google.4tm.pro Open in urlscan Pro
176.96.138.219 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://google.4tm.pro/
Submission Tags: @phishunt_io
Submission: On June 14 via api (June 14th 2024, 1:40:08 pm UTC) from DE — Scanned from DE

Summary HTTP 79 Redirects Links 100 Behaviour Indicators

Summary

This website contacted 24 IPs in 2 countries across 20 domains to perform 79 HTTP transactions. The main IP is 176.96.138.219, located in Germany and belongs to DATAFOREST, DE. The main domain is google.4tm.pro.
TLS certificate: Issued by E5 on June 14th 2024. Valid for: 3 months.

This is the only time google.4tm.pro was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
5	176.96.138.219 176.96.138.219	58212 (DATAFOREST) (DATAFOREST)
1	2606:4700::68... 2606:4700::6811:190e	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	3.232.23.53 3.232.23.53	14618 (AMAZON-AES) (AMAZON-AES)
7	2606:2800:134... 2606:2800:134:1a0d:1429:742:782:b6	15133 (EDGECAST) (EDGECAST)
2	108.138.36.87 108.138.36.87	16509 (AMAZON-02) (AMAZON-02)
3	2a00:1450:400... 2a00:1450:4001:82f::2008	15169 (GOOGLE) (GOOGLE)
1	23.201.255.110 23.201.255.110	16625 (AKAMAI-AS) (AKAMAI-AS)
1	2a00:1450:400... 2a00:1450:4001:80f::2002	15169 (GOOGLE) (GOOGLE)
1 1	2606:4700:20:... 2606:4700:20::681a:832	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700:10:... 2606:4700:10::ac43:293c	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2a00:1450:400... 2a00:1450:4001:827::2002	15169 (GOOGLE) (GOOGLE)
26	2a00:1450:400... 2a00:1450:4001:810::2002	15169 (GOOGLE) (GOOGLE)
1	2001:4860:480... 2001:4860:4802:34::36	15169 (GOOGLE) (GOOGLE)
1	130.211.23.194 130.211.23.194	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
2	2606:4700:20:... 2606:4700:20::681a:246	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	172.217.18.102 172.217.18.102	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:812::2001	15169 (GOOGLE) (GOOGLE)
2	2606:4700:10:... 2606:4700:10::6816:3ca8	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	2a00:1450:400... 2a00:1450:4001:811::2001	15169 (GOOGLE) (GOOGLE)
2	2606:4700:20:... 2606:4700:20::681a:64	13335 (CLOUDFLAR...) (CLOUDFLARENET)
5	2a00:1450:400... 2a00:1450:4001:813::2001	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:82b::200a	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:827::2003	15169 (GOOGLE) (GOOGLE)
1	35.244.193.51 35.244.193.51	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
79	24

5 176.96.138.219 (Germany)

ASN58212 (DATAFOREST, DE)
PTR: v35342.php-friends.de

google.4tm.pro	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:190e (United States)

ASN13335 (CLOUDFLARENET, US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 3.232.23.53 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-3-232-23-53.compute-1.amazonaws.com

eproof.drudgereport.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2606:2800:134:1a0d:1429:742:782:b6 (United States)

ASN15133 (EDGECAST, US)

pbs.twimg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 108.138.36.87 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-108-138-36-87.muc50.r.cloudfront.net

v7.eproof.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:82f::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 23.201.255.110 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a23-201-255-110.deploy.static.akamaitechnologies.com

ads.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:80f::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:20::681a:832 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

voranda-com.videoplayerhub.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:10::ac43:293c (United States)

ASN13335 (CLOUDFLARENET, US)

btloader.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:827::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

26 2a00:1450:4001:810::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:4860:4802:34::36 (United States)

ASN15169 (GOOGLE, US)

region1.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 130.211.23.194 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 194.23.211.130.bc.googleusercontent.com

api.btloader.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700:20::681a:246 (United States)

ASN13335 (CLOUDFLARENET, US)

ad-delivery.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.217.18.102 (United States)

ASN15169 (GOOGLE, US)
PTR: zrh04s05-in-f102.1e100.net

ad.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:812::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

86b467f5da61b2b2664981642af54d96.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700:10::6816:3ca8 (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.vuukle.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:811::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700:20::681a:64 (United States)

ASN13335 (CLOUDFLARENET, US)

get.geojs.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:813::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

cdn.ampproject.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:82b::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:827::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.244.193.51 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 51.193.244.35.bc.googleusercontent.com

lexicon.33across.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
31	googlesyndication.com pagead2.googlesyndication.com — Cisco Umbrella Rank: 136 86b467f5da61b2b2664981642af54d96.safeframe.googlesyndication.com tpc.googlesyndication.com — Cisco Umbrella Rank: 172	479 KB
7	twimg.com pbs.twimg.com — Cisco Umbrella Rank: 1225	821 KB
5	ampproject.org cdn.ampproject.org — Cisco Umbrella Rank: 472	104 KB
5	4tm.pro google.4tm.pro	31 KB
3	doubleclick.net securepubads.g.doubleclick.net — Cisco Umbrella Rank: 235 ad.doubleclick.net — Cisco Umbrella Rank: 164	144 KB
3	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 79	268 KB
3	drudgereport.com eproof.drudgereport.com — Cisco Umbrella Rank: 34144 api.drudgereport.com Failed	4 KB
2	geojs.io get.geojs.io — Cisco Umbrella Rank: 16258	2 KB
2	vuukle.com cdn.vuukle.com — Cisco Umbrella Rank: 21567	145 KB
2	ad-delivery.net ad-delivery.net — Cisco Umbrella Rank: 1085	1 KB
2	btloader.com btloader.com — Cisco Umbrella Rank: 1074 api.btloader.com — Cisco Umbrella Rank: 1183	19 KB
2	eproof.com v7.eproof.com — Cisco Umbrella Rank: 43913	35 KB
1	33across.com lexicon.33across.com — Cisco Umbrella Rank: 1767	249 B
1	gstatic.com fonts.gstatic.com	34 KB
1	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 77	2 KB
1	google-analytics.com region1.google-analytics.com — Cisco Umbrella Rank: 2347	253 B
1	videoplayerhub.com 1 redirects voranda-com.videoplayerhub.com — Cisco Umbrella Rank: 43162	476 B
1	googletagservices.com www.googletagservices.com — Cisco Umbrella Rank: 333	30 KB
1	rubiconproject.com ads.rubiconproject.com — Cisco Umbrella Rank: 2398	139 KB
1	cloudflare.com cdnjs.cloudflare.com — Cisco Umbrella Rank: 265	28 KB
79	20

	Domain	Requested by
26	pagead2.googlesyndication.com	google.4tm.pro pagead2.googlesyndication.com securepubads.g.doubleclick.net
7	pbs.twimg.com	google.4tm.pro
5	cdn.ampproject.org	securepubads.g.doubleclick.net
5	google.4tm.pro	google.4tm.pro
3	tpc.googlesyndication.com	pagead2.googlesyndication.com tpc.googlesyndication.com google.4tm.pro
3	www.googletagmanager.com	google.4tm.pro www.googletagmanager.com
3	eproof.drudgereport.com	google.4tm.pro
2	get.geojs.io	cdn.vuukle.com
2	cdn.vuukle.com	google.4tm.pro cdn.vuukle.com
2	86b467f5da61b2b2664981642af54d96.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
2	ad-delivery.net	google.4tm.pro
2	securepubads.g.doubleclick.net	www.googletagservices.com
2	v7.eproof.com	google.4tm.pro
1	lexicon.33across.com	ads.rubiconproject.com
1	fonts.gstatic.com	fonts.googleapis.com
1	fonts.googleapis.com	securepubads.g.doubleclick.net
1	ad.doubleclick.net	google.4tm.pro
1	api.btloader.com	voranda-com.videoplayerhub.com
1	region1.google-analytics.com	www.googletagmanager.com
1	btloader.com	google.4tm.pro
1	voranda-com.videoplayerhub.com	1 redirects
1	www.googletagservices.com	google.4tm.pro
1	ads.rubiconproject.com	google.4tm.pro
1	cdnjs.cloudflare.com	google.4tm.pro
0	api.drudgereport.com Failed	google.4tm.pro
79	25

This site contains links to these domains. Also see Links.

Domain
www.nbcnews.com
apnews.com
news.gallup.com
www.msn.com
www.yahoo.com
www.drudgereport.com
www.politico.com
www.axios.com
www.independent.co.uk
www.cnn.com
www.thefp.com
www.dailymail.co.uk
trends.google.com
www.pressreader.com
news.sky.com
www.racetothewh.com
projects.fivethirtyeight.com
boxofficemojo.com
ustvdb.com
www.abcnews.com
www.theatlantic.com
news.bbc.co.uk
www.billboard.com
www.boston.com
bostonherald.com
www.breitbart.com
www.businessinsider.com
www.cbsnews.com
cbslocal.com
www.c-span.org
www.suntimes.com
www.chicagotribune.com
www.csmonitor.com
www.cnbc.com
thedailybeast.com
dailycaller.com
www.deadline.com
www.eonline.com
www.ew.com
www.ft.com
fivethirtyeight.com
www.foxnews.com
thehill.com
www.hollywoodreporter.com
www.huffingtonpost.com
www.infowars.com
theintercept.com
www.jpost.com
www.dailynewslosangeles.com
www.latimes.com
www.marketwatch.com
www.mediaite.com
www.motherjones.com
www.thenation.com
www.nationalreview.com
www.thenewrepublic.com
nymag.com
www.nydailynews.com
www.nypost.com
www.nytimes.com
www.newyorker.com
www.newsmax.com
www.newzit.com
www.people.com
www.rawstory.com
realclearpolitics.com
reason.org
www.rollcall.com
www.rollingstone.com
www.salon.com
www.sfgate.com
www.semafor.com
thesmokinggun.com
www.tmz.com
www.mirror.co.uk

Subject Issuer	Validity	Valid
google.4tm.pro E5	`2024-06-14` - `2024-09-12`	3 months	crt.sh
cdnjs.cloudflare.com E1	`2024-06-02` - `2024-08-31`	3 months	crt.sh
eproof.drudgereport.com Amazon RSA 2048 M02	`2024-05-17` - `2025-06-15`	a year	crt.sh
*.twimg.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-07-28` - `2024-07-26`	a year	crt.sh
*.eproof.com Amazon RSA 2048 M02	`2024-03-23` - `2025-04-21`	a year	crt.sh
*.google-analytics.com WR2	`2024-05-27` - `2024-08-19`	3 months	crt.sh
*.rubiconproject.com DigiCert TLS RSA SHA256 2020 CA1	`2024-03-07` - `2025-04-03`	a year	crt.sh
*.g.doubleclick.net WR2	`2024-05-27` - `2024-08-19`	3 months	crt.sh
api.btloader.com GTS CA 1D4	`2024-06-04` - `2024-09-02`	3 months	crt.sh
ad-delivery.net GTS CA 1P5	`2024-05-17` - `2024-08-15`	3 months	crt.sh
*.doubleclick.net WR2	`2024-05-27` - `2024-08-19`	3 months	crt.sh
vuukle.com E1	`2024-06-01` - `2024-08-30`	3 months	crt.sh
tpc.googlesyndication.com WR2	`2024-05-27` - `2024-08-19`	3 months	crt.sh
geojs.io E1	`2024-05-09` - `2024-08-07`	3 months	crt.sh
misc-sni.google.com WR2	`2024-05-27` - `2024-08-19`	3 months	crt.sh
upload.video.google.com WR2	`2024-05-27` - `2024-08-19`	3 months	crt.sh
*.gstatic.com WR2	`2024-05-27` - `2024-08-19`	3 months	crt.sh
lexicon.33across.com WR3	`2024-05-15` - `2024-08-13`	3 months	crt.sh

This page contains 9 frames:

Primary Page: https://google.4tm.pro/
Frame ID: 48028FCFCF968A55DF727E0DF35DD59F
Requests: 46 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/html/r20240612/r20110914/zrt_lookup_fy2021.html
Frame ID: 98B4036447A04EB7901AB40670385127
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/ads?ltd_cs=1&client=ca-pub-6978513048441664&output=html&adk=1812271804&adf=3025194257&abgtt=6&lmt=1718371911&plat=9%3A134250504%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C41%3A32%2C42%3A32&plas=500x945_l%7C500x945_r&format=0x0&url=https%3A%2F%2Fgoogle.4tm.pro%2F&pra=5&wgl=1&easpi=1&aihb=0&asro=0&ailel=28~31~27~1~2~4~6~7~8~9~10~11~12~13~14~15~16~17~18~19~20~21~24&aiael=28~31~27~1~2~4~6~7~8~9~10~11~12~13~14~15~16~17~18~19~20~21~24&aifxl=28_13~31_3~27_14&aiixl=28_4~31_8~27_3&aslmct=0.7&asamct=0.7&itsi=-1&uach=WyJXaW4zMiIsIjEwLjAuMCIsIng4NiIsIiIsIjEyNi4wLjY0NzguNTUiLG51bGwsMCxudWxsLCI2NCIsW1siTm90L0EpQnJhbmQiLCI4LjAuMC4wIl0sWyJDaHJvbWl1bSIsIjEyNi4wLjY0NzguNTUiXSxbIkdvb2dsZSBDaHJvbWUiLCIxMjYuMC42NDc4LjU1Il1dLDBd&dt=1718372402460&bpp=3&bdt=583&idt=164&shv=r20240612&mjsv=m202406110101&ptt=9&saldr=aa&abxe=1&eoidce=1&nras=1&correlator=7581917827059&frm=20&pv=2&ga_vid=428041344.1718372402&ga_sid=1718372403&ga_hid=1081046166&ga_fc=1&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C95331696%2C95332585%2C95334508%2C95334529%2C95334566%2C95334570%2C95334581%2C95334819%2C95334054%2C95335290%2C31078663%2C31078668%2C31078670&oid=2&pvsid=3352996217046290&tmod=386547264&uas=0&nvt=1&fsapi=1&fc=1920&brdim=1570%2C1170%2C1570%2C1170%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&bz=1&nt=1&ifi=1&uci=a!1&fsb=1&dtd=180
Frame ID: EDB90776990427A7C58EF6B1D7096241
Requests: 1 HTTP requests in this frame

Frame: https://86b467f5da61b2b2664981642af54d96.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: 22CB37502B56F36B0476CB2CEDA570BA
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pcs/view?xai=AKAOjsubQJlo4TRfmdHiBCQxGn179dWA98LGyH_uFVhfVjxrqSfBV3-rpbluvnGgKiGAhsyw6aZdCQfRiENfY9EL3l7QMJeseaGDmozx4cIE0Ic05AkggvJJuHNgagBGgft_I-_63MuBOXM04eS7vxsyZtAGIyrFNhLSIl3fEsg8kPtos2__D-OI28USNwhM_8PvNCcnuVS_OtaFGvpu6rBe6qfhl-Q8nVgRlVdITkijo-wXQTQVMmC8vqgDJVtxk0FWvgWwYHWu7lu4qE5XOJv0CNKQdFRlc0gqHo5p5fsRdniAxIIRJHTiuBzecfp_WBhqRmUvSk81QecEUwpFpeVHhU34t1_fIS73NWMfKlbhrVyactMJjwb15eBO&sig=Cg0ArKJSzP5Su-RqThEfEAE&uach_m=%5BUACH%5D&urlfix=1&adurl=
Frame ID: 7ED2D9DBAE0733099FF807DC42445B45
Requests: 9 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 4C919A026856FDFE33C4A079C0B1842E
Requests: 1 HTTP requests in this frame

Frame: https://cdn.ampproject.org/rtv/012405231944000/amp4ads-v0.mjs
Frame ID: C4FCACC693FB9AB72D1A3DD07B92A6C7
Requests: 13 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pcs/view?xai=AKAOjsuOv_-6zhQZLfimwU_C2Oz0cBvOPcsvn2rPQiiaexYTOqIBJy2x4O9Hdk8CbvRo6OlCiYReIt3fqdHH0rVwzNY9OxdIWmPsEKrFT894nF03AFvF-t-UZVmVcFo1z7zGo0Y69pqdAji1ouH4Fw32UiVh6lxB3iEZ0-71tjSre2mIMp971UwLMqUXIhnlzErs4RRpOpRos0-XBy1UknFeOSbxIe8uACLXP216oQUnGfNmt5hUp3b4YCaHZGraaRlW2ON0SDnjtYl-D4t8pxZwkNG1v4BbqcLm-U1kpx1Bfvh1zHxoB9z0Sjq36cMu2lxuu4bYgP9oIEyQ5Obxp2vV_PUTn3-iNG7cYDE_GFN3YIQXZmMun5N98aD67fKvkQaPMca0rQmTogMcC-gqvg7-rQ&sig=Cg0ArKJSzHsk-kPMZ6sFEAE&uach_m=%5BUACH%5D&urlfix=1&adurl=
Frame ID: 25DDF6E975863CA0752FFD6B570C37B2
Requests: 9 HTTP requests in this frame

Frame: https://86b467f5da61b2b2664981642af54d96.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: 766D7135F4940D532B2A809BCBF806D0
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

DRUDGE REPORT 2024®

Detected technologies

DoubleClick for Publishers (DFP) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googletagservices\.com/tag/js/gpt(?:_mobile)?\.js

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js
googletagmanager\.com/gtag/js

Rubicon Project (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.rubiconproject\.com

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

/([\d.]+)/jquery(?:\.min)?\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

79
Requests

92 %
HTTPS

71 %
IPv6

20
Domains

25
Subdomains

24
IPs

2
Countries

2288 kB
Transfer

5621 kB
Size

5
Cookies

100 Outgoing links

These are links going to different origins than the main page.

URL: https://www.nbcnews.com/politics/rcna151308
Title: SUPREMES: YOU CAN KEEP YOUR ABORTION PILLS...

Search URL Search Domain Scan URL

URL: https://apnews.com/live/supreme-court-mifepristone-ruling-abortion-pill-updates#00000190-122c-d883-a79d-d66c0c8d0000
Title: KAVANAUGH: FOR NOW...

Search URL Search Domain Scan URL

URL: https://news.gallup.com/poll/645836/record-share-electorate-pro-choice-voting.aspx
Title: GALLUP: Record Share of Electorate Is Pro-Choice and Voting on It...

Search URL Search Domain Scan URL

URL: https://www.msn.com/en-us/health/other/dallas-woman-tells-congress-she-had-to-leave-texas-for-medically-necessary-abortion/ar-BB1o9Bgd
Title: Dallas woman tells Congress she had to leave TX for medically necessary abortion...

Search URL Search Domain Scan URL

URL: https://www.msn.com/en-us/news/other/new-documents-show-unreported-trips-by-justice-clarence-thomas/ar-BB1obA6K
Title: Justice Thomas Did Not Disclose 3 MORE Gift Trips...

Search URL Search Domain Scan URL

URL: https://www.yahoo.com/news/justice-alito-neighbor-says-secret-203700294.html
Title: Alito neighbor says secret tapes prove he lied about flags...

Search URL Search Domain Scan URL

URL: https://www.yahoo.com/news/78-trump-too-showing-signs-012918799.html
Title: TRUMP AT 78

Search URL Search Domain Scan URL

URL: https://www.yahoo.com/news/live-longer-trump-biden-003023938.html
Title: WILL HE OUTLIVE JOE?

Search URL Search Domain Scan URL

URL: https://www.drudgereport.com/

Search URL Search Domain Scan URL

URL: https://www.nbcnews.com/tech/tech-news/ai-candidate-running-parliament-uk-says-ai-can-humanize-politics-rcna156991
Title: AI candidate running for Parliament in UK...

Search URL Search Domain Scan URL

URL: https://www.msn.com/en-us/news/world/farage-willing-to-lead-merged-conservative-reform-party-after-election/ar-BB1o8T9i
Title: Surging Farage willing to lead merged Reform-Conservative party...

Search URL Search Domain Scan URL

URL: https://www.yahoo.com/news/analysis-super-rich-may-quit-060402348.html
Title: Super-rich may quit over Labour plans for inheritance taxes on trusts...

Search URL Search Domain Scan URL

URL: https://www.politico.com/news/magazine/2024/06/14/trump-gop-future-moment-south-carolina-00162767
Title: These 3 Politicians Once Looked Like GOP Future. 72 Hours Later Dream Was Dead...

Search URL Search Domain Scan URL

URL: https://www.axios.com/2024/06/14/trump-milwaukee-billboards-dnc
Title: Dems launching billboards hitting Trump over Milwaukee comments...

Search URL Search Domain Scan URL

URL: https://www.nbcnews.com/politics/rcna156838
Title: RNC preps for nominee who many not attend!

Search URL Search Domain Scan URL

URL: https://www.independent.co.uk/news/world/americas/us-politics/donald-trump-jr-orban-logan-act-b2561992.html
Title: Did Don Jr break law during his meeting with Hungarian leader?

Search URL Search Domain Scan URL

URL: https://www.cnn.com/2024/06/13/politics/kfile-jd-vance-harsh-twitter-likes-trump-vice-president/index.html
Title: JD Vance, top VP contender, liked tweets suggesting Trump was rapist...

Search URL Search Domain Scan URL

URL: https://www.nbcnews.com/politics/donald-trump/trump-fundraising-emails-hug-guilltone-rcna156038
Title: From hugs to guillotines, Trump's fundraising emails are roller coaster...

Search URL Search Domain Scan URL

URL: https://www.politico.com/news/2024/06/13/texas-man-arrested-threats-fbi-agent-hunter-biden-case-00163370
Title: MAGA nut arrested for threatening FBI agent on Hunter case...

Search URL Search Domain Scan URL

URL: https://www.axios.com/2024/06/14/mcconnell-trump-senate-republicans-appropriations
Title: McConnell, 82, eyes his next Senate move...

Search URL Search Domain Scan URL

URL: https://www.msn.com/en-us/news/us/men-s-brains-change-when-they-become-dads/ar-BB1odCaO
Title: Men's brains change when they become dads...

Search URL Search Domain Scan URL

URL: https://www.thefp.com/p/how-public-schools-became-ideological-boot-camps
Title: How Classrooms Became Ideological Boot Camps...

Search URL Search Domain Scan URL

URL: https://www.msn.com/en-us/news/us/the-dirty-secret-of-california-s-legal-weed/ar-BB1odAR3
Title: The dirty secret of California's legal weed...

Search URL Search Domain Scan URL

URL: https://www.msn.com/en-us/news/technology/ar-BB1ob0NC
Title: Bezos has vision to colonize space with trillion people...

Search URL Search Domain Scan URL

URL: https://www.dailymail.co.uk/news/article-13527635
Title: Minneapolis named America's happiest...

Search URL Search Domain Scan URL

URL: https://www.nbcnews.com/news/us-news/faa-investigating-boeing-737-max-dutch-roll-incident-rcna157145
Title: FAA investigating substantial damage to BOEING Max in 'Dutch roll' incident...

Search URL Search Domain Scan URL

URL: https://trends.google.com/trends/trendingsearches/realtime?geo=US&hl=en-US&category=all
Title: LIVE: TRENDING...

Search URL Search Domain Scan URL

URL: https://www.pressreader.com/catalog/newspapers
Title: WORLD NEWSPAPERS PAGE ONES

Search URL Search Domain Scan URL

URL: https://news.sky.com/story/thursdays-national-newspaper-front-pages-12427754
Title: FRONT PAGES UK

Search URL Search Domain Scan URL

URL: https://www.racetothewh.com/president/polls
Title: RACE TO WHITE HOUSE POLLS...

Search URL Search Domain Scan URL

URL: https://projects.fivethirtyeight.com/polls/president-general/2024/national/
Title: 538...

Search URL Search Domain Scan URL

URL: http://boxofficemojo.com/daily/chart/
Title: BOXOFFICE

Search URL Search Domain Scan URL

URL: https://ustvdb.com/ratings/shows/
Title: TV RATINGS

Search URL Search Domain Scan URL

URL: http://www.abcnews.com/
Title: ABCNEWS

Search URL Search Domain Scan URL

URL: http://www.theatlantic.com/
Title: ATLANTIC

Search URL Search Domain Scan URL

URL: https://www.axios.com/
Title: AXIOS

Search URL Search Domain Scan URL

URL: http://news.bbc.co.uk/default.stm
Title: BBC

Search URL Search Domain Scan URL

URL: http://www.billboard.com/
Title: BILLBOARD

Search URL Search Domain Scan URL

URL: http://www.boston.com/globe/
Title: BOSTON GLOBE

Search URL Search Domain Scan URL

URL: http://bostonherald.com/news
Title: BOSTON HERALD

Search URL Search Domain Scan URL

URL: https://www.breitbart.com/
Title: BREITBART

Search URL Search Domain Scan URL

URL: http://www.businessinsider.com/
Title: BUSINESS INSIDER

Search URL Search Domain Scan URL

URL: http://www.cbsnews.com/
Title: CBS NEWS

Search URL Search Domain Scan URL

URL: http://cbslocal.com/2015/08/31/daily-news-tips-from-cbs-local-sites/
Title: CBS NEWS LOCAL

Search URL Search Domain Scan URL

URL: http://www.c-span.org/
Title: C-SPAN

Search URL Search Domain Scan URL

URL: http://www.suntimes.com/
Title: CHICAGO SUN-TIMES

Search URL Search Domain Scan URL

URL: http://www.chicagotribune.com/
Title: CHICAGO TRIB

Search URL Search Domain Scan URL

URL: http://www.csmonitor.com/
Title: CHRISTIAN SCIENCE

Search URL Search Domain Scan URL

URL: http://www.cnbc.com/
Title: CNBC

Search URL Search Domain Scan URL

URL: http://www.cnn.com/
Title: CNN

Search URL Search Domain Scan URL

URL: http://thedailybeast.com/
Title: DAILY BEAST

Search URL Search Domain Scan URL

URL: http://dailycaller.com/
Title: DAILY CALLER

Search URL Search Domain Scan URL

URL: http://www.deadline.com/hollywood/
Title: DEADLINE HOLLYWOOD

Search URL Search Domain Scan URL

URL: http://www.eonline.com/index.jsp
Title: E!

Search URL Search Domain Scan URL

URL: http://www.ew.com/ew/
Title: ENT WEEKLY

Search URL Search Domain Scan URL

URL: http://www.ft.com/
Title: FINANCIAL TIMES

Search URL Search Domain Scan URL

URL: https://fivethirtyeight.com/
Title: FIVETHIRTYEIGHT

Search URL Search Domain Scan URL

URL: http://www.foxnews.com/
Title: FOXNEWS

Search URL Search Domain Scan URL

URL: https://www.thefp.com/
Title: FREE PRESS

Search URL Search Domain Scan URL

URL: http://thehill.com/
Title: HILL

Search URL Search Domain Scan URL

URL: http://thehill.com/news
Title: JUST IN

Search URL Search Domain Scan URL

URL: http://www.hollywoodreporter.com/
Title: H'WOOD REPORTER

Search URL Search Domain Scan URL

URL: http://www.huffingtonpost.com/
Title: HUFFINGTON POST

Search URL Search Domain Scan URL

URL: http://www.infowars.com/
Title: INFOWARS

Search URL Search Domain Scan URL

URL: https://theintercept.com/
Title: INTERCEPT

Search URL Search Domain Scan URL

URL: http://www.jpost.com/
Title: JERUSALEM POST

Search URL Search Domain Scan URL

URL: http://www.dailynewslosangeles.com/
Title: LA DAILY NEWS

Search URL Search Domain Scan URL

URL: http://www.latimes.com/
Title: LA TIMES

Search URL Search Domain Scan URL

URL: https://www.marketwatch.com/
Title: MARKETWATCH

Search URL Search Domain Scan URL

URL: https://www.mediaite.com/
Title: MEDIAITE

Search URL Search Domain Scan URL

URL: http://www.motherjones.com/
Title: MOTHER JONES

Search URL Search Domain Scan URL

URL: http://www.thenation.com/
Title: NATION

Search URL Search Domain Scan URL

URL: http://www.nationalreview.com/
Title: NATIONAL REVIEW

Search URL Search Domain Scan URL

URL: http://www.nbcnews.com/
Title: NBC NEWS

Search URL Search Domain Scan URL

URL: http://www.thenewrepublic.com/
Title: NEW REPUBLIC

Search URL Search Domain Scan URL

URL: http://nymag.com/
Title: NEW YORK

Search URL Search Domain Scan URL

URL: http://www.nydailynews.com/
Title: NY DAILY NEWS

Search URL Search Domain Scan URL

URL: http://www.nypost.com/
Title: NY POST

Search URL Search Domain Scan URL

URL: http://www.nytimes.com/
Title: NY TIMES

Search URL Search Domain Scan URL

URL: http://www.nytimes.com/timeswire/
Title: WIRE

Search URL Search Domain Scan URL

URL: http://www.newyorker.com/
Title: NEW YORKER

Search URL Search Domain Scan URL

URL: http://www.newsmax.com/
Title: NEWSMAX

Search URL Search Domain Scan URL

URL: https://www.newzit.com/
Title: NEWZIT

Search URL Search Domain Scan URL

URL: http://www.people.com/
Title: PEOPLE

Search URL Search Domain Scan URL

URL: http://www.politico.com/
Title: POLITICO

Search URL Search Domain Scan URL

URL: https://www.rawstory.com/
Title: RAW STORY

Search URL Search Domain Scan URL

URL: http://realclearpolitics.com/
Title: REAL CLEAR POLITICS

Search URL Search Domain Scan URL

URL: https://reason.org/
Title: REASON

Search URL Search Domain Scan URL

URL: http://www.rollcall.com/
Title: ROLL CALL

Search URL Search Domain Scan URL

URL: http://www.rollingstone.com/
Title: ROLLING STONE

Search URL Search Domain Scan URL

URL: http://www.salon.com/
Title: SALON

Search URL Search Domain Scan URL

URL: http://www.sfgate.com/chronicle/
Title: SAN FRAN CHRON

Search URL Search Domain Scan URL

URL: https://www.semafor.com/
Title: SEMAFOR

Search URL Search Domain Scan URL

URL: http://news.sky.com/
Title: SKY NEWS

Search URL Search Domain Scan URL

URL: https://news.sky.com/watch-live
Title: LIVE...

Search URL Search Domain Scan URL

URL: http://thesmokinggun.com/
Title: SMOKING GUN

Search URL Search Domain Scan URL

URL: http://www.tmz.com/
Title: TMZ

Search URL Search Domain Scan URL

URL: http://www.dailymail.co.uk/home/index.html
Title: [UK] DAILY MAIL

Search URL Search Domain Scan URL

URL: http://www.dailymail.co.uk/news/headlines/index.html
Title: FEED

Search URL Search Domain Scan URL

URL: http://www.mirror.co.uk/
Title: [UK] DAILY MIRROR

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 18

https://voranda-com.videoplayerhub.com/galleryplayer.js HTTP 301
https://btloader.com/tag?h=voranda-com&upapi=true

79 HTTP transactions
3 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request / Show response
google.4tm.pro/ 24 KB
9 KB 274ms
189ms Document
text/html 176.96.138.219
DATAFOREST

General

Check archive.org

Show headers Download Go to

Full URL

https://google.4tm.pro/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

176.96.138.219 , Germany, ASN58212 (DATAFOREST, DE),

Reverse DNS

v35342.php-friends.de

Software

nginx/1.26.1 /

Resource Hash

ad75267598ee0599d34c08626705f7731527fd0cbb33f7a6742ef7fd0d3f28cf

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Win32"

Response headers

accept-ranges: bytes
cache-control: public, max-age=3
cf-cache-status: REVALIDATED
cf-ray: 893abad6e9a63a88-FRA
content-encoding: br
content-length: 9115
content-type: text/html
date: Fri, 14 Jun 2024 13:40:01 GMT
expires: Fri, 14 Jun 2024 13:37:02 GMT
last-modified: Fri, 14 Jun 2024 13:31:51 GMT
server: nginx/1.26.1
strict-transport-security: max-age=15552000; includeSubDomains; preload
vary: Accept-Encoding,Accept-Encoding
via: 1.1 google

GET
H2 200 jquery.min.js Show response
cdnjs.cloudflare.com/ajax/libs/jquery/3.4.1/ 86 KB
28 KB 44ms
24ms Script
application/javascript 2606:4700::6811:190e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/jquery/3.4.1/jquery.min.js

Requested by

Host: google.4tm.pro
URL: https://google.4tm.pro/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:190e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0925e8ad7bd971391a8b1e98be8e87a6971919eb5b60c196485941c3c1df089a

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://google.4tm.pro/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 14 Jun 2024 13:40:01 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
age: 224276
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 27748
last-modified: Mon, 04 May 2020 16:11:48 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb03ec4-15851"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=wyHvNiJW2rqmIirUh%2FdwEdJAWJ4J8V5%2FcZlpOJoE4H1rQyiRSSxcw0jth5EFS3b1cHrDllLkbPrcdlB2JUOSPPiB6fFZjj%2BpkUuuvuiYuXB5MQppLLYu5ZwjCE4a6%2B049%2FFflmL1DfYe1ObtfLPaUn0x"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 893abad7ee4a39d4-FRA
expires: Wed, 04 Jun 2025 13:40:01 GMT

GET
H2 200 dr.js Show response
eproof.drudgereport.com/ 3 KB
3 KB 318ms
99ms Script
application/javascript 3.232.23.53
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://eproof.drudgereport.com/dr.js
Requested by: Host: google.4tm.pro
URL: https://google.4tm.pro/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.232.23.53 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-232-23-53.compute-1.amazonaws.com
Software: nginx /
Resource Hash: 578cca707de82bd018a1b791b078a49e73bb0e3ebb90d0add3b35a44303bd64a

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://google.4tm.pro/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 14 Jun 2024 13:40:02 GMT
last-modified: Wed, 15 Jan 2020 07:17:03 GMT
server: nginx
accept-ranges: bytes
etag: "5e1ebc6f-cd8"
content-length: 3288
content-type: application/javascript

GET
H2 200 dae-2.3.008.prod.002.min.js Show response
google.4tm.pro/DAE/ 42 KB
12 KB 90ms
88ms Script
text/javascript 176.96.138.219
DATAFOREST

General

Check archive.org

Show headers Download Go to

Full URL

https://google.4tm.pro/DAE/dae-2.3.008.prod.002.min.js

Requested by

Host: google.4tm.pro
URL: https://google.4tm.pro/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

176.96.138.219 , Germany, ASN58212 (DATAFOREST, DE),

Reverse DNS

v35342.php-friends.de

Software

nginx/1.26.1 /

Resource Hash

a30299eaba5a32ae8ee48f649baccc88ff9e1a87e2298dcac903642bc362352d

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://google.4tm.pro/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 14 Jun 2024 13:40:01 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
via: 1.1 google
cf-cache-status: HIT
last-modified: Thu, 16 May 2024 20:50:32 GMT
server: nginx/1.26.1
content-encoding: br
age: 1837
vary: Accept-Encoding
content-type: text/javascript
cache-control: public,
cf-ray: 893abad7e82d39da-FRA

GET
H2 204 pixel.gif
eproof.drudgereport.com/ 0
46 B 318ms
100ms Image
text/plain 3.232.23.53
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://eproof.drudgereport.com/pixel.gif
Requested by: Host: google.4tm.pro
URL: https://google.4tm.pro/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.232.23.53 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-232-23-53.compute-1.amazonaws.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://google.4tm.pro/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 14 Jun 2024 13:40:02 GMT
server: nginx

GET
H2 200 GP_9MNaXUAA9ZDm
pbs.twimg.com/media/ 424 KB
424 KB 82ms
14ms Image
image/png 2606:2800:134:1a0d:1429:742:782:b6
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pbs.twimg.com/media/GP_9MNaXUAA9ZDm?format=png&name=small

Requested by

Host: google.4tm.pro
URL: https://google.4tm.pro/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2606:2800:134:1a0d:1429:742:782:b6 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECS (amb/6BC0) /

Resource Hash

d79815ac8596c2b2f4a39273730207ff260759268665d6db00ab4b4299e6d54b

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://google.4tm.pro/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 14 Jun 2024 13:40:01 GMT
strict-transport-security: max-age=631138519
x-content-type-options: nosniff
age: 41371
x-cache: HIT
server-timing: x-cache;desc= HIT,x-tw-cdn;desc=VZ
content-length: 433880
x-response-time: 239
surrogate-key: media media/bucket/4 media/1801436762171985920
last-modified: Fri, 14 Jun 2024 02:07:27 GMT
server: ECS (amb/6BC0)
x-tw-cdn: VZ
content-type: image/png
access-control-allow-origin: *
x-transaction-id: 26e231ecb1ed0e31
access-control-expose-headers: Content-Length
cache-control: max-age=604800, must-revalidate
perf: 7402827104
x-connection-hash: bd5e9afd602988a4bb4e4ef701d981154a4d261e1ecacefb7f56993c3ab4ea62
accept-ranges: bytes
timing-allow-origin: https://twitter.com, https://mobile.twitter.com

GET
H2 200 logo9.gif
google.4tm.pro/i/ 8 KB
8 KB 52ms
52ms Image
image/gif 176.96.138.219
DATAFOREST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://google.4tm.pro/i/logo9.gif

Requested by

Host: google.4tm.pro
URL: https://google.4tm.pro/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

176.96.138.219 , Germany, ASN58212 (DATAFOREST, DE),

Reverse DNS

v35342.php-friends.de

Software

nginx/1.26.1 /

Resource Hash

3b2daade20481588c06a723ada877e8052c48d56650dd384f95071f579fbc1c1

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://google.4tm.pro/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 14 Jun 2024 13:40:02 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
via: 1.1 google
cf-cache-status: HIT
last-modified: Sun, 25 Feb 2007 13:11:21 GMT
server: nginx/1.26.1
age: 1038926
vary: Accept-Encoding
content-type: image/gif
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 893abad8ac93193b-FRA
content-length: 8173
expires: Mon, 02 Jun 2025 04:48:59 GMT

GET
H2 200 GQB-3k7XcAAoQzJ
pbs.twimg.com/media/ 99 KB
99 KB 14ms
14ms Image
image/jpeg 2606:2800:134:1a0d:1429:742:782:b6
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pbs.twimg.com/media/GQB-3k7XcAAoQzJ?format=jpg&name=medium

Requested by

Host: google.4tm.pro
URL: https://google.4tm.pro/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2606:2800:134:1a0d:1429:742:782:b6 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECS (amb/6B9D) /

Resource Hash

b448a7bf754cb5c60cb117d298e8e96c836277e7f46f34d7e5d6d10369c7c22f

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://google.4tm.pro/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 14 Jun 2024 13:40:02 GMT
strict-transport-security: max-age=631138519
x-content-type-options: nosniff
age: 7416
x-cache: HIT
server-timing: x-cache;desc= HIT,x-tw-cdn;desc=VZ
content-length: 101360
x-response-time: 222
surrogate-key: media media/bucket/2 media/1801579344218779648
last-modified: Fri, 14 Jun 2024 11:34:02 GMT
server: ECS (amb/6B9D)
x-tw-cdn: VZ
content-type: image/jpeg
access-control-allow-origin: *
x-transaction-id: 861cedf22cecd210
access-control-expose-headers: Content-Length
cache-control: max-age=604800, must-revalidate
perf: 7402827104
x-connection-hash: df77bfbde7c9bdeb099129327dfd104340779f00377cb77896a34b9876da8f3b
accept-ranges: bytes
timing-allow-origin: https://twitter.com, https://mobile.twitter.com

GET
H2 200 GP_w4lwWwAA8Vlg
pbs.twimg.com/media/ 85 KB
85 KB 16ms
15ms Image
image/jpeg 2606:2800:134:1a0d:1429:742:782:b6
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pbs.twimg.com/media/GP_w4lwWwAA8Vlg?format=jpg&name=small

Requested by

Host: google.4tm.pro
URL: https://google.4tm.pro/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2606:2800:134:1a0d:1429:742:782:b6 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECS (amb/6B92) /

Resource Hash

a7aec5bca0606b864f2648f131521df624ec7dd59a52a2857bdf00f9034a5195

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://google.4tm.pro/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 14 Jun 2024 13:40:02 GMT
strict-transport-security: max-age=631138519
x-content-type-options: nosniff
age: 44573
x-cache: HIT
server-timing: x-cache;desc= HIT,x-tw-cdn;desc=VZ
content-length: 86606
x-response-time: 222
surrogate-key: media media/bucket/2 media/1801423230969757696
last-modified: Fri, 14 Jun 2024 01:13:41 GMT
server: ECS (amb/6B92)
x-tw-cdn: VZ
content-type: image/jpeg
access-control-allow-origin: *
x-transaction-id: 5e8d3100d1bace77
access-control-expose-headers: Content-Length
cache-control: max-age=604800, must-revalidate
perf: 7402827104
x-connection-hash: 88cbc0a1a97687f5ba4952f423b69a30729dd4d59ee7f8f2143a6eadb3989bac
accept-ranges: bytes
timing-allow-origin: https://twitter.com, https://mobile.twitter.com

GET
H2 200 GP98EZSWwAAUWC2
pbs.twimg.com/media/ 19 KB
19 KB 17ms
14ms Image
image/jpeg 2606:2800:134:1a0d:1429:742:782:b6
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pbs.twimg.com/media/GP98EZSWwAAUWC2?format=jpg&name=360x360

Requested by

Host: google.4tm.pro
URL: https://google.4tm.pro/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2606:2800:134:1a0d:1429:742:782:b6 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECS (amb/6BC6) /

Resource Hash

eaf171d9d66eb07c281e81a01117bda361bf5873914fca3002a7374dba85b83e

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://google.4tm.pro/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 14 Jun 2024 13:40:02 GMT
strict-transport-security: max-age=631138519
x-content-type-options: nosniff
age: 75257
x-cache: HIT
server-timing: x-cache;desc= HIT,x-tw-cdn;desc=VZ
content-length: 19588
x-response-time: 211
surrogate-key: media media/bucket/2 media/1801294790920683520
last-modified: Thu, 13 Jun 2024 16:43:19 GMT
server: ECS (amb/6BC6)
x-tw-cdn: VZ
content-type: image/jpeg
access-control-allow-origin: *
x-transaction-id: efa3d6419f5b4c3d
access-control-expose-headers: Content-Length
cache-control: max-age=604800, must-revalidate
perf: 7402827104
x-connection-hash: b8461518f86139d795b49b37e4e9d5e5a9ff1c1cbaba7d2c739ad93343f6bb18
accept-ranges: bytes
timing-allow-origin: https://twitter.com, https://mobile.twitter.com

GET
H2 200 GP-Da4jWYAE_fHe
pbs.twimg.com/media/ 46 KB
47 KB 18ms
15ms Image
image/jpeg 2606:2800:134:1a0d:1429:742:782:b6
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pbs.twimg.com/media/GP-Da4jWYAE_fHe?format=jpg&name=small

Requested by

Host: google.4tm.pro
URL: https://google.4tm.pro/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2606:2800:134:1a0d:1429:742:782:b6 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECS (amb/6B7F) /

Resource Hash

6464b0ce594b8f0d9a9a366476c053b57943bb0e5705254ee631b32a09f8acc5

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://google.4tm.pro/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 14 Jun 2024 13:40:02 GMT
strict-transport-security: max-age=631138519
x-content-type-options: nosniff
age: 73302
x-cache: HIT
server-timing: x-cache;desc= HIT,x-tw-cdn;desc=VZ
content-length: 47470
x-response-time: 222
surrogate-key: media media/bucket/4 media/1801302873851977729
last-modified: Thu, 13 Jun 2024 17:15:26 GMT
server: ECS (amb/6B7F)
x-tw-cdn: VZ
content-type: image/jpeg
access-control-allow-origin: *
x-transaction-id: ae5031881b696a2d
access-control-expose-headers: Content-Length
cache-control: max-age=604800, must-revalidate
perf: 7402827104
x-connection-hash: af25c81eff214391e31b450ad1d247be8519d42ad7100cf1ccc0463ce777666a
accept-ranges: bytes
timing-allow-origin: https://twitter.com, https://mobile.twitter.com

GET
H2 200 GQCXpf2XwAAXzEt
pbs.twimg.com/media/ 19 KB
19 KB 17ms
13ms Image
image/jpeg 2606:2800:134:1a0d:1429:742:782:b6
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pbs.twimg.com/media/GQCXpf2XwAAXzEt?format=jpg&name=360x360

Requested by

Host: google.4tm.pro
URL: https://google.4tm.pro/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2606:2800:134:1a0d:1429:742:782:b6 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECS (amb/6B8A) /

Resource Hash

5027cec360a3414774abf18bd8b750aae251a0ab718b0717444fdb36d6e82ea3

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://google.4tm.pro/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 14 Jun 2024 13:40:02 GMT
strict-transport-security: max-age=631138519
x-content-type-options: nosniff
age: 917
x-cache: HIT
server-timing: x-cache;desc= HIT,x-tw-cdn;desc=VZ
content-length: 19242
x-response-time: 224
surrogate-key: media media/bucket/0 media/1801606590128177152
last-modified: Fri, 14 Jun 2024 13:22:17 GMT
server: ECS (amb/6B8A)
x-tw-cdn: VZ
content-type: image/jpeg
access-control-allow-origin: *
x-transaction-id: 111f319e577e488c
access-control-expose-headers: Content-Length
cache-control: max-age=604800, must-revalidate
perf: 7402827104
x-connection-hash: dbc141652f2d81701389efa626a06d941bc9dcf450c2e5ceda7b9a082fdd893d
accept-ranges: bytes
timing-allow-origin: https://twitter.com, https://mobile.twitter.com

GET
H2 200 GP-wlVHWsAAfS3z
pbs.twimg.com/media/ 128 KB
128 KB 17ms
14ms Image
image/jpeg 2606:2800:134:1a0d:1429:742:782:b6
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pbs.twimg.com/media/GP-wlVHWsAAfS3z?format=jpg&name=small

Requested by

Host: google.4tm.pro
URL: https://google.4tm.pro/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2606:2800:134:1a0d:1429:742:782:b6 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECS (amb/6B84) /

Resource Hash

7e8fac53bca3a3b7be42581ae8a313acdecd877a34710a835ddcdfbb1ddb0006

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://google.4tm.pro/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 14 Jun 2024 13:40:02 GMT
strict-transport-security: max-age=631138519
x-content-type-options: nosniff
age: 60889
x-cache: HIT
server-timing: x-cache;desc= HIT,x-tw-cdn;desc=VZ
content-length: 130610
x-response-time: 210
surrogate-key: media media/bucket/3 media/1801352531341127680
last-modified: Thu, 13 Jun 2024 20:32:45 GMT
server: ECS (amb/6B84)
x-tw-cdn: VZ
content-type: image/jpeg
access-control-allow-origin: *
x-transaction-id: b118e01752cf674e
access-control-expose-headers: Content-Length
cache-control: max-age=604800, must-revalidate
perf: 7402827104
x-connection-hash: 9e26845c4aeed701591ed4eac9538c588f8c8fc9219e620d09a2e2bad3ddf3d9
accept-ranges: bytes
timing-allow-origin: https://twitter.com, https://mobile.twitter.com

GET
H2 200 js.js Show response
v7.eproof.com/ 26 KB
27 KB 65ms
17ms Script
application/javascript 108.138.36.87
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://v7.eproof.com/js.js
Requested by: Host: google.4tm.pro
URL: https://google.4tm.pro/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 108.138.36.87 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-108-138-36-87.muc50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 8cdd66d9a406bca0e0efaec30bb100a0036807c94c76378c71828a91020b04c7

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://google.4tm.pro/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-amz-version-id: kOkMoOTfO0cqawrMdNSgufNq72yZujLp
date: Fri, 14 Jun 2024 13:39:51 GMT
via: 1.1 c807be9a1ebef174d61ebd59fb655d20.cloudfront.net (CloudFront)
last-modified: Tue, 28 May 2024 19:01:58 GMT
server: AmazonS3
x-amz-cf-pop: MUC50-P2
age: 121
x-amz-server-side-encryption: AES256
etag: "988abe00fb4ce83151b27d8421c8e01e"
x-cache: Hit from cloudfront
content-type: application/javascript
accept-ranges: bytes
content-length: 26997
x-amz-cf-id: L4dJEKR8FBzwyHayLzkJMqOdeJDDgyrcnJ-GBg6wbUQpWJMRpkHiTw==

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 305 KB
101 KB 71ms
46ms Script
application/javascript 2a00:1450:4001:82f::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-FS8TY9PHEM

Requested by

Host: google.4tm.pro
URL: https://google.4tm.pro/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

54dd51f33cf7b893fbcb4d348be6debd667681d742fbb227dac3a24c031eaaec

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://google.4tm.pro/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 14 Jun 2024 13:40:02 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 103700
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Fri, 14 Jun 2024 13:40:02 GMT

GET
H2 204 204.png
google.4tm.pro/ 0
207 B 46ms
43ms Image
text/plain 176.96.138.219
DATAFOREST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://google.4tm.pro/204.png

Requested by

Host: google.4tm.pro
URL: https://google.4tm.pro/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

176.96.138.219 , Germany, ASN58212 (DATAFOREST, DE),

Reverse DNS

v35342.php-friends.de

Software

nginx/1.26.1 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://google.4tm.pro/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 14 Jun 2024 13:40:02 GMT
via: 1.1 google
cf-cache-status: HIT
server: nginx/1.26.1
strict-transport-security: max-age=15552000; includeSubDomains; preload
age: 78412
vary: Accept-Encoding
cache-control: s-maxage=86400, max-age=4
cf-ray: 893abad9ed9ba058-FRA

GET
H2 200 21336_drudgeReport_exp.13.js Show response
ads.rubiconproject.com/prebid/ 493 KB
139 KB 36ms
8ms Script
text/javascript 23.201.255.110
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.rubiconproject.com/prebid/21336_drudgeReport_exp.13.js
Requested by: Host: google.4tm.pro
URL: https://google.4tm.pro/DAE/dae-2.3.008.prod.002.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.201.255.110 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-201-255-110.deploy.static.akamaitechnologies.com
Software: Apache/2.4.37 (rocky) OpenSSL/1.1.1k /
Resource Hash: a467d8d55c3db175fd8f5375a4e5f24ad392cc0b651b1b2602fa7d1e464b7911

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://google.4tm.pro/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 14 Jun 2024 13:40:02 GMT
content-encoding: gzip
last-modified: Fri, 22 Mar 2024 16:20:25 GMT
server: Apache/2.4.37 (rocky) OpenSSL/1.1.1k
vary: Accept-Encoding
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
content-length: 142550
expires: Fri, 14 Jun 2024 13:40:02 GMT

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 178 KB
65 KB 59ms
35ms Script
application/javascript 2a00:1450:4001:82f::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-W67R9Z5V

Requested by

Host: google.4tm.pro
URL: https://google.4tm.pro/DAE/dae-2.3.008.prod.002.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

d3f81e22348411d983f496342d5d0c5836d38de13d1cc2d76f7c955f68b78de0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://google.4tm.pro/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 14 Jun 2024 13:40:02 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 65911
x-xss-protection: 0
last-modified: Fri, 14 Jun 2024 12:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Fri, 14 Jun 2024 13:40:02 GMT

GET
H2 200 gpt.js Show response
www.googletagservices.com/tag/js/ 96 KB
30 KB 90ms
51ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/tag/js/gpt.js

Requested by

Host: google.4tm.pro
URL: https://google.4tm.pro/DAE/dae-2.3.008.prod.002.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

61d63ce2e7d0431f0829270850e58b7259f48331933a6da2f34a572fc3c9632e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://google.4tm.pro/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 14 Jun 2024 13:40:02 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 30750
x-xss-protection: 0
server: cafe
etag: 143 / 19888 / 31084584 / config-hash: 13880094907017481449
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
expires: Fri, 14 Jun 2024 13:40:02 GMT

GET
H2

200

tag Show response
btloader.com/
Redirect Chain

https://voranda-com.videoplayerhub.com/galleryplayer.js
https://btloader.com/tag?h=voranda-com&upapi=true

55 KB
19 KB

52ms
26ms

Script
application/javascript

2606:4700:10::ac43:293c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://btloader.com/tag?h=voranda-com&upapi=true
Requested by: Host: google.4tm.pro
URL: https://google.4tm.pro/
Protocol: H2
Server: 2606:4700:10::ac43:293c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 740056d4748bfe11732c224f94eb3b3d053b6b31ff50f19bbf02e601f3cba6f5

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer: https://google.4tm.pro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Fri, 14 Jun 2024 13:40:02 GMT
content-encoding: gzip
via: 1.1 google
cf-cache-status: HIT
last-modified: Fri, 14 Jun 2024 13:34:10 GMT
server: cloudflare
age: 186
etag: "9b125520786278463c77b11fdd1d021d"
vary: Origin, Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=300, must-revalidate, stale-if-error=3600, stale-while-revalidate=300
accept-ranges: bytes
cf-ray: 893abada9a894d5a-FRA
content-length: 18766

Redirect headers

date: Fri, 14 Jun 2024 13:40:02 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=dW7Uaf0jGwBVHsKIFQYscCP2nVWXj8C2XaXy1z89pe%2BSs5WT6HYdNDnsBk4yS%2F%2BmGX42HaUMt5sG84lG5FOJni9MWdyisDyWXhJEgtrAdq2VLAuNPis0Agr5jTPjL9sz8kWox3XEAFHIFiLqEArY9%2FlfXSu2CEYqshUpMw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/html
location: https://btloader.com/tag?h=voranda-com&upapi=true
cache-control: max-age=3600
cf-ray: 893abada1aae2c7e-FRA
content-length: 167
expires: Fri, 14 Jun 2024 14:40:02 GMT

GET
H2 200 1x1_gs.gif
eproof.drudgereport.com/ 799 B
1004 B 104ms
103ms Image
image/gif 3.232.23.53
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://eproof.drudgereport.com/1x1_gs.gif?s=1&ui=df8ccbd1-a046-4f7d-bf5a-4519bc298479&fp=1709862270491163&rfr=&host=https%3A%2F%2Fgoogle.4tm.pro%2F&sc=0.34365317097071957
Requested by: Host: google.4tm.pro
URL: https://google.4tm.pro/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.232.23.53 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-232-23-53.compute-1.amazonaws.com
Software: nginx /
Resource Hash: 2bf0666f595c0c0b178fdc7d948ea78ce3e21d7c9b3fa983033bdab4290424ba

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://google.4tm.pro/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 14 Jun 2024 13:40:02 GMT
last-modified: Sat, 15 Sep 2018 17:23:05 GMT
server: nginx
etag: "5b9d3ff9-31f"
content-type: image/gif
cache-control: public, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
accept-ranges: bytes
content-length: 799

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 305 KB
101 KB 31ms
31ms Script
application/javascript 2a00:1450:4001:82f::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-FS8TY9PHEM&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-W67R9Z5V

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

7761ce48f1c7dd533780bfdb758b9e915d51a8bd13548bee71f18add4527d05e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://google.4tm.pro/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 14 Jun 2024 13:40:02 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 103731
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Fri, 14 Jun 2024 13:40:02 GMT

GET
H3 200 pubads_impl.js Show response
securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202406110101/ 463 KB
144 KB 42ms
7ms Script
text/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202406110101/pubads_impl.js?cb=31084584

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b2f25671517f19b9c477ca58527ed79a2f3902d04de4d0032c91caede08c885f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://google.4tm.pro/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 14 Jun 2024 08:17:16 GMT
content-encoding: br
x-content-type-options: nosniff
age: 19366
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 147307
x-xss-protection: 0
server: cafe
etag: 17342946017096099043
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, immutable, max-age=31536000
timing-allow-origin: *
expires: Sat, 14 Jun 2025 08:17:16 GMT

GET
H3 200 ppub_config Show response
securepubads.g.doubleclick.net/pagead/ 62 B
70 B 75ms
41ms XHR
application/json 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/ppub_config?ippd=google.4tm.pro

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0111528b4b6ac3b4dda0553fdc78062580ae1fe261d8294866a636202da1a8d0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://google.4tm.pro/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 14 Jun 2024 13:40:02 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private, max-age=3600, stale-while-revalidate=3600
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 46
x-xss-protection: 0
expires: Fri, 14 Jun 2024 13:40:02 GMT

GET
H3 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ 156 KB
51 KB 85ms
55ms Script
text/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-6978513048441664

Requested by

Host: google.4tm.pro
URL: https://google.4tm.pro/DAE/dae-2.3.008.prod.002.min.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f7b4314b4075a0d95e06ed6ede5d4b9d3c4d1517c784608d0f5d9ebb917f8d73

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://google.4tm.pro/
Origin: https://google.4tm.pro
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 14 Jun 2024 13:40:02 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 52015
x-xss-protection: 0
server: cafe
etag: 6735607351890675046
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
link: <https://googleads.g.doubleclick.net>; rel="preconnect"; crossorigin
expires: Fri, 14 Jun 2024 13:40:02 GMT

POST
H2 204 collect
region1.google-analytics.com/g/ 0
253 B 61ms
14ms Ping
text/plain 2001:4860:4802:34::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.google-analytics.com/g/collect?v=2&tid=G-FS8TY9PHEM&gtm=45je46c0v9184138523za200zb9173958392&_p=1718372402203&gcd=13l3l3l2l1&npa=1&dma_cps=sypham&dma=1&tag_exp=0&cid=428041344.1718372402&ul=de-de&sr=1600x1200&uaa=x86&uab=64&uafvl=Not%252FA)Brand%3B8.0.0.0%7CChromium%3B126.0.6478.55%7CGoogle%2520Chrome%3B126.0.6478.55&uamb=0&uam=&uap=Win32&uapv=10.0.0&uaw=0&are=1&frm=0&pscdl=noapi&_s=1&sid=1718372402&sct=1&seg=0&dl=https%3A%2F%2Fgoogle.4tm.pro%2F&dt=DRUDGE%20REPORT%202024%C2%AE&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1&tfd=777
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-FS8TY9PHEM
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://google.4tm.pro/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Fri, 14 Jun 2024 13:40:02 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://google.4tm.pro
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 204 state Show response
api.btloader.com/mw/ 0
101 B 169ms
117ms Fetch 130.211.23.194
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://api.btloader.com/mw/state?bt_env=prod
Requested by: Host: voranda-com.videoplayerhub.com
URL: https://voranda-com.videoplayerhub.com/galleryplayer.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 130.211.23.194 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 194.23.211.130.bc.googleusercontent.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://google.4tm.pro/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

access-control-allow-origin: *
date: Fri, 14 Jun 2024 13:40:02 GMT
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
vary: Origin

GET
H2 200 px.gif
ad-delivery.net/ 43 B
926 B 81ms
41ms Image
image/gif 2606:4700:20::681a:246
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ad-delivery.net/px.gif?ch=2
Requested by: Host: google.4tm.pro
URL: https://google.4tm.pro/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:246 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://google.4tm.pro/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 14 Jun 2024 13:40:02 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 1606564
x-guploader-uploadid: ABPtcPoLbuQxY31rmHs8vSbk4rwXXzwM351mFCwTp3TeQ0U33LMMOQSrtKknT2jOKXXGPpXspWptbN1wPA
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 5
x-goog-stored-content-encoding: identity
content-length: 43
last-modified: Wed, 05 May 2021 19:25:32 GMT
server: cloudflare
etag: "ad4b0f606e0f8465bc4c4c170b37e1a3"
vary: Accept-Encoding
x-goog-generation: 1620242732037093
content-type: image/gif
access-control-allow-origin: *
x-goog-hash: crc32c=cpEfJQ==, md5=rUsPYG4PhGW8TEwXCzfhow==
access-control-expose-headers: *, Content-Length, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace
cache-control: public, max-age=86400
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=a%2F67nKCkH8In3yHNmQLBhbjvEm3B7LHfvdYZThhc4Ykh27m3703Ts0ydmnxqk%2BEbFMIHqDEpMGC2%2FdOynIgqiMLaUXKIDPgzEDjUN5JbWQy2VN%2BjeD%2Fex2wtU2%2FcHA9SonfQxze%2B1oQbXoW4gg%3D%3D"}],"group":"cf-nel","max_age":604800}
x-goog-stored-content-length: 43
accept-ranges: bytes
cf-ray: 893abadb4d39910d-FRA
expires: Mon, 27 May 2024 00:03:40 GMT

GET
H3 200 favicon.ico
ad.doubleclick.net/ 1 KB
130 B 58ms
7ms Image
image/x-icon 172.217.18.102
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ad.doubleclick.net/favicon.ico?ad=300x250&ad_box_=1&adnet=1&showad=1&size=250x250

Requested by

Host: google.4tm.pro
URL: https://google.4tm.pro/

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.18.102 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

zrh04s05-in-f102.1e100.net

Software

sffe /

Resource Hash

d961b08e4321250926de6f79087594975fe20ad1518de8f91eb711af5d1a6ef8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://google.4tm.pro/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 14 Jun 2024 08:33:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 18368
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 104
x-xss-protection: 0
last-modified: Tue, 08 May 2012 13:08:06 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/x-icon
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 15 Jun 2024 08:33:54 GMT

GET
H2 200 px.gif
ad-delivery.net/ 43 B
334 B 84ms
45ms Image
image/gif 2606:4700:20::681a:246
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ad-delivery.net/px.gif?ch=1&e=0.5933040548942423
Requested by: Host: google.4tm.pro
URL: https://google.4tm.pro/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:246 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://google.4tm.pro/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 14 Jun 2024 13:40:02 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 1606564
x-guploader-uploadid: ABPtcPoLbuQxY31rmHs8vSbk4rwXXzwM351mFCwTp3TeQ0U33LMMOQSrtKknT2jOKXXGPpXspWptbN1wPA
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 5
x-goog-stored-content-encoding: identity
content-length: 43
last-modified: Wed, 05 May 2021 19:25:32 GMT
server: cloudflare
etag: "ad4b0f606e0f8465bc4c4c170b37e1a3"
vary: Accept-Encoding
x-goog-generation: 1620242732037093
content-type: image/gif
access-control-allow-origin: *
x-goog-hash: crc32c=cpEfJQ==, md5=rUsPYG4PhGW8TEwXCzfhow==
access-control-expose-headers: *, Content-Length, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace
cache-control: public, max-age=86400
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=NPuilS03Pv1LHY4n4I8xBOBhZLMwhARkiOgDUIIrzh2G6XuT6fpcp9Ul5IaaraTcZ68FPbsjntr7dkRyvB9BEQmnTgdSMHqkNYUKus3Hss367NnsAqzIHutCEHjSuk92%2FRkoBtto9rpsNH53eg%3D%3D"}],"group":"cf-nel","max_age":604800}
x-goog-stored-content-length: 43
accept-ranges: bytes
cf-ray: 893abadb4d40910d-FRA
expires: Mon, 27 May 2024 00:03:40 GMT

GET
H3 200 slotcar_library_fy2021.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202406110101/ 92 KB
32 KB 64ms
49ms Script
text/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202406110101/slotcar_library_fy2021.js

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-6978513048441664

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d9977264b13f72c18c58a795480392e67138c70789c15193199e80bcd451e7cd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://google.4tm.pro/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 14 Jun 2024 13:40:02 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 32606
x-xss-protection: 0
server: cafe
etag: 9202694608296895164
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=1209600
timing-allow-origin: *
expires: Fri, 14 Jun 2024 13:40:02 GMT

GET
H3 200 show_ads_impl_with_ama_fy2021.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202406110101/ 426 KB
144 KB 73ms
60ms Script
text/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202406110101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-6978513048441664&plah=google.4tm.pro&aplac=true

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-6978513048441664

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

bbd65a49d89c52df423dccdc70ea629b2fa133bf85dd355d6ad4ca7a48b3e8f9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://google.4tm.pro/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 14 Jun 2024 13:40:02 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 147280
x-xss-protection: 0
server: cafe
etag: 16936157911276283906
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Fri, 14 Jun 2024 13:40:02 GMT

GET
H3 200 zrt_lookup_fy2021.html
pagead2.googlesyndication.com/pagead/html/r20240612/r20110914/ Frame 98B4 0
0 31ms
8ms Document
text/html 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/html/r20240612/r20110914/zrt_lookup_fy2021.html

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202406110101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-6978513048441664&plah=google.4tm.pro&aplac=true

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer: https://google.4tm.pro/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Win32"

Response headers

age: 63671
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4165
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 13 Jun 2024 19:58:51 GMT
etag: 16861080603521627538
expires: Thu, 27 Jun 2024 19:58:51 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 403 ads
pagead2.googlesyndication.com/pagead/ Frame EDB9 0
0 80ms
64ms Document
text/html 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/ads?ltd_cs=1&client=ca-pub-6978513048441664&output=html&adk=1812271804&adf=3025194257&abgtt=6&lmt=1718371911&plat=9%3A134250504%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C41%3A32%2C42%3A32&plas=500x945_l%7C500x945_r&format=0x0&url=https%3A%2F%2Fgoogle.4tm.pro%2F&pra=5&wgl=1&easpi=1&aihb=0&asro=0&ailel=28~31~27~1~2~4~6~7~8~9~10~11~12~13~14~15~16~17~18~19~20~21~24&aiael=28~31~27~1~2~4~6~7~8~9~10~11~12~13~14~15~16~17~18~19~20~21~24&aifxl=28_13~31_3~27_14&aiixl=28_4~31_8~27_3&aslmct=0.7&asamct=0.7&itsi=-1&uach=WyJXaW4zMiIsIjEwLjAuMCIsIng4NiIsIiIsIjEyNi4wLjY0NzguNTUiLG51bGwsMCxudWxsLCI2NCIsW1siTm90L0EpQnJhbmQiLCI4LjAuMC4wIl0sWyJDaHJvbWl1bSIsIjEyNi4wLjY0NzguNTUiXSxbIkdvb2dsZSBDaHJvbWUiLCIxMjYuMC42NDc4LjU1Il1dLDBd&dt=1718372402460&bpp=3&bdt=583&idt=164&shv=r20240612&mjsv=m202406110101&ptt=9&saldr=aa&abxe=1&eoidce=1&nras=1&correlator=7581917827059&frm=20&pv=2&ga_vid=428041344.1718372402&ga_sid=1718372403&ga_hid=1081046166&ga_fc=1&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C95331696%2C95332585%2C95334508%2C95334529%2C95334566%2C95334570%2C95334581%2C95334819%2C95334054%2C95335290%2C31078663%2C31078668%2C31078670&oid=2&pvsid=3352996217046290&tmod=386547264&uas=0&nvt=1&fsapi=1&fc=1920&brdim=1570%2C1170%2C1570%2C1170%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&bz=1&nt=1&ifi=1&uci=a!1&fsb=1&dtd=180

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer: https://google.4tm.pro/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Win32"

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: br
content-length: 46
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 14 Jun 2024 13:40:02 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

POST
H3 204 ping
pagead2.googlesyndication.com/pagead/ 0
0 167ms
167ms Fetch
text/html 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://pagead2.googlesyndication.com/pagead/ping?e=1
Requested by: Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-6978513048441664
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
sec-ch-ua-platform: "Win32"
Referer: https://google.4tm.pro/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

GET is_in_ca
api.drudgereport.com/ 0
0

GET
H3 200 ads Show response
pagead2.googlesyndication.com/gampad/ 62 KB
13 KB 356ms
356ms Fetch
text/plain 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/gampad/ads?pvsid=3352996217046290&correlator=3551189155315446&hxva=1&scor=1912139377551850&eid=31079957%2C31083345%2C31084400%2C31084450%2C31084570%2C31084584%2C31084215%2C31078663%2C31078668%2C31078670&output=ldjh&gdfp_req=1&vrg=202406110101&ptt=17&impl=fif&ltd_cs=1&tfua=0&tfcd=0&iu_parts=218243714%2CDAE-Parent%2CDAE-INJECT-ABOVE-CONTENT-1&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=970x250%7C970x90%7C728x90%7C336x280%7C320x100%7C320x50%7C300x31%7C300x50%7C300x250%7C300x100%7C300x75%7C292x30%7C250x250%7C250x360%7C240x133%7C234x60%7C220x90%7C216x54%7C216x36%7C200x200%7C180x150%7C168x28%7C168x42%7C128x42%7C125x125%7C120x240%7C120x60%7C120x20%7C120x90%7C120x30%7C88x31%7C72x90&ifi=2&sfv=1-0-40&eri=1&sc=1&abxe=1&dt=1718372403089&lmt=1718371911&adxs=128&adys=8&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=0&ucis=1&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&u_tz=120&dmc=8&bc=31&nvt=1&uach=WyJXaW4zMiIsIjEwLjAuMCIsIng4NiIsIiIsIjEyNi4wLjY0NzguNTUiLG51bGwsMCxudWxsLCI2NCIsW1siTm90L0EpQnJhbmQiLCI4LjAuMC4wIl0sWyJDaHJvbWl1bSIsIjEyNi4wLjY0NzguNTUiXSxbIkdvb2dsZSBDaHJvbWUiLCIxMjYuMC42NDc4LjU1Il1dLDBd&url=https%3A%2F%2Fgoogle.4tm.pro%2F&vis=1&psz=1568x300&msz=970x300&fws=0&ohw=0&topics=5&tps=5&htps=5&nt=1&psd=WzE0LG51bGwsbnVsbCwzXQ..&dlt=1718372401877&idt=540&cust_params=vis%3Dvisible%26page%3Dlive&adks=1581459292&frm=20

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202406110101/pubads_impl.js?cb=31084584

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e705aa0b6b9d668ee29f5b69a82773d342ea9e227eddeec72ebcf4c6dbeafb74

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://google.4tm.pro/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 14 Jun 2024 13:40:03 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13622
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://google.4tm.pro
access-control-expose-headers: x-google-amp-ad-validated-version
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
pagead2.googlesyndication.com/gampad/ 446 B
198 B 293ms
291ms Fetch
text/plain 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/gampad/ads?pvsid=3352996217046290&correlator=4117334580184069&hxva=1&scor=1912139377551850&eid=31079957%2C31083345%2C31084400%2C31084450%2C31084570%2C31084584%2C31084215%2C31078663%2C31078668%2C31078670&output=ldjh&gdfp_req=1&vrg=202406110101&ptt=17&impl=fif&ltd_cs=1&tfua=0&tfcd=0&iu_parts=218243714%2CDR-Desktop-Left-1-AT&enc_prev_ius=%2F0%2F1&prev_iu_szs=200x200%7C336x280%7C125x125%7C250x250%7C300x600%7C300x250%7C160x600&ifi=3&sfv=1-0-40&eri=1&sc=1&abxe=1&dt=1718372403098&lmt=1718371911&adxs=13&adys=1780&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=1&ucis=2&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&u_tz=120&dmc=8&bc=31&nvt=1&uach=WyJXaW4zMiIsIjEwLjAuMCIsIng4NiIsIiIsIjEyNi4wLjY0NzguNTUiLG51bGwsMCxudWxsLCI2NCIsW1siTm90L0EpQnJhbmQiLCI4LjAuMC4wIl0sWyJDaHJvbWl1bSIsIjEyNi4wLjY0NzguNTUiXSxbIkdvb2dsZSBDaHJvbWUiLCIxMjYuMC42NDc4LjU1Il1dLDBd&url=https%3A%2F%2Fgoogle.4tm.pro%2F&vis=1&psz=512x0&msz=512x0&fws=0&ohw=0&topics=5&tps=5&htps=5&nt=1&psd=WzE0LG51bGwsbnVsbCwzXQ..&dlt=1718372401877&idt=540&cust_params=vis%3Dvisible%26page%3Dlive&adks=2671990556&frm=20

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202406110101/pubads_impl.js?cb=31084584

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

5fab0392638abe0b7c80c524963c8f2e82dc2eb32e7444be2a122adea59127d6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://google.4tm.pro/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 14 Jun 2024 13:40:03 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 169
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://google.4tm.pro
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
pagead2.googlesyndication.com/gampad/ 48 KB
18 KB 402ms
397ms Fetch
text/plain 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/gampad/ads?pvsid=3352996217046290&correlator=1226165110963966&hxva=1&scor=1912139377551850&eid=31079957%2C31083345%2C31084400%2C31084450%2C31084570%2C31084584%2C31084215%2C31078663%2C31078668%2C31078670&output=ldjh&gdfp_req=1&vrg=202406110101&ptt=17&impl=fif&ltd_cs=1&tfua=0&tfcd=0&iu_parts=218243714%2CDR-Desktop-Center-1-AT&enc_prev_ius=%2F0%2F1&prev_iu_szs=160x600%7C300x600%7C300x250%7C200x200%7C336x280%7C250x250%7C125x125&ifi=4&sfv=1-0-40&eri=1&sc=1&abxe=1&dt=1718372403101&lmt=1718371911&adxs=544&adys=2087&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=2&ucis=3&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&u_tz=120&dmc=8&bc=31&nvt=1&uach=WyJXaW4zMiIsIjEwLjAuMCIsIng4NiIsIiIsIjEyNi4wLjY0NzguNTUiLG51bGwsMCxudWxsLCI2NCIsW1siTm90L0EpQnJhbmQiLCI4LjAuMC4wIl0sWyJDaHJvbWl1bSIsIjEyNi4wLjY0NzguNTUiXSxbIkdvb2dsZSBDaHJvbWUiLCIxMjYuMC42NDc4LjU1Il1dLDBd&url=https%3A%2F%2Fgoogle.4tm.pro%2F&vis=1&psz=512x0&msz=512x0&fws=0&ohw=0&topics=5&tps=5&htps=5&nt=1&psd=WzE0LG51bGwsbnVsbCwzXQ..&dlt=1718372401877&idt=540&cust_params=vis%3Dvisible%26page%3Dlive&adks=746582607&frm=20

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202406110101/pubads_impl.js?cb=31084584

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

bc5b255adb5c0eb3244e3512511359088246423a72bc89e2250608013e000370

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://google.4tm.pro/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 14 Jun 2024 13:40:03 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 18642
x-xss-protection: 0
google-lineitem-id: 6695392475
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: 138469570879
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://google.4tm.pro
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
pagead2.googlesyndication.com/gampad/ 48 KB
18 KB 73ms
67ms Fetch
text/plain 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/gampad/ads?pvsid=3352996217046290&correlator=3724587074066673&hxva=1&scor=1912139377551850&eid=31079957%2C31083345%2C31084400%2C31084450%2C31084570%2C31084584%2C31084215%2C31078663%2C31078668%2C31078670&output=ldjh&gdfp_req=1&vrg=202406110101&ptt=17&impl=fif&ltd_cs=1&tfua=0&tfcd=0&iu_parts=218243714%2CDR-Desktop-Right-1-AT&enc_prev_ius=%2F0%2F1&prev_iu_szs=125x125%7C250x250%7C160x600%7C300x600%7C200x200%7C300x250%7C336x280&ifi=5&sfv=1-0-40&eri=1&sc=1&abxe=1&dt=1718372403112&lmt=1718371911&adxs=1075&adys=1887&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=3&ucis=4&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&u_tz=120&dmc=8&bc=31&nvt=1&uach=WyJXaW4zMiIsIjEwLjAuMCIsIng4NiIsIiIsIjEyNi4wLjY0NzguNTUiLG51bGwsMCxudWxsLCI2NCIsW1siTm90L0EpQnJhbmQiLCI4LjAuMC4wIl0sWyJDaHJvbWl1bSIsIjEyNi4wLjY0NzguNTUiXSxbIkdvb2dsZSBDaHJvbWUiLCIxMjYuMC42NDc4LjU1Il1dLDBd&url=https%3A%2F%2Fgoogle.4tm.pro%2F&vis=1&psz=512x0&msz=512x0&fws=0&ohw=0&topics=5&tps=5&htps=5&nt=1&psd=WzE0LG51bGwsbnVsbCwzXQ..&dlt=1718372401877&idt=540&cust_params=vis%3Dvisible%26page%3Dlive&adks=1171182711&frm=20

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202406110101/pubads_impl.js?cb=31084584

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

5d789306a0d6412cde75ef4bd9cd59cec53a26e4bcc67732e81d75807282d5aa

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://google.4tm.pro/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 14 Jun 2024 13:40:03 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 18479
x-xss-protection: 0
google-lineitem-id: 6692376396
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: 138468994937
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://google.4tm.pro
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html
86b467f5da61b2b2664981642af54d96.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 22CB 0
0 122ms
14ms Document
text/html 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://86b467f5da61b2b2664981642af54d96.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202406110101/pubads_impl.js?cb=31084584

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer: https://google.4tm.pro/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Win32"

Response headers

accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=300
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Fri, 14 Jun 2024 13:40:03 GMT
expires: Fri, 14 Jun 2024 13:40:03 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 logo9.gif
v7.eproof.com/ 8 KB
8 KB 19ms
13ms Image
image/gif 108.138.36.87
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://v7.eproof.com/logo9.gif
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 108.138.36.87 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-108-138-36-87.muc50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 3b2daade20481588c06a723ada877e8052c48d56650dd384f95071f579fbc1c1

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://google.4tm.pro/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-amz-version-id: DO0C1TqKgLzshIo87aQ4811e1Ov5gaId
date: Fri, 14 Jun 2024 07:39:43 GMT
via: 1.1 c807be9a1ebef174d61ebd59fb655d20.cloudfront.net (CloudFront)
last-modified: Thu, 16 May 2024 16:55:49 GMT
server: AmazonS3
x-amz-cf-pop: MUC50-P2
age: 21709
x-amz-server-side-encryption: AES256
etag: "2e941b046c6f9527a8ad00c26d532d83"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: image/gif
accept-ranges: bytes
content-length: 8173
x-amz-cf-id: EwD8jYUhVp8Sv3IOcVSPlbjdJbWSxbDPwWcYYXtuFLFk-MQ_sOgWog==

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 17 KB
12 KB 79ms
79ms XHR
application/json 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20240612&st=env

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

515c00e5473933dbcaa7096f107cd863c351033fe2963caad690af66f35aaaeb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://google.4tm.pro/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 14 Jun 2024 13:40:03 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 12762
x-xss-protection: 0

GET
H3 200 view
pagead2.googlesyndication.com/pcs/ Frame 7ED2 0
0 53ms
53ms Fetch
image/gif 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/view?xai=AKAOjsubQJlo4TRfmdHiBCQxGn179dWA98LGyH_uFVhfVjxrqSfBV3-rpbluvnGgKiGAhsyw6aZdCQfRiENfY9EL3l7QMJeseaGDmozx4cIE0Ic05AkggvJJuHNgagBGgft_I-_63MuBOXM04eS7vxsyZtAGIyrFNhLSIl3fEsg8kPtos2__D-OI28USNwhM_8PvNCcnuVS_OtaFGvpu6rBe6qfhl-Q8nVgRlVdITkijo-wXQTQVMmC8vqgDJVtxk0FWvgWwYHWu7lu4qE5XOJv0CNKQdFRlc0gqHo5p5fsRdniAxIIRJHTiuBzecfp_WBhqRmUvSk81QecEUwpFpeVHhU34t1_fIS73NWMfKlbhrVyactMJjwb15eBO&sig=Cg0ArKJSzP5Su-RqThEfEAE&uach_m=%5BUACH%5D&urlfix=1&adurl=

Requested by

Host: google.4tm.pro
URL: https://google.4tm.pro/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://google.4tm.pro/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 14 Jun 2024 13:40:03 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H3 200 abg_lite_fy2021.js Show response
pagead2.googlesyndication.com/pagead/js/r20240612/r20110914/ Frame 7ED2 23 KB
9 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20240612/r20110914/abg_lite_fy2021.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202406110101/pubads_impl.js?cb=31084584

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

817d7b5ec00b950c718b53fc859bd062eb6ea1f785a55116e72ce61fcfd772e8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://google.4tm.pro/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 14 Jun 2024 13:25:23 GMT
content-encoding: br
x-content-type-options: nosniff
age: 880
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9123
x-xss-protection: 0
server: cafe
etag: 15459922955786958548
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 28 Jun 2024 13:25:23 GMT

GET
H3 200 prebid3.js Show response
cdn.vuukle.com/static/ Frame 7ED2 448 KB
145 KB 89ms
57ms Script
application/javascript 2606:4700:10::6816:3ca8
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.vuukle.com/static/prebid3.js
Requested by: Host: google.4tm.pro
URL: https://google.4tm.pro/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:10::6816:3ca8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8f0e7e10e90f4936dbcd298a10dd63fef11d96de839db005ef60e851c47c9427

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://google.4tm.pro/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 14 Jun 2024 13:40:03 GMT
content-encoding: br
cf-cache-status: HIT
age: 1623916
cf-polished: origSize=608253
alt-svc: h3=":443"; ma=86400
cf-bgj: minify
last-modified: Fri, 03 May 2024 09:03:44 GMT
server: cloudflare
etag: W/"6634a870-947fd"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript
access-control-allow-origin: *
access-control-expose-headers: Content-Length,Content-Range
cache-control: max-age=43200
cf-ray: 893abae04a7e913c-FRA
access-control-allow-headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range

GET
H3 200 ufs_web_display.js Show response
pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ Frame 7ED2 211 KB
64 KB 8ms
8ms Script
text/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ufs_web_display.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202406110101/pubads_impl.js?cb=31084584

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e680f15ef156077429b715ace513107f66461727a57814c75b32246ed87e6f07

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://google.4tm.pro/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 14 Jun 2024 12:41:38 GMT
content-encoding: br
x-content-type-options: nosniff
age: 3505
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 65820
x-xss-protection: 0
server: cafe
etag
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Fri, 14 Jun 2024 13:41:38 GMT

GET
H2 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
7 KB 49ms
19ms Script
text/javascript 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://google.4tm.pro/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 14 Jun 2024 13:40:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Fri, 14 Jun 2024 13:40:03 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 7ED2 0
0 170ms
169ms Fetch
image/gif 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=av-js&type=reach&proto=CAlgAWgD

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ufs_web_display.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://google.4tm.pro/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Fri, 14 Jun 2024 13:40:03 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
DATA 200
OK truncated
/ Frame 7ED2 219 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 4c54a7a7ccdaa635bd7bec33e183458b8f84b29b1a4dcbb13e0f5ccbcbd3ebfb

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 runner.html
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 4C91 0
0 31ms
6ms Document
text/html 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer: https://google.4tm.pro/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Win32"

Response headers

accept-ranges: bytes
age: 77
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Fri, 14 Jun 2024 13:38:46 GMT
expires: Sat, 14 Jun 2025 13:38:46 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 geo.json Show response
get.geojs.io/v1/ip/ Frame 7ED2 363 B
832 B 708ms
667ms Fetch
application/json 2606:4700:20::681a:64
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://get.geojs.io/v1/ip/geo.json

Requested by

Host: cdn.vuukle.com
URL: https://cdn.vuukle.com/static/prebid3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::681a:64 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

145742e2d2380cd6337085a0fb99b84398b10c78554ea5cfb17ea282d6389feb

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://google.4tm.pro/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 14 Jun 2024 13:40:04 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding: br
alt-svc: h3=":443"; ma=86400
x-request-id: 3ec29a61c579807288a8733d2c6eb970-AMS
x-geojs-location: AMS
pragma: no-cache
server: cloudflare
access-control-allow-methods: GET
content-type: application/json
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=fHC%2Fz1ukzy4TbWZQ7XyIc1e21iI71C1%2B0pP8DI%2Fs%2BGUb%2BEfjlnh0Sp7k5%2FT3x%2FjQClR%2FNDtVz3fHD%2FJo9u7Icso%2BIXQWJ4DKfSVi%2BkHrLHv4oeZhl9cRpqLmQ4l6I3a8IaRQP94iQ%2Fo6dQ%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control: no-store, no-cache, must-revalidate, private, max-age=0
cf-ray: 893abae1a88f1d96-FRA

GET google.4tm.pro.json
cdn.vuukle.com/ads/ Frame 7ED2 0
0

GET
H3 200 view
pagead2.googlesyndication.com/pcs/ Frame 7ED2 0
0 43ms
42ms Fetch
image/gif 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/view?xai=AKAOjsvLsxUJIgRHPaV8pHxPaQEqjduxzQ5kNAzWDwJ4XahY2D4O-OtRwC0CPUjfMUBgnC_jQFY8YVtzIulYZ59I1I4KgynQV3s8Gh8Y_Ql8skzUkQVRWNxt8SK0-gSTit1k7hI9jC4F5ishpbdeI6xcQP0ROpQaPV-jAsyQalVryLgPHWfguNMC1qUedJEe4ufyC3L4GW7IpmNPMY-_nWEt_l63z9qBIDU-0s-Ki0e5dyvJYCo8K1Jfc-YUmzUc3D4T0QHYsehmutywkXfk9b_7JBCT2gNrtwkjU2JWtzNcDiCW5hWwuDMAwP-fgnDBzq2nyzfXD1HHPPDxi4tEjr7iXTOUfbt9XIhEtxnAb8ajgOrV0d5_acRG9DV0RqQ&sig=Cg0ArKJSzI5HJJW16-IWEAE&uach_m=%5BUACH%5D&urlfix=1&uach=WyJXaW4zMiIsIjEwLjAuMCIsIng4NiIsIiIsIjEyNi4wLjY0NzguNTUiLG51bGwsMCxudWxsLCI2NCIsW1siTm90L0EpQnJhbmQiLCI4LjAuMC4wIl0sWyJDaHJvbWl1bSIsIjEyNi4wLjY0NzguNTUiXSxbIkdvb2dsZSBDaHJvbWUiLCIxMjYuMC42NDc4LjU1Il1dLDBd&adurl=

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ufs_web_display.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://google.4tm.pro/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 14 Jun 2024 13:40:03 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H2 200 favicon.ico
google.4tm.pro/ 1 KB
975 B 41ms
41ms Other
image/x-icon 176.96.138.219
DATAFOREST

General

Check archive.org

Show headers Download Go to

Full URL

https://google.4tm.pro/favicon.ico

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

176.96.138.219 , Germany, ASN58212 (DATAFOREST, DE),

Reverse DNS

v35342.php-friends.de

Software

nginx/1.26.1 /

Resource Hash

e04785b99fbbfbe9efdc7fd13050aeea1612f2badf309f5422448861cb5a7c58

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://google.4tm.pro/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 14 Jun 2024 13:40:03 GMT
via: 1.1 google
content-encoding: br
cf-cache-status: HIT
strict-transport-security: max-age=15552000; includeSubDomains; preload
age: 2867
content-length: 633
last-modified: Sun, 13 Dec 2015 17:30:53 GMT
server: nginx/1.26.1
etag: W/"566dab4d-47e"
vary: Accept-Encoding
content-type: image/x-icon
cache-control: public, max-age=3600
accept-ranges: bytes
cf-ray: 893abae19fae4d38-FRA
expires: Thu, 13 Jun 2024 21:27:35 GMT

GET
H2 200 amp4ads-v0.mjs Show response
cdn.ampproject.org/rtv/012405231944000/ Frame C4FC 196 KB
56 KB 80ms
8ms Script
text/javascript 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012405231944000/amp4ads-v0.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202406110101/pubads_impl.js?cb=31084584

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d3ef0328b9e699304f321dac58d3f7aaeae3203bfdb04f1c3c85990d4b5d1b70

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://google.4tm.pro/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Fri, 14 Jun 2024 13:38:21 GMT
age: 102
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 56221
x-xss-protection: 0
server: sffe
etag: "4f8c718905502572"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Sat, 14 Jun 2025 13:38:21 GMT

GET
H2 200 amp-ad-exit-0.1.mjs Show response
cdn.ampproject.org/rtv/012405231944000/v0/ Frame C4FC 15 KB
5 KB 93ms
22ms Script
text/javascript 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012405231944000/v0/amp-ad-exit-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202406110101/pubads_impl.js?cb=31084584

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f6254fb3bab91044c5237f2337add838f4aa853f30b4dae6725b61acd95d6b33

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://google.4tm.pro/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Fri, 14 Jun 2024 13:36:57 GMT
age: 186
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 5215
x-xss-protection: 0
server: sffe
etag: "520f632e10627ab5"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Sat, 14 Jun 2025 13:36:57 GMT

GET
H2 200 amp-analytics-0.1.mjs Show response
cdn.ampproject.org/rtv/012405231944000/v0/ Frame C4FC 95 KB
28 KB 91ms
20ms Script
text/javascript 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012405231944000/v0/amp-analytics-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202406110101/pubads_impl.js?cb=31084584

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b003c20bcde948b63be4c022ab5c4d83c1a639f6ac2d658839fdcc2a955670f6

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://google.4tm.pro/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Fri, 14 Jun 2024 13:36:57 GMT
age: 186
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 29049
x-xss-protection: 0
server: sffe
etag: "d2ee33e5ff8fd311"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Sat, 14 Jun 2025 13:36:57 GMT

GET
H2 200 amp-fit-text-0.1.mjs Show response
cdn.ampproject.org/rtv/012405231944000/v0/ Frame C4FC 5 KB
2 KB 94ms
23ms Script
text/javascript 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012405231944000/v0/amp-fit-text-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202406110101/pubads_impl.js?cb=31084584

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3d7f525f2da6e73de996f39ecc0d200f1a6c8e2555dbc5d9022e677f2be3d9f9

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://google.4tm.pro/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Fri, 14 Jun 2024 13:36:57 GMT
age: 186
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1909
x-xss-protection: 0
server: sffe
etag: "bfb34e064e92ea30"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Sat, 14 Jun 2025 13:36:57 GMT

GET
H2 200 amp-form-0.1.mjs Show response
cdn.ampproject.org/rtv/012405231944000/v0/ Frame C4FC 40 KB
13 KB 88ms
17ms Script
text/javascript 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012405231944000/v0/amp-form-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202406110101/pubads_impl.js?cb=31084584

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5474849a40cebcdaf1d26ef7b09c19033284aa51a6ac0ebdb95ac7736cc59c22

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://google.4tm.pro/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Fri, 14 Jun 2024 13:36:57 GMT
age: 186
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 12965
x-xss-protection: 0
server: sffe
etag: "35ded0b44597563f"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Sat, 14 Jun 2025 13:36:57 GMT

GET
H2 200 css
fonts.googleapis.com/ Frame C4FC 18 KB
2 KB 40ms
16ms Stylesheet
text/css 2a00:1450:4001:82b::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202406110101/pubads_impl.js?cb=31084584

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

ac0de4b42abf65a70a248df54d442549060d9c7d478dbffcc975fa3b5b2eb2a0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://google.4tm.pro/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

strict-transport-security: max-age=31536000
date: Fri, 14 Jun 2024 13:40:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Fri, 14 Jun 2024 13:03:12 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Fri, 14 Jun 2024 13:40:03 GMT

GET
H2 200 14763004658117789537
tpc.googlesyndication.com/simgad/1073143553715868138/ Frame C4FC 24 KB
25 KB 8ms
7ms Image
image/jpeg 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/1073143553715868138/14763004658117789537

Requested by

Host: google.4tm.pro
URL: https://google.4tm.pro/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

58a6f6b412e6390fa45beca77ac7c2ac44efefd36856ab98ff545022bf54496f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://google.4tm.pro/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

expires: Fri, 13 Jun 2025 22:02:17 GMT
date: Thu, 13 Jun 2024 22:02:17 GMT
x-content-type-options: nosniff
age: 56266
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 25067
x-xss-protection: 0
last-modified: Tue, 16 Jan 2024 14:38:17 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
allow-fenced-frame-automatic-beacons: true

GET
DATA 200
OK truncated
/ Frame C4FC 210 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 02d2f5328fd3c0ba5cea9b4c496b3eb1524363e0e6c22c71f558872e1b98ffee

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 en.png
pagead2.googlesyndication.com/pagead/images/adchoices/ Frame C4FC 2 KB
2 KB 8ms
7ms Image
image/png 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/images/adchoices/en.png

Requested by

Host: google.4tm.pro
URL: https://google.4tm.pro/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://google.4tm.pro/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 13 Jun 2024 20:06:50 GMT
x-content-type-options: nosniff
server: cafe
age: 63193
etag: 14819457070020093239
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: image/png
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2502
x-xss-protection: 0
expires: Fri, 14 Jun 2024 20:06:50 GMT

GET
H3 200 icon.png
pagead2.googlesyndication.com/pagead/images/adchoices/ Frame C4FC 295 B
319 B 8ms
7ms Image
image/png 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/images/adchoices/icon.png

Requested by

Host: google.4tm.pro
URL: https://google.4tm.pro/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://google.4tm.pro/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 13 Jun 2024 18:04:25 GMT
x-content-type-options: nosniff
server: cafe
age: 70538
etag: 426692510519060060
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: image/png
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 295
x-xss-protection: 0
expires: Fri, 14 Jun 2024 18:04:25 GMT

GET
H3 200 ads Show response
pagead2.googlesyndication.com/gampad/ 48 KB
18 KB 300ms
299ms Fetch
text/plain 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/gampad/ads?pvsid=3352996217046290&correlator=3527711982749445&hxva=1&scor=1912139377551850&eid=31079957%2C31083345%2C31084400%2C31084450%2C31084570%2C31084584%2C31084215%2C31078663%2C31078668%2C31078670&output=ldjh&gdfp_req=1&vrg=202406110101&ptt=17&impl=fif&ltd_cs=1&tfua=0&tfcd=0&iu_parts=218243714%2CDAE-Parent%2CDAE-INJECT-ABOVE-CONTENT-2&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=336x280%7C320x100%7C320x50%7C300x31%7C300x50%7C300x250%7C300x100%7C300x75%7C292x30%7C250x250%7C250x360%7C240x133%7C234x60%7C220x90%7C216x54%7C216x36%7C200x200%7C180x150%7C168x28%7C168x42%7C128x42%7C125x125%7C120x240%7C120x60%7C120x20%7C120x90%7C120x30%7C88x31%7C72x90&ifi=6&sfv=1-0-40&eri=1&sc=1&abxe=1&dt=1718372403504&lmt=1718371911&adxs=1083&adys=8&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=0&ucis=5&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&u_tz=120&dmc=8&bc=31&nvt=1&uach=WyJXaW4zMiIsIjEwLjAuMCIsIng4NiIsIiIsIjEyNi4wLjY0NzguNTUiLG51bGwsMCxudWxsLCI2NCIsW1siTm90L0EpQnJhbmQiLCI4LjAuMC4wIl0sWyJDaHJvbWl1bSIsIjEyNi4wLjY0NzguNTUiXSxbIkdvb2dsZSBDaHJvbWUiLCIxMjYuMC42NDc4LjU1Il1dLDBd&url=https%3A%2F%2Fgoogle.4tm.pro%2F&vis=1&psz=1568x360&msz=336x360&fws=0&ohw=0&psts=AOrYGskqWWn6lYGM-JXVDgcX5cn0nZP-JqgMCcHEIO3wZcsFybSUWN4bug%2CAOrYGskZLgRequvSkbDpQ3xL9R7n8efA3BL9iYmyjNo8QTNCmjbC4mJY8TWfuTiefyI2PkHlKBwiAqwv8JH9irJHG1qEhRKvpj8T&topics=5&tps=5&htps=5&nt=1&psd=WzE0LG51bGwsbnVsbCwzXQ..&dlt=1718372401877&idt=540&cust_params=vis%3Dvisible%26page%3Dlive&adks=1354056247&frm=20

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202406110101/pubads_impl.js?cb=31084584

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9481044a64de7e9e09b6b4228c6b04e32e54581b95e7f3dec94e5f0ce83dfe4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://google.4tm.pro/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 14 Jun 2024 13:40:03 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 18784
x-xss-protection: 0
google-lineitem-id: 6694382149
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: 138468845562
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://google.4tm.pro
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 view
pagead2.googlesyndication.com/pcs/ Frame 25DD 0
0 48ms
47ms Fetch
image/gif 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/view?xai=AKAOjsuOv_-6zhQZLfimwU_C2Oz0cBvOPcsvn2rPQiiaexYTOqIBJy2x4O9Hdk8CbvRo6OlCiYReIt3fqdHH0rVwzNY9OxdIWmPsEKrFT894nF03AFvF-t-UZVmVcFo1z7zGo0Y69pqdAji1ouH4Fw32UiVh6lxB3iEZ0-71tjSre2mIMp971UwLMqUXIhnlzErs4RRpOpRos0-XBy1UknFeOSbxIe8uACLXP216oQUnGfNmt5hUp3b4YCaHZGraaRlW2ON0SDnjtYl-D4t8pxZwkNG1v4BbqcLm-U1kpx1Bfvh1zHxoB9z0Sjq36cMu2lxuu4bYgP9oIEyQ5Obxp2vV_PUTn3-iNG7cYDE_GFN3YIQXZmMun5N98aD67fKvkQaPMca0rQmTogMcC-gqvg7-rQ&sig=Cg0ArKJSzHsk-kPMZ6sFEAE&uach_m=%5BUACH%5D&urlfix=1&adurl=

Requested by

Host: google.4tm.pro
URL: https://google.4tm.pro/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://google.4tm.pro/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 14 Jun 2024 13:40:03 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H3 200 abg_lite_fy2021.js Show response
pagead2.googlesyndication.com/pagead/js/r20240612/r20110914/ Frame 25DD 23 KB
0 8ms
7ms Script
text/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20240612/r20110914/abg_lite_fy2021.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202406110101/pubads_impl.js?cb=31084584

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

817d7b5ec00b950c718b53fc859bd062eb6ea1f785a55116e72ce61fcfd772e8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://google.4tm.pro/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 14 Jun 2024 13:25:23 GMT
content-encoding: br
x-content-type-options: nosniff
age: 880
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9123
x-xss-protection: 0
server: cafe
etag: 15459922955786958548
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 28 Jun 2024 13:25:23 GMT

GET
H3 304 prebid3.js Show response
cdn.vuukle.com/static/ Frame 25DD 448 KB
313 B 31ms
29ms Script
application/javascript 2606:4700:10::6816:3ca8
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.vuukle.com/static/prebid3.js
Requested by: Host: google.4tm.pro
URL: https://google.4tm.pro/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:10::6816:3ca8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8f0e7e10e90f4936dbcd298a10dd63fef11d96de839db005ef60e851c47c9427

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Referer: https://google.4tm.pro/
If-None-Match: W/"6634a870-947fd"
If-Modified-Since: Fri, 03 May 2024 09:03:44 GMT
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 14 Jun 2024 13:40:03 GMT
cf-cache-status: HIT
age: 1623916
cf-polished: origSize=608253
alt-svc: h3=":443"; ma=86400
cf-bgj: minify
last-modified: Fri, 03 May 2024 09:03:44 GMT
server: cloudflare
etag: "6634a870-947fd"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
access-control-expose-headers: Content-Length,Content-Range
cache-control: max-age=43200
cf-ray: 893abae23d52913c-FRA
access-control-allow-headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range

GET
H3 200 ufs_web_display.js Show response
pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ Frame 25DD 211 KB
64 KB 9ms
7ms Script
text/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ufs_web_display.js?cache=95335178

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202406110101/pubads_impl.js?cb=31084584

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e680f15ef156077429b715ace513107f66461727a57814c75b32246ed87e6f07

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://google.4tm.pro/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 14 Jun 2024 13:33:04 GMT
content-encoding: br
x-content-type-options: nosniff
age: 419
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 65820
x-xss-protection: 0
server: cafe
etag
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Fri, 14 Jun 2024 14:33:04 GMT

GET
H2 200 4UasrENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RPjIUvQ.woff2
fonts.gstatic.com/s/googlesans/v59/ Frame C4FC 33 KB
34 KB 33ms
9ms Font
font/woff2 2a00:1450:4001:827::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/googlesans/v59/4UasrENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RPjIUvQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e563f60814c73c0f4261067bd14c15f2c7f72ed2906670ed4076ebe0d6e9244a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://fonts.googleapis.com/
Origin: https://google.4tm.pro
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 13 Jun 2024 17:14:35 GMT
x-content-type-options: nosniff
age: 73528
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 34184
x-xss-protection: 0
last-modified: Wed, 24 Apr 2024 23:36:54 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 13 Jun 2025 17:14:35 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 25DD 0
0 157ms
157ms Fetch
image/gif 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=av-js&type=reach&proto=CAlgAWgD

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ufs_web_display.js?cache=95335178

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://google.4tm.pro/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Fri, 14 Jun 2024 13:40:03 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
DATA 200
OK truncated
/ Frame 25DD 214 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e4cc292fe63e1450fcb06260cea90466e77579fc763a071e9169c806449428e7

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 geo.json Show response
get.geojs.io/v1/ip/ Frame 25DD 363 B
785 B 607ms
167ms Fetch
application/json 2606:4700:20::681a:64
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://get.geojs.io/v1/ip/geo.json

Requested by

Host: cdn.vuukle.com
URL: https://cdn.vuukle.com/static/prebid3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::681a:64 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

145742e2d2380cd6337085a0fb99b84398b10c78554ea5cfb17ea282d6389feb

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://google.4tm.pro/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 14 Jun 2024 13:40:04 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding: br
alt-svc: h3=":443"; ma=86400
x-request-id: 34b64529d1d032f682006e0d9311f4ab-AMS
x-geojs-location: AMS
pragma: no-cache
server: cloudflare
access-control-allow-methods: GET
content-type: application/json
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=KwilYTaiIDX2O1AJQ9wk8GVN1vZLGkqfHDaDAp%2FBNobfNInUEXfzJ8feD0pV6kFChIGEb3EqHB0uIne5eg145wJGYGPuLcMAPx1pq9NGDZvDPzKP0r%2BdzALlLhXfq%2B1Aa2GDAZrztV0YJA%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control: no-store, no-cache, must-revalidate, private, max-age=0
cf-ray: 893abae5ce691d96-FRA

GET google.4tm.pro.json
cdn.vuukle.com/ads/ Frame 25DD 0
0

GET
H3 200 view
pagead2.googlesyndication.com/pcs/ Frame 25DD 0
0 41ms
41ms Fetch
image/gif 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/view?xai=AKAOjsuiqugZbyZ0uQ4buRmfPxy71J5qzN0lYTOGdMudcHa6yCb0W-WKA591pZ1QpOo4J7Zi2Vccfj1HJ6DGdn2VdZIQeEnxgPnTUiJOiVSy058zB-iY2ht3fZsSopURDkbh-UKKWoFJsfVvBsaZJ2ru0Pgf8ijhX2oy-dyAtBEkuRBHeOzzqPWDZlBNzKcoKlwX_FOmCpU18uuEkSBsDXRdePorIha6jAFqL4t7DbV2K0HGPyQqevrNPf9-T4-bhP6qoghsqQ5q7fDIpEdjvtCxWz4kIIAKjSiIXcQEPN0SITT8BLMq5MHt3R0Fheoqlz1CMQ-5eMTwY0kvl-kLYr2EtQRu5XCQY5rxrWv_UtY7DJR48VvW_oAJwlbcY9W1c2salo7K1Suy-lKKD0leTVJ8PRAZ&sig=Cg0ArKJSzOnYDupc7OvaEAE&uach_m=%5BUACH%5D&urlfix=1&uach=WyJXaW4zMiIsIjEwLjAuMCIsIng4NiIsIiIsIjEyNi4wLjY0NzguNTUiLG51bGwsMCxudWxsLCI2NCIsW1siTm90L0EpQnJhbmQiLCI4LjAuMC4wIl0sWyJDaHJvbWl1bSIsIjEyNi4wLjY0NzguNTUiXSxbIkdvb2dsZSBDaHJvbWUiLCIxMjYuMC42NDc4LjU1Il1dLDBd&adurl=

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ufs_web_display.js?cache=95335178

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://google.4tm.pro/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 14 Jun 2024 13:40:03 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET adview
pagead2.googlesyndication.com/pagead/ Frame C4FC 0
0

GET
H2 200 container.html
86b467f5da61b2b2664981642af54d96.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 766D 0
0 0ms
0ms Document
text/html 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://86b467f5da61b2b2664981642af54d96.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202406110101/pubads_impl.js?cb=31084584

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer: https://google.4tm.pro/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Win32"

Response headers

accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=300
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Fri, 14 Jun 2024 13:40:03 GMT
expires: Fri, 14 Jun 2024 13:40:03 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 ads Show response
pagead2.googlesyndication.com/gampad/ 463 B
205 B 263ms
263ms Fetch
text/plain 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/gampad/ads?pvsid=3352996217046290&correlator=1898470706695880&hxva=1&scor=1912139377551850&eid=31079957%2C31083345%2C31084400%2C31084450%2C31084570%2C31084584%2C31084215%2C31078663%2C31078668%2C31078670&output=ldjh&gdfp_req=1&vrg=202406110101&ptt=17&impl=fif&ltd_cs=1&tfua=0&tfcd=0&iu_parts=218243714%2CDAE-Parent%2CDAE-INJECT-ABOVE-CONTENT-3&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=250x250%7C250x360%7C240x133%7C234x60%7C220x90%7C216x54%7C216x36%7C200x200%7C180x150%7C168x28%7C168x42%7C128x42%7C125x125%7C120x240%7C120x60%7C120x20%7C120x90%7C120x30%7C88x31%7C72x90&ifi=7&sfv=1-0-40&eri=1&sc=1&abxe=1&dt=1718372403826&lmt=1718371911&adxs=1315&adys=8&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=0&ucis=6&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&u_tz=120&dmc=8&bc=31&nvt=1&uach=WyJXaW4zMiIsIjEwLjAuMCIsIng4NiIsIiIsIjEyNi4wLjY0NzguNTUiLG51bGwsMCxudWxsLCI2NCIsW1siTm90L0EpQnJhbmQiLCI4LjAuMC4wIl0sWyJDaHJvbWl1bSIsIjEyNi4wLjY0NzguNTUiXSxbIkdvb2dsZSBDaHJvbWUiLCIxMjYuMC42NDc4LjU1Il1dLDBd&url=https%3A%2F%2Fgoogle.4tm.pro%2F&vis=1&psz=1568x360&msz=250x360&fws=0&ohw=0&psts=AOrYGskqWWn6lYGM-JXVDgcX5cn0nZP-JqgMCcHEIO3wZcsFybSUWN4bug%2CAOrYGsn1e8cA564sj3S__CCAZqOkCv_FfIyCEGzOE4dTEQzyHI7ofGtnISBW2_xWaq6ARbfqXeXiKJtJh4kXUEht8vGa1HMKw-6B%2CAOrYGskZLgRequvSkbDpQ3xL9R7n8efA3BL9iYmyjNo8QTNCmjbC4mJY8TWfuTiefyI2PkHlKBwiAqwv8JH9irJHG1qEhRKvpj8T%2CAOrYGslH7WR_t0u0pPL6ORB00OFRyPzAySt2Ugw3MqIEYimeIFGxe5BSrz-uwR8-4KEI5ThIxiOYchsF3eUK-xR8LyNyhnWvIJ8JgR0Vga4&topics=5&tps=5&htps=5&nt=1&psd=WzE0LG51bGwsbnVsbCwzXQ..&dlt=1718372401877&idt=540&cust_params=vis%3Dvisible%26page%3Dlive&adks=3774670513&frm=20

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202406110101/pubads_impl.js?cb=31084584

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0fdaa5f509732ddef2e6bc72963161ed0ea9dc52f4928aaa58559f54037268e4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://google.4tm.pro/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 14 Jun 2024 13:40:04 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 176
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://google.4tm.pro
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET sodar
pagead2.googlesyndication.com/pagead/ 0
0

GET
H3 200 activeview
pagead2.googlesyndication.com/pcs/ Frame C4FC 42 B
65 B 162ms
162ms Image
image/gif 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjssz9V2qnvnzNB5dvSjCg7q6YbPW1gJ1QhrMy48icafN-PV69eYcGV0NffdontbKuJCwRve7VM957pOmremOan8g7Z9P8DjrX9Fec-AKYlTckHYkmdWKamzmyqbwwhvgWBk9NL-hYfLAgxUkuxi-kv5t_PRkOmUGSbxiMVW9eSQ&sig=Cg0ArKJSzP0sKlFCi0uSEAE&id=ampim&o=60,8&d=970,360&ss=1600,1200&bs=1600,1200&mcvt=1005&mtos=0,0,0,1005,1005&tos=0,0,0,1005,0&tfs=254&tls=1259&g=100&h=100&tt=1259&r=v&avms=ampa&uap=Win32&uapv=10.0.0&uaa=x86&uam=&uafv=126.0.6478.55&uab=64&uafvl=%5B%7B%22brand%22%3A%22Not%2FA)Brand%22%2C%22version%22%3A%228.0.0.0%22%7D%2C%7B%22brand%22%3A%22Chromium%22%2C%22version%22%3A%22126.0.6478.55%22%7D%2C%7B%22brand%22%3A%22Google%20Chrome%22%2C%22version%22%3A%22126.0.6478.55%22%7D%5D&uaw=false&adk=0

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://google.4tm.pro/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Fri, 14 Jun 2024 13:40:04 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 envelope Show response
lexicon.33across.com/v1/ 49 B
249 B 123ms
98ms Fetch
application/json 35.244.193.51
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://lexicon.33across.com/v1/envelope?pid=0010b00002T1mTfAAJ&gdpr=0&src=pbjs&ver=8.37.0&coppa=0&us_privacy=1---&gpp=DBACNYA~CPXxRfAPXxRfAAfKABENB-CgAAAAAAAAAAYgAAAAAAAA~1---&gpp_sid=7
Requested by: Host: ads.rubiconproject.com
URL: https://ads.rubiconproject.com/prebid/21336_drudgeReport_exp.13.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.193.51 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 51.193.244.35.bc.googleusercontent.com
Software: /
Resource Hash: d0d2e098cd489ef7bc528c86de8ab5c51b5d6cdf9b76a8b08766036992f0d2f4

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
sec-ch-ua-platform: "Win32"
Referer: https://google.4tm.pro/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
content-type: text/plain

Response headers

date: Fri, 14 Jun 2024 13:40:05 GMT
via: 1.1 google
vary: origin
content-type: application/json
access-control-allow-origin: https://google.4tm.pro
cache-control: private, must-revalidate, max-age=28800
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 49

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: api.drudgereport.com
URL: https://api.drudgereport.com/is_in_ca

Domain: cdn.vuukle.com
URL: https://cdn.vuukle.com/ads/google.4tm.pro.json

Domain: cdn.vuukle.com
URL: https://cdn.vuukle.com/ads/google.4tm.pro.json

Domain: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/adview?ai=CBs-dM0hsZrPPCebA1fAPg4C-8A76x9H3d9aigJGyEmQQASDdysh4YJXikIKgB6ABptbb3CnIAQmpAmdmLTFg7bE-4AIAqAMByAMKqgS-Ak_QMnobJAQKRFkeyGu5eGr2gIpDhx8q459Uf3KHNZN42XPvo0IJYqecNWL12QmSn7DlzZ9CRxR0NLrcwfNCNRxeoszwRb_ofnJZHPmdx90GoyygX1utGm3Mj-0bS247krAbEC39-bp_H7CLpG4AmDVgVrj5DMd4hozCvd1Tg_F2Gmfs5mvHchOJiiVK0KBctVnrsWW8OCU0Q1DyzODfA8WXs2dppXx4ryWL5SsydgN_piRR60DXkFuePKYrk1pXMA9eZZjkNqBgklOBcsSPz6q9HeA7An7fzW5yW2siBAikD8GevKb9p8x9sILuE_SQbrnRf3su3WXkA79qPQYzfyoVk0b7Tb3JFHPMWHw-O93UnSBEiXsB_zCP93T4_yunou9EtI6_HmuPnxHa8s5Fsu9ORRgeVEwAp_z7ft_RqsAEguHhzsYE4AQBiAXZxcDATJIFBAgEGAGSBQQIBRgEoAYugAemjqy8BKgH2baxAqgH1ckbqAemvhuoB47OG6gHk9gbqAfulrECqAf-nrECqAevvrECqAf3wrEC2AcA8gcEEICYBtIIKgiR4YBwEAEYHTIH64uA4L-ADToIAICAgICAlChIvf3BOljN9riFnNuGA5oJmgJodHRwczovL3d3dy5zb2xhcmFubGFnZW4tbWFnYXppbi5kZS9hcnRpa2VsL3NvLWdlbGFuZy1kaWVzZW0tZGV1dHNjaGVuLWdlbmllLWRlci1kdXJjaGJydWNoLW1pdC1zZWluZXItZ2VuaWFsZW4tc29sYXItbG9zdW5nP3V0bV9zb3VyY2U9R29vZ2xlJTIwRGlzcGxheV9zbSZ1dG1fY2FtcGFpZ249MjA1MzYzNjk4ODEmdXRtX3Rlcm09MTU2Mzk0NjE0OTE0JnV0bV9jb250ZW50PTY5Mjc3NTk5MjM5NyZ1dG1fcGxhY2VtZW50PWdvb2dsZS40dG0ucHJvJnV0bV9kZXZpY2U9YyZkZXZpY2Vtb2RlbD2ACgPICwHiDRMIqN25hZzbhgMVZmAVCB0DgA_u2BMNiBQB0BUBmBYBgBcBshceChwIABIUcHViLTY5Nzg1MTMwNDg0NDE2NjQYiaFpshgJEgLOXhguIgEA6BgB&sigh=acc4cD4vwdU&uach_m=%5B%5D&ase=2&nis=6&template_id=5000&cbvp=2

Domain: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gda_r20240612&jk=3352996217046290&bg=!0NOl05zNAAb64txl2uI7ADQBe5WfOHRhQM_Dc8JRU1eEP0BecojuNApwJVHP5m4etcr7WXrak6D9CiBd5f8ONXiAyq8BAgAAAExSAAAAA2gBB34ANV_-9JUynQFdne_6Cf7evyjjDq-_LBTUkrOeEe0I8kOB8noTNpkbCLPLEOBT9gUkJJz4mhhImQKQtSr0mdSYaGV6h93173Qh9j3Qam9HbJ3auh1xF38tjePSAoXNUv2CAQ5Evl4WceVeFZborMIToLgfbhLMROxoROXaj6FVURJRoA9vSo9CH9cqkvfUQRhwq0iGqdUf_Rtt89eWGREPoxWQuyARtuLyHx0efHqR2gHxVcH2RyLWy-bJlW_VfS48qclMqhtYe8Lbm-wTCO9C0bDf6LeTQAFfVh5hcvyMgUQLDBM2lloH31Lic1nuOUBq9c0pH8FGOd2XAPRVhBZOYlbUcUoli_3nkSlfnuMwP905Z7zCEvZfCpVFLgyH2n5UFuD6zOV7EC9oy8jY5meRkXs_isTlNQQVQHqsO6M0O0sUomW00dWKJmcGxIf1tBCKl4Wz1dfSfBr6zp1ktnk-9d3LsB5-h0ngdCe37iBhkA-9WC3SzgMXpWQ1qGshUlNOccfVTWXej3LnpRyMlLZeio5-Mj3UPqDX1UmEobKRrT5090uktV1znc7Ko13Lt_tWxt5exXpgwp-tcq3FixD_7gG9n9010y8vxaPFukGELHFt6Z86qyiDQsBAK0jqoqKsmc7GlJrl2Ww1D8fCBnh2s1qOs757bgD8gHFq0iX7mfhxApvGUll1yJHinz-PiGnquPy282YooeQHzyk59sy7QVRRBezgE0KM9ahk6E6NOxZa3nZ0YS3DSWmNiuKQHT_agMEQAjHb1GLRFGCjOT7odJU5idTPM2qhzVuenQt1TVoBpia6Cbs1O-7kJ5Ac8-NvKffb6_zRMXw8qaiiclyz7_sxQy14mVMLHoZlBIYsuepJ4d-8kX83BaHsEVzbNbUhRyk0XDheb-AX8-5w1ALZEdzi3HJuYwFSwhToopnlM5KpXcMRcZ0295k

Verdicts & Comments Add Verdict or Comment

199 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

5 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
google.4tm.pro/	1970-01-21 06:05:08	Name: eproofui Value: df8ccbd1-a046-4f7d-bf5a-4519bc298479
.4tm.pro/	1970-01-20 22:02:44	Name: pbjs_sharedId Value: 1bc75715-8164-41d3-9cb3-46ce33718799
.4tm.pro/	1970-01-20 22:02:44	Name: pbjs_sharedId_cst Value: zix7LPQsHA%3D%3D
.4tm.pro/	1970-01-21 06:55:32	Name: _ga_FS8TY9PHEM Value: GS1.1.1718372402.1.0.1718372402.0.0.0
.4tm.pro/	1970-01-21 06:55:32	Name: _ga Value: GA1.1.428041344.1718372402

6 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
javascript	error	URL: https://google.4tm.pro/DAE/dae-2.3.008.prod.002.min.js Message: Access to XMLHttpRequest at 'https://api.drudgereport.com/is_in_ca' from origin 'https://google.4tm.pro' has been blocked by CORS policy: The 'Access-Control-Allow-Origin' header has a value 'https://drudgereport.com' that is not equal to the supplied origin.
network	error	URL: https://google.4tm.pro/DAE/dae-2.3.008.prod.002.min.js Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: https://google.4tm.pro/ Message: Access to fetch at 'https://cdn.vuukle.com/ads/google.4tm.pro.json' from origin 'https://google.4tm.pro' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. If an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled.
network	error	URL: https://cdn.vuukle.com/ads/google.4tm.pro.json Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: https://google.4tm.pro/ Message: Access to fetch at 'https://cdn.vuukle.com/ads/google.4tm.pro.json' from origin 'https://google.4tm.pro' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. If an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled.
network	error	URL: https://cdn.vuukle.com/ads/google.4tm.pro.json Message: Failed to load resource: net::ERR_FAILED

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

86b467f5da61b2b2664981642af54d96.safeframe.googlesyndication.com
ad-delivery.net
ad.doubleclick.net
ads.rubiconproject.com
api.btloader.com
api.drudgereport.com
btloader.com
cdn.ampproject.org
cdn.vuukle.com
cdnjs.cloudflare.com
eproof.drudgereport.com
fonts.googleapis.com
fonts.gstatic.com
get.geojs.io
google.4tm.pro
lexicon.33across.com
pagead2.googlesyndication.com
pbs.twimg.com
region1.google-analytics.com
securepubads.g.doubleclick.net
tpc.googlesyndication.com
v7.eproof.com
voranda-com.videoplayerhub.com
www.googletagmanager.com
www.googletagservices.com
api.drudgereport.com
cdn.vuukle.com
pagead2.googlesyndication.com
108.138.36.87
130.211.23.194
172.217.18.102
176.96.138.219
2001:4860:4802:34::36
23.201.255.110
2606:2800:134:1a0d:1429:742:782:b6
2606:4700:10::6816:3ca8
2606:4700:10::ac43:293c
2606:4700:20::681a:246
2606:4700:20::681a:64
2606:4700:20::681a:832
2606:4700::6811:190e
2a00:1450:4001:80f::2002
2a00:1450:4001:810::2002
2a00:1450:4001:811::2001
2a00:1450:4001:812::2001
2a00:1450:4001:813::2001
2a00:1450:4001:827::2002
2a00:1450:4001:827::2003
2a00:1450:4001:82b::200a
2a00:1450:4001:82f::2008
3.232.23.53
35.244.193.51
0111528b4b6ac3b4dda0553fdc78062580ae1fe261d8294866a636202da1a8d0
02d2f5328fd3c0ba5cea9b4c496b3eb1524363e0e6c22c71f558872e1b98ffee
0925e8ad7bd971391a8b1e98be8e87a6971919eb5b60c196485941c3c1df089a
0fdaa5f509732ddef2e6bc72963161ed0ea9dc52f4928aaa58559f54037268e4
145742e2d2380cd6337085a0fb99b84398b10c78554ea5cfb17ea282d6389feb
2bf0666f595c0c0b178fdc7d948ea78ce3e21d7c9b3fa983033bdab4290424ba
36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1
3b2daade20481588c06a723ada877e8052c48d56650dd384f95071f579fbc1c1
3d7f525f2da6e73de996f39ecc0d200f1a6c8e2555dbc5d9022e677f2be3d9f9
4c54a7a7ccdaa635bd7bec33e183458b8f84b29b1a4dcbb13e0f5ccbcbd3ebfb
5027cec360a3414774abf18bd8b750aae251a0ab718b0717444fdb36d6e82ea3
515c00e5473933dbcaa7096f107cd863c351033fe2963caad690af66f35aaaeb
5474849a40cebcdaf1d26ef7b09c19033284aa51a6ac0ebdb95ac7736cc59c22
54dd51f33cf7b893fbcb4d348be6debd667681d742fbb227dac3a24c031eaaec
578cca707de82bd018a1b791b078a49e73bb0e3ebb90d0add3b35a44303bd64a
58a6f6b412e6390fa45beca77ac7c2ac44efefd36856ab98ff545022bf54496f
5d789306a0d6412cde75ef4bd9cd59cec53a26e4bcc67732e81d75807282d5aa
5fab0392638abe0b7c80c524963c8f2e82dc2eb32e7444be2a122adea59127d6
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
61d63ce2e7d0431f0829270850e58b7259f48331933a6da2f34a572fc3c9632e
6464b0ce594b8f0d9a9a366476c053b57943bb0e5705254ee631b32a09f8acc5
740056d4748bfe11732c224f94eb3b3d053b6b31ff50f19bbf02e601f3cba6f5
7761ce48f1c7dd533780bfdb758b9e915d51a8bd13548bee71f18add4527d05e
7e8fac53bca3a3b7be42581ae8a313acdecd877a34710a835ddcdfbb1ddb0006
7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b
817d7b5ec00b950c718b53fc859bd062eb6ea1f785a55116e72ce61fcfd772e8
8cdd66d9a406bca0e0efaec30bb100a0036807c94c76378c71828a91020b04c7
8f0e7e10e90f4936dbcd298a10dd63fef11d96de839db005ef60e851c47c9427
9481044a64de7e9e09b6b4228c6b04e32e54581b95e7f3dec94e5f0ce83dfe4a
a30299eaba5a32ae8ee48f649baccc88ff9e1a87e2298dcac903642bc362352d
a467d8d55c3db175fd8f5375a4e5f24ad392cc0b651b1b2602fa7d1e464b7911
a7aec5bca0606b864f2648f131521df624ec7dd59a52a2857bdf00f9034a5195
ac0de4b42abf65a70a248df54d442549060d9c7d478dbffcc975fa3b5b2eb2a0
ad75267598ee0599d34c08626705f7731527fd0cbb33f7a6742ef7fd0d3f28cf
b003c20bcde948b63be4c022ab5c4d83c1a639f6ac2d658839fdcc2a955670f6
b2f25671517f19b9c477ca58527ed79a2f3902d04de4d0032c91caede08c885f
b448a7bf754cb5c60cb117d298e8e96c836277e7f46f34d7e5d6d10369c7c22f
bbd65a49d89c52df423dccdc70ea629b2fa133bf85dd355d6ad4ca7a48b3e8f9
bc5b255adb5c0eb3244e3512511359088246423a72bc89e2250608013e000370
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
d0d2e098cd489ef7bc528c86de8ab5c51b5d6cdf9b76a8b08766036992f0d2f4
d3ef0328b9e699304f321dac58d3f7aaeae3203bfdb04f1c3c85990d4b5d1b70
d3f81e22348411d983f496342d5d0c5836d38de13d1cc2d76f7c955f68b78de0
d79815ac8596c2b2f4a39273730207ff260759268665d6db00ab4b4299e6d54b
d961b08e4321250926de6f79087594975fe20ad1518de8f91eb711af5d1a6ef8
d9977264b13f72c18c58a795480392e67138c70789c15193199e80bcd451e7cd
e04785b99fbbfbe9efdc7fd13050aeea1612f2badf309f5422448861cb5a7c58
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e4cc292fe63e1450fcb06260cea90466e77579fc763a071e9169c806449428e7
e563f60814c73c0f4261067bd14c15f2c7f72ed2906670ed4076ebe0d6e9244a
e680f15ef156077429b715ace513107f66461727a57814c75b32246ed87e6f07
e705aa0b6b9d668ee29f5b69a82773d342ea9e227eddeec72ebcf4c6dbeafb74
eaf171d9d66eb07c281e81a01117bda361bf5873914fca3002a7374dba85b83e
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f6254fb3bab91044c5237f2337add838f4aa853f30b4dae6725b61acd95d6b33
f7b4314b4075a0d95e06ed6ede5d4b9d3c4d1517c784608d0f5d9ebb917f8d73

google.4tm.pro Open in urlscan Pro 176.96.138.219 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

79 Requests

92 %HTTPS

71 %IPv6

20 Domains

25 Subdomains

24 IPs

2 Countries

2288 kBTransfer

5621 kBSize

5 Cookies

100 Outgoing links

Redirected requests

79 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 3 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

google.4tm.pro Open in urlscan Pro
176.96.138.219 Public Scan

Screenshot
Live screenshot

Full Image

79
Requests

92 %
HTTPS

71 %
IPv6

20
Domains

25
Subdomains

24
IPs

2
Countries

2288 kB
Transfer

5621 kB
Size

5
Cookies

79 HTTP transactions
3 data transactions