 3 redirects dsum-sec.casalemedia.com — Cisco Umbrella Rank: 625	5 KB
5	adnxs.com 3 redirects ib.adnxs.com — Cisco Umbrella Rank: 244	4 KB
4	gstatic.com www.gstatic.com fonts.gstatic.com	61 KB
4	googletagservices.com www.googletagservices.com — Cisco Umbrella Rank: 207	225 KB
3	google.com 1 redirects adservice.google.com — Cisco Umbrella Rank: 117 www.google.com — Cisco Umbrella Rank: 3	2 KB
3	onotepad.com onotepad.com	38 KB
2	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 82 ajax.googleapis.com — Cisco Umbrella Rank: 425	7 KB
2	tiny.cloud 1 redirects cdn.tiny.cloud — Cisco Umbrella Rank: 21956	175 KB
2	unpkg.com 1 redirects unpkg.com — Cisco Umbrella Rank: 995	94 KB
2	jsdelivr.net cdn.jsdelivr.net — Cisco Umbrella Rank: 378	54 KB
1	mookie1.com mx-gmtdmp.mookie1.com — Cisco Umbrella Rank: 175107	204 B
1	googleadservices.com partner.googleadservices.com — Cisco Umbrella Rank: 1178	605 B
1	cloudflare.com cdnjs.cloudflare.com — Cisco Umbrella Rank: 261	3 KB
1	google-analytics.com region1.google-analytics.com — Cisco Umbrella Rank: 1815	251 B
1	jquery.com code.jquery.com — Cisco Umbrella Rank: 724	30 KB
1	tinymce.com sp.tinymce.com — Cisco Umbrella Rank: 22219	378 B
1	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 73	80 KB
1	mynewsmedia.co mynewsmedia.co — Cisco Umbrella Rank: 999622	52 KB
168	24

	Domain	Requested by
37	pagead2.googlesyndication.com	onotepad.com pagead2.googlesyndication.com securepubads.g.doubleclick.net tpc.googlesyndication.com 39398e5a679a9dbb947c244fab0d9cc5.safeframe.googlesyndication.com googleads.g.doubleclick.net www.googletagservices.com s0.2mdn.net
23	tpc.googlesyndication.com	securepubads.g.doubleclick.net tpc.googlesyndication.com 39398e5a679a9dbb947c244fab0d9cc5.safeframe.googlesyndication.com googleads.g.doubleclick.net onotepad.com s0.2mdn.net
13	googleads.g.doubleclick.net	pagead2.googlesyndication.com 39398e5a679a9dbb947c244fab0d9cc5.safeframe.googlesyndication.com googleads.g.doubleclick.net
12	s0.2mdn.net	onotepad.com s0.2mdn.net
11	secure-ds.serving-sys.com	bs.serving-sys.com secure-ds.serving-sys.com
8	px.moatads.com	googleads.g.doubleclick.net
8	cm.g.doubleclick.net	6 redirects googleads.g.doubleclick.net
7	xaxislatamdisplay5449357860.s.moatpixel.com	googleads.g.doubleclick.net
7	bs.serving-sys.com	googleads.g.doubleclick.net secure-ds.serving-sys.com
7	dsum-sec.casalemedia.com	3 redirects googleads.g.doubleclick.net
5	ib.adnxs.com	3 redirects googleads.g.doubleclick.net
4	lm.serving-sys.com	secure-ds.serving-sys.com onotepad.com
4	www.googletagservices.com	39398e5a679a9dbb947c244fab0d9cc5.safeframe.googlesyndication.com googleads.g.doubleclick.net
3	fonts.gstatic.com	fonts.googleapis.com
3	securepubads.g.doubleclick.net	onotepad.com securepubads.g.doubleclick.net
3	onotepad.com	onotepad.com
2	googleads4.g.doubleclick.net	onotepad.com
2	www.google.com	1 redirects tpc.googlesyndication.com
2	39398e5a679a9dbb947c244fab0d9cc5.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
2	cdn.tiny.cloud	1 redirects
2	unpkg.com	1 redirects
2	cdn.jsdelivr.net	onotepad.com
1	ade.googlesyndication.com
1	mx-gmtdmp.mookie1.com	googleads.g.doubleclick.net
1	mb.moatads.com	z.moatads.com
1	geo.moatads.com	z.moatads.com
1	ajax.googleapis.com	s0.2mdn.net
1	z.moatads.com	secure-ds.serving-sys.com
1	www.gstatic.com	googleads.g.doubleclick.net
1	fonts.googleapis.com	googleads.g.doubleclick.net
1	adservice.google.com	pagead2.googlesyndication.com
1	partner.googleadservices.com	pagead2.googlesyndication.com
1	cdnjs.cloudflare.com	onotepad.com
1	region1.google-analytics.com	www.googletagmanager.com
1	code.jquery.com	onotepad.com
1	sp.tinymce.com
1	www.googletagmanager.com	onotepad.com
1	mynewsmedia.co	onotepad.com
168	38

This site contains links to these domains. Also see Links.

Domain
gplinks.co

Subject Issuer	Validity	Valid
onotepad.com E1	`2023-07-01` - `2023-09-29`	3 months	crt.sh
jsdelivr.net GlobalSign Atlas R3 DV TLS CA 2022 Q4	`2022-12-23` - `2024-01-24`	a year	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2022-10-25` - `2023-10-25`	a year	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2023-07-03` - `2023-09-25`	3 months	crt.sh
*.google-analytics.com GTS CA 1C3	`2023-07-03` - `2023-09-25`	3 months	crt.sh
tinymce.com Amazon RSA 2048 M01	`2023-05-22` - `2024-06-19`	a year	crt.sh
*.jquery.com Sectigo RSA Domain Validation Secure Server CA	`2023-07-11` - `2024-07-14`	a year	crt.sh
*.googleadservices.com GTS CA 1C3	`2023-07-03` - `2023-09-25`	3 months	crt.sh
*.google.com GTS CA 1C3	`2023-07-03` - `2023-09-25`	3 months	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2023-07-03` - `2023-09-25`	3 months	crt.sh
www.google.com GTS CA 1C3	`2023-07-03` - `2023-09-25`	3 months	crt.sh
bs.serving-sys.com Amazon RSA 2048 M02	`2023-03-11` - `2024-04-08`	a year	crt.sh
upload.video.google.com GTS CA 1C3	`2023-07-03` - `2023-09-25`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2023-07-03` - `2023-09-25`	3 months	crt.sh
*.doubleclick.net GTS CA 1C3	`2023-07-03` - `2023-09-25`	3 months	crt.sh
secure-ds.serving-sys.com R3	`2023-07-11` - `2023-10-09`	3 months	crt.sh
moatads.com DigiCert TLS RSA SHA256 2020 CA1	`2022-11-16` - `2023-11-18`	a year	crt.sh
*.moatads.com DigiCert TLS RSA SHA256 2020 CA1	`2023-06-20` - `2024-07-20`	a year	crt.sh
lm.serving-sys.com Amazon RSA 2048 M01	`2023-02-14` - `2024-02-15`	a year	crt.sh
*.mookie1.com DigiCert TLS RSA SHA256 2020 CA1	`2023-02-27` - `2024-03-29`	a year	crt.sh

This page contains 21 frames:

Primary Page: https://onotepad.com/sPIhfJ
Frame ID: 30F79364377A260B289DB1383E155441
Requests: 27 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20230719/r20190131/zrt_lookup.html
Frame ID: 771DE2F3B5D3B914F8C0E523FEC87CB2
Requests: 1 HTTP requests in this frame

Frame: https://39398e5a679a9dbb947c244fab0d9cc5.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: E5AFC6408BBE9EB3A5B9DD314096C450
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8110287124118452&output=html&adk=1812271804&adf=3025194257&lmt=1690043580&plat=1%3A16777216%2C2%3A16777216%2C3%3A16%2C4%3A16%2C9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C41%3A32%2C42%3A32&format=0x0&url=https%3A%2F%2Fonotepad.com%2FsPIhfJ&ea=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1690043580590&bpp=11&bdt=386&idt=327&shv=r20230719&mjsv=m202307200101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=7777222354393&frm=20&pv=2&ga_vid=1764885341.1690043581&ga_sid=1690043581&ga_hid=788954418&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31075952%2C31076179%2C31076299%2C44788442%2C21065725%2C44797785&oid=2&pvsid=1623586736950443&tmod=572720146&uas=0&nvt=1&fsapi=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=1&uci=a!1&fsb=1&dtd=380
Frame ID: BDEAF7E23ED99FC0E137BCBDF6396FCD
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8110287124118452&output=html&h=280&slotname=2736137418&adk=1376291991&adf=238524979&pi=t.ma~as.2736137418&w=1067&fwrn=4&fwrnh=100&lmt=1690043580&rafmt=1&format=1067x280&url=https%3A%2F%2Fonotepad.com%2FsPIhfJ&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1690043580601&bpp=3&bdt=397&idt=381&shv=r20230719&mjsv=m202307200101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=7777222354393&frm=20&pv=1&ga_vid=1764885341.1690043581&ga_sid=1690043581&ga_hid=788954418&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=267&ady=90&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31075952%2C31076179%2C31076299%2C44788442%2C21065725%2C44797785&oid=2&pvsid=1623586736950443&tmod=572720146&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CEe%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=vUJlp8hGfl&p=https%3A//onotepad.com&dtd=399
Frame ID: D719FAA8F369FAC00AC86CDF720A9C22
Requests: 16 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8110287124118452&output=html&h=280&slotname=6344247927&adk=3276887208&adf=2535394087&pi=t.ma~as.6344247927&w=703&fwrn=4&fwrnh=100&lmt=1690043581&rafmt=1&format=703x280&url=https%3A%2F%2Fonotepad.com%2FsPIhfJ&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1690043580604&bpp=2&bdt=400&idt=410&shv=r20230719&mjsv=m202307200101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1067x280&nras=1&correlator=7777222354393&frm=20&pv=1&ga_vid=1764885341.1690043581&ga_sid=1690043581&ga_hid=788954418&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=267&ady=555&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31075952%2C31076179%2C31076299%2C44788442%2C21065725%2C44797785&oid=2&pvsid=1623586736950443&tmod=572720146&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CEe%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=3&uci=a!3&fsb=1&xpc=eI7Y2CULJE&p=https%3A//onotepad.com&dtd=416
Frame ID: 61DFA8CBAFD3B97A460EC8A70860A9D4
Requests: 10 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8110287124118452&output=html&h=280&slotname=8778839573&adk=4015718133&adf=1863091577&pi=t.ma~as.8778839573&w=340&fwrn=4&fwrnh=100&lmt=1690043581&rafmt=1&format=340x280&url=https%3A%2F%2Fonotepad.com%2FsPIhfJ&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1690043580606&bpp=1&bdt=401&idt=422&shv=r20230719&mjsv=m202307200101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1067x280%2C703x280&nras=1&correlator=7777222354393&frm=20&pv=1&ga_vid=1764885341.1690043581&ga_sid=1690043581&ga_hid=788954418&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=994&ady=410&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31075952%2C31076179%2C31076299%2C44788442%2C21065725%2C44797785&oid=2&pvsid=1623586736950443&tmod=572720146&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CEe%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=4&uci=a!4&fsb=1&xpc=0uPfDfhtNJ&p=https%3A//onotepad.com&dtd=440
Frame ID: 2181D49780EA161D35DF25D092C58D37
Requests: 18 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: D7E0BD43901C60E9443F44F6C0F72957
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 03B2860ACD9DAD32DD8298283931089D
Requests: 2 HTTP requests in this frame

Frame: https://39398e5a679a9dbb947c244fab0d9cc5.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: 62FB6645FF71F254488338EB08B2332A
Requests: 20 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=COGKFRCp6RsYkqj5xgEwAQ&v=APEucNX1ttAL4bwNsLT7P-MYxCjRFCBIHkaSkZNhGAJ6FBYlCapMC9fnjJlA67yzokgD1Nzu_ddygkAuUMeY53EJTK3M54kWOQccKhJbto-Ds7z9-_WtgLIAQLbdGei0ET-mWNmWOGinEOlhvNG8sLAiCKDJigM9PSJsaAgbdX9R8AFKX1XKgak
Frame ID: D36EA5E61573A99DCD1301ABF3F00F16
Requests: 5 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Frame ID: F84418E1BF697C2764BE990EA2BEC7CE
Requests: 2 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CM2BehDSkOwBGJrq4fABMAE&v=APEucNU-f_x4KjxhicfjuPDEhtguNkcP1K6SleJbXS24PDGQeMdsOhbceKQ_T-BqdNCod6WUsyEOxdDScC44psU8s5L_8o9SUA
Frame ID: 872B1F937F166E1EF7AD601B474A2583
Requests: 5 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/js/dv3.js
Frame ID: 03320F1767695F86205B7B59506EE568
Requests: 30 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/7iS30H4CIOlAzWX_-DRl8EqUdjCbSbkytJAMRoxuMII.js
Frame ID: E9E229AA3814727E969859F0D0BC7C20
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: B0A1149FEA68779620A91B25D8DB3FE4
Requests: 3 HTTP requests in this frame

Frame: https://s0.2mdn.net/sadbundle/9548364509937149214/index.html?e=69&leftOffset=0&topOffset=0&c=BxWBeZakZg&t=1&renderingType=2&ev=01_250
Frame ID: 21B48174DC4B0B4EE920A15F7F199500
Requests: 14 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 5AF431B561EB47A1FEB410DF801F3825
Requests: 3 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/7iS30H4CIOlAzWX_-DRl8EqUdjCbSbkytJAMRoxuMII.js
Frame ID: 6F78AE4E7FF3041D15C60F096C384424
Requests: 1 HTTP requests in this frame

Frame: https://secure-ds.serving-sys.com/resources/PROD/html5/99058/20230713/1077147302/80728270812749230/index.html?v=_2_170_1_0&n=1&sHost=secure-ds.serving-sys.com
Frame ID: FD6C8F8F090C7E39CE91A7FEE7A08110
Requests: 8 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/7iS30H4CIOlAzWX_-DRl8EqUdjCbSbkytJAMRoxuMII.js
Frame ID: EF04FC7E240C63BCE44C71853ACF6EF3
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Note from GPlinks

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

/wp-(?:content|includes)/

TinyMCE (Rich Text Editors) Expand

Overall confidence: 100%
Detected patterns

/tiny_?mce(?:\.min)?\.js

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

AppNexus (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.(?:net|com)

Clipboard.js (Miscellaneous) Expand

Overall confidence: 100%
Detected patterns

clipboard(?:-([\d.]+))?(?:\.min)?\.js

DoubleClick Campaign Manager (DCM) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

2mdn\.net

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/
2mdn\.net

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

googleapis\.com/.+webfont

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtag/js

Moat (Analytics) Expand

Overall confidence: 100%
Detected patterns

moatads\.com

Sizmek (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

serving-sys\.com/

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

jsDelivr (CDN) Expand

Overall confidence: 100%
Detected patterns

<link [^>]*?href="?[a-zA-Z]*?:?//cdn\.jsdelivr\.net/
//cdn\.jsdelivr\.net/

Page Statistics

168
Requests

94 %
HTTPS

63 %
IPv6

24
Domains

38
Subdomains

36
IPs

5
Countries

2801 kB
Transfer

6608 kB
Size

13
Cookies

1 Outgoing links

These are links going to different origins than the main page.

URL: https://gplinks.co/4ana
Title: https://gplinks.co/4ana

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 4

https://unpkg.com/@lottiefiles/lottie-player@latest/dist/lottie-player.js HTTP 302
https://unpkg.com/@lottiefiles/lottie-player@2.0.2/dist/lottie-player.js

Request Chain 9

https://cdn.tiny.cloud/1/x6jqlupryoxij9md2m8xbrbeicwyz5lki3ppsztek53wgwpv/tinymce/6/tinymce.min.js HTTP 307
https://cdn.tiny.cloud/1/x6jqlupryoxij9md2m8xbrbeicwyz5lki3ppsztek53wgwpv/tinymce/6.6.0-25/tinymce.min.js

Request Chain 43

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEK9MG08-fGPhnxFb88DcKwU&google_cver=1

Request Chain 44

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZLwEvZt.A7.ppBBIoyt-ZQAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEK9MG08-fGPhnxFb88DcKwU&google_cver=1&google_hm=2

Request Chain 45

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESEE3WifqUvUc1_Fj0hHdyjZc&google_cver=1

Request Chain 46

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 307
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NDAzNjk2MDI2MDk5MTE2MzYwMA%3D%3D

Request Chain 56

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Request Chain 82

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEK9MG08-fGPhnxFb88DcKwU&google_cver=1

Request Chain 83

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZLwEvZt.A7.ppBBIoyt-ZQAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEK9MG08-fGPhnxFb88DcKwU&google_cver=1&google_hm=2

Request Chain 84

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESEE3WifqUvUc1_Fj0hHdyjZc&google_cver=1

Request Chain 85

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NDAzNjk2MDI2MDk5MTE2MzYwMA%3D%3D

168 HTTP transactions
4 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request sPIhfJ Show response
onotepad.com/ 20 KB
6 KB 382ms
328ms Document
text/html 2606:4700:3033::6815:1c95
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://onotepad.com/sPIhfJ
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3033::6815:1c95 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / PHP/8.1.21
Resource Hash: fdbea17b0099531dfc77279ad7af50e2a93c87f5208d09175ebab6b7bd3d3201

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cache-control: no-store, no-cache, must-revalidate
cf-cache-status: DYNAMIC
cf-ray: 7ead153639e93661-FRA
content-encoding: br
content-type: text/html; charset=UTF-8
date: Sat, 22 Jul 2023 16:33:00 GMT
expires: Thu, 19 Nov 1981 08:52:00 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
pragma: no-cache
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=I3J6rKpYujznrfRQ4a8UIrVlrt4KTHR7e8hjJMOJfQ3hGWfqus0qWNTbwtfOGUktZnkOfz35eDUFQlYdRqOAHN69uO5yTlkBP4y1sTkL%2FrzuE6cRr79NOUxO9UVkhtH0Nn73WIGBrsePWkU%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
x-powered-by: PHP/8.1.21
x-turbo-charged-by: LiteSpeed

GET
H2 200 bootstrap.min.css
cdn.jsdelivr.net/npm/bootstrap@5.2.0/dist/css/ 190 KB
30 KB 38ms
7ms Stylesheet
text/css 2a04:4e42:200::485
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/npm/bootstrap@5.2.0/dist/css/bootstrap.min.css

Requested by

Host: onotepad.com
URL: https://onotepad.com/sPIhfJ

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:200::485 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

ed959b654022f7bae48ab9380dc129e065833e45a944c70d684c971ac3578cb8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://onotepad.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Sat, 22 Jul 2023 16:33:00 GMT
x-content-type-options: nosniff
content-encoding: br
age: 7638439
x-jsd-version: 5.2.0
x-cache: HIT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 30275
x-served-by: cache-fra-eddf8230069-FRA
x-jsd-version-type: version
etag: W/"2f88b-Yz6bIW1g1A6raHMXUTTpNbVU+JE"
vary: Accept-Encoding
content-type: text/css; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
accept-ranges: bytes
timing-allow-origin: *

GET
H2 200 AdBlock-Detected.png
mynewsmedia.co/wp-content/uploads/2023/01/ 51 KB
52 KB 89ms
21ms Image
image/png 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://mynewsmedia.co/wp-content/uploads/2023/01/AdBlock-Detected.png
Requested by: Host: onotepad.com
URL: https://onotepad.com/sPIhfJ
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: fc7b055613cfae7408b10da7259238c49846d6fafbc955a9b79bf7d207d4966d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://onotepad.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date: Sat, 22 Jul 2023 16:33:00 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 145009
alt-svc: h3=":443"; ma=86400
content-length: 52633
last-modified: Mon, 02 Jan 2023 18:02:19 GMT
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gGgmvta1KlACVXuUMJfaT0HV5pTHgyQYW8EFWL13bc%2B3Q2fpZSZvEv4L4bqzTasmZUDIVCrjL4Ui6a0xUd4fD85hq%2B2AmDVzsIM5WVFab3j%2F7lVc0YghDu8W%2Ba11ag%2BOmalNJP0iDDwFzQkWAA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: public, max-age=604800
x-turbo-charged-by: LiteSpeed
accept-ranges: bytes
cf-ray: 7ead1538bcf19950-FRA
expires: Fri, 28 Jul 2023 00:16:11 GMT

GET
H2 200 brand-logo.png
onotepad.com/assets/img/ 27 KB
27 KB 20ms
19ms Image
image/png 2606:4700:3033::6815:1c95
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://onotepad.com/assets/img/brand-logo.png
Requested by: Host: onotepad.com
URL: https://onotepad.com/sPIhfJ
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3033::6815:1c95 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 65538e9ab690a772bdfa074b95200ac89a0a38b82927a5152f6713e557be5800

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://onotepad.com/sPIhfJ
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date: Sat, 22 Jul 2023 16:33:00 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 501652
alt-svc: h3=":443"; ma=86400
content-length: 27259
last-modified: Sat, 03 Dec 2022 07:48:22 GMT
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ds5%2BUROSMe%2FTUv7Cojie2SO0hQc1FRgqEw4VVDDAvLKIlpt5bulg4Y5vna%2F1K8eW7OuOodl17VXCwDZ%2FbuJ7CBmXr%2B8VEEHNZ2Xl0J2jRFZ3X%2B%2FMIsR02syq4dxdf2vj4HG6kB2ZHDUpmB4%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: public, max-age=604800
x-turbo-charged-by: LiteSpeed
accept-ranges: bytes
cf-ray: 7ead15385d7f3661-FRA
expires: Sun, 23 Jul 2023 21:12:08 GMT

GET
H2 200 rocket-loader.min.js Show response
onotepad.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/ 12 KB
4 KB 16ms
15ms Script
application/javascript 2606:4700:3033::6815:1c95
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://onotepad.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Requested by

Host: onotepad.com
URL: https://onotepad.com/sPIhfJ

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3033::6815:1c95 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ccf00d1923b0131a10e0c6d26f95e5dee6ebf8621a27e83c5a2f68a2e0093142

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://onotepad.com/sPIhfJ
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date: Sat, 22 Jul 2023 16:33:00 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 18 Jul 2023 17:37:51 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"64b6cdef-302c"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7u2vhi8Ytm0NIWF8kJJ1lHZMW%2BRxwthPQJXQFVwRiu7fWmlkQgCsZv0xuPO6re24x9J895919vwsiZn9OJrnkOTBAxbE91BswZGShSsbdeMDD%2Fv%2Bu4re3U1IOm1J3vDIrpilVWxaGikXvNs%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
x-frame-options: DENY
cache-control: max-age=172800, public
cf-ray: 7ead15385d833661-FRA
expires: Mon, 24 Jul 2023 16:33:00 GMT

GET
H2

200

lottie-player.js Show response
unpkg.com/@lottiefiles/lottie-player@2.0.2/dist/
Redirect Chain

https://unpkg.com/@lottiefiles/lottie-player@latest/dist/lottie-player.js
https://unpkg.com/@lottiefiles/lottie-player@2.0.2/dist/lottie-player.js

359 KB
93 KB

57ms
56ms

Script
application/javascript

2606:4700::6810:7baf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://unpkg.com/@lottiefiles/lottie-player@2.0.2/dist/lottie-player.js

Protocol

Server

2606:4700::6810:7baf , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

55d2f8de4f55304e80b710304c00dfc431f692bf1c71f1595f78c75451044de5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://onotepad.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date: Sat, 22 Jul 2023 16:33:00 GMT
via: 1.1 fly.io
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains; preload
age: 3745494
last-modified: Sat, 26 Oct 1985 08:15:00 GMT
fly-request-id: 01H2FK5JD08JVKY16MTC7R6P2S-fra
server: cloudflare
etag: W/"59a07-4AFgJQ3i5PlD1ojTWKqOoTRXKIo"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 7ead15395b182bc6-FRA

Redirect headers

date: Sat, 22 Jul 2023 16:33:00 GMT
via: 1.1 fly.io
x-content-type-options: nosniff
cf-cache-status: HIT
fly-request-id: 01H5Z6PMZ9F7PQ1DJF48B0MPQN-fra
server: cloudflare
strict-transport-security: max-age=31536000; includeSubDomains; preload
age: 470
vary: Accept, Accept-Encoding
content-type: text/plain; charset=utf-8
access-control-allow-origin: *
location: /@lottiefiles/lottie-player@2.0.2/dist/lottie-player.js
cache-control: public, s-maxage=600, max-age=60
cf-ray: 7ead15393ae52bc6-FRA

GET
H2 200 bootstrap.bundle.min.js Show response
cdn.jsdelivr.net/npm/bootstrap@5.2.0/dist/js/ 78 KB
24 KB 17ms
8ms Script
application/javascript 2a04:4e42:200::485
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/npm/bootstrap@5.2.0/dist/js/bootstrap.bundle.min.js

Requested by

Host: onotepad.com
URL: https://onotepad.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:200::485 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

c0c09020adb6f602b16d48374166b9e38ca92383a81650b6a9097c43cc43f31f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://onotepad.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Sat, 22 Jul 2023 16:33:00 GMT
x-content-type-options: nosniff
content-encoding: br
age: 11158395
x-jsd-version: 5.2.0
x-cache: HIT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 24474
x-served-by: cache-fra-eddf8230069-FRA
x-jsd-version-type: version
etag: W/"137ae-xmO6oFGFa2TXRmKalh4ju/D7r4w"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
accept-ranges: bytes
timing-allow-origin: *

GET
H2 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ 144 KB
50 KB 195ms
91ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-8110287124118452

Requested by

Host: onotepad.com
URL: https://onotepad.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

41d1fbb43bb1bf1c894758cf1dbeb33c910e58fafd79fcd68efe8d88eeeda7c3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://onotepad.com/
Origin: https://onotepad.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date: Sat, 22 Jul 2023 16:33:00 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 50681
x-xss-protection: 0
server: cafe
etag: 11980037308281318223
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Sat, 22 Jul 2023 16:33:00 GMT

GET
H2 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ 80 KB
27 KB 211ms
107ms Script
text/javascript 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: onotepad.com
URL: https://onotepad.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

5648615de1ea623232f6c2f674e6628885d475d1838388a8385aa3b83f276659

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://onotepad.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date: Sat, 22 Jul 2023 16:33:00 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 27576
x-xss-protection: 0
server: cafe
etag: 611 / 19560 / m202307180101 / config-hash: 3532551707473895787
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
expires: Sat, 22 Jul 2023 16:33:00 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 227 KB
80 KB 151ms
56ms Script
application/javascript 2a00:1450:4001:82b::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-MBRRS8LVYD

Requested by

Host: onotepad.com
URL: https://onotepad.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

752e455655ad2c6a5d8bbdb384fb6c524938d634e60bb3535b7276279491cf48

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://onotepad.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date: Sat, 22 Jul 2023 16:33:00 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 81441
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Sat, 22 Jul 2023 16:33:00 GMT

GET
H2

200

tinymce.min.js Show response
cdn.tiny.cloud/1/x6jqlupryoxij9md2m8xbrbeicwyz5lki3ppsztek53wgwpv/tinymce/6.6.0-25/
Redirect Chain

https://cdn.tiny.cloud/1/x6jqlupryoxij9md2m8xbrbeicwyz5lki3ppsztek53wgwpv/tinymce/6/tinymce.min.js
https://cdn.tiny.cloud/1/x6jqlupryoxij9md2m8xbrbeicwyz5lki3ppsztek53wgwpv/tinymce/6.6.0-25/tinymce.min.js

425 KB
175 KB

10ms
10ms

Script
application/javascript

2600:9000:2490:3000:4:8ff3:780:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.tiny.cloud/1/x6jqlupryoxij9md2m8xbrbeicwyz5lki3ppsztek53wgwpv/tinymce/6.6.0-25/tinymce.min.js
Protocol: H2
Server: 2600:9000:2490:3000:4:8ff3:780:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx/1.20.0 /
Resource Hash: 42cf1a22b08e501f117b51c6b3ff09118d5867b98cfcd7b01926c00b4f616561

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://onotepad.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date: Sat, 22 Jul 2023 16:23:54 GMT
content-encoding: gzip
via: 1.1 dd09b3b5f5b8dc626e1ba6804a73af40.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P6
age: 781
x-cache: Hit from cloudfront
server: nginx/1.20.0
etag: W/"oSe1qAAO5KetAdZlaykwAVRPx9n0omXYod+dHsHmoMI="
access-control-max-age: 3600
access-control-allow-methods: GET,PUT,POST,DELETE,OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=3600
access-control-allow-credentials: true
vary: Accept-Encoding,Origin
access-control-allow-headers: *
x-amz-cf-id: BEyMXhVRtBWEvoMj-y0iVHexRXa6ifOqLLuPjFH13byBAs2X904VCA==

Redirect headers

date: Sat, 22 Jul 2023 16:28:46 GMT
via: 1.1 dd09b3b5f5b8dc626e1ba6804a73af40.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P6
age: 273
x-cache: Hit from cloudfront
content-length: 0
server: nginx/1.20.0
access-control-max-age: 3600
access-control-allow-methods: GET,PUT,POST,DELETE,OPTIONS
location: https://cdn.tiny.cloud/1/x6jqlupryoxij9md2m8xbrbeicwyz5lki3ppsztek53wgwpv/tinymce/6.6.0-25/tinymce.min.js
access-control-allow-origin: *
cache-control: public, s-maxage=300, max-age=600
access-control-allow-credentials: true
vary: Origin
access-control-allow-headers: *
x-amz-cf-id: tPPjV7HlHTQmdeKUSYjvMzXX6QHm5m3icSErYUdg3_KAAljUW-O8cQ==

GET
H2 200 i
sp.tinymce.com/ 43 B
378 B 90ms
15ms Image
image/gif 143.204.231.97
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sp.tinymce.com/i?aid=x6jqlupryoxij9md2m8xbrbeicwyz5lki3ppsztek53wgwpv&tna=tinymce_cloud&p=web&dtm=1690043580464&stm=1690043580464&tz=Etc%2FUnknown&e=se&se_ca=script_load
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.231.97 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-231-97.cdg3.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: caa849b179befa2645a8e2c474d2e82a76777a3305315ece911013e8ee9a916c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://onotepad.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date: Sat, 22 Jul 2023 06:25:30 GMT
via: 1.1 81c8944dcf384b2b556f5476fb5a1890.cloudfront.net (CloudFront)
last-modified: Wed, 31 May 2017 05:55:26 GMT
server: AmazonS3
x-amz-cf-pop: CDG3-C1
age: 36451
etag: "fb02f374b8f73825415db1bccd4bd76d"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: image/gif
accept-ranges: bytes
content-length: 43
x-amz-cf-id: Y8izPTW2W4H64qsxHDBTGHhKvYMunu7RI6cPdmLO6qpYOJY5JZj_hQ==

GET
H2 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ 144 KB
50 KB 115ms
114ms Fetch
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Requested by

Host: onotepad.com
URL: https://onotepad.com/sPIhfJ

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

dcd99ac4b6f9cb271523559005bcbbd7dfabd4744adbc6da114bd311bd2b1bcf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://onotepad.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date: Sat, 22 Jul 2023 16:33:00 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 50640
x-xss-protection: 0
server: cafe
etag: 8669259822487903993
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Sat, 22 Jul 2023 16:33:00 GMT

GET
H2 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ 144 KB
50 KB 90ms
89ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-8110287124118452

Requested by

Host: onotepad.com
URL: https://onotepad.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0fb6afc8a8af59a3d5e476f34892ceff8c1efd1c9e59f32af65ef6155657354d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://onotepad.com/
Origin: https://onotepad.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date: Sat, 22 Jul 2023 16:33:00 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 50650
x-xss-protection: 0
server: cafe
etag: 1536019926694982278
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Sat, 22 Jul 2023 16:33:00 GMT

GET
H2 200 jquery-3.6.0.min.js Show response
code.jquery.com/ 87 KB
30 KB 87ms
21ms Script
application/javascript 2001:4de0:ac18::1:a:3a
STACKPATH-CDN

General

Check archive.org

Show headers Download Go to

Full URL: https://code.jquery.com/jquery-3.6.0.min.js
Requested by: Host: onotepad.com
URL: https://onotepad.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4de0:ac18::1:a:3a , Netherlands, ASN20446 (STACKPATH-CDN, US),
Reverse DNS
Software: nginx /
Resource Hash: ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e

Request headers

Referer: https://onotepad.com/
Origin: https://onotepad.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date: Sat, 22 Jul 2023 16:33:00 GMT
content-encoding: gzip
last-modified: Wed, 16 Feb 2022 10:50:39 GMT
server: nginx
etag: W/"620cd6ff-15d9d"
vary: Accept-Encoding
x-hw: 1690043580.dop126.am5.t,1690043580.cds136.am5.hn,1690043580.cds004.am5.c
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=315360000, public
accept-ranges: bytes
content-length: 30875

GET
H2 200 pubads_impl.js Show response
securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202307180101/ 385 KB
122 KB 43ms
42ms Script
text/javascript 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202307180101/pubads_impl.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3f98d2733f3cacaf5152fd4d55f778410f391312016cadb5162545357302cdee

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://onotepad.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date: Sat, 22 Jul 2023 15:09:18 GMT
content-encoding: br
x-content-type-options: nosniff
age: 5022
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 125179
x-xss-protection: 0
server: cafe
etag: 2430563369519042680
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, immutable, max-age=31536000
timing-allow-origin: *
expires: Sun, 21 Jul 2024 15:09:18 GMT

GET
H3 200 show_ads_impl_with_ama_fy2021.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202307200101/ 363 KB
124 KB 196ms
106ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202307200101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-8110287124118452&plah=onotepad.com&bust=31076299

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-8110287124118452

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

50179e70dcf7e191e9c9dae486627d072af078d57d4139a493a8e33e1fd34803

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://onotepad.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date: Sat, 22 Jul 2023 16:33:00 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 127310
x-xss-protection: 0
server: cafe
etag: 10655610526526299074
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Sat, 22 Jul 2023 16:33:00 GMT

GET
H2 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20230719/r20190131/ Frame 771D 10 KB
5 KB 131ms
35ms Document
text/html 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20230719/r20190131/zrt_lookup.html

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-8110287124118452

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

18e7a53e3b3abd7ac0242719f7f62cb56b8efe7065091585b8ad22cbc2b8c41c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://onotepad.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 7334
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4544
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sat, 22 Jul 2023 14:30:46 GMT
etag: 12368291122986407432
expires: Sat, 05 Aug 2023 14:30:46 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

POST
H2 204 collect
region1.google-analytics.com/g/ 0
251 B 63ms
19ms Ping
text/plain 2001:4860:4802:32::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.google-analytics.com/g/collect?v=2&tid=G-MBRRS8LVYD&gtm=45je37j0&_p=788954418&cid=1764885341.1690043581&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_s=1&sid=1690043580&sct=1&seg=0&dl=https%3A%2F%2Fonotepad.com%2FsPIhfJ&dt=Note%20from%20GPlinks&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-MBRRS8LVYD
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:32::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://onotepad.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 22 Jul 2023 16:33:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://onotepad.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 clipboard.min.js Show response
cdnjs.cloudflare.com/ajax/libs/clipboard.js/2.0.11/ 9 KB
3 KB 47ms
18ms Script
application/javascript 2606:4700::6811:180e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/clipboard.js/2.0.11/clipboard.min.js

Requested by

Host: onotepad.com
URL: https://onotepad.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:180e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e17a1d816e13c0826e0ed7febfabc3277f45571234bde0bf9120829a7169edc9

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

Referer
Origin: https://onotepad.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date: Sat, 22 Jul 2023 16:33:00 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
age: 827870
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 2836
last-modified: Wed, 04 May 2022 19:02:03 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "6272cdab-b14"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4RDeFGhSMhHrXclDlSrK0zxHMJP6zAvcFqpAOVTHhlHb6XaJ1SpDA9lOwwtgHXXs2WbpczuZYm8PQyrcc%2FkVBEfvk16ia6jBC%2FphzvcnqwPvqd3%2F9x2Qhl0Htl5pItiGJqWyXtXAM645qjfHMe2b5jQU"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 7ead153b984d9226-FRA
expires: Thu, 11 Jul 2024 16:33:00 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 21 KB
9 KB 489ms
488ms XHR
text/plain 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=1623586736950443&correlator=3404935021907793&eid=21065725%2C44797785&output=ldjh&gdfp_req=1&vrg=202307180101&ptt=17&impl=fifs&iu_parts=22817549127%2CTTS_onotepad_Bottom_sticky_ref&enc_prev_ius=%2F0%2F1&prev_iu_szs=728x90&ifi=5&adks=2307312308&sfv=1-0-40&prev_scp=refresh%3Dtrue&sc=1&cookie_enabled=1&abxe=1&dt=1690043580851&lmt=1690043580&adxs=436&adys=1110&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=0&ucis=1&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&nvt=1&url=https%3A%2F%2Fonotepad.com%2FsPIhfJ&frm=20&vis=1&psz=1600x-1&msz=1600x-1&fws=512&ohw=0&ga_vid=1764885341.1690043581&ga_sid=1690043581&ga_hid=788954418&ga_fc=true&dlt=1690043580205&idt=545

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202307180101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

20bf3b55c0e10a7c881c32c1bb8993638891b9d193eaedd6e17e90628c19f02a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://onotepad.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date: Sat, 22 Jul 2023 16:33:01 GMT
content-encoding: br
x-content-type-options: nosniff
observe-browsing-topics: ?1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9425
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://onotepad.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html Show response
39398e5a679a9dbb947c244fab0d9cc5.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame E5AF 6 KB
3 KB 160ms
51ms Document
text/html 2a00:1450:4001:810::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://39398e5a679a9dbb947c244fab0d9cc5.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202307180101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://onotepad.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Sat, 22 Jul 2023 16:33:01 GMT
expires: Sun, 21 Jul 2024 16:33:01 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 15 KB
11 KB 87ms
86ms XHR
application/json 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=m202307180101&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202307180101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

79994bfa1d9802faf43f0599f5bc3688b62a46c35d16b123379958aa93c85216

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://onotepad.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date: Sat, 22 Jul 2023 16:33:00 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11689
x-xss-protection: 0

GET
H2 200 cookie.js Show response
partner.googleadservices.com/gampad/ 391 B
605 B 156ms
46ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://partner.googleadservices.com/gampad/cookie.js?domain=onotepad.com&callback=_gfp_s_&client=ca-pub-8110287124118452

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202307200101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-8110287124118452&plah=onotepad.com&bust=31076299

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

1e3a07c57a9e08a2d10fb6e4d360f6698d4d1dd52ded78f3ea62db27b894e2db

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://onotepad.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date: Sat, 22 Jul 2023 16:33:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: text/javascript; charset=UTF-8
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 253
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
456 B 189ms
47ms Script
application/javascript 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=onotepad.com

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://onotepad.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date: Sat, 22 Jul 2023 16:33:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 100
x-xss-protection: 0

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ 0
20 B 74ms
73ms Image
image/gif 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=ach_evt&tn=DIV&cls=progressbarView&ign=false&pw=1600&ph=1200&x=0&y=1060.8

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://onotepad.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 22 Jul 2023 16:33:00 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ 0
20 B 73ms
73ms Image
image/gif 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=ach_evt&tn=DIV&cls=progressbarView&ign=false&pw=1600&ph=1200&x=0&y=0

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://onotepad.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 22 Jul 2023 16:33:00 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame BDEA 11 KB
5 KB 560ms
556ms Document
text/html 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8110287124118452&output=html&adk=1812271804&adf=3025194257&lmt=1690043580&plat=1%3A16777216%2C2%3A16777216%2C3%3A16%2C4%3A16%2C9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C41%3A32%2C42%3A32&format=0x0&url=https%3A%2F%2Fonotepad.com%2FsPIhfJ&ea=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1690043580590&bpp=11&bdt=386&idt=327&shv=r20230719&mjsv=m202307200101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=7777222354393&frm=20&pv=2&ga_vid=1764885341.1690043581&ga_sid=1690043581&ga_hid=788954418&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31075952%2C31076179%2C31076299%2C44788442%2C21065725%2C44797785&oid=2&pvsid=1623586736950443&tmod=572720146&uas=0&nvt=1&fsapi=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=1&uci=a!1&fsb=1&dtd=380

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

04658646467203367ffb67bf611a086045e60ceecb7db1ddaf0f152c36bbffaa

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://onotepad.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 4846
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sat, 22 Jul 2023 16:33:01 GMT
expires: Sat, 22 Jul 2023 16:33:01 GMT
observe-browsing-topics: ?1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame D719 99 KB
35 KB 1207ms
1200ms Document
text/html 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8110287124118452&output=html&h=280&slotname=2736137418&adk=1376291991&adf=238524979&pi=t.ma~as.2736137418&w=1067&fwrn=4&fwrnh=100&lmt=1690043580&rafmt=1&format=1067x280&url=https%3A%2F%2Fonotepad.com%2FsPIhfJ&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1690043580601&bpp=3&bdt=397&idt=381&shv=r20230719&mjsv=m202307200101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=7777222354393&frm=20&pv=1&ga_vid=1764885341.1690043581&ga_sid=1690043581&ga_hid=788954418&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=267&ady=90&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31075952%2C31076179%2C31076299%2C44788442%2C21065725%2C44797785&oid=2&pvsid=1623586736950443&tmod=572720146&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CEe%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=vUJlp8hGfl&p=https%3A//onotepad.com&dtd=399

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a5dc5d50883385836b509b64e3a5f4684f6ef891b648244570a021ae125502b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://onotepad.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 35880
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sat, 22 Jul 2023 16:33:02 GMT
expires: Sat, 22 Jul 2023 16:33:02 GMT
observe-browsing-topics: ?1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
7 KB 156ms
61ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202307180101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://onotepad.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date: Sat, 22 Jul 2023 16:33:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Sat, 22 Jul 2023 16:33:01 GMT

GET
H2 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 61DF 86 KB
34 KB 758ms
707ms Document
text/html 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8110287124118452&output=html&h=280&slotname=6344247927&adk=3276887208&adf=2535394087&pi=t.ma~as.6344247927&w=703&fwrn=4&fwrnh=100&lmt=1690043581&rafmt=1&format=703x280&url=https%3A%2F%2Fonotepad.com%2FsPIhfJ&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1690043580604&bpp=2&bdt=400&idt=410&shv=r20230719&mjsv=m202307200101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1067x280&nras=1&correlator=7777222354393&frm=20&pv=1&ga_vid=1764885341.1690043581&ga_sid=1690043581&ga_hid=788954418&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=267&ady=555&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31075952%2C31076179%2C31076299%2C44788442%2C21065725%2C44797785&oid=2&pvsid=1623586736950443&tmod=572720146&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CEe%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=3&uci=a!3&fsb=1&xpc=eI7Y2CULJE&p=https%3A//onotepad.com&dtd=416

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8c368f69f4233e8d655887fb76a1ae2dcb424d2db63bcda7c9b4aa89ad4d5c5f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://onotepad.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 34492
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sat, 22 Jul 2023 16:33:01 GMT
expires: Sat, 22 Jul 2023 16:33:01 GMT
observe-browsing-topics: ?1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 2181 28 KB
11 KB 1086ms
1052ms Document
text/html 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8110287124118452&output=html&h=280&slotname=8778839573&adk=4015718133&adf=1863091577&pi=t.ma~as.8778839573&w=340&fwrn=4&fwrnh=100&lmt=1690043581&rafmt=1&format=340x280&url=https%3A%2F%2Fonotepad.com%2FsPIhfJ&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1690043580606&bpp=1&bdt=401&idt=422&shv=r20230719&mjsv=m202307200101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1067x280%2C703x280&nras=1&correlator=7777222354393&frm=20&pv=1&ga_vid=1764885341.1690043581&ga_sid=1690043581&ga_hid=788954418&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=994&ady=410&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31075952%2C31076179%2C31076299%2C44788442%2C21065725%2C44797785&oid=2&pvsid=1623586736950443&tmod=572720146&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CEe%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=4&uci=a!4&fsb=1&xpc=0uPfDfhtNJ&p=https%3A//onotepad.com&dtd=440

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

678106f28143bba248f07efcdbf75bb891fbfea0a1faef82d38c3de2143272f4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://onotepad.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 10746
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sat, 22 Jul 2023 16:33:02 GMT
expires: Sat, 22 Jul 2023 16:33:02 GMT
observe-browsing-topics: ?1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame D7E0 13 KB
5 KB 42ms
39ms Document
text/html 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://onotepad.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 2872
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Sat, 22 Jul 2023 15:45:09 GMT
expires: Sun, 21 Jul 2024 15:45:09 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 03B2 783 B
1 KB 144ms
49ms Document
text/html 2a00:1450:4001:81c::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

4d9b2a0c4f73750feca141ae5259d805663e034f3f888dd4605ce7d0c8c60b7c

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-wOeCwxVXZYvUSBJIxzwLQA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://onotepad.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=300
content-encoding: gzip
content-length: 514
content-security-policy: script-src 'report-sample' 'nonce-wOeCwxVXZYvUSBJIxzwLQA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Sat, 22 Jul 2023 16:33:01 GMT
expires: Sat, 22 Jul 2023 16:33:01 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H3 200 7iS30H4CIOlAzWX_-DRl8EqUdjCbSbkytJAMRoxuMII.js Show response
pagead2.googlesyndication.com/bg/ Frame D7E0 38 KB
15 KB 39ms
39ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/7iS30H4CIOlAzWX_-DRl8EqUdjCbSbkytJAMRoxuMII.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ee24b7d07e0220e940cd65fff83465f04a9476309b49b932b4900c468c6e3082

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date: Sat, 22 Jul 2023 06:56:59 GMT
content-encoding: br
x-content-type-options: nosniff
age: 34562
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14882
x-xss-protection: 0
last-modified: Tue, 18 Jul 2023 09:38:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sun, 21 Jul 2024 06:56:59 GMT

GET
H2 200 container.html Show response
39398e5a679a9dbb947c244fab0d9cc5.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 62FB 6 KB
3 KB 44ms
41ms Document
text/html 2a00:1450:4001:810::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://39398e5a679a9dbb947c244fab0d9cc5.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202307180101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://onotepad.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Sat, 22 Jul 2023 16:33:01 GMT
expires: Sun, 21 Jul 2024 16:33:01 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 03B2 0
0 73ms
71ms Image
text/html 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gpt_m202307180101&jk=1623586736950443&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame D36E 624 B
246 B 82ms
80ms Document
text/html 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=COGKFRCp6RsYkqj5xgEwAQ&v=APEucNX1ttAL4bwNsLT7P-MYxCjRFCBIHkaSkZNhGAJ6FBYlCapMC9fnjJlA67yzokgD1Nzu_ddygkAuUMeY53EJTK3M54kWOQccKhJbto-Ds7z9-_WtgLIAQLbdGei0ET-mWNmWOGinEOlhvNG8sLAiCKDJigM9PSJsaAgbdX9R8AFKX1XKgak

Requested by

Host: 39398e5a679a9dbb947c244fab0d9cc5.safeframe.googlesyndication.com
URL: https://39398e5a679a9dbb947c244fab0d9cc5.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://39398e5a679a9dbb947c244fab0d9cc5.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 222
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sat, 22 Jul 2023 16:33:01 GMT
expires: Sat, 22 Jul 2023 16:33:01 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 dv3.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame 62FB 85 KB
29 KB 528ms
528ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/dv3.js

Requested by

Host: 39398e5a679a9dbb947c244fab0d9cc5.safeframe.googlesyndication.com
URL: https://39398e5a679a9dbb947c244fab0d9cc5.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

4b5c05892bdce212e19d0503253b600faaeedca47fa2db97964d412c8c11934e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://39398e5a679a9dbb947c244fab0d9cc5.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date: Sat, 22 Jul 2023 16:33:01 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 29781
x-xss-protection: 0
server: cafe
etag: 4315658989838864570
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=600
timing-allow-origin: *
expires: Sat, 22 Jul 2023 16:33:01 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 62FB 42 B
63 B 72ms
72ms Image
image/gif 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-B2aLc41wDQmsqgJhNzv9fZnPgE54fzNuhIUvbPu5zSYkcnVAtEcxtGgSAorBquwFWriZL6vf3QwjdEQNb5p1XbGvlZjZ9Xi_ckwlEW1C5qr88I3us

Requested by

Host: 39398e5a679a9dbb947c244fab0d9cc5.safeframe.googlesyndication.com
URL: https://39398e5a679a9dbb947c244fab0d9cc5.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://39398e5a679a9dbb947c244fab0d9cc5.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 22 Jul 2023 16:33:01 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 62FB 0
20 B 72ms
71ms Image
image/gif 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=fetch&cor=10616475221762905965&x=1&ct=76

Requested by

Host: 39398e5a679a9dbb947c244fab0d9cc5.safeframe.googlesyndication.com
URL: https://39398e5a679a9dbb947c244fab0d9cc5.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://39398e5a679a9dbb947c244fab0d9cc5.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 22 Jul 2023 16:33:01 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230719/r20110914/client/ Frame 62FB 3 KB
1 KB 42ms
41ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230719/r20110914/client/window_focus_fy2021.js

Requested by

Host: 39398e5a679a9dbb947c244fab0d9cc5.safeframe.googlesyndication.com
URL: https://39398e5a679a9dbb947c244fab0d9cc5.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://39398e5a679a9dbb947c244fab0d9cc5.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date: Sat, 22 Jul 2023 13:03:30 GMT
content-encoding: br
x-content-type-options: nosniff
age: 12571
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 05 Aug 2023 13:03:30 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230719/r20110914/client/ Frame 62FB 20 KB
8 KB 43ms
42ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230719/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: 39398e5a679a9dbb947c244fab0d9cc5.safeframe.googlesyndication.com
URL: https://39398e5a679a9dbb947c244fab0d9cc5.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7a778ebcae153771e99dd12d32647dc138e5c624303806b95f2563975c401d7e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://39398e5a679a9dbb947c244fab0d9cc5.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date: Sat, 22 Jul 2023 13:03:30 GMT
content-encoding: br
x-content-type-options: nosniff
age: 12571
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8309
x-xss-protection: 0
server: cafe
etag: 1379281626718990200
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 05 Aug 2023 13:03:30 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 62FB 179 KB
57 KB 236ms
42ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 39398e5a679a9dbb947c244fab0d9cc5.safeframe.googlesyndication.com
URL: https://39398e5a679a9dbb947c244fab0d9cc5.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

06d05e25d5735fd4968f4db173509082b3c907133c6178b914fdd44bb4dbf50d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://39398e5a679a9dbb947c244fab0d9cc5.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date: Sat, 22 Jul 2023 16:33:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 57333
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1689766554590483"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 22 Jul 2023 16:33:01 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame D36E
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEK9MG08-fGPhnxFb88DcKwU&google_cver=1

43 B
766 B

8ms
8ms

Image
image/gif

185.80.39.216
CASALE-MEDIA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEK9MG08-fGPhnxFb88DcKwU&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=COGKFRCp6RsYkqj5xgEwAQ&v=APEucNX1ttAL4bwNsLT7P-MYxCjRFCBIHkaSkZNhGAJ6FBYlCapMC9fnjJlA67yzokgD1Nzu_ddygkAuUMeY53EJTK3M54kWOQccKhJbto-Ds7z9-_WtgLIAQLbdGei0ET-mWNmWOGinEOlhvNG8sLAiCKDJigM9PSJsaAgbdX9R8AFKX1XKgak
Protocol: HTTP/1.1
Server: 185.80.39.216 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 22 Jul 2023 16:33:01 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: image/gif
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=498
Content-Length: 43
Expires: 0

Redirect headers

pragma: no-cache
date: Sat, 22 Jul 2023 16:33:01 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEK9MG08-fGPhnxFb88DcKwU&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame D36E
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZLwEvZt.A7.ppBBIoyt-ZQAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEK9MG08-fGPhnxFb88DcKwU&google_cver=1&google_hm=2

43 B
766 B

16ms
8ms

Image
image/gif

185.80.39.216
CASALE-MEDIA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEK9MG08-fGPhnxFb88DcKwU&google_cver=1&google_hm=2
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=COGKFRCp6RsYkqj5xgEwAQ&v=APEucNX1ttAL4bwNsLT7P-MYxCjRFCBIHkaSkZNhGAJ6FBYlCapMC9fnjJlA67yzokgD1Nzu_ddygkAuUMeY53EJTK3M54kWOQccKhJbto-Ds7z9-_WtgLIAQLbdGei0ET-mWNmWOGinEOlhvNG8sLAiCKDJigM9PSJsaAgbdX9R8AFKX1XKgak
Protocol: HTTP/1.1
Server: 185.80.39.216 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 22 Jul 2023 16:33:01 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: image/gif
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=497
Content-Length: 43
Expires: 0

Redirect headers

pragma: no-cache
date: Sat, 22 Jul 2023 16:33:01 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEK9MG08-fGPhnxFb88DcKwU&google_cver=1&google_hm=2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 329
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

setuid
ib.adnxs.com/ Frame D36E
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESEE3WifqUvUc1_Fj0hHdyjZc&google_cver=1

43 B
844 B

46ms
45ms

Image
image/gif

37.252.171.53
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/setuid?entity=101&code=CAESEE3WifqUvUc1_Fj0hHdyjZc&google_cver=1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=COGKFRCp6RsYkqj5xgEwAQ&v=APEucNX1ttAL4bwNsLT7P-MYxCjRFCBIHkaSkZNhGAJ6FBYlCapMC9fnjJlA67yzokgD1Nzu_ddygkAuUMeY53EJTK3M54kWOQccKhJbto-Ds7z9-_WtgLIAQLbdGei0ET-mWNmWOGinEOlhvNG8sLAiCKDJigM9PSJsaAgbdX9R8AFKX1XKgak

Protocol

Server

37.252.171.53 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

1003.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 22 Jul 2023 16:33:01 GMT
an-x-request-uuid: d255283e-987d-4837-a79c-31c199cc1b9e
server: nginx/1.21.3
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: image/gif
cache-control: no-store, no-cache, private
x-proxy-origin: 185.213.155.187; 185.213.155.187; 1003.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
content-length: 43
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Sat, 22 Jul 2023 16:33:01 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://ib.adnxs.com/setuid?entity=101&code=CAESEE3WifqUvUc1_Fj0hHdyjZc&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 290
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

pixel
cm.g.doubleclick.net/ Frame D36E
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NDAzNjk2MDI2MDk5MTE2MzYwMA%3D%3D

170 B
243 B

73ms
49ms

Image
image/png

142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NDAzNjk2MDI2MDk5MTE2MzYwMA%3D%3D

Requested by

Protocol

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 22 Jul 2023 16:33:01 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Sat, 22 Jul 2023 16:33:01 GMT
an-x-request-uuid: 41e4cb04-3dd6-4ac9-9073-b2da84450a63
server: nginx/1.21.3
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: text/html; charset=utf-8
access-control-allow-origin: *
cache-control: no-store, no-cache, private
access-control-allow-credentials: true
location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NDAzNjk2MDI2MDk5MTE2MzYwMA%3D%3D
x-proxy-origin: 185.213.155.187; 185.213.155.187; 1003.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
content-length: 0
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame D7E0 0
10 B 63ms
39ms Image
text/plain 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?40mt6g
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date: Sat, 22 Jul 2023 16:33:01 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H3 200 4967268152006217675
tpc.googlesyndication.com/simgad/ Frame 61DF 118 KB
118 KB 46ms
44ms Image
image/gif 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/4967268152006217675

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8110287124118452&output=html&h=280&slotname=6344247927&adk=3276887208&adf=2535394087&pi=t.ma~as.6344247927&w=703&fwrn=4&fwrnh=100&lmt=1690043581&rafmt=1&format=703x280&url=https%3A%2F%2Fonotepad.com%2FsPIhfJ&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1690043580604&bpp=2&bdt=400&idt=410&shv=r20230719&mjsv=m202307200101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1067x280&nras=1&correlator=7777222354393&frm=20&pv=1&ga_vid=1764885341.1690043581&ga_sid=1690043581&ga_hid=788954418&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=267&ady=555&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31075952%2C31076179%2C31076299%2C44788442%2C21065725%2C44797785&oid=2&pvsid=1623586736950443&tmod=572720146&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CEe%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=3&uci=a!3&fsb=1&xpc=eI7Y2CULJE&p=https%3A//onotepad.com&dtd=416

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a763a61a1320a2d3a951ba74608b3d543fac4a3753c5d476e865b08c015c37ec

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date: Sat, 22 Jul 2023 04:50:07 GMT
x-content-type-options: nosniff
age: 42174
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 120419
x-xss-protection: 0
last-modified: Fri, 30 Jun 2023 08:09:09 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/gif
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Sun, 21 Jul 2024 04:50:07 GMT

GET
H3 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230719/r20110914/ Frame 61DF 23 KB
9 KB 42ms
40ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230719/r20110914/abg_lite_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

463947d0709c9f435ed523b82dd8bbccf1ea8c25dc8f08900c90c51948210665

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date: Sat, 22 Jul 2023 13:03:30 GMT
content-encoding: br
x-content-type-options: nosniff
age: 12571
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9071
x-xss-protection: 0
server: cafe
etag: 4587423269125806604
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 05 Aug 2023 13:03:30 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230719/r20110914/client/ Frame 61DF 3 KB
1 KB 74ms
61ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230719/r20110914/client/window_focus_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date: Sat, 22 Jul 2023 13:03:30 GMT
content-encoding: br
x-content-type-options: nosniff
age: 12571
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 05 Aug 2023 13:03:30 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230719/r20110914/client/ Frame 61DF 20 KB
8 KB 53ms
41ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230719/r20110914/client/qs_click_protection_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7a778ebcae153771e99dd12d32647dc138e5c624303806b95f2563975c401d7e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date: Sat, 22 Jul 2023 13:03:30 GMT
content-encoding: br
x-content-type-options: nosniff
age: 12571
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8309
x-xss-protection: 0
server: cafe
etag: 1379281626718990200
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 05 Aug 2023 13:03:30 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 61DF 179 KB
56 KB 64ms
48ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

06d05e25d5735fd4968f4db173509082b3c907133c6178b914fdd44bb4dbf50d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date: Sat, 22 Jul 2023 16:33:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 57333
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1689766554590483"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 22 Jul 2023 16:33:01 GMT

GET
H3 200 one_click_handler_one_afma_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230719/r20110914/client/ Frame 61DF 33 KB
13 KB 74ms
62ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230719/r20110914/client/one_click_handler_one_afma_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d81ba9baa3db58495b4264c97c8b6e305a06291711e8ffb03cd28695ac9eb897

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date: Sat, 22 Jul 2023 13:03:34 GMT
content-encoding: br
x-content-type-options: nosniff
age: 12567
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13558
x-xss-protection: 0
server: cafe
etag: 8057333295417531599
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 05 Aug 2023 13:03:34 GMT

GET
H3 200 s Show response
googleads.g.doubleclick.net/pagead/drt/ Frame F844 143 B
166 B 49ms
40ms Document
text/html 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8110287124118452&output=html&h=280&slotname=6344247927&adk=3276887208&adf=2535394087&pi=t.ma~as.6344247927&w=703&fwrn=4&fwrnh=100&lmt=1690043581&rafmt=1&format=703x280&url=https%3A%2F%2Fonotepad.com%2FsPIhfJ&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1690043580604&bpp=2&bdt=400&idt=410&shv=r20230719&mjsv=m202307200101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1067x280&nras=1&correlator=7777222354393&frm=20&pv=1&ga_vid=1764885341.1690043581&ga_sid=1690043581&ga_hid=788954418&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=267&ady=555&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31075952%2C31076179%2C31076299%2C44788442%2C21065725%2C44797785&oid=2&pvsid=1623586736950443&tmod=572720146&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CEe%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=3&uci=a!3&fsb=1&xpc=eI7Y2CULJE&p=https%3A//onotepad.com&dtd=416
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 990
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=3600
content-encoding: gzip
content-length: 145
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sat, 22 Jul 2023 16:16:31 GMT
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame 61DF 215 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: a73aab0b7254297504542ebb8309725a06257add9df1cc6b9020e0d7ab4c2c80

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

Content-Type: image/png

GET
H3

200

si Show response
googleads.g.doubleclick.net/pagead/drt/ Frame F844
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

0
17 B

47ms
46ms

Document
text/html

2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sat, 22 Jul 2023 16:33:02 GMT
expires: Sat, 22 Jul 2023 16:33:02 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
x-content-type-options: nosniff
x-xss-protection: 0

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sat, 22 Jul 2023 16:33:02 GMT
location: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 62FB 0
20 B 71ms
71ms Ping
image/gif 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=running&ord=1738360622926&version=m202306200101

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://39398e5a679a9dbb947c244fab0d9cc5.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 22 Jul 2023 16:33:02 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 62FB 0
20 B 74ms
73ms Ping
image/gif 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tlbr&ord=1738360622926&version=m202306200101&ct=76&x=1&cor=10616475221762906000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://39398e5a679a9dbb947c244fab0d9cc5.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 22 Jul 2023 16:33:02 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 62FB 93 KB
38 KB 94ms
93ms Script
text/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-AEnGGeGqwvSyB0k8T4Tf-U5mMIkwxs_0QL06Xi_GY2U87hkgI6OwCaZl3O3K1NV7krcW9WIu9SLNJzrXfuk3g71r5adLNZzYX9oGBIWh-DHShjNZkeGjUjTyf5Z0lPo3m2dJBgXjsyEjBy2ybU8P4e7ffIj_ZRo07jEEz-ZwaaYJautjQ&dbm_d=AKAmf-BSYivJbtgTAoWZSdVqhQC09V9MVJwOEv9J4bTQOYaMw4MVnQCuUdpjslo_WeEgx7-MvnH891XKZknJb8oEB3_sl8Ri1PcvEWwIW5KSMjBW9-vEq3UhxRK-aTgml6Z1hvmkcFVaDaEGgHnxk-4OVghQqaVYebRXK1nqKyvXpN_ED0bMJmLUPx8reIm63dKCHoCjIP-Ta6kTUllrr8eubE7gG5SuNj3ULaFSDZdHwJ6k1-Pebu4RFHEYmVAiLjYPnoMBqtPxp-_Sbwm3Gl1rRi1wFM3qKXd64ATfuPkjS9H9spVHc8EmeIxm3puD6mlZPCskn26IWXEY1O2nufL9GPfxXeqDdMWvB_RyUTspXJVO36rTcrLAMVsnEjuEjsjCRnl25KHdSLuUM9CjA8eus-gQ0mhoAnV0_IwRdsTD7vD4u7OXLmGpoc36lRZ6k1_Usul2e9w9A82YT2Z2OyqFKfnL2YfOuW3M7g2Jrr9_AHF6JB1bysRIr3wDqnZwgMT0xMGoVR46GrK_YF8mB-V7ChJx-j4VxwHms6EEVq5Wugc_pUgvEiMnt4kYbPtSrQVXtkQSt8NaQD8_64CXFroW8LJAvoYbZTs1e5kQEzuBtp180iSDPktPYgE0PwccltSq6XjWjPhnVNsTdfCyCeoXdYYj2e1bZcbphtyD02PAG5o7gIqyKnGbRQ_8ZjUTlSg_PnOsTlXFlyngxOShcNCMqglzTdNaQLNDB6iBw0bIqUzT0z70I6VLxqu7b0_8hSzuuZVC7QBb4ckOtQqsA5zQvA3uu2uaUyv55Larb7FReSswvnIK-mRYjdE78u8tLEygmdcbspKaLcdadkBtQeyXYI8jtt662GOmFdapo7waoBHyKoh5csMuY3FliYkltK_bOnq1oOrs6PV53Cw_biPrRMWUyCAtnax3PiHz3o7nYE5dr8vg29wqwwXsaHKkyT7l1fNkFFx32Rd6SIOUCcFjiOw5on1f6-9vA3NzE_-QwjpwzU6u3l96VyBJtqA3xHjvUVUlejtqsGv6PfIrg--727gvoYTZ40GJkDpnaQk_ZGqbrbXQPKxZzqWE_E6W16tSXDXdP5SM2AmWhGBgFxGB6d9ogOy4A57vdiTTLlDkyN_Pv5Y51QddlQmVNUSAjJmNGkiDxNRJCXopnuVDeGRZQKfWdeI_6i17cn3VnMTzWxKXS9t_R_edu3um8wsXoUYMVtAMpCKByiATC5UaKPqMJoNmcxTEFIKHr-fKs2FEgzVH7T-8nMBfWH08rCG9h_5KQQZc98wjmwIjGJKc2As4qULZKWPL9RJwD1WH2y5KCmGiFJsLEhQG57ppOig503tSMrMHUImyDlr2zxdJTRWep99jWOf0fXUxLMJjkAWD9BwBFi-pBd8U2SnhCI4rHr1r27ZqSHDHlP_SByJhb5OKFKRh-FOfWg8DdpncK1ZAt8qDY2h75TXjvV74b7Vhllj5l0_y4j6PcIFisk3GIL-PYRHmt_8tkvZgRZ-YixRpNqRld9i3TPhlWZr_9hWjEa6mBEmurIrZWSS5f5JXMlnYW0WuvVkvJri4tlhGJ7m5PqgQxfarnIDxhcyqQiXPd6LfSWV0EqzGT42a2z4axwwW1g3YPnj7AmK9ZiKUKYQs_VtMBeuXQUE8v8N4w3VG7YDFmCvifGPuaNyaqDWHFvZiMMyqMyJsiUKKq2UYE_1Nf0azEOfiiKqf1vCkE_DvLowoI5NIfafsAqrZ6gsnl9b-AGwP1yZK6sR-AqTZIelp6b3-yoz7UltVDel7bbsLWGenAN-ZX_9VXV7bJY6v23ZxqkXN_AJmiwA7kB4LLL--hKN9C9kttIx4cNiFXmOJrsIQ705lOPET8HUb8x8TiELguiHpZFfnfc0YbJboAfppd7jIE42GotRJOv3YusNZTdXDPzskziVW9AIQ9fM1S4mX6CBe8YfQDdddKBzZxw8xUnffMyZNL7L_C3Boo6RPvOrKeXuNLKnn50PnWU8DD4_6U-TL8Yg_Zomnh0EcNgwiajbAZ_XIPEDiq8beo935XxM9Q6terMlmgFjDwnxk942YeSswZKny4QGGpqg7Bt7j_swDeMt5IgiwQLt9FUj61GjIDc5AN0WmsPkdMKCg0AAWwhFsL720sj450K_ru2HsFvhU3TXiOF12_P_BnJq_9-ThzUrRrOkO8tki2Pq8qWazD-UQIhQbcrfbHrtk9uyB5X0B4okTnfuOvvHqak74gPvxB84242SMnMKV91_X9AsBnCPlo-1gNfk-04OmQBWjMpHU0uoaHb-9eM73berY0NlADnBXYMuXiiLmRHshgW5FJ2zWh_Xgzne1_Z0AcdPBTGL5GRaT79eofgDVRoE5pFUMQIETtQAzmP3B1Pw1qvB4REGXg95p3jH3imrRJTxJIGzxiPzthczGkxSF5dekzMW8kRCfXFwnNClVNP8HzbdNF0guYji8ivI0ujVxm0mfbmgR8SkUIZ5y5OLfiy6hS-_TY_6MtYiHX5_psKfJA8C7-6pA2CXz3aLL_xvIEm1Qvy-9XtfTX5Pg6RJSN16rx2Cip2S1I5A1pfClBo12Ngr_ang3eVf6Qxw1jq9eRGvdgnZCfvMrwOOxUERMcAf5VCCA5l5d7GFYWOT3ZvIaas3K0Y4BJwz_FxdC7oU87EoIwb4yLuB2LIu5E5b_tlmv7Wo2GyFZQlj9qX9hv1PKSQcZjl8iqfRihu3TsDUIMKEPtDenndMon5dwxK-INB7B5wPebZX8AUIeZU-r_DRr8R8H1-9UYNbb6fOgOL9xjpW9mvdECi7mXduJ0gUhfpoamGgX9LJznlukAsfZgH0jd1tgIHPqfY20D--qo3eMfvWrOJhi-Q_YCL4APd6gNXm0yqIVLpqGOa2ApMHA1M0H6yecVBbfXvMw55ztuPKs-RI1vAhiytCLevjI49VnwZDFikMNon6tDRGd2CebAurawj8vAEOc0qydErVwnou2JyT5SGVXc6kivCMgSOWJk0E7qhqvS8VO1J-BZHeuOmdSif82yVd1jY9DKIdvC_5R7xe06u-MCxMwn3yvO6HWRtFFLgeskNmYfULs_NgKvYcX0PVV3OOzkZu94OY91UeSIBuCZdVJXWx50AF7GtckWrogxRWcamrJFT7GS6hGLf0CSL_BiDu87MdKHN_Ew9bsQy_Lm0Tcs8a7sG3TTfVvSw3WuhbkKqEsDgVXvJOJsyt9X22yrXDPM6-tUb68HpLMnmH_06chwVA5oUiMcbaIXiYe5dgcm15I3nvPSQhDKTOHeUwV5e419_flvyyyxl63TqHxuhjmeuRf2EB30ukhUsfOQCtikl0-CUmM0Sg_eeBY0bd43ZBWuPLjCVKTuuWGVBw2CmNuUrxGLg2nKrgK570jbaLPt5DgmDLkXYsmcIOcpVZ1bG-SF6sIctlxGHku8DLO9fx_dZ6UuvVbNFEYbyY__lkv2tkdZZrGTcNJL6cgvgROKtayB-DeuKIUB2FA0NNgemqr9co1ti0&cid=CAQSSwBpAlJWIPb3reIV0kjlfXMPnci_ntpHUjF64T4JzSozeYNaHjyDoaWyW9M1UL9FUqqQALqImqpmU818K6w0I5M94B97HHIjyIp1fRgB&dv3_ver=m202306200101&rfl=https%3A%2F%2Fonotepad.com%2F&ds=l&xdt=1&iif=1&cor=10616475221762906000&adk=2086295851&idt=534&cac=0&dtd=10

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

45e511b2f783d3030572cb63fe7b23e53e037c58690c4a15308c78bb9b0991b6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://39398e5a679a9dbb947c244fab0d9cc5.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 22 Jul 2023 16:33:02 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 38439
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 adview
googleads.g.doubleclick.net/pagead/ Frame 61DF 0
19 B 85ms
85ms Image
text/html 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=C25KzvQS8ZI3nBoeziQb8nLyYDs7b5r9x2t3_7ewR_cy_r689EAEghaaVlgFgleKQgqAHoAGAubeSA8gBA6kCsQ5Hi8Kpsj6oAwHIA8kEqgTSAU_QxvKMaFqvKda5ok3A051clFj8YdNkfOPFYX7h90lVcYbIc7t1DFG0zKpx7xDIXFkrR_uAUDJBUrtGsfdVt3Yv-mL9HXgfnsyM8gMKOzi29SDp6WBjhlhDLo2Tck-M7biz_HUNcLZpXJV_P2dwhDUFb_h3mJbBZaKbUxVXGSrH6m7fu1Qpdv1JaMk678WedJvCE7SVYxP6vrhLjR4kHwmy4TaH4KectzqObK2SFS2ZywHQpUK35w2a-ZbUCvK7XYM5irRqxkSros0tXQQf9IXivsAE7oyL5rQEkgUECAQYAZIFBAgFGASgBgOAB-jGyG2oB47OG6gHk9gbqAfulrECqAf-nrECqAeko7ECqAfVyRuoB6a-G9gHAfIHBBCV-QbSCBYIgOGAEBABGB8yAqoCOgKAQEi9_cE6gAoByAsBogwIKgYKBMOwsQLYEw3QFQGYFgGAFwGyFxwKGggAEhRwdWItODExMDI4NzEyNDExODQ1MhgA&sigh=e3oyZeOBqW0&uach_m=[UACH]&cid=CAQSGwBpAlJWnwOxvY5zK-p0SHTxnzid8foR9WsXzhgB&cbvp=2&vis=1

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8110287124118452&output=html&h=280&slotname=6344247927&adk=3276887208&adf=2535394087&pi=t.ma~as.6344247927&w=703&fwrn=4&fwrnh=100&lmt=1690043581&rafmt=1&format=703x280&url=https%3A%2F%2Fonotepad.com%2FsPIhfJ&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1690043580604&bpp=2&bdt=400&idt=410&shv=r20230719&mjsv=m202307200101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1067x280&nras=1&correlator=7777222354393&frm=20&pv=1&ga_vid=1764885341.1690043581&ga_sid=1690043581&ga_hid=788954418&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=267&ady=555&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31075952%2C31076179%2C31076299%2C44788442%2C21065725%2C44797785&oid=2&pvsid=1623586736950443&tmod=572720146&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CEe%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=3&uci=a!3&fsb=1&xpc=eI7Y2CULJE&p=https%3A//onotepad.com&dtd=416
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Sat, 22 Jul 2023 16:33:02 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 872B 624 B
245 B 147ms
108ms Document
text/html 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CM2BehDSkOwBGJrq4fABMAE&v=APEucNU-f_x4KjxhicfjuPDEhtguNkcP1K6SleJbXS24PDGQeMdsOhbceKQ_T-BqdNCod6WUsyEOxdDScC44psU8s5L_8o9SUA

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8110287124118452&output=html&h=280&slotname=8778839573&adk=4015718133&adf=1863091577&pi=t.ma~as.8778839573&w=340&fwrn=4&fwrnh=100&lmt=1690043581&rafmt=1&format=340x280&url=https%3A%2F%2Fonotepad.com%2FsPIhfJ&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1690043580606&bpp=1&bdt=401&idt=422&shv=r20230719&mjsv=m202307200101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1067x280%2C703x280&nras=1&correlator=7777222354393&frm=20&pv=1&ga_vid=1764885341.1690043581&ga_sid=1690043581&ga_hid=788954418&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=994&ady=410&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31075952%2C31076179%2C31076299%2C44788442%2C21065725%2C44797785&oid=2&pvsid=1623586736950443&tmod=572720146&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CEe%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=4&uci=a!4&fsb=1&xpc=0uPfDfhtNJ&p=https%3A//onotepad.com&dtd=440

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8110287124118452&output=html&h=280&slotname=8778839573&adk=4015718133&adf=1863091577&pi=t.ma~as.8778839573&w=340&fwrn=4&fwrnh=100&lmt=1690043581&rafmt=1&format=340x280&url=https%3A%2F%2Fonotepad.com%2FsPIhfJ&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1690043580606&bpp=1&bdt=401&idt=422&shv=r20230719&mjsv=m202307200101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1067x280%2C703x280&nras=1&correlator=7777222354393&frm=20&pv=1&ga_vid=1764885341.1690043581&ga_sid=1690043581&ga_hid=788954418&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=994&ady=410&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31075952%2C31076179%2C31076299%2C44788442%2C21065725%2C44797785&oid=2&pvsid=1623586736950443&tmod=572720146&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CEe%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=4&uci=a!4&fsb=1&xpc=0uPfDfhtNJ&p=https%3A//onotepad.com&dtd=440
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 222
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sat, 22 Jul 2023 16:33:02 GMT
expires: Sat, 22 Jul 2023 16:33:02 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 dv3.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame 0332 85 KB
29 KB 232ms
192ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/dv3.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

4b5c05892bdce212e19d0503253b600faaeedca47fa2db97964d412c8c11934e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date: Sat, 22 Jul 2023 16:33:02 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 29781
x-xss-protection: 0
server: cafe
etag: 4315658989838864570
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=600
timing-allow-origin: *
expires: Sat, 22 Jul 2023 16:33:02 GMT

GET
H2 200 adServer.bs Show response
bs.serving-sys.com/Serving/ Frame 0332 16 KB
7 KB 200ms
11ms Script
text/html 18.194.104.7
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://bs.serving-sys.com/Serving/adServer.bs?ncu=$$https://googleads.g.doubleclick.net/dbm/clk?sa=L&ai=CGwSJvQS8ZNjVC52Qn88P54CasAHVmLbnccfyypPTEfTCtauuARABIIWmlZYBYOUDyAEJqQLglVEPJJpvPqgDAcgDmwSqBO0BT9B61nlJABYN_KyikFtwEyK9d5qIudJgGYNu91hicST1oVdvQ1sfezO5ceH7ow3Xrg59VNZWc9XWSxQNzsdc7XCjyPwlrr1D7KXvjYSmuoZ5hY9qM96XlFrHVEb3GaTMy0R-gAqRxUzLINFWpdof3Vzhuhy7ynrEBIwqC7TOL4jw-hBkHyD746WN2ucvWw30aggxCWweelp6CTW_1Zh-EI64LvBnYyJUdXx2Wt6Tat0tJO3qap4P6K1OHFSBmCc67WhRh220YJPvFg4ue8WlIQGjR_pKzv61r1xdm5A1S6--EvEjFxlfYxjUTdttwAT237bAtgTgBAOQBgGgBk2AB4zb4ZIBqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhuoB5oGqAfz0RuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIFAiAYRABGB8yAooCOgKAQEi9_cE6gAoBmAsByAsBgAwBogwIKgYKBMOwsQKwE923lxTIE4j-suMD0BMA2BMK2BQB0BUB-BYBgBcB6BcF&ae=1&num=1&cid=CAQSGwBpAlJWvv0-sJf9_1nPgwMfD3V1sYOy5OOPfhgB&sig=AOD64_2_4OF1sPTLkq6Zk4FfOoX5aJqIxg&client=ca-pub-8110287124118452&dbm_c=AKAmf-CICMN8mS1m11wk94DaaUvf4msWM7jJdH7eYafSjSOfoGei2A9yyK6Qvokv8qMqZ3QX48cAwt3VCvlzFuZiKWCz-WKSJVnsURF0A0ZvhxDVsgEVa0EE1n-WeYQ-MfWhrg3z6poXBh2s1OFolpA4ngv8rX4u6iu8BLjnBgeQrT66_cv0bTE&cry=1&dbm_d=AKAmf-CWlO53rvFiUnsFK-F7AanD_wX7zQ89by2ARoQOzO-8bleRRlPJ_5UqWbH8urnr0pJc7bq_5TWYfjVI-fTp-WQHc-0AD-tme6CVj8toos1J5kG4kGqy-8eSlWFEESqes4xjpDdkZQtlzKI6QTC5hGwhq63MztKC-qtRyX9R5acP2Hx9q6lmzVH1jPRpJaa_DilNg_21v3dx7ECWzM7TKu_Oja3kXP3qaSpp-h9BqPmazdliD1dfD9LEsW2Xr5nYSYOnPWJlcNP044P7piAkzorCOBd1hfxdPEXLOtYgwAyDNVWG9GmtzD8E3YTNjxZo-I3DTnMDRPs3lxZuZRMMs5sBc62X1yQF1Wiunz2V5e-1ks5awyOnwRYw0bOCjZL9dYkBSp7gpcVEkhZQiBhb2NLQXw3EAtRhRu1bDtYZXhZWQVQR-ri3EhSWsQk0wPdFJQYe3zSKClDGM86IKEvdqoQCyKRoLLsttKjkUU4IV4w37I7v2SzlDzzbrpQKSEnyKQH3kAlZ_x5pHzD5Wp6wYjRSytqm_34L2yNPBwDvOq5nIcVwPV0&adurl=$$&c=28&cn=display&pli=1079439569&gdpr=&gdpr_consent=&us_privacy=${US_PRIVACY}&w=300&h=250&ord=${RANDOM}&z=0
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8110287124118452&output=html&h=280&slotname=8778839573&adk=4015718133&adf=1863091577&pi=t.ma~as.8778839573&w=340&fwrn=4&fwrnh=100&lmt=1690043581&rafmt=1&format=340x280&url=https%3A%2F%2Fonotepad.com%2FsPIhfJ&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1690043580606&bpp=1&bdt=401&idt=422&shv=r20230719&mjsv=m202307200101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1067x280%2C703x280&nras=1&correlator=7777222354393&frm=20&pv=1&ga_vid=1764885341.1690043581&ga_sid=1690043581&ga_hid=788954418&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=994&ady=410&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31075952%2C31076179%2C31076299%2C44788442%2C21065725%2C44797785&oid=2&pvsid=1623586736950443&tmod=572720146&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CEe%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=4&uci=a!4&fsb=1&xpc=0uPfDfhtNJ&p=https%3A//onotepad.com&dtd=440
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.194.104.7 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-194-104-7.eu-central-1.compute.amazonaws.com
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: d7121548b034ed230393d0aeb85a3e2ebe633ba046664bba4eea75978f1541d7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 22 Jul 2023 16:33:02 GMT
content-encoding: gzip
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
p3p: CP="NOI DEVa OUR BUS UNI"
cache-control: no-cache, no-store
content-length: 6500
expires: Sun, 05-Jun-2005 22:00:00 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230719/r20110914/client/ Frame 0332 3 KB
1 KB 80ms
44ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230719/r20110914/client/window_focus_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date: Sat, 22 Jul 2023 13:03:30 GMT
content-encoding: br
x-content-type-options: nosniff
age: 12572
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 05 Aug 2023 13:03:30 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230719/r20110914/client/ Frame 0332 20 KB
8 KB 77ms
45ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230719/r20110914/client/qs_click_protection_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7a778ebcae153771e99dd12d32647dc138e5c624303806b95f2563975c401d7e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date: Sat, 22 Jul 2023 13:03:30 GMT
content-encoding: br
x-content-type-options: nosniff
age: 12572
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8309
x-xss-protection: 0
server: cafe
etag: 1379281626718990200
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 05 Aug 2023 13:03:30 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 0332 179 KB
56 KB 128ms
96ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

06d05e25d5735fd4968f4db173509082b3c907133c6178b914fdd44bb4dbf50d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date: Sat, 22 Jul 2023 16:33:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 57333
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1689766554590483"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 22 Jul 2023 16:33:02 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 0332 42 B
63 B 142ms
110ms Image
image/gif 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-DdIk-TnXJiJj1dEF-UCJjD55qJQHdUL6wv1vSuzR5ifIts6GcI2kYHOeOSIeEbVhqme_LDBilB_RzQD17OUzMV8umeU1-nI_yMKENEnj540k7wJxA

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 22 Jul 2023 16:33:02 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 0332 0
20 B 145ms
114ms Image
image/gif 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=fetch&cor=1579833109340845008&x=1&ct=77

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 22 Jul 2023 16:33:02 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 7iS30H4CIOlAzWX_-DRl8EqUdjCbSbkytJAMRoxuMII.js Show response
pagead2.googlesyndication.com/bg/ Frame E9E2 38 KB
15 KB 62ms
40ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/7iS30H4CIOlAzWX_-DRl8EqUdjCbSbkytJAMRoxuMII.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ee24b7d07e0220e940cd65fff83465f04a9476309b49b932b4900c468c6e3082

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date: Sat, 22 Jul 2023 06:56:59 GMT
content-encoding: br
x-content-type-options: nosniff
age: 34563
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14882
x-xss-protection: 0
last-modified: Tue, 18 Jul 2023 09:38:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sun, 21 Jul 2024 06:56:59 GMT

GET
H2 200 css
fonts.googleapis.com/ Frame D719 6 KB
1 KB 164ms
43ms Stylesheet
text/css 2a00:1450:4001:80b::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto%3A300%2C400%2C700

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8110287124118452&output=html&h=280&slotname=2736137418&adk=1376291991&adf=238524979&pi=t.ma~as.2736137418&w=1067&fwrn=4&fwrnh=100&lmt=1690043580&rafmt=1&format=1067x280&url=https%3A%2F%2Fonotepad.com%2FsPIhfJ&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1690043580601&bpp=3&bdt=397&idt=381&shv=r20230719&mjsv=m202307200101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=7777222354393&frm=20&pv=1&ga_vid=1764885341.1690043581&ga_sid=1690043581&ga_hid=788954418&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=267&ady=90&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31075952%2C31076179%2C31076299%2C44788442%2C21065725%2C44797785&oid=2&pvsid=1623586736950443&tmod=572720146&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CEe%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=vUJlp8hGfl&p=https%3A//onotepad.com&dtd=399

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

9a4eb2c9445287c34cb0a9ed5cc673460362483f0855bc91f8230dfa46a955e1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Sat, 22 Jul 2023 16:33:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Sat, 22 Jul 2023 14:43:17 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Sat, 22 Jul 2023 16:33:02 GMT

GET
H3 200 load_preloaded_resource_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230719/r20110914/client/ Frame D719 2 KB
892 B 70ms
70ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230719/r20110914/client/load_preloaded_resource_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3ab7853ddfc8ef3468082187bff5636436df85cd9d1e54653530c018cf9d9280

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date: Sat, 22 Jul 2023 13:03:30 GMT
content-encoding: br
x-content-type-options: nosniff
age: 12572
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 865
x-xss-protection: 0
server: cafe
etag: 5051423035144352294
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 05 Aug 2023 13:03:30 GMT

GET
H3 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230719/r20110914/ Frame D719 23 KB
9 KB 169ms
129ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230719/r20110914/abg_lite_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

463947d0709c9f435ed523b82dd8bbccf1ea8c25dc8f08900c90c51948210665

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date: Sat, 22 Jul 2023 13:03:30 GMT
content-encoding: br
x-content-type-options: nosniff
age: 12572
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9071
x-xss-protection: 0
server: cafe
etag: 4587423269125806604
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 05 Aug 2023 13:03:30 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230719/r20110914/client/ Frame D719 3 KB
1 KB 171ms
131ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230719/r20110914/client/window_focus_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date: Sat, 22 Jul 2023 13:03:30 GMT
content-encoding: br
x-content-type-options: nosniff
age: 12572
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 05 Aug 2023 13:03:30 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230719/r20110914/client/ Frame D719 20 KB
8 KB 75ms
73ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230719/r20110914/client/qs_click_protection_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7a778ebcae153771e99dd12d32647dc138e5c624303806b95f2563975c401d7e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date: Sat, 22 Jul 2023 13:03:30 GMT
content-encoding: br
x-content-type-options: nosniff
age: 12572
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8309
x-xss-protection: 0
server: cafe
etag: 1379281626718990200
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 05 Aug 2023 13:03:30 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame D719 179 KB
56 KB 94ms
92ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

06d05e25d5735fd4968f4db173509082b3c907133c6178b914fdd44bb4dbf50d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date: Sat, 22 Jul 2023 16:33:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 57333
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1689766554590483"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 22 Jul 2023 16:33:02 GMT

GET
H2 200 39d4397462e2693449f221f9915f9e59.js Show response
www.gstatic.com/mysidia/ Frame D719 33 KB
14 KB 255ms
33ms Script
text/javascript 2a00:1450:4001:811::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/39d4397462e2693449f221f9915f9e59.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

67edbe1fe2a38ebf16fc36b42cc267e37f18629ec79feae7a177178bf6e24d89

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date: Wed, 19 Jul 2023 08:02:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 289829
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14179
x-xss-protection: 0
last-modified: Tue, 18 Jul 2023 16:24:40 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Tue, 17 Oct 2023 08:02:33 GMT

GET
H2 200 html_inpage_rendering_lib_200_278.js Show response
s0.2mdn.net/879366/ Frame 62FB 172 KB
61 KB 297ms
39ms Script
text/javascript 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_278.js

Requested by

Host: onotepad.com
URL: https://onotepad.com/sPIhfJ

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a6d36aa3d742ccd6f1ca3c76dcf885af72f7bebe2fcc001ea011a7aea2f55678

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://39398e5a679a9dbb947c244fab0d9cc5.safeframe.googlesyndication.com/
Origin: https://39398e5a679a9dbb947c244fab0d9cc5.safeframe.googlesyndication.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date: Fri, 21 Jul 2023 19:02:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 77419
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 61485
x-xss-protection: 0
last-modified: Tue, 14 Mar 2023 18:43:57 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 22 Jul 2023 19:02:43 GMT

GET
H3 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20230719/r20110914/elements/html/ Frame 62FB 11 KB
4 KB 95ms
47ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20230719/r20110914/elements/html/omrhp.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-AEnGGeGqwvSyB0k8T4Tf-U5mMIkwxs_0QL06Xi_GY2U87hkgI6OwCaZl3O3K1NV7krcW9WIu9SLNJzrXfuk3g71r5adLNZzYX9oGBIWh-DHShjNZkeGjUjTyf5Z0lPo3m2dJBgXjsyEjBy2ybU8P4e7ffIj_ZRo07jEEz-ZwaaYJautjQ&dbm_d=AKAmf-BSYivJbtgTAoWZSdVqhQC09V9MVJwOEv9J4bTQOYaMw4MVnQCuUdpjslo_WeEgx7-MvnH891XKZknJb8oEB3_sl8Ri1PcvEWwIW5KSMjBW9-vEq3UhxRK-aTgml6Z1hvmkcFVaDaEGgHnxk-4OVghQqaVYebRXK1nqKyvXpN_ED0bMJmLUPx8reIm63dKCHoCjIP-Ta6kTUllrr8eubE7gG5SuNj3ULaFSDZdHwJ6k1-Pebu4RFHEYmVAiLjYPnoMBqtPxp-_Sbwm3Gl1rRi1wFM3qKXd64ATfuPkjS9H9spVHc8EmeIxm3puD6mlZPCskn26IWXEY1O2nufL9GPfxXeqDdMWvB_RyUTspXJVO36rTcrLAMVsnEjuEjsjCRnl25KHdSLuUM9CjA8eus-gQ0mhoAnV0_IwRdsTD7vD4u7OXLmGpoc36lRZ6k1_Usul2e9w9A82YT2Z2OyqFKfnL2YfOuW3M7g2Jrr9_AHF6JB1bysRIr3wDqnZwgMT0xMGoVR46GrK_YF8mB-V7ChJx-j4VxwHms6EEVq5Wugc_pUgvEiMnt4kYbPtSrQVXtkQSt8NaQD8_64CXFroW8LJAvoYbZTs1e5kQEzuBtp180iSDPktPYgE0PwccltSq6XjWjPhnVNsTdfCyCeoXdYYj2e1bZcbphtyD02PAG5o7gIqyKnGbRQ_8ZjUTlSg_PnOsTlXFlyngxOShcNCMqglzTdNaQLNDB6iBw0bIqUzT0z70I6VLxqu7b0_8hSzuuZVC7QBb4ckOtQqsA5zQvA3uu2uaUyv55Larb7FReSswvnIK-mRYjdE78u8tLEygmdcbspKaLcdadkBtQeyXYI8jtt662GOmFdapo7waoBHyKoh5csMuY3FliYkltK_bOnq1oOrs6PV53Cw_biPrRMWUyCAtnax3PiHz3o7nYE5dr8vg29wqwwXsaHKkyT7l1fNkFFx32Rd6SIOUCcFjiOw5on1f6-9vA3NzE_-QwjpwzU6u3l96VyBJtqA3xHjvUVUlejtqsGv6PfIrg--727gvoYTZ40GJkDpnaQk_ZGqbrbXQPKxZzqWE_E6W16tSXDXdP5SM2AmWhGBgFxGB6d9ogOy4A57vdiTTLlDkyN_Pv5Y51QddlQmVNUSAjJmNGkiDxNRJCXopnuVDeGRZQKfWdeI_6i17cn3VnMTzWxKXS9t_R_edu3um8wsXoUYMVtAMpCKByiATC5UaKPqMJoNmcxTEFIKHr-fKs2FEgzVH7T-8nMBfWH08rCG9h_5KQQZc98wjmwIjGJKc2As4qULZKWPL9RJwD1WH2y5KCmGiFJsLEhQG57ppOig503tSMrMHUImyDlr2zxdJTRWep99jWOf0fXUxLMJjkAWD9BwBFi-pBd8U2SnhCI4rHr1r27ZqSHDHlP_SByJhb5OKFKRh-FOfWg8DdpncK1ZAt8qDY2h75TXjvV74b7Vhllj5l0_y4j6PcIFisk3GIL-PYRHmt_8tkvZgRZ-YixRpNqRld9i3TPhlWZr_9hWjEa6mBEmurIrZWSS5f5JXMlnYW0WuvVkvJri4tlhGJ7m5PqgQxfarnIDxhcyqQiXPd6LfSWV0EqzGT42a2z4axwwW1g3YPnj7AmK9ZiKUKYQs_VtMBeuXQUE8v8N4w3VG7YDFmCvifGPuaNyaqDWHFvZiMMyqMyJsiUKKq2UYE_1Nf0azEOfiiKqf1vCkE_DvLowoI5NIfafsAqrZ6gsnl9b-AGwP1yZK6sR-AqTZIelp6b3-yoz7UltVDel7bbsLWGenAN-ZX_9VXV7bJY6v23ZxqkXN_AJmiwA7kB4LLL--hKN9C9kttIx4cNiFXmOJrsIQ705lOPET8HUb8x8TiELguiHpZFfnfc0YbJboAfppd7jIE42GotRJOv3YusNZTdXDPzskziVW9AIQ9fM1S4mX6CBe8YfQDdddKBzZxw8xUnffMyZNL7L_C3Boo6RPvOrKeXuNLKnn50PnWU8DD4_6U-TL8Yg_Zomnh0EcNgwiajbAZ_XIPEDiq8beo935XxM9Q6terMlmgFjDwnxk942YeSswZKny4QGGpqg7Bt7j_swDeMt5IgiwQLt9FUj61GjIDc5AN0WmsPkdMKCg0AAWwhFsL720sj450K_ru2HsFvhU3TXiOF12_P_BnJq_9-ThzUrRrOkO8tki2Pq8qWazD-UQIhQbcrfbHrtk9uyB5X0B4okTnfuOvvHqak74gPvxB84242SMnMKV91_X9AsBnCPlo-1gNfk-04OmQBWjMpHU0uoaHb-9eM73berY0NlADnBXYMuXiiLmRHshgW5FJ2zWh_Xgzne1_Z0AcdPBTGL5GRaT79eofgDVRoE5pFUMQIETtQAzmP3B1Pw1qvB4REGXg95p3jH3imrRJTxJIGzxiPzthczGkxSF5dekzMW8kRCfXFwnNClVNP8HzbdNF0guYji8ivI0ujVxm0mfbmgR8SkUIZ5y5OLfiy6hS-_TY_6MtYiHX5_psKfJA8C7-6pA2CXz3aLL_xvIEm1Qvy-9XtfTX5Pg6RJSN16rx2Cip2S1I5A1pfClBo12Ngr_ang3eVf6Qxw1jq9eRGvdgnZCfvMrwOOxUERMcAf5VCCA5l5d7GFYWOT3ZvIaas3K0Y4BJwz_FxdC7oU87EoIwb4yLuB2LIu5E5b_tlmv7Wo2GyFZQlj9qX9hv1PKSQcZjl8iqfRihu3TsDUIMKEPtDenndMon5dwxK-INB7B5wPebZX8AUIeZU-r_DRr8R8H1-9UYNbb6fOgOL9xjpW9mvdECi7mXduJ0gUhfpoamGgX9LJznlukAsfZgH0jd1tgIHPqfY20D--qo3eMfvWrOJhi-Q_YCL4APd6gNXm0yqIVLpqGOa2ApMHA1M0H6yecVBbfXvMw55ztuPKs-RI1vAhiytCLevjI49VnwZDFikMNon6tDRGd2CebAurawj8vAEOc0qydErVwnou2JyT5SGVXc6kivCMgSOWJk0E7qhqvS8VO1J-BZHeuOmdSif82yVd1jY9DKIdvC_5R7xe06u-MCxMwn3yvO6HWRtFFLgeskNmYfULs_NgKvYcX0PVV3OOzkZu94OY91UeSIBuCZdVJXWx50AF7GtckWrogxRWcamrJFT7GS6hGLf0CSL_BiDu87MdKHN_Ew9bsQy_Lm0Tcs8a7sG3TTfVvSw3WuhbkKqEsDgVXvJOJsyt9X22yrXDPM6-tUb68HpLMnmH_06chwVA5oUiMcbaIXiYe5dgcm15I3nvPSQhDKTOHeUwV5e419_flvyyyxl63TqHxuhjmeuRf2EB30ukhUsfOQCtikl0-CUmM0Sg_eeBY0bd43ZBWuPLjCVKTuuWGVBw2CmNuUrxGLg2nKrgK570jbaLPt5DgmDLkXYsmcIOcpVZ1bG-SF6sIctlxGHku8DLO9fx_dZ6UuvVbNFEYbyY__lkv2tkdZZrGTcNJL6cgvgROKtayB-DeuKIUB2FA0NNgemqr9co1ti0&cid=CAQSSwBpAlJWIPb3reIV0kjlfXMPnci_ntpHUjF64T4JzSozeYNaHjyDoaWyW9M1UL9FUqqQALqImqpmU818K6w0I5M94B97HHIjyIp1fRgB&dv3_ver=m202306200101&rfl=https%3A%2F%2Fonotepad.com%2F&ds=l&xdt=1&iif=1&cor=10616475221762906000&adk=2086295851&idt=534&cac=0&dtd=10

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

597e4ec7ca2b12f9150e02e04096849d6b06061b09c2d131f1d2225871eedfdf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://39398e5a679a9dbb947c244fab0d9cc5.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date: Fri, 21 Jul 2023 17:49:12 GMT
content-encoding: br
x-content-type-options: nosniff
age: 81830
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4172
x-xss-protection: 0
server: cafe
etag: 16731591232229431525
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 04 Aug 2023 17:49:12 GMT

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20230719/r20110914/ Frame 62FB 30 KB
11 KB 129ms
68ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20230719/r20110914/abg_lite.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

4cf6b0041792515d9036fad75e278ddc885672587d77908729cc9b5d66ca3dcf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://39398e5a679a9dbb947c244fab0d9cc5.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date: Fri, 21 Jul 2023 18:10:04 GMT
content-encoding: br
x-content-type-options: nosniff
age: 80578
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11528
x-xss-protection: 0
server: cafe
etag: 1206305422853166885
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 04 Aug 2023 18:10:04 GMT

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame 62FB 41 KB
13 KB 134ms
73ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: onotepad.com
URL: https://onotepad.com/sPIhfJ

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://39398e5a679a9dbb947c244fab0d9cc5.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date: Fri, 21 Jul 2023 21:32:15 GMT
content-encoding: br
x-content-type-options: nosniff
age: 68447
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13692
x-xss-protection: 0
last-modified: Sun, 25 Jun 2023 02:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 20 Jul 2024 21:32:15 GMT

GET
DATA 200
OK truncated
/ Frame 62FB 207 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: c92d2a0ad1481dba2d2459ebf48b695f9ab227561a879d1173859e7787d19954

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

Content-Type: image/png

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 872B
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEK9MG08-fGPhnxFb88DcKwU&google_cver=1

43 B
766 B

9ms
8ms

Image
image/gif

185.80.39.216
CASALE-MEDIA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEK9MG08-fGPhnxFb88DcKwU&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CM2BehDSkOwBGJrq4fABMAE&v=APEucNU-f_x4KjxhicfjuPDEhtguNkcP1K6SleJbXS24PDGQeMdsOhbceKQ_T-BqdNCod6WUsyEOxdDScC44psU8s5L_8o9SUA
Protocol: HTTP/1.1
Server: 185.80.39.216 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 22 Jul 2023 16:33:02 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: image/gif
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=495
Content-Length: 43
Expires: 0

Redirect headers

pragma: no-cache
date: Sat, 22 Jul 2023 16:33:02 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEK9MG08-fGPhnxFb88DcKwU&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 872B
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZLwEvZt.A7.ppBBIoyt-ZQAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEK9MG08-fGPhnxFb88DcKwU&google_cver=1&google_hm=2

43 B
766 B

10ms
9ms

Image
image/gif

185.80.39.216
CASALE-MEDIA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEK9MG08-fGPhnxFb88DcKwU&google_cver=1&google_hm=2
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CM2BehDSkOwBGJrq4fABMAE&v=APEucNU-f_x4KjxhicfjuPDEhtguNkcP1K6SleJbXS24PDGQeMdsOhbceKQ_T-BqdNCod6WUsyEOxdDScC44psU8s5L_8o9SUA
Protocol: HTTP/1.1
Server: 185.80.39.216 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 22 Jul 2023 16:33:02 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: image/gif
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=494
Content-Length: 43
Expires: 0

Redirect headers

pragma: no-cache
date: Sat, 22 Jul 2023 16:33:02 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEK9MG08-fGPhnxFb88DcKwU&google_cver=1&google_hm=2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 329
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

setuid
ib.adnxs.com/ Frame 872B
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESEE3WifqUvUc1_Fj0hHdyjZc&google_cver=1

43 B
847 B

18ms
17ms

Image
image/gif

37.252.171.53
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/setuid?entity=101&code=CAESEE3WifqUvUc1_Fj0hHdyjZc&google_cver=1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CM2BehDSkOwBGJrq4fABMAE&v=APEucNU-f_x4KjxhicfjuPDEhtguNkcP1K6SleJbXS24PDGQeMdsOhbceKQ_T-BqdNCod6WUsyEOxdDScC44psU8s5L_8o9SUA

Protocol

Server

37.252.171.53 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

1003.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 22 Jul 2023 16:33:02 GMT
an-x-request-uuid: cd220428-a3fa-4219-89e2-a57206596280
server: nginx/1.21.3
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: image/gif
cache-control: no-store, no-cache, private
x-proxy-origin: 185.213.155.187; 185.213.155.187; 1003.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
content-length: 43
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Sat, 22 Jul 2023 16:33:02 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://ib.adnxs.com/setuid?entity=101&code=CAESEE3WifqUvUc1_Fj0hHdyjZc&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 290
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 872B
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NDAzNjk2MDI2MDk5MTE2MzYwMA%3D%3D

170 B
188 B

55ms
54ms

Image
image/png

142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NDAzNjk2MDI2MDk5MTE2MzYwMA%3D%3D

Requested by

Protocol

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 22 Jul 2023 16:33:02 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Sat, 22 Jul 2023 16:33:02 GMT
an-x-request-uuid: b2f35deb-9666-4fe9-9faa-9b46476c5154
server: nginx/1.21.3
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: text/html; charset=utf-8
access-control-allow-origin: *
cache-control: no-store, no-cache, private
access-control-allow-credentials: true
location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NDAzNjk2MDI2MDk5MTE2MzYwMA%3D%3D
x-proxy-origin: 185.213.155.187; 185.213.155.187; 1003.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
content-length: 0
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3 200 14763004658117789537
tpc.googlesyndication.com/simgad/3593888030539408395/ Frame D719 7 KB
7 KB 48ms
40ms Image
image/png 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/3593888030539408395/14763004658117789537?w=400&h=209

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a689220c95cb15fb99bd158638f9dc88497658e17045b000f0e477f6bd96fc4c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date: Sat, 15 Jul 2023 19:53:46 GMT
x-content-type-options: nosniff
age: 592756
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 7418
x-xss-protection: 0
last-modified: Fri, 24 Jun 2022 21:54:13 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Sun, 14 Jul 2024 19:53:46 GMT

GET
H3 200 14763004658117789537
tpc.googlesyndication.com/simgad/17714885612122991865/ Frame D719 2 KB
2 KB 49ms
40ms Image
image/png 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/17714885612122991865/14763004658117789537?w=100&h=100

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6afe7fc9f5dcd67e7a40ee3ec8d27a6ac613030ccad240abde47c7c3149848c9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date: Sat, 22 Jul 2023 16:08:30 GMT
x-content-type-options: nosniff
age: 1472
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2337
x-xss-protection: 0
last-modified: Sun, 26 Jun 2022 17:10:42 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Sun, 21 Jul 2024 16:08:30 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 0332 0
20 B 71ms
71ms Ping
image/gif 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=running&ord=5979160564803&version=m202306200101

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 22 Jul 2023 16:33:02 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 0332 0
20 B 71ms
71ms Ping
image/gif 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tlbr&ord=5979160564803&version=m202306200101&ct=77&x=1&cor=1579833109340845000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 22 Jul 2023 16:33:02 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 0332 29 KB
17 KB 206ms
205ms Script
text/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-Agca4B-bWra8NdTnOkkQAlNWoCPhhoL_7lrKDxMPUkFMRTzDfRU8M-_uc5Mu7VTMwGbfea4Psc7J6m0yOo4A6Xk2UKvGIkfu_lgfdHxvIGkCHddCGZIY1-1i-SsPk7fZQwaCw-7ulJStDfzLVsI4LUtbsbddtXhtzv2CxMf3OaZpwCwXE&cry=1&dbm_d=AKAmf-DRcX5kgT5LKaWP2PTG8KaOhHC9NoHcX2i9RIMu7lUVJTl3AuJBhDIaMjmBbE4VKPhQaBjeW6gmb0xNE0jvKARF5o7qO7QeGkfaVvT45KA5uSoBNewS1MJvydthxbstIy6-buQWSd9qFA8S4A_aDXACX5-jt-YVMy6vqhBEaStjyjebGPi3QZiz29iiUwBG9hMMZsJx054OXQyuencyU6TgmwgOM3ECR7LEpK76QSsWuRyA-vUuHqH56IWIDHDswnmxrMRJjUP9NNuVvfv0fnRSzDiino1I2lNisvCj4f2PYZA4U8mCVLP6d4KVE4EPLH5my7SZY9jEdUayw6ZBd5WfpqEKB6yhvbKSD-ujHU7YoYgS8zUDuzlefYn5KkpAB-prMXPCJruuIf9JtXwJqXgPDN7z7L5Ybum_s8XOWFghYxlbAtA3_LHPY82DT944evoBgsraQ6HjAhnA5y-w0bIj3isW4VWoE9nLQfa_vCUdDg7T2EmXSteXvDpYFYtPVYhaK-16nGff_UTbIid3MQ4-nChWpAn9ywCmRWM9JoYx17TXM33s2_qBEb5C4RFlJoNjtCm4ABhOBICbkgpSeAZZuub_8Hjkqr6dUWQnRIB9O8SP6bAPlU98F4la8Nn7792Ovnu7A4mNLNOzkXEtJjNoXNyeBMNpvwOXTDV1UoyBpp5AcjVNlNKE66zCH8Fdm8UYHXopASv7phKgAiXx9TtOkWug2MdlQtXDU04fIVUZ8_Mkqxz8IRVRdQ-DX7eMwGo9rdFjrhK6qD2m3B0UtkZ6X48jQuv-H7eMc_PcNXqW7xpRQs642Z9MErS0egSFcol0edc0ITkvxjLapYldNFhEDPoTVFDfcCbqN_CM7VSPP_8ns1ntRYrlVAMcChI200Q9ZQ8R3JoCAhL_NCHgQWjDX9gM_EPlpiHvgVDJuCunZSXbRR9k9a3JlTRxk1x4Tgfu5XUilyu_XgSA16nB97tyT-alNT9gGDV_DeGQur5GcgGMlnX-4IHqNG822zXOx1vOvRo0dLBSq1dFqPbeLE_boYHNL9drBjL26dgRUIG4U9A1blcL9FZnpKV_Rx_PNYFhXuWU9jENv6epe_G_kaIpN_lN-gq1bqW6uQvvzQVHQHhn--79Zk832K6oTxolQQAA7uwgaqsdV_M0AOE4N-k_16iPHp7QBIw6ZqlfwJ72pTEGf8S2MB0Sq3mJtPuvCnXAiP8rVOz5VlMiYai7t1Fw7x7M_TYfqI13Ci0VPfLyu6qS4ITPpN3Y5B1oNC3NfiSSwqskFCuA1330_ZKKTJ2-Vz-4GLw0ruRloE0nIcRD-D23jrXgukK-cJ7nPMn8M0b7pJEzPPHo16X4GP-kCn9nlVe4yRNxlkdbL-kSL6dtdB2CDPrcRwxiEL-5Eb2_DWnkGVQS8H0shs4F4CgTYO4T1UgtX2_2VelBZfJ-j-Cg6eJozpB_fR25LFM-AbUO42FL359Wapnyi1Zfo7-b8Zqt7xlTpN-cnwOsTSMR-3ZAMqePCNbh118bhKVfSHdSwAPpNL4O8antoVrk65_ilh6N65-g1-yQoiow_HmQoDa8yRJigJPD6XzNkbgcFgJhdfYoB5hFEYR5ZD-hqrjzq08b4nQNPsuP3qO1I3BQfEaMlOFdqhNzRPUDGnIn4RDu125Xw0Z8_SzO5Hwy697_-oyA1vsc0-G3UXAcqCP3Yky3hB3mGiiaA-MdtJJ0A1318QgYq1c7RsZp0LznIPtNL-rZdMFQqKqREMGn_xnLExyKU8MW5wVdaFa-8ba47FCAWOKs-AZvA5QfWrlX6inA4AezORBrEbj0J7xjagjRugWGf-vWJg6BxC9LgqJtS8wjkIUjBB6RjES0MnwAXWf_TAMOUgtj0I-GrybIEmCFVk_34LHzr8S8LZXnyjQ1hx0RRZ-BKlXCL7AnA5asIUuuA3BGUbWI60e7oR25KAdEhmvQrn4-0m5G6dOknrx6s7V7xU1yBzajEgie5Su-r0yE41KSJbnlbdx814JMZ_53rDe9CT1n1x_oG0cLQBiJMDlPQmP33xFBtdWmhtd3K-31s-iLgTDvAOFi4k5FwIKqvHk63XKD5vlxyiGMKZwtFjhdKmtDjTp2FF6Hn6UTnqZkHVdZlnbFUqVY03fhHC07qwZdDIu9Y6wQfk9yNyn0NPYXDC-bvZWOivVw0iwbXu8YkNi3bn0li-7HaJ_oc07hXAIvL-GXTektBFYqepgeJBLItxhUx1GU11zxQDWBZU4kZXI6KYK4PrVk0ambxrVf_kLm_jVaUWuu94iY7XIFTbSNHsQg2edYHK6RkDzKZUupjP6eTGmYxisph339hMJVzEdpNZvBjeRidBTxS98ZFcMOtQaxIs5u-FmS7jM-xm-53V60qOaibfIgUVPKe9NV15_T3JYh6UWourOKgsFrseje9P2k3ng6ywJ7Me33Kb1BQlhzeM0ZUUZQsr7alCGYhFarkTFqBGtwurcykNW7-7a7CxDBcvokdlrngRzK2i550HNJrhJuHuUIC-vkw-VahdcBa_KpKp5XfC5pHTSbqUhWOkFO4irmhuhxmNZvWcXqbPU-BAjs_tS9Nd8RTPQ0nbTcsveCjIhge8VKiJti2e95P9W568xSf-o_9FlP2VV8iyzEGFe-mtPzQjGbgrrLhyzqDQXaUlWS8Y99XZCqE35ASKdULsX7MS4Ch3dfQjvKKUSwCL6L5axeG2ysqDGsTd4_RybQYFNLdlOgJN71bX0nIdvdQkCQJBpMR4X5M-eQr8FE5V-wyrHXMZv4OkX_arm7GMeGMVf9-WzLBniXWsGwSyqPKVnZ5a4SflWkOWLavV_sBdVZw-WxhIwDToxdsJM7Yd5nUBAxvvZJ_gEhe-ExNfSeY1bypAU329aiFcZHwd-ZW3OKvAFkM-GvidVajLikDQTB9xFzGhgNhPxlj4a4WxjE0tXm-Y4TS_f0wVdXVjuMS_VyomYzfeiAm6ceOdEAqeDR9wMBPjGhuhK_wyC_hxxbP2axxk1NntD5uu0eGnjVz48F6PUu_hVUZV_vst7SsXxCq7RI6Pq-eODH5NhmkPe3Eze6X-H2CLKhFXrbg5NBaO7ocHYEeH0QJstzVjTGEpcGkGnSSp_2pE57J6tzp4tJ_5VVp0HD3LHV1lUv50-GjuT7jHZNPMtQBwvIFPElIv4C3SZls-KiE53W3wc_-Yjb6Gzi9WBAh0Tf_Ny5nnf9zaJEKVGFRSOh1eDFME2TyxnxOJPGxvtvmbRLT3UxtKpVaqgxBbgwMqp9SltDkzvoOkXG81FTCprPb5_74VV4C0t_95_cezwYQ1O9ESm9GR80vmZioyQA2GohfnAgTZz4LYcWYZckAhQJ-Vm6Na9wSW3LRWkvLp8mtFbWSEFLd4tTQ7L89r4K_LpJg6T3FgOjZvAbCUBdouPg6TftoJbz0RhHVN2yV-lYY9dAn_afIscQCP7TSsAbf2zbiP2Be1Cc_H7ITnt1aiXV_df4rGUs_2BpOam_k09q6i9NFbZdqLz_xvalLTfZhODW3s6XUZTRgpXPLM2yjk0uGSyuJ0bQvu1Bbdcmb1qGyyTpmI0-P4MDXxVaRpssrBcXUUxFnoBtGVdY_8PV13o-32_X3pQV54Lq-FbsONrTYhqCrMBm85r9EyW5NseXT3XIjIoRN64VFSlMbA&cid=CAQSGwBpAlJWvv0-sJf9_1nPgwMfD3V1sYOy5OOPfhgB&dv3_ver=m202306200101&rfl=https%3A%2F%2Fonotepad.com%2F&ds=l&xdt=1&iif=1&cor=1579833109340845000&adk=1726166460&idt=336&cac=0&dtd=15

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7fb25d485a91650970138f200890518aebc7a7181efdb021adce08cc25988bd8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8110287124118452&output=html&h=280&slotname=8778839573&adk=4015718133&adf=1863091577&pi=t.ma~as.8778839573&w=340&fwrn=4&fwrnh=100&lmt=1690043581&rafmt=1&format=340x280&url=https%3A%2F%2Fonotepad.com%2FsPIhfJ&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1690043580606&bpp=1&bdt=401&idt=422&shv=r20230719&mjsv=m202307200101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1067x280%2C703x280&nras=1&correlator=7777222354393&frm=20&pv=1&ga_vid=1764885341.1690043581&ga_sid=1690043581&ga_hid=788954418&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=994&ady=410&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31075952%2C31076179%2C31076299%2C44788442%2C21065725%2C44797785&oid=2&pvsid=1623586736950443&tmod=572720146&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CEe%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=4&uci=a!4&fsb=1&xpc=0uPfDfhtNJ&p=https%3A//onotepad.com&dtd=440
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 22 Jul 2023 16:33:02 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 17510
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame B0A1 22 KB
8 KB 43ms
38ms Document
text/html 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://39398e5a679a9dbb947c244fab0d9cc5.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 106773
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 8395
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Fri, 21 Jul 2023 10:53:29 GMT
expires: Sat, 20 Jul 2024 10:53:29 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame D719 212 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 0ac52457ac2acae307292f022b01b8b169e50f27a971cfd2d8745c16b8c18636

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 index.html Show response
s0.2mdn.net/sadbundle/9548364509937149214/ Frame 21B4 15 KB
2 KB 140ms
49ms Document
text/html 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/9548364509937149214/index.html?e=69&leftOffset=0&topOffset=0&c=BxWBeZakZg&t=1&renderingType=2&ev=01_250

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_278.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1ff067250a334697aa929240baa053c275243c0bbc1a5cf9b1e280ff2eff85aa

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://39398e5a679a9dbb947c244fab0d9cc5.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 2270
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
cross-origin-resource-policy: cross-origin
date: Sat, 22 Jul 2023 16:33:03 GMT
expires: Sun, 21 Jul 2024 16:33:03 GMT
last-modified: Thu, 16 Feb 2023 16:30:06 GMT
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-xss-protection: 0

GET
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame 62FB 0
0 218ms
88ms Fetch
image/gif 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjssckEbMwv8pixSsDiNihVhisiIUV7pc6xDJWBy82GnWGaSk2xJjypPDk0hYmDx2HW2ncHZcM7mNcuIQZ3TQcaa0LvOKWN2ZRp-Cp7WfNoKjlbF8MDYwvVWqGcnbX_Rc9bioYvGNO0yT-Wcy06lU-WdL1mdA7hPyA-H6KZ-3fxZDIy7o4gcJGU_B5EUbCKWGd1EB2Q0HJBjY5MmFmumb8Kw35a-dh81lHZLoirXb1SdIvWDTfSvpfUdi5UIwJkmb9rWNCFGBqmeWFU1du3NHoFtfUW3ufs0YEk5bSrVdDeFfJ5rVORY-mvxA3hwQmeYDfo76K5q2iAdIBLcxiE62XHhYSTHV17-VQGLSQNufOH_acAX6GJZLTTx2w73ZC6-d67eNyUZaDwL4ERB-JKgVpkVAaaWB5GmUrbrwPm090UGXSBaM7VWUJMz-cPArJPn3j774D_RG7xe55O7HhO502kWb5k4l19ThBd6PR-tYHHVLb0z8GHi9TA99KM3uEEthVJhHEpuox7JoMpXyPEEVpkwWpWffJvtOcjERnyuGorBYNHZj5JTHvx5u3DBVEhb8bwRqVh_wDC7B56ONX_bWoDQl2sNM2EUF7VgfB_oWG6oTuHEvDg-hS-QdA--6pYLr6D7UqEQDFAGtz0KVr48dVte2nyA300ZwQLtKsTF3rUPJg6syyxTUPHDxXzULZxgHcHr-occgeNYJAyKkBVqvXnk11_jG2kKe919h6sUoZVD2TvXnZCEyODqWgFub8ufPSux1-PNKmbLLrbCwsmBp6BreATzpvxe1CdDk8uScJNZU6NvXlzYDL4h_ZUxQfh-lXk_ootGnds03IwthdwRtaHPzLfuIZ6YqwrGYdFKftmn8KCIScOg_pAlFthVbZIwbhRNoBZjDp1zoKHW7q8lSf6OBDGUW_HBnTx7FcwgIurcOyzI-2fWnV51-rqVWB8orP0W7BVp3Pi8ZSLTxVkawfnUT4AWlmNSizdVitGA8KMPA9pWa81z5aIvpbBNIgkh88SzJ7298oPTa1r2pCsKrNm80Qxa5M7153oJNtQ_7YoW45NltRCaxlU_zcpSMTymhn5N_UtTYyJnQ7LuiAH73oFU5OS0M0NzqOGSy9WceqpMIRxCncJ-lp6XciI72KS6b_mCr9RxNJshHTMApZW1e_p6j95HwxL5sGk5dZU_R9qy7tV5AdKxf_W6wfgaxjI0-VUI73bYH2LE9PNbhoLmZKVdAcw4wt9RjToFZr1OAOz0Zk0Xug-0VA61A-oUZoLf99xiNnmJr7zoKj2hXedu-FkQ&sai=AMfl-YRLjiVbaKjd9JXyqto1b9HaiFDuI9pXxQtxhrUu2lvXBlAoA1_Vm6hCp8bZAfwhv5-N-05m8JfBs_MPnBBoq0MJSK4LB6JzI0nckZrJjoLPk3AVcZrCiPHtRToOxrWO0Nn2gR0Zwpb6_v-kp8Y4Nf0dLdGnkrPQOjouFeASm8IZbWvom5_KrdyQY4jTqFw01A-0bUWsGrRXg_5l8Rbzjd-Cd_p2VFlfyeWDz_F97o7NHqKWGjr-h_J_Da8rjqp3dvRAT6TZKvBfTf79CBbwYq1YxX0Pe0Zy&sig=Cg0ArKJSzIPBVozLOOoyEAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=710&cbvp=1&cstd=692&cisv=r20230719.88553&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&arae=0&ftch=1&adurl=

Requested by

Host: onotepad.com
URL: https://onotepad.com/sPIhfJ

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://39398e5a679a9dbb947c244fab0d9cc5.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Sat, 22 Jul 2023 16:33:03 GMT
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
cache-control: private
access-control-allow-credentials: true
timing-allow-origin: *
expires: Sat, 22 Jul 2023 16:33:03 GMT

GET
H2 200 KFOlCnqEu92Fr1MmSU5fBBc4.woff2
fonts.gstatic.com/s/roboto/v30/ Frame D719 15 KB
15 KB 181ms
83ms Font
font/woff2 2a00:1450:4001:80e::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmSU5fBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto%3A300%2C400%2C700

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f75911313e1c7802c23345ab57e754d87801581706780c993fb23ff4e0fe62ef

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://googleads.g.doubleclick.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date: Sat, 22 Jul 2023 15:24:53 GMT
x-content-type-options: nosniff
age: 4090
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15740
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:56 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 21 Jul 2024 15:24:53 GMT

GET
H2 200 KFOlCnqEu92Fr1MmWUlfBBc4.woff2
fonts.gstatic.com/s/roboto/v30/ Frame D719 15 KB
16 KB 144ms
51ms Font
font/woff2 2a00:1450:4001:80e::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto%3A300%2C400%2C700

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://googleads.g.doubleclick.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date: Sat, 15 Jul 2023 17:04:15 GMT
x-content-type-options: nosniff
age: 602928
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15860
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:42 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 14 Jul 2024 17:04:15 GMT

GET
H2 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v30/ Frame D719 15 KB
16 KB 132ms
39ms Font
font/woff2 2a00:1450:4001:80e::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto%3A300%2C400%2C700

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://googleads.g.doubleclick.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date: Sat, 22 Jul 2023 03:30:27 GMT
x-content-type-options: nosniff
age: 46956
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15744
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:48 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 21 Jul 2024 03:30:27 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ 0
0 94ms
83ms Image
text/html 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gpt_m202307180101&jk=1623586736950443&bg=!-vml-a3NAAZsPphkTD47ADkAdvg8Wtl1W87a0Do8EaSMOA3x-iXdaRDqYhYoMRdV4kPO41kYYqfPfAGN19SryLdfWLXDI87s1SsCAAACGlIAAAGwaAEHmQK_1eS9rZLpLvZXuXs8WdLPSfB-IsexiqIjkF0SJgtY-w89aB9z3yR0PpI72xK472Rt4Bz8hTOcoa_LnvCWPHWXEZcS2ccS9SKhA2_MyIS6n_9-kHWv5CZ1XSHjAJG-jkuYg6zTEjb9xQMjCVVLntPd99bMY6pqQuQ5O5ipWXP8ydMtbSOYXDTfjDE29rlSYe89xFRRp_4ko3d8TxjzC5WIk8cRlaIeEE-LyAG9AFmdgSTJVuzi-Kd2QPiVtd2l4j9PAqSecCyNaWc70oOWpgEF0Ylgbn-E31zK7nMvF90remgoX-_8vRjvdYVyZlIDW0ar5OPonUFIGTkGBvyfJlKAu1xV6S-7u9F2U1Wo1j43nIttYYucf1TK3oSZjVgHfCthRLwsbABTYFEka7q9pThWbU_Orq3Z9oNmPoe3zftezVFIZDL74VdK61hHE3NxXTLaYOwbmCj_Bu9MVtcpHcgLJXU-As6JsDhMrWIBcBrnWhQ99M7Lq_hNXQsEWnjYkpBO-VUQOeujdw6OTjcnSWuKOMxoJ78SdpBwvWkj5axvhd9PwlbxpUtA_vBoPBWJ3_C__i24P524HWvBJ3ze5I8JyzUn8jRk1_6xHD9iVbp8v_tqiKQ7dx3YLxOGylRvqbxZN5HiuniLmaTjuRkNJMA7su7zrFPFVYjIJXedL0Rgbr5_cgdf2r1ji2E9Q3Hi_e62kpOQW443fHn-OkNJs_alnuRFv2HOUv6uHefVJUuQHdP1ppAeC2d0aUKncyaLMswVE6QmN90IVEetzcx3tMyO2d0dCtR7jalvUwUERzQYkH9FaaY2zGAkhoQ4SiqU7_hbi7li0shK_xxUpu3tyBThPRYfPPJWD8PQoOFgVKcGVzb5AcIwxAXzSlZFhhn5bguH16TC5O8ov_z8VyspLvno03TVlQnSrw6mId45maKpCQ
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://onotepad.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20230719/r20110914/ Frame 0332 30 KB
11 KB 54ms
43ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20230719/r20110914/abg_lite.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-Agca4B-bWra8NdTnOkkQAlNWoCPhhoL_7lrKDxMPUkFMRTzDfRU8M-_uc5Mu7VTMwGbfea4Psc7J6m0yOo4A6Xk2UKvGIkfu_lgfdHxvIGkCHddCGZIY1-1i-SsPk7fZQwaCw-7ulJStDfzLVsI4LUtbsbddtXhtzv2CxMf3OaZpwCwXE&cry=1&dbm_d=AKAmf-DRcX5kgT5LKaWP2PTG8KaOhHC9NoHcX2i9RIMu7lUVJTl3AuJBhDIaMjmBbE4VKPhQaBjeW6gmb0xNE0jvKARF5o7qO7QeGkfaVvT45KA5uSoBNewS1MJvydthxbstIy6-buQWSd9qFA8S4A_aDXACX5-jt-YVMy6vqhBEaStjyjebGPi3QZiz29iiUwBG9hMMZsJx054OXQyuencyU6TgmwgOM3ECR7LEpK76QSsWuRyA-vUuHqH56IWIDHDswnmxrMRJjUP9NNuVvfv0fnRSzDiino1I2lNisvCj4f2PYZA4U8mCVLP6d4KVE4EPLH5my7SZY9jEdUayw6ZBd5WfpqEKB6yhvbKSD-ujHU7YoYgS8zUDuzlefYn5KkpAB-prMXPCJruuIf9JtXwJqXgPDN7z7L5Ybum_s8XOWFghYxlbAtA3_LHPY82DT944evoBgsraQ6HjAhnA5y-w0bIj3isW4VWoE9nLQfa_vCUdDg7T2EmXSteXvDpYFYtPVYhaK-16nGff_UTbIid3MQ4-nChWpAn9ywCmRWM9JoYx17TXM33s2_qBEb5C4RFlJoNjtCm4ABhOBICbkgpSeAZZuub_8Hjkqr6dUWQnRIB9O8SP6bAPlU98F4la8Nn7792Ovnu7A4mNLNOzkXEtJjNoXNyeBMNpvwOXTDV1UoyBpp5AcjVNlNKE66zCH8Fdm8UYHXopASv7phKgAiXx9TtOkWug2MdlQtXDU04fIVUZ8_Mkqxz8IRVRdQ-DX7eMwGo9rdFjrhK6qD2m3B0UtkZ6X48jQuv-H7eMc_PcNXqW7xpRQs642Z9MErS0egSFcol0edc0ITkvxjLapYldNFhEDPoTVFDfcCbqN_CM7VSPP_8ns1ntRYrlVAMcChI200Q9ZQ8R3JoCAhL_NCHgQWjDX9gM_EPlpiHvgVDJuCunZSXbRR9k9a3JlTRxk1x4Tgfu5XUilyu_XgSA16nB97tyT-alNT9gGDV_DeGQur5GcgGMlnX-4IHqNG822zXOx1vOvRo0dLBSq1dFqPbeLE_boYHNL9drBjL26dgRUIG4U9A1blcL9FZnpKV_Rx_PNYFhXuWU9jENv6epe_G_kaIpN_lN-gq1bqW6uQvvzQVHQHhn--79Zk832K6oTxolQQAA7uwgaqsdV_M0AOE4N-k_16iPHp7QBIw6ZqlfwJ72pTEGf8S2MB0Sq3mJtPuvCnXAiP8rVOz5VlMiYai7t1Fw7x7M_TYfqI13Ci0VPfLyu6qS4ITPpN3Y5B1oNC3NfiSSwqskFCuA1330_ZKKTJ2-Vz-4GLw0ruRloE0nIcRD-D23jrXgukK-cJ7nPMn8M0b7pJEzPPHo16X4GP-kCn9nlVe4yRNxlkdbL-kSL6dtdB2CDPrcRwxiEL-5Eb2_DWnkGVQS8H0shs4F4CgTYO4T1UgtX2_2VelBZfJ-j-Cg6eJozpB_fR25LFM-AbUO42FL359Wapnyi1Zfo7-b8Zqt7xlTpN-cnwOsTSMR-3ZAMqePCNbh118bhKVfSHdSwAPpNL4O8antoVrk65_ilh6N65-g1-yQoiow_HmQoDa8yRJigJPD6XzNkbgcFgJhdfYoB5hFEYR5ZD-hqrjzq08b4nQNPsuP3qO1I3BQfEaMlOFdqhNzRPUDGnIn4RDu125Xw0Z8_SzO5Hwy697_-oyA1vsc0-G3UXAcqCP3Yky3hB3mGiiaA-MdtJJ0A1318QgYq1c7RsZp0LznIPtNL-rZdMFQqKqREMGn_xnLExyKU8MW5wVdaFa-8ba47FCAWOKs-AZvA5QfWrlX6inA4AezORBrEbj0J7xjagjRugWGf-vWJg6BxC9LgqJtS8wjkIUjBB6RjES0MnwAXWf_TAMOUgtj0I-GrybIEmCFVk_34LHzr8S8LZXnyjQ1hx0RRZ-BKlXCL7AnA5asIUuuA3BGUbWI60e7oR25KAdEhmvQrn4-0m5G6dOknrx6s7V7xU1yBzajEgie5Su-r0yE41KSJbnlbdx814JMZ_53rDe9CT1n1x_oG0cLQBiJMDlPQmP33xFBtdWmhtd3K-31s-iLgTDvAOFi4k5FwIKqvHk63XKD5vlxyiGMKZwtFjhdKmtDjTp2FF6Hn6UTnqZkHVdZlnbFUqVY03fhHC07qwZdDIu9Y6wQfk9yNyn0NPYXDC-bvZWOivVw0iwbXu8YkNi3bn0li-7HaJ_oc07hXAIvL-GXTektBFYqepgeJBLItxhUx1GU11zxQDWBZU4kZXI6KYK4PrVk0ambxrVf_kLm_jVaUWuu94iY7XIFTbSNHsQg2edYHK6RkDzKZUupjP6eTGmYxisph339hMJVzEdpNZvBjeRidBTxS98ZFcMOtQaxIs5u-FmS7jM-xm-53V60qOaibfIgUVPKe9NV15_T3JYh6UWourOKgsFrseje9P2k3ng6ywJ7Me33Kb1BQlhzeM0ZUUZQsr7alCGYhFarkTFqBGtwurcykNW7-7a7CxDBcvokdlrngRzK2i550HNJrhJuHuUIC-vkw-VahdcBa_KpKp5XfC5pHTSbqUhWOkFO4irmhuhxmNZvWcXqbPU-BAjs_tS9Nd8RTPQ0nbTcsveCjIhge8VKiJti2e95P9W568xSf-o_9FlP2VV8iyzEGFe-mtPzQjGbgrrLhyzqDQXaUlWS8Y99XZCqE35ASKdULsX7MS4Ch3dfQjvKKUSwCL6L5axeG2ysqDGsTd4_RybQYFNLdlOgJN71bX0nIdvdQkCQJBpMR4X5M-eQr8FE5V-wyrHXMZv4OkX_arm7GMeGMVf9-WzLBniXWsGwSyqPKVnZ5a4SflWkOWLavV_sBdVZw-WxhIwDToxdsJM7Yd5nUBAxvvZJ_gEhe-ExNfSeY1bypAU329aiFcZHwd-ZW3OKvAFkM-GvidVajLikDQTB9xFzGhgNhPxlj4a4WxjE0tXm-Y4TS_f0wVdXVjuMS_VyomYzfeiAm6ceOdEAqeDR9wMBPjGhuhK_wyC_hxxbP2axxk1NntD5uu0eGnjVz48F6PUu_hVUZV_vst7SsXxCq7RI6Pq-eODH5NhmkPe3Eze6X-H2CLKhFXrbg5NBaO7ocHYEeH0QJstzVjTGEpcGkGnSSp_2pE57J6tzp4tJ_5VVp0HD3LHV1lUv50-GjuT7jHZNPMtQBwvIFPElIv4C3SZls-KiE53W3wc_-Yjb6Gzi9WBAh0Tf_Ny5nnf9zaJEKVGFRSOh1eDFME2TyxnxOJPGxvtvmbRLT3UxtKpVaqgxBbgwMqp9SltDkzvoOkXG81FTCprPb5_74VV4C0t_95_cezwYQ1O9ESm9GR80vmZioyQA2GohfnAgTZz4LYcWYZckAhQJ-Vm6Na9wSW3LRWkvLp8mtFbWSEFLd4tTQ7L89r4K_LpJg6T3FgOjZvAbCUBdouPg6TftoJbz0RhHVN2yV-lYY9dAn_afIscQCP7TSsAbf2zbiP2Be1Cc_H7ITnt1aiXV_df4rGUs_2BpOam_k09q6i9NFbZdqLz_xvalLTfZhODW3s6XUZTRgpXPLM2yjk0uGSyuJ0bQvu1Bbdcmb1qGyyTpmI0-P4MDXxVaRpssrBcXUUxFnoBtGVdY_8PV13o-32_X3pQV54Lq-FbsONrTYhqCrMBm85r9EyW5NseXT3XIjIoRN64VFSlMbA&cid=CAQSGwBpAlJWvv0-sJf9_1nPgwMfD3V1sYOy5OOPfhgB&dv3_ver=m202306200101&rfl=https%3A%2F%2Fonotepad.com%2F&ds=l&xdt=1&iif=1&cor=1579833109340845000&adk=1726166460&idt=336&cac=0&dtd=15

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

4cf6b0041792515d9036fad75e278ddc885672587d77908729cc9b5d66ca3dcf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date: Fri, 21 Jul 2023 18:10:04 GMT
content-encoding: br
x-content-type-options: nosniff
age: 80579
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11528
x-xss-protection: 0
server: cafe
etag: 1206305422853166885
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 04 Aug 2023 18:10:04 GMT

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame 0332 41 KB
13 KB 49ms
38ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date: Fri, 21 Jul 2023 21:32:15 GMT
content-encoding: br
x-content-type-options: nosniff
age: 68448
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13692
x-xss-protection: 0
last-modified: Sun, 25 Jun 2023 02:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 20 Jul 2024 21:32:15 GMT

GET
H2 200 versionsFR.js Show response
secure-ds.serving-sys.com/BurstingCachedScripts/versions/ Frame 0332 213 B
498 B 89ms
19ms Script
application/javascript 193.108.153.28
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://secure-ds.serving-sys.com/BurstingCachedScripts/versions/versionsFR.js
Requested by: Host: bs.serving-sys.com
URL: https://bs.serving-sys.com/Serving/adServer.bs?ncu=$$https://googleads.g.doubleclick.net/dbm/clk?sa=L&ai=CGwSJvQS8ZNjVC52Qn88P54CasAHVmLbnccfyypPTEfTCtauuARABIIWmlZYBYOUDyAEJqQLglVEPJJpvPqgDAcgDmwSqBO0BT9B61nlJABYN_KyikFtwEyK9d5qIudJgGYNu91hicST1oVdvQ1sfezO5ceH7ow3Xrg59VNZWc9XWSxQNzsdc7XCjyPwlrr1D7KXvjYSmuoZ5hY9qM96XlFrHVEb3GaTMy0R-gAqRxUzLINFWpdof3Vzhuhy7ynrEBIwqC7TOL4jw-hBkHyD746WN2ucvWw30aggxCWweelp6CTW_1Zh-EI64LvBnYyJUdXx2Wt6Tat0tJO3qap4P6K1OHFSBmCc67WhRh220YJPvFg4ue8WlIQGjR_pKzv61r1xdm5A1S6--EvEjFxlfYxjUTdttwAT237bAtgTgBAOQBgGgBk2AB4zb4ZIBqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhuoB5oGqAfz0RuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIFAiAYRABGB8yAooCOgKAQEi9_cE6gAoBmAsByAsBgAwBogwIKgYKBMOwsQKwE923lxTIE4j-suMD0BMA2BMK2BQB0BUB-BYBgBcB6BcF&ae=1&num=1&cid=CAQSGwBpAlJWvv0-sJf9_1nPgwMfD3V1sYOy5OOPfhgB&sig=AOD64_2_4OF1sPTLkq6Zk4FfOoX5aJqIxg&client=ca-pub-8110287124118452&dbm_c=AKAmf-CICMN8mS1m11wk94DaaUvf4msWM7jJdH7eYafSjSOfoGei2A9yyK6Qvokv8qMqZ3QX48cAwt3VCvlzFuZiKWCz-WKSJVnsURF0A0ZvhxDVsgEVa0EE1n-WeYQ-MfWhrg3z6poXBh2s1OFolpA4ngv8rX4u6iu8BLjnBgeQrT66_cv0bTE&cry=1&dbm_d=AKAmf-CWlO53rvFiUnsFK-F7AanD_wX7zQ89by2ARoQOzO-8bleRRlPJ_5UqWbH8urnr0pJc7bq_5TWYfjVI-fTp-WQHc-0AD-tme6CVj8toos1J5kG4kGqy-8eSlWFEESqes4xjpDdkZQtlzKI6QTC5hGwhq63MztKC-qtRyX9R5acP2Hx9q6lmzVH1jPRpJaa_DilNg_21v3dx7ECWzM7TKu_Oja3kXP3qaSpp-h9BqPmazdliD1dfD9LEsW2Xr5nYSYOnPWJlcNP044P7piAkzorCOBd1hfxdPEXLOtYgwAyDNVWG9GmtzD8E3YTNjxZo-I3DTnMDRPs3lxZuZRMMs5sBc62X1yQF1Wiunz2V5e-1ks5awyOnwRYw0bOCjZL9dYkBSp7gpcVEkhZQiBhb2NLQXw3EAtRhRu1bDtYZXhZWQVQR-ri3EhSWsQk0wPdFJQYe3zSKClDGM86IKEvdqoQCyKRoLLsttKjkUU4IV4w37I7v2SzlDzzbrpQKSEnyKQH3kAlZ_x5pHzD5Wp6wYjRSytqm_34L2yNPBwDvOq5nIcVwPV0&adurl=$$&c=28&cn=display&pli=1079439569&gdpr=&gdpr_consent=&us_privacy=${US_PRIVACY}&w=300&h=250&ord=${RANDOM}&z=0
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 193.108.153.28 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a193-108-153-28.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: 47a8a6f78b6bc5902ca04c5aee6e8a85fafebd0ba5002db63ed4a696f62d3b73

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date: Sat, 22 Jul 2023 16:33:03 GMT
content-encoding: gzip
last-modified: Tue, 18 Jul 2023 10:48:42 GMT
server: AmazonS3
x-amz-request-id: HBSH84SNGM3J80W9
x-amz-cf-pop: JFK50-P7
etag: "8eb034f9e4568de857489b0930057a57"
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
accept-ranges: bytes
x-amz-cf-id: ZDNtRd7DwEoJhxR_n5mbjKlQgoxYEo64DGQwFvsxmlkyyLPcGhHJnQ==
x-amz-id-2: RfXonrLZtit++P8JTnOvNj36h1JxRKWieRaS6EQJBOQLi82BQxmH6odMeRYldSqDUNqGUeY7R8c=
content-length: 126

GET
DATA 200
OK truncated
/ Frame 0332 218 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: ba0a2e10e328898159f99872263997af097d02767354fb311c8718032f24e524

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 7iS30H4CIOlAzWX_-DRl8EqUdjCbSbkytJAMRoxuMII.js Show response
pagead2.googlesyndication.com/bg/ Frame B0A1 38 KB
15 KB 42ms
40ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/7iS30H4CIOlAzWX_-DRl8EqUdjCbSbkytJAMRoxuMII.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ee24b7d07e0220e940cd65fff83465f04a9476309b49b932b4900c468c6e3082

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date: Sat, 22 Jul 2023 06:56:59 GMT
content-encoding: br
x-content-type-options: nosniff
age: 34564
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14882
x-xss-protection: 0
last-modified: Tue, 18 Jul 2023 09:38:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sun, 21 Jul 2024 06:56:59 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 61DF 42 B
64 B 83ms
83ms Fetch
image/gif 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsvkzzX05mn6CNo4ZYIGPlLNCP68mpqVvoX6rIo9vzsDI9WZUSudl7z1z_o8u9aoeomWlzqrRHivXrWN4QhChBqBAJvn89c5cgnoOYgMhW6uf3dxbb6upX_qkevcyHmJ0m2sGFw-53D9Ysl_&sai=AMfl-YQV14O_vomG-RreAyzenO6p5tvvsHC24zZkA9YAGHY_DOPrWAqYNnVYnE7KHjVMSsV21NH8t9E356M9&sig=Cg0ArKJSzDcI5Rerz6e7EAE&cid=CAQSGwBpAlJWnwOxvY5zK-p0SHTxnzid8foR9WsXzhgB&id=lidar2&mcvt=1019&p=0,0,181,703&mtos=1019,1019,1019,1019,1019&tos=1019,0,0,0,0&v=20230719&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=4&adk=3276887208&rs=2&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ%3D%3D&vs=4&r=v&rst=1690043581023&rpt=1026&met=mue&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0&io2=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 22 Jul 2023 16:33:03 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 1676550659977.css
s0.2mdn.net/sadbundle/9548364509937149214/ Frame 21B4 9 KB
2 KB 55ms
53ms Stylesheet
text/css 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/9548364509937149214/1676550659977.css

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/9548364509937149214/index.html?e=69&leftOffset=0&topOffset=0&c=BxWBeZakZg&t=1&renderingType=2&ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

232bf950740690a92eb6f4a6110a536fbe24114928c38ebe80f69aa3b2db6709

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/9548364509937149214/index.html?e=69&leftOffset=0&topOffset=0&c=BxWBeZakZg&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date: Sat, 15 Jul 2023 17:33:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 601161
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2341
x-xss-protection: 0
last-modified: Thu, 16 Feb 2023 16:30:06 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 14 Jul 2024 17:33:42 GMT

GET
H3 200 Enabler_01_247.js Show response
s0.2mdn.net/879366/ Frame 21B4 118 KB
40 KB 49ms
48ms Script
text/javascript 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/Enabler_01_247.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/9548364509937149214/index.html?e=69&leftOffset=0&topOffset=0&c=BxWBeZakZg&t=1&renderingType=2&ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e2ec81b19233fd4cd6ef5adcb45c0cbec6bd5673716ba0454ce56b67486ece46

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/9548364509937149214/index.html?e=69&leftOffset=0&topOffset=0&c=BxWBeZakZg&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date: Fri, 21 Jul 2023 19:02:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 77419
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 41099
x-xss-protection: 0
last-modified: Mon, 27 Sep 2021 18:45:07 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 22 Jul 2023 19:02:44 GMT

GET
H3 200 1676550659977.js Show response
s0.2mdn.net/sadbundle/9548364509937149214/ Frame 21B4 20 KB
5 KB 74ms
73ms Script
application/x-javascript 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/9548364509937149214/1676550659977.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/9548364509937149214/index.html?e=69&leftOffset=0&topOffset=0&c=BxWBeZakZg&t=1&renderingType=2&ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cff8001763a4cb0cb81352e07fb9927790673baaeda29140c072f30c5933cf10

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/9548364509937149214/index.html?e=69&leftOffset=0&topOffset=0&c=BxWBeZakZg&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date: Fri, 21 Jul 2023 08:17:21 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 116142
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 5491
x-xss-protection: 0
last-modified: Thu, 16 Feb 2023 16:30:06 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 20 Jul 2024 08:17:21 GMT

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame 5AF4 22 KB
8 KB 50ms
47ms Document
text/html 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 106774
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 8395
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Fri, 21 Jul 2023 10:53:29 GMT
expires: Sat, 20 Jul 2024 10:53:29 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 ebHtml5PoliteBanner.js Show response
secure-ds.serving-sys.com/BurstingCachedScripts//Ad_2_241_3_0/ Frame 0332 314 KB
85 KB 18ms
9ms Script
application/javascript 193.108.153.28
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://secure-ds.serving-sys.com/BurstingCachedScripts//Ad_2_241_3_0/ebHtml5PoliteBanner.js
Requested by: Host: bs.serving-sys.com
URL: https://bs.serving-sys.com/Serving/adServer.bs?ncu=$$https://googleads.g.doubleclick.net/dbm/clk?sa=L&ai=CGwSJvQS8ZNjVC52Qn88P54CasAHVmLbnccfyypPTEfTCtauuARABIIWmlZYBYOUDyAEJqQLglVEPJJpvPqgDAcgDmwSqBO0BT9B61nlJABYN_KyikFtwEyK9d5qIudJgGYNu91hicST1oVdvQ1sfezO5ceH7ow3Xrg59VNZWc9XWSxQNzsdc7XCjyPwlrr1D7KXvjYSmuoZ5hY9qM96XlFrHVEb3GaTMy0R-gAqRxUzLINFWpdof3Vzhuhy7ynrEBIwqC7TOL4jw-hBkHyD746WN2ucvWw30aggxCWweelp6CTW_1Zh-EI64LvBnYyJUdXx2Wt6Tat0tJO3qap4P6K1OHFSBmCc67WhRh220YJPvFg4ue8WlIQGjR_pKzv61r1xdm5A1S6--EvEjFxlfYxjUTdttwAT237bAtgTgBAOQBgGgBk2AB4zb4ZIBqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhuoB5oGqAfz0RuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIFAiAYRABGB8yAooCOgKAQEi9_cE6gAoBmAsByAsBgAwBogwIKgYKBMOwsQKwE923lxTIE4j-suMD0BMA2BMK2BQB0BUB-BYBgBcB6BcF&ae=1&num=1&cid=CAQSGwBpAlJWvv0-sJf9_1nPgwMfD3V1sYOy5OOPfhgB&sig=AOD64_2_4OF1sPTLkq6Zk4FfOoX5aJqIxg&client=ca-pub-8110287124118452&dbm_c=AKAmf-CICMN8mS1m11wk94DaaUvf4msWM7jJdH7eYafSjSOfoGei2A9yyK6Qvokv8qMqZ3QX48cAwt3VCvlzFuZiKWCz-WKSJVnsURF0A0ZvhxDVsgEVa0EE1n-WeYQ-MfWhrg3z6poXBh2s1OFolpA4ngv8rX4u6iu8BLjnBgeQrT66_cv0bTE&cry=1&dbm_d=AKAmf-CWlO53rvFiUnsFK-F7AanD_wX7zQ89by2ARoQOzO-8bleRRlPJ_5UqWbH8urnr0pJc7bq_5TWYfjVI-fTp-WQHc-0AD-tme6CVj8toos1J5kG4kGqy-8eSlWFEESqes4xjpDdkZQtlzKI6QTC5hGwhq63MztKC-qtRyX9R5acP2Hx9q6lmzVH1jPRpJaa_DilNg_21v3dx7ECWzM7TKu_Oja3kXP3qaSpp-h9BqPmazdliD1dfD9LEsW2Xr5nYSYOnPWJlcNP044P7piAkzorCOBd1hfxdPEXLOtYgwAyDNVWG9GmtzD8E3YTNjxZo-I3DTnMDRPs3lxZuZRMMs5sBc62X1yQF1Wiunz2V5e-1ks5awyOnwRYw0bOCjZL9dYkBSp7gpcVEkhZQiBhb2NLQXw3EAtRhRu1bDtYZXhZWQVQR-ri3EhSWsQk0wPdFJQYe3zSKClDGM86IKEvdqoQCyKRoLLsttKjkUU4IV4w37I7v2SzlDzzbrpQKSEnyKQH3kAlZ_x5pHzD5Wp6wYjRSytqm_34L2yNPBwDvOq5nIcVwPV0&adurl=$$&c=28&cn=display&pli=1079439569&gdpr=&gdpr_consent=&us_privacy=${US_PRIVACY}&w=300&h=250&ord=${RANDOM}&z=0
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 193.108.153.28 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a193-108-153-28.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: 00eda22241841b2eb5ae136351c5273e2b3db11dfe5d66f074ed2ad9e2d1b091

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date: Sat, 22 Jul 2023 16:33:03 GMT
content-encoding: gzip
last-modified: Tue, 18 Jul 2023 10:25:04 GMT
server: AmazonS3
x-amz-request-id: M4JQTSKMTDZS9912
x-amz-cf-pop: JFK50-P7
etag: "5e4f66936e2567c73ec9e0797ade08b7"
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
accept-ranges: bytes
x-amz-cf-id: 8--V0peg4lPCAvB7yFulQGOD1ep9AWrVsLHoqtbhu1xNPug0Z7cHuA==
x-amz-id-2: WANP9kiF1dCbVI7xTPuzEeBI/7pIbywaFrPAQPdIpgpAJw+L8od8D/DCfpWcRqDyQ6Dag1MFcHg=
content-length: 86203

GET
H3 200 adview
googleads.g.doubleclick.net/pagead/ Frame D719 0
19 B 97ms
90ms Image
text/html 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=CoXZ-vQS8ZLOYA4TcZuu2u_gK15qY5m_t7728rQ_PxML_3SwQASCFppWWAWCV4pCCoAegAfixiZgByAEJqQLcv0ceJ6yCPqgDAcgDywSqBNUBT9DPpa0c-77ujXIxJsPnOJ0Uatec9c63HH4oGQq5DkF3JrsS2KonPnuT5rFyz2GOLx_YKRwZX4v8TBBmTnlrqceNj9I7uCN2M3Nx1duRby5Ov6eCISE2UEAypVdu7_50mRfpe3HtoQbfSyWDTZdbKd41EIiHcdIeXs8dfnLmxmSTKFk5mB-7kH8B2Ob-SM2nnzjWf7JjdqdewNJpa7QG6_fq623lpofTH056o4rGEhpyeXo5WH-cOc5P1Ouf6OIhK11oVBZuCscuMWXnqP1XYfyJ45J-wASYi4f4-QOSBQQIBBgBkgUECAUYBKAGLoAH8M325wKoB47OG6gHk9gbqAfulrECqAf-nrECqAeko7ECqAfVyRuoB6a-G9gHAPIHBBCvzBrSCBYIgOGAEBABGB8yAqoCOgKAQEi9_cE6gAoByAsBogwIKgYKBMOwsQK4E-QD2BMNiBQO0BUBgBcBshccChoIABIUcHViLTgxMTAyODcxMjQxMTg0NTIYAA&sigh=eZo4_YFPtkk&uach_m=[UACH]&cid=CAQSGwBpAlJW4khfj7syFiZGil51w7oyG6WCkWI1IBgB&template_id=484&cbvp=2&vis=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8110287124118452&output=html&h=280&slotname=2736137418&adk=1376291991&adf=238524979&pi=t.ma~as.2736137418&w=1067&fwrn=4&fwrnh=100&lmt=1690043580&rafmt=1&format=1067x280&url=https%3A%2F%2Fonotepad.com%2FsPIhfJ&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1690043580601&bpp=3&bdt=397&idt=381&shv=r20230719&mjsv=m202307200101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=7777222354393&frm=20&pv=1&ga_vid=1764885341.1690043581&ga_sid=1690043581&ga_hid=788954418&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=267&ady=90&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31075952%2C31076179%2C31076299%2C44788442%2C21065725%2C44797785&oid=2&pvsid=1623586736950443&tmod=572720146&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CEe%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=vUJlp8hGfl&p=https%3A//onotepad.com&dtd=399
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Sat, 22 Jul 2023 16:33:03 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H3 200 7iS30H4CIOlAzWX_-DRl8EqUdjCbSbkytJAMRoxuMII.js Show response
pagead2.googlesyndication.com/bg/ Frame 6F78 38 KB
15 KB 101ms
40ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/7iS30H4CIOlAzWX_-DRl8EqUdjCbSbkytJAMRoxuMII.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ee24b7d07e0220e940cd65fff83465f04a9476309b49b932b4900c468c6e3082

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date: Sat, 22 Jul 2023 06:56:59 GMT
content-encoding: br
x-content-type-options: nosniff
age: 34564
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14882
x-xss-protection: 0
last-modified: Tue, 18 Jul 2023 09:38:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sun, 21 Jul 2024 06:56:59 GMT

GET
H2 200 URLUtil.js Show response
secure-ds.serving-sys.com/BurstingCachedScripts/Modules_1_108_0_0/ Frame 0332 7 KB
2 KB 56ms
7ms Script
application/javascript 193.108.153.28
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://secure-ds.serving-sys.com/BurstingCachedScripts/Modules_1_108_0_0/URLUtil.js
Requested by: Host: secure-ds.serving-sys.com
URL: https://secure-ds.serving-sys.com/BurstingCachedScripts//Ad_2_241_3_0/ebHtml5PoliteBanner.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 193.108.153.28 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a193-108-153-28.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: 91cf683ee0db61e475ee4f5c12ba9281256db5662fd80f2b812067fd9d39b691

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date: Sat, 22 Jul 2023 16:33:03 GMT
content-encoding: gzip
last-modified: Tue, 18 Jul 2023 10:39:37 GMT
server: AmazonS3
x-amz-request-id: M4JR6J2GBTFMGZPE
x-amz-cf-pop: JFK50-P7
etag: "3470a076f0022d50a41874998110932e"
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
accept-ranges: bytes
x-amz-cf-id: k1O3hHKBid4XClUgevc90KvXMIgqRKc6BnksV1dYiDBdJTY0kXL9Hg==
x-amz-id-2: OfW1A9Pnu6rVAVj2FkfaC/q/s8qYPMkezQhAQ++IcwRJaYmX3brywhXvoe6Z1lx7OwfmoEC/FD4=
content-length: 1951

GET
H2 200 index.html Show response
secure-ds.serving-sys.com/resources/PROD/html5/99058/20230713/1077147302/80728270812749230/ Frame FD6C 9 KB
2 KB 249ms
248ms Document
text/html 193.108.153.28
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://secure-ds.serving-sys.com/resources/PROD/html5/99058/20230713/1077147302/80728270812749230/index.html?v=_2_170_1_0&n=1&sHost=secure-ds.serving-sys.com
Requested by: Host: secure-ds.serving-sys.com
URL: https://secure-ds.serving-sys.com/BurstingCachedScripts//Ad_2_241_3_0/ebHtml5PoliteBanner.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 193.108.153.28 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a193-108-153-28.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: c48f965de99a69a3a2e25b0770c01e8d493c796aecd73a59b21796cdc9465e38

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
content-encoding: gzip
content-length: 2177
content-type: text/html
date: Sat, 22 Jul 2023 16:33:03 GMT
etag: "2a4503ac367b9f7ec266f0fdf806642b"
expires: Mon, 31 Dec 2035 00:00:00 GMT
last-modified: Thu, 13 Jul 2023 17:50:45 GMT
server: AmazonS3
vary: Accept-Encoding
x-amz-cf-id: Cn4ANn1UZcOTcxEosBaDArPijFofvEo5_vwLcBBoC_xqZoh5VDgdrQ==
x-amz-cf-pop: EWR52-C1
x-amz-server-side-encryption: AES256
x-amz-version-id: 6fEPlZ.PMR2kCeGZSpSlZhkfoJxes0Is

GET
H2 200 IntersectionObserverVisibilityProvider.js Show response
secure-ds.serving-sys.com/BurstingCachedScripts/Modules_1_108_0_0/ Frame 0332 10 KB
3 KB 17ms
7ms Script
application/javascript 193.108.153.28
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://secure-ds.serving-sys.com/BurstingCachedScripts/Modules_1_108_0_0/IntersectionObserverVisibilityProvider.js
Requested by: Host: secure-ds.serving-sys.com
URL: https://secure-ds.serving-sys.com/BurstingCachedScripts//Ad_2_241_3_0/ebHtml5PoliteBanner.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 193.108.153.28 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a193-108-153-28.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: 099657171463b4ada4b9bbf48a40e2305f67331a210ca4bc457051e0499ee23b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date: Sat, 22 Jul 2023 16:33:03 GMT
content-encoding: gzip
last-modified: Tue, 18 Jul 2023 10:39:37 GMT
server: AmazonS3
x-amz-request-id: PBZGBYS46ZPG8XPN
x-amz-cf-pop: JFK50-P7
etag: "08712066615c929ef7883423b4376874"
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
accept-ranges: bytes
x-amz-cf-id: qqsVbbXe6t58OBbHIQyI9UEPVR2u2HikREB0Bz3YBcvyLbOvfQdofA==
x-amz-id-2: 57BnZvPKL/ypMA+9QkzdGxPKurZme8I+iRNHtdIZEmrcvJQYalYE+9j0c8NjtT9S5zmjjvvUweQ=
content-length: 2964

GET
H2 200 moatad.js Show response
z.moatads.com/xaxislatam2020sizmekdisplay101401867638/ Frame 0332 331 KB
112 KB 84ms
11ms Script
application/x-javascript 23.35.237.151
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://z.moatads.com/xaxislatam2020sizmekdisplay101401867638/moatad.js
Requested by: Host: secure-ds.serving-sys.com
URL: https://secure-ds.serving-sys.com/BurstingCachedScripts//Ad_2_241_3_0/ebHtml5PoliteBanner.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.35.237.151 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-35-237-151.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: 966d77f730e59207fc1b3b8fca95aac5657ce27b4b999c51439a5e58542e6fc7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date: Sat, 22 Jul 2023 16:33:03 GMT
content-encoding: gzip
last-modified: Tue, 11 Jul 2023 16:41:16 GMT
server: AmazonS3
x-amz-request-id: F621V0PNR293XHS5
etag: "e215a341835fc1f4d9a909cc1d541fb0"
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
content-type: application/x-javascript
cache-control: max-age=47969
accept-ranges: bytes
content-length: 114343
x-amz-id-2: 1ZzLAGvsoNHXGyzmTvaAK8/VIv3Gi0AFWHCaX/8ZZNVRYwoUo5F0O84e1uSy22cW7VoRfqRzJQPABq2FHKTtfQ==

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 62FB 42 B
64 B 92ms
75ms Fetch
image/gif 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsttecLl-HB2o9WgRcdp9yr60zxNGfw-TgDMMDkF8vrx-Aabtbm7Fww2XY_tq6LN7ZbAK3O5ih7uH2CBPVnB3z08TCGnuGgswnPvpoaPmjdDTk5lhgBzY3wDX0Fmy6VuOsO-gKsSLC7QbRMY&sai=AMfl-YTyqLgeQ-RjvStPbMFKPJkZcoV4roTfGJGvga8Hp0u-qz2g2KzbxIPemMohzvNgI6BSXGc6tfC_nH7jBvl1i3gFGnrd7mBJ60otUd_ZPcPL09HZyynKGbilgTrxpUjzRx_nF5I0r17HXpiu&sig=Cg0ArKJSzHv6FczwBp6lEAE&cid=CAQSSwBpAlJWIPb3reIV0kjlfXMPnci_ntpHUjF64T4JzSozeYNaHjyDoaWyW9M1UL9FUqqQALqImqpmU818K6w0I5M94B97HHIjyIp1fRgB&id=lidar2&mcvt=1160&p=1110,436,1200,1164&mtos=1160,1160,1160,1160,1160&tos=1160,0,0,0,0&v=20230719&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=20&adk=2307312308&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ%3D%3D&vs=4&r=v&rst=1690043581413&rpt=1065&isd=0&lsd=0&met=ce&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0&io2=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://39398e5a679a9dbb947c244fab0d9cc5.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 22 Jul 2023 16:33:03 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 logo.svg
s0.2mdn.net/sadbundle/9548364509937149214/ Frame 21B4 3 KB
1 KB 54ms
39ms Image
image/svg+xml 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/9548364509937149214/logo.svg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/9548364509937149214/1676550659977.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6f88ad1b185e443ce4a39c76c65fa4b6f199c1521398535cc5452b19304d5f17

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/9548364509937149214/1676550659977.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date: Fri, 21 Jul 2023 15:05:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 91680
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1359
x-xss-protection: 0
last-modified: Thu, 16 Feb 2023 16:30:06 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 20 Jul 2024 15:05:03 GMT

GET
H3 200 7iS30H4CIOlAzWX_-DRl8EqUdjCbSbkytJAMRoxuMII.js Show response
pagead2.googlesyndication.com/bg/ Frame 5AF4 38 KB
15 KB 48ms
40ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/7iS30H4CIOlAzWX_-DRl8EqUdjCbSbkytJAMRoxuMII.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ee24b7d07e0220e940cd65fff83465f04a9476309b49b932b4900c468c6e3082

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date: Sat, 22 Jul 2023 06:56:59 GMT
content-encoding: br
x-content-type-options: nosniff
age: 34564
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14882
x-xss-protection: 0
last-modified: Tue, 18 Jul 2023 09:38:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sun, 21 Jul 2024 06:56:59 GMT

GET
H2 200 webfont.js Show response
ajax.googleapis.com/ajax/libs/webfont/1/ Frame 21B4 13 KB
6 KB 66ms
35ms Script
text/javascript 2a00:1450:4001:80b::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ajax.googleapis.com/ajax/libs/webfont/1/webfont.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/9548364509937149214/1676550659977.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

81016ac6be850b72df5d4faa0c3cec8e2c1b0ba0045712144a6766adfad40bee

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date: Fri, 21 Jul 2023 14:37:46 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 93317
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 5437
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
vary: Accept-Encoding
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 20 Jul 2024 14:37:46 GMT

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame 21B4 7 KB
6 KB 83ms
83ms XHR
application/json 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=xfad&tv=01_247&st=int

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_247.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8b3459cb8e1cfebc4d233548256f8389d5d78416f8e98754d6ca0119befeae5f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date: Sat, 22 Jul 2023 16:33:03 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 5774
x-xss-protection: 0

GET
H2 200 EBLoader.js Show response
secure-ds.serving-sys.com/BurstingScript/ Frame FD6C 12 KB
4 KB 12ms
7ms Script
application/javascript 193.108.153.28
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://secure-ds.serving-sys.com/BurstingScript/EBLoader.js
Requested by: Host: secure-ds.serving-sys.com
URL: https://secure-ds.serving-sys.com/resources/PROD/html5/99058/20230713/1077147302/80728270812749230/index.html?v=_2_170_1_0&n=1&sHost=secure-ds.serving-sys.com
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 193.108.153.28 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a193-108-153-28.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: 7ae0b8e3f80fd2c97dea35c4a3643b17368ea41e6e63f083065bfb2a38caf37c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://secure-ds.serving-sys.com/resources/PROD/html5/99058/20230713/1077147302/80728270812749230/index.html?v=_2_170_1_0&n=1&sHost=secure-ds.serving-sys.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date: Sat, 22 Jul 2023 16:33:03 GMT
content-encoding: gzip
x-amz-request-id: PBZKZ9E99F7PZTQS
x-amz-cf-pop: JFK50-P7
x-amz-server-side-encryption: AES256
content-length: 3615
x-amz-id-2: dY1sog/jFEOXiYot7VLY5EaWxRlMw+g1cFNblO7r9aXCbhbJezkSDuJakCliYca4euOvAZIL6gI=
pragma: no-cache
last-modified: Tue, 18 Jul 2023 10:48:48 GMT
server: AmazonS3
etag: "b92fa833b298e9df5fa8ee69009adb9a"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
x-amz-cf-id: 4OXxlVtKMzrf0CE86k4M55OedEnm5LY-Vch0e6nzkZFnV1iXH_OAlw==
expires: Sat, 22 Jul 2023 16:33:03 GMT

GET
H2 200 profile_image.png
secure-ds.serving-sys.com/resources/PROD/html5/99058/20230713/1077147302/80728270812749230/images/ Frame FD6C 3 KB
3 KB 9ms
9ms Image
image/png 193.108.153.28
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://secure-ds.serving-sys.com/resources/PROD/html5/99058/20230713/1077147302/80728270812749230/images/profile_image.png
Requested by: Host: secure-ds.serving-sys.com
URL: https://secure-ds.serving-sys.com/resources/PROD/html5/99058/20230713/1077147302/80728270812749230/index.html?v=_2_170_1_0&n=1&sHost=secure-ds.serving-sys.com
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 193.108.153.28 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a193-108-153-28.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: f947b6986667c1fd5deba6005c35e5e31f74213c7c61bad2a4addd31c9c82785

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://secure-ds.serving-sys.com/resources/PROD/html5/99058/20230713/1077147302/80728270812749230/index.html?v=_2_170_1_0&n=1&sHost=secure-ds.serving-sys.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

x-amz-version-id: VtrIsuzRGqCRbECO.oYkvOa1A8O1jAwQ
date: Sat, 22 Jul 2023 16:33:03 GMT
last-modified: Thu, 13 Jul 2023 17:50:45 GMT
server: AmazonS3
x-amz-cf-pop: EWR52-C1
etag: "250e09279ce19f065bb45b721ba6aab0"
x-amz-server-side-encryption: AES256
content-type: image/png
access-control-allow-origin: *
accept-ranges: bytes
content-length: 2700
x-amz-cf-id: KwRb91oGLAPfItFuGvhILP-UOxzWBCrrQ4CtvbTx6AqFGsHmD4rc9g==
expires: Mon, 31 Dec 2035 00:00:00 GMT

GET
H2 200 caption_image.jpeg
secure-ds.serving-sys.com/resources/PROD/html5/99058/20230713/1077147302/80728270812749230/images/ Frame FD6C 195 KB
195 KB 9ms
8ms Image
image/jpeg 193.108.153.28
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://secure-ds.serving-sys.com/resources/PROD/html5/99058/20230713/1077147302/80728270812749230/images/caption_image.jpeg
Requested by: Host: secure-ds.serving-sys.com
URL: https://secure-ds.serving-sys.com/resources/PROD/html5/99058/20230713/1077147302/80728270812749230/index.html?v=_2_170_1_0&n=1&sHost=secure-ds.serving-sys.com
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 193.108.153.28 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a193-108-153-28.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: 92285eb5cb3d2090923f151c02a8953106d0205d82556c0fe481600432641e22

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://secure-ds.serving-sys.com/resources/PROD/html5/99058/20230713/1077147302/80728270812749230/index.html?v=_2_170_1_0&n=1&sHost=secure-ds.serving-sys.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

x-amz-version-id: RJOvpz1NP__q29i0JOcaChf3sa6Z8P5B
date: Sat, 22 Jul 2023 16:33:04 GMT
last-modified: Thu, 13 Jul 2023 17:50:45 GMT
server: AmazonS3
x-amz-cf-pop: EWR52-C1
etag: "6e85e1f5fab23f1f55279562288665a6"
x-amz-server-side-encryption: AES256
content-type: image/jpeg
access-control-allow-origin: *
accept-ranges: bytes
content-length: 199402
x-amz-cf-id: eRCliF5RoELDq31GxFKlvWY2WbrlQrBaK0sGYcmBJHmj-18iB13KAA==
expires: Mon, 31 Dec 2035 00:00:00 GMT

GET
H2 200 n.js Show response
geo.moatads.com/ Frame 2181 84 B
257 B 201ms
38ms Script
text/html 34.241.14.248
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://geo.moatads.com/n.js?e=35&ol=2810679367&qn=%604%7BZEYwoqI%24%5BK%2BdLLU)%2CMm~tM!90vv9L%24%2FoDb%2Fz(lKm3GFlNUU%2Cu%5Bh_GcS%25%5BHvLU%5B4(K%2B%7BgeFWl_%3DNqUXR%3A%3D%2BAxMn%3Ch%2CyenA8p%2FHm%24%60%233P(ry5*ZRocMp1tq%5BN%7Bq%60RP%3CG.ceFW%7CoG%22mxT%3Bwv%40V374BKm55%3D%261fp%5BoU5t(K3%2BA%24%3D!!tex8j3Mn%3Cz%5D6WAJN3NZ_h)G%3E3%5D*lTr1W*d%5B4kf%2FLyUoRdByZ%3CPnKMV%25%3C%2Cbq.%22oDOk%2Cz%25GY&tf=1_nMzjG---CSa7H-nHVQZC-bW7qhB-LRwqH-nMzjG-&vi=111111&rc=2%2C1%2C0%2C3%2C3326192205%2C1%2C4%2C0%2Cprobably%2Cprobably&rb=1-1cQ31%2B7Cex1YkaWe08ceLJHXkgPshLKyuz%2F4uhjkxPYPVB8OEV7WXRwEOC0dEk1CVCWz&rs=1-wA7GM1%2F1Kg7M0g%3D%3D&sc=1&os=1-Iw%3D%3D&qp=10000&is=BBBBB2BBEYBvGl2BBCBBtUTE1RmsqbKW8BsrBu0rCFE48CRBeeBS2hWTMBBQeQBBn2soYggyUig0CBlWZ0uBBCCCCCCOgRBBiOfnE6Bkg7Oxib8MwBtJYHCBdm5kBhIcC9Y8oBXckXBR76iUUsJBCBBBBBBBBBWBBBj3BBBZeGV2BBBCMciUBBBjgEBBBBBB94UMgTdJMtEcpMBBBQBBBniOccBBBBBB47kNwxBbBBBBBBBBBhcjG6BBJM2L4Bk8BwCBQmIoRBBCzBz1BBCTClBBrbBBC4ehueB57NG9aJfR0BqBBiuwBBBB&iv=8&qt=0&gz=0&hh=0&hn=0&tw=&qc=0&qd=0&qf=340&qe=280&qh=1600&qg=1200&qm=0&qa=1600&qb=1200&qi=1600&qj=1200&to=000&po=1-0020002000002120&vy=ot%24b%5Bh%40%22oD~T_Gr1%3E%3AB%40NVt7%3BY%3EhyMmxNXJZPV8t6%3D%3Dh_GW3r4Aj!L%3E%2BbK0pH%23H&ql=%3B%5BpwxnRd%7Dt%3Aal9EU%22y%2F.D%5B5%2F%5BGI%3Fi6%5EB61%2F%3DSqcMr1%7B%2CTu9LJJ(a.P%2B)s1(uA&qo=0&qr=0&i=XAXIS_LATAM_2020_SIZMEK_DISPLAY1&hp=1&ra=1&pxm=9&sgs=3&vb=-1&kq=1&hq=0&hs=0&hu=0&hr=0&ht=1&dnt=0&bq=0&f=1&nh=1&j=https%3A%2F%2Fonotepad.com&lp=https%3A%2F%2Fonotepad.com&t=1690043583990&de=887407844270&m=0&ar=c013c52fed3-clean&iw=c0d5a00&q=2&cb=0&ym=0&cu=1690043583990&ll=2&lm=2&ln=1&r=0&em=0&en=0&d=1074637387%3A86340%3A1079439569%3A1090994296&zMoatADV=197393&zMoatAS=Sizmek&zMoatGSR=1&ph=&pj=standard&zGSRC=1&gu=https%3A%2F%2Fonotepad.com%2FsPIhfJ&id=0&ii=6&bo=onotepad.com&bd=onotepad.com&zMoatOrigSlicer1=N%2FA&zMoatOrigSlicer2=N%2FA&gw=xaxislatam2020sizmekdisplay101401867638&fd=1&it=500&ti=0&ih=2&pe=0%3A-%3A-%3A0%3A1146&jk=-1&jm=-1&fs=204627&na=1736440641&cs=0&ord=1690043583990&jv=478824135&callback=DOMlessLLDcallback_86414588
Requested by: Host: z.moatads.com
URL: https://z.moatads.com/xaxislatam2020sizmekdisplay101401867638/moatad.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.241.14.248 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-241-14-248.eu-west-1.compute.amazonaws.com
Software: Microsoft-IIS/6.0 /
Resource Hash: 6f7b552e9d6bec37db895ed6f76739c89639855b84f2c439d3f50d2b817d070d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date: Sat, 22 Jul 2023 16:33:04 GMT
cache-control: max-age=900
server: Microsoft-IIS/6.0
timing-allow-origin: *
etag: "a058c1433fee3ca2f49864eb1668e0be60785f4f"
content-length: 84
content-type: text/html; charset=UTF-8

GET
H2 200 v2 Show response
mb.moatads.com/s/ Frame 2181 156 B
330 B 201ms
52ms Script
text/html 34.241.14.248
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://mb.moatads.com/s/v2?url=https%3A%2F%2Fonotepad.com%2FsPIhfJ&pcode=xaxislatam2020sizmekdisplay101401867638&ord=1690043583990&jv=586602033&callback=BrandSafetyNadoscallback_86414588
Requested by: Host: z.moatads.com
URL: https://z.moatads.com/xaxislatam2020sizmekdisplay101401867638/moatad.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.241.14.248 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-241-14-248.eu-west-1.compute.amazonaws.com
Software: Microsoft-IIS/6.0 /
Resource Hash: 1a48b02010616f36393072e89a8919cdedd1c6ff167390d30cf94be5e7bea76d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date: Sat, 22 Jul 2023 16:33:04 GMT
cache-control: max-age=900
server: Microsoft-IIS/6.0
timing-allow-origin: *
etag: "c009894d241775175ae5210e80c4d9378d5b8c29"
content-length: 156
content-type: text/html; charset=UTF-8

GET
H2 200 pixel.gif
px.moatads.com/ Frame 2181 43 B
265 B 19ms
6ms Image
image/gif 23.35.237.151
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px.moatads.com/pixel.gif?e=17&i=XAXIS_LATAM_2020_SIZMEK_DISPLAY1&hp=1&ra=1&pxm=9&sgs=3&vb=-1&kq=1&hq=0&hs=0&hu=0&hr=0&ht=1&dnt=0&bq=0&f=1&nh=1&j=https%3A%2F%2Fonotepad.com&lp=https%3A%2F%2Fonotepad.com&t=1690043583990&de=887407844270&m=0&ar=c013c52fed3-clean&iw=c0d5a00&q=3&cb=0&ym=0&cu=1690043583990&ll=2&lm=2&ln=1&r=0&em=0&en=0&d=1074637387%3A86340%3A1079439569%3A1090994296&zMoatADV=197393&zMoatAS=Sizmek&zMoatGSR=1&ph=&pj=standard&zGSRC=1&gu=https%3A%2F%2Fonotepad.com%2FsPIhfJ&id=0&ii=6&bo=onotepad.com&bd=onotepad.com&zMoatOrigSlicer1=N%2FA&zMoatOrigSlicer2=N%2FA&gw=xaxislatam2020sizmekdisplay101401867638&fd=1&it=500&ti=0&ih=2&pe=0%3A-%3A-%3A0%3A1146&jk=-1&jm=-1&fs=204627&na=647220498&cs=0
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8110287124118452&output=html&h=280&slotname=8778839573&adk=4015718133&adf=1863091577&pi=t.ma~as.8778839573&w=340&fwrn=4&fwrnh=100&lmt=1690043581&rafmt=1&format=340x280&url=https%3A%2F%2Fonotepad.com%2FsPIhfJ&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1690043580606&bpp=1&bdt=401&idt=422&shv=r20230719&mjsv=m202307200101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1067x280%2C703x280&nras=1&correlator=7777222354393&frm=20&pv=1&ga_vid=1764885341.1690043581&ga_sid=1690043581&ga_hid=788954418&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=994&ady=410&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31075952%2C31076179%2C31076299%2C44788442%2C21065725%2C44797785&oid=2&pvsid=1623586736950443&tmod=572720146&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CEe%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=4&uci=a!4&fsb=1&xpc=0uPfDfhtNJ&p=https%3A//onotepad.com&dtd=440
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.35.237.151 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-35-237-151.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

unused62: 8096267
pragma: no-cache
date: Sat, 22 Jul 2023 16:33:04 GMT
last-modified: Fri, 20 May 2016 15:16:00 GMT
server: AkamaiNetStorage
etag: "ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Sat, 22 Jul 2023 16:33:04 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 0332 42 B
64 B 75ms
75ms Fetch
image/gif 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsuf8LqRKnCcpFX0D0gL5iFyeAxL9ii3Cy4enVB6CJUpgq81HAlamQ_WOgdUPvm3_GtjjfRoQ8LSMzlzlrsayD7ym7fUQlSfCmf2YtgslJJJu2lEc05o0gfgWmlm944B&sai=AMfl-YQHB7DO_2C8UOgUP_4ff84sBpb8bnyyMxH8kXt8A5rBWg6ZBTRcujiH9wpAz5pdXo67vlfyMzu75Ea-&sig=Cg0ArKJSzHLzUiIngGQzEAE&cid=CAQSGwBpAlJWvv0-sJf9_1nPgwMfD3V1sYOy5OOPfhgB&id=lidar2&mcvt=1054&p=0,0,250,300&mtos=1054,1054,1054,1054,1054&tos=1054,0,0,0,0&v=20230719&bin=7&avms=nio&bs=0,0&mc=1&if=1&app=0&itpl=20&adk=4015718133&rs=2&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ%3D%3D&vs=4&r=v&rst=1690043582160&rpt=935&met=ce&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0&io2=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 22 Jul 2023 16:33:04 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 congstarfont.woff2
s0.2mdn.net/creatives/assets/4234010/ Frame 21B4 98 KB
98 KB 40ms
39ms Font
font/woff2 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/creatives/assets/4234010/congstarfont.woff2

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/9548364509937149214/1676550659977.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1d019867c120344469403527c7d958861b81d0fc873813c97ee135f707d74122

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/sadbundle/9548364509937149214/1676550659977.css
Origin: https://s0.2mdn.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date: Sat, 22 Jul 2023 16:31:28 GMT
x-content-type-options: nosniff
age: 96
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 100772
x-xss-protection: 0
last-modified: Thu, 05 Aug 2021 09:13:07 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 22 Jul 2023 16:46:28 GMT

GET
H3 200 86bef0b5-fa75-4ca3-8394-cb7b5a474a45-3.woff
s0.2mdn.net/creatives/assets/1881029/ Frame 21B4 57 KB
57 KB 52ms
51ms Font
font/woff 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/creatives/assets/1881029/86bef0b5-fa75-4ca3-8394-cb7b5a474a45-3.woff

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/9548364509937149214/1676550659977.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

853a8c7e34be5549a44fc541e13876f5c2838123142f527dab2265950feaeefb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/sadbundle/9548364509937149214/1676550659977.css
Origin: https://s0.2mdn.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date: Sat, 22 Jul 2023 16:25:39 GMT
x-content-type-options: nosniff
age: 445
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 58447
x-xss-protection: 0
last-modified: Wed, 15 Feb 2017 10:23:50 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: font/woff
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 22 Jul 2023 16:40:39 GMT

GET
H2 200 EB.js Show response
secure-ds.serving-sys.com/BurstingCachedScripts/HTML5Res_2_170_1_0/ Frame FD6C 83 KB
29 KB 8ms
8ms XHR
application/javascript 193.108.153.28
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://secure-ds.serving-sys.com/BurstingCachedScripts/HTML5Res_2_170_1_0/EB.js
Requested by: Host: secure-ds.serving-sys.com
URL: https://secure-ds.serving-sys.com/BurstingScript/EBLoader.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 193.108.153.28 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a193-108-153-28.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: 03aea036d7101b727344ac9853097ca385fec3cb43dcd3d9763365a69df06e41

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://secure-ds.serving-sys.com/resources/PROD/html5/99058/20230713/1077147302/80728270812749230/index.html?v=_2_170_1_0&n=1&sHost=secure-ds.serving-sys.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date: Sat, 22 Jul 2023 16:33:04 GMT
content-encoding: gzip
last-modified: Tue, 18 Jul 2023 10:38:14 GMT
server: AmazonS3
x-amz-request-id: PBZVVHVED4C7VNY0
x-amz-cf-pop: JFK50-P7
etag: "77a82367aed14a0bffaf28a08bf06724"
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
accept-ranges: bytes
x-amz-cf-id: 7bd7EDzZwcvJT3uY5wOSqS7ZjLii3FBNxLpwKh_YKhWJ4WihuWhFAQ==
x-amz-id-2: UreQA24Qb9zk0NXZra632KAzgLFG3J1Al+8of/8vnzEyqabcHactJfRgXyL2eCbW4rCW9FpV3Sc=
content-length: 29400

GET
H2 200 fb-sprite-4.png
secure-ds.serving-sys.com/resources/PROD/html5/99058/20230713/1077147302/80728270812749230/images/ Frame FD6C 4 KB
5 KB 15ms
14ms Image
image/png 193.108.153.28
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://secure-ds.serving-sys.com/resources/PROD/html5/99058/20230713/1077147302/80728270812749230/images/fb-sprite-4.png
Requested by: Host: secure-ds.serving-sys.com
URL: https://secure-ds.serving-sys.com/resources/PROD/html5/99058/20230713/1077147302/80728270812749230/index.html?v=_2_170_1_0&n=1&sHost=secure-ds.serving-sys.com
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 193.108.153.28 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a193-108-153-28.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: 6ea36dffc34ffe693419cdb87f2ba17eeef5634e003894cf182e766c323fec4a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://secure-ds.serving-sys.com/resources/PROD/html5/99058/20230713/1077147302/80728270812749230/index.html?v=_2_170_1_0&n=1&sHost=secure-ds.serving-sys.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

x-amz-version-id: 1BhBMP3zwjJDG.6b51cRGwxyk4LuZZvT
date: Sat, 22 Jul 2023 16:33:04 GMT
last-modified: Thu, 13 Jul 2023 17:50:45 GMT
server: AmazonS3
x-amz-cf-pop: EWR52-C1
etag: "9692d1cb9efef46a41c4aafecbeffd1e"
x-amz-server-side-encryption: AES256
content-type: image/png
access-control-allow-origin: *
accept-ranges: bytes
content-length: 4443
x-amz-cf-id: aYZqPyiejWxwl9AcwZ8UXUZXoqBbhjQ2FoRg78shD03RN2Yw40fNWQ==
expires: Mon, 31 Dec 2035 00:00:00 GMT

GET
H2 200 fb_logo.png
secure-ds.serving-sys.com/resources/PROD/html5/99058/20230713/1077147302/80728270812749230/images/ Frame FD6C 767 B
1 KB 14ms
13ms Image
image/png 193.108.153.28
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://secure-ds.serving-sys.com/resources/PROD/html5/99058/20230713/1077147302/80728270812749230/images/fb_logo.png
Requested by: Host: secure-ds.serving-sys.com
URL: https://secure-ds.serving-sys.com/resources/PROD/html5/99058/20230713/1077147302/80728270812749230/index.html?v=_2_170_1_0&n=1&sHost=secure-ds.serving-sys.com
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 193.108.153.28 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a193-108-153-28.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: 8482bab85a81813c4ff0c572cd46a391328164cc1dbd4642f3363f359cb2f30b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://secure-ds.serving-sys.com/resources/PROD/html5/99058/20230713/1077147302/80728270812749230/index.html?v=_2_170_1_0&n=1&sHost=secure-ds.serving-sys.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

x-amz-version-id: bn88LJCu0gXB4mFVjLyIw2q5969Kq0nT
date: Sat, 22 Jul 2023 16:33:04 GMT
last-modified: Thu, 13 Jul 2023 17:50:45 GMT
server: AmazonS3
x-amz-cf-pop: EWR52-C1
etag: "72ce20317852a7beb1f97c587da2da49"
x-amz-server-side-encryption: AES256
content-type: image/png
access-control-allow-origin: *
accept-ranges: bytes
content-length: 767
x-amz-cf-id: m0gOy2cf8nAKnp3TPJcF4TCA6WdE7aKghJu5I9LiCEvB4A52ylnkJQ==
expires: Mon, 31 Dec 2035 00:00:00 GMT

GET
H2 200 pixel.gif
px.moatads.com/ Frame 2181 43 B
265 B 25ms
17ms Image
image/gif 23.35.237.151
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px.moatads.com/pixel.gif?e=0&q=0&hp=1&ra=1&pxm=9&sgs=3&vb=-1&kq=1&lo=0&uk=null&pk=0&wk=0&rk=0&tk=0&ak=https%3A%2F%2Fsecure-ds.serving-sys.com%2Fresources%2FPROD%2Fhtml5%2F99058%2F20230713%2F1077147302%2F80728270812749230%2Findex.html%3Fv%3D_2_170_1_0%26n%3D1%26sHost%3Dsecure-ds.serving-sys.com&i=XAXIS_LATAM_2020_SIZMEK_DISPLAY1&ol=2810679367&qn=%604%7BZEYwoqI%24%5BK%2BdLLU)%2CMm~tM!90vv9L%24%2FoDb%2Fz(lKm3GFlNUU%2Cu%5Bh_GcS%25%5BHvLU%5B4(K%2B%7BgeFWl_%3DNqUXR%3A%3D%2BAxMn%3Ch%2CyenA8p%2FHm%24%60%233P(ry5*ZRocMp1tq%5BN%7Bq%60RP%3CG.ceFW%7CoG%22mxT%3Bwv%40V374BKm55%3D%261fp%5BoU5t(K3%2BA%24%3D!!tex8j3Mn%3Cz%5D6WAJN3NZ_h)G%3E3%5D*lTr1W*d%5B4kf%2FLyUoRdByZ%3CPnKMV%25%3C%2Cbq.%22oDOk%2Cz%25GY&tf=1_nMzjG---CSa7H-nHVQZC-bW7qhB-LRwqH-nMzjG-&vi=111111&rc=2%2C1%2C0%2C3%2C3326192205%2C1%2C4%2C0%2Cprobably%2Cprobably&rb=1-1cQ31%2B7Cex1YkaWe08ceLJHXkgPshLKyuz%2F4uhjkxPYPVB8OEV7WXRwEOC0dEk1CVCWz&rs=1-wA7GM1%2F1Kg7M0g%3D%3D&sc=1&os=1-Iw%3D%3D&qp=10000&is=BBBBB2BBEYBvGl2BBCBBtUTE1RmsqbKW8BsrBu0rCFE48CRBeeBS2hWTMBBQeQBBn2soYggyUig0CBlWZ0uBBCCCCCCOgRBBiOfnE6Bkg7Oxib8MwBtJYHCBdm5kBhIcC9Y8oBXckXBR76iUUsJBCBBBBBBBBBWBBBj3BBBZeGV2BBBCMciUBBBjgEBBBBBB94UMgTdJMtEcpMBBBQBBBniOccBBBBBB47kNwxBbBBBBBBBBBhcjG6BBJM2L4Bk8BwCBQmIoRBBCzBz1BBCTClBBrbBBC4ehueB57NG9aJfR0BqBBiuwBBBB&iv=8&qt=0&gz=0&hh=0&hn=0&tw=&qc=0&qd=0&qf=340&qe=280&qh=1600&qg=1200&qm=0&qa=1600&qb=1200&qi=1600&qj=1200&to=000&po=1-0020002000002120&vy=ot%24b%5Bh%40%22oD~T_Gr1%3E%3AB%40NVt7%3BY%3EhyMmxNXJZPV8t6%3D%3Dh_GW3r4Aj!L%3E%2BbK0pH%23H&ql=%3B%5BpwxnRd%7Dt%3Aal9EU%22y%2F.D%5B5%2F%5BGI%3Fi6%5EB61%2F%3DSqcMr1%7B%2CTu9LJJ(a.P%2B)s1(uA&qo=0&qr=0&bq=0&g=0&h=250&w=300&hq=0&hs=0&hu=0&hr=0&ht=1&dnt=0&zMoatGSR=1&ph=&pj=standard&zGSRC=1&gu=https%3A%2F%2Fonotepad.com%2FsPIhfJ&id=0&ii=6&f=1&j=https%3A%2F%2Fonotepad.com&lp=https%3A%2F%2Fonotepad.com&t=1690043583990&de=887407844270&cu=1690043583990&m=137&ar=c013c52fed3-clean&iw=c0d5a00&cb=0&ym=0&ll=2&lm=2&ln=1&r=0&dl=0&nh=1&xx=undefined%3A875484570224&td=1&lk=undefined&lb=280&le=1&gm=1&io=1&vv=3&vw=0%3A3%3A0&vp=-&vx=-%3A-%3A-&pe=0%3A-%3A-%3A0%3A1146&aa=0&ad=0&cn=0&gk=0&gl=0&ik=0&ic=0&im=0&in=0&pd=0&em=0&en=0&st=1&su=1&of=1&oz=1&oe=0%3A0%3A0%3Anull%3A-1%3Anull%3A-1%3Anull%3A-1&bu=86&cd=0&ah=86&am=0&xd=00&rf=0&re=1&wb=1&cl=0&at=0&d=1074637387%3A86340%3A1079439569%3A1090994296&bo=onotepad.com&bd=onotepad.com&gw=xaxislatam2020sizmekdisplay101401867638&zMoatOrigSlicer1=N%2FA&zMoatOrigSlicer2=N%2FA&zMoatADV=197393&zMoatAS=Sizmek&hv=findIframeAds&ab=2&fd=1&kt=sframe&it=500&oq=0&ot=0&zMoatJS=3%3A-&ti=0&ih=2&jk=-1&jm=-1&tc=0&fs=204627&na=1276517433&cs=0
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8110287124118452&output=html&h=280&slotname=8778839573&adk=4015718133&adf=1863091577&pi=t.ma~as.8778839573&w=340&fwrn=4&fwrnh=100&lmt=1690043581&rafmt=1&format=340x280&url=https%3A%2F%2Fonotepad.com%2FsPIhfJ&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1690043580606&bpp=1&bdt=401&idt=422&shv=r20230719&mjsv=m202307200101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1067x280%2C703x280&nras=1&correlator=7777222354393&frm=20&pv=1&ga_vid=1764885341.1690043581&ga_sid=1690043581&ga_hid=788954418&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=994&ady=410&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31075952%2C31076179%2C31076299%2C44788442%2C21065725%2C44797785&oid=2&pvsid=1623586736950443&tmod=572720146&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CEe%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=4&uci=a!4&fsb=1&xpc=0uPfDfhtNJ&p=https%3A//onotepad.com&dtd=440
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.35.237.151 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-35-237-151.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

unused62: 8096267
pragma: no-cache
date: Sat, 22 Jul 2023 16:33:04 GMT
last-modified: Fri, 20 May 2016 15:16:00 GMT
server: AkamaiNetStorage
etag: "ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Sat, 22 Jul 2023 16:33:04 GMT

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame 21B4 17 KB
6 KB 52ms
50ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_247.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date: Sat, 22 Jul 2023 16:33:04 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Sat, 22 Jul 2023 16:33:04 GMT

GET
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame 62FB 0
0 79ms
78ms Fetch
image/gif 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjssckEbMwv8pixSsDiNihVhisiIUV7pc6xDJWBy82GnWGaSk2xJjypPDk0hYmDx2HW2ncHZcM7mNcuIQZ3TQcaa0LvOKWN2ZRp-Cp7WfNoKjlbF8MDYwvVWqGcnbX_Rc9bioYvGNO0yT-Wcy06lU-WdL1mdA7hPyA-H6KZ-3fxZDIy7o4gcJGU_B5EUbCKWGd1EB2Q0HJBjY5MmFmumb8Kw35a-dh81lHZLoirXb1SdIvWDTfSvpfUdi5UIwJkmb9rWNCFGBqmeWFU1du3NHoFtfUW3ufs0YEk5bSrVdDeFfJ5rVORY-mvxA3hwQmeYDfo76K5q2iAdIBLcxiE62XHhYSTHV17-VQGLSQNufOH_acAX6GJZLTTx2w73ZC6-d67eNyUZaDwL4ERB-JKgVpkVAaaWB5GmUrbrwPm090UGXSBaM7VWUJMz-cPArJPn3j774D_RG7xe55O7HhO502kWb5k4l19ThBd6PR-tYHHVLb0z8GHi9TA99KM3uEEthVJhHEpuox7JoMpXyPEEVpkwWpWffJvtOcjERnyuGorBYNHZj5JTHvx5u3DBVEhb8bwRqVh_wDC7B56ONX_bWoDQl2sNM2EUF7VgfB_oWG6oTuHEvDg-hS-QdA--6pYLr6D7UqEQDFAGtz0KVr48dVte2nyA300ZwQLtKsTF3rUPJg6syyxTUPHDxXzULZxgHcHr-occgeNYJAyKkBVqvXnk11_jG2kKe919h6sUoZVD2TvXnZCEyODqWgFub8ufPSux1-PNKmbLLrbCwsmBp6BreATzpvxe1CdDk8uScJNZU6NvXlzYDL4h_ZUxQfh-lXk_ootGnds03IwthdwRtaHPzLfuIZ6YqwrGYdFKftmn8KCIScOg_pAlFthVbZIwbhRNoBZjDp1zoKHW7q8lSf6OBDGUW_HBnTx7FcwgIurcOyzI-2fWnV51-rqVWB8orP0W7BVp3Pi8ZSLTxVkawfnUT4AWlmNSizdVitGA8KMPA9pWa81z5aIvpbBNIgkh88SzJ7298oPTa1r2pCsKrNm80Qxa5M7153oJNtQ_7YoW45NltRCaxlU_zcpSMTymhn5N_UtTYyJnQ7LuiAH73oFU5OS0M0NzqOGSy9WceqpMIRxCncJ-lp6XciI72KS6b_mCr9RxNJshHTMApZW1e_p6j95HwxL5sGk5dZU_R9qy7tV5AdKxf_W6wfgaxjI0-VUI73bYH2LE9PNbhoLmZKVdAcw4wt9RjToFZr1OAOz0Zk0Xug-0VA61A-oUZoLf99xiNnmJr7zoKj2hXedu-FkQ&sai=AMfl-YRLjiVbaKjd9JXyqto1b9HaiFDuI9pXxQtxhrUu2lvXBlAoA1_Vm6hCp8bZAfwhv5-N-05m8JfBs_MPnBBoq0MJSK4LB6JzI0nckZrJjoLPk3AVcZrCiPHtRToOxrWO0Nn2gR0Zwpb6_v-kp8Y4Nf0dLdGnkrPQOjouFeASm8IZbWvom5_KrdyQY4jTqFw01A-0bUWsGrRXg_5l8Rbzjd-Cd_p2VFlfyeWDz_F97o7NHqKWGjr-h_J_Da8rjqp3dvRAT6TZKvBfTf79CBbwYq1YxX0Pe0Zy&sig=Cg0ArKJSzIPBVozLOOoyEAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=2006&vt=11&dtpt=1296&dett=3&cstd=692&cisv=r20230719.88553&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&arae=0&ftch=1&adurl=

Requested by

Host: onotepad.com
URL: https://onotepad.com/sPIhfJ

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://39398e5a679a9dbb947c244fab0d9cc5.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date: Sat, 22 Jul 2023 16:33:04 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Sat, 22 Jul 2023 16:33:04 GMT

POST
H/1.1 200
OK evt Show response
lm.serving-sys.com/lm/ Frame 0332 0
193 B 164ms
14ms XHR
text/plain 3.73.242.95
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://lm.serving-sys.com/lm/evt
Requested by: Host: secure-ds.serving-sys.com
URL: https://secure-ds.serving-sys.com/BurstingCachedScripts//Ad_2_241_3_0/ebHtml5PoliteBanner.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.73.242.95 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-73-242-95.eu-central-1.compute.amazonaws.com
Software: LogModule 0.6 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://googleads.g.doubleclick.net/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36
Content-type: application/x-www-form-urlencoded

Response headers

Access-Control-Allow-Origin: https://googleads.g.doubleclick.net
Access-Control-Allow-Credentials: true
Server: LogModule 0.6
Content-Length: 0
Content-Type: text/plain

POST
H/1.1 200
OK evt Show response
lm.serving-sys.com/lm/ Frame 0332 0
193 B 166ms
17ms XHR
text/plain 3.73.242.95
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://lm.serving-sys.com/lm/evt
Requested by: Host: secure-ds.serving-sys.com
URL: https://secure-ds.serving-sys.com/BurstingCachedScripts//Ad_2_241_3_0/ebHtml5PoliteBanner.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.73.242.95 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-73-242-95.eu-central-1.compute.amazonaws.com
Software: LogModule 0.6 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://googleads.g.doubleclick.net/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36
Content-type: application/x-www-form-urlencoded

Response headers

Access-Control-Allow-Origin: https://googleads.g.doubleclick.net
Access-Control-Allow-Credentials: true
Server: LogModule 0.6
Content-Length: 0
Content-Type: text/plain

GET
H2 200 Serving Show response
bs.serving-sys.com/ Frame 0332 24 B
311 B 32ms
32ms XHR
text/html 18.194.104.7
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://bs.serving-sys.com/Serving?cn=display&c=40&sessionid=2326489741120530330&ai=1090994296&usercookie=u2=17c3e628-7305-4d95-9b99-af2427d4597b&oo=1&clsrc=2&clbv=_2_241_3_0&gdprpurposes=1010&dg=1077982150&sdg=1079167684&ctick=849&ord=0.9697805582364734
Requested by: Host: secure-ds.serving-sys.com
URL: https://secure-ds.serving-sys.com/BurstingCachedScripts//Ad_2_241_3_0/ebHtml5PoliteBanner.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.194.104.7 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-194-104-7.eu-central-1.compute.amazonaws.com
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: 2e7778c6ed3c31a131da378d6e573a1b3b6723037cdeea4c4832da83e60c9399

Request headers

Referer: https://googleads.g.doubleclick.net/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36
Content-type: text/plain

Response headers

pragma: no-cache
date: Sat, 22 Jul 2023 16:33:04 GMT
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET
content-type: text/html; charset=UTF-8
access-control-allow-origin: https://googleads.g.doubleclick.net
p3p: CP="NOI DEVa OUR BUS UNI"
cache-control: no-cache, no-store
access-control-allow-credentials: true
content-length: 24
expires: Sun, 05-Jun-2005 22:00:00 GMT

POST
H2 200 adServer.bs
bs.serving-sys.com/Serving/ Frame 0332 0
268 B 14ms
12ms Ping
text/html 18.194.104.7
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://bs.serving-sys.com/Serving/adServer.bs?cn=int&iv=2&int=1090994296~~0~~1077982150~~2326489741120530330^VsR~0~0~01020~852^VsRAg~0~0~01020~852^AdStart~0~0~01020~852&usercookie=u2=17c3e628-7305-4d95-9b99-af2427d4597b&OptOut=1&rnd=0.9252126538328158&res=32
Requested by: Host: secure-ds.serving-sys.com
URL: https://secure-ds.serving-sys.com/BurstingCachedScripts//Ad_2_241_3_0/ebHtml5PoliteBanner.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.194.104.7 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-194-104-7.eu-central-1.compute.amazonaws.com
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 22 Jul 2023 16:33:04 GMT
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET
content-type: text/html; charset=UTF-8
access-control-allow-origin: https://googleads.g.doubleclick.net
p3p: CP="NOI DEVa OUR BUS UNI"
cache-control: no-cache, no-store
access-control-allow-credentials: true
content-length: 0
expires: Sun, 05-Jun-2005 22:00:00 GMT

GET
H2 200 imp
mx-gmtdmp.mookie1.com/t/v2/ Frame 0332 42 B
204 B 228ms
122ms Image
image/gif 35.201.109.54
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://mx-gmtdmp.mookie1.com/t/v2/imp?tagid=V2_66626&src.rand=4428409037275808811&src.campaignID=1074637387&src.placementID=1079439569
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8110287124118452&output=html&h=280&slotname=8778839573&adk=4015718133&adf=1863091577&pi=t.ma~as.8778839573&w=340&fwrn=4&fwrnh=100&lmt=1690043581&rafmt=1&format=340x280&url=https%3A%2F%2Fonotepad.com%2FsPIhfJ&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1690043580606&bpp=1&bdt=401&idt=422&shv=r20230719&mjsv=m202307200101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1067x280%2C703x280&nras=1&correlator=7777222354393&frm=20&pv=1&ga_vid=1764885341.1690043581&ga_sid=1690043581&ga_hid=788954418&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=994&ady=410&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31075952%2C31076179%2C31076299%2C44788442%2C21065725%2C44797785&oid=2&pvsid=1623586736950443&tmod=572720146&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CEe%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=4&uci=a!4&fsb=1&xpc=0uPfDfhtNJ&p=https%3A//onotepad.com&dtd=440
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.201.109.54 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 54.109.201.35.bc.googleusercontent.com
Software: nginx /
Resource Hash: 99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date: Sat, 22 Jul 2023 16:33:04 GMT
via: 1.1 google
last-modified: Tue, 28 Jun 2022 14:08:50 GMT
server: nginx
etag: "62bb0b72-2a"
content-type: image/gif
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42

GET
H2 200 adServer.bs
bs.serving-sys.com/Serving/ Frame 0332 42 B
266 B 27ms
27ms Image
image/gif 18.194.104.7
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://bs.serving-sys.com/Serving/adServer.bs?cn=display&c=19&pli=1079437540&gdpr=${GDPR}&gdpr_consent=${GDPR_CONSENT_68}&us_privacy=1YY-&adid=1090986910&ord=${RANDOM}
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8110287124118452&output=html&h=280&slotname=8778839573&adk=4015718133&adf=1863091577&pi=t.ma~as.8778839573&w=340&fwrn=4&fwrnh=100&lmt=1690043581&rafmt=1&format=340x280&url=https%3A%2F%2Fonotepad.com%2FsPIhfJ&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1690043580606&bpp=1&bdt=401&idt=422&shv=r20230719&mjsv=m202307200101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1067x280%2C703x280&nras=1&correlator=7777222354393&frm=20&pv=1&ga_vid=1764885341.1690043581&ga_sid=1690043581&ga_hid=788954418&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=994&ady=410&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31075952%2C31076179%2C31076299%2C44788442%2C21065725%2C44797785&oid=2&pvsid=1623586736950443&tmod=572720146&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CEe%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=4&uci=a!4&fsb=1&xpc=0uPfDfhtNJ&p=https%3A//onotepad.com&dtd=440
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.194.104.7 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-194-104-7.eu-central-1.compute.amazonaws.com
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: 47043e4823a6c21a8881de789b4185355330b5804629d23f6b43dd93f5265292

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 22 Jul 2023 16:33:04 GMT
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET
content-type: image/gif
access-control-allow-origin: *
p3p: CP="NOI DEVa OUR BUS UNI"
cache-control: no-cache, no-store
content-length: 42
expires: Sun, 05-Jun-2005 22:00:00 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame D719 42 B
64 B 87ms
87ms Fetch
image/gif 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjssIj5FvaIgmG46GQ6A1V6uDAbIYZN1hWl-SRvClYYYNa-1r419bBZ-FNbPqykwkDk1f5-k8tT_bjQ5YvJujXiWRbqzaRi1aaWRJ7183KXln1SFYg3cJFlEwNH0Jx5PQL1UPAcF-ftaQG2BG&sai=AMfl-YRXaZl_qaZtjHercNBTnEFB-7IPIcVY37sIgu87w9zXwjN3-PSmlprRVgyKBcTlS-oXJJNkT6WOXhg2&sig=Cg0ArKJSzO4vnNpSyqSBEAE&cid=CAQSGwBpAlJW4khfj7syFiZGil51w7oyG6WCkWI1IBgB&id=lidar2&mcvt=1044&p=0,0,280,1067&mtos=1044,1044,1044,1044,1044&tos=1044,0,0,0,0&v=20230719&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=22&adk=1376291991&rs=2&la=1&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ%3D%3D&vs=4&r=v&rst=1690043581005&rpt=2241&met=mue&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0&io2=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 22 Jul 2023 16:33:04 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H/1.1 200
OK evt Show response
lm.serving-sys.com/lm/ Frame FD6C 0
191 B 133ms
16ms XHR
text/plain 3.73.242.95
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://lm.serving-sys.com/lm/evt
Requested by: Host: onotepad.com
URL: https://onotepad.com/sPIhfJ
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.73.242.95 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-73-242-95.eu-central-1.compute.amazonaws.com
Software: LogModule 0.6 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://secure-ds.serving-sys.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

Access-Control-Allow-Origin: https://secure-ds.serving-sys.com
Access-Control-Allow-Credentials: true
Server: LogModule 0.6
Content-Length: 0
Content-Type: text/plain

GET
H2 200 pixel.gif
px.moatads.com/ Frame 2181 43 B
265 B 8ms
3ms Image
image/gif 23.35.237.151
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px.moatads.com/pixel.gif?e=37&q=0&hp=1&ra=1&pxm=9&sgs=3&vb=-1&kq=1&lo=0&uk=null&pk=0&wk=0&rk=0&tk=0&ak=-&i=XAXIS_LATAM_2020_SIZMEK_DISPLAY1&ol=2810679367&qn=%604%7BZEYwoqI%24%5BK%2BdLLU)%2CMm~tM!90vv9L%24%2FoDb%2Fz(lKm3GFlNUU%2Cu%5Bh_GcS%25%5BHvLU%5B4(K%2B%7BgeFWl_%3DNqUXR%3A%3D%2BAxMn%3Ch%2CyenA8p%2FHm%24%60%233P(ry5*ZRocMp1tq%5BN%7Bq%60RP%3CG.ceFW%7CoG%22mxT%3Bwv%40V374BKm55%3D%261fp%5BoU5t(K3%2BA%24%3D!!tex8j3Mn%3Cz%5D6WAJN3NZ_h)G%3E3%5D*lTr1W*d%5B4kf%2FLyUoRdByZ%3CPnKMV%25%3C%2Cbq.%22oDOk%2Cz%25GY&tf=1_nMzjG---CSa7H-nHVQZC-bW7qhB-LRwqH-nMzjG-&vi=111111&rc=2%2C1%2C0%2C3%2C3326192205%2C1%2C4%2C0%2Cprobably%2Cprobably&rb=1-1cQ31%2B7Cex1YkaWe08ceLJHXkgPshLKyuz%2F4uhjkxPYPVB8OEV7WXRwEOC0dEk1CVCWz&rs=1-wA7GM1%2F1Kg7M0g%3D%3D&sc=1&os=1-Iw%3D%3D&qp=10000&is=BBBBB2BBEYBvGl2BBCBBtUTE1RmsqbKW8BsrBu0rCFE48CRBeeBS2hWTMBBQeQBBn2soYggyUig0CBlWZ0uBBCCCCCCOgRBBiOfnE6Bkg7Oxib8MwBtJYHCBdm5kBhIcC9Y8oBXckXBR76iUUsJBCBBBBBBBBBWBBBj3BBBZeGV2BBBCMciUBBBjgEBBBBBB94UMgTdJMtEcpMBBBQBBBniOccBBBBBB47kNwxBbBBBBBBBBBhcjG6BBJM2L4Bk8BwCBQmIoRBBCzBz1BBCTClBBrbBBC4ehueB57NG9aJfR0BqBBiuwBBBB&iv=8&qt=0&gz=0&hh=0&hn=0&tw=&qc=0&qd=0&qf=340&qe=280&qh=1600&qg=1200&qm=0&qa=1600&qb=1200&qi=1600&qj=1200&to=000&po=1-0020002000002120&vy=ot%24b%5Bh%40%22oD~T_Gr1%3E%3AB%40NVt7%3BY%3EhyMmxNXJZPV8t6%3D%3Dh_GW3r4Aj!L%3E%2BbK0pH%23H&ql=%3B%5BpwxnRd%7Dt%3Aal9EU%22y%2F.D%5B5%2F%5BGI%3Fi6%5EB61%2F%3DSqcMr1%7B%2CTu9LJJ(a.P%2B)s1(uA&qo=0&qr=0&bq=0&g=1&h=250&w=300&hq=0&hs=0&hu=0&hr=0&ht=1&dnt=0&zMoatGSR=1&ph=&pj=standard&zGSRC=1&gu=https%3A%2F%2Fonotepad.com%2FsPIhfJ&id=0&ii=6&f=1&j=https%3A%2F%2Fonotepad.com&lp=https%3A%2F%2Fonotepad.com&t=1690043583990&de=887407844270&cu=1690043583990&m=274&ar=c013c52fed3-clean&iw=c0d5a00&cb=0&ym=0&ll=2&lm=2&ln=1&r=0&dl=0&nh=1&xx=undefined%3A875484570224&td=1&lk=undefined&lb=280&le=1&lh=61&gm=1&io=1&ch=1&vv=3&vw=0%3A3%3A0&vp=100&vx=-%3A100%3A-&pe=0%3A-%3A-%3A0%3A1146&aa=0&ad=76&cn=0&gk=76&gl=0&ik=76&ic=76&ez=1&cq=1&im=0&in=0&pd=0&em=0&en=0&st=1&su=1&of=1&oz=1&oe=0%3A0%3A0%3Anull%3A-1%3Anull%3A-1%3Anull%3A-1&bu=86&cd=86&ah=86&am=86&xd=00&rf=0&re=1&wb=1&cl=0&at=0&d=1074637387%3A86340%3A1079439569%3A1090994296&bo=onotepad.com&bd=onotepad.com&gw=xaxislatam2020sizmekdisplay101401867638&zMoatOrigSlicer1=N%2FA&zMoatOrigSlicer2=N%2FA&zMoatADV=197393&zMoatAS=Sizmek&hv=Exps%3A%20Sizmek%20backref%20%7C%20findIframeAds&ab=2&fd=1&kt=sframe&it=500&fz=1&oq=1&ot=ff&zMoatJS=3%3A-&ti=0&ih=2&jk=-1&jm=-1&tc=0&fs=204627&na=1504360574&cs=0
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8110287124118452&output=html&h=280&slotname=8778839573&adk=4015718133&adf=1863091577&pi=t.ma~as.8778839573&w=340&fwrn=4&fwrnh=100&lmt=1690043581&rafmt=1&format=340x280&url=https%3A%2F%2Fonotepad.com%2FsPIhfJ&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1690043580606&bpp=1&bdt=401&idt=422&shv=r20230719&mjsv=m202307200101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1067x280%2C703x280&nras=1&correlator=7777222354393&frm=20&pv=1&ga_vid=1764885341.1690043581&ga_sid=1690043581&ga_hid=788954418&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=994&ady=410&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31075952%2C31076179%2C31076299%2C44788442%2C21065725%2C44797785&oid=2&pvsid=1623586736950443&tmod=572720146&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CEe%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=4&uci=a!4&fsb=1&xpc=0uPfDfhtNJ&p=https%3A//onotepad.com&dtd=440
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.35.237.151 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-35-237-151.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

unused62: 8096267
pragma: no-cache
date: Sat, 22 Jul 2023 16:33:04 GMT
last-modified: Fri, 20 May 2016 15:16:00 GMT
server: AkamaiNetStorage
etag: "ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Sat, 22 Jul 2023 16:33:04 GMT

GET
H3 200 03032023-031220603-1456_180_horizontal-625px_congstar-xaf6184aa-3d69-4fd8-8c40-58bd22fe7e51.png
s0.2mdn.net/4528404/ Frame 21B4 75 KB
75 KB 45ms
40ms Image
image/png 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/4528404/03032023-031220603-1456_180_horizontal-625px_congstar-xaf6184aa-3d69-4fd8-8c40-58bd22fe7e51.png

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a171e8a9a6ae24cf175c0ef851199290d01516a46a338de968a8cb9cdb712edb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/sadbundle/9548364509937149214/index.html?e=69&leftOffset=0&topOffset=0&c=BxWBeZakZg&t=1&renderingType=2&ev=01_250
Origin: https://s0.2mdn.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date: Sat, 22 Jul 2023 02:30:01 GMT
x-content-type-options: nosniff
age: 50583
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 76663
x-xss-protection: 0
last-modified: Fri, 03 Mar 2023 11:12:20 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 23 Jul 2023 02:30:01 GMT

GET
H3 200 03032023-031223692-1456_180_quadratisch_congstar-x_ohne-x-2a40b6d1b-f64b-4fb4-9687-a98690d67cd7.png
s0.2mdn.net/4528404/ Frame 21B4 35 KB
35 KB 62ms
55ms Image
image/png 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/4528404/03032023-031223692-1456_180_quadratisch_congstar-x_ohne-x-2a40b6d1b-f64b-4fb4-9687-a98690d67cd7.png

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4d09cab2ffe4eaafe307a0bdcda04620353440346a1f445850707c56382e9cae

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/sadbundle/9548364509937149214/index.html?e=69&leftOffset=0&topOffset=0&c=BxWBeZakZg&t=1&renderingType=2&ev=01_250
Origin: https://s0.2mdn.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date: Sat, 22 Jul 2023 03:01:45 GMT
x-content-type-options: nosniff
age: 48679
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 36230
x-xss-protection: 0
last-modified: Fri, 03 Mar 2023 11:12:23 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 23 Jul 2023 03:01:45 GMT

GET
H2 200 pixel.gif
xaxislatamdisplay5449357860.s.moatpixel.com/ Frame 2181 43 B
265 B 88ms
7ms Image
image/gif 2.18.161.148
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://xaxislatamdisplay5449357860.s.moatpixel.com/pixel.gif?m=1&iv=0&tuv=-1&tet=0&fi=0&apd=86&ui=0&uit=0&h=0&th=-1&s=-1&ts=-1&bfa=-1&d=onotepad.com&L1id=1074637387&L2id=86340&L3id=1079439569&L4id=1090994296&S1id=onotepad.com&S2id=onotepad.com&ord=1690043583990&r=887407844270&t=meas&os=0&fi2=0&div1=0&ait=0&url=https%253A%252F%252Fonotepad.com%252FsPIhfJ&mobile=0&click=0&initW=300&initH=250&initSRE=0.0390625&zMoatADV=197393&zMoatAS=Sizmek&bedc=1&q=1&BSD=safe&BSC=moat_unsure&nu=1&ib=0&dc=1&ob=0&oh=0&lt=0&ab=0&n=1&nm=1&sp=0&pt=0
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8110287124118452&output=html&h=280&slotname=8778839573&adk=4015718133&adf=1863091577&pi=t.ma~as.8778839573&w=340&fwrn=4&fwrnh=100&lmt=1690043581&rafmt=1&format=340x280&url=https%3A%2F%2Fonotepad.com%2FsPIhfJ&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1690043580606&bpp=1&bdt=401&idt=422&shv=r20230719&mjsv=m202307200101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1067x280%2C703x280&nras=1&correlator=7777222354393&frm=20&pv=1&ga_vid=1764885341.1690043581&ga_sid=1690043581&ga_hid=788954418&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=994&ady=410&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31075952%2C31076179%2C31076299%2C44788442%2C21065725%2C44797785&oid=2&pvsid=1623586736950443&tmod=572720146&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CEe%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=4&uci=a!4&fsb=1&xpc=0uPfDfhtNJ&p=https%3A//onotepad.com&dtd=440
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2.18.161.148 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-161-148.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

unused62: 8096267
pragma: no-cache
date: Sat, 22 Jul 2023 16:33:04 GMT
last-modified: Fri, 20 May 2016 15:16:00 GMT
server: AkamaiNetStorage
etag: "ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Sat, 22 Jul 2023 16:33:04 GMT

GET
H2 200 pixel.gif
xaxislatamdisplay5449357860.s.moatpixel.com/ Frame 2181 43 B
265 B 90ms
9ms Image
image/gif 2.18.161.148
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://xaxislatamdisplay5449357860.s.moatpixel.com/pixel.gif?m=1&iv=0&tuv=-1&tet=0&fi=0&apd=86&ui=0&uit=0&h=0&th=-1&s=-1&ts=-1&bfa=-1&d=onotepad.com&L1id=1074637387&L2id=86340&L3id=1079439569&L4id=1090994296&S1id=onotepad.com&S2id=onotepad.com&ord=1690043583990&r=887407844270&t=bs&os=0&fi2=0&div1=0&ait=0&url=https%253A%252F%252Fonotepad.com%252FsPIhfJ&mobile=0&click=0&initW=300&initH=250&initSRE=0.0390625&zMoatADV=197393&zMoatAS=Sizmek&bedc=1&q=2&BSD=safe&BSC=moat_unsure&nu=1&ib=0&dc=1&ob=0&oh=0&lt=0&ab=0&n=1&nm=1&sp=0&pt=0
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8110287124118452&output=html&h=280&slotname=8778839573&adk=4015718133&adf=1863091577&pi=t.ma~as.8778839573&w=340&fwrn=4&fwrnh=100&lmt=1690043581&rafmt=1&format=340x280&url=https%3A%2F%2Fonotepad.com%2FsPIhfJ&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1690043580606&bpp=1&bdt=401&idt=422&shv=r20230719&mjsv=m202307200101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1067x280%2C703x280&nras=1&correlator=7777222354393&frm=20&pv=1&ga_vid=1764885341.1690043581&ga_sid=1690043581&ga_hid=788954418&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=994&ady=410&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31075952%2C31076179%2C31076299%2C44788442%2C21065725%2C44797785&oid=2&pvsid=1623586736950443&tmod=572720146&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CEe%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=4&uci=a!4&fsb=1&xpc=0uPfDfhtNJ&p=https%3A//onotepad.com&dtd=440
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2.18.161.148 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-161-148.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

unused62: 8096267
pragma: no-cache
date: Sat, 22 Jul 2023 16:33:04 GMT
last-modified: Fri, 20 May 2016 15:16:00 GMT
server: AkamaiNetStorage
etag: "ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Sat, 22 Jul 2023 16:33:04 GMT

GET
H2 200 pixel.gif
xaxislatamdisplay5449357860.s.moatpixel.com/ Frame 2181 43 B
265 B 88ms
10ms Image
image/gif 2.18.161.148
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://xaxislatamdisplay5449357860.s.moatpixel.com/pixel.gif?m=1&iv=0&tuv=-1&tet=76&fi=1&apd=237&ui=0&uit=0&h=0&th=-1&s=-1&ts=-1&bfa=-1&d=onotepad.com&L1id=1074637387&L2id=86340&L3id=1079439569&L4id=1090994296&S1id=onotepad.com&S2id=onotepad.com&ord=1690043583990&r=887407844270&t=hdn&os=1&fi2=0&div1=0&ait=0&url=https%253A%252F%252Fonotepad.com%252FsPIhfJ&mobile=0&click=0&initW=300&initH=250&initSRE=0.0390625&zMoatADV=197393&zMoatAS=Sizmek&bedc=1&q=3&BSD=safe&BSC=moat_unsure&nu=1&ib=0&dc=1&ob=0&oh=0&lt=0&ab=0&n=1&nm=1&sp=0&pt=0
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8110287124118452&output=html&h=280&slotname=8778839573&adk=4015718133&adf=1863091577&pi=t.ma~as.8778839573&w=340&fwrn=4&fwrnh=100&lmt=1690043581&rafmt=1&format=340x280&url=https%3A%2F%2Fonotepad.com%2FsPIhfJ&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1690043580606&bpp=1&bdt=401&idt=422&shv=r20230719&mjsv=m202307200101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1067x280%2C703x280&nras=1&correlator=7777222354393&frm=20&pv=1&ga_vid=1764885341.1690043581&ga_sid=1690043581&ga_hid=788954418&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=994&ady=410&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31075952%2C31076179%2C31076299%2C44788442%2C21065725%2C44797785&oid=2&pvsid=1623586736950443&tmod=572720146&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CEe%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=4&uci=a!4&fsb=1&xpc=0uPfDfhtNJ&p=https%3A//onotepad.com&dtd=440
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2.18.161.148 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-161-148.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

unused62: 8096267
pragma: no-cache
date: Sat, 22 Jul 2023 16:33:04 GMT
last-modified: Fri, 20 May 2016 15:16:00 GMT
server: AkamaiNetStorage
etag: "ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Sat, 22 Jul 2023 16:33:04 GMT

GET
H2 200 pixel.gif
xaxislatamdisplay5449357860.s.moatpixel.com/ Frame 2181 43 B
265 B 86ms
8ms Image
image/gif 2.18.161.148
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://xaxislatamdisplay5449357860.s.moatpixel.com/pixel.gif?m=1&iv=0&tuv=-1&tet=76&fi=1&apd=237&ui=0&uit=0&h=0&th=-1&s=-1&ts=-1&bfa=-1&d=onotepad.com&L1id=1074637387&L2id=86340&L3id=1079439569&L4id=1090994296&S1id=onotepad.com&S2id=onotepad.com&ord=1690043583990&r=887407844270&t=fv&os=1&fi2=0&div1=0&ait=0&url=https%253A%252F%252Fonotepad.com%252FsPIhfJ&mobile=0&click=0&initW=300&initH=250&initSRE=0.0390625&zMoatADV=197393&zMoatAS=Sizmek&bedc=1&q=4&BSD=safe&BSC=moat_unsure&nu=1&ib=0&dc=1&ob=0&oh=0&lt=0&ab=0&n=1&nm=1&sp=0&pt=0
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8110287124118452&output=html&h=280&slotname=8778839573&adk=4015718133&adf=1863091577&pi=t.ma~as.8778839573&w=340&fwrn=4&fwrnh=100&lmt=1690043581&rafmt=1&format=340x280&url=https%3A%2F%2Fonotepad.com%2FsPIhfJ&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1690043580606&bpp=1&bdt=401&idt=422&shv=r20230719&mjsv=m202307200101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1067x280%2C703x280&nras=1&correlator=7777222354393&frm=20&pv=1&ga_vid=1764885341.1690043581&ga_sid=1690043581&ga_hid=788954418&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=994&ady=410&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31075952%2C31076179%2C31076299%2C44788442%2C21065725%2C44797785&oid=2&pvsid=1623586736950443&tmod=572720146&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CEe%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=4&uci=a!4&fsb=1&xpc=0uPfDfhtNJ&p=https%3A//onotepad.com&dtd=440
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2.18.161.148 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-161-148.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

unused62: 8096267
pragma: no-cache
date: Sat, 22 Jul 2023 16:33:04 GMT
last-modified: Fri, 20 May 2016 15:16:00 GMT
server: AkamaiNetStorage
etag: "ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Sat, 22 Jul 2023 16:33:04 GMT

GET
H3 200 7iS30H4CIOlAzWX_-DRl8EqUdjCbSbkytJAMRoxuMII.js Show response
pagead2.googlesyndication.com/bg/ Frame EF04 38 KB
15 KB 40ms
40ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/7iS30H4CIOlAzWX_-DRl8EqUdjCbSbkytJAMRoxuMII.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ee24b7d07e0220e940cd65fff83465f04a9476309b49b932b4900c468c6e3082

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date: Sat, 22 Jul 2023 06:56:59 GMT
content-encoding: br
x-content-type-options: nosniff
age: 34565
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14882
x-xss-protection: 0
last-modified: Tue, 18 Jul 2023 09:38:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sun, 21 Jul 2024 06:56:59 GMT

GET
H3 200 03032023-031220603-1456_180_horizontal-625px_congstar-xaf6184aa-3d69-4fd8-8c40-58bd22fe7e51.png
s0.2mdn.net/4528404/ Frame 21B4 75 KB
75 KB 66ms
62ms Image
image/png 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/4528404/03032023-031220603-1456_180_horizontal-625px_congstar-xaf6184aa-3d69-4fd8-8c40-58bd22fe7e51.png

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a171e8a9a6ae24cf175c0ef851199290d01516a46a338de968a8cb9cdb712edb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/9548364509937149214/index.html?e=69&leftOffset=0&topOffset=0&c=BxWBeZakZg&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date: Sat, 22 Jul 2023 02:30:01 GMT
x-content-type-options: nosniff
age: 50583
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 76663
x-xss-protection: 0
last-modified: Fri, 03 Mar 2023 11:12:20 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 23 Jul 2023 02:30:01 GMT

GET
H2 200 pixel.gif
xaxislatamdisplay5449357860.s.moatpixel.com/ Frame 2181 43 B
265 B 30ms
28ms Image
image/gif 2.18.161.148
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://xaxislatamdisplay5449357860.s.moatpixel.com/pixel.gif?m=1&iv=0&tuv=-1&tet=304&fi=1&apd=465&ui=0&uit=0&h=0&th=-1&s=-1&ts=-1&bfa=-1&d=onotepad.com&L1id=1074637387&L2id=86340&L3id=1079439569&L4id=1090994296&S1id=onotepad.com&S2id=onotepad.com&ord=1690043583990&r=887407844270&t=nht&os=1&fi2=0&div1=0&ait=0&url=https%253A%252F%252Fonotepad.com%252FsPIhfJ&mobile=0&click=0&initW=300&initH=250&initSRE=0.0390625&zMoatADV=197393&zMoatAS=Sizmek&bedc=1&q=5&BSD=safe&BSC=moat_unsure&nu=1&ib=0&dc=1&ob=0&oh=0&lt=0&ab=0&n=1&nm=1&sp=0&pt=0
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8110287124118452&output=html&h=280&slotname=8778839573&adk=4015718133&adf=1863091577&pi=t.ma~as.8778839573&w=340&fwrn=4&fwrnh=100&lmt=1690043581&rafmt=1&format=340x280&url=https%3A%2F%2Fonotepad.com%2FsPIhfJ&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1690043580606&bpp=1&bdt=401&idt=422&shv=r20230719&mjsv=m202307200101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1067x280%2C703x280&nras=1&correlator=7777222354393&frm=20&pv=1&ga_vid=1764885341.1690043581&ga_sid=1690043581&ga_hid=788954418&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=994&ady=410&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31075952%2C31076179%2C31076299%2C44788442%2C21065725%2C44797785&oid=2&pvsid=1623586736950443&tmod=572720146&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CEe%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=4&uci=a!4&fsb=1&xpc=0uPfDfhtNJ&p=https%3A//onotepad.com&dtd=440
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2.18.161.148 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-161-148.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

unused62: 8096267
pragma: no-cache
date: Sat, 22 Jul 2023 16:33:04 GMT
last-modified: Fri, 20 May 2016 15:16:00 GMT
server: AkamaiNetStorage
etag: "ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Sat, 22 Jul 2023 16:33:04 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame B0A1 0
20 B 75ms
74ms Image
image/gif 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BBEfkvgS8ZMXaBp3Cx_AP0dyj0AQAAAAAOAHgBAI&bg=!QUKlQhbNAAZsPphkTD47ADkAdvg8Wi1EPY9WWJgKRzK5n6Uz1AWfFKRXCzZp01SPoLjBlbx_e-QviTf3wdGOd5df2CuE6GN-pfUCAAAFHVIAAAAJaAEHmQM1SS68nrlyJASVK3iLNw08crN6R6F0AfCnKjBOY-_HAB2TdLdn6RwgO_6pifGErAAEAHSHQoHWBmZearO8wGeDG4WfCz_x_-a6IIH4gVzBknGTQoO50E05LNvG5wqulKepE-SQ9fEO5bvqfMt_aw4PNrl008suSbMVpdzh09iIk7CVJLSPI3Kurkf6OY9IXiI9uRV3Xb4BNAJYFEh1j5A59LydB3eGZuzWdEMUV_4mRfTZVLwtFmThc3BmkXo1hsYlsvSnC5betf1bkSB9hO25E7xoHBokxqfmE2ir_lI42dvJFhaPyIBox6n-c2IuJ4uaWPVS8nsRmI38bbeqzMlmpWPvnzoapiKurV_0oUB8jyxYhECm3u0OK9CTZoIleTjThvKY5YynsePJieG0I4jZz49bUJGj0IQAdi2TvDDC3VoiXeBKwdJsxv0xmWxZlzaPjLE954f8fmwNuCKFLYLJbVSys2DCJABqYWnHsB8o3HcomfZcijQ8A3x0OZNfe_ert0iEnZflZDwVOlYxf-4SKphaGcAjnBgyF4RNL09T9BXL2p295OskQg-su27i7dR-enL9gH49TcrPU-25wKqpn63CqVkLr6VhCK-KrtplfTiJdg2E-rXJC6ofU4NdxaBeTLBy9Wg8gYRJgvoXeRCkqDgVyQhtMTlIwxzi6PP5e_6m2NlChkDhwNjVY-DaHejYqcu6uUMJsQSmoVblMmouyhtzca0JcqicUxRhgU9OpdMBzNceGP3TEIWjFUq_e5s1--8I4wNMkCWT6_FNsD1XcU1_3TlU1FEmKQKH8BQq4kUKx6mjYWKIs23dcPpQxEO6KX57DFUGindW6JBN8e76j9TDm4G02K433B63EDypxvN28cgSw3AfWM21z0ff7D1LbhYi-rasWVD8Gk4BM6DNW2W6TLnmNuZZ-FyX6M-sGPuzg_Iiatl5w2P0Y2aqPAIZ4juYMI74u1ea1heiPktcREJHrrTP3zNQvmC1_WkSa_7EciITw3kY3bAKwphZC1aEWx_P_zr7ri_FOITUJK23BbHdux3a6l_9uKS38svhgYVzZbO7I0Gddy9nx4YnVPbpYd9UE00

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 22 Jul 2023 16:33:04 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 adServer.bs Show response
bs.serving-sys.com/Serving/ Frame 0332 0
268 B 14ms
13ms XHR
text/html 18.194.104.7
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://bs.serving-sys.com/Serving/adServer.bs?cn=int&iv=2&interactionsStr=$$1090994296~~0~~1077982150~~2326489741120530330%5EActualSize~300x250x0x1x0000x0x0x300x250~0~01020~1147$$&usercookie=u2=17c3e628-7305-4d95-9b99-af2427d4597b&OptOut=1&rnd=0.7295603331322951&res=32
Requested by: Host: secure-ds.serving-sys.com
URL: https://secure-ds.serving-sys.com/BurstingCachedScripts//Ad_2_241_3_0/ebHtml5PoliteBanner.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.194.104.7 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-194-104-7.eu-central-1.compute.amazonaws.com
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://googleads.g.doubleclick.net/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36
Content-type: text/plain

Response headers

pragma: no-cache
date: Sat, 22 Jul 2023 16:33:04 GMT
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET
content-type: text/html; charset=UTF-8
access-control-allow-origin: https://googleads.g.doubleclick.net
p3p: CP="NOI DEVa OUR BUS UNI"
cache-control: no-cache, no-store
access-control-allow-credentials: true
content-length: 0
expires: Sun, 05-Jun-2005 22:00:00 GMT

GET
H2 200 adServer.bs Show response
bs.serving-sys.com/Serving/ Frame 0332 0
268 B 21ms
21ms XHR
text/html 18.194.104.7
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://bs.serving-sys.com/Serving/adServer.bs?cn=int&iv=2&interactionsStr=$$1090994296~~0~~1077982150~~2326489741120530330%5EAdParams~ifr%3D4%26loc%3D0x0%26size%3D300x250%26cb%3D2%26env%3D0%26vsbp%3D10%26bi%3D-1%26idx%3D1~0~01020~1149$$&usercookie=u2=17c3e628-7305-4d95-9b99-af2427d4597b&OptOut=1&rnd=0.013803676397172726&res=32
Requested by: Host: secure-ds.serving-sys.com
URL: https://secure-ds.serving-sys.com/BurstingCachedScripts//Ad_2_241_3_0/ebHtml5PoliteBanner.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.194.104.7 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-194-104-7.eu-central-1.compute.amazonaws.com
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://googleads.g.doubleclick.net/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36
Content-type: text/plain

Response headers

pragma: no-cache
date: Sat, 22 Jul 2023 16:33:04 GMT
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET
content-type: text/html; charset=UTF-8
access-control-allow-origin: https://googleads.g.doubleclick.net
p3p: CP="NOI DEVa OUR BUS UNI"
cache-control: no-cache, no-store
access-control-allow-credentials: true
content-length: 0
expires: Sun, 05-Jun-2005 22:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 5AF4 0
20 B 75ms
74ms Image
image/gif 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=B79k5vgS8ZO-cNJiejuwPxvq_sAIAAAAAOAHgBAI&bg=!iIuli9_NAAZsPphkTD47ADkAdvg8WkL7-midEHmdgjNoPX2lUKVuyNjVB0gSYXkZ7jgJwwmbxrCk3o88Wad1OizcHvRGatRnMOoCAAACtlIAAAAaaAEHmQMpcNK5vHVTUzr1TwrAEVjWs712kfenvs-6IUvtV_wUKAofHRK-IbEuTX9Q_vlsJniCt9WsnrqhUVrPoRQe8Npv96w5jiPz9RY_VtiHFx1fhiz3-lybmi79SObaOqImlshlqtjT_aciUbv8iz3nkhwTtmtcWQU_NV4KCz0rMPUS6hmuyofqr8pYS7MgerffStSm57-doH46hnLt4V8TbJW8H2iuQx2F4LFgRrE5IrEtlcRh3zE00qdoTzDWJD3ExsZTvmekPLyQn2kvkmUgfy-2v-uyDNLLX8s82tBBpa2aCE5o-bHOW2Ugpe9frOgrHuasndE4QlRP7LQDe-scoSK8TI1NvPM8JKO4SseP5w0ZnOBxYV6A6aIEW6reFuGf0qjGicS2HU5dGReluR4qgTJq_UUNE4dQsEWg4sE3D9h4MP8zSaDGG3o9Yv8ipNh8TpY5RBhfnbSljtfS1DWBzcxV4GiNd6GH3yg26fD_sIGK9qq8u-eW3vRh0kOEa7miPpWGVEGip62cFzCbPXQp7gy9o92vy73IRiyoMWqtjsQHZoctjHjfR4fQh3z3cP3oUxSShAKonubEz_EtnuyE8_zfhlGRvShyLTLq_j6be31qxzFvSDuxnfFmfIAozHkyhYviWOrh9lYnw3V4Iesvz1JFo0oWczZ77QRU609vDR3sA7uOiRHXMHrpAPYs1Zw7tg_qUmX8-f6Sjp9HoHr_dmE3-vMxXgtxJhLXwUmd0r9CR3GWQH8a1fr3oi41dIfJzR-URqPSkhEdBApPSE2wCkV6qiTvemC3TefGjnRNW2PuDdWR8iBIWWzio9PwAhehtDTJcF0oifN2kvDIvgF-IYijCKxXpUOCHieUBnBq-7a15qMAtWehXGll_WllTqE8M2cHRtDGOVxKE1ANT-pG_purJ0xnx_48fTy1H8WTqcdoRNN-KED2nvcO5FaP8X0oVz-JTnWNimnvTxvxYdaaOt7v-p9Mv6rPbMh79KH396BaJOeMK4k4eLjZ4OJ_hIXu5MFxXSBUXJvggpJVjQmum5UmxyJ8sKeKswp2fiwgl27sm6N0VnAHrloph3Y

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 22 Jul 2023 16:33:04 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 62FB 0
20 B 72ms
71ms Ping
image/gif 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tler&ord=1738360622926&version=m202306200101&ct=76&x=1&cor=10616475221762906000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://39398e5a679a9dbb947c244fab0d9cc5.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 22 Jul 2023 16:33:05 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 pixel.gif
px.moatads.com/ Frame 2181 43 B
265 B 8ms
7ms Image
image/gif 23.35.237.151
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px.moatads.com/pixel.gif?e=37&q=1&hp=1&ra=1&pxm=9&sgs=3&vb=-1&kq=1&lo=0&uk=null&pk=0&wk=0&rk=0&tk=0&ak=-&i=XAXIS_LATAM_2020_SIZMEK_DISPLAY1&ol=2810679367&qn=%604%7BZEYwoqI%24%5BK%2BdLLU)%2CMm~tM!90vv9L%24%2FoDb%2Fz(lKm3GFlNUU%2Cu%5Bh_GcS%25%5BHvLU%5B4(K%2B%7BgeFWl_%3DNqUXR%3A%3D%2BAxMn%3Ch%2CyenA8p%2FHm%24%60%233P(ry5*ZRocMp1tq%5BN%7Bq%60RP%3CG.ceFW%7CoG%22mxT%3Bwv%40V374BKm55%3D%261fp%5BoU5t(K3%2BA%24%3D!!tex8j3Mn%3Cz%5D6WAJN3NZ_h)G%3E3%5D*lTr1W*d%5B4kf%2FLyUoRdByZ%3CPnKMV%25%3C%2Cbq.%22oDOk%2Cz%25GY&tf=1_nMzjG---CSa7H-nHVQZC-bW7qhB-LRwqH-nMzjG-&vi=111111&rc=2%2C1%2C0%2C3%2C3326192205%2C1%2C4%2C0%2Cprobably%2Cprobably&rb=1-1cQ31%2B7Cex1YkaWe08ceLJHXkgPshLKyuz%2F4uhjkxPYPVB8OEV7WXRwEOC0dEk1CVCWz&rs=1-wA7GM1%2F1Kg7M0g%3D%3D&sc=1&os=1-Iw%3D%3D&qp=10000&is=BBBBB2BBEYBvGl2BBCBBtUTE1RmsqbKW8BsrBu0rCFE48CRBeeBS2hWTMBBQeQBBn2soYggyUig0CBlWZ0uBBCCCCCCOgRBBiOfnE6Bkg7Oxib8MwBtJYHCBdm5kBhIcC9Y8oBXckXBR76iUUsJBCBBBBBBBBBWBBBj3BBBZeGV2BBBCMciUBBBjgEBBBBBB94UMgTdJMtEcpMBBBQBBBniOccBBBBBB47kNwxBbBBBBBBBBBhcjG6BBJM2L4Bk8BwCBQmIoRBBCzBz1BBCTClBBrbBBC4ehueB57NG9aJfR0BqBBiuwBBBB&iv=8&qt=0&gz=0&hh=0&hn=0&tw=&qc=0&qd=0&qf=340&qe=280&qh=1600&qg=1200&qm=0&qa=1600&qb=1200&qi=1600&qj=1200&to=000&po=1-0020002000002120&vy=ot%24b%5Bh%40%22oD~T_Gr1%3E%3AB%40NVt7%3BY%3EhyMmxNXJZPV8t6%3D%3Dh_GW3r4Aj!L%3E%2BbK0pH%23H&ql=%3B%5BpwxnRd%7Dt%3Aal9EU%22y%2F.D%5B5%2F%5BGI%3Fi6%5EB61%2F%3DSqcMr1%7B%2CTu9LJJ(a.P%2B)s1(uA&qo=0&qr=0&vf=1&vg=100&bq=0&g=2&h=250&w=300&hq=0&hs=0&hu=0&hr=0&ht=1&dnt=0&zMoatGSR=1&ph=&pj=standard&zGSRC=1&gu=https%3A%2F%2Fonotepad.com%2FsPIhfJ&id=0&ii=6&f=1&j=https%3A%2F%2Fonotepad.com&lp=https%3A%2F%2Fonotepad.com&t=1690043583990&de=887407844270&cu=1690043583990&m=1342&ar=c013c52fed3-clean&iw=c0d5a00&cb=0&ym=0&ll=2&lm=2&ln=1&r=0&dl=0&nh=1&xx=undefined%3A875484570224&td=1&lk=undefined&lb=280&le=1&lf=287&lg=1&lh=61&gm=1&io=1&ch=1&vv=3&vw=0%3A3%3A0&vp=100&vx=-%3A100%3A-&pe=0%3A-%3A-%3A3547%3A1146&aa=1&ad=1147&cn=76&gn=1&gk=1147&gl=76&ik=1147&ic=1147&ez=1&co=1147&cp=1107&cq=1&im=1&in=1&pd=1&nb=1&em=0&en=0&st=1&su=1&of=1&oz=1&oe=0%3A0%3A0%3Anull%3A-1%3Anull%3A-1%3Anull%3A-1&bu=1107&cd=86&ah=1107&am=86&xd=00&rf=0&re=1&wb=1&cl=0&at=0&d=1074637387%3A86340%3A1079439569%3A1090994296&bo=onotepad.com&bd=onotepad.com&gw=xaxislatam2020sizmekdisplay101401867638&zMoatOrigSlicer1=N%2FA&zMoatOrigSlicer2=N%2FA&zMoatADV=197393&zMoatAS=Sizmek&hv=Exps%3A%20Sizmek%20backref%20%7C%20findIframeAds&ab=2&fd=1&kt=sframe&it=500&fz=1&oq=1&ot=ff&zMoatJS=3%3A-&ti=0&ih=2&jk=5&jm=-1&tc=0&fs=204627&na=531537721&cs=0
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.35.237.151 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-35-237-151.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

unused62: 8096267
pragma: no-cache
date: Sat, 22 Jul 2023 16:33:05 GMT
last-modified: Fri, 20 May 2016 15:16:00 GMT
server: AkamaiNetStorage
etag: "ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Sat, 22 Jul 2023 16:33:05 GMT

GET
H2 200 pixel.gif
xaxislatamdisplay5449357860.s.moatpixel.com/ Frame 2181 43 B
265 B 36ms
35ms Image
image/gif 2.18.161.148
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://xaxislatamdisplay5449357860.s.moatpixel.com/pixel.gif?m=1&iv=1&tuv=1107&tet=1147&fi=1&apd=1308&ui=0&uit=0&h=0&th=-1&s=-1&ts=-1&bfa=-1&d=onotepad.com&L1id=1074637387&L2id=86340&L3id=1079439569&L4id=1090994296&S1id=onotepad.com&S2id=onotepad.com&ord=1690043583990&r=887407844270&t=iv&os=1&fi2=0&div1=1&ait=0&url=https%253A%252F%252Fonotepad.com%252FsPIhfJ&mobile=0&click=0&initW=300&initH=250&initSRE=0.0390625&zMoatADV=197393&zMoatAS=Sizmek&bedc=1&q=6&BSD=safe&BSC=moat_unsure&nu=1&ib=0&dc=1&ob=0&oh=0&lt=0&ab=0&n=1&nm=1&sp=0&pt=0
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2.18.161.148 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-161-148.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

unused62: 8096267
pragma: no-cache
date: Sat, 22 Jul 2023 16:33:05 GMT
last-modified: Fri, 20 May 2016 15:16:00 GMT
server: AkamaiNetStorage
etag: "ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Sat, 22 Jul 2023 16:33:05 GMT

POST
H2 200 adServer.bs
bs.serving-sys.com/Serving/ Frame 0332 0
268 B 12ms
12ms Ping
text/html 18.194.104.7
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://bs.serving-sys.com/Serving/adServer.bs?cn=int&iv=2&int=1090994296~~0~~1077982150~~2326489741120530330^VsIAB~0~0~01020~1889&usercookie=u2=17c3e628-7305-4d95-9b99-af2427d4597b&OptOut=1&rnd=0.14523752363388587&res=32
Requested by: Host: secure-ds.serving-sys.com
URL: https://secure-ds.serving-sys.com/BurstingCachedScripts//Ad_2_241_3_0/ebHtml5PoliteBanner.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.194.104.7 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-194-104-7.eu-central-1.compute.amazonaws.com
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 22 Jul 2023 16:33:05 GMT
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET
content-type: text/html; charset=UTF-8
access-control-allow-origin: https://googleads.g.doubleclick.net
p3p: CP="NOI DEVa OUR BUS UNI"
cache-control: no-cache, no-store
access-control-allow-credentials: true
content-length: 0
expires: Sun, 05-Jun-2005 22:00:00 GMT

GET
H2 200 pixel.gif
px.moatads.com/ Frame 2181 43 B
265 B 7ms
7ms Image
image/gif 23.35.237.151
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px.moatads.com/pixel.gif?e=5&q=0&hp=1&ra=1&pxm=9&sgs=3&vb=-1&kq=1&lo=0&uk=null&pk=0&wk=0&rk=0&tk=0&ak=-&i=XAXIS_LATAM_2020_SIZMEK_DISPLAY1&ol=2810679367&qn=%604%7BZEYwoqI%24%5BK%2BdLLU)%2CMm~tM!90vv9L%24%2FoDb%2Fz(lKm3GFlNUU%2Cu%5Bh_GcS%25%5BHvLU%5B4(K%2B%7BgeFWl_%3DNqUXR%3A%3D%2BAxMn%3Ch%2CyenA8p%2FHm%24%60%233P(ry5*ZRocMp1tq%5BN%7Bq%60RP%3CG.ceFW%7CoG%22mxT%3Bwv%40V374BKm55%3D%261fp%5BoU5t(K3%2BA%24%3D!!tex8j3Mn%3Cz%5D6WAJN3NZ_h)G%3E3%5D*lTr1W*d%5B4kf%2FLyUoRdByZ%3CPnKMV%25%3C%2Cbq.%22oDOk%2Cz%25GY&tf=1_nMzjG---CSa7H-nHVQZC-bW7qhB-LRwqH-nMzjG-&vi=111111&rc=2%2C1%2C0%2C3%2C3326192205%2C1%2C4%2C0%2Cprobably%2Cprobably&rb=1-1cQ31%2B7Cex1YkaWe08ceLJHXkgPshLKyuz%2F4uhjkxPYPVB8OEV7WXRwEOC0dEk1CVCWz&rs=1-wA7GM1%2F1Kg7M0g%3D%3D&sc=1&os=1-Iw%3D%3D&qp=10000&is=BBBBB2BBEYBvGl2BBCBBtUTE1RmsqbKW8BsrBu0rCFE48CRBeeBS2hWTMBBQeQBBn2soYggyUig0CBlWZ0uBBCCCCCCOgRBBiOfnE6Bkg7Oxib8MwBtJYHCBdm5kBhIcC9Y8oBXckXBR76iUUsJBCBBBBBBBBBWBBBj3BBBZeGV2BBBCMciUBBBjgEBBBBBB94UMgTdJMtEcpMBBBQBBBniOccBBBBBB47kNwxBbBBBBBBBBBhcjG6BBJM2L4Bk8BwCBQmIoRBBCzBz1BBCTClBBrbBBC4ehueB57NG9aJfR0BqBBiuwBBBB&iv=8&qt=0&gz=0&hh=0&hn=0&tw=&qc=0&qd=0&qf=340&qe=280&qh=1600&qg=1200&qm=0&qa=1600&qb=1200&qi=1600&qj=1200&to=000&po=1-0020002000002120&vy=ot%24b%5Bh%40%22oD~T_Gr1%3E%3AB%40NVt7%3BY%3EhyMmxNXJZPV8t6%3D%3Dh_GW3r4Aj!L%3E%2BbK0pH%23H&ql=%3B%5BpwxnRd%7Dt%3Aal9EU%22y%2F.D%5B5%2F%5BGI%3Fi6%5EB61%2F%3DSqcMr1%7B%2CTu9LJJ(a.P%2B)s1(uA&qo=0&qr=0&vf=1&vg=100&bq=0&g=3&h=250&w=300&hq=0&hs=0&hu=0&hr=0&ht=1&dnt=0&zMoatGSR=1&ph=&pj=standard&zGSRC=1&gu=https%3A%2F%2Fonotepad.com%2FsPIhfJ&id=0&ii=6&f=1&j=https%3A%2F%2Fonotepad.com&lp=https%3A%2F%2Fonotepad.com&t=1690043583990&de=887407844270&cu=1690043583990&m=1343&ar=c013c52fed3-clean&iw=c0d5a00&cb=0&ym=0&ll=2&lm=2&ln=1&r=0&dl=0&nh=1&xx=undefined%3A875484570224&td=1&lk=undefined&lb=280&le=1&lf=287&lg=1&lh=61&gm=1&io=1&ch=1&vv=3&vw=0%3A3%3A0&vp=100&vx=-%3A100%3A-&pe=0%3A-%3A-%3A3547%3A1146&aa=1&ad=1147&cn=1147&gn=1&gk=1147&gl=1147&ik=1147&ic=1147&ez=1&co=1147&cp=1107&cq=1&im=1&in=1&pd=1&nb=1&em=0&en=0&st=1&su=1&of=1&oz=1&oe=0%3A0%3A0%3Anull%3A-1%3Anull%3A-1%3Anull%3A-1&bu=1107&cd=1107&ah=1107&am=1107&xd=00&rf=0&re=1&wb=1&cl=0&at=0&d=1074637387%3A86340%3A1079439569%3A1090994296&bo=onotepad.com&bd=onotepad.com&gw=xaxislatam2020sizmekdisplay101401867638&zMoatOrigSlicer1=N%2FA&zMoatOrigSlicer2=N%2FA&zMoatADV=197393&zMoatAS=Sizmek&hv=Exps%3A%20Sizmek%20backref%20%7C%20findIframeAds&ab=2&fd=1&kt=sframe&it=500&fz=1&oq=1&ot=ff&zMoatJS=3%3A-&ti=0&ih=2&jk=5&jm=-1&tc=0&fs=204627&na=720692627&cs=0
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.35.237.151 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-35-237-151.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

unused62: 8096267
pragma: no-cache
date: Sat, 22 Jul 2023 16:33:05 GMT
last-modified: Fri, 20 May 2016 15:16:00 GMT
server: AkamaiNetStorage
etag: "ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Sat, 22 Jul 2023 16:33:05 GMT

GET
H2 200 pixel.gif
px.moatads.com/ Frame 2181 43 B
265 B 8ms
8ms Image
image/gif 23.35.237.151
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px.moatads.com/pixel.gif?e=37&q=2&hp=1&ra=1&pxm=9&sgs=3&vb=-1&kq=1&lo=0&uk=null&pk=0&wk=0&rk=0&tk=0&ak=-&i=XAXIS_LATAM_2020_SIZMEK_DISPLAY1&ol=2810679367&qn=%604%7BZEYwoqI%24%5BK%2BdLLU)%2CMm~tM!90vv9L%24%2FoDb%2Fz(lKm3GFlNUU%2Cu%5Bh_GcS%25%5BHvLU%5B4(K%2B%7BgeFWl_%3DNqUXR%3A%3D%2BAxMn%3Ch%2CyenA8p%2FHm%24%60%233P(ry5*ZRocMp1tq%5BN%7Bq%60RP%3CG.ceFW%7CoG%22mxT%3Bwv%40V374BKm55%3D%261fp%5BoU5t(K3%2BA%24%3D!!tex8j3Mn%3Cz%5D6WAJN3NZ_h)G%3E3%5D*lTr1W*d%5B4kf%2FLyUoRdByZ%3CPnKMV%25%3C%2Cbq.%22oDOk%2Cz%25GY&tf=1_nMzjG---CSa7H-nHVQZC-bW7qhB-LRwqH-nMzjG-&vi=111111&rc=2%2C1%2C0%2C3%2C3326192205%2C1%2C4%2C0%2Cprobably%2Cprobably&rb=1-1cQ31%2B7Cex1YkaWe08ceLJHXkgPshLKyuz%2F4uhjkxPYPVB8OEV7WXRwEOC0dEk1CVCWz&rs=1-wA7GM1%2F1Kg7M0g%3D%3D&sc=1&os=1-Iw%3D%3D&qp=10000&is=BBBBB2BBEYBvGl2BBCBBtUTE1RmsqbKW8BsrBu0rCFE48CRBeeBS2hWTMBBQeQBBn2soYggyUig0CBlWZ0uBBCCCCCCOgRBBiOfnE6Bkg7Oxib8MwBtJYHCBdm5kBhIcC9Y8oBXckXBR76iUUsJBCBBBBBBBBBWBBBj3BBBZeGV2BBBCMciUBBBjgEBBBBBB94UMgTdJMtEcpMBBBQBBBniOccBBBBBB47kNwxBbBBBBBBBBBhcjG6BBJM2L4Bk8BwCBQmIoRBBCzBz1BBCTClBBrbBBC4ehueB57NG9aJfR0BqBBiuwBBBB&iv=8&qt=0&gz=0&hh=0&hn=0&tw=&qc=0&qd=0&qf=340&qe=280&qh=1600&qg=1200&qm=0&qa=1600&qb=1200&qi=1600&qj=1200&to=000&po=1-0020002000002120&vy=ot%24b%5Bh%40%22oD~T_Gr1%3E%3AB%40NVt7%3BY%3EhyMmxNXJZPV8t6%3D%3Dh_GW3r4Aj!L%3E%2BbK0pH%23H&ql=%3B%5BpwxnRd%7Dt%3Aal9EU%22y%2F.D%5B5%2F%5BGI%3Fi6%5EB61%2F%3DSqcMr1%7B%2CTu9LJJ(a.P%2B)s1(uA&qo=0&qr=0&vf=1&vg=100&bq=0&g=4&h=250&w=300&hq=0&hs=0&hu=0&hr=0&ht=1&dnt=0&zMoatGSR=1&ph=&pj=standard&zGSRC=1&gu=https%3A%2F%2Fonotepad.com%2FsPIhfJ&id=0&ii=6&f=1&j=https%3A%2F%2Fonotepad.com&lp=https%3A%2F%2Fonotepad.com&t=1690043583990&de=887407844270&cu=1690043583990&m=1343&ar=c013c52fed3-clean&iw=c0d5a00&cb=0&ym=0&ll=2&lm=2&ln=1&r=0&dl=0&nh=1&xx=undefined%3A875484570224&td=1&lk=undefined&lb=280&le=1&lf=287&lg=1&lh=61&gm=1&io=1&ch=1&vv=3&vw=0%3A3%3A0&vp=100&vx=-%3A100%3A-&pe=0%3A-%3A-%3A3547%3A1146&aa=1&ad=1147&cn=1147&gn=1&gk=1147&gl=1147&ik=1147&ic=1147&ez=1&co=1147&cp=1107&cq=1&im=1&in=1&pd=1&nb=1&em=0&en=0&st=1&su=1&of=1&oz=1&oe=0%3A0%3A0%3Anull%3A-1%3Anull%3A-1%3Anull%3A-1&bu=1107&cd=1107&ah=1107&am=1107&xd=00&rf=0&re=1&wb=1&cl=0&at=0&d=1074637387%3A86340%3A1079439569%3A1090994296&bo=onotepad.com&bd=onotepad.com&gw=xaxislatam2020sizmekdisplay101401867638&zMoatOrigSlicer1=N%2FA&zMoatOrigSlicer2=N%2FA&zMoatADV=197393&zMoatAS=Sizmek&hv=Exps%3A%20Sizmek%20backref%20%7C%20findIframeAds&ab=2&fd=1&kt=sframe&it=500&fz=1&oq=1&ot=ff&zMoatJS=3%3A-&ti=0&ih=2&jk=5&jm=-1&tc=0&fs=204627&na=1815458541&cs=0
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.35.237.151 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-35-237-151.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

unused62: 8096267
pragma: no-cache
date: Sat, 22 Jul 2023 16:33:05 GMT
last-modified: Fri, 20 May 2016 15:16:00 GMT
server: AkamaiNetStorage
etag: "ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Sat, 22 Jul 2023 16:33:05 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 0332 0
20 B 71ms
71ms Ping
image/gif 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tler&ord=5979160564803&version=m202306200101&ct=77&x=1&cor=1579833109340845000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 22 Jul 2023 16:33:05 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 03032023-031223692-1456_180_quadratisch_congstar-x_ohne-x-2a40b6d1b-f64b-4fb4-9687-a98690d67cd7.png
s0.2mdn.net/4528404/ Frame 21B4 35 KB
35 KB 39ms
38ms Image
image/png 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/4528404/03032023-031223692-1456_180_quadratisch_congstar-x_ohne-x-2a40b6d1b-f64b-4fb4-9687-a98690d67cd7.png

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4d09cab2ffe4eaafe307a0bdcda04620353440346a1f445850707c56382e9cae

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/9548364509937149214/index.html?e=69&leftOffset=0&topOffset=0&c=BxWBeZakZg&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date: Sat, 22 Jul 2023 03:01:45 GMT
x-content-type-options: nosniff
age: 48682
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 36230
x-xss-protection: 0
last-modified: Fri, 03 Mar 2023 11:12:23 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 23 Jul 2023 03:01:45 GMT

GET
H2 200 dc_oe=ChMIxbH3-t6igAMVHeERCB1R7ghKEAAYACC03uxKQhMIkMWu-t6igAMVPpH9Bx2p3AuA;stragg=1;&timestamp=1690043587461;str=Show%20Slide%200;strtype=1
ade.googlesyndication.com/ddm/activity/ Frame 62FB 42 B
401 B 327ms
73ms Image
image/gif 142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ade.googlesyndication.com/ddm/activity/dc_oe=ChMIxbH3-t6igAMVHeERCB1R7ghKEAAYACC03uxKQhMIkMWu-t6igAMVPpH9Bx2p3AuA;stragg=1;&timestamp=1690043587461;str=Show%20Slide%200;strtype=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://39398e5a679a9dbb947c244fab0d9cc5.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 22 Jul 2023 16:33:07 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H/1.1 200
OK int Show response
lm.serving-sys.com/lm/ Frame 0332 0
193 B 33ms
8ms XHR
text/plain 3.73.242.95
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://lm.serving-sys.com/lm/int
Requested by: Host: secure-ds.serving-sys.com
URL: https://secure-ds.serving-sys.com/BurstingCachedScripts//Ad_2_241_3_0/ebHtml5PoliteBanner.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.73.242.95 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-73-242-95.eu-central-1.compute.amazonaws.com
Software: LogModule 0.6 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://googleads.g.doubleclick.net/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36
Content-type: application/x-www-form-urlencoded

Response headers

Access-Control-Allow-Origin: https://googleads.g.doubleclick.net
Access-Control-Allow-Credentials: true
Server: LogModule 0.6
Content-Length: 0
Content-Type: text/plain

GET
H2 200 pixel.gif
xaxislatamdisplay5449357860.s.moatpixel.com/ Frame 2181 43 B
265 B 7ms
7ms Image
image/gif 2.18.161.148
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://xaxislatamdisplay5449357860.s.moatpixel.com/pixel.gif?m=1&iv=1&tuv=1107&tet=4958&fi=1&apd=5119&ui=0&uit=0&h=0&th=-1&s=-1&ts=-1&bfa=-1&d=onotepad.com&L1id=1074637387&L2id=86340&L3id=1079439569&L4id=1090994296&S1id=onotepad.com&S2id=onotepad.com&ord=1690043583990&r=887407844270&t=page5&os=1&fi2=1&div1=1&ait=0&url=https%253A%252F%252Fonotepad.com%252FsPIhfJ&mobile=0&click=0&initW=300&initH=250&initSRE=0.0390625&zMoatADV=197393&zMoatAS=Sizmek&bedc=1&q=7&BSD=safe&BSC=moat_unsure&nu=1&ib=0&dc=1&ob=0&oh=0&lt=0&ab=0&n=1&nm=1&sp=0&pt=0
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2.18.161.148 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-161-148.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

unused62: 8096267
pragma: no-cache
date: Sat, 22 Jul 2023 16:33:09 GMT
last-modified: Fri, 20 May 2016 15:16:00 GMT
server: AkamaiNetStorage
etag: "ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Sat, 22 Jul 2023 16:33:09 GMT

GET
H2 200 pixel.gif
px.moatads.com/ Frame 2181 43 B
265 B 7ms
7ms Image
image/gif 23.35.237.151
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px.moatads.com/pixel.gif?e=9&q=0&hp=1&ra=1&pxm=9&sgs=3&vb=-1&kq=1&lo=0&uk=null&pk=0&wk=0&rk=0&tk=0&ak=-&i=XAXIS_LATAM_2020_SIZMEK_DISPLAY1&ol=2810679367&qn=%604%7BZEYwoqI%24%5BK%2BdLLU)%2CMm~tM!90vv9L%24%2FoDb%2Fz(lKm3GFlNUU%2Cu%5Bh_GcS%25%5BHvLU%5B4(K%2B%7BgeFWl_%3DNqUXR%3A%3D%2BAxMn%3Ch%2CyenA8p%2FHm%24%60%233P(ry5*ZRocMp1tq%5BN%7Bq%60RP%3CG.ceFW%7CoG%22mxT%3Bwv%40V374BKm55%3D%261fp%5BoU5t(K3%2BA%24%3D!!tex8j3Mn%3Cz%5D6WAJN3NZ_h)G%3E3%5D*lTr1W*d%5B4kf%2FLyUoRdByZ%3CPnKMV%25%3C%2Cbq.%22oDOk%2Cz%25GY&tf=1_nMzjG---CSa7H-nHVQZC-bW7qhB-LRwqH-nMzjG-&vi=111111&rc=2%2C1%2C0%2C3%2C3326192205%2C1%2C4%2C0%2Cprobably%2Cprobably&rb=1-1cQ31%2B7Cex1YkaWe08ceLJHXkgPshLKyuz%2F4uhjkxPYPVB8OEV7WXRwEOC0dEk1CVCWz&rs=1-wA7GM1%2F1Kg7M0g%3D%3D&sc=1&os=1-Iw%3D%3D&qp=10000&is=BBBBB2BBEYBvGl2BBCBBtUTE1RmsqbKW8BsrBu0rCFE48CRBeeBS2hWTMBBQeQBBn2soYggyUig0CBlWZ0uBBCCCCCCOgRBBiOfnE6Bkg7Oxib8MwBtJYHCBdm5kBhIcC9Y8oBXckXBR76iUUsJBCBBBBBBBBBWBBBj3BBBZeGV2BBBCMciUBBBjgEBBBBBB94UMgTdJMtEcpMBBBQBBBniOccBBBBBB47kNwxBbBBBBBBBBBhcjG6BBJM2L4Bk8BwCBQmIoRBBCzBz1BBCTClBBrbBBC4ehueB57NG9aJfR0BqBBiuwBBBB&iv=8&qt=0&gz=0&hh=0&hn=0&tw=&qc=0&qd=0&qf=340&qe=280&qh=1600&qg=1200&qm=0&qa=1600&qb=1200&qi=1600&qj=1200&to=000&po=1-0020002000002120&vy=ot%24b%5Bh%40%22oD~T_Gr1%3E%3AB%40NVt7%3BY%3EhyMmxNXJZPV8t6%3D%3Dh_GW3r4Aj!L%3E%2BbK0pH%23H&ql=%3B%5BpwxnRd%7Dt%3Aal9EU%22y%2F.D%5B5%2F%5BGI%3Fi6%5EB61%2F%3DSqcMr1%7B%2CTu9LJJ(a.P%2B)s1(uA&qo=0&qr=0&vf=1&vg=100&bq=0&g=5&h=250&w=300&hq=0&hs=0&hu=0&hr=0&ht=1&dnt=0&zMoatGSR=1&ph=&pj=standard&zGSRC=1&gu=https%3A%2F%2Fonotepad.com%2FsPIhfJ&id=0&ii=6&f=1&j=https%3A%2F%2Fonotepad.com&lp=https%3A%2F%2Fonotepad.com&t=1690043583990&de=887407844270&cu=1690043583990&m=5354&ar=c013c52fed3-clean&iw=c0d5a00&cb=0&ym=0&ll=2&lm=2&ln=1&r=0&dl=0&nh=1&xx=undefined%3A875484570224&td=1&lk=undefined&lb=280&le=1&lf=287&lg=1&lh=61&gm=1&io=1&ch=1&vv=3&vw=0%3A3%3A0&vp=100&vx=-%3A100%3A-&pe=0%3A-%3A-%3A3547%3A1146&aa=1&ad=5159&cn=1147&gn=1&gk=5159&gl=1147&ik=5159&ic=5159&ez=1&co=1147&cp=1107&cq=1&im=1&in=1&pd=1&nb=1&em=0&en=0&st=1&su=1&of=1&oz=1&oe=0%3A0%3A0%3Anull%3A-1%3Anull%3A-1%3Anull%3A-1&bu=5119&cd=1107&ah=5119&am=1107&xd=00&rf=0&re=1&wb=2&cl=0&at=0&d=1074637387%3A86340%3A1079439569%3A1090994296&bo=onotepad.com&bd=onotepad.com&gw=xaxislatam2020sizmekdisplay101401867638&zMoatOrigSlicer1=N%2FA&zMoatOrigSlicer2=N%2FA&zMoatADV=197393&zMoatAS=Sizmek&hv=Exps%3A%20Sizmek%20backref%20%7C%20findIframeAds&ab=2&fd=1&kt=sframe&it=500&fz=1&oq=1&ot=ff&zMoatJS=3%3A-&ti=0&ih=2&jk=7&jm=-1&tc=0&fs=204627&na=1060898136&cs=0
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.35.237.151 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-35-237-151.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

unused62: 8096267
pragma: no-cache
date: Sat, 22 Jul 2023 16:33:09 GMT
last-modified: Fri, 20 May 2016 15:16:00 GMT
server: AkamaiNetStorage
etag: "ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Sat, 22 Jul 2023 16:33:09 GMT

GET
H2 200 pixel.gif
px.moatads.com/ Frame 2181 43 B
265 B 7ms
7ms Image
image/gif 23.35.237.151
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px.moatads.com/pixel.gif?e=9&q=1&hp=1&ra=1&pxm=9&sgs=3&vb=-1&kq=1&lo=0&uk=null&pk=0&wk=0&rk=0&tk=0&ak=-&i=XAXIS_LATAM_2020_SIZMEK_DISPLAY1&ol=2810679367&qn=%604%7BZEYwoqI%24%5BK%2BdLLU)%2CMm~tM!90vv9L%24%2FoDb%2Fz(lKm3GFlNUU%2Cu%5Bh_GcS%25%5BHvLU%5B4(K%2B%7BgeFWl_%3DNqUXR%3A%3D%2BAxMn%3Ch%2CyenA8p%2FHm%24%60%233P(ry5*ZRocMp1tq%5BN%7Bq%60RP%3CG.ceFW%7CoG%22mxT%3Bwv%40V374BKm55%3D%261fp%5BoU5t(K3%2BA%24%3D!!tex8j3Mn%3Cz%5D6WAJN3NZ_h)G%3E3%5D*lTr1W*d%5B4kf%2FLyUoRdByZ%3CPnKMV%25%3C%2Cbq.%22oDOk%2Cz%25GY&tf=1_nMzjG---CSa7H-nHVQZC-bW7qhB-LRwqH-nMzjG-&vi=111111&rc=2%2C1%2C0%2C3%2C3326192205%2C1%2C4%2C0%2Cprobably%2Cprobably&rb=1-1cQ31%2B7Cex1YkaWe08ceLJHXkgPshLKyuz%2F4uhjkxPYPVB8OEV7WXRwEOC0dEk1CVCWz&rs=1-wA7GM1%2F1Kg7M0g%3D%3D&sc=1&os=1-Iw%3D%3D&qp=10000&is=BBBBB2BBEYBvGl2BBCBBtUTE1RmsqbKW8BsrBu0rCFE48CRBeeBS2hWTMBBQeQBBn2soYggyUig0CBlWZ0uBBCCCCCCOgRBBiOfnE6Bkg7Oxib8MwBtJYHCBdm5kBhIcC9Y8oBXckXBR76iUUsJBCBBBBBBBBBWBBBj3BBBZeGV2BBBCMciUBBBjgEBBBBBB94UMgTdJMtEcpMBBBQBBBniOccBBBBBB47kNwxBbBBBBBBBBBhcjG6BBJM2L4Bk8BwCBQmIoRBBCzBz1BBCTClBBrbBBC4ehueB57NG9aJfR0BqBBiuwBBBB&iv=8&qt=0&gz=0&hh=0&hn=0&tw=&qc=0&qd=0&qf=340&qe=280&qh=1600&qg=1200&qm=0&qa=1600&qb=1200&qi=1600&qj=1200&to=000&po=1-0020002000002120&vy=ot%24b%5Bh%40%22oD~T_Gr1%3E%3AB%40NVt7%3BY%3EhyMmxNXJZPV8t6%3D%3Dh_GW3r4Aj!L%3E%2BbK0pH%23H&ql=%3B%5BpwxnRd%7Dt%3Aal9EU%22y%2F.D%5B5%2F%5BGI%3Fi6%5EB61%2F%3DSqcMr1%7B%2CTu9LJJ(a.P%2B)s1(uA&qo=0&qr=0&vf=1&vg=100&bq=0&g=6&h=250&w=300&hq=0&hs=0&hu=0&hr=0&ht=1&dnt=0&zMoatGSR=1&ph=&pj=standard&zGSRC=1&gu=https%3A%2F%2Fonotepad.com%2FsPIhfJ&id=0&ii=6&f=1&j=https%3A%2F%2Fonotepad.com&lp=https%3A%2F%2Fonotepad.com&t=1690043583990&de=887407844270&cu=1690043583990&m=5555&ar=c013c52fed3-clean&iw=c0d5a00&cb=0&ym=0&ll=2&lm=2&ln=1&r=0&dl=0&nh=1&xx=undefined%3A875484570224&td=1&lk=undefined&lb=280&le=1&lf=287&lg=1&lh=61&gm=1&io=1&ch=1&vv=3&vw=0%3A3%3A0&vp=100&vx=-%3A100%3A-&pe=0%3A-%3A-%3A3547%3A1146&aa=1&ad=5360&cn=5159&gn=1&gk=5360&gl=5159&ik=5360&ic=5360&ez=1&co=1147&cp=1107&cq=1&im=1&in=1&pd=1&nb=1&em=0&en=0&st=1&su=1&of=1&oz=1&oe=0%3A0%3A0%3Anull%3A-1%3Anull%3A-1%3Anull%3A-1&bu=5320&cd=5119&ah=5320&am=5119&xd=00&rf=0&re=1&wb=2&cl=0&at=0&d=1074637387%3A86340%3A1079439569%3A1090994296&bo=onotepad.com&bd=onotepad.com&gw=xaxislatam2020sizmekdisplay101401867638&zMoatOrigSlicer1=N%2FA&zMoatOrigSlicer2=N%2FA&zMoatADV=197393&zMoatAS=Sizmek&hv=Exps%3A%20Sizmek%20backref%20%7C%20findIframeAds&ab=2&fd=1&kt=sframe&it=500&fz=1&oq=1&ot=ff&zMoatJS=3%3A-&ti=0&ih=2&jk=7&jm=-1&tc=0&fs=204627&na=1748926277&cs=0
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.35.237.151 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-35-237-151.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

unused62: 8096267
pragma: no-cache
date: Sat, 22 Jul 2023 16:33:09 GMT
last-modified: Fri, 20 May 2016 15:16:00 GMT
server: AkamaiNetStorage
etag: "ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Sat, 22 Jul 2023 16:33:09 GMT

Verdicts & Comments Add Verdict or Comment

65 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

13 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
onotepad.com/	1969-12-31 23:59:59	Name: PHPSESSID Value: 4m59j98u8aijtbo7j5uc6fuhaf
.onotepad.com/	1970-01-20 23:03:23	Name: _ga_MBRRS8LVYD Value: GS1.1.1690043580.1.0.1690043580.0.0.0
.onotepad.com/	1970-01-20 23:03:23	Name: _ga Value: GA1.1.1764885341.1690043581
.onotepad.com/	1970-01-20 22:48:59	Name: __gads Value: ID=7bf1380baaa93275:T=1690043580:RT=1690043580:S=ALNI_MZEu9ZdfDdmAaXyoPmDTKBIYiIJjg
.onotepad.com/	1970-01-20 22:48:59	Name: __gpi Value: UID=00000c428be30ee4:T=1690043580:RT=1690043580:S=ALNI_Mbm5eITeblBML-v3TkMuRMh6mz7AA
.doubleclick.net/	1970-01-20 22:48:59	Name: IDE Value: AHWqTUmf5XGE2QrhD0ATYcTozmvNjEgS-EagrjDCaY5bLd_kGhbEewghk2_MYWDZ
.casalemedia.com/	1970-01-20 22:12:59	Name: CMID Value: ZLwEvZt.A7.ppBBIoyt-ZQAA
.casalemedia.com/	1970-01-20 15:36:59	Name: CMPS Value: 3192
.casalemedia.com/	1970-01-20 15:36:59	Name: CMPRO Value: 3192
.adnxs.com/	1970-01-20 15:36:59	Name: uuid2 Value: 4036960260991163600
.doubleclick.net/	1970-01-20 13:27:27	Name: DSID Value: NO_DATA
.doubleclick.net/	1970-01-20 17:46:35	Name: APC Value: Aa3gxNob1a9aS8rZ28Zvzi4svoaLwPlQlHQWjBLtZZVlCS3D8aP2Hg
.adnxs.com/	1970-01-20 15:36:59	Name: anj Value: dTM7k!M41.D>6NRF']wIg2Ilhi^%#5!]tbp8i_iqf!oN/@E'zz<Z0QA9(jt`+44vhy'A`p-1CS0Mjl[.>M0WOJ3)<QG=%9sk@3@'s>TF8<?.

3 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
javascript	warning	URL: https://secure-ds.serving-sys.com/BurstingCachedScripts//Ad_2_241_3_0/ebHtml5PoliteBanner.js(Line 117) Message: The devicemotion events are blocked by permissions policy. See https://github.com/w3c/webappsec-permissions-policy/blob/master/features.md#sensor-features
javascript	warning	URL: https://secure-ds.serving-sys.com/BurstingCachedScripts//Ad_2_241_3_0/ebHtml5PoliteBanner.js(Line 117) Message: The deviceorientation events are blocked by permissions policy. See https://github.com/w3c/webappsec-permissions-policy/blob/master/features.md#sensor-features
javascript	warning	(Line 3) Message: The deviceorientation events are blocked by permissions policy. See https://github.com/w3c/webappsec-permissions-policy/blob/master/features.md#sensor-features

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

39398e5a679a9dbb947c244fab0d9cc5.safeframe.googlesyndication.com
ade.googlesyndication.com
adservice.google.com
ajax.googleapis.com
bs.serving-sys.com
cdn.jsdelivr.net
cdn.tiny.cloud
cdnjs.cloudflare.com
cm.g.doubleclick.net
code.jquery.com
dsum-sec.casalemedia.com
fonts.googleapis.com
fonts.gstatic.com
geo.moatads.com
googleads.g.doubleclick.net
googleads4.g.doubleclick.net
ib.adnxs.com
lm.serving-sys.com
mb.moatads.com
mx-gmtdmp.mookie1.com
mynewsmedia.co
onotepad.com
pagead2.googlesyndication.com
partner.googleadservices.com
px.moatads.com
region1.google-analytics.com
s0.2mdn.net
secure-ds.serving-sys.com
securepubads.g.doubleclick.net
sp.tinymce.com
tpc.googlesyndication.com
unpkg.com
www.google.com
www.googletagmanager.com
www.googletagservices.com
www.gstatic.com
xaxislatamdisplay5449357860.s.moatpixel.com
z.moatads.com
142.250.185.130
142.250.185.66
142.250.186.34
143.204.231.97
18.194.104.7
185.80.39.216
193.108.153.28
2.18.161.148
2001:4860:4802:32::36
2001:4de0:ac18::1:a:3a
23.35.237.151
2600:9000:2490:3000:4:8ff3:780:93a1
2606:4700:3033::6815:1c95
2606:4700::6810:7baf
2606:4700::6811:180e
2a00:1450:4001:806::2002
2a00:1450:4001:80b::2002
2a00:1450:4001:80b::200a
2a00:1450:4001:80e::2003
2a00:1450:4001:80f::2002
2a00:1450:4001:810::2001
2a00:1450:4001:811::2003
2a00:1450:4001:812::2002
2a00:1450:4001:81c::2004
2a00:1450:4001:828::2006
2a00:1450:4001:82b::2002
2a00:1450:4001:82b::2008
2a00:1450:4001:830::2001
2a00:1450:4001:830::2002
2a04:4e42:200::485
2a06:98c1:3120::3
3.73.242.95
34.241.14.248
35.201.109.54
37.252.171.53
00eda22241841b2eb5ae136351c5273e2b3db11dfe5d66f074ed2ad9e2d1b091
03aea036d7101b727344ac9853097ca385fec3cb43dcd3d9763365a69df06e41
04658646467203367ffb67bf611a086045e60ceecb7db1ddaf0f152c36bbffaa
06d05e25d5735fd4968f4db173509082b3c907133c6178b914fdd44bb4dbf50d
099657171463b4ada4b9bbf48a40e2305f67331a210ca4bc457051e0499ee23b
0ac52457ac2acae307292f022b01b8b169e50f27a971cfd2d8745c16b8c18636
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0fb6afc8a8af59a3d5e476f34892ceff8c1efd1c9e59f32af65ef6155657354d
127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b
18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421
18e7a53e3b3abd7ac0242719f7f62cb56b8efe7065091585b8ad22cbc2b8c41c
1a48b02010616f36393072e89a8919cdedd1c6ff167390d30cf94be5e7bea76d
1d019867c120344469403527c7d958861b81d0fc873813c97ee135f707d74122
1e3a07c57a9e08a2d10fb6e4d360f6698d4d1dd52ded78f3ea62db27b894e2db
1ff067250a334697aa929240baa053c275243c0bbc1a5cf9b1e280ff2eff85aa
20bf3b55c0e10a7c881c32c1bb8993638891b9d193eaedd6e17e90628c19f02a
232bf950740690a92eb6f4a6110a536fbe24114928c38ebe80f69aa3b2db6709
2e7778c6ed3c31a131da378d6e573a1b3b6723037cdeea4c4832da83e60c9399
3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5
3ab7853ddfc8ef3468082187bff5636436df85cd9d1e54653530c018cf9d9280
3f98d2733f3cacaf5152fd4d55f778410f391312016cadb5162545357302cdee
41d1fbb43bb1bf1c894758cf1dbeb33c910e58fafd79fcd68efe8d88eeeda7c3
42cf1a22b08e501f117b51c6b3ff09118d5867b98cfcd7b01926c00b4f616561
45e511b2f783d3030572cb63fe7b23e53e037c58690c4a15308c78bb9b0991b6
463947d0709c9f435ed523b82dd8bbccf1ea8c25dc8f08900c90c51948210665
468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99
47043e4823a6c21a8881de789b4185355330b5804629d23f6b43dd93f5265292
47a8a6f78b6bc5902ca04c5aee6e8a85fafebd0ba5002db63ed4a696f62d3b73
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
4b5c05892bdce212e19d0503253b600faaeedca47fa2db97964d412c8c11934e
4cf6b0041792515d9036fad75e278ddc885672587d77908729cc9b5d66ca3dcf
4d09cab2ffe4eaafe307a0bdcda04620353440346a1f445850707c56382e9cae
4d9b2a0c4f73750feca141ae5259d805663e034f3f888dd4605ce7d0c8c60b7c
50179e70dcf7e191e9c9dae486627d072af078d57d4139a493a8e33e1fd34803
5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
55d2f8de4f55304e80b710304c00dfc431f692bf1c71f1595f78c75451044de5
5648615de1ea623232f6c2f674e6628885d475d1838388a8385aa3b83f276659
597e4ec7ca2b12f9150e02e04096849d6b06061b09c2d131f1d2225871eedfdf
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
65538e9ab690a772bdfa074b95200ac89a0a38b82927a5152f6713e557be5800
678106f28143bba248f07efcdbf75bb891fbfea0a1faef82d38c3de2143272f4
67edbe1fe2a38ebf16fc36b42cc267e37f18629ec79feae7a177178bf6e24d89
6afe7fc9f5dcd67e7a40ee3ec8d27a6ac613030ccad240abde47c7c3149848c9
6ea36dffc34ffe693419cdb87f2ba17eeef5634e003894cf182e766c323fec4a
6f7b552e9d6bec37db895ed6f76739c89639855b84f2c439d3f50d2b817d070d
6f88ad1b185e443ce4a39c76c65fa4b6f199c1521398535cc5452b19304d5f17
752e455655ad2c6a5d8bbdb384fb6c524938d634e60bb3535b7276279491cf48
79994bfa1d9802faf43f0599f5bc3688b62a46c35d16b123379958aa93c85216
7a778ebcae153771e99dd12d32647dc138e5c624303806b95f2563975c401d7e
7ae0b8e3f80fd2c97dea35c4a3643b17368ea41e6e63f083065bfb2a38caf37c
7fb25d485a91650970138f200890518aebc7a7181efdb021adce08cc25988bd8
81016ac6be850b72df5d4faa0c3cec8e2c1b0ba0045712144a6766adfad40bee
8482bab85a81813c4ff0c572cd46a391328164cc1dbd4642f3363f359cb2f30b
853a8c7e34be5549a44fc541e13876f5c2838123142f527dab2265950feaeefb
8b3459cb8e1cfebc4d233548256f8389d5d78416f8e98754d6ca0119befeae5f
8c368f69f4233e8d655887fb76a1ae2dcb424d2db63bcda7c9b4aa89ad4d5c5f
91cf683ee0db61e475ee4f5c12ba9281256db5662fd80f2b812067fd9d39b691
92285eb5cb3d2090923f151c02a8953106d0205d82556c0fe481600432641e22
966d77f730e59207fc1b3b8fca95aac5657ce27b4b999c51439a5e58542e6fc7
99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12
9a4eb2c9445287c34cb0a9ed5cc673460362483f0855bc91f8230dfa46a955e1
9a5dc5d50883385836b509b64e3a5f4684f6ef891b648244570a021ae125502b
9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120
a171e8a9a6ae24cf175c0ef851199290d01516a46a338de968a8cb9cdb712edb
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a689220c95cb15fb99bd158638f9dc88497658e17045b000f0e477f6bd96fc4c
a6d36aa3d742ccd6f1ca3c76dcf885af72f7bebe2fcc001ea011a7aea2f55678
a73aab0b7254297504542ebb8309725a06257add9df1cc6b9020e0d7ab4c2c80
a763a61a1320a2d3a951ba74608b3d543fac4a3753c5d476e865b08c015c37ec
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
ba0a2e10e328898159f99872263997af097d02767354fb311c8718032f24e524
c0c09020adb6f602b16d48374166b9e38ca92383a81650b6a9097c43cc43f31f
c48f965de99a69a3a2e25b0770c01e8d493c796aecd73a59b21796cdc9465e38
c92d2a0ad1481dba2d2459ebf48b695f9ab227561a879d1173859e7787d19954
caa849b179befa2645a8e2c474d2e82a76777a3305315ece911013e8ee9a916c
ccf00d1923b0131a10e0c6d26f95e5dee6ebf8621a27e83c5a2f68a2e0093142
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
cff8001763a4cb0cb81352e07fb9927790673baaeda29140c072f30c5933cf10
d7121548b034ed230393d0aeb85a3e2ebe633ba046664bba4eea75978f1541d7
d81ba9baa3db58495b4264c97c8b6e305a06291711e8ffb03cd28695ac9eb897
dcd99ac4b6f9cb271523559005bcbbd7dfabd4744adbc6da114bd311bd2b1bcf
e17a1d816e13c0826e0ed7febfabc3277f45571234bde0bf9120829a7169edc9
e2ec81b19233fd4cd6ef5adcb45c0cbec6bd5673716ba0454ce56b67486ece46
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
ed959b654022f7bae48ab9380dc129e065833e45a944c70d684c971ac3578cb8
ee24b7d07e0220e940cd65fff83465f04a9476309b49b932b4900c468c6e3082
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
f75911313e1c7802c23345ab57e754d87801581706780c993fb23ff4e0fe62ef
f947b6986667c1fd5deba6005c35e5e31f74213c7c61bad2a4addd31c9c82785
fc7b055613cfae7408b10da7259238c49846d6fafbc955a9b79bf7d207d4966d
fdbea17b0099531dfc77279ad7af50e2a93c87f5208d09175ebab6b7bd3d3201
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e

onotepad.com Open in urlscan Pro 2606:4700:3033::6815:1c95 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

168 Requests

94 %HTTPS

63 %IPv6

24 Domains

38 Subdomains

36 IPs

5 Countries

2801 kBTransfer

6608 kBSize

13 Cookies

1 Outgoing links

Redirected requests

168 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 4 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

onotepad.com Open in urlscan Pro
2606:4700:3033::6815:1c95 Public Scan

Screenshot
Live screenshot

Full Image

168
Requests

94 %
HTTPS

63 %
IPv6

24
Domains

38
Subdomains

36
IPs

5
Countries

2801 kB
Transfer

6608 kB
Size

13
Cookies

168 HTTP transactions
4 data transactions