crxextractor.com Open in urlscan Pro
108.156.2.25 Public Scan

Go To Rescan
Add Verdict Report

URL:
http://crxextractor.com/
Submission Tags: falconsandbox
Submission: On January 23 via api (January 23rd 2024, 3:27:10 pm UTC) from US — Scanned from DE

Summary HTTP 183 Redirects Links 4 Behaviour Indicators

Summary

This website contacted 37 IPs in 10 countries across 34 domains to perform 183 HTTP transactions. The main IP is 108.156.2.25, located in United States and belongs to AMAZON-02, US. The main domain is crxextractor.com.

This is the only time crxextractor.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
7	108.156.2.25 108.156.2.25	16509 (AMAZON-02) (AMAZON-02)
26	2a00:1450:400... 2a00:1450:4001:806::2002	15169 (GOOGLE) (GOOGLE)
5	2606:2800:234... 2606:2800:234:59:254c:406:2366:268c	15133 (EDGECAST) (EDGECAST)
5	2a00:1450:400... 2a00:1450:4001:827::200a	15169 (GOOGLE) (GOOGLE)
1	2606:50c0:800... 2606:50c0:8001::153	54113 (FASTLY) (FASTLY)
3	2a00:1450:400... 2a00:1450:4001:80b::2008	15169 (GOOGLE) (GOOGLE)
4	136.144.177.247 136.144.177.247	20857 (TRANSIP-A...) (TRANSIP-AS Amsterdam)
4	2a00:1450:400... 2a00:1450:4001:806::2003	15169 (GOOGLE) (GOOGLE)
4	2a00:1450:400... 2a00:1450:4001:812::200e	15169 (GOOGLE) (GOOGLE)
3 22	2a00:1450:400... 2a00:1450:4001:813::2002	15169 (GOOGLE) (GOOGLE)
3 9	2a02:6b8::1:119 2a02:6b8::1:119	13238 (YANDEX) (YANDEX)
2	104.244.42.72 104.244.42.72	13414 (TWITTER) (TWITTER)
1	2a00:1450:400... 2a00:1450:400c:c1d::9a	15169 (GOOGLE) (GOOGLE)
2	2001:4860:480... 2001:4860:4802:32::36	15169 (GOOGLE) (GOOGLE)
3 7	2a00:1450:400... 2a00:1450:4001:828::2004	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:811::2003	15169 (GOOGLE) (GOOGLE)
9	2a00:1450:400... 2a00:1450:4001:802::2003	15169 (GOOGLE) (GOOGLE)
32	2a00:1450:400... 2a00:1450:4001:81c::2001	15169 (GOOGLE) (GOOGLE)
5	2a00:1450:400... 2a00:1450:4001:80e::2002	15169 (GOOGLE) (GOOGLE)
1	2a02:2638:3::10 2a02:2638:3::10	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
3 3	35.158.172.152 35.158.172.152	16509 (AMAZON-02) (AMAZON-02)
3 16	142.250.186.66 142.250.186.66	15169 (GOOGLE) (GOOGLE)
1 1	34.91.62.186 34.91.62.186	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1 1	3.122.71.237 3.122.71.237	16509 (AMAZON-02) (AMAZON-02)
1	35.214.149.91 35.214.149.91	15169 (GOOGLE) (GOOGLE)
2 2	2a05:d018:d29... 2a05:d018:d29:3601:3295:f713:9e96:927c	16509 (AMAZON-02) (AMAZON-02)
2 2	37.157.2.230 37.157.2.230	198622 (ADFORM) (ADFORM)
2 2	35.186.193.173 35.186.193.173	15169 (GOOGLE) (GOOGLE)
1	178.250.7.9 178.250.7.9	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
1	2a02:2638:d::c 2a02:2638:d::c	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
1 2	2606:4700::68... 2606:4700::6812:19ad	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	52.223.40.198 52.223.40.198	16509 (AMAZON-02) (AMAZON-02)
1	178.250.1.9 178.250.1.9	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
1 1	51.89.9.253 51.89.9.253	16276 (OVH) (OVH)
6	142.250.185.194 142.250.185.194	15169 (GOOGLE) (GOOGLE)
1 1	52.214.230.121 52.214.230.121	16509 (AMAZON-02) (AMAZON-02)
1	2600:9000:223... 2600:9000:223f:800:8:48e:53c0:93a1	16509 (AMAZON-02) (AMAZON-02)
3 5	104.18.36.155 104.18.36.155	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3 4	185.89.210.122 185.89.210.122	29990 (ASN-APPNEX) (ASN-APPNEX)
7	2a00:1450:400... 2a00:1450:4001:82f::2006	15169 (GOOGLE) (GOOGLE)
2	142.250.186.162 142.250.186.162	15169 (GOOGLE) (GOOGLE)
1 2	52.212.179.124 52.212.179.124	16509 (AMAZON-02) (AMAZON-02)
1	85.14.248.91 85.14.248.91	24961 (MYLOC-AS ...) (MYLOC-AS IP Backbone of myLoc managed IT AG)
2 4	142.250.185.70 142.250.185.70	15169 (GOOGLE) (GOOGLE)
183	37

7 108.156.2.25 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-108-156-2-25.mxp63.r.cloudfront.net

crxextractor.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

26 2a00:1450:4001:806::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2606:2800:234:59:254c:406:2366:268c (United States)

ASN15133 (EDGECAST, US)

platform.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:827::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:50c0:8001::153 (United States)

ASN54113 (FASTLY, US)

buttons.github.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:80b::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 136.144.177.247 (Amsterdam, Netherlands)

ASN20857 (TRANSIP-AS Amsterdam, the Netherlands, NL)
PTR: dutch.entrepreneurial.com

c.yvoschaap.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
yvoschaap.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:806::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:812::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

22 2a00:1450:4001:813::2002 (Frankfurt am Main, Germany) 3 redirects

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 2a02:6b8::1:119 (Russian Federation) 3 redirects

ASN13238 (YANDEX, RU)

mc.yandex.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
mc.yandex.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.244.42.72 (United States)

ASN13414 (TWITTER, US)

syndication.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400c:c1d::9a (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2001:4860:4802:32::36 (United States)

ASN15169 (GOOGLE, US)

region1.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2a00:1450:4001:828::2004 (Frankfurt am Main, Germany) 3 redirects

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:811::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 2a00:1450:4001:802::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

32 2a00:1450:4001:81c::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:80e::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:2638:3::10 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

imageproxy.eu.criteo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 35.158.172.152 (Frankfurt am Main, Germany) 3 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-35-158-172-152.eu-central-1.compute.amazonaws.com

pm.w55c.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

16 142.250.186.66 (United States) 3 redirects

ASN15169 (GOOGLE, US)
PTR: fra24s05-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.91.62.186 (Groningen, Netherlands) 1 redirects

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 186.62.91.34.bc.googleusercontent.com

um.simpli.fi	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 3.122.71.237 (Frankfurt am Main, Germany) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-3-122-71-237.eu-central-1.compute.amazonaws.com

d.agkn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.214.149.91 (Groningen, Netherlands)

ASN15169 (GOOGLE, US)
PTR: 91.149.214.35.bc.googleusercontent.com

x.bidswitch.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a05:d018:d29:3601:3295:f713:9e96:927c (Dublin, Ireland) 2 redirects

ASN16509 (AMAZON-02, US)

pr-bh.ybp.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 37.157.2.230 (Denmark) 2 redirects

ASN198622 (ADFORM, DK)

c1.adform.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.186.193.173 (Kansas City, United States) 2 redirects

ASN15169 (GOOGLE, US)
PTR: 173.193.186.35.bc.googleusercontent.com

ius.ctnsnet.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 178.250.7.9 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

cat.fr3.eu.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:2638:d::c (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

rtb.fr3.eu.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6812:19ad (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

a.tribalfusion.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
s.tribalfusion.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.223.40.198 (United States)

ASN16509 (AMAZON-02, US)
PTR: a6370ebea231e0c9a.awsglobalaccelerator.com

match.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 178.250.1.9 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

dis.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 51.89.9.253 (London, United Kingdom) 1 redirects

ASN16276 (OVH, FR)
PTR: ip253.ip-51-89-9.eu

onetag-sys.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 142.250.185.194 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s52-in-f2.1e100.net

www.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.214.230.121 (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-52-214-230-121.eu-west-1.compute.amazonaws.com

pixel.adsafeprotected.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:223f:800:8:48e:53c0:93a1 (United States)

ASN16509 (AMAZON-02, US)

static.adsafeprotected.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 104.18.36.155 (None, ) 3 redirects

ASN13335 (CLOUDFLARENET, US)

dsum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 185.89.210.122 (Frankfurt am Main, Germany) 3 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 954.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2a00:1450:4001:82f::2006 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

s0.2mdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.186.162 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s08-in-f2.1e100.net

googleads4.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.212.179.124 (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-52-212-179-124.eu-west-1.compute.amazonaws.com

skydeutschland.demdex.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 85.14.248.91 (Neukirchen-Vluyn, Germany)

ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE)

m.exactag.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 142.250.185.70 (United States) 2 redirects

ASN15169 (GOOGLE, US)
PTR: fra16s48-in-f6.1e100.net

ad.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
58	googlesyndication.com pagead2.googlesyndication.com — Cisco Umbrella Rank: 110 tpc.googlesyndication.com — Cisco Umbrella Rank: 157	699 KB
45	doubleclick.net 8 redirects googleads.g.doubleclick.net — Cisco Umbrella Rank: 38 stats.g.doubleclick.net — Cisco Umbrella Rank: 79 cm.g.doubleclick.net — Cisco Umbrella Rank: 260 googleads4.g.doubleclick.net — Cisco Umbrella Rank: 594 ad.doubleclick.net — Cisco Umbrella Rank: 163	275 KB
13	gstatic.com fonts.gstatic.com www.gstatic.com	156 KB
7	2mdn.net s0.2mdn.net — Cisco Umbrella Rank: 336	228 KB
7	yandex.com 2 redirects mc.yandex.com — Cisco Umbrella Rank: 8747	3 KB
7	google.com 3 redirects www.google.com — Cisco Umbrella Rank: 2	1 KB
7	twitter.com platform.twitter.com — Cisco Umbrella Rank: 1230 syndication.twitter.com — Cisco Umbrella Rank: 1527	163 KB
7	crxextractor.com crxextractor.com	109 KB
6	googleadservices.com www.googleadservices.com — Cisco Umbrella Rank: 145
6	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 27 region1.google-analytics.com — Cisco Umbrella Rank: 2029	62 KB
5	casalemedia.com 3 redirects dsum-sec.casalemedia.com — Cisco Umbrella Rank: 622	3 KB
5	googletagservices.com www.googletagservices.com — Cisco Umbrella Rank: 230	325 KB
5	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 28	5 KB
4	adnxs.com 3 redirects ib.adnxs.com — Cisco Umbrella Rank: 253	4 KB
4	yvoschaap.com c.yvoschaap.com yvoschaap.com	12 KB
3	criteo.com cat.fr3.eu.criteo.com — Cisco Umbrella Rank: 13235 rtb.fr3.eu.criteo.com — Cisco Umbrella Rank: 15704 dis.criteo.com — Cisco Umbrella Rank: 608	837 B
3	w55c.net 3 redirects pm.w55c.net — Cisco Umbrella Rank: 875	3 KB
3	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 37	268 KB
2	demdex.net 1 redirects skydeutschland.demdex.net — Cisco Umbrella Rank: 84818	1 KB
2	adsafeprotected.com 1 redirects pixel.adsafeprotected.com — Cisco Umbrella Rank: 851 static.adsafeprotected.com — Cisco Umbrella Rank: 721	695 B
2	tribalfusion.com 1 redirects a.tribalfusion.com — Cisco Umbrella Rank: 874 s.tribalfusion.com — Cisco Umbrella Rank: 2405	1 KB
2	ctnsnet.com 2 redirects ius.ctnsnet.com — Cisco Umbrella Rank: 7224	1 KB
2	adform.net 2 redirects c1.adform.net — Cisco Umbrella Rank: 583	1 KB
2	yahoo.com 2 redirects pr-bh.ybp.yahoo.com — Cisco Umbrella Rank: 495	1 KB
2	yandex.ru 1 redirects mc.yandex.ru — Cisco Umbrella Rank: 3982	71 KB
1	exactag.com m.exactag.com — Cisco Umbrella Rank: 13028	1 KB
1	onetag-sys.com 1 redirects onetag-sys.com — Cisco Umbrella Rank: 707	444 B
1	adsrvr.org match.adsrvr.org — Cisco Umbrella Rank: 357	149 B
1	bidswitch.net x.bidswitch.net — Cisco Umbrella Rank: 373	235 B
1	agkn.com 1 redirects d.agkn.com — Cisco Umbrella Rank: 776	788 B
1	simpli.fi 1 redirects um.simpli.fi — Cisco Umbrella Rank: 856	760 B
1	criteo.net imageproxy.eu.criteo.net — Cisco Umbrella Rank: 9386	17 KB
1	google.de www.google.de — Cisco Umbrella Rank: 6518	455 B
1	github.io buttons.github.io — Cisco Umbrella Rank: 59188	7 KB
183	34

	Domain	Requested by
32	tpc.googlesyndication.com	googleads.g.doubleclick.net crxextractor.com tpc.googlesyndication.com pagead2.googlesyndication.com
26	pagead2.googlesyndication.com	crxextractor.com pagead2.googlesyndication.com googleads.g.doubleclick.net tpc.googlesyndication.com www.googletagservices.com
22	googleads.g.doubleclick.net	3 redirects pagead2.googlesyndication.com www.googletagmanager.com crxextractor.com googleads.g.doubleclick.net
16	cm.g.doubleclick.net	3 redirects crxextractor.com googleads.g.doubleclick.net
9	www.gstatic.com	googleads.g.doubleclick.net
7	s0.2mdn.net	crxextractor.com s0.2mdn.net
7	mc.yandex.com	2 redirects crxextractor.com mc.yandex.ru
7	www.google.com	3 redirects crxextractor.com googleads.g.doubleclick.net tpc.googlesyndication.com
7	crxextractor.com	crxextractor.com
6	www.googleadservices.com	googleads.g.doubleclick.net crxextractor.com
5	dsum-sec.casalemedia.com	3 redirects googleads.g.doubleclick.net
5	www.googletagservices.com	googleads.g.doubleclick.net crxextractor.com
5	fonts.googleapis.com	crxextractor.com googleads.g.doubleclick.net
5	platform.twitter.com	crxextractor.com platform.twitter.com
4	ad.doubleclick.net	2 redirects crxextractor.com
4	ib.adnxs.com	3 redirects googleads.g.doubleclick.net
4	www.google-analytics.com	crxextractor.com c.yvoschaap.com www.google-analytics.com
4	fonts.gstatic.com	fonts.googleapis.com
3	pm.w55c.net	3 redirects
3	www.googletagmanager.com	crxextractor.com www.googletagmanager.com www.google-analytics.com
2	skydeutschland.demdex.net	1 redirects googleads.g.doubleclick.net
2	googleads4.g.doubleclick.net	crxextractor.com
2	ius.ctnsnet.com	2 redirects
2	c1.adform.net	2 redirects
2	pr-bh.ybp.yahoo.com	2 redirects
2	region1.google-analytics.com	www.googletagmanager.com
2	yvoschaap.com	c.yvoschaap.com
2	syndication.twitter.com	platform.twitter.com crxextractor.com
2	mc.yandex.ru	1 redirects crxextractor.com
2	c.yvoschaap.com	crxextractor.com
1	m.exactag.com	googleads.g.doubleclick.net
1	static.adsafeprotected.com	googleads.g.doubleclick.net
1	pixel.adsafeprotected.com	1 redirects
1	onetag-sys.com	1 redirects
1	dis.criteo.com	googleads.g.doubleclick.net
1	match.adsrvr.org	googleads.g.doubleclick.net
1	s.tribalfusion.com	crxextractor.com
1	a.tribalfusion.com	1 redirects
1	rtb.fr3.eu.criteo.com	crxextractor.com
1	cat.fr3.eu.criteo.com	crxextractor.com
1	x.bidswitch.net	googleads.g.doubleclick.net
1	d.agkn.com	1 redirects
1	um.simpli.fi	1 redirects
1	imageproxy.eu.criteo.net	googleads.g.doubleclick.net
1	www.google.de	crxextractor.com
1	stats.g.doubleclick.net	www.google-analytics.com
1	buttons.github.io	crxextractor.com
183	47

This site contains links to these domains. Also see Links.

Domain
chromewebstore.google.com
developer.chrome.com
www.darkreading.com

Subject Issuer	Validity	Valid
*.g.doubleclick.net GTS CA 1C3	`2023-12-11` - `2024-03-04`	3 months	crt.sh
upload.video.google.com GTS CA 1C3	`2023-12-11` - `2024-03-04`	3 months	crt.sh
*.github.io DigiCert TLS RSA SHA256 2020 CA1	`2023-02-21` - `2024-03-20`	a year	crt.sh
*.google-analytics.com GTS CA 1C3	`2023-12-11` - `2024-03-04`	3 months	crt.sh
c.yvoschaap.com R3	`2024-01-14` - `2024-04-13`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2023-12-11` - `2024-03-04`	3 months	crt.sh
*.twimg.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-07-28` - `2024-07-26`	a year	crt.sh
mc.yandex.ru GlobalSign ECC OV SSL CA 2018	`2023-12-26` - `2024-06-05`	5 months	crt.sh
syndication.twitter.com R3	`2023-12-11` - `2024-03-10`	3 months	crt.sh
yvoschaap.com R3	`2024-01-17` - `2024-04-16`	3 months	crt.sh
www.google.com GTS CA 1C3	`2023-12-11` - `2024-03-04`	3 months	crt.sh
www.google.de GTS CA 1C3	`2023-12-11` - `2024-03-04`	3 months	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2023-12-11` - `2024-03-04`	3 months	crt.sh
*.eu.criteo.net DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-12-27` - `2024-03-21`	3 months	crt.sh
*.google.com GTS CA 1C3	`2023-12-11` - `2024-03-04`	3 months	crt.sh
*.bidswitch.net Sectigo RSA Domain Validation Secure Server CA	`2023-03-23` - `2024-03-23`	a year	crt.sh
*.fr3.eu.criteo.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-12-08` - `2024-03-03`	3 months	crt.sh
*.adsrvr.org GlobalSign GCC R3 DV TLS CA 2020	`2023-04-12` - `2024-05-13`	a year	crt.sh
*.criteo.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-12-01` - `2024-03-01`	3 months	crt.sh
www.googleadservices.com GTS CA 1C3	`2023-12-11` - `2024-03-04`	3 months	crt.sh
*.doubleclick.net GTS CA 1C3	`2023-12-11` - `2024-03-04`	3 months	crt.sh
*.exactag.com Sectigo RSA Organization Validation Secure Server CA	`2023-04-03` - `2024-05-03`	a year	crt.sh

This page contains 30 frames:

Primary Page: http://crxextractor.com/
Frame ID: DBD7ABD977FCFB6AC1A69E30DBCB89ED
Requests: 36 HTTP requests in this frame

Frame: https://c.yvoschaap.com/producthunt/counter.html
Frame ID: 78B129A0D853B57122B75674D4660F9E
Requests: 5 HTTP requests in this frame

Frame: https://c.yvoschaap.com/producthunt/counter.html
Frame ID: 389252C28EFA27FFB6BD7CB6BE977D95
Requests: 5 HTTP requests in this frame

Frame: https://platform.twitter.com/widgets/widget_iframe.2f70fb173b9000da126c79afe2098f02.html?origin=http%3A%2F%2Fcrxextractor.com
Frame ID: E6D2759DE0626D9CC81289E447653C27
Requests: 2 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20240118/r20190131/zrt_lookup_fy2021.html
Frame ID: 1831DE2B0169494F3168A4B97776C0D1
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9423687387443767&output=html&adk=1812271804&adf=3025194257&lmt=1701726352&plat=3%3A16%2C4%3A16%2C9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A34635776%2C32%3A32%2C41%3A32%2C42%3A32&format=0x0&url=http%3A%2F%2Fcrxextractor.com%2F&pra=5&wgl=1&easpi=0&asro=0&aslmt=0.4&asamt=-1&asedf=0&asefa=1&aseiel=1~2~4~6&aslcwct=150&asacwct=25&dt=1706023623490&bpp=7&bdt=208&idt=235&shv=r20240118&mjsv=m202401180101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=448175540734&frm=20&pv=2&ga_vid=1799445298.1706023624&ga_sid=1706023624&ga_hid=1231294326&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=95320239%2C44759875%2C44759926%2C31080590%2C95321627%2C95322164&oid=2&pvsid=449049430172357&tmod=415826105&uas=0&nvt=1&fsapi=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=23&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=1&uci=a!1&fsb=1&dtd=262
Frame ID: 07064BEFB62120661C0DA6F6F086D271
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9423687387443767&output=html&h=280&slotname=2749869570&adk=895343530&adf=854766408&pi=t.ma~as.2749869570&w=1200&fwrn=4&fwrnh=100&lmt=1701726352&rafmt=1&format=1200x280&url=http%3A%2F%2Fcrxextractor.com%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&dt=1706023623497&bpp=2&bdt=216&idt=310&shv=r20240118&mjsv=m202401180101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=448175540734&frm=20&pv=1&ga_vid=1799445298.1706023624&ga_sid=1706023624&ga_hid=1231294326&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=200&ady=20&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=95320239%2C44759875%2C44759926%2C31080590%2C95321627%2C95322164&oid=2&pvsid=449049430172357&tmod=415826105&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CEe%7C&abl=CS&pfx=0&fu=128&bc=23&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=a!2&fsb=1&dtd=316
Frame ID: 2660890EDBA7F495B0C7EF41932494AC
Requests: 15 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9423687387443767&output=html&h=280&slotname=2749869570&adk=686159903&adf=1854955444&pi=t.ma~as.2749869570&w=1200&fwrn=4&fwrnh=100&lmt=1701726352&rafmt=1&format=1200x280&url=http%3A%2F%2Fcrxextractor.com%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&dt=1706023623499&bpp=1&bdt=218&idt=340&shv=r20240118&mjsv=m202401180101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280&nras=1&correlator=448175540734&frm=20&pv=1&ga_vid=1799445298.1706023624&ga_sid=1706023624&ga_hid=1231294326&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=380&ady=401&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=95320239%2C44759875%2C44759926%2C31080590%2C95321627%2C95322164&oid=2&pvsid=449049430172357&tmod=415826105&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7ClEe%7C&abl=CS&pfx=0&fu=128&bc=23&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=3&uci=a!3&fsb=1&dtd=345
Frame ID: F0299D626333C2D9E9C1E562E6273A64
Requests: 16 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9423687387443767&output=html&h=280&slotname=2749869570&adk=3042395938&adf=2469204067&pi=t.ma~as.2749869570&w=920&fwrn=4&fwrnh=100&lmt=1701726352&rafmt=1&format=920x280&url=http%3A%2F%2Fcrxextractor.com%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&dt=1706023623500&bpp=1&bdt=219&idt=349&shv=r20240118&mjsv=m202401180101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280%2C1200x280&nras=1&correlator=448175540734&frm=20&pv=1&ga_vid=1799445298.1706023624&ga_sid=1706023624&ga_hid=1231294326&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=340&ady=1626&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=95320239%2C44759875%2C44759926%2C31080590%2C95321627%2C95322164&oid=2&pvsid=449049430172357&tmod=415826105&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=23&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=4&uci=a!4&btvi=1&fsb=1&dtd=356
Frame ID: 3AAB4B9DB23F62796BAE890D70E50404
Requests: 10 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9423687387443767&output=html&h=1585&slotname=1852501122&adk=1571748778&adf=1997393257&pi=t.ma~as.1852501122&w=461&cr_col=1&cr_row=13&fwrn=2&lmt=1701726352&rafmt=9&format=461x1585&url=http%3A%2F%2Fcrxextractor.com%2F&crui=image_sidebyside&fwr=0&wgl=1&dt=1706023623501&bpp=1&bdt=219&idt=358&shv=r20240118&mjsv=m202401180101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280%2C1200x280%2C920x280&nras=1&correlator=448175540734&frm=20&pv=1&ga_vid=1799445298.1706023624&ga_sid=1706023624&ga_hid=1231294326&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=819&ady=2705&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=95320239%2C44759875%2C44759926%2C31080590%2C95321627%2C95322164&oid=2&pvsid=449049430172357&tmod=415826105&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CEebr%7C&abl=CS&pfx=0&fu=128&bc=23&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=5&uci=a!5&btvi=2&fsb=1&dtd=362
Frame ID: EE28217ABB1EBC6DC7D5C967EFF0CC2D
Requests: 15 HTTP requests in this frame

Frame: https://platform.twitter.com/widgets/follow_button.2f70fb173b9000da126c79afe2098f02.en.html
Frame ID: FE982BEF5924CBB7BB1112AF9E62B3EC
Requests: 2 HTTP requests in this frame

Frame: https://platform.twitter.com/widgets/follow_button.2f70fb173b9000da126c79afe2098f02.en.html
Frame ID: E9DBD17E12B04D9B235A368B6D0DD589
Requests: 2 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 890D735646F2D183B9C3193FA8F12873
Requests: 9 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Frame ID: E6D0A151404E732477A736E9A5DBAEA6
Requests: 2 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 4EB321E04166E8EBABBEBEC49BCED7FD
Requests: 9 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20240118/r20110914/zrt_lookup_fy2021.html?fsb=1
Frame ID: AF9C15C62E13078235EB9108D656F143
Requests: 6 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20240118/r20110914/zrt_lookup_fy2021.html?fsb=1
Frame ID: D3E33600DE6B5CC9068511117C431DBB
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=COWiHhDhjN4CGPKitIECMAE&v=APEucNUji5Lc8Z5hinncG6yE2eK4IOGPh-ndnnjSsiY6KdaXtujRNwt19iYLkwo2n4pjf4dLy7kHX2o4o2ciRKzNo33HFibnKpbv8dNX2h1li2NgrwhEPmLU-VtxT6xp3ir3oa_cI0jJV754McFyccpExiLnZ_MASa5xOlB7nuZaS_kS4ppGccc
Frame ID: 50DD5E021FFA6FC8C404D09C503AEDB7
Requests: 5 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/js/dv3.js
Frame ID: C71B63A23FCF6B0A99117DF243C42F54
Requests: 20 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/i_I7gtk5u389ZGUJiYlLngBTR4no54KgcGkAXYvtCUw.js
Frame ID: F8DCD4B8F5E31E710BB221FD0798BF14
Requests: 1 HTTP requests in this frame

Frame: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500
Frame ID: 4971A992298B2212DA09BE7B27C0C728
Requests: 7 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Frame ID: 62846C90D45860C3C75ACB647BB5435D
Requests: 2 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Frame ID: 902220FDF666E30CF7B303C73598FA06
Requests: 2 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/i_I7gtk5u389ZGUJiYlLngBTR4no54KgcGkAXYvtCUw.js
Frame ID: 9C44D69262C3AC7202703824BCCED0E3
Requests: 1 HTTP requests in this frame

Frame: https://s0.2mdn.net/sadbundle/2866628641820365191/index.html?ev=01_250
Frame ID: 26924E0A85630473E70776E64FA40BD7
Requests: 6 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/62bHydCX.html
Frame ID: 0DD13758D8CFE799945024B5366A7CB0
Requests: 3 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/i_I7gtk5u389ZGUJiYlLngBTR4no54KgcGkAXYvtCUw.js
Frame ID: A943C8AC45833E25D63869841405A72A
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/i_I7gtk5u389ZGUJiYlLngBTR4no54KgcGkAXYvtCUw.js
Frame ID: C974A3EF42FED083D8B918C3C42A267A
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 71688FA12EA19372533C584CDBF91AD7
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: AEDF2FCB07DE1812FD8F9CD59499D06E
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Get .CRX Chrome Extension file, it's source code and download .CRX to your computer.

Detected technologies

AppNexus (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.(?:net|com)

DoubleClick Campaign Manager (DCM) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

2mdn\.net

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/
2mdn\.net

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/ns\.html[^>]+></iframe>
googletagmanager\.com/gtm\.js
googletagmanager\.com/gtag/js

Twitter (Widgets) Expand

Overall confidence: 100%
Detected patterns

//platform\.twitter\.com/widgets\.js

Yandex.Metrika (Analytics) Expand

Overall confidence: 100%
Detected patterns

mc\.yandex\.ru/metrika/(?:tag|watch)\.js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

183
Requests

83 %
HTTPS

50 %
IPv6

34
Domains

47
Subdomains

37
IPs

10
Countries

2406 kB
Transfer

6455 kB
Size

50
Cookies

4 Outgoing links

These are links going to different origins than the main page.

URL: https://chromewebstore.google.com/
Title: Chrome WebStore

Search URL Search Domain Scan URL

URL: https://developer.chrome.com/extensions/getstarted
Title: Getting Started guide

Search URL Search Domain Scan URL

URL: https://developer.chrome.com/extensions/crx#scripts
Title: Packaging of a Chrome Extension into .crx

Search URL Search Domain Scan URL

URL: http://www.darkreading.com/risk-management/google-chrome-extensions-6-security-facts/d/d-id/1103551
Title: Google Chrome Extensions: 6 Security Facts

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 42

https://mc.yandex.com/sync_cookie_image_check HTTP 302
https://mc.yandex.ru/sync_cookie_image_start?redirect_domain=mc.yandex.com&token=10257.CbhdOs-EcP-Xqm0JC4bfZhqhb0dJAoSQhsiCQGDpPTOiaqb8GUZaT6Fz-BmbqqKI.CyjgsgjkTaFl_4fKyNFFyzNT_ew%2C HTTP 302
https://mc.yandex.com/sync_cookie_image_decide?token=10257.yrqgfxwih8Q8AfBPI6zImoI-bmaDiQ3ef-enacDyH9iMKlXDsl2tVxGTkOpxLCiCeggTXqqIxStHg5NM9LtoDZT4S1MNJrTMfg4aOrxd9WjEcuJm_t2bq9ybmn1sHwPAL6ZmFGhl1CAoKczOdQeMUk7jFiYN-GWfCcFFVbT4IfJ6tBvI4Pzi5wV96wg58u0C2ykG3yLuNblZ60NDeZwLpxZGISKqSxsJ8c8bihPuhLs%2C.RhM3XKO9tdNJxUJQXAX2M-bdYTE%2C

Request Chain 50

https://mc.yandex.com/watch/91974901?wmode=7&page-url=http%3A%2F%2Fcrxextractor.com%2F&charset=utf-8&uah=che%0A0&browser-info=pv%3A1%3Avf%3A6mv6as6uk632mqt4m2ukn7iz%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A1211%3Acn%3A1%3Adp%3A0%3Als%3A225900266632%3Ahid%3A249412628%3Az%3A60%3Ai%3A20240123162703%3Aet%3A1706023624%3Ac%3A1%3Arn%3A449802148%3Arqn%3A1%3Au%3A1706023624852652172%3Aw%3A1600x1200%3As%3A1600x1200x24%3Ask%3A1%3Awv%3A2%3Ads%3A57%2C17%2C19%2C1%2C%2C0%2C%2C172%2C5%2C%2C%2C%2C268%3Aco%3A0%3Acpf%3A1%3Antf%3A1%3Ans%3A1706023623184%3Agi%3AR0ExLjEuMTc5OTQ0NTI5OC4xNzA2MDIzNjI0%3Afp%3A185%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1706023624%3At%3AGet%20.CRX%20Chrome%20Extension%20file%2C%20it%27s%20source%20code%20and%20download%20.CRX%20to%20your%20computer.&t=gdpr(14)clc(0-0-0)rqnt(1)aw(1)rcm(1)ti(1) HTTP 302
https://mc.yandex.com/watch/91974901/1?wmode=7&page-url=http%3A%2F%2Fcrxextractor.com%2F&charset=utf-8&uah=che%0A0&browser-info=pv%3A1%3Avf%3A6mv6as6uk632mqt4m2ukn7iz%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A1211%3Acn%3A1%3Adp%3A0%3Als%3A225900266632%3Ahid%3A249412628%3Az%3A60%3Ai%3A20240123162703%3Aet%3A1706023624%3Ac%3A1%3Arn%3A449802148%3Arqn%3A1%3Au%3A1706023624852652172%3Aw%3A1600x1200%3As%3A1600x1200x24%3Ask%3A1%3Awv%3A2%3Ads%3A57%2C17%2C19%2C1%2C%2C0%2C%2C172%2C5%2C%2C%2C%2C268%3Aco%3A0%3Acpf%3A1%3Antf%3A1%3Ans%3A1706023623184%3Agi%3AR0ExLjEuMTc5OTQ0NTI5OC4xNzA2MDIzNjI0%3Afp%3A185%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1706023624%3At%3AGet%20.CRX%20Chrome%20Extension%20file%2C%20it%27s%20source%20code%20and%20download%20.CRX%20to%20your%20computer.&t=gdpr%2814%29clc%280-0-0%29rqnt%281%29aw%281%29rcm%281%29ti%281%29

Request Chain 69

https://pm.w55c.net/ping_match.gif?ei=GOOGLE&rurl=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3D9675309%26google_hm%3D_wfivefivec64esc_&google_gid=CAESELVEc6iIDH1WKc1N4RTv5-s&google_cver=1&google_push=AXcoOmT2EpGlq2yaf6-kr4va2dJdELbhwn9E0jU3L3L4xyWLI6bp5m6GTHcvS092EN1lZp08PaoueyPxBxq50_sVzJ7XkVlqLSpGV3G8i5DO9-MBPee7kbwzO00sTNkjnBMrri1HL_vP_wgKalGhnp92UntaXwA HTTP 302
https://pm.w55c.net/ping_match.gif?scc=1&ei=GOOGLE&rurl=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3D9675309%26google_hm%3D_wfivefivec64esc_&google_gid=CAESELVEc6iIDH1WKc1N4RTv5-s&google_cver=1&google_push=AXcoOmT2EpGlq2yaf6-kr4va2dJdELbhwn9E0jU3L3L4xyWLI6bp5m6GTHcvS092EN1lZp08PaoueyPxBxq50_sVzJ7XkVlqLSpGV3G8i5DO9-MBPee7kbwzO00sTNkjnBMrri1HL_vP_wgKalGhnp92UntaXwA HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=9675309&google_hm=WWw3T3ZtMmMxUnNpRzQ1&google_gid=CAESELVEc6iIDH1WKc1N4RTv5-s&google_cver=1&google_push=AXcoOmT2EpGlq2yaf6-kr4va2dJdELbhwn9E0jU3L3L4xyWLI6bp5m6GTHcvS092EN1lZp08PaoueyPxBxq50_sVzJ7XkVlqLSpGV3G8i5DO9-MBPee7kbwzO00sTNkjnBMrri1HL_vP_wgKalGhnp92UntaXwA

Request Chain 70

https://um.simpli.fi/gp_match?google_gid=CAESEE_YuVBBXJTEslmvkduymnI&google_cver=1&google_push=AXcoOmSOXmgVt5dcT14oVs01GWmBgn1xyOV6GrMxTw0D9MpuC7padwXGJ4ouuMY8Z-5AOCt5LTmKV4Z1R0dQ3drNK0kwJJgFSp2i_Iodozjpn4mA2VK9mjHnrmGjdCsuLaxUtOlnTQnCsgqIySOK5V6-ulp0zck HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=B85AF991773F42EAAB79065F7B61B498&google_push=AXcoOmSOXmgVt5dcT14oVs01GWmBgn1xyOV6GrMxTw0D9MpuC7padwXGJ4ouuMY8Z-5AOCt5LTmKV4Z1R0dQ3drNK0kwJJgFSp2i_Iodozjpn4mA2VK9mjHnrmGjdCsuLaxUtOlnTQnCsgqIySOK5V6-ulp0zck

Request Chain 71

https://d.agkn.com/pixel/2175/?google_gid=CAESEMpenghlik2ANB_njLjsCB0&google_cver=1&google_push=AXcoOmSwZ0B7JKs1kUfWsTFXAB9PWZ2boDEajhLqC912LMl0uqMD0REt8wUKGjnGcOwBBcoONeqw1LPuAkVdz8GOV4uoQ0IUsJvAEd5FyQIeYQZsjcud5CPgBYYzqYgjYDxg9YhQHlbNyCicQPeUyS9VWd2XP7o HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=ak_dmp&google_push=AXcoOmSwZ0B7JKs1kUfWsTFXAB9PWZ2boDEajhLqC912LMl0uqMD0REt8wUKGjnGcOwBBcoONeqw1LPuAkVdz8GOV4uoQ0IUsJvAEd5FyQIeYQZsjcud5CPgBYYzqYgjYDxg9YhQHlbNyCicQPeUyS9VWd2XP7o&google_hm=Q0FFU0VNcGVuZ2hsaWsyQU5CX25qTGpzQ0Iw

Request Chain 73

https://pr-bh.ybp.yahoo.com/sync/adx?google_gid=CAESEDQDqTorEPy1RdddtsoaimU&google_cver=1&google_push=AXcoOmTZ8n7fBZYPrXYbVI9gx1-uD-Be7_TyFBOQTHwKmusn6Bc8GSFS1QibTp8nwEkIjoixio-LA_qKi0bzbVuODtG0i_uPUHPNnEAApY688BFYd1BKSKRUfQdh7sfqTS6UUhJXxvb_ruPIlWqRrl7D-nZPiaQ HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=AXcoOmTZ8n7fBZYPrXYbVI9gx1-uD-Be7_TyFBOQTHwKmusn6Bc8GSFS1QibTp8nwEkIjoixio-LA_qKi0bzbVuODtG0i_uPUHPNnEAApY688BFYd1BKSKRUfQdh7sfqTS6UUhJXxvb_ruPIlWqRrl7D-nZPiaQ&google_hm=eS13ekF3X3FwRTJwRWpEb1pVZVc1Z1VVRjVFWjd2S181Nn5B

Request Chain 74

https://c1.adform.net/serving/cookie/match/?party=1&google_gid=CAESEE1_BDWkinLOcDyNdjRhp5I&google_cver=1&google_push=AXcoOmTiqOyEWrcvI7rlYzJZIS6iIy-wsHopdilb9IGX9ir9UtThzRVcxl2go1peDLfneIPv4U4S7XmP2TFtLSONUEr967oc2YF2CESyC-pVTtG27ivwJlzsUebarrdJHohKO7sli3OHoBY5CgiazAzER8b-sA HTTP 302
https://c1.adform.net/serving/cookie/match/?CC=1&party=1&google_gid=CAESEE1_BDWkinLOcDyNdjRhp5I&google_cver=1&google_push=AXcoOmTiqOyEWrcvI7rlYzJZIS6iIy-wsHopdilb9IGX9ir9UtThzRVcxl2go1peDLfneIPv4U4S7XmP2TFtLSONUEr967oc2YF2CESyC-pVTtG27ivwJlzsUebarrdJHohKO7sli3OHoBY5CgiazAzER8b-sA HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=NjU3NDE2ODMyNzYyNjUxMTg1Ng&google_push=AXcoOmTiqOyEWrcvI7rlYzJZIS6iIy-wsHopdilb9IGX9ir9UtThzRVcxl2go1peDLfneIPv4U4S7XmP2TFtLSONUEr967oc2YF2CESyC-pVTtG27ivwJlzsUebarrdJHohKO7sli3OHoBY5CgiazAzER8b-sA

Request Chain 75

https://ius.ctnsnet.com/int/cm?exc=1&acc=crimtan_holdings_limited&google_gid=CAESENsBdAA5OowJM9QS2ShVllA&google_cver=1&google_push=AXcoOmT01FylPpipJ3bX7szHnpALIc_G-7iJ3P43qU_Ha-tOnBNLeIb8VJwZ-WYyOCqjm4eKyY0RBdMYL9hJUYQ8e4NTPWu3VKSdqbKq3yDAuciv_Gd3LSua38Ht5xvFbWaCe2rUJ_ItQXDYWEZq7WR3AReXKdU HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=crimtan_holdings_limited&google_push=AXcoOmT01FylPpipJ3bX7szHnpALIc_G-7iJ3P43qU_Ha-tOnBNLeIb8VJwZ-WYyOCqjm4eKyY0RBdMYL9hJUYQ8e4NTPWu3VKSdqbKq3yDAuciv_Gd3LSua38Ht5xvFbWaCe2rUJ_ItQXDYWEZq7WR3AReXKdU&google_hm=gUESWOMsTpy4A1n1b6oTcIM

Request Chain 85

https://pm.w55c.net/ping_match.gif?ei=GOOGLE&rurl=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3D9675309%26google_hm%3D_wfivefivec64esc_&google_gid=CAESEHedXWuz8ihD2Zv80HAxWWw&google_cver=1&google_push=AXcoOmQBLDXCmrxt1E6I_44s9VYrQlbGcQUORnI88TSQsRtApISIRsKUyfWUwXh8Xxp6CRzkoMn57dG34WpxdAl7ue2ZGfDCf8blAZvPrGHeVM0OQQoWWClhbz71kYI_UQC4i8L7zZUf4Bl7vibzsFxi2RRkow HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=9675309&google_hm=WWw3T3ZtMmMxUnNpRzQ1&google_gid=CAESEHedXWuz8ihD2Zv80HAxWWw&google_cver=1&google_push=AXcoOmQBLDXCmrxt1E6I_44s9VYrQlbGcQUORnI88TSQsRtApISIRsKUyfWUwXh8Xxp6CRzkoMn57dG34WpxdAl7ue2ZGfDCf8blAZvPrGHeVM0OQQoWWClhbz71kYI_UQC4i8L7zZUf4Bl7vibzsFxi2RRkow

Request Chain 86

https://a.tribalfusion.com/i.match?p=b6&u=CAESEDcNxaVE7KvDJZUy-TIzo8o&google_cver=1&google_push=AXcoOmTXWh_Ap68Ewug21m3RMLGaplADKA5ygmWg0AllTbJQvMNmbP7ZbNRbcfAVbWq4W90K-mWxykgTMBuj3aVLy0YokDVhCwNuFmRXjWNhoSmf-nE4NVvC82ycLtIVhC6Xt50tlYu4yD6_XxYhRa9oTw_sM_o&redirect=https%3A//cm.g.doubleclick.net/pixel%3Fgoogle_nid%3Dexp%26google_push%3DAXcoOmTXWh_Ap68Ewug21m3RMLGaplADKA5ygmWg0AllTbJQvMNmbP7ZbNRbcfAVbWq4W90K-mWxykgTMBuj3aVLy0YokDVhCwNuFmRXjWNhoSmf-nE4NVvC82ycLtIVhC6Xt50tlYu4yD6_XxYhRa9oTw_sM_o%26google_ula%3D2786954%26google_hm%3D%24TF_USER_ID_ENC%24 HTTP 302
https://s.tribalfusion.com/z/i.match?p=b6&u=CAESEDcNxaVE7KvDJZUy-TIzo8o&google_cver=1&google_push=AXcoOmTXWh_Ap68Ewug21m3RMLGaplADKA5ygmWg0AllTbJQvMNmbP7ZbNRbcfAVbWq4W90K-mWxykgTMBuj3aVLy0YokDVhCwNuFmRXjWNhoSmf-nE4NVvC82ycLtIVhC6Xt50tlYu4yD6_XxYhRa9oTw_sM_o&redirect=https%3A//cm.g.doubleclick.net/pixel%3Fgoogle_nid%3Dexp%26google_push%3DAXcoOmTXWh_Ap68Ewug21m3RMLGaplADKA5ygmWg0AllTbJQvMNmbP7ZbNRbcfAVbWq4W90K-mWxykgTMBuj3aVLy0YokDVhCwNuFmRXjWNhoSmf-nE4NVvC82ycLtIVhC6Xt50tlYu4yD6_XxYhRa9oTw_sM_o%26google_ula%3D2786954%26google_hm%3D%24TF_USER_ID_ENC%24

Request Chain 88

https://pr-bh.ybp.yahoo.com/sync/adx?google_gid=CAESEJfiyrwSYFequbGadCAIxSg&google_cver=1&google_push=AXcoOmQY1Gau4mo4E7kD9xV6BzzVfXxcOnPyPqkraifH7ks7EXy-Zj_-QhUDSM_eHanQn1NUpNoaDxc1WsV82Jg_83Vj3mueGx0lTczQQ2lSIFvmMWKIa0GAEW3TJ9XaUQDK8G75dKcSifegzJeJP0f5IfMCpg HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=AXcoOmQY1Gau4mo4E7kD9xV6BzzVfXxcOnPyPqkraifH7ks7EXy-Zj_-QhUDSM_eHanQn1NUpNoaDxc1WsV82Jg_83Vj3mueGx0lTczQQ2lSIFvmMWKIa0GAEW3TJ9XaUQDK8G75dKcSifegzJeJP0f5IfMCpg&google_hm=eS01ZzhCZEpoRTJwRUE3VWtnSUNIRXpMMTloTmRsS05jbH5B

Request Chain 90

https://onetag-sys.com/match/?int_id=19&redir=1&google_gid=CAESEIHCBIcqm2kIvOidYdmmamE&google_cver=1&google_push=AXcoOmQtSuyIX_00phEovfgAiMgapn7E_xKeQHbnLeq84MMvd_wqBbPxBu485UMa76YgY0PvZuNQL8q-2gKUOfWHkHe9i4WSgqJ4dygF8Lm2GmaPd_5DBlZdwmSPBrNMbYSkujXcSPlaMjTLSQfXK1B-oxslgWU HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=AXcoOmQtSuyIX_00phEovfgAiMgapn7E_xKeQHbnLeq84MMvd_wqBbPxBu485UMa76YgY0PvZuNQL8q-2gKUOfWHkHe9i4WSgqJ4dygF8Lm2GmaPd_5DBlZdwmSPBrNMbYSkujXcSPlaMjTLSQfXK1B-oxslgWU

Request Chain 91

https://ius.ctnsnet.com/int/cm?exc=1&acc=crimtan_holdings_limited&google_gid=CAESEC817phjiXv8kHA17K4rAPE&google_cver=1&google_push=AXcoOmRDKZbpjwYzGs-1DCsMjC0WoAGc5i6dWAm6v0OYGkMa6CBNPvVEIC7XDxYXYkxSJmmV1jOXmn77BMcCzTtMjwmRwfWbamyKiBR4ZYC2hQJ2AYAEcPn48kXfYYSn6BXHWaSIIEI1vhpAaHpharMUbMOeW1nj HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=crimtan_holdings_limited&google_push=AXcoOmRDKZbpjwYzGs-1DCsMjC0WoAGc5i6dWAm6v0OYGkMa6CBNPvVEIC7XDxYXYkxSJmmV1jOXmn77BMcCzTtMjwmRwfWbamyKiBR4ZYC2hQJ2AYAEcPn48kXfYYSn6BXHWaSIIEI1vhpAaHpharMUbMOeW1nj&google_hm=gUESWOMsTpy4A1n1b6oTcIM

Request Chain 93

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Request Chain 94

https://googleads.g.doubleclick.net/pagead/adview?ai=CXPA2x9qvZY79OdvOn88Px52RiA_m0-n6cpr-kNf8EaeY79vaDxABIOe71htglYKggrAHoAH34pu0KMgBAqgDAcgDyQSqBM4BT9BBTOiCxCI-YoR_OHe16h7hP_2AUoKnK52byMIJciVTKYlK2jUys91uJMQbjjqXuJT1KwFDBM94Wu4MCoXsxWMZofdFDabZxpm5xf_cesm1zWk6xeDqhlTY-1JEn7uAAxwG7Y3k8jEt4t9ok4ORHu30ugS48V7BIfOqr2Fq_drEa1MzaT0aoM-Eq5EHX6ESd5UvTirgZM3gZFpRYq8eznrf2SwvVINJ86CHQVKXtQpt3NoPWajBpqm0puZciB58_BKAjuGIlB3nIeSNPf7ABOKo8IrHBIgFu_eAw0ySBQQIBBgBkgUECAUYBKAGAoAH95rskwOoB9m2sQKoB47OG6gHk9gbqAfulrECqAf-nrECqAfVyRuoB6a-G9gHAfIHBBCi6QXSCB8IgOGAEBABGB8yAqoCOgKAQEi9_cE6WPz90KDp84MDmgk6aHR0cHM6Ly9mcmVlLndlYmNvbXBhbmlvbi5jb20vbWluaW1lLz9jYW1wYWlnbj0yMDU0MTYxOTEzMYAKAcgLAdgTDdAVAYAXAbIXHAoaCAASFHB1Yi05NDIzNjg3Mzg3NDQzNzY3GAA&sigh=lOVDpKTi7pc&uach_m=%5BUACH%5D&ase=2&nis=4&cid=CAQSOwAvHhf_MJL4pB_XJZi7OaacVRBOa7zjiKCGpaLqTECMF8I0KfUPOaBYOLpxiKrZZLnm2qXnLECbuHWIGAE&cbvp=2&vis=1 HTTP 302
https://www.googleadservices.com/pagead/ar-adview/?nrh={%22debug_key%22:%227415666769099448090%22,%22debug_reporting%22:true,%22destination%22:%22https://webcompanion.com%22,%22event_report_window%22:%22259200%22,%22expiry%22:%222592000%22,%22filter_data%22:{%222%22:[%2210846925175%22],%2222%22:[%22true%22],%224%22:[%2201-23%22],%226%22:[%22true%22]},%22priority%22:%22500%22,%22source_event_id%22:%222099256516210908897%22}&andc=true

Request Chain 105

https://pixel.adsafeprotected.com/rfw/st/1878143/77875707/skeleton.gif?gdpr=&gdpr_consent=&gdpr_pd=&bundleId=&ias_dspID=3&ias_campId=1015808167&ias_pubId=pub-9423687387443767&ias_chanId=1&ias_placementId=20952930895&bidurl=http://crxextractor.com/&ias_dealId=&ias_xappb=&adsafe_par&ias_impId=v4~~ABAjH0hG7YYMFpyxzpzx-jlQZSQU HTTP 302
https://static.adsafeprotected.com/skeleton.gif?gdpr=&gdpr_consent=&gdpr_pd=&ias_xappb=

Request Chain 119

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEEbBc8ZZAihdniRI9w354hE&google_cver=1 HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEEbBc8ZZAihdniRI9w354hE&google_cver=1&C=1

Request Chain 120

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=Za-ayH3UL45IrUv-MFOK8QAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEEbBc8ZZAihdniRI9w354hE&google_cver=1

Request Chain 121

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESEETcVcF7oQN9v25NbeQBWt0&google_cver=1 HTTP 307
https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESEETcVcF7oQN9v25NbeQBWt0%26google_cver%3D1

Request Chain 122

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 307
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MTEwNTU0NzcyMjkxMTUxMTkyMw%3D%3D

Request Chain 142

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Request Chain 157

https://skydeutschland.demdex.net/event?d_event=imp&d_bu=9532313&d_site=5842564&d_src=158980&d_adsrc=&d_creative=208897098&d_placement=383991600&d_campaign=31081045&d_bust=2111374224&gdpr=&gdpr_consent= HTTP 302
https://skydeutschland.demdex.net/firstevent?d_event=imp&d_bu=9532313&d_site=5842564&d_src=158980&d_adsrc=&d_creative=208897098&d_placement=383991600&d_campaign=31081045&d_bust=2111374224&gdpr=&gdpr_consent=

Request Chain 161

https://googleads.g.doubleclick.net/pagead/adview?ai=Clet_x9qvZZbcN5ym2OMP0ZGWmAjdz8-Qdcz938CVEs_Xor3AARABIOe71htglYKggrAHoAHbyp6yKcgBAagDAcgDywSqBNQBT9C_gRnu-J8qN7lSxtipFBLjvaQ7zo7q4m8MnYlFDWvmJ2eK8nULwj3mIlvVLyFFavsAbpI96DBvIVBZVr7z8ck_g0TLP-ssPRwKcz4rRAIGnAyxhzC8sxppORsJXmWTcpYNNTfTez2lzMZJ3Ojn4PXYOPlvU-TzS5juiRhI0mNZ8oNL3ES23zHw9V4lHlHeg_TG5FT_Aytc9pmu-FMpAweE3KW-OLtLXWlL6BsyyRzxIUFgJpZyW6zjjEbWKG1CUA0RmX9q64cneiSRKDojzua-nOfABP39l8W9BIgF3dfi3kySBQQIBBgBkgUECAUYBIAHsqHN_wSoB9m2sQKoB47OG6gHk9gbqAfulrECqAf-nrECqAfVyRuoB6a-G9gHAfIHBBDOphTSCB8IgOGAEBABGB8yAqoCOgKAQEi9_cE6WPTXzqDp84MDmgknaHR0cHM6Ly9wbGF5Lmdvb2dsZS5jb20vZ29vZ2xlcGxheWdhbWVzgAoByAsBogwIKgYKBKy6sQLYEwqIFAHQFQGAFwGyFxwKGggAEhRwdWItOTQyMzY4NzM4NzQ0Mzc2NxgA&sigh=gaRZX3jV8QQ&uach_m=%5BUACH%5D&ase=2&nis=4&cid=CAQSTgAvHhf_yY8lPUjDJ5wvYqZujKAn47e3vAPelLCeqUH-_VxLXj8JRUFNQQuiVAR3LKi03CLrLQaRcCm9e01lvksErZ1bTrSXZXQb-5giZxgB&cbvp=2&vis=1 HTTP 302
https://www.googleadservices.com/pagead/ar-adview/?nrh={%22debug_key%22:%2211984488750824796121%22,%22debug_reporting%22:true,%22destination%22:%22https://google.com%22,%22event_report_window%22:%22259200%22,%22expiry%22:%222592000%22,%22filter_data%22:{%222%22:[%2211111212379%22],%2222%22:[%22true%22],%224%22:[%2201-23%22],%226%22:[%22true%22]},%22priority%22:%22500%22,%22source_event_id%22:%2214647334139639521489%22}&andc=true

Request Chain 162

https://ad.doubleclick.net/ddm/trackimp/N5295.134426.GOOGLEDISPLAYNETWOR/B30696776.379693347;dc_trk_aid=570374377;dc_trk_cid=200742503;ord=3561243638;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;gdpr=;gdpr_consent=;ltd=;dc_tdv=1?&cbvp=2 HTTP 302
https://ad.doubleclick.net/ddm/trackimp/N5295.134426.GOOGLEDISPLAYNETWOR/B30696776.379693347;dc_pre=COzLqqHp84MDFa2Z_QcdfewPaw;dc_trk_aid=570374377;dc_trk_cid=200742503;ord=3561243638;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;gdpr=;gdpr_consent=;ltd=;dc_tdv=1?&cbvp=2

Request Chain 163

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Request Chain 165

https://googleads.g.doubleclick.net/pagead/adview?ai=CklLux9qvZZSjOaPIn88P_eCeoALdz8-Qdcz938CVEs_Xor3AARABIOe71htglYKggrAHoAHbyp6yKcgBCagDAcgDywSqBM4BT9BgbZ82mURkpbOyNXgjzEpuKBv59b5R4ZXmjhDK20g1Zxke4xMz9ltzt5UhqBOPCVvvMGbEHVc0jyaJYmgqt3OkVIlo-c-9FHsbbVPdxIwF16fzTA1-8WkeIHemKhjUp-9-Iuhe0ToeT00qCHQYlAJ8UOCgYrIlPCQRp7lurn_rnqiEaJ8FQCiTz_p5JXfXwJ9ieTWzM-qyPEKAk7qPng-qk3K3X3WYgJJcI5PHaQfWUYdY8TdEtXsRsUMFEayAdbY_dDxP5nBKhXLfTQzABP39l8W9BIgF3dfi3kySBQQIBBgBkgUECAUYBKAGLoAHsqHN_wSoB9m2sQKoB47OG6gHk9gbqAfulrECqAf-nrECqAfVyRuoB6a-G9gHAPIHBBCX2A_SCB8IgOGAEBABGB8yAqoCOgKAQEi9_cE6WP2a0KDp84MDmgknaHR0cHM6Ly9wbGF5Lmdvb2dsZS5jb20vZ29vZ2xlcGxheWdhbWVzgAoByAsBuBPkA9gTCogUAdAVAYAXAbIXHAoaCAASFHB1Yi05NDIzNjg3Mzg3NDQzNzY3GAA&sigh=Xw3ROLCF9AY&uach_m=%5BUACH%5D&ase=2&nis=4&cid=CAQSTwAvHhf_iK_-CUpyijTUfzbGSlQBNGA7bOGkgRKa0VdgIeifiUrz6aTepySuBlgaloOrJOLkDlLiYWJf3_BTu4yEAuBwf4vbtNwwe9sVC7MYAQ&template_id=484&cbvp=2&vis=1 HTTP 302
https://www.googleadservices.com/pagead/ar-adview/?nrh={%22debug_key%22:%225922615648097931412%22,%22debug_reporting%22:true,%22destination%22:%22https://google.com%22,%22event_report_window%22:%22259200%22,%22expiry%22:%222592000%22,%22filter_data%22:{%222%22:[%2211111212379%22],%2222%22:[%22true%22],%224%22:[%2201-23%22],%226%22:[%22true%22]},%22priority%22:%22500%22,%22source_event_id%22:%229082605059234556545%22}&andc=true

Request Chain 166

https://ad.doubleclick.net/ddm/trackimp/N5295.134426.GOOGLEDISPLAYNETWOR/B30696776.379693347;dc_trk_aid=570374377;dc_trk_cid=200742503;ord=1268205068;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;gdpr=;gdpr_consent=;ltd=;dc_tdv=1?&cbvp=2 HTTP 302
https://ad.doubleclick.net/ddm/trackimp/N5295.134426.GOOGLEDISPLAYNETWOR/B30696776.379693347;dc_pre=CKTOqqHp84MDFWGjgwcdHRcOZQ;dc_trk_aid=570374377;dc_trk_cid=200742503;ord=1268205068;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;gdpr=;gdpr_consent=;ltd=;dc_tdv=1?&cbvp=2

183 HTTP transactions
11 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request / Show response
crxextractor.com/ 13 KB
5 KB 95ms
20ms Document
text/html 108.156.2.25
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: http://crxextractor.com/
Protocol: HTTP/1.1
Server: 108.156.2.25 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-108-156-2-25.mxp63.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 071865770f1c0ae0f5cdfaf1b32032893b20cf86524dfe57b01cb4af4902e0ff

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Age: 26943
Alt-Svc: h3=":443"; ma=86400
Connection: keep-alive
Content-Encoding: gzip
Content-Type: text/html
Date: Tue, 23 Jan 2024 07:58:01 GMT
ETag: W/"79adf69782c1a8cac16fa085fbb938c4"
Last-Modified: Mon, 04 Dec 2023 21:45:52 GMT
Server: AmazonS3
Transfer-Encoding: chunked
Vary: Accept-Encoding
Via: 1.1 d1eeb185861731e77bfcceda9556d144.cloudfront.net (CloudFront)
X-Amz-Cf-Id: wxZYDmPTYWlB7DQKPiKmEOOeF9OHxDvSlO79ZuteePvpJ_w_5sgAzA==
X-Amz-Cf-Pop: MXP63-P4
X-Cache: Hit from cloudfront
x-amz-server-side-encryption: AES256

GET
H2 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ 150 KB
51 KB 98ms
63ms Script
text/javascript 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-9423687387443767

Requested by

Host: crxextractor.com
URL: http://crxextractor.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

202080c6bc3cf861fd06f7e866f13f5de53722089fbddad99b7e948532228225

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://crxextractor.com/
Origin: http://crxextractor.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Tue, 23 Jan 2024 15:27:03 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 51566
x-xss-protection: 0
server: cafe
etag: 10022156034927977526
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
link: <https://googleads.g.doubleclick.net>; rel="preconnect"; crossorigin
expires: Tue, 23 Jan 2024 15:27:03 GMT

GET
H/1.1 200
OK logo.png
crxextractor.com/images/ 2 KB
3 KB 21ms
21ms Image
image/png 108.156.2.25
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://crxextractor.com/images/logo.png
Requested by: Host: crxextractor.com
URL: http://crxextractor.com/
Protocol: HTTP/1.1
Server: 108.156.2.25 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-108-156-2-25.mxp63.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 0457d978556eb3f40cbf51b432973e2a193a6062d5abee91d0683ae505a2ae95

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://crxextractor.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

Date: Tue, 23 Jan 2024 06:27:06 GMT
Via: 1.1 d1eeb185861731e77bfcceda9556d144.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: MXP63-P4
Age: 32398
x-amz-server-side-encryption: AES256
X-Cache: Hit from cloudfront
Connection: keep-alive
Alt-Svc: h3=":443"; ma=86400
Content-Length: 2103
Last-Modified: Mon, 04 Dec 2023 21:45:51 GMT
Server: AmazonS3
ETag: "74d20df30b128594754b5e5dd261f5e6"
Vary: Accept-Encoding
Content-Type: image/png
Accept-Ranges: bytes
X-Amz-Cf-Id: _LzP7gXikFtjciD16WMdtXAc0qpPL6FeF8ulIwepLjjV3ibekvLJUg==

GET
H/1.1 200
OK widgets.js Show response
platform.twitter.com/ 91 KB
28 KB 38ms
7ms Script
application/javascript 2606:2800:234:59:254c:406:2366:268c
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: http://platform.twitter.com/widgets.js
Requested by: Host: crxextractor.com
URL: http://crxextractor.com/
Protocol: HTTP/1.1
Server: 2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (frb/67A8) /
Resource Hash: 173460e89e6a7244218badae2016f65c48a3eae9d400802273eeca18b07336f1

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://crxextractor.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

Date: Tue, 23 Jan 2024 15:27:03 GMT
Content-Encoding: gzip
Age: 386
x-amz-server-side-encryption: AES256
X-Cache: HIT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server-Timing: x-cache;desc= HIT,x-tw-cdn;desc=VZ
Content-Length: 27597
Last-Modified: Mon, 11 Dec 2023 17:20:28 GMT
Server: ECS (frb/67A8)
Etag: "824beb891744db98ccbd3a456e59e0f7+gzip"
Vary: Accept-Encoding
Access-Control-Allow-Methods: GET
Content-Type: application/javascript; charset=utf-8
Access-Control-Allow-Origin: *
x-tw-cdn: VZ
Cache-Control: public, max-age=1800

GET
H/1.1 200
OK stylesheet.min.css
crxextractor.com/css/ 10 KB
3 KB 41ms
23ms Stylesheet
text/css 108.156.2.25
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: http://crxextractor.com/css/stylesheet.min.css
Requested by: Host: crxextractor.com
URL: http://crxextractor.com/
Protocol: HTTP/1.1
Server: 108.156.2.25 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-108-156-2-25.mxp63.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 09ed498c273f95ded9ce6f2d2945b29d5b5fefaa787d798d6c0c5e100a9badff

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://crxextractor.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

Date: Tue, 23 Jan 2024 12:53:02 GMT
Content-Encoding: gzip
Via: 1.1 dcb150b6d29d870238d0b44e37d745a8.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: MXP63-P4
Age: 9242
x-amz-server-side-encryption: AES256
Transfer-Encoding: chunked
X-Cache: Hit from cloudfront
Connection: keep-alive
Alt-Svc: h3=":443"; ma=86400
Last-Modified: Mon, 04 Dec 2023 21:45:51 GMT
Server: AmazonS3
ETag: W/"22d88e096710d4ca0bb51c307036c63b"
Vary: Accept-Encoding
Content-Type: text/css
X-Amz-Cf-Id: xlShv0P-ZouYr6hVFK6HvZRw-Sv-5sgOyz6W0uJxx3E2ynQP7rikOQ==

GET
H/1.1 200
OK typicons.min.css
crxextractor.com/css/ 15 KB
3 KB 26ms
18ms Stylesheet
text/css 108.156.2.25
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: http://crxextractor.com/css/typicons.min.css
Requested by: Host: crxextractor.com
URL: http://crxextractor.com/
Protocol: HTTP/1.1
Server: 108.156.2.25 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-108-156-2-25.mxp63.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 8660ed12799916f277ccbb1fa1ba74dc2483dffa91089998ddfed5a9feb32200

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://crxextractor.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

Date: Tue, 23 Jan 2024 07:58:01 GMT
Content-Encoding: gzip
Via: 1.1 d1eeb185861731e77bfcceda9556d144.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: MXP63-P4
Age: 26942
x-amz-server-side-encryption: AES256
Transfer-Encoding: chunked
X-Cache: Hit from cloudfront
Connection: keep-alive
Alt-Svc: h3=":443"; ma=86400
Last-Modified: Mon, 04 Dec 2023 21:45:51 GMT
Server: AmazonS3
ETag: W/"5d68383bd41df3b979ee00688e6e8821"
Vary: Accept-Encoding
Content-Type: text/css
X-Amz-Cf-Id: caUCqykXItZ4kRgRkAlamHDRqGkLiv74vuVqaSMWGqXhqPQxYRDHtQ==

GET
H2 200 css
fonts.googleapis.com/ 2 KB
964 B 56ms
21ms Stylesheet
text/css 2a00:1450:4001:827::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Raleway

Requested by

Host: crxextractor.com
URL: http://crxextractor.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

c127a7f93d3ea162c7086632dba913392b83faf29d513c9952f32ead527a2f41

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://crxextractor.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Tue, 23 Jan 2024 15:27:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Tue, 23 Jan 2024 14:27:40 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Tue, 23 Jan 2024 15:27:03 GMT

GET
H/1.1 200
OK jquery.min.js Show response
crxextractor.com/js/ 95 KB
34 KB 37ms
19ms Script
application/javascript 108.156.2.25
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: http://crxextractor.com/js/jquery.min.js
Requested by: Host: crxextractor.com
URL: http://crxextractor.com/
Protocol: HTTP/1.1
Server: 108.156.2.25 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-108-156-2-25.mxp63.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 5a325cf127c6cf1272cd26810b58e77e7ed1364f3484bb2b6121060f383faceb

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://crxextractor.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

Date: Tue, 23 Jan 2024 06:27:06 GMT
Content-Encoding: gzip
Via: 1.1 dcb150b6d29d870238d0b44e37d745a8.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: MXP63-P4
Age: 32398
x-amz-server-side-encryption: AES256
Transfer-Encoding: chunked
X-Cache: Hit from cloudfront
Connection: keep-alive
Alt-Svc: h3=":443"; ma=86400
Last-Modified: Mon, 04 Dec 2023 21:45:52 GMT
Server: AmazonS3
ETag: W/"e721628fa89656c0bbf9846e1f50611f"
Vary: Accept-Encoding
Content-Type: application/javascript
X-Amz-Cf-Id: errHi5EAUk2lULO9ovld5nJSP4rFroP6ZQBH7lQ3Q2TzSFw9wEqnWA==

GET
H/1.1 200
OK app.min.js Show response
crxextractor.com/js/ 5 KB
3 KB 38ms
20ms Script
application/javascript 108.156.2.25
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: http://crxextractor.com/js/app.min.js
Requested by: Host: crxextractor.com
URL: http://crxextractor.com/
Protocol: HTTP/1.1
Server: 108.156.2.25 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-108-156-2-25.mxp63.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 37169bef98fa54cc2b34335698c773dc57e1ce1b542054183e5b25ed74f3fcaa

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://crxextractor.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

Date: Tue, 23 Jan 2024 07:11:22 GMT
Content-Encoding: gzip
Via: 1.1 d1eeb185861731e77bfcceda9556d144.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: MXP63-P4
Age: 29742
x-amz-server-side-encryption: AES256
Transfer-Encoding: chunked
X-Cache: Hit from cloudfront
Connection: keep-alive
Alt-Svc: h3=":443"; ma=86400
Last-Modified: Mon, 04 Dec 2023 21:45:52 GMT
Server: AmazonS3
ETag: W/"6eadc49ad651fb2e8c87710bdca10020"
Vary: Accept-Encoding
Content-Type: application/javascript
X-Amz-Cf-Id: v-_Rw6OrN07tMdXetLWCCfBs3NZbwfLMpWAAw6FjXsAB_nMGStqqwA==

GET
H2 200 buttons.js Show response
buttons.github.io/ 19 KB
7 KB 91ms
9ms Script
application/javascript 2606:50c0:8001::153
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://buttons.github.io/buttons.js
Requested by: Host: crxextractor.com
URL: http://crxextractor.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:50c0:8001::153 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: GitHub.com /
Resource Hash: 0738580e85e7fdef026f377d497b2791985a1b161bb9b573ed15798e1d91ea48

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://crxextractor.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

x-fastly-request-id: b62c4413c3c0cb325da7d876798087953ee6ac84
date: Tue, 23 Jan 2024 15:27:03 GMT
content-encoding: gzip
via: 1.1 varnish
x-cache-hits: 15
age: 571
x-cache: HIT
x-proxy-cache: MISS
content-length: 6828
x-served-by: cache-fra-eddf8230077-FRA
last-modified: Fri, 19 Jan 2024 22:36:00 GMT
server: GitHub.com
x-github-request-id: 5C96:3E9A58:2394008:2427F0F:65AAFA05
x-timer: S1706023623.388762,VS0,VE1
etag: W/"65aaf950-4d5e"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=600
permissions-policy: interest-cohort=()
accept-ranges: bytes
x-origin-cache: HIT
expires: Fri, 19 Jan 2024 22:49:01 GMT

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 239 KB
86 KB 61ms
29ms Script
application/javascript 2a00:1450:4001:80b::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-FVTW7P4

Requested by

Host: crxextractor.com
URL: http://crxextractor.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

a70f4b0aff0150d346ced92da61f304db811289f142a88a6d3dac8e6a6ce5d4f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://crxextractor.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Tue, 23 Jan 2024 15:27:03 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 87353
x-xss-protection: 0
last-modified: Tue, 23 Jan 2024 15:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Tue, 23 Jan 2024 15:27:03 GMT

GET
H2 200 counter.html Show response
c.yvoschaap.com/producthunt/ Frame 78B1 12 KB
5 KB 230ms
77ms Document
text/html 136.144.177.247
TRANSIP-AS Amsterdam

General

Check archive.org

Show headers Download Go to

Full URL: https://c.yvoschaap.com/producthunt/counter.html
Requested by: Host: crxextractor.com
URL: http://crxextractor.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 136.144.177.247 Amsterdam, Netherlands, ASN20857 (TRANSIP-AS Amsterdam, the Netherlands, NL),
Reverse DNS: dutch.entrepreneurial.com
Software: Apache /
Resource Hash: 23c55d62d4bf57a2673662d1ee3b9f9bf221491bcc26195d7de7b9e7aed04a08

Request headers

Referer: http://crxextractor.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: max-age=60, s-maxage=460, must-revalidate
content-encoding: gzip
content-type: text/html; charset=utf-8
date: Tue, 23 Jan 2024 15:27:03 GMT
server: Apache
vary: Accept-Encoding

GET
H2 200 counter.html Show response
c.yvoschaap.com/producthunt/ Frame 3892 12 KB
5 KB 206ms
65ms Document
text/html 136.144.177.247
TRANSIP-AS Amsterdam

General

Check archive.org

Show headers Download Go to

Full URL: https://c.yvoschaap.com/producthunt/counter.html
Requested by: Host: crxextractor.com
URL: http://crxextractor.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 136.144.177.247 Amsterdam, Netherlands, ASN20857 (TRANSIP-AS Amsterdam, the Netherlands, NL),
Reverse DNS: dutch.entrepreneurial.com
Software: Apache /
Resource Hash: 23c55d62d4bf57a2673662d1ee3b9f9bf221491bcc26195d7de7b9e7aed04a08

Request headers

Referer: http://crxextractor.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: max-age=60, s-maxage=460, must-revalidate
content-encoding: gzip
content-type: text/html; charset=utf-8
date: Tue, 23 Jan 2024 15:27:03 GMT
server: Apache
vary: Accept-Encoding

GET
H/1.1 200
OK typicons.woff
crxextractor.com/css/ 58 KB
59 KB 18ms
18ms Font
font/woff 108.156.2.25
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: http://crxextractor.com/css/typicons.woff
Requested by: Host: crxextractor.com
URL: http://crxextractor.com/css/typicons.min.css
Protocol: HTTP/1.1
Server: 108.156.2.25 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-108-156-2-25.mxp63.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: c2430aad2b6a33948dc064cfaee8ad65ff9e3ca439834f3aaa84abec3d10dea8

Request headers

Referer: http://crxextractor.com/css/typicons.min.css
Origin: http://crxextractor.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

Date: Tue, 23 Jan 2024 06:27:06 GMT
Via: 1.1 d1eeb185861731e77bfcceda9556d144.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: MXP63-P4
Age: 32398
x-amz-server-side-encryption: AES256
X-Cache: Hit from cloudfront
Connection: keep-alive
Alt-Svc: h3=":443"; ma=86400
Content-Length: 59872
Last-Modified: Mon, 04 Dec 2023 21:45:51 GMT
Server: AmazonS3
ETag: "95aa28e29618c068e8a53f64c87cb6a9"
Vary: Accept-Encoding
Content-Type: font/woff
Accept-Ranges: bytes
X-Amz-Cf-Id: GcYSVT0797weC2TbBYyFy7dlX-XMOJ-udmY49RSkQd4xousy0-WSwA==

GET
H2 200 1Ptxg8zYS_SKggPN4iEgvnHyvveLxVvaorCIPrE.woff2
fonts.gstatic.com/s/raleway/v29/ 22 KB
22 KB 33ms
8ms Font
font/woff2 2a00:1450:4001:806::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/raleway/v29/1Ptxg8zYS_SKggPN4iEgvnHyvveLxVvaorCIPrE.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Raleway

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5ec1e2ebe080ec8fbfbdc7dd9c0c25449e1d98e4e947c11a00fd770d8841698b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: http://crxextractor.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Sat, 20 Jan 2024 03:15:42 GMT
x-content-type-options: nosniff
age: 303081
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 22420
x-xss-protection: 0
last-modified: Thu, 14 Sep 2023 00:56:44 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 19 Jan 2025 03:15:42 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 52 KB
21 KB 65ms
14ms Script
text/javascript 2a00:1450:4001:812::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: crxextractor.com
URL: http://crxextractor.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://crxextractor.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
date: Tue, 23 Jan 2024 15:26:34 GMT
last-modified: Tue, 12 Dec 2023 18:09:08 GMT
server: Golfe2
age: 29
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20994
expires: Tue, 23 Jan 2024 17:26:34 GMT

GET
H/1.1 200
OK widget_iframe.2f70fb173b9000da126c79afe2098f02.html Show response
platform.twitter.com/widgets/ Frame E6D2 319 KB
104 KB 34ms
10ms Document
text/html 2606:2800:234:59:254c:406:2366:268c
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/widgets/widget_iframe.2f70fb173b9000da126c79afe2098f02.html?origin=http%3A%2F%2Fcrxextractor.com
Requested by: Host: platform.twitter.com
URL: http://platform.twitter.com/widgets.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (frb/6712) /
Resource Hash: 70c00445d6632039ed99af760731daf3bf60eb12061863ee61e2cd7276a54d18

Request headers

Referer: http://crxextractor.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Access-Control-Allow-Methods: GET
Access-Control-Allow-Origin: *
Age: 3708324
Cache-Control: public, max-age=315360000
Content-Encoding: gzip
Content-Length: 105429
Content-Type: text/html; charset=utf-8
Date: Tue, 23 Jan 2024 15:27:03 GMT
Etag: "81267302efdfb3e4524a22631a8fc99e+gzip"
Last-Modified: Mon, 11 Dec 2023 17:19:49 GMT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server: ECS (frb/6712)
Server-Timing: x-cache;desc= HIT,x-tw-cdn;desc=VZ
Vary: Accept-Encoding
X-Cache: HIT
x-amz-server-side-encryption: AES256
x-tw-cdn: VZ

GET
H3 200 show_ads_impl_with_ama_fy2021.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202401180101/ 403 KB
137 KB 91ms
75ms Script
text/javascript 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202401180101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-9423687387443767&plah=crxextractor.com

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-9423687387443767

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

85ddc001f1100d307bdd09ac77d0426fe036ba75906ce1b3238bd5c1715f1e7e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://crxextractor.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Tue, 23 Jan 2024 15:27:03 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 139812
x-xss-protection: 0
server: cafe
etag: 3104354922272985630
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Tue, 23 Jan 2024 15:27:03 GMT

GET
H2 200 zrt_lookup_fy2021.html Show response
googleads.g.doubleclick.net/pagead/html/r20240118/r20190131/ Frame 1831 9 KB
4 KB 62ms
13ms Document
text/html 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20240118/r20190131/zrt_lookup_fy2021.html

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-9423687387443767

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e93b8c0ae5b5910b7107c8b455eda029935c56efa8de0be2443d8eabba207197

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://crxextractor.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 54125
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4173
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 23 Jan 2024 00:24:58 GMT
etag: 9219409622527106327
expires: Tue, 06 Feb 2024 00:24:58 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 300 KB
100 KB 25ms
24ms Script
application/javascript 2a00:1450:4001:80b::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-MSVY8TC2LJ&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-FVTW7P4

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

49944fcd898f3ca5ef5f577bb3e7a2356fb982321b5ccd1dc20234b79984a788

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://crxextractor.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Tue, 23 Jan 2024 15:27:03 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 102510
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Tue, 23 Jan 2024 15:27:03 GMT

GET
H2 200 tag.js Show response
mc.yandex.ru/metrika/ 204 KB
71 KB 240ms
115ms Script
application/javascript 2a02:6b8::1:119
YANDEX

General

Check archive.org

Show headers Download Go to

Full URL

https://mc.yandex.ru/metrika/tag.js

Requested by

Host: crxextractor.com
URL: http://crxextractor.com/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:6b8::1:119 , Russian Federation, ASN13238 (YANDEX, RU),

Reverse DNS

Software

Resource Hash

39a024ead02e1e7562777685bf017a583ca1e43b10ba860b1952609ba0e983f5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://crxextractor.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Tue, 23 Jan 2024 15:27:03 GMT
content-encoding: br
strict-transport-security: max-age=31536000
last-modified: Mon, 22 Jan 2024 14:13:04 GMT
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
etag: "65ae77f0-11838"
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=3600
timing-allow-origin: *
content-length: 71736
expires: Tue, 23 Jan 2024 16:27:03 GMT

GET
H2 200 settings Show response
syndication.twitter.com/ Frame E6D2 869 B
658 B 189ms
164ms Fetch
application/json 104.244.42.72
TWITTER

General

Check archive.org

Show headers Download Go to

Full URL

https://syndication.twitter.com/settings?session_id=dda86d14335582d969d78c20555587c6a92d888d

Requested by

Host: platform.twitter.com
URL: https://platform.twitter.com/widgets/widget_iframe.2f70fb173b9000da126c79afe2098f02.html?origin=http%3A%2F%2Fcrxextractor.com

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.244.42.72 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

302da628a6afc3e93f1b86bf7c65e4d6536d8283d78266964822a76d1c645aa4

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://platform.twitter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

x-response-time: 157
date: Tue, 23 Jan 2024 15:27:02 GMT
content-encoding: gzip
strict-transport-security: max-age=631138519
last-modified: Tue, 23 Jan 2024 15:27:03 GMT
server: tsa_o
vary: Origin
content-type: application/json; charset=utf-8
access-control-allow-origin: https://platform.twitter.com
x-transaction-id: 9489fa3992a08bab
cache-control: must-revalidate, max-age=600
access-control-allow-credentials: true
perf: 7469935968
x-connection-hash: c20749e32a63b721becc70bb2fe81c251ab92243680a7eea44193e91e9c2da6a
content-length: 337

GET
H2 200 proxy.php Show response
yvoschaap.com/producthunt/ Frame 3892 951 B
816 B 497ms
77ms Script
text/html 136.144.177.247
TRANSIP-AS Amsterdam

General

Check archive.org

Show headers Download Go to

Full URL: https://yvoschaap.com/producthunt/proxy.php?url=http%3A%2F%2Fwww.producthunt.com%2Fr%2F339d34a3779743%2F73424&per_page=1&key=49585a7059dfa38830cb9bf263f4f562ada69595&callback=phShare
Requested by: Host: c.yvoschaap.com
URL: https://c.yvoschaap.com/producthunt/counter.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 136.144.177.247 Amsterdam, Netherlands, ASN20857 (TRANSIP-AS Amsterdam, the Netherlands, NL),
Reverse DNS: dutch.entrepreneurial.com
Software: Apache /
Resource Hash: fe1673f86e0de422bc66021ef8a99bdc352b013946e0586e98279d0ac002f999

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://c.yvoschaap.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Tue, 23 Jan 2024 15:27:04 GMT
cache-control: max-age=60, s-maxage=300, must-revalidate
content-encoding: gzip
server: Apache
vary: Accept-Encoding
content-type: text/html; charset=utf-8

GET
H2 200 analytics.js Show response
www.google-analytics.com/ Frame 3892 52 KB
21 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:812::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: c.yvoschaap.com
URL: https://c.yvoschaap.com/producthunt/counter.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://c.yvoschaap.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
date: Tue, 23 Jan 2024 15:26:34 GMT
last-modified: Tue, 12 Dec 2023 18:09:08 GMT
server: Golfe2
age: 29
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20994
expires: Tue, 23 Jan 2024 17:26:34 GMT

GET
H2 200 proxy.php Show response
yvoschaap.com/producthunt/ Frame 78B1 951 B
715 B 508ms
96ms Script
text/html 136.144.177.247
TRANSIP-AS Amsterdam

General

Check archive.org

Show headers Download Go to

Full URL: https://yvoschaap.com/producthunt/proxy.php?url=http%3A%2F%2Fwww.producthunt.com%2Fr%2F339d34a3779743%2F73424&per_page=1&key=49585a7059dfa38830cb9bf263f4f562ada69595&callback=phShare
Requested by: Host: c.yvoschaap.com
URL: https://c.yvoschaap.com/producthunt/counter.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 136.144.177.247 Amsterdam, Netherlands, ASN20857 (TRANSIP-AS Amsterdam, the Netherlands, NL),
Reverse DNS: dutch.entrepreneurial.com
Software: Apache /
Resource Hash: fe1673f86e0de422bc66021ef8a99bdc352b013946e0586e98279d0ac002f999

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://c.yvoschaap.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Tue, 23 Jan 2024 15:27:04 GMT
cache-control: max-age=60, s-maxage=300, must-revalidate
content-encoding: gzip
server: Apache
content-length: 684
vary: Accept-Encoding
content-type: text/html; charset=utf-8

GET
H2 200 analytics.js Show response
www.google-analytics.com/ Frame 78B1 52 KB
21 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:812::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: c.yvoschaap.com
URL: https://c.yvoschaap.com/producthunt/counter.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://c.yvoschaap.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
date: Tue, 23 Jan 2024 15:26:34 GMT
last-modified: Tue, 12 Dec 2023 18:09:08 GMT
server: Golfe2
age: 29
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20994
expires: Tue, 23 Jan 2024 17:26:34 GMT

GET
DATA 200
OK truncated
/ Frame 78B1 1 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 7532a478931adf6ae387b01d56903e4571880f59b942d0dc935a4d434febf4ea

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame 78B1 376 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 568b64730ca99a96d9df2581bc1f5fa79f95b0feb2aa3f4320846c71fb0370e9

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ Frame 3892 1 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 7532a478931adf6ae387b01d56903e4571880f59b942d0dc935a4d434febf4ea

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame 3892 376 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 568b64730ca99a96d9df2581bc1f5fa79f95b0feb2aa3f4320846c71fb0370e9

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

Content-Type: image/svg+xml

POST
H3 200 collect Show response
www.google-analytics.com/j/ 16 B
36 B 15ms
14ms XHR
text/plain 2a00:1450:4001:812::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j101&a=1231294326&t=pageview&_s=1&dl=http%3A%2F%2Fcrxextractor.com%2F&ul=en-us&de=UTF-8&dt=Get%20.CRX%20Chrome%20Extension%20file%2C%20it%27s%20source%20code%20and%20download%20.CRX%20to%20your%20computer.&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=IEBAAEABAAAAACAAI~&jid=1972140126&gjid=2063348107&cid=1799445298.1706023624&tid=UA-82390179-1&_gid=424764968.1706023624&_r=1&_slc=1&z=1278718434

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

405087ab3b2ba35535c59017431d2b9e02081a581af8a8e2593e52ffb0c363c1

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: http://crxextractor.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Tue, 23 Jan 2024 15:27:03 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: http://crxextractor.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 16
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 1 B
346 B 57ms
19ms XHR
text/plain 2a00:1450:400c:c1d::9a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j101&tid=UA-82390179-1&cid=1799445298.1706023624&jid=1972140126&gjid=2063348107&_gid=424764968.1706023624&_u=IEBAAEAAAAAAACAAI~&z=974201194

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c1d::9a Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: http://crxextractor.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Tue, 23 Jan 2024 15:27:03 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: http://crxextractor.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ 232 KB
82 KB 25ms
25ms Script
application/javascript 2a00:1450:4001:80b::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-0FG1T3YJEH&cx=c&_slc=1

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

83456962807c283aaeaf89137052a32d7d1b2301035644d159acc31e001f48e7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://crxextractor.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Tue, 23 Jan 2024 15:27:03 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 83800
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Tue, 23 Jan 2024 15:27:03 GMT

GET
H2 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 0706 237 KB
61 KB 741ms
740ms Document
text/html 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9423687387443767&output=html&adk=1812271804&adf=3025194257&lmt=1701726352&plat=3%3A16%2C4%3A16%2C9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A34635776%2C32%3A32%2C41%3A32%2C42%3A32&format=0x0&url=http%3A%2F%2Fcrxextractor.com%2F&pra=5&wgl=1&easpi=0&asro=0&aslmt=0.4&asamt=-1&asedf=0&asefa=1&aseiel=1~2~4~6&aslcwct=150&asacwct=25&dt=1706023623490&bpp=7&bdt=208&idt=235&shv=r20240118&mjsv=m202401180101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=448175540734&frm=20&pv=2&ga_vid=1799445298.1706023624&ga_sid=1706023624&ga_hid=1231294326&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=95320239%2C44759875%2C44759926%2C31080590%2C95321627%2C95322164&oid=2&pvsid=449049430172357&tmod=415826105&uas=0&nvt=1&fsapi=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=23&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=1&uci=a!1&fsb=1&dtd=262

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202401180101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-9423687387443767&plah=crxextractor.com

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

2a5f35959c7cefb1202cd3ca5b9f406d7c5831813c129da06d7a53270ca6605d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://crxextractor.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 62649
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 23 Jan 2024 15:27:04 GMT
expires: Tue, 23 Jan 2024 15:27:04 GMT
observe-browsing-topics: ?1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

POST
H2 204 collect
region1.google-analytics.com/g/ 0
254 B 40ms
15ms Ping
text/plain 2001:4860:4802:32::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.google-analytics.com/g/collect?v=2&tid=G-MSVY8TC2LJ&gtm=45je41h0v899460725z8899449518&_p=1706023623304&gcd=11l1l1l1l1&dma_cps=sypham&dma=1&tag_exp=71847096&cid=1799445298.1706023624&ul=en-us&sr=1600x1200&_s=1&sid=1706023623&sct=1&seg=0&dl=http%3A%2F%2Fcrxextractor.com%2F&dt=Get%20.CRX%20Chrome%20Extension%20file%2C%20it%27s%20source%20code%20and%20download%20.CRX%20to%20your%20computer.&en=page_view&_fv=1&_ss=1&tfd=609
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-MSVY8TC2LJ&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:32::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://crxextractor.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 23 Jan 2024 15:27:03 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: http://crxextractor.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/10996470628/ 3 KB
1 KB 45ms
45ms Script
text/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/10996470628/?random=1706023623794&cv=11&fst=1706023623794&bg=ffffff&guid=ON&async=1&gtm=45je41h0v899460725z8899449518&gcd=11l1l1l1l1&dma_cps=sypham&dma=1&tag_exp=71847096&u_w=1600&u_h=1200&url=http%3A%2F%2Fcrxextractor.com%2F&hn=www.googleadservices.com&frm=0&tiba=Get%20.CRX%20Chrome%20Extension%20file%2C%20it%27s%20source%20code%20and%20download%20.CRX%20to%20your%20computer.&auid=736823740.1706023624&data=event%3Dgtag.config&rfmt=3&fmt=4

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-MSVY8TC2LJ&l=dataLayer&cx=c

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a164d34575179f5ec5ec95fcbf521265706d0dfa048b48fd585f2e8e1f0db4ac

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://crxextractor.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 23 Jan 2024 15:27:03 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1326
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 2660 128 KB
42 KB 1027ms
1027ms Document
text/html 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9423687387443767&output=html&h=280&slotname=2749869570&adk=895343530&adf=854766408&pi=t.ma~as.2749869570&w=1200&fwrn=4&fwrnh=100&lmt=1701726352&rafmt=1&format=1200x280&url=http%3A%2F%2Fcrxextractor.com%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&dt=1706023623497&bpp=2&bdt=216&idt=310&shv=r20240118&mjsv=m202401180101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=448175540734&frm=20&pv=1&ga_vid=1799445298.1706023624&ga_sid=1706023624&ga_hid=1231294326&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=200&ady=20&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=95320239%2C44759875%2C44759926%2C31080590%2C95321627%2C95322164&oid=2&pvsid=449049430172357&tmod=415826105&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CEe%7C&abl=CS&pfx=0&fu=128&bc=23&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=a!2&fsb=1&dtd=316

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ce97f1912d6312e077b287d848b5bad9b3959f80a1cfc340845d8bdc0f0ff36c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://crxextractor.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 43417
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 23 Jan 2024 15:27:04 GMT
expires: Tue, 23 Jan 2024 15:27:04 GMT
observe-browsing-topics: ?1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame F029 122 KB
41 KB 1071ms
1071ms Document
text/html 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9423687387443767&output=html&h=280&slotname=2749869570&adk=686159903&adf=1854955444&pi=t.ma~as.2749869570&w=1200&fwrn=4&fwrnh=100&lmt=1701726352&rafmt=1&format=1200x280&url=http%3A%2F%2Fcrxextractor.com%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&dt=1706023623499&bpp=1&bdt=218&idt=340&shv=r20240118&mjsv=m202401180101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280&nras=1&correlator=448175540734&frm=20&pv=1&ga_vid=1799445298.1706023624&ga_sid=1706023624&ga_hid=1231294326&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=380&ady=401&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=95320239%2C44759875%2C44759926%2C31080590%2C95321627%2C95322164&oid=2&pvsid=449049430172357&tmod=415826105&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7ClEe%7C&abl=CS&pfx=0&fu=128&bc=23&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=3&uci=a!3&fsb=1&dtd=345

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a6f5d067f091e603cb7e562eabd950a869239a02674f8be63ac4b6bafeaceab7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://crxextractor.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 41573
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 23 Jan 2024 15:27:04 GMT
expires: Tue, 23 Jan 2024 15:27:04 GMT
observe-browsing-topics: ?1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 3AAB 120 KB
43 KB 585ms
584ms Document
text/html 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9423687387443767&output=html&h=280&slotname=2749869570&adk=3042395938&adf=2469204067&pi=t.ma~as.2749869570&w=920&fwrn=4&fwrnh=100&lmt=1701726352&rafmt=1&format=920x280&url=http%3A%2F%2Fcrxextractor.com%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&dt=1706023623500&bpp=1&bdt=219&idt=349&shv=r20240118&mjsv=m202401180101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280%2C1200x280&nras=1&correlator=448175540734&frm=20&pv=1&ga_vid=1799445298.1706023624&ga_sid=1706023624&ga_hid=1231294326&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=340&ady=1626&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=95320239%2C44759875%2C44759926%2C31080590%2C95321627%2C95322164&oid=2&pvsid=449049430172357&tmod=415826105&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=23&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=4&uci=a!4&btvi=1&fsb=1&dtd=356

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

2ded9cc04a7517fd8fefb73286538ef915c8016dc99ee8a8e95f47f2d2441097

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://crxextractor.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 44183
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 23 Jan 2024 15:27:04 GMT
expires: Tue, 23 Jan 2024 15:27:04 GMT
observe-browsing-topics: ?1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame EE28 91 KB
30 KB 417ms
417ms Document
text/html 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9423687387443767&output=html&h=1585&slotname=1852501122&adk=1571748778&adf=1997393257&pi=t.ma~as.1852501122&w=461&cr_col=1&cr_row=13&fwrn=2&lmt=1701726352&rafmt=9&format=461x1585&url=http%3A%2F%2Fcrxextractor.com%2F&crui=image_sidebyside&fwr=0&wgl=1&dt=1706023623501&bpp=1&bdt=219&idt=358&shv=r20240118&mjsv=m202401180101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280%2C1200x280%2C920x280&nras=1&correlator=448175540734&frm=20&pv=1&ga_vid=1799445298.1706023624&ga_sid=1706023624&ga_hid=1231294326&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=819&ady=2705&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=95320239%2C44759875%2C44759926%2C31080590%2C95321627%2C95322164&oid=2&pvsid=449049430172357&tmod=415826105&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CEebr%7C&abl=CS&pfx=0&fu=128&bc=23&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=5&uci=a!5&btvi=2&fsb=1&dtd=362

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7dc41fdc3e1b62ef47745aa9154a0f8f1488d551f0ac35ab4903c050d8a78be2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://crxextractor.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 30747
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 23 Jan 2024 15:27:04 GMT
expires: Tue, 23 Jan 2024 15:27:04 GMT
observe-browsing-topics: ?1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

POST
H2 204 collect
region1.google-analytics.com/g/ 0
45 B 26ms
25ms Ping
text/plain 2001:4860:4802:32::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.google-analytics.com/g/collect?v=2&tid=G-0FG1T3YJEH&gtm=45je41h0v9112707551&_p=1706023623304&gcd=11l1l1l1l2&dma_cps=sypham&dma=1&tag_exp=71847096&ul=en-us&sr=1600x1200&cid=1799445298.1706023624&ir=1&_eu=EBAI&_s=1&dl=http%3A%2F%2Fcrxextractor.com%2F&dt=Get%20.CRX%20Chrome%20Extension%20file%2C%20it%27s%20source%20code%20and%20download%20.CRX%20to%20your%20computer.&sid=1706023623&sct=1&seg=0&en=page_view&_fv=1&_ss=1&_ee=1&tfd=714
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-0FG1T3YJEH&cx=c&_slc=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:32::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://crxextractor.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 23 Jan 2024 15:27:03 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: http://crxextractor.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.com/pagead/1p-user-list/10996470628/ 42 B
455 B 76ms
25ms Image
image/gif 2a00:1450:4001:828::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/10996470628/?random=1706023623794&cv=11&fst=1706022000000&bg=ffffff&guid=ON&async=1&gtm=45je41h0v899460725z8899449518&u_w=1600&u_h=1200&url=http%3A%2F%2Fcrxextractor.com%2F&frm=0&tiba=Get%20.CRX%20Chrome%20Extension%20file%2C%20it%27s%20source%20code%20and%20download%20.CRX%20to%20your%20computer.&data=event%3Dgtag.config&fmt=3&is_vtc=1&cid=CAQSGwAvHhf_aN5G2hJDpzlCFRqgb5pn4axLsoQUbQ&random=2908602433&rmt_tld=0&ipr=y

Requested by

Host: crxextractor.com
URL: http://crxextractor.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://crxextractor.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 23 Jan 2024 15:27:03 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.de/pagead/1p-user-list/10996470628/ 42 B
455 B 131ms
71ms Image
image/gif 2a00:1450:4001:811::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/10996470628/?random=1706023623794&cv=11&fst=1706022000000&bg=ffffff&guid=ON&async=1&gtm=45je41h0v899460725z8899449518&u_w=1600&u_h=1200&url=http%3A%2F%2Fcrxextractor.com%2F&frm=0&tiba=Get%20.CRX%20Chrome%20Extension%20file%2C%20it%27s%20source%20code%20and%20download%20.CRX%20to%20your%20computer.&data=event%3Dgtag.config&fmt=3&is_vtc=1&cid=CAQSGwAvHhf_aN5G2hJDpzlCFRqgb5pn4axLsoQUbQ&random=2908602433&rmt_tld=1&ipr=y

Requested by

Host: crxextractor.com
URL: http://crxextractor.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://crxextractor.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 23 Jan 2024 15:27:03 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

sync_cookie_image_decide
mc.yandex.com/
Redirect Chain

https://mc.yandex.com/sync_cookie_image_check
https://mc.yandex.ru/sync_cookie_image_start?redirect_domain=mc.yandex.com&token=10257.CbhdOs-EcP-Xqm0JC4bfZhqhb0dJAoSQhsiCQGDpPTOiaqb8GUZaT6Fz-BmbqqKI.CyjgsgjkTaFl_4fKyNFFyzNT_ew%2C
https://mc.yandex.com/sync_cookie_image_decide?token=10257.yrqgfxwih8Q8AfBPI6zImoI-bmaDiQ3ef-enacDyH9iMKlXDsl2tVxGTkOpxLCiCeggTXqqIxStHg5NM9LtoDZT4S1MNJrTMfg4aOrxd9WjEcuJm_t2bq9ybmn1sHwPAL6ZmFGhl1C...

43 B
669 B

61ms
61ms

Image
image/gif

2a02:6b8::1:119
YANDEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://mc.yandex.com/sync_cookie_image_decide?token=10257.yrqgfxwih8Q8AfBPI6zImoI-bmaDiQ3ef-enacDyH9iMKlXDsl2tVxGTkOpxLCiCeggTXqqIxStHg5NM9LtoDZT4S1MNJrTMfg4aOrxd9WjEcuJm_t2bq9ybmn1sHwPAL6ZmFGhl1CAoKczOdQeMUk7jFiYN-GWfCcFFVbT4IfJ6tBvI4Pzi5wV96wg58u0C2ykG3yLuNblZ60NDeZwLpxZGISKqSxsJ8c8bihPuhLs%2C.RhM3XKO9tdNJxUJQXAX2M-bdYTE%2C

Requested by

Host: crxextractor.com
URL: http://crxextractor.com/

Protocol

Server

2a02:6b8::1:119 , Russian Federation, ASN13238 (YANDEX, RU),

Reverse DNS

Software

Resource Hash

548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://crxextractor.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Tue, 23 Jan 2024 15:27:04 GMT
strict-transport-security: max-age=31536000
content-length: 43
x-xss-protection: 1; mode=block
content-type: image/gif

Redirect headers

location: https://mc.yandex.com/sync_cookie_image_decide?token=10257.yrqgfxwih8Q8AfBPI6zImoI-bmaDiQ3ef-enacDyH9iMKlXDsl2tVxGTkOpxLCiCeggTXqqIxStHg5NM9LtoDZT4S1MNJrTMfg4aOrxd9WjEcuJm_t2bq9ybmn1sHwPAL6ZmFGhl1CAoKczOdQeMUk7jFiYN-GWfCcFFVbT4IfJ6tBvI4Pzi5wV96wg58u0C2ykG3yLuNblZ60NDeZwLpxZGISKqSxsJ8c8bihPuhLs%2C.RhM3XKO9tdNJxUJQXAX2M-bdYTE%2C
date: Tue, 23 Jan 2024 15:27:04 GMT
strict-transport-security: max-age=31536000
x-xss-protection: 1; mode=block

GET
H/1.1 200
OK button.856debeac157d9669cf51e73a08fbc93.js Show response
platform.twitter.com/js/ 8 KB
3 KB 57ms
57ms Script
application/javascript 2606:2800:234:59:254c:406:2366:268c
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/js/button.856debeac157d9669cf51e73a08fbc93.js
Requested by: Host: platform.twitter.com
URL: http://platform.twitter.com/widgets.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (frb/675D) /
Resource Hash: 426e16d014775c77916610f675f58880874c645817ed26d01873dde3466e6007

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://crxextractor.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

Date: Tue, 23 Jan 2024 15:27:03 GMT
Content-Encoding: gzip
Age: 3708331
x-amz-server-side-encryption: AES256
X-Cache: HIT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server-Timing: x-cache;desc= HIT,x-tw-cdn;desc=VZ
Content-Length: 2620
Last-Modified: Mon, 11 Dec 2023 17:19:47 GMT
Server: ECS (frb/675D)
Etag: "fdf02dd038ed38dbf3c240d56262af0c+gzip"
Vary: Accept-Encoding
Access-Control-Allow-Methods: GET
Content-Type: application/javascript; charset=utf-8
Access-Control-Allow-Origin: *
x-tw-cdn: VZ
Cache-Control: public, max-age=315360000

GET
H2 200 advert.gif
mc.yandex.com/metrika/ 43 B
524 B 177ms
177ms Image
image/gif 2a02:6b8::1:119
YANDEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://mc.yandex.com/metrika/advert.gif

Requested by

Host: crxextractor.com
URL: http://crxextractor.com/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:6b8::1:119 , Russian Federation, ASN13238 (YANDEX, RU),

Reverse DNS

Software

Resource Hash

548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://crxextractor.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Tue, 23 Jan 2024 15:27:04 GMT
strict-transport-security: max-age=31536000
last-modified: Thu, 18 Jan 2024 16:14:38 GMT
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
etag: "65a94e6e-2b"
content-type: image/gif
access-control-allow-origin: *
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 43
expires: Tue, 23 Jan 2024 16:27:04 GMT

GET
H/1.1 200
OK follow_button.2f70fb173b9000da126c79afe2098f02.en.html Show response
platform.twitter.com/widgets/ Frame FE98 37 KB
14 KB 32ms
31ms Document
text/html 2606:2800:234:59:254c:406:2366:268c
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/widgets/follow_button.2f70fb173b9000da126c79afe2098f02.en.html
Requested by: Host: platform.twitter.com
URL: http://platform.twitter.com/widgets.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (frb/675D) /
Resource Hash: c36e9bb2e913500763aa0f62ac2c2990247d78660b55dccff382a3b7e6dd5b8e

Request headers

Referer: http://crxextractor.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Access-Control-Allow-Methods: GET
Access-Control-Allow-Origin: *
Age: 3708321
Cache-Control: public, max-age=315360000
Content-Encoding: gzip
Content-Length: 13712
Content-Type: text/html; charset=utf-8
Date: Tue, 23 Jan 2024 15:27:04 GMT
Etag: "bf4801052efb5f8f12057c849e9b590f+gzip"
Last-Modified: Mon, 11 Dec 2023 17:19:47 GMT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server: ECS (frb/675D)
Server-Timing: x-cache;desc= HIT,x-tw-cdn;desc=VZ
Vary: Accept-Encoding
X-Cache: HIT
x-amz-server-side-encryption: AES256
x-tw-cdn: VZ

GET
H/1.1 200
OK follow_button.2f70fb173b9000da126c79afe2098f02.en.html Show response
platform.twitter.com/widgets/ Frame E9DB 37 KB
14 KB 40ms
9ms Document
text/html 2606:2800:234:59:254c:406:2366:268c
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/widgets/follow_button.2f70fb173b9000da126c79afe2098f02.en.html
Requested by: Host: platform.twitter.com
URL: http://platform.twitter.com/widgets.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (frb/675D) /
Resource Hash: c36e9bb2e913500763aa0f62ac2c2990247d78660b55dccff382a3b7e6dd5b8e

Request headers

Referer: http://crxextractor.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Access-Control-Allow-Methods: GET
Access-Control-Allow-Origin: *
Age: 3708321
Cache-Control: public, max-age=315360000
Content-Encoding: gzip
Content-Length: 13712
Content-Type: text/html; charset=utf-8
Date: Tue, 23 Jan 2024 15:27:04 GMT
Etag: "bf4801052efb5f8f12057c849e9b590f+gzip"
Last-Modified: Mon, 11 Dec 2023 17:19:47 GMT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server: ECS (frb/675D)
Server-Timing: x-cache;desc= HIT,x-tw-cdn;desc=VZ
Vary: Accept-Encoding
X-Cache: HIT
x-amz-server-side-encryption: AES256
x-tw-cdn: VZ

GET
H2 200 embeds
syndication.twitter.com/i/jot/ 43 B
151 B 168ms
167ms Image
image/gif 104.244.42.72
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://syndication.twitter.com/i/jot/embeds?l=%7B%22widget_origin%22%3A%22http%3A%2F%2Fcrxextractor.com%2F%22%2C%22widget_frame%22%3Afalse%2C%22language%22%3A%22en%22%2C%22message%22%3A%22l%3Awithcount%3A%22%2C%22_category_%22%3A%22tfw_client_event%22%2C%22triggered_on%22%3A1706023624057%2C%22dnt%22%3Afalse%2C%22client_version%22%3A%222615f7e52b7e0%3A1702314776716%22%2C%22format_version%22%3A1%2C%22event_namespace%22%3A%7B%22client%22%3A%22tfw%22%2C%22page%22%3A%22button%22%2C%22section%22%3A%22follow%22%2C%22action%22%3A%22impression%22%7D%7D&session_id=dda86d14335582d969d78c20555587c6a92d888d

Requested by

Host: crxextractor.com
URL: http://crxextractor.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.244.42.72 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://crxextractor.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

x-response-time: 159
date: Tue, 23 Jan 2024 15:27:03 GMT
strict-transport-security: max-age=631138519
last-modified: Tue, 23 Jan 2024 15:27:04 GMT
server: tsa_o
vary: Origin
content-type: image/gif
x-transaction-id: 53cf24e0b3416a47
cache-control: must-revalidate, max-age=600
perf: 7469935968
x-connection-hash: c20749e32a63b721becc70bb2fe81c251ab92243680a7eea44193e91e9c2da6a
content-length: 43

GET
DATA 200
OK truncated
/ Frame FE98 471 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 844208d3f740c48ca14df4373b0d232cb9e81f3934b53114833ca717b03a90f5

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ Frame E9DB 471 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 844208d3f740c48ca14df4373b0d232cb9e81f3934b53114833ca717b03a90f5

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H2

200

1 Show response
mc.yandex.com/watch/91974901/
Redirect Chain

https://mc.yandex.com/watch/91974901?wmode=7&page-url=http%3A%2F%2Fcrxextractor.com%2F&charset=utf-8&uah=che%0A0&browser-info=pv%3A1%3Avf%3A6mv6as6uk632mqt4m2ukn7iz%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-...
https://mc.yandex.com/watch/91974901/1?wmode=7&page-url=http%3A%2F%2Fcrxextractor.com%2F&charset=utf-8&uah=che%0A0&browser-info=pv%3A1%3Avf%3A6mv6as6uk632mqt4m2ukn7iz%3Afu%3A0%3Aen%3Autf-8%3Ala%3Ae...

447 B
566 B

58ms
58ms

Fetch
application/json

2a02:6b8::1:119
YANDEX

General

Check archive.org

Show headers Download Go to

Full URL

https://mc.yandex.com/watch/91974901/1?wmode=7&page-url=http%3A%2F%2Fcrxextractor.com%2F&charset=utf-8&uah=che%0A0&browser-info=pv%3A1%3Avf%3A6mv6as6uk632mqt4m2ukn7iz%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A1211%3Acn%3A1%3Adp%3A0%3Als%3A225900266632%3Ahid%3A249412628%3Az%3A60%3Ai%3A20240123162703%3Aet%3A1706023624%3Ac%3A1%3Arn%3A449802148%3Arqn%3A1%3Au%3A1706023624852652172%3Aw%3A1600x1200%3As%3A1600x1200x24%3Ask%3A1%3Awv%3A2%3Ads%3A57%2C17%2C19%2C1%2C%2C0%2C%2C172%2C5%2C%2C%2C%2C268%3Aco%3A0%3Acpf%3A1%3Antf%3A1%3Ans%3A1706023623184%3Agi%3AR0ExLjEuMTc5OTQ0NTI5OC4xNzA2MDIzNjI0%3Afp%3A185%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1706023624%3At%3AGet%20.CRX%20Chrome%20Extension%20file%2C%20it%27s%20source%20code%20and%20download%20.CRX%20to%20your%20computer.&t=gdpr%2814%29clc%280-0-0%29rqnt%281%29aw%281%29rcm%281%29ti%281%29

Requested by

Host: crxextractor.com
URL: http://crxextractor.com/

Protocol

Server

2a02:6b8::1:119 , Russian Federation, ASN13238 (YANDEX, RU),

Reverse DNS

Software

Resource Hash

ef373c82073207c914eb95f761d32e59f21747fa5b6d60b9ef7caa2f472e4336

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://crxextractor.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 23 Jan 2024 15:27:04 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
last-modified: Tue, 23-Jan-2024 15:27:04 GMT
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
content-type: application/json; charset=utf-8
access-control-allow-origin: http://crxextractor.com
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
access-control-allow-credentials: true
content-length: 447
x-xss-protection: 1; mode=block
expires: Tue, 23-Jan-2024 15:27:04 GMT

Redirect headers

pragma: no-cache
date: Tue, 23 Jan 2024 15:27:04 GMT
strict-transport-security: max-age=31536000
last-modified: Tue, 23-Jan-2024 15:27:04 GMT
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
location: /watch/91974901/1?wmode=7&page-url=http%3A%2F%2Fcrxextractor.com%2F&charset=utf-8&uah=che%0A0&browser-info=pv%3A1%3Avf%3A6mv6as6uk632mqt4m2ukn7iz%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A1211%3Acn%3A1%3Adp%3A0%3Als%3A225900266632%3Ahid%3A249412628%3Az%3A60%3Ai%3A20240123162703%3Aet%3A1706023624%3Ac%3A1%3Arn%3A449802148%3Arqn%3A1%3Au%3A1706023624852652172%3Aw%3A1600x1200%3As%3A1600x1200x24%3Ask%3A1%3Awv%3A2%3Ads%3A57%2C17%2C19%2C1%2C%2C0%2C%2C172%2C5%2C%2C%2C%2C268%3Aco%3A0%3Acpf%3A1%3Antf%3A1%3Ans%3A1706023623184%3Agi%3AR0ExLjEuMTc5OTQ0NTI5OC4xNzA2MDIzNjI0%3Afp%3A185%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1706023624%3At%3AGet%20.CRX%20Chrome%20Extension%20file%2C%20it%27s%20source%20code%20and%20download%20.CRX%20to%20your%20computer.&t=gdpr%2814%29clc%280-0-0%29rqnt%281%29aw%281%29rcm%281%29ti%281%29
access-control-allow-origin: http://crxextractor.com
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
access-control-allow-credentials: true
x-xss-protection: 1; mode=block
expires: Tue, 23-Jan-2024 15:27:04 GMT

GET
H2 200 4b0ef9dfa83525e0607f42119c034d23.js Show response
www.gstatic.com/mysidia/ Frame EE28 9 KB
4 KB 35ms
7ms Script
text/javascript 2a00:1450:4001:802::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/4b0ef9dfa83525e0607f42119c034d23.js?tag=client_fast_engine_2019

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9423687387443767&output=html&h=1585&slotname=1852501122&adk=1571748778&adf=1997393257&pi=t.ma~as.1852501122&w=461&cr_col=1&cr_row=13&fwrn=2&lmt=1701726352&rafmt=9&format=461x1585&url=http%3A%2F%2Fcrxextractor.com%2F&crui=image_sidebyside&fwr=0&wgl=1&dt=1706023623501&bpp=1&bdt=219&idt=358&shv=r20240118&mjsv=m202401180101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280%2C1200x280%2C920x280&nras=1&correlator=448175540734&frm=20&pv=1&ga_vid=1799445298.1706023624&ga_sid=1706023624&ga_hid=1231294326&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=819&ady=2705&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=95320239%2C44759875%2C44759926%2C31080590%2C95321627%2C95322164&oid=2&pvsid=449049430172357&tmod=415826105&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CEebr%7C&abl=CS&pfx=0&fu=128&bc=23&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=5&uci=a!5&btvi=2&fsb=1&dtd=362

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

97c530c44249746307c2b01b37eed0f53757d139bc4243798f468c71da9844da

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Wed, 17 Jan 2024 17:14:49 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 511935
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4079
x-xss-protection: 0
last-modified: Thu, 11 Jan 2024 22:51:41 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Tue, 16 Apr 2024 17:14:49 GMT

GET
H2 200 load_preloaded_resource_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240118/r20110914/client/ Frame EE28 2 KB
875 B 38ms
9ms Script
text/javascript 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240118/r20110914/client/load_preloaded_resource_fy2021.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

41d2526e9c4595fc1fc747555bda18a041033a863a9b2ed180e7b5836918facd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 22 Jan 2024 18:29:17 GMT
content-encoding: br
x-content-type-options: nosniff
age: 75467
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 795
x-xss-protection: 0
server: cafe
etag: 4925184154378345226
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 05 Feb 2024 18:29:17 GMT

GET
H2 200 e9e356ec41155b008235c83648cb19be.js Show response
www.gstatic.com/mysidia/ Frame EE28 23 KB
10 KB 36ms
8ms Script
text/javascript 2a00:1450:4001:802::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/e9e356ec41155b008235c83648cb19be.js?tag=exit_2019

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d233ae3f0c2b48dc6f71e32ad7e23ba5e1d64b59af7e8d5592375d14887f3e97

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Wed, 17 Jan 2024 18:10:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 508590
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9775
x-xss-protection: 0
last-modified: Sat, 13 Jan 2024 00:04:01 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Tue, 16 Apr 2024 18:10:34 GMT

GET
H2 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240118/r20110914/ Frame EE28 23 KB
9 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240118/r20110914/abg_lite_fy2021.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

428f4d59e61cdf9887ad4cd7c4592a24b214d2d9c0ba09db01c4cfde66a3cd11

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Tue, 23 Jan 2024 09:41:54 GMT
content-encoding: br
x-content-type-options: nosniff
age: 20710
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9276
x-xss-protection: 0
server: cafe
etag: 3558958386372919956
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 06 Feb 2024 09:41:54 GMT

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240118/r20110914/client/ Frame EE28 3 KB
1 KB 9ms
8ms Script
text/javascript 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240118/r20110914/client/window_focus_fy2021.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Tue, 23 Jan 2024 08:19:43 GMT
content-encoding: br
x-content-type-options: nosniff
age: 25641
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 06 Feb 2024 08:19:43 GMT

GET
H2 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240118/r20110914/client/ Frame EE28 20 KB
9 KB 36ms
8ms Script
text/javascript 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240118/r20110914/client/qs_click_protection_fy2021.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d58acf16b5e4521c9eb24fe9fd97308e5f8be1297e4b63a547e5b610611799ae

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 22 Jan 2024 18:29:17 GMT
content-encoding: br
x-content-type-options: nosniff
age: 75467
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8492
x-xss-protection: 0
server: cafe
etag: 9878124937798820110
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 05 Feb 2024 18:29:17 GMT

GET
H2 204 l
www.google.com/ads/measurement/ Frame EE28 0
0 23ms
20ms Image
text/html 2a00:1450:4001:828::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaRXyj-4RRKNHTLUTlyGvQ_enxfw52wmrPvjJmQZI5vmMF-_LJ89ktFMyuqPAF7Lt2CyhjS-pEPdEYK1qClVItjmQYeCDw
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9423687387443767&output=html&h=1585&slotname=1852501122&adk=1571748778&adf=1997393257&pi=t.ma~as.1852501122&w=461&cr_col=1&cr_row=13&fwrn=2&lmt=1701726352&rafmt=9&format=461x1585&url=http%3A%2F%2Fcrxextractor.com%2F&crui=image_sidebyside&fwr=0&wgl=1&dt=1706023623501&bpp=1&bdt=219&idt=358&shv=r20240118&mjsv=m202401180101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280%2C1200x280%2C920x280&nras=1&correlator=448175540734&frm=20&pv=1&ga_vid=1799445298.1706023624&ga_sid=1706023624&ga_hid=1231294326&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=819&ady=2705&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=95320239%2C44759875%2C44759926%2C31080590%2C95321627%2C95322164&oid=2&pvsid=449049430172357&tmod=415826105&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CEebr%7C&abl=CS&pfx=0&fu=128&bc=23&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=5&uci=a!5&btvi=2&fsb=1&dtd=362
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:828::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

GET
H2 200 ufs_web_display.js Show response
www.googletagservices.com/activeview/js/current/ Frame EE28 206 KB
66 KB 71ms
45ms Script
text/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

69c32d8650b1e5f0bcb76d787972b68a1ba327ea5bd8da7ab8ca1a04336735c0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Tue, 23 Jan 2024 15:27:04 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 66453
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1705495733332172"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 23 Jan 2024 15:27:04 GMT

GET
H2 200 img
imageproxy.eu.criteo.net/img/ Frame EE28 17 KB
17 KB 75ms
25ms Image
image/webp 2a02:2638:3::10
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://imageproxy.eu.criteo.net/img/img?c=3&cq=256&h=800&m=0&partner=100829&q=80&r=0&u=https%3A%2F%2Fwww.geekom.de%2Fwp-content%2Fuploads%2F2023%2F04%2F10-IN-1-USB-HUB-GEEKOM.webp&ups=1&v=3&w=800&rid=4&s=GXLQ3aRN3ff2-NCa1NtYmrdT

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::10 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

fe676e106bd5b1c98bccee2d3807d1179e9c9ef54d21b5f8950a3f68652fcf58

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Tue, 23 Jan 2024 15:27:04 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Kestrel
content-type: image/webp
cache-control: public, max-age=3600
timing-allow-origin: *
content-length: 17338
expires: Tue, 23 Jan 2024 16:18:17 GMT

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 890D 1 KB
643 B 7ms
7ms Document
text/html 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 80180
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=86400
content-encoding: br
content-length: 618
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 22 Jan 2024 17:10:44 GMT
etag: 48472445140208031
expires: Tue, 23 Jan 2024 17:10:44 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 17786625656353807649
tpc.googlesyndication.com/simgad/ Frame 3AAB 11 KB
11 KB 11ms
11ms Image
image/png 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/17786625656353807649?sqp=4sqPyQQrQikqJwhfEAEdAAC0QiABKAEwCTgDQPCTCUgAUAFYAWBfcAJ4AcUBLbKdPg&rs=AOga4qnXAqX-FnLW17OP3ZZfPHcdMahFkQ

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9423687387443767&output=html&h=280&slotname=2749869570&adk=3042395938&adf=2469204067&pi=t.ma~as.2749869570&w=920&fwrn=4&fwrnh=100&lmt=1701726352&rafmt=1&format=920x280&url=http%3A%2F%2Fcrxextractor.com%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&dt=1706023623500&bpp=1&bdt=219&idt=349&shv=r20240118&mjsv=m202401180101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280%2C1200x280&nras=1&correlator=448175540734&frm=20&pv=1&ga_vid=1799445298.1706023624&ga_sid=1706023624&ga_hid=1231294326&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=340&ady=1626&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=95320239%2C44759875%2C44759926%2C31080590%2C95321627%2C95322164&oid=2&pvsid=449049430172357&tmod=415826105&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=23&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=4&uci=a!4&btvi=1&fsb=1&dtd=356

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3612953139910cd055584b660ba5a60748050d2132caef078d0ce4d5a2b7e033

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Wed, 17 Jan 2024 02:47:21 GMT
x-content-type-options: nosniff
age: 563983
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 10888
x-xss-protection: 0
last-modified: Mon, 30 Oct 2023 15:30:46 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Thu, 16 Jan 2025 02:47:21 GMT

GET
H3 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240118/r20110914/ Frame 3AAB 23 KB
9 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240118/r20110914/abg_lite_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

428f4d59e61cdf9887ad4cd7c4592a24b214d2d9c0ba09db01c4cfde66a3cd11

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Tue, 23 Jan 2024 09:41:54 GMT
content-encoding: br
x-content-type-options: nosniff
age: 20710
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9276
x-xss-protection: 0
server: cafe
etag: 3558958386372919956
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 06 Feb 2024 09:41:54 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240118/r20110914/client/ Frame 3AAB 3 KB
1 KB 9ms
8ms Script
text/javascript 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240118/r20110914/client/window_focus_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Tue, 23 Jan 2024 08:19:43 GMT
content-encoding: br
x-content-type-options: nosniff
age: 25641
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 06 Feb 2024 08:19:43 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240118/r20110914/client/ Frame 3AAB 20 KB
8 KB 9ms
8ms Script
text/javascript 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240118/r20110914/client/qs_click_protection_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d58acf16b5e4521c9eb24fe9fd97308e5f8be1297e4b63a547e5b610611799ae

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 22 Jan 2024 18:29:17 GMT
content-encoding: br
x-content-type-options: nosniff
age: 75467
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8492
x-xss-protection: 0
server: cafe
etag: 9878124937798820110
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 05 Feb 2024 18:29:17 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame 3AAB 0
0 18ms
17ms Image
text/html 2a00:1450:4001:828::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaSVnsrFNNYKomLa66e09QOV7wC-QXM5dNiP_GXy4gxdJxBlrfQMrVoRGAANtmC9Cv9w2T3CFiUuY0NbM3iV3kvPsg-JMA
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9423687387443767&output=html&h=280&slotname=2749869570&adk=3042395938&adf=2469204067&pi=t.ma~as.2749869570&w=920&fwrn=4&fwrnh=100&lmt=1701726352&rafmt=1&format=920x280&url=http%3A%2F%2Fcrxextractor.com%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&dt=1706023623500&bpp=1&bdt=219&idt=349&shv=r20240118&mjsv=m202401180101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280%2C1200x280&nras=1&correlator=448175540734&frm=20&pv=1&ga_vid=1799445298.1706023624&ga_sid=1706023624&ga_hid=1231294326&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=340&ady=1626&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=95320239%2C44759875%2C44759926%2C31080590%2C95321627%2C95322164&oid=2&pvsid=449049430172357&tmod=415826105&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=23&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=4&uci=a!4&btvi=1&fsb=1&dtd=356
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:828::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

GET
H2 200 ufs_web_display.js Show response
www.googletagservices.com/activeview/js/current/ Frame 3AAB 206 KB
65 KB 49ms
48ms Script
text/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

69c32d8650b1e5f0bcb76d787972b68a1ba327ea5bd8da7ab8ca1a04336735c0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Tue, 23 Jan 2024 15:27:04 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 66453
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1705495733332172"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 23 Jan 2024 15:27:04 GMT

GET
H3 200 one_click_handler_one_afma_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240118/r20110914/client/ Frame 3AAB 36 KB
14 KB 10ms
9ms Script
text/javascript 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240118/r20110914/client/one_click_handler_one_afma_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7e84408aa66b9c10dd6e2d630f717b4b4f03345cd77fc5360f4ccba99ce1fa74

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 22 Jan 2024 18:44:43 GMT
content-encoding: br
x-content-type-options: nosniff
age: 74541
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14790
x-xss-protection: 0
server: cafe
etag: 14910708302111541132
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 05 Feb 2024 18:44:43 GMT

GET
DATA 200
OK truncated
/ Frame EE28 210 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 49a0392e7d399f5b6ff604017e16cd38a0ec3510488af714ca9db70d5daa7082

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

Content-Type: image/png

GET
H2

200

pixel
cm.g.doubleclick.net/ Frame 890D
Redirect Chain

https://pm.w55c.net/ping_match.gif?ei=GOOGLE&rurl=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3D9675309%26google_hm%3D_wfivefivec64esc_&google_gid=CAESELVEc6iIDH1WKc1N4RTv5-s&google_cve...
https://pm.w55c.net/ping_match.gif?scc=1&ei=GOOGLE&rurl=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3D9675309%26google_hm%3D_wfivefivec64esc_&google_gid=CAESELVEc6iIDH1WKc1N4RTv5-s&goog...
https://cm.g.doubleclick.net/pixel?google_nid=9675309&google_hm=WWw3T3ZtMmMxUnNpRzQ1&google_gid=CAESELVEc6iIDH1WKc1N4RTv5-s&google_cver=1&google_push=AXcoOmT2EpGlq2yaf6-kr4va2dJdELbhwn9E0jU3L3L4xyW...

170 B
232 B

20ms
20ms

Image
image/png

142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=9675309&google_hm=WWw3T3ZtMmMxUnNpRzQ1&google_gid=CAESELVEc6iIDH1WKc1N4RTv5-s&google_cver=1&google_push=AXcoOmT2EpGlq2yaf6-kr4va2dJdELbhwn9E0jU3L3L4xyWLI6bp5m6GTHcvS092EN1lZp08PaoueyPxBxq50_sVzJ7XkVlqLSpGV3G8i5DO9-MBPee7kbwzO00sTNkjnBMrri1HL_vP_wgKalGhnp92UntaXwA

Requested by

Host: crxextractor.com
URL: http://crxextractor.com/

Protocol

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 23 Jan 2024 15:27:04 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Tue, 23 Jan 2024 15:27:04 GMT
Strict-Transport-Security: max-age=2592000; includeSubDomains
Server: PingMatch/v2.0.30-799-g9c6cd74#rel-ec2-master i-0414fa71e87322d9a@eu-central-1b@dxedge-app-eu-central-1-prod-asg
Location: https://cm.g.doubleclick.net/pixel?google_nid=9675309&google_hm=WWw3T3ZtMmMxUnNpRzQ1&google_gid=CAESELVEc6iIDH1WKc1N4RTv5-s&google_cver=1&google_push=AXcoOmT2EpGlq2yaf6-kr4va2dJdELbhwn9E0jU3L3L4xyWLI6bp5m6GTHcvS092EN1lZp08PaoueyPxBxq50_sVzJ7XkVlqLSpGV3G8i5DO9-MBPee7kbwzO00sTNkjnBMrri1HL_vP_wgKalGhnp92UntaXwA
Cache-Control: no-cache, must-revalidate
Connection: keep-alive
Content-Length: 0
Expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

pixel
cm.g.doubleclick.net/ Frame 890D
Redirect Chain

https://um.simpli.fi/gp_match?google_gid=CAESEE_YuVBBXJTEslmvkduymnI&google_cver=1&google_push=AXcoOmSOXmgVt5dcT14oVs01GWmBgn1xyOV6GrMxTw0D9MpuC7padwXGJ4ouuMY8Z-5AOCt5LTmKV4Z1R0dQ3drNK0kwJJgFSp2i_I...
https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=B85AF991773F42EAAB79065F7B61B498&google_push=AXcoOmSOXmgVt5dcT14oVs01GWmBgn1xyOV6GrMxTw0D9MpuC7padwXGJ4ouuMY8Z-5AOCt5LTmKV4Z1R0dQ3dr...

170 B
232 B

17ms
16ms

Image
image/png

142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=B85AF991773F42EAAB79065F7B61B498&google_push=AXcoOmSOXmgVt5dcT14oVs01GWmBgn1xyOV6GrMxTw0D9MpuC7padwXGJ4ouuMY8Z-5AOCt5LTmKV4Z1R0dQ3drNK0kwJJgFSp2i_Iodozjpn4mA2VK9mjHnrmGjdCsuLaxUtOlnTQnCsgqIySOK5V6-ulp0zck

Requested by

Host: crxextractor.com
URL: http://crxextractor.com/

Protocol

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 23 Jan 2024 15:27:04 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Tue, 23 Jan 2024 15:27:04 GMT
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-content-type-options: nosniff
server: openresty
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/html
location: https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=B85AF991773F42EAAB79065F7B61B498&google_push=AXcoOmSOXmgVt5dcT14oVs01GWmBgn1xyOV6GrMxTw0D9MpuC7padwXGJ4ouuMY8Z-5AOCt5LTmKV4Z1R0dQ3drNK0kwJJgFSp2i_Iodozjpn4mA2VK9mjHnrmGjdCsuLaxUtOlnTQnCsgqIySOK5V6-ulp0zck
access-control-allow-origin: *
cache-control: no-cache
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length: 142
expires: Mon, 22 Jan 2024 15:27:04 GMT

GET
H2

200

pixel
cm.g.doubleclick.net/ Frame 890D
Redirect Chain

https://d.agkn.com/pixel/2175/?google_gid=CAESEMpenghlik2ANB_njLjsCB0&google_cver=1&google_push=AXcoOmSwZ0B7JKs1kUfWsTFXAB9PWZ2boDEajhLqC912LMl0uqMD0REt8wUKGjnGcOwBBcoONeqw1LPuAkVdz8GOV4uoQ0IUsJvAE...
https://cm.g.doubleclick.net/pixel?google_nid=ak_dmp&google_push=AXcoOmSwZ0B7JKs1kUfWsTFXAB9PWZ2boDEajhLqC912LMl0uqMD0REt8wUKGjnGcOwBBcoONeqw1LPuAkVdz8GOV4uoQ0IUsJvAEd5FyQIeYQZsjcud5CPgBYYzqYgjYDxg...

170 B
232 B

18ms
18ms

Image
image/png

142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=ak_dmp&google_push=AXcoOmSwZ0B7JKs1kUfWsTFXAB9PWZ2boDEajhLqC912LMl0uqMD0REt8wUKGjnGcOwBBcoONeqw1LPuAkVdz8GOV4uoQ0IUsJvAEd5FyQIeYQZsjcud5CPgBYYzqYgjYDxg9YhQHlbNyCicQPeUyS9VWd2XP7o&google_hm=Q0FFU0VNcGVuZ2hsaWsyQU5CX25qTGpzQ0Iw

Requested by

Host: crxextractor.com
URL: http://crxextractor.com/

Protocol

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 23 Jan 2024 15:27:04 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Tue, 23 Jan 2024 15:27:03 GMT
P3P: CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Location: https://cm.g.doubleclick.net/pixel?google_nid=ak_dmp&google_push=AXcoOmSwZ0B7JKs1kUfWsTFXAB9PWZ2boDEajhLqC912LMl0uqMD0REt8wUKGjnGcOwBBcoONeqw1LPuAkVdz8GOV4uoQ0IUsJvAEd5FyQIeYQZsjcud5CPgBYYzqYgjYDxg9YhQHlbNyCicQPeUyS9VWd2XP7o&google_hm=Q0FFU0VNcGVuZ2hsaWsyQU5CX25qTGpzQ0Iw
Cache-Control: no-cache, must-revalidate
Connection: keep-alive
Content-Length: 0
Expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H/1.1 200
OK sync
x.bidswitch.net/ Frame 890D 43 B
235 B 236ms
18ms Image
image/gif 35.214.149.91
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://x.bidswitch.net/sync?ssp=google&google_gid=CAESEDucMZNrE3wY9RTvbXhRKWE&google_cver=1&google_push=AXcoOmT8kZk-wpW-1zUWPab6T7YmxY_eqqvMq611RNuIsQYVtqthMO9NGW_u_YmtbshEMzMULtnzmZ5H7C40eAKEy-sN8U28iSEToD-R8li8ywS44LFosgdqeyEQT-9ysGaYCCNzSE63GQ5XhJSaU85bTaQK6VQ
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9423687387443767&output=html&h=1585&slotname=1852501122&adk=1571748778&adf=1997393257&pi=t.ma~as.1852501122&w=461&cr_col=1&cr_row=13&fwrn=2&lmt=1701726352&rafmt=9&format=461x1585&url=http%3A%2F%2Fcrxextractor.com%2F&crui=image_sidebyside&fwr=0&wgl=1&dt=1706023623501&bpp=1&bdt=219&idt=358&shv=r20240118&mjsv=m202401180101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280%2C1200x280%2C920x280&nras=1&correlator=448175540734&frm=20&pv=1&ga_vid=1799445298.1706023624&ga_sid=1706023624&ga_hid=1231294326&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=819&ady=2705&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=95320239%2C44759875%2C44759926%2C31080590%2C95321627%2C95322164&oid=2&pvsid=449049430172357&tmod=415826105&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CEebr%7C&abl=CS&pfx=0&fu=128&bc=23&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=5&uci=a!5&btvi=2&fsb=1&dtd=362
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.214.149.91 Groningen, Netherlands, ASN15169 (GOOGLE, US),
Reverse DNS: 91.149.214.35.bc.googleusercontent.com
Software: nginx /
Resource Hash: 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

Date: Tue, 23 Jan 2024 15:27:04 GMT
Cache-Control: no-cache, no-store, must-revalidate
Server: nginx
Connection: keep-alive
Content-Length: 43
Content-Type: image/gif

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 890D
Redirect Chain

https://pr-bh.ybp.yahoo.com/sync/adx?google_gid=CAESEDQDqTorEPy1RdddtsoaimU&google_cver=1&google_push=AXcoOmTZ8n7fBZYPrXYbVI9gx1-uD-Be7_TyFBOQTHwKmusn6Bc8GSFS1QibTp8nwEkIjoixio-LA_qKi0bzbVuODtG0i_u...
https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=AXcoOmTZ8n7fBZYPrXYbVI9gx1-uD-Be7_TyFBOQTHwKmusn6Bc8GSFS1QibTp8nwEkIjoixio-LA_qKi0bzbVuODtG0i_uPUHPNnEAApY688BFYd1BKSKRUfQdh7sfqTS6UU...

170 B
188 B

19ms
19ms

Image
image/png

142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=AXcoOmTZ8n7fBZYPrXYbVI9gx1-uD-Be7_TyFBOQTHwKmusn6Bc8GSFS1QibTp8nwEkIjoixio-LA_qKi0bzbVuODtG0i_uPUHPNnEAApY688BFYd1BKSKRUfQdh7sfqTS6UUhJXxvb_ruPIlWqRrl7D-nZPiaQ&google_hm=eS13ekF3X3FwRTJwRWpEb1pVZVc1Z1VVRjVFWjd2S181Nn5B

Requested by

Host: crxextractor.com
URL: http://crxextractor.com/

Protocol

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 23 Jan 2024 15:27:04 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Tue, 23 Jan 2024 15:27:04 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
server: ATS
content-security-policy: sandbox; default-src 'self'; script-src 'none'; object-src 'none'; report-uri http://csp.yahoo.com/beacon/csp?src=generic
age: 0
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-frame-options: DENY
location: https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=AXcoOmTZ8n7fBZYPrXYbVI9gx1-uD-Be7_TyFBOQTHwKmusn6Bc8GSFS1QibTp8nwEkIjoixio-LA_qKi0bzbVuODtG0i_uPUHPNnEAApY688BFYd1BKSKRUfQdh7sfqTS6UUhJXxvb_ruPIlWqRrl7D-nZPiaQ&google_hm=eS13ekF3X3FwRTJwRWpEb1pVZVc1Z1VVRjVFWjd2S181Nn5B
content-length: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 890D
Redirect Chain

https://c1.adform.net/serving/cookie/match/?party=1&google_gid=CAESEE1_BDWkinLOcDyNdjRhp5I&google_cver=1&google_push=AXcoOmTiqOyEWrcvI7rlYzJZIS6iIy-wsHopdilb9IGX9ir9UtThzRVcxl2go1peDLfneIPv4U4S7XmP...
https://c1.adform.net/serving/cookie/match/?CC=1&party=1&google_gid=CAESEE1_BDWkinLOcDyNdjRhp5I&google_cver=1&google_push=AXcoOmTiqOyEWrcvI7rlYzJZIS6iIy-wsHopdilb9IGX9ir9UtThzRVcxl2go1peDLfneIPv4U4...
https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=NjU3NDE2ODMyNzYyNjUxMTg1Ng&google_push=AXcoOmTiqOyEWrcvI7rlYzJZIS6iIy-wsHopdilb9IGX9ir9UtThzRVcxl2go1peDLfneIPv4U4S7X...

170 B
188 B

18ms
18ms

Image
image/png

142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=NjU3NDE2ODMyNzYyNjUxMTg1Ng&google_push=AXcoOmTiqOyEWrcvI7rlYzJZIS6iIy-wsHopdilb9IGX9ir9UtThzRVcxl2go1peDLfneIPv4U4S7XmP2TFtLSONUEr967oc2YF2CESyC-pVTtG27ivwJlzsUebarrdJHohKO7sli3OHoBY5CgiazAzER8b-sA

Requested by

Host: crxextractor.com
URL: http://crxextractor.com/

Protocol

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 23 Jan 2024 15:27:04 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Tue, 23 Jan 2024 15:27:04 GMT
strict-transport-security: max-age=31536000; includeSubDomains
server: nginx
accept-ch: Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version
access-control-max-age: 86400
access-control-allow-methods: GET
location: https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=NjU3NDE2ODMyNzYyNjUxMTg1Ng&google_push=AXcoOmTiqOyEWrcvI7rlYzJZIS6iIy-wsHopdilb9IGX9ir9UtThzRVcxl2go1peDLfneIPv4U4S7XmP2TFtLSONUEr967oc2YF2CESyC-pVTtG27ivwJlzsUebarrdJHohKO7sli3OHoBY5CgiazAzER8b-sA
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
content-length: 0
expires: -1

GET
H2

200

pixel
cm.g.doubleclick.net/ Frame 890D
Redirect Chain

https://ius.ctnsnet.com/int/cm?exc=1&acc=crimtan_holdings_limited&google_gid=CAESENsBdAA5OowJM9QS2ShVllA&google_cver=1&google_push=AXcoOmT01FylPpipJ3bX7szHnpALIc_G-7iJ3P43qU_Ha-tOnBNLeIb8VJwZ-WYyOC...
https://cm.g.doubleclick.net/pixel?google_nid=crimtan_holdings_limited&google_push=AXcoOmT01FylPpipJ3bX7szHnpALIc_G-7iJ3P43qU_Ha-tOnBNLeIb8VJwZ-WYyOCqjm4eKyY0RBdMYL9hJUYQ8e4NTPWu3VKSdqbKq3yDAuciv_G...

170 B
329 B

18ms
16ms

Image
image/png

142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=crimtan_holdings_limited&google_push=AXcoOmT01FylPpipJ3bX7szHnpALIc_G-7iJ3P43qU_Ha-tOnBNLeIb8VJwZ-WYyOCqjm4eKyY0RBdMYL9hJUYQ8e4NTPWu3VKSdqbKq3yDAuciv_Gd3LSua38Ht5xvFbWaCe2rUJ_ItQXDYWEZq7WR3AReXKdU&google_hm=gUESWOMsTpy4A1n1b6oTcIM

Requested by

Host: crxextractor.com
URL: http://crxextractor.com/

Protocol

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 23 Jan 2024 15:27:04 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Tue, 23 Jan 2024 15:27:03 GMT
via: 1.1 google
server: Apache-Coyote/1.1
p3p: CP="NOI DSP COR NID CUR OUR NOR"
status: 302
location: https://cm.g.doubleclick.net/pixel?google_nid=crimtan_holdings_limited&google_push=AXcoOmT01FylPpipJ3bX7szHnpALIc_G-7iJ3P43qU_Ha-tOnBNLeIb8VJwZ-WYyOCqjm4eKyY0RBdMYL9hJUYQ8e4NTPWu3VKSdqbKq3yDAuciv_Gd3LSua38Ht5xvFbWaCe2rUJ_ItQXDYWEZq7WR3AReXKdU&google_hm=gUESWOMsTpy4A1n1b6oTcIM
content-type: text/html;charset=UTF-8
cache-control: no-cache, must-revalidate
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 1; mode=block
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 204 attr
cm.g.doubleclick.net/pixel/ Frame 890D 0
130 B 53ms
16ms Image
text/html 142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13KVUiulEItYgzl5Jku6-mzFNAFvx75t5xU3JTxheKLKUbcIWAGZ5qUR90PJ3lmVYr4FmmBOSg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Tue, 23 Jan 2024 15:27:04 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H2 200 lgn.php
cat.fr3.eu.criteo.com/delivery/ Frame EE28 43 B
348 B 67ms
18ms Image
image/gif 178.250.7.9
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cat.fr3.eu.criteo.com/delivery/lgn.php?cppv=3&cpp=XX5IWkpozpOpW4vhS8WBbvUFiDY71tsGSiEcncwgTShPqXrsn1xnbsM6bPvdhZurFdTog_q0JVU93ZP3Ou-z47qhiqsINJpSWHg6oIMeoAMv22E3VR3mvFQA3LeWEAtjv7zdwAlJ5hgl7nylcj5XJ7_S--zdw2-LLCorzaaxXSHS1At4idMiEHuMErD-9fKLsvOCjXLT_1Fk-QuaawrBJfcPwJ-MzrZI6occZCvZUBaN0nITtQKVHX9h2HlBuuM28qFZzJ4NBe0eWqwKRTtX_MbQaN9gm1MU4r3Tj-iRSAQ9ffZ6jYsCBA7RgOHQMLxXD878JsEG2fpM6vJKP47pZ3rdCvCVizhRT3_V_mcbzNjQUmZvtxrO86sr7JyytAGXutU4UsYLQ4PMjjkeFUQqt52m-HJc3YqgpCXKtwnX-ij4bUcTkTq6Wm2Re0PDiA4c4avFAw&z=Za_axwAOnooGdhOOAA7Ep5IXbl2j1UOKDti92A&cbvp=2

Requested by

Host: crxextractor.com
URL: http://crxextractor.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.7.9 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 23 Jan 2024 15:27:04 GMT
strict-transport-security: max-age=31536000; preload;
server: Kestrel
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
content-type: image/gif
cache-control: no-cache
cross-origin-resource-policy: cross-origin
server-processing-duration-in-ticks: 1712579
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H2 200 notify
rtb.fr3.eu.criteo.com/google/auction/ Frame EE28 0
126 B 81ms
16ms Image
text/plain 2a02:2638:d::c
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://rtb.fr3.eu.criteo.com/google/auction/notify?profile=14&payload=kKzOGYrGMAAAnYNiAgIAAABd4hs1vG1YQxDH2q9lN4eSzzztP_A6MwAAEgMBCgpBUVVCRHdFQkR3&wp=Za_axwAOnooGdhOOAA7Ep5IXbl2j1UOKDti92A&cbvp=2

Requested by

Host: crxextractor.com
URL: http://crxextractor.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:d::c , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Tue, 23 Jan 2024 15:27:04 GMT
strict-transport-security: max-age=31536000; preload;
server-processing-duration-in-ticks: 138649
server: Kestrel
content-length: 0

GET
H3 200 adview
googleads.g.doubleclick.net/pagead/ Frame EE28 0
19 B 45ms
45ms Image
text/html 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=Cx0Lkx9qvZYq9Oo6n2OMPp4m7-ALJntKxXNWdkfdwwI23ARABIABglYKggrAHggEXY2EtcHViLTk0MjM2ODczODc0NDM3NjfIAQmpAguzzkDzPLI-qAMBqgTMAU_Q8RLwVDgZ6oUoByD9AqM9o1PYGFVj_1l40H_3LlxpQs59_xqCUhC3o6ZRWIVtur-WlUXMvcRxT3AQAJVceED1abNQMusEbM-JsgvWzLFV3yK9pTqVG-Ctvo11WcPiVPX_svzv58s8EM164rfF4gvKh3GyGo_J0cSby8vubXYtPrOlL6VgtVlGqn0wsUkmhZ1GtSnuZoFQMtvm3JQtt3cW4-O3j1UOmlrtFrnwVuOd9A0nP2BRpy_j6O6iroTaXl4xrP8ULK-r0Ml2lYAG47-UnvSN8qXOAaAGIagHpr4bqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCB0IgOGAEBABMgKqAjoCgEBIvf3BOli6vdGg6fODA4AKAfoLAggBgAwB0BUBgBcBshcaChgSFHB1Yi05NDIzNjg3Mzg3NDQzNzY3GAA&sigh=wIYGUIOML3g&uach_m=%5BUACH%5D&cid=CAQSOwAvHhf_Q_eZ4eJ92hgCrZmIdCGGuXC054_3rgQPJyGwA0IIpaJclnuP94PJkXYyifdriKPcfF89_JqMGAE&vt=10&cbvp=2&vis=1

Requested by

Host: crxextractor.com
URL: http://crxextractor.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9423687387443767&output=html&h=1585&slotname=1852501122&adk=1571748778&adf=1997393257&pi=t.ma~as.1852501122&w=461&cr_col=1&cr_row=13&fwrn=2&lmt=1701726352&rafmt=9&format=461x1585&url=http%3A%2F%2Fcrxextractor.com%2F&crui=image_sidebyside&fwr=0&wgl=1&dt=1706023623501&bpp=1&bdt=219&idt=358&shv=r20240118&mjsv=m202401180101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280%2C1200x280%2C920x280&nras=1&correlator=448175540734&frm=20&pv=1&ga_vid=1799445298.1706023624&ga_sid=1706023624&ga_hid=1231294326&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=819&ady=2705&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=95320239%2C44759875%2C44759926%2C31080590%2C95321627%2C95322164&oid=2&pvsid=449049430172357&tmod=415826105&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CEebr%7C&abl=CS&pfx=0&fu=128&bc=23&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=5&uci=a!5&btvi=2&fsb=1&dtd=362
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Tue, 23 Jan 2024 15:27:04 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H3 200 adview
googleads.g.doubleclick.net/pagead/ Frame EE28 0
19 B 49ms
49ms Image
text/html 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=CAV0Gx9qvZYq9Oo6n2OMPp4m7-ALJntKxXNWdkfdwwI23ARABIABglYKggrAHggEXY2EtcHViLTk0MjM2ODczODc0NDM3NjfIAQmpAguzzkDzPLI-qAMByAMCqgTMAU_Q8RLwVDgZ6oUoByD9AqM9o1PYGFVj_1l40H_3LlxpQs59_xqCUhC3o6ZRWIVtur-WlUXMvcRxT3AQAJVceED1abNQMusEbM-JsgvWzLFV3yK9pTqVG-Ctvo11WcPiVPX_svzv58s8EM164rfF4gvKh3GyGo_J0cSby8vubXYtPrOlL6VgtVlGqn0wsUkmhZ1GtSnuZoFQMtvm3JQtt3cW4-O3j1UOmlrtFrnwVuOd9A0nP2BRpy_j6O6iroTaXl4xrP8ULK-r0Ml2lYAG47-UnvSN8qXOAaAGIagHpr4bqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCB0IgOGAEBABMgKqAjoCgEBIvf3BOli6vdGg6fODA4AKAfoLAggBgAwB0BUBgBcBshcaChgSFHB1Yi05NDIzNjg3Mzg3NDQzNzY3GAA&sigh=293mEF3VHwU&uach_m=%5BUACH%5D&cid=CAQSOwAvHhf_Q_eZ4eJ92hgCrZmIdCGGuXC054_3rgQPJyGwA0IIpaJclnuP94PJkXYyifdriKPcfF89_JqMGAE&cbvp=2&vis=1

Requested by

Host: crxextractor.com
URL: http://crxextractor.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9423687387443767&output=html&h=1585&slotname=1852501122&adk=1571748778&adf=1997393257&pi=t.ma~as.1852501122&w=461&cr_col=1&cr_row=13&fwrn=2&lmt=1701726352&rafmt=9&format=461x1585&url=http%3A%2F%2Fcrxextractor.com%2F&crui=image_sidebyside&fwr=0&wgl=1&dt=1706023623501&bpp=1&bdt=219&idt=358&shv=r20240118&mjsv=m202401180101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280%2C1200x280%2C920x280&nras=1&correlator=448175540734&frm=20&pv=1&ga_vid=1799445298.1706023624&ga_sid=1706023624&ga_hid=1231294326&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=819&ady=2705&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=95320239%2C44759875%2C44759926%2C31080590%2C95321627%2C95322164&oid=2&pvsid=449049430172357&tmod=415826105&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CEebr%7C&abl=CS&pfx=0&fu=128&bc=23&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=5&uci=a!5&btvi=2&fsb=1&dtd=362
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Tue, 23 Jan 2024 15:27:04 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H3 200 s Show response
googleads.g.doubleclick.net/pagead/drt/ Frame E6D0 143 B
166 B 9ms
8ms Document
text/html 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9423687387443767&output=html&h=280&slotname=2749869570&adk=3042395938&adf=2469204067&pi=t.ma~as.2749869570&w=920&fwrn=4&fwrnh=100&lmt=1701726352&rafmt=1&format=920x280&url=http%3A%2F%2Fcrxextractor.com%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&dt=1706023623500&bpp=1&bdt=219&idt=349&shv=r20240118&mjsv=m202401180101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280%2C1200x280&nras=1&correlator=448175540734&frm=20&pv=1&ga_vid=1799445298.1706023624&ga_sid=1706023624&ga_hid=1231294326&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=340&ady=1626&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=95320239%2C44759875%2C44759926%2C31080590%2C95321627%2C95322164&oid=2&pvsid=449049430172357&tmod=415826105&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=23&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=4&uci=a!4&btvi=1&fsb=1&dtd=356
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 3447
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=3600
content-encoding: gzip
content-length: 145
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 23 Jan 2024 14:29:37 GMT
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 4EB3 1 KB
643 B 9ms
8ms Document
text/html 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 80180
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=86400
content-encoding: br
content-length: 618
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 22 Jan 2024 17:10:44 GMT
etag: 48472445140208031
expires: Tue, 23 Jan 2024 17:10:44 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 reactive_library_fy2021.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202401180101/ 163 KB
55 KB 76ms
75ms Script
text/javascript 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202401180101/reactive_library_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b97e74092c2ef14e6e97e8fcf55b520ffbe8cf36097f2acf5ff1fd365b852c6d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://crxextractor.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Tue, 23 Jan 2024 15:27:04 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 56684
x-xss-protection: 0
server: cafe
etag: 15153436059379722911
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=1209600
timing-allow-origin: *
expires: Tue, 23 Jan 2024 15:27:04 GMT

GET
DATA 200
OK truncated
/ Frame 3AAB 216 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 99c411eb1d1c4511a6b6ee40966c93eaa73ec4b569011272aa6094e32f43c305

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

Content-Type: image/png

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 4EB3
Redirect Chain

https://pm.w55c.net/ping_match.gif?ei=GOOGLE&rurl=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3D9675309%26google_hm%3D_wfivefivec64esc_&google_gid=CAESEHedXWuz8ihD2Zv80HAxWWw&google_cve...
https://cm.g.doubleclick.net/pixel?google_nid=9675309&google_hm=WWw3T3ZtMmMxUnNpRzQ1&google_gid=CAESEHedXWuz8ihD2Zv80HAxWWw&google_cver=1&google_push=AXcoOmQBLDXCmrxt1E6I_44s9VYrQlbGcQUORnI88TSQsRt...

170 B
188 B

18ms
17ms

Image
image/png

142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=9675309&google_hm=WWw3T3ZtMmMxUnNpRzQ1&google_gid=CAESEHedXWuz8ihD2Zv80HAxWWw&google_cver=1&google_push=AXcoOmQBLDXCmrxt1E6I_44s9VYrQlbGcQUORnI88TSQsRtApISIRsKUyfWUwXh8Xxp6CRzkoMn57dG34WpxdAl7ue2ZGfDCf8blAZvPrGHeVM0OQQoWWClhbz71kYI_UQC4i8L7zZUf4Bl7vibzsFxi2RRkow

Requested by

Protocol

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 23 Jan 2024 15:27:04 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Tue, 23 Jan 2024 15:27:04 GMT
Strict-Transport-Security: max-age=2592000; includeSubDomains
Server: PingMatch/v2.0.30-799-g9c6cd74#rel-ec2-master i-0d9d3eefff4fcda69@eu-central-1a@dxedge-app-eu-central-1-prod-asg
Location: https://cm.g.doubleclick.net/pixel?google_nid=9675309&google_hm=WWw3T3ZtMmMxUnNpRzQ1&google_gid=CAESEHedXWuz8ihD2Zv80HAxWWw&google_cver=1&google_push=AXcoOmQBLDXCmrxt1E6I_44s9VYrQlbGcQUORnI88TSQsRtApISIRsKUyfWUwXh8Xxp6CRzkoMn57dG34WpxdAl7ue2ZGfDCf8blAZvPrGHeVM0OQQoWWClhbz71kYI_UQC4i8L7zZUf4Bl7vibzsFxi2RRkow
Cache-Control: no-cache, must-revalidate
Connection: keep-alive
Content-Length: 0
Expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

i.match
s.tribalfusion.com/z/ Frame 4EB3
Redirect Chain

https://a.tribalfusion.com/i.match?p=b6&u=CAESEDcNxaVE7KvDJZUy-TIzo8o&google_cver=1&google_push=AXcoOmTXWh_Ap68Ewug21m3RMLGaplADKA5ygmWg0AllTbJQvMNmbP7ZbNRbcfAVbWq4W90K-mWxykgTMBuj3aVLy0YokDVhCwNuF...
https://s.tribalfusion.com/z/i.match?p=b6&u=CAESEDcNxaVE7KvDJZUy-TIzo8o&google_cver=1&google_push=AXcoOmTXWh_Ap68Ewug21m3RMLGaplADKA5ygmWg0AllTbJQvMNmbP7ZbNRbcfAVbWq4W90K-mWxykgTMBuj3aVLy0YokDVhCwN...

43 B
453 B

206ms
168ms

Image
image/gif

2606:4700::6812:19ad
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s.tribalfusion.com/z/i.match?p=b6&u=CAESEDcNxaVE7KvDJZUy-TIzo8o&google_cver=1&google_push=AXcoOmTXWh_Ap68Ewug21m3RMLGaplADKA5ygmWg0AllTbJQvMNmbP7ZbNRbcfAVbWq4W90K-mWxykgTMBuj3aVLy0YokDVhCwNuFmRXjWNhoSmf-nE4NVvC82ycLtIVhC6Xt50tlYu4yD6_XxYhRa9oTw_sM_o&redirect=https%3A//cm.g.doubleclick.net/pixel%3Fgoogle_nid%3Dexp%26google_push%3DAXcoOmTXWh_Ap68Ewug21m3RMLGaplADKA5ygmWg0AllTbJQvMNmbP7ZbNRbcfAVbWq4W90K-mWxykgTMBuj3aVLy0YokDVhCwNuFmRXjWNhoSmf-nE4NVvC82ycLtIVhC6Xt50tlYu4yD6_XxYhRa9oTw_sM_o%26google_ula%3D2786954%26google_hm%3D%24TF_USER_ID_ENC%24
Requested by: Host: crxextractor.com
URL: http://crxextractor.com/
Protocol: H2
Server: 2606:4700::6812:19ad , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e586a84d8523747f42e510d78e141015b6424cf67d612854e892a7bcedc8ec9e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 23 Jan 2024 15:27:05 GMT
cf-cache-status: DYNAMIC
x-function: 302
server: cloudflare
content-type: image/gif; charset=utf-8
p3p: CP="NOI DEVo TAIa OUR BUS"
cache-control: no-cache, private
cf-ray: 84a10f07d8374da2-FRA
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Tue, 23 Jan 2024 15:27:04 GMT
cf-cache-status: DYNAMIC
x-function: 206
server: cloudflare
x-reuse-index: 68
content-type: text/html
location: https://s.tribalfusion.com/z/i.match?p=b6&u=CAESEDcNxaVE7KvDJZUy-TIzo8o&google_cver=1&google_push=AXcoOmTXWh_Ap68Ewug21m3RMLGaplADKA5ygmWg0AllTbJQvMNmbP7ZbNRbcfAVbWq4W90K-mWxykgTMBuj3aVLy0YokDVhCwNuFmRXjWNhoSmf-nE4NVvC82ycLtIVhC6Xt50tlYu4yD6_XxYhRa9oTw_sM_o&redirect=https%3A//cm.g.doubleclick.net/pixel%3Fgoogle_nid%3Dexp%26google_push%3DAXcoOmTXWh_Ap68Ewug21m3RMLGaplADKA5ygmWg0AllTbJQvMNmbP7ZbNRbcfAVbWq4W90K-mWxykgTMBuj3aVLy0YokDVhCwNuFmRXjWNhoSmf-nE4NVvC82ycLtIVhC6Xt50tlYu4yD6_XxYhRa9oTw_sM_o%26google_ula%3D2786954%26google_hm%3D%24TF_USER_ID_ENC%24
p3p: CP="NOI DEVo TAIa OUR BUS"
cache-control: no-cache, private
cf-ray: 84a10f064e1b4da2-FRA
alt-svc: h3=":443"; ma=86400
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 200 google
match.adsrvr.org/track/cmf/ Frame 4EB3 70 B
149 B 116ms
32ms Image
image/gif 52.223.40.198
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.adsrvr.org/track/cmf/google?google_gid=CAESELXEWXOowWAzNli3uiw7BQU&google_cver=1&google_push=AXcoOmS1R6f0jx91WmWRZ7fNjsWs3kHg2fVSoz9OFtemXrEk7WzEmlZD6jzItvdHVLqz0vQzmyOfIUO1HCkZB9w0VjZI5t1sDQHfGVBe605tqQww9b7g_LucbTA7wLuIoCzmaChVkdjkr2EJcgonkCWchKlH5XI
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9423687387443767&output=html&h=280&slotname=2749869570&adk=3042395938&adf=2469204067&pi=t.ma~as.2749869570&w=920&fwrn=4&fwrnh=100&lmt=1701726352&rafmt=1&format=920x280&url=http%3A%2F%2Fcrxextractor.com%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&dt=1706023623500&bpp=1&bdt=219&idt=349&shv=r20240118&mjsv=m202401180101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280%2C1200x280&nras=1&correlator=448175540734&frm=20&pv=1&ga_vid=1799445298.1706023624&ga_sid=1706023624&ga_hid=1231294326&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=340&ady=1626&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=95320239%2C44759875%2C44759926%2C31080590%2C95321627%2C95322164&oid=2&pvsid=449049430172357&tmod=415826105&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=23&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=4&uci=a!4&btvi=1&fsb=1&dtd=356
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.223.40.198 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a6370ebea231e0c9a.awsglobalaccelerator.com
Software: Kestrel /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Tue, 23 Jan 2024 15:27:04 GMT
server: Kestrel
content-length: 70
content-type: image/gif

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 4EB3
Redirect Chain

https://pr-bh.ybp.yahoo.com/sync/adx?google_gid=CAESEJfiyrwSYFequbGadCAIxSg&google_cver=1&google_push=AXcoOmQY1Gau4mo4E7kD9xV6BzzVfXxcOnPyPqkraifH7ks7EXy-Zj_-QhUDSM_eHanQn1NUpNoaDxc1WsV82Jg_83Vj3mu...
https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=AXcoOmQY1Gau4mo4E7kD9xV6BzzVfXxcOnPyPqkraifH7ks7EXy-Zj_-QhUDSM_eHanQn1NUpNoaDxc1WsV82Jg_83Vj3mueGx0lTczQQ2lSIFvmMWKIa0GAEW3TJ9XaUQDK8...

170 B
188 B

19ms
18ms

Image
image/png

142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=AXcoOmQY1Gau4mo4E7kD9xV6BzzVfXxcOnPyPqkraifH7ks7EXy-Zj_-QhUDSM_eHanQn1NUpNoaDxc1WsV82Jg_83Vj3mueGx0lTczQQ2lSIFvmMWKIa0GAEW3TJ9XaUQDK8G75dKcSifegzJeJP0f5IfMCpg&google_hm=eS01ZzhCZEpoRTJwRUE3VWtnSUNIRXpMMTloTmRsS05jbH5B

Requested by

Protocol

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 23 Jan 2024 15:27:04 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Tue, 23 Jan 2024 15:27:04 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
server: ATS
content-security-policy: sandbox; default-src 'self'; script-src 'none'; object-src 'none'; report-uri http://csp.yahoo.com/beacon/csp?src=generic
age: 0
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-frame-options: DENY
location: https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=AXcoOmQY1Gau4mo4E7kD9xV6BzzVfXxcOnPyPqkraifH7ks7EXy-Zj_-QhUDSM_eHanQn1NUpNoaDxc1WsV82Jg_83Vj3mueGx0lTczQQ2lSIFvmMWKIa0GAEW3TJ9XaUQDK8G75dKcSifegzJeJP0f5IfMCpg&google_hm=eS01ZzhCZEpoRTJwRUE3VWtnSUNIRXpMMTloTmRsS05jbH5B
content-length: 0

GET
H2 200 usersync.aspx
dis.criteo.com/dis/ Frame 4EB3 43 B
363 B 59ms
14ms Image
image/gif 178.250.1.9
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dis.criteo.com/dis/usersync.aspx?r=4&p=14&cp=google&cu=1&url=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcjp%26google_hm%3D%40%40CRITEO_USERID%40%40%26google_push%3DAXcoOmRvox1VcHLo_6M5SNA72E9gpyrUg8o1OpD6VToJ0KQjjAXey-7L7NqxzhZMtvwZiRG0jtxg-0nxQrITT1wY0xf1_lF89t4iOTYkTOVqRkBq4U8DxjK1BIgfUCwOaFzy7JcrhIW4YvMwzTGgy_gBbclDUg&google_gid=CAESEOTBtOXMGMGCsZwzvwy6wu0&google_cver=1

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.1.9 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 23 Jan 2024 15:27:04 GMT
x-errorlevel: 0
strict-transport-security: max-age=31536000; preload;
server: Kestrel
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
content-type: image/gif
cache-control: no-cache
cross-origin-resource-policy: cross-origin
server-processing-duration-in-ticks: 173996
expires: Tue, 23 Jan 2024 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 4EB3
Redirect Chain

https://onetag-sys.com/match/?int_id=19&redir=1&google_gid=CAESEIHCBIcqm2kIvOidYdmmamE&google_cver=1&google_push=AXcoOmQtSuyIX_00phEovfgAiMgapn7E_xKeQHbnLeq84MMvd_wqBbPxBu485UMa76YgY0PvZuNQL8q-2gKU...
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=AXcoOmQtSuyIX_00phEovfgAiMgapn7E_xKeQHbnLeq84MMvd_wqBbPxBu485UMa76YgY0PvZuNQL8q-2gKUOfWHkHe9i4WSgqJ4dygF8Lm2GmaPd_5DBlZd...

170 B
188 B

18ms
18ms

Image
image/png

142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=AXcoOmQtSuyIX_00phEovfgAiMgapn7E_xKeQHbnLeq84MMvd_wqBbPxBu485UMa76YgY0PvZuNQL8q-2gKUOfWHkHe9i4WSgqJ4dygF8Lm2GmaPd_5DBlZdwmSPBrNMbYSkujXcSPlaMjTLSQfXK1B-oxslgWU

Requested by

Protocol

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 23 Jan 2024 15:27:04 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=AXcoOmQtSuyIX_00phEovfgAiMgapn7E_xKeQHbnLeq84MMvd_wqBbPxBu485UMa76YgY0PvZuNQL8q-2gKUOfWHkHe9i4WSgqJ4dygF8Lm2GmaPd_5DBlZdwmSPBrNMbYSkujXcSPlaMjTLSQfXK1B-oxslgWU
strict-transport-security: max-age=15552000
cache-control: no-transform, no-cache
alt-svc: h3=":443"; ma=900, h3-29=":443"; ma=900
content-length: 0
p3p: CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 4EB3
Redirect Chain

https://ius.ctnsnet.com/int/cm?exc=1&acc=crimtan_holdings_limited&google_gid=CAESEC817phjiXv8kHA17K4rAPE&google_cver=1&google_push=AXcoOmRDKZbpjwYzGs-1DCsMjC0WoAGc5i6dWAm6v0OYGkMa6CBNPvVEIC7XDxYXYk...
https://cm.g.doubleclick.net/pixel?google_nid=crimtan_holdings_limited&google_push=AXcoOmRDKZbpjwYzGs-1DCsMjC0WoAGc5i6dWAm6v0OYGkMa6CBNPvVEIC7XDxYXYkxSJmmV1jOXmn77BMcCzTtMjwmRwfWbamyKiBR4ZYC2hQJ2AY...

170 B
188 B

19ms
18ms

Image
image/png

142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=crimtan_holdings_limited&google_push=AXcoOmRDKZbpjwYzGs-1DCsMjC0WoAGc5i6dWAm6v0OYGkMa6CBNPvVEIC7XDxYXYkxSJmmV1jOXmn77BMcCzTtMjwmRwfWbamyKiBR4ZYC2hQJ2AYAEcPn48kXfYYSn6BXHWaSIIEI1vhpAaHpharMUbMOeW1nj&google_hm=gUESWOMsTpy4A1n1b6oTcIM

Requested by

Protocol

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 23 Jan 2024 15:27:04 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Tue, 23 Jan 2024 15:27:04 GMT
via: 1.1 google
server: Apache-Coyote/1.1
p3p: CP="NOI DSP COR NID CUR OUR NOR"
status: 302
location: https://cm.g.doubleclick.net/pixel?google_nid=crimtan_holdings_limited&google_push=AXcoOmRDKZbpjwYzGs-1DCsMjC0WoAGc5i6dWAm6v0OYGkMa6CBNPvVEIC7XDxYXYkxSJmmV1jOXmn77BMcCzTtMjwmRwfWbamyKiBR4ZYC2hQJ2AYAEcPn48kXfYYSn6BXHWaSIIEI1vhpAaHpharMUbMOeW1nj&google_hm=gUESWOMsTpy4A1n1b6oTcIM
content-type: text/html;charset=UTF-8
cache-control: no-cache, must-revalidate
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 1; mode=block
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame 4EB3 0
12 B 18ms
17ms Image
text/html 142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13KDONmpC2u6XfQYUya1JWP3J07NdBJvyfREIMWAzWwnFE-wQ89lZI7xsvxc8TbLccGJwYo92Q

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Tue, 23 Jan 2024 15:27:04 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H3

200

si Show response
googleads.g.doubleclick.net/pagead/drt/ Frame E6D0
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

0
17 B

24ms
23ms

Document
text/html

2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 23 Jan 2024 15:27:04 GMT
expires: Tue, 23 Jan 2024 15:27:04 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
x-content-type-options: nosniff
x-xss-protection: 0

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 23 Jan 2024 15:27:04 GMT
location: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3

200

/
www.googleadservices.com/pagead/ar-adview/ Frame 3AAB
Redirect Chain

https://googleads.g.doubleclick.net/pagead/adview?ai=CXPA2x9qvZY79OdvOn88Px52RiA_m0-n6cpr-kNf8EaeY79vaDxABIOe71htglYKggrAHoAH34pu0KMgBAqgDAcgDyQSqBM4BT9BBTOiCxCI-YoR_OHe16h7hP_2AUoKnK52byMIJciVTKYl...
https://www.googleadservices.com/pagead/ar-adview/?nrh={%22debug_key%22:%227415666769099448090%22,%22debug_reporting%22:true,%22destination%22:%22https://webcompanion.com%22,%22event_report_window%...

0
0

63ms
39ms

Fetch
text/css

142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/ar-adview/?nrh={%22debug_key%22:%227415666769099448090%22,%22debug_reporting%22:true,%22destination%22:%22https://webcompanion.com%22,%22event_report_window%22:%22259200%22,%22expiry%22:%222592000%22,%22filter_data%22:{%222%22:[%2210846925175%22],%2222%22:[%22true%22],%224%22:[%2201-23%22],%226%22:[%22true%22]},%22priority%22:%22500%22,%22source_event_id%22:%222099256516210908897%22}&andc=true

Requested by

Protocol

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Tue, 23 Jan 2024 15:27:04 GMT
x-content-type-options: nosniff
attribution-reporting-register-source: {"debug_key":"7415666769099448090","debug_reporting":true,"destination":"https://webcompanion.com","event_report_window":"259200","expiry":"2592000","filter_data":{"2":["10846925175"],"22":["true"],"4":["01-23"],"6":["true"]},"priority":"500","source_event_id":"2099256516210908897"}
server: cafe
content-type: text/css; charset=UTF-8
access-control-allow-origin: https://googleads.g.doubleclick.net
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: private
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Tue, 23 Jan 2024 15:27:04 GMT

Redirect headers

content-security-policy: script-src 'none'; object-src 'none'
date: Tue, 23 Jan 2024 15:27:04 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
location: https://www.googleadservices.com/pagead/ar-adview/?nrh={"debug_key":"7415666769099448090","debug_reporting":true,"destination":"https://webcompanion.com","event_report_window":"259200","expiry":"2592000","filter_data":{"2":["10846925175"],"22":["true"],"4":["01-23"],"6":["true"]},"priority":"500","source_event_id":"2099256516210908897"}&andc=true
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H3 200 zrt_lookup_fy2021.html Show response
googleads.g.doubleclick.net/pagead/html/r20240118/r20110914/ Frame AF9C 9 KB
4 KB 8ms
7ms Document
text/html 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20240118/r20110914/zrt_lookup_fy2021.html?fsb=1

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e93b8c0ae5b5910b7107c8b455eda029935c56efa8de0be2443d8eabba207197

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://crxextractor.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 53002
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4173
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 23 Jan 2024 00:43:42 GMT
etag: 9219409622527106327
expires: Tue, 06 Feb 2024 00:43:42 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 zrt_lookup_fy2021.html Show response
googleads.g.doubleclick.net/pagead/html/r20240118/r20110914/ Frame D3E3 9 KB
4 KB 7ms
7ms Document
text/html 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20240118/r20110914/zrt_lookup_fy2021.html?fsb=1

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e93b8c0ae5b5910b7107c8b455eda029935c56efa8de0be2443d8eabba207197

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://crxextractor.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 53002
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4173
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 23 Jan 2024 00:43:42 GMT
etag: 9219409622527106327
expires: Tue, 06 Feb 2024 00:43:42 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

OPTIONS
H2 204 /
www.googleadservices.com/pagead/ar-adview/ Frame 0
0 68ms
38ms Preflight
text/html 142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept: */*
Access-Control-Request-Headers: attribution-reporting-eligible
Access-Control-Request-Method: GET
Origin: https://googleads.g.doubleclick.net
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: attribution-reporting-eligible
access-control-allow-methods: POST, GET, OPTIONS
access-control-allow-origin: https://googleads.g.doubleclick.net
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
content-type: text/html; charset=UTF-8
date: Tue, 23 Jan 2024 15:27:04 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 css2
fonts.googleapis.com/ Frame AF9C 4 KB
767 B 19ms
18ms Stylesheet
text/css 2a00:1450:4001:827::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Roboto:wght@400;700&display=swap

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240118/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

2d0922bd18f06df3c7413fcd6a3f1c5ec9545b4b07b131e362f30df7275fc058

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Tue, 23 Jan 2024 15:27:04 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Tue, 23 Jan 2024 14:59:46 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Tue, 23 Jan 2024 15:27:04 GMT

GET
H2 200 feedback_grey600_24dp.png
www.gstatic.com/images/icons/material/system/2x/ Frame AF9C 205 B
518 B 10ms
7ms Image
image/png 2a00:1450:4001:802::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gstatic.com/images/icons/material/system/2x/feedback_grey600_24dp.png

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240118/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4d45982f2dc34f36c9045ee46a75a1943666bb7fd64e103cac8c7429e7012840

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Tue, 23 Jan 2024 13:51:31 GMT
x-content-type-options: nosniff
age: 5733
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 205
x-xss-protection: 0
last-modified: Thu, 20 Jul 2023 22:48:00 GMT
server: sffe
vary: Origin
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type: image/png
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
expires: Wed, 22 Jan 2025 13:51:31 GMT

GET
H2 200 settings_grey600_24dp.png
www.gstatic.com/images/icons/material/system/2x/ Frame AF9C 604 B
696 B 9ms
8ms Image
image/png 2a00:1450:4001:802::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gstatic.com/images/icons/material/system/2x/settings_grey600_24dp.png

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240118/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5c4a713ee4250851232be9f9f68d41586be39b299528cfc7266e0b0e7e582e1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Thu, 18 Jan 2024 21:39:38 GMT
x-content-type-options: nosniff
age: 409646
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 604
x-xss-protection: 0
last-modified: Thu, 20 Jul 2023 22:48:00 GMT
server: sffe
vary: Origin
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type: image/png
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
expires: Fri, 17 Jan 2025 21:39:38 GMT

GET
H3 200 fullscreen_api_adapter_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240118/r20110914/elements/html/ Frame AF9C 16 KB
7 KB 11ms
10ms Script
text/javascript 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240118/r20110914/elements/html/fullscreen_api_adapter_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240118/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

972f7a26f860f2f122dcf2a4c5cae616df3a4a83e0c8318a1afb824c766fb651

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 22 Jan 2024 22:06:14 GMT
content-encoding: br
x-content-type-options: nosniff
age: 62450
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6823
x-xss-protection: 0
server: cafe
etag: 11129212757755515379
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 05 Feb 2024 22:06:14 GMT

GET
H3 200 interstitial_ad_frame_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240118/r20110914/elements/html/ Frame AF9C 22 KB
9 KB 10ms
9ms Script
text/javascript 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240118/r20110914/elements/html/interstitial_ad_frame_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240118/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7a519c62e734157227e61ce5209158e1b7b484b5f2b68e3ccaed1ffe444de36d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 22 Jan 2024 18:45:31 GMT
content-encoding: br
x-content-type-options: nosniff
age: 74493
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9422
x-xss-protection: 0
server: cafe
etag: 10624764489894593518
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 05 Feb 2024 18:45:31 GMT

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 50DD 624 B
245 B 52ms
48ms Document
text/html 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=COWiHhDhjN4CGPKitIECMAE&v=APEucNUji5Lc8Z5hinncG6yE2eK4IOGPh-ndnnjSsiY6KdaXtujRNwt19iYLkwo2n4pjf4dLy7kHX2o4o2ciRKzNo33HFibnKpbv8dNX2h1li2NgrwhEPmLU-VtxT6xp3ir3oa_cI0jJV754McFyccpExiLnZ_MASa5xOlB7nuZaS_kS4ppGccc

Requested by

Host: crxextractor.com
URL: http://crxextractor.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/html/r20240118/r20110914/zrt_lookup_fy2021.html?fsb=1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 222
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 23 Jan 2024 15:27:04 GMT
expires: Tue, 23 Jan 2024 15:27:04 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 dv3.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame C71B 89 KB
31 KB 91ms
85ms Script
text/javascript 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/dv3.js

Requested by

Host: crxextractor.com
URL: http://crxextractor.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

38eb0379c855f10a0e69073af6b54582216fa37b7e2b1563a1246bbf1ef49642

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Tue, 23 Jan 2024 15:27:04 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 31485
x-xss-protection: 0
server: cafe
etag: 7119415641918660631
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=600
timing-allow-origin: *
expires: Tue, 23 Jan 2024 15:27:04 GMT

GET
H2

200

skeleton.gif
static.adsafeprotected.com/ Frame C71B
Redirect Chain

https://pixel.adsafeprotected.com/rfw/st/1878143/77875707/skeleton.gif?gdpr=&gdpr_consent=&gdpr_pd=&bundleId=&ias_dspID=3&ias_campId=1015808167&ias_pubId=pub-9423687387443767&ias_chanId=1&ias_place...
https://static.adsafeprotected.com/skeleton.gif?gdpr=&gdpr_consent=&gdpr_pd=&ias_xappb=

43 B
481 B

54ms
7ms

Image
image/gif

2600:9000:223f:800:8:48e:53c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.adsafeprotected.com/skeleton.gif?gdpr=&gdpr_consent=&gdpr_pd=&ias_xappb=
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240118/r20110914/zrt_lookup_fy2021.html?fsb=1
Protocol: H2
Server: 2600:9000:223f:800:8:48e:53c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 42b976597a2d977d0e300f6d06bc903db389e5c112d33c1c8c249690a522d9f2

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 11 Dec 2023 17:29:44 GMT
x-amz-version-id: iiN8XkcmZQdDIQeKkzAiegPwcD.5WPja
via: 1.1 b6be6ee8d445cfa291adcacd75a3fb12.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 3707842
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
content-length: 43
last-modified: Mon, 17 Aug 2020 23:55:15 GMT
server: AmazonS3
etag: "45cf913e5d9d3c9b2058033056d3dd23"
content-type: image/gif
cache-control: max-age=315360000
accept-ranges: bytes
x-amz-cf-id: yOOahL_MGotCqBi77UeZ0kdw2A1ryQEGpCpxe9JtNAgT2eK4xReShg==

Redirect headers

pragma: no-cache
date: Tue, 23 Jan 2024 15:27:05 GMT
server: nginx
x-server-name: app12.ie.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
location: https://static.adsafeprotected.com/skeleton.gif?gdpr=&gdpr_consent=&gdpr_pd=&ias_xappb=
cache-control: no-cache
content-length: 0

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240118/r20110914/client/ Frame C71B 3 KB
1 KB 12ms
6ms Script
text/javascript 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240118/r20110914/client/window_focus_fy2021.js

Requested by

Host: crxextractor.com
URL: http://crxextractor.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Tue, 23 Jan 2024 08:19:43 GMT
content-encoding: br
x-content-type-options: nosniff
age: 25641
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 06 Feb 2024 08:19:43 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240118/r20110914/client/ Frame C71B 20 KB
8 KB 13ms
7ms Script
text/javascript 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240118/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: crxextractor.com
URL: http://crxextractor.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d58acf16b5e4521c9eb24fe9fd97308e5f8be1297e4b63a547e5b610611799ae

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 22 Jan 2024 18:29:17 GMT
content-encoding: br
x-content-type-options: nosniff
age: 75467
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8492
x-xss-protection: 0
server: cafe
etag: 9878124937798820110
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 05 Feb 2024 18:29:17 GMT

GET
H3 200 ufs_web_display.js Show response
www.googletagservices.com/activeview/js/current/ Frame C71B 206 KB
65 KB 26ms
23ms Script
text/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Requested by

Host: crxextractor.com
URL: http://crxextractor.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

69c32d8650b1e5f0bcb76d787972b68a1ba327ea5bd8da7ab8ca1a04336735c0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Tue, 23 Jan 2024 15:27:04 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 66453
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1705495733332172"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 23 Jan 2024 15:27:04 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame C71B 42 B
63 B 158ms
154ms Image
image/gif 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-BVoHsK-T6e8YrffqUr8u6M1phsxQ1x0_9GN05alYx90RUb0aPCdIwxOiMoZxlTE5atLAe1pe5dfONsbZDfmDU-LA7H6vK-u27pheiIlHfKu83Sx-E

Requested by

Host: crxextractor.com
URL: http://crxextractor.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 23 Jan 2024 15:27:04 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 i_I7gtk5u389ZGUJiYlLngBTR4no54KgcGkAXYvtCUw.js Show response
pagead2.googlesyndication.com/bg/ Frame F8DC 51 KB
19 KB 10ms
8ms Script
text/javascript 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/i_I7gtk5u389ZGUJiYlLngBTR4no54KgcGkAXYvtCUw.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8bf23b82d939bb7f3d64650989894b9e00534789e8e782a07069005d8bed094c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Wed, 17 Jan 2024 02:17:03 GMT
content-encoding: br
x-content-type-options: nosniff
age: 565801
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 19704
x-xss-protection: 0
last-modified: Mon, 15 Jan 2024 09:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 16 Jan 2025 02:17:03 GMT

GET
H3 200 css
fonts.googleapis.com/ Frame 4971 14 KB
1 KB 22ms
22ms Stylesheet
text/css 2a00:1450:4001:827::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240118/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

aade7746342f608807b7eb107059c842fe200e1ff09e146db822250055cecaed

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Tue, 23 Jan 2024 15:27:04 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Tue, 23 Jan 2024 14:55:10 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Tue, 23 Jan 2024 15:27:04 GMT

GET
H3 200 load_preloaded_resource_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240118/r20110914/client/ Frame 4971 2 KB
822 B 10ms
10ms Script
text/javascript 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240118/r20110914/client/load_preloaded_resource_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240118/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

41d2526e9c4595fc1fc747555bda18a041033a863a9b2ed180e7b5836918facd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 22 Jan 2024 18:29:17 GMT
content-encoding: br
x-content-type-options: nosniff
age: 75467
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 795
x-xss-protection: 0
server: cafe
etag: 4925184154378345226
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 05 Feb 2024 18:29:17 GMT

GET
H3 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240118/r20110914/ Frame 4971 23 KB
9 KB 9ms
9ms Script
text/javascript 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240118/r20110914/abg_lite_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240118/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

428f4d59e61cdf9887ad4cd7c4592a24b214d2d9c0ba09db01c4cfde66a3cd11

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Tue, 23 Jan 2024 09:41:54 GMT
content-encoding: br
x-content-type-options: nosniff
age: 20710
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9276
x-xss-protection: 0
server: cafe
etag: 3558958386372919956
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 06 Feb 2024 09:41:54 GMT

GET
H3 200 s Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 6284 143 B
166 B 14ms
12ms Document
text/html 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240118/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/html/r20240118/r20110914/zrt_lookup_fy2021.html?fsb=1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 3447
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=3600
content-encoding: gzip
content-length: 145
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 23 Jan 2024 14:29:37 GMT
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240118/r20110914/client/ Frame 4971 3 KB
1 KB 13ms
11ms Script
text/javascript 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240118/r20110914/client/window_focus_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240118/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Tue, 23 Jan 2024 08:19:43 GMT
content-encoding: br
x-content-type-options: nosniff
age: 25641
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 06 Feb 2024 08:19:43 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240118/r20110914/client/ Frame 4971 20 KB
8 KB 13ms
11ms Script
text/javascript 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240118/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240118/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d58acf16b5e4521c9eb24fe9fd97308e5f8be1297e4b63a547e5b610611799ae

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 22 Jan 2024 18:29:17 GMT
content-encoding: br
x-content-type-options: nosniff
age: 75467
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8492
x-xss-protection: 0
server: cafe
etag: 9878124937798820110
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 05 Feb 2024 18:29:17 GMT

GET
H3 200 ufs_web_display.js Show response
www.googletagservices.com/activeview/js/current/ Frame 4971 206 KB
65 KB 24ms
22ms Script
text/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240118/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

69c32d8650b1e5f0bcb76d787972b68a1ba327ea5bd8da7ab8ca1a04336735c0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Tue, 23 Jan 2024 15:27:04 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 66453
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1705495733332172"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 23 Jan 2024 15:27:04 GMT

GET
H3 200 4cee352c918c506f58256258d534a665.js Show response
www.gstatic.com/mysidia/ Frame 4971 37 KB
15 KB 13ms
12ms Script
text/javascript 2a00:1450:4001:802::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/4cee352c918c506f58256258d534a665.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240118/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e6b20a1535a6d3ca3d7a611ae199a6f4b464e0b67b450379ed43a7ef3e66957c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Wed, 17 Jan 2024 17:10:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 512181
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15452
x-xss-protection: 0
last-modified: Sat, 13 Jan 2024 00:04:01 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Tue, 16 Apr 2024 17:10:43 GMT

GET
H2

200

rum
dsum-sec.casalemedia.com/ Frame 50DD
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEEbBc8ZZAihdniRI9w354hE&google_cver=1
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEEbBc8ZZAihdniRI9w354hE&google_cver=1&C=1

43 B
343 B

28ms
26ms

Image
image/gif

104.18.36.155
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEEbBc8ZZAihdniRI9w354hE&google_cver=1&C=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=COWiHhDhjN4CGPKitIECMAE&v=APEucNUji5Lc8Z5hinncG6yE2eK4IOGPh-ndnnjSsiY6KdaXtujRNwt19iYLkwo2n4pjf4dLy7kHX2o4o2ciRKzNo33HFibnKpbv8dNX2h1li2NgrwhEPmLU-VtxT6xp3ir3oa_cI0jJV754McFyccpExiLnZ_MASa5xOlB7nuZaS_kS4ppGccc
Protocol: H2
Server: 104.18.36.155 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 23 Jan 2024 15:27:04 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dIA9Y6TP9q1ilewQyOhYcT8Hf30eUqF7w%2FjYx%2B0kT6mEcIGMRePmKlPqf3%2FDgqNRKqw%2FgG4jN%2BBv5%2BAaK1IBbH1BFBG61588xdDUc8zpuXiOP0IB3UufcvfvaKWkxZfaEFSA%2BLzZDXHtDg%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type: image/gif
cache-control: no-cache
cf-ray: 84a10f080c77380a-FRA
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

pragma: no-cache
date: Tue, 23 Jan 2024 15:27:04 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=njd1mcQSWnn27bWP9HVrI%2B9RL7Zj1j4jZlVnhS1MYjz9LVgF8eV56U8sLEuwKzdX0Skg6Kuqx%2BDJjdkR6fpaEUFlSWRG43PkV71O3r4oocudyYH%2Fguy%2FF%2F2NZpTCmXxfSkXuERgm5DuPTg%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
location: /rum?cm_dsp_id=45&external_user_id=CAESEEbBc8ZZAihdniRI9w354hE&google_cver=1&C=1
cache-control: no-cache
cf-ray: 84a10f07cc3f380a-FRA
alt-svc: h3=":443"; ma=86400
content-length: 0
expires: 0

GET
H3

200

rum
dsum-sec.casalemedia.com/ Frame 50DD
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=Za-ayH3UL45IrUv-MFOK8QAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEEbBc8ZZAihdniRI9w354hE&google_cver=1

43 B
738 B

24ms
24ms

Image
image/gif

104.18.36.155
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEEbBc8ZZAihdniRI9w354hE&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=COWiHhDhjN4CGPKitIECMAE&v=APEucNUji5Lc8Z5hinncG6yE2eK4IOGPh-ndnnjSsiY6KdaXtujRNwt19iYLkwo2n4pjf4dLy7kHX2o4o2ciRKzNo33HFibnKpbv8dNX2h1li2NgrwhEPmLU-VtxT6xp3ir3oa_cI0jJV754McFyccpExiLnZ_MASa5xOlB7nuZaS_kS4ppGccc
Protocol: H3
Server: 104.18.36.155 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 23 Jan 2024 15:27:05 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vmM6DvvzpfkMXkDVEjXoI%2FM0puX7upaRPJA%2F7cWpGhmRjVOXd5ZG7Jat2ANu7wYUZb%2B2B%2FZxNZoc7IxJntZRX5WC3EZl%2BDsP%2F0f7Dmpnt5V1TEb43NRUt0x1kFQ6qz2ii06OQOk1IHAI4g%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type: image/gif
cache-control: no-cache
cf-ray: 84a10f088aa065b0-FRA
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

pragma: no-cache
date: Tue, 23 Jan 2024 15:27:05 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEEbBc8ZZAihdniRI9w354hE&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

bounce
ib.adnxs.com/ Frame 50DD
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESEETcVcF7oQN9v25NbeQBWt0&google_cver=1
https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESEETcVcF7oQN9v25NbeQBWt0%26google_cver%3D1

43 B
1 KB

13ms
13ms

Image
image/gif

185.89.210.122
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESEETcVcF7oQN9v25NbeQBWt0%26google_cver%3D1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=COWiHhDhjN4CGPKitIECMAE&v=APEucNUji5Lc8Z5hinncG6yE2eK4IOGPh-ndnnjSsiY6KdaXtujRNwt19iYLkwo2n4pjf4dLy7kHX2o4o2ciRKzNo33HFibnKpbv8dNX2h1li2NgrwhEPmLU-VtxT6xp3ir3oa_cI0jJV754McFyccpExiLnZ_MASa5xOlB7nuZaS_kS4ppGccc

Protocol

Server

185.89.210.122 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

954.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

Software

nginx/1.23.4 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 23 Jan 2024 15:27:05 GMT
an-x-request-uuid: 52541311-f20f-4237-9b52-8e3b25d333cd
server: nginx/1.23.4
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: image/gif
access-control-allow-origin: *
cache-control: no-store, no-cache, private
access-control-allow-credentials: true
x-proxy-origin: 178.162.209.131; 178.162.209.131; 954.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
content-length: 43
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Tue, 23 Jan 2024 15:27:04 GMT
an-x-request-uuid: 1b8ac687-7edf-4fde-8b8c-157e1e58738a
server: nginx/1.23.4
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: text/html; charset=utf-8
location: https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESEETcVcF7oQN9v25NbeQBWt0%26google_cver%3D1
cache-control: no-store, no-cache, private
x-proxy-origin: 178.162.209.131; 178.162.209.131; 954.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
content-length: 0
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 50DD
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MTEwNTU0NzcyMjkxMTUxMTkyMw%3D%3D

170 B
188 B

18ms
17ms

Image
image/png

142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MTEwNTU0NzcyMjkxMTUxMTkyMw%3D%3D

Requested by

Protocol

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 23 Jan 2024 15:27:05 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Tue, 23 Jan 2024 15:27:05 GMT
an-x-request-uuid: 08830902-037d-4765-a724-7d116dc3df89
server: nginx/1.23.4
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: text/html; charset=utf-8
access-control-allow-origin: *
cache-control: no-store, no-cache, private
access-control-allow-credentials: true
location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MTEwNTU0NzcyMjkxMTUxMTkyMw%3D%3D
x-proxy-origin: 178.162.209.131; 178.162.209.131; 954.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
content-length: 0
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3 200 4b0ef9dfa83525e0607f42119c034d23.js Show response
www.gstatic.com/mysidia/ Frame 2660 9 KB
4 KB 10ms
9ms Script
text/javascript 2a00:1450:4001:802::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/4b0ef9dfa83525e0607f42119c034d23.js?tag=client_fast_engine_2019

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9423687387443767&output=html&h=280&slotname=2749869570&adk=895343530&adf=854766408&pi=t.ma~as.2749869570&w=1200&fwrn=4&fwrnh=100&lmt=1701726352&rafmt=1&format=1200x280&url=http%3A%2F%2Fcrxextractor.com%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&dt=1706023623497&bpp=2&bdt=216&idt=310&shv=r20240118&mjsv=m202401180101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=448175540734&frm=20&pv=1&ga_vid=1799445298.1706023624&ga_sid=1706023624&ga_hid=1231294326&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=200&ady=20&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=95320239%2C44759875%2C44759926%2C31080590%2C95321627%2C95322164&oid=2&pvsid=449049430172357&tmod=415826105&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CEe%7C&abl=CS&pfx=0&fu=128&bc=23&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=a!2&fsb=1&dtd=316

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

97c530c44249746307c2b01b37eed0f53757d139bc4243798f468c71da9844da

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Wed, 17 Jan 2024 17:14:49 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 511935
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4079
x-xss-protection: 0
last-modified: Thu, 11 Jan 2024 22:51:41 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Tue, 16 Apr 2024 17:14:49 GMT

GET
H3 200 67b2cf2770e31c0fa9735c0b8b540980.js Show response
www.gstatic.com/mysidia/ Frame 2660 11 KB
5 KB 12ms
11ms Script
text/javascript 2a00:1450:4001:802::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/67b2cf2770e31c0fa9735c0b8b540980.js?tag=text/vanilla_highlight

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9423687387443767&output=html&h=280&slotname=2749869570&adk=895343530&adf=854766408&pi=t.ma~as.2749869570&w=1200&fwrn=4&fwrnh=100&lmt=1701726352&rafmt=1&format=1200x280&url=http%3A%2F%2Fcrxextractor.com%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&dt=1706023623497&bpp=2&bdt=216&idt=310&shv=r20240118&mjsv=m202401180101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=448175540734&frm=20&pv=1&ga_vid=1799445298.1706023624&ga_sid=1706023624&ga_hid=1231294326&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=200&ady=20&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=95320239%2C44759875%2C44759926%2C31080590%2C95321627%2C95322164&oid=2&pvsid=449049430172357&tmod=415826105&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CEe%7C&abl=CS&pfx=0&fu=128&bc=23&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=a!2&fsb=1&dtd=316

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

559ed27b48f52ad1c65466a95a120b8264f7dea4a23d31f2ebb3b5beca3321f6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Wed, 17 Jan 2024 18:38:14 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 506930
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4763
x-xss-protection: 0
last-modified: Sat, 13 Jan 2024 00:04:01 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Tue, 16 Apr 2024 18:38:14 GMT

GET
H3 200 css
fonts.googleapis.com/ Frame 2660 14 KB
1 KB 17ms
16ms Stylesheet
text/css 2a00:1450:4001:827::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9423687387443767&output=html&h=280&slotname=2749869570&adk=895343530&adf=854766408&pi=t.ma~as.2749869570&w=1200&fwrn=4&fwrnh=100&lmt=1701726352&rafmt=1&format=1200x280&url=http%3A%2F%2Fcrxextractor.com%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&dt=1706023623497&bpp=2&bdt=216&idt=310&shv=r20240118&mjsv=m202401180101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=448175540734&frm=20&pv=1&ga_vid=1799445298.1706023624&ga_sid=1706023624&ga_hid=1231294326&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=200&ady=20&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=95320239%2C44759875%2C44759926%2C31080590%2C95321627%2C95322164&oid=2&pvsid=449049430172357&tmod=415826105&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CEe%7C&abl=CS&pfx=0&fu=128&bc=23&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=a!2&fsb=1&dtd=316

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

aade7746342f608807b7eb107059c842fe200e1ff09e146db822250055cecaed

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Tue, 23 Jan 2024 15:27:04 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Tue, 23 Jan 2024 14:58:11 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Tue, 23 Jan 2024 15:27:04 GMT

GET
H3 200 load_preloaded_resource_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240118/r20110914/client/ Frame 2660 2 KB
823 B 8ms
7ms Script
text/javascript 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240118/r20110914/client/load_preloaded_resource_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9423687387443767&output=html&h=280&slotname=2749869570&adk=895343530&adf=854766408&pi=t.ma~as.2749869570&w=1200&fwrn=4&fwrnh=100&lmt=1701726352&rafmt=1&format=1200x280&url=http%3A%2F%2Fcrxextractor.com%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&dt=1706023623497&bpp=2&bdt=216&idt=310&shv=r20240118&mjsv=m202401180101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=448175540734&frm=20&pv=1&ga_vid=1799445298.1706023624&ga_sid=1706023624&ga_hid=1231294326&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=200&ady=20&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=95320239%2C44759875%2C44759926%2C31080590%2C95321627%2C95322164&oid=2&pvsid=449049430172357&tmod=415826105&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CEe%7C&abl=CS&pfx=0&fu=128&bc=23&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=a!2&fsb=1&dtd=316

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

41d2526e9c4595fc1fc747555bda18a041033a863a9b2ed180e7b5836918facd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 22 Jan 2024 18:29:17 GMT
content-encoding: br
x-content-type-options: nosniff
age: 75468
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 795
x-xss-protection: 0
server: cafe
etag: 4925184154378345226
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 05 Feb 2024 18:29:17 GMT

GET
H3 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240118/r20110914/ Frame 2660 23 KB
9 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240118/r20110914/abg_lite_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9423687387443767&output=html&h=280&slotname=2749869570&adk=895343530&adf=854766408&pi=t.ma~as.2749869570&w=1200&fwrn=4&fwrnh=100&lmt=1701726352&rafmt=1&format=1200x280&url=http%3A%2F%2Fcrxextractor.com%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&dt=1706023623497&bpp=2&bdt=216&idt=310&shv=r20240118&mjsv=m202401180101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=448175540734&frm=20&pv=1&ga_vid=1799445298.1706023624&ga_sid=1706023624&ga_hid=1231294326&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=200&ady=20&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=95320239%2C44759875%2C44759926%2C31080590%2C95321627%2C95322164&oid=2&pvsid=449049430172357&tmod=415826105&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CEe%7C&abl=CS&pfx=0&fu=128&bc=23&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=a!2&fsb=1&dtd=316

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

428f4d59e61cdf9887ad4cd7c4592a24b214d2d9c0ba09db01c4cfde66a3cd11

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Tue, 23 Jan 2024 09:41:54 GMT
content-encoding: br
x-content-type-options: nosniff
age: 20711
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9276
x-xss-protection: 0
server: cafe
etag: 3558958386372919956
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 06 Feb 2024 09:41:54 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240118/r20110914/client/ Frame 2660 3 KB
1 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240118/r20110914/client/window_focus_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9423687387443767&output=html&h=280&slotname=2749869570&adk=895343530&adf=854766408&pi=t.ma~as.2749869570&w=1200&fwrn=4&fwrnh=100&lmt=1701726352&rafmt=1&format=1200x280&url=http%3A%2F%2Fcrxextractor.com%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&dt=1706023623497&bpp=2&bdt=216&idt=310&shv=r20240118&mjsv=m202401180101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=448175540734&frm=20&pv=1&ga_vid=1799445298.1706023624&ga_sid=1706023624&ga_hid=1231294326&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=200&ady=20&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=95320239%2C44759875%2C44759926%2C31080590%2C95321627%2C95322164&oid=2&pvsid=449049430172357&tmod=415826105&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CEe%7C&abl=CS&pfx=0&fu=128&bc=23&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=a!2&fsb=1&dtd=316

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Tue, 23 Jan 2024 08:19:43 GMT
content-encoding: br
x-content-type-options: nosniff
age: 25642
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 06 Feb 2024 08:19:43 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240118/r20110914/client/ Frame 2660 20 KB
8 KB 11ms
10ms Script
text/javascript 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240118/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9423687387443767&output=html&h=280&slotname=2749869570&adk=895343530&adf=854766408&pi=t.ma~as.2749869570&w=1200&fwrn=4&fwrnh=100&lmt=1701726352&rafmt=1&format=1200x280&url=http%3A%2F%2Fcrxextractor.com%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&dt=1706023623497&bpp=2&bdt=216&idt=310&shv=r20240118&mjsv=m202401180101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=448175540734&frm=20&pv=1&ga_vid=1799445298.1706023624&ga_sid=1706023624&ga_hid=1231294326&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=200&ady=20&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=95320239%2C44759875%2C44759926%2C31080590%2C95321627%2C95322164&oid=2&pvsid=449049430172357&tmod=415826105&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CEe%7C&abl=CS&pfx=0&fu=128&bc=23&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=a!2&fsb=1&dtd=316

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d58acf16b5e4521c9eb24fe9fd97308e5f8be1297e4b63a547e5b610611799ae

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 22 Jan 2024 18:29:17 GMT
content-encoding: br
x-content-type-options: nosniff
age: 75467
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8492
x-xss-protection: 0
server: cafe
etag: 9878124937798820110
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 05 Feb 2024 18:29:17 GMT

GET
H3 200 ufs_web_display.js Show response
pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ Frame 2660 206 KB
62 KB 13ms
12ms Script
text/javascript 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ufs_web_display.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9423687387443767&output=html&h=280&slotname=2749869570&adk=895343530&adf=854766408&pi=t.ma~as.2749869570&w=1200&fwrn=4&fwrnh=100&lmt=1701726352&rafmt=1&format=1200x280&url=http%3A%2F%2Fcrxextractor.com%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&dt=1706023623497&bpp=2&bdt=216&idt=310&shv=r20240118&mjsv=m202401180101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=448175540734&frm=20&pv=1&ga_vid=1799445298.1706023624&ga_sid=1706023624&ga_hid=1231294326&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=200&ady=20&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=95320239%2C44759875%2C44759926%2C31080590%2C95321627%2C95322164&oid=2&pvsid=449049430172357&tmod=415826105&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CEe%7C&abl=CS&pfx=0&fu=128&bc=23&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=a!2&fsb=1&dtd=316

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

49116b116b7a9ac1b831c031d71065b4f5277c665002ba23520b7ffc4e07f3c8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Tue, 23 Jan 2024 14:29:53 GMT
content-encoding: br
x-content-type-options: nosniff
age: 3431
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 63314
x-xss-protection: 0
server: cafe
etag
vary: Accept-Encoding
content-type: text/javascript; charset=ISO-8859-1
cache-control: public, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Tue, 23 Jan 2024 15:29:53 GMT

GET
H3 200 4cee352c918c506f58256258d534a665.js Show response
www.gstatic.com/mysidia/ Frame 2660 37 KB
15 KB 8ms
8ms Script
text/javascript 2a00:1450:4001:802::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/4cee352c918c506f58256258d534a665.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9423687387443767&output=html&h=280&slotname=2749869570&adk=895343530&adf=854766408&pi=t.ma~as.2749869570&w=1200&fwrn=4&fwrnh=100&lmt=1701726352&rafmt=1&format=1200x280&url=http%3A%2F%2Fcrxextractor.com%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&dt=1706023623497&bpp=2&bdt=216&idt=310&shv=r20240118&mjsv=m202401180101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=448175540734&frm=20&pv=1&ga_vid=1799445298.1706023624&ga_sid=1706023624&ga_hid=1231294326&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=200&ady=20&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=95320239%2C44759875%2C44759926%2C31080590%2C95321627%2C95322164&oid=2&pvsid=449049430172357&tmod=415826105&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CEe%7C&abl=CS&pfx=0&fu=128&bc=23&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=a!2&fsb=1&dtd=316

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e6b20a1535a6d3ca3d7a611ae199a6f4b464e0b67b450379ed43a7ef3e66957c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Wed, 17 Jan 2024 17:10:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 512182
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15452
x-xss-protection: 0
last-modified: Sat, 13 Jan 2024 00:04:01 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Tue, 16 Apr 2024 17:10:43 GMT

GET
H3 200 css
fonts.googleapis.com/ Frame F029 4 KB
655 B 22ms
22ms Stylesheet
text/css 2a00:1450:4001:827::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto%3A400%2C500

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9423687387443767&output=html&h=280&slotname=2749869570&adk=686159903&adf=1854955444&pi=t.ma~as.2749869570&w=1200&fwrn=4&fwrnh=100&lmt=1701726352&rafmt=1&format=1200x280&url=http%3A%2F%2Fcrxextractor.com%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&dt=1706023623499&bpp=1&bdt=218&idt=340&shv=r20240118&mjsv=m202401180101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280&nras=1&correlator=448175540734&frm=20&pv=1&ga_vid=1799445298.1706023624&ga_sid=1706023624&ga_hid=1231294326&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=380&ady=401&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=95320239%2C44759875%2C44759926%2C31080590%2C95321627%2C95322164&oid=2&pvsid=449049430172357&tmod=415826105&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7ClEe%7C&abl=CS&pfx=0&fu=128&bc=23&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=3&uci=a!3&fsb=1&dtd=345

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

f8238cdd1cc6032f1c34cf7e559b55a936097f78cc8839628e5cc39a6fc3f390

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Tue, 23 Jan 2024 15:27:04 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Tue, 23 Jan 2024 14:23:44 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Tue, 23 Jan 2024 15:27:04 GMT

GET
H3 200 load_preloaded_resource_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240118/r20110914/client/ Frame F029 2 KB
822 B 7ms
7ms Script
text/javascript 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240118/r20110914/client/load_preloaded_resource_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9423687387443767&output=html&h=280&slotname=2749869570&adk=686159903&adf=1854955444&pi=t.ma~as.2749869570&w=1200&fwrn=4&fwrnh=100&lmt=1701726352&rafmt=1&format=1200x280&url=http%3A%2F%2Fcrxextractor.com%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&dt=1706023623499&bpp=1&bdt=218&idt=340&shv=r20240118&mjsv=m202401180101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280&nras=1&correlator=448175540734&frm=20&pv=1&ga_vid=1799445298.1706023624&ga_sid=1706023624&ga_hid=1231294326&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=380&ady=401&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=95320239%2C44759875%2C44759926%2C31080590%2C95321627%2C95322164&oid=2&pvsid=449049430172357&tmod=415826105&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7ClEe%7C&abl=CS&pfx=0&fu=128&bc=23&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=3&uci=a!3&fsb=1&dtd=345

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

41d2526e9c4595fc1fc747555bda18a041033a863a9b2ed180e7b5836918facd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 22 Jan 2024 18:29:17 GMT
content-encoding: br
x-content-type-options: nosniff
age: 75467
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 795
x-xss-protection: 0
server: cafe
etag: 4925184154378345226
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 05 Feb 2024 18:29:17 GMT

GET
H3 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240118/r20110914/ Frame F029 23 KB
9 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240118/r20110914/abg_lite_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9423687387443767&output=html&h=280&slotname=2749869570&adk=686159903&adf=1854955444&pi=t.ma~as.2749869570&w=1200&fwrn=4&fwrnh=100&lmt=1701726352&rafmt=1&format=1200x280&url=http%3A%2F%2Fcrxextractor.com%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&dt=1706023623499&bpp=1&bdt=218&idt=340&shv=r20240118&mjsv=m202401180101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280&nras=1&correlator=448175540734&frm=20&pv=1&ga_vid=1799445298.1706023624&ga_sid=1706023624&ga_hid=1231294326&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=380&ady=401&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=95320239%2C44759875%2C44759926%2C31080590%2C95321627%2C95322164&oid=2&pvsid=449049430172357&tmod=415826105&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7ClEe%7C&abl=CS&pfx=0&fu=128&bc=23&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=3&uci=a!3&fsb=1&dtd=345

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

428f4d59e61cdf9887ad4cd7c4592a24b214d2d9c0ba09db01c4cfde66a3cd11

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Tue, 23 Jan 2024 09:41:54 GMT
content-encoding: br
x-content-type-options: nosniff
age: 20711
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9276
x-xss-protection: 0
server: cafe
etag: 3558958386372919956
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 06 Feb 2024 09:41:54 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240118/r20110914/client/ Frame F029 3 KB
1 KB 9ms
9ms Script
text/javascript 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240118/r20110914/client/window_focus_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9423687387443767&output=html&h=280&slotname=2749869570&adk=686159903&adf=1854955444&pi=t.ma~as.2749869570&w=1200&fwrn=4&fwrnh=100&lmt=1701726352&rafmt=1&format=1200x280&url=http%3A%2F%2Fcrxextractor.com%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&dt=1706023623499&bpp=1&bdt=218&idt=340&shv=r20240118&mjsv=m202401180101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280&nras=1&correlator=448175540734&frm=20&pv=1&ga_vid=1799445298.1706023624&ga_sid=1706023624&ga_hid=1231294326&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=380&ady=401&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=95320239%2C44759875%2C44759926%2C31080590%2C95321627%2C95322164&oid=2&pvsid=449049430172357&tmod=415826105&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7ClEe%7C&abl=CS&pfx=0&fu=128&bc=23&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=3&uci=a!3&fsb=1&dtd=345

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Tue, 23 Jan 2024 08:19:43 GMT
content-encoding: br
x-content-type-options: nosniff
age: 25642
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 06 Feb 2024 08:19:43 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240118/r20110914/client/ Frame F029 20 KB
8 KB 9ms
8ms Script
text/javascript 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240118/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9423687387443767&output=html&h=280&slotname=2749869570&adk=686159903&adf=1854955444&pi=t.ma~as.2749869570&w=1200&fwrn=4&fwrnh=100&lmt=1701726352&rafmt=1&format=1200x280&url=http%3A%2F%2Fcrxextractor.com%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&dt=1706023623499&bpp=1&bdt=218&idt=340&shv=r20240118&mjsv=m202401180101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280&nras=1&correlator=448175540734&frm=20&pv=1&ga_vid=1799445298.1706023624&ga_sid=1706023624&ga_hid=1231294326&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=380&ady=401&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=95320239%2C44759875%2C44759926%2C31080590%2C95321627%2C95322164&oid=2&pvsid=449049430172357&tmod=415826105&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7ClEe%7C&abl=CS&pfx=0&fu=128&bc=23&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=3&uci=a!3&fsb=1&dtd=345

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d58acf16b5e4521c9eb24fe9fd97308e5f8be1297e4b63a547e5b610611799ae

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 22 Jan 2024 18:29:17 GMT
content-encoding: br
x-content-type-options: nosniff
age: 75467
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8492
x-xss-protection: 0
server: cafe
etag: 9878124937798820110
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 05 Feb 2024 18:29:17 GMT

GET
H3 200 ufs_web_display.js Show response
www.googletagservices.com/activeview/js/current/ Frame F029 206 KB
65 KB 16ms
16ms Script
text/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9423687387443767&output=html&h=280&slotname=2749869570&adk=686159903&adf=1854955444&pi=t.ma~as.2749869570&w=1200&fwrn=4&fwrnh=100&lmt=1701726352&rafmt=1&format=1200x280&url=http%3A%2F%2Fcrxextractor.com%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&dt=1706023623499&bpp=1&bdt=218&idt=340&shv=r20240118&mjsv=m202401180101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280&nras=1&correlator=448175540734&frm=20&pv=1&ga_vid=1799445298.1706023624&ga_sid=1706023624&ga_hid=1231294326&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=380&ady=401&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=95320239%2C44759875%2C44759926%2C31080590%2C95321627%2C95322164&oid=2&pvsid=449049430172357&tmod=415826105&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7ClEe%7C&abl=CS&pfx=0&fu=128&bc=23&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=3&uci=a!3&fsb=1&dtd=345

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

69c32d8650b1e5f0bcb76d787972b68a1ba327ea5bd8da7ab8ca1a04336735c0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Tue, 23 Jan 2024 15:27:04 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 66453
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1705495733332172"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 23 Jan 2024 15:27:04 GMT

GET
H3 200 4cee352c918c506f58256258d534a665.js Show response
www.gstatic.com/mysidia/ Frame F029 37 KB
15 KB 10ms
9ms Script
text/javascript 2a00:1450:4001:802::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/4cee352c918c506f58256258d534a665.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9423687387443767&output=html&h=280&slotname=2749869570&adk=686159903&adf=1854955444&pi=t.ma~as.2749869570&w=1200&fwrn=4&fwrnh=100&lmt=1701726352&rafmt=1&format=1200x280&url=http%3A%2F%2Fcrxextractor.com%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&dt=1706023623499&bpp=1&bdt=218&idt=340&shv=r20240118&mjsv=m202401180101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280&nras=1&correlator=448175540734&frm=20&pv=1&ga_vid=1799445298.1706023624&ga_sid=1706023624&ga_hid=1231294326&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=380&ady=401&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=95320239%2C44759875%2C44759926%2C31080590%2C95321627%2C95322164&oid=2&pvsid=449049430172357&tmod=415826105&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7ClEe%7C&abl=CS&pfx=0&fu=128&bc=23&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=3&uci=a!3&fsb=1&dtd=345

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e6b20a1535a6d3ca3d7a611ae199a6f4b464e0b67b450379ed43a7ef3e66957c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Wed, 17 Jan 2024 17:10:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 512182
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15452
x-xss-protection: 0
last-modified: Sat, 13 Jan 2024 00:04:01 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Tue, 16 Apr 2024 17:10:43 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame C71B 0
20 B 154ms
154ms Ping
image/gif 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=running&ord=4619020607824&version=m202309260101

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 23 Jan 2024 15:27:05 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame C71B 0
20 B 156ms
154ms Ping
image/gif 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tlbr&ord=4619020607824&version=m202309260101&ct=76&x=1&cor=10336593428814650000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 23 Jan 2024 15:27:05 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame C71B 92 KB
38 KB 56ms
54ms Script
text/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-DPHmppQyFLLw38JqSCz9cN0Rd5OBxB-n4deBh0wkJpoImmCljbbul7Q_r0OHzz-PzIXBMcYOA3mDb1PcFSgoDOvkn9eEutaUe8BP5sF80sOVxAVMyTVOpqK0-OVt2VZqLzF6Eayf3w4qJR29aNtUb7cPzmg10qH5FsTQz-zRIsDktBqso&dbm_d=AKAmf-D0E7-JTZ2J3u611C9OG-Zrim9U9TFnpUb2-I5ZwjLA0EvStfiKVBnsXWb2CmmSd0zGeBak49CdJGfvg5X-bz5ls3tfEjFNJU4kkRW5sXJVFHT5MGjqGxqZFmCZC2HiDm5TLJ1iaoY1JbMbEnpP5oyFgcfPtJPS-_3PAjz53FCzVbF-nA_ADXFsKH0gKjiX4sEDbdy0cFkVC7j7OB0sTS7Nd_9oWlVO4xOFDs51F3BAod5rblaEh42bsmnXFNA0RFVMgvkpP1feJsMlZv09lUUTnvFRHBFuCmxgLQEJTtl4saExccBz3lEPU7r_ccw_KKJZAQ9eTDYohqra1txUKi3N54uJfpB1Sb4u8K-I3mcE343x1T306wFPXRaCGNAuSDxd-Rel6ymDdX3hbCLT2vkQ-yySAZG87ES6qN1ecVQzwuqNQMXrKmOrwvfpMopfrX9ragPBmNiR7gub9Ky9OdrozyF7VycIHtYvFLccawYmiGyUPfcYhOeed_teuFg4kWEL2dc6XRcMILmbYBNmjlqZ5qxMQcAFcp4l0ZOjcaWM3ahELZ8YvkLHJwXauKVt17ws2kkmTVZejIoK8CJg4Iqy53jAJZ9Q3HIYwNFTV7K8tNbKdQWQk4p03lXWJcYEUXgy1V0m4fQKc8wXnUXRp3sm7jKgG50ALBp6JDLnJTzwQ6-4mPPoRhtIVF3LuybewpX8idzx7dCYKxY1zC0n7TM5pLmmOELSigS-YL-kieU2vd0hSqvCW44J2MF3A4koMWw0t0Y0bgS2H0eEE8x1oJYqpcIRjZ-DbCnA9wzc9XPloAI2c6vC9KXGG-8o4I1OeOSagq7p_3C1IcpU1j4VkC8KkNtFQWNGKTeMGERo4AGrV4lsxx-8qjI3MWMJFBXnjAfG3JtZlA6Yv_pvYQB2aVbFBw6t0d6Z8uQ_HGSKG_Qvk5yPQ2ppyF_-Ytm30-JroLopdpu5iu5m1L4jFSGUnnS2jcNCnMslvDVmfuMJdTZ_28yyieuQ3ChZrcfpaxM9pE7JDnHIqjrFV4xsBuRFrNJAPzIvegzTxX8XAcz0ujle2ijKefPPI85jA6kBYl8npVVggvV3gRCqGPUTA0bbNwntXK8c2DmXr0n38GF4c-V8w8jmEUix0x5-8vHyyqHFiRSBlKJXAkNwa2lvaB8FVNS3Py8nty3yWPbrTy8HBZi3TifoUWfnRXjL-7VlILEwHur00Mp0VCGNS3KA6S9AD2M9vws2Dpctb2xtBsIq6dM3JC7tEv4f2oV0cE_kQA-_woYL0IoxgidKFC2SOQwKmmlqyB4C07lKTf-ToDx-PlL69qvftAIsPhXC3jQ_zx6icGrcxe-ZmPWUiwzA1qJzeZN6c56kOE76wOm96mqY0VtoXY0NDgCwRkjMi6DnT69LWqG8wuneZGh438C8Bo7O2cmJ9Q08yjo7IpH1psxCOsypTRz2p2g-gckXqF_LjGpQTLna85Q70Bn1hELWeia9eglDQeSc-1cnyQ6cyplFJyR8fDlRz-1SVRwZSbtTpXuZ8kjrDp7xGZF-HqJTXHik3FWCkErXDuWP0I4ReoDQ8R4KDdcgb9qdw1-Lit7CNmrm3zME0Mz-nFGyjxRIdBWePmcTx4kjo-2yyD9_c4VhfB5BYa9s-d7U0LBYe-ftY6XygHg5ilYc5MLAFmPrtCjTaNRy6dk-lcHTqBUyY6NPzNFrPb9nX93Jd8c00B3Uvy_2RNH1u_e-1MIoTGTlzqAPoxPbS_KzzCrAat-0AYDoMo4wTBB1LhQ4YyguJ1CNwafeYGwo2W3owbyFcfL9zoWjEsKGZ8Xgn_s2BEZXrUuKjh8p2RK5MmxWfxit02kKokXGYjc43isB4d80BfXTC1RqEa3QCytWRNfQcJq0sUI-Jedowvfg1pdmJLqMGD7dbnsplAcd11RGLfZO0gQES6qFMC6UE9lW3jVeSufPZHfEtadLHIMKiuCymfVq5ihSXQ8JmHiZyztbmhO2dBM-YLixZVhpkCweJLIS7qqNkS82GttGZMoOSra-j8wwBau_rVQSLV5JVRciBxS9-kYF8LMD8riruErRSgamceuqqpMEg7Mwf6_8vVINyL9rxK7qj-E_6Su7j83hmPxH-eA-As54ZI3tc6vNu5LtnWEAE3VFBv1xrpxFeTwhsCi3WT00h42IX435u3rfJsI_ZYbf9X9ZtNnFvYagbpQJlbtrl9YRO4Jx6CD4sK2icO0TP2VuR00yPQ2i3rFf2mzaaJ1mDz3kZB4SsyUMuT3LAf13txGKA7gDzyqZrU8UmwIQIBJLKMyCFBvjWVXRN1fEz8MahbZCb_w0Z9hdnX4VYAgN2a4MLgSTuTWwfRsrN8hZjzwhJtMb3DFDix60usi1L2diwYZVZ5Wk34SD2RNocNKKsUpAj2Y_YRI-Nqdfawr_yZXb9RFfWOnGV6gsZbW16WUwF66BjfB1OhhXAvIsaXsb321LaF_z-JHx3-wxEftFPIuZcAgeKMy6Hb6m9kuMIX_irOT25DCm33zXLX7MzIUTTnm_cjfeJVaZNZgm27MxrhT3XknWADM1bcCqFSgH1cHdU0nDAaxBO4d3VYBZdSpZl-A5aimjwr3fIQ75UdeMj0po7xv-CRniW3PQ0y8CKx1GZNi5-P7oe6Cnr7Af2A4i8pfsCimCMDw9LGo-0N0jfwj-FbSMk-Db7h9nmmQkOACwxjBsvvXb70cXdAJIbeHa5Ps9OSYWawwvLD1m6cDLNlDZjSZRaLUUdWj0XLhRc3sJ81Apa0II3WxLy-Y_qVKqcxarmoUCvade3gyxgvcuG-qpRfP1Yql7_AGznC2LqSHoqfMQaDGRbDNe4QTRDIb0bbzzOrJJpzMUZ9mAxbo_Pv0h_EFdhJMX4EEC9woS69Vl37NedHaC79esepbBa7NjDSikrtY2hM0bLQQ-OSrkB5aJA6spvlmvssIue8zlbtl4Dmo2hNQGxYJW8cv4SJqtZa-BQ7HbDWcF8QCZOEGmf1LvI_WkCZBUmQ3fhwx7X2Q1inVarrxnIy_cg8OzyBMp01W_HGmUopUeJLhs-LB5oRykpttF-C63XcI6U9Ccj7zBpaiPDgX480KyyaB6_NQ5CuuqLQsyQJqzHyd6Ka3vMLGqL1Jx_z97mI3wd6h7CQVdWeQ7m7kclW7NeHE-Z0GS6BlVeXR70eHH3LCgqdR-O7OdVk5Tv_QrnXf-jcnugwGK1K9dRz-pVBjxgVdJVRRpx-gqM-dqPccxQ5zkdtTrPQdaFCOLslRvB-a4HZ_gjMWCymunB2xi3hV2oW64RbCaGwqbLz_qztjpV8iLu6o2Nd5iIInXAws1D86hiTqbORmjSZcrtMed0mKfIhdNfTt1BSWSqlcg47bQX74KNkiH-UrWBM0z0962wj0wmC3Ny4VOke9CbB5d4iMp6ZNEzTm4AQlVi68qLkkj9wvQfXS6oN85xp1D_prtCOkvC4DbXjdnj7GoiFqLh0vNoXd4eGpaxPsUTKtB-eXfJLydGuAy705lXG80sFiXaWCOT2D1NQQew8lMUxkxvkujlMjgA36crPRthuO4CUT894WNeO-yd_A1db-FaaYGxLtVAfZUhrVqAx9te9vONZuh_axIoa1nWhcpmz6WGRMtLWrMHuIxc_gK1if69fc1H1UN&cid=CAQSTwAvHhf_LqbKXBzj1b-cIEtPi_PA7BYTZWlQSOcvLA0oL1L_8gyMz487kCoh-Tn1iwk4iqfEaQruOlmR_ck7kExaQ_wgiIYL4cC4d07GOz8YAQ&dv3_ver=m202309260101&rfl=http%3A%2F%2Fcrxextractor.com%2F&ds=l&xdt=1&iif=1&cor=10336593428814650000&adk=1935140219&idt=117&cac=0&dtd=19

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

40d771f6656d3624b38cfa9c063434faf00acd7b1be12cd3737e630ead0c09a8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/html/r20240118/r20110914/zrt_lookup_fy2021.html?fsb=1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 23 Jan 2024 15:27:04 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 39076
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

si Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 6284
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

0
17 B

20ms
20ms

Document
text/html

2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240118/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 23 Jan 2024 15:27:05 GMT
expires: Tue, 23 Jan 2024 15:27:05 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
x-content-type-options: nosniff
x-xss-protection: 0

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 23 Jan 2024 15:27:05 GMT
location: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 12098172541603669361
tpc.googlesyndication.com/simgad/ Frame F029 40 KB
40 KB 11ms
8ms Image
image/jpeg 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/12098172541603669361?w=600&h=314&tw=1&q=75

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9423687387443767&output=html&h=280&slotname=2749869570&adk=686159903&adf=1854955444&pi=t.ma~as.2749869570&w=1200&fwrn=4&fwrnh=100&lmt=1701726352&rafmt=1&format=1200x280&url=http%3A%2F%2Fcrxextractor.com%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&dt=1706023623499&bpp=1&bdt=218&idt=340&shv=r20240118&mjsv=m202401180101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280&nras=1&correlator=448175540734&frm=20&pv=1&ga_vid=1799445298.1706023624&ga_sid=1706023624&ga_hid=1231294326&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=380&ady=401&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=95320239%2C44759875%2C44759926%2C31080590%2C95321627%2C95322164&oid=2&pvsid=449049430172357&tmod=415826105&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7ClEe%7C&abl=CS&pfx=0&fu=128&bc=23&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=3&uci=a!3&fsb=1&dtd=345

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ac4102f64f92f5e234174d3758fb00dd33e96c318f6e0ffda49471b7fa381395

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

expires: Thu, 16 Jan 2025 09:57:53 GMT
date: Wed, 17 Jan 2024 09:57:53 GMT
x-content-type-options: nosniff
age: 538152
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 41360
x-xss-protection: 0
last-modified: Tue, 31 Oct 2023 07:10:04 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
allow-fenced-frame-automatic-beacons: true

GET
H3 200 4704087868683261172
tpc.googlesyndication.com/simgad/2966731929940662849/ Frame F029 2 KB
2 KB 13ms
11ms Image
image/jpeg 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/2966731929940662849/4704087868683261172?w=100&h=100&tw=1&q=75

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9423687387443767&output=html&h=280&slotname=2749869570&adk=686159903&adf=1854955444&pi=t.ma~as.2749869570&w=1200&fwrn=4&fwrnh=100&lmt=1701726352&rafmt=1&format=1200x280&url=http%3A%2F%2Fcrxextractor.com%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&dt=1706023623499&bpp=1&bdt=218&idt=340&shv=r20240118&mjsv=m202401180101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280&nras=1&correlator=448175540734&frm=20&pv=1&ga_vid=1799445298.1706023624&ga_sid=1706023624&ga_hid=1231294326&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=380&ady=401&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=95320239%2C44759875%2C44759926%2C31080590%2C95321627%2C95322164&oid=2&pvsid=449049430172357&tmod=415826105&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7ClEe%7C&abl=CS&pfx=0&fu=128&bc=23&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=3&uci=a!3&fsb=1&dtd=345

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0ebac58fde776e690177af10b52568f9b7faceb9408007b9e9409eb24c455321

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

expires: Thu, 16 Jan 2025 06:22:40 GMT
date: Wed, 17 Jan 2024 06:22:40 GMT
x-content-type-options: nosniff
age: 551065
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1991
x-xss-protection: 0
last-modified: Fri, 08 Dec 2023 09:54:52 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
allow-fenced-frame-automatic-beacons: true

GET
H3 200 s Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 9022 143 B
166 B 8ms
7ms Document
text/html 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9423687387443767&output=html&h=280&slotname=2749869570&adk=895343530&adf=854766408&pi=t.ma~as.2749869570&w=1200&fwrn=4&fwrnh=100&lmt=1701726352&rafmt=1&format=1200x280&url=http%3A%2F%2Fcrxextractor.com%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&dt=1706023623497&bpp=2&bdt=216&idt=310&shv=r20240118&mjsv=m202401180101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=448175540734&frm=20&pv=1&ga_vid=1799445298.1706023624&ga_sid=1706023624&ga_hid=1231294326&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=200&ady=20&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=95320239%2C44759875%2C44759926%2C31080590%2C95321627%2C95322164&oid=2&pvsid=449049430172357&tmod=415826105&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CEe%7C&abl=CS&pfx=0&fu=128&bc=23&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=a!2&fsb=1&dtd=316

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9423687387443767&output=html&h=280&slotname=2749869570&adk=895343530&adf=854766408&pi=t.ma~as.2749869570&w=1200&fwrn=4&fwrnh=100&lmt=1701726352&rafmt=1&format=1200x280&url=http%3A%2F%2Fcrxextractor.com%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&dt=1706023623497&bpp=2&bdt=216&idt=310&shv=r20240118&mjsv=m202401180101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=448175540734&frm=20&pv=1&ga_vid=1799445298.1706023624&ga_sid=1706023624&ga_hid=1231294326&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=200&ady=20&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=95320239%2C44759875%2C44759926%2C31080590%2C95321627%2C95322164&oid=2&pvsid=449049430172357&tmod=415826105&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CEe%7C&abl=CS&pfx=0&fu=128&bc=23&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=a!2&fsb=1&dtd=316
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 3448
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=3600
content-encoding: gzip
content-length: 145
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 23 Jan 2024 14:29:37 GMT
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 express_html_inpage_rendering_lib_200_278.js Show response
s0.2mdn.net/879366/ Frame C71B 111 KB
39 KB 37ms
7ms Script
text/javascript 2a00:1450:4001:82f::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_278.js

Requested by

Host: crxextractor.com
URL: http://crxextractor.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1642dd5dc126df4feff2255cba0988528507973d842d0a73331a5873f6b9d4e5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Origin: https://googleads.g.doubleclick.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 22 Jan 2024 17:14:48 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 79937
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 39806
x-xss-protection: 0
last-modified: Tue, 14 Mar 2023 18:44:05 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 23 Jan 2024 17:14:48 GMT

GET
H3 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20240118/r20110914/elements/html/ Frame C71B 12 KB
4 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20240118/r20110914/elements/html/omrhp.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-DPHmppQyFLLw38JqSCz9cN0Rd5OBxB-n4deBh0wkJpoImmCljbbul7Q_r0OHzz-PzIXBMcYOA3mDb1PcFSgoDOvkn9eEutaUe8BP5sF80sOVxAVMyTVOpqK0-OVt2VZqLzF6Eayf3w4qJR29aNtUb7cPzmg10qH5FsTQz-zRIsDktBqso&dbm_d=AKAmf-D0E7-JTZ2J3u611C9OG-Zrim9U9TFnpUb2-I5ZwjLA0EvStfiKVBnsXWb2CmmSd0zGeBak49CdJGfvg5X-bz5ls3tfEjFNJU4kkRW5sXJVFHT5MGjqGxqZFmCZC2HiDm5TLJ1iaoY1JbMbEnpP5oyFgcfPtJPS-_3PAjz53FCzVbF-nA_ADXFsKH0gKjiX4sEDbdy0cFkVC7j7OB0sTS7Nd_9oWlVO4xOFDs51F3BAod5rblaEh42bsmnXFNA0RFVMgvkpP1feJsMlZv09lUUTnvFRHBFuCmxgLQEJTtl4saExccBz3lEPU7r_ccw_KKJZAQ9eTDYohqra1txUKi3N54uJfpB1Sb4u8K-I3mcE343x1T306wFPXRaCGNAuSDxd-Rel6ymDdX3hbCLT2vkQ-yySAZG87ES6qN1ecVQzwuqNQMXrKmOrwvfpMopfrX9ragPBmNiR7gub9Ky9OdrozyF7VycIHtYvFLccawYmiGyUPfcYhOeed_teuFg4kWEL2dc6XRcMILmbYBNmjlqZ5qxMQcAFcp4l0ZOjcaWM3ahELZ8YvkLHJwXauKVt17ws2kkmTVZejIoK8CJg4Iqy53jAJZ9Q3HIYwNFTV7K8tNbKdQWQk4p03lXWJcYEUXgy1V0m4fQKc8wXnUXRp3sm7jKgG50ALBp6JDLnJTzwQ6-4mPPoRhtIVF3LuybewpX8idzx7dCYKxY1zC0n7TM5pLmmOELSigS-YL-kieU2vd0hSqvCW44J2MF3A4koMWw0t0Y0bgS2H0eEE8x1oJYqpcIRjZ-DbCnA9wzc9XPloAI2c6vC9KXGG-8o4I1OeOSagq7p_3C1IcpU1j4VkC8KkNtFQWNGKTeMGERo4AGrV4lsxx-8qjI3MWMJFBXnjAfG3JtZlA6Yv_pvYQB2aVbFBw6t0d6Z8uQ_HGSKG_Qvk5yPQ2ppyF_-Ytm30-JroLopdpu5iu5m1L4jFSGUnnS2jcNCnMslvDVmfuMJdTZ_28yyieuQ3ChZrcfpaxM9pE7JDnHIqjrFV4xsBuRFrNJAPzIvegzTxX8XAcz0ujle2ijKefPPI85jA6kBYl8npVVggvV3gRCqGPUTA0bbNwntXK8c2DmXr0n38GF4c-V8w8jmEUix0x5-8vHyyqHFiRSBlKJXAkNwa2lvaB8FVNS3Py8nty3yWPbrTy8HBZi3TifoUWfnRXjL-7VlILEwHur00Mp0VCGNS3KA6S9AD2M9vws2Dpctb2xtBsIq6dM3JC7tEv4f2oV0cE_kQA-_woYL0IoxgidKFC2SOQwKmmlqyB4C07lKTf-ToDx-PlL69qvftAIsPhXC3jQ_zx6icGrcxe-ZmPWUiwzA1qJzeZN6c56kOE76wOm96mqY0VtoXY0NDgCwRkjMi6DnT69LWqG8wuneZGh438C8Bo7O2cmJ9Q08yjo7IpH1psxCOsypTRz2p2g-gckXqF_LjGpQTLna85Q70Bn1hELWeia9eglDQeSc-1cnyQ6cyplFJyR8fDlRz-1SVRwZSbtTpXuZ8kjrDp7xGZF-HqJTXHik3FWCkErXDuWP0I4ReoDQ8R4KDdcgb9qdw1-Lit7CNmrm3zME0Mz-nFGyjxRIdBWePmcTx4kjo-2yyD9_c4VhfB5BYa9s-d7U0LBYe-ftY6XygHg5ilYc5MLAFmPrtCjTaNRy6dk-lcHTqBUyY6NPzNFrPb9nX93Jd8c00B3Uvy_2RNH1u_e-1MIoTGTlzqAPoxPbS_KzzCrAat-0AYDoMo4wTBB1LhQ4YyguJ1CNwafeYGwo2W3owbyFcfL9zoWjEsKGZ8Xgn_s2BEZXrUuKjh8p2RK5MmxWfxit02kKokXGYjc43isB4d80BfXTC1RqEa3QCytWRNfQcJq0sUI-Jedowvfg1pdmJLqMGD7dbnsplAcd11RGLfZO0gQES6qFMC6UE9lW3jVeSufPZHfEtadLHIMKiuCymfVq5ihSXQ8JmHiZyztbmhO2dBM-YLixZVhpkCweJLIS7qqNkS82GttGZMoOSra-j8wwBau_rVQSLV5JVRciBxS9-kYF8LMD8riruErRSgamceuqqpMEg7Mwf6_8vVINyL9rxK7qj-E_6Su7j83hmPxH-eA-As54ZI3tc6vNu5LtnWEAE3VFBv1xrpxFeTwhsCi3WT00h42IX435u3rfJsI_ZYbf9X9ZtNnFvYagbpQJlbtrl9YRO4Jx6CD4sK2icO0TP2VuR00yPQ2i3rFf2mzaaJ1mDz3kZB4SsyUMuT3LAf13txGKA7gDzyqZrU8UmwIQIBJLKMyCFBvjWVXRN1fEz8MahbZCb_w0Z9hdnX4VYAgN2a4MLgSTuTWwfRsrN8hZjzwhJtMb3DFDix60usi1L2diwYZVZ5Wk34SD2RNocNKKsUpAj2Y_YRI-Nqdfawr_yZXb9RFfWOnGV6gsZbW16WUwF66BjfB1OhhXAvIsaXsb321LaF_z-JHx3-wxEftFPIuZcAgeKMy6Hb6m9kuMIX_irOT25DCm33zXLX7MzIUTTnm_cjfeJVaZNZgm27MxrhT3XknWADM1bcCqFSgH1cHdU0nDAaxBO4d3VYBZdSpZl-A5aimjwr3fIQ75UdeMj0po7xv-CRniW3PQ0y8CKx1GZNi5-P7oe6Cnr7Af2A4i8pfsCimCMDw9LGo-0N0jfwj-FbSMk-Db7h9nmmQkOACwxjBsvvXb70cXdAJIbeHa5Ps9OSYWawwvLD1m6cDLNlDZjSZRaLUUdWj0XLhRc3sJ81Apa0II3WxLy-Y_qVKqcxarmoUCvade3gyxgvcuG-qpRfP1Yql7_AGznC2LqSHoqfMQaDGRbDNe4QTRDIb0bbzzOrJJpzMUZ9mAxbo_Pv0h_EFdhJMX4EEC9woS69Vl37NedHaC79esepbBa7NjDSikrtY2hM0bLQQ-OSrkB5aJA6spvlmvssIue8zlbtl4Dmo2hNQGxYJW8cv4SJqtZa-BQ7HbDWcF8QCZOEGmf1LvI_WkCZBUmQ3fhwx7X2Q1inVarrxnIy_cg8OzyBMp01W_HGmUopUeJLhs-LB5oRykpttF-C63XcI6U9Ccj7zBpaiPDgX480KyyaB6_NQ5CuuqLQsyQJqzHyd6Ka3vMLGqL1Jx_z97mI3wd6h7CQVdWeQ7m7kclW7NeHE-Z0GS6BlVeXR70eHH3LCgqdR-O7OdVk5Tv_QrnXf-jcnugwGK1K9dRz-pVBjxgVdJVRRpx-gqM-dqPccxQ5zkdtTrPQdaFCOLslRvB-a4HZ_gjMWCymunB2xi3hV2oW64RbCaGwqbLz_qztjpV8iLu6o2Nd5iIInXAws1D86hiTqbORmjSZcrtMed0mKfIhdNfTt1BSWSqlcg47bQX74KNkiH-UrWBM0z0962wj0wmC3Ny4VOke9CbB5d4iMp6ZNEzTm4AQlVi68qLkkj9wvQfXS6oN85xp1D_prtCOkvC4DbXjdnj7GoiFqLh0vNoXd4eGpaxPsUTKtB-eXfJLydGuAy705lXG80sFiXaWCOT2D1NQQew8lMUxkxvkujlMjgA36crPRthuO4CUT894WNeO-yd_A1db-FaaYGxLtVAfZUhrVqAx9te9vONZuh_axIoa1nWhcpmz6WGRMtLWrMHuIxc_gK1if69fc1H1UN&cid=CAQSTwAvHhf_LqbKXBzj1b-cIEtPi_PA7BYTZWlQSOcvLA0oL1L_8gyMz487kCoh-Tn1iwk4iqfEaQruOlmR_ck7kExaQ_wgiIYL4cC4d07GOz8YAQ&dv3_ver=m202309260101&rfl=http%3A%2F%2Fcrxextractor.com%2F&ds=l&xdt=1&iif=1&cor=10336593428814650000&adk=1935140219&idt=117&cac=0&dtd=19

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9159ff44d7094b8c99c902b187018a7e1115252e3c0438f9d4622295cd00d287

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 22 Jan 2024 18:30:09 GMT
content-encoding: br
x-content-type-options: nosniff
age: 75416
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4383
x-xss-protection: 0
server: cafe
etag: 1583492410672046836
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 05 Feb 2024 18:30:09 GMT

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20240118/r20110914/ Frame C71B 31 KB
12 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20240118/r20110914/abg_lite.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9dfbb8e1be036059aea6dd87bdbefa7ecada3617fb3f404ba4647ebbbf8160b1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 22 Jan 2024 18:30:09 GMT
content-encoding: br
x-content-type-options: nosniff
age: 75416
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11885
x-xss-protection: 0
server: cafe
etag: 16863283086342074828
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 05 Feb 2024 18:30:09 GMT

GET
H3 200 Q12zgMmT.js Show response
tpc.googlesyndication.com/sodar/ Frame C71B 41 KB
14 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Q12zgMmT.js

Requested by

Host: crxextractor.com
URL: http://crxextractor.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

435db380c9936c0970dcd3d9941eab6aec2fcf2a38c3e2b4e02d957e8e76bd1f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Wed, 17 Jan 2024 17:14:48 GMT
content-encoding: br
x-content-type-options: nosniff
age: 511937
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13937
x-xss-protection: 0
last-modified: Fri, 25 Aug 2023 23:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 16 Jan 2025 17:14:48 GMT

GET
DATA 200
OK truncated
/ Frame C71B 220 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 1fc0e17cd296e6c319b02ce9079fe0b90fa1c17ce92feab71748b610f697e40e

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame 2660 214 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 206d69d71c478f79a07c9284e902e6455dc3a70de6580ef850df48c1d65a3d35

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame F029 218 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: c4c2a224d80506c7d39003d72353aea2cd6c8a7ff1f34575ee6ebece53ba1a20

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 i_I7gtk5u389ZGUJiYlLngBTR4no54KgcGkAXYvtCUw.js Show response
pagead2.googlesyndication.com/bg/ Frame 9C44 51 KB
19 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/i_I7gtk5u389ZGUJiYlLngBTR4no54KgcGkAXYvtCUw.js

Requested by

Host: crxextractor.com
URL: http://crxextractor.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8bf23b82d939bb7f3d64650989894b9e00534789e8e782a07069005d8bed094c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Wed, 17 Jan 2024 02:17:03 GMT
content-encoding: br
x-content-type-options: nosniff
age: 565802
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 19704
x-xss-protection: 0
last-modified: Mon, 15 Jan 2024 09:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 16 Jan 2025 02:17:03 GMT

GET
H2 200 4UasrENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RPjIUvQ.woff2
fonts.gstatic.com/s/googlesans/v58/ Frame 2660 33 KB
33 KB 8ms
7ms Font
font/woff2 2a00:1450:4001:806::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/googlesans/v58/4UasrENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RPjIUvQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

65c99d3b9f1a1b905046e30d00a97f2d4d605e565c32917e7a89a35926e04b98

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://googleads.g.doubleclick.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Tue, 23 Jan 2024 04:01:15 GMT
x-content-type-options: nosniff
age: 41150
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 34108
x-xss-protection: 0
last-modified: Tue, 23 May 2023 16:35:55 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 22 Jan 2025 04:01:15 GMT

GET
H3 200 index.html Show response
s0.2mdn.net/sadbundle/2866628641820365191/ Frame 2692 15 KB
5 KB 25ms
7ms Document
text/html 2a00:1450:4001:82f::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/2866628641820365191/index.html?ev=01_250

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_278.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

876e6a53ead7a3ea2f6c4ba1f574c3a1d1103a8a0b6dc16743341e941e6a01d7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
age: 114775
allow-fenced-frame-automatic-beacons: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 4973
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
cross-origin-resource-policy: cross-origin
date: Mon, 22 Jan 2024 07:34:10 GMT
expires: Tue, 21 Jan 2025 07:34:10 GMT
last-modified: Thu, 11 Jan 2024 16:17:35 GMT
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-xss-protection: 0

GET
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame C71B 0
0 82ms
50ms Fetch
image/gif 142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjssUHZq_vUsBjG3yxgPhaslMQlj3dqfv0YR_O8AiKAgrXFEYKkNuvcq193Oond1349AVUXlqNNzcTx4nNHBzy8Ds35Vi1bZ30Z1punG_J7olKk0wNe3pUbN-yyYDizoumfpUm2ma3Yo61-g93aW6-ApAXLSaR4v8ttKcmNIZO3ZN7cNDdsLaEzUiUKPHmnimyR4iJX2k1Uq_IIu0ou8IW1pfBJ_5aRR_gk0YUzhSW43f2H2UElIcpBGLEM0t37JG0xpvPvBvVhzSltCr-taRKQ5SSwsYljKsqHNn1XaecRDD8mTOignAl0UIe_nThcQoq00Wa8A_T_1iNLJ7KDIAVb5VATemHDXzQlpHGqS53bsTij1_a5aRE5pY2tvhl94o_xwcmv-lgCSNrnoHT5k2TDMC_N3BcQbTabGrdIGT-hgSjNFL-GjrqktzzrRG6OQ_F7K7dr0Lu49b9lx4JFfcU-htbMxYoUg9iPMImauuNdxnZgePEPzzZIuulvy-Q4TP9uCu6eom08MV4uNkQ0GHKz5hpsGOjE6sWN3D60h-Yx5fwkgKGU-yYFja2CbK2rJF_RCoNyLWN9epkFdYwHl1Ynu60HB3Q1lryXBPoxZ2UtPVTZxNc9TaC4Z18ugDn_Jqx19rl8jd7JRUD5avGr7J0AzO_PkJArI4wF1NO4bTjgVlWtXhrVXBEqo9g8fZXki-ThvhCE3Iw_MPnEoqhkG72FwPAPPSPO0vnGlue-aEBDBrsXSp7AlsuxFcjw6w3wXbf9avFXsRADFy9uxhZWcMgbIu3XPTMJ0KJHgzEdWoWzZWHIhk2oYSyxWGO7VfxHAs8b7CmQT60tW-933wFdvTRe9DR_Z2Nbddx7lporLgKQ1ebaTZO1Ly8Q0C5uD-WLCQjglhu2_I1duhkoAudPgVlTtEKhr_Hof3ClLOS0RQwjUxs9A7UepAQVb2r3yrUH8bkhITy2_LaHDguEFjjCrwqGRmvAihFbRQ8ZVmPPPFgxE_K8e573GRyyAkh9XjFVUFFTG32TAWfcxSSFPBStan4rjnRc4l5e4qefWL6KBvpV3yB_LIlRumY-9qaAM_1qEnoxL83CCc0LW7LG6JVW5-tW2SKifayI-5YUS68oAymhe9NZQ6I6jsMcuQy6bZGpg2vJiojHmbhuchc5_aLxp5EqF_q0oN7sb-3yDuKWgKUZyUrgkvbnVyZ-zpWmzqdLmxTah5968qUpU5rnP__RVZOX9MB6V61T3YejLxmJH80ZMiW_troHkgB28zvb9W5PTdo0693r9jQIjkBHya&sai=AMfl-YSgB9LK5rP2t_DC49TdUpvP2nrJijXI5bAtgqpPKqrqYYdBERKsuX6AKg05jEcrrTQ1yy3biju3eawHQmQl6cunvfK5o9MA4xVh946QkpnCtVYI-9zPeGydrsljX4Fi3YAGvAeKlO9YvIPMe19fF3fXuRjSIj_-HvtrAgQgtch7Oo0-VkwpzauMEu0YCvNha94Fv58uX-jVQjwP4lc_rvkBGXGGgbQlevL0vxINdaG6qNUF7bigSJ8J2w_3-jbSxHOoRATF8QZ2X_fWVukfkCydQZ6PtOpDl64WHIrh0A&sig=Cg0ArKJSzA8SPSr6LHZ7EAE&uach_m=%5BUACH%5D&cry=1&fbs_aeid=%5Bgw_fbsaeid%5D&urlfix=1&omid=0&rm=1&ctpt=134&cbvp=1&cstd=130&cisv=r20240118.11581&arae=0&ftch=1&adurl=

Requested by

Host: crxextractor.com
URL: http://crxextractor.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Tue, 23 Jan 2024 15:27:05 GMT
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
cache-control: private
access-control-allow-credentials: true
timing-allow-origin: *
expires: Tue, 23 Jan 2024 15:27:05 GMT

GET
H2

200

firstevent
skydeutschland.demdex.net/ Frame C71B
Redirect Chain

https://skydeutschland.demdex.net/event?d_event=imp&d_bu=9532313&d_site=5842564&d_src=158980&d_adsrc=&d_creative=208897098&d_placement=383991600&d_campaign=31081045&d_bust=2111374224&gdpr=&gdpr_con...
https://skydeutschland.demdex.net/firstevent?d_event=imp&d_bu=9532313&d_site=5842564&d_src=158980&d_adsrc=&d_creative=208897098&d_placement=383991600&d_campaign=31081045&d_bust=2111374224&gdpr=&gdp...

42 B
733 B

36ms
35ms

Image
image/gif

52.212.179.124
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://skydeutschland.demdex.net/firstevent?d_event=imp&d_bu=9532313&d_site=5842564&d_src=158980&d_adsrc=&d_creative=208897098&d_placement=383991600&d_campaign=31081045&d_bust=2111374224&gdpr=&gdpr_consent=

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240118/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Server

52.212.179.124 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-212-179-124.eu-west-1.compute.amazonaws.com

Software

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

dcs: dcs-prod-irl1-2-v054-0b71ea9a0.edge-irl1.demdex.com 6 ms
pragma: no-cache
date: Tue, 23 Jan 2024 15:27:05 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
content-encoding: gzip
x-tid: DTc3y4NoTrk=
content-type: image/gif
p3p: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
cache-control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-length: 59
expires: Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

dcs: dcs-prod-irl1-1-v054-026f8435a.edge-irl1.demdex.com 0 ms
pragma: no-cache
date: Tue, 23 Jan 2024 15:27:05 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-tid: 4fZVG8+NTz8=
p3p: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
location: https://skydeutschland.demdex.net/firstevent?d_event=imp&d_bu=9532313&d_site=5842564&d_src=158980&d_adsrc=&d_creative=208897098&d_placement=383991600&d_campaign=31081045&d_bust=2111374224&gdpr=&gdpr_consent=
cache-control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-length: 0
expires: Thu, 01 Jan 1970 00:00:00 UTC

GET
H/1.1 200
OK ai.aspx
m.exactag.com/ Frame C71B 43 B
1 KB 97ms
21ms Image
image/gif 85.14.248.91
MYLOC-AS IP Backb...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://m.exactag.com/ai.aspx?extProvApi=sky-dv360&extProvId=300&extPu=sky-dv360&extLi=1015808167&extPm=539824498&extCr=20952930895&gdpr=&gdpr_consent=&rnd=2111374224

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240118/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

85.14.248.91 Neukirchen-Vluyn, Germany, ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE),

Reverse DNS

Software

Resource Hash

afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

Strict-Transport-Security: max-age=31536000
Date: Tue, 23 Jan 2024 15:27:04 GMT
X-Content-Type-Options: nosniff
P3P: policyref="https://m.exactag.com/w3c/p3p.xml", CP="NOI NID STP STA CUR OUR"
cross-origin-resource-policy: cross-origin
Connection: close
X-ET-Monitoring: 1
Content-Length: 43
X-Xss-Protection: 0
Pragma: no-cache
Last-Modified: Di, 23 Jan 2024 03:27:05 GMT
X-ET-Code: 11
Accept-CH: sec-ch-ua-platform-version,sec-ch-ua-full-version,sec-ch-ua-full-version-list,sec-ch-ua-model,sec-ch-ua-arch,sec-ch-ua-bitness,sec-ch-ua-wow64
Access-Control-Max-Age: 1000
Access-Control-Allow-Methods: POST, GET, OPTIONS
Content-Type: image/gif
Access-Control-Allow-Origin: https://googleads.g.doubleclick.net
Cache-Control: private
Access-Control-Allow-Credentials: true
X-ET-Camp: 923
Access-Control-Allow-Headers: *
Expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H3 200 KFOlCnqEu92Fr1MmEU9fBBc4.woff2
fonts.gstatic.com/s/roboto/v30/ Frame F029 16 KB
16 KB 8ms
7ms Font
font/woff2 2a00:1450:4001:806::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto%3A400%2C500

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b019538234514166ec7665359d097403358f8a4c991901983922fb4d56989f1e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://googleads.g.doubleclick.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Tue, 16 Jan 2024 20:44:46 GMT
x-content-type-options: nosniff
age: 585739
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15920
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:45 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 15 Jan 2025 20:44:46 GMT

GET
H3 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v30/ Frame F029 15 KB
15 KB 9ms
9ms Font
font/woff2 2a00:1450:4001:806::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto%3A400%2C500

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://googleads.g.doubleclick.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Wed, 17 Jan 2024 01:46:50 GMT
x-content-type-options: nosniff
age: 567615
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15744
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:48 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 16 Jan 2025 01:46:50 GMT

GET
H3

200

/
www.googleadservices.com/pagead/ar-adview/ Frame 2660
Redirect Chain

https://googleads.g.doubleclick.net/pagead/adview?ai=Clet_x9qvZZbcN5ym2OMP0ZGWmAjdz8-Qdcz938CVEs_Xor3AARABIOe71htglYKggrAHoAHbyp6yKcgBAagDAcgDywSqBNQBT9C_gRnu-J8qN7lSxtipFBLjvaQ7zo7q4m8MnYlFDWvmJ2e...
https://www.googleadservices.com/pagead/ar-adview/?nrh={%22debug_key%22:%2211984488750824796121%22,%22debug_reporting%22:true,%22destination%22:%22https://google.com%22,%22event_report_window%22:%2...

0
0

41ms
40ms

Fetch
text/css

142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/ar-adview/?nrh={%22debug_key%22:%2211984488750824796121%22,%22debug_reporting%22:true,%22destination%22:%22https://google.com%22,%22event_report_window%22:%22259200%22,%22expiry%22:%222592000%22,%22filter_data%22:{%222%22:[%2211111212379%22],%2222%22:[%22true%22],%224%22:[%2201-23%22],%226%22:[%22true%22]},%22priority%22:%22500%22,%22source_event_id%22:%2214647334139639521489%22}&andc=true

Requested by

Host: crxextractor.com
URL: http://crxextractor.com/

Protocol

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Tue, 23 Jan 2024 15:27:05 GMT
x-content-type-options: nosniff
attribution-reporting-register-source: {"debug_key":"11984488750824796121","debug_reporting":true,"destination":"https://google.com","event_report_window":"259200","expiry":"2592000","filter_data":{"2":["11111212379"],"22":["true"],"4":["01-23"],"6":["true"]},"priority":"500","source_event_id":"14647334139639521489"}
server: cafe
content-type: text/css; charset=UTF-8
access-control-allow-origin: https://googleads.g.doubleclick.net
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: private
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Tue, 23 Jan 2024 15:27:05 GMT

Redirect headers

content-security-policy: script-src 'none'; object-src 'none'
date: Tue, 23 Jan 2024 15:27:05 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
location: https://www.googleadservices.com/pagead/ar-adview/?nrh={"debug_key":"11984488750824796121","debug_reporting":true,"destination":"https://google.com","event_report_window":"259200","expiry":"2592000","filter_data":{"2":["11111212379"],"22":["true"],"4":["01-23"],"6":["true"]},"priority":"500","source_event_id":"14647334139639521489"}&andc=true
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H2

200

B30696776.379693347;dc_pre=COzLqqHp84MDFa2Z_QcdfewPaw;dc_trk_aid=570374377;dc_trk_cid=200742503;ord=3561243638;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;gdpr=;gdpr_consent=;ltd=;dc_t...
ad.doubleclick.net/ddm/trackimp/N5295.134426.GOOGLEDISPLAYNETWOR/ Frame 2660
Redirect Chain

https://ad.doubleclick.net/ddm/trackimp/N5295.134426.GOOGLEDISPLAYNETWOR/B30696776.379693347;dc_trk_aid=570374377;dc_trk_cid=200742503;ord=3561243638;dc_lat=;dc_rdid=;tag_for_child_directed_treatme...
https://ad.doubleclick.net/ddm/trackimp/N5295.134426.GOOGLEDISPLAYNETWOR/B30696776.379693347;dc_pre=COzLqqHp84MDFa2Z_QcdfewPaw;dc_trk_aid=570374377;dc_trk_cid=200742503;ord=3561243638;dc_lat=;dc_rd...

42 B
107 B

33ms
31ms

Image
image/gif

142.250.185.70
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ad.doubleclick.net/ddm/trackimp/N5295.134426.GOOGLEDISPLAYNETWOR/B30696776.379693347;dc_pre=COzLqqHp84MDFa2Z_QcdfewPaw;dc_trk_aid=570374377;dc_trk_cid=200742503;ord=3561243638;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;gdpr=;gdpr_consent=;ltd=;dc_tdv=1?&cbvp=2

Requested by

Host: crxextractor.com
URL: http://crxextractor.com/

Protocol

Server

142.250.185.70 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f6.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 23 Jan 2024 15:27:05 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Tue, 23 Jan 2024 15:27:05 GMT
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://ad.doubleclick.net/ddm/trackimp/N5295.134426.GOOGLEDISPLAYNETWOR/B30696776.379693347;dc_pre=COzLqqHp84MDFa2Z_QcdfewPaw;dc_trk_aid=570374377;dc_trk_cid=200742503;ord=3561243638;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;gdpr=;gdpr_consent=;ltd=;dc_tdv=1?&cbvp=2
content-type: text/html; charset=UTF-8
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
follow-only-when-prerender-shown: 1
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

si Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 9022
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

0
17 B

17ms
17ms

Document
text/html

2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9423687387443767&output=html&h=280&slotname=2749869570&adk=895343530&adf=854766408&pi=t.ma~as.2749869570&w=1200&fwrn=4&fwrnh=100&lmt=1701726352&rafmt=1&format=1200x280&url=http%3A%2F%2Fcrxextractor.com%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&dt=1706023623497&bpp=2&bdt=216&idt=310&shv=r20240118&mjsv=m202401180101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=448175540734&frm=20&pv=1&ga_vid=1799445298.1706023624&ga_sid=1706023624&ga_hid=1231294326&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=200&ady=20&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=95320239%2C44759875%2C44759926%2C31080590%2C95321627%2C95322164&oid=2&pvsid=449049430172357&tmod=415826105&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CEe%7C&abl=CS&pfx=0&fu=128&bc=23&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=a!2&fsb=1&dtd=316

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 23 Jan 2024 15:27:05 GMT
expires: Tue, 23 Jan 2024 15:27:05 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
x-content-type-options: nosniff
x-xss-protection: 0

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 23 Jan 2024 15:27:05 GMT
location: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 62bHydCX.html Show response
tpc.googlesyndication.com/sodar/ Frame 0DD1 38 KB
13 KB 7ms
7ms Document
text/html 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/62bHydCX.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Q12zgMmT.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

eb66c7c9d097d5ba414230f422484c17fa6f37157d30e1ded2cc5f65a9667987

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 511937
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: br
content-length: 13045
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Wed, 17 Jan 2024 17:14:48 GMT
expires: Thu, 16 Jan 2025 17:14:48 GMT
last-modified: Fri, 25 Aug 2023 23:48:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3

200

/
www.googleadservices.com/pagead/ar-adview/ Frame F029
Redirect Chain

https://googleads.g.doubleclick.net/pagead/adview?ai=CklLux9qvZZSjOaPIn88P_eCeoALdz8-Qdcz938CVEs_Xor3AARABIOe71htglYKggrAHoAHbyp6yKcgBCagDAcgDywSqBM4BT9BgbZ82mURkpbOyNXgjzEpuKBv59b5R4ZXmjhDK20g1Zxk...
https://www.googleadservices.com/pagead/ar-adview/?nrh={%22debug_key%22:%225922615648097931412%22,%22debug_reporting%22:true,%22destination%22:%22https://google.com%22,%22event_report_window%22:%22...

0
0

39ms
38ms

Fetch
text/css

142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/ar-adview/?nrh={%22debug_key%22:%225922615648097931412%22,%22debug_reporting%22:true,%22destination%22:%22https://google.com%22,%22event_report_window%22:%22259200%22,%22expiry%22:%222592000%22,%22filter_data%22:{%222%22:[%2211111212379%22],%2222%22:[%22true%22],%224%22:[%2201-23%22],%226%22:[%22true%22]},%22priority%22:%22500%22,%22source_event_id%22:%229082605059234556545%22}&andc=true

Requested by

Host: crxextractor.com
URL: http://crxextractor.com/

Protocol

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Tue, 23 Jan 2024 15:27:05 GMT
x-content-type-options: nosniff
attribution-reporting-register-source: {"debug_key":"5922615648097931412","debug_reporting":true,"destination":"https://google.com","event_report_window":"259200","expiry":"2592000","filter_data":{"2":["11111212379"],"22":["true"],"4":["01-23"],"6":["true"]},"priority":"500","source_event_id":"9082605059234556545"}
server: cafe
content-type: text/css; charset=UTF-8
access-control-allow-origin: https://googleads.g.doubleclick.net
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: private
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Tue, 23 Jan 2024 15:27:05 GMT

Redirect headers

content-security-policy: script-src 'none'; object-src 'none'
date: Tue, 23 Jan 2024 15:27:05 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
location: https://www.googleadservices.com/pagead/ar-adview/?nrh={"debug_key":"5922615648097931412","debug_reporting":true,"destination":"https://google.com","event_report_window":"259200","expiry":"2592000","filter_data":{"2":["11111212379"],"22":["true"],"4":["01-23"],"6":["true"]},"priority":"500","source_event_id":"9082605059234556545"}&andc=true
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H2

200

B30696776.379693347;dc_pre=CKTOqqHp84MDFWGjgwcdHRcOZQ;dc_trk_aid=570374377;dc_trk_cid=200742503;ord=1268205068;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;gdpr=;gdpr_consent=;ltd=;dc_t...
ad.doubleclick.net/ddm/trackimp/N5295.134426.GOOGLEDISPLAYNETWOR/ Frame F029
Redirect Chain

https://ad.doubleclick.net/ddm/trackimp/N5295.134426.GOOGLEDISPLAYNETWOR/B30696776.379693347;dc_trk_aid=570374377;dc_trk_cid=200742503;ord=1268205068;dc_lat=;dc_rdid=;tag_for_child_directed_treatme...
https://ad.doubleclick.net/ddm/trackimp/N5295.134426.GOOGLEDISPLAYNETWOR/B30696776.379693347;dc_pre=CKTOqqHp84MDFWGjgwcdHRcOZQ;dc_trk_aid=570374377;dc_trk_cid=200742503;ord=1268205068;dc_lat=;dc_rd...

42 B
118 B

27ms
26ms

Image
image/gif

142.250.185.70
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ad.doubleclick.net/ddm/trackimp/N5295.134426.GOOGLEDISPLAYNETWOR/B30696776.379693347;dc_pre=CKTOqqHp84MDFWGjgwcdHRcOZQ;dc_trk_aid=570374377;dc_trk_cid=200742503;ord=1268205068;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;gdpr=;gdpr_consent=;ltd=;dc_tdv=1?&cbvp=2

Requested by

Host: crxextractor.com
URL: http://crxextractor.com/

Protocol

Server

142.250.185.70 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f6.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 23 Jan 2024 15:27:05 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Tue, 23 Jan 2024 15:27:05 GMT
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://ad.doubleclick.net/ddm/trackimp/N5295.134426.GOOGLEDISPLAYNETWOR/B30696776.379693347;dc_pre=CKTOqqHp84MDFWGjgwcdHRcOZQ;dc_trk_aid=570374377;dc_trk_cid=200742503;ord=1268205068;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;gdpr=;gdpr_consent=;ltd=;dc_tdv=1?&cbvp=2
content-type: text/html; charset=UTF-8
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
follow-only-when-prerender-shown: 1
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 i_I7gtk5u389ZGUJiYlLngBTR4no54KgcGkAXYvtCUw.js Show response
pagead2.googlesyndication.com/bg/ Frame A943 51 KB
19 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/i_I7gtk5u389ZGUJiYlLngBTR4no54KgcGkAXYvtCUw.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9423687387443767&output=html&h=280&slotname=2749869570&adk=895343530&adf=854766408&pi=t.ma~as.2749869570&w=1200&fwrn=4&fwrnh=100&lmt=1701726352&rafmt=1&format=1200x280&url=http%3A%2F%2Fcrxextractor.com%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&dt=1706023623497&bpp=2&bdt=216&idt=310&shv=r20240118&mjsv=m202401180101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=448175540734&frm=20&pv=1&ga_vid=1799445298.1706023624&ga_sid=1706023624&ga_hid=1231294326&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=200&ady=20&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=95320239%2C44759875%2C44759926%2C31080590%2C95321627%2C95322164&oid=2&pvsid=449049430172357&tmod=415826105&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CEe%7C&abl=CS&pfx=0&fu=128&bc=23&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=a!2&fsb=1&dtd=316

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8bf23b82d939bb7f3d64650989894b9e00534789e8e782a07069005d8bed094c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Wed, 17 Jan 2024 02:17:03 GMT
content-encoding: br
x-content-type-options: nosniff
age: 565802
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 19704
x-xss-protection: 0
last-modified: Mon, 15 Jan 2024 09:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 16 Jan 2025 02:17:03 GMT

GET
H3 200 createjs_2019.11.15_min.js Show response
s0.2mdn.net/ads/studio/cached_libs/ Frame 2692 236 KB
63 KB 15ms
15ms Script
text/javascript 2a00:1450:4001:82f::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/ads/studio/cached_libs/createjs_2019.11.15_min.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/2866628641820365191/index.html?ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

bc12347103da4da2ac30f8b4defd567679284e0bad691a54fad78ad804fc9c27

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/2866628641820365191/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Tue, 23 Jan 2024 15:27:05 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 0
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 64275
x-xss-protection: 0
last-modified: Fri, 15 Nov 2019 19:16:20 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=0
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 23 Jan 2024 15:27:05 GMT

GET
H3 200 i_I7gtk5u389ZGUJiYlLngBTR4no54KgcGkAXYvtCUw.js Show response
pagead2.googlesyndication.com/bg/ Frame C974 51 KB
19 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/i_I7gtk5u389ZGUJiYlLngBTR4no54KgcGkAXYvtCUw.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9423687387443767&output=html&h=280&slotname=2749869570&adk=686159903&adf=1854955444&pi=t.ma~as.2749869570&w=1200&fwrn=4&fwrnh=100&lmt=1701726352&rafmt=1&format=1200x280&url=http%3A%2F%2Fcrxextractor.com%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&dt=1706023623499&bpp=1&bdt=218&idt=340&shv=r20240118&mjsv=m202401180101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280&nras=1&correlator=448175540734&frm=20&pv=1&ga_vid=1799445298.1706023624&ga_sid=1706023624&ga_hid=1231294326&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=380&ady=401&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=95320239%2C44759875%2C44759926%2C31080590%2C95321627%2C95322164&oid=2&pvsid=449049430172357&tmod=415826105&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7ClEe%7C&abl=CS&pfx=0&fu=128&bc=23&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=3&uci=a!3&fsb=1&dtd=345

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8bf23b82d939bb7f3d64650989894b9e00534789e8e782a07069005d8bed094c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Wed, 17 Jan 2024 02:17:03 GMT
content-encoding: br
x-content-type-options: nosniff
age: 565802
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 19704
x-xss-protection: 0
last-modified: Mon, 15 Jan 2024 09:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 16 Jan 2025 02:17:03 GMT

OPTIONS
H2 204 /
www.googleadservices.com/pagead/ar-adview/ Frame 0
0 41ms
38ms Preflight
text/html 142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept: */*
Access-Control-Request-Headers: attribution-reporting-eligible
Access-Control-Request-Method: GET
Origin: https://googleads.g.doubleclick.net
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: attribution-reporting-eligible
access-control-allow-methods: POST, GET, OPTIONS
access-control-allow-origin: https://googleads.g.doubleclick.net
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
content-type: text/html; charset=UTF-8
date: Tue, 23 Jan 2024 15:27:05 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

OPTIONS
H2 204 /
www.googleadservices.com/pagead/ar-adview/ Frame 0
0 40ms
39ms Preflight
text/html 142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept: */*
Access-Control-Request-Headers: attribution-reporting-eligible
Access-Control-Request-Method: GET
Origin: https://googleads.g.doubleclick.net
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: attribution-reporting-eligible
access-control-allow-methods: POST, GET, OPTIONS
access-control-allow-origin: https://googleads.g.doubleclick.net
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
content-type: text/html; charset=UTF-8
date: Tue, 23 Jan 2024 15:27:05 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 IHSjRKKj3q_1Pt3c2sGWHmUCy_Bw5n5yhKh9CWyZSw4.js Show response
pagead2.googlesyndication.com/bg/ Frame 0DD1 39 KB
15 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/IHSjRKKj3q_1Pt3c2sGWHmUCy_Bw5n5yhKh9CWyZSw4.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/62bHydCX.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2074a344a2a3deaff53edddcdac1961e6502cbf070e67e7284a87d096c994b0e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Tue, 23 Jan 2024 15:19:07 GMT
content-encoding: br
x-content-type-options: nosniff
age: 478
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15219
x-xss-protection: 0
last-modified: Mon, 15 Jan 2024 09:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 22 Jan 2025 15:19:07 GMT

GET
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame C71B 0
0 43ms
42ms Fetch
image/gif 142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjssUHZq_vUsBjG3yxgPhaslMQlj3dqfv0YR_O8AiKAgrXFEYKkNuvcq193Oond1349AVUXlqNNzcTx4nNHBzy8Ds35Vi1bZ30Z1punG_J7olKk0wNe3pUbN-yyYDizoumfpUm2ma3Yo61-g93aW6-ApAXLSaR4v8ttKcmNIZO3ZN7cNDdsLaEzUiUKPHmnimyR4iJX2k1Uq_IIu0ou8IW1pfBJ_5aRR_gk0YUzhSW43f2H2UElIcpBGLEM0t37JG0xpvPvBvVhzSltCr-taRKQ5SSwsYljKsqHNn1XaecRDD8mTOignAl0UIe_nThcQoq00Wa8A_T_1iNLJ7KDIAVb5VATemHDXzQlpHGqS53bsTij1_a5aRE5pY2tvhl94o_xwcmv-lgCSNrnoHT5k2TDMC_N3BcQbTabGrdIGT-hgSjNFL-GjrqktzzrRG6OQ_F7K7dr0Lu49b9lx4JFfcU-htbMxYoUg9iPMImauuNdxnZgePEPzzZIuulvy-Q4TP9uCu6eom08MV4uNkQ0GHKz5hpsGOjE6sWN3D60h-Yx5fwkgKGU-yYFja2CbK2rJF_RCoNyLWN9epkFdYwHl1Ynu60HB3Q1lryXBPoxZ2UtPVTZxNc9TaC4Z18ugDn_Jqx19rl8jd7JRUD5avGr7J0AzO_PkJArI4wF1NO4bTjgVlWtXhrVXBEqo9g8fZXki-ThvhCE3Iw_MPnEoqhkG72FwPAPPSPO0vnGlue-aEBDBrsXSp7AlsuxFcjw6w3wXbf9avFXsRADFy9uxhZWcMgbIu3XPTMJ0KJHgzEdWoWzZWHIhk2oYSyxWGO7VfxHAs8b7CmQT60tW-933wFdvTRe9DR_Z2Nbddx7lporLgKQ1ebaTZO1Ly8Q0C5uD-WLCQjglhu2_I1duhkoAudPgVlTtEKhr_Hof3ClLOS0RQwjUxs9A7UepAQVb2r3yrUH8bkhITy2_LaHDguEFjjCrwqGRmvAihFbRQ8ZVmPPPFgxE_K8e573GRyyAkh9XjFVUFFTG32TAWfcxSSFPBStan4rjnRc4l5e4qefWL6KBvpV3yB_LIlRumY-9qaAM_1qEnoxL83CCc0LW7LG6JVW5-tW2SKifayI-5YUS68oAymhe9NZQ6I6jsMcuQy6bZGpg2vJiojHmbhuchc5_aLxp5EqF_q0oN7sb-3yDuKWgKUZyUrgkvbnVyZ-zpWmzqdLmxTah5968qUpU5rnP__RVZOX9MB6V61T3YejLxmJH80ZMiW_troHkgB28zvb9W5PTdo0693r9jQIjkBHya&sai=AMfl-YSgB9LK5rP2t_DC49TdUpvP2nrJijXI5bAtgqpPKqrqYYdBERKsuX6AKg05jEcrrTQ1yy3biju3eawHQmQl6cunvfK5o9MA4xVh946QkpnCtVYI-9zPeGydrsljX4Fi3YAGvAeKlO9YvIPMe19fF3fXuRjSIj_-HvtrAgQgtch7Oo0-VkwpzauMEu0YCvNha94Fv58uX-jVQjwP4lc_rvkBGXGGgbQlevL0vxINdaG6qNUF7bigSJ8J2w_3-jbSxHOoRATF8QZ2X_fWVukfkCydQZ6PtOpDl64WHIrh0A&sig=Cg0ArKJSzA8SPSr6LHZ7EAE&uach_m=%5BUACH%5D&cry=1&fbs_aeid=%5Bgw_fbsaeid%5D&urlfix=1&omid=0&rm=1&ctpt=464&vt=11&dtpt=330&dett=3&cstd=130&cisv=r20240118.11581&arae=0&ftch=1&adurl=

Requested by

Host: crxextractor.com
URL: http://crxextractor.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Tue, 23 Jan 2024 15:27:05 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H2 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 16 KB
12 KB 57ms
55ms XHR
application/json 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20240118&st=env

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

aa58d84c54ce86b69e076a05380049425f5f4c39d6399a645dc7cd87cd98ff64

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://crxextractor.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Tue, 23 Jan 2024 15:27:05 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 12102
x-xss-protection: 0

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
6 KB 16ms
15ms Script
text/javascript 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://crxextractor.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Tue, 23 Jan 2024 15:27:05 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Tue, 23 Jan 2024 15:27:05 GMT

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 7168 13 KB
5 KB 8ms
8ms Document
text/html 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://crxextractor.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 30
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Tue, 23 Jan 2024 15:26:35 GMT
expires: Wed, 22 Jan 2025 15:26:35 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 aframe Show response
www.google.com/recaptcha/api2/ Frame AEDF 829 B
561 B 18ms
17ms Document
text/html 2a00:1450:4001:828::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

a0e274797fda0815dc652dbd3909bdc2d21fda97a13116b461aac60b26928b43

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-X2S91BnJY074jCZeiy8klQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: http://crxextractor.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=300
content-encoding: gzip
content-security-policy: script-src 'report-sample' 'nonce-X2S91BnJY074jCZeiy8klQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Tue, 23 Jan 2024 15:27:05 GMT
expires: Tue, 23 Jan 2024 15:27:05 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 0DD1 0
20 B 160ms
159ms Image
image/gif 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=44&t=2&bgai=BjCi7yNqvZbvNO-KjjuwP0caRqAsAAAAAOAHgBAI&bg=!ZGelZyjNAAa8BdJLnAU7ADQBe5WfOL6cst53L3hrJIZsbnnZtIPsUvGa3zscpUvh7Gw1wFeTwuqHZuZgf6cXHeW2avJTAgAAAF9SAAAAAmgBB5kDFVvFGVWk6hOEbIuznldse7Pk1hHEPHx9Nk9ubK-2M2mTXjmA6xlwQkXdQyu4xfyD5MLgDKfkxbFLT_6bQruxfUgaxLxDDJu6cL4laiKa-pgcLqZo_07eHKaFptFXu8__awXsNxo4202x0EeA_ufhkrFlJr5Yh8lwRj4i4UE19FCS-RlMSAHnSUpYuDy0H-1CUs-eqvXbncMKpzEUuklNXwG-0BU6vnjg1kqwZ_D47rlsT8fXOefX7--XHZQ5JE2MdTJFb2nqcjwFNVC-EqmRjbqG-pQvYOZN-UVbBdRnpxAjKVZvM5M3Cyb1HohEcE8RdcUMu0osIAr9jr6ZUcYHnVWex6k7fDJQDiImICB5S7Z-uJgQvPQ30ZXSMdmkREfsVubR-AestbXDgv39St5NCbkjpDPYrhdFs4B_o8T8msta35ChekyUNv1DEW6WiWnV2CpGGZ1DHjHqKMfmNbAuc1pTPJhcdOEjDXw4hFTXVQvrDbkffiqboqUum4ttGF3qchzJYQ1lSPiy28pS7HvcRqI79iURwjSiXpDV9w3h6hHmLXWbpLXCstF95tLWyKoqUvFrd3qPsvLIFnGehmYI_g4xQqTV0oZ1AKO2hMpS6qKhRpOtrzNWicaADyGkj8WE25ZIjKRErUS81mjBZUvbbaEoNpP0B2WvpYnKyfaNAp1uO_Ul-rjAO1eFRrS6uB97SNVOXBlShN8vZ73Gg70tVuV1V7Ow5N2XcCn4yT76WsFXWU8MzXQM5ki4zyfkYL4ABCodzWQ8WKKkPjG5sg441KRygj1iXBnsLQ5m7GS5KoPYz3yuydH8MY9A21oyTZnIGZYkHsp_iBAAdQxrawkqoqyBQ46DPifzw6cshdbxulUkPR1oyTr2jSqsYBYJLkeHSx9Uyx2BJlglfz4ESZ3gIqhb9fZF0C2eDspcy6y2gpJq7OOZJepdLRmF8GF2rgzQgLUqFe_Wn8bmX7Oddrsf6DjPTinVAO3-Jr4gqzlgMC4_vLJ32R42Pvnmw98az5XI2PWDZ2Uyc6L7wfcWkd4FtWP3fJZRQg

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 23 Jan 2024 15:27:05 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame AEDF 0
0 153ms
153ms Image
text/html 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gda_r20240118&jk=449049430172357&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

GET
H3 200 IHSjRKKj3q_1Pt3c2sGWHmUCy_Bw5n5yhKh9CWyZSw4.js Show response
pagead2.googlesyndication.com/bg/ Frame 7168 39 KB
15 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/IHSjRKKj3q_1Pt3c2sGWHmUCy_Bw5n5yhKh9CWyZSw4.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2074a344a2a3deaff53edddcdac1961e6502cbf070e67e7284a87d096c994b0e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Tue, 23 Jan 2024 15:19:07 GMT
content-encoding: br
x-content-type-options: nosniff
age: 478
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15219
x-xss-protection: 0
last-modified: Mon, 15 Jan 2024 09:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 22 Jan 2025 15:19:07 GMT

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame 7168 0
11 B 13ms
13ms Image
text/plain 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?h3SlbQ
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Tue, 23 Jan 2024 15:27:05 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame C71B 42 B
64 B 183ms
181ms Fetch
image/gif 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsu9UFT2r_Dhj7i2L8cGxjPy1TJFcU6kOsU81YtjqBypFhJJjwwnu49I6nZezL3XFU_LNykkBE8iVEoUhyezAOuopGg6-fbxbWYBm7pHlNfRi2R9w07KTEIizETF9XiNfjqXUjtHLZjADFczT_vHZ9-7VxVn&sai=AMfl-YQyFPmQrKGtl6twzacf-WeyqqN2UXyLlMf7zDPp7zabQ0rvbKfV40n1CC_gDKDthb6YEeD781Np9RSfILkg4-au-bgw3RLdBWC9FkGuR5Mt9cmM6t7FtWvKyyjYQL4yK-7yhTuNGIZ-LDEMbeXCeg&sig=Cg0ArKJSzNeyTCpZqkeSEAE&cid=CAQSTwAvHhf_LqbKXBzj1b-cIEtPi_PA7BYTZWlQSOcvLA0oL1L_8gyMz487kCoh-Tn1iwk4iqfEaQruOlmR_ck7kExaQ_wgiIYL4cC4d07GOz8YAQ&id=lidar2&mcvt=1000&p=0,0,90,728&mtos=514,980,1000,1000,1000&tos=514,466,20,0,0&v=20240117&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=20&adk=1812271801&rs=2&la=0&cr=0&vs=4&r=v&rst=1706023624777&rpt=408&met=ce&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0&io2=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 23 Jan 2024 15:27:06 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 2660 42 B
64 B 163ms
162ms Fetch
image/gif 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjssOBL6RgCfsgCzsMcDVHNUCCq7_bANl4TboD3f2cT0Kiu5oCmPROW9sHlVDutcZpZTwW4hCy-LUu86qJZDB3yE3zup_oRF4sleNfl_tNsSHNhbZMgeaxicbO_4Io6wicnDFmG1Nk876PvrAGBsXePClF5hqkGPuZO_4hTADOz9K_eTUsb2Tcnc&sai=AMfl-YTc6Rjo_qarKRIYaBXrDpI7ToDrJRxQXD1Dqtpp1lDhHX4M8Wz_YMFdVVhHqJ6aMwM3lPS6cRe-KwYG0HrbieWN2qHhseG7za8er-6TxGRlokWRV-QY6CUeGKorvMFNYn7J4J1axw981BI3_11X&sig=Cg0ArKJSzB0GYaNPzsnuEAE&cid=CAQSTgAvHhf_yY8lPUjDJ5wvYqZujKAn47e3vAPelLCeqUH-_VxLXj8JRUFNQQuiVAR3LKi03CLrLQaRcCm9e01lvksErZ1bTrSXZXQb-5giZxgB&id=lidar2&mcvt=1000&p=0,0,280,1200&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20240118&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=22&adk=895343530&rs=2&la=1&cr=0&vs=4&r=v&rst=1706023623814&rpt=1456&met=mue&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0&io2=0

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ufs_web_display.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 23 Jan 2024 15:27:06 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame F029 42 B
64 B 168ms
167ms Fetch
image/gif 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsuxtxY2RXEAyusHKKUMaaKASkWkJCtrIKQ2D-8mGZmbU0IztkYK9-tQGSDxbrXC8_0lZZcvSiNUwNXC-gvofcb-YyXpmxHSQfXE1GZxaog4SEuX0qo4DgpSB35llvAorilgwNiiuFj8wNRFa60W5--VJHzafjueM-UTscq_uXqwjcZcIBZKh5M&sai=AMfl-YTIucWf2W5fb_qKtOGNHPIqXx44R1WiVIv_rtjC3UJ2tLOJA7uGFJNSysuCkD5wPBOrZaz3DJCE1acqqZhSKewuRhgv7osxptRBSRrEoroqV5pQSJpU45uX7R8XqnlJf4_dWgMd9xMdFT6yZOHPTA&sig=Cg0ArKJSzO9QIhxsL8N1EAE&cid=CAQSTwAvHhf_iK_-CUpyijTUfzbGSlQBNGA7bOGkgRKa0VdgIeifiUrz6aTepySuBlgaloOrJOLkDlLiYWJf3_BTu4yEAuBwf4vbtNwwe9sVC7MYAQ&id=lidar2&mcvt=1001&p=0,0,280,1200&mtos=1001,1001,1001,1001,1001&tos=1001,0,0,0,0&v=20240117&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=22&adk=686159903&rs=2&la=1&cr=0&vs=4&r=v&rst=1706023623845&rpt=1468&met=mue&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0&io2=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 23 Jan 2024 15:27:06 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ 0
0 176ms
175ms Image
text/html 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gda_r20240118&jk=449049430172357&bg=!NjWlNXrNAAa8BdJLnAU7ADQBe5WfONgO2e0DMeTPnu_2es8LQAhCqUy1lWdLKmz0A-5DYbemA4uEG_4k_za_H7mW18MeAgAAAFRSAAAABGgBBwoAv8gEXWlYx788STkaO3sA991VKCgyueclUvbMEwSeq9tSiNHG_oBP3MJcctZ4hgWfsOgTBE50bnGdFBvWlEZRxou0WJ1MZApUZyPdZm1ttgcySay3CoYuc2OABFunRpfuiORztzh0r7pykt1qNpEkLs04gs_t9pzIFtWvm02xcMzbm3MtnWZjrmDfNgg7y7PtRybVaAro7_BtjTpuyw9xZ9CxphMz14gOjZf9tSvHL06kkdVFkfK1niObyGKuZqmemQKzBh1NLxEJylDR8TZpnShcoxcSy0Kcsl8QyuE-yxpcu-DU7uNi_L4R9NkLDrPvRvyl_o-DauE-6z1zkQVsUrf7oQa6RYZxQvDmbV7tbeWDUgUXFm7-UmB76-xvbVYwRSiU6ftu-sl3pnedd00xDgY4jN2Xr57kFXQAknFuAhPTUWwnu4rh0mqqCyXsWEGLjcUJkbjSBm8vY3MICx6y9e4TItgRtDPoknnQ2ojgRLJS-DKWo6hR1b0UPi9jRv295rhaFv4qRKYmapJRI2cUEJAANzqWqSfM9HdmNJ7HaxsfVaTEo0SM8EZJIPAKNM25iPTeDzSZkpUorTk7_W9K583_qPQgX7I_NLa3V3t9wXsJWZ86ySMjoBbHw2xuYiE4B9guwwNBAGqGcY0CYYsHaz8_eXZTfqPoQRSm88G2mP_Z_Hfftf-i2GB8SJQ8ytNTuU9IQWDi61V0JBuH-v5Xj1oBw98CEjVntLcv3VwGMvvb35zUeuQiZAMKFIK8rZ8V8FOp_62ZLj_oBwMcQKiYwM3QcbrQEKwRhzyadE1GFR8S-YJFsWaNDxRt-HW8lQKJgtPvl3tbhn_QKGH7ADbHmhUNALQl-r8FkVG9H5qFMyTHF_jmAtkGk_wWiSvb5Xkj8-Xi3xXBhGHpH17L-1WhnFy4C4X3UDbFtuEOP715szv0oHUePNwm-2ZDmrcqrgKYFrpm2opwh9CtT8D6oQ04V7lGeGYLVTJGz_mc_FLntAvkELV9d46cVNj1IPSElnUqZpW0jPR6kduNmXIHkFJQIYE-MlS-266ySmyYDBWbR31mN1Oe5L0EJ8SpAm41WXcYvlk0g3s6EUc9zumyt2nVk84bd9LJ-LskNzNwkn4fN4_hNaFRO5GcmzBnP2Xxo2yz-QyDqJaekqgg2n8h7kJ-mPt91cQqAw
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://crxextractor.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

GET
H3 200 index.js Show response
s0.2mdn.net/sadbundle/2866628641820365191/ Frame 2692 107 KB
18 KB 31ms
31ms Script
application/x-javascript 2a00:1450:4001:82f::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/2866628641820365191/index.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/2866628641820365191/index.html?ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

02ab290480acbf9e1b125edccf93225879b9ce1639b235d10388a638bb30473a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/2866628641820365191/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

expires: Tue, 21 Jan 2025 07:34:12 GMT
date: Mon, 22 Jan 2024 07:34:12 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 114774
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 18525
x-xss-protection: 0
last-modified: Thu, 11 Jan 2024 16:17:35 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
allow-fenced-frame-automatic-beacons: true

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame C71B 0
20 B 176ms
175ms Ping
image/gif 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tler&ord=4619020607824&version=m202309260101&ct=76&x=1&cor=10336593428814650000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 23 Jan 2024 15:27:06 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 script.js Show response
s0.2mdn.net/sadbundle/2866628641820365191/ Frame 2692 9 KB
3 KB 31ms
31ms Script
application/x-javascript 2a00:1450:4001:82f::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/2866628641820365191/script.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/2866628641820365191/index.html?ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a7e68aced43cc5776e561bddf03ee9e3368efacb11d264a69202c2942ff10b6e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/2866628641820365191/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

expires: Tue, 21 Jan 2025 07:34:12 GMT
date: Mon, 22 Jan 2024 07:34:12 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 114774
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2749
x-xss-protection: 0
last-modified: Thu, 11 Jan 2024 16:17:35 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
allow-fenced-frame-automatic-beacons: true

GET
H3 200 index_atlas_P_1.png
s0.2mdn.net/sadbundle/2866628641820365191/images/ Frame 2692 46 KB
46 KB 96ms
96ms Image
image/png 2a00:1450:4001:82f::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/2866628641820365191/images/index_atlas_P_1.png

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6f8d50378fdf2cab7d7e592fa7cd8cc9a4e0eccb0cb90bb375bf62a8fb5d1f88

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/2866628641820365191/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

expires: Tue, 21 Jan 2025 07:34:12 GMT
date: Mon, 22 Jan 2024 07:34:12 GMT
x-content-type-options: nosniff
age: 114774
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 47207
x-xss-protection: 0
last-modified: Thu, 11 Jan 2024 16:17:35 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
allow-fenced-frame-automatic-beacons: true

GET
H3 200 index_atlas_NP_1.jpg
s0.2mdn.net/sadbundle/2866628641820365191/images/ Frame 2692 54 KB
54 KB 45ms
45ms Image
image/jpeg 2a00:1450:4001:82f::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/2866628641820365191/images/index_atlas_NP_1.jpg

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3ba6bf94cfe1a7117a56875fbda50d3f57087499df61b60592f195341a96fc4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/2866628641820365191/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

expires: Tue, 21 Jan 2025 07:34:12 GMT
date: Mon, 22 Jan 2024 07:34:12 GMT
x-content-type-options: nosniff
age: 114774
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 54871
x-xss-protection: 0
last-modified: Thu, 11 Jan 2024 16:17:35 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
allow-fenced-frame-automatic-beacons: true

POST
H2 200 91974901
mc.yandex.com/webvisor/ 43 B
0 355ms
354ms Fetch
image/gif 2a02:6b8::1:119
YANDEX

General

Check archive.org

Show headers Download Go to

Full URL

https://mc.yandex.com/webvisor/91974901?wv-part=1&wv-type=7&wmode=0&wv-hit=249412628&page-url=http%3A%2F%2Fcrxextractor.com%2F&rn=789478090&browser-info=bt%3A1%3Awe%3A1%3Aet%3A1706023627%3Aw%3A1600x1200%3Av%3A1211%3Az%3A60%3Ai%3A20240123162706%3Au%3A1706023624852652172%3Avf%3A6mv6as6uk632mqt4m2ukn7iz%3Ast%3A1706023627&t=gdpr(14)ti(1)

Requested by

Host: mc.yandex.ru
URL: https://mc.yandex.ru/metrika/tag.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:6b8::1:119 , Russian Federation, ASN13238 (YANDEX, RU),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Xss-Protection	1; mode=block

Request headers

Referer: http://crxextractor.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Tue, 23 Jan 2024 15:27:07 GMT
strict-transport-security: max-age=31536000
last-modified: Tue, 23-Jan-2024 15:27:07 GMT
content-type: image/gif
access-control-allow-origin: http://crxextractor.com
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
access-control-allow-credentials: true
content-length: 43
x-xss-protection: 1; mode=block
expires: Tue, 23-Jan-2024 15:27:07 GMT

POST
H2 200 91974901
mc.yandex.com/webvisor/ 43 B
0 63ms
62ms Fetch
image/gif 2a02:6b8::1:119
YANDEX

General

Check archive.org

Show headers Download Go to

Full URL

https://mc.yandex.com/webvisor/91974901?wv-part=1&wv-type=7&wmode=0&wv-hit=249412628&page-url=http%3A%2F%2Fcrxextractor.com%2F&rn=297461111&browser-info=we%3A1%3Aet%3A1706023627%3Aw%3A1600x1200%3Av%3A1211%3Az%3A60%3Ai%3A20240123162707%3Au%3A1706023624852652172%3Avf%3A6mv6as6uk632mqt4m2ukn7iz%3Ast%3A1706023627&t=gdpr(14)ti(1)

Requested by

Host: mc.yandex.ru
URL: https://mc.yandex.ru/metrika/tag.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:6b8::1:119 , Russian Federation, ASN13238 (YANDEX, RU),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Xss-Protection	1; mode=block

Request headers

Referer: http://crxextractor.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Tue, 23 Jan 2024 15:27:07 GMT
strict-transport-security: max-age=31536000
last-modified: Tue, 23-Jan-2024 15:27:07 GMT
content-type: image/gif
access-control-allow-origin: http://crxextractor.com
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
access-control-allow-credentials: true
content-length: 43
x-xss-protection: 1; mode=block
expires: Tue, 23-Jan-2024 15:27:07 GMT

Verdicts & Comments Add Verdict or Comment

62 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

50 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.crxextractor.com/	1970-01-20 20:03:19	Name: _gcl_au Value: 1.1.736823740.1706023624
.crxextractor.com/	1970-01-20 17:55:10	Name: _gid Value: GA1.2.424764968.1706023624
.crxextractor.com/	1970-01-20 17:53:43	Name: _gat Value: 1
.crxextractor.com/	1970-01-21 03:29:43	Name: _ga_MSVY8TC2LJ Value: GS1.1.1706023623.1.0.1706023623.0.0.0
.crxextractor.com/	1970-01-21 03:29:43	Name: _ga Value: GA1.1.1799445298.1706023624
.yandex.ru/	1970-01-21 03:29:43	Name: i Value: NGgQ8hgUXZvCQkigPOkMn1p8rf9IFI2x68v7ypdEcT1AYhNu9t8Kf5I2xoQFPCsRzpnIlYEpodih5ySUulDdauqeC5g=
.yandex.ru/	1970-01-21 03:29:43	Name: yandexuid Value: 6299300211706023623
.crxextractor.com/	1970-01-21 03:29:43	Name: _ga_0FG1T3YJEH Value: GS1.2.1706023623.1.0.1706023623.0.0.0
.crxextractor.com/	1970-01-21 02:39:19	Name: _ym_uid Value: 1706023624852652172
.crxextractor.com/	1970-01-21 02:39:19	Name: _ym_d Value: 1706023624
.mc.yandex.com/	1970-01-20 17:53:44	Name: sync_cookie_csrf Value: 4201837390fake
.crxextractor.com/	1970-01-20 17:54:55	Name: _ym_isad Value: 2
.mc.yandex.ru/	1970-01-20 17:53:44	Name: sync_cookie_csrf Value: 3683082477fake
.yandex.com/	1970-01-21 02:39:19	Name: yandexuid Value: 6299300211706023623
.yandex.com/	1970-01-21 02:39:19	Name: yuidss Value: 6299300211706023623
.yandex.com/	1970-01-21 03:29:43	Name: i Value: NGgQ8hgUXZvCQkigPOkMn1p8rf9IFI2x68v7ypdEcT1AYhNu9t8Kf5I2xoQFPCsRzpnIlYEpodih5ySUulDdauqeC5g=
.yandex.com/	1970-01-21 03:29:43	Name: yp Value: 1706110024.yu.3054694221706023624
.mc.yandex.com/	1970-01-20 17:55:10	Name: sync_cookie_ok Value: synced
mc.yandex.com/	1969-12-31 23:59:59	Name: yabs-sid Value: 523960791706023624
.yandex.com/	1970-01-21 02:39:19	Name: ymex Value: 1708615624.oyu.3054694221706023624#1737559624.yrts.1706023624
.doubleclick.net/	1970-01-21 03:15:19	Name: IDE Value: AHWqTUkPoKOzVfuVP73i8qIBAwlYPJfhr__Tza3fGRjRXZ9zxunjz_TENq_Orlk2uDQ
.crxextractor.com/	1970-01-21 03:15:19	Name: __gads Value: ID=7ae2251529de7348:T=1706023623:RT=1706023623:S=ALNI_MZkVPZWaAj8CzhKOG6i_inexoO4Fw
.crxextractor.com/	1970-01-21 03:15:19	Name: __gpi Value: UID=00000d47e4743cf9:T=1706023623:RT=1706023623:S=ALNI_MaP6-vPO3i0E4aConmQ1gsUoHX8Xg
.crxextractor.com/	1970-01-20 17:53:45	Name: _ym_visorc Value: w
.w55c.net/	1970-01-21 03:25:24	Name: wfivefivec Value: Yl7Ovm2c1RsiG45
.ctnsnet.com/	1970-01-21 02:39:19	Name: gid_CAESENsBdAA5OowJM9QS2ShVllA Value: 1
.agkn.com/	1970-01-21 02:39:19	Name: ab Value: 0001%3AH9zDZylGaiRvVe5MzMnQZuMnrl%2F8Rdht
.agkn.com/	1970-01-21 02:39:19	Name: u Value: C\|0CEAtQpdILUKXSAAAAAAAAQ13AQCAAQpAAAAAAA
.simpli.fi/	1970-01-21 02:40:46	Name: suid Value: B85AF991773F42EAAB79065F7B61B498
.w55c.net/	1970-01-20 18:36:55	Name: matchgoogle Value: 5
.adform.net/	1970-01-20 18:38:22	Name: C Value: 1
.adform.net/	1970-01-20 19:20:07	Name: uid Value: 6574168327626511856
.ctnsnet.com/	1970-01-21 02:39:19	Name: gid_CAESEC817phjiXv8kHA17K4rAPE Value: 1
.ctnsnet.com/	1970-01-21 02:39:19	Name: cid Value: 81411258e32c4e9cb80359f56faa1370
.yahoo.com/	1970-01-21 02:39:41	Name: A3 Value: d=AQABBMjar2UCEI5UYvOJVp4HJoXunk3-7IcFEgEBAQEssWW5ZQAAAAAA_eMAAA&S=AQAAAs-DADhYDtJoCb_cdqTieqM
.doubleclick.net/	1970-01-20 17:53:47	Name: DSID Value: NO_DATA
.doubleclick.net/	1970-01-20 17:53:44	Name: test_cookie Value: CheckForPermission
.googleadservices.com/	1970-01-20 20:03:19	Name: ar_debug Value: 1
.casalemedia.com/	1970-01-20 20:03:19	Name: CMPS Value: 2201
.adnxs.com/	1970-01-21 03:29:43	Name: receive-cookie-deprecation Value: 1
.adnxs.com/	1970-01-20 20:03:19	Name: XANDR_PANID Value: oLhXv_ADS_F7qWZfRxELCW5YUUigk-o7CL778160KGOpMvcjfvdOS22oeIIASVYl9OA4nO4qq2CI4m1-GOOO0helB7g7V2ZjeU66lEQNdDQ.
.adnxs.com/	1970-01-20 20:03:19	Name: uuid2 Value: 1105547722911511923
.casalemedia.com/	1970-01-21 02:39:19	Name: CMID Value: Za-ayH3UL45IrUv-MFOK8QAA
.casalemedia.com/	1970-01-20 20:03:19	Name: CMPRO Value: 3307
.adnxs.com/	1970-01-20 20:03:19	Name: anj Value: dTM7k!M41.D>6NRF']wIg2C%stySbs!]tbPl1M>e)ZlrFUfJ+tGXxoX<=1m@VxFMYX7SJU[J(T@XQu+qNa`/Ivv(/J3If)y3KL9D3I?+c3KcQh
.doubleclick.net/	1970-01-20 22:12:55	Name: APC Value: AfxxVi5UNCS2t5nkzsWfEQGhXrOBFDnVpHMk2-7KJnNUKIgX8ewJaA
.tribalfusion.com/	1970-01-20 20:03:19	Name: ANON_ID Value: aMnt6ZaR3YWj7UXuRucrpfZdNbIBqEIbCinXAXEUPNF0tHAAZdFgZa0cFu22qjrZc4kBuoe15yyYZadiG05eyd75vVWBKhfqpR
.doubleclick.net/	1970-01-20 22:12:55	Name: receive-cookie-deprecation Value: 1
.demdex.net/	1970-01-20 22:12:55	Name: demdex Value: 25941254650716030054472614156601466320
.skydeutschland.demdex.net/	1970-01-20 22:12:55	Name: skydeutschland Value: 25941254650716030054472614156601466320

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

a.tribalfusion.com
ad.doubleclick.net
buttons.github.io
c.yvoschaap.com
c1.adform.net
cat.fr3.eu.criteo.com
cm.g.doubleclick.net
crxextractor.com
d.agkn.com
dis.criteo.com
dsum-sec.casalemedia.com
fonts.googleapis.com
fonts.gstatic.com
googleads.g.doubleclick.net
googleads4.g.doubleclick.net
ib.adnxs.com
imageproxy.eu.criteo.net
ius.ctnsnet.com
m.exactag.com
match.adsrvr.org
mc.yandex.com
mc.yandex.ru
onetag-sys.com
pagead2.googlesyndication.com
pixel.adsafeprotected.com
platform.twitter.com
pm.w55c.net
pr-bh.ybp.yahoo.com
region1.google-analytics.com
rtb.fr3.eu.criteo.com
s.tribalfusion.com
s0.2mdn.net
skydeutschland.demdex.net
static.adsafeprotected.com
stats.g.doubleclick.net
syndication.twitter.com
tpc.googlesyndication.com
um.simpli.fi
www.google-analytics.com
www.google.com
www.google.de
www.googleadservices.com
www.googletagmanager.com
www.googletagservices.com
www.gstatic.com
x.bidswitch.net
yvoschaap.com
104.18.36.155
104.244.42.72
108.156.2.25
136.144.177.247
142.250.185.194
142.250.185.70
142.250.186.162
142.250.186.66
178.250.1.9
178.250.7.9
185.89.210.122
2001:4860:4802:32::36
2600:9000:223f:800:8:48e:53c0:93a1
2606:2800:234:59:254c:406:2366:268c
2606:4700::6812:19ad
2606:50c0:8001::153
2a00:1450:4001:802::2003
2a00:1450:4001:806::2002
2a00:1450:4001:806::2003
2a00:1450:4001:80b::2008
2a00:1450:4001:80e::2002
2a00:1450:4001:811::2003
2a00:1450:4001:812::200e
2a00:1450:4001:813::2002
2a00:1450:4001:81c::2001
2a00:1450:4001:827::200a
2a00:1450:4001:828::2004
2a00:1450:4001:82f::2006
2a00:1450:400c:c1d::9a
2a02:2638:3::10
2a02:2638:d::c
2a02:6b8::1:119
2a05:d018:d29:3601:3295:f713:9e96:927c
3.122.71.237
34.91.62.186
35.158.172.152
35.186.193.173
35.214.149.91
37.157.2.230
51.89.9.253
52.212.179.124
52.214.230.121
52.223.40.198
85.14.248.91
02ab290480acbf9e1b125edccf93225879b9ce1639b235d10388a638bb30473a
0457d978556eb3f40cbf51b432973e2a193a6062d5abee91d0683ae505a2ae95
071865770f1c0ae0f5cdfaf1b32032893b20cf86524dfe57b01cb4af4902e0ff
0738580e85e7fdef026f377d497b2791985a1b161bb9b573ed15798e1d91ea48
09ed498c273f95ded9ce6f2d2945b29d5b5fefaa787d798d6c0c5e100a9badff
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0ebac58fde776e690177af10b52568f9b7faceb9408007b9e9409eb24c455321
1642dd5dc126df4feff2255cba0988528507973d842d0a73331a5873f6b9d4e5
173460e89e6a7244218badae2016f65c48a3eae9d400802273eeca18b07336f1
18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421
1fc0e17cd296e6c319b02ce9079fe0b90fa1c17ce92feab71748b610f697e40e
202080c6bc3cf861fd06f7e866f13f5de53722089fbddad99b7e948532228225
206d69d71c478f79a07c9284e902e6455dc3a70de6580ef850df48c1d65a3d35
2074a344a2a3deaff53edddcdac1961e6502cbf070e67e7284a87d096c994b0e
23c55d62d4bf57a2673662d1ee3b9f9bf221491bcc26195d7de7b9e7aed04a08
2a5f35959c7cefb1202cd3ca5b9f406d7c5831813c129da06d7a53270ca6605d
2d0922bd18f06df3c7413fcd6a3f1c5ec9545b4b07b131e362f30df7275fc058
2ded9cc04a7517fd8fefb73286538ef915c8016dc99ee8a8e95f47f2d2441097
302da628a6afc3e93f1b86bf7c65e4d6536d8283d78266964822a76d1c645aa4
3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5
3612953139910cd055584b660ba5a60748050d2132caef078d0ce4d5a2b7e033
37169bef98fa54cc2b34335698c773dc57e1ce1b542054183e5b25ed74f3fcaa
38eb0379c855f10a0e69073af6b54582216fa37b7e2b1563a1246bbf1ef49642
39a024ead02e1e7562777685bf017a583ca1e43b10ba860b1952609ba0e983f5
3ba6bf94cfe1a7117a56875fbda50d3f57087499df61b60592f195341a96fc4a
405087ab3b2ba35535c59017431d2b9e02081a581af8a8e2593e52ffb0c363c1
40d771f6656d3624b38cfa9c063434faf00acd7b1be12cd3737e630ead0c09a8
41d2526e9c4595fc1fc747555bda18a041033a863a9b2ed180e7b5836918facd
426e16d014775c77916610f675f58880874c645817ed26d01873dde3466e6007
428f4d59e61cdf9887ad4cd7c4592a24b214d2d9c0ba09db01c4cfde66a3cd11
42b976597a2d977d0e300f6d06bc903db389e5c112d33c1c8c249690a522d9f2
435db380c9936c0970dcd3d9941eab6aec2fcf2a38c3e2b4e02d957e8e76bd1f
49116b116b7a9ac1b831c031d71065b4f5277c665002ba23520b7ffc4e07f3c8
49944fcd898f3ca5ef5f577bb3e7a2356fb982321b5ccd1dc20234b79984a788
49a0392e7d399f5b6ff604017e16cd38a0ec3510488af714ca9db70d5daa7082
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
4d45982f2dc34f36c9045ee46a75a1943666bb7fd64e103cac8c7429e7012840
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
559ed27b48f52ad1c65466a95a120b8264f7dea4a23d31f2ebb3b5beca3321f6
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
568b64730ca99a96d9df2581bc1f5fa79f95b0feb2aa3f4320846c71fb0370e9
5a325cf127c6cf1272cd26810b58e77e7ed1364f3484bb2b6121060f383faceb
5c4a713ee4250851232be9f9f68d41586be39b299528cfc7266e0b0e7e582e1b
5ec1e2ebe080ec8fbfbdc7dd9c0c25449e1d98e4e947c11a00fd770d8841698b
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
65c99d3b9f1a1b905046e30d00a97f2d4d605e565c32917e7a89a35926e04b98
69c32d8650b1e5f0bcb76d787972b68a1ba327ea5bd8da7ab8ca1a04336735c0
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
6f8d50378fdf2cab7d7e592fa7cd8cc9a4e0eccb0cb90bb375bf62a8fb5d1f88
70c00445d6632039ed99af760731daf3bf60eb12061863ee61e2cd7276a54d18
7532a478931adf6ae387b01d56903e4571880f59b942d0dc935a4d434febf4ea
7a519c62e734157227e61ce5209158e1b7b484b5f2b68e3ccaed1ffe444de36d
7dc41fdc3e1b62ef47745aa9154a0f8f1488d551f0ac35ab4903c050d8a78be2
7e84408aa66b9c10dd6e2d630f717b4b4f03345cd77fc5360f4ccba99ce1fa74
83456962807c283aaeaf89137052a32d7d1b2301035644d159acc31e001f48e7
844208d3f740c48ca14df4373b0d232cb9e81f3934b53114833ca717b03a90f5
85ddc001f1100d307bdd09ac77d0426fe036ba75906ce1b3238bd5c1715f1e7e
8660ed12799916f277ccbb1fa1ba74dc2483dffa91089998ddfed5a9feb32200
876e6a53ead7a3ea2f6c4ba1f574c3a1d1103a8a0b6dc16743341e941e6a01d7
8bf23b82d939bb7f3d64650989894b9e00534789e8e782a07069005d8bed094c
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0
9159ff44d7094b8c99c902b187018a7e1115252e3c0438f9d4622295cd00d287
972f7a26f860f2f122dcf2a4c5cae616df3a4a83e0c8318a1afb824c766fb651
97c530c44249746307c2b01b37eed0f53757d139bc4243798f468c71da9844da
99c411eb1d1c4511a6b6ee40966c93eaa73ec4b569011272aa6094e32f43c305
9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062
9dfbb8e1be036059aea6dd87bdbefa7ecada3617fb3f404ba4647ebbbf8160b1
9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120
a0e274797fda0815dc652dbd3909bdc2d21fda97a13116b461aac60b26928b43
a164d34575179f5ec5ec95fcbf521265706d0dfa048b48fd585f2e8e1f0db4ac
a6f5d067f091e603cb7e562eabd950a869239a02674f8be63ac4b6bafeaceab7
a70f4b0aff0150d346ced92da61f304db811289f142a88a6d3dac8e6a6ce5d4f
a7e68aced43cc5776e561bddf03ee9e3368efacb11d264a69202c2942ff10b6e
aa58d84c54ce86b69e076a05380049425f5f4c39d6399a645dc7cd87cd98ff64
aade7746342f608807b7eb107059c842fe200e1ff09e146db822250055cecaed
ac4102f64f92f5e234174d3758fb00dd33e96c318f6e0ffda49471b7fa381395
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277
b019538234514166ec7665359d097403358f8a4c991901983922fb4d56989f1e
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b97e74092c2ef14e6e97e8fcf55b520ffbe8cf36097f2acf5ff1fd365b852c6d
bc12347103da4da2ac30f8b4defd567679284e0bad691a54fad78ad804fc9c27
c127a7f93d3ea162c7086632dba913392b83faf29d513c9952f32ead527a2f41
c2430aad2b6a33948dc064cfaee8ad65ff9e3ca439834f3aaa84abec3d10dea8
c36e9bb2e913500763aa0f62ac2c2990247d78660b55dccff382a3b7e6dd5b8e
c4c2a224d80506c7d39003d72353aea2cd6c8a7ff1f34575ee6ebece53ba1a20
ce97f1912d6312e077b287d848b5bad9b3959f80a1cfc340845d8bdc0f0ff36c
d233ae3f0c2b48dc6f71e32ad7e23ba5e1d64b59af7e8d5592375d14887f3e97
d58acf16b5e4521c9eb24fe9fd97308e5f8be1297e4b63a547e5b610611799ae
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e586a84d8523747f42e510d78e141015b6424cf67d612854e892a7bcedc8ec9e
e6b20a1535a6d3ca3d7a611ae199a6f4b464e0b67b450379ed43a7ef3e66957c
e93b8c0ae5b5910b7107c8b455eda029935c56efa8de0be2443d8eabba207197
eb66c7c9d097d5ba414230f422484c17fa6f37157d30e1ded2cc5f65a9667987
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
ef373c82073207c914eb95f761d32e59f21747fa5b6d60b9ef7caa2f472e4336
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
f8238cdd1cc6032f1c34cf7e559b55a936097f78cc8839628e5cc39a6fc3f390
fe1673f86e0de422bc66021ef8a99bdc352b013946e0586e98279d0ac002f999
fe676e106bd5b1c98bccee2d3807d1179e9c9ef54d21b5f8950a3f68652fcf58

crxextractor.com Open in urlscan Pro 108.156.2.25 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

183 Requests

83 %HTTPS

50 %IPv6

34 Domains

47 Subdomains

37 IPs

10 Countries

2406 kBTransfer

6455 kBSize

50 Cookies

4 Outgoing links

Redirected requests

183 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 11 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

crxextractor.com Open in urlscan Pro
108.156.2.25 Public Scan

Screenshot
Live screenshot

Full Image

183
Requests

83 %
HTTPS

50 %
IPv6

34
Domains

47
Subdomains

37
IPs

10
Countries

2406 kB
Transfer

6455 kB
Size

50
Cookies

183 HTTP transactions
11 data transactions