www.ensonhaber.com Open in urlscan Pro
89.187.169.43 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://ensonhaber.com/
Effective URL:
https://www.ensonhaber.com/
Submission: On June 20 via api (June 20th 2023, 7:44:41 am UTC) from DE — Scanned from DE

Summary HTTP 324 Redirects Links 22 Behaviour Indicators

Summary

This website contacted 53 IPs in 10 countries across 51 domains to perform 324 HTTP transactions. The main IP is 89.187.169.43, located in Frankfurt am Main, Germany and belongs to CDN77 ^_^, GB. The main domain is www.ensonhaber.com. The Cisco Umbrella rank of the primary domain is 147427.
TLS certificate: Issued by RapidSSL TLS RSA CA G1 on March 31st 2023. Valid for: a year.

This is the only time www.ensonhaber.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 77	2606:4700:10:... 2606:4700:10::ac43:28c4	13335 (CLOUDFLAR...) (CLOUDFLARENET)
6	89.187.169.43 89.187.169.43	60068 (CDN77 ^_^) (CDN77 ^_^)
9	2606:4700:10:... 2606:4700:10::6816:3f4e	13335 (CLOUDFLAR...) (CLOUDFLARENET)
12	2a00:1450:400... 2a00:1450:4001:810::2002	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:828::200d	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:82f::2008	15169 (GOOGLE) (GOOGLE)
2	2001:4860:480... 2001:4860:4802:32::36	15169 (GOOGLE) (GOOGLE)
13	2a00:1450:400... 2a00:1450:4001:829::2002	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:830::2002	15169 (GOOGLE) (GOOGLE)
1	104.18.35.34 104.18.35.34	13335 (CLOUDFLAR...) (CLOUDFLARENET)
5	2a00:1450:400... 2a00:1450:4001:811::2001	15169 (GOOGLE) (GOOGLE)
1 8	2a00:1450:400... 2a00:1450:4001:813::2004	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:82f::2003	15169 (GOOGLE) (GOOGLE)
42	2a00:1450:400... 2a00:1450:4001:80b::2002	15169 (GOOGLE) (GOOGLE)
26	2a00:1450:400... 2a00:1450:4001:80b::2001	15169 (GOOGLE) (GOOGLE)
1	34.96.70.87 34.96.70.87	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1	2a02:2638:d::2 2a02:2638:d::2	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
5	2a00:1450:400... 2a00:1450:4001:813::2001	15169 (GOOGLE) (GOOGLE)
4	2a00:1450:400... 2a00:1450:4001:806::200a	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:82a::2003	15169 (GOOGLE) (GOOGLE)
2	35.190.39.111 35.190.39.111	15169 (GOOGLE) (GOOGLE)
1 1	151.101.2.49 151.101.2.49	54113 (FASTLY) (FASTLY)
13 38	172.217.23.98 172.217.23.98	15169 (GOOGLE) (GOOGLE)
3 3	185.64.190.78 185.64.190.78	62713 (AS-PUBMATIC) (AS-PUBMATIC)
2 2	69.173.144.139 69.173.144.139	26667 (RUBICONPR...) (RUBICONPROJECT)
3 3	46.228.174.117 46.228.174.117	56396 (AMOBEE) (AMOBEE)
3 3	2.18.160.23 2.18.160.23	16625 (AKAMAI-AS) (AKAMAI-AS)
1 1	20.127.253.7 20.127.253.7	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	162.19.138.83 162.19.138.83	16276 (OVH) (OVH)
2 2	3.122.77.224 3.122.77.224	16509 (AMAZON-02) (AMAZON-02)
3	2a00:1450:400... 2a00:1450:4001:806::2003	15169 (GOOGLE) (GOOGLE)
1 2	2a02:2638:d::d 2a02:2638:d::d	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
5 11	185.80.39.216 185.80.39.216	27381 (CASALE-MEDIA) (CASALE-MEDIA)
6 9	37.252.171.21 37.252.171.21	29990 (ASN-APPNEX) (ASN-APPNEX)
1	178.250.7.13 178.250.7.13	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
23	2a00:1450:400... 2a00:1450:4001:827::2006	15169 (GOOGLE) (GOOGLE)
1 2	2001:678:cb4:... 2001:678:cb4:bbbb::11	56396 (AMOBEE) (AMOBEE)
2 2	37.157.5.133 37.157.5.133	198622 (ADFORM) (ADFORM)
2	35.227.252.103 35.227.252.103	15169 (GOOGLE) (GOOGLE)
2 2	76.223.111.18 76.223.111.18	16509 (AMAZON-02) (AMAZON-02)
2 4	51.75.86.98 51.75.86.98	16276 (OVH) (OVH)
4	142.250.185.98 142.250.185.98	15169 (GOOGLE) (GOOGLE)
1 2	52.57.130.34 52.57.130.34	16509 (AMAZON-02) (AMAZON-02)
2 2	35.156.85.133 35.156.85.133	16509 (AMAZON-02) (AMAZON-02)
1 1	185.29.132.241 185.29.132.241	30419 (MEDIAMATH...) (MEDIAMATH-INC)
1 1	2a05:d018:d29... 2a05:d018:d29:3601:e563:7f62:3238:4f30	16509 (AMAZON-02) (AMAZON-02)
2 2	213.155.156.168 213.155.156.168	1299 (TWELVE99 ...) (TWELVE99 Arelion)
1 2	178.250.7.11 178.250.7.11	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
1	35.157.246.107 35.157.246.107	16509 (AMAZON-02) (AMAZON-02)
1	2a00:1450:400... 2a00:1450:4001:831::200a	15169 (GOOGLE) (GOOGLE)
5	136.243.149.243 136.243.149.243	24940 (HETZNER-AS) (HETZNER-AS)
1 4	138.201.84.244 138.201.84.244	24940 (HETZNER-AS) (HETZNER-AS)
1	2a0b:4d07:101::1 2a0b:4d07:101::1	44239 (PROINITY ...) (PROINITY PROINITY)
3	145.239.193.130 145.239.193.130	16276 (OVH) (OVH)
1 2	2a01:4f8:d0a:... 2a01:4f8:d0a:2321::2	24940 (HETZNER-AS) (HETZNER-AS)
1	49.12.16.151 49.12.16.151	24940 (HETZNER-AS) (HETZNER-AS)
1	18.170.178.181 18.170.178.181	16509 (AMAZON-02) (AMAZON-02)
1	92.123.148.9 92.123.148.9	16625 (AKAMAI-AS) (AKAMAI-AS)
1 2	142.250.184.230 142.250.184.230	15169 (GOOGLE) (GOOGLE)
1	108.138.36.89 108.138.36.89	16509 (AMAZON-02) (AMAZON-02)
1	108.138.36.21 108.138.36.21	16509 (AMAZON-02) (AMAZON-02)
1	2620:116:800d... 2620:116:800d:21:93ca:31d8:d86e:38f6	16509 (AMAZON-02) (AMAZON-02)
1	52.223.40.198 52.223.40.198	16509 (AMAZON-02) (AMAZON-02)
1 1	18.203.5.185 18.203.5.185	16509 (AMAZON-02) (AMAZON-02)
2	18.168.234.149 18.168.234.149	16509 (AMAZON-02) (AMAZON-02)
1	142.250.185.194 142.250.185.194	15169 (GOOGLE) (GOOGLE)
324	53

77 2606:4700:10::ac43:28c4 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

ensonhaber.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
s.ensonhaber.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
icdn.ensonhaber.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 89.187.169.43 (Frankfurt am Main, Germany)

ASN60068 (CDN77 ^_^, GB)
PTR: unn-89-187-169-43.cdn77.com

www.ensonhaber.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 2606:4700:10::6816:3f4e (United States)

ASN13335 (CLOUDFLARENET, US)

s.ensonhaber.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
api-stg.ensonhaber.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 2a00:1450:4001:810::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:828::200d (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

accounts.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:82f::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2001:4860:4802:32::36 (United States)

ASN15169 (GOOGLE, US)

region1.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

13 2a00:1450:4001:829::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:830::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.18.35.34 (None, )

ASN13335 (CLOUDFLARENET, US)

cdn-ima.33across.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:811::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

b71adb14a14f29496d7699916e80b9c7.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2a00:1450:4001:813::2004 (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:82f::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

42 2a00:1450:4001:80b::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

26 2a00:1450:4001:80b::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.96.70.87 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 87.70.96.34.bc.googleusercontent.com

invstatic101.creativecdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:2638:d::2 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

static.criteo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:813::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

cdn.ampproject.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:806::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:82a::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.190.39.111 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 111.39.190.35.bc.googleusercontent.com

esp.rtbhouse.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.2.49 (United States) 1 redirects

ASN54113 (FASTLY, US)

sync-tm.everesttech.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

38 172.217.23.98 (United States) 13 redirects

ASN15169 (GOOGLE, US)
PTR: mil04s23-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 185.64.190.78 (United Kingdom) 3 redirects

ASN62713 (AS-PUBMATIC, US)

image6.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 69.173.144.139 (Frankfurt am Main, Germany) 2 redirects

ASN26667 (RUBICONPROJECT, US)

pixel.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 46.228.174.117 (United Kingdom) 3 redirects

ASN56396 (AMOBEE, GB)

sync.1rx.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
sync.targeting.unrulymedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2.18.160.23 (Frankfurt am Main, Germany) 3 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a2-18-160-23.deploy.static.akamaitechnologies.com

cs.media.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 20.127.253.7 (Tappahannock, United States) 1 redirects

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

sync.inmobi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 162.19.138.83 (France)

ASN16276 (OVH, FR)
PTR: ns31532338.ip-162-19-138.eu

id5-sync.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 3.122.77.224 (Frankfurt am Main, Germany) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-3-122-77-224.eu-central-1.compute.amazonaws.com

x.bidswitch.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:806::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a02:2638:d::d (France) 1 redirects

ASN44788 (ASN-CRITEO-EUROPE, FR)

gum.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 185.80.39.216 (Canada) 5 redirects

ASN27381 (CASALE-MEDIA, CA)

dsum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
ssum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 37.252.171.21 (Frankfurt am Main, Germany) 6 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 1004.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 178.250.7.13 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

mug.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

23 2a00:1450:4001:827::2006 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

s0.2mdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2001:678:cb4:bbbb::11 (United Kingdom) 1 redirects

ASN56396 (AMOBEE, GB)

ad.turn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
r.turn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 37.157.5.133 (Denmark) 2 redirects

ASN198622 (ADFORM, DK)

c1.adform.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.227.252.103 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 103.252.227.35.bc.googleusercontent.com

rtb.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 76.223.111.18 (United States) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: a0f671730127a0812.awsglobalaccelerator.com

eb2.3lift.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 51.75.86.98 (France) 2 redirects

ASN16276 (OVH, FR)
PTR: ip98.ip-51-75-86.eu

onetag-sys.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 142.250.185.98 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s49-in-f2.1e100.net

googleads4.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.57.130.34 (Frankfurt am Main, Germany) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-52-57-130-34.eu-central-1.compute.amazonaws.com

d.adtriba.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.156.85.133 (Frankfurt am Main, Germany) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-35-156-85-133.eu-central-1.compute.amazonaws.com

pm.w55c.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.29.132.241 (United Kingdom) 1 redirects

ASN30419 (MEDIAMATH-INC, US)

sync.mathtag.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a05:d018:d29:3601:e563:7f62:3238:4f30 (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02, US)

pr-bh.ybp.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 213.155.156.168 (Sweden) 2 redirects

ASN1299 (TWELVE99 Arelion, fka Telia Carrier, SE)

d5p.de17a.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 178.250.7.11 (France) 1 redirects

ASN44788 (ASN-CRITEO-EUROPE, FR)

dis.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.157.246.107 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-35-157-246-107.eu-central-1.compute.amazonaws.com

match.sharethrough.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:831::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

ajax.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 136.243.149.243 (Radeberg, Germany)

ASN24940 (HETZNER-AS, DE)
PTR: static.243.149.243.136.clients.your-server.de

hal9000.redintelligence.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 138.201.84.244 (Germany) 1 redirects

ASN24940 (HETZNER-AS, DE)
PTR: static.244.84.201.138.clients.your-server.de

hal900026.redintelligence.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a0b:4d07:101::1 (Switzerland)

ASN44239 (PROINITY PROINITY, CH)

adv.office-partner.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 145.239.193.130 (France)

ASN16276 (OVH, FR)

pv.medialead.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a01:4f8:d0a:2321::2 (Germany) 1 redirects

ASN24940 (HETZNER-AS, DE)

cdn.retailads.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 49.12.16.151 (Germany)

ASN24940 (HETZNER-AS, DE)
PTR: lb-1.futalis.de

futalis.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.170.178.181 (London, United Kingdom)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-170-178-181.eu-west-2.compute.amazonaws.com

track.webgains.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 92.123.148.9 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a92-123-148-9.deploy.static.akamaitechnologies.com

www.awin1.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.184.230 (United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: fra24s12-in-f6.1e100.net

5994599.fls.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 108.138.36.89 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-108-138-36-89.muc50.r.cloudfront.net

analytics.webgains.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 108.138.36.21 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-108-138-36-21.muc50.r.cloudfront.net

cdn.track.production.webgains.team	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2620:116:800d:21:93ca:31d8:d86e:38f6 (United States)

ASN16509 (AMAZON-02, US)

cms.quantserve.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.223.40.198 (United States)

ASN16509 (AMAZON-02, US)
PTR: a6370ebea231e0c9a.awsglobalaccelerator.com

match.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.203.5.185 (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-18-203-5-185.eu-west-1.compute.amazonaws.com

ads.yieldmo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 18.168.234.149 (London, United Kingdom)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-168-234-149.eu-west-2.compute.amazonaws.com

api.webgains.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.185.194 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s52-in-f2.1e100.net

ade.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
92	ensonhaber.com 1 redirects ensonhaber.com — Cisco Umbrella Rank: 102678 www.ensonhaber.com — Cisco Umbrella Rank: 147427 s.ensonhaber.com — Cisco Umbrella Rank: 259491 icdn.ensonhaber.com — Cisco Umbrella Rank: 153780 api-stg.ensonhaber.com — Cisco Umbrella Rank: 236648	2 MB
74	googlesyndication.com b71adb14a14f29496d7699916e80b9c7.safeframe.googlesyndication.com pagead2.googlesyndication.com — Cisco Umbrella Rank: 133 tpc.googlesyndication.com — Cisco Umbrella Rank: 155 ade.googlesyndication.com — Cisco Umbrella Rank: 321	420 KB
65	doubleclick.net 14 redirects securepubads.g.doubleclick.net — Cisco Umbrella Rank: 219 googleads.g.doubleclick.net — Cisco Umbrella Rank: 57 cm.g.doubleclick.net — Cisco Umbrella Rank: 244 googleads4.g.doubleclick.net — Cisco Umbrella Rank: 359 5994599.fls.doubleclick.net — Cisco Umbrella Rank: 356431	356 KB
23	2mdn.net s0.2mdn.net — Cisco Umbrella Rank: 338	895 KB
13	google.com 1 redirects accounts.google.com — Cisco Umbrella Rank: 59 adservice.google.com — Cisco Umbrella Rank: 107 www.google.com — Cisco Umbrella Rank: 3	78 KB
11	casalemedia.com 5 redirects dsum-sec.casalemedia.com — Cisco Umbrella Rank: 621 ssum-sec.casalemedia.com — Cisco Umbrella Rank: 486	8 KB
9	redintelligence.net 1 redirects hal9000.redintelligence.net — Cisco Umbrella Rank: 39899 hal900026.redintelligence.net — Cisco Umbrella Rank: 435317	243 KB
9	adnxs.com 6 redirects ib.adnxs.com — Cisco Umbrella Rank: 249	10 KB
6	gstatic.com www.gstatic.com fonts.gstatic.com	78 KB
5	criteo.com 2 redirects gum.criteo.com — Cisco Umbrella Rank: 407 mug.criteo.com — Cisco Umbrella Rank: 2114 dis.criteo.com — Cisco Umbrella Rank: 601	8 KB
5	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 80 ajax.googleapis.com — Cisco Umbrella Rank: 422	10 KB
5	ampproject.org cdn.ampproject.org — Cisco Umbrella Rank: 387	110 KB
4	onetag-sys.com 2 redirects onetag-sys.com — Cisco Umbrella Rank: 874	975 B
4	googletagservices.com www.googletagservices.com — Cisco Umbrella Rank: 207	223 KB
3	webgains.io analytics.webgains.io — Cisco Umbrella Rank: 21204 api.webgains.io — Cisco Umbrella Rank: 51885	32 KB
3	medialead.de pv.medialead.de — Cisco Umbrella Rank: 53229	1 KB
3	media.net 3 redirects cs.media.net — Cisco Umbrella Rank: 1628	3 KB
3	pubmatic.com 3 redirects image6.pubmatic.com — Cisco Umbrella Rank: 822	1 KB
3	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 82	189 KB
2	retailads.net 1 redirects cdn.retailads.net — Cisco Umbrella Rank: 135629	6 KB
2	de17a.com 2 redirects d5p.de17a.com — Cisco Umbrella Rank: 4988	647 B
2	w55c.net 2 redirects pm.w55c.net — Cisco Umbrella Rank: 1012	2 KB
2	adtriba.com 1 redirects d.adtriba.com — Cisco Umbrella Rank: 77411	757 B
2	3lift.com 2 redirects eb2.3lift.com — Cisco Umbrella Rank: 421	958 B
2	openx.net rtb.openx.net — Cisco Umbrella Rank: 1042	348 B
2	adform.net 2 redirects c1.adform.net — Cisco Umbrella Rank: 635	1 KB
2	turn.com 1 redirects ad.turn.com — Cisco Umbrella Rank: 1039 r.turn.com — Cisco Umbrella Rank: 3929	869 B
2	bidswitch.net 2 redirects x.bidswitch.net — Cisco Umbrella Rank: 361	1 KB
2	1rx.io 2 redirects sync.1rx.io — Cisco Umbrella Rank: 618	2 KB
2	rubiconproject.com 2 redirects pixel.rubiconproject.com — Cisco Umbrella Rank: 381	922 B
2	rtbhouse.com esp.rtbhouse.com — Cisco Umbrella Rank: 1538	315 B
2	google-analytics.com region1.google-analytics.com — Cisco Umbrella Rank: 1832	310 B
1	yieldmo.com 1 redirects ads.yieldmo.com — Cisco Umbrella Rank: 689	584 B
1	adsrvr.org match.adsrvr.org — Cisco Umbrella Rank: 375	265 B
1	quantserve.com cms.quantserve.com — Cisco Umbrella Rank: 846	465 B
1	webgains.team cdn.track.production.webgains.team — Cisco Umbrella Rank: 57739	439 B
1	awin1.com www.awin1.com — Cisco Umbrella Rank: 16217	704 B
1	webgains.com track.webgains.com — Cisco Umbrella Rank: 35620	2 KB
1	futalis.de futalis.de — Cisco Umbrella Rank: 192473	401 B
1	office-partner.de adv.office-partner.de — Cisco Umbrella Rank: 191967	932 B
1	sharethrough.com match.sharethrough.com — Cisco Umbrella Rank: 572	362 B
1	yahoo.com 1 redirects pr-bh.ybp.yahoo.com — Cisco Umbrella Rank: 468	713 B
1	mathtag.com 1 redirects sync.mathtag.com — Cisco Umbrella Rank: 566	727 B
1	id5-sync.com id5-sync.com — Cisco Umbrella Rank: 434	1 KB
1	inmobi.com 1 redirects sync.inmobi.com — Cisco Umbrella Rank: 1487	710 B
1	unrulymedia.com 1 redirects sync.targeting.unrulymedia.com — Cisco Umbrella Rank: 1281	576 B
1	everesttech.net 1 redirects sync-tm.everesttech.net — Cisco Umbrella Rank: 778	545 B
1	criteo.net static.criteo.net — Cisco Umbrella Rank: 583	13 KB
1	creativecdn.com invstatic101.creativecdn.com — Cisco Umbrella Rank: 1408	2 KB
1	google.de www.google.de — Cisco Umbrella Rank: 4835	455 B
1	33across.com cdn-ima.33across.com — Cisco Umbrella Rank: 3582	4 KB
324	51

	Domain	Requested by
44	icdn.ensonhaber.com	www.ensonhaber.com
42	pagead2.googlesyndication.com	securepubads.g.doubleclick.net tpc.googlesyndication.com www.ensonhaber.com b71adb14a14f29496d7699916e80b9c7.safeframe.googlesyndication.com pagead2.googlesyndication.com googleads.g.doubleclick.net s0.2mdn.net www.googletagservices.com
40	s.ensonhaber.com	www.ensonhaber.com s.ensonhaber.com
38	cm.g.doubleclick.net	13 redirects b71adb14a14f29496d7699916e80b9c7.safeframe.googlesyndication.com googleads.g.doubleclick.net
26	tpc.googlesyndication.com	securepubads.g.doubleclick.net tpc.googlesyndication.com www.ensonhaber.com b71adb14a14f29496d7699916e80b9c7.safeframe.googlesyndication.com cdn.ampproject.org googleads.g.doubleclick.net s0.2mdn.net
23	s0.2mdn.net	www.ensonhaber.com s0.2mdn.net b71adb14a14f29496d7699916e80b9c7.safeframe.googlesyndication.com
12	securepubads.g.doubleclick.net	www.ensonhaber.com securepubads.g.doubleclick.net
10	dsum-sec.casalemedia.com	4 redirects googleads.g.doubleclick.net
9	ib.adnxs.com	6 redirects googleads.g.doubleclick.net
9	googleads.g.doubleclick.net	www.googletagmanager.com www.ensonhaber.com b71adb14a14f29496d7699916e80b9c7.safeframe.googlesyndication.com pagead2.googlesyndication.com
8	www.google.com	1 redirects www.ensonhaber.com tpc.googlesyndication.com b71adb14a14f29496d7699916e80b9c7.safeframe.googlesyndication.com
6	www.ensonhaber.com	s.ensonhaber.com www.ensonhaber.com
5	hal9000.redintelligence.net	b71adb14a14f29496d7699916e80b9c7.safeframe.googlesyndication.com hal900026.redintelligence.net
5	cdn.ampproject.org	securepubads.g.doubleclick.net
5	b71adb14a14f29496d7699916e80b9c7.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
4	hal900026.redintelligence.net	1 redirects b71adb14a14f29496d7699916e80b9c7.safeframe.googlesyndication.com hal900026.redintelligence.net
4	googleads4.g.doubleclick.net	www.ensonhaber.com
4	onetag-sys.com	2 redirects b71adb14a14f29496d7699916e80b9c7.safeframe.googlesyndication.com
4	www.googletagservices.com	www.ensonhaber.com b71adb14a14f29496d7699916e80b9c7.safeframe.googlesyndication.com
4	fonts.googleapis.com	securepubads.g.doubleclick.net b71adb14a14f29496d7699916e80b9c7.safeframe.googlesyndication.com www.ensonhaber.com hal900026.redintelligence.net
3	pv.medialead.de	hal900026.redintelligence.net
3	fonts.gstatic.com	fonts.googleapis.com
3	cs.media.net	3 redirects
3	image6.pubmatic.com	3 redirects
3	www.gstatic.com	www.ensonhaber.com b71adb14a14f29496d7699916e80b9c7.safeframe.googlesyndication.com
3	adservice.google.com	securepubads.g.doubleclick.net 5994599.fls.doubleclick.net
3	www.googletagmanager.com	www.ensonhaber.com www.googletagmanager.com adv.office-partner.de
2	api.webgains.io	analytics.webgains.io
2	5994599.fls.doubleclick.net	1 redirects b71adb14a14f29496d7699916e80b9c7.safeframe.googlesyndication.com
2	cdn.retailads.net	1 redirects futalis.de
2	dis.criteo.com	1 redirects b71adb14a14f29496d7699916e80b9c7.safeframe.googlesyndication.com
2	d5p.de17a.com	2 redirects
2	pm.w55c.net	2 redirects
2	d.adtriba.com	1 redirects b71adb14a14f29496d7699916e80b9c7.safeframe.googlesyndication.com
2	eb2.3lift.com	2 redirects
2	rtb.openx.net	b71adb14a14f29496d7699916e80b9c7.safeframe.googlesyndication.com
2	c1.adform.net	2 redirects
2	gum.criteo.com	1 redirects static.criteo.net
2	x.bidswitch.net	2 redirects
2	sync.1rx.io	2 redirects
2	pixel.rubiconproject.com	2 redirects
2	esp.rtbhouse.com	invstatic101.creativecdn.com
2	region1.google-analytics.com	www.googletagmanager.com
2	accounts.google.com	www.ensonhaber.com accounts.google.com
1	ade.googlesyndication.com
1	ads.yieldmo.com	1 redirects
1	ssum-sec.casalemedia.com	1 redirects
1	match.adsrvr.org	b71adb14a14f29496d7699916e80b9c7.safeframe.googlesyndication.com
1	cms.quantserve.com	b71adb14a14f29496d7699916e80b9c7.safeframe.googlesyndication.com
1	cdn.track.production.webgains.team	b71adb14a14f29496d7699916e80b9c7.safeframe.googlesyndication.com
1	analytics.webgains.io	track.webgains.com
1	www.awin1.com	hal900026.redintelligence.net
1	track.webgains.com	www.ensonhaber.com
1	futalis.de	hal900026.redintelligence.net
1	adv.office-partner.de	hal900026.redintelligence.net
1	ajax.googleapis.com	s0.2mdn.net
1	match.sharethrough.com	b71adb14a14f29496d7699916e80b9c7.safeframe.googlesyndication.com
1	pr-bh.ybp.yahoo.com	1 redirects
1	sync.mathtag.com	1 redirects
1	r.turn.com	b71adb14a14f29496d7699916e80b9c7.safeframe.googlesyndication.com
1	ad.turn.com	1 redirects
1	mug.criteo.com
1	id5-sync.com
1	sync.inmobi.com	1 redirects
1	sync.targeting.unrulymedia.com	1 redirects
1	sync-tm.everesttech.net	1 redirects
1	static.criteo.net	securepubads.g.doubleclick.net
1	invstatic101.creativecdn.com	securepubads.g.doubleclick.net
1	www.google.de	www.ensonhaber.com
1	cdn-ima.33across.com	securepubads.g.doubleclick.net
1	api-stg.ensonhaber.com	s.ensonhaber.com
1	ensonhaber.com	1 redirects
324	72

This site contains links to these domains. Also see Links.

Domain
videonuz.ensonhaber.com
ensonhaber.me
www.youtube.com
wa.me
youtu.be
t.me
twitter.com
www.instagram.com
www.facebook.com

Subject Issuer	Validity	Valid
*.ensonhaber.com RapidSSL TLS RSA CA G1	`2023-03-31` - `2024-03-30`	a year	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2023-05-22` - `2023-08-14`	3 months	crt.sh
accounts.google.com GTS CA 1C3	`2023-05-22` - `2023-08-14`	3 months	crt.sh
*.google-analytics.com GTS CA 1C3	`2023-05-22` - `2023-08-14`	3 months	crt.sh
*.google.com GTS CA 1C3	`2023-05-22` - `2023-08-14`	3 months	crt.sh
*.33across.com Sectigo RSA Domain Validation Secure Server CA	`2022-09-06` - `2023-09-30`	a year	crt.sh
www.google.com GTS CA 1C3	`2023-05-22` - `2023-08-14`	3 months	crt.sh
www.google.de GTS CA 1C3	`2023-05-22` - `2023-08-14`	3 months	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2023-05-22` - `2023-08-14`	3 months	crt.sh
invstatic101.creativecdn.com GTS CA 1D4	`2023-04-28` - `2023-07-28`	3 months	crt.sh
*.criteo.net DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-05-27` - `2023-08-27`	3 months	crt.sh
misc-sni.google.com GTS CA 1C3	`2023-05-22` - `2023-08-14`	3 months	crt.sh
upload.video.google.com GTS CA 1C3	`2023-05-22` - `2023-08-14`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2023-05-22` - `2023-08-14`	3 months	crt.sh
esp.rtbhouse.com GTS CA 1D4	`2023-05-17` - `2023-08-15`	3 months	crt.sh
*.criteo.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-05-12` - `2023-08-10`	3 months	crt.sh
*.doubleclick.net GTS CA 1C3	`2023-05-22` - `2023-08-14`	3 months	crt.sh
*.openx.net GeoTrust RSA CA 2018	`2022-07-21` - `2023-08-21`	a year	crt.sh
*.sharethrough.com Amazon RSA 2048 M01	`2023-06-14` - `2024-07-12`	a year	crt.sh
redintelligence.net R3	`2023-06-09` - `2023-09-07`	3 months	crt.sh
adv.office-partner.de R3	`2023-05-01` - `2023-07-30`	3 months	crt.sh
pv.medialead.de R3	`2023-06-14` - `2023-09-12`	3 months	crt.sh
*.futalis.de R3	`2023-06-16` - `2023-09-14`	3 months	crt.sh
*.webgains.com Amazon RSA 2048 M01	`2023-05-15` - `2024-06-13`	a year	crt.sh
www.awin1.com DigiCert TLS RSA SHA256 2020 CA1	`2023-03-10` - `2024-03-09`	a year	crt.sh
cdn.retailads.net Encryption Everywhere DV TLS CA - G2	`2023-05-18` - `2024-05-17`	a year	crt.sh
*.webgains.io Amazon RSA 2048 M02	`2023-03-02` - `2023-09-21`	7 months	crt.sh
cdn.track.production.webgains.team Amazon RSA 2048 M01	`2023-02-28` - `2023-10-28`	8 months	crt.sh
*.quantserve.com DigiCert TLS RSA SHA256 2020 CA1	`2022-08-09` - `2023-09-09`	a year	crt.sh
*.adsrvr.org GlobalSign GCC R3 DV TLS CA 2020	`2023-04-12` - `2024-05-13`	a year	crt.sh

This page contains 31 frames:

Primary Page: https://www.ensonhaber.com/
Frame ID: E17CD1AB4E4183F133DB5CDE379D23F4
Requests: 126 HTTP requests in this frame

Frame: https://b71adb14a14f29496d7699916e80b9c7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: B53E7BFF388394CF8DE4A953C64AA488
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 80744067481643F7C6ABEAE02712B88A
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 9A6D157EFB2377E1F90334DCEDC6AFEA
Requests: 2 HTTP requests in this frame

Frame: https://b71adb14a14f29496d7699916e80b9c7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: 2945B24E8CADD8747C4AD9AE797FEC03
Requests: 5 HTTP requests in this frame

Frame: https://cdn.ampproject.org/rtv/012305252018000/amp4ads-v0.mjs
Frame ID: 28BC412A5A0FD321005278909210D5C2
Requests: 18 HTTP requests in this frame

Frame: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500
Frame ID: A968C84026A8A195B636DD47C4C8F774
Requests: 8 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Frame ID: E6F441632D5851DCA664C64B65391502
Requests: 2 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: B27B511E80FA59D2646D071AA6F3E717
Requests: 9 HTTP requests in this frame

Frame: https://b71adb14a14f29496d7699916e80b9c7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: FD447B8889E30D6C538A4E608540E757
Requests: 21 HTTP requests in this frame

Frame: https://gum.criteo.com/syncframe?origin=publishertagids&topUrl=www.ensonhaber.com
Frame ID: BB3F80A7E3A2BCAEC2815A195AF06503
Requests: 2 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=COGKFRCp6RsYlfTiwAEwAQ&v=APEucNWfHTp0Qo8BpXE40-9NBM7ZqK11ka9NvBH5q4C9HOLb6zlHj3-FmrKPI_KJ2-ZPPtLIZ0nwZ3D_I17YL0cHCW8PJ-5EAtS5O4MM7CoybChAQyydvFirFq1C74PERTj9YE9uFQN5OAXTnViKBT2kZFUf3UMCfHYfRmqVXbJmPUih-9pQFJKwqdtRV1AZ2oOjYQ5OZ-nz
Frame ID: 1461ABA7B89518FC489571A480145883
Requests: 5 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/_gLG9aN8cjF7vXKbMeOxmtCOjM8PIsJVPzQXNT2dY7E.js
Frame ID: B2A7E8A1C521C5C0763267FD61C6FBC2
Requests: 1 HTTP requests in this frame

Frame: https://b71adb14a14f29496d7699916e80b9c7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: F7F39E91D64F8DC7292D0244A0495F67
Requests: 21 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CLfi9QIQ0YXj8wEY_a6m1AEwAQ&v=APEucNWIGY3vw_9Un65zoAt7BLLCbWc_UR_XaXm4BgySzQFtKKzkvzBKFyMDQ7SZ3ZeCJoBbxk0pqmta-oUhtMUE77Odsciz_p0NbjCmKq9DOFpuot3PrQ-5wHruTZTQe3gUB96SvsRqfg8Mj8a-kMF2KgQEF37VGIW1tcJPuAsE8lZAkFjl8tCefBdIAAd2MMH09XCrlhpU
Frame ID: 8A6BE90FDB34FFC8E296E3C7AA5BDA3E
Requests: 5 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 9B1302155EFBDC488C92BDA0AFEEA1CD
Requests: 9 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 7024FED167D5517D3524A10680EE69BC
Requests: 3 HTTP requests in this frame

Frame: https://b71adb14a14f29496d7699916e80b9c7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: 0093A6B42AE0D86804F53F5DA2C9E91E
Requests: 23 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxjglrvGATAB&v=APEucNWQI0PzooyrZUCFnpDvkz6LbZgOR0a0BcMoVbEG8Ryk9V_DmSk_QD0yJr85HN6ObY8q7S3TPxNJh2KMDHCksbr0-ndXizvBcuCZY7BsseiqjE_9uxwzNDYYFEe8P3T_idg70cQoXB2IhsotiNyOIFGB29gma4qybqjxklM2YZii2lq8KYgXC4248ZeGlgRUJfVKtA4e
Frame ID: 082814ED047BBC8E3B046CB74E6229DB
Requests: 5 HTTP requests in this frame

Frame: https://s0.2mdn.net/sadbundle/4323423352959208367/index.html?e=69&leftOffset=0&topOffset=0&c=B7F3Ld39Cv&t=1&renderingType=2&ev=01_250
Frame ID: 4642009648982BAFE54BAB6918E7AA1E
Requests: 14 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 1950EDE175EEF29CA4B09346FF8AA01E
Requests: 9 HTTP requests in this frame

Frame: https://s0.2mdn.net/sadbundle/14103280447981269710/index.html?ev=01_250
Frame ID: 392CDC6E434B84649D5B5B571CBE068E
Requests: 10 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 387364625B39683FDCCE711D3E3F8F80
Requests: 3 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 0EB76D24D2F59583974F76C41673E0B5
Requests: 3 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/_gLG9aN8cjF7vXKbMeOxmtCOjM8PIsJVPzQXNT2dY7E.js
Frame ID: 306EC9A16A5517434AB79FCBB3D6AD53
Requests: 1 HTTP requests in this frame

Frame: https://adv.office-partner.de/?utm_source=webgains&utm_campaign=webgains
Frame ID: 055EE755D51CD79C7588EA70D58F54C8
Requests: 2 HTTP requests in this frame

Frame: https://pv.medialead.de/trck/epv/e99aace94e6e58733936cdd965d03e75?subid=71685700031512704444990012361026&t=htlp&gdpr=1&consent=1&gdpr_consent=
Frame ID: EDE2C683CD1DD16F9F44B0A8297A136D
Requests: 1 HTTP requests in this frame

Frame: https://futalis.de/htlp?utm_medium=affiliate&utm_source=retailads&utm_campaign=150337&ra_id=2802347527
Frame ID: B39A092BDB201FE476648E227BEA667C
Requests: 2 HTTP requests in this frame

Frame: https://5994599.fls.doubleclick.net/activityi;dc_pre=CKev_JSt0f8CFdGkmgodvysH3w;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=2319750603890.716
Frame ID: 8B2ECC38290ED90AFD4CAAEE5748BEAC
Requests: 2 HTTP requests in this frame

Frame: https://hal900026.redintelligence.net/request_content.php?s=71685700031512704444990012361026&a=ca7676ce
Frame ID: 3E8475D3461BC735347A96485C676ED1
Requests: 9 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 69FE38EB49AFBCEF123F3DB782DD1E0E
Requests: 9 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Ensonhaber – Son Dakika Haber, Güncel Haberler

Page URL History Show full URLs

https://ensonhaber.com/ HTTP 301
https://www.ensonhaber.com/ Page URL

Detected technologies

Google Sign-in (Social logins) Expand

Overall confidence: 100%
Detected patterns

accounts\.google\.com/gsi/client

AppNexus (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.(?:net|com)

DoubleClick Campaign Manager (DCM) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

2mdn\.net

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/
2mdn\.net

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

googleapis\.com/.+webfont

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js
googletagmanager\.com/gtag/js

OpenX (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.openx\.net

Webgains (Affiliate programs) Expand

Overall confidence: 100%
Detected patterns

analytics\.webgains\.io

Page Statistics

324
Requests

88 %
HTTPS

39 %
IPv6

51
Domains

72
Subdomains

53
IPs

10
Countries

4361 kB
Transfer

8017 kB
Size

50
Cookies

22 Outgoing links

These are links going to different origins than the main page.

URL: https://videonuz.ensonhaber.com/
Title: VİDEO

Search URL Search Domain Scan URL

URL: https://ensonhaber.me/v5
Title: bitexen

Search URL Search Domain Scan URL

URL: https://ensonhaber.me/12j
Title: Yetim Vakfı Kurban

Search URL Search Domain Scan URL

URL: https://ensonhaber.me/12h
Title: İHH Kurban

Search URL Search Domain Scan URL

URL: https://www.youtube.com/watch?v=eIaGVxwBcIc
Title: MHP GRUP TOPLANTISI - Devlet Bahçeli konuşuyor

Search URL Search Domain Scan URL

URL: https://www.youtube.com/channel/UCZHf28-BG2Pz-UFqYJiZBeg

Search URL Search Domain Scan URL

URL: https://wa.me/905333782000

Search URL Search Domain Scan URL

URL: https://youtu.be/k9zMlAVwr_A
Title: Kapıdaki tehlike: Kızamık

Search URL Search Domain Scan URL

URL: https://youtu.be/2qKTVdu9oDI
Title: MKYK'nın ana gündemi deprem bölgesiydi

Search URL Search Domain Scan URL

URL: https://youtu.be/xt9IfnEEGas
Title: Cumhurbaşkanı Erdoğan: Enflasyonu tekrar tek haneli rakamlara düşüreceğiz

Search URL Search Domain Scan URL

URL: https://youtu.be/wSuIa-cY3Ro
Title: Caddebostan'da sorduk: CHP'nin yeni genel başkanı kim olmalı?

Search URL Search Domain Scan URL

URL: https://youtu.be/yR9UQeASNUo
Title: Astroloji Danışmanı Nihan Urel açıkladı: Eski alım gücümüze geri döneceğiz

Search URL Search Domain Scan URL

URL: https://youtu.be/nWFX7qttuD4
Title: Cem Uzan: CHP iktidar olamaz

Search URL Search Domain Scan URL

URL: https://youtu.be/KYAaKNTpDZ8
Title: Cem Uzan Ensonhaber'de Seçimi değerlendirdi - Astroloji Danışmanı Nihan Urel Ensonhaber'de

Search URL Search Domain Scan URL

URL: https://youtu.be/khK_Ztj2zZA
Title: Cumhurbaşkanı Erdoğan Haydarpaşa Lisesi'nde karne dağıtım törenine katıldı

Search URL Search Domain Scan URL

URL: https://youtu.be/3yW42TYVB9c
Title: Cumhurbaşkanı Erdoğan'ın katılımıyla restorasyonu tamamlanan Vaniköy Camii'ni ibadete açıldı

Search URL Search Domain Scan URL

URL: https://youtu.be/CPKopcfMfzk
Title: Kılıçdaroğlu'nun kırsal bölgeyi küçümsemesine vatandaşlardan tepki

Search URL Search Domain Scan URL

URL: https://youtu.be/-hP_zDpq6Vc
Title: Yeni Kabine'nin ikinci toplantısı sona erdi: Türkiye Yüzyılı inşası başlıyor

Search URL Search Domain Scan URL

URL: https://t.me/ensonhaber
Title: Telegram

Search URL Search Domain Scan URL

URL: https://twitter.com/ensonhaber
Title: Twitter

Search URL Search Domain Scan URL

URL: https://www.instagram.com/ensonhaber/
Title: Instagram

Search URL Search Domain Scan URL

URL: https://www.facebook.com/ensonhaber
Title: Facebook

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://ensonhaber.com/ HTTP 301
https://www.ensonhaber.com/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 159

https://sync-tm.everesttech.net/upi/pid/5w3jqr4k?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dg8f47s39e399f3fe%26google_hm%3D%24%7BTM_USER_ID_BASE64ENC_URLENC%7D&google_gid=CAESEGRNU6fZg8RKrvVyGZVEiFE&google_cver=1&google_push=ATf1kGMVeHXg20AxbF0yCiur2BdqrUAm1SK8xriGk5fNAZrTghU_qpQ370pNrN1tTzwb-SFmsZFiGWb_MQpIBn6GDVKLaIzTNrfAlA HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_hm=&google_cver=1&google_gid=CAESEGRNU6fZg8RKrvVyGZVEiFE&google_push=ATf1kGMVeHXg20AxbF0yCiur2BdqrUAm1SK8xriGk5fNAZrTghU_qpQ370pNrN1tTzwb-SFmsZFiGWb_MQpIBn6GDVKLaIzTNrfAlA

Request Chain 160

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESELSfqszya1RrKBL8U3h8m9g&google_cver=1&google_push=ATf1kGMkadDFYP9vX6B1nKGzPAmnhB9h-XH74xWPRfUWt4E1lGsIpTPWUqDn1do7hm-9VXvI1yhKKBejT6Goxe-xDKcbkzVNOWurJA HTTP 302
https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESELSfqszya1RrKBL8U3h8m9g&google_cver=1&google_push=ATf1kGMkadDFYP9vX6B1nKGzPAmnhB9h-XH74xWPRfUWt4E1lGsIpTPWUqDn1do7hm-9VXvI1yhKKBejT6Goxe-xDKcbkzVNOWurJA&rdf=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=Q2bs-u_ZRqy-UlXZ8GNwCg%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=ATf1kGMkadDFYP9vX6B1nKGzPAmnhB9h-XH74xWPRfUWt4E1lGsIpTPWUqDn1do7hm-9VXvI1yhKKBejT6Goxe-xDKcbkzVNOWurJA

Request Chain 161

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEDb9xZa4Nh2XeMr7CkR1Dhc&google_cver=1&google_push=ATf1kGMi7yQoTmpktoYDlJwn2qXswpTnxTyKvAMtcBCITVMXtaA_tjQSIAr7AJ3-D02ibeP3qK2lCOD8MVUOTGpq5CkNU8f77-mypw HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TEozWkNFV0QtMjMtRlY5RA==&google_push=ATf1kGMi7yQoTmpktoYDlJwn2qXswpTnxTyKvAMtcBCITVMXtaA_tjQSIAr7AJ3-D02ibeP3qK2lCOD8MVUOTGpq5CkNU8f77-mypw

Request Chain 162

https://sync.1rx.io/usersync2/rmpssp?sub=google&redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dr1%26google_push%3D%5BRX_SPD%5D%26google_hm%3D%5BRX_UUID_B64_BIN%5D&google_gid=CAESEAzDeq-UKAFH6zJmeUrHI3c&google_cver=1&google_push=ATf1kGPDX863MoKILVX6NBetgED-No3q1pfCAVmB8EAH0B4odc74_PJj_2KT6xzCfk0Hd_GluoPo_IAFzBUQ-uNPPKH5mMW6h8y1ng HTTP 302
https://sync.1rx.io/usersync2/rmpssp?sub=google&zcc=1&google_push=ATf1kGPDX863MoKILVX6NBetgED-No3q1pfCAVmB8EAH0B4odc74_PJj_2KT6xzCfk0Hd_GluoPo_IAFzBUQ-uNPPKH5mMW6h8y1ng&redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dr1%26google_push%3D%5BRX_SPD%5D%26google_hm%3D%5BRX_UUID_B64_BIN%5D&cb=1687247074665 HTTP 302
https://sync.targeting.unrulymedia.com/csync/RX-af404d55-c207-4060-af58-106765370892-003?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dr1%26google_push%3DATf1kGPDX863MoKILVX6NBetgED-No3q1pfCAVmB8EAH0B4odc74_PJj_2KT6xzCfk0Hd_GluoPo_IAFzBUQ-uNPPKH5mMW6h8y1ng%26google_hm%3DA69ATVXCB0Bgr1gQZ2U3CJI HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=r1&google_push=ATf1kGPDX863MoKILVX6NBetgED-No3q1pfCAVmB8EAH0B4odc74_PJj_2KT6xzCfk0Hd_GluoPo_IAFzBUQ-uNPPKH5mMW6h8y1ng&google_hm=A69ATVXCB0Bgr1gQZ2U3CJI

Request Chain 163

https://cs.media.net/cksync?type=g&google_gid=CAESECmfPpRADrhHjwqDf_H4-Pg&google_cver=1&google_push=ATf1kGP93zSnIK0seaqDP_no3E5XG2o1Idj_T55y0sCr8hv9ebK7OvnISkx31eczmiEUeq4RwXTdTa3OU_5rlgpRHvNeEWJfHKKV0Q HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=media&google_hm=MzMwMjQ4Njc0ODIxNDkxODAwMFYxMA%3d%3d&mn_hm=MzMwMjQ4Njc0ODIxNDkxODAwMFYxMA%3d%3d&google_sc=1&google_push=ATf1kGP93zSnIK0seaqDP_no3E5XG2o1Idj_T55y0sCr8hv9ebK7OvnISkx31eczmiEUeq4RwXTdTa3OU_5rlgpRHvNeEWJfHKKV0Q&gdpr=&gdpr_consent=

Request Chain 164

https://sync.inmobi.com/gob?google_gid=CAESENDkb0Lx1JXBce5Mdw0FuuE&google_cver=1&google_push=ATf1kGPr8Ew56UONs4du2UfhMiXZ3-1gHH_Pcb0Pf60bAQhDyy9QatS6phh8CaGtzrZsaZBKKxaCX8iHzxT4yRjtgHYQM1Un2n5xh64 HTTP 302
https://id5-sync.com/i/495/0.gif?gdpr_consent=&gdpr=&callback=https%3A%2F%2Fsync.inmobi.com%2FgobRedirectFromId5%3Fid%3D%7BID5UID%7D%26google_push%3DATf1kGPr8Ew56UONs4du2UfhMiXZ3-1gHH_Pcb0Pf60bAQhDyy9QatS6phh8CaGtzrZsaZBKKxaCX8iHzxT4yRjtgHYQM1Un2n5xh64

Request Chain 165

https://x.bidswitch.net/check_uuid/https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dthe_mediagrid_eb%26google_hm%3D%24%7BBSW_UUID%7D%26%25%25GOOGLE_PUSH_PAIR%25%25?google_gid=CAESEMkXoc6gvhWoCuPr8UB1fCU&google_cver=1&google_push=ATf1kGPDZCuSU1sMr4Q1FCOZ1AAH4Wc1gNDj88c7h3frJ1-XjZJ5zqmv8meKi7JsgmBzIPLnwCu5iTK-n1Eemf77-uinMvST4TGwN34 HTTP 302
https://x.bidswitch.net/ul_cb/check_uuid/https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dthe_mediagrid_eb%26google_hm%3D%24%7BBSW_UUID%7D%26%25%25GOOGLE_PUSH_PAIR%25%25?google_gid=CAESEMkXoc6gvhWoCuPr8UB1fCU&google_cver=1&google_push=ATf1kGPDZCuSU1sMr4Q1FCOZ1AAH4Wc1gNDj88c7h3frJ1-XjZJ5zqmv8meKi7JsgmBzIPLnwCu5iTK-n1Eemf77-uinMvST4TGwN34 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=the_mediagrid_eb&google_hm=f853db92-867d-4d86-84ef-1b12291297dc&%%GOOGLE_PUSH_PAIR%%

Request Chain 167

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Request Chain 183

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESED51sCtBluMtAzFcgYgyltA&google_cver=1

Request Chain 184

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZJFY4he.Xz1H7v7FyXnlvgAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEIfeVe9pXHOmaL6jzvvAAs4&google_cver=1&google_hm=2

Request Chain 185

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESEN2UfsPnVgMNz4bZ7ez-BM4&google_cver=1 HTTP 307
https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESEN2UfsPnVgMNz4bZ7ez-BM4%26google_cver%3D1

Request Chain 186

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 307
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=ODU1NTc4MTY0NDkwMzQyMjg0

Request Chain 187

https://gum.criteo.com/sid/json?origin=publishertagids&domain=ensonhaber.com&sn=ChromeSyncframe&so=0&topUrl=www.ensonhaber.com&cw=1&lsw=1&topicsavail=0&fledgeavail=0 HTTP 302
https://mug.criteo.com/sid?cpp=b5m_K3xXR0cxTEp3WUtOZ1NmaEhwN1dZMXlaMDhOVkUyT3B5N2ZqZitEZjVKV2hhQS9JU0lTMGZOSXhtdFBlaE9MSVhHczJVckoyTzg3b21nYklEVWRWOHdQWTJUeVdRbnAvYjMvOTg2Q1J6OXZVWjJOS01aUlNMaVlMek1NN3NlZ0hVcmM3OTVsVmlHZC85V281VVlsUTdTRFB4bmVqckFTUXpSOVJRbzEwZE9DRng5NENiS2R4Qk5mVUhtYzVic0ttWWFFTCtpNm44ZnROZzE5RjZGWkJYWWoyR3ZmWmlCRWl2QXNMS2Q0V3M1N1RoZlJkUktIS1FsenQ5aGcxUFdnVXdSVzlDaWNOZ0hId1RRcGZMUjJPK2ZLQzBteHlPQ1FibGhZMW1Bc3l5QXpTTT18&cppv=2

Request Chain 196

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESED51sCtBluMtAzFcgYgyltA&google_cver=1

Request Chain 197

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZJFY4he.Xz1H7v7FyXnlvgAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEIfeVe9pXHOmaL6jzvvAAs4&google_cver=1&google_hm=2

Request Chain 198

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESEN2UfsPnVgMNz4bZ7ez-BM4&google_cver=1

Request Chain 199

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 307
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=ODU1MDQ3NjcxNjEzODIxODY3

Request Chain 210

https://ad.turn.com/r/cs?pid=3&google_gid=CAESEK2Q4W3Pa8uEVd0Yns3HjJ4&google_cver=1&google_push=ATf1kGMrGHUJI3tzkImEPHMcuffN__D8PSJEEBysBfgtA2J3BAiaJ9wjaB9jpAR5s9EgpO96c0i4CVeI_Zqlm5cEv1qx7ElPdAg7 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=turn1&google_cm&google_sc&google_hm=ODYwMDg1MzQ0NTc0ODc2NDc3Ng==&gdpr=&gdpr_consent= HTTP 302
https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?gdpr=&gdpr_consent=&google_gid=CAESEHcrTADmDzyEcU2LQLypJXc&google_cver=1

Request Chain 211

https://c1.adform.net/serving/cookie/match/?party=1&google_gid=CAESEI4OyXcI-GU6Xo_ICqb3xqU&google_cver=1&google_push=ATf1kGNUVThku0QnLDcwANMIRUTl_ARfU-nTbUrOPz6UZEi99t83RJNBCiwTecVf2baz-14ac3wPqTzyXEVUj3yeEG4IgOGtUiSi HTTP 302
https://c1.adform.net/serving/cookie/match/?CC=1&party=1&google_gid=CAESEI4OyXcI-GU6Xo_ICqb3xqU&google_cver=1&google_push=ATf1kGNUVThku0QnLDcwANMIRUTl_ARfU-nTbUrOPz6UZEi99t83RJNBCiwTecVf2baz-14ac3wPqTzyXEVUj3yeEG4IgOGtUiSi HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=MzUxODQ4NDIwMTg1MDA5Nzc4MA&google_push=ATf1kGNUVThku0QnLDcwANMIRUTl_ARfU-nTbUrOPz6UZEi99t83RJNBCiwTecVf2baz-14ac3wPqTzyXEVUj3yeEG4IgOGtUiSi

Request Chain 213

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESECXIEX0ywAN96ClHUcVSKvs&google_cver=1&google_push=ATf1kGOlYWOhxneEelTr3YU1TFAS-rJj8qm3MxSl5D8YSAz1P8P0D9yUDrfu_CNfSpHpiuV57oneqfmNGVBpiilu8xAYNSAlDiA HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=Q2bs-u_ZRqy-UlXZ8GNwCg%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=ATf1kGOlYWOhxneEelTr3YU1TFAS-rJj8qm3MxSl5D8YSAz1P8P0D9yUDrfu_CNfSpHpiuV57oneqfmNGVBpiilu8xAYNSAlDiA

Request Chain 214

https://eb2.3lift.com/ebda?sync=1&google_gid=CAESENJZTCnHlBwOuDE-cywVB5w&google_cver=1&google_push=ATf1kGOUwVrbEBk4R0Xec1Qd8L-KsNhcPvOO5G2miqPhFdw0jZPuib4mOhWZnNcPVkRhoPVXkzV4FVgqRli8b6Gl1xC75uu9Frbb HTTP 302
https://eb2.3lift.com/sync/google/supply?ld=1&gdpr=1&gdpr_consent=&us_privacy=&sync=1&google_push=ATf1kGOUwVrbEBk4R0Xec1Qd8L-KsNhcPvOO5G2miqPhFdw0jZPuib4mOhWZnNcPVkRhoPVXkzV4FVgqRli8b6Gl1xC75uu9Frbb&google_gid=CAESENJZTCnHlBwOuDE-cywVB5w HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_hm=MTM3NTU5MjQ2NjU2ODkxNTE1NjU5Mg%3D%3D&google_push=ATf1kGOUwVrbEBk4R0Xec1Qd8L-KsNhcPvOO5G2miqPhFdw0jZPuib4mOhWZnNcPVkRhoPVXkzV4FVgqRli8b6Gl1xC75uu9Frbb

Request Chain 215

https://cs.media.net/cksync?type=g&google_gid=CAESEKRoage-CH6JxccrdrkcCc0&google_cver=1&google_push=ATf1kGPtscorglnoVXjqdM3DxamulrNUATQmjR5zaLHoH9Qaj8nBuPXVw3PAe6vCEg7WAcmdAUnWzuhB3sdSfMjks2lZHwDDy_VV HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=media&google_hm=MzMwMjQ4Njc0ODIxNDkxODAwMFYxMA%3d%3d&mn_hm=MzMwMjQ4Njc0ODIxNDkxODAwMFYxMA%3d%3d&google_sc=1&google_push=ATf1kGPtscorglnoVXjqdM3DxamulrNUATQmjR5zaLHoH9Qaj8nBuPXVw3PAe6vCEg7WAcmdAUnWzuhB3sdSfMjks2lZHwDDy_VV&gdpr=&gdpr_consent=

Request Chain 216

https://onetag-sys.com/match/?int_id=106&redir=1&google_gid=CAESEGyHw5Mhdm3WbZ5801o1BhE&google_cver=1&google_push=ATf1kGO-Ux9PV8j3TYp4opK53lUGFzYlRG08tsB3w9oiW8mtSQnYejEKiB7EuJUsX8rJWH1mVYMBDpzNGInx2UcVICwNQzQ1AMni HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=ATf1kGO-Ux9PV8j3TYp4opK53lUGFzYlRG08tsB3w9oiW8mtSQnYejEKiB7EuJUsX8rJWH1mVYMBDpzNGInx2UcVICwNQzQ1AMni HTTP 302
https://onetag-sys.com/match/?int_id=19&google_error=5

Request Chain 239

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEIfeVe9pXHOmaL6jzvvAAs4&google_cver=1

Request Chain 240

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZJFY4he.Xz1H7v7FyXnlvgAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEIfeVe9pXHOmaL6jzvvAAs4&google_cver=1&google_hm=2

Request Chain 241

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESEDgXcm-zH0uQPzpOETA-3bg&google_cver=1

Request Chain 242

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=ODU1MDQ3NjcxNjEzODIxODY3

Request Chain 245

https://d.adtriba.com/collect?atb_ptid=f65079e0&atb_dcaid=202210_es_hunger_dv_pros_347637949&atb_dpuid=di_dv&gdpr=&gdpr_consent= HTTP 302
https://d.adtriba.com/px.gif

Request Chain 250

https://pm.w55c.net/ping_match.gif?ei=GOOGLE&rurl=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3D9675309%26google_hm%3D_wfivefivec64esc_&google_gid=CAESEM5Xmv7GBQWdq-ts3Nm-hy8&google_cver=1&google_push=ATf1kGMQG3w7_aGpIIcOGRrSiVhdkhh7zOn5N7MVhDtYonTEbjvGgvwGfJR5Wy5cGzC5mLUQgxqzjuT9aAa1rb2uIXzsgS3oqArM HTTP 302
https://pm.w55c.net/ping_match.gif?scc=1&ei=GOOGLE&rurl=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3D9675309%26google_hm%3D_wfivefivec64esc_&google_gid=CAESEM5Xmv7GBQWdq-ts3Nm-hy8&google_cver=1&google_push=ATf1kGMQG3w7_aGpIIcOGRrSiVhdkhh7zOn5N7MVhDtYonTEbjvGgvwGfJR5Wy5cGzC5mLUQgxqzjuT9aAa1rb2uIXzsgS3oqArM HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=9675309&google_hm=bHk5aE4zT2oxUWJ3MnY1&google_gid=CAESEM5Xmv7GBQWdq-ts3Nm-hy8&google_cver=1&google_push=ATf1kGMQG3w7_aGpIIcOGRrSiVhdkhh7zOn5N7MVhDtYonTEbjvGgvwGfJR5Wy5cGzC5mLUQgxqzjuT9aAa1rb2uIXzsgS3oqArM

Request Chain 251

https://sync.mathtag.com/sync/img?mt_exid=4&google_gid=CAESECDgBKlMox_t40ZZ_ndI66Q&google_cver=1&google_push=ATf1kGNBehyB73yWRZxEP44Yi5HHh60nceDfXP0tsvqPdFk1gL1bAt6ebrYCKeLQgcLMGMFxZwwP3S3bCyNCLFyy4rmidnf0C0o HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=mediamath&google_hm=&google_push=ATf1kGNBehyB73yWRZxEP44Yi5HHh60nceDfXP0tsvqPdFk1gL1bAt6ebrYCKeLQgcLMGMFxZwwP3S3bCyNCLFyy4rmidnf0C0o

Request Chain 252

https://pr-bh.ybp.yahoo.com/sync/adx?google_gid=CAESENtFoNJNGDNoK80sqYWy9hc&google_cver=1&google_push=ATf1kGODCi0czaUAVRC3I5k6zkwWQ9WAIKBgPhjY8Q8A7orp4sfXN3Scdr9U0Zhf1gkbew_-Hb9HHWFA9qIYITju-Ha7cuVM9rLG HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=ATf1kGODCi0czaUAVRC3I5k6zkwWQ9WAIKBgPhjY8Q8A7orp4sfXN3Scdr9U0Zhf1gkbew_-Hb9HHWFA9qIYITju-Ha7cuVM9rLG&google_hm=eS11QmQ3SzlsRTJwRnVUaHZlTGxQNHFEc2xsUFhDRVRrOH5B

Request Chain 253

https://d5p.de17a.com/cookies/google?google_gid=CAESEMimMjaKxa2O2dz-4jLs-PE&google_cver=1&google_push=ATf1kGMTtPa-Xs8s7Y7JsrMuzIiABynvwevWy21RCHFzA3_V1mbyoKp9xafEsX6YyUAo3Quzm16vRu_PDu8eTYDBj7AMfmi4cnCJ HTTP 302
https://d5p.de17a.com/cookies/google;c?google_gid=CAESEMimMjaKxa2O2dz-4jLs-PE&google_cver=1&google_push=ATf1kGMTtPa-Xs8s7Y7JsrMuzIiABynvwevWy21RCHFzA3_V1mbyoKp9xafEsX6YyUAo3Quzm16vRu_PDu8eTYDBj7AMfmi4cnCJ HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=delta_projects_ab&google_ula=668382&google_push=ATf1kGMTtPa-Xs8s7Y7JsrMuzIiABynvwevWy21RCHFzA3_V1mbyoKp9xafEsX6YyUAo3Quzm16vRu_PDu8eTYDBj7AMfmi4cnCJ

Request Chain 254

https://dis.criteo.com/dis/usersync.aspx?r=4&p=14&cp=google&cu=1&url=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcjp%26google_hm%3D%40%40CRITEO_USERID%40%40%26google_push%3DPUSH_DATA&google_gid=CAESEED6Md1hOwcRTAngZ3tTJeY&google_cver=1&google_push=ATf1kGOy1JBwPcyvQYl27crB2jRX-SX7IUcz1aAgCcYaw8L47QgXlmJTujTGXfyaSj2X5xiUpCr7qLcIUf0aiE1TmX7ulryufudI HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=cjp&google_hm=k-KPWkzHvG9O_kkgrIAi89zqBOZTyBFYbqu9fUFw&google_push=PUSH_DATA HTTP 302
https://dis.criteo.com/dis/rtb/google/cookiematch.aspx?id=&google_error=5

Request Chain 256

https://onetag-sys.com/match/?int_id=106&redir=1&google_gid=CAESEInUctipgKiuy2n06mfjCQQ&google_cver=1&google_push=ATf1kGOXcCphf0EKMFuLnL0lKwe4J5DpxLO0jdXmgerW7q51nESJXqe9ljxdS5IBIXs7YFxxw9jWaLC7YsD8anGfSNKjmgicoSuXAw HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=ATf1kGOXcCphf0EKMFuLnL0lKwe4J5DpxLO0jdXmgerW7q51nESJXqe9ljxdS5IBIXs7YFxxw9jWaLC7YsD8anGfSNKjmgicoSuXAw HTTP 302
https://onetag-sys.com/match/?int_id=19&google_error=5

Request Chain 285

https://hal900026.redintelligence.net/request.php?zone=vjdy8w6hewcq&nw=20&renderingType=javascript&namespace=cd10c92c4b&subid=&uid=c17fb7430fa8c84a&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=970x250&scrollPos=0x0&extData[]=&extVar[]=DV360_SSP%3A1&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCin7d4liRZMPnOMmVgQeo7IqQB6blvaBplZOcp8kP8C4QASDWhtslYJWCgICYB8gBCakC0-pTdV1Ssj6oAwGqBIcCT9CmxvyQlfZPBrxESVTAS9DtAyiq6c-EZ4e7p0GvuFMY9OWAWmz6kU739Y7EJSWCJoHqCwsPnCch1mImFsCgW1IGqf5DF45yZOkCAaR59H0GrP-NglAHU4kw4iPpzEhw9O5U5AB-t12A__0kovLPspCaJI2LthTadI2dVJkkGh3ZsiNAqKlZTBTOkSrOBvP0BIp8aHjtPGsvoHHKyc2JxoVXmrT2psYax84_c6RZk8RhR0zt-YWBgVRtsfI1TfDdHzMdpT8Xb8VW_TyqC1iBRgwGFxX_J6z2DYiJwBl7VrAesvZl8d2xqAEDvoJUdSBA7-0T8Z8mxJFF2g3JZtC-skPVpfgBoqjABOuP_I73A-AEA5AGAaAGTYAHrK31nwOoB47OG6gHk9gbqAfulrECqAf-nrECqAeko7ECqAfVyRuoB6a-G6gHmgaoB_PRG6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggWCIDhgBAQARgdMgKqAjoCgEBIvf3BOoAKA5gLAcgLAYAMAbATzJzZEtATANgTA4gUAdgUAdAVAfgWAYAXAQ%26ae%3D1%26num%3D1%26cid%3DCAQSPABygQiD_YL3W3zaeveE2rdnD1ZwLuvWWHIOxgxitwgxGzkfGKMdmL1YhLkIIEhgRWRK2eB5Y-H4mGJDFhgB%26sig%3DAOD64_3hrNW-7Wmq82B9rdmnv3t9yQu1Og%26client%3Dca-pub-8601585505701947%26dbm_c%3DAKAmf-CGCXr6lhuS3blN4pgWTRuy7OnXyJI7u97-9fXXggt8vBHFOE_Z4dVMmp0JsOAayL7y416fmc05tf2aomHODElnopnHX-lIY_D5i9I34ZugKwG5SXGOhvp0_1lb-zlKWzVK8PJPy_BUJcR0EJZrxjqohiVXlp26Xr4VAgXDHVx5tG2AvrA%26cry%3D1%26dbm_d%3DAKAmf-CK77CIDNVqSGHLaHj7Ul33nWWvmHduKEoMvpccl6fRREReGt2A0BfkgggvRdc9l4ddWkTnSFCRdZ70NXBox2R3Ng-IJIRDi9OQ2io7VBHdAMYpQjR9buBTWI4RXLhNs_LGZbPvtpgnJsxqVEBEyZjRphonq-v7mczYKtoyxQSqU-bgQmiuKdpCTSNfpvDhD7bKniR3fVkCGZBouEL0KN9PNqE1AkpSo5COOrxRKYQHFJR8QILhzeswwkj44CtpJ8jzwMcLRxu3Ei5LmpNeT3rFBYwqjwiV3_MREpGT0EIsXORoTXPhbVvi3V68l3nK2mK9t4zl1YIuUGDoufyqrzwBrHt_iVsl6GH_R_F0GO463MkJ5SBPBEP7nLqM9WCH8OFF0zgPsx_C_TEBvV0wibIYaaJSfYXYArPCegX7FmXkoGWwBVtg5hUpDesG_2DYNWDYewYnxyECl_SzwNYE0YkE37-pyg7G_DxxlJuVQFfZrHnV1Kxt2XaU7Q-nsrQfRbmWlkSKRLXbQgnguSi1GlwfGKmJ9S2qz-B5H13_sH4d4D9YKr8%26adurl%3D&documentReferer=https%3A%2F%2Fwww.ensonhaber.com%2F&ancestorOrigins=https%3A%2F%2Fwww.ensonhaber.com&random=2474406794885&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0 HTTP 302
https://hal900026.redintelligence.net/request.php?zone=vjdy8w6hewcq&nw=20&renderingType=javascript&namespace=cd10c92c4b&subid=&uid=c17fb7430fa8c84a&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=970x250&scrollPos=0x0&extData[]=&extVar[]=DV360_SSP%3A1&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCin7d4liRZMPnOMmVgQeo7IqQB6blvaBplZOcp8kP8C4QASDWhtslYJWCgICYB8gBCakC0-pTdV1Ssj6oAwGqBIcCT9CmxvyQlfZPBrxESVTAS9DtAyiq6c-EZ4e7p0GvuFMY9OWAWmz6kU739Y7EJSWCJoHqCwsPnCch1mImFsCgW1IGqf5DF45yZOkCAaR59H0GrP-NglAHU4kw4iPpzEhw9O5U5AB-t12A__0kovLPspCaJI2LthTadI2dVJkkGh3ZsiNAqKlZTBTOkSrOBvP0BIp8aHjtPGsvoHHKyc2JxoVXmrT2psYax84_c6RZk8RhR0zt-YWBgVRtsfI1TfDdHzMdpT8Xb8VW_TyqC1iBRgwGFxX_J6z2DYiJwBl7VrAesvZl8d2xqAEDvoJUdSBA7-0T8Z8mxJFF2g3JZtC-skPVpfgBoqjABOuP_I73A-AEA5AGAaAGTYAHrK31nwOoB47OG6gHk9gbqAfulrECqAf-nrECqAeko7ECqAfVyRuoB6a-G6gHmgaoB_PRG6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggWCIDhgBAQARgdMgKqAjoCgEBIvf3BOoAKA5gLAcgLAYAMAbATzJzZEtATANgTA4gUAdgUAdAVAfgWAYAXAQ%26ae%3D1%26num%3D1%26cid%3DCAQSPABygQiD_YL3W3zaeveE2rdnD1ZwLuvWWHIOxgxitwgxGzkfGKMdmL1YhLkIIEhgRWRK2eB5Y-H4mGJDFhgB%26sig%3DAOD64_3hrNW-7Wmq82B9rdmnv3t9yQu1Og%26client%3Dca-pub-8601585505701947%26dbm_c%3DAKAmf-CGCXr6lhuS3blN4pgWTRuy7OnXyJI7u97-9fXXggt8vBHFOE_Z4dVMmp0JsOAayL7y416fmc05tf2aomHODElnopnHX-lIY_D5i9I34ZugKwG5SXGOhvp0_1lb-zlKWzVK8PJPy_BUJcR0EJZrxjqohiVXlp26Xr4VAgXDHVx5tG2AvrA%26cry%3D1%26dbm_d%3DAKAmf-CK77CIDNVqSGHLaHj7Ul33nWWvmHduKEoMvpccl6fRREReGt2A0BfkgggvRdc9l4ddWkTnSFCRdZ70NXBox2R3Ng-IJIRDi9OQ2io7VBHdAMYpQjR9buBTWI4RXLhNs_LGZbPvtpgnJsxqVEBEyZjRphonq-v7mczYKtoyxQSqU-bgQmiuKdpCTSNfpvDhD7bKniR3fVkCGZBouEL0KN9PNqE1AkpSo5COOrxRKYQHFJR8QILhzeswwkj44CtpJ8jzwMcLRxu3Ei5LmpNeT3rFBYwqjwiV3_MREpGT0EIsXORoTXPhbVvi3V68l3nK2mK9t4zl1YIuUGDoufyqrzwBrHt_iVsl6GH_R_F0GO463MkJ5SBPBEP7nLqM9WCH8OFF0zgPsx_C_TEBvV0wibIYaaJSfYXYArPCegX7FmXkoGWwBVtg5hUpDesG_2DYNWDYewYnxyECl_SzwNYE0YkE37-pyg7G_DxxlJuVQFfZrHnV1Kxt2XaU7Q-nsrQfRbmWlkSKRLXbQgnguSi1GlwfGKmJ9S2qz-B5H13_sH4d4D9YKr8%26adurl%3D&documentReferer=https%3A%2F%2Fwww.ensonhaber.com%2F&ancestorOrigins=https%3A%2F%2Fwww.ensonhaber.com&random=2474406794885&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0&uidRedirect=1

Request Chain 294

https://cdn.retailads.net/tb.php?t=150337V2172132532M&subid=71685700031512704444990012361026&ra_cnt_active=1&ra_cnt=1 HTTP 302
https://futalis.de/htlp?utm_medium=affiliate&utm_source=retailads&utm_campaign=150337&ra_id=2802347527

Request Chain 300

https://5994599.fls.doubleclick.net/activityi;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=2319750603890.716 HTTP 302
https://5994599.fls.doubleclick.net/activityi;dc_pre=CKev_JSt0f8CFdGkmgodvysH3w;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=2319750603890.716

Request Chain 310

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEL2EYkENorUraGe-YtdO7QY&google_cver=1&google_push=ATf1kGPynGqMU81tfv_cgim6npsCqyPHmGBJOeH60M5wuQIWnxKEVBRiTCOJN35Z4Lh87YHPTm8Wvu0nvV9sxlTonz2lgUdCEoiyLw HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TEozWkNHMUMtQy1LNURQ&google_push=ATf1kGPynGqMU81tfv_cgim6npsCqyPHmGBJOeH60M5wuQIWnxKEVBRiTCOJN35Z4Lh87YHPTm8Wvu0nvV9sxlTonz2lgUdCEoiyLw

Request Chain 311

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEHhCRzFT4mBmZ9w2M8DgfdU&google_cver=1&google_push=ATf1kGPb_1lNFgxWqFnD74bSlfsLo95tPf-FqFWFHjAqV_ederBvG33qHsZjCj-fnqiqLU96tyyMdPkeBxVQuqxD_nufmnf-OCFT HTTP 302
https://cm.g.doubleclick.net/pixel?google_cver=1&google_gid=CAESEHhCRzFT4mBmZ9w2M8DgfdU&google_hm=ZJFY4he-Xz1H7v7FyXnlvgAACKwAAAIB&google_nid=index&google_push=ATf1kGPb_1lNFgxWqFnD74bSlfsLo95tPf-FqFWFHjAqV_ederBvG33qHsZjCj-fnqiqLU96tyyMdPkeBxVQuqxD_nufmnf-OCFT

Request Chain 312

https://ads.yieldmo.com/exptsync?google_gid=CAESEPrbzMCvRVFjgTGUyLed-_A&google_cver=1&google_push=ATf1kGMZGbJa5otQMSR7gvylg7Pkjv8Iq8PlaZkJs3uPRuaHTbNTLTTVlfWu_M8mu0QtzpiU8V2Dq2oOvAep249CcMOKaVq6e8-y HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=yieldmo&google_push=ATf1kGMZGbJa5otQMSR7gvylg7Pkjv8Iq8PlaZkJs3uPRuaHTbNTLTTVlfWu_M8mu0QtzpiU8V2Dq2oOvAep249CcMOKaVq6e8-y&google_hm=M2hIaUx5eUdHRHlzM1BPRHJGbTk=

Request Chain 313

https://cs.media.net/cksync?type=g&google_gid=CAESEGFxQJDV1qdJkb74SIzBTeU&google_cver=1&google_push=ATf1kGNWJvRZPlq2PmaOkG553I_zaVBaCBK3R8k9bdSWfLYX40MvI0lMIlzTa3-h6ABXJtUHpdItnSXQmrvNy5rfHLvXWkZAbp_D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=media&google_hm=MzMwMjQ4Njc0ODIxNDkxODAwMFYxMA%3d%3d&mn_hm=MzMwMjQ4Njc0ODIxNDkxODAwMFYxMA%3d%3d&google_sc=1&google_push=ATf1kGNWJvRZPlq2PmaOkG553I_zaVBaCBK3R8k9bdSWfLYX40MvI0lMIlzTa3-h6ABXJtUHpdItnSXQmrvNy5rfHLvXWkZAbp_D&gdpr=&gdpr_consent=

324 HTTP transactions
12 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request / Show response
www.ensonhaber.com/
Redirect Chain

https://ensonhaber.com/
https://www.ensonhaber.com/

164 KB
29 KB

100ms
21ms

Document
text/html

89.187.169.43
CDN77 ^_^

General

Check archive.org

Show headers Download Go to

Full URL: https://www.ensonhaber.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 89.187.169.43 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS: unn-89-187-169-43.cdn77.com
Software: MerlinCDN / PHP/8.0.25
Resource Hash: 91f6a189bfe0f6f722af271eada986a029981411f1e3161e92e014ccbbe85be6

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 28
allow: GET, HEAD, POST
cache-control: max-age=40
caching-type: litespeed
content-encoding: gzip
content-type: text/html; charset=UTF-8
date: Tue, 20 Jun 2023 07:44:32 GMT
etag: W/"3994758-1687246996;;;"
merlin-is-mobile-desktop: 1
merlin-is-mobile-viewer: 0
server: MerlinCDN
via: HTTP/2.0 Merlin CDN
x-cache-status: HIT
x-edge: de-fra-dp-s01
x-litespeed-cache: hit
x-midtier: de-fra-dp-s02
x-powered-by: PHP/8.0.25

Redirect headers

cache-control: max-age=3600
cf-ray: 7da263176c0a2c6d-FRA
date: Tue, 20 Jun 2023 07:44:31 GMT
expires: Tue, 20 Jun 2023 08:44:31 GMT
location: https://www.ensonhaber.com/
server: cloudflare
vary: Accept-Encoding

GET
H2 200 home.min.css
s.ensonhaber.com/assets/css/ 277 KB
51 KB 116ms
52ms Stylesheet
text/css 2606:4700:10::6816:3f4e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://s.ensonhaber.com/assets/css/home.min.css?v=3.14.62_a6744a8
Requested by: Host: www.ensonhaber.com
URL: https://www.ensonhaber.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:3f4e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b57c9aa30eb75613091d6753b26caa6b3a56e24b7326ec4512a2ba17678def7d

Request headers

Referer: https://www.ensonhaber.com/
Origin: https://www.ensonhaber.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 07:44:32 GMT
content-encoding: gzip
x-msg-05: fetch: save cache with 1M
cf-cache-status: HIT
age: 45001
content-length: 52151
x-vtex-cache-status-nginx-thumbor: MISS
last-modified: Fri, 16 Jun 2023 11:14:28 GMT
server: cloudflare
etag: "454f6-648c4414-1c2131dc75de44c;gz"
vary: Accept-Encoding
content-type: text/css
access-control-allow-origin: *
x-msg-esh: js gnc cdn
cache-control: max-age=31536000
accept-ranges: bytes
cf-ray: 7da26318cc50904f-FRA
expires: Tue, 18 Jun 2024 19:14:06 GMT

GET
H2 200 inter-v2-latin-ext_latin-regular.woff2
s.ensonhaber.com/assets/fonts/inter/ 35 KB
35 KB 112ms
48ms Font
font/woff2 2606:4700:10::6816:3f4e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://s.ensonhaber.com/assets/fonts/inter/inter-v2-latin-ext_latin-regular.woff2
Requested by: Host: www.ensonhaber.com
URL: https://www.ensonhaber.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:3f4e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: a7b0e537ecabd3d1f81dc4c203a245b706c3cc3eed9089097c5c755a835786aa

Request headers

Referer: https://www.ensonhaber.com/
Origin: https://www.ensonhaber.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 07:44:32 GMT
x-msg-05: fetch: save cache with 1M
cf-cache-status: HIT
age: 4278192
content-length: 36104
x-vtex-cache-status-nginx-thumbor: HIT
last-modified: Fri, 16 Dec 2022 16:19:15 GMT
server: cloudflare
etag: "8d08-639c9a83-8a94ee445f24e6c0;;;"
vary: Accept-Encoding
content-type: font/woff2
access-control-allow-origin: *
x-msg-esh: js gnc cdn
cache-control: max-age=31536000
accept-ranges: bytes
cf-ray: 7da26318cc51904f-FRA
expires: Thu, 25 Apr 2024 06:58:32 GMT

GET
H2 200 inter-v2-latin-ext_latin-300.woff2
s.ensonhaber.com/assets/fonts/inter/ 37 KB
37 KB 92ms
28ms Font
font/woff2 2606:4700:10::6816:3f4e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://s.ensonhaber.com/assets/fonts/inter/inter-v2-latin-ext_latin-300.woff2
Requested by: Host: www.ensonhaber.com
URL: https://www.ensonhaber.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:3f4e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: bdf77c2e2ee4fce5ccc2a8b4105861708c75bda5ffe264b80ba86d5201aa2aed

Request headers

Referer: https://www.ensonhaber.com/
Origin: https://www.ensonhaber.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 07:44:32 GMT
x-msg-05: fetch: save cache with 1M
cf-cache-status: HIT
age: 4819712
content-length: 37584
x-vtex-cache-status-nginx-thumbor: HIT
last-modified: Fri, 16 Dec 2022 16:19:15 GMT
server: cloudflare
etag: "92d0-639c9a83-275355ba44709d0b;;;"
vary: Accept-Encoding
content-type: font/woff2
access-control-allow-origin: *
x-msg-esh: js gnc cdn
cache-control: max-age=31536000
accept-ranges: bytes
cf-ray: 7da26318cc52904f-FRA
expires: Wed, 24 Apr 2024 12:55:38 GMT

GET
H2 200 inter-v2-latin-ext_latin-500.woff2
s.ensonhaber.com/assets/fonts/inter/ 38 KB
38 KB 117ms
53ms Font
font/woff2 2606:4700:10::6816:3f4e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://s.ensonhaber.com/assets/fonts/inter/inter-v2-latin-ext_latin-500.woff2
Requested by: Host: www.ensonhaber.com
URL: https://www.ensonhaber.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:3f4e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: bd1f0ba991b730edbc9e72f9a6f8a290ef8d852644c9629dc479c7eb18c1ea1b

Request headers

Referer: https://www.ensonhaber.com/
Origin: https://www.ensonhaber.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 07:44:32 GMT
x-msg-05: fetch: save cache with 1M
cf-cache-status: HIT
age: 4819712
content-length: 38652
x-vtex-cache-status-nginx-thumbor: HIT
last-modified: Fri, 16 Dec 2022 16:19:15 GMT
server: cloudflare
etag: "96fc-639c9a83-df183364806ed438;;;"
vary: Accept-Encoding
content-type: font/woff2
access-control-allow-origin: *
x-msg-esh: js gnc cdn
cache-control: max-age=31536000
accept-ranges: bytes
cf-ray: 7da26318cc54904f-FRA
expires: Wed, 24 Apr 2024 12:55:38 GMT

GET
H2 200 inter-v2-latin-ext_latin-600.woff2
s.ensonhaber.com/assets/fonts/inter/ 38 KB
38 KB 116ms
52ms Font
font/woff2 2606:4700:10::6816:3f4e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://s.ensonhaber.com/assets/fonts/inter/inter-v2-latin-ext_latin-600.woff2
Requested by: Host: www.ensonhaber.com
URL: https://www.ensonhaber.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:3f4e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 102b58b4e227d81042c84d5eccdb17a607b87d33b01c258c1f820fe9bcc18b61

Request headers

Referer: https://www.ensonhaber.com/
Origin: https://www.ensonhaber.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 07:44:32 GMT
x-msg-05: fetch: save cache with 1M
cf-cache-status: HIT
age: 4819712
content-length: 38852
x-vtex-cache-status-nginx-thumbor: HIT
last-modified: Fri, 16 Dec 2022 16:19:15 GMT
server: cloudflare
etag: "97c4-639c9a83-c70c6bcb7fd34262;;;"
vary: Accept-Encoding
content-type: font/woff2
access-control-allow-origin: *
x-msg-esh: js gnc cdn
cache-control: max-age=31536000
accept-ranges: bytes
cf-ray: 7da26318cc55904f-FRA
expires: Wed, 24 Apr 2024 12:55:38 GMT

GET
H2 200 inter-v2-latin-ext_latin-700.woff2
s.ensonhaber.com/assets/fonts/inter/ 38 KB
38 KB 116ms
53ms Font
font/woff2 2606:4700:10::6816:3f4e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://s.ensonhaber.com/assets/fonts/inter/inter-v2-latin-ext_latin-700.woff2
Requested by: Host: www.ensonhaber.com
URL: https://www.ensonhaber.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:3f4e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f8ce6f350e90bbf4799d659b4555945cf96010490800a128ef48bcd33ece1b8e

Request headers

Referer: https://www.ensonhaber.com/
Origin: https://www.ensonhaber.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 07:44:32 GMT
x-msg-05: fetch: save cache with 1M
cf-cache-status: HIT
age: 4819712
content-length: 38908
x-vtex-cache-status-nginx-thumbor: HIT
last-modified: Fri, 16 Dec 2022 16:19:15 GMT
server: cloudflare
etag: "97fc-639c9a83-82ee2966142daad0;;;"
vary: Accept-Encoding
content-type: font/woff2
access-control-allow-origin: *
x-msg-esh: js gnc cdn
cache-control: max-age=31536000
accept-ranges: bytes
cf-ray: 7da26318cc56904f-FRA
expires: Wed, 24 Apr 2024 12:55:38 GMT

GET
H2 200 inter-v2-latin-ext_latin-800.woff2
s.ensonhaber.com/assets/fonts/inter/ 38 KB
38 KB 116ms
52ms Font
font/woff2 2606:4700:10::6816:3f4e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://s.ensonhaber.com/assets/fonts/inter/inter-v2-latin-ext_latin-800.woff2
Requested by: Host: www.ensonhaber.com
URL: https://www.ensonhaber.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:3f4e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c287ba7fe796611bb01f2fd3996698167128d05427019e7f97d48b961cba3b1f

Request headers

Referer: https://www.ensonhaber.com/
Origin: https://www.ensonhaber.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 07:44:32 GMT
x-msg-05: fetch: save cache with 1M
cf-cache-status: HIT
age: 4278192
content-length: 38948
x-vtex-cache-status-nginx-thumbor: HIT
last-modified: Fri, 16 Dec 2022 16:19:15 GMT
server: cloudflare
etag: "9824-639c9a83-d47e4f5f26ad6474;;;"
vary: Accept-Encoding
content-type: font/woff2
access-control-allow-origin: *
x-msg-esh: js gnc cdn
cache-control: max-age=31536000
accept-ranges: bytes
cf-ray: 7da26318cc57904f-FRA
expires: Wed, 24 Apr 2024 12:55:38 GMT

GET
H2 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ 80 KB
27 KB 173ms
120ms Script
text/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: www.ensonhaber.com
URL: https://www.ensonhaber.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

1ce3d4d51aa4a91469b26001dfdc90216c2ec3bac9e21d9dd1c1c80e784bad9c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.ensonhaber.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 07:44:32 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 26672
x-xss-protection: 0
server: cafe
etag: 776 / 19528 / m202306140101 / config-hash: 8267584658048972417
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
expires: Tue, 20 Jun 2023 07:44:32 GMT

GET
H2 200 esh-tag.js Show response
s.ensonhaber.com/assets/js/lib/ 14 KB
4 KB 48ms
32ms Script
application/x-javascript 2606:4700:10::ac43:28c4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://s.ensonhaber.com/assets/js/lib/esh-tag.js?r=3.14.62_a6744a8-v2
Requested by: Host: www.ensonhaber.com
URL: https://www.ensonhaber.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:28c4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 1f43af206870986a648b5db6570c0488ead3ab087202e82168e57a73af4b5124

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.ensonhaber.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 07:44:32 GMT
x-msg-05: fetch: save cache with 1M
content-encoding: gzip
cf-cache-status: HIT
age: 44979
cf-polished: origSize=25855
x-vtex-cache-status-nginx-thumbor: MISS
cf-bgj: minify
last-modified: Fri, 16 Jun 2023 16:43:44 GMT
server: cloudflare
etag: W/"64ff-648c9140-600d8002f3582cb9;gz"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
x-msg-esh: js gnc cdn
cache-control: max-age=31536000
cf-ray: 7da263187d692c6d-FRA
expires: Tue, 18 Jun 2024 19:14:00 GMT

GET
H2 200 client Show response
accounts.google.com/gsi/ 192 KB
75 KB 98ms
42ms Script
application/javascript 2a00:1450:4001:828::200d
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://accounts.google.com/gsi/client

Requested by

Host: www.ensonhaber.com
URL: https://www.ensonhaber.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::200d Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

914e792e0d03a775a673f70736e89594938337065f4e5bc5906e3b5c3c5acf1a

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script';report-uri https://csp.withgoogle.com/csp/identity-sign-in-google-http, script-src 'report-sample' 'nonce-32JqVse18RKJiGploTZ5wA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/identity-sign-in-google-http
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.ensonhaber.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 07:44:32 GMT
content-security-policy: require-trusted-types-for 'script';report-uri https://csp.withgoogle.com/csp/identity-sign-in-google-http, script-src 'report-sample' 'nonce-32JqVse18RKJiGploTZ5wA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/identity-sign-in-google-http
content-encoding: gzip
x-content-type-options: nosniff
server: ESF
x-frame-options: SAMEORIGIN
report-to: {"group":"coop_dd7de8473bddc59c6b748810a67a39b1","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/dd7de8473bddc59c6b748810a67a39b1"}]}
content-type: application/javascript; charset=utf-8
cache-control: private, max-age=1800
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
cross-origin-opener-policy-report-only: same-origin; report-to="coop_dd7de8473bddc59c6b748810a67a39b1"
expires: Tue, 20 Jun 2023 07:44:32 GMT

GET
H2 200 logo.png
s.ensonhaber.com/assets/img/ 10 KB
10 KB 56ms
55ms Image
image/webp 2606:4700:10::ac43:28c4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s.ensonhaber.com/assets/img/logo.png
Requested by: Host: www.ensonhaber.com
URL: https://www.ensonhaber.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:28c4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 18716a69ac05e85bcd36f171cf3517c6f86c48d2814cd715b8f212e1f93c845f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.ensonhaber.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 07:44:32 GMT
x-msg-05: fetch: save cache with 1M
cf-cache-status: HIT
age: 3668812
cf-polished: origFmt=png, origSize=14744
content-disposition: inline; filename="logo.webp"
content-length: 9952
x-vtex-cache-status-nginx-thumbor: MISS
cf-bgj: imgq:100,h2pri
last-modified: Fri, 16 Dec 2022 16:19:15 GMT
server: cloudflare
etag: "3998-639c9a83-80370abe83dfb67e;;;"
vary: Accept
content-type: image/webp
access-control-allow-origin: *
x-msg-esh: gnc cdn
cache-control: max-age=31536000
accept-ranges: bytes
cf-ray: 7da263197ed72c6d-FRA
expires: Fri, 03 May 2024 19:30:03 GMT

GET
H2 200 config.js Show response
s.ensonhaber.com/assets/js/lib/ 5 KB
2 KB 38ms
36ms Script
application/x-javascript 2606:4700:10::ac43:28c4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://s.ensonhaber.com/assets/js/lib/config.js?v=3.14.62_a6744a8
Requested by: Host: www.ensonhaber.com
URL: https://www.ensonhaber.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:28c4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2f2688eeeeb6d99e09adc5d8aeea2963fe4034ca8f98f639f24dea4e0d0f7d16

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.ensonhaber.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 07:44:32 GMT
x-msg-05: fetch: save cache with 1M
content-encoding: gzip
cf-cache-status: HIT
age: 44979
cf-polished: origSize=8068
x-vtex-cache-status-nginx-thumbor: MISS
cf-bgj: minify
last-modified: Thu, 27 Apr 2023 01:38:36 GMT
server: cloudflare
etag: W/"1f84-6449d21c-29d76f8c661a4d15;gz"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
x-msg-esh: js gnc cdn
cache-control: max-age=31536000
cf-ray: 7da263197ed82c6d-FRA
expires: Tue, 18 Jun 2024 19:14:01 GMT

GET
H2 200 swiper-bundle.min.js Show response
s.ensonhaber.com/assets/plugins/swiper/ 138 KB
37 KB 31ms
30ms Script
application/x-javascript 2606:4700:10::ac43:28c4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://s.ensonhaber.com/assets/plugins/swiper/swiper-bundle.min.js
Requested by: Host: www.ensonhaber.com
URL: https://www.ensonhaber.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:28c4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ef7461c0051b325805c887adc6357a464dae3efad3720214b91799a501afb62c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.ensonhaber.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 07:44:32 GMT
content-encoding: gzip
x-msg-05: fetch: save cache with 1M
cf-cache-status: HIT
age: 4819503
content-length: 37667
x-vtex-cache-status-nginx-thumbor: MISS
last-modified: Fri, 16 Dec 2022 16:19:16 GMT
server: cloudflare
etag: "227c3-639c9a84-365ff75c50969382;gz"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
x-msg-esh: js gnc cdn
cache-control: max-age=31536000
accept-ranges: bytes
cf-ray: 7da263197eda2c6d-FRA
expires: Wed, 24 Apr 2024 12:55:39 GMT

GET
H2 200 keen-slider.min.js Show response
s.ensonhaber.com/assets/plugins/keen-slider/ 14 KB
6 KB 55ms
54ms Script
application/x-javascript 2606:4700:10::ac43:28c4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://s.ensonhaber.com/assets/plugins/keen-slider/keen-slider.min.js
Requested by: Host: www.ensonhaber.com
URL: https://www.ensonhaber.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:28c4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 127fc5122908ed58f8a0595d3c00f9202b406d774b2b6ecd834bfba408a374da

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.ensonhaber.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 07:44:32 GMT
content-encoding: gzip
x-msg-05: fetch: save cache with 1M
cf-cache-status: HIT
age: 4819556
content-length: 5950
x-vtex-cache-status-nginx-thumbor: MISS
last-modified: Tue, 24 Jan 2023 10:59:25 GMT
server: cloudflare
etag: "391a-63cfba0d-c751872e52ec6ffc;gz"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
x-msg-esh: js gnc cdn
cache-control: max-age=31536000
accept-ranges: bytes
cf-ray: 7da263197edc2c6d-FRA
expires: Wed, 24 Apr 2024 12:55:38 GMT

GET
H2 200 scrollbooster.min.js Show response
s.ensonhaber.com/assets/plugins/scrollbooster/ 13 KB
4 KB 56ms
55ms Script
application/x-javascript 2606:4700:10::ac43:28c4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://s.ensonhaber.com/assets/plugins/scrollbooster/scrollbooster.min.js
Requested by: Host: www.ensonhaber.com
URL: https://www.ensonhaber.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:28c4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 34df2cadac0444599fe032eaa1b5d521809cbb2dc76c7368b66405217c7a67e3

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.ensonhaber.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 07:44:32 GMT
content-encoding: gzip
x-msg-05: fetch: save cache with 1M
cf-cache-status: HIT
age: 4819503
content-length: 3744
x-vtex-cache-status-nginx-thumbor: MISS
last-modified: Mon, 24 Apr 2023 13:24:08 GMT
server: cloudflare
etag: "340b-644682f8-33996e347c569589;gz"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
x-msg-esh: js gnc cdn
cache-control: max-age=31536000
accept-ranges: bytes
cf-ray: 7da263197ede2c6d-FRA
expires: Wed, 24 Apr 2024 12:55:38 GMT

GET
H2 200 home.min.js Show response
s.ensonhaber.com/assets/js/ 111 KB
30 KB 38ms
37ms Script
application/x-javascript 2606:4700:10::ac43:28c4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://s.ensonhaber.com/assets/js/home.min.js?v=3.14.62_a6744a8
Requested by: Host: www.ensonhaber.com
URL: https://www.ensonhaber.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:28c4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c45a7b5b9773d0581e627e740074e62cc6a88eab432d47793849695c0e8f2b64

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.ensonhaber.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 07:44:32 GMT
content-encoding: gzip
x-msg-05: fetch: save cache with 1M
cf-cache-status: HIT
age: 44936
content-length: 30087
x-vtex-cache-status-nginx-thumbor: MISS
last-modified: Mon, 19 Jun 2023 12:09:43 GMT
server: cloudflare
etag: "1bdd1-64904587-8eb2f34356ebea3f;gz"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
x-msg-esh: js gnc cdn
cache-control: max-age=31536000
accept-ranges: bytes
cf-ray: 7da263197edf2c6d-FRA
expires: Tue, 18 Jun 2024 19:14:06 GMT

GET
H2 200 login.min.js Show response
s.ensonhaber.com/assets/js/ 15 KB
4 KB 55ms
54ms Script
application/x-javascript 2606:4700:10::ac43:28c4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://s.ensonhaber.com/assets/js/login.min.js?v=3.14.62_a6744a8
Requested by: Host: www.ensonhaber.com
URL: https://www.ensonhaber.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:28c4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 009d4ceeb1168ae5d225f0898ba84f53743d9051b32b5a016bc7c867f32f0c5c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.ensonhaber.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 07:44:32 GMT
content-encoding: gzip
x-msg-05: fetch: save cache with 1M
cf-cache-status: HIT
age: 44979
content-length: 4351
x-vtex-cache-status-nginx-thumbor: MISS
last-modified: Fri, 28 Apr 2023 14:12:37 GMT
server: cloudflare
etag: "3aa3-644bd455-cc120e5c107645f9;gz"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
x-msg-esh: js gnc cdn
cache-control: max-age=31536000
accept-ranges: bytes
cf-ray: 7da263197ee02c6d-FRA
expires: Tue, 18 Jun 2024 19:14:01 GMT

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 125 KB
48 KB 84ms
31ms Script
application/javascript 2a00:1450:4001:82f::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-PL4PL92

Requested by

Host: www.ensonhaber.com
URL: https://www.ensonhaber.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

2fb61ae48d4fdb9941f91a0418d730d7b1561c1e6e9ae33504ded2ec30df005a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.ensonhaber.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 07:44:32 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 48833
x-xss-protection: 0
last-modified: Tue, 20 Jun 2023 06:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Tue, 20 Jun 2023 07:44:32 GMT

GET
H2 200 search.svg
s.ensonhaber.com/assets/img/nav/ 503 B
395 B 41ms
40ms Image
image/svg+xml 2606:4700:10::ac43:28c4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s.ensonhaber.com/assets/img/nav/search.svg
Requested by: Host: s.ensonhaber.com
URL: https://s.ensonhaber.com/assets/css/home.min.css?v=3.14.62_a6744a8
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:28c4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2302716051f0963269ff25431c4c06772a2fd6fb9ea23f7ad5d5d5eb4f13478e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s.ensonhaber.com/assets/css/home.min.css?v=3.14.62_a6744a8
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 07:44:32 GMT
content-encoding: gzip
x-msg-05: fetch: save cache with 1M
cf-cache-status: HIT
age: 4819503
content-length: 288
x-vtex-cache-status-nginx-thumbor: MISS
last-modified: Fri, 16 Dec 2022 16:19:15 GMT
server: cloudflare
etag: "1f7-639c9a83-7df830a54a0303c3;gz"
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
x-msg-esh: js gnc cdn
cache-control: max-age=31536000
accept-ranges: bytes
cf-ray: 7da263198ef62c6d-FRA
expires: Wed, 24 Apr 2024 12:55:38 GMT

GET
H2 200 tv-live.svg
s.ensonhaber.com/assets/img/nav/ 392 B
400 B 41ms
40ms Image
image/svg+xml 2606:4700:10::ac43:28c4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s.ensonhaber.com/assets/img/nav/tv-live.svg
Requested by: Host: s.ensonhaber.com
URL: https://s.ensonhaber.com/assets/css/home.min.css?v=3.14.62_a6744a8
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:28c4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: cc041c68a2177f55b4e9ce51c16fbd2c038effbaba704a9627e02e587d1bbc25

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s.ensonhaber.com/assets/css/home.min.css?v=3.14.62_a6744a8
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 07:44:32 GMT
content-encoding: gzip
x-msg-05: fetch: save cache with 1M
cf-cache-status: HIT
age: 4819503
content-length: 286
x-vtex-cache-status-nginx-thumbor: MISS
last-modified: Fri, 16 Dec 2022 16:19:15 GMT
server: cloudflare
etag: "188-639c9a83-32710c5bc2f0f20f;gz"
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
x-msg-esh: js gnc cdn
cache-control: max-age=31536000
accept-ranges: bytes
cf-ray: 7da263198ef72c6d-FRA
expires: Wed, 24 Apr 2024 12:55:39 GMT

GET
H2 200 archive.svg
s.ensonhaber.com/assets/img/nav/ 238 B
346 B 41ms
40ms Image
image/svg+xml 2606:4700:10::ac43:28c4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s.ensonhaber.com/assets/img/nav/archive.svg
Requested by: Host: s.ensonhaber.com
URL: https://s.ensonhaber.com/assets/css/home.min.css?v=3.14.62_a6744a8
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:28c4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: feebe1fce6a2c5b44c30aca519403f048c63e4d0f021a472052065feccefc441

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s.ensonhaber.com/assets/css/home.min.css?v=3.14.62_a6744a8
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 07:44:32 GMT
content-encoding: gzip
x-msg-05: fetch: save cache with 1M
cf-cache-status: HIT
age: 4819503
content-length: 202
x-vtex-cache-status-nginx-thumbor: MISS
last-modified: Fri, 16 Dec 2022 16:19:15 GMT
server: cloudflare
etag: "ee-639c9a83-18325224231ec6ac;gz"
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
x-msg-esh: js gnc cdn
cache-control: max-age=31536000
accept-ranges: bytes
cf-ray: 7da263198ef82c6d-FRA
expires: Wed, 24 Apr 2024 12:55:38 GMT

GET
H2 200 theme-dark.svg
s.ensonhaber.com/assets/img/nav/ 545 B
425 B 45ms
44ms Image
image/svg+xml 2606:4700:10::ac43:28c4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s.ensonhaber.com/assets/img/nav/theme-dark.svg
Requested by: Host: s.ensonhaber.com
URL: https://s.ensonhaber.com/assets/css/home.min.css?v=3.14.62_a6744a8
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:28c4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 592726dcd36e27f1287a1ff2e6d14e5e68b928cd4eebed720c267d4633277286

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s.ensonhaber.com/assets/css/home.min.css?v=3.14.62_a6744a8
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 07:44:32 GMT
content-encoding: gzip
x-msg-05: fetch: save cache with 1M
cf-cache-status: HIT
age: 4819503
content-length: 321
x-vtex-cache-status-nginx-thumbor: MISS
last-modified: Fri, 16 Dec 2022 16:19:15 GMT
server: cloudflare
etag: "221-639c9a83-d5d50ee83eb5dfb6;gz"
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
x-msg-esh: js gnc cdn
cache-control: max-age=31536000
accept-ranges: bytes
cf-ray: 7da263199f052c6d-FRA
expires: Wed, 24 Apr 2024 12:55:38 GMT

GET
H2 200 notifications-off.svg
s.ensonhaber.com/assets/img/nav/ 1 KB
856 B 48ms
47ms Image
image/svg+xml 2606:4700:10::ac43:28c4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s.ensonhaber.com/assets/img/nav/notifications-off.svg
Requested by: Host: s.ensonhaber.com
URL: https://s.ensonhaber.com/assets/css/home.min.css?v=3.14.62_a6744a8
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:28c4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 1b18344098c7beeb17792064f962b0325c6fe6b6b6e2708a521f346b71d4d283

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s.ensonhaber.com/assets/css/home.min.css?v=3.14.62_a6744a8
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 07:44:32 GMT
content-encoding: gzip
x-msg-05: fetch: save cache with 1M
cf-cache-status: HIT
age: 4819503
content-length: 716
x-vtex-cache-status-nginx-thumbor: MISS
last-modified: Fri, 10 Mar 2023 13:24:25 GMT
server: cloudflare
etag: "573-640b2f89-b9e1aca0490ef169;gz"
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
x-msg-esh: js gnc cdn
cache-control: max-age=31536000
accept-ranges: bytes
cf-ray: 7da263199f082c6d-FRA
expires: Wed, 24 Apr 2024 12:55:40 GMT

GET
H2 200 user.svg
s.ensonhaber.com/assets/img/nav/ 379 B
382 B 44ms
43ms Image
image/svg+xml 2606:4700:10::ac43:28c4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s.ensonhaber.com/assets/img/nav/user.svg
Requested by: Host: s.ensonhaber.com
URL: https://s.ensonhaber.com/assets/css/home.min.css?v=3.14.62_a6744a8
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:28c4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 768382b088c5cb58e4a670880ea33d6926e16ddb5923a937f41f660269c676d1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s.ensonhaber.com/assets/css/home.min.css?v=3.14.62_a6744a8
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 07:44:32 GMT
content-encoding: gzip
x-msg-05: fetch: save cache with 1M
cf-cache-status: HIT
age: 4819503
content-length: 260
x-vtex-cache-status-nginx-thumbor: MISS
last-modified: Fri, 16 Dec 2022 16:19:15 GMT
server: cloudflare
etag: "17b-639c9a83-5a3c1594c91c1939;gz"
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
x-msg-esh: js gnc cdn
cache-control: max-age=31536000
accept-ranges: bytes
cf-ray: 7da263199f092c6d-FRA
expires: Wed, 24 Apr 2024 12:55:38 GMT

GET
H2 200 flag.svg
s.ensonhaber.com/assets/img/nav/ 664 B
508 B 44ms
44ms Image
image/svg+xml 2606:4700:10::ac43:28c4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s.ensonhaber.com/assets/img/nav/flag.svg
Requested by: Host: s.ensonhaber.com
URL: https://s.ensonhaber.com/assets/css/home.min.css?v=3.14.62_a6744a8
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:28c4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 800532bf9b839ea479ad22d9735b2de456c113e98869f3d63cf92fe1643e469a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s.ensonhaber.com/assets/css/home.min.css?v=3.14.62_a6744a8
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 07:44:32 GMT
content-encoding: gzip
x-msg-05: fetch: save cache with 1M
cf-cache-status: HIT
age: 4819555
content-length: 397
x-vtex-cache-status-nginx-thumbor: HIT
last-modified: Fri, 16 Dec 2022 16:19:15 GMT
server: cloudflare
etag: "298-639c9a83-2532c638c956b99e;gz"
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
x-msg-esh: js gnc cdn
cache-control: max-age=31536000
accept-ranges: bytes
cf-ray: 7da263199f0b2c6d-FRA
expires: Wed, 24 Apr 2024 12:55:38 GMT

GET
DATA 200
OK truncated
/ 295 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: fe2182626d97612dfb6390dba18118a5f65a65d912fdbe4a9bc2e158f5c13dc3

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf8

GET
H2 200 hamburger.svg
s.ensonhaber.com/assets/img/nav/ 141 B
264 B 42ms
42ms Image
image/svg+xml 2606:4700:10::ac43:28c4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s.ensonhaber.com/assets/img/nav/hamburger.svg
Requested by: Host: s.ensonhaber.com
URL: https://s.ensonhaber.com/assets/css/home.min.css?v=3.14.62_a6744a8
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:28c4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 1b86bb840a36f6a4bd1b1ff4f64f3b62acc8b7b8a868bbdbd9f5a24c6bdb0ddf

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s.ensonhaber.com/assets/css/home.min.css?v=3.14.62_a6744a8
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 07:44:32 GMT
x-msg-05: fetch: save cache with 1M
content-encoding: gzip
cf-cache-status: HIT
age: 4819503
x-vtex-cache-status-nginx-thumbor: MISS
last-modified: Fri, 16 Dec 2022 16:19:15 GMT
server: cloudflare
etag: W/"8d-639c9a83-d5ea281d6f82c105;;;"
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
x-msg-esh: js gnc cdn
cache-control: max-age=31536000
cf-ray: 7da263199f0c2c6d-FRA
expires: Wed, 24 Apr 2024 12:55:38 GMT

GET
DATA 200
OK truncated
/ 2 KB
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 53a42cf5d32fb8153b2f58d5ea30404e2c8cdac08e85153df1849682098c1cbb

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 296 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 6b05416d448486b4f4bb414d78be3b4a8f3666c7c51b8e6aa12e74ea35f10018

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 2 KB
2 KB Font
application/font-woff

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 60280b8ab4c8d489c74567c55e14945b935c2f5937855f808163ee40a65f065f

Request headers

Referer
Origin: https://www.ensonhaber.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Content-Type: application/font-woff;charset=utf-8

GET
H2 200 eshicons.ttf
s.ensonhaber.com/assets/fonts/eshicons/fonts/ 23 KB
12 KB 31ms
30ms Font
application/x-font-ttf 2606:4700:10::6816:3f4e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://s.ensonhaber.com/assets/fonts/eshicons/fonts/eshicons.ttf?ncw6hm
Requested by: Host: s.ensonhaber.com
URL: https://s.ensonhaber.com/assets/css/home.min.css?v=3.14.62_a6744a8
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:3f4e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8f273840584f0246670b192fd23e6aac48cdad71d53ab3526d79f9fc90e88bb9

Request headers

Referer: https://s.ensonhaber.com/assets/css/home.min.css?v=3.14.62_a6744a8
Origin: https://www.ensonhaber.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 07:44:32 GMT
content-encoding: gzip
x-msg-05: fetch: save cache with 1M
cf-cache-status: HIT
age: 4278192
content-length: 12530
x-vtex-cache-status-nginx-thumbor: HIT
last-modified: Fri, 16 Dec 2022 16:19:15 GMT
server: cloudflare
etag: "5a5c-639c9a83-56e91538b3845a0f;gz"
vary: Accept-Encoding
content-type: application/x-font-ttf
access-control-allow-origin: *
x-msg-esh: js gnc cdn
cache-control: max-age=31536000
accept-ranges: bytes
cf-ray: 7da263199d33904f-FRA
expires: Wed, 24 Apr 2024 12:55:38 GMT

GET
H2 200 iyi-partili-vekil-adayi-meral-akseneri-istifaya-davet-edenleri-tehdit_1501b239.jpg
icdn.ensonhaber.com/crop/788x450-85/resimler/diger/kok/2023/06/20/ 92 KB
93 KB 51ms
33ms Image
image/jpeg 2606:4700:10::ac43:28c4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://icdn.ensonhaber.com/crop/788x450-85/resimler/diger/kok/2023/06/20/iyi-partili-vekil-adayi-meral-akseneri-istifaya-davet-edenleri-tehdit_1501b239.jpg
Requested by: Host: www.ensonhaber.com
URL: https://www.ensonhaber.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:28c4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ff3b581f1f872ce0a692580e4e248ec0a54d9c8a4996592c4cc6fc59fd28a030

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.ensonhaber.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 07:44:32 GMT
x-msg-05: fetch: save cache with 30m
cf-cache-status: HIT
age: 2222
cf-polished: origSize=99694
esh: 788
x-vtex-cache-status-nginx-thumbor: MISS
content-length: 94535
x-msg-cdn: TT12
cf-bgj: imgq:100,h2pri
server: cloudflare
etag: "938b2d42c3af0c1d1d7a96acf71c5382c069c4e0"
vary: Accept-Encoding
content-type: image/jpeg
x-msg-esh: crop
cache-control: max-age=31536000
accept-ranges: bytes
cf-ray: 7da26319cf552c6d-FRA
expires: Wed, 19 Jun 2024 07:07:20 GMT

GET
H2 200 mhp-grup-toplantisi-devlet-bahceli-konusuyor_1578f497.jpg
icdn.ensonhaber.com/crop/382x450-85/resimler/diger/kok/2023/06/20/ 40 KB
40 KB 51ms
33ms Image
image/jpeg 2606:4700:10::ac43:28c4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://icdn.ensonhaber.com/crop/382x450-85/resimler/diger/kok/2023/06/20/mhp-grup-toplantisi-devlet-bahceli-konusuyor_1578f497.jpg
Requested by: Host: www.ensonhaber.com
URL: https://www.ensonhaber.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:28c4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e8011a60740920d99d6246ec51637f2680d262b8b541169d5e560da1011c48a8

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.ensonhaber.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 07:44:32 GMT
x-msg-05: fetch: save cache with 30m
cf-cache-status: HIT
age: 286
cf-polished: origSize=41885
x-vtex-cache-status-nginx-thumbor: MISS
content-length: 40962
x-msg-cdn: TT12
cf-bgj: imgq:100,h2pri
server: cloudflare
etag: "c0f60ffe649bf5176d8f3e142dc72f0ccb91db05"
vary: Accept-Encoding
content-type: image/jpeg
x-msg-esh: crop
cache-control: max-age=31536000
accept-ranges: bytes
cf-ray: 7da26319cf502c6d-FRA
esh2: 382
expires: Wed, 19 Jun 2024 07:39:11 GMT

GET
H2 200 ehliyet-sinavinda-duzenekli-kopya-29-ilde-operasyon_1502c340.jpg
icdn.ensonhaber.com/crop/233x260-85/resimler/diger/kok/2023/06/20/ 20 KB
20 KB 61ms
43ms Image
image/jpeg 2606:4700:10::ac43:28c4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://icdn.ensonhaber.com/crop/233x260-85/resimler/diger/kok/2023/06/20/ehliyet-sinavinda-duzenekli-kopya-29-ilde-operasyon_1502c340.jpg
Requested by: Host: www.ensonhaber.com
URL: https://www.ensonhaber.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:28c4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2b6a14e0382bfbf6e143f921700faff9ecf1386002ef8538f1f1bdc34182653f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.ensonhaber.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 07:44:32 GMT
x-msg-05: fetch: save cache with 30m
cf-cache-status: HIT
age: 2167
cf-polished: origSize=20611
esh: 233
x-vtex-cache-status-nginx-thumbor: MISS
content-length: 20126
x-msg-cdn: TT12
cf-bgj: imgq:100,h2pri
server: cloudflare
etag: "70110c54593fb2f4fffe5b978f2d3a5d042c85b5"
vary: Accept-Encoding
content-type: image/jpeg
x-msg-esh: crop
cache-control: max-age=31536000
accept-ranges: bytes
cf-ray: 7da26319cf512c6d-FRA
expires: Wed, 19 Jun 2024 07:07:32 GMT

GET
H2 200 kazakistanda-suriye-krizine-cozum-arayislari-20nci-toplanti-yapi_14f2e973.jpg
icdn.ensonhaber.com/crop/233x260-85/resimler/diger/kok/2023/06/20/ 22 KB
22 KB 61ms
43ms Image
image/jpeg 2606:4700:10::ac43:28c4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://icdn.ensonhaber.com/crop/233x260-85/resimler/diger/kok/2023/06/20/kazakistanda-suriye-krizine-cozum-arayislari-20nci-toplanti-yapi_14f2e973.jpg
Requested by: Host: www.ensonhaber.com
URL: https://www.ensonhaber.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:28c4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b67e76794cf558fc3c7c304a11e43ea5e36be7ef83265b05651ba4a40df4a84d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.ensonhaber.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 07:44:32 GMT
x-msg-05: fetch: save cache with 30m
cf-cache-status: HIT
age: 2428
cf-polished: origSize=23205
esh: 233
x-vtex-cache-status-nginx-thumbor: MISS
content-length: 22628
x-msg-cdn: TT12
cf-bgj: imgq:100,h2pri
server: cloudflare
etag: "28422f9c30be3fc5ff57c10256565581140c58cb"
vary: Accept-Encoding
content-type: image/jpeg
x-msg-esh: crop
cache-control: max-age=31536000
accept-ranges: bytes
cf-ray: 7da26319cf522c6d-FRA
expires: Wed, 19 Jun 2024 07:03:36 GMT

GET
H2 200 kurbanliklar-hakkinda-tum-bilgiler-bu-uygulamada-tarim-cebimde_14cd0907.jpg
icdn.ensonhaber.com/crop/233x260-85/resimler/diger/kok/2023/06/20/ 25 KB
25 KB 47ms
30ms Image
image/jpeg 2606:4700:10::ac43:28c4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://icdn.ensonhaber.com/crop/233x260-85/resimler/diger/kok/2023/06/20/kurbanliklar-hakkinda-tum-bilgiler-bu-uygulamada-tarim-cebimde_14cd0907.jpg
Requested by: Host: www.ensonhaber.com
URL: https://www.ensonhaber.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:28c4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f2a2164f872a1299e8b39c298049568748f02f6c5c47f97570e809f7d31c6fdc

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.ensonhaber.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 07:44:32 GMT
x-msg-05: fetch: save cache with 30m
cf-cache-status: HIT
age: 2970
cf-polished: origSize=26780
esh: 233
x-vtex-cache-status-nginx-thumbor: MISS
content-length: 25804
x-msg-cdn: TT12
cf-bgj: imgq:100,h2pri
server: cloudflare
etag: "ddd0b1c9e047f6a407e431e1fbf462271f6f41f6"
vary: Accept-Encoding
content-type: image/jpeg
x-msg-esh: crop
cache-control: max-age=31536000
accept-ranges: bytes
cf-ray: 7da26319cf542c6d-FRA
expires: Wed, 19 Jun 2024 06:53:56 GMT

GET
H2 200 ali-yerlikaya-acikladi-3-terorist-etkisiz-hale-getirildi_1473a704.jpg
icdn.ensonhaber.com/crop/233x260-85/resimler/diger/kok/2023/06/20/ 33 KB
34 KB 60ms
42ms Image
image/jpeg 2606:4700:10::ac43:28c4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://icdn.ensonhaber.com/crop/233x260-85/resimler/diger/kok/2023/06/20/ali-yerlikaya-acikladi-3-terorist-etkisiz-hale-getirildi_1473a704.jpg
Requested by: Host: www.ensonhaber.com
URL: https://www.ensonhaber.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:28c4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d082518b7012f97f7eb9ef94ca7d245fc1e9609e7eda9cba21f83940ab551e72

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.ensonhaber.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 07:44:32 GMT
x-msg-05: fetch: save cache with 30m
cf-cache-status: HIT
age: 4429
cf-polished: origSize=36426
x-vtex-cache-status-nginx-thumbor: MISS
content-length: 34300
x-msg-cdn: TT12
cf-bgj: imgq:100,h2pri
server: cloudflare
etag: "3ecf3c97c368e816e3fbbf52df008271a652fab1"
vary: Accept-Encoding
content-type: image/jpeg
x-msg-esh: crop
cache-control: max-age=31536000
accept-ranges: bytes
cf-ray: 7da26319cf532c6d-FRA
esh2: 233
expires: Wed, 19 Jun 2024 06:29:41 GMT

GET
H2 200 asgari-ucret-icin-3uncu-toplanti_14550858.jpg
icdn.ensonhaber.com/crop/233x260-85/resimler/diger/kok/2023/06/20/ 23 KB
23 KB 44ms
43ms Image
image/jpeg 2606:4700:10::ac43:28c4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://icdn.ensonhaber.com/crop/233x260-85/resimler/diger/kok/2023/06/20/asgari-ucret-icin-3uncu-toplanti_14550858.jpg
Requested by: Host: www.ensonhaber.com
URL: https://www.ensonhaber.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:28c4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ca9cb23edaff62826b01a5dcaff54d3e5dd9edf7cb1746521d225c532a0f7a8a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.ensonhaber.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 07:44:32 GMT
x-msg-05: fetch: save cache with 30m
cf-cache-status: HIT
age: 4956
cf-polished: origSize=23585
x-vtex-cache-status-nginx-thumbor: MISS
content-length: 23062
x-msg-cdn: TT12
cf-bgj: imgq:100,h2pri
server: cloudflare
etag: "977fd9b1d06283b2723b0ab126c8351add3a8777"
vary: Accept-Encoding
content-type: image/jpeg
x-msg-esh: crop
cache-control: max-age=31536000
accept-ranges: bytes
cf-ray: 7da26319df562c6d-FRA
esh2: 233
expires: Wed, 19 Jun 2024 06:21:14 GMT

GET
H2 200 yt-home.svg
s.ensonhaber.com/assets/img/ 31 KB
15 KB 35ms
33ms Image
image/svg+xml 2606:4700:10::ac43:28c4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s.ensonhaber.com/assets/img/yt-home.svg
Requested by: Host: www.ensonhaber.com
URL: https://www.ensonhaber.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:28c4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f97e249d0d02045935033d1bf463910f81ae1fe89a5ed9b61c1dd369f18f06ea

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.ensonhaber.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 07:44:32 GMT
content-encoding: gzip
x-msg-05: fetch: save cache with 1M
cf-cache-status: HIT
age: 4819733
content-length: 15522
x-vtex-cache-status-nginx-thumbor: MISS
last-modified: Thu, 12 Jan 2023 12:28:36 GMT
server: cloudflare
etag: "7b20-63bffcf4-248980f56cff858b;gz"
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
x-msg-esh: js gnc cdn
cache-control: max-age=31536000
accept-ranges: bytes
cf-ray: 7da26319bf2e2c6d-FRA
expires: Wed, 24 Apr 2024 12:55:39 GMT

GET
H2 200 wp-home.svg
s.ensonhaber.com/assets/img/ 41 KB
21 KB 32ms
30ms Image
image/svg+xml 2606:4700:10::ac43:28c4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s.ensonhaber.com/assets/img/wp-home.svg
Requested by: Host: www.ensonhaber.com
URL: https://www.ensonhaber.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:28c4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3d36e747eb562ccce4eb72ec40b80fe06798d30975f4951a04aef2c60def318b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.ensonhaber.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 07:44:32 GMT
content-encoding: gzip
x-msg-05: fetch: save cache with 1M
cf-cache-status: HIT
age: 4819733
content-length: 20870
x-vtex-cache-status-nginx-thumbor: MISS
last-modified: Fri, 20 Jan 2023 23:35:42 GMT
server: cloudflare
etag: "a586-63cb254e-3fab314fac59889a;gz"
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
x-msg-esh: js gnc cdn
cache-control: max-age=31536000
accept-ranges: bytes
cf-ray: 7da26319bf2f2c6d-FRA
expires: Wed, 24 Apr 2024 12:55:38 GMT

GET
H2 200 dogu-ve-bati-karadenizde-kuvvetli-yagis-beklentisi_1505d567.jpg
icdn.ensonhaber.com/crop/400x225-85/resimler/diger/kok/2023/06/20/ 46 KB
46 KB 30ms
29ms Image
image/jpeg 2606:4700:10::ac43:28c4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://icdn.ensonhaber.com/crop/400x225-85/resimler/diger/kok/2023/06/20/dogu-ve-bati-karadenizde-kuvvetli-yagis-beklentisi_1505d567.jpg
Requested by: Host: www.ensonhaber.com
URL: https://www.ensonhaber.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:28c4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: dc0dcd48ed7503593db755efcb59d0fd9fa0b5c072fd8cbe6b2100b7c18d4786

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.ensonhaber.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 07:44:32 GMT
x-msg-05: fetch: save cache with 30m
cf-cache-status: HIT
age: 1958
cf-polished: origSize=49523
x-vtex-cache-status-nginx-thumbor: MISS
content-length: 46602
x-msg-cdn: TT12
cf-bgj: imgq:100,h2pri
server: cloudflare
etag: "69d8d1b3c760dd3e375f1f91edb2f84b65740ed0"
vary: Accept-Encoding
content-type: image/jpeg
x-msg-esh: crop
cache-control: max-age=31536000
accept-ranges: bytes
cf-ray: 7da2631a1fb22c6d-FRA
esh2: 400
expires: Wed, 19 Jun 2024 07:11:48 GMT

GET
H2 200 sakaryada-zincirleme-kaza-ogretim-uyesi-oldu_14109155.jpg
icdn.ensonhaber.com/crop/400x225-85/resimler/diger/kok/2023/06/20/ 41 KB
41 KB 29ms
29ms Image
image/jpeg 2606:4700:10::ac43:28c4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://icdn.ensonhaber.com/crop/400x225-85/resimler/diger/kok/2023/06/20/sakaryada-zincirleme-kaza-ogretim-uyesi-oldu_14109155.jpg
Requested by: Host: www.ensonhaber.com
URL: https://www.ensonhaber.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:28c4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 1a363d3f6436afa0f132a197f5bfe4a6253776ab279e055f37e9d3ca86e2e280

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.ensonhaber.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 07:44:32 GMT
x-msg-05: fetch: save cache with 30m
cf-cache-status: HIT
age: 2154
cf-polished: origSize=43548
esh: 400
x-vtex-cache-status-nginx-thumbor: MISS
content-length: 41587
x-msg-cdn: TT12
cf-bgj: imgq:100,h2pri
server: cloudflare
etag: "9f21400126ae8fff93fe980ace224cdf0a1b9511"
vary: Accept-Encoding
content-type: image/jpeg
x-msg-esh: crop
cache-control: max-age=31536000
accept-ranges: bytes
cf-ray: 7da2631a3fda2c6d-FRA
expires: Wed, 19 Jun 2024 07:07:34 GMT

GET
H2 200 mehmet-buyukeksiden-kuntzun-gelecegine-dair-aciklama_0cb58620.jpg
icdn.ensonhaber.com/crop/400x225-85/resimler/diger/kok/2023/06/20/ 19 KB
19 KB 31ms
30ms Image
image/jpeg 2606:4700:10::ac43:28c4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://icdn.ensonhaber.com/crop/400x225-85/resimler/diger/kok/2023/06/20/mehmet-buyukeksiden-kuntzun-gelecegine-dair-aciklama_0cb58620.jpg
Requested by: Host: www.ensonhaber.com
URL: https://www.ensonhaber.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:28c4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: a253409a3be27289ff1616c702dc61fae88efb0ad15a20c66854c8d67879b060

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.ensonhaber.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 07:44:32 GMT
x-msg-05: fetch: save cache with 30m
cf-cache-status: HIT
age: 2428
cf-polished: origSize=19781
esh: 400
x-vtex-cache-status-nginx-thumbor: MISS
content-length: 19267
x-msg-cdn: TT12
cf-bgj: imgq:100,h2pri
server: cloudflare
etag: "a11242b6a89e380debdc0a6b287febdd053575fb"
vary: Accept-Encoding
content-type: image/jpeg
x-msg-esh: crop
cache-control: max-age=31536000
accept-ranges: bytes
cf-ray: 7da2631a3fdc2c6d-FRA
expires: Wed, 19 Jun 2024 07:03:36 GMT

GET
H2 200 hakan-calhanoglu-ilk-defa-penalti-kacirdim_0ceb2942.jpg
icdn.ensonhaber.com/crop/400x225-85/resimler/diger/kok/2023/06/20/ 44 KB
45 KB 32ms
31ms Image
image/jpeg 2606:4700:10::ac43:28c4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://icdn.ensonhaber.com/crop/400x225-85/resimler/diger/kok/2023/06/20/hakan-calhanoglu-ilk-defa-penalti-kacirdim_0ceb2942.jpg
Requested by: Host: www.ensonhaber.com
URL: https://www.ensonhaber.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:28c4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8906fab4adb60e9ceea7b5572449eadcc98fda7d0266cad601926a5e74bb3aca

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.ensonhaber.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 07:44:32 GMT
x-msg-05: fetch: save cache with 30m
cf-cache-status: HIT
age: 2923
cf-polished: origSize=47916
esh: 400
x-vtex-cache-status-nginx-thumbor: MISS
content-length: 45531
x-msg-cdn: TT12
cf-bgj: imgq:100,h2pri
server: cloudflare
etag: "1038944168525c20d8574a73a6e566110d2e4471"
vary: Accept-Encoding
content-type: image/jpeg
x-msg-esh: crop
cache-control: max-age=31536000
accept-ranges: bytes
cf-ray: 7da2631a3fdd2c6d-FRA
expires: Wed, 19 Jun 2024 06:53:56 GMT

GET
H2 200 yeni-haber-basligi_148c1137.jpg
icdn.ensonhaber.com/crop/400x225-85/resimler/diger/kok/2023/06/20/ 26 KB
26 KB 45ms
45ms Image
image/jpeg 2606:4700:10::ac43:28c4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://icdn.ensonhaber.com/crop/400x225-85/resimler/diger/kok/2023/06/20/yeni-haber-basligi_148c1137.jpg
Requested by: Host: www.ensonhaber.com
URL: https://www.ensonhaber.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:28c4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2c560606dec0761e3484ac631b53dce5a9b35e03a99bb50bf5ed5585897eaea8

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.ensonhaber.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 07:44:32 GMT
x-msg-05: fetch: save cache with 30m
cf-cache-status: HIT
age: 3244
cf-polished: origSize=27046
esh: 400
x-vtex-cache-status-nginx-thumbor: MISS
content-length: 26348
x-msg-cdn: TT12
cf-bgj: imgq:100,h2pri
server: cloudflare
etag: "4694ef5b0067baa8fca7e69276e85c5af52426dc"
vary: Accept-Encoding
content-type: image/jpeg
x-msg-esh: crop
cache-control: max-age=31536000
accept-ranges: bytes
cf-ray: 7da2631a3fde2c6d-FRA
expires: Wed, 19 Jun 2024 06:49:38 GMT

GET
H2 200 avrupa-sampiyonasi-elemelerinde-gunun-sonuclari_0cca9732.jpg
icdn.ensonhaber.com/crop/400x225-85/resimler/diger/kok/2023/06/20/ 36 KB
36 KB 46ms
46ms Image
image/jpeg 2606:4700:10::ac43:28c4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://icdn.ensonhaber.com/crop/400x225-85/resimler/diger/kok/2023/06/20/avrupa-sampiyonasi-elemelerinde-gunun-sonuclari_0cca9732.jpg
Requested by: Host: www.ensonhaber.com
URL: https://www.ensonhaber.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:28c4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8342e588798c536559f098afd052814d3add77e558bde160e67faafda5c3a617

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.ensonhaber.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 07:44:32 GMT
x-msg-05: fetch: save cache with 30m
cf-cache-status: HIT
age: 19880
cf-polished: origSize=37640
x-vtex-cache-status-nginx-thumbor: MISS
content-length: 36546
x-msg-cdn: TT12
cf-bgj: imgq:100,h2pri
server: cloudflare
etag: "4d15cc1fd3f4bb1bd21c439f3ce6759556e72834"
vary: Accept-Encoding
content-type: image/jpeg
x-msg-esh: crop
cache-control: max-age=31536000
accept-ranges: bytes
cf-ray: 7da2631a3fdf2c6d-FRA
esh2: 400
expires: Wed, 19 Jun 2024 02:11:35 GMT

GET
H2 200 mert-gunok_0ca10772.jpg
icdn.ensonhaber.com/crop/400x225-85/resimler/diger/kok/2023/06/20/ 20 KB
20 KB 35ms
35ms Image
image/jpeg 2606:4700:10::ac43:28c4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://icdn.ensonhaber.com/crop/400x225-85/resimler/diger/kok/2023/06/20/mert-gunok_0ca10772.jpg
Requested by: Host: www.ensonhaber.com
URL: https://www.ensonhaber.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:28c4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5059ed10dcf0d23cb78f6e03f597d13e87bf516db4e5c6c95e29dd03f921929a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.ensonhaber.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 07:44:32 GMT
x-msg-05: fetch: save cache with 30m
cf-cache-status: HIT
age: 21585
cf-polished: origSize=20588
esh: 400
x-vtex-cache-status-nginx-thumbor: MISS
content-length: 20240
x-msg-cdn: TT12
cf-bgj: imgq:100,h2pri
server: cloudflare
etag: "c4cf34cb2a36c0e40f81b6c191cb387b2304115a"
vary: Accept-Encoding
content-type: image/jpeg
x-msg-esh: crop
cache-control: max-age=31536000
accept-ranges: bytes
cf-ray: 7da2631a4ff62c6d-FRA
expires: Wed, 19 Jun 2024 01:43:45 GMT

GET
H2 200 umut-nayir-gorevimizi-yapabilmenin-gururunu-yasiyoruz_0c83e505.jpg
icdn.ensonhaber.com/crop/400x225-85/resimler/diger/kok/2023/06/20/ 26 KB
26 KB 68ms
67ms Image
image/jpeg 2606:4700:10::ac43:28c4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://icdn.ensonhaber.com/crop/400x225-85/resimler/diger/kok/2023/06/20/umut-nayir-gorevimizi-yapabilmenin-gururunu-yasiyoruz_0c83e505.jpg
Requested by: Host: www.ensonhaber.com
URL: https://www.ensonhaber.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:28c4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7741aa08eb3d6aff19ff31a668ba1777bc52e25ca5e63b669446a49902135851

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.ensonhaber.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 07:44:32 GMT
x-msg-05: fetch: save cache with 30m
cf-cache-status: HIT
age: 30724
cf-polished: origSize=27125
x-vtex-cache-status-nginx-thumbor: MISS
content-length: 26333
x-msg-cdn: TT12
cf-bgj: imgq:100,h2pri
server: cloudflare
etag: "6e1d09a8b24c7b12ce0520618d181a6254f24363"
vary: Accept-Encoding
content-type: image/jpeg
x-msg-esh: crop
cache-control: max-age=31536000
accept-ranges: bytes
cf-ray: 7da2631a88392c6d-FRA
esh2: 400
expires: Tue, 18 Jun 2024 23:11:47 GMT

GET
H2 200 hazal-filiz-kucukkose-comeldi-takipcileri-yukseldi-vaziyet-aldi_068aa785.jpg
icdn.ensonhaber.com/crop/400x225-85/resimler/diger/kok/2023/06/19/ 23 KB
23 KB 69ms
69ms Image
image/jpeg 2606:4700:10::ac43:28c4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://icdn.ensonhaber.com/crop/400x225-85/resimler/diger/kok/2023/06/19/hazal-filiz-kucukkose-comeldi-takipcileri-yukseldi-vaziyet-aldi_068aa785.jpg
Requested by: Host: www.ensonhaber.com
URL: https://www.ensonhaber.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:28c4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c8d9df6b4c51a890439fb7e8f7b9d9db924b4a51ed323166b62d604fd57330f8

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.ensonhaber.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 07:44:32 GMT
x-msg-05: fetch: save cache with 30m
cf-cache-status: HIT
age: 42194
cf-polished: origSize=24250
esh: 400
x-vtex-cache-status-nginx-thumbor: MISS
content-length: 23535
x-msg-cdn: TT12
cf-bgj: imgq:100,h2pri
server: cloudflare
etag: "19d6146c140a932c345e903aa543b5d0a17535b2"
vary: Accept-Encoding
content-type: image/jpeg
x-msg-esh: crop
cache-control: max-age=31536000
accept-ranges: bytes
cf-ray: 7da2631a883c2c6d-FRA
expires: Tue, 18 Jun 2024 20:00:29 GMT

GET
H2 200 aybuke-pusatin-iddiali-pozlari-sosyal-medyayi-yakti-gecti-bu-guz_ffaa7425.jpg
icdn.ensonhaber.com/crop/400x225-85/resimler/diger/kok/2023/06/19/ 21 KB
21 KB 55ms
52ms Image
image/jpeg 2606:4700:10::ac43:28c4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://icdn.ensonhaber.com/crop/400x225-85/resimler/diger/kok/2023/06/19/aybuke-pusatin-iddiali-pozlari-sosyal-medyayi-yakti-gecti-bu-guz_ffaa7425.jpg
Requested by: Host: www.ensonhaber.com
URL: https://www.ensonhaber.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:28c4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 1c088bc8268cc6d991223dfe57f88bac2c124df391fd2f78034e291a05d1cd00

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.ensonhaber.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 07:44:32 GMT
x-msg-05: fetch: save cache with 30m
cf-cache-status: HIT
age: 84797
cf-polished: origSize=21736
esh: 400
x-vtex-cache-status-nginx-thumbor: MISS
content-length: 21374
x-msg-cdn: TT12
cf-bgj: imgq:100,h2pri
server: cloudflare
etag: "8f7d310e5606c32e0a67c1a666d63b0805a1ecf0"
vary: Accept-Encoding
content-type: image/jpeg
x-msg-esh: crop
cache-control: max-age=31536000
accept-ranges: bytes
cf-ray: 7da2631a883e2c6d-FRA
expires: Tue, 18 Jun 2024 08:10:15 GMT

GET
H2 200 sanliurfada-yolu-trafige-kapatan-sahsi-linc-edilmekten-jandarma-k_05ae1785.jpg
icdn.ensonhaber.com/crop/186x218-85/resimler/diger/kok/2023/06/19/ 21 KB
22 KB 55ms
54ms Image
image/jpeg 2606:4700:10::ac43:28c4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://icdn.ensonhaber.com/crop/186x218-85/resimler/diger/kok/2023/06/19/sanliurfada-yolu-trafige-kapatan-sahsi-linc-edilmekten-jandarma-k_05ae1785.jpg
Requested by: Host: www.ensonhaber.com
URL: https://www.ensonhaber.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:28c4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2812ede08e53428d5883503edbe67fbd57ff5e3a4c6fc0a0d9341bf0f6f62168

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.ensonhaber.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 07:44:32 GMT
x-msg-05: fetch: save cache with 30m
cf-cache-status: HIT
age: 286
cf-polished: origSize=22875
x-vtex-cache-status-nginx-thumbor: MISS
content-length: 21974
x-msg-cdn: TT12
cf-bgj: imgq:100,h2pri
server: cloudflare
etag: "1b2c7dfc28ab7dda9ab4acf4cc44104a265a0437"
vary: Accept-Encoding
content-type: image/jpeg
x-msg-esh: crop
cache-control: max-age=31536000
accept-ranges: bytes
cf-ray: 7da2631a883f2c6d-FRA
esh2: 186
expires: Wed, 19 Jun 2024 07:39:11 GMT

GET
H2 200 antalyada-gozaltina-alinmamak-icin-uzun-sure-namaz-kildi_0561b157.jpg
icdn.ensonhaber.com/crop/186x218-85/resimler/diger/kok/2023/06/19/ 23 KB
24 KB 55ms
54ms Image
image/jpeg 2606:4700:10::ac43:28c4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://icdn.ensonhaber.com/crop/186x218-85/resimler/diger/kok/2023/06/19/antalyada-gozaltina-alinmamak-icin-uzun-sure-namaz-kildi_0561b157.jpg
Requested by: Host: www.ensonhaber.com
URL: https://www.ensonhaber.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:28c4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 272b89ad2f889117280c97b37be93000b93126c48ddfb1c3d65890777091ec62

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.ensonhaber.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 07:44:32 GMT
x-msg-05: fetch: save cache with 30m
cf-cache-status: HIT
age: 668
cf-polished: origSize=25049
x-vtex-cache-status-nginx-thumbor: MISS
content-length: 23999
x-msg-cdn: TT12
cf-bgj: imgq:100,h2pri
server: cloudflare
etag: "62ed8e71d35b7f3335b3a73cbee8e8685797c1c7"
vary: Accept-Encoding
content-type: image/jpeg
x-msg-esh: crop
cache-control: max-age=31536000
accept-ranges: bytes
cf-ray: 7da2631a88412c6d-FRA
esh2: 186
expires: Wed, 19 Jun 2024 07:32:31 GMT

GET
H2 200 abdullatif-sener-soylem-degistirdi-kafa-bulmak-icin-soyledim_0dadd849.jpg
icdn.ensonhaber.com/crop/160x90-85/resimler/diger/kok/2023/06/20/ 6 KB
7 KB 38ms
32ms Image
image/jpeg 2606:4700:10::ac43:28c4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://icdn.ensonhaber.com/crop/160x90-85/resimler/diger/kok/2023/06/20/abdullatif-sener-soylem-degistirdi-kafa-bulmak-icin-soyledim_0dadd849.jpg
Requested by: Host: www.ensonhaber.com
URL: https://www.ensonhaber.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:28c4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e85df186ebe693541f537944677995526bfc9659d561f6abba91837bdc755aa8

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.ensonhaber.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 07:44:32 GMT
x-msg-05: fetch: save cache with 30m
cf-cache-status: HIT
age: 6280
cf-polished: origSize=6547
esh: 160
x-vtex-cache-status-nginx-thumbor: MISS
content-length: 6511
x-msg-cdn: TT12
cf-bgj: imgq:100,h2pri
server: cloudflare
etag: "3b0de4656a1f02525bf94570bf791174d7d293d6"
vary: Accept-Encoding
content-type: image/jpeg
x-msg-esh: crop
cache-control: max-age=31536000
accept-ranges: bytes
cf-ray: 7da2631ae8a82c6d-FRA
expires: Wed, 19 Jun 2024 05:57:30 GMT

GET
H2 200 koronavirus-asisi-olanlar-dikkat-canan-karatay-tek-caremiz-var-diye_0607b161.jpg
icdn.ensonhaber.com/crop/160x90-85/resimler/diger/kok/2023/06/19/ 9 KB
9 KB 41ms
35ms Image
image/jpeg 2606:4700:10::ac43:28c4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://icdn.ensonhaber.com/crop/160x90-85/resimler/diger/kok/2023/06/19/koronavirus-asisi-olanlar-dikkat-canan-karatay-tek-caremiz-var-diye_0607b161.jpg
Requested by: Host: www.ensonhaber.com
URL: https://www.ensonhaber.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:28c4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 23777685c61c2d71eb367a405989ca3c18d81d1149f100c82ce1939701f7c983

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.ensonhaber.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 07:44:32 GMT
x-msg-05: fetch: save cache with 30m
cf-cache-status: HIT
age: 60810
cf-polished: origSize=9199
x-vtex-cache-status-nginx-thumbor: MISS
content-length: 9046
x-msg-cdn: TT12
cf-bgj: imgq:100,h2pri
server: cloudflare
etag: "95593e0714ab880cfcb587924ce26937506be70e"
vary: Accept-Encoding
content-type: image/jpeg
x-msg-esh: crop
cache-control: max-age=31536000
accept-ranges: bytes
cf-ray: 7da2631ae8aa2c6d-FRA
esh2: 160
expires: Tue, 18 Jun 2024 14:50:27 GMT

GET
H2 200 yeni-haber-basligi_0fcf9274.jpg
icdn.ensonhaber.com/crop/160x90-85/resimler/diger/kok/2023/06/20/ 6 KB
6 KB 36ms
32ms Image
image/jpeg 2606:4700:10::ac43:28c4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://icdn.ensonhaber.com/crop/160x90-85/resimler/diger/kok/2023/06/20/yeni-haber-basligi_0fcf9274.jpg
Requested by: Host: www.ensonhaber.com
URL: https://www.ensonhaber.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:28c4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 866bdbf7f2c3bc41356904492de688385067f67544b03d13a8f3ff57f8d6b088

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.ensonhaber.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 07:44:32 GMT
x-msg-05: fetch: save cache with 30m
cf-cache-status: HIT
age: 20585
cf-polished: origSize=6021
x-vtex-cache-status-nginx-thumbor: MISS
content-length: 5965
x-msg-cdn: TT12
cf-bgj: imgq:100,h2pri
server: cloudflare
etag: "259d1b8e28e7e1f92fea14b1529c5161b4dfa3af"
vary: Accept-Encoding
content-type: image/jpeg
x-msg-esh: crop
cache-control: max-age=31536000
accept-ranges: bytes
cf-ray: 7da2631ae8ac2c6d-FRA
esh2: 160
expires: Wed, 19 Jun 2024 02:00:42 GMT

GET
H2 200 nebahat-cehre-kurallari_04a21788.jpg
icdn.ensonhaber.com/crop/186x218-85/resimler/diger/kok/2023/06/19/ 21 KB
21 KB 35ms
32ms Image
image/jpeg 2606:4700:10::ac43:28c4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://icdn.ensonhaber.com/crop/186x218-85/resimler/diger/kok/2023/06/19/nebahat-cehre-kurallari_04a21788.jpg
Requested by: Host: www.ensonhaber.com
URL: https://www.ensonhaber.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:28c4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f28e9d8206484bc0ca0a5bbf2174c6e0082099163f649ad53c1acd95a9220fec

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.ensonhaber.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 07:44:32 GMT
x-msg-05: fetch: save cache with 30m
cf-cache-status: HIT
age: 949
cf-polished: origSize=22338
x-vtex-cache-status-nginx-thumbor: MISS
content-length: 21640
x-msg-cdn: TT12
cf-bgj: imgq:100,h2pri
server: cloudflare
etag: "f5d5f301295a2d70bda35713c6d5f7f5f85c3830"
vary: Accept-Encoding
content-type: image/jpeg
x-msg-esh: crop
cache-control: max-age=31536000
accept-ranges: bytes
cf-ray: 7da2631ae8ad2c6d-FRA
esh2: 186
expires: Wed, 19 Jun 2024 07:27:56 GMT

GET
H2 200 kayseride-kurban-pazarliklari-basladi_05514796.jpg
icdn.ensonhaber.com/crop/186x218-85/resimler/diger/kok/2023/06/19/ 25 KB
25 KB 33ms
30ms Image
image/jpeg 2606:4700:10::ac43:28c4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://icdn.ensonhaber.com/crop/186x218-85/resimler/diger/kok/2023/06/19/kayseride-kurban-pazarliklari-basladi_05514796.jpg
Requested by: Host: www.ensonhaber.com
URL: https://www.ensonhaber.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:28c4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 725c9e6b9420b09e77908394870c2c082103408c50c1bd0938d6f52130d0a404

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.ensonhaber.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 07:44:32 GMT
x-msg-05: fetch: save cache with 30m
cf-cache-status: HIT
age: 1636
cf-polished: origSize=26352
esh: 186
x-vtex-cache-status-nginx-thumbor: MISS
content-length: 25315
x-msg-cdn: TT12
cf-bgj: imgq:100,h2pri
server: cloudflare
etag: "c4c778f14ca729853ff235c20cf4201ca1ee2ba5"
vary: Accept-Encoding
content-type: image/jpeg
x-msg-esh: crop
cache-control: max-age=31536000
accept-ranges: bytes
cf-ray: 7da2631ae8ae2c6d-FRA
expires: Wed, 19 Jun 2024 07:16:37 GMT

GET
H2 200 cinli-skywell-turkiyede-otomobil-uretecek_13a45269.jpg
icdn.ensonhaber.com/crop/160x90-85/resimler/diger/kok/2023/06/20/ 8 KB
8 KB 33ms
31ms Image
image/jpeg 2606:4700:10::ac43:28c4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://icdn.ensonhaber.com/crop/160x90-85/resimler/diger/kok/2023/06/20/cinli-skywell-turkiyede-otomobil-uretecek_13a45269.jpg
Requested by: Host: www.ensonhaber.com
URL: https://www.ensonhaber.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:28c4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3837a10e0be2b02960fd5721c9dff19c859bc90fb255c6aa665eccae9b4fe29a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.ensonhaber.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 07:44:32 GMT
x-msg-05: fetch: save cache with 30m
cf-cache-status: HIT
age: 334
cf-polished: origSize=7830
x-vtex-cache-status-nginx-thumbor: MISS
content-length: 7764
x-msg-cdn: TT12
cf-bgj: imgq:100,h2pri
server: cloudflare
etag: "0a734754f418f2427417d5e74ea8f995ef895a4b"
vary: Accept-Encoding
content-type: image/jpeg
x-msg-esh: crop
cache-control: max-age=31536000
accept-ranges: bytes
cf-ray: 7da2631ae8af2c6d-FRA
esh2: 160
expires: Wed, 19 Jun 2024 07:11:34 GMT

GET
H2 200 mersinde-yolcu-otobusu-kaza-yapti-1-olu-28-yarali_130df456.jpg
icdn.ensonhaber.com/crop/160x90-85/resimler/diger/kok/2023/06/20/ 8 KB
8 KB 34ms
33ms Image
image/jpeg 2606:4700:10::ac43:28c4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://icdn.ensonhaber.com/crop/160x90-85/resimler/diger/kok/2023/06/20/mersinde-yolcu-otobusu-kaza-yapti-1-olu-28-yarali_130df456.jpg
Requested by: Host: www.ensonhaber.com
URL: https://www.ensonhaber.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:28c4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 62ec48672c548149a0df1c6c0ef6a4e976af7c7e43da613ba6d7c648fdd05970

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.ensonhaber.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 07:44:32 GMT
x-msg-05: fetch: save cache with 30m
cf-cache-status: HIT
age: 2441
cf-polished: origSize=8659
x-vtex-cache-status-nginx-thumbor: MISS
content-length: 8406
x-msg-cdn: TT12
cf-bgj: imgq:100,h2pri
server: cloudflare
etag: "bfa2231b2406c6934d8e82a831734f211de9777d"
vary: Accept-Encoding
content-type: image/jpeg
x-msg-esh: crop
cache-control: max-age=31536000
accept-ranges: bytes
cf-ray: 7da2631b18e92c6d-FRA
esh2: 160
expires: Wed, 19 Jun 2024 07:02:45 GMT

GET
H2 200 mersin-merkezli-5-ilde-organize-suc-orgutune-operasyon-36-gozalti-ka_1241d103.jpg
icdn.ensonhaber.com/crop/160x90-85/resimler/diger/kok/2023/06/20/ 10 KB
10 KB 31ms
30ms Image
image/jpeg 2606:4700:10::ac43:28c4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://icdn.ensonhaber.com/crop/160x90-85/resimler/diger/kok/2023/06/20/mersin-merkezli-5-ilde-organize-suc-orgutune-operasyon-36-gozalti-ka_1241d103.jpg
Requested by: Host: www.ensonhaber.com
URL: https://www.ensonhaber.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:28c4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8e2d2eba4f883780b56ced0d1b4a0dc6025abfec51ca99d89b1f49e0d50b51ce

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.ensonhaber.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 07:44:32 GMT
x-msg-05: fetch: save cache with 30m
cf-cache-status: HIT
age: 2572
cf-polished: origSize=10493
esh: 160
x-vtex-cache-status-nginx-thumbor: MISS
content-length: 10149
x-msg-cdn: TT12
cf-bgj: imgq:100,h2pri
server: cloudflare
etag: "67179a8d54db04779d2b55b83fe687ba49598482"
vary: Accept-Encoding
content-type: image/jpeg
x-msg-esh: crop
cache-control: max-age=31536000
accept-ranges: bytes
cf-ray: 7da2631b18ec2c6d-FRA
expires: Wed, 19 Jun 2024 07:01:21 GMT

GET
H2 200 istanbul-bagcilarda-iki-kamyonet-carpisti-3-yarali_11cec546.jpg
icdn.ensonhaber.com/crop/160x90-85/resimler/diger/kok/2023/06/20/ 9 KB
9 KB 32ms
32ms Image
image/jpeg 2606:4700:10::ac43:28c4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://icdn.ensonhaber.com/crop/160x90-85/resimler/diger/kok/2023/06/20/istanbul-bagcilarda-iki-kamyonet-carpisti-3-yarali_11cec546.jpg
Requested by: Host: www.ensonhaber.com
URL: https://www.ensonhaber.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:28c4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5c23ee2304e7add97588589ee28491a8642c51880bb6c17c7da0d69c16f69d25

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.ensonhaber.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 07:44:32 GMT
x-msg-05: fetch: save cache with 30m
cf-cache-status: HIT
age: 2572
cf-polished: origSize=9291
esh: 160
x-vtex-cache-status-nginx-thumbor: MISS
content-length: 9116
x-msg-cdn: TT12
cf-bgj: imgq:100,h2pri
server: cloudflare
etag: "9295629e10c6c9fc79b84e6a1c161287047645d4"
vary: Accept-Encoding
content-type: image/jpeg
x-msg-esh: crop
cache-control: max-age=31536000
accept-ranges: bytes
cf-ray: 7da2631b18ed2c6d-FRA
expires: Wed, 19 Jun 2024 07:01:21 GMT

GET
H2 200 istanbul-kadikoyde-otomobil-bariyerlere-carpti-1-yarali_116e7721.jpg
icdn.ensonhaber.com/crop/160x90-85/resimler/diger/kok/2023/06/20/ 8 KB
8 KB 33ms
32ms Image
image/jpeg 2606:4700:10::ac43:28c4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://icdn.ensonhaber.com/crop/160x90-85/resimler/diger/kok/2023/06/20/istanbul-kadikoyde-otomobil-bariyerlere-carpti-1-yarali_116e7721.jpg
Requested by: Host: www.ensonhaber.com
URL: https://www.ensonhaber.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:28c4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 84a1b2ad1ce4be8415d3842e5dfa62317ea2afb6e013ef5c0f4e684f43391352

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.ensonhaber.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 07:44:32 GMT
x-msg-05: fetch: save cache with 30m
cf-cache-status: HIT
age: 3036
cf-polished: origSize=8244
esh: 160
x-vtex-cache-status-nginx-thumbor: MISS
content-length: 8122
x-msg-cdn: TT12
cf-bgj: imgq:100,h2pri
server: cloudflare
etag: "540d9a7b063a9152c8ed84f081e405bc78caf51d"
vary: Accept-Encoding
content-type: image/jpeg
x-msg-esh: crop
cache-control: max-age=31536000
accept-ranges: bytes
cf-ray: 7da2631b18ee2c6d-FRA
expires: Wed, 19 Jun 2024 06:53:40 GMT

GET
H2 200 bayrampasada-servis-araci-duvara-carpti-1-yarali_11347230.jpg
icdn.ensonhaber.com/crop/160x90-85/resimler/diger/kok/2023/06/20/ 9 KB
10 KB 35ms
34ms Image
image/jpeg 2606:4700:10::ac43:28c4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://icdn.ensonhaber.com/crop/160x90-85/resimler/diger/kok/2023/06/20/bayrampasada-servis-araci-duvara-carpti-1-yarali_11347230.jpg
Requested by: Host: www.ensonhaber.com
URL: https://www.ensonhaber.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:28c4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: fbd43ac68f347e64c5a2e72a2dae2d150c83ad41017b20ec8f82999a7d77ed58

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.ensonhaber.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 07:44:32 GMT
x-msg-05: fetch: save cache with 30m
cf-cache-status: HIT
age: 3538
cf-polished: origSize=9925
x-vtex-cache-status-nginx-thumbor: MISS
content-length: 9598
x-msg-cdn: TT12
cf-bgj: imgq:100,h2pri
server: cloudflare
etag: "795f82d561a9f496bfdfe07ca6fe0bf76f007de1"
vary: Accept-Encoding
content-type: image/jpeg
x-msg-esh: crop
cache-control: max-age=31536000
accept-ranges: bytes
cf-ray: 7da2631b18f02c6d-FRA
esh2: 160
expires: Wed, 19 Jun 2024 06:45:06 GMT

GET
H2 200 duzcede-dere-yataklarina-yakin-evler-tedbiren-tahliye-edilecek_0b0c2957.jpg
icdn.ensonhaber.com/crop/400x225-85/resimler/diger/kok/2023/06/19/ 44 KB
44 KB 35ms
35ms Image
image/jpeg 2606:4700:10::ac43:28c4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://icdn.ensonhaber.com/crop/400x225-85/resimler/diger/kok/2023/06/19/duzcede-dere-yataklarina-yakin-evler-tedbiren-tahliye-edilecek_0b0c2957.jpg
Requested by: Host: www.ensonhaber.com
URL: https://www.ensonhaber.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:28c4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 733e51462a8c5ce0c554ba2fab824a47d16bb06e39cfeb3b42c3154deac50ad9

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.ensonhaber.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 07:44:32 GMT
x-msg-05: fetch: save cache with 30m
cf-cache-status: HIT
age: 35439
cf-polished: origSize=47684
esh: 400
x-vtex-cache-status-nginx-thumbor: MISS
content-length: 44826
x-msg-cdn: TT12
cf-bgj: imgq:100,h2pri
server: cloudflare
etag: "65475cddb024a10668035e0ab9d21dec5690247a"
vary: Accept-Encoding
content-type: image/jpeg
x-msg-esh: crop
cache-control: max-age=31536000
accept-ranges: bytes
cf-ray: 7da2631b18f32c6d-FRA
expires: Tue, 18 Jun 2024 21:52:21 GMT

GET
H2 200 trabzon-gumushane-karayolunda-heyelan_0a5e4791.jpg
icdn.ensonhaber.com/crop/400x225-85/resimler/diger/kok/2023/06/19/ 17 KB
18 KB 30ms
30ms Image
image/jpeg 2606:4700:10::ac43:28c4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://icdn.ensonhaber.com/crop/400x225-85/resimler/diger/kok/2023/06/19/trabzon-gumushane-karayolunda-heyelan_0a5e4791.jpg
Requested by: Host: www.ensonhaber.com
URL: https://www.ensonhaber.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:28c4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 17ddc038dc2e7ad2823f54bd748d485b596dcbde014adffb110e687e35b024e8

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.ensonhaber.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 07:44:32 GMT
x-msg-05: fetch: save cache with 30m
cf-cache-status: HIT
age: 38483
cf-polished: origSize=18010
x-vtex-cache-status-nginx-thumbor: MISS
content-length: 17668
x-msg-cdn: TT12
cf-bgj: imgq:100,h2pri
server: cloudflare
etag: "5044d012beb915e0c3c0841284540787a4d50a93"
vary: Accept-Encoding
content-type: image/jpeg
x-msg-esh: crop
cache-control: max-age=31536000
accept-ranges: bytes
cf-ray: 7da2631b49242c6d-FRA
esh2: 400
expires: Tue, 18 Jun 2024 21:02:58 GMT

GET
H2 200 kurtlar-vadisi-muzigiyle-dugune-geldi-o-davetliyi-goren-soka-gird_04c0d710.jpg
icdn.ensonhaber.com/crop/186x218-85/resimler/diger/kok/2023/06/19/ 18 KB
18 KB 29ms
29ms Image
image/jpeg 2606:4700:10::ac43:28c4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://icdn.ensonhaber.com/crop/186x218-85/resimler/diger/kok/2023/06/19/kurtlar-vadisi-muzigiyle-dugune-geldi-o-davetliyi-goren-soka-gird_04c0d710.jpg
Requested by: Host: www.ensonhaber.com
URL: https://www.ensonhaber.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:28c4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d68a08111319d82acd771c4c0739ecc33f71016736eb560ed6df8b96a76eaf36

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.ensonhaber.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 07:44:32 GMT
x-msg-05: fetch: save cache with 30m
cf-cache-status: HIT
age: 1797
cf-polished: origSize=18600
x-vtex-cache-status-nginx-thumbor: MISS
content-length: 18190
x-msg-cdn: TT12
cf-bgj: imgq:100,h2pri
server: cloudflare
etag: "f3714538515864dceaa3ef713e625b0147aff25e"
vary: Accept-Encoding
content-type: image/jpeg
x-msg-esh: crop
cache-control: max-age=31536000
accept-ranges: bytes
cf-ray: 7da2631b492c2c6d-FRA
esh2: 186
expires: Wed, 19 Jun 2024 07:13:49 GMT

GET
H2 200 ankarada-saganak-yagis-su-baskinlarina-sebep-oldu_041ae662.jpg
icdn.ensonhaber.com/crop/186x218-85/resimler/diger/kok/2023/06/19/ 22 KB
22 KB 30ms
30ms Image
image/jpeg 2606:4700:10::ac43:28c4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://icdn.ensonhaber.com/crop/186x218-85/resimler/diger/kok/2023/06/19/ankarada-saganak-yagis-su-baskinlarina-sebep-oldu_041ae662.jpg
Requested by: Host: www.ensonhaber.com
URL: https://www.ensonhaber.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:28c4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6ee089908f9f2f7b82923f66ab22d2431eaa199aaf384da16f31f6b0b320a49b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.ensonhaber.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 07:44:32 GMT
x-msg-05: fetch: save cache with 30m
cf-cache-status: HIT
age: 1803
cf-polished: origSize=23584
x-vtex-cache-status-nginx-thumbor: MISS
content-length: 22508
x-msg-cdn: TT12
cf-bgj: imgq:100,h2pri
server: cloudflare
etag: "ce896b962a6c3dbcf67ff0a07397701b14395ccc"
vary: Accept-Encoding
content-type: image/jpeg
x-msg-esh: crop
cache-control: max-age=31536000
accept-ranges: bytes
cf-ray: 7da2631b492e2c6d-FRA
esh2: 186
expires: Wed, 19 Jun 2024 07:13:12 GMT

GET
H2 200 tuncelinin-kelebekleri_4357.jpg
icdn.ensonhaber.com/crop/340x191-85/resimler/galeri/kok/2023/06/19/ 12 KB
13 KB 31ms
31ms Image
image/jpeg 2606:4700:10::ac43:28c4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://icdn.ensonhaber.com/crop/340x191-85/resimler/galeri/kok/2023/06/19/tuncelinin-kelebekleri_4357.jpg
Requested by: Host: www.ensonhaber.com
URL: https://www.ensonhaber.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:28c4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 13cab061ea47f0fe6c3fd6b37e6728beb40dc447c3086aef9ba1132eb0df6490

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.ensonhaber.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 07:44:32 GMT
x-msg-05: fetch: save cache with 30m
cf-cache-status: HIT
age: 72932
cf-polished: origSize=12827
esh: 340
x-vtex-cache-status-nginx-thumbor: MISS
content-length: 12671
x-msg-cdn: TT12
cf-bgj: imgq:100,h2pri
server: cloudflare
etag: "bcf11022c4e4e21f93a1bcc6bfc0d174a64d98bb"
vary: Accept-Encoding
content-type: image/jpeg
x-msg-esh: crop
cache-control: max-age=31536000
accept-ranges: bytes
cf-ray: 7da2631b49302c6d-FRA
expires: Tue, 18 Jun 2024 11:28:39 GMT

GET
H2 200 diyarbakirda-depremde-hasar-goren-binanin-pencere-ve-korkuluklari-cal_03ba7199.jpg
icdn.ensonhaber.com/crop/186x218-85/resimler/diger/kok/2023/06/19/ 21 KB
21 KB 32ms
31ms Image
image/jpeg 2606:4700:10::ac43:28c4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://icdn.ensonhaber.com/crop/186x218-85/resimler/diger/kok/2023/06/19/diyarbakirda-depremde-hasar-goren-binanin-pencere-ve-korkuluklari-cal_03ba7199.jpg
Requested by: Host: www.ensonhaber.com
URL: https://www.ensonhaber.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:28c4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: cfc44abaa7fdc736db9137d081a687696274eb06d97d3fe232ec961107c85fe3

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.ensonhaber.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 07:44:32 GMT
x-msg-05: fetch: save cache with 30m
cf-cache-status: HIT
age: 4665
cf-polished: origSize=21926
x-vtex-cache-status-nginx-thumbor: MISS
content-length: 21305
x-msg-cdn: TT12
cf-bgj: imgq:100,h2pri
server: cloudflare
etag: "c55a3367da37c09a5d5b7ff6b0f74a273b683a05"
vary: Accept-Encoding
content-type: image/jpeg
x-msg-esh: crop
cache-control: max-age=31536000
accept-ranges: bytes
cf-ray: 7da2631b59342c6d-FRA
esh2: 186
expires: Wed, 19 Jun 2024 06:25:58 GMT

GET
H2 200 ilker-aksum-evlendi_03936143.jpg
icdn.ensonhaber.com/crop/186x218-85/resimler/diger/kok/2023/06/19/ 18 KB
18 KB 36ms
34ms Image
image/jpeg 2606:4700:10::ac43:28c4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://icdn.ensonhaber.com/crop/186x218-85/resimler/diger/kok/2023/06/19/ilker-aksum-evlendi_03936143.jpg
Requested by: Host: www.ensonhaber.com
URL: https://www.ensonhaber.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:28c4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7d8f4848d35f3083a137438a175161dd47f0e4af4a6777804549b338d809e79a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.ensonhaber.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 07:44:32 GMT
x-msg-05: fetch: save cache with 30m
cf-cache-status: HIT
age: 5792
cf-polished: origSize=18597
x-vtex-cache-status-nginx-thumbor: MISS
content-length: 18198
x-msg-cdn: TT12
cf-bgj: imgq:100,h2pri
server: cloudflare
etag: "5fcf300fba59d8f3658644f9393835f8afb0b33a"
vary: Accept-Encoding
content-type: image/jpeg
x-msg-esh: crop
cache-control: max-age=31536000
accept-ranges: bytes
cf-ray: 7da2631b69532c6d-FRA
esh2: 186
expires: Wed, 19 Jun 2024 06:07:12 GMT

GET
H2 200 galatasaraya-milot-rashicadan-guzel-haber_1527e276.jpg
icdn.ensonhaber.com/crop/700x400-85/resimler/diger/kok/2023/06/20/ 107 KB
107 KB 29ms
29ms Image
image/jpeg 2606:4700:10::ac43:28c4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://icdn.ensonhaber.com/crop/700x400-85/resimler/diger/kok/2023/06/20/galatasaraya-milot-rashicadan-guzel-haber_1527e276.jpg
Requested by: Host: www.ensonhaber.com
URL: https://www.ensonhaber.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:28c4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 78365baafdc9d5bef727290f43c663ea71ab5993fdf84a6b952bcaa83042d13f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.ensonhaber.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 07:44:32 GMT
x-msg-05: fetch: save cache with 30m
cf-cache-status: HIT
age: 1606
cf-polished: origSize=113049
esh: 700
x-vtex-cache-status-nginx-thumbor: MISS
content-length: 109576
x-msg-cdn: TT12
cf-bgj: imgq:100,h2pri
server: cloudflare
etag: "fcdd75164bb26307501d777ed900edc2d619c255"
vary: Accept-Encoding
content-type: image/jpeg
x-msg-esh: crop
cache-control: max-age=31536000
accept-ranges: bytes
cf-ray: 7da2631b795e2c6d-FRA
expires: Wed, 19 Jun 2024 07:17:33 GMT

GET
H2 200 rodri-kariyer-sezonunu-yasadi_056f2899.jpg
icdn.ensonhaber.com/crop/229x129-85/resimler/diger/kok/2023/06/19/ 16 KB
16 KB 33ms
31ms Image
image/jpeg 2606:4700:10::ac43:28c4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://icdn.ensonhaber.com/crop/229x129-85/resimler/diger/kok/2023/06/19/rodri-kariyer-sezonunu-yasadi_056f2899.jpg
Requested by: Host: www.ensonhaber.com
URL: https://www.ensonhaber.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:28c4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5f922ad97f2052ba79b629f170c0cd569c3b6cdeead48e2d01fa20810392b079

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.ensonhaber.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 07:44:32 GMT
x-msg-05: fetch: save cache with 30m
cf-cache-status: HIT
age: 42714
cf-polished: origSize=16864
x-vtex-cache-status-nginx-thumbor: MISS
content-length: 16254
x-msg-cdn: TT12
cf-bgj: imgq:100,h2pri
server: cloudflare
etag: "9307a137bb1b1cd46a9dc74d0e802725f7dbd828"
vary: Accept-Encoding
content-type: image/jpeg
x-msg-esh: crop
cache-control: max-age=31536000
accept-ranges: bytes
cf-ray: 7da2631b89702c6d-FRA
esh2: 229
expires: Tue, 18 Jun 2024 19:52:19 GMT

GET
H2 200 besiktas-sude-naz-uzunu-transfer-etti_08fdb198.jpg
icdn.ensonhaber.com/crop/229x129-85/resimler/diger/kok/2023/06/19/ 18 KB
18 KB 34ms
32ms Image
image/jpeg 2606:4700:10::ac43:28c4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://icdn.ensonhaber.com/crop/229x129-85/resimler/diger/kok/2023/06/19/besiktas-sude-naz-uzunu-transfer-etti_08fdb198.jpg
Requested by: Host: www.ensonhaber.com
URL: https://www.ensonhaber.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:28c4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c067558db81a543c217d643f6caa1bdbbf0c0e75bb8d82bce6244c75158e8bf5

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.ensonhaber.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 07:44:32 GMT
x-msg-05: fetch: save cache with 30m
cf-cache-status: HIT
age: 42768
cf-polished: origSize=19278
x-vtex-cache-status-nginx-thumbor: MISS
content-length: 18434
x-msg-cdn: TT12
cf-bgj: imgq:100,h2pri
server: cloudflare
etag: "fd0affd2987c8c7b200b0dfb11cdfdc0be4d6928"
vary: Accept-Encoding
content-type: image/jpeg
x-msg-esh: crop
cache-control: max-age=31536000
accept-ranges: bytes
cf-ray: 7da2631b89722c6d-FRA
esh2: 229
expires: Tue, 18 Jun 2024 19:50:19 GMT

GET
H2 200 97-gazi-kosusuna-kayit-yaptiran-safkanlar-belirlendi_0ab2f493.jpg
icdn.ensonhaber.com/crop/229x129-85/resimler/diger/kok/2023/06/19/ 15 KB
15 KB 31ms
29ms Image
image/jpeg 2606:4700:10::ac43:28c4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://icdn.ensonhaber.com/crop/229x129-85/resimler/diger/kok/2023/06/19/97-gazi-kosusuna-kayit-yaptiran-safkanlar-belirlendi_0ab2f493.jpg
Requested by: Host: www.ensonhaber.com
URL: https://www.ensonhaber.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:28c4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 369ce25de5b5e9a034ee8bc34b6939b9b6deb20e24864c39a9cf6c4747ea70b8

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.ensonhaber.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 07:44:32 GMT
x-msg-05: fetch: save cache with 30m
cf-cache-status: HIT
age: 42865
cf-polished: origSize=15418
x-vtex-cache-status-nginx-thumbor: MISS
content-length: 15147
x-msg-cdn: TT12
cf-bgj: imgq:100,h2pri
server: cloudflare
etag: "24340f0b643ac3c4953d78275bb9f3915d4a934f"
vary: Accept-Encoding
content-type: image/jpeg
x-msg-esh: crop
cache-control: max-age=31536000
accept-ranges: bytes
cf-ray: 7da2631b89742c6d-FRA
esh2: 229
expires: Tue, 18 Jun 2024 19:48:41 GMT

GET
H2 200 turkiye-galler-macinin-ilk-11leri_08369959.jpg
icdn.ensonhaber.com/crop/229x129-85/resimler/diger/kok/2023/06/19/ 17 KB
17 KB 31ms
30ms Image
image/jpeg 2606:4700:10::ac43:28c4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://icdn.ensonhaber.com/crop/229x129-85/resimler/diger/kok/2023/06/19/turkiye-galler-macinin-ilk-11leri_08369959.jpg
Requested by: Host: www.ensonhaber.com
URL: https://www.ensonhaber.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:28c4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8ef3db050ac2ff3d8a9ae3f2a24b7fab03d58d8221380f8940d3a607bd8dbb4e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.ensonhaber.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 07:44:32 GMT
x-msg-05: fetch: save cache with 30m
cf-cache-status: HIT
age: 51006
cf-polished: origSize=17932
x-vtex-cache-status-nginx-thumbor: MISS
content-length: 17311
x-msg-cdn: TT12
cf-bgj: imgq:100,h2pri
server: cloudflare
etag: "d0f815df7dfbd7eaaba447f6acb26dcc9ab30f17"
vary: Accept-Encoding
content-type: image/jpeg
x-msg-esh: crop
cache-control: max-age=31536000
accept-ranges: bytes
cf-ray: 7da2631b89762c6d-FRA
esh2: 229
expires: Tue, 18 Jun 2024 17:33:20 GMT

GET
H2 200 youtube-white.svg
s.ensonhaber.com/assets/img/svg/ 4 KB
2 KB 39ms
38ms Image
image/svg+xml 2606:4700:10::ac43:28c4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s.ensonhaber.com/assets/img/svg/youtube-white.svg
Requested by: Host: s.ensonhaber.com
URL: https://s.ensonhaber.com/assets/css/home.min.css?v=3.14.62_a6744a8
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:28c4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 32d75b8d9906e4fe046307d507ff6d1893ed34d99a6f28f931301ed5d296728b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s.ensonhaber.com/assets/css/home.min.css?v=3.14.62_a6744a8
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 07:44:32 GMT
content-encoding: gzip
x-msg-05: fetch: save cache with 1M
cf-cache-status: HIT
age: 4819503
content-length: 1754
x-vtex-cache-status-nginx-thumbor: MISS
last-modified: Fri, 16 Dec 2022 16:19:16 GMT
server: cloudflare
etag: "f42-639c9a84-de402b8448af89b4;gz"
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
x-msg-esh: js gnc cdn
cache-control: max-age=31536000
accept-ranges: bytes
cf-ray: 7da26319ff752c6d-FRA
expires: Wed, 24 Apr 2024 12:55:38 GMT

GET
H2 200 youtube-player.svg
s.ensonhaber.com/assets/img/svg/ 1 KB
661 B 39ms
39ms Image
image/svg+xml 2606:4700:10::ac43:28c4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s.ensonhaber.com/assets/img/svg/youtube-player.svg
Requested by: Host: s.ensonhaber.com
URL: https://s.ensonhaber.com/assets/css/home.min.css?v=3.14.62_a6744a8
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:28c4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e92728d3f84f8648d013fffa073f09ffd774aefb957c5bc08b98c9af97c28979

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s.ensonhaber.com/assets/css/home.min.css?v=3.14.62_a6744a8
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 07:44:32 GMT
content-encoding: gzip
x-msg-05: fetch: save cache with 1M
cf-cache-status: HIT
age: 4819503
content-length: 567
x-vtex-cache-status-nginx-thumbor: MISS
last-modified: Fri, 16 Dec 2022 16:19:16 GMT
server: cloudflare
etag: "431-639c9a84-a968250828655b7a;gz"
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
x-msg-esh: js gnc cdn
cache-control: max-age=31536000
accept-ranges: bytes
cf-ray: 7da26319ff772c6d-FRA
expires: Wed, 24 Apr 2024 12:55:38 GMT

GET
H2 200 logo.svg
s.ensonhaber.com/assets/img/nav/ 2 KB
1 KB 37ms
37ms Image
image/svg+xml 2606:4700:10::ac43:28c4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s.ensonhaber.com/assets/img/nav/logo.svg
Requested by: Host: s.ensonhaber.com
URL: https://s.ensonhaber.com/assets/css/home.min.css?v=3.14.62_a6744a8
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:28c4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 65803b3152b8225540cdda2ae8e3a298ba9eb591cc35d9e7fe4b906b0f515ead

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s.ensonhaber.com/assets/css/home.min.css?v=3.14.62_a6744a8
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 07:44:32 GMT
content-encoding: gzip
x-msg-05: fetch: save cache with 1M
cf-cache-status: HIT
age: 4819554
content-length: 1038
x-vtex-cache-status-nginx-thumbor: HIT
last-modified: Fri, 16 Dec 2022 16:19:15 GMT
server: cloudflare
etag: "801-639c9a83-2deb684a3979a6f;gz"
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
x-msg-esh: js gnc cdn
cache-control: max-age=31536000
accept-ranges: bytes
cf-ray: 7da26319ff7e2c6d-FRA
expires: Wed, 24 Apr 2024 12:55:38 GMT

GET
H2 200 telegram.svg
s.ensonhaber.com/assets/img/social/svg/ 393 B
371 B 37ms
37ms Image
image/svg+xml 2606:4700:10::ac43:28c4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s.ensonhaber.com/assets/img/social/svg/telegram.svg
Requested by: Host: s.ensonhaber.com
URL: https://s.ensonhaber.com/assets/css/home.min.css?v=3.14.62_a6744a8
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:28c4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f0bdf831bc0414f96ebd455a30c1ded4739f659071f0dbb60be94a3d4acd8f4e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s.ensonhaber.com/assets/css/home.min.css?v=3.14.62_a6744a8
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 07:44:32 GMT
content-encoding: gzip
x-msg-05: fetch: save cache with 1M
cf-cache-status: HIT
age: 4819554
content-length: 277
x-vtex-cache-status-nginx-thumbor: MISS
last-modified: Fri, 16 Dec 2022 16:19:16 GMT
server: cloudflare
etag: "189-639c9a84-96400f8900acc41e;gz"
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
x-msg-esh: js gnc cdn
cache-control: max-age=31536000
accept-ranges: bytes
cf-ray: 7da26319ff802c6d-FRA
expires: Wed, 24 Apr 2024 12:55:38 GMT

GET
H2 200 whatsapp.svg
s.ensonhaber.com/assets/img/social/svg/ 3 KB
1 KB 36ms
35ms Image
image/svg+xml 2606:4700:10::ac43:28c4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s.ensonhaber.com/assets/img/social/svg/whatsapp.svg
Requested by: Host: s.ensonhaber.com
URL: https://s.ensonhaber.com/assets/css/home.min.css?v=3.14.62_a6744a8
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:28c4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 96ad4daa65142f22e17fd212940a4997af6e475206bd70a8da1a4e293f9c2d88

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s.ensonhaber.com/assets/css/home.min.css?v=3.14.62_a6744a8
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 07:44:32 GMT
content-encoding: gzip
x-msg-05: fetch: save cache with 1M
cf-cache-status: HIT
age: 4819553
content-length: 1108
x-vtex-cache-status-nginx-thumbor: HIT
last-modified: Fri, 16 Dec 2022 16:19:16 GMT
server: cloudflare
etag: "acf-639c9a84-20f1ab362ceade15;gz"
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
x-msg-esh: js gnc cdn
cache-control: max-age=31536000
accept-ranges: bytes
cf-ray: 7da26319ff822c6d-FRA
expires: Wed, 24 Apr 2024 12:55:39 GMT

GET
H2 200 youtube.svg
s.ensonhaber.com/assets/img/social/svg/ 953 B
518 B 35ms
34ms Image
image/svg+xml 2606:4700:10::ac43:28c4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s.ensonhaber.com/assets/img/social/svg/youtube.svg
Requested by: Host: s.ensonhaber.com
URL: https://s.ensonhaber.com/assets/css/home.min.css?v=3.14.62_a6744a8
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:28c4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 416a4c85b488c3fe2ca26298fc13a4fec28626649939aeab1f5862a27e046cf0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s.ensonhaber.com/assets/css/home.min.css?v=3.14.62_a6744a8
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 07:44:32 GMT
content-encoding: gzip
x-msg-05: fetch: save cache with 1M
cf-cache-status: HIT
age: 4819553
content-length: 423
x-vtex-cache-status-nginx-thumbor: MISS
last-modified: Fri, 16 Dec 2022 16:19:16 GMT
server: cloudflare
etag: "3b9-639c9a84-92da1d82d3fbff6f;gz"
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
x-msg-esh: js gnc cdn
cache-control: max-age=31536000
accept-ranges: bytes
cf-ray: 7da26319ff842c6d-FRA
expires: Wed, 24 Apr 2024 12:55:38 GMT

GET
H2 200 twitter.svg
s.ensonhaber.com/assets/img/social/svg/ 856 B
576 B 35ms
35ms Image
image/svg+xml 2606:4700:10::ac43:28c4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s.ensonhaber.com/assets/img/social/svg/twitter.svg
Requested by: Host: s.ensonhaber.com
URL: https://s.ensonhaber.com/assets/css/home.min.css?v=3.14.62_a6744a8
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:28c4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2d0a8c318709b662988173b2343311cff1342159884ea66bb2f6a98287ca916f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s.ensonhaber.com/assets/css/home.min.css?v=3.14.62_a6744a8
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 07:44:32 GMT
content-encoding: gzip
x-msg-05: fetch: save cache with 1M
cf-cache-status: HIT
age: 4819553
content-length: 482
x-vtex-cache-status-nginx-thumbor: MISS
last-modified: Fri, 16 Dec 2022 16:19:16 GMT
server: cloudflare
etag: "358-639c9a84-8f449a611e7de763;gz"
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
x-msg-esh: js gnc cdn
cache-control: max-age=31536000
accept-ranges: bytes
cf-ray: 7da26319ff852c6d-FRA
expires: Wed, 24 Apr 2024 12:55:38 GMT

GET
H2 200 instagram.svg
s.ensonhaber.com/assets/img/social/svg/ 2 KB
838 B 34ms
34ms Image
image/svg+xml 2606:4700:10::ac43:28c4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s.ensonhaber.com/assets/img/social/svg/instagram.svg
Requested by: Host: s.ensonhaber.com
URL: https://s.ensonhaber.com/assets/css/home.min.css?v=3.14.62_a6744a8
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:28c4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8b8da33976e16cb84f8ffe8224b95df6e90a1f81f604b99b0ed1b505c983f68b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s.ensonhaber.com/assets/css/home.min.css?v=3.14.62_a6744a8
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 07:44:32 GMT
content-encoding: gzip
x-msg-05: fetch: save cache with 1M
cf-cache-status: HIT
age: 4819553
content-length: 737
x-vtex-cache-status-nginx-thumbor: MISS
last-modified: Fri, 16 Dec 2022 16:19:16 GMT
server: cloudflare
etag: "853-639c9a84-13d92e1e1566001a;gz"
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
x-msg-esh: js gnc cdn
cache-control: max-age=31536000
accept-ranges: bytes
cf-ray: 7da26319ff862c6d-FRA
expires: Wed, 24 Apr 2024 12:55:38 GMT

GET
H2 200 facebook.svg
s.ensonhaber.com/assets/img/social/svg/ 656 B
487 B 36ms
36ms Image
image/svg+xml 2606:4700:10::ac43:28c4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s.ensonhaber.com/assets/img/social/svg/facebook.svg
Requested by: Host: s.ensonhaber.com
URL: https://s.ensonhaber.com/assets/css/home.min.css?v=3.14.62_a6744a8
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:28c4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6c2d6ce4a7f2a02270cd2693256f756b8ed4e2c64f2eb6b9b33cbadd22cc2140

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s.ensonhaber.com/assets/css/home.min.css?v=3.14.62_a6744a8
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 07:44:32 GMT
content-encoding: gzip
x-msg-05: fetch: save cache with 1M
cf-cache-status: HIT
age: 4819503
content-length: 393
x-vtex-cache-status-nginx-thumbor: MISS
last-modified: Fri, 16 Dec 2022 16:19:16 GMT
server: cloudflare
etag: "290-639c9a84-a482b1a13127354d;gz"
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
x-msg-esh: js gnc cdn
cache-control: max-age=31536000
accept-ranges: bytes
cf-ray: 7da26319ff882c6d-FRA
expires: Wed, 24 Apr 2024 12:55:38 GMT

GET
H2 200 borsaticker Show response
www.ensonhaber.com/dynamic/ 8 KB
2 KB 21ms
21ms Fetch
text/html 89.187.169.43
CDN77 ^_^

General

Check archive.org

Show headers Download Go to

Full URL: https://www.ensonhaber.com/dynamic/borsaticker
Requested by: Host: s.ensonhaber.com
URL: https://s.ensonhaber.com/assets/js/home.min.js?v=3.14.62_a6744a8
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 89.187.169.43 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS: unn-89-187-169-43.cdn77.com
Software: MerlinCDN / PHP/8.0.25
Resource Hash: 27ef86a37eb372d157b96f7d21d12dca338fbbf6922218b0a980fc3ebb46e6eb

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.ensonhaber.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 07:44:32 GMT
via: HTTP/2.0 Merlin CDN
content-encoding: gzip
server: MerlinCDN
age: 13
x-midtier: nl-naw-ws-s08
x-cache-status: HIT
x-litespeed-cache: hit
x-powered-by: PHP/8.0.25
content-type: text/html; charset=UTF-8
allow: GET, HEAD, POST
etag: W/"3986201-1687245655;;;"
x-edge: de-fra-dp-s01
cache-control: max-age=300
caching-type: litespeed

GET
DATA 200
OK truncated
/ 603 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b7d079bf21e72c5449d5aa75a4916c4556a0fd2b02cadd2a93aa1d1529957722

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 603 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b0b6c2ef65f2486f7be1c3b49a50e88ed2602d29d1f9ecb03ddd4e198c8e5910

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H2 200 istanbul.json Show response
api-stg.ensonhaber.com/data/havadurumu/ 3 KB
851 B 44ms
28ms Fetch
application/json 2606:4700:10::6816:3f4e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://api-stg.ensonhaber.com/data/havadurumu/istanbul.json
Requested by: Host: s.ensonhaber.com
URL: https://s.ensonhaber.com/assets/js/home.min.js?v=3.14.62_a6744a8
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:3f4e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / PHP/8.0.25
Resource Hash: 483de5dfdfae5780263638c0945403236f47fccbd63c84b7c527c85b7c2d5c67

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.ensonhaber.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 07:44:32 GMT
content-encoding: gzip
cache-file: data___istanbul_saatlik_2023-06-20.json
cf-cache-status: HIT
age: 66
x-powered-by: PHP/8.0.25
x-litespeed-cache: hit
content-length: 516
server: cloudflare
etag: "682307-1687246593;gz"
vary: Accept-Encoding
access-control-allow-methods: PUT, GET, POST, DELETE, OPTIONS
content-type: application/json
access-control-allow-origin: *
x-server: api-srv-1
accept-ranges: bytes
x-robots-tag: noindex
access-control-allow-headers: x-requested-with, origin, x-requested-with, content-type
cache3: out-of-memory
cf-ray: 7da2631a5dc4904f-FRA

GET
H2 200 loading-red.svg
www.ensonhaber.com/assets/img/svg/ 1012 B
584 B 21ms
21ms Image
image/svg+xml 89.187.169.43
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.ensonhaber.com/assets/img/svg/loading-red.svg
Requested by: Host: www.ensonhaber.com
URL: https://www.ensonhaber.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 89.187.169.43 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS: unn-89-187-169-43.cdn77.com
Software: MerlinCDN /
Resource Hash: 8ed948e6d6586fc5cfd9284799eb76290f6c6067a481efbb08e1720977b33c33

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.ensonhaber.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 07:44:32 GMT
via: HTTP/2.0 Merlin CDN
content-encoding: gzip
last-modified: Fri, 16 Dec 2022 16:19:16 GMT
server: MerlinCDN
age: 4817892
etag: W/"3f4-639c9a84-c475a4ec4487325e;;;"
x-midtier: de-fra-dp-s02
x-cache-status: HIT
allow: GET, HEAD, POST
content-type: image/svg+xml
x-edge: de-fra-dp-s01
cache-control: max-age=31536000

GET
H2 200 loading-red.svg
s.ensonhaber.com/assets/img/svg/ 1012 B
479 B 38ms
37ms Image
image/svg+xml 2606:4700:10::ac43:28c4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s.ensonhaber.com/assets/img/svg/loading-red.svg
Requested by: Host: s.ensonhaber.com
URL: https://s.ensonhaber.com/assets/css/home.min.css?v=3.14.62_a6744a8
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:28c4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8ed948e6d6586fc5cfd9284799eb76290f6c6067a481efbb08e1720977b33c33

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s.ensonhaber.com/assets/css/home.min.css?v=3.14.62_a6744a8
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 07:44:32 GMT
content-encoding: gzip
x-msg-05: fetch: save cache with 1M
cf-cache-status: HIT
age: 4819733
content-length: 284
x-vtex-cache-status-nginx-thumbor: MISS
last-modified: Fri, 16 Dec 2022 16:19:16 GMT
server: cloudflare
etag: "3f4-639c9a84-c475a4ec4487325e;gz"
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
x-msg-esh: js gnc cdn
cache-control: max-age=31536000
accept-ranges: bytes
cf-ray: 7da2631a4ff32c6d-FRA
expires: Wed, 24 Apr 2024 12:55:38 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 289 KB
98 KB 42ms
42ms Script
application/javascript 2a00:1450:4001:82f::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-3G92ST5T0Z&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PL4PL92

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

f1f1e13e8c24a7941e3b36d2d1f364d19f442808be024d695b5dd743f47dbfee

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.ensonhaber.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 07:44:32 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 99832
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Tue, 20 Jun 2023 07:44:32 GMT

GET
H2 200 down-red.svg
s.ensonhaber.com/assets/img/svg/ 735 B
633 B 35ms
34ms Image
image/svg+xml 2606:4700:10::ac43:28c4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s.ensonhaber.com/assets/img/svg/down-red.svg
Requested by: Host: s.ensonhaber.com
URL: https://s.ensonhaber.com/assets/css/home.min.css?v=3.14.62_a6744a8
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:28c4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 9838cf0fe876be799851d050135c445d90b5bba432de6f60f4fa68ed7d6a0dc5

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s.ensonhaber.com/assets/css/home.min.css?v=3.14.62_a6744a8
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 07:44:32 GMT
content-encoding: gzip
x-msg-05: fetch: save cache with 1M
cf-cache-status: HIT
age: 4819502
content-length: 487
x-vtex-cache-status-nginx-thumbor: MISS
last-modified: Wed, 28 Dec 2022 15:09:42 GMT
server: cloudflare
etag: "2df-63ac5c36-bff6e9315efa01c9;gz"
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
x-msg-esh: js gnc cdn
cache-control: max-age=31536000
accept-ranges: bytes
cf-ray: 7da2631ac87e2c6d-FRA
expires: Wed, 24 Apr 2024 12:55:39 GMT

GET
H2 200 up-green.svg
s.ensonhaber.com/assets/img/svg/ 764 B
602 B 38ms
38ms Image
image/svg+xml 2606:4700:10::ac43:28c4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s.ensonhaber.com/assets/img/svg/up-green.svg
Requested by: Host: s.ensonhaber.com
URL: https://s.ensonhaber.com/assets/css/home.min.css?v=3.14.62_a6744a8
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:28c4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 74d5ddb896390fbd0d379431074c833d31f208835ef558dd0ede1264e46a3a5f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s.ensonhaber.com/assets/css/home.min.css?v=3.14.62_a6744a8
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 07:44:32 GMT
content-encoding: gzip
x-msg-05: fetch: save cache with 1M
cf-cache-status: HIT
age: 4819502
content-length: 504
x-vtex-cache-status-nginx-thumbor: MISS
last-modified: Wed, 28 Dec 2022 15:09:42 GMT
server: cloudflare
etag: "2fc-63ac5c36-8edaee021ef5d882;gz"
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
x-msg-esh: js gnc cdn
cache-control: max-age=31536000
accept-ranges: bytes
cf-ray: 7da2631ac8802c6d-FRA
expires: Wed, 24 Apr 2024 12:55:38 GMT

GET
H2 200 bitexen.svg
s.ensonhaber.com/assets/img/svg/ 9 KB
7 KB 38ms
38ms Image
image/svg+xml 2606:4700:10::ac43:28c4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s.ensonhaber.com/assets/img/svg/bitexen.svg
Requested by: Host: s.ensonhaber.com
URL: https://s.ensonhaber.com/assets/css/home.min.css?v=3.14.62_a6744a8
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:28c4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 9d12d07d40ba2f3439d466eba90f27f46581293306f8be3acbb0909a89b4e85a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s.ensonhaber.com/assets/css/home.min.css?v=3.14.62_a6744a8
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 07:44:32 GMT
content-encoding: gzip
x-msg-05: fetch: save cache with 1M
cf-cache-status: HIT
age: 4819502
content-length: 7235
x-vtex-cache-status-nginx-thumbor: MISS
last-modified: Fri, 16 Dec 2022 16:19:16 GMT
server: cloudflare
etag: "2559-639c9a84-eb01bfa43127277e;gz"
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
x-msg-esh: js gnc cdn
cache-control: max-age=31536000
accept-ranges: bytes
cf-ray: 7da2631ac8822c6d-FRA
expires: Wed, 24 Apr 2024 12:55:38 GMT

GET
H2 200 crypto-currency-white.svg
s.ensonhaber.com/assets/img/svg/ 777 B
569 B 36ms
36ms Image
image/svg+xml 2606:4700:10::ac43:28c4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s.ensonhaber.com/assets/img/svg/crypto-currency-white.svg
Requested by: Host: s.ensonhaber.com
URL: https://s.ensonhaber.com/assets/css/home.min.css?v=3.14.62_a6744a8
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:28c4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0ca8877766a4fcd6665a6fd63e69359eb0d19d47df34e399d34345c12e00db4c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s.ensonhaber.com/assets/css/home.min.css?v=3.14.62_a6744a8
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 07:44:32 GMT
content-encoding: gzip
x-msg-05: fetch: save cache with 1M
cf-cache-status: HIT
age: 4819502
content-length: 473
x-vtex-cache-status-nginx-thumbor: MISS
last-modified: Wed, 28 Dec 2022 15:09:42 GMT
server: cloudflare
etag: "309-63ac5c36-e35f449c24d92fc1;gz"
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
x-msg-esh: js gnc cdn
cache-control: max-age=31536000
accept-ranges: bytes
cf-ray: 7da2631ac8832c6d-FRA
expires: Wed, 24 Apr 2024 12:55:38 GMT

GET
H2 200 3.svg
www.ensonhaber.com/assets/img/svg/weather/set1/fill/ 2 KB
948 B 24ms
21ms Image
image/svg+xml 89.187.169.43
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.ensonhaber.com/assets/img/svg/weather/set1/fill/3.svg
Requested by: Host: www.ensonhaber.com
URL: https://www.ensonhaber.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 89.187.169.43 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS: unn-89-187-169-43.cdn77.com
Software: MerlinCDN /
Resource Hash: 555ed6cb3cb90591bf3def916ba208cafc830119b100866bfb7fa7fa2bf3fe9c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.ensonhaber.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 07:44:32 GMT
via: HTTP/2.0 Merlin CDN
content-encoding: gzip
last-modified: Fri, 16 Dec 2022 16:19:16 GMT
server: MerlinCDN
age: 4817259
etag: W/"693-639c9a84-2a8f67e15c27c2db;;;"
x-midtier: de-fra-dp-s02
x-cache-status: HIT
allow: GET, HEAD, POST
content-type: image/svg+xml
x-edge: de-fra-dp-s01
cache-control: max-age=31536000

GET
H2 200 13.svg
www.ensonhaber.com/assets/img/svg/weather/set1/fill/ 3 KB
1 KB 25ms
22ms Image
image/svg+xml 89.187.169.43
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.ensonhaber.com/assets/img/svg/weather/set1/fill/13.svg
Requested by: Host: www.ensonhaber.com
URL: https://www.ensonhaber.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 89.187.169.43 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS: unn-89-187-169-43.cdn77.com
Software: MerlinCDN /
Resource Hash: 89e71820a3f01b7bb31eb58eabe8fc16a23d6735fdf5dc6754cbcc1c8f251a95

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.ensonhaber.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 07:44:32 GMT
via: HTTP/2.0 Merlin CDN
content-encoding: gzip
last-modified: Fri, 16 Dec 2022 16:19:16 GMT
server: MerlinCDN
age: 4783025
etag: W/"ab0-639c9a84-e662172c0332a87e;;;"
x-midtier: de-fra-dp-s02
x-cache-status: HIT
allow: GET, HEAD, POST
content-type: image/svg+xml
x-edge: de-fra-dp-s01
cache-control: max-age=31536000

GET
H2 200 4.svg
www.ensonhaber.com/assets/img/svg/weather/set1/fill/ 2 KB
1 KB 25ms
22ms Image
image/svg+xml 89.187.169.43
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.ensonhaber.com/assets/img/svg/weather/set1/fill/4.svg
Requested by: Host: www.ensonhaber.com
URL: https://www.ensonhaber.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 89.187.169.43 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS: unn-89-187-169-43.cdn77.com
Software: MerlinCDN /
Resource Hash: 2df5e79fca419ec357ab909bc4b775580a5181fbd44449775d4eaa9b88654133

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.ensonhaber.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 07:44:32 GMT
via: HTTP/2.0 Merlin CDN
content-encoding: gzip
last-modified: Fri, 16 Dec 2022 16:19:16 GMT
server: MerlinCDN
age: 4817842
etag: W/"81d-639c9a84-6e71dfd55ab3d608;;;"
x-midtier: de-fra-dp-s02
x-cache-status: HIT
allow: GET, HEAD, POST
content-type: image/svg+xml
x-edge: de-fra-dp-s01
cache-control: max-age=31536000

GET
H2 200 pubads_impl.js Show response
securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306140101/ 408 KB
126 KB 22ms
21ms Script
text/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306140101/pubads_impl.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

5b70d8eb19ca32d244e29e759e816c343be893232978532c9d5943f838e60e0b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.ensonhaber.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 07:08:34 GMT
content-encoding: br
x-content-type-options: nosniff
age: 2158
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 129045
x-xss-protection: 0
server: cafe
etag: 16806126990728334555
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, immutable, max-age=31536000
timing-allow-origin: *
expires: Wed, 19 Jun 2024 07:08:34 GMT

GET
H3 200 ppub_config Show response
securepubads.g.doubleclick.net/pagead/ 1 KB
566 B 105ms
57ms XHR
application/json 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/ppub_config?ippd=www.ensonhaber.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

558ff90e26a97105cecf944ed6bd3db5e10318a9896e6c7689701641af72c0fd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.ensonhaber.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 07:44:32 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private, max-age=3600, stale-while-revalidate=3600
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 541
x-xss-protection: 0
expires: Tue, 20 Jun 2023 07:44:32 GMT

POST
H2 204 collect
region1.google-analytics.com/g/ 0
256 B 79ms
28ms Ping
text/plain 2001:4860:4802:32::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.google-analytics.com/g/collect?v=2&tid=G-3G92ST5T0Z&gtm=45je36e0&_p=1971942653&cid=526623169.1687247073&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&ngs=1&_s=1&sid=1687247072&sct=1&seg=0&dl=https%3A%2F%2Fwww.ensonhaber.com%2F&dt=Ensonhaber%20%E2%80%93%20Son%20Dakika%20Haber%2C%20G%C3%BCncel%20Haberler&en=page_view&_fv=1&_nsi=1&_ss=1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-3G92ST5T0Z&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:32::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.ensonhaber.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 20 Jun 2023 07:44:32 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.ensonhaber.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/1065653642/ 3 KB
2 KB 91ms
36ms Script
text/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/1065653642/?random=1687247072546&cv=11&fst=1687247072546&bg=ffffff&guid=ON&async=1&gtm=45je36e0&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.ensonhaber.com%2F&hn=www.googleadservices.com&frm=0&tiba=Ensonhaber%20%E2%80%93%20Son%20Dakika%20Haber%2C%20G%C3%BCncel%20Haberler&auid=1419924348.1687247073&uamb=0&uaw=0&data=event%3Dgtag.config&rfmt=3&fmt=4

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-3G92ST5T0Z&l=dataLayer&cx=c

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

21fae64262f66f27e45911cc8c6fe0069b42013ddd83a101bfbe56017fccdf40

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.ensonhaber.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 20 Jun 2023 07:44:32 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1347
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
456 B 98ms
31ms Script
application/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=www.ensonhaber.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306140101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.ensonhaber.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 07:44:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 100
x-xss-protection: 0

GET
H2 200 ob.js Show response
cdn-ima.33across.com/ 12 KB
4 KB 102ms
31ms Script
application/javascript 104.18.35.34
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn-ima.33across.com/ob.js
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306140101/pubads_impl.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.18.35.34 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6d285ae6755d52c452904f5bdfa4a6c2082186d695304b242e9db2f12461f02e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.ensonhaber.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 07:44:32 GMT
content-encoding: gzip
cf-cache-status: HIT
last-modified: Thu, 15 Jun 2023 16:15:13 GMT
server: cloudflare
age: 42462
etag: W/"648b3911-2e4b"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=86400
cf-ray: 7da2631c79f119ab-FRA
expires: Wed, 21 Jun 2023 07:44:32 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 165 KB
49 KB 1750ms
1750ms XHR
text/plain 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=4214182010621061&correlator=656879177075750&eid=31074947%2C31075485%2C31075338%2C31075340&output=ldjh&gdfp_req=1&vrg=202306140101&ptt=17&impl=fifs&iu_parts=9170022%2Cinterstitial&enc_prev_ius=%2F0%2F1&prev_iu_szs=1x1&ifi=1&adks=2447352499&didk=3991379447&sfv=1-0-40&ists=1&fas=8&cust_params=kategori%3Danasayfa&sc=1&cookie_enabled=1&abxe=1&dt=1687247072645&lmt=1687247072&dlt=1687247072032&idt=568&adxs=-9&adys=-9&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=-1&ucis=1&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&nvt=1&url=https%3A%2F%2Fwww.ensonhaber.com%2F&frm=20&vis=1&psz=0x-1&msz=0x-1&fws=2&ohw=0&ga_vid=526623169.1687247073&ga_sid=1687247073&ga_hid=1971942653&ga_fc=true

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306140101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7fcfb9fac837faebb5d90f9a8eae86573004c64d86e4ebeca2c69b22f2e01ece

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.ensonhaber.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 07:44:34 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 49629
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.ensonhaber.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 67 KB
14 KB 1788ms
1787ms XHR
text/plain 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=4214182010621061&correlator=656879177075750&eid=31074947%2C31075485%2C31075338%2C31075340&output=ldjh&gdfp_req=1&vrg=202306140101&ptt=17&impl=fifs&iu_parts=9170022%2CESH_DESKTOP_ANASAYFA%2Cmasthead_1&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=970x250%7C970x90&ifi=2&adks=2619639180&didk=2861604050&sfv=1-0-40&cust_params=kategori%3Danasayfa&sc=1&cookie_enabled=1&abxe=1&dt=1687247072651&lmt=1687247072&dlt=1687247072032&idt=568&adxs=315&adys=155&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=0&ucis=2&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&nvt=1&url=https%3A%2F%2Fwww.ensonhaber.com%2F&frm=20&vis=1&psz=1600x280&msz=970x-1&fws=4&ohw=1600&ga_vid=526623169.1687247073&ga_sid=1687247073&ga_hid=1971942653&ga_fc=true

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306140101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

51da48e315d7f0ddeed892476ef7666f473778bf1350518f2319cd792e1ab4e1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.ensonhaber.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 07:44:34 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14443
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.ensonhaber.com
access-control-expose-headers: x-google-amp-ad-validated-version
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 916 B
462 B 345ms
343ms XHR
text/plain 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=4214182010621061&correlator=656879177075750&eid=31074947%2C31075485%2C31075338%2C31075340&output=ldjh&gdfp_req=1&vrg=202306140101&ptt=17&impl=fifs&iu_parts=9170022%2CESH_DESKTOP_ANASAYFA%2Cmansetalti_1&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=320x50%7C970x250%7C970x90&fluid=height&ifi=3&adks=905423781&didk=4180154659&sfv=1-0-40&cust_params=kategori%3Danasayfa&sc=1&cookie_enabled=1&abxe=1&dt=1687247072657&lmt=1687247072&dlt=1687247072032&idt=568&adxs=315&adys=1359&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=1&ucis=3&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&nvt=1&url=https%3A%2F%2Fwww.ensonhaber.com%2F&frm=20&vis=1&psz=970x280&msz=970x-1&fws=4&ohw=1600&ga_vid=526623169.1687247073&ga_sid=1687247073&ga_hid=1971942653&ga_fc=true

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306140101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

377797acd33c082080b5467dcfc816d83e53589fe89401fd45d1588fe7f6baf8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.ensonhaber.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 07:44:32 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 431
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.ensonhaber.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 900 B
445 B 2278ms
2277ms XHR
text/plain 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=4214182010621061&correlator=656879177075750&eid=31074947%2C31075485%2C31075338%2C31075340&output=ldjh&gdfp_req=1&vrg=202306140101&ptt=17&impl=fifs&iu_parts=9170022%2CESHv2%2Cstickybottom&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=728x90%7C970x90&ifi=4&adks=396462409&didk=2469753850&sfv=1-0-40&cust_params=kategori%3Danasayfa&sc=1&cookie_enabled=1&abxe=1&dt=1687247072659&lmt=1687247072&dlt=1687247072032&idt=568&adxs=436&adys=1600&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=2&ucis=4&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&nvt=1&url=https%3A%2F%2Fwww.ensonhaber.com%2F&frm=20&vis=1&psz=728x-1&msz=728x-1&fws=516&ohw=1600&ga_vid=526623169.1687247073&ga_sid=1687247073&ga_hid=1971942653&ga_fc=true

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306140101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

486c0e7eb5313ce4ae416f5c344898112ce7a3449044cba6327e86ff03081f8c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.ensonhaber.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 07:44:34 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 414
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.ensonhaber.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 24 KB
11 KB 1919ms
1918ms XHR
text/plain 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=4214182010621061&correlator=656879177075750&eid=31074947%2C31075485%2C31075338%2C31075340&output=ldjh&gdfp_req=1&vrg=202306140101&ptt=17&impl=fifs&iu_parts=9170022%2CESHv2%2Cpageskin&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=320x50%7C160x600%7C120x600&fluid=height&ifi=5&adks=1502987301&didk=133821678&sfv=1-0-40&cust_params=kategori%3Danasayfa&sc=1&cookie_enabled=1&abxe=1&dt=1687247072662&lmt=1687247072&dlt=1687247072032&idt=568&adxs=33&adys=153&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=0&ucis=5&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&nvt=1&url=https%3A%2F%2Fwww.ensonhaber.com%2F&frm=20&vis=1&psz=300x-1&msz=160x-1&fws=516&ohw=300&ga_vid=526623169.1687247073&ga_sid=1687247073&ga_hid=1971942653&ga_fc=true

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306140101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

86f3d6ba6ceea00fa02b7dbc5de0463ab0e8da7d6f651d6f33bb409c3a42c9f3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.ensonhaber.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 07:44:34 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11271
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.ensonhaber.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 24 KB
11 KB 2102ms
2101ms XHR
text/plain 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=4214182010621061&correlator=656879177075750&eid=31074947%2C31075485%2C31075338%2C31075340&output=ldjh&gdfp_req=1&vrg=202306140101&ptt=17&impl=fifs&iu_parts=9170022%2CESHv2%2Cpageskin_genel-sag&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=320x50%7C160x600%7C120x600&fluid=height&ifi=6&adks=2966292975&didk=403647575&sfv=1-0-40&cust_params=kategori%3Danasayfa&sc=1&cookie_enabled=1&abxe=1&dt=1687247072664&lmt=1687247072&dlt=1687247072032&idt=568&adxs=1407&adys=153&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=0&ucis=6&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&nvt=1&url=https%3A%2F%2Fwww.ensonhaber.com%2F&frm=20&vis=1&psz=300x-1&msz=160x-1&fws=516&ohw=300&ga_vid=526623169.1687247073&ga_sid=1687247073&ga_hid=1971942653&ga_fc=true

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306140101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e5c7725cf595366b2054565e398c9f2e0093ea09756b306ec03e1e21862dd46a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.ensonhaber.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 07:44:34 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11332
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.ensonhaber.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html Show response
b71adb14a14f29496d7699916e80b9c7.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame B53E 6 KB
3 KB 95ms
29ms Document
text/html 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://b71adb14a14f29496d7699916e80b9c7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306140101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.ensonhaber.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Tue, 20 Jun 2023 07:44:32 GMT
expires: Wed, 19 Jun 2024 07:44:32 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 pubads_impl_page_level_ads.js Show response
securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306140101/ 37 KB
13 KB 22ms
21ms Script
text/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306140101/pubads_impl_page_level_ads.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306140101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b364aa5ec35c70520296a6172a1d7963535eeb7f6b246f41cf66af5d315f1215

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.ensonhaber.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Mon, 19 Jun 2023 16:51:57 GMT
content-encoding: br
x-content-type-options: nosniff
age: 53555
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13147
x-xss-protection: 0
server: cafe
etag: 3115308656160103658
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, immutable, max-age=31536000
timing-allow-origin: *
expires: Tue, 18 Jun 2024 16:51:57 GMT

GET
H2 200 /
www.google.com/pagead/1p-user-list/1065653642/ 42 B
455 B 82ms
32ms Image
image/gif 2a00:1450:4001:813::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/1065653642/?random=1687247072546&cv=11&fst=1687244400000&bg=ffffff&guid=ON&async=1&gtm=45je36e0&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.ensonhaber.com%2F&frm=0&tiba=Ensonhaber%20%E2%80%93%20Son%20Dakika%20Haber%2C%20G%C3%BCncel%20Haberler&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=1741802215&rmt_tld=0&ipr=y

Requested by

Host: www.ensonhaber.com
URL: https://www.ensonhaber.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.ensonhaber.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 20 Jun 2023 07:44:32 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.de/pagead/1p-user-list/1065653642/ 42 B
455 B 81ms
31ms Image
image/gif 2a00:1450:4001:82f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/1065653642/?random=1687247072546&cv=11&fst=1687244400000&bg=ffffff&guid=ON&async=1&gtm=45je36e0&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.ensonhaber.com%2F&frm=0&tiba=Ensonhaber%20%E2%80%93%20Son%20Dakika%20Haber%2C%20G%C3%BCncel%20Haberler&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=1741802215&rmt_tld=1&ipr=y

Requested by

Host: www.ensonhaber.com
URL: https://www.ensonhaber.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.ensonhaber.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 20 Jun 2023 07:44:32 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 style
accounts.google.com/gsi/ 533 B
585 B 50ms
49ms Stylesheet
text/css 2a00:1450:4001:828::200d
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://accounts.google.com/gsi/style

Requested by

Host: accounts.google.com
URL: https://accounts.google.com/gsi/client

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::200d Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

1c4e7e389d73c6acf7f19cc812514e71230740791fde8a018c1d7edccf1590ae

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-SU-n8ep95iZikEFLDX4O_w' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/identity-sign-in-google-http, require-trusted-types-for 'script';report-uri https://csp.withgoogle.com/csp/identity-sign-in-google-http
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.ensonhaber.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 07:44:32 GMT
content-security-policy: script-src 'report-sample' 'nonce-SU-n8ep95iZikEFLDX4O_w' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/identity-sign-in-google-http, require-trusted-types-for 'script';report-uri https://csp.withgoogle.com/csp/identity-sign-in-google-http
content-encoding: gzip
x-content-type-options: nosniff
server: ESF
x-frame-options: SAMEORIGIN
report-to: {"group":"coop_dd7de8473bddc59c6b748810a67a39b1","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/dd7de8473bddc59c6b748810a67a39b1"}]}
content-type: text/css; charset=utf-8
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
cross-origin-opener-policy-report-only: same-origin; report-to="coop_dd7de8473bddc59c6b748810a67a39b1"
expires: Tue, 20 Jun 2023 07:44:32 GMT

GET
H2 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 14 KB
11 KB 126ms
70ms XHR
application/json 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=m202306140101&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306140101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

412fb5cc8a51add50e590be63fda08e88d3913c9e3f1b3a96f73004ce6d80f7a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.ensonhaber.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 07:44:32 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11090
x-xss-protection: 0

GET
H2 200 yunan-basini-turk-tanklarini-vurmakla-tehdit-etti_1508a758.jpg
icdn.ensonhaber.com/crop/788x450-85/resimler/diger/kok/2023/06/20/ 96 KB
96 KB 34ms
34ms Image
image/jpeg 2606:4700:10::ac43:28c4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://icdn.ensonhaber.com/crop/788x450-85/resimler/diger/kok/2023/06/20/yunan-basini-turk-tanklarini-vurmakla-tehdit-etti_1508a758.jpg
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:28c4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 14b36a8df3615e891dddebf0e4adf825b612ad83eb23f116d32d01a11e873a1a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.ensonhaber.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 07:44:32 GMT
x-msg-05: fetch: save cache with 30m
cf-cache-status: HIT
age: 2089
cf-polished: origSize=100574
x-vtex-cache-status-nginx-thumbor: MISS
content-length: 98029
x-msg-cdn: TT12
cf-bgj: imgq:100,h2pri
server: cloudflare
etag: "eede7b7c053e62e909a13fe3582099768fa58a2d"
vary: Accept-Encoding
content-type: image/jpeg
x-msg-esh: crop
cache-control: max-age=31536000
accept-ranges: bytes
cf-ray: 7da2631d7c132c6d-FRA
esh2: 788
expires: Wed, 19 Jun 2024 07:09:12 GMT

GET
H2 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
7 KB 82ms
33ms Script
text/javascript 2a00:1450:4001:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306140101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.ensonhaber.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 07:44:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Tue, 20 Jun 2023 07:44:32 GMT

GET
H2 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 8074 13 KB
5 KB 22ms
20ms Document
text/html 2a00:1450:4001:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.ensonhaber.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 59587
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Mon, 19 Jun 2023 15:11:26 GMT
expires: Tue, 18 Jun 2024 15:11:26 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 9A6D 783 B
952 B 37ms
36ms Document
text/html 2a00:1450:4001:813::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

2c6cb8994e6cf1bddda9e1a5b916a70ca4baa71c158d443a34914ba7e6c1d559

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-SKKEn35yLun_Px6xsniHYQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.ensonhaber.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=300
content-encoding: gzip
content-length: 512
content-security-policy: script-src 'report-sample' 'nonce-SKKEn35yLun_Px6xsniHYQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Tue, 20 Jun 2023 07:44:33 GMT
expires: Tue, 20 Jun 2023 07:44:33 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
165 B 32ms
31ms Script
application/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=www.ensonhaber.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306140101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.ensonhaber.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 07:44:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 26 KB
12 KB 2118ms
2117ms XHR
text/plain 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=4214182010621061&correlator=656879177075750&eid=31074947%2C31075485%2C31075338%2C31075340&output=ldjh&gdfp_req=1&vrg=202306140101&ptt=17&impl=fifs&iu_parts=9170022%2CESH_DESKTOP_ANASAYFA%2Cmansetalti_2&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=320x50%7C970x250%7C970x90&fluid=height&ifi=7&adks=1072827501&didk=2270583748&sfv=1-0-40&cust_params=kategori%3Danasayfa&sc=1&cookie=ID%3Dabf51527453617e1%3AT%3D1687247072%3ART%3D1687247072%3AS%3DALNI_MaggUgNteQww9aVlaUVvDmTLacc2A&gpic=UID%3D00000c313da02232%3AT%3D1687247072%3ART%3D1687247072%3AS%3DALNI_MaxpQIdo6crgUTZt98GbVLK1-4VQw&abxe=1&dt=1687247073024&lmt=1687247073&dlt=1687247072032&idt=568&adxs=315&adys=1234&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=3&ucis=7&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&nvt=1&url=https%3A%2F%2Fwww.ensonhaber.com%2F&frm=20&vis=1&psz=970x280&msz=970x0&fws=4&ohw=1600&ga_vid=526623169.1687247073&ga_sid=1687247073&ga_hid=1971942653&ga_fc=true

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306140101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a205d7d684136be8250397a83c5f4c6fc4702ac3344795b10f22ab8fc772ac31

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.ensonhaber.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 07:44:35 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 12106
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.ensonhaber.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 _gLG9aN8cjF7vXKbMeOxmtCOjM8PIsJVPzQXNT2dY7E.js Show response
pagead2.googlesyndication.com/bg/ Frame 8074 37 KB
14 KB 63ms
21ms Script
text/javascript 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/_gLG9aN8cjF7vXKbMeOxmtCOjM8PIsJVPzQXNT2dY7E.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

fe02c6f5a37c72317bbd729b31e3b19ad08e8ccf0f22c2553f3417353d9d63b1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Sun, 18 Jun 2023 08:56:49 GMT
content-encoding: br
x-content-type-options: nosniff
age: 168464
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14773
x-xss-protection: 0
last-modified: Mon, 05 Jun 2023 09:28:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Mon, 17 Jun 2024 08:56:49 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 9A6D 0
0 77ms
54ms Image
text/html 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gpt_m202306140101&jk=4214182010621061&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame 8074 0
10 B 21ms
21ms Image
text/plain 2a00:1450:4001:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?ROBNGw
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 07:44:33 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ 0
0 58ms
58ms Image
text/html 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gpt_m202306140101&jk=4214182010621061&bg=!x8SlxJDNAAaGYqkwpmI7ADkAdvg8WuOYYAZz1gYYxO3ZH5j_ni6uBhwvsFtJe0gBGvVi9bl5KLGhZ0QaTL3GvQyNCWnxj2UKa_QCAAAAy1IAAAACaAEHmQLbW-4gQdMSZZK1dTso1_af0rKGVz1ZhvZ_OuLot1Wpl0Lw32p5zcRDyYszTfB9UWfPOi0hQNmNBEPUoZSFnLI0RLgEq58VOrNLAdylP_vWH2pKYfT3ctI4X0lcRu9kRv3VOA9gvcGOne4L13MQfiwIVS5fdX9xHy5YzdoRfxzizxqaUdzmeY4SJfUXA3hFYRvTMBFPc86EGaSaLbmv_gt60MajDGTCBEFyYBg_rFud_cVooxGEsAncPHI39zlXJIcP5vfcXtoJqVJQWiGvMk9rcWsQLaxlaXughfqB9PtcLoOg_W5d_w7P9SVmTI8sV_YnbCuLZv4mI2oDj10FR-7FZiXVv4J69Q_QwTNl5yFe_PvmjDQvY_z_kNHeC-oHtjyBqf31VRNdE0lAzVT96RklfC7Qw847S-drmcwJ1GGDA9gXc6D4Jv8DjBVjNFpr8pSJu2wyRK_HfYBY5k2ZscvsFStMXYXfRHSLFw7hcj-RFwFUx4Kw7GbPhdZm1hJgW-D8gs6Tt2cxIhRI0ynVmGdMv_JiYo-XEIiCyxLqRaK41pRmKCHo01Yn_KrlO9XouMKQrNbvntWAyyEGAwZmBOs_wW1LjnwLMjsvUncyaV3YIjAY7g6_r14znfrwx132TttDz8jwSkOWBLoyvGU3wvkmlSXXQ3OQtuw5jY26onTMLGBub5LrVNXZ8c2kMx2rtw4LUHUDXRmcJ7C_n6l2r-yfwpxRsWRjBfg4KxZ_TiDFfDGBkdWzEBIaM0OJFRSOczwaFjPI31yZgLupjrRz1WkwxLbHo8WKQr8Ze2Ww16k5GWWNtw5DqFEQjpiYLBhdDqMPGyHFsQ0xA1NuCQGMWRPjuu3VXuLdKCZg_IU183u-Ffh2Nf1fYSMjYuC2-r5k3YZspdcZ0Z_ufVz3jnEtzOV4YSq_wak3LX30GZMmxCgmR86kKA7V5jOwkC7h3QqbInwHY-br5kS2YDGgUrc
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.ensonhaber.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

GET
H2 200 encrypted-tag-g.js Show response
invstatic101.creativecdn.com/encrypted-signals/ 2 KB
2 KB 83ms
23ms Script
text/javascript 34.96.70.87
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://invstatic101.creativecdn.com/encrypted-signals/encrypted-tag-g.js
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306140101/pubads_impl.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.96.70.87 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 87.70.96.34.bc.googleusercontent.com
Software: UploadServer /
Resource Hash: 3b89401fea631023de67ae75bf8f246b1af109a9a4247c3862016949eacc462b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.ensonhaber.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 07:11:07 GMT
via: 1.1 google
age: 2007
x-guploader-uploadid: ADPycdu-QqaIpxAw5CPdIP6m33n-BY1i36NahkZIaVMJBME8C5K_T709yDKq96zQkT5g0LaIjCZ7HJGpNDJWPNamG_0dMw
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1938
last-modified: Thu, 27 Apr 2023 19:53:17 GMT
server: UploadServer
etag: "0a4a90264145ed4c5c647dae5dfb0429"
x-goog-generation: 1682625197861193
x-goog-hash: crc32c=jhvysQ==, md5=CkqQJkFF7UxcZH2uXfsEKQ==
content-type: text/javascript
cache-control: public, max-age=3600
x-goog-stored-content-length: 1938
accept-ranges: bytes
expires: Tue, 20 Jun 2023 08:11:07 GMT

GET
H2 200 publishertag.ids.js Show response
static.criteo.net/js/ld/ 42 KB
13 KB 137ms
67ms Script
text/javascript 2a02:2638:d::2
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.criteo.net/js/ld/publishertag.ids.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306140101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:d::2 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

839c424b188a9bdafd46e5b643a2c5afb4b7df5e51f0321ffafd5f23b118e259

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.ensonhaber.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 07:44:34 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 31 May 2023 13:09:50 GMT
server: nginx
etag: W/"6477471e-a980"
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=86400, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Wed, 21 Jun 2023 07:44:34 GMT

GET
H2 200 container.html Show response
b71adb14a14f29496d7699916e80b9c7.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 2945 6 KB
3 KB 23ms
22ms Document
text/html 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://b71adb14a14f29496d7699916e80b9c7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306140101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.ensonhaber.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Tue, 20 Jun 2023 07:44:32 GMT
expires: Wed, 19 Jun 2024 07:44:32 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 amp4ads-v0.mjs Show response
cdn.ampproject.org/rtv/012305252018000/ Frame 28BC 222 KB
61 KB 95ms
22ms Script
text/javascript 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012305252018000/amp4ads-v0.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306140101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a4135cd61dfa379bb61b0718f3a20dc8b25d0b8f4e3f2e52ef4d0e5be736136c

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.ensonhaber.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Wed, 14 Jun 2023 21:11:23 GMT
age: 469991
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 61795
x-xss-protection: 0
server: sffe
etag: "7347aa4c83612bf7"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Thu, 13 Jun 2024 21:11:23 GMT

GET
H2 200 amp-ad-exit-0.1.mjs Show response
cdn.ampproject.org/rtv/012305252018000/v0/ Frame 28BC 15 KB
5 KB 130ms
58ms Script
text/javascript 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012305252018000/v0/amp-ad-exit-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306140101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9e2ac756b7d18a0715d66cff4a48f4ba89882b3bcec6cd4fda5455387eaff84d

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.ensonhaber.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Wed, 14 Jun 2023 21:11:23 GMT
age: 469991
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 5238
x-xss-protection: 0
server: sffe
etag: "6efdfbd3c81d03c9"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Thu, 13 Jun 2024 21:11:23 GMT

GET
H2 200 amp-analytics-0.1.mjs Show response
cdn.ampproject.org/rtv/012305252018000/v0/ Frame 28BC 94 KB
28 KB 131ms
59ms Script
text/javascript 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012305252018000/v0/amp-analytics-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306140101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7a9344144d755ac52f3d8405003feb8eab3b79aebc78e330537ea10861d6f32e

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.ensonhaber.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Wed, 14 Jun 2023 21:11:23 GMT
age: 469991
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 28864
x-xss-protection: 0
server: sffe
etag: "51fe97ef57b83921"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Thu, 13 Jun 2024 21:11:23 GMT

GET
H2 200 amp-fit-text-0.1.mjs Show response
cdn.ampproject.org/rtv/012305252018000/v0/ Frame 28BC 5 KB
2 KB 139ms
67ms Script
text/javascript 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012305252018000/v0/amp-fit-text-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306140101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a28b55f41413d16c71a76b7af3ff9f707323bb3906096b85f7a581415aaeff55

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.ensonhaber.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Wed, 14 Jun 2023 21:11:23 GMT
age: 469991
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1896
x-xss-protection: 0
server: sffe
etag: "9635e780e0a5dede"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Thu, 13 Jun 2024 21:11:23 GMT

GET
H2 200 amp-form-0.1.mjs Show response
cdn.ampproject.org/rtv/012305252018000/v0/ Frame 28BC 40 KB
13 KB 139ms
67ms Script
text/javascript 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012305252018000/v0/amp-form-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306140101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

45352935afb3119009abbfa8ed5bf7b67fc4edf64e8b718a134975410823ace9

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.ensonhaber.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Fri, 16 Jun 2023 04:58:20 GMT
age: 355574
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 12956
x-xss-protection: 0
server: sffe
etag: "bd37dd4c3b7b688b"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Sat, 15 Jun 2024 04:58:20 GMT

GET
H2 200 css
fonts.googleapis.com/ Frame 28BC 14 KB
2 KB 82ms
31ms Stylesheet
text/css 2a00:1450:4001:806::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306140101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

aade7746342f608807b7eb107059c842fe200e1ff09e146db822250055cecaed

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.ensonhaber.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Tue, 20 Jun 2023 07:44:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Tue, 20 Jun 2023 06:02:38 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Tue, 20 Jun 2023 07:44:34 GMT

GET
H3 200 tr.png
tpc.googlesyndication.com/pagead/images/abg/ Frame 28BC 3 KB
3 KB 23ms
22ms Image
image/png 2a00:1450:4001:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/abg/tr.png

Requested by

Host: www.ensonhaber.com
URL: https://www.ensonhaber.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

1e5a886321d0e00c13f7abff03ca39fd782f42997fd34bcbf4fc93718f3670cc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.ensonhaber.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Mon, 19 Jun 2023 19:49:55 GMT
x-content-type-options: nosniff
server: cafe
age: 42879
etag: 9957912877679239782
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: image/png
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 3057
x-xss-protection: 0
expires: Tue, 20 Jun 2023 19:49:55 GMT

GET
H3 200 icon.png
tpc.googlesyndication.com/pagead/images/abg/ Frame 28BC 344 B
368 B 22ms
22ms Image
image/png 2a00:1450:4001:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/abg/icon.png

Requested by

Host: www.ensonhaber.com
URL: https://www.ensonhaber.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

53b99e4bde7498900885e58f9d6c383258f8a59b04389d6b54d3d4b89537b6f2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.ensonhaber.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Mon, 19 Jun 2023 19:03:49 GMT
x-content-type-options: nosniff
server: cafe
age: 45645
etag: 6766994032117382215
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: image/png
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 344
x-xss-protection: 0
expires: Tue, 20 Jun 2023 19:03:49 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame 28BC 0
0 30ms
30ms Image
text/html 2a00:1450:4001:813::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaSMynVFvsYCqme6n2zwaUut2iOaqd-s6b4_gC59-Nr8U2jlEtkriw53czkOkd5G0G5kglKG_8K8qGybPlYcmLxbD2V-Tg
Requested by: Host: www.ensonhaber.com
URL: https://www.ensonhaber.com/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:813::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.ensonhaber.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

GET
H3 200 adview
securepubads.g.doubleclick.net/pagead/ Frame 28BC 0
0 68ms
68ms Image
text/html 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=CeMV54FiRZJrFPJnh7gPRhbjgD9_JgNFw4qHxppkR8t3S4LIBEAEg1obbJWCVgoCAmAegAdya3PsByAEJqQLT6lN1XVKyPuACAKgDAcgDCqoEhAJP0OixLnMFP2EM9tSzseSNvz2DlagowuaC1cKBoU9kcNSe4j4ucW-cF9C_SuU4IpdxaZz3tFZ5ZXQ1TH4rVVNHhEInPXxnHQkRyzYioUQOqkv05rzqIDImhtwk7C7e2HLXUaI_-DVKwoywPn-QasvXl_8bP0O0yAuEWNdXTWmemmSwSFJ62fYjX3VqsfGyNZ6jO7W4w_4i6lrd6CXO2t6xoB22NjnLj2fA-ciUgJokqcTvJ-J3mgLqoj00-YnTb325odHTe4OH5OHLvNYBm73fbl9vMnOtid_qDcoyU9h2k8D4opAvKah6brWrhzV6TDUvYUkhlKJjWfce55hB68Rj_ajus8AEnIvgsZQE4AQBiAXI17yoRJIFBAgEGAGSBQQIBRgEoAYugAeM5aOEAqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4b2AcA8gcEEPqVItIIFgiA4YAQEAEYHTICqgI6AoBASL39wTqACgPICwHaCwkIERCN2M2GlwLYEwz6FJ8BCgUIkgQwIRCN2M2GlwIabwgBEmsKUmh0dHBzOi8vaG9va3MuemFwaWVyLmNvbS9ob29rcy9zdGFuZGFyZC8xMTc1NDc5OC9hNWNkMWRjNTRjYTU0NWE2ODU2YWY0OTY0OGI0NDNmNC8aEVphcGllci0yOTE1MDUyMzE1IAEoACICCAUiAggGIgIIBCICCAMiAggCMIanj6pEOKawuoUY0BUBmBYBgBcBshceChwIABIUcHViLTMyNDAzOTYzODYzNDE5NzAYvpcO&sigh=_bDa7HaswbQ&uach_m=[UACH]&cid=CAQSPABygQiDKnoNl6fYlNOD7q4Aqo-t_RE6yIYozJZv-J7q2DuUNqs1rTJC5MO_lvWohvrvD6S4CsUT-qoNGBgB&template_id=5000
Requested by: Host: www.ensonhaber.com
URL: https://www.ensonhaber.com/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.ensonhaber.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

GET
H3 200 14763004658117789537
tpc.googlesyndication.com/simgad/15485317037452942727/ Frame 28BC 37 KB
37 KB 21ms
21ms Image
image/jpeg 2a00:1450:4001:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/15485317037452942727/14763004658117789537?w=600&h=314&tw=1&q=75

Requested by

Host: www.ensonhaber.com
URL: https://www.ensonhaber.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d9412851b053c920a5e9248f029ac03cdbe61819edd11a0c3f4ee800ff88f8f1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.ensonhaber.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Sun, 18 Jun 2023 12:44:48 GMT
x-content-type-options: nosniff
age: 154786
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 38162
x-xss-protection: 0
last-modified: Wed, 05 Oct 2022 19:56:32 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Mon, 17 Jun 2024 12:44:48 GMT

GET
DATA 200
OK truncated
/ Frame 28BC 206 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 44eefef34507164f4234b958d8f6906488a2521071379498041568bae9499b2e

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ Frame 28BC 209 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: d7779d95203bed5280ee3281f856607f95ac5df680547356656c7109d7d0a6a6

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ Frame 28BC 214 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 8766a832f9bf5c72d5451766c5c90f1512b61dd7f7d7a7774142fee05f1c54b2

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 css2
fonts.googleapis.com/ Frame 2945 4 KB
744 B 46ms
32ms Stylesheet
text/css 2a00:1450:4001:806::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Roboto:wght@400;700&display=swap

Requested by

Host: b71adb14a14f29496d7699916e80b9c7.safeframe.googlesyndication.com
URL: https://b71adb14a14f29496d7699916e80b9c7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

2d0922bd18f06df3c7413fcd6a3f1c5ec9545b4b07b131e362f30df7275fc058

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://b71adb14a14f29496d7699916e80b9c7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Tue, 20 Jun 2023 07:44:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Tue, 20 Jun 2023 06:28:47 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Tue, 20 Jun 2023 07:44:34 GMT

GET
H2 200 css
fonts.googleapis.com/ Frame A968 14 KB
1 KB 43ms
41ms Stylesheet
text/css 2a00:1450:4001:806::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Requested by

Host: www.ensonhaber.com
URL: https://www.ensonhaber.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

aade7746342f608807b7eb107059c842fe200e1ff09e146db822250055cecaed

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://b71adb14a14f29496d7699916e80b9c7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Tue, 20 Jun 2023 07:44:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Tue, 20 Jun 2023 07:38:07 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Tue, 20 Jun 2023 07:44:34 GMT

GET
H3 200 load_preloaded_resource_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230614/r20110914/client/ Frame A968 2 KB
892 B 24ms
24ms Script
text/javascript 2a00:1450:4001:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230614/r20110914/client/load_preloaded_resource_fy2021.js

Requested by

Host: www.ensonhaber.com
URL: https://www.ensonhaber.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3ab7853ddfc8ef3468082187bff5636436df85cd9d1e54653530c018cf9d9280

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://b71adb14a14f29496d7699916e80b9c7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Mon, 19 Jun 2023 23:57:10 GMT
content-encoding: br
x-content-type-options: nosniff
age: 28044
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 865
x-xss-protection: 0
server: cafe
etag: 5051423035144352294
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 03 Jul 2023 23:57:10 GMT

GET
H3 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230614/r20110914/ Frame A968 22 KB
9 KB 31ms
30ms Script
text/javascript 2a00:1450:4001:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230614/r20110914/abg_lite_fy2021.js

Requested by

Host: www.ensonhaber.com
URL: https://www.ensonhaber.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

854f47fda466ed9d7e0d438a80c3f7049575d373d5887aca71313da2b795c739

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://b71adb14a14f29496d7699916e80b9c7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Mon, 19 Jun 2023 12:36:30 GMT
content-encoding: br
x-content-type-options: nosniff
age: 68884
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8931
x-xss-protection: 0
server: cafe
etag: 12022837384336330993
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 03 Jul 2023 12:36:30 GMT

GET
H2 200 s Show response
googleads.g.doubleclick.net/pagead/drt/ Frame E6F4 143 B
247 B 23ms
21ms Document
text/html 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Requested by

Host: www.ensonhaber.com
URL: https://www.ensonhaber.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://b71adb14a14f29496d7699916e80b9c7.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 1682
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=3600
content-encoding: gzip
content-length: 145
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 20 Jun 2023 07:16:32 GMT
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230614/r20110914/client/ Frame A968 3 KB
1 KB 34ms
33ms Script
text/javascript 2a00:1450:4001:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230614/r20110914/client/window_focus_fy2021.js

Requested by

Host: www.ensonhaber.com
URL: https://www.ensonhaber.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://b71adb14a14f29496d7699916e80b9c7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Mon, 19 Jun 2023 14:15:14 GMT
content-encoding: br
x-content-type-options: nosniff
age: 62960
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 03 Jul 2023 14:15:14 GMT

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame B27B 1 KB
643 B 21ms
20ms Document
text/html 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: www.ensonhaber.com
URL: https://www.ensonhaber.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://b71adb14a14f29496d7699916e80b9c7.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 66324
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=86400
content-encoding: br
content-length: 618
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 19 Jun 2023 13:19:10 GMT
etag: 48472445140208031
expires: Tue, 20 Jun 2023 13:19:10 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230614/r20110914/client/ Frame A968 19 KB
8 KB 28ms
27ms Script
text/javascript 2a00:1450:4001:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230614/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: www.ensonhaber.com
URL: https://www.ensonhaber.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3521f5e84dbf85e9b7a304002330fbccf347abc9d0a43765a1838336b8a98c0c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://b71adb14a14f29496d7699916e80b9c7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Mon, 19 Jun 2023 12:36:30 GMT
content-encoding: br
x-content-type-options: nosniff
age: 68884
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8120
x-xss-protection: 0
server: cafe
etag: 8171891181101138299
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 03 Jul 2023 12:36:30 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame A968 0
0 29ms
28ms Image
text/html 2a00:1450:4001:813::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaROz2665jX4lenWyEjund0TY3-zdQlnPEvUBG21aOh1rOKpesHKDuAGcqtUrj_NzNDvHhhhStAD6JMwVrWCeOwKdZSLNQ
Requested by: Host: www.ensonhaber.com
URL: https://www.ensonhaber.com/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:813::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://b71adb14a14f29496d7699916e80b9c7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame A968 178 KB
56 KB 37ms
36ms Script
text/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: www.ensonhaber.com
URL: https://www.ensonhaber.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e9032b8e95fc74d9ce9c069e76ffe86cb4046dc6ae863ffa8410cf445e5feaf3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://b71adb14a14f29496d7699916e80b9c7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 07:44:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 57029
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1686742752845198"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 20 Jun 2023 07:44:34 GMT

GET
H2 200 9c81088c85b4e7b59d5cd8ce7f87e269.js Show response
www.gstatic.com/mysidia/ Frame A968 32 KB
14 KB 70ms
21ms Script
text/javascript 2a00:1450:4001:82a::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/9c81088c85b4e7b59d5cd8ce7f87e269.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Host: www.ensonhaber.com
URL: https://www.ensonhaber.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c1255c225e18e01faae68870c17c44c85368bf6c4120d0e674615f7a9ccc70d2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://b71adb14a14f29496d7699916e80b9c7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Fri, 16 Jun 2023 03:26:17 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 361097
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13708
x-xss-protection: 0
last-modified: Wed, 14 Jun 2023 22:25:13 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Thu, 14 Sep 2023 03:26:17 GMT

GET
H3 200 interstitial_ad_frame_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230614/r20110914/elements/html/ Frame 2945 22 KB
9 KB 28ms
28ms Script
text/javascript 2a00:1450:4001:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230614/r20110914/elements/html/interstitial_ad_frame_fy2021.js

Requested by

Host: b71adb14a14f29496d7699916e80b9c7.safeframe.googlesyndication.com
URL: https://b71adb14a14f29496d7699916e80b9c7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3ab296b2bb2aecd4942237b656e45565beb04d9e73c45346a60e1d92616aeaae

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://b71adb14a14f29496d7699916e80b9c7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Mon, 19 Jun 2023 17:42:54 GMT
content-encoding: br
x-content-type-options: nosniff
age: 50500
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9409
x-xss-protection: 0
server: cafe
etag: 7294307571184633120
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 03 Jul 2023 17:42:54 GMT

GET
H2 200 feedback_grey600_24dp.png
www.gstatic.com/images/icons/material/system/2x/ Frame 2945 205 B
519 B 69ms
25ms Image
image/png 2a00:1450:4001:82a::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gstatic.com/images/icons/material/system/2x/feedback_grey600_24dp.png

Requested by

Host: b71adb14a14f29496d7699916e80b9c7.safeframe.googlesyndication.com
URL: https://b71adb14a14f29496d7699916e80b9c7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4d45982f2dc34f36c9045ee46a75a1943666bb7fd64e103cac8c7429e7012840

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://b71adb14a14f29496d7699916e80b9c7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Mon, 19 Jun 2023 13:23:40 GMT
x-content-type-options: nosniff
age: 66054
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 205
x-xss-protection: 0
last-modified: Wed, 14 Jun 2023 09:18:00 GMT
server: sffe
vary: Origin
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type: image/png
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
expires: Tue, 18 Jun 2024 13:23:40 GMT

GET
H2 200 settings_grey600_24dp.png
www.gstatic.com/images/icons/material/system/2x/ Frame 2945 604 B
718 B 69ms
26ms Image
image/png 2a00:1450:4001:82a::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gstatic.com/images/icons/material/system/2x/settings_grey600_24dp.png

Requested by

Host: b71adb14a14f29496d7699916e80b9c7.safeframe.googlesyndication.com
URL: https://b71adb14a14f29496d7699916e80b9c7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5c4a713ee4250851232be9f9f68d41586be39b299528cfc7266e0b0e7e582e1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://b71adb14a14f29496d7699916e80b9c7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Mon, 19 Jun 2023 20:24:58 GMT
x-content-type-options: nosniff
age: 40776
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 604
x-xss-protection: 0
last-modified: Tue, 22 Oct 2019 18:15:00 GMT
server: sffe
vary: Origin
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type: image/png
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
expires: Tue, 18 Jun 2024 20:24:58 GMT

POST
H2 200 encrypt Show response
esp.rtbhouse.com/ 221 B
315 B 43ms
42ms Fetch
application/json 35.190.39.111
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://esp.rtbhouse.com/encrypt
Requested by: Host: invstatic101.creativecdn.com
URL: https://invstatic101.creativecdn.com/encrypted-signals/encrypted-tag-g.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.190.39.111 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 111.39.190.35.bc.googleusercontent.com
Software: Google Frontend /
Resource Hash: 198e0fe1ee50fd798c142ae6cdceb0ebfd991018f995dbb8c5cbbd5ad6983916

Request headers

Referer: https://www.ensonhaber.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
Content-Type: application/json

Response headers

date: Tue, 20 Jun 2023 07:44:34 GMT
via: 1.1 google, 1.1 google
server: Google Frontend
content-type: application/json
access-control-allow-origin: *
x-cloud-trace-context: f23560ca3d01fd7c1c6f9ce4a5999cbf
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 221

OPTIONS
H2 200 encrypt
esp.rtbhouse.com/ Frame 0
0 94ms
35ms Preflight
text/plain 35.190.39.111
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://esp.rtbhouse.com/encrypt
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.190.39.111 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 111.39.190.35.bc.googleusercontent.com
Software: Google Frontend /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://www.ensonhaber.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: content-type
access-control-allow-methods: POST, GET
access-control-allow-origin: https://www.ensonhaber.com
access-control-max-age: 600
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2
content-type: text/plain; charset=utf-8
date: Tue, 20 Jun 2023 07:44:34 GMT
server: Google Frontend
vary: Origin
via: 1.1 google, 1.1 google
x-cloud-trace-context: 115d2a4d0cad9bbdf0667a3326af130b

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame B27B
Redirect Chain

https://sync-tm.everesttech.net/upi/pid/5w3jqr4k?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dg8f47s39e399f3fe%26google_hm%3D%24%7BTM_USER_ID_BASE64ENC_URLENC%7D&google_gid=CAESE...
https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_hm=&google_cver=1&google_gid=CAESEGRNU6fZg8RKrvVyGZVEiFE&google_push=ATf1kGMVeHXg20AxbF0yCiur2BdqrUAm1SK8xriGk5fNAZrTghU_qpQ370...

170 B
188 B

33ms
33ms

Image
image/png

172.217.23.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_hm=&google_cver=1&google_gid=CAESEGRNU6fZg8RKrvVyGZVEiFE&google_push=ATf1kGMVeHXg20AxbF0yCiur2BdqrUAm1SK8xriGk5fNAZrTghU_qpQ370pNrN1tTzwb-SFmsZFiGWb_MQpIBn6GDVKLaIzTNrfAlA

Protocol

Server

172.217.23.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

mil04s23-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 20 Jun 2023 07:44:34 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

x-served-by: cache-fra-etou8220039-FRA
pragma: no-cache
date: Tue, 20 Jun 2023 07:44:34 GMT
via: 1.1 varnish
server: Jetty(9.4.35.v20201120)
x-timer: S1687247075.661991,VS0,VE95
x-cache: MISS
p3p: CP="NOI DSP COR LAW PSAo PSDo IVAo IVDo OUR BUS UNI DEM"
access-control-allow-origin: *
location: https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_hm=&google_cver=1&google_gid=CAESEGRNU6fZg8RKrvVyGZVEiFE&google_push=ATf1kGMVeHXg20AxbF0yCiur2BdqrUAm1SK8xriGk5fNAZrTghU_qpQ370pNrN1tTzwb-SFmsZFiGWb_MQpIBn6GDVKLaIzTNrfAlA
cache-control: no-cache
accept-ranges: bytes
content-length: 0
x-cache-hits: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame B27B
Redirect Chain

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%...
https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%...
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=Q2bs-u_ZRqy-UlXZ8GNwCg%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mp...

170 B
188 B

40ms
39ms

Image
image/png

172.217.23.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=Q2bs-u_ZRqy-UlXZ8GNwCg%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=ATf1kGMkadDFYP9vX6B1nKGzPAmnhB9h-XH74xWPRfUWt4E1lGsIpTPWUqDn1do7hm-9VXvI1yhKKBejT6Goxe-xDKcbkzVNOWurJA

Protocol

Server

172.217.23.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

mil04s23-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 20 Jun 2023 07:44:34 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=Q2bs-u_ZRqy-UlXZ8GNwCg%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=ATf1kGMkadDFYP9vX6B1nKGzPAmnhB9h-XH74xWPRfUWt4E1lGsIpTPWUqDn1do7hm-9VXvI1yhKKBejT6Goxe-xDKcbkzVNOWurJA
date: Tue, 20 Jun 2023 07:44:34 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 0
content-type: text/html; charset=UTF-8

GET
H2

200

pixel
cm.g.doubleclick.net/ Frame B27B
Redirect Chain

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEDb9xZa4Nh2XeMr7CkR1Dhc&google_cver=1&google_push=ATf1kGMi7yQoTmpktoYDlJwn2qXswpTnxTyKvAMtcBCITVMXtaA_tjQSIAr7AJ3-D02ibeP3qK2...
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TEozWkNFV0QtMjMtRlY5RA==&google_push=ATf1kGMi7yQoTmpktoYDlJwn2qXswpTnxTyKvAMtcBCITVMXtaA_tjQSIAr7AJ3-D02ibeP3qK2lCOD8MVUOTGpq5CkNU8f77-mypw

170 B
329 B

32ms
31ms

Image
image/png

172.217.23.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TEozWkNFV0QtMjMtRlY5RA==&google_push=ATf1kGMi7yQoTmpktoYDlJwn2qXswpTnxTyKvAMtcBCITVMXtaA_tjQSIAr7AJ3-D02ibeP3qK2lCOD8MVUOTGpq5CkNU8f77-mypw

Requested by

Host: b71adb14a14f29496d7699916e80b9c7.safeframe.googlesyndication.com
URL: https://b71adb14a14f29496d7699916e80b9c7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Server

172.217.23.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

mil04s23-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 20 Jun 2023 07:44:34 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Content-Type: text/html
Location: https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TEozWkNFV0QtMjMtRlY5RA==&google_push=ATf1kGMi7yQoTmpktoYDlJwn2qXswpTnxTyKvAMtcBCITVMXtaA_tjQSIAr7AJ3-D02ibeP3qK2lCOD8MVUOTGpq5CkNU8f77-mypw
Cache-Control: no-cache,no-store,must-revalidate
content-length: 0
X-RPHost: 66ef90d06496cfd000aab8206f2b6221
Expires: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame B27B
Redirect Chain

https://sync.1rx.io/usersync2/rmpssp?sub=google&redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dr1%26google_push%3D%5BRX_SPD%5D%26google_hm%3D%5BRX_UUID_B64_BIN%5D&google_gid=CAESEA...
https://sync.1rx.io/usersync2/rmpssp?sub=google&zcc=1&google_push=ATf1kGPDX863MoKILVX6NBetgED-No3q1pfCAVmB8EAH0B4odc74_PJj_2KT6xzCfk0Hd_GluoPo_IAFzBUQ-uNPPKH5mMW6h8y1ng&redir=https%3A%2F%2Fcm.g.dou...
https://sync.targeting.unrulymedia.com/csync/RX-af404d55-c207-4060-af58-106765370892-003?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dr1%26google_push%3DATf1kGPDX863MoKILVX6NBetg...
https://cm.g.doubleclick.net/pixel?google_nid=r1&google_push=ATf1kGPDX863MoKILVX6NBetgED-No3q1pfCAVmB8EAH0B4odc74_PJj_2KT6xzCfk0Hd_GluoPo_IAFzBUQ-uNPPKH5mMW6h8y1ng&google_hm=A69ATVXCB0Bgr1gQZ2U3CJI

170 B
188 B

34ms
34ms

Image
image/png

172.217.23.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=r1&google_push=ATf1kGPDX863MoKILVX6NBetgED-No3q1pfCAVmB8EAH0B4odc74_PJj_2KT6xzCfk0Hd_GluoPo_IAFzBUQ-uNPPKH5mMW6h8y1ng&google_hm=A69ATVXCB0Bgr1gQZ2U3CJI

Protocol

Server

172.217.23.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

mil04s23-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 20 Jun 2023 07:44:34 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=r1&google_push=ATf1kGPDX863MoKILVX6NBetgED-No3q1pfCAVmB8EAH0B4odc74_PJj_2KT6xzCfk0Hd_GluoPo_IAFzBUQ-uNPPKH5mMW6h8y1ng&google_hm=A69ATVXCB0Bgr1gQZ2U3CJI
date: Tue, 20 Jun 2023 07:44:34 GMT
p3p: CP="This is not a P3P policy! See https://www.rhythmone.com/p3p to learn why"
etag: RXaf404d55c2074060af58106765370892003
content-type: text/html

GET
H2

200

pixel
cm.g.doubleclick.net/ Frame B27B
Redirect Chain

https://cs.media.net/cksync?type=g&google_gid=CAESECmfPpRADrhHjwqDf_H4-Pg&google_cver=1&google_push=ATf1kGP93zSnIK0seaqDP_no3E5XG2o1Idj_T55y0sCr8hv9ebK7OvnISkx31eczmiEUeq4RwXTdTa3OU_5rlgpRHvNeEWJfH...
https://cm.g.doubleclick.net/pixel?google_nid=media&google_hm=MzMwMjQ4Njc0ODIxNDkxODAwMFYxMA%3d%3d&mn_hm=MzMwMjQ4Njc0ODIxNDkxODAwMFYxMA%3d%3d&google_sc=1&google_push=ATf1kGP93zSnIK0seaqDP_no3E5XG2o...

170 B
232 B

33ms
32ms

Image
image/png

172.217.23.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=media&google_hm=MzMwMjQ4Njc0ODIxNDkxODAwMFYxMA%3d%3d&mn_hm=MzMwMjQ4Njc0ODIxNDkxODAwMFYxMA%3d%3d&google_sc=1&google_push=ATf1kGP93zSnIK0seaqDP_no3E5XG2o1Idj_T55y0sCr8hv9ebK7OvnISkx31eczmiEUeq4RwXTdTa3OU_5rlgpRHvNeEWJfHKKV0Q&gdpr=&gdpr_consent=

Requested by

Host: b71adb14a14f29496d7699916e80b9c7.safeframe.googlesyndication.com
URL: https://b71adb14a14f29496d7699916e80b9c7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Server

172.217.23.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

mil04s23-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 20 Jun 2023 07:44:34 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Tue, 20 Jun 2023 07:44:34 GMT
Server: Apache
p3p: CP="NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA", CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA, CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA
Location: https://cm.g.doubleclick.net/pixel?google_nid=media&google_hm=MzMwMjQ4Njc0ODIxNDkxODAwMFYxMA%3d%3d&mn_hm=MzMwMjQ4Njc0ODIxNDkxODAwMFYxMA%3d%3d&google_sc=1&google_push=ATf1kGP93zSnIK0seaqDP_no3E5XG2o1Idj_T55y0sCr8hv9ebK7OvnISkx31eczmiEUeq4RwXTdTa3OU_5rlgpRHvNeEWJfHKKV0Q&gdpr=&gdpr_consent=
Content-Type: text/html
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Length: 154
x-mnet-hl2: E
Expires: Tue, 20 Jun 2023 07:44:34 GMT

GET
H/1.1

200

0.gif
id5-sync.com/i/495/ Frame B27B
Redirect Chain

https://sync.inmobi.com/gob?google_gid=CAESENDkb0Lx1JXBce5Mdw0FuuE&google_cver=1&google_push=ATf1kGPr8Ew56UONs4du2UfhMiXZ3-1gHH_Pcb0Pf60bAQhDyy9QatS6phh8CaGtzrZsaZBKKxaCX8iHzxT4yRjtgHYQM1Un2n5xh64
https://id5-sync.com/i/495/0.gif?gdpr_consent=&gdpr=&callback=https%3A%2F%2Fsync.inmobi.com%2FgobRedirectFromId5%3Fid%3D%7BID5UID%7D%26google_push%3DATf1kGPr8Ew56UONs4du2UfhMiXZ3-1gHH_Pcb0Pf60bAQhD...

43 B
1 KB

68ms
23ms

Image
image/gif

162.19.138.83
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://id5-sync.com/i/495/0.gif?gdpr_consent=&gdpr=&callback=https%3A%2F%2Fsync.inmobi.com%2FgobRedirectFromId5%3Fid%3D%7BID5UID%7D%26google_push%3DATf1kGPr8Ew56UONs4du2UfhMiXZ3-1gHH_Pcb0Pf60bAQhDyy9QatS6phh8CaGtzrZsaZBKKxaCX8iHzxT4yRjtgHYQM1Un2n5xh64

Protocol

HTTP/1.1

Server

162.19.138.83 , France, ASN16276 (OVH, FR),

Reverse DNS

ns31532338.ip-162-19-138.eu

Software

Resource Hash

a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

content-type: image/gif;charset=UTF-8
date: Tue, 20 Jun 2023 07:44:34 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
transfer-encoding: chunked
p3p: CP="CAO PSA OUR"

Redirect headers

date: Tue, 20 Jun 2023 07:44:34 GMT
content-security-policy: default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
x-content-type-options: nosniff
strict-transport-security: max-age=15552000; includeSubDomains
x-permitted-cross-domain-policies: none
referrer-policy: no-referrer
expect-ct: max-age=0
x-dns-prefetch-control: off
x-frame-options: SAMEORIGIN
content-type: text/plain; charset=utf-8
location: https://id5-sync.com/i/495/0.gif?gdpr_consent=&gdpr=&callback=https%3A%2F%2Fsync.inmobi.com%2FgobRedirectFromId5%3Fid%3D%7BID5UID%7D%26google_push%3DATf1kGPr8Ew56UONs4du2UfhMiXZ3-1gHH_Pcb0Pf60bAQhDyy9QatS6phh8CaGtzrZsaZBKKxaCX8iHzxT4yRjtgHYQM1Un2n5xh64
x-download-options: noopen
vary: Accept
content-length: 274
x-xss-protection: 0

GET
H2

200

pixel
cm.g.doubleclick.net/ Frame B27B
Redirect Chain

https://x.bidswitch.net/check_uuid/https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dthe_mediagrid_eb%26google_hm%3D%24%7BBSW_UUID%7D%26%25%25GOOGLE_PUSH_PAIR%25%25?google_gid=CAESEMkXoc6gv...
https://x.bidswitch.net/ul_cb/check_uuid/https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dthe_mediagrid_eb%26google_hm%3D%24%7BBSW_UUID%7D%26%25%25GOOGLE_PUSH_PAIR%25%25?google_gid=CAESEMk...
https://cm.g.doubleclick.net/pixel?google_nid=the_mediagrid_eb&google_hm=f853db92-867d-4d86-84ef-1b12291297dc&%%GOOGLE_PUSH_PAIR%%

170 B
232 B

32ms
32ms

Image
image/png

172.217.23.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=the_mediagrid_eb&google_hm=f853db92-867d-4d86-84ef-1b12291297dc&%%GOOGLE_PUSH_PAIR%%

Requested by

Host: b71adb14a14f29496d7699916e80b9c7.safeframe.googlesyndication.com
URL: https://b71adb14a14f29496d7699916e80b9c7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Server

172.217.23.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

mil04s23-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 20 Jun 2023 07:44:34 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=the_mediagrid_eb&google_hm=f853db92-867d-4d86-84ef-1b12291297dc&%%GOOGLE_PUSH_PAIR%%
date: Tue, 20 Jun 2023 07:44:34 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 0

GET
H2 204 attr
cm.g.doubleclick.net/pixel/ Frame B27B 0
130 B 79ms
29ms Image
text/html 172.217.23.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13JJZe93BRs8HlZtE2sL9foY05TpzQe2-UEQp0T3_AMuncbUlQ7lpqzZEawYVMC0LHXgHy1kwR8

Requested by

Host: b71adb14a14f29496d7699916e80b9c7.safeframe.googlesyndication.com
URL: https://b71adb14a14f29496d7699916e80b9c7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.23.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

mil04s23-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 07:44:34 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H3

200

si Show response
googleads.g.doubleclick.net/pagead/drt/ Frame E6F4
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

0
17 B

30ms
30ms

Document
text/html

2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Requested by

Host: b71adb14a14f29496d7699916e80b9c7.safeframe.googlesyndication.com
URL: https://b71adb14a14f29496d7699916e80b9c7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 20 Jun 2023 07:44:34 GMT
expires: Tue, 20 Jun 2023 07:44:34 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
x-content-type-options: nosniff
x-xss-protection: 0

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 20 Jun 2023 07:44:34 GMT
location: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 container.html Show response
b71adb14a14f29496d7699916e80b9c7.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame FD44 6 KB
3 KB 21ms
21ms Document
text/html 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://b71adb14a14f29496d7699916e80b9c7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306140101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.ensonhaber.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Tue, 20 Jun 2023 07:44:32 GMT
expires: Wed, 19 Jun 2024 07:44:32 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 4UasrENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RPjIUvQ.woff2
fonts.gstatic.com/s/googlesans/v58/ Frame 28BC 33 KB
34 KB 74ms
22ms Font
font/woff2 2a00:1450:4001:806::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/googlesans/v58/4UasrENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RPjIUvQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

65c99d3b9f1a1b905046e30d00a97f2d4d605e565c32917e7a89a35926e04b98

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://www.ensonhaber.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Tue, 13 Jun 2023 19:09:17 GMT
x-content-type-options: nosniff
age: 563717
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 34108
x-xss-protection: 0
last-modified: Tue, 23 May 2023 16:35:55 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 12 Jun 2024 19:09:17 GMT

GET
H2 200 syncframe Show response
gum.criteo.com/ Frame BB3F 15 KB
6 KB 107ms
36ms Document
text/html 2a02:2638:d::d
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://gum.criteo.com/syncframe?origin=publishertagids&topUrl=www.ensonhaber.com

Requested by

Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.ids.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:d::d , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

645709dcb09b2700fd5a5938dbdf783ac90a88334e5104041db53302441f33e4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://www.ensonhaber.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: private, max-age=3600
content-encoding: gzip
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Tue, 20 Jun 2023 07:44:34 GMT
server: Kestrel
server-processing-duration-in-ticks: 212436
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 1461 624 B
242 B 64ms
62ms Document
text/html 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=COGKFRCp6RsYlfTiwAEwAQ&v=APEucNWfHTp0Qo8BpXE40-9NBM7ZqK11ka9NvBH5q4C9HOLb6zlHj3-FmrKPI_KJ2-ZPPtLIZ0nwZ3D_I17YL0cHCW8PJ-5EAtS5O4MM7CoybChAQyydvFirFq1C74PERTj9YE9uFQN5OAXTnViKBT2kZFUf3UMCfHYfRmqVXbJmPUih-9pQFJKwqdtRV1AZ2oOjYQ5OZ-nz

Requested by

Host: b71adb14a14f29496d7699916e80b9c7.safeframe.googlesyndication.com
URL: https://b71adb14a14f29496d7699916e80b9c7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://b71adb14a14f29496d7699916e80b9c7.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: br
content-length: 222
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 20 Jun 2023 07:44:34 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 dv3.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame FD44 78 KB
27 KB 179ms
177ms Script
text/javascript 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/dv3.js

Requested by

Host: b71adb14a14f29496d7699916e80b9c7.safeframe.googlesyndication.com
URL: https://b71adb14a14f29496d7699916e80b9c7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

332d8e2d6964e41c92a430d24b1b469bfdcc30ad072f980b2e7adf241590886a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://b71adb14a14f29496d7699916e80b9c7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 07:44:34 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 28042
x-xss-protection: 0
server: cafe
etag: 3261498652431352696
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=600
timing-allow-origin: *
expires: Tue, 20 Jun 2023 07:44:34 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame FD44 42 B
63 B 56ms
54ms Image
image/gif 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-B8OvVDRnW5E2FNHkVnCjGMpw-_eeXyPqipSOLdpEFQn2yP6G3xXk5U3wlPqvk2EyLxXgm2I_qbo6sBKN5VxucaXGzTaj8HJYKIYLvYmU3PKixqSYY

Requested by

Host: b71adb14a14f29496d7699916e80b9c7.safeframe.googlesyndication.com
URL: https://b71adb14a14f29496d7699916e80b9c7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://b71adb14a14f29496d7699916e80b9c7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 20 Jun 2023 07:44:34 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame FD44 0
20 B 58ms
56ms Image
image/gif 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=fetch&cor=15939408303101845502&x=1&ct=76

Requested by

Host: b71adb14a14f29496d7699916e80b9c7.safeframe.googlesyndication.com
URL: https://b71adb14a14f29496d7699916e80b9c7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://b71adb14a14f29496d7699916e80b9c7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 20 Jun 2023 07:44:34 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230614/r20110914/client/ Frame FD44 3 KB
1 KB 23ms
22ms Script
text/javascript 2a00:1450:4001:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230614/r20110914/client/window_focus_fy2021.js

Requested by

Host: b71adb14a14f29496d7699916e80b9c7.safeframe.googlesyndication.com
URL: https://b71adb14a14f29496d7699916e80b9c7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://b71adb14a14f29496d7699916e80b9c7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Mon, 19 Jun 2023 14:15:14 GMT
content-encoding: br
x-content-type-options: nosniff
age: 62960
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 03 Jul 2023 14:15:14 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230614/r20110914/client/ Frame FD44 19 KB
8 KB 23ms
22ms Script
text/javascript 2a00:1450:4001:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230614/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: b71adb14a14f29496d7699916e80b9c7.safeframe.googlesyndication.com
URL: https://b71adb14a14f29496d7699916e80b9c7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3521f5e84dbf85e9b7a304002330fbccf347abc9d0a43765a1838336b8a98c0c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://b71adb14a14f29496d7699916e80b9c7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Mon, 19 Jun 2023 12:36:30 GMT
content-encoding: br
x-content-type-options: nosniff
age: 68884
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8120
x-xss-protection: 0
server: cafe
etag: 8171891181101138299
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 03 Jul 2023 12:36:30 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame FD44 0
0 30ms
29ms Image
text/html 2a00:1450:4001:813::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaSouNeRBrtjVZMpkq3ixnHhnLbjI3kWAV1kGQVH92H_9PxML_AjtOIidrESrDFdnmszL9IjDVLk6hnngiRc4QnCmBK7rA
Requested by: Host: b71adb14a14f29496d7699916e80b9c7.safeframe.googlesyndication.com
URL: https://b71adb14a14f29496d7699916e80b9c7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:813::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://b71adb14a14f29496d7699916e80b9c7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame FD44 178 KB
56 KB 44ms
43ms Script
text/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: b71adb14a14f29496d7699916e80b9c7.safeframe.googlesyndication.com
URL: https://b71adb14a14f29496d7699916e80b9c7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e9032b8e95fc74d9ce9c069e76ffe86cb4046dc6ae863ffa8410cf445e5feaf3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://b71adb14a14f29496d7699916e80b9c7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 07:44:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 57029
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1686742752845198"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 20 Jun 2023 07:44:34 GMT

GET
H3 200 tr.png
tpc.googlesyndication.com/pagead/images/abg/ Frame 28BC 3 KB
3 KB 21ms
20ms Image
image/png 2a00:1450:4001:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/abg/tr.png

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/012305252018000/amp4ads-v0.mjs

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

1e5a886321d0e00c13f7abff03ca39fd782f42997fd34bcbf4fc93718f3670cc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.ensonhaber.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Mon, 19 Jun 2023 19:49:55 GMT
x-content-type-options: nosniff
server: cafe
age: 42879
etag: 9957912877679239782
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: image/png
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 3057
x-xss-protection: 0
expires: Tue, 20 Jun 2023 19:49:55 GMT

GET
H3 200 icon.png
tpc.googlesyndication.com/pagead/images/abg/ Frame 28BC 344 B
368 B 21ms
21ms Image
image/png 2a00:1450:4001:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/abg/icon.png

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/012305252018000/amp4ads-v0.mjs

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

53b99e4bde7498900885e58f9d6c383258f8a59b04389d6b54d3d4b89537b6f2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.ensonhaber.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Mon, 19 Jun 2023 19:03:49 GMT
x-content-type-options: nosniff
server: cafe
age: 45645
etag: 6766994032117382215
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: image/png
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 344
x-xss-protection: 0
expires: Tue, 20 Jun 2023 19:03:49 GMT

GET
H3 200 _gLG9aN8cjF7vXKbMeOxmtCOjM8PIsJVPzQXNT2dY7E.js Show response
pagead2.googlesyndication.com/bg/ Frame B2A7 37 KB
14 KB 21ms
21ms Script
text/javascript 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/_gLG9aN8cjF7vXKbMeOxmtCOjM8PIsJVPzQXNT2dY7E.js

Requested by

Host: www.ensonhaber.com
URL: https://www.ensonhaber.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

fe02c6f5a37c72317bbd729b31e3b19ad08e8ccf0f22c2553f3417353d9d63b1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://b71adb14a14f29496d7699916e80b9c7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Sun, 18 Jun 2023 08:56:49 GMT
content-encoding: br
x-content-type-options: nosniff
age: 168465
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14773
x-xss-protection: 0
last-modified: Mon, 05 Jun 2023 09:28:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Mon, 17 Jun 2024 08:56:49 GMT

GET
H3 200 container.html Show response
b71adb14a14f29496d7699916e80b9c7.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame F7F3 6 KB
3 KB 21ms
20ms Document
text/html 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://b71adb14a14f29496d7699916e80b9c7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306140101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.ensonhaber.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Tue, 20 Jun 2023 07:44:32 GMT
expires: Wed, 19 Jun 2024 07:44:32 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 1461
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESED51sCtBluMtAzFcgYgyltA&google_cver=1

43 B
766 B

23ms
23ms

Image
image/gif

185.80.39.216
CASALE-MEDIA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESED51sCtBluMtAzFcgYgyltA&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=COGKFRCp6RsYlfTiwAEwAQ&v=APEucNWfHTp0Qo8BpXE40-9NBM7ZqK11ka9NvBH5q4C9HOLb6zlHj3-FmrKPI_KJ2-ZPPtLIZ0nwZ3D_I17YL0cHCW8PJ-5EAtS5O4MM7CoybChAQyydvFirFq1C74PERTj9YE9uFQN5OAXTnViKBT2kZFUf3UMCfHYfRmqVXbJmPUih-9pQFJKwqdtRV1AZ2oOjYQ5OZ-nz
Protocol: HTTP/1.1
Server: 185.80.39.216 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 20 Jun 2023 07:44:34 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: image/gif
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=499
Content-Length: 43
Expires: 0

Redirect headers

pragma: no-cache
date: Tue, 20 Jun 2023 07:44:34 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESED51sCtBluMtAzFcgYgyltA&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 1461
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZJFY4he.Xz1H7v7FyXnlvgAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEIfeVe9pXHOmaL6jzvvAAs4&google_cver=1&google_hm=2

43 B
766 B

24ms
23ms

Image
image/gif

185.80.39.216
CASALE-MEDIA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEIfeVe9pXHOmaL6jzvvAAs4&google_cver=1&google_hm=2
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=COGKFRCp6RsYlfTiwAEwAQ&v=APEucNWfHTp0Qo8BpXE40-9NBM7ZqK11ka9NvBH5q4C9HOLb6zlHj3-FmrKPI_KJ2-ZPPtLIZ0nwZ3D_I17YL0cHCW8PJ-5EAtS5O4MM7CoybChAQyydvFirFq1C74PERTj9YE9uFQN5OAXTnViKBT2kZFUf3UMCfHYfRmqVXbJmPUih-9pQFJKwqdtRV1AZ2oOjYQ5OZ-nz
Protocol: HTTP/1.1
Server: 185.80.39.216 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 20 Jun 2023 07:44:34 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: image/gif
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=496
Content-Length: 43
Expires: 0

Redirect headers

pragma: no-cache
date: Tue, 20 Jun 2023 07:44:34 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEIfeVe9pXHOmaL6jzvvAAs4&google_cver=1&google_hm=2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 329
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

bounce
ib.adnxs.com/ Frame 1461
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESEN2UfsPnVgMNz4bZ7ez-BM4&google_cver=1
https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESEN2UfsPnVgMNz4bZ7ez-BM4%26google_cver%3D1

43 B
1 KB

23ms
22ms

Image
image/gif

37.252.171.21
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESEN2UfsPnVgMNz4bZ7ez-BM4%26google_cver%3D1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=COGKFRCp6RsYlfTiwAEwAQ&v=APEucNWfHTp0Qo8BpXE40-9NBM7ZqK11ka9NvBH5q4C9HOLb6zlHj3-FmrKPI_KJ2-ZPPtLIZ0nwZ3D_I17YL0cHCW8PJ-5EAtS5O4MM7CoybChAQyydvFirFq1C74PERTj9YE9uFQN5OAXTnViKBT2kZFUf3UMCfHYfRmqVXbJmPUih-9pQFJKwqdtRV1AZ2oOjYQ5OZ-nz

Protocol

HTTP/1.1

Server

37.252.171.21 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

1004.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 20 Jun 2023 07:44:34 GMT
AN-X-Request-Uuid: 17ac1a7c-85fc-4058-8700-696b99abc0f4
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: image/gif
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
X-Proxy-Origin: 217.114.215.133; 217.114.215.133; 1004.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
Content-Length: 43
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Tue, 20 Jun 2023 07:44:34 GMT
AN-X-Request-Uuid: 9c6d2f5a-0b74-4648-a147-758357169ab4
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: text/html; charset=utf-8
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESEN2UfsPnVgMNz4bZ7ez-BM4%26google_cver%3D1
Cache-Control: no-store, no-cache, private
Connection: keep-alive
X-Proxy-Origin: 217.114.215.133; 217.114.215.133; 1004.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 1461
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=ODU1NTc4MTY0NDkwMzQyMjg0

170 B
188 B

33ms
32ms

Image
image/png

172.217.23.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=ODU1NTc4MTY0NDkwMzQyMjg0

Requested by

Protocol

Server

172.217.23.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

mil04s23-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 20 Jun 2023 07:44:35 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date: Tue, 20 Jun 2023 07:44:34 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Connection: keep-alive
X-Proxy-Origin: 217.114.215.133; 217.114.215.133; 1004.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
Content-Length: 0
X-XSS-Protection: 0
Pragma: no-cache
AN-X-Request-Uuid: 48f1d7c6-0848-4c2c-8332-1b405bc60462
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: text/html; charset=utf-8
Access-Control-Allow-Origin: *
Location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=ODU1NTc4MTY0NDkwMzQyMjg0
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2

200

sid Show response
mug.criteo.com/ Frame BB3F
Redirect Chain

https://gum.criteo.com/sid/json?origin=publishertagids&domain=ensonhaber.com&sn=ChromeSyncframe&so=0&topUrl=www.ensonhaber.com&cw=1&lsw=1&topicsavail=0&fledgeavail=0
https://mug.criteo.com/sid?cpp=b5m_K3xXR0cxTEp3WUtOZ1NmaEhwN1dZMXlaMDhOVkUyT3B5N2ZqZitEZjVKV2hhQS9JU0lTMGZOSXhtdFBlaE9MSVhHczJVckoyTzg3b21nYklEVWRWOHdQWTJUeVdRbnAvYjMvOTg2Q1J6OXZVWjJOS01aUlNMaVlMek...

436 B
659 B

120ms
45ms

Fetch
application/json

178.250.7.13
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://mug.criteo.com/sid?cpp=b5m_K3xXR0cxTEp3WUtOZ1NmaEhwN1dZMXlaMDhOVkUyT3B5N2ZqZitEZjVKV2hhQS9JU0lTMGZOSXhtdFBlaE9MSVhHczJVckoyTzg3b21nYklEVWRWOHdQWTJUeVdRbnAvYjMvOTg2Q1J6OXZVWjJOS01aUlNMaVlMek1NN3NlZ0hVcmM3OTVsVmlHZC85V281VVlsUTdTRFB4bmVqckFTUXpSOVJRbzEwZE9DRng5NENiS2R4Qk5mVUhtYzVic0ttWWFFTCtpNm44ZnROZzE5RjZGWkJYWWoyR3ZmWmlCRWl2QXNMS2Q0V3M1N1RoZlJkUktIS1FsenQ5aGcxUFdnVXdSVzlDaWNOZ0hId1RRcGZMUjJPK2ZLQzBteHlPQ1FibGhZMW1Bc3l5QXpTTT18&cppv=2

Protocol

Server

178.250.7.13 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

1c884354c56ed5e5c9d1442f123011d1e9e714038897e18c905701fd382ac758

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://gum.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 20 Jun 2023 07:44:34 GMT
strict-transport-security: max-age=31536000; preload;
content-encoding: gzip
server: Kestrel
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/json; charset=utf-8
access-control-allow-origin: https://gum.criteo.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
server-processing-duration-in-ticks: 9306347
expires: 0

Redirect headers

pragma: no-cache
date: Tue, 20 Jun 2023 07:44:34 GMT
strict-transport-security: max-age=31536000; preload;
server: Kestrel
location: https://mug.criteo.com/sid?cpp=b5m_K3xXR0cxTEp3WUtOZ1NmaEhwN1dZMXlaMDhOVkUyT3B5N2ZqZitEZjVKV2hhQS9JU0lTMGZOSXhtdFBlaE9MSVhHczJVckoyTzg3b21nYklEVWRWOHdQWTJUeVdRbnAvYjMvOTg2Q1J6OXZVWjJOS01aUlNMaVlMek1NN3NlZ0hVcmM3OTVsVmlHZC85V281VVlsUTdTRFB4bmVqckFTUXpSOVJRbzEwZE9DRng5NENiS2R4Qk5mVUhtYzVic0ttWWFFTCtpNm44ZnROZzE5RjZGWkJYWWoyR3ZmWmlCRWl2QXNMS2Q0V3M1N1RoZlJkUktIS1FsenQ5aGcxUFdnVXdSVzlDaWNOZ0hId1RRcGZMUjJPK2ZLQzBteHlPQ1FibGhZMW1Bc3l5QXpTTT18&cppv=2
cache-control: no-cache, no-store, must-revalidate
server-processing-duration-in-ticks: 236753
content-length: 0
expires: 0

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 8A6B 624 B
242 B 63ms
62ms Document
text/html 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CLfi9QIQ0YXj8wEY_a6m1AEwAQ&v=APEucNWIGY3vw_9Un65zoAt7BLLCbWc_UR_XaXm4BgySzQFtKKzkvzBKFyMDQ7SZ3ZeCJoBbxk0pqmta-oUhtMUE77Odsciz_p0NbjCmKq9DOFpuot3PrQ-5wHruTZTQe3gUB96SvsRqfg8Mj8a-kMF2KgQEF37VGIW1tcJPuAsE8lZAkFjl8tCefBdIAAd2MMH09XCrlhpU

Requested by

Host: b71adb14a14f29496d7699916e80b9c7.safeframe.googlesyndication.com
URL: https://b71adb14a14f29496d7699916e80b9c7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://b71adb14a14f29496d7699916e80b9c7.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: br
content-length: 222
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 20 Jun 2023 07:44:34 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 dv3.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame F7F3 78 KB
27 KB 249ms
249ms Script
text/javascript 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/dv3.js

Requested by

Host: b71adb14a14f29496d7699916e80b9c7.safeframe.googlesyndication.com
URL: https://b71adb14a14f29496d7699916e80b9c7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

332d8e2d6964e41c92a430d24b1b469bfdcc30ad072f980b2e7adf241590886a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://b71adb14a14f29496d7699916e80b9c7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 07:44:35 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 28042
x-xss-protection: 0
server: cafe
etag: 3261498652431352696
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=600
timing-allow-origin: *
expires: Tue, 20 Jun 2023 07:44:35 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame F7F3 42 B
63 B 55ms
54ms Image
image/gif 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-CAvpWCE1cRcuT7PMcxnbIvDYVlXe4wtqDYBqlTceUhFo14OtatAHHFOlSnN_D6BVymLVIOYgnY-rRrNJC1Y3WCYHLB39IlNOjXBdIYH3i-tF2gu9o

Requested by

Host: b71adb14a14f29496d7699916e80b9c7.safeframe.googlesyndication.com
URL: https://b71adb14a14f29496d7699916e80b9c7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://b71adb14a14f29496d7699916e80b9c7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 20 Jun 2023 07:44:34 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame F7F3 0
20 B 55ms
54ms Image
image/gif 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=fetch&cor=14208215394320997288&x=1&ct=76

Requested by

Host: b71adb14a14f29496d7699916e80b9c7.safeframe.googlesyndication.com
URL: https://b71adb14a14f29496d7699916e80b9c7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://b71adb14a14f29496d7699916e80b9c7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 20 Jun 2023 07:44:34 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230614/r20110914/client/ Frame F7F3 3 KB
1 KB 21ms
20ms Script
text/javascript 2a00:1450:4001:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230614/r20110914/client/window_focus_fy2021.js

Requested by

Host: b71adb14a14f29496d7699916e80b9c7.safeframe.googlesyndication.com
URL: https://b71adb14a14f29496d7699916e80b9c7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://b71adb14a14f29496d7699916e80b9c7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Mon, 19 Jun 2023 14:15:14 GMT
content-encoding: br
x-content-type-options: nosniff
age: 62960
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 03 Jul 2023 14:15:14 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230614/r20110914/client/ Frame F7F3 19 KB
8 KB 21ms
20ms Script
text/javascript 2a00:1450:4001:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230614/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: b71adb14a14f29496d7699916e80b9c7.safeframe.googlesyndication.com
URL: https://b71adb14a14f29496d7699916e80b9c7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3521f5e84dbf85e9b7a304002330fbccf347abc9d0a43765a1838336b8a98c0c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://b71adb14a14f29496d7699916e80b9c7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Mon, 19 Jun 2023 12:36:30 GMT
content-encoding: br
x-content-type-options: nosniff
age: 68884
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8120
x-xss-protection: 0
server: cafe
etag: 8171891181101138299
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 03 Jul 2023 12:36:30 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame F7F3 0
0 29ms
29ms Image
text/html 2a00:1450:4001:813::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaTbvZxoC63KY09TGHZTPFoMa8pYCrh6GUq0KcDz-ZTJDbpLnqZ9FRevEpsyUexF4nAA-Mny2E22iOnirXiAe3VjXSAErg
Requested by: Host: b71adb14a14f29496d7699916e80b9c7.safeframe.googlesyndication.com
URL: https://b71adb14a14f29496d7699916e80b9c7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:813::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://b71adb14a14f29496d7699916e80b9c7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame F7F3 178 KB
56 KB 34ms
33ms Script
text/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: b71adb14a14f29496d7699916e80b9c7.safeframe.googlesyndication.com
URL: https://b71adb14a14f29496d7699916e80b9c7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e9032b8e95fc74d9ce9c069e76ffe86cb4046dc6ae863ffa8410cf445e5feaf3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://b71adb14a14f29496d7699916e80b9c7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 07:44:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 57029
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1686742752845198"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 20 Jun 2023 07:44:34 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 8A6B
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESED51sCtBluMtAzFcgYgyltA&google_cver=1

43 B
766 B

24ms
23ms

Image
image/gif

185.80.39.216
CASALE-MEDIA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESED51sCtBluMtAzFcgYgyltA&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CLfi9QIQ0YXj8wEY_a6m1AEwAQ&v=APEucNWIGY3vw_9Un65zoAt7BLLCbWc_UR_XaXm4BgySzQFtKKzkvzBKFyMDQ7SZ3ZeCJoBbxk0pqmta-oUhtMUE77Odsciz_p0NbjCmKq9DOFpuot3PrQ-5wHruTZTQe3gUB96SvsRqfg8Mj8a-kMF2KgQEF37VGIW1tcJPuAsE8lZAkFjl8tCefBdIAAd2MMH09XCrlhpU
Protocol: HTTP/1.1
Server: 185.80.39.216 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 20 Jun 2023 07:44:34 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: image/gif
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=497
Content-Length: 43
Expires: 0

Redirect headers

pragma: no-cache
date: Tue, 20 Jun 2023 07:44:34 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESED51sCtBluMtAzFcgYgyltA&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 8A6B
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZJFY4he.Xz1H7v7FyXnlvgAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEIfeVe9pXHOmaL6jzvvAAs4&google_cver=1&google_hm=2

43 B
632 B

23ms
23ms

Image
image/gif

185.80.39.216
CASALE-MEDIA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEIfeVe9pXHOmaL6jzvvAAs4&google_cver=1&google_hm=2
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CLfi9QIQ0YXj8wEY_a6m1AEwAQ&v=APEucNWIGY3vw_9Un65zoAt7BLLCbWc_UR_XaXm4BgySzQFtKKzkvzBKFyMDQ7SZ3ZeCJoBbxk0pqmta-oUhtMUE77Odsciz_p0NbjCmKq9DOFpuot3PrQ-5wHruTZTQe3gUB96SvsRqfg8Mj8a-kMF2KgQEF37VGIW1tcJPuAsE8lZAkFjl8tCefBdIAAd2MMH09XCrlhpU
Protocol: HTTP/1.1
Server: 185.80.39.216 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 20 Jun 2023 07:44:35 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: image/gif
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=499
Content-Length: 43
Expires: 0

Redirect headers

pragma: no-cache
date: Tue, 20 Jun 2023 07:44:34 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEIfeVe9pXHOmaL6jzvvAAs4&google_cver=1&google_hm=2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 329
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

setuid
ib.adnxs.com/ Frame 8A6B
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESEN2UfsPnVgMNz4bZ7ez-BM4&google_cver=1

43 B
1 KB

23ms
23ms

Image
image/gif

37.252.171.21
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/setuid?entity=101&code=CAESEN2UfsPnVgMNz4bZ7ez-BM4&google_cver=1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CLfi9QIQ0YXj8wEY_a6m1AEwAQ&v=APEucNWIGY3vw_9Un65zoAt7BLLCbWc_UR_XaXm4BgySzQFtKKzkvzBKFyMDQ7SZ3ZeCJoBbxk0pqmta-oUhtMUE77Odsciz_p0NbjCmKq9DOFpuot3PrQ-5wHruTZTQe3gUB96SvsRqfg8Mj8a-kMF2KgQEF37VGIW1tcJPuAsE8lZAkFjl8tCefBdIAAd2MMH09XCrlhpU

Protocol

HTTP/1.1

Server

37.252.171.21 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

1004.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 20 Jun 2023 07:44:34 GMT
AN-X-Request-Uuid: ce115ec9-bbf7-4124-9cfa-9b0fc4f7b6e0
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: image/gif
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
X-Proxy-Origin: 217.114.215.133; 217.114.215.133; 1004.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
Content-Length: 43
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Tue, 20 Jun 2023 07:44:34 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://ib.adnxs.com/setuid?entity=101&code=CAESEN2UfsPnVgMNz4bZ7ez-BM4&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 290
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 8A6B
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=ODU1MDQ3NjcxNjEzODIxODY3

170 B
188 B

33ms
33ms

Image
image/png

172.217.23.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=ODU1MDQ3NjcxNjEzODIxODY3

Requested by

Protocol

Server

172.217.23.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

mil04s23-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 20 Jun 2023 07:44:35 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date: Tue, 20 Jun 2023 07:44:34 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Connection: keep-alive
X-Proxy-Origin: 217.114.215.133; 217.114.215.133; 1004.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
Content-Length: 0
X-XSS-Protection: 0
Pragma: no-cache
AN-X-Request-Uuid: 58b07d7a-5f2a-458d-a8c4-0dbf0d96f39a
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: text/html; charset=utf-8
Access-Control-Allow-Origin: *
Location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=ODU1MDQ3NjcxNjEzODIxODY3
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Expires: Sat, 15 Nov 2008 16:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame FD44 0
20 B 55ms
55ms Ping
image/gif 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=running&ord=3418697653348&version=m202301230201

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://b71adb14a14f29496d7699916e80b9c7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 20 Jun 2023 07:44:34 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame FD44 0
20 B 55ms
55ms Ping
image/gif 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tlbr&ord=3418697653348&version=m202301230201&ct=76&x=1&cor=15939408303101846000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://b71adb14a14f29496d7699916e80b9c7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 20 Jun 2023 07:44:34 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame FD44 92 KB
37 KB 83ms
83ms Script
text/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-CxKswj0Fb65kdYOP7sAS0G93rUbpilP3Xi8JMXhh-x2wJ44png6j9zuOM61RKChbhTHsYQSyEuDMPo5J7QlBXOTdZg9QwyBD9oEuQZGoM-ViX0Sp0CDepfjFL4VBQVnXdxGEgRiLj4uJ9-ZJy85U7LsaKZZkFydm_aEOEZ34HcQkq8Hpg&dbm_d=AKAmf-AFAd1_0uixWcOMAJc9yHZflFedGLAGPdEkNCR_FHqO4zfGN5QZZ8V8eEjACgFfqOTYSOkoneXL7h9wGkXUqqPp3K4BtDXYkwRUVjf_y5W9coylBct-YXwOKXHv8xZ2-vZ_Zv4MllTfyO7hYWoY95I-KJDLdBfZ5ZPQFYa1Zwb3_LDPaS9FYdymDWsGmoaamd2UIH3iTkyfRINgpKR1YjA9TeU5Ivp7977yoWJkD0bcFY5PMZkNK1BPv9ZchM_O5CkSOoikh3kdHsvMEV9bIwL4XINNUlq_kMU4f1CRjGnBnQCHgQojC390_GyWsltt24SKpEAhCPL4ePhSLej_JCSOsq-VCUSRuVdGQoh8ubSH3nOaoZIqreyicTUbbIuDqBiCyDhmujEyn0NatwVVB-nmgYXNz9-GBv3VCMHzefxIwJuI4vwzmyKTRmp5XuFoFdep_KlXG4wq578YgdxHzrMDsLzxkEfgKUhHigUAXseqrchnjCcYaCAfu4DywsyDBM2280TBHQQt4NST-yUI9TNJgCLw8Bsy7y_BcUFURZ21rRu0jeo673ZUx6cH2h9Euy8RPDtr32KgVWhVXVQ6kXB_m3mmOG7XKarCAaBQX44rRfzuKkT4N_pQOug_6wz6bXYMWECdbPvJ7pZyRdR8vf8dumedzNifSfcB7QYOxZCJ_wjV60ji32uvGjqSGxqLwanGrozI2Nq74SwvmfLips7X03BIP9CWqrboOpUTKe2Oh2f6HQU0b8Ett5sa3in_DriDFWWjspmtVJmMiNsWExOnkJ7Co535VVh5Ob8GJKvwmuqEApnQa5H0nI-zIE24aAJge3Bwk8PgzmEajsIzzGaYxLke-WYhR9l0d3NeCwoRqb5WoV6viexw7KOhnUOfdr59SJ64Yrbduiq2jgTJEVbdVtVVo1GTWhK11nvhHiqf65KGUALOGdqdWDQf0_jvQzhkYj-dpnQXoXxXwX4aQQCdj61F8QPswgt4l3Vt25eVPJsxI9_Q-1iLe_ViMvhyixnE31mMMLOIzmIRb0lYM7J3O0rcBaL_WO_R9eipZEC-h14SNkf82t1LToWN_DSIKAiykc4zu5mOm7iTa3C7pTHYAIGzO70KwrfrnJ3OsXNfzc75oJjKHvHsROLaGgnYYDTp7EI_caXR5-bQSfqeuujZORxF3cHJ1mtDLK6yAzOz_EOzCnz-WLYDda2tVZDbefeYVtYDTUVZWy2c7TwulzNlSBv-LbHqLD-xRVKOQNDiEB4nwtjjG53YAgz6yTc99352bRBtC_AQIU2mD09w7CSa_59x7NDWlXNv5FGms3_-VII5LI3lZ72-Bj3Dqr73KVt1yRTJ4EGiVqbnmSn2J5ojDFyeCZAzCmr14aQx9BtnHAW5L9C4aLexaa170tfWydqTAFrcR52jn979cEZNGjftedX6W5pzmCXNJprd5sJCc99lXhFj9DqG8rRqlHyzFEAwHbMfnKfLmhk5pXZh5B629WADSsRZVuQK01Tb8j9HMaw5-zmbS7L3pdzujoxURY_1QNh27Gxrsr97k9cUoLLrK1fvlTsCqVumQaQvUtQT7FSYwQOiITMfHVHo3SUGvnDSqhf3OpRyfZ-CZuJlmHfvupXoby8tUjCHjgn2XTNuyaMscJVmkaUBWeYAj97DRuPYi1GkI2Kctvqk_WpyfZ6uwsc72jfDWRRZb7CIuqRC3xHXHrvw0NyMWp-34Q9mlPlJdwjnguXMX5BLLy7Nk3EF2vD6yURneWdWWrUCTIYjlR1_cXBNtN_hM0CZ5Sn9sVa1nM77zx4KSdq5dI2X5yVdU2fp2O2idve0RQJvePpCNLuQ6tI0-hLeTehqu4CrR0hzGu832TpBd-udaWCQN2_PzQFfqyriatwn_7CjjjZa0YlqL2WKMDs0KZkX1d8dpnWnE6kR5iuxfrrofuT1yUGXDaoPkyqwuvfoTHnd7bB-9NTsOrf4tk62ygZWWYIzbXpAZ_PNpVmDY3p9wPqtrv1WYWDdiQPjdXGwybnlbT1918b4aSmPZJMPXn7viqFzrclOqwV-wvw7NSPdB1AgOiY5hT6S1imW16RJPv0qLdfxt7ZHUE7kziHw24alwYO7eLuvovHK9z1uRwAOhk4MzeHagvu4CD9dTcpVxUOfKIwONL3hTb8VjfEc7VXpRwieW3elsixTEgFs-lQOBB3KQikarC9ZxgnTpm_Mpf_BCkqGRDXrr62apXp4BqFYS0YFy2dSHEfYCFBJSbnAydLmDx-n9LkFwFqIaiDMHbzgx7Nf3D2FI4ZuvjGdWi4SPk7DGs-bTxnEhgGRRIPqBMa8MaZ29ats0Tka2TThYsieeKAFVPzho2bJ0qF0HLwo23DumRQ4QiJn2n11xN9H2YhZnKq5zV4mNXEhIzXXjUeU9ekta0sF8KlXc5h4C0q5X-9hYPZPeTbxb4wep7579MoCcHHEkR3A5z7206iVnIUhZ8ymwEO2K5wrLIAevL0F2_ZIGT0MedvOBMvOp0edi-cSIdK3_XQCvJuZecZ-tTux4sTAGbCeuupZ2d2djmQFwq9cvErtkpRD4AuGh1PSGppXMzZq3DHK9ZnXLvTuSTJyA51jAf9zzKeHcPay2gO5P-65-oGefJ0VpvaYQA4fFyQBUnkChb0yea6B_svf6u9zxQwVudejWeQOfoBlJd5eF9DY8GZETefQnytJlXvLFVEdILx98ARxaQ1ae2Qnhr5A9jKRhunjZZyTlE0Ab_-qP8_gCd3w3BPAPiBn5kWsrTEXXR7-Zf3Ceflm2l5SiBAteEwJ5Fs2aX9bTYEZBPpR4XqJ24nf_9Zv8L2dIvwSdokqWAZDTf9G4cpd1YnQOf_7ABUffLK1gVGXeFN5P5e2z2kAQs-jSoWsXjpf2radFAD70lPBcl8imY7-Alp8R7xJdiss0qoJEziEkh7AV8NQB14FzIBF0b9rvMiWk4tfIT555t0mrZ3mAZmzvgx_rzc_Evn0VihXq8IZWvPMixD4yfqWLQhw4vaUJZGAPxATfpxlekPElDjQYRscAqz3rdeQDFnHVhk-Bml8kS5IMkZmlcqV6SM1wQHnMSwAZx5tazOB1Tmrxg3e0qYFiEFHdv5W-Yp_XhAz0QKEZWHEK9H-wh8FxJAMKXJjSIW4iJj3pLkC24KQ3oT7hUXrLkfElJjXaWAgsPaP0yfm39ryyT4uH2uiBTa8GmGhunzyFkBwRFvwng4z4ChaOoPmywi6hAXPBeSDLWsOjr-QFJBmd0JYlUPt-C5BONhOo-aPQdkvElXAdNRVRcgJkrUYL79zmiRmkgJ1he20-J3KTE054rKLJtQIO27hEjkj0p56XK09akKrfWBL2mSRjLm0xv1h5c1DozgF2z1O_LNpKkCERDtoz9KgM61JTtoTcx58Af5nn8lE_exEzo9i1A1s-EnsjAY5GTQuTbTqC9zsf7Km1rtveXUPxhJlLMGgxX7TpIf27PQ4SuzC6LWB4Aiamxfc3ISCADLlS9SZgchFeRfF2TzeNqGpnr5wVLMBtYyGzRdI-Mi7HdpnSxsRAUa97Orh4P2bNODJoycw0TfHivHUPRISUEh6zCkRr8hqnJIvb0sdayJt7Wx9WQWAUPl4jf9jLc4efM6v7ocxif-FfnfkMgDbluPBfczWzbM41FSOiTTwzOW46mUUHXDesgWYdHYw6qDHUyO_QN0-ztLOyw-zXJsQAOGExZIYf6Rt&cid=CAQSPABygQiDmmTwJOjizFBaZWG75FC7etBNtDWTTm03xALH1FrYci1QB6AZtIfB05wEPD3es0WKSVPByss0BRgB&dv3_ver=m202301230201&rfl=https%3A%2F%2Fwww.ensonhaber.com%2F&ds=l&xdt=1&iif=1&cor=15939408303101846000&adk=1964084972&idt=197&cac=0&dtd=13

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

736e5c6597e5c0a99385da23644ffc3d16c7f7e57485a5045bd7a36a5418f640

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://b71adb14a14f29496d7699916e80b9c7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 20 Jun 2023 07:44:34 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 37701
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 html_inpage_rendering_lib_200_278.js Show response
s0.2mdn.net/879366/ Frame FD44 172 KB
61 KB 102ms
21ms Script
text/javascript 2a00:1450:4001:827::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_278.js

Requested by

Host: www.ensonhaber.com
URL: https://www.ensonhaber.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a6d36aa3d742ccd6f1ca3c76dcf885af72f7bebe2fcc001ea011a7aea2f55678

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://b71adb14a14f29496d7699916e80b9c7.safeframe.googlesyndication.com/
Origin: https://b71adb14a14f29496d7699916e80b9c7.safeframe.googlesyndication.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Mon, 19 Jun 2023 10:17:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 77233
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 61485
x-xss-protection: 0
last-modified: Tue, 14 Mar 2023 18:43:57 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 20 Jun 2023 10:17:22 GMT

GET
H3 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20230614/r20110914/elements/html/ Frame FD44 11 KB
4 KB 21ms
21ms Script
text/javascript 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20230614/r20110914/elements/html/omrhp.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-CxKswj0Fb65kdYOP7sAS0G93rUbpilP3Xi8JMXhh-x2wJ44png6j9zuOM61RKChbhTHsYQSyEuDMPo5J7QlBXOTdZg9QwyBD9oEuQZGoM-ViX0Sp0CDepfjFL4VBQVnXdxGEgRiLj4uJ9-ZJy85U7LsaKZZkFydm_aEOEZ34HcQkq8Hpg&dbm_d=AKAmf-AFAd1_0uixWcOMAJc9yHZflFedGLAGPdEkNCR_FHqO4zfGN5QZZ8V8eEjACgFfqOTYSOkoneXL7h9wGkXUqqPp3K4BtDXYkwRUVjf_y5W9coylBct-YXwOKXHv8xZ2-vZ_Zv4MllTfyO7hYWoY95I-KJDLdBfZ5ZPQFYa1Zwb3_LDPaS9FYdymDWsGmoaamd2UIH3iTkyfRINgpKR1YjA9TeU5Ivp7977yoWJkD0bcFY5PMZkNK1BPv9ZchM_O5CkSOoikh3kdHsvMEV9bIwL4XINNUlq_kMU4f1CRjGnBnQCHgQojC390_GyWsltt24SKpEAhCPL4ePhSLej_JCSOsq-VCUSRuVdGQoh8ubSH3nOaoZIqreyicTUbbIuDqBiCyDhmujEyn0NatwVVB-nmgYXNz9-GBv3VCMHzefxIwJuI4vwzmyKTRmp5XuFoFdep_KlXG4wq578YgdxHzrMDsLzxkEfgKUhHigUAXseqrchnjCcYaCAfu4DywsyDBM2280TBHQQt4NST-yUI9TNJgCLw8Bsy7y_BcUFURZ21rRu0jeo673ZUx6cH2h9Euy8RPDtr32KgVWhVXVQ6kXB_m3mmOG7XKarCAaBQX44rRfzuKkT4N_pQOug_6wz6bXYMWECdbPvJ7pZyRdR8vf8dumedzNifSfcB7QYOxZCJ_wjV60ji32uvGjqSGxqLwanGrozI2Nq74SwvmfLips7X03BIP9CWqrboOpUTKe2Oh2f6HQU0b8Ett5sa3in_DriDFWWjspmtVJmMiNsWExOnkJ7Co535VVh5Ob8GJKvwmuqEApnQa5H0nI-zIE24aAJge3Bwk8PgzmEajsIzzGaYxLke-WYhR9l0d3NeCwoRqb5WoV6viexw7KOhnUOfdr59SJ64Yrbduiq2jgTJEVbdVtVVo1GTWhK11nvhHiqf65KGUALOGdqdWDQf0_jvQzhkYj-dpnQXoXxXwX4aQQCdj61F8QPswgt4l3Vt25eVPJsxI9_Q-1iLe_ViMvhyixnE31mMMLOIzmIRb0lYM7J3O0rcBaL_WO_R9eipZEC-h14SNkf82t1LToWN_DSIKAiykc4zu5mOm7iTa3C7pTHYAIGzO70KwrfrnJ3OsXNfzc75oJjKHvHsROLaGgnYYDTp7EI_caXR5-bQSfqeuujZORxF3cHJ1mtDLK6yAzOz_EOzCnz-WLYDda2tVZDbefeYVtYDTUVZWy2c7TwulzNlSBv-LbHqLD-xRVKOQNDiEB4nwtjjG53YAgz6yTc99352bRBtC_AQIU2mD09w7CSa_59x7NDWlXNv5FGms3_-VII5LI3lZ72-Bj3Dqr73KVt1yRTJ4EGiVqbnmSn2J5ojDFyeCZAzCmr14aQx9BtnHAW5L9C4aLexaa170tfWydqTAFrcR52jn979cEZNGjftedX6W5pzmCXNJprd5sJCc99lXhFj9DqG8rRqlHyzFEAwHbMfnKfLmhk5pXZh5B629WADSsRZVuQK01Tb8j9HMaw5-zmbS7L3pdzujoxURY_1QNh27Gxrsr97k9cUoLLrK1fvlTsCqVumQaQvUtQT7FSYwQOiITMfHVHo3SUGvnDSqhf3OpRyfZ-CZuJlmHfvupXoby8tUjCHjgn2XTNuyaMscJVmkaUBWeYAj97DRuPYi1GkI2Kctvqk_WpyfZ6uwsc72jfDWRRZb7CIuqRC3xHXHrvw0NyMWp-34Q9mlPlJdwjnguXMX5BLLy7Nk3EF2vD6yURneWdWWrUCTIYjlR1_cXBNtN_hM0CZ5Sn9sVa1nM77zx4KSdq5dI2X5yVdU2fp2O2idve0RQJvePpCNLuQ6tI0-hLeTehqu4CrR0hzGu832TpBd-udaWCQN2_PzQFfqyriatwn_7CjjjZa0YlqL2WKMDs0KZkX1d8dpnWnE6kR5iuxfrrofuT1yUGXDaoPkyqwuvfoTHnd7bB-9NTsOrf4tk62ygZWWYIzbXpAZ_PNpVmDY3p9wPqtrv1WYWDdiQPjdXGwybnlbT1918b4aSmPZJMPXn7viqFzrclOqwV-wvw7NSPdB1AgOiY5hT6S1imW16RJPv0qLdfxt7ZHUE7kziHw24alwYO7eLuvovHK9z1uRwAOhk4MzeHagvu4CD9dTcpVxUOfKIwONL3hTb8VjfEc7VXpRwieW3elsixTEgFs-lQOBB3KQikarC9ZxgnTpm_Mpf_BCkqGRDXrr62apXp4BqFYS0YFy2dSHEfYCFBJSbnAydLmDx-n9LkFwFqIaiDMHbzgx7Nf3D2FI4ZuvjGdWi4SPk7DGs-bTxnEhgGRRIPqBMa8MaZ29ats0Tka2TThYsieeKAFVPzho2bJ0qF0HLwo23DumRQ4QiJn2n11xN9H2YhZnKq5zV4mNXEhIzXXjUeU9ekta0sF8KlXc5h4C0q5X-9hYPZPeTbxb4wep7579MoCcHHEkR3A5z7206iVnIUhZ8ymwEO2K5wrLIAevL0F2_ZIGT0MedvOBMvOp0edi-cSIdK3_XQCvJuZecZ-tTux4sTAGbCeuupZ2d2djmQFwq9cvErtkpRD4AuGh1PSGppXMzZq3DHK9ZnXLvTuSTJyA51jAf9zzKeHcPay2gO5P-65-oGefJ0VpvaYQA4fFyQBUnkChb0yea6B_svf6u9zxQwVudejWeQOfoBlJd5eF9DY8GZETefQnytJlXvLFVEdILx98ARxaQ1ae2Qnhr5A9jKRhunjZZyTlE0Ab_-qP8_gCd3w3BPAPiBn5kWsrTEXXR7-Zf3Ceflm2l5SiBAteEwJ5Fs2aX9bTYEZBPpR4XqJ24nf_9Zv8L2dIvwSdokqWAZDTf9G4cpd1YnQOf_7ABUffLK1gVGXeFN5P5e2z2kAQs-jSoWsXjpf2radFAD70lPBcl8imY7-Alp8R7xJdiss0qoJEziEkh7AV8NQB14FzIBF0b9rvMiWk4tfIT555t0mrZ3mAZmzvgx_rzc_Evn0VihXq8IZWvPMixD4yfqWLQhw4vaUJZGAPxATfpxlekPElDjQYRscAqz3rdeQDFnHVhk-Bml8kS5IMkZmlcqV6SM1wQHnMSwAZx5tazOB1Tmrxg3e0qYFiEFHdv5W-Yp_XhAz0QKEZWHEK9H-wh8FxJAMKXJjSIW4iJj3pLkC24KQ3oT7hUXrLkfElJjXaWAgsPaP0yfm39ryyT4uH2uiBTa8GmGhunzyFkBwRFvwng4z4ChaOoPmywi6hAXPBeSDLWsOjr-QFJBmd0JYlUPt-C5BONhOo-aPQdkvElXAdNRVRcgJkrUYL79zmiRmkgJ1he20-J3KTE054rKLJtQIO27hEjkj0p56XK09akKrfWBL2mSRjLm0xv1h5c1DozgF2z1O_LNpKkCERDtoz9KgM61JTtoTcx58Af5nn8lE_exEzo9i1A1s-EnsjAY5GTQuTbTqC9zsf7Km1rtveXUPxhJlLMGgxX7TpIf27PQ4SuzC6LWB4Aiamxfc3ISCADLlS9SZgchFeRfF2TzeNqGpnr5wVLMBtYyGzRdI-Mi7HdpnSxsRAUa97Orh4P2bNODJoycw0TfHivHUPRISUEh6zCkRr8hqnJIvb0sdayJt7Wx9WQWAUPl4jf9jLc4efM6v7ocxif-FfnfkMgDbluPBfczWzbM41FSOiTTwzOW46mUUHXDesgWYdHYw6qDHUyO_QN0-ztLOyw-zXJsQAOGExZIYf6Rt&cid=CAQSPABygQiDmmTwJOjizFBaZWG75FC7etBNtDWTTm03xALH1FrYci1QB6AZtIfB05wEPD3es0WKSVPByss0BRgB&dv3_ver=m202301230201&rfl=https%3A%2F%2Fwww.ensonhaber.com%2F&ds=l&xdt=1&iif=1&cor=15939408303101846000&adk=1964084972&idt=197&cac=0&dtd=13

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7ff9993d3bf21821aa4aab3b5958b4d9ba3fd3a3aa92f5830a24d3ee259f4851

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://b71adb14a14f29496d7699916e80b9c7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Mon, 19 Jun 2023 17:40:25 GMT
content-encoding: br
x-content-type-options: nosniff
age: 50650
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4172
x-xss-protection: 0
server: cafe
etag: 5499578052516643378
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 03 Jul 2023 17:40:25 GMT

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20230614/r20110914/ Frame FD44 29 KB
11 KB 21ms
20ms Script
text/javascript 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20230614/r20110914/abg_lite.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

bb86be0538b5ef8bb7fabe6cfdcc28f99687242fbecab81a9a2a72d92931594a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://b71adb14a14f29496d7699916e80b9c7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Mon, 19 Jun 2023 17:40:25 GMT
content-encoding: br
x-content-type-options: nosniff
age: 50650
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11316
x-xss-protection: 0
server: cafe
etag: 309758756414748794
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 03 Jul 2023 17:40:25 GMT

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame FD44 41 KB
15 KB 21ms
20ms Script
text/javascript 2a00:1450:4001:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: www.ensonhaber.com
URL: https://www.ensonhaber.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://b71adb14a14f29496d7699916e80b9c7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 07:39:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 302
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 19 Jun 2024 07:39:33 GMT

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 9B13 1 KB
643 B 21ms
20ms Document
text/html 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: b71adb14a14f29496d7699916e80b9c7.safeframe.googlesyndication.com
URL: https://b71adb14a14f29496d7699916e80b9c7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://b71adb14a14f29496d7699916e80b9c7.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 66325
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=86400
content-encoding: br
content-length: 618
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 19 Jun 2023 13:19:10 GMT
etag: 48472445140208031
expires: Tue, 20 Jun 2023 13:19:10 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame FD44 214 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: ec08b32778c36d5baa76a83b12b760446f897c37b77b6853800230744c5ab577

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame 7024 22 KB
8 KB 21ms
20ms Document
text/html 2a00:1450:4001:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://b71adb14a14f29496d7699916e80b9c7.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 319401
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 8395
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Fri, 16 Jun 2023 15:01:14 GMT
expires: Sat, 15 Jun 2024 15:01:14 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2

200

/
r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/ Frame 9B13
Redirect Chain

https://ad.turn.com/r/cs?pid=3&google_gid=CAESEK2Q4W3Pa8uEVd0Yns3HjJ4&google_cver=1&google_push=ATf1kGMrGHUJI3tzkImEPHMcuffN__D8PSJEEBysBfgtA2J3BAiaJ9wjaB9jpAR5s9EgpO96c0i4CVeI_Zqlm5cEv1qx7ElPdAg7
https://cm.g.doubleclick.net/pixel?google_nid=turn1&google_cm&google_sc&google_hm=ODYwMDg1MzQ0NTc0ODc2NDc3Ng==&gdpr=&gdpr_consent=
https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?gdpr=&gdpr_consent=&google_gid=CAESEHcrTADmDzyEcU2LQLypJXc&google_cver=1

43 B
398 B

96ms
31ms

Image
image/gif

2001:678:cb4:bbbb::11
AMOBEE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?gdpr=&gdpr_consent=&google_gid=CAESEHcrTADmDzyEcU2LQLypJXc&google_cver=1
Requested by: Host: b71adb14a14f29496d7699916e80b9c7.safeframe.googlesyndication.com
URL: https://b71adb14a14f29496d7699916e80b9c7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: H2
Server: 2001:678:cb4:bbbb::11 , United Kingdom, ASN56396 (AMOBEE, GB),
Reverse DNS
Software: /
Resource Hash: 48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

content-type: image/gif
pragma: no-cache
date: Tue, 20 Jun 2023 07:44:34 GMT
cache-control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
content-length: 43
p3p: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"

Redirect headers

pragma: no-cache
date: Tue, 20 Jun 2023 07:44:35 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?gdpr=&gdpr_consent=&google_gid=CAESEHcrTADmDzyEcU2LQLypJXc&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 329
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 9B13
Redirect Chain

https://c1.adform.net/serving/cookie/match/?party=1&google_gid=CAESEI4OyXcI-GU6Xo_ICqb3xqU&google_cver=1&google_push=ATf1kGNUVThku0QnLDcwANMIRUTl_ARfU-nTbUrOPz6UZEi99t83RJNBCiwTecVf2baz-14ac3wPqTzy...
https://c1.adform.net/serving/cookie/match/?CC=1&party=1&google_gid=CAESEI4OyXcI-GU6Xo_ICqb3xqU&google_cver=1&google_push=ATf1kGNUVThku0QnLDcwANMIRUTl_ARfU-nTbUrOPz6UZEi99t83RJNBCiwTecVf2baz-14ac3w...
https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=MzUxODQ4NDIwMTg1MDA5Nzc4MA&google_push=ATf1kGNUVThku0QnLDcwANMIRUTl_ARfU-nTbUrOPz6UZEi99t83RJNBCiwTecVf2baz-14ac3wPqT...

170 B
188 B

32ms
32ms

Image
image/png

172.217.23.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=MzUxODQ4NDIwMTg1MDA5Nzc4MA&google_push=ATf1kGNUVThku0QnLDcwANMIRUTl_ARfU-nTbUrOPz6UZEi99t83RJNBCiwTecVf2baz-14ac3wPqTzyXEVUj3yeEG4IgOGtUiSi

Requested by

Host: b71adb14a14f29496d7699916e80b9c7.safeframe.googlesyndication.com
URL: https://b71adb14a14f29496d7699916e80b9c7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Server

172.217.23.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

mil04s23-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 20 Jun 2023 07:44:35 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Tue, 20 Jun 2023 07:44:35 GMT
strict-transport-security: max-age=31536000; includeSubDomains
server: nginx
accept-ch: Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version
access-control-max-age: 86400
access-control-allow-methods: GET
location: https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=MzUxODQ4NDIwMTg1MDA5Nzc4MA&google_push=ATf1kGNUVThku0QnLDcwANMIRUTl_ARfU-nTbUrOPz6UZEi99t83RJNBCiwTecVf2baz-14ac3wPqTzyXEVUj3yeEG4IgOGtUiSi
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
content-length: 0
expires: -1

GET
H2 200 dds
rtb.openx.net/sync/ Frame 9B13 43 B
245 B 77ms
28ms Image
image/gif 35.227.252.103
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb.openx.net/sync/dds?google_gid=CAESEPo4hx7-JKaGn3yvxQ6Gz8w&google_cver=1&google_push=ATf1kGOqA5Tt0yOrFSMIVkyyqGWNpI2Ru2qod4r-tGhwk_FNor9QpoQbGGEDLuOO6thW3AAiLu3jSljOJBDOyqjoYj5GCJXD2-fr
Requested by: Host: b71adb14a14f29496d7699916e80b9c7.safeframe.googlesyndication.com
URL: https://b71adb14a14f29496d7699916e80b9c7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.227.252.103 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 103.252.227.35.bc.googleusercontent.com
Software: /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 20 Jun 2023 07:44:35 GMT
via: 1.1 google
content-type: image/gif
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache, must-revalidate
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 9B13
Redirect Chain

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%...
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=Q2bs-u_ZRqy-UlXZ8GNwCg%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mp...

170 B
188 B

32ms
32ms

Image
image/png

172.217.23.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=Q2bs-u_ZRqy-UlXZ8GNwCg%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=ATf1kGOlYWOhxneEelTr3YU1TFAS-rJj8qm3MxSl5D8YSAz1P8P0D9yUDrfu_CNfSpHpiuV57oneqfmNGVBpiilu8xAYNSAlDiA

Requested by

Host: b71adb14a14f29496d7699916e80b9c7.safeframe.googlesyndication.com
URL: https://b71adb14a14f29496d7699916e80b9c7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Server

172.217.23.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

mil04s23-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 20 Jun 2023 07:44:35 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=Q2bs-u_ZRqy-UlXZ8GNwCg%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=ATf1kGOlYWOhxneEelTr3YU1TFAS-rJj8qm3MxSl5D8YSAz1P8P0D9yUDrfu_CNfSpHpiuV57oneqfmNGVBpiilu8xAYNSAlDiA
date: Tue, 20 Jun 2023 07:44:33 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 0
content-type: text/html; charset=UTF-8

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 9B13
Redirect Chain

https://eb2.3lift.com/ebda?sync=1&google_gid=CAESENJZTCnHlBwOuDE-cywVB5w&google_cver=1&google_push=ATf1kGOUwVrbEBk4R0Xec1Qd8L-KsNhcPvOO5G2miqPhFdw0jZPuib4mOhWZnNcPVkRhoPVXkzV4FVgqRli8b6Gl1xC75uu9Frbb
https://eb2.3lift.com/sync/google/supply?ld=1&gdpr=1&gdpr_consent=&us_privacy=&sync=1&google_push=ATf1kGOUwVrbEBk4R0Xec1Qd8L-KsNhcPvOO5G2miqPhFdw0jZPuib4mOhWZnNcPVkRhoPVXkzV4FVgqRli8b6Gl1xC75uu9Frb...
https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_hm=MTM3NTU5MjQ2NjU2ODkxNTE1NjU5Mg%3D%3D&google_push=ATf1kGOUwVrbEBk4R0Xec1Qd8L-KsNhcPvOO5G2miqPhFdw0jZPuib4m...

170 B
188 B

33ms
32ms

Image
image/png

172.217.23.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_hm=MTM3NTU5MjQ2NjU2ODkxNTE1NjU5Mg%3D%3D&google_push=ATf1kGOUwVrbEBk4R0Xec1Qd8L-KsNhcPvOO5G2miqPhFdw0jZPuib4mOhWZnNcPVkRhoPVXkzV4FVgqRli8b6Gl1xC75uu9Frbb

Requested by

Host: b71adb14a14f29496d7699916e80b9c7.safeframe.googlesyndication.com
URL: https://b71adb14a14f29496d7699916e80b9c7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Server

172.217.23.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

mil04s23-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 20 Jun 2023 07:44:35 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_hm=MTM3NTU5MjQ2NjU2ODkxNTE1NjU5Mg%3D%3D&google_push=ATf1kGOUwVrbEBk4R0Xec1Qd8L-KsNhcPvOO5G2miqPhFdw0jZPuib4mOhWZnNcPVkRhoPVXkzV4FVgqRli8b6Gl1xC75uu9Frbb
date: Tue, 20 Jun 2023 07:44:35 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 0
p3p: policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 9B13
Redirect Chain

https://cs.media.net/cksync?type=g&google_gid=CAESEKRoage-CH6JxccrdrkcCc0&google_cver=1&google_push=ATf1kGPtscorglnoVXjqdM3DxamulrNUATQmjR5zaLHoH9Qaj8nBuPXVw3PAe6vCEg7WAcmdAUnWzuhB3sdSfMjks2lZHwDDy_VV
https://cm.g.doubleclick.net/pixel?google_nid=media&google_hm=MzMwMjQ4Njc0ODIxNDkxODAwMFYxMA%3d%3d&mn_hm=MzMwMjQ4Njc0ODIxNDkxODAwMFYxMA%3d%3d&google_sc=1&google_push=ATf1kGPtscorglnoVXjqdM3DxamulrN...

170 B
188 B

36ms
36ms

Image
image/png

172.217.23.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=media&google_hm=MzMwMjQ4Njc0ODIxNDkxODAwMFYxMA%3d%3d&mn_hm=MzMwMjQ4Njc0ODIxNDkxODAwMFYxMA%3d%3d&google_sc=1&google_push=ATf1kGPtscorglnoVXjqdM3DxamulrNUATQmjR5zaLHoH9Qaj8nBuPXVw3PAe6vCEg7WAcmdAUnWzuhB3sdSfMjks2lZHwDDy_VV&gdpr=&gdpr_consent=

Requested by

Host: b71adb14a14f29496d7699916e80b9c7.safeframe.googlesyndication.com
URL: https://b71adb14a14f29496d7699916e80b9c7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Server

172.217.23.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

mil04s23-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 20 Jun 2023 07:44:35 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Tue, 20 Jun 2023 07:44:35 GMT
Server: Apache
p3p: CP="NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA", CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA
Location: https://cm.g.doubleclick.net/pixel?google_nid=media&google_hm=MzMwMjQ4Njc0ODIxNDkxODAwMFYxMA%3d%3d&mn_hm=MzMwMjQ4Njc0ODIxNDkxODAwMFYxMA%3d%3d&google_sc=1&google_push=ATf1kGPtscorglnoVXjqdM3DxamulrNUATQmjR5zaLHoH9Qaj8nBuPXVw3PAe6vCEg7WAcmdAUnWzuhB3sdSfMjks2lZHwDDy_VV&gdpr=&gdpr_consent=
Content-Type: text/html
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Length: 154
x-mnet-hl2: E
Expires: Tue, 20 Jun 2023 07:44:35 GMT

GET
H2

200

/
onetag-sys.com/match/ Frame 9B13
Redirect Chain

https://onetag-sys.com/match/?int_id=106&redir=1&google_gid=CAESEGyHw5Mhdm3WbZ5801o1BhE&google_cver=1&google_push=ATf1kGO-Ux9PV8j3TYp4opK53lUGFzYlRG08tsB3w9oiW8mtSQnYejEKiB7EuJUsX8rJWH1mVYMBDpzNGIn...
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=ATf1kGO-Ux9PV8j3TYp4opK53lUGFzYlRG08tsB3w9oiW8mtSQnYejEKiB7EuJUsX8rJWH1mVYMBDpzNGInx2UcVICwNQzQ1AMni
https://onetag-sys.com/match/?int_id=19&google_error=5

0
151 B

22ms
22ms

Image
text/plain

51.75.86.98
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://onetag-sys.com/match/?int_id=19&google_error=5

Requested by

Host: b71adb14a14f29496d7699916e80b9c7.safeframe.googlesyndication.com
URL: https://b71adb14a14f29496d7699916e80b9c7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Server

51.75.86.98 , France, ASN16276 (OVH, FR),

Reverse DNS

ip98.ip-51-75-86.eu

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

strict-transport-security: max-age=15552000
cache-control: no-transform, no-cache
content-length: 0
p3p: CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'

Redirect headers

pragma: no-cache
date: Tue, 20 Jun 2023 07:44:35 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://onetag-sys.com/match/?int_id=19&google_error=5
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 255
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame 9B13 0
12 B 31ms
30ms Image
text/html 172.217.23.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13JoRg4uTXefvOfo1dAG-oln-cM7tmhGoiEygAK3tMiJkC1Ev7spAkvJIJH7r5iYh-9Sg9eKcA

Requested by

Host: b71adb14a14f29496d7699916e80b9c7.safeframe.googlesyndication.com
URL: https://b71adb14a14f29496d7699916e80b9c7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.23.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

mil04s23-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 07:44:35 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
content-type: text/html

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame F7F3 0
20 B 55ms
55ms Ping
image/gif 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=running&ord=8655316557947&version=m202301230201

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://b71adb14a14f29496d7699916e80b9c7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 20 Jun 2023 07:44:35 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame F7F3 0
20 B 54ms
54ms Ping
image/gif 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tlbr&ord=8655316557947&version=m202301230201&ct=76&x=1&cor=14208215394320996000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://b71adb14a14f29496d7699916e80b9c7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 20 Jun 2023 07:44:35 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame F7F3 87 KB
36 KB 66ms
65ms Script
text/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-AwtjTr-W9bTQCWQLubuRblv262sT15R9ltNf9U4lbA9dWAgPTw4ZaC_QKe5tw32f7u9L3LahOBr70fYtmd9eQSexLyVaDi5Gegn7wrBnFJM2yUa90PTUq9SfxX16tzxZhTe2aFiaLI0vq0YAas2F00YONRtcZ4QQc-HZAA9cG5iFf1riY&dbm_d=AKAmf-DLu1HO_iIw3YZhELiEWJN5towjpBQ2oaYNTaXoaokiBj-GPSoCDYtRvi9JBmfWNMWSFLubrAevotIh7E6HMD_7_2HPR6f5TM7CV765hz_f2Nyvqi9qKWKgPx63K5AHnsxIjJO63B5IsxM4wuyEDK-HbdYcPKcXiCubuAvhjIncjeJXoNlw362L9aZS08zPJbG1F2QewU11nihBTHBT4htHyJnrR6KSUS03A4wIzjoys8plRV44X_ZsmLCuUGBZzzeicQOzmf2CACe3DzHzCts2GT69p1ePcThari8wK-nUtd7vhoLi4ePtAe3ZZs-5A4RS-HJ94cg0EDX_tOkw7UYQ5bFon6oH_hSLuHTujy8OVW2zeT2rcqCjb7wvWXLhNS3vyDK3_mYx5nR8FXSuqAotM8TW9wIh50Yg8dzHu9DnDy44e9rtHsEXbaUpC7w01oC_GQUfRg5oXHKyr3yHFoX9J8-CUD8I2rtTdoy6SQD6nVZeymRqTgjjTC85R6j-xY-dfi77KuULLTquo8KVSxhiTd_GE61O7Su0jyiWXdEWcqmxFlTgnSDRAcsFK238phxTbvlyN49sONySQi0V_sIGXRHxF9_B8a9YK81S24VxnrOZa1Y9mghB7KQDrOGIaR9UZsxgH6r9NvtfBDDIjMDkORz09kdNSZxbUGfGAmELF8TNYVIWucieKi-9sgU5mKgiiOz4hb9Ke1qzJEcZ06jkeDNaUV7M_BcSjSlFOpQnA2m6UJaPuKOBiq55YEkXDim560WxOSmm88RGEVGVrL3sWq61YgO_hAEy7Oj5Jbbz0zQH_O1JbdMh44tJmu9ibPid5OvQyzQOJq_MCszs-oISs68_IetXXRzEYZJ5S5IQS_7xLOojLwnWPT_WL6xoSIrSvVnPnZY7VsHXExU68wf4Cd3GX2PIhVgmtz44uhcF2akvY42gtoCqmQsam907mTq3Z2J6J88ZC1s0-rq7u-HnosEYu0XfV61DCzSeA5Mew7a7T5DCy2FocQR3Y3Y9238trp8pOfagPZ77UrDZl8W7KbwmSiVO3ZxJn2E-xxTZbrdSgEI7tMZWd1Gd8zjQDZLzGyQzPCKwdMvjIH3aDVRAQKM1CUxneGpmQkQ6fM5SVQgpv2zElJxbGxumZzVqj-dwq1csY--2nj92KFr7effTQlQHo6AohE97aVotip7Vv30bqq7fs5yeqbQYFZNcn5U89TafrCefo1V4038iAGBFL38lwLxl0PFx2n4kEzdPlKTDbLzcaRwHoEyaZdn0HbwIPGzoNC4knooxZlZ5guS2W52tbpY9meiUZHU2_CjMB8dNHNz1Fwmz1m9FNe06XpXVBuvE0KH0GCsS7dXym_mZ2bNBb07Nr7LhgM6wAYxXo9zmsWaMUdTNJl5nv7l_mDlFIW9ZrMm3YwfUaVG91-uDKoBslmzQL83_HDbeALI76O-A0AJ1WvIikydeVao0HLGH1HmOFD8cwr2aQX0D06JfYXg6IxJBWjues2QXGxUTYWUFKCdVz6ZxY6wsv69ypBsf9yFgZYD4I2dlDuhoy0LRfXA_dr0EtOeyTbljOT_W3hqU2Jud5y8WpE14lTMn-t2qvjbK3Ed8ujCk8v3-L1F6sZgAVjF-e-Hwhy-vhAygy3i--PxrZJMX17VmrB0TY2jZuXuPdBjXBcje3ine4svqHA6wqSHxcQVMa58aEzqR1qagMEhS-wkYodYJIYYq6EzzPW_5H0Vp7s-l0Xy2E6n8Aahnxpvbi7wva-837EezG8dl0kWKc-ygdTfRvmyChf79EdesIYo3-xaJI-SjaTjlftPHQVZRd8S0DBxNhNldDxgQhf03Eu4_RI5Y-DbwJ8_P1rxV5Lam6VEi5jOoZLnex_akghwn93J_0mWMavG6i6ogpVc1prSXIhWUpaf5h09ErYGT-_TNZa5VWdx3kGqiEwfJYMGSX9278-4HhiKzn2J4EF9f8eL_VB7eKFV_suigYa3mz1nMvellv7nCi0eVlNFchmWGxvs1f15shty-3ImpsnEu1mm3Fqn3RenKv00sCsYoquR1OEJNL4Lv7zsCjV7Rr6RHFrimpkB8piTG1Xt7lcjqyqcj_ridq6uHLUtgibX3golmBZkL3TxWO01QAAWcLzgQ0PZadFpOL4T_7zGLc9AZWGuSF5NmQ9WLqc445hyvk4r0TqmgRF5pW-n0tleEwyTDjSVih0dLN9DWLe0f3h48npBDcvFrrlr1hVAyalQh4ZUXUG98xz9MHf0Cv1rpnXEfK-pQtr0PJodzR_EhaU4DF5CpahvopKlUj7KbC1lNA3ANhIZq-3BrqIHxOa3jcf1TSx9rki5EW33g2S3jbZQ4IInPlqBtSGqr4fx2cYlLikRRdJ--yJoZ05zviwe0Az8x7_esHH5j0jIzzDdhy8Fz9WZ0KKcGsLK_PJbZCQ-lEMQ_2JQ5JtwoZ9rrJxiBaS-Tl9HvUQ_QrEZBXkEOv5ZnXZC8UkTAekfSPdc-hRW2sd7tWXdobgRgVr2z19Z0bGQL0UuTLM_uMYDsjFdR-Xo2dGCX_8i8V7hEhymFOgsDmS-zhm1F_KlBH0u9NkcHC_6ssb4TJCCdwiwX4atFc3yWjtiXtFXQJsJg3MKPmXb3TV8jcHxwF8P3dkdMwuCFd5puAGI1pjuAhiFqRzE-2HIhsW0DmnM-iQ0DZZO8wZTIPVGVt9NNQsa3Skk_FvROeXXMDvwL4xijnoSz7jjTrb1YjBAGa6zrJb71x5nS1JksoC5n3ecPF_dOuoxKGcSuqnyCo8LWgu5uBUdBVSttbO65E7gQCFw8depNbseauVb7UXjdXrtXBkGHndxwd2mPbywVjpeox6O9svjVp3Gtq84uG702EtaZZ_GQfZ_AyJGd-lZciyMhCPDrz2dMbncMm0AEf03fTZRqd5AseMQWRqaI7jKS3qSX9-aTbxMq6YmwbACFIOEB-z_OtRiVKLPKJiahXhNskdiwulxhPlUNyDX3fUurzso1CqF7GaOdVgM36Yz6JxqYMemP1xz-VLaR5bQ90gmNg1u_RGANE5OhnTx4SjhgkAfISQt7JiT4DjYlSuavaRDvIabwc0CO7e2Wy3wIQh4wnAZx523bA1sxg6NdK294FcVvY-hLhkbGjVHqB2jPcr2oASX0A0HnhMAuMWHRwrsSqY8EqS2W_o1Hrl_5yvrbYxRwZLHdbxlY0q56uFphBqLAHxvwuyVXQEIHASeF292FCn3OFFv0CwDt88hmiaNqNyBVlqtVZg6lCoF7jdD-GCQgaoo8qzmOGDsz_19jzB-ZehiOd84vFWtyWqcT1DcaEw7EQv2-PDij_xnRVZQ1pYY_Q5NOKfiKKPtrtnOVy2KhCox8ar0M5Uq8cCTgFNtizFh1UrYB4zOHNLjaEUCyp0vSTWC6E0DkSBAgioaDWndKScwJHLnYWaGwowLWd1mti3cv1QYGgJfcbcfArGR7Ry6aqF3TwrluEvfFHYq1EbgdxI4Ee2QUjfeHsYyToynVHmsuOnME5ZT9ek08vq7UQ6boKs1m__hbMJlNj7bYjA5Ot1qMPDdT4iUtP-lTBwZQHhMWefLRSmIT0Yt1Jd70FCrkF6aEXKepMOGfnvYzdtqFocozFz5919CbJSVSCpzh57KkanKZJr5u9zcdNdLqGqil2mQQ6pEiOj2ngmRoXhGCHONdfumd3p8emX5ZyqNOorI0d42rhY5LyAq3QWvMv63yNn__CYzBBRAUxQ&cid=CAQSOwBygQiDC3F0SrAA98uiCPYDD6MeUQuHz_FEgFX3oouMQe0CJQuIHeQzL9fTesqbIIKxyOvSaqjz77SJGAE&dv3_ver=m202301230201&rfl=https%3A%2F%2Fwww.ensonhaber.com%2F&ds=l&xdt=1&iif=1&cor=14208215394320996000&adk=3047537735&idt=281&cac=0&dtd=2

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

df4f22feb615bd0b1e7310876df6606def1550e23e67887050b1b045ea7a3f43

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://b71adb14a14f29496d7699916e80b9c7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 20 Jun 2023 07:44:35 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 36650
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 _gLG9aN8cjF7vXKbMeOxmtCOjM8PIsJVPzQXNT2dY7E.js Show response
pagead2.googlesyndication.com/bg/ Frame 7024 37 KB
14 KB 21ms
20ms Script
text/javascript 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/_gLG9aN8cjF7vXKbMeOxmtCOjM8PIsJVPzQXNT2dY7E.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

fe02c6f5a37c72317bbd729b31e3b19ad08e8ccf0f22c2553f3417353d9d63b1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Sun, 18 Jun 2023 08:56:49 GMT
content-encoding: br
x-content-type-options: nosniff
age: 168466
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14773
x-xss-protection: 0
last-modified: Mon, 05 Jun 2023 09:28:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Mon, 17 Jun 2024 08:56:49 GMT

GET
H3 200 container.html Show response
b71adb14a14f29496d7699916e80b9c7.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 0093 6 KB
3 KB 21ms
21ms Document
text/html 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://b71adb14a14f29496d7699916e80b9c7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306140101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.ensonhaber.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 3
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Tue, 20 Jun 2023 07:44:32 GMT
expires: Wed, 19 Jun 2024 07:44:32 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 0828 624 B
242 B 63ms
62ms Document
text/html 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxjglrvGATAB&v=APEucNWQI0PzooyrZUCFnpDvkz6LbZgOR0a0BcMoVbEG8Ryk9V_DmSk_QD0yJr85HN6ObY8q7S3TPxNJh2KMDHCksbr0-ndXizvBcuCZY7BsseiqjE_9uxwzNDYYFEe8P3T_idg70cQoXB2IhsotiNyOIFGB29gma4qybqjxklM2YZii2lq8KYgXC4248ZeGlgRUJfVKtA4e

Requested by

Host: b71adb14a14f29496d7699916e80b9c7.safeframe.googlesyndication.com
URL: https://b71adb14a14f29496d7699916e80b9c7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://b71adb14a14f29496d7699916e80b9c7.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: br
content-length: 222
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 20 Jun 2023 07:44:35 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 dv3.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame 0093 78 KB
27 KB 148ms
148ms Script
text/javascript 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/dv3.js

Requested by

Host: b71adb14a14f29496d7699916e80b9c7.safeframe.googlesyndication.com
URL: https://b71adb14a14f29496d7699916e80b9c7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

332d8e2d6964e41c92a430d24b1b469bfdcc30ad072f980b2e7adf241590886a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://b71adb14a14f29496d7699916e80b9c7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 07:44:35 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 28042
x-xss-protection: 0
server: cafe
etag: 3261498652431352696
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=600
timing-allow-origin: *
expires: Tue, 20 Jun 2023 07:44:35 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 0093 42 B
63 B 55ms
54ms Image
image/gif 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-AIhAHf9Yr0ne4kmAmQiD1U9xcK29F8BjRZLsxLC8ofmGAiDsZ_piwVClg5xkoN663OBvLYhCAnTVC3XTGtPA_O6lWY7VdFbIDMOr79AYpVnfClxXo

Requested by

Host: b71adb14a14f29496d7699916e80b9c7.safeframe.googlesyndication.com
URL: https://b71adb14a14f29496d7699916e80b9c7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://b71adb14a14f29496d7699916e80b9c7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 20 Jun 2023 07:44:35 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 0093 0
20 B 56ms
55ms Image
image/gif 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=fetch&cor=17011634607887369170&x=1&ct=77

Requested by

Host: b71adb14a14f29496d7699916e80b9c7.safeframe.googlesyndication.com
URL: https://b71adb14a14f29496d7699916e80b9c7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://b71adb14a14f29496d7699916e80b9c7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 20 Jun 2023 07:44:35 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230614/r20110914/client/ Frame 0093 3 KB
1 KB 21ms
20ms Script
text/javascript 2a00:1450:4001:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230614/r20110914/client/window_focus_fy2021.js

Requested by

Host: b71adb14a14f29496d7699916e80b9c7.safeframe.googlesyndication.com
URL: https://b71adb14a14f29496d7699916e80b9c7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://b71adb14a14f29496d7699916e80b9c7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Mon, 19 Jun 2023 14:15:14 GMT
content-encoding: br
x-content-type-options: nosniff
age: 62961
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 03 Jul 2023 14:15:14 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230614/r20110914/client/ Frame 0093 19 KB
8 KB 21ms
21ms Script
text/javascript 2a00:1450:4001:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230614/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: b71adb14a14f29496d7699916e80b9c7.safeframe.googlesyndication.com
URL: https://b71adb14a14f29496d7699916e80b9c7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3521f5e84dbf85e9b7a304002330fbccf347abc9d0a43765a1838336b8a98c0c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://b71adb14a14f29496d7699916e80b9c7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Mon, 19 Jun 2023 12:36:30 GMT
content-encoding: br
x-content-type-options: nosniff
age: 68885
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8120
x-xss-protection: 0
server: cafe
etag: 8171891181101138299
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 03 Jul 2023 12:36:30 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame 0093 0
0 30ms
29ms Image
text/html 2a00:1450:4001:813::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaQgfpIzHaEUqiQwiEejqjjv768wq0C8J0fOM2NKjQYDjK_vPcTwN7MWIi6enzfhFf6MTrQ7Afj7fCuCNYI2cO6xdDCs1w
Requested by: Host: b71adb14a14f29496d7699916e80b9c7.safeframe.googlesyndication.com
URL: https://b71adb14a14f29496d7699916e80b9c7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:813::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://b71adb14a14f29496d7699916e80b9c7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 0093 178 KB
56 KB 52ms
52ms Script
text/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: b71adb14a14f29496d7699916e80b9c7.safeframe.googlesyndication.com
URL: https://b71adb14a14f29496d7699916e80b9c7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e9032b8e95fc74d9ce9c069e76ffe86cb4046dc6ae863ffa8410cf445e5feaf3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://b71adb14a14f29496d7699916e80b9c7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 07:44:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 57029
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1686742752845198"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 20 Jun 2023 07:44:35 GMT

GET
H3 200 index.html Show response
s0.2mdn.net/sadbundle/4323423352959208367/ Frame 4642 15 KB
2 KB 80ms
34ms Document
text/html 2a00:1450:4001:827::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/4323423352959208367/index.html?e=69&leftOffset=0&topOffset=0&c=B7F3Ld39Cv&t=1&renderingType=2&ev=01_250

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_278.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0486d620f8c483ed0fa8b56edfef5799ede455138606b4392604174847199be2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://b71adb14a14f29496d7699916e80b9c7.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 2272
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
cross-origin-resource-policy: cross-origin
date: Tue, 20 Jun 2023 07:44:35 GMT
expires: Wed, 19 Jun 2024 07:44:35 GMT
last-modified: Thu, 16 Feb 2023 15:59:28 GMT
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-xss-protection: 0

GET
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame FD44 0
0 144ms
69ms Fetch
image/gif 142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsujDSIRJXV8S_Y24EBIRrjJ1-MJMTlk367tAXfmT_RZjL0ffxc04St7X0wTKvSUlK3Wc4eB0ecAbDX7mhyVzooPz52-tmWxHwbt6AhvKZ7zX-xDrI4YKnDpm8FMOJkQBK0m6uXr6nry0Lr02Kp9xJiXhbFIVLqinSeQka8ptS5-wThsoz3KilrwnDiJxH77SxtnfHjT2EAx1k4rldzEfe6fyIc4fMUdCShEjdZUEbt_kLPDWPMD9Pk5oSVv95qdsddwsJ0e7fe2Th0T2q6rTqWOW54gFJsp0_8nscJtHn6c69ZbjP5Y23o25VhB9dCM6Jt9MEf0LE_8C9XHAuPdytdtc_6sVuLjJDEO_L-fc-KVNdMwSPfMMzWpuvm0xk5knfG3T7j7cbVKI-EwxaSKUiFwkdzswNg5C1bOkDzJ_3dIidjhpCY_PQSzfuWvhNd4Xikq3E7kbJtLmu5F35qHINvFziCnb8uJotnllB6fwPs8KcWz6O8zNHjMO27NyzKXYDpFG6r5t3nI5f2KOSsg-ou3uWeuQJW5ksEhe3CaIOt28DBNznYx2crFVkutzCwxYwmB8cRaOgRx-2hvu6M8q4d8JFGpcAFuQisodre3C47bbNilyM9r8pasGBZ3IKFklV7_M_lSLnDT8mr458AAyBICZ8bT9NVgm8ZccTS6EC4PfNnfSPMxFmBxKfJnSyFyW_vaNhuG7jnV6j008m5xgHKCu4j-4riyGZbh3ZxKbLtQfODRqWCxRogpY94pwpPqHMpmYT3LRry5NFpUkjnswy05i70NN79zde5XZBWlAzbonjbh8UBAM1TlcWdj716edaEdrgIVqOLvvM6So52E19DndbEXi2ZA0f5K9SnkWAZg0SCLsSyA0PnTJVCDV2uaeis-zqxj5YUIWXlNFBh9TJ-NyYzxCa1G6sVifypKxknRK8Jam9g9Jy6P_HX43wKl1fRz7zRPhrhTb6DUBxhvaOFSqyNBo9Z-o58Jwx7vMmctj75OhND2nz7ZmETan2adg1tR1vIPZ7SxvUfFG95R-Uuz5W1aV1o-Mw82jH9U6wQ2zsZpHvX6kFOjf3PzeS_tHPpgAb9V7-lCi3CzEYrleV9s_BASqpja-VSzAJjz3squzSPrvlY_gFQvJPczPg2pgJ4CQqsqzQ7-4ilVRZ-Wu3-0YyoS_N2jTXzzgD1s_62kLmSasY7GKebmigUIgUmCx1eWXFLkJ1gQEUm4ZuNvr5G-mg6ykABZ_kfqKQUhYlxs-2GtGpMlUWp8ekQyrp14xSBDVCeRh__cQs4Uqb6ZoAUC8ycph_6Ljo_okDyPFZL6SeHxDt4pTVaaoCrcc6OEw4D5JiDSo9LK&sai=AMfl-YS6OURHeLvH_OeRz3ICxPGrDMBnMyRYcicWUvLdZ5sfZ4GhwO7X4Inra25p8RX_YdFLq7e3FQA4oZBi3Dt-rqcq3MHn1zZxmoZpHOqWDNVXtto4QS-GXgYg6z0XikkWjLxQ54AanPdlNpy8SO9SCETR1svO6fqn7_K4OvoJEirBqEMIJtQvTzwEVRccWbLHKlAez7FjxU4C5HwKjQdya3qn6Ergd1q4e6emYm8DLxsfGP3DDBEptMpVhfUJZK5SEPXmzVQ&sig=Cg0ArKJSzC74UYImWI-lEAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=179&cbvp=1&cstd=170&cisv=r20230614.34026&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&arae=0&ftch=1&adurl=

Requested by

Host: www.ensonhaber.com
URL: https://www.ensonhaber.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://b71adb14a14f29496d7699916e80b9c7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Tue, 20 Jun 2023 07:44:35 GMT
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
cache-control: private
access-control-allow-credentials: true
timing-allow-origin: *
expires: Tue, 20 Jun 2023 07:44:35 GMT

GET
H2 200 express_html_inpage_rendering_lib_200_278.js Show response
s0.2mdn.net/879366/ Frame F7F3 111 KB
39 KB 20ms
20ms Script
text/javascript 2a00:1450:4001:827::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_278.js

Requested by

Host: www.ensonhaber.com
URL: https://www.ensonhaber.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1642dd5dc126df4feff2255cba0988528507973d842d0a73331a5873f6b9d4e5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://b71adb14a14f29496d7699916e80b9c7.safeframe.googlesyndication.com/
Origin: https://b71adb14a14f29496d7699916e80b9c7.safeframe.googlesyndication.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Mon, 19 Jun 2023 10:17:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 77242
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 39806
x-xss-protection: 0
last-modified: Tue, 14 Mar 2023 18:44:05 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 20 Jun 2023 10:17:13 GMT

GET
H3 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20230614/r20110914/elements/html/ Frame F7F3 11 KB
4 KB 20ms
20ms Script
text/javascript 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20230614/r20110914/elements/html/omrhp.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-AwtjTr-W9bTQCWQLubuRblv262sT15R9ltNf9U4lbA9dWAgPTw4ZaC_QKe5tw32f7u9L3LahOBr70fYtmd9eQSexLyVaDi5Gegn7wrBnFJM2yUa90PTUq9SfxX16tzxZhTe2aFiaLI0vq0YAas2F00YONRtcZ4QQc-HZAA9cG5iFf1riY&dbm_d=AKAmf-DLu1HO_iIw3YZhELiEWJN5towjpBQ2oaYNTaXoaokiBj-GPSoCDYtRvi9JBmfWNMWSFLubrAevotIh7E6HMD_7_2HPR6f5TM7CV765hz_f2Nyvqi9qKWKgPx63K5AHnsxIjJO63B5IsxM4wuyEDK-HbdYcPKcXiCubuAvhjIncjeJXoNlw362L9aZS08zPJbG1F2QewU11nihBTHBT4htHyJnrR6KSUS03A4wIzjoys8plRV44X_ZsmLCuUGBZzzeicQOzmf2CACe3DzHzCts2GT69p1ePcThari8wK-nUtd7vhoLi4ePtAe3ZZs-5A4RS-HJ94cg0EDX_tOkw7UYQ5bFon6oH_hSLuHTujy8OVW2zeT2rcqCjb7wvWXLhNS3vyDK3_mYx5nR8FXSuqAotM8TW9wIh50Yg8dzHu9DnDy44e9rtHsEXbaUpC7w01oC_GQUfRg5oXHKyr3yHFoX9J8-CUD8I2rtTdoy6SQD6nVZeymRqTgjjTC85R6j-xY-dfi77KuULLTquo8KVSxhiTd_GE61O7Su0jyiWXdEWcqmxFlTgnSDRAcsFK238phxTbvlyN49sONySQi0V_sIGXRHxF9_B8a9YK81S24VxnrOZa1Y9mghB7KQDrOGIaR9UZsxgH6r9NvtfBDDIjMDkORz09kdNSZxbUGfGAmELF8TNYVIWucieKi-9sgU5mKgiiOz4hb9Ke1qzJEcZ06jkeDNaUV7M_BcSjSlFOpQnA2m6UJaPuKOBiq55YEkXDim560WxOSmm88RGEVGVrL3sWq61YgO_hAEy7Oj5Jbbz0zQH_O1JbdMh44tJmu9ibPid5OvQyzQOJq_MCszs-oISs68_IetXXRzEYZJ5S5IQS_7xLOojLwnWPT_WL6xoSIrSvVnPnZY7VsHXExU68wf4Cd3GX2PIhVgmtz44uhcF2akvY42gtoCqmQsam907mTq3Z2J6J88ZC1s0-rq7u-HnosEYu0XfV61DCzSeA5Mew7a7T5DCy2FocQR3Y3Y9238trp8pOfagPZ77UrDZl8W7KbwmSiVO3ZxJn2E-xxTZbrdSgEI7tMZWd1Gd8zjQDZLzGyQzPCKwdMvjIH3aDVRAQKM1CUxneGpmQkQ6fM5SVQgpv2zElJxbGxumZzVqj-dwq1csY--2nj92KFr7effTQlQHo6AohE97aVotip7Vv30bqq7fs5yeqbQYFZNcn5U89TafrCefo1V4038iAGBFL38lwLxl0PFx2n4kEzdPlKTDbLzcaRwHoEyaZdn0HbwIPGzoNC4knooxZlZ5guS2W52tbpY9meiUZHU2_CjMB8dNHNz1Fwmz1m9FNe06XpXVBuvE0KH0GCsS7dXym_mZ2bNBb07Nr7LhgM6wAYxXo9zmsWaMUdTNJl5nv7l_mDlFIW9ZrMm3YwfUaVG91-uDKoBslmzQL83_HDbeALI76O-A0AJ1WvIikydeVao0HLGH1HmOFD8cwr2aQX0D06JfYXg6IxJBWjues2QXGxUTYWUFKCdVz6ZxY6wsv69ypBsf9yFgZYD4I2dlDuhoy0LRfXA_dr0EtOeyTbljOT_W3hqU2Jud5y8WpE14lTMn-t2qvjbK3Ed8ujCk8v3-L1F6sZgAVjF-e-Hwhy-vhAygy3i--PxrZJMX17VmrB0TY2jZuXuPdBjXBcje3ine4svqHA6wqSHxcQVMa58aEzqR1qagMEhS-wkYodYJIYYq6EzzPW_5H0Vp7s-l0Xy2E6n8Aahnxpvbi7wva-837EezG8dl0kWKc-ygdTfRvmyChf79EdesIYo3-xaJI-SjaTjlftPHQVZRd8S0DBxNhNldDxgQhf03Eu4_RI5Y-DbwJ8_P1rxV5Lam6VEi5jOoZLnex_akghwn93J_0mWMavG6i6ogpVc1prSXIhWUpaf5h09ErYGT-_TNZa5VWdx3kGqiEwfJYMGSX9278-4HhiKzn2J4EF9f8eL_VB7eKFV_suigYa3mz1nMvellv7nCi0eVlNFchmWGxvs1f15shty-3ImpsnEu1mm3Fqn3RenKv00sCsYoquR1OEJNL4Lv7zsCjV7Rr6RHFrimpkB8piTG1Xt7lcjqyqcj_ridq6uHLUtgibX3golmBZkL3TxWO01QAAWcLzgQ0PZadFpOL4T_7zGLc9AZWGuSF5NmQ9WLqc445hyvk4r0TqmgRF5pW-n0tleEwyTDjSVih0dLN9DWLe0f3h48npBDcvFrrlr1hVAyalQh4ZUXUG98xz9MHf0Cv1rpnXEfK-pQtr0PJodzR_EhaU4DF5CpahvopKlUj7KbC1lNA3ANhIZq-3BrqIHxOa3jcf1TSx9rki5EW33g2S3jbZQ4IInPlqBtSGqr4fx2cYlLikRRdJ--yJoZ05zviwe0Az8x7_esHH5j0jIzzDdhy8Fz9WZ0KKcGsLK_PJbZCQ-lEMQ_2JQ5JtwoZ9rrJxiBaS-Tl9HvUQ_QrEZBXkEOv5ZnXZC8UkTAekfSPdc-hRW2sd7tWXdobgRgVr2z19Z0bGQL0UuTLM_uMYDsjFdR-Xo2dGCX_8i8V7hEhymFOgsDmS-zhm1F_KlBH0u9NkcHC_6ssb4TJCCdwiwX4atFc3yWjtiXtFXQJsJg3MKPmXb3TV8jcHxwF8P3dkdMwuCFd5puAGI1pjuAhiFqRzE-2HIhsW0DmnM-iQ0DZZO8wZTIPVGVt9NNQsa3Skk_FvROeXXMDvwL4xijnoSz7jjTrb1YjBAGa6zrJb71x5nS1JksoC5n3ecPF_dOuoxKGcSuqnyCo8LWgu5uBUdBVSttbO65E7gQCFw8depNbseauVb7UXjdXrtXBkGHndxwd2mPbywVjpeox6O9svjVp3Gtq84uG702EtaZZ_GQfZ_AyJGd-lZciyMhCPDrz2dMbncMm0AEf03fTZRqd5AseMQWRqaI7jKS3qSX9-aTbxMq6YmwbACFIOEB-z_OtRiVKLPKJiahXhNskdiwulxhPlUNyDX3fUurzso1CqF7GaOdVgM36Yz6JxqYMemP1xz-VLaR5bQ90gmNg1u_RGANE5OhnTx4SjhgkAfISQt7JiT4DjYlSuavaRDvIabwc0CO7e2Wy3wIQh4wnAZx523bA1sxg6NdK294FcVvY-hLhkbGjVHqB2jPcr2oASX0A0HnhMAuMWHRwrsSqY8EqS2W_o1Hrl_5yvrbYxRwZLHdbxlY0q56uFphBqLAHxvwuyVXQEIHASeF292FCn3OFFv0CwDt88hmiaNqNyBVlqtVZg6lCoF7jdD-GCQgaoo8qzmOGDsz_19jzB-ZehiOd84vFWtyWqcT1DcaEw7EQv2-PDij_xnRVZQ1pYY_Q5NOKfiKKPtrtnOVy2KhCox8ar0M5Uq8cCTgFNtizFh1UrYB4zOHNLjaEUCyp0vSTWC6E0DkSBAgioaDWndKScwJHLnYWaGwowLWd1mti3cv1QYGgJfcbcfArGR7Ry6aqF3TwrluEvfFHYq1EbgdxI4Ee2QUjfeHsYyToynVHmsuOnME5ZT9ek08vq7UQ6boKs1m__hbMJlNj7bYjA5Ot1qMPDdT4iUtP-lTBwZQHhMWefLRSmIT0Yt1Jd70FCrkF6aEXKepMOGfnvYzdtqFocozFz5919CbJSVSCpzh57KkanKZJr5u9zcdNdLqGqil2mQQ6pEiOj2ngmRoXhGCHONdfumd3p8emX5ZyqNOorI0d42rhY5LyAq3QWvMv63yNn__CYzBBRAUxQ&cid=CAQSOwBygQiDC3F0SrAA98uiCPYDD6MeUQuHz_FEgFX3oouMQe0CJQuIHeQzL9fTesqbIIKxyOvSaqjz77SJGAE&dv3_ver=m202301230201&rfl=https%3A%2F%2Fwww.ensonhaber.com%2F&ds=l&xdt=1&iif=1&cor=14208215394320996000&adk=3047537735&idt=281&cac=0&dtd=2

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7ff9993d3bf21821aa4aab3b5958b4d9ba3fd3a3aa92f5830a24d3ee259f4851

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://b71adb14a14f29496d7699916e80b9c7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Mon, 19 Jun 2023 17:40:25 GMT
content-encoding: br
x-content-type-options: nosniff
age: 50650
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4172
x-xss-protection: 0
server: cafe
etag: 5499578052516643378
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 03 Jul 2023 17:40:25 GMT

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20230614/r20110914/ Frame F7F3 29 KB
11 KB 20ms
20ms Script
text/javascript 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20230614/r20110914/abg_lite.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

bb86be0538b5ef8bb7fabe6cfdcc28f99687242fbecab81a9a2a72d92931594a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://b71adb14a14f29496d7699916e80b9c7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Mon, 19 Jun 2023 17:40:25 GMT
content-encoding: br
x-content-type-options: nosniff
age: 50650
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11316
x-xss-protection: 0
server: cafe
etag: 309758756414748794
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 03 Jul 2023 17:40:25 GMT

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame F7F3 41 KB
15 KB 20ms
20ms Script
text/javascript 2a00:1450:4001:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: www.ensonhaber.com
URL: https://www.ensonhaber.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://b71adb14a14f29496d7699916e80b9c7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 07:39:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 302
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 19 Jun 2024 07:39:33 GMT

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 1950 1 KB
643 B 21ms
21ms Document
text/html 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: b71adb14a14f29496d7699916e80b9c7.safeframe.googlesyndication.com
URL: https://b71adb14a14f29496d7699916e80b9c7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://b71adb14a14f29496d7699916e80b9c7.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 66325
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=86400
content-encoding: br
content-length: 618
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 19 Jun 2023 13:19:10 GMT
etag: 48472445140208031
expires: Tue, 20 Jun 2023 13:19:10 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame F7F3 213 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 2ea99e88dd51aae99199885735daab92b52e49a02ffefc5be4f9e2c00ca07cdf

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Content-Type: image/png

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 0828
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEIfeVe9pXHOmaL6jzvvAAs4&google_cver=1

43 B
632 B

22ms
22ms

Image
image/gif

185.80.39.216
CASALE-MEDIA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEIfeVe9pXHOmaL6jzvvAAs4&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxjglrvGATAB&v=APEucNWQI0PzooyrZUCFnpDvkz6LbZgOR0a0BcMoVbEG8Ryk9V_DmSk_QD0yJr85HN6ObY8q7S3TPxNJh2KMDHCksbr0-ndXizvBcuCZY7BsseiqjE_9uxwzNDYYFEe8P3T_idg70cQoXB2IhsotiNyOIFGB29gma4qybqjxklM2YZii2lq8KYgXC4248ZeGlgRUJfVKtA4e
Protocol: HTTP/1.1
Server: 185.80.39.216 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 20 Jun 2023 07:44:35 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: image/gif
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=497
Content-Length: 43
Expires: 0

Redirect headers

pragma: no-cache
date: Tue, 20 Jun 2023 07:44:35 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEIfeVe9pXHOmaL6jzvvAAs4&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 0828
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZJFY4he.Xz1H7v7FyXnlvgAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEIfeVe9pXHOmaL6jzvvAAs4&google_cver=1&google_hm=2

43 B
632 B

22ms
22ms

Image
image/gif

185.80.39.216
CASALE-MEDIA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEIfeVe9pXHOmaL6jzvvAAs4&google_cver=1&google_hm=2
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxjglrvGATAB&v=APEucNWQI0PzooyrZUCFnpDvkz6LbZgOR0a0BcMoVbEG8Ryk9V_DmSk_QD0yJr85HN6ObY8q7S3TPxNJh2KMDHCksbr0-ndXizvBcuCZY7BsseiqjE_9uxwzNDYYFEe8P3T_idg70cQoXB2IhsotiNyOIFGB29gma4qybqjxklM2YZii2lq8KYgXC4248ZeGlgRUJfVKtA4e
Protocol: HTTP/1.1
Server: 185.80.39.216 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 20 Jun 2023 07:44:35 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: image/gif
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=496
Content-Length: 43
Expires: 0

Redirect headers

pragma: no-cache
date: Tue, 20 Jun 2023 07:44:35 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEIfeVe9pXHOmaL6jzvvAAs4&google_cver=1&google_hm=2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 329
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

setuid
ib.adnxs.com/ Frame 0828
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESEDgXcm-zH0uQPzpOETA-3bg&google_cver=1

43 B
1 KB

22ms
22ms

Image
image/gif

37.252.171.21
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/setuid?entity=101&code=CAESEDgXcm-zH0uQPzpOETA-3bg&google_cver=1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxjglrvGATAB&v=APEucNWQI0PzooyrZUCFnpDvkz6LbZgOR0a0BcMoVbEG8Ryk9V_DmSk_QD0yJr85HN6ObY8q7S3TPxNJh2KMDHCksbr0-ndXizvBcuCZY7BsseiqjE_9uxwzNDYYFEe8P3T_idg70cQoXB2IhsotiNyOIFGB29gma4qybqjxklM2YZii2lq8KYgXC4248ZeGlgRUJfVKtA4e

Protocol

HTTP/1.1

Server

37.252.171.21 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

1004.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 20 Jun 2023 07:44:35 GMT
AN-X-Request-Uuid: 14c00a24-b62e-4fdf-8488-b3266027eadc
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: image/gif
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
X-Proxy-Origin: 217.114.215.133; 217.114.215.133; 1004.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
Content-Length: 43
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Tue, 20 Jun 2023 07:44:35 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://ib.adnxs.com/setuid?entity=101&code=CAESEDgXcm-zH0uQPzpOETA-3bg&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 290
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 0828
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=ODU1MDQ3NjcxNjEzODIxODY3

170 B
188 B

32ms
32ms

Image
image/png

172.217.23.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=ODU1MDQ3NjcxNjEzODIxODY3

Requested by

Protocol

Server

172.217.23.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

mil04s23-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 20 Jun 2023 07:44:35 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date: Tue, 20 Jun 2023 07:44:35 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Connection: keep-alive
X-Proxy-Origin: 217.114.215.133; 217.114.215.133; 1004.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
Content-Length: 0
X-XSS-Protection: 0
Pragma: no-cache
AN-X-Request-Uuid: f0ca1999-b0f7-4174-99e3-d650ccf2ae96
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: text/html; charset=utf-8
Access-Control-Allow-Origin: *
Location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=ODU1MDQ3NjcxNjEzODIxODY3
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3 200 index.html Show response
s0.2mdn.net/sadbundle/14103280447981269710/ Frame 392C 4 KB
1 KB 22ms
22ms Document
text/html 2a00:1450:4001:827::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/14103280447981269710/index.html?ev=01_250

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_278.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8a5bca62160bb102fbbebf38f9272c9c980e61b8f41c8977c1d0530a830dd7f8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://b71adb14a14f29496d7699916e80b9c7.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
age: 249711
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 1498
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
cross-origin-resource-policy: cross-origin
date: Sat, 17 Jun 2023 10:22:44 GMT
expires: Sun, 16 Jun 2024 10:22:44 GMT
last-modified: Wed, 26 Oct 2022 05:43:32 GMT
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-xss-protection: 0

GET
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame F7F3 0
0 68ms
68ms Fetch
image/gif 142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsvJiM4aqhOccPDhBC8NUwFJFNQT5zMqRN57FjnKevONYAPejTOvJly8Lq4wSbxBo2auzyU6airwgoidog4EEU1HI_4Hpe5Ib2AxhCPMAreSMHSJYZ5eD_8_a2aQUikAlX4HGYQQYTKV-oMsnI0A2FhLBwISNnBtZ3t1NylpArHQZ5y79pzfvZycsnLPL5icpYF4HS07mho1K2dTt_An1dQCMj6a7b7uWTuIwRx3oZJYO48KDPjulzsWfggLSlGN4OV6J6IOmPaYDVQ-S1g449gZSbfiAqBFh8TgcCG-WqWDB5DwXp6sc8Xakc2hTLvr9TSaKscczp4fQ0kvksmZh1uUzJMh4Wp5nLj93o3-DOKlQFSCx1Uz1ZhVLgLg48cZSCT14GQ8MnjAwOZVZqmGRcR_1OgQjdGZqg3g2brSDvTX1YmnEPryRynJUORTd2C1u3qtQNGimHLZC-4RDu30T_m6sLDVdL2UBnBfMAlupZ9HBU9h5dWAEDwPtIZZ9INIhLUcTojYFhWu81yginS4ajg8A_gqwdDOv7_PgpKZqCvbJpJ7N7FiK9MQkOyx_6mG1Q_tuSib6TFp2l37ezOQAzvjbtxvr6jov2Bccjv-yWGnMWeyYZz0IiVGoWXicUahzHEHgdo-aRkpLkVd4JZuSuZb1bjY6nPykArdLagEfCq22Nl4bY3zcDB2g3Vx8VKgMQmAcMBW2Wu6RrgrHNsJkKBDcZluHbMXqnf-ZJQ_R5yD6TfUaSf6mCTnjgZirHJ9Pmhba8vvzYTmbfz339_JnyoUEQFbijyCHbNU7d2i56GwIykS9IFy-1c1uNeCOG_YCGSle4ODwopLQwZn8Kt5wFjuXCxH4hANHKO0GBxabDdLlUxKn0aMObwpxye-08zqcBFD5ThycrSHZDpz-Y-PvuMYK9n6i5nf-g0tv09NPSt7xSmsbTCphuRDC_aWDIps673AuXwVd696X6S3bUWiUJM7eSOqRVWcuaE2ZUOAMgxb70-I-w7u-tBWY3ZACYBGV2Fb6Za2_NzTr8lLdeiRDv_D8JjrXyuZAVGMw9y-dNfW3vZZ1FD0lgMMV4n-dLBjuj5KTMiGVcbKdIE6fHaIgKSxU0X8ijnV6uN19Xt1x79p91PrMBM-rINtqDUJfG5ZrxwSN7JSDsRbdA5C7zAaovPLP99M0uFBgWAsrYtd3827npJvA0418eT8zI76uYVku70wK7eo0zU57ESTGpHoaqNpMMo8hjEXtIXNL6hhTPPtIEqZY0r-R2ssroDCVRI8PXkbHAsavBHiC_V6jfSPS6nZ4K4BI5Lif8B44SbZpQ0gTd7RyQ8PhfnyJIJvBspWC2iYv5s&sai=AMfl-YQcT9o8t5bIdXf3ls6cVpbUO-o6KLtHKbBjAYijgVSvtFDRVPM0SUhpAA5p_wW7bg5a6G0n_Ub9cTuHCkD01kDRnenKpRQ1ecEoD9mgvMw_lfBvM0f2fte9nXe2FMQpFvPT4h-NoDZuaiWUfRjEIksgPh9ewbRdS81VZ06Sn0kMVgWmLbug8PbsimA3n3Q3kdsnqJI_dBBLJKkMOm7y5yX8e6953ahbzRfZmS-3xbZ8YgLIkN6gcju6eUFBapZS5jcX&sig=Cg0ArKJSzNvct2tkXkMxEAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=79&cbvp=1&cstd=77&cisv=r20230614.12691&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&arae=0&ftch=1&adurl=

Requested by

Host: www.ensonhaber.com
URL: https://www.ensonhaber.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://b71adb14a14f29496d7699916e80b9c7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Tue, 20 Jun 2023 07:44:35 GMT
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
cache-control: private
access-control-allow-credentials: true
timing-allow-origin: *
expires: Tue, 20 Jun 2023 07:44:35 GMT

GET
H/1.1

200
OK

px.gif
d.adtriba.com/ Frame F7F3
Redirect Chain

https://d.adtriba.com/collect?atb_ptid=f65079e0&atb_dcaid=202210_es_hunger_dv_pros_347637949&atb_dpuid=di_dv&gdpr=&gdpr_consent=
https://d.adtriba.com/px.gif

42 B
227 B

23ms
23ms

Image
image/gif

52.57.130.34
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://d.adtriba.com/px.gif
Requested by: Host: b71adb14a14f29496d7699916e80b9c7.safeframe.googlesyndication.com
URL: https://b71adb14a14f29496d7699916e80b9c7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: HTTP/1.1
Server: 52.57.130.34 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-57-130-34.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.1 /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://b71adb14a14f29496d7699916e80b9c7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Date: Tue, 20 Jun 2023 07:44:35 GMT
Cache-Control: public, max-age=86400
Server: nginx/1.16.1
Connection: keep-alive
Content-Length: 42
Content-Type: image/gif

Redirect headers

Date: Tue, 20 Jun 2023 07:44:35 GMT
Last-Modified: Tue, 20 Jun 2023 07:44:35 GMT
Server: nginx/1.16.1
P3P: CP="This is not a P3P policy! See https://www.adtriba.com/privacy-policy.html for more info."
Location: /px.gif
Cache-Control: no-cache, no-store, must-revalidate
Connection: keep-alive
Content-Length: 0
Expires: Sat, 01 Jan 2000 01:00:00 GMT

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame 3873 22 KB
8 KB 21ms
21ms Document
text/html 2a00:1450:4001:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://b71adb14a14f29496d7699916e80b9c7.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 319401
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 8395
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Fri, 16 Jun 2023 15:01:14 GMT
expires: Sat, 15 Jun 2024 15:01:14 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 1676550659977.css
s0.2mdn.net/sadbundle/4323423352959208367/ Frame 4642 9 KB
2 KB 25ms
24ms Stylesheet
text/css 2a00:1450:4001:827::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/4323423352959208367/1676550659977.css

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/4323423352959208367/index.html?e=69&leftOffset=0&topOffset=0&c=B7F3Ld39Cv&t=1&renderingType=2&ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ac546194565bbef33495adfd3072005ecb03e2563f484d0228435a8c4ac42f51

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/4323423352959208367/index.html?e=69&leftOffset=0&topOffset=0&c=B7F3Ld39Cv&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Sat, 17 Jun 2023 02:05:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 279566
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2321
x-xss-protection: 0
last-modified: Thu, 16 Feb 2023 15:59:28 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 16 Jun 2024 02:05:09 GMT

GET
H3 200 Enabler_01_247.js Show response
s0.2mdn.net/879366/ Frame 4642 118 KB
40 KB 23ms
23ms Script
text/javascript 2a00:1450:4001:827::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/Enabler_01_247.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/4323423352959208367/index.html?e=69&leftOffset=0&topOffset=0&c=B7F3Ld39Cv&t=1&renderingType=2&ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e2ec81b19233fd4cd6ef5adcb45c0cbec6bd5673716ba0454ce56b67486ece46

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/4323423352959208367/index.html?e=69&leftOffset=0&topOffset=0&c=B7F3Ld39Cv&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 07:18:46 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1549
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 41099
x-xss-protection: 0
last-modified: Mon, 27 Sep 2021 18:45:07 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 21 Jun 2023 07:18:46 GMT

GET
H3 200 1676550659977.js Show response
s0.2mdn.net/sadbundle/4323423352959208367/ Frame 4642 20 KB
5 KB 33ms
33ms Script
application/x-javascript 2a00:1450:4001:827::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/4323423352959208367/1676550659977.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/4323423352959208367/index.html?e=69&leftOffset=0&topOffset=0&c=B7F3Ld39Cv&t=1&renderingType=2&ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cff8001763a4cb0cb81352e07fb9927790673baaeda29140c072f30c5933cf10

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/4323423352959208367/index.html?e=69&leftOffset=0&topOffset=0&c=B7F3Ld39Cv&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Sat, 17 Jun 2023 15:53:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 229853
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 5491
x-xss-protection: 0
last-modified: Thu, 16 Feb 2023 15:59:28 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 16 Jun 2024 15:53:42 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 1950
Redirect Chain

https://pm.w55c.net/ping_match.gif?ei=GOOGLE&rurl=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3D9675309%26google_hm%3D_wfivefivec64esc_&google_gid=CAESEM5Xmv7GBQWdq-ts3Nm-hy8&google_cve...
https://pm.w55c.net/ping_match.gif?scc=1&ei=GOOGLE&rurl=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3D9675309%26google_hm%3D_wfivefivec64esc_&google_gid=CAESEM5Xmv7GBQWdq-ts3Nm-hy8&goog...
https://cm.g.doubleclick.net/pixel?google_nid=9675309&google_hm=bHk5aE4zT2oxUWJ3MnY1&google_gid=CAESEM5Xmv7GBQWdq-ts3Nm-hy8&google_cver=1&google_push=ATf1kGMQG3w7_aGpIIcOGRrSiVhdkhh7zOn5N7MVhDtYonT...

170 B
188 B

35ms
35ms

Image
image/png

172.217.23.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=9675309&google_hm=bHk5aE4zT2oxUWJ3MnY1&google_gid=CAESEM5Xmv7GBQWdq-ts3Nm-hy8&google_cver=1&google_push=ATf1kGMQG3w7_aGpIIcOGRrSiVhdkhh7zOn5N7MVhDtYonTEbjvGgvwGfJR5Wy5cGzC5mLUQgxqzjuT9aAa1rb2uIXzsgS3oqArM

Requested by

Host: b71adb14a14f29496d7699916e80b9c7.safeframe.googlesyndication.com
URL: https://b71adb14a14f29496d7699916e80b9c7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Server

172.217.23.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

mil04s23-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 20 Jun 2023 07:44:35 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Tue, 20 Jun 2023 07:44:35 GMT
Strict-Transport-Security: max-age=2592000; includeSubDomains
Server: PingMatch/v2.0.30-780-gdfb6b2e#rel-ec2-master i-0825292e05e7a278e@eu-central-1a@dxedge-app-eu-central-1-prod-asg
Location: https://cm.g.doubleclick.net/pixel?google_nid=9675309&google_hm=bHk5aE4zT2oxUWJ3MnY1&google_gid=CAESEM5Xmv7GBQWdq-ts3Nm-hy8&google_cver=1&google_push=ATf1kGMQG3w7_aGpIIcOGRrSiVhdkhh7zOn5N7MVhDtYonTEbjvGgvwGfJR5Wy5cGzC5mLUQgxqzjuT9aAa1rb2uIXzsgS3oqArM
Cache-Control: no-cache, must-revalidate
Connection: keep-alive
Content-Length: 0
Expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 1950
Redirect Chain

https://sync.mathtag.com/sync/img?mt_exid=4&google_gid=CAESECDgBKlMox_t40ZZ_ndI66Q&google_cver=1&google_push=ATf1kGNBehyB73yWRZxEP44Yi5HHh60nceDfXP0tsvqPdFk1gL1bAt6ebrYCKeLQgcLMGMFxZwwP3S3bCyNCLFyy...
https://cm.g.doubleclick.net/pixel?google_nid=mediamath&google_hm=&google_push=ATf1kGNBehyB73yWRZxEP44Yi5HHh60nceDfXP0tsvqPdFk1gL1bAt6ebrYCKeLQgcLMGMFxZwwP3S3bCyNCLFyy4rmidnf0C0o

170 B
188 B

32ms
32ms

Image
image/png

172.217.23.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=mediamath&google_hm=&google_push=ATf1kGNBehyB73yWRZxEP44Yi5HHh60nceDfXP0tsvqPdFk1gL1bAt6ebrYCKeLQgcLMGMFxZwwP3S3bCyNCLFyy4rmidnf0C0o

Requested by

Host: b71adb14a14f29496d7699916e80b9c7.safeframe.googlesyndication.com
URL: https://b71adb14a14f29496d7699916e80b9c7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Server

172.217.23.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

mil04s23-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 20 Jun 2023 07:44:35 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date: Tue, 20 Jun 2023 07:44:35 GMT
Server: MT3 1031 59fd23a master zrh zrh-pixel-x3 config_version:"1524"
Content-Type: image/gif
Access-Control-Allow-Origin: *
location: https://cm.g.doubleclick.net/pixel?google_nid=mediamath&google_hm=&google_push=ATf1kGNBehyB73yWRZxEP44Yi5HHh60nceDfXP0tsvqPdFk1gL1bAt6ebrYCKeLQgcLMGMFxZwwP3S3bCyNCLFyy4rmidnf0C0o
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control: no-cache
Connection: keep-alive
Keep-Alive: timeout=360
Content-Length: 0
Expires: Tue, 20 Jun 2023 07:44:34 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 1950
Redirect Chain

https://pr-bh.ybp.yahoo.com/sync/adx?google_gid=CAESENtFoNJNGDNoK80sqYWy9hc&google_cver=1&google_push=ATf1kGODCi0czaUAVRC3I5k6zkwWQ9WAIKBgPhjY8Q8A7orp4sfXN3Scdr9U0Zhf1gkbew_-Hb9HHWFA9qIYITju-Ha7cuV...
https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=ATf1kGODCi0czaUAVRC3I5k6zkwWQ9WAIKBgPhjY8Q8A7orp4sfXN3Scdr9U0Zhf1gkbew_-Hb9HHWFA9qIYITju-Ha7cuVM9rLG&google_hm=eS11QmQ3SzlsRTJwRnVUaH...

170 B
188 B

33ms
33ms

Image
image/png

172.217.23.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=ATf1kGODCi0czaUAVRC3I5k6zkwWQ9WAIKBgPhjY8Q8A7orp4sfXN3Scdr9U0Zhf1gkbew_-Hb9HHWFA9qIYITju-Ha7cuVM9rLG&google_hm=eS11QmQ3SzlsRTJwRnVUaHZlTGxQNHFEc2xsUFhDRVRrOH5B

Protocol

Server

172.217.23.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

mil04s23-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 20 Jun 2023 07:44:35 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Tue, 20 Jun 2023 07:44:35 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
server: ATS
content-security-policy: sandbox; default-src 'self'; script-src 'none'; object-src 'none'; report-uri http://csp.yahoo.com/beacon/csp?src=generic
age: 0
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-frame-options: DENY
location: https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=ATf1kGODCi0czaUAVRC3I5k6zkwWQ9WAIKBgPhjY8Q8A7orp4sfXN3Scdr9U0Zhf1gkbew_-Hb9HHWFA9qIYITju-Ha7cuVM9rLG&google_hm=eS11QmQ3SzlsRTJwRnVUaHZlTGxQNHFEc2xsUFhDRVRrOH5B
content-length: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 1950
Redirect Chain

https://d5p.de17a.com/cookies/google?google_gid=CAESEMimMjaKxa2O2dz-4jLs-PE&google_cver=1&google_push=ATf1kGMTtPa-Xs8s7Y7JsrMuzIiABynvwevWy21RCHFzA3_V1mbyoKp9xafEsX6YyUAo3Quzm16vRu_PDu8eTYDBj7AMfmi...
https://d5p.de17a.com/cookies/google;c?google_gid=CAESEMimMjaKxa2O2dz-4jLs-PE&google_cver=1&google_push=ATf1kGMTtPa-Xs8s7Y7JsrMuzIiABynvwevWy21RCHFzA3_V1mbyoKp9xafEsX6YyUAo3Quzm16vRu_PDu8eTYDBj7AMf...
https://cm.g.doubleclick.net/pixel?google_nid=delta_projects_ab&google_ula=668382&google_push=ATf1kGMTtPa-Xs8s7Y7JsrMuzIiABynvwevWy21RCHFzA3_V1mbyoKp9xafEsX6YyUAo3Quzm16vRu_PDu8eTYDBj7AMfmi4cnCJ

170 B
188 B

33ms
32ms

Image
image/png

172.217.23.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=delta_projects_ab&google_ula=668382&google_push=ATf1kGMTtPa-Xs8s7Y7JsrMuzIiABynvwevWy21RCHFzA3_V1mbyoKp9xafEsX6YyUAo3Quzm16vRu_PDu8eTYDBj7AMfmi4cnCJ

Protocol

Server

172.217.23.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

mil04s23-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 20 Jun 2023 07:44:35 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=delta_projects_ab&google_ula=668382&google_push=ATf1kGMTtPa-Xs8s7Y7JsrMuzIiABynvwevWy21RCHFzA3_V1mbyoKp9xafEsX6YyUAo3Quzm16vRu_PDu8eTYDBj7AMfmi4cnCJ
content-length: 0
p3p: CP=NON CURa ADMa DEVa TAIa OUR STP IND UNI COM NAV

GET
H2

200

cookiematch.aspx
dis.criteo.com/dis/rtb/google/ Frame 1950
Redirect Chain

https://dis.criteo.com/dis/usersync.aspx?r=4&p=14&cp=google&cu=1&url=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcjp%26google_hm%3D%40%40CRITEO_USERID%40%40%26google_push%3DPUSH_DATA&...
https://cm.g.doubleclick.net/pixel?google_nid=cjp&google_hm=k-KPWkzHvG9O_kkgrIAi89zqBOZTyBFYbqu9fUFw&google_push=PUSH_DATA
https://dis.criteo.com/dis/rtb/google/cookiematch.aspx?id=&google_error=5

43 B
368 B

31ms
31ms

Image
image/gif

178.250.7.11
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dis.criteo.com/dis/rtb/google/cookiematch.aspx?id=&google_error=5

Requested by

Host: b71adb14a14f29496d7699916e80b9c7.safeframe.googlesyndication.com
URL: https://b71adb14a14f29496d7699916e80b9c7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Server

178.250.7.11 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 20 Jun 2023 07:44:35 GMT
strict-transport-security: max-age=31536000; preload;
server: Kestrel
p3p: CP='NON DSP COR CURa PSA PSD OUR BUS NAV STA'
content-type: image/gif
cache-control: no-cache
cross-origin-resource-policy: cross-origin
server-processing-duration-in-ticks: 87393
timing-allow-origin: *
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma: no-cache
date: Tue, 20 Jun 2023 07:44:35 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dis.criteo.com/dis/rtb/google/cookiematch.aspx?id=&google_error=5
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 274
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 204 v1
match.sharethrough.com/E4rooAtA/ Frame 1950 0
362 B 66ms
21ms Image
text/plain 35.157.246.107
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.sharethrough.com/E4rooAtA/v1?google_gid=CAESEEuiZqQRiOP0KyRgz94ks4E&google_cver=1&google_push=ATf1kGP96JF7-DsmVtHf069jje42EiDqOmgXaA27bbkjXTsoEnsOkwBBOdXfszNk3KwtUtJi6d90YVzKhg0T2d0lAlsbWf0EXsDHrA
Requested by: Host: b71adb14a14f29496d7699916e80b9c7.safeframe.googlesyndication.com
URL: https://b71adb14a14f29496d7699916e80b9c7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.157.246.107 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-35-157-246-107.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 07:44:35 GMT

GET
H2

200

/
onetag-sys.com/match/ Frame 1950
Redirect Chain

https://onetag-sys.com/match/?int_id=106&redir=1&google_gid=CAESEInUctipgKiuy2n06mfjCQQ&google_cver=1&google_push=ATf1kGOXcCphf0EKMFuLnL0lKwe4J5DpxLO0jdXmgerW7q51nESJXqe9ljxdS5IBIXs7YFxxw9jWaLC7YsD...
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=ATf1kGOXcCphf0EKMFuLnL0lKwe4J5DpxLO0jdXmgerW7q51nESJXqe9ljxdS5IBIXs7YFxxw9jWaLC7YsD8anGfSNKjmgicoSuXAw
https://onetag-sys.com/match/?int_id=19&google_error=5

0
151 B

22ms
22ms

Image
text/plain

51.75.86.98
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://onetag-sys.com/match/?int_id=19&google_error=5

Requested by

Host: b71adb14a14f29496d7699916e80b9c7.safeframe.googlesyndication.com
URL: https://b71adb14a14f29496d7699916e80b9c7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Server

51.75.86.98 , France, ASN16276 (OVH, FR),

Reverse DNS

ip98.ip-51-75-86.eu

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

strict-transport-security: max-age=15552000
cache-control: no-transform, no-cache
content-length: 0
p3p: CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'

Redirect headers

pragma: no-cache
date: Tue, 20 Jun 2023 07:44:35 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://onetag-sys.com/match/?int_id=19&google_error=5
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 255
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame 1950 0
12 B 30ms
30ms Image
text/html 172.217.23.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13LBUwI43rKTdauyzKoAnW5C9fcQEfLBmvIUE93nbz5ThbzKGMPv8TyR9yGQkevurhioGh63EIs

Requested by

Host: b71adb14a14f29496d7699916e80b9c7.safeframe.googlesyndication.com
URL: https://b71adb14a14f29496d7699916e80b9c7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.23.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

mil04s23-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 07:44:35 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H3 200 styles.css
s0.2mdn.net/sadbundle/14103280447981269710/ Frame 392C 789 B
432 B 26ms
26ms Stylesheet
text/css 2a00:1450:4001:827::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/14103280447981269710/styles.css

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/14103280447981269710/index.html?ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e19da779b23c8066f45e8f872b925c40f67b655c84bd35a4ff227e436bf97097

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/14103280447981269710/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Wed, 14 Jun 2023 19:49:06 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 474929
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 403
x-xss-protection: 0
last-modified: Wed, 26 Oct 2022 05:43:32 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 13 Jun 2024 19:49:06 GMT

GET
H3 200 tweenmax_1.19.0_643d6911392a3398cb1607993edabfa7_min.js Show response
s0.2mdn.net/ads/studio/cached_libs/ Frame 392C 109 KB
37 KB 33ms
33ms Script
text/javascript 2a00:1450:4001:827::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/ads/studio/cached_libs/tweenmax_1.19.0_643d6911392a3398cb1607993edabfa7_min.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/14103280447981269710/index.html?ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

36c0ec05d79bd9d3164effc3eca0f1962cd6f82bb1f41cb212e080910be24153

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/14103280447981269710/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 07:44:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 0
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 37530
x-xss-protection: 0
last-modified: Tue, 06 Sep 2016 20:51:14 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=0
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 20 Jun 2023 07:44:35 GMT

GET
H3 200 main.js Show response
s0.2mdn.net/sadbundle/14103280447981269710/ Frame 392C 4 KB
1 KB 27ms
26ms Script
application/x-javascript 2a00:1450:4001:827::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/14103280447981269710/main.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/14103280447981269710/index.html?ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

73a53ced60c480d9aed1b4b68934142e67122a3c1f9509fd1e8637c559db6275

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/14103280447981269710/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Sat, 17 Jun 2023 22:00:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 207842
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1369
x-xss-protection: 0
last-modified: Wed, 26 Oct 2022 05:43:32 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 16 Jun 2024 22:00:33 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 0093 0
20 B 54ms
54ms Ping
image/gif 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=running&ord=4199771520010&version=m202301230201

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://b71adb14a14f29496d7699916e80b9c7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 20 Jun 2023 07:44:35 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 0093 0
20 B 54ms
54ms Ping
image/gif 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tlbr&ord=4199771520010&version=m202301230201&ct=77&x=1&cor=17011634607887368000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://b71adb14a14f29496d7699916e80b9c7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 20 Jun 2023 07:44:35 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 0093 15 KB
11 KB 66ms
65ms Script
text/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-Dfd2dXIAtQKdnFANEMjFVlxh7icQZPw12IvkIbt9cdjUg4jfIIVxuQmFgKG89tBQjueK37c0d_qNcEwg8Y0y8DFP0Nxw6pcpQLgJLM_HQUHDxsfZONjSVUUqoZOoOixGdlY8py1QorDVfpCIqgDYC0KIXPr-1fmaf7aucol0Bplg3fhqU&cry=1&dbm_d=AKAmf-D01MUScK6CjLAmyDaPsnImWw1gyAv0WfjeH6CYhnhKmHrCFnf_t29PncwZTbGzjqguYqplCX1hYXgYaENryzaWQANJYkdDMkCmuIagzJi9AFCqKBvR-37NcgayRjuZOLPBLWWLrMplzOYKU-el80VB-9SlIgCkptynWPAQ1vgb73D1XW3cuNOXV4KJ9IGraa3ZSmREqRFXDcgFp1j3CXemeFD6OcYcIqfvxMZcVuThO9Et09w-xISAfwcnZfouNXvHrOKTQDBOVdURbWQZjw7M_cDjxTwaqV8CZ0ackfh0gv11LAZN0cVURXvc98rB94fAQewfPPDbWwcOrM4l8vtFKMZ9JLbSRJ8XQEs-wC9qwMhgWZ4Ed3ycUhCdcIu4Aot3kcaDq4GEwfvt_f8J6egZdLyDTRNS1Mu730obMrmSLbDJ0UBCT52Db3mmmD3wnCAun9xR1arsjLu6zFeeMQCbaLd0Js8fhhT17OLXyRUd591LO4p4fkVufHtMmWctkBfeD3rtdwfuZl-e6ijKE9EMpd7VfD-FV3TytOIZtTD9sQveEdN-wkf38Pi0oX4xzFiCTEkqWjRKTyXpfMIHfFJWPgt_YkdrOavXAm_WUS4XLYtNGz6nWoSiV-xKgfHkWYIIi-iAvOU7F-teBqlVeqmKBy7nkC8vRzgBkcDb8YJFJJ58_opxZytD1iUbjbM9IO3hWMV77iALLyGTdQzLBYVWgeHenvzIjLp7-mUqiad1MwnbgqyL_oUHV6wF0p-IBJy5wLU6N8uO2Wd4mRN8M3kAWc2Rcsgd3yvRYAy8MD5GK3L6g3m4QG7I1i_kANKE_6K_gSUZTrCWVXnFybKd-9woX35VilPi2O62wNv1A_RET5cXLoaxfrxcm04AlN8v9dHkHqWq1hpASLC-JizQUOLf7pcv4aTANA8jN1ZzC6SWD8tZKUK06IeIXXdogNlvR5OEoS8RDnef3BRoTNy1eCCL-ilCB1kglfPbBjkTpI259TfwBCbulHLJAOWp2-9nhs-YHo-PS1HlFP4KiOHFcAd-n3U0AijdbWmQFOXPbLmzAYi81O5Bjgb449lLSOBCR-25zO6m5SEvgCcmZaJtG6krvtJU4ES_vC_2b4UStoNdARRQjJxFKx5mbrXffAxJ6iZwMDw4odLAWv_Xqa67zDraX9tnbWFxBt0EQ9jjT-8zLG5JGjPd_8rRM-OgD7kv6OBmcv-7ygfzZyfpoz1XgXNRb2jXn0hTMu8_JHr9GJnXhjgrBtI0jnIny53yQk4AlwjLPjGJvHgjZf7WooOHkku1-sdtdUr2TWE0UbtuJftM8HiJ_5YHo9XjXwbrTmh1U6hjqG0FE1Cw7TPUADFaqhj2QOPVR1abeblobL9c5KywY6ADEmlMyHXcCHuy9y6SejsPNbl-sk_W0uYKOQM_mQzN4qHR1xcPfZdazy1mv3vwks21e9mNLlQ01qHKwEKTDVALAKh0Kuzpj_On9dOgT7qsJZ7JPtISOWk_pjzhhRS2V_2EX9LHOJjiMlCGkCpBamCBjkSTMna2HieOBOGpxia2Orzb0zmbDUuwiph2dqWbik--nfRP1yzJUUQfyRE-SNmwRCiHNaU2-64YcVOTNPjcX0r9EIqNo1uTlx7vDaO0uqOPdI6TgxAAlaqUXOzMZMUQfif2WF5aIh5VanpGNa-K_ysrcaETeFxub8Qi-gpT6y_McV8J7ktLgDJ6dQ6HTZ8kIwkNyInC_OENDF85BSSRPsBPZe09G6rQNO23DC2_xagdjJUZMkV85V_Afbi4lNYyOZb0dObY7sH01sj7xjmRfXi93rfuo5h0tU-EUph2c_623SDANidzvlZu1f0wR4K5SaoJsZujP92iKmbB1Svsx9UPcE81MzHYAZ_xXT_OHpKP5efxAtlY-Ffz051iB9bqIWXGSbyCzSoZaOAdmkWHFyPC5-L2DYJl-s8Ub8VK0LZQJiX41DjPOK_Zrzr4pUIpu4h0wyv14PPKRlTHSN30XWE-3F2zJGsXJX0QLCaky6bct7fCdeslRVSlv3S7-dmw1JlFYVpBj5Gty3BMIq_nLXtMTvj5lL-Rk1Iay5Plat1VmZcMFjY1dUooUaFRl12EFaqvnu9rnmhZoQwIkTosKnhdOMxnEhbnGTNmXm6PKGnq1DkgnIp03BYAV_jf65Eg1oXvQr3kt6YtJvaYoqjlE_1ph5XyEoo4LfURcLGoZiQkeEW_cDBXypfgkfmIRbVb94OGVdOXLDzDxFhreNVDWxwLoVuPSGCkzLrvxhKx8-3Gr8IRwQ-6BmPIT-5wCiKeCNUEH4vpUdNBrtFiyQkSOOcmpBqem-oQ8d1OHIGHB4tLdOXWphAgcnwNyGC79QlYVRTjKdeJNcLmIyux6yzAipyEUwGGDHLJ4Yd8wBCg3ghXnZ0Sq-n9MOMIS3G-8IV-hV8Ms0VmJp3h08RDhOXVkW6dUc094xrapbsL8ni4H8zU8BucIG4-ImDkyWTbCfH1EavwtnlMHNf0dQVvsjPEIU4AF5pDEOy9Re5sew5MeuFtzmfM64_HzSIgLvHGIdekwsWX146JPF2-1SBiAlYKt1LFyJLmHxj5tr41K6WEc0zUBD3JkolnERvD_i3NDIx6cwSpbfc_Bbr4yKXUxzGGgeZ2TLzVA_J5lyUhxvvQuy9BkCOAQFD0F-pGaOxaMCDl2sT0Q1Jg1Ipv1PCQL9pzebEFsCiXEELmP-FR4N4WvkwAs0NrsatB0WTP2pE3gYBzgHAyJ_zszTqEVcGKMySkSvyrdcElXEEk5gBcBVExVDM-UGq84azh48l3bHFMMln_j2EMGuST15qr5MjrJoxhfB7rhuczcVxkh8sM7mQJcdr9Qdty6C2160FlUl9Pm6Osf0Tv8TMTOuA-fq8Q9HxMbIM7KhOvG6JW7q4Js5TUCEnB-zTK108s8EUhqQMcNNmezyQFMbzT8s8wECNDzMQzme-nnAV_rdYOFTdgSiymQvii0Q5SARJPIZ9edmDKm-iO-atLO7HFXjjOxlPHlqHq9pIr7u0T7rG_A1cnpHLfLXPc-PAm88zCiL2K_7ImDx5Qto2qRrVhEOK0r-jTztNbER7yCt9GPu2s-Rb5OvLZ2EQ-KO8Y4R4pt6bN3eVACalq7emD4qefJL6OhrngZ78WXPeHA_54LhY_dtrrpFp1QoTq_f6cGeGQhE_HBM7GFuQgY7VQaBtQ4zA-w2MzZXecqbry32jsnAHSkTHvZLZDSlTWD_RdVKh-yj9JDijzpfwYcdr4UKsxmv1UVSxkprTwQswA-YZBW0FrTSTpFQcD356qCsaDPHTmnodQGXYoaExpiomCmvFpLSaeLIVnK7IDf77FgHuRk4bAMKnZdyj5YjQ6fGBLRgdWpNm0TLPcGVc83Y_9YuLD2k9i-UPPUo5_i4x-w1E2wHrKiP5VORTQw-mlVXrq7YN8IPnEwR6Xk3RlldlyYYS9dpVPG3t45KQzYpeMeomLhRLeqk5UwBirSDZb1EWZXJK9W-peDltpp_HNshfnsnuZkaHqbw_878mazzrpwgcQLFqfeKWNnuU3v_y4VMexCM5z0dWnStXsLyhxzV7_eXzMaMty2je6qZQfaBouKSWJL4oR5ZKX3ezuYRK8j6lZpoZoG-QFn018JJ3F8cT14ySzvEqEU1JB-8LobQlqKqfWR5aCl1e1P0dZoGT4aawyt-8CyQTIlB_Ec3ZnFprE3pVFC3s9xq6wAW_VBDEZvmoAg146vkUGOtPYg20ALMczI6RXcLVXokn7nTWmEGlR&cid=CAQSPABygQiD_YL3W3zaeveE2rdnD1ZwLuvWWHIOxgxitwgxGzkfGKMdmL1YhLkIIEhgRWRK2eB5Y-H4mGJDFhgB&dv3_ver=m202301230201&rfl=https%3A%2F%2Fwww.ensonhaber.com%2F&ds=l&xdt=1&iif=1&cor=17011634607887368000&adk=2857193498&idt=177&cac=0&dtd=10

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

fad9171c6bc08e5f36d7c0a6453ba30f354b9e23275e56ffa28e31ec580bbf25

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://b71adb14a14f29496d7699916e80b9c7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 20 Jun 2023 07:44:35 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11317
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 _gLG9aN8cjF7vXKbMeOxmtCOjM8PIsJVPzQXNT2dY7E.js Show response
pagead2.googlesyndication.com/bg/ Frame 3873 37 KB
14 KB 20ms
20ms Script
text/javascript 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/_gLG9aN8cjF7vXKbMeOxmtCOjM8PIsJVPzQXNT2dY7E.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

fe02c6f5a37c72317bbd729b31e3b19ad08e8ccf0f22c2553f3417353d9d63b1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Sun, 18 Jun 2023 08:56:49 GMT
content-encoding: br
x-content-type-options: nosniff
age: 168466
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14773
x-xss-protection: 0
last-modified: Mon, 05 Jun 2023 09:28:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Mon, 17 Jun 2024 08:56:49 GMT

GET
H3 200 logo.svg
s0.2mdn.net/sadbundle/4323423352959208367/ Frame 4642 3 KB
1 KB 24ms
23ms Image
image/svg+xml 2a00:1450:4001:827::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/4323423352959208367/logo.svg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/4323423352959208367/1676550659977.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ac1f8c2a4ee7c0ee40acb4937d0459e1e290abfa8229c4b7fc4d7992858e1cd9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/4323423352959208367/1676550659977.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Wed, 14 Jun 2023 19:33:14 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 475881
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1365
x-xss-protection: 0
last-modified: Thu, 16 Feb 2023 15:59:28 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 13 Jun 2024 19:33:14 GMT

GET
H3 200 text1.png
s0.2mdn.net/sadbundle/14103280447981269710/ Frame 392C 5 KB
5 KB 23ms
23ms Image
image/png 2a00:1450:4001:827::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/14103280447981269710/text1.png

Requested by

Host: b71adb14a14f29496d7699916e80b9c7.safeframe.googlesyndication.com
URL: https://b71adb14a14f29496d7699916e80b9c7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8e93fb512ff5f257c6ee542cf35cc836884422caa17a5412102ca170ac787acd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/14103280447981269710/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Tue, 13 Jun 2023 23:57:34 GMT
x-content-type-options: nosniff
age: 546421
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 5234
x-xss-protection: 0
last-modified: Wed, 26 Oct 2022 05:43:32 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 12 Jun 2024 23:57:34 GMT

GET
H3 200 text2.png
s0.2mdn.net/sadbundle/14103280447981269710/ Frame 392C 9 KB
9 KB 32ms
30ms Image
image/png 2a00:1450:4001:827::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/14103280447981269710/text2.png

Requested by

Host: b71adb14a14f29496d7699916e80b9c7.safeframe.googlesyndication.com
URL: https://b71adb14a14f29496d7699916e80b9c7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ad2e0db5da6a3026db46252b53f73adbe8c9098bd419bcdf4b39cef8a904f7ca

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/14103280447981269710/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Sat, 17 Jun 2023 18:37:27 GMT
x-content-type-options: nosniff
age: 220028
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9549
x-xss-protection: 0
last-modified: Wed, 26 Oct 2022 05:43:32 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 16 Jun 2024 18:37:27 GMT

GET
H3 200 bg.jpg
s0.2mdn.net/sadbundle/14103280447981269710/ Frame 392C 63 KB
63 KB 25ms
23ms Image
image/jpeg 2a00:1450:4001:827::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/14103280447981269710/bg.jpg

Requested by

Host: b71adb14a14f29496d7699916e80b9c7.safeframe.googlesyndication.com
URL: https://b71adb14a14f29496d7699916e80b9c7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a36b081a24983814f417f9a4fd02981a9fac13ef0a0b53664ae39e2c6ad1b2ff

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/14103280447981269710/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Sat, 17 Jun 2023 17:29:04 GMT
x-content-type-options: nosniff
age: 224131
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 64901
x-xss-protection: 0
last-modified: Wed, 26 Oct 2022 05:43:32 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 16 Jun 2024 17:29:04 GMT

GET
H3 200 text3.png
s0.2mdn.net/sadbundle/14103280447981269710/ Frame 392C 6 KB
6 KB 27ms
25ms Image
image/png 2a00:1450:4001:827::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/14103280447981269710/text3.png

Requested by

Host: b71adb14a14f29496d7699916e80b9c7.safeframe.googlesyndication.com
URL: https://b71adb14a14f29496d7699916e80b9c7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6780ec87c2d1af6717c799cf39888e8eafc1d2117d89a0ba614573205afb19e7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/14103280447981269710/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Fri, 16 Jun 2023 07:14:32 GMT
x-content-type-options: nosniff
age: 347403
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6482
x-xss-protection: 0
last-modified: Wed, 26 Oct 2022 05:43:32 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 15 Jun 2024 07:14:32 GMT

GET
H3 200 cta.png
s0.2mdn.net/sadbundle/14103280447981269710/ Frame 392C 2 KB
2 KB 28ms
26ms Image
image/png 2a00:1450:4001:827::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/14103280447981269710/cta.png

Requested by

Host: b71adb14a14f29496d7699916e80b9c7.safeframe.googlesyndication.com
URL: https://b71adb14a14f29496d7699916e80b9c7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

05898ed5e34f59c4c6d7b6b7b4fa67c7f867b874e77f2a03cf0c4d982c135625

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/14103280447981269710/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Sat, 17 Jun 2023 18:37:27 GMT
x-content-type-options: nosniff
age: 220028
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2477
x-xss-protection: 0
last-modified: Wed, 26 Oct 2022 05:43:32 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 16 Jun 2024 18:37:27 GMT

GET
H3 200 logo.png
s0.2mdn.net/sadbundle/14103280447981269710/ Frame 392C 4 KB
4 KB 26ms
25ms Image
image/png 2a00:1450:4001:827::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/14103280447981269710/logo.png

Requested by

Host: b71adb14a14f29496d7699916e80b9c7.safeframe.googlesyndication.com
URL: https://b71adb14a14f29496d7699916e80b9c7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e2f54c4b899509ff23b3c683ca51b6bf4e8e3674ebba14a5757c104d246ef269

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/14103280447981269710/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Sat, 17 Jun 2023 15:49:09 GMT
x-content-type-options: nosniff
age: 230126
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4129
x-xss-protection: 0
last-modified: Wed, 26 Oct 2022 05:43:32 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 16 Jun 2024 15:49:09 GMT

GET
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame F7F3 0
0 60ms
58ms Fetch
image/gif 142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsvJiM4aqhOccPDhBC8NUwFJFNQT5zMqRN57FjnKevONYAPejTOvJly8Lq4wSbxBo2auzyU6airwgoidog4EEU1HI_4Hpe5Ib2AxhCPMAreSMHSJYZ5eD_8_a2aQUikAlX4HGYQQYTKV-oMsnI0A2FhLBwISNnBtZ3t1NylpArHQZ5y79pzfvZycsnLPL5icpYF4HS07mho1K2dTt_An1dQCMj6a7b7uWTuIwRx3oZJYO48KDPjulzsWfggLSlGN4OV6J6IOmPaYDVQ-S1g449gZSbfiAqBFh8TgcCG-WqWDB5DwXp6sc8Xakc2hTLvr9TSaKscczp4fQ0kvksmZh1uUzJMh4Wp5nLj93o3-DOKlQFSCx1Uz1ZhVLgLg48cZSCT14GQ8MnjAwOZVZqmGRcR_1OgQjdGZqg3g2brSDvTX1YmnEPryRynJUORTd2C1u3qtQNGimHLZC-4RDu30T_m6sLDVdL2UBnBfMAlupZ9HBU9h5dWAEDwPtIZZ9INIhLUcTojYFhWu81yginS4ajg8A_gqwdDOv7_PgpKZqCvbJpJ7N7FiK9MQkOyx_6mG1Q_tuSib6TFp2l37ezOQAzvjbtxvr6jov2Bccjv-yWGnMWeyYZz0IiVGoWXicUahzHEHgdo-aRkpLkVd4JZuSuZb1bjY6nPykArdLagEfCq22Nl4bY3zcDB2g3Vx8VKgMQmAcMBW2Wu6RrgrHNsJkKBDcZluHbMXqnf-ZJQ_R5yD6TfUaSf6mCTnjgZirHJ9Pmhba8vvzYTmbfz339_JnyoUEQFbijyCHbNU7d2i56GwIykS9IFy-1c1uNeCOG_YCGSle4ODwopLQwZn8Kt5wFjuXCxH4hANHKO0GBxabDdLlUxKn0aMObwpxye-08zqcBFD5ThycrSHZDpz-Y-PvuMYK9n6i5nf-g0tv09NPSt7xSmsbTCphuRDC_aWDIps673AuXwVd696X6S3bUWiUJM7eSOqRVWcuaE2ZUOAMgxb70-I-w7u-tBWY3ZACYBGV2Fb6Za2_NzTr8lLdeiRDv_D8JjrXyuZAVGMw9y-dNfW3vZZ1FD0lgMMV4n-dLBjuj5KTMiGVcbKdIE6fHaIgKSxU0X8ijnV6uN19Xt1x79p91PrMBM-rINtqDUJfG5ZrxwSN7JSDsRbdA5C7zAaovPLP99M0uFBgWAsrYtd3827npJvA0418eT8zI76uYVku70wK7eo0zU57ESTGpHoaqNpMMo8hjEXtIXNL6hhTPPtIEqZY0r-R2ssroDCVRI8PXkbHAsavBHiC_V6jfSPS6nZ4K4BI5Lif8B44SbZpQ0gTd7RyQ8PhfnyJIJvBspWC2iYv5s&sai=AMfl-YQcT9o8t5bIdXf3ls6cVpbUO-o6KLtHKbBjAYijgVSvtFDRVPM0SUhpAA5p_wW7bg5a6G0n_Ub9cTuHCkD01kDRnenKpRQ1ecEoD9mgvMw_lfBvM0f2fte9nXe2FMQpFvPT4h-NoDZuaiWUfRjEIksgPh9ewbRdS81VZ06Sn0kMVgWmLbug8PbsimA3n3Q3kdsnqJI_dBBLJKkMOm7y5yX8e6953ahbzRfZmS-3xbZ8YgLIkN6gcju6eUFBapZS5jcX&sig=Cg0ArKJSzNvct2tkXkMxEAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=181&vt=11&dtpt=102&dett=3&cstd=77&cisv=r20230614.12691&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&arae=0&ftch=1&adurl=

Requested by

Host: www.ensonhaber.com
URL: https://www.ensonhaber.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://b71adb14a14f29496d7699916e80b9c7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 07:44:35 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Tue, 20 Jun 2023 07:44:35 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 7024 0
20 B 58ms
58ms Image
image/gif 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=Biyo74liRZMyBO6-QjuwPpOeGsAMAAAAAOAHgBAI&bg=!WlmlWQ3NAAaGYqkwpmI7ADkAdvg8WsQ-n4bWkeyuxJRsUevZkI0uMixHXHZMeXn5SkEhiVBbXxP5nyra5fL9xrn8nyHm13Y6kI8CAAAA4lIAAAACaAEHCgBGBtx9UlxZXZBOsFHYJk9fHrhXiLroErW57vaeIseQyN0mN_2ii4s7AS23N8L0V1eyunqrD4rQGZCCBces08ONQxU48nNgS5kDIgWUzMq8ilgSAOCQ-PAd6GC-6k8efk1KKos8nwkCS2eaDJwvKnxzGY-kcZmS_w1M1cOm4EG68y0K_r2ntv7e5T5vqWOmdgi0mZ8xvIEKiBeszJc6FKyugiiVpVg3qNoNY2CQku4HGNQ6_puTDk4--oJTfrfHqfOeYNrAKbcvzus_vohBjHEZF3N8uOAOzrI8Yuq_Aeq4fJ1v97kchbqvMzdLJOVwvt0Pn17IpN-gyqbZIjnKUvafzicvcFJjBc6ZpVl1JCAi67uZHX_6HpQQh_DRf20LT7qy2pyRzSbilMpG8KToOjXPTPbEjVVXkR0ZUs5_YcO3q2evEV1KxgnWG9Ytaw9uBoEWZckIuOdrZVDNsHmSxuErwsHQV3_lKmovHQ_MfMVzOCXoBuj_x5W90-Mei6E6oG_OTP7kpJQ4EvbkUrnN7vKrrWZ66SQFS_DSLlRdxEukbTvazDp1TNp356TN1AEkeFl8gLGIaLTp-JyTPsXb5kDqBQbgkZ2OF5-m8cpu7AHTKqlLUx5OgVSxvosh0k1LtirCzE_fggT8-BPvb9ptBSG2n4mwnnuhiyUnJGxfEge4s36KsMVUct1jbpt9U5bPDvjNFWgXtDz0DBS8dj4JNxo-rkr2tQJDy3HIfwEFBpK5PzLFQo9g8Qy0jh2ruCaq8jJGb1QSG5wfjImaUYZtrj88xPOOMWjxdzYrnVsHTcs_vx6qWJMMj1tE-F5g9y2-DiaykF950jv-BBVMrsSl4DyoFP2QUNByGl4K6sgIxFZF1kIFwNfgefbVP9gP4OPvfc9-xZwQ1vKXAPpzqFJJlbNkSnysCO7Fv2TCvdjdC409uELcKOWF1cYSBpmjhD3LQavpJZwa027x0aC5_qFZIInrpdrInSL9q8d9i6XBkpXefmpNa9Eg8AYdKrNzijVlL5NstyJBdtpbqIyBqWsbiyxRZJca1Wiv0-CDm86LrCpOEzBg-FQvkW-OOpGT7PilUa3ArC-7QZ_J7_OCj9ZwaYtSxikIA6Ru2AwQ7cn5yEvkTQ2tt2klTeebVgHpSd-EsceJvlH_WIUBTPBPJj4

Requested by

Host: b71adb14a14f29496d7699916e80b9c7.safeframe.googlesyndication.com
URL: https://b71adb14a14f29496d7699916e80b9c7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 20 Jun 2023 07:44:35 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame FD44 0
0 61ms
60ms Fetch
image/gif 142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsujDSIRJXV8S_Y24EBIRrjJ1-MJMTlk367tAXfmT_RZjL0ffxc04St7X0wTKvSUlK3Wc4eB0ecAbDX7mhyVzooPz52-tmWxHwbt6AhvKZ7zX-xDrI4YKnDpm8FMOJkQBK0m6uXr6nry0Lr02Kp9xJiXhbFIVLqinSeQka8ptS5-wThsoz3KilrwnDiJxH77SxtnfHjT2EAx1k4rldzEfe6fyIc4fMUdCShEjdZUEbt_kLPDWPMD9Pk5oSVv95qdsddwsJ0e7fe2Th0T2q6rTqWOW54gFJsp0_8nscJtHn6c69ZbjP5Y23o25VhB9dCM6Jt9MEf0LE_8C9XHAuPdytdtc_6sVuLjJDEO_L-fc-KVNdMwSPfMMzWpuvm0xk5knfG3T7j7cbVKI-EwxaSKUiFwkdzswNg5C1bOkDzJ_3dIidjhpCY_PQSzfuWvhNd4Xikq3E7kbJtLmu5F35qHINvFziCnb8uJotnllB6fwPs8KcWz6O8zNHjMO27NyzKXYDpFG6r5t3nI5f2KOSsg-ou3uWeuQJW5ksEhe3CaIOt28DBNznYx2crFVkutzCwxYwmB8cRaOgRx-2hvu6M8q4d8JFGpcAFuQisodre3C47bbNilyM9r8pasGBZ3IKFklV7_M_lSLnDT8mr458AAyBICZ8bT9NVgm8ZccTS6EC4PfNnfSPMxFmBxKfJnSyFyW_vaNhuG7jnV6j008m5xgHKCu4j-4riyGZbh3ZxKbLtQfODRqWCxRogpY94pwpPqHMpmYT3LRry5NFpUkjnswy05i70NN79zde5XZBWlAzbonjbh8UBAM1TlcWdj716edaEdrgIVqOLvvM6So52E19DndbEXi2ZA0f5K9SnkWAZg0SCLsSyA0PnTJVCDV2uaeis-zqxj5YUIWXlNFBh9TJ-NyYzxCa1G6sVifypKxknRK8Jam9g9Jy6P_HX43wKl1fRz7zRPhrhTb6DUBxhvaOFSqyNBo9Z-o58Jwx7vMmctj75OhND2nz7ZmETan2adg1tR1vIPZ7SxvUfFG95R-Uuz5W1aV1o-Mw82jH9U6wQ2zsZpHvX6kFOjf3PzeS_tHPpgAb9V7-lCi3CzEYrleV9s_BASqpja-VSzAJjz3squzSPrvlY_gFQvJPczPg2pgJ4CQqsqzQ7-4ilVRZ-Wu3-0YyoS_N2jTXzzgD1s_62kLmSasY7GKebmigUIgUmCx1eWXFLkJ1gQEUm4ZuNvr5G-mg6ykABZ_kfqKQUhYlxs-2GtGpMlUWp8ekQyrp14xSBDVCeRh__cQs4Uqb6ZoAUC8ycph_6Ljo_okDyPFZL6SeHxDt4pTVaaoCrcc6OEw4D5JiDSo9LK&sai=AMfl-YS6OURHeLvH_OeRz3ICxPGrDMBnMyRYcicWUvLdZ5sfZ4GhwO7X4Inra25p8RX_YdFLq7e3FQA4oZBi3Dt-rqcq3MHn1zZxmoZpHOqWDNVXtto4QS-GXgYg6z0XikkWjLxQ54AanPdlNpy8SO9SCETR1svO6fqn7_K4OvoJEirBqEMIJtQvTzwEVRccWbLHKlAez7FjxU4C5HwKjQdya3qn6Ergd1q4e6emYm8DLxsfGP3DDBEptMpVhfUJZK5SEPXmzVQ&sig=Cg0ArKJSzC74UYImWI-lEAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=398&vt=11&dtpt=219&dett=3&cstd=170&cisv=r20230614.34026&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&arae=0&ftch=1&adurl=

Requested by

Host: www.ensonhaber.com
URL: https://www.ensonhaber.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://b71adb14a14f29496d7699916e80b9c7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 07:44:35 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Tue, 20 Jun 2023 07:44:35 GMT

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame 0093 41 KB
15 KB 21ms
21ms Script
text/javascript 2a00:1450:4001:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-Dfd2dXIAtQKdnFANEMjFVlxh7icQZPw12IvkIbt9cdjUg4jfIIVxuQmFgKG89tBQjueK37c0d_qNcEwg8Y0y8DFP0Nxw6pcpQLgJLM_HQUHDxsfZONjSVUUqoZOoOixGdlY8py1QorDVfpCIqgDYC0KIXPr-1fmaf7aucol0Bplg3fhqU&cry=1&dbm_d=AKAmf-D01MUScK6CjLAmyDaPsnImWw1gyAv0WfjeH6CYhnhKmHrCFnf_t29PncwZTbGzjqguYqplCX1hYXgYaENryzaWQANJYkdDMkCmuIagzJi9AFCqKBvR-37NcgayRjuZOLPBLWWLrMplzOYKU-el80VB-9SlIgCkptynWPAQ1vgb73D1XW3cuNOXV4KJ9IGraa3ZSmREqRFXDcgFp1j3CXemeFD6OcYcIqfvxMZcVuThO9Et09w-xISAfwcnZfouNXvHrOKTQDBOVdURbWQZjw7M_cDjxTwaqV8CZ0ackfh0gv11LAZN0cVURXvc98rB94fAQewfPPDbWwcOrM4l8vtFKMZ9JLbSRJ8XQEs-wC9qwMhgWZ4Ed3ycUhCdcIu4Aot3kcaDq4GEwfvt_f8J6egZdLyDTRNS1Mu730obMrmSLbDJ0UBCT52Db3mmmD3wnCAun9xR1arsjLu6zFeeMQCbaLd0Js8fhhT17OLXyRUd591LO4p4fkVufHtMmWctkBfeD3rtdwfuZl-e6ijKE9EMpd7VfD-FV3TytOIZtTD9sQveEdN-wkf38Pi0oX4xzFiCTEkqWjRKTyXpfMIHfFJWPgt_YkdrOavXAm_WUS4XLYtNGz6nWoSiV-xKgfHkWYIIi-iAvOU7F-teBqlVeqmKBy7nkC8vRzgBkcDb8YJFJJ58_opxZytD1iUbjbM9IO3hWMV77iALLyGTdQzLBYVWgeHenvzIjLp7-mUqiad1MwnbgqyL_oUHV6wF0p-IBJy5wLU6N8uO2Wd4mRN8M3kAWc2Rcsgd3yvRYAy8MD5GK3L6g3m4QG7I1i_kANKE_6K_gSUZTrCWVXnFybKd-9woX35VilPi2O62wNv1A_RET5cXLoaxfrxcm04AlN8v9dHkHqWq1hpASLC-JizQUOLf7pcv4aTANA8jN1ZzC6SWD8tZKUK06IeIXXdogNlvR5OEoS8RDnef3BRoTNy1eCCL-ilCB1kglfPbBjkTpI259TfwBCbulHLJAOWp2-9nhs-YHo-PS1HlFP4KiOHFcAd-n3U0AijdbWmQFOXPbLmzAYi81O5Bjgb449lLSOBCR-25zO6m5SEvgCcmZaJtG6krvtJU4ES_vC_2b4UStoNdARRQjJxFKx5mbrXffAxJ6iZwMDw4odLAWv_Xqa67zDraX9tnbWFxBt0EQ9jjT-8zLG5JGjPd_8rRM-OgD7kv6OBmcv-7ygfzZyfpoz1XgXNRb2jXn0hTMu8_JHr9GJnXhjgrBtI0jnIny53yQk4AlwjLPjGJvHgjZf7WooOHkku1-sdtdUr2TWE0UbtuJftM8HiJ_5YHo9XjXwbrTmh1U6hjqG0FE1Cw7TPUADFaqhj2QOPVR1abeblobL9c5KywY6ADEmlMyHXcCHuy9y6SejsPNbl-sk_W0uYKOQM_mQzN4qHR1xcPfZdazy1mv3vwks21e9mNLlQ01qHKwEKTDVALAKh0Kuzpj_On9dOgT7qsJZ7JPtISOWk_pjzhhRS2V_2EX9LHOJjiMlCGkCpBamCBjkSTMna2HieOBOGpxia2Orzb0zmbDUuwiph2dqWbik--nfRP1yzJUUQfyRE-SNmwRCiHNaU2-64YcVOTNPjcX0r9EIqNo1uTlx7vDaO0uqOPdI6TgxAAlaqUXOzMZMUQfif2WF5aIh5VanpGNa-K_ysrcaETeFxub8Qi-gpT6y_McV8J7ktLgDJ6dQ6HTZ8kIwkNyInC_OENDF85BSSRPsBPZe09G6rQNO23DC2_xagdjJUZMkV85V_Afbi4lNYyOZb0dObY7sH01sj7xjmRfXi93rfuo5h0tU-EUph2c_623SDANidzvlZu1f0wR4K5SaoJsZujP92iKmbB1Svsx9UPcE81MzHYAZ_xXT_OHpKP5efxAtlY-Ffz051iB9bqIWXGSbyCzSoZaOAdmkWHFyPC5-L2DYJl-s8Ub8VK0LZQJiX41DjPOK_Zrzr4pUIpu4h0wyv14PPKRlTHSN30XWE-3F2zJGsXJX0QLCaky6bct7fCdeslRVSlv3S7-dmw1JlFYVpBj5Gty3BMIq_nLXtMTvj5lL-Rk1Iay5Plat1VmZcMFjY1dUooUaFRl12EFaqvnu9rnmhZoQwIkTosKnhdOMxnEhbnGTNmXm6PKGnq1DkgnIp03BYAV_jf65Eg1oXvQr3kt6YtJvaYoqjlE_1ph5XyEoo4LfURcLGoZiQkeEW_cDBXypfgkfmIRbVb94OGVdOXLDzDxFhreNVDWxwLoVuPSGCkzLrvxhKx8-3Gr8IRwQ-6BmPIT-5wCiKeCNUEH4vpUdNBrtFiyQkSOOcmpBqem-oQ8d1OHIGHB4tLdOXWphAgcnwNyGC79QlYVRTjKdeJNcLmIyux6yzAipyEUwGGDHLJ4Yd8wBCg3ghXnZ0Sq-n9MOMIS3G-8IV-hV8Ms0VmJp3h08RDhOXVkW6dUc094xrapbsL8ni4H8zU8BucIG4-ImDkyWTbCfH1EavwtnlMHNf0dQVvsjPEIU4AF5pDEOy9Re5sew5MeuFtzmfM64_HzSIgLvHGIdekwsWX146JPF2-1SBiAlYKt1LFyJLmHxj5tr41K6WEc0zUBD3JkolnERvD_i3NDIx6cwSpbfc_Bbr4yKXUxzGGgeZ2TLzVA_J5lyUhxvvQuy9BkCOAQFD0F-pGaOxaMCDl2sT0Q1Jg1Ipv1PCQL9pzebEFsCiXEELmP-FR4N4WvkwAs0NrsatB0WTP2pE3gYBzgHAyJ_zszTqEVcGKMySkSvyrdcElXEEk5gBcBVExVDM-UGq84azh48l3bHFMMln_j2EMGuST15qr5MjrJoxhfB7rhuczcVxkh8sM7mQJcdr9Qdty6C2160FlUl9Pm6Osf0Tv8TMTOuA-fq8Q9HxMbIM7KhOvG6JW7q4Js5TUCEnB-zTK108s8EUhqQMcNNmezyQFMbzT8s8wECNDzMQzme-nnAV_rdYOFTdgSiymQvii0Q5SARJPIZ9edmDKm-iO-atLO7HFXjjOxlPHlqHq9pIr7u0T7rG_A1cnpHLfLXPc-PAm88zCiL2K_7ImDx5Qto2qRrVhEOK0r-jTztNbER7yCt9GPu2s-Rb5OvLZ2EQ-KO8Y4R4pt6bN3eVACalq7emD4qefJL6OhrngZ78WXPeHA_54LhY_dtrrpFp1QoTq_f6cGeGQhE_HBM7GFuQgY7VQaBtQ4zA-w2MzZXecqbry32jsnAHSkTHvZLZDSlTWD_RdVKh-yj9JDijzpfwYcdr4UKsxmv1UVSxkprTwQswA-YZBW0FrTSTpFQcD356qCsaDPHTmnodQGXYoaExpiomCmvFpLSaeLIVnK7IDf77FgHuRk4bAMKnZdyj5YjQ6fGBLRgdWpNm0TLPcGVc83Y_9YuLD2k9i-UPPUo5_i4x-w1E2wHrKiP5VORTQw-mlVXrq7YN8IPnEwR6Xk3RlldlyYYS9dpVPG3t45KQzYpeMeomLhRLeqk5UwBirSDZb1EWZXJK9W-peDltpp_HNshfnsnuZkaHqbw_878mazzrpwgcQLFqfeKWNnuU3v_y4VMexCM5z0dWnStXsLyhxzV7_eXzMaMty2je6qZQfaBouKSWJL4oR5ZKX3ezuYRK8j6lZpoZoG-QFn018JJ3F8cT14ySzvEqEU1JB-8LobQlqKqfWR5aCl1e1P0dZoGT4aawyt-8CyQTIlB_Ec3ZnFprE3pVFC3s9xq6wAW_VBDEZvmoAg146vkUGOtPYg20ALMczI6RXcLVXokn7nTWmEGlR&cid=CAQSPABygQiD_YL3W3zaeveE2rdnD1ZwLuvWWHIOxgxitwgxGzkfGKMdmL1YhLkIIEhgRWRK2eB5Y-H4mGJDFhgB&dv3_ver=m202301230201&rfl=https%3A%2F%2Fwww.ensonhaber.com%2F&ds=l&xdt=1&iif=1&cor=17011634607887368000&adk=2857193498&idt=177&cac=0&dtd=10

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://b71adb14a14f29496d7699916e80b9c7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 07:39:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 302
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 19 Jun 2024 07:39:33 GMT

GET
H2 200 webfont.js Show response
ajax.googleapis.com/ajax/libs/webfont/1/ Frame 4642 13 KB
6 KB 71ms
21ms Script
text/javascript 2a00:1450:4001:831::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ajax.googleapis.com/ajax/libs/webfont/1/webfont.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/4323423352959208367/1676550659977.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

81016ac6be850b72df5d4faa0c3cec8e2c1b0ba0045712144a6766adfad40bee

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Sun, 18 Jun 2023 00:36:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 198504
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 5437
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
vary: Accept-Encoding
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges: bytes
timing-allow-origin: *
expires: Mon, 17 Jun 2024 00:36:11 GMT

GET
H2 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame 4642 7 KB
6 KB 64ms
64ms XHR
application/json 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=xfad&tv=01_247&st=int

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_247.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

dde07b09881de2821e39ce3d4d91ec97e34abbe3bcc50d37566c57bd8fe4d773

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 07:44:35 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 5648
x-xss-protection: 0

GET
H/1.1 200
OK vjdy8w6hewcq Show response
hal9000.redintelligence.net/zone/ Frame 0093 11 KB
4 KB 90ms
27ms Script
text/html 136.243.149.243
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal9000.redintelligence.net/zone/vjdy8w6hewcq?subid=&gdpr=&gdpr_consent=&rnd=1687247074930755&extVar[]=DV360_SSP:1&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCin7d4liRZMPnOMmVgQeo7IqQB6blvaBplZOcp8kP8C4QASDWhtslYJWCgICYB8gBCakC0-pTdV1Ssj6oAwGqBIcCT9CmxvyQlfZPBrxESVTAS9DtAyiq6c-EZ4e7p0GvuFMY9OWAWmz6kU739Y7EJSWCJoHqCwsPnCch1mImFsCgW1IGqf5DF45yZOkCAaR59H0GrP-NglAHU4kw4iPpzEhw9O5U5AB-t12A__0kovLPspCaJI2LthTadI2dVJkkGh3ZsiNAqKlZTBTOkSrOBvP0BIp8aHjtPGsvoHHKyc2JxoVXmrT2psYax84_c6RZk8RhR0zt-YWBgVRtsfI1TfDdHzMdpT8Xb8VW_TyqC1iBRgwGFxX_J6z2DYiJwBl7VrAesvZl8d2xqAEDvoJUdSBA7-0T8Z8mxJFF2g3JZtC-skPVpfgBoqjABOuP_I73A-AEA5AGAaAGTYAHrK31nwOoB47OG6gHk9gbqAfulrECqAf-nrECqAeko7ECqAfVyRuoB6a-G6gHmgaoB_PRG6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggWCIDhgBAQARgdMgKqAjoCgEBIvf3BOoAKA5gLAcgLAYAMAbATzJzZEtATANgTA4gUAdgUAdAVAfgWAYAXAQ%26ae%3D1%26num%3D1%26cid%3DCAQSPABygQiD_YL3W3zaeveE2rdnD1ZwLuvWWHIOxgxitwgxGzkfGKMdmL1YhLkIIEhgRWRK2eB5Y-H4mGJDFhgB%26sig%3DAOD64_3hrNW-7Wmq82B9rdmnv3t9yQu1Og%26client%3Dca-pub-8601585505701947%26dbm_c%3DAKAmf-CGCXr6lhuS3blN4pgWTRuy7OnXyJI7u97-9fXXggt8vBHFOE_Z4dVMmp0JsOAayL7y416fmc05tf2aomHODElnopnHX-lIY_D5i9I34ZugKwG5SXGOhvp0_1lb-zlKWzVK8PJPy_BUJcR0EJZrxjqohiVXlp26Xr4VAgXDHVx5tG2AvrA%26cry%3D1%26dbm_d%3DAKAmf-CK77CIDNVqSGHLaHj7Ul33nWWvmHduKEoMvpccl6fRREReGt2A0BfkgggvRdc9l4ddWkTnSFCRdZ70NXBox2R3Ng-IJIRDi9OQ2io7VBHdAMYpQjR9buBTWI4RXLhNs_LGZbPvtpgnJsxqVEBEyZjRphonq-v7mczYKtoyxQSqU-bgQmiuKdpCTSNfpvDhD7bKniR3fVkCGZBouEL0KN9PNqE1AkpSo5COOrxRKYQHFJR8QILhzeswwkj44CtpJ8jzwMcLRxu3Ei5LmpNeT3rFBYwqjwiV3_MREpGT0EIsXORoTXPhbVvi3V68l3nK2mK9t4zl1YIuUGDoufyqrzwBrHt_iVsl6GH_R_F0GO463MkJ5SBPBEP7nLqM9WCH8OFF0zgPsx_C_TEBvV0wibIYaaJSfYXYArPCegX7FmXkoGWwBVtg5hUpDesG_2DYNWDYewYnxyECl_SzwNYE0YkE37-pyg7G_DxxlJuVQFfZrHnV1Kxt2XaU7Q-nsrQfRbmWlkSKRLXbQgnguSi1GlwfGKmJ9S2qz-B5H13_sH4d4D9YKr8%26adurl%3D
Requested by: Host: b71adb14a14f29496d7699916e80b9c7.safeframe.googlesyndication.com
URL: https://b71adb14a14f29496d7699916e80b9c7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 136.243.149.243 Radeberg, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.243.149.243.136.clients.your-server.de
Software: Apache /
Resource Hash: bd3454b4c8d9d7cb1e1e15c2ffe43aa576b98320e89e79f587c20a6e5ad0457a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://b71adb14a14f29496d7699916e80b9c7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Date: Tue, 20 Jun 2023 07:44:35 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 4128
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame 0EB7 22 KB
8 KB 21ms
20ms Document
text/html 2a00:1450:4001:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://b71adb14a14f29496d7699916e80b9c7.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 319401
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 8395
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Fri, 16 Jun 2023 15:01:14 GMT
expires: Sat, 15 Jun 2024 15:01:14 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 _gLG9aN8cjF7vXKbMeOxmtCOjM8PIsJVPzQXNT2dY7E.js Show response
pagead2.googlesyndication.com/bg/ Frame 0EB7 37 KB
14 KB 39ms
39ms Script
text/javascript 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/_gLG9aN8cjF7vXKbMeOxmtCOjM8PIsJVPzQXNT2dY7E.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

fe02c6f5a37c72317bbd729b31e3b19ad08e8ccf0f22c2553f3417353d9d63b1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Sun, 18 Jun 2023 08:56:49 GMT
content-encoding: br
x-content-type-options: nosniff
age: 168466
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14773
x-xss-protection: 0
last-modified: Mon, 05 Jun 2023 09:28:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Mon, 17 Jun 2024 08:56:49 GMT

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame 4642 17 KB
6 KB 40ms
40ms Script
text/javascript 2a00:1450:4001:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_247.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 07:44:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Tue, 20 Jun 2023 07:44:35 GMT

GET
H3 200 congstarfont.woff2
s0.2mdn.net/creatives/assets/4234010/ Frame 4642 98 KB
98 KB 32ms
32ms Font
font/woff2 2a00:1450:4001:827::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/creatives/assets/4234010/congstarfont.woff2

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/4323423352959208367/1676550659977.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1d019867c120344469403527c7d958861b81d0fc873813c97ee135f707d74122

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/sadbundle/4323423352959208367/1676550659977.css
Origin: https://s0.2mdn.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 07:34:27 GMT
x-content-type-options: nosniff
age: 608
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 100772
x-xss-protection: 0
last-modified: Thu, 05 Aug 2021 09:13:07 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 20 Jun 2023 07:49:27 GMT

GET
H3 200 86bef0b5-fa75-4ca3-8394-cb7b5a474a45-3.woff
s0.2mdn.net/creatives/assets/1881029/ Frame 4642 57 KB
57 KB 33ms
33ms Font
font/woff 2a00:1450:4001:827::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/creatives/assets/1881029/86bef0b5-fa75-4ca3-8394-cb7b5a474a45-3.woff

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/4323423352959208367/1676550659977.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

853a8c7e34be5549a44fc541e13876f5c2838123142f527dab2265950feaeefb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/sadbundle/4323423352959208367/1676550659977.css
Origin: https://s0.2mdn.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 07:34:36 GMT
x-content-type-options: nosniff
age: 599
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 58447
x-xss-protection: 0
last-modified: Wed, 15 Feb 2017 10:23:50 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: font/woff
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 20 Jun 2023 07:49:36 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 3873 0
20 B 57ms
57ms Image
image/gif 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BwGBK41iRZIzMCPG4x_AP54WGoAwAAAAAOAHgBAI&bg=!6uml6b3NAAaGYqkwpmI7ADkAdvg8Wuz4WqFsCPfAKSF2EFLnlMutHYVSFqc6C2FScra18tmUWlrcDvsKAipIOrkDTeIS-GLfmOICAAAAdlIAAAACaAEHmQNIqfD7CXz9NoS8VOQJh5atBygcRRWP9-RquKEZLsNmWi-LqsWZhgw4K02jfU1MWVv85A030jsJqBEnSuT_xKWBjdn6RZOU5_F6JZWITbsG1iNdgvxRx7TYuktdX3bdf2lNR-4g-t3dZ7jmCVX8kR5UjZtmImXcu0swnWELxkpGcowR7lYPl7N6Gc4qdkc9_9pYCK0qhEXvooa1-yvXaqzUILFLGo77wJbGUW29q35wYuWkmJAE7lgvP1HORNIy3Nv_sNlbuIaBQJ3Zf1u67jYgKTTG1fjxRotuTOKKwSG5S0LZO8b7cYZzR6XHxVpaCnpzUmrBdgjkn6Ko3EAwFVLynGhy22Hf14WVS0nRgFybFr3JeWpXWDARlOr-olOCaXP3x53AP302UMERhFNHxHglq9DsLjm79xMH4DYlwwyQSNYX4X2Xui-s6iN-q8IC5z0oBmj15Md_Minqo2AbcKqLgzvV8eYDvjt4qdL5VPXUSsX0shNx3gsjpJxzRMRL7ffoZkcAUdZctv7KEmDiE4xbSSwJ7Ko80ptIfB6c64apaeS-duDcpczQIPezGWbbCPQgFtrsh4M8s1O2UmJnfsrUqMmn_qNz8P0Lz5RdyE56qufcZqqyvGWq4An9-mKzic5xgpBn5qLlYetJ9J9Xac_B6-BkhQbE9oEYIcg-mpv6Z0Tk670qFD2rXDRCNxbwWlPyhwhRfme7kx7galCd_UrI5aWk2QWuTXZSr_LFfSP-dV-9IJ9GKH8x5efhYuHUHkTZ4hB2D6XNSlxIbND9KJ5go4XiRc0qR7lXvMHFC-iVukHIi7oh2VX3INMh8QhiY5_3CIbn5c3JrrnxV2sGUAmP9_AVOIYvMp4jHfUWXdRSxTIozskUXpF3nXnEWVAX5fqMt4ZnuXHA2Q4ZbPnhQQpXS7YVdEy9R8Sxjq2tuI-92vKun0UxrAEEv9-BGRu3hcwwbebdxTf8d7ubCkYu31zygt2zpK__hVN5PFSxBegLt_Wd4PTuU7VeNpF_fIZn_cpPSvgTxD-3uTPAwxK0W4FZZ9CzVVL9MxPDhtv_6q9-eICjEKHsHq8b9SS4DM_5kCkg3NcFMIlfbSLk16txWBH4Pmgnni14NMOe

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 20 Jun 2023 07:44:35 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

request.php Show response
hal900026.redintelligence.net/ Frame 0093
Redirect Chain

https://hal900026.redintelligence.net/request.php?zone=vjdy8w6hewcq&nw=20&renderingType=javascript&namespace=cd10c92c4b&subid=&uid=c17fb7430fa8c84a&screenSize=1600x1200&screenSizeAvail=1600x1200&cl...
https://hal900026.redintelligence.net/request.php?zone=vjdy8w6hewcq&nw=20&renderingType=javascript&namespace=cd10c92c4b&subid=&uid=c17fb7430fa8c84a&screenSize=1600x1200&screenSizeAvail=1600x1200&cl...

4 KB
2 KB

151ms
101ms

Script
application/x-javascript

138.201.84.244
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal900026.redintelligence.net/request.php?zone=vjdy8w6hewcq&nw=20&renderingType=javascript&namespace=cd10c92c4b&subid=&uid=c17fb7430fa8c84a&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=970x250&scrollPos=0x0&extData[]=&extVar[]=DV360_SSP%3A1&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCin7d4liRZMPnOMmVgQeo7IqQB6blvaBplZOcp8kP8C4QASDWhtslYJWCgICYB8gBCakC0-pTdV1Ssj6oAwGqBIcCT9CmxvyQlfZPBrxESVTAS9DtAyiq6c-EZ4e7p0GvuFMY9OWAWmz6kU739Y7EJSWCJoHqCwsPnCch1mImFsCgW1IGqf5DF45yZOkCAaR59H0GrP-NglAHU4kw4iPpzEhw9O5U5AB-t12A__0kovLPspCaJI2LthTadI2dVJkkGh3ZsiNAqKlZTBTOkSrOBvP0BIp8aHjtPGsvoHHKyc2JxoVXmrT2psYax84_c6RZk8RhR0zt-YWBgVRtsfI1TfDdHzMdpT8Xb8VW_TyqC1iBRgwGFxX_J6z2DYiJwBl7VrAesvZl8d2xqAEDvoJUdSBA7-0T8Z8mxJFF2g3JZtC-skPVpfgBoqjABOuP_I73A-AEA5AGAaAGTYAHrK31nwOoB47OG6gHk9gbqAfulrECqAf-nrECqAeko7ECqAfVyRuoB6a-G6gHmgaoB_PRG6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggWCIDhgBAQARgdMgKqAjoCgEBIvf3BOoAKA5gLAcgLAYAMAbATzJzZEtATANgTA4gUAdgUAdAVAfgWAYAXAQ%26ae%3D1%26num%3D1%26cid%3DCAQSPABygQiD_YL3W3zaeveE2rdnD1ZwLuvWWHIOxgxitwgxGzkfGKMdmL1YhLkIIEhgRWRK2eB5Y-H4mGJDFhgB%26sig%3DAOD64_3hrNW-7Wmq82B9rdmnv3t9yQu1Og%26client%3Dca-pub-8601585505701947%26dbm_c%3DAKAmf-CGCXr6lhuS3blN4pgWTRuy7OnXyJI7u97-9fXXggt8vBHFOE_Z4dVMmp0JsOAayL7y416fmc05tf2aomHODElnopnHX-lIY_D5i9I34ZugKwG5SXGOhvp0_1lb-zlKWzVK8PJPy_BUJcR0EJZrxjqohiVXlp26Xr4VAgXDHVx5tG2AvrA%26cry%3D1%26dbm_d%3DAKAmf-CK77CIDNVqSGHLaHj7Ul33nWWvmHduKEoMvpccl6fRREReGt2A0BfkgggvRdc9l4ddWkTnSFCRdZ70NXBox2R3Ng-IJIRDi9OQ2io7VBHdAMYpQjR9buBTWI4RXLhNs_LGZbPvtpgnJsxqVEBEyZjRphonq-v7mczYKtoyxQSqU-bgQmiuKdpCTSNfpvDhD7bKniR3fVkCGZBouEL0KN9PNqE1AkpSo5COOrxRKYQHFJR8QILhzeswwkj44CtpJ8jzwMcLRxu3Ei5LmpNeT3rFBYwqjwiV3_MREpGT0EIsXORoTXPhbVvi3V68l3nK2mK9t4zl1YIuUGDoufyqrzwBrHt_iVsl6GH_R_F0GO463MkJ5SBPBEP7nLqM9WCH8OFF0zgPsx_C_TEBvV0wibIYaaJSfYXYArPCegX7FmXkoGWwBVtg5hUpDesG_2DYNWDYewYnxyECl_SzwNYE0YkE37-pyg7G_DxxlJuVQFfZrHnV1Kxt2XaU7Q-nsrQfRbmWlkSKRLXbQgnguSi1GlwfGKmJ9S2qz-B5H13_sH4d4D9YKr8%26adurl%3D&documentReferer=https%3A%2F%2Fwww.ensonhaber.com%2F&ancestorOrigins=https%3A%2F%2Fwww.ensonhaber.com&random=2474406794885&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0&uidRedirect=1
Requested by: Host: b71adb14a14f29496d7699916e80b9c7.safeframe.googlesyndication.com
URL: https://b71adb14a14f29496d7699916e80b9c7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: HTTP/1.1
Server: 138.201.84.244 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.244.84.201.138.clients.your-server.de
Software: Apache /
Resource Hash: 1fb7349f24691af70e7d006971e495267566520195965370dd885155e7795c9b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://b71adb14a14f29496d7699916e80b9c7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 20 Jun 2023 07:44:35 GMT
Content-Encoding: gzip
Server: Apache
Vary: Accept-Encoding
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: application/x-javascript; charset=utf-8
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
X-NEORY-SubId: 71685700031512704444990012361026
Connection: close
Content-Length: 1419
Expires: Tue, 20 Jun 2023 08:44:35 +0200

Redirect headers

Pragma: no-cache
Date: Tue, 20 Jun 2023 07:44:35 GMT
Server: Apache
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Location: request.php?zone=vjdy8w6hewcq&nw=20&renderingType=javascript&namespace=cd10c92c4b&subid=&uid=c17fb7430fa8c84a&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=970x250&scrollPos=0x0&extData[]=&extVar[]=DV360_SSP%3A1&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCin7d4liRZMPnOMmVgQeo7IqQB6blvaBplZOcp8kP8C4QASDWhtslYJWCgICYB8gBCakC0-pTdV1Ssj6oAwGqBIcCT9CmxvyQlfZPBrxESVTAS9DtAyiq6c-EZ4e7p0GvuFMY9OWAWmz6kU739Y7EJSWCJoHqCwsPnCch1mImFsCgW1IGqf5DF45yZOkCAaR59H0GrP-NglAHU4kw4iPpzEhw9O5U5AB-t12A__0kovLPspCaJI2LthTadI2dVJkkGh3ZsiNAqKlZTBTOkSrOBvP0BIp8aHjtPGsvoHHKyc2JxoVXmrT2psYax84_c6RZk8RhR0zt-YWBgVRtsfI1TfDdHzMdpT8Xb8VW_TyqC1iBRgwGFxX_J6z2DYiJwBl7VrAesvZl8d2xqAEDvoJUdSBA7-0T8Z8mxJFF2g3JZtC-skPVpfgBoqjABOuP_I73A-AEA5AGAaAGTYAHrK31nwOoB47OG6gHk9gbqAfulrECqAf-nrECqAeko7ECqAfVyRuoB6a-G6gHmgaoB_PRG6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggWCIDhgBAQARgdMgKqAjoCgEBIvf3BOoAKA5gLAcgLAYAMAbATzJzZEtATANgTA4gUAdgUAdAVAfgWAYAXAQ%26ae%3D1%26num%3D1%26cid%3DCAQSPABygQiD_YL3W3zaeveE2rdnD1ZwLuvWWHIOxgxitwgxGzkfGKMdmL1YhLkIIEhgRWRK2eB5Y-H4mGJDFhgB%26sig%3DAOD64_3hrNW-7Wmq82B9rdmnv3t9yQu1Og%26client%3Dca-pub-8601585505701947%26dbm_c%3DAKAmf-CGCXr6lhuS3blN4pgWTRuy7OnXyJI7u97-9fXXggt8vBHFOE_Z4dVMmp0JsOAayL7y416fmc05tf2aomHODElnopnHX-lIY_D5i9I34ZugKwG5SXGOhvp0_1lb-zlKWzVK8PJPy_BUJcR0EJZrxjqohiVXlp26Xr4VAgXDHVx5tG2AvrA%26cry%3D1%26dbm_d%3DAKAmf-CK77CIDNVqSGHLaHj7Ul33nWWvmHduKEoMvpccl6fRREReGt2A0BfkgggvRdc9l4ddWkTnSFCRdZ70NXBox2R3Ng-IJIRDi9OQ2io7VBHdAMYpQjR9buBTWI4RXLhNs_LGZbPvtpgnJsxqVEBEyZjRphonq-v7mczYKtoyxQSqU-bgQmiuKdpCTSNfpvDhD7bKniR3fVkCGZBouEL0KN9PNqE1AkpSo5COOrxRKYQHFJR8QILhzeswwkj44CtpJ8jzwMcLRxu3Ei5LmpNeT3rFBYwqjwiV3_MREpGT0EIsXORoTXPhbVvi3V68l3nK2mK9t4zl1YIuUGDoufyqrzwBrHt_iVsl6GH_R_F0GO463MkJ5SBPBEP7nLqM9WCH8OFF0zgPsx_C_TEBvV0wibIYaaJSfYXYArPCegX7FmXkoGWwBVtg5hUpDesG_2DYNWDYewYnxyECl_SzwNYE0YkE37-pyg7G_DxxlJuVQFfZrHnV1Kxt2XaU7Q-nsrQfRbmWlkSKRLXbQgnguSi1GlwfGKmJ9S2qz-B5H13_sH4d4D9YKr8%26adurl%3D&documentReferer=https%3A%2F%2Fwww.ensonhaber.com%2F&ancestorOrigins=https%3A%2F%2Fwww.ensonhaber.com&random=2474406794885&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0&uidRedirect=1
Content-Type: text/html; charset=UTF-8
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Connection: close
Content-Length: 0
Expires: Tue, 20 Jun 2023 08:44:35 +0200

GET
H3 200 _gLG9aN8cjF7vXKbMeOxmtCOjM8PIsJVPzQXNT2dY7E.js Show response
pagead2.googlesyndication.com/bg/ Frame 306E 37 KB
14 KB 20ms
20ms Script
text/javascript 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/_gLG9aN8cjF7vXKbMeOxmtCOjM8PIsJVPzQXNT2dY7E.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

fe02c6f5a37c72317bbd729b31e3b19ad08e8ccf0f22c2553f3417353d9d63b1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Sun, 18 Jun 2023 08:56:49 GMT
content-encoding: br
x-content-type-options: nosniff
age: 168466
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14773
x-xss-protection: 0
last-modified: Mon, 05 Jun 2023 09:28:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Mon, 17 Jun 2024 08:56:49 GMT

GET
H3 200 03032023-031222251-320_1200_v_1050x2340_2210-anf-lb468fd76-0bc2-4269-8a6a-a41f4b96aff9.png
s0.2mdn.net/4528404/ Frame 4642 174 KB
174 KB 24ms
24ms Image
image/png 2a00:1450:4001:827::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/4528404/03032023-031222251-320_1200_v_1050x2340_2210-anf-lb468fd76-0bc2-4269-8a6a-a41f4b96aff9.png

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

80d2ea64feb90fec56aab7ae35078d8addd9033751386fdd52de2cab7bf87dd6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/sadbundle/4323423352959208367/index.html?e=69&leftOffset=0&topOffset=0&c=B7F3Ld39Cv&t=1&renderingType=2&ev=01_250
Origin: https://s0.2mdn.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Mon, 19 Jun 2023 18:34:53 GMT
x-content-type-options: nosniff
age: 47382
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 178134
x-xss-protection: 0
last-modified: Fri, 03 Mar 2023 11:12:22 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 20 Jun 2023 18:34:53 GMT

GET
H3 200 03032023-031229407-320_1200_720x610_stoerer-gbplusdd45da6a-b9ac-4a7c-9506-d902c6e1e866.png
s0.2mdn.net/4528404/ Frame 4642 55 KB
55 KB 26ms
26ms Image
image/png 2a00:1450:4001:827::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/4528404/03032023-031229407-320_1200_720x610_stoerer-gbplusdd45da6a-b9ac-4a7c-9506-d902c6e1e866.png

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f2b86f468d5bf4d09d57039677a5b7aad9e9fc146b8d33e0686bbe7e0361c465

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/sadbundle/4323423352959208367/index.html?e=69&leftOffset=0&topOffset=0&c=B7F3Ld39Cv&t=1&renderingType=2&ev=01_250
Origin: https://s0.2mdn.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Mon, 19 Jun 2023 13:05:06 GMT
x-content-type-options: nosniff
age: 67169
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 56185
x-xss-protection: 0
last-modified: Fri, 03 Mar 2023 11:12:29 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 20 Jun 2023 13:05:06 GMT

GET
H3 200 03032023-031222251-320_1200_v_1050x2340_2210-anf-lb468fd76-0bc2-4269-8a6a-a41f4b96aff9.png
s0.2mdn.net/4528404/ Frame 4642 174 KB
174 KB 23ms
22ms Image
image/png 2a00:1450:4001:827::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/4528404/03032023-031222251-320_1200_v_1050x2340_2210-anf-lb468fd76-0bc2-4269-8a6a-a41f4b96aff9.png

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

80d2ea64feb90fec56aab7ae35078d8addd9033751386fdd52de2cab7bf87dd6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/4323423352959208367/index.html?e=69&leftOffset=0&topOffset=0&c=B7F3Ld39Cv&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Mon, 19 Jun 2023 18:34:53 GMT
x-content-type-options: nosniff
age: 47382
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 178134
x-xss-protection: 0
last-modified: Fri, 03 Mar 2023 11:12:22 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 20 Jun 2023 18:34:53 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 0EB7 0
20 B 58ms
58ms Image
image/gif 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BES3q41iRZPqwGcvi3wOBz6_QDQAAAAA4AeAEAg&bg=!ammlaT3NAAaGYqkwpmI7ADkAdvg8WhpsC7Jwk6siUVsV1L8AYaCOJmX7mBIcfLhNN-ac9hPqdnHD-z5ZuUOsHvyRd1msdMrmYYwCAAAAjVIAAAACaAEHCgA-G-C-yg82DarMlLeUOTamUTw9_dOcRWrr5D2bC6_3uWsZFjMAzFFprC5fVXBPhvFJCD7gaxdOUxSZaJR0c-WZAz20au3HrjSdWao6Wg_vhIpZXC_vBXaytGN7oh-LWTrspiE94HNHI7qodeVRT-pgkHxjzMG-E4eVHiHO5x9U3SQ87FuQXNwGi8SfOJ9-9aer06dSATXgTJvkSvql3wXNG-C4yvHGyhqxuG9WG5F_mRaZJnpHbz7v5PPy0qxC1beXMxYG4ImJ7xMdIwaDLXSXdNIKaKlLXxjDoLVZkBLLt7EC0EbMFSp-VTftZANMbAhSN-ihwEdpi5-HXsKPELrvyUTWtBrA52YmiHgu8PeZWPZx84jPdPodsMwS4o-w1Mw7MAHh3kliSHD5XB7lGUbkYfQsO17ddG0H3cBSv78c2W86mYgv6xGoVran3siUqzLcM6MXUz-QOBdKQqL8bIWAZEcWOpKlVzufk7rzs2QKymG-6WQNVvlJxXOWL7Zh68oRsr3FuuO8ZGUM76qGg9kO8xYwKR_1jiEg_aBVECg10PgiZaS5t7gTsQ3yQ_obD0_XTc84YO5lOs2rOtB4BH6HV5ZbHzGQJk3Q62L0zsEMzi0pgLgsB-tH8-uHMuJbkB4eZE90e2M4omgZxNads3Aieyy8J51xUnDct_bUd-OcZt7ENm_lXUYvgIa6IgFuO-7ORito_ztoQNdi1uxqkogiCbQrbjFhMR9Mebyl10UKmlfK5E0OAvTK_jvhtgHDs1ti2ZqDmAgYA80G8KJ9c5iv6CUxtgybolaUc__qz9j61QoJmlAl5j2Qb9zpkSy_krf8_zq11ManqoWHebwTItUX4usgar1oWt0aA2yEWfnvp80a2uLsar86EhOZcV9XMDelw9vKSHgEe58gVod9yExw49yE2fKe77gZd5dlVrv0wNiOAx5P_AM5_Ips1AjeCULTIJ69Ecur7N7AoAB3syNc4S0ype_mRpxyqrQfTa1o0RAFw1cMOp_6gwRzrKvmO3QchhTWhoXm808oeC14SO2ugj45MdHp8YQFO9JpgLhxViOUimSc-rHUS0WDNqt_iVWcEtnYonKU3d_UhQ4znyucCuaMEssxLCl9NR7GvRmtouiMMYlsVp4ZSjJ70B2oHbbZPdGPGXjtMJx82gBVGWJv2zWJaBA0sfzWRvW_Qjo6

Requested by

Host: b71adb14a14f29496d7699916e80b9c7.safeframe.googlesyndication.com
URL: https://b71adb14a14f29496d7699916e80b9c7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 20 Jun 2023 07:44:35 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 activeview
pagead2.googlesyndication.com/pcs/ Frame 28BC 42 B
64 B 64ms
64ms Image
image/gif 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsv8pW98-bKKEcBDH57Gzd70-tQnrseYVzdEm9zcu6ao5jJYcKZbbTKSuuA__6j1HYaUyubUK1CdGRFqTtCeGC-UUtUJexHs4iQ2WIABypKzmvL-5Nw_v0L3njfULanVYlV3ptO00EkDJEpZ&sai=AMfl-YRDgNag3-uv0439IZUyIV1vleWd-lWMfWg5RJ8wnVBZ-5eBqFw3_v0fGcFqqDgl2cCsMdwdr5PglcU5gScGwAzxL8XScgjuZDZk8MlgwyXAnkFeyN5EmaocBt7P&sig=Cg0ArKJSzFp8ExoXJnGKEAE&cid=CAQSPABygQiDKnoNl6fYlNOD7q4Aqo-t_RE6yIYozJZv-J7q2DuUNqs1rTJC5MO_lvWohvrvD6S4CsUT-qoNGBgB&id=ampim&o=315,155&d=970,250&ss=1600,1200&bs=1600,1200&mcvt=1000&mtos=0,0,0,1000,1000&tos=0,0,0,1000,0&tfs=334&tls=1334&g=100&h=100&tt=1335&r=v&avms=ampa&uap=&uapv=&uaa=&uam=&uafv=&uab=&uafvl=%5B%5D&uaw=false&adk=0

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.ensonhaber.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 20 Jun 2023 07:44:35 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 / Show response
adv.office-partner.de/ Frame 055E 930 B
932 B 101ms
22ms Document
text/html 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to

Full URL: https://adv.office-partner.de/?utm_source=webgains&utm_campaign=webgains
Requested by: Host: hal900026.redintelligence.net
URL: https://hal900026.redintelligence.net/request.php?zone=vjdy8w6hewcq&nw=20&renderingType=javascript&namespace=cd10c92c4b&subid=&uid=c17fb7430fa8c84a&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=970x250&scrollPos=0x0&extData[]=&extVar[]=DV360_SSP%3A1&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCin7d4liRZMPnOMmVgQeo7IqQB6blvaBplZOcp8kP8C4QASDWhtslYJWCgICYB8gBCakC0-pTdV1Ssj6oAwGqBIcCT9CmxvyQlfZPBrxESVTAS9DtAyiq6c-EZ4e7p0GvuFMY9OWAWmz6kU739Y7EJSWCJoHqCwsPnCch1mImFsCgW1IGqf5DF45yZOkCAaR59H0GrP-NglAHU4kw4iPpzEhw9O5U5AB-t12A__0kovLPspCaJI2LthTadI2dVJkkGh3ZsiNAqKlZTBTOkSrOBvP0BIp8aHjtPGsvoHHKyc2JxoVXmrT2psYax84_c6RZk8RhR0zt-YWBgVRtsfI1TfDdHzMdpT8Xb8VW_TyqC1iBRgwGFxX_J6z2DYiJwBl7VrAesvZl8d2xqAEDvoJUdSBA7-0T8Z8mxJFF2g3JZtC-skPVpfgBoqjABOuP_I73A-AEA5AGAaAGTYAHrK31nwOoB47OG6gHk9gbqAfulrECqAf-nrECqAeko7ECqAfVyRuoB6a-G6gHmgaoB_PRG6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggWCIDhgBAQARgdMgKqAjoCgEBIvf3BOoAKA5gLAcgLAYAMAbATzJzZEtATANgTA4gUAdgUAdAVAfgWAYAXAQ%26ae%3D1%26num%3D1%26cid%3DCAQSPABygQiD_YL3W3zaeveE2rdnD1ZwLuvWWHIOxgxitwgxGzkfGKMdmL1YhLkIIEhgRWRK2eB5Y-H4mGJDFhgB%26sig%3DAOD64_3hrNW-7Wmq82B9rdmnv3t9yQu1Og%26client%3Dca-pub-8601585505701947%26dbm_c%3DAKAmf-CGCXr6lhuS3blN4pgWTRuy7OnXyJI7u97-9fXXggt8vBHFOE_Z4dVMmp0JsOAayL7y416fmc05tf2aomHODElnopnHX-lIY_D5i9I34ZugKwG5SXGOhvp0_1lb-zlKWzVK8PJPy_BUJcR0EJZrxjqohiVXlp26Xr4VAgXDHVx5tG2AvrA%26cry%3D1%26dbm_d%3DAKAmf-CK77CIDNVqSGHLaHj7Ul33nWWvmHduKEoMvpccl6fRREReGt2A0BfkgggvRdc9l4ddWkTnSFCRdZ70NXBox2R3Ng-IJIRDi9OQ2io7VBHdAMYpQjR9buBTWI4RXLhNs_LGZbPvtpgnJsxqVEBEyZjRphonq-v7mczYKtoyxQSqU-bgQmiuKdpCTSNfpvDhD7bKniR3fVkCGZBouEL0KN9PNqE1AkpSo5COOrxRKYQHFJR8QILhzeswwkj44CtpJ8jzwMcLRxu3Ei5LmpNeT3rFBYwqjwiV3_MREpGT0EIsXORoTXPhbVvi3V68l3nK2mK9t4zl1YIuUGDoufyqrzwBrHt_iVsl6GH_R_F0GO463MkJ5SBPBEP7nLqM9WCH8OFF0zgPsx_C_TEBvV0wibIYaaJSfYXYArPCegX7FmXkoGWwBVtg5hUpDesG_2DYNWDYewYnxyECl_SzwNYE0YkE37-pyg7G_DxxlJuVQFfZrHnV1Kxt2XaU7Q-nsrQfRbmWlkSKRLXbQgnguSi1GlwfGKmJ9S2qz-B5H13_sH4d4D9YKr8%26adurl%3D&documentReferer=https%3A%2F%2Fwww.ensonhaber.com%2F&ancestorOrigins=https%3A%2F%2Fwww.ensonhaber.com&random=2474406794885&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),
Reverse DNS
Software: keycdn-engine /
Resource Hash: 384179ee8fb1fd393558e28ea811532ea776e8cd69f9e94f379ddefb78948bd7

Request headers

Referer: https://b71adb14a14f29496d7699916e80b9c7.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
cache-control: max-age=604800
content-encoding: gzip
content-length: 552
content-type: text/html
date: Tue, 20 Jun 2023 07:44:35 GMT
etag: "3a2-5c1ab16b3be00-gzip"
expires: Tue, 27 Jun 2023 07:44:35 GMT
last-modified: Thu, 06 May 2021 15:37:28 GMT
link: <https://adv-srv.office-partner.de/?utm_source=webgains&utm_campaign=webgains>; rel="canonical"
server: keycdn-engine
vary: Accept-Encoding
x-accel-version: 0.01
x-cache: HIT
x-edge-location: defr

GET
H/1.1 200
OK e99aace94e6e58733936cdd965d03e75 Show response
pv.medialead.de/trck/epv/ Frame EDE2 0
366 B 201ms
104ms Document
application/javascript 145.239.193.130
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://pv.medialead.de/trck/epv/e99aace94e6e58733936cdd965d03e75?subid=71685700031512704444990012361026&t=htlp&gdpr=1&consent=1&gdpr_consent=

Requested by

Host: hal900026.redintelligence.net
URL: https://hal900026.redintelligence.net/request.php?zone=vjdy8w6hewcq&nw=20&renderingType=javascript&namespace=cd10c92c4b&subid=&uid=c17fb7430fa8c84a&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=970x250&scrollPos=0x0&extData[]=&extVar[]=DV360_SSP%3A1&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCin7d4liRZMPnOMmVgQeo7IqQB6blvaBplZOcp8kP8C4QASDWhtslYJWCgICYB8gBCakC0-pTdV1Ssj6oAwGqBIcCT9CmxvyQlfZPBrxESVTAS9DtAyiq6c-EZ4e7p0GvuFMY9OWAWmz6kU739Y7EJSWCJoHqCwsPnCch1mImFsCgW1IGqf5DF45yZOkCAaR59H0GrP-NglAHU4kw4iPpzEhw9O5U5AB-t12A__0kovLPspCaJI2LthTadI2dVJkkGh3ZsiNAqKlZTBTOkSrOBvP0BIp8aHjtPGsvoHHKyc2JxoVXmrT2psYax84_c6RZk8RhR0zt-YWBgVRtsfI1TfDdHzMdpT8Xb8VW_TyqC1iBRgwGFxX_J6z2DYiJwBl7VrAesvZl8d2xqAEDvoJUdSBA7-0T8Z8mxJFF2g3JZtC-skPVpfgBoqjABOuP_I73A-AEA5AGAaAGTYAHrK31nwOoB47OG6gHk9gbqAfulrECqAf-nrECqAeko7ECqAfVyRuoB6a-G6gHmgaoB_PRG6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggWCIDhgBAQARgdMgKqAjoCgEBIvf3BOoAKA5gLAcgLAYAMAbATzJzZEtATANgTA4gUAdgUAdAVAfgWAYAXAQ%26ae%3D1%26num%3D1%26cid%3DCAQSPABygQiD_YL3W3zaeveE2rdnD1ZwLuvWWHIOxgxitwgxGzkfGKMdmL1YhLkIIEhgRWRK2eB5Y-H4mGJDFhgB%26sig%3DAOD64_3hrNW-7Wmq82B9rdmnv3t9yQu1Og%26client%3Dca-pub-8601585505701947%26dbm_c%3DAKAmf-CGCXr6lhuS3blN4pgWTRuy7OnXyJI7u97-9fXXggt8vBHFOE_Z4dVMmp0JsOAayL7y416fmc05tf2aomHODElnopnHX-lIY_D5i9I34ZugKwG5SXGOhvp0_1lb-zlKWzVK8PJPy_BUJcR0EJZrxjqohiVXlp26Xr4VAgXDHVx5tG2AvrA%26cry%3D1%26dbm_d%3DAKAmf-CK77CIDNVqSGHLaHj7Ul33nWWvmHduKEoMvpccl6fRREReGt2A0BfkgggvRdc9l4ddWkTnSFCRdZ70NXBox2R3Ng-IJIRDi9OQ2io7VBHdAMYpQjR9buBTWI4RXLhNs_LGZbPvtpgnJsxqVEBEyZjRphonq-v7mczYKtoyxQSqU-bgQmiuKdpCTSNfpvDhD7bKniR3fVkCGZBouEL0KN9PNqE1AkpSo5COOrxRKYQHFJR8QILhzeswwkj44CtpJ8jzwMcLRxu3Ei5LmpNeT3rFBYwqjwiV3_MREpGT0EIsXORoTXPhbVvi3V68l3nK2mK9t4zl1YIuUGDoufyqrzwBrHt_iVsl6GH_R_F0GO463MkJ5SBPBEP7nLqM9WCH8OFF0zgPsx_C_TEBvV0wibIYaaJSfYXYArPCegX7FmXkoGWwBVtg5hUpDesG_2DYNWDYewYnxyECl_SzwNYE0YkE37-pyg7G_DxxlJuVQFfZrHnV1Kxt2XaU7Q-nsrQfRbmWlkSKRLXbQgnguSi1GlwfGKmJ9S2qz-B5H13_sH4d4D9YKr8%26adurl%3D&documentReferer=https%3A%2F%2Fwww.ensonhaber.com%2F&ancestorOrigins=https%3A%2F%2Fwww.ensonhaber.com&random=2474406794885&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

145.239.193.130 , France, ASN16276 (OVH, FR),

Reverse DNS

Software

nginx/1.17.5 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000

Request headers

Referer: https://b71adb14a14f29496d7699916e80b9c7.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Content-Length: 0
Content-Type: application/javascript; charset=utf-8
Date: Tue, 20 Jun 2023 07:44:36 GMT
Host: pv.medialead.de
Keep-Alive: timeout=20
Proxy-Host: pv.medialead.de
Server: nginx/1.17.5
Strict-Transport-Security: max-age=15768000
X-IPLB-Instance: 40028
X-IPLB-Request-ID: D972D785:A3A2_91EFC182:01BB_649158E3_1CB521C:1ECFD

GET
H2

200

htlp Show response
futalis.de/ Frame B39A
Redirect Chain

https://cdn.retailads.net/tb.php?t=150337V2172132532M&subid=71685700031512704444990012361026&ra_cnt_active=1&ra_cnt=1
https://futalis.de/htlp?utm_medium=affiliate&utm_source=retailads&utm_campaign=150337&ra_id=2802347527

350 B
401 B

106ms
28ms

Document
text/html

49.12.16.151
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://futalis.de/htlp?utm_medium=affiliate&utm_source=retailads&utm_campaign=150337&ra_id=2802347527
Requested by: Host: hal900026.redintelligence.net
URL: https://hal900026.redintelligence.net/request.php?zone=vjdy8w6hewcq&nw=20&renderingType=javascript&namespace=cd10c92c4b&subid=&uid=c17fb7430fa8c84a&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=970x250&scrollPos=0x0&extData[]=&extVar[]=DV360_SSP%3A1&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCin7d4liRZMPnOMmVgQeo7IqQB6blvaBplZOcp8kP8C4QASDWhtslYJWCgICYB8gBCakC0-pTdV1Ssj6oAwGqBIcCT9CmxvyQlfZPBrxESVTAS9DtAyiq6c-EZ4e7p0GvuFMY9OWAWmz6kU739Y7EJSWCJoHqCwsPnCch1mImFsCgW1IGqf5DF45yZOkCAaR59H0GrP-NglAHU4kw4iPpzEhw9O5U5AB-t12A__0kovLPspCaJI2LthTadI2dVJkkGh3ZsiNAqKlZTBTOkSrOBvP0BIp8aHjtPGsvoHHKyc2JxoVXmrT2psYax84_c6RZk8RhR0zt-YWBgVRtsfI1TfDdHzMdpT8Xb8VW_TyqC1iBRgwGFxX_J6z2DYiJwBl7VrAesvZl8d2xqAEDvoJUdSBA7-0T8Z8mxJFF2g3JZtC-skPVpfgBoqjABOuP_I73A-AEA5AGAaAGTYAHrK31nwOoB47OG6gHk9gbqAfulrECqAf-nrECqAeko7ECqAfVyRuoB6a-G6gHmgaoB_PRG6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggWCIDhgBAQARgdMgKqAjoCgEBIvf3BOoAKA5gLAcgLAYAMAbATzJzZEtATANgTA4gUAdgUAdAVAfgWAYAXAQ%26ae%3D1%26num%3D1%26cid%3DCAQSPABygQiD_YL3W3zaeveE2rdnD1ZwLuvWWHIOxgxitwgxGzkfGKMdmL1YhLkIIEhgRWRK2eB5Y-H4mGJDFhgB%26sig%3DAOD64_3hrNW-7Wmq82B9rdmnv3t9yQu1Og%26client%3Dca-pub-8601585505701947%26dbm_c%3DAKAmf-CGCXr6lhuS3blN4pgWTRuy7OnXyJI7u97-9fXXggt8vBHFOE_Z4dVMmp0JsOAayL7y416fmc05tf2aomHODElnopnHX-lIY_D5i9I34ZugKwG5SXGOhvp0_1lb-zlKWzVK8PJPy_BUJcR0EJZrxjqohiVXlp26Xr4VAgXDHVx5tG2AvrA%26cry%3D1%26dbm_d%3DAKAmf-CK77CIDNVqSGHLaHj7Ul33nWWvmHduKEoMvpccl6fRREReGt2A0BfkgggvRdc9l4ddWkTnSFCRdZ70NXBox2R3Ng-IJIRDi9OQ2io7VBHdAMYpQjR9buBTWI4RXLhNs_LGZbPvtpgnJsxqVEBEyZjRphonq-v7mczYKtoyxQSqU-bgQmiuKdpCTSNfpvDhD7bKniR3fVkCGZBouEL0KN9PNqE1AkpSo5COOrxRKYQHFJR8QILhzeswwkj44CtpJ8jzwMcLRxu3Ei5LmpNeT3rFBYwqjwiV3_MREpGT0EIsXORoTXPhbVvi3V68l3nK2mK9t4zl1YIuUGDoufyqrzwBrHt_iVsl6GH_R_F0GO463MkJ5SBPBEP7nLqM9WCH8OFF0zgPsx_C_TEBvV0wibIYaaJSfYXYArPCegX7FmXkoGWwBVtg5hUpDesG_2DYNWDYewYnxyECl_SzwNYE0YkE37-pyg7G_DxxlJuVQFfZrHnV1Kxt2XaU7Q-nsrQfRbmWlkSKRLXbQgnguSi1GlwfGKmJ9S2qz-B5H13_sH4d4D9YKr8%26adurl%3D&documentReferer=https%3A%2F%2Fwww.ensonhaber.com%2F&ancestorOrigins=https%3A%2F%2Fwww.ensonhaber.com&random=2474406794885&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 49.12.16.151 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: lb-1.futalis.de
Software: /
Resource Hash: 582e283baa4cce4006055beb2eb8fe257c1ec5ef573a40f173b880636089e8cd

Request headers

Referer: https://b71adb14a14f29496d7699916e80b9c7.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

content-length: 350
content-type: text/html; charset=utf-8

Redirect headers

content-length: 0
content-type: text/html; charset=utf-8
date: Tue, 20 Jun 2023 07:44:35 GMT
location: https://futalis.de/htlp?utm_medium=affiliate&utm_source=retailads&utm_campaign=150337&ra_id=2802347527
p3p: policyref="https://www.retailads.net/w3c/p3p.xml",CP="NOI CUR OUR STP"
server: Apache
xphp81: true

GET
H2 200 link.html Show response
track.webgains.com/ Frame 0093 2 KB
2 KB 207ms
112ms Script
text/html 18.170.178.181
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://track.webgains.com/link.html?wglinkid=498343&wgcampaignid=99582&js=1&viewref=71685700031512704444990012361026&nw=1
Requested by: Host: www.ensonhaber.com
URL: https://www.ensonhaber.com/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.170.178.181 London, United Kingdom, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-170-178-181.eu-west-2.compute.amazonaws.com
Software: nginx / PHP/7.4.26
Resource Hash: 274811f26cd196699a35ba05bc1bd53a09a46a2a8763e7be9c81f8974eb9f9c9

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://b71adb14a14f29496d7699916e80b9c7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 07:44:36 GMT
last-modified: Tue, 20 Jun 2023 07:44:35 GMT
server: nginx
x-powered-by: PHP/7.4.26
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=60
access-control-allow-headers: Authorization
expires: Tue, 20 Jun 2023 07:45:35 GMT

GET
H/1.1 200
OK e99aace94e6e58733936cdd965d03e75 Show response
pv.medialead.de/trck/epv/ Frame 0093 0
366 B 193ms
90ms Script
application/javascript 145.239.193.130
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://pv.medialead.de/trck/epv/e99aace94e6e58733936cdd965d03e75?subid=71685700031512704444990012361026&t=htlp&gdpr=1&consent=1&gdpr_consent=

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

145.239.193.130 , France, ASN16276 (OVH, FR),

Reverse DNS

Software

nginx/1.17.5 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://b71adb14a14f29496d7699916e80b9c7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Date: Tue, 20 Jun 2023 07:44:36 GMT
Strict-Transport-Security: max-age=15768000
Server: nginx/1.17.5
Host: pv.medialead.de
X-IPLB-Request-ID: D972D785:A39E_91EFC182:01BB_649158E3_1C8A105:25BCF
X-IPLB-Instance: 40027
Content-Type: application/javascript; charset=utf-8
Keep-Alive: timeout=20
Content-Length: 0
Proxy-Host: pv.medialead.de

GET
H/1.1 200
OK e99aace94e6e58733936cdd965d03e75
pv.medialead.de/trck/eview/ Frame 0093 43 B
382 B 213ms
109ms Image
image/gif 145.239.193.130
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pv.medialead.de/trck/eview/e99aace94e6e58733936cdd965d03e75?subid=71685700031512704444990012361026&t=htlp&gdpr=1&consent=1&gdpr_consent=

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

145.239.193.130 , France, ASN16276 (OVH, FR),

Reverse DNS

Software

nginx/1.17.5 /

Resource Hash

548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://b71adb14a14f29496d7699916e80b9c7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Date: Tue, 20 Jun 2023 07:44:36 GMT
Strict-Transport-Security: max-age=15768000
Server: nginx/1.17.5
Host: pv.medialead.de
X-IPLB-Request-ID: D972D785:A3A0_91EFC182:01BB_649158E3_1CB521E:1ECFD
X-IPLB-Instance: 40028
Content-Type: image/gif
Keep-Alive: timeout=20
Content-Length: 43
Proxy-Host: pv.medialead.de

GET
H/1.1 200
OK cshow.php
www.awin1.com/ Frame 0093 43 B
704 B 165ms
104ms Image
image/gif 92.123.148.9
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.awin1.com/cshow.php?s=2874697&v=22610&q=408799&r=296283&pref1=71685700031512704444990012361026&pv=1

Requested by

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

92.123.148.9 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a92-123-148-9.deploy.static.akamaitechnologies.com

Software

Resource Hash

2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://b71adb14a14f29496d7699916e80b9c7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 20 Jun 2023 07:44:35 GMT
Strict-Transport-Security: max-age=86400
Node: Helix
Content-Type: image/gif
P3P: policyref="http://www.awin1.com/w3c/p3p.xml", CP="NOI NID CURa ADMa PSAa HISa OUR IND UNI PUR COM NAV"
Cache-Control: no-store, no-cache, max-age=0, must-revalidate
Awin-Akamai-Rule-Set: default
Connection: keep-alive
Content-Length: 43
Expires: 0

GET
H3 200 gtm.js Show response
www.googletagmanager.com/ Frame 055E 112 KB
43 KB 33ms
33ms Script
application/javascript 2a00:1450:4001:82f::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-TBMT2SF

Requested by

Host: adv.office-partner.de
URL: https://adv.office-partner.de/?utm_source=webgains&utm_campaign=webgains

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

5cd5a5a9c03439da75b1bd5ca762a022b3334a45ff6fd59f4d983fa4bfaa40f2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://adv.office-partner.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 07:44:36 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 44151
x-xss-protection: 0
last-modified: Tue, 20 Jun 2023 06:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Tue, 20 Jun 2023 07:44:36 GMT

GET
H2

200

activityi;dc_pre=CKev_JSt0f8CFdGkmgodvysH3w;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=2319750603890.716 Show response
5994599.fls.doubleclick.net/ Frame 8B2E
Redirect Chain

https://5994599.fls.doubleclick.net/activityi;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=2319750603890.716?
https://5994599.fls.doubleclick.net/activityi;dc_pre=CKev_JSt0f8CFdGkmgodvysH3w;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=2319750603890.716?

391 B
325 B

63ms
63ms

Document
text/html

142.250.184.230
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://5994599.fls.doubleclick.net/activityi;dc_pre=CKev_JSt0f8CFdGkmgodvysH3w;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=2319750603890.716?

Requested by

Host: b71adb14a14f29496d7699916e80b9c7.safeframe.googlesyndication.com
URL: https://b71adb14a14f29496d7699916e80b9c7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.184.230 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f6.1e100.net

Software

cafe /

Resource Hash

71a22144750f335f765c54ce64ea86c9fa05ea6e10c8d931ffb29b58e5ec1a17

Security Headers

Name	Value
Strict-Transport-Security	max-age=21600
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://b71adb14a14f29496d7699916e80b9c7.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=0
content-encoding: br
content-length: 216
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 20 Jun 2023 07:44:36 GMT
expires: Tue, 20 Jun 2023 07:44:36 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
strict-transport-security: max-age=21600
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, must-revalidate
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 20 Jun 2023 07:44:36 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
follow-only-when-prerender-shown: 1
location: https://5994599.fls.doubleclick.net/activityi;dc_pre=CKev_JSt0f8CFdGkmgodvysH3w;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=2319750603890.716?
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma: no-cache
server: cafe
strict-transport-security: max-age=21600
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H/1.1 200
OK request_content.php Show response
hal900026.redintelligence.net/ Frame 3E84 7 KB
3 KB 74ms
25ms Document
text/html 138.201.84.244
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal900026.redintelligence.net/request_content.php?s=71685700031512704444990012361026&a=ca7676ce
Requested by: Host: b71adb14a14f29496d7699916e80b9c7.safeframe.googlesyndication.com
URL: https://b71adb14a14f29496d7699916e80b9c7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.84.244 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.244.84.201.138.clients.your-server.de
Software: Apache /
Resource Hash: 56d4d045ac0af97835d434ecac09a367803cbe456596781d4f386291d85cd872

Request headers

Referer: https://b71adb14a14f29496d7699916e80b9c7.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Connection: close
Content-Encoding: gzip
Content-Length: 2196
Content-Type: text/html; charset=utf-8
Date: Tue, 20 Jun 2023 07:44:36 GMT
Expires: Tue, 20 Jun 2023 08:44:36 +0200
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Pragma: no-cache
Server: Apache
Vary: Accept-Encoding

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 69FE 1 KB
643 B 25ms
20ms Document
text/html 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: b71adb14a14f29496d7699916e80b9c7.safeframe.googlesyndication.com
URL: https://b71adb14a14f29496d7699916e80b9c7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://b71adb14a14f29496d7699916e80b9c7.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 66326
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=86400
content-encoding: br
content-length: 618
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 19 Jun 2023 13:19:10 GMT
etag: 48472445140208031
expires: Tue, 20 Jun 2023 13:19:10 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame 0093 214 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 7e2e647e80d462064c6c2a5aac73b4d0d2b1bfe9fc34a6cf8ceb59ad848b81b2

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 ts.js Show response
cdn.retailads.net/ Frame B39A 5 KB
5 KB 25ms
25ms Script
application/javascript 2a01:4f8:d0a:2321::2
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.retailads.net/ts.js
Requested by: Host: futalis.de
URL: https://futalis.de/htlp?utm_medium=affiliate&utm_source=retailads&utm_campaign=150337&ra_id=2802347527
Protocol: H2
Security: TLS 1.3, , CHACHA20_POLY1305
Server: 2a01:4f8:d0a:2321::2 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
Software: Apache /
Resource Hash: 525e7c89461afb3f73ea7030fbceba4f9e9383570159926acee637b4f86b8148

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://futalis.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 07:44:36 GMT
last-modified: Wed, 05 Apr 2023 20:14:46 GMT
server: Apache
etag: "1416-5f89c717cdc2f"
content-type: application/javascript
xphp81: true
accept-ranges: bytes
content-length: 5142

GET
H2 200 pvClk.min.js Show response
analytics.webgains.io/ Frame 0093 85 KB
31 KB 116ms
34ms Script
text/javascript 108.138.36.89
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.webgains.io/pvClk.min.js
Requested by: Host: track.webgains.com
URL: https://track.webgains.com/link.html?wglinkid=498343&wgcampaignid=99582&js=1&viewref=71685700031512704444990012361026&nw=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 108.138.36.89 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-108-138-36-89.muc50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 00c5621a3f56c052959f8f0591b65e893f132b49b1447fde20767966cacbfbfe

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://b71adb14a14f29496d7699916e80b9c7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Mon, 19 Jun 2023 07:54:53 GMT
content-encoding: gzip
via: 1.1 09dddedbac44fa07d4af5f638358fa8a.cloudfront.net (CloudFront)
last-modified: Wed, 15 Mar 2023 17:26:29 GMT
server: AmazonS3
x-amz-cf-pop: MUC50-P2
age: 85784
etag: W/"876c293e6c37046ecb0c11ce2e276942"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/javascript
x-amz-cf-id: srgmXG3e4zQ9DrhahoyVuauyRXJFHWPhF4h64McwPubRRdvpltTiWA==

GET
H2 200 1x1.gif
cdn.track.production.webgains.team/7121/ Frame 0093 85 B
439 B 91ms
26ms Image
image/gif 108.138.36.21
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.track.production.webgains.team/7121/1x1.gif?Expires=1687247376&Signature=DtPtP~Ex6MPwXT1ug8ZZqwXMhJCBZO~x46YwQW0UhIirySP4Wbz50m5FVTSJ9Lmc~qdf6dU76fDyJHwibdHS5Gamt4OHiXfvepDYSPqvZjWet9TXdGKchtuZZPO2K0cSXn80C827zC~m6fb~w3qM8y4gGuvDd9cb-gRYOKDyuk3j93Hglru5mIKPPkGu9OkzzVOKyr1bHvVb3job1bH0GDGXvUdA~OGsc3muziJKp1pAKLTmDTIoz2T1-YeIRCvQcrkkiiHHq4CFM3WWWu6AT5iIbaYmbcAfQBA7BLOODCZoSK6VkFHlIX4m94h~SJzlAUAvGUg1XEiiCIT0WrvPGA__&Key-Pair-Id=K28VXAGA7VWE0O
Requested by: Host: b71adb14a14f29496d7699916e80b9c7.safeframe.googlesyndication.com
URL: https://b71adb14a14f29496d7699916e80b9c7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 108.138.36.21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-108-138-36-21.muc50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 08409d08d8d118c6c6d1c375e079bfce656ac367ff4d1dd9551fff110033c185

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://b71adb14a14f29496d7699916e80b9c7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

x-amz-version-id: null
date: Tue, 20 Jun 2023 02:31:20 GMT
via: 1.1 91220e34cbdd95f669dbfd83e711fee6.cloudfront.net (CloudFront)
last-modified: Fri, 06 May 2022 11:40:06 GMT
server: AmazonS3
x-amz-cf-pop: MUC50-P2
age: 18797
etag: "70af33d70b6810475aae19743c8c435b"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: image/gif
accept-ranges: bytes
content-length: 85
x-amz-cf-id: CB5E5IjqEQ9dpFANYpMTce3wnI6CjycsnMV4AmmYq_OkJxTX8mp2DA==

GET
H2 200 dpixel
cms.quantserve.com/ Frame 69FE 35 B
465 B 477ms
138ms Image
image/gif 2620:116:800d:21:93ca:31d8:d86e:38f6
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cms.quantserve.com/dpixel?a=p-n5vvLvRdjg0ek&eid=0&qc_google_push=&google_gid=CAESEFDPQDiqm-3K2Rw4K1yJDfM&google_cver=1&google_push=ATf1kGOOmGmJiK2uUfSZuxLH7a8y99weyU3oLy7tkaXcxjCx5z2b2TtocikBC2tGIjlpwozl46zDIUm0IeTnTrTmXGT1wClC1qQi0Q

Requested by

Host: b71adb14a14f29496d7699916e80b9c7.safeframe.googlesyndication.com
URL: https://b71adb14a14f29496d7699916e80b9c7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:116:800d:21:93ca:31d8:d86e:38f6 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 20 Jun 2023 07:44:36 GMT
strict-transport-security: max-age=86400
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
content-type: image/gif
cache-control: private, no-cache, no-store, proxy-revalidate
content-length: 35
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H2 200 google
match.adsrvr.org/track/cmf/ Frame 69FE 70 B
265 B 140ms
45ms Image
image/gif 52.223.40.198
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.adsrvr.org/track/cmf/google?google_gid=CAESEFVpylaRp1zSVcR3Vy3kRl8&google_cver=1&google_push=ATf1kGPmJ08nd_uqlLL39nHrSzunUb9iw1RDI94wT7Oi9KpLsMqBdtrQhlVpQV_FDItCvoRQ7o_WPzRNa6lsiLPMR-7KG8df88i5AQ
Requested by: Host: b71adb14a14f29496d7699916e80b9c7.safeframe.googlesyndication.com
URL: https://b71adb14a14f29496d7699916e80b9c7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.223.40.198 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a6370ebea231e0c9a.awsglobalaccelerator.com
Software: /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

content-type: image/gif
pragma: no-cache
date: Tue, 20 Jun 2023 07:44:36 GMT
cache-control: private,no-cache, must-revalidate
x-aspnet-version: 4.0.30319
content-length: 70
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"

GET
H2 200 dds
rtb.openx.net/sync/ Frame 69FE 43 B
103 B 30ms
28ms Image
image/gif 35.227.252.103
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb.openx.net/sync/dds?google_gid=CAESECEdpvyIZMMPUIWUCUAKNbI&google_cver=1&google_push=ATf1kGODmyrJ3b9L-5t6XenTKrMbT2i6hK7ynDevBAyB8lKdUnorXwzzaplv7btt-o5kfeNGEqnbsefoaxZs72pELpSxXiUqOzT8
Requested by: Host: b71adb14a14f29496d7699916e80b9c7.safeframe.googlesyndication.com
URL: https://b71adb14a14f29496d7699916e80b9c7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.227.252.103 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 103.252.227.35.bc.googleusercontent.com
Software: /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 20 Jun 2023 07:44:36 GMT
via: 1.1 google
content-type: image/gif
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache, must-revalidate
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 69FE
Redirect Chain

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEL2EYkENorUraGe-YtdO7QY&google_cver=1&google_push=ATf1kGPynGqMU81tfv_cgim6npsCqyPHmGBJOeH60M5wuQIWnxKEVBRiTCOJN35Z4Lh87YHPTm8...
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TEozWkNHMUMtQy1LNURQ&google_push=ATf1kGPynGqMU81tfv_cgim6npsCqyPHmGBJOeH60M5wuQIWnxKEVBRiTCOJN35Z4Lh87YHPTm8Wvu0nvV9sxlTonz2lgUdCEoiyLw

170 B
188 B

33ms
33ms

Image
image/png

172.217.23.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TEozWkNHMUMtQy1LNURQ&google_push=ATf1kGPynGqMU81tfv_cgim6npsCqyPHmGBJOeH60M5wuQIWnxKEVBRiTCOJN35Z4Lh87YHPTm8Wvu0nvV9sxlTonz2lgUdCEoiyLw

Requested by

Host: b71adb14a14f29496d7699916e80b9c7.safeframe.googlesyndication.com
URL: https://b71adb14a14f29496d7699916e80b9c7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Server

172.217.23.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

mil04s23-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 20 Jun 2023 07:44:36 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Content-Type: text/html
Location: https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TEozWkNHMUMtQy1LNURQ&google_push=ATf1kGPynGqMU81tfv_cgim6npsCqyPHmGBJOeH60M5wuQIWnxKEVBRiTCOJN35Z4Lh87YHPTm8Wvu0nvV9sxlTonz2lgUdCEoiyLw
Cache-Control: no-cache,no-store,must-revalidate
content-length: 0
X-RPHost: 66ef90d06496cfd000aab8206f2b6221
Expires: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 69FE
Redirect Chain

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEHhCRzFT4mBmZ9w2M8DgfdU&google_cver=1&googl...
https://cm.g.doubleclick.net/pixel?google_cver=1&google_gid=CAESEHhCRzFT4mBmZ9w2M8DgfdU&google_hm=ZJFY4he-Xz1H7v7FyXnlvgAACKwAAAIB&google_nid=index&google_push=ATf1kGPb_1lNFgxWqFnD74bSlfsLo95tPf-Fq...

170 B
188 B

31ms
31ms

Image
image/png

172.217.23.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_cver=1&google_gid=CAESEHhCRzFT4mBmZ9w2M8DgfdU&google_hm=ZJFY4he-Xz1H7v7FyXnlvgAACKwAAAIB&google_nid=index&google_push=ATf1kGPb_1lNFgxWqFnD74bSlfsLo95tPf-FqFWFHjAqV_ederBvG33qHsZjCj-fnqiqLU96tyyMdPkeBxVQuqxD_nufmnf-OCFT

Requested by

Host: b71adb14a14f29496d7699916e80b9c7.safeframe.googlesyndication.com
URL: https://b71adb14a14f29496d7699916e80b9c7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Server

172.217.23.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

mil04s23-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 20 Jun 2023 07:44:36 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Tue, 20 Jun 2023 07:44:36 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Location: https://cm.g.doubleclick.net/pixel?google_cver=1&google_gid=CAESEHhCRzFT4mBmZ9w2M8DgfdU&google_hm=ZJFY4he-Xz1H7v7FyXnlvgAACKwAAAIB&google_nid=index&google_push=ATf1kGPb_1lNFgxWqFnD74bSlfsLo95tPf-FqFWFHjAqV_ederBvG33qHsZjCj-fnqiqLU96tyyMdPkeBxVQuqxD_nufmnf-OCFT
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=500
Content-Length: 0
Expires: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 69FE
Redirect Chain

https://ads.yieldmo.com/exptsync?google_gid=CAESEPrbzMCvRVFjgTGUyLed-_A&google_cver=1&google_push=ATf1kGMZGbJa5otQMSR7gvylg7Pkjv8Iq8PlaZkJs3uPRuaHTbNTLTTVlfWu_M8mu0QtzpiU8V2Dq2oOvAep249CcMOKaVq6e8-y
https://cm.g.doubleclick.net/pixel?google_nid=yieldmo&google_push=ATf1kGMZGbJa5otQMSR7gvylg7Pkjv8Iq8PlaZkJs3uPRuaHTbNTLTTVlfWu_M8mu0QtzpiU8V2Dq2oOvAep249CcMOKaVq6e8-y&google_hm=M2hIaUx5eUdHRHlzM1BP...

170 B
188 B

33ms
32ms

Image
image/png

172.217.23.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=yieldmo&google_push=ATf1kGMZGbJa5otQMSR7gvylg7Pkjv8Iq8PlaZkJs3uPRuaHTbNTLTTVlfWu_M8mu0QtzpiU8V2Dq2oOvAep249CcMOKaVq6e8-y&google_hm=M2hIaUx5eUdHRHlzM1BPRHJGbTk=

Protocol

Server

172.217.23.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

mil04s23-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 20 Jun 2023 07:44:36 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Tue, 20 Jun 2023 07:44:36 GMT
accept-ch: Sec-CH-UA,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-Model,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Mobile
access-control-allow-methods: POST, GET, OPTIONS
content-type: application/json;charset=utf-8
location: https://cm.g.doubleclick.net/pixel?google_nid=yieldmo&google_push=ATf1kGMZGbJa5otQMSR7gvylg7Pkjv8Iq8PlaZkJs3uPRuaHTbNTLTTVlfWu_M8mu0QtzpiU8V2Dq2oOvAep249CcMOKaVq6e8-y&google_hm=M2hIaUx5eUdHRHlzM1BPRHJGbTk=
access-control-allow-origin: *
access-control-allow-headers: Cache-Control, Pragma, *
content-length: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 69FE
Redirect Chain

https://cs.media.net/cksync?type=g&google_gid=CAESEGFxQJDV1qdJkb74SIzBTeU&google_cver=1&google_push=ATf1kGNWJvRZPlq2PmaOkG553I_zaVBaCBK3R8k9bdSWfLYX40MvI0lMIlzTa3-h6ABXJtUHpdItnSXQmrvNy5rfHLvXWkZAbp_D
https://cm.g.doubleclick.net/pixel?google_nid=media&google_hm=MzMwMjQ4Njc0ODIxNDkxODAwMFYxMA%3d%3d&mn_hm=MzMwMjQ4Njc0ODIxNDkxODAwMFYxMA%3d%3d&google_sc=1&google_push=ATf1kGNWJvRZPlq2PmaOkG553I_zaVB...

170 B
188 B

33ms
33ms

Image
image/png

172.217.23.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=media&google_hm=MzMwMjQ4Njc0ODIxNDkxODAwMFYxMA%3d%3d&mn_hm=MzMwMjQ4Njc0ODIxNDkxODAwMFYxMA%3d%3d&google_sc=1&google_push=ATf1kGNWJvRZPlq2PmaOkG553I_zaVBaCBK3R8k9bdSWfLYX40MvI0lMIlzTa3-h6ABXJtUHpdItnSXQmrvNy5rfHLvXWkZAbp_D&gdpr=&gdpr_consent=

Requested by

Host: b71adb14a14f29496d7699916e80b9c7.safeframe.googlesyndication.com
URL: https://b71adb14a14f29496d7699916e80b9c7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Server

172.217.23.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

mil04s23-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 20 Jun 2023 07:44:36 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Tue, 20 Jun 2023 07:44:36 GMT
Server: Apache
p3p: CP="NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA", CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA
Location: https://cm.g.doubleclick.net/pixel?google_nid=media&google_hm=MzMwMjQ4Njc0ODIxNDkxODAwMFYxMA%3d%3d&mn_hm=MzMwMjQ4Njc0ODIxNDkxODAwMFYxMA%3d%3d&google_sc=1&google_push=ATf1kGNWJvRZPlq2PmaOkG553I_zaVBaCBK3R8k9bdSWfLYX40MvI0lMIlzTa3-h6ABXJtUHpdItnSXQmrvNy5rfHLvXWkZAbp_D&gdpr=&gdpr_consent=
Content-Type: text/html
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Length: 154
x-mnet-hl2: E
Expires: Tue, 20 Jun 2023 07:44:36 GMT

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame 69FE 0
12 B 31ms
30ms Image
text/html 172.217.23.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13LEdfKkiRvMQaGb71IoBObAGZno16a8BUiiDWhJsT35b39aT3v_VZXNOQmqP2CmNrk4BC5Q

Requested by

Host: b71adb14a14f29496d7699916e80b9c7.safeframe.googlesyndication.com
URL: https://b71adb14a14f29496d7699916e80b9c7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.23.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

mil04s23-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 07:44:36 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H2 200 css
fonts.googleapis.com/ Frame 3E84 5 KB
778 B 32ms
30ms Stylesheet
text/css 2a00:1450:4001:806::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Source+Sans+Pro:400,600

Requested by

Host: hal900026.redintelligence.net
URL: https://hal900026.redintelligence.net/request_content.php?s=71685700031512704444990012361026&a=ca7676ce

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

e334ca19f092778f57815a534078daf8e3fce269e56f7ea374ab3a117eee92ad

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal900026.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Tue, 20 Jun 2023 07:44:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Tue, 20 Jun 2023 06:17:25 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Tue, 20 Jun 2023 07:44:36 GMT

GET
H/1.1 200
OK /
hal9000.redintelligence.net/scale/ Frame 3E84 57 KB
57 KB 80ms
27ms Image
image/png 136.243.149.243
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://hal9000.redintelligence.net/scale/?nw=20&mode=bb&width=240&height=150&url=https://cdn.contentspread.net/24i/advertiser/30229/creativesup/1200x627_Office-Partner.jpg
Requested by: Host: hal900026.redintelligence.net
URL: https://hal900026.redintelligence.net/request_content.php?s=71685700031512704444990012361026&a=ca7676ce
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 136.243.149.243 Radeberg, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.243.149.243.136.clients.your-server.de
Software: Apache /
Resource Hash: 49aeb154be267443a9547e667f7917a1ae429089d54bbe8c0bd5925efcfde759

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal900026.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Date: Tue, 20 Jun 2023 07:44:36 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 57893
Vary: Accept-Encoding
Content-Type: image/png

GET
H/1.1 200
OK /
hal9000.redintelligence.net/scale/ Frame 3E84 66 KB
66 KB 82ms
28ms Image
image/png 136.243.149.243
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://hal9000.redintelligence.net/scale/?nw=20&mode=bb&width=240&height=150&url=https://cdn.contentspread.net/24i/advertiser/6383/creativesup/postbank_pool_privatkredit_1200x627.jpg
Requested by: Host: hal900026.redintelligence.net
URL: https://hal900026.redintelligence.net/request_content.php?s=71685700031512704444990012361026&a=ca7676ce
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 136.243.149.243 Radeberg, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.243.149.243.136.clients.your-server.de
Software: Apache /
Resource Hash: c75c317d3669999db66b7f2829ccfbeb75068809f4e1297ed6e88b3bab843346

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal900026.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Date: Tue, 20 Jun 2023 07:44:36 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Vary: Accept-Encoding
Transfer-Encoding: chunked
Content-Type: image/png

GET
H/1.1 200
OK /
hal9000.redintelligence.net/scale/ Frame 3E84 63 KB
63 KB 82ms
29ms Image
image/png 136.243.149.243
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://hal9000.redintelligence.net/scale/?nw=20&mode=bb&width=240&height=150&url=https://cdn.contentspread.net/24i/advertiser/59171/creativesup/vega-1200x627.jpg
Requested by: Host: hal900026.redintelligence.net
URL: https://hal900026.redintelligence.net/request_content.php?s=71685700031512704444990012361026&a=ca7676ce
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 136.243.149.243 Radeberg, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.243.149.243.136.clients.your-server.de
Software: Apache /
Resource Hash: e4e2e7622a27594eae9ebd5b7b84ce49b34b512cf3b903f97b1d0c997d04ab36

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal900026.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Date: Tue, 20 Jun 2023 07:44:36 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 64166
Vary: Accept-Encoding
Content-Type: image/png

GET
H/1.1 200
OK /
hal9000.redintelligence.net/scale/ Frame 3E84 46 KB
46 KB 83ms
29ms Image
image/png 136.243.149.243
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://hal9000.redintelligence.net/scale/?nw=20&mode=bb&width=240&height=150&url=https://cdn.contentspread.net/24i/advertiser/55487/creativesup/1200x627.jpg
Requested by: Host: hal900026.redintelligence.net
URL: https://hal900026.redintelligence.net/request_content.php?s=71685700031512704444990012361026&a=ca7676ce
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 136.243.149.243 Radeberg, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.243.149.243.136.clients.your-server.de
Software: Apache /
Resource Hash: 1954a736b0b83d13c583f3022f5400d167bdc0614dcf6ae554784a2d0658e807

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal900026.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Date: Tue, 20 Jun 2023 07:44:36 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 47339
Vary: Accept-Encoding
Content-Type: image/png

GET
H/1.1 200
OK viewability Show response
hal900026.redintelligence.net/ Frame 3E84 0
150 B 78ms
27ms Script
text/html 138.201.84.244
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal900026.redintelligence.net/viewability?s=71685700031512704444990012361026&a=a83a1c70&vb=m
Requested by: Host: hal900026.redintelligence.net
URL: https://hal900026.redintelligence.net/request_content.php?s=71685700031512704444990012361026&a=ca7676ce
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.84.244 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.244.84.201.138.clients.your-server.de
Software: Apache /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal900026.redintelligence.net/request_content.php?s=71685700031512704444990012361026&a=ca7676ce
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Date: Tue, 20 Jun 2023 07:44:36 GMT
Server: Apache
Connection: close
Content-Length: 0
Content-Type: text/html; charset=UTF-8

GET
H2 200 6xKydSBYKcSV-LCoeQqfX1RYOo3i54rwlxdu.woff2
fonts.gstatic.com/s/sourcesanspro/v22/ Frame 3E84 14 KB
15 KB 23ms
22ms Font
font/woff2 2a00:1450:4001:806::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/sourcesanspro/v22/6xKydSBYKcSV-LCoeQqfX1RYOo3i54rwlxdu.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Source+Sans+Pro:400,600

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ca57b79a870bbf54700730858603a70d79743779c1b059922ec401bfddc5adc9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://hal900026.redintelligence.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Mon, 19 Jun 2023 18:52:01 GMT
x-content-type-options: nosniff
age: 46355
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14824
x-xss-protection: 0
last-modified: Thu, 01 Jun 2023 22:52:55 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 18 Jun 2024 18:52:01 GMT

GET
H2 200 6xK3dSBYKcSV-LCoeQqfX1RYOo3qOK7l.woff2
fonts.gstatic.com/s/sourcesanspro/v22/ Frame 3E84 15 KB
15 KB 26ms
26ms Font
font/woff2 2a00:1450:4001:806::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/sourcesanspro/v22/6xK3dSBYKcSV-LCoeQqfX1RYOo3qOK7l.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Source+Sans+Pro:400,600

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7b348b30ea1fe43857e68fc462c29e5c6e63c97666af75135c4396a272e54762

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://hal900026.redintelligence.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Mon, 19 Jun 2023 18:52:01 GMT
x-content-type-options: nosniff
age: 46355
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14892
x-xss-protection: 0
last-modified: Thu, 01 Jun 2023 22:52:56 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 18 Jun 2024 18:52:01 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame FD44 42 B
64 B 65ms
65ms Fetch
image/gif 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjssX8N6L4mCzcATLJ7s8lA2uPDCvqRrc_D_uG080XymZ3QNuRRm1mtWlHpOLfk0Gfctde0XGj2KalP7Vy0hsrnLdRdTZH9VNQt1GyrL2NPTvwc2h_BZ5_tBzLuelbjgheTxCzOFr83vSqLzk&sai=AMfl-YSi42CmgcpbnExoyrb1lOrB-jauYsAqAZ9hRUcBjIZwbLDTXRepzOymFEUBXz_eI0g_iIywpAQB4fV-A8u22pXzJ8GPNJNfmusWW84fNkgbcHz-1_GFDV-FwVE5&sig=Cg0ArKJSzNPQ0zmsMlf1EAE&cid=CAQSPABygQiDmmTwJOjizFBaZWG75FC7etBNtDWTTm03xALH1FrYci1QB6AZtIfB05wEPD3es0WKSVPByss0BRgB&id=lidar2&mcvt=1002&p=153,152,193,193&mtos=1002,1002,1002,1002,1002&tos=1002,0,0,0,0&v=20230614&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=20&adk=1502987301&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ%3D%3D&vs=4&r=v&rst=1687247074628&rpt=436&isd=0&lsd=0&met=ie&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0&io2=14

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://b71adb14a14f29496d7699916e80b9c7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 20 Jun 2023 07:44:36 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 dc_pre=CKev_JSt0f8CFdGkmgodvysH3w;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=2319750603890.716
adservice.google.com/ddm/fls/z/ Frame 8B2E 42 B
63 B 58ms
58ms Image
image/gif 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://adservice.google.com/ddm/fls/z/dc_pre=CKev_JSt0f8CFdGkmgodvysH3w;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=2319750603890.716

Requested by

Host: 5994599.fls.doubleclick.net
URL: https://5994599.fls.doubleclick.net/activityi;dc_pre=CKev_JSt0f8CFdGkmgodvysH3w;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=2319750603890.716?

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://5994599.fls.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 20 Jun 2023 07:44:36 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame F7F3 42 B
64 B 64ms
64ms Fetch
image/gif 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsuJU5CbjnmDurHWCu_R4dq0xW-thtkt0GCtSiPsFCNx0e-c5EVdAMDPZbkFnNFfBVA2qoC2pFjzCuceyFckfXq5DpHQ9J3usaKX_nNPGMpumaTFGPVpmIcE7qvXRbwLVdtx9sQue8Qb2M6o&sai=AMfl-YSndPNMhyw-WX3fMbn49uQ7gtXD1D_sBre1thBVRVOCKE0xPl7_IH26KnRWeJ6m7fnUJvfCwSyalLiLHPpbFIDV-I1kUH6Oe2DT26xhXRiy-Q5teoA7TsJLSiw&sig=Cg0ArKJSzJd7TsPzuHKLEAE&cid=CAQSOwBygQiDC3F0SrAA98uiCPYDD6MeUQuHz_FEgFX3oouMQe0CJQuIHeQzL9fTesqbIIKxyOvSaqjz77SJGAE&id=lidar2&mcvt=1000&p=153,1526,193,1567&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20230614&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=20&adk=2966292975&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ%3D%3D&vs=4&r=v&rst=1687247074783&rpt=474&isd=0&lsd=0&met=ie&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0&io2=14

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://b71adb14a14f29496d7699916e80b9c7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 20 Jun 2023 07:44:36 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame FD44 0
20 B 55ms
54ms Ping
image/gif 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tler&ord=3418697653348&version=m202301230201&ct=76&x=1&cor=15939408303101846000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://b71adb14a14f29496d7699916e80b9c7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 20 Jun 2023 07:44:36 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame F7F3 0
20 B 54ms
54ms Ping
image/gif 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tler&ord=8655316557947&version=m202301230201&ct=76&x=1&cor=14208215394320996000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://b71adb14a14f29496d7699916e80b9c7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 20 Jun 2023 07:44:36 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 tracking-event Show response
api.webgains.io/ Frame 0093 16 B
209 B 91ms
90ms Fetch
application/json 18.168.234.149
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://api.webgains.io/tracking-event

Requested by

Host: analytics.webgains.io
URL: https://analytics.webgains.io/pvClk.min.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

18.168.234.149 London, United Kingdom, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-18-168-234-149.eu-west-2.compute.amazonaws.com

Software

nginx / PHP/8.1.14

Resource Hash

c955e57777ec0d73639dca6748560d00aa5eb8e12f13ebb2ed9656add3908f97

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://b71adb14a14f29496d7699916e80b9c7.safeframe.googlesyndication.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
Content-Type: application/json

Response headers

date: Tue, 20 Jun 2023 07:44:37 GMT
x-content-type-options: nosniff
server: nginx
x-powered-by: PHP/8.1.14
content-type: application/json
access-control-allow-origin: *
cache-control: no-cache, private
x-xss-protection: 1; mode=block

OPTIONS
H2 204 tracking-event
api.webgains.io/ Frame 0
0 135ms
39ms Preflight 18.168.234.149
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://api.webgains.io/tracking-event
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.168.234.149 London, United Kingdom, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-168-234-149.eu-west-2.compute.amazonaws.com
Software: nginx /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://b71adb14a14f29496d7699916e80b9c7.safeframe.googlesyndication.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

access-control-allow-headers: Authorization, Content-Type
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS
access-control-allow-origin: *
date: Tue, 20 Jun 2023 07:44:37 GMT
server: nginx

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 0093 0
20 B 54ms
54ms Ping
image/gif 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tler&ord=4199771520010&version=m202301230201&ct=77&x=1&cor=17011634607887368000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://b71adb14a14f29496d7699916e80b9c7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 20 Jun 2023 07:44:37 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 03032023-031229407-320_1200_720x610_stoerer-gbplusdd45da6a-b9ac-4a7c-9506-d902c6e1e866.png
s0.2mdn.net/4528404/ Frame 4642 55 KB
55 KB 22ms
22ms Image
image/png 2a00:1450:4001:827::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/4528404/03032023-031229407-320_1200_720x610_stoerer-gbplusdd45da6a-b9ac-4a7c-9506-d902c6e1e866.png

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f2b86f468d5bf4d09d57039677a5b7aad9e9fc146b8d33e0686bbe7e0361c465

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/4323423352959208367/index.html?e=69&leftOffset=0&topOffset=0&c=B7F3Ld39Cv&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Mon, 19 Jun 2023 13:05:06 GMT
x-content-type-options: nosniff
age: 67172
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 56185
x-xss-protection: 0
last-modified: Fri, 03 Mar 2023 11:12:29 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 20 Jun 2023 13:05:06 GMT

GET
H2 200 dc_oe=ChMIzPq0lK3R_wIVL4iDBx2kswE2EAAYACCQvfdKQhMIncWQlK3R_wIVlgbgCh1hFQIh;stragg=1;&timestamp=1687247078695;str=Show%20Slide%200;strtype=1
ade.googlesyndication.com/ddm/activity/ Frame FD44 42 B
401 B 132ms
59ms Image
image/gif 142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ade.googlesyndication.com/ddm/activity/dc_oe=ChMIzPq0lK3R_wIVL4iDBx2kswE2EAAYACCQvfdKQhMIncWQlK3R_wIVlgbgCh1hFQIh;stragg=1;&timestamp=1687247078695;str=Show%20Slide%200;strtype=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://b71adb14a14f29496d7699916e80b9c7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 20 Jun 2023 07:44:38 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 collect
region1.google-analytics.com/g/ 0
54 B 28ms
28ms Ping
text/plain 2001:4860:4802:32::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.google-analytics.com/g/collect?v=2&tid=G-3G92ST5T0Z&gtm=45je36e0&_p=1971942653&cid=526623169.1687247073&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_eu=AAI&ngs=1&sid=1687247072&sct=1&seg=0&dl=https%3A%2F%2Fwww.ensonhaber.com%2F&dt=Ensonhaber%20%E2%80%93%20Son%20Dakika%20Haber%2C%20G%C3%BCncel%20Haberler&_s=2
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-3G92ST5T0Z&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:32::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.ensonhaber.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Tue, 20 Jun 2023 07:44:39 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.ensonhaber.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 gaziantepte-cocuk-hasreti-30-yil-sonra-son-buldu_15607623.jpg
icdn.ensonhaber.com/crop/382x450-85/resimler/diger/kok/2023/06/20/ 55 KB
55 KB 35ms
34ms Image
image/jpeg 2606:4700:10::ac43:28c4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://icdn.ensonhaber.com/crop/382x450-85/resimler/diger/kok/2023/06/20/gaziantepte-cocuk-hasreti-30-yil-sonra-son-buldu_15607623.jpg
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:28c4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0b847afb9e3383dbf844a7245ec6778b32bc7c40cc2b3d0997ae32214cb6eb0c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.ensonhaber.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 07:44:40 GMT
x-msg-05: fetch: save cache with 30m
cf-cache-status: HIT
age: 676
cf-polished: origSize=57674
x-vtex-cache-status-nginx-thumbor: MISS
content-length: 55831
x-msg-cdn: TT12
cf-bgj: imgq:100,h2pri
server: cloudflare
etag: "40df257792640077da26b2827906aa93f0eaf737"
vary: Accept-Encoding
content-type: image/jpeg
x-msg-esh: crop
cache-control: max-age=31536000
accept-ranges: bytes
cf-ray: 7da2634f9dde2c6d-FRA
esh2: 382
expires: Wed, 19 Jun 2024 07:32:31 GMT

Verdicts & Comments Add Verdict or Comment

116 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

50 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.ensonhaber.com/	1970-01-20 22:16:47	Name: _ga Value: GA1.1.526623169.1687247073
.ensonhaber.com/	1970-01-20 14:50:23	Name: _gcl_au Value: 1.1.1419924348.1687247073
.bidswitch.net/	1970-01-20 21:26:23	Name: tuuid Value: f853db92-867d-4d86-84ef-1b12291297dc
.bidswitch.net/	1970-01-20 21:26:23	Name: c Value: 1687247074
.bidswitch.net/	1970-01-20 21:26:23	Name: tuuid_lu Value: 1687247074
.doubleclick.net/	1970-01-20 12:40:50	Name: DSID Value: NO_DATA
.pubmatic.com/	1970-01-20 12:42:13	Name: KTPCACOOKIE Value: YES
.media.net/	1970-01-20 21:26:23	Name: visitor-id Value: 3302486748214918000V10
.1rx.io/	1970-01-20 21:26:23	Name: _rxuuid Value: %7B%22rx_uuid%22%3A%22RX-af404d55-c207-4060-af58-106765370892-003%22%7D
.everesttech.net/	1970-01-20 21:26:23	Name: everest_g_v2 Value: g_surferid~ZJFY4gATEgAQHwBS
.pubmatic.com/	1970-01-20 21:26:23	Name: KADUSERCOOKIE Value: 4366ECFA-EFD9-46AC-BE52-55D9F063700A
.criteo.com/	1970-01-20 22:02:23	Name: uid Value: 6ddd3b0c-54d5-4be4-921f-26297efe903b
.targeting.unrulymedia.com/	1970-01-20 21:26:23	Name: _rxuuid Value: %7B%22rx_uuid%22%3A%22RX-af404d55-c207-4060-af58-106765370892-003%22%7D
.casalemedia.com/	1970-01-20 21:26:23	Name: CMID Value: ZJFY4he.Xz1H7v7FyXnlvgAA
.casalemedia.com/	1970-01-20 14:50:23	Name: CMPS Value: 2220
.casalemedia.com/	1970-01-20 14:50:23	Name: CMPRO Value: 2220
.doubleclick.net/	1970-01-20 22:02:23	Name: IDE Value: AHWqTUk6E28mX8ApKzEBW9PSGdRoIKd0gCTvQPqJcjk7xCAJbtOrWwb25w4zK5RAtj0
.ensonhaber.com/	1970-01-20 22:02:23	Name: __gads Value: ID=db07e7b73280e5a8:T=1687247072:RT=1687247072:S=ALNI_MY9sPBQktyjidHF7p470BtqOaxvLg
.ensonhaber.com/	1970-01-20 22:02:23	Name: __gpi Value: UID=00000c527ccdb7d4:T=1687247072:RT=1687247072:S=ALNI_MYRfg4dQpUdMcm8jMRnVkMGCIY_9g
.adnxs.com/	1970-01-20 14:50:23	Name: uuid2 Value: 855047671613821867
.ensonhaber.com/	1970-01-20 22:02:23	Name: cto_bundle Value: xO6mul8lMkZzTkwyNUZXcjRteTlrdmJFY3dCam9rYkhOQ1hEUU9MczZ5Q3Q2ODdXZm4zRVA5VlBkVERSaE0lMkJ5a2JjZEtQQlRaZUhyQTVKNEZxZDlqeE8lMkJTcSUyQm5nJTJGanVyTEduY29ndkhmJTJCdHBGTDM1bjk5YURxa1RCejZnY3VqemhXS3VkYTdCdExsTmk4ajFXVzZqMWg5RFg4SmclM0QlM0Q
.id5-sync.com/	1970-01-20 12:40:47	Name: cf Value:
.id5-sync.com/	1970-01-20 12:40:47	Name: cip Value:
.id5-sync.com/	1970-01-20 12:40:47	Name: cnac Value:
.id5-sync.com/	1970-01-20 12:40:47	Name: car Value:
.id5-sync.com/	1970-01-20 12:40:47	Name: gdpr Value:
.id5-sync.com/	1970-01-20 12:40:47	Name: callback Value:
.ensonhaber.com/	1970-01-20 22:16:47	Name: _ga_3G92ST5T0Z Value: GS1.1.1687247072.1.0.1687247075.0.0.0
.3lift.com/	1970-01-20 14:50:23	Name: tluid Value: 1375592466568915156592
.adform.net/	1970-01-20 13:23:59	Name: C Value: 1
.turn.com/	1970-01-20 16:59:59	Name: uid Value: 8600853445748764776
.adform.net/	1970-01-20 14:07:11	Name: uid Value: 3518484201850097780
.adnxs.com/	1970-01-20 14:50:23	Name: anj Value: dTM7k!M41.D>6NRF']wIg2E?aIW!h)!A#Fo.TOKKnyW<U1`VROYQM-:=9x!L^(=Q`9#xcq@Mvt$Psm.r?W)`*RGXBB<QG=%9sk@3@'s>T:=cS0
match.sharethrough.com/	1970-01-20 12:50:51	Name: AWSALBCORS Value: 9k1a4M/VFuH9C9NyqtO1dki37OsrT3p7rz0FQe3XwqVZQJz0ZV+PV0ahJHl+f8YgqWRQUdlK6gf21En+e6NAuhxnVbRf3E8LVP6gdajw0qCzio8zNWYzfE8AE4Rf
.mathtag.com/	1970-01-20 13:23:59	Name: mt_mop Value: 4:1687247076
.adtriba.com/	1970-01-20 22:16:47	Name: atbgdid Value: 402dcde2-79d3-4fde-b2b9-867eba3bc8b6
.w55c.net/	1970-01-20 22:11:01	Name: wfivefivec Value: ly9hN3Oj1Qbw2v5
.de17a.com/	1970-01-20 21:19:11	Name: guid Value: 1.1373138688286510563
.w55c.net/	1970-01-20 13:23:59	Name: matchgoogle Value: 5
.yahoo.com/	1970-01-20 21:26:44	Name: A3 Value: d=AQABBONYkWQCEDvQadfwJox2zAR6z0lgEg8FEgEBAQGqkmSbZAAAAAAA_eMAAA&S=AQAAAoUGlW3NixniHETWMY2v6s0
.redintelligence.net/	1970-01-20 14:50:23	Name: 8lcfmzhxc8d6_uid Value: 2d1ef1de74476659
.retailads.net/	1970-01-20 13:23:59	Name: ppb2172 Value: 2802347527
.awin1.com/	1970-01-20 12:43:39	Name: awpv22610 Value: 296283\|1687247075\|4d9feea0-0f3e-11ee-9c19-223148ce0464
.awin1.com/	1969-12-31 23:59:59	Name: AWSESS Value: 408799:2874697
.office-partner.de/	1970-01-20 22:16:47	Name: source Value: {"webgains_webgains":{"timestamp":1687247076130,"clickCookie":false}}
.futalis.de/	1970-01-20 14:07:11	Name: raSIDb Value: 2802347527
.media.net/	1970-01-20 13:00:56	Name: data-g Value: CAESEGFxQJDV1qdJkb74SIzBTeU~~3
.yieldmo.com/	1970-01-20 21:26:23	Name: yieldmo_id Value: 3hHiLyyGGDys3PODrFm9%7C1687219200000%7C0
.quantserve.com/	1970-01-20 14:50:23	Name: d Value: EBIBCQGjKYEA
.quantserve.com/	1970-01-20 22:11:01	Name: mc Value: 649158e4-75326-5c39f-20d72

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

5994599.fls.doubleclick.net
accounts.google.com
ad.turn.com
ade.googlesyndication.com
ads.yieldmo.com
adservice.google.com
adv.office-partner.de
ajax.googleapis.com
analytics.webgains.io
api-stg.ensonhaber.com
api.webgains.io
b71adb14a14f29496d7699916e80b9c7.safeframe.googlesyndication.com
c1.adform.net
cdn-ima.33across.com
cdn.ampproject.org
cdn.retailads.net
cdn.track.production.webgains.team
cm.g.doubleclick.net
cms.quantserve.com
cs.media.net
d.adtriba.com
d5p.de17a.com
dis.criteo.com
dsum-sec.casalemedia.com
eb2.3lift.com
ensonhaber.com
esp.rtbhouse.com
fonts.googleapis.com
fonts.gstatic.com
futalis.de
googleads.g.doubleclick.net
googleads4.g.doubleclick.net
gum.criteo.com
hal9000.redintelligence.net
hal900026.redintelligence.net
ib.adnxs.com
icdn.ensonhaber.com
id5-sync.com
image6.pubmatic.com
invstatic101.creativecdn.com
match.adsrvr.org
match.sharethrough.com
mug.criteo.com
onetag-sys.com
pagead2.googlesyndication.com
pixel.rubiconproject.com
pm.w55c.net
pr-bh.ybp.yahoo.com
pv.medialead.de
r.turn.com
region1.google-analytics.com
rtb.openx.net
s.ensonhaber.com
s0.2mdn.net
securepubads.g.doubleclick.net
ssum-sec.casalemedia.com
static.criteo.net
sync-tm.everesttech.net
sync.1rx.io
sync.inmobi.com
sync.mathtag.com
sync.targeting.unrulymedia.com
tpc.googlesyndication.com
track.webgains.com
www.awin1.com
www.ensonhaber.com
www.google.com
www.google.de
www.googletagmanager.com
www.googletagservices.com
www.gstatic.com
x.bidswitch.net
104.18.35.34
108.138.36.21
108.138.36.89
136.243.149.243
138.201.84.244
142.250.184.230
142.250.185.194
142.250.185.98
145.239.193.130
151.101.2.49
162.19.138.83
172.217.23.98
178.250.7.11
178.250.7.13
18.168.234.149
18.170.178.181
18.203.5.185
185.29.132.241
185.64.190.78
185.80.39.216
2.18.160.23
20.127.253.7
2001:4860:4802:32::36
2001:678:cb4:bbbb::11
213.155.156.168
2606:4700:10::6816:3f4e
2606:4700:10::ac43:28c4
2620:116:800d:21:93ca:31d8:d86e:38f6
2a00:1450:4001:806::2003
2a00:1450:4001:806::200a
2a00:1450:4001:80b::2001
2a00:1450:4001:80b::2002
2a00:1450:4001:810::2002
2a00:1450:4001:811::2001
2a00:1450:4001:813::2001
2a00:1450:4001:813::2004
2a00:1450:4001:827::2006
2a00:1450:4001:828::200d
2a00:1450:4001:829::2002
2a00:1450:4001:82a::2003
2a00:1450:4001:82f::2003
2a00:1450:4001:82f::2008
2a00:1450:4001:830::2002
2a00:1450:4001:831::200a
2a01:4f8:d0a:2321::2
2a02:2638:d::2
2a02:2638:d::d
2a05:d018:d29:3601:e563:7f62:3238:4f30
2a0b:4d07:101::1
3.122.77.224
34.96.70.87
35.156.85.133
35.157.246.107
35.190.39.111
35.227.252.103
37.157.5.133
37.252.171.21
46.228.174.117
49.12.16.151
51.75.86.98
52.223.40.198
52.57.130.34
69.173.144.139
76.223.111.18
89.187.169.43
92.123.148.9
009d4ceeb1168ae5d225f0898ba84f53743d9051b32b5a016bc7c867f32f0c5c
00c5621a3f56c052959f8f0591b65e893f132b49b1447fde20767966cacbfbfe
0486d620f8c483ed0fa8b56edfef5799ede455138606b4392604174847199be2
05898ed5e34f59c4c6d7b6b7b4fa67c7f867b874e77f2a03cf0c4d982c135625
08409d08d8d118c6c6d1c375e079bfce656ac367ff4d1dd9551fff110033c185
0b847afb9e3383dbf844a7245ec6778b32bc7c40cc2b3d0997ae32214cb6eb0c
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0ca8877766a4fcd6665a6fd63e69359eb0d19d47df34e399d34345c12e00db4c
102b58b4e227d81042c84d5eccdb17a607b87d33b01c258c1f820fe9bcc18b61
127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b
127fc5122908ed58f8a0595d3c00f9202b406d774b2b6ecd834bfba408a374da
13cab061ea47f0fe6c3fd6b37e6728beb40dc447c3086aef9ba1132eb0df6490
14b36a8df3615e891dddebf0e4adf825b612ad83eb23f116d32d01a11e873a1a
1642dd5dc126df4feff2255cba0988528507973d842d0a73331a5873f6b9d4e5
17ddc038dc2e7ad2823f54bd748d485b596dcbde014adffb110e687e35b024e8
18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421
18716a69ac05e85bcd36f171cf3517c6f86c48d2814cd715b8f212e1f93c845f
1954a736b0b83d13c583f3022f5400d167bdc0614dcf6ae554784a2d0658e807
198e0fe1ee50fd798c142ae6cdceb0ebfd991018f995dbb8c5cbbd5ad6983916
1a363d3f6436afa0f132a197f5bfe4a6253776ab279e055f37e9d3ca86e2e280
1b18344098c7beeb17792064f962b0325c6fe6b6b6e2708a521f346b71d4d283
1b86bb840a36f6a4bd1b1ff4f64f3b62acc8b7b8a868bbdbd9f5a24c6bdb0ddf
1c088bc8268cc6d991223dfe57f88bac2c124df391fd2f78034e291a05d1cd00
1c4e7e389d73c6acf7f19cc812514e71230740791fde8a018c1d7edccf1590ae
1c884354c56ed5e5c9d1442f123011d1e9e714038897e18c905701fd382ac758
1ce3d4d51aa4a91469b26001dfdc90216c2ec3bac9e21d9dd1c1c80e784bad9c
1d019867c120344469403527c7d958861b81d0fc873813c97ee135f707d74122
1e5a886321d0e00c13f7abff03ca39fd782f42997fd34bcbf4fc93718f3670cc
1f43af206870986a648b5db6570c0488ead3ab087202e82168e57a73af4b5124
1fb7349f24691af70e7d006971e495267566520195965370dd885155e7795c9b
21fae64262f66f27e45911cc8c6fe0069b42013ddd83a101bfbe56017fccdf40
2302716051f0963269ff25431c4c06772a2fd6fb9ea23f7ad5d5d5eb4f13478e
23777685c61c2d71eb367a405989ca3c18d81d1149f100c82ce1939701f7c983
272b89ad2f889117280c97b37be93000b93126c48ddfb1c3d65890777091ec62
274811f26cd196699a35ba05bc1bd53a09a46a2a8763e7be9c81f8974eb9f9c9
27ef86a37eb372d157b96f7d21d12dca338fbbf6922218b0a980fc3ebb46e6eb
2812ede08e53428d5883503edbe67fbd57ff5e3a4c6fc0a0d9341bf0f6f62168
2b6a14e0382bfbf6e143f921700faff9ecf1386002ef8538f1f1bdc34182653f
2c560606dec0761e3484ac631b53dce5a9b35e03a99bb50bf5ed5585897eaea8
2c6cb8994e6cf1bddda9e1a5b916a70ca4baa71c158d443a34914ba7e6c1d559
2d0922bd18f06df3c7413fcd6a3f1c5ec9545b4b07b131e362f30df7275fc058
2d0a8c318709b662988173b2343311cff1342159884ea66bb2f6a98287ca916f
2df5e79fca419ec357ab909bc4b775580a5181fbd44449775d4eaa9b88654133
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363
2ea99e88dd51aae99199885735daab92b52e49a02ffefc5be4f9e2c00ca07cdf
2f2688eeeeb6d99e09adc5d8aeea2963fe4034ca8f98f639f24dea4e0d0f7d16
2fb61ae48d4fdb9941f91a0418d730d7b1561c1e6e9ae33504ded2ec30df005a
3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5
32d75b8d9906e4fe046307d507ff6d1893ed34d99a6f28f931301ed5d296728b
332d8e2d6964e41c92a430d24b1b469bfdcc30ad072f980b2e7adf241590886a
34df2cadac0444599fe032eaa1b5d521809cbb2dc76c7368b66405217c7a67e3
3521f5e84dbf85e9b7a304002330fbccf347abc9d0a43765a1838336b8a98c0c
369ce25de5b5e9a034ee8bc34b6939b9b6deb20e24864c39a9cf6c4747ea70b8
36c0ec05d79bd9d3164effc3eca0f1962cd6f82bb1f41cb212e080910be24153
377797acd33c082080b5467dcfc816d83e53589fe89401fd45d1588fe7f6baf8
3837a10e0be2b02960fd5721c9dff19c859bc90fb255c6aa665eccae9b4fe29a
384179ee8fb1fd393558e28ea811532ea776e8cd69f9e94f379ddefb78948bd7
3ab296b2bb2aecd4942237b656e45565beb04d9e73c45346a60e1d92616aeaae
3ab7853ddfc8ef3468082187bff5636436df85cd9d1e54653530c018cf9d9280
3b89401fea631023de67ae75bf8f246b1af109a9a4247c3862016949eacc462b
3d36e747eb562ccce4eb72ec40b80fe06798d30975f4951a04aef2c60def318b
412fb5cc8a51add50e590be63fda08e88d3913c9e3f1b3a96f73004ce6d80f7a
416a4c85b488c3fe2ca26298fc13a4fec28626649939aeab1f5862a27e046cf0
44eefef34507164f4234b958d8f6906488a2521071379498041568bae9499b2e
45352935afb3119009abbfa8ed5bf7b67fc4edf64e8b718a134975410823ace9
468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99
483de5dfdfae5780263638c0945403236f47fccbd63c84b7c527c85b7c2d5c67
486c0e7eb5313ce4ae416f5c344898112ce7a3449044cba6327e86ff03081f8c
48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438
49aeb154be267443a9547e667f7917a1ae429089d54bbe8c0bd5925efcfde759
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
4d45982f2dc34f36c9045ee46a75a1943666bb7fd64e103cac8c7429e7012840
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f
5059ed10dcf0d23cb78f6e03f597d13e87bf516db4e5c6c95e29dd03f921929a
51da48e315d7f0ddeed892476ef7666f473778bf1350518f2319cd792e1ab4e1
525e7c89461afb3f73ea7030fbceba4f9e9383570159926acee637b4f86b8148
53a42cf5d32fb8153b2f58d5ea30404e2c8cdac08e85153df1849682098c1cbb
53b99e4bde7498900885e58f9d6c383258f8a59b04389d6b54d3d4b89537b6f2
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
555ed6cb3cb90591bf3def916ba208cafc830119b100866bfb7fa7fa2bf3fe9c
558ff90e26a97105cecf944ed6bd3db5e10318a9896e6c7689701641af72c0fd
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
56d4d045ac0af97835d434ecac09a367803cbe456596781d4f386291d85cd872
582e283baa4cce4006055beb2eb8fe257c1ec5ef573a40f173b880636089e8cd
592726dcd36e27f1287a1ff2e6d14e5e68b928cd4eebed720c267d4633277286
5b70d8eb19ca32d244e29e759e816c343be893232978532c9d5943f838e60e0b
5c23ee2304e7add97588589ee28491a8642c51880bb6c17c7da0d69c16f69d25
5c4a713ee4250851232be9f9f68d41586be39b299528cfc7266e0b0e7e582e1b
5cd5a5a9c03439da75b1bd5ca762a022b3334a45ff6fd59f4d983fa4bfaa40f2
5f922ad97f2052ba79b629f170c0cd569c3b6cdeead48e2d01fa20810392b079
60280b8ab4c8d489c74567c55e14945b935c2f5937855f808163ee40a65f065f
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
62ec48672c548149a0df1c6c0ef6a4e976af7c7e43da613ba6d7c648fdd05970
645709dcb09b2700fd5a5938dbdf783ac90a88334e5104041db53302441f33e4
65803b3152b8225540cdda2ae8e3a298ba9eb591cc35d9e7fe4b906b0f515ead
65c99d3b9f1a1b905046e30d00a97f2d4d605e565c32917e7a89a35926e04b98
6780ec87c2d1af6717c799cf39888e8eafc1d2117d89a0ba614573205afb19e7
6b05416d448486b4f4bb414d78be3b4a8f3666c7c51b8e6aa12e74ea35f10018
6c2d6ce4a7f2a02270cd2693256f756b8ed4e2c64f2eb6b9b33cbadd22cc2140
6d285ae6755d52c452904f5bdfa4a6c2082186d695304b242e9db2f12461f02e
6ee089908f9f2f7b82923f66ab22d2431eaa199aaf384da16f31f6b0b320a49b
71a22144750f335f765c54ce64ea86c9fa05ea6e10c8d931ffb29b58e5ec1a17
725c9e6b9420b09e77908394870c2c082103408c50c1bd0938d6f52130d0a404
733e51462a8c5ce0c554ba2fab824a47d16bb06e39cfeb3b42c3154deac50ad9
736e5c6597e5c0a99385da23644ffc3d16c7f7e57485a5045bd7a36a5418f640
73a53ced60c480d9aed1b4b68934142e67122a3c1f9509fd1e8637c559db6275
74d5ddb896390fbd0d379431074c833d31f208835ef558dd0ede1264e46a3a5f
768382b088c5cb58e4a670880ea33d6926e16ddb5923a937f41f660269c676d1
7741aa08eb3d6aff19ff31a668ba1777bc52e25ca5e63b669446a49902135851
78365baafdc9d5bef727290f43c663ea71ab5993fdf84a6b952bcaa83042d13f
7a9344144d755ac52f3d8405003feb8eab3b79aebc78e330537ea10861d6f32e
7b348b30ea1fe43857e68fc462c29e5c6e63c97666af75135c4396a272e54762
7d8f4848d35f3083a137438a175161dd47f0e4af4a6777804549b338d809e79a
7e2e647e80d462064c6c2a5aac73b4d0d2b1bfe9fc34a6cf8ceb59ad848b81b2
7fcfb9fac837faebb5d90f9a8eae86573004c64d86e4ebeca2c69b22f2e01ece
7ff9993d3bf21821aa4aab3b5958b4d9ba3fd3a3aa92f5830a24d3ee259f4851
800532bf9b839ea479ad22d9735b2de456c113e98869f3d63cf92fe1643e469a
80d2ea64feb90fec56aab7ae35078d8addd9033751386fdd52de2cab7bf87dd6
81016ac6be850b72df5d4faa0c3cec8e2c1b0ba0045712144a6766adfad40bee
8342e588798c536559f098afd052814d3add77e558bde160e67faafda5c3a617
839c424b188a9bdafd46e5b643a2c5afb4b7df5e51f0321ffafd5f23b118e259
84a1b2ad1ce4be8415d3842e5dfa62317ea2afb6e013ef5c0f4e684f43391352
853a8c7e34be5549a44fc541e13876f5c2838123142f527dab2265950feaeefb
854f47fda466ed9d7e0d438a80c3f7049575d373d5887aca71313da2b795c739
866bdbf7f2c3bc41356904492de688385067f67544b03d13a8f3ff57f8d6b088
86f3d6ba6ceea00fa02b7dbc5de0463ab0e8da7d6f651d6f33bb409c3a42c9f3
8766a832f9bf5c72d5451766c5c90f1512b61dd7f7d7a7774142fee05f1c54b2
8906fab4adb60e9ceea7b5572449eadcc98fda7d0266cad601926a5e74bb3aca
89e71820a3f01b7bb31eb58eabe8fc16a23d6735fdf5dc6754cbcc1c8f251a95
8a5bca62160bb102fbbebf38f9272c9c980e61b8f41c8977c1d0530a830dd7f8
8b8da33976e16cb84f8ffe8224b95df6e90a1f81f604b99b0ed1b505c983f68b
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0
8e2d2eba4f883780b56ced0d1b4a0dc6025abfec51ca99d89b1f49e0d50b51ce
8e93fb512ff5f257c6ee542cf35cc836884422caa17a5412102ca170ac787acd
8ed948e6d6586fc5cfd9284799eb76290f6c6067a481efbb08e1720977b33c33
8ef3db050ac2ff3d8a9ae3f2a24b7fab03d58d8221380f8940d3a607bd8dbb4e
8f273840584f0246670b192fd23e6aac48cdad71d53ab3526d79f9fc90e88bb9
914e792e0d03a775a673f70736e89594938337065f4e5bc5906e3b5c3c5acf1a
91f6a189bfe0f6f722af271eada986a029981411f1e3161e92e014ccbbe85be6
96ad4daa65142f22e17fd212940a4997af6e475206bd70a8da1a4e293f9c2d88
9838cf0fe876be799851d050135c445d90b5bba432de6f60f4fa68ed7d6a0dc5
9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062
9d12d07d40ba2f3439d466eba90f27f46581293306f8be3acbb0909a89b4e85a
9e2ac756b7d18a0715d66cff4a48f4ba89882b3bcec6cd4fda5455387eaff84d
9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7
a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8
a205d7d684136be8250397a83c5f4c6fc4702ac3344795b10f22ab8fc772ac31
a253409a3be27289ff1616c702dc61fae88efb0ad15a20c66854c8d67879b060
a28b55f41413d16c71a76b7af3ff9f707323bb3906096b85f7a581415aaeff55
a36b081a24983814f417f9a4fd02981a9fac13ef0a0b53664ae39e2c6ad1b2ff
a4135cd61dfa379bb61b0718f3a20dc8b25d0b8f4e3f2e52ef4d0e5be736136c
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a6d36aa3d742ccd6f1ca3c76dcf885af72f7bebe2fcc001ea011a7aea2f55678
a7b0e537ecabd3d1f81dc4c203a245b706c3cc3eed9089097c5c755a835786aa
aade7746342f608807b7eb107059c842fe200e1ff09e146db822250055cecaed
ac1f8c2a4ee7c0ee40acb4937d0459e1e290abfa8229c4b7fc4d7992858e1cd9
ac546194565bbef33495adfd3072005ecb03e2563f484d0228435a8c4ac42f51
ad2e0db5da6a3026db46252b53f73adbe8c9098bd419bcdf4b39cef8a904f7ca
b0b6c2ef65f2486f7be1c3b49a50e88ed2602d29d1f9ecb03ddd4e198c8e5910
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b364aa5ec35c70520296a6172a1d7963535eeb7f6b246f41cf66af5d315f1215
b57c9aa30eb75613091d6753b26caa6b3a56e24b7326ec4512a2ba17678def7d
b67e76794cf558fc3c7c304a11e43ea5e36be7ef83265b05651ba4a40df4a84d
b7d079bf21e72c5449d5aa75a4916c4556a0fd2b02cadd2a93aa1d1529957722
bb86be0538b5ef8bb7fabe6cfdcc28f99687242fbecab81a9a2a72d92931594a
bd1f0ba991b730edbc9e72f9a6f8a290ef8d852644c9629dc479c7eb18c1ea1b
bd3454b4c8d9d7cb1e1e15c2ffe43aa576b98320e89e79f587c20a6e5ad0457a
bdf77c2e2ee4fce5ccc2a8b4105861708c75bda5ffe264b80ba86d5201aa2aed
c067558db81a543c217d643f6caa1bdbbf0c0e75bb8d82bce6244c75158e8bf5
c1255c225e18e01faae68870c17c44c85368bf6c4120d0e674615f7a9ccc70d2
c287ba7fe796611bb01f2fd3996698167128d05427019e7f97d48b961cba3b1f
c45a7b5b9773d0581e627e740074e62cc6a88eab432d47793849695c0e8f2b64
c75c317d3669999db66b7f2829ccfbeb75068809f4e1297ed6e88b3bab843346
c8d9df6b4c51a890439fb7e8f7b9d9db924b4a51ed323166b62d604fd57330f8
c955e57777ec0d73639dca6748560d00aa5eb8e12f13ebb2ed9656add3908f97
ca57b79a870bbf54700730858603a70d79743779c1b059922ec401bfddc5adc9
ca9cb23edaff62826b01a5dcaff54d3e5dd9edf7cb1746521d225c532a0f7a8a
cc041c68a2177f55b4e9ce51c16fbd2c038effbaba704a9627e02e587d1bbc25
cfc44abaa7fdc736db9137d081a687696274eb06d97d3fe232ec961107c85fe3
cff8001763a4cb0cb81352e07fb9927790673baaeda29140c072f30c5933cf10
d082518b7012f97f7eb9ef94ca7d245fc1e9609e7eda9cba21f83940ab551e72
d68a08111319d82acd771c4c0739ecc33f71016736eb560ed6df8b96a76eaf36
d7779d95203bed5280ee3281f856607f95ac5df680547356656c7109d7d0a6a6
d9412851b053c920a5e9248f029ac03cdbe61819edd11a0c3f4ee800ff88f8f1
dc0dcd48ed7503593db755efcb59d0fd9fa0b5c072fd8cbe6b2100b7c18d4786
dde07b09881de2821e39ce3d4d91ec97e34abbe3bcc50d37566c57bd8fe4d773
df4f22feb615bd0b1e7310876df6606def1550e23e67887050b1b045ea7a3f43
e19da779b23c8066f45e8f872b925c40f67b655c84bd35a4ff227e436bf97097
e2ec81b19233fd4cd6ef5adcb45c0cbec6bd5673716ba0454ce56b67486ece46
e2f54c4b899509ff23b3c683ca51b6bf4e8e3674ebba14a5757c104d246ef269
e334ca19f092778f57815a534078daf8e3fce269e56f7ea374ab3a117eee92ad
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e4e2e7622a27594eae9ebd5b7b84ce49b34b512cf3b903f97b1d0c997d04ab36
e5c7725cf595366b2054565e398c9f2e0093ea09756b306ec03e1e21862dd46a
e8011a60740920d99d6246ec51637f2680d262b8b541169d5e560da1011c48a8
e85df186ebe693541f537944677995526bfc9659d561f6abba91837bdc755aa8
e9032b8e95fc74d9ce9c069e76ffe86cb4046dc6ae863ffa8410cf445e5feaf3
e92728d3f84f8648d013fffa073f09ffd774aefb957c5bc08b98c9af97c28979
ec08b32778c36d5baa76a83b12b760446f897c37b77b6853800230744c5ab577
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
ef7461c0051b325805c887adc6357a464dae3efad3720214b91799a501afb62c
f0bdf831bc0414f96ebd455a30c1ded4739f659071f0dbb60be94a3d4acd8f4e
f1f1e13e8c24a7941e3b36d2d1f364d19f442808be024d695b5dd743f47dbfee
f28e9d8206484bc0ca0a5bbf2174c6e0082099163f649ad53c1acd95a9220fec
f2a2164f872a1299e8b39c298049568748f02f6c5c47f97570e809f7d31c6fdc
f2b86f468d5bf4d09d57039677a5b7aad9e9fc146b8d33e0686bbe7e0361c465
f8ce6f350e90bbf4799d659b4555945cf96010490800a128ef48bcd33ece1b8e
f97e249d0d02045935033d1bf463910f81ae1fe89a5ed9b61c1dd369f18f06ea
fad9171c6bc08e5f36d7c0a6453ba30f354b9e23275e56ffa28e31ec580bbf25
fbd43ac68f347e64c5a2e72a2dae2d150c83ad41017b20ec8f82999a7d77ed58
fe02c6f5a37c72317bbd729b31e3b19ad08e8ccf0f22c2553f3417353d9d63b1
fe2182626d97612dfb6390dba18118a5f65a65d912fdbe4a9bc2e158f5c13dc3
feebe1fce6a2c5b44c30aca519403f048c63e4d0f021a472052065feccefc441
ff3b581f1f872ce0a692580e4e248ec0a54d9c8a4996592c4cc6fc59fd28a030

www.ensonhaber.com Open in urlscan Pro 89.187.169.43 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

324 Requests

88 %HTTPS

39 %IPv6

51 Domains

72 Subdomains

53 IPs

10 Countries

4361 kBTransfer

8017 kBSize

50 Cookies

22 Outgoing links

Page URL History

Redirected requests

324 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 12 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

www.ensonhaber.com Open in urlscan Pro
89.187.169.43 Public Scan

Screenshot
Live screenshot

Full Image

324
Requests

88 %
HTTPS

39 %
IPv6

51
Domains

72
Subdomains

53
IPs

10
Countries

4361 kB
Transfer

8017 kB
Size

50
Cookies

324 HTTP transactions
12 data transactions